Commit 95b185bd authored by Leigh Stoller's avatar Leigh Stoller

Do not allow images that are marked global to be created via the

create_image script. Also check path; filename must translate to a path
on /proj, /users, or /groups since the image is actually written from
the node, and those are the only places it makes sense to write them to.

Minor change to web interface; email error messages to user *and* to
tbops; was going only to tbops.
parent 9dc93498
......@@ -9,6 +9,7 @@
use English;
use Getopt::Std;
use POSIX qw(setsid);
use File::Basename;
#
# Create a disk image.
......@@ -203,9 +204,13 @@ my $filename = $imageid_row{'path'};
my $isglobal = $imageid_row{'global'};
#
# If a global image, make up a name. Admin person will need to copy image
# to boss.
# Throw an error if the image is global; we cannot write images into
# /usr/testbed/images. In fact, lets check the filename just in case.
#
if ($isglobal) {
die("*** $0:\n".
" Not able to autocreate images that are marked global!\n");
}
# Untaint. Very silly.
if ($filename =~ /^([-\w\.\/\+]+)$/) {
......@@ -216,6 +221,34 @@ else {
" Bad filename: $filename!\n");
}
#
# Make sure real path is someplace that makes sense; remember that the
# image is created on the nodes, and it NFS mounts directories on ops.
# Writing the image to anyplace else is just going to break things.
#
# Use realpath to resolve any symlinks.
#
my $translated = `realpath $filename`;
if ($translated =~ /^([-\w\.\/]+)$/) {
$filename = $1;
}
else {
die("*** $0:\n".
" Bad data returned by realpath: $translated\n");
}
#
# The file must reside in /proj, /groups, or /users. Since this script
# runs as the caller, regular file permission checks ensure its a file
# the user is allowed to use.
#
if (! ($filename =~ /^\/proj/) &&
! ($filename =~ /^\/groups/) &&
! ($filename =~ /^\/users/)) {
die("*** $0:\n".
" $filename does not resolve to an allowed directory!\n");
}
#
# Be sure to kill off running frisbee. If a node is trying to load that
# image, well tough.
......
......@@ -209,6 +209,7 @@ define("SUEXEC_ACTION_CONTINUE", 0);
define("SUEXEC_ACTION_DIE", 1);
define("SUEXEC_ACTION_USERERROR", 2);
define("SUEXEC_ACTION_IGNORE", 3);
define("SUEXEC_ACTION_DUPDIE", 4);
#
# An suexec error.
......@@ -235,6 +236,10 @@ function SUEXECERROR($action)
break;
case SUEXEC_ACTION_IGNORE:
break;
case SUEXEC_ACTION_DUPDIE:
TBERROR($foo, 0, 1);
USERERROR("<XMP>$foo</XMP>", 1);
break;
default:
TBERROR($foo, 1, 1);
}
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
# Copyright (c) 2000-2004 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -80,7 +80,7 @@ if (! TBNodeAccessCheck($uid, $node, $TB_NODEACCESS_LOADIMAGE)) {
}
# Should check for file file_exists($image_path),
# but that's too messy.
# but too messy.
if (! isset($confirmed) ) {
echo "<center><form action='loadimage.php3' method='post'>\n".
......@@ -107,7 +107,8 @@ echo "<br>
<br><br>\n";
flush();
SUEXEC($uid, $unix_gid, "webcreateimage -p $image_pid $image_name $node", 1);
SUEXEC($uid, $unix_gid, "webcreateimage -p $image_pid $image_name $node",
SUEXEC_ACTION_DUPDIE);
echo "This will take 10 minutes or more; you will receive email
notification when the snapshot is complete. In the meantime,
......
......@@ -896,7 +896,8 @@ if (isset($node)) {
<br><br>\n";
flush();
SUEXEC($uid, $unix_gid, "webcreateimage -p $pid $imagename $node", 1);
SUEXEC($uid, $unix_gid, "webcreateimage -p $pid $imagename $node",
SUEXEC_ACTION_DUPDIE);
echo "This will take 10 minutes or more; you will receive email
notification when the image is complete. In the meantime,
......
......@@ -879,7 +879,7 @@ if ($cancelled) {
$confirmationWarning = "";
#
# If user doesn't define a node to suck the image from,
# If user does not define a node to suck the image from,
# we seek confirmation.
#
if (! isset($node)) {
......@@ -1041,7 +1041,8 @@ if (isset($node)) {
<br><br>\n";
flush();
SUEXEC($uid, $unix_gid, "webcreateimage -p $pid $imagename $node", 1);
SUEXEC($uid, $unix_gid, "webcreateimage -p $pid $imagename $node",
SUEXEC_ACTION_DUPDIE);
echo "This will take 10 minutes or more; you will receive email
notification when the image is complete. In the meantime,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment