def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
defaults = signature()[1]
output_objects.append({'object_type': 'header', 'text'
: 'Show runtime environment details'})
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
re_name = accepted['re_name'][-1]
if not valid_dir_input(configuration.re_home, re_name):
logger.warning(
"possible illegal directory traversal attempt re_name '%s'"
% re_name)
output_objects.append({'object_type': 'error_text', 'text'
: 'Illegal runtime environment name: "%s"'
% re_name})
return (output_objects, returnvalues.CLIENT_ERROR)
if not is_runtime_environment(re_name, configuration):
output_objects.append({'object_type': 'error_text', 'text'
: "'%s' is not an existing runtime environment!"
% re_name})
return (output_objects, returnvalues.CLIENT_ERROR)
title_entry = find_entry(output_objects, 'title')
title_entry['text'] = 'Runtime environment details'
(re_dict, msg) = get_re_dict(re_name, configuration)
if not re_dict:
output_objects.append({'object_type': 'error_text', 'text'
: 'Could not read details for "%s"' % msg})
return (output_objects, returnvalues.SYSTEM_ERROR)
output_objects.append(build_reitem_object(configuration, re_dict))
return (output_objects, returnvalues.OK)
def init_vgrid_script_list(vgrid_name, client_id, configuration):
"""Helper for vgrid scripts"""
msg = ''
if not vgrid_name:
msg += 'Please specify vgrid_name in the query string'
return (False, msg, None)
if not valid_dir_input(configuration.vgrid_home, vgrid_name):
msg += 'Illegal vgrid_name: %s' % vgrid_name
return (False, msg, None)
if not vgrid_is_owner_or_member(vgrid_name, client_id,
configuration):
msg += 'Failure: You must be an owner or member of '\
+ vgrid_name\
+ ' vgrid to get a list of members/owners/resources/triggers'
return (False, msg, None)
return (True, msg, [])
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False, op_title=False,
op_menu=client_id)
defaults = signature()[1]
(validate_status, accepted) = validate_input(user_arguments_dict,
defaults, output_objects, allow_rejects=False)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
remote_ip = str(os.getenv('REMOTE_ADDR'))
res_type = accepted['type'][-1]
unique_resource_name = accepted['unique_resource_name'][-1]
exe_name = accepted['exe_name'][-1]
status = returnvalues.OK
# Web format for cert access and no header for SID access
if client_id:
output_objects.append({'object_type': 'title', 'text'
: 'Load resource script PGID'})
output_objects.append({'object_type': 'header', 'text'
: 'Load resource script PGID'})
else:
output_objects.append({'object_type': 'start'})
# Please note that base_dir must end in slash to avoid access to other
# resource dirs when own name is a prefix of another resource name
base_dir = os.path.abspath(os.path.join(configuration.resource_home,
unique_resource_name)) + os.sep
if not is_owner(client_id, unique_resource_name,
configuration.resource_home, logger):
output_objects.append(
{'object_type': 'error_text', 'text':
"Failure: You must be an owner of '%s' to get the PGID!" % \
unique_resource_name})
return (output_objects, returnvalues.CLIENT_ERROR)
# is_owner incorporates unique_resource_name verification - no need to
# specifically check for illegal directory traversal on that variable.
# exe_name is not automatically checked however - do it manually
if not valid_dir_input(base_dir, 'EXE_' + exe_name + '.PGID'):
# out of bounds - rogue resource!?!?
output_objects.append({'object_type': 'error_text', 'text':
'invalid exe_name! %s' % exe_name})
logger.error('''getrespgid called with illegal parameter(s) in what
appears to be an illegal directory traversal attempt!: unique_resource_name %s,
exe %s, client_id %s''' % (unique_resource_name, exe_name, client_id))
return (output_objects, returnvalues.CLIENT_ERROR)
# Check that resource address matches request source to make DoS harder
try:
check_source_ip(remote_ip, unique_resource_name)
except ValueError, vae:
output_objects.append({'object_type': 'error_text', 'text':
'invalid request: %s' % vae})
logger.error("Invalid put pgid: %s" % vae)
return (output_objects, returnvalues.CLIENT_ERROR)
localjobname = fieldstorage.getfirst('localjobname', '')
sessionid = fieldstorage.getfirst('sessionid', '')
o.out('interactivejob request from %s %s %s %s' % (remote_ip, exe_name,
unique_resource_name, jobid))
# Please note that base_dir must end in slash to avoid access to other
# resource dirs when own name is a prefix of another resource name
base_dir = os.path.abspath(configuration.resource_home + os.sep
+ unique_resource_name) + os.sep
# No owner check here so we need to specifically check for illegal
# directory traversals
if not valid_dir_input(configuration.resource_home,
unique_resource_name):
# out of bounds - rogue resource!?!?
o.out('invalid unique_resource_name! %s' % unique_resource_name)
o.internal('requestinteractivejob called with illegal parameter(s) in what appears to be an illegal directory traversal attempt!: unique_resource_name %s, exe_name %s, client_id %s'
% (unique_resource_name, exe_name, client_id))
o.reply_and_exit(o.CLIENT_ERROR)
if exe_name == '':
o.out('requestinteractivejob error! exe was not specified in the query string. Looks like a mis-configured resource!'
)
o.reply_and_exit(o.ERROR)
if jobid == '':
o.out('requestinteractivejob error! jobid was not specified in the query string. Looks like a mis-configured resource!'
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
title_entry = find_entry(output_objects, 'title')
title_entry['text'] = 'Delete runtime environment'
output_objects.append({'object_type': 'header', 'text'
: 'Delete runtime environment'})
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
if not correct_handler('POST'):
output_objects.append(
{'object_type': 'error_text', 'text'
: 'Only accepting POST requests to prevent unintended updates'})
return (output_objects, returnvalues.CLIENT_ERROR)
re_name = accepted['re_name'][-1]
if not valid_dir_input(configuration.re_home, re_name):
logger.warning(
"possible illegal directory traversal attempt re_name '%s'"
% re_name)
output_objects.append({'object_type': 'error_text', 'text'
: 'Illegal runtime environment name: "%s"'
% re_name})
return (output_objects, returnvalues.CLIENT_ERROR)
# Check whether re_name represents a runtime environment
if not is_runtime_environment(re_name, configuration):
output_objects.append({'object_type': 'error_text',
'text': "No such runtime environment: '%s'"
% re_name})
return (output_objects, returnvalues.CLIENT_ERROR)
re_dict = get_re_dict(re_name, configuration)
if not re_dict[0]:
output_objects.append(
{'object_type': 'error_text',
'text': 'Could not read runtime environment details for %s'
% re_name})
return (output_objects, returnvalues.SYSTEM_ERROR)
# Make sure the runtime environment belongs to the user trying to delete it
if client_id != re_dict[0]['CREATOR']:
output_objects.append({'object_type': 'error_text', 'text': \
'You are not the owner of runtime environment "%s"' % re_name})
return (output_objects, returnvalues.CLIENT_ERROR)
# Prevent delete if the runtime environment is used by any resources
actives = resources_using_re(configuration, re_name)
# If the runtime environment is active, an error message is printed, along
# with a list of the resources using the runtime environment
if actives:
output_objects.append(
{'object_type': 'error_text', 'text':
"Can't delete runtime environment '%s' in use by resources:"
% re_name})
output_objects.append({'object_type': 'list', 'list'
: actives})
output_objects.append({'object_type': 'link', 'destination': 'redb.py',
'class': 'infolink', 'title':
'Show runtime environments',
'text': 'Show runtime environments'})
return (output_objects, returnvalues.CLIENT_ERROR)
# Delete the runtime environment
(status, msg) = delete_runtimeenv(re_name, configuration)
# If something goes wrong when trying to delete runtime environment
# re_name, an error is displayed.
if not status:
output_objects.append({'object_type': 'error_text', 'text'
: 'Could not remove %s runtime environment: %s'
% (re_name, msg)})
return (output_objects, returnvalues.SYSTEM_ERROR)
# If deletion of runtime environment re_name is successful, we just
# return OK
else:
output_objects.append(
{'object_type': 'text', 'text'
: 'Successfully deleted runtime environment: "%s"' % re_name})
output_objects.append({'object_type': 'link', 'destination': 'redb.py',
'class': 'infolink',
'title': 'Show runtime environments',
'text': 'Show runtime environments'})
return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False, op_title=False,
op_menu=client_id)
defaults = signature()[1]
(validate_status, accepted) = validate_input(user_arguments_dict,
defaults, output_objects, allow_rejects=False)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
remote_ip = str(os.getenv('REMOTE_ADDR'))
res_type = accepted['type'][-1]
unique_resource_name = accepted['unique_resource_name'][-1]
exe_name = accepted['exe_name'][-1]
pgid = accepted['pgid'][-1]
status = returnvalues.OK
# Web format for cert access and no header for SID access
if client_id:
output_objects.append({'object_type': 'title', 'text'
: 'Load resource script PGID'})
output_objects.append({'object_type': 'header', 'text'
: 'Load resource script PGID'})
else:
output_objects.append({'object_type': 'start'})
# Please note that base_dir must end in slash to avoid access to other
# resource dirs when own name is a prefix of another resource name
base_dir = os.path.abspath(os.path.join(configuration.resource_home,
unique_resource_name)) + os.sep
# We do not have a trusted base dir here since there's no certificate data.
# Manually check input variables
if not valid_dir_input(configuration.resource_home,
unique_resource_name):
# out of bounds - rogue resource!?!?
msg = 'invalid unique_resource_name! %s' % unique_resource_name
logger.error('putrespgid FE called with illegal parameter(s) in what appears to be an illegal directory traversal attempt!: unique_resource_name %s, exe %s, client_id %s' \
% (unique_resource_name, exe_name, client_id))
return (output_objects, returnvalues.CLIENT_ERROR)
if not valid_dir_input(base_dir, 'EXE_%s.PGID' % exe_name):
# out of bounds - rogue resource!?!?
msg = 'invalid unique_resource_name / exe_name! %s / %s' \
% (unique_resource_name, exe_name)
logger.error('putrespgid EXE called with illegal parameter(s) in what appears to be an illegal directory traversal attempt!: unique_resource_name %s, exe %s, client_id %s' \
% (unique_resource_name, exe_name, client_id))
return (output_objects, returnvalues.CLIENT_ERROR)
# Check that resource address matches request source to make DoS harder
try:
check_source_ip(remote_ip, unique_resource_name)
except ValueError, vae:
output_objects.append({'object_type': 'error_text', 'text':
'invalid request: %s' % vae})
logger.error("Invalid put pgid: %s" % vae)
return (output_objects, returnvalues.CLIENT_ERROR)
def init_vgrid_script_add_rem(
vgrid_name,
client_id,
subject,
subject_type,
configuration,
):
"""Initialize vgrid specific add and remove scripts"""
msg = ''
if not vgrid_name:
msg += 'Please specify vgrid_name in the querystring'
return (False, msg, None)
if not subject:
msg += 'Please provide the name of the %s' % subject_type
return (False, msg, None)
if not valid_dir_input(configuration.vgrid_home, vgrid_name):
msg += 'Illegal vgrid_name: %s' % vgrid_name
return (False, msg, None)
if subject_type == 'member' or subject_type == 'owner':
if not is_user(subject, configuration.mig_server_home):
msg += '%s is not a valid %s user!' % \
(subject, configuration.short_title)
return (False, msg, None)
elif subject_type == 'resource':
if not is_resource(subject, configuration.resource_home):
msg += '%s is not a valid %s resource' % \
(subject, configuration.short_title)
msg += \
' (OK, if removing or e.g. the resource creation is pending)'
elif subject_type == 'trigger':
# Rules are checked later
pass
else:
msg += 'unknown subject type in init_vgrid_script_add_rem'
return (False, msg, [])
# special case: members may terminate own membership
if (subject_type == 'member') and (client_id == subject) \
and (vgrid_is_member(vgrid_name, subject, configuration)):
return (True, msg, [])
# special case: members may remove own triggers and add new ones
if (subject_type == 'trigger') and \
(not vgrid_is_trigger(vgrid_name, subject, configuration) or \
vgrid_is_trigger_owner(vgrid_name, subject, client_id,
configuration)):
return (True, msg, [])
# otherwise: only owners may add or remove:
if not vgrid_is_owner(vgrid_name, client_id, configuration):
msg += 'You must be an owner of the %s vgrid to add/remove %s'\
% (vgrid_name, subject_type)
return (False, msg, None)
return (True, msg, [])
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
client_dir = client_id_dir(client_id)
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
if not correct_handler('POST'):
output_objects.append(
{'object_type': 'error_text', 'text'
: 'Only accepting POST requests to prevent unintended updates'})
return (output_objects, returnvalues.CLIENT_ERROR)
vgrid_name = accepted['vgrid_name'][-1].strip()
title_entry = find_entry(output_objects, 'title')
title_entry['text'] = 'Create %s' % configuration.site_vgrid_label
output_objects.append({'object_type': 'header', 'text': 'Create %s' % \
configuration.site_vgrid_label})
# No owner check here so we need to specifically check for illegal
# directory access
reserved_names = (default_vgrid, any_vgrid, all_vgrids)
if vgrid_name in reserved_names or \
not valid_dir_input(configuration.vgrid_home, vgrid_name):
output_objects.append({'object_type': 'error_text', 'text'
: 'Illegal vgrid_name: %s' % vgrid_name})
logger.warning("""createvgrid possible illegal directory access
attempt by '%s': vgrid_name '%s'""" % (client_id, vgrid_name))
return (output_objects, returnvalues.CLIENT_ERROR)
user_map = get_full_user_map(configuration)
user_dict = user_map.get(client_id, None)
# Optional limitation of create vgrid permission
if not user_dict or \
not vgrid_create_allowed(configuration, user_dict):
logger.warning("user %s is not allowed to create %ss!" % \
(client_id, configuration.site_vgrid_label))
output_objects.append(
{'object_type': 'error_text', 'text'
: 'Only privileged users can create %ss' % \
configuration.site_vgrid_label})
return (output_objects, returnvalues.CLIENT_ERROR)
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = os.path.abspath(os.path.join(configuration.vgrid_home,
vgrid_name)) + os.sep
public_base_dir = \
os.path.abspath(os.path.join(configuration.vgrid_public_base,
vgrid_name)) + os.sep
public_scm_dir = \
os.path.abspath(os.path.join(configuration.vgrid_public_base,
vgrid_name, '.vgridscm')) + os.sep
public_tracker_dir = \
os.path.abspath(os.path.join(configuration.vgrid_public_base,
vgrid_name, '.vgridtracker')) + os.sep
private_base_dir = \
os.path.abspath(os.path.join(configuration.vgrid_private_base,
vgrid_name)) + os.sep
private_scm_dir = \
os.path.abspath(os.path.join(configuration.vgrid_private_base,
vgrid_name, '.vgridscm')) + os.sep
private_tracker_dir = \
os.path.abspath(os.path.join(configuration.vgrid_private_base,
vgrid_name, '.vgridtracker')) + os.sep
private_forum_dir = \
os.path.abspath(os.path.join(configuration.vgrid_private_base,
vgrid_name, '.vgridforum')) + os.sep
vgrid_files_dir = \
os.path.abspath(os.path.join(configuration.vgrid_files_home,
vgrid_name)) + os.sep
vgrid_scm_dir = \
os.path.abspath(os.path.join(configuration.vgrid_files_home,
vgrid_name, '.vgridscm')) + os.sep
vgrid_tracker_dir = \
os.path.abspath(os.path.join(configuration.vgrid_files_home,
vgrid_name, '.vgridtracker')) + os.sep
# does vgrid exist?
if os.path.isdir(base_dir):
output_objects.append(
{'object_type': 'error_text', 'text'
: '%s %s cannot be created because it already exists!'
% (configuration.site_vgrid_label, vgrid_name)})
return (output_objects, returnvalues.CLIENT_ERROR)
# verify that client is owner of imada or imada/topology if trying to
# create imada/topology/test
vgrid_name_list = vgrid_name.split('/')
vgrid_name_list_length = len(vgrid_name_list)
if vgrid_name_list_length <= 0:
output_objects.append({'object_type': 'error_text', 'text'
: 'vgrid_name not specified?'})
return (output_objects, returnvalues.SYSTEM_ERROR)
elif vgrid_name_list_length == 1:
# anyone can create base vgrid
new_base_vgrid = True
else:
new_base_vgrid = False
vgrid_name_without_last_fragment = \
'/'.join(vgrid_name_list[0:vgrid_name_list_length - 1])
parent_base = os.path.dirname(base_dir.rstrip(os.sep))
if not os.path.isdir(parent_base):
output_objects.append(
{'object_type': 'error_text', 'text'
: 'Parent %s %s does not exist!' % \
(configuration.site_vgrid_label,
vgrid_name_without_last_fragment)
})
return (output_objects, returnvalues.CLIENT_ERROR)
if not vgrid_is_owner(vgrid_name_without_last_fragment,
client_id, configuration):
output_objects.append(
{'object_type': 'error_text', 'text'
: 'You must own a parent %s to create a sub vgrid' % \
configuration.site_vgrid_label
})
return (output_objects, returnvalues.CLIENT_ERROR)
# make sure all dirs can be created (that a file or directory with the same
# name do not exist prior to the vgrid creation)
try_again_string = \
"""%s cannot be created, a file or directory exists with the same
name, please try again with a new name!""" % configuration.site_vgrid_label
if os.path.exists(public_base_dir):
output_objects.append({'object_type': 'error_text', 'text'
: try_again_string})
return (output_objects, returnvalues.CLIENT_ERROR)
if os.path.exists(private_base_dir):
output_objects.append({'object_type': 'error_text', 'text'
: try_again_string})
return (output_objects, returnvalues.CLIENT_ERROR)
if os.path.exists(vgrid_files_dir):
output_objects.append({'object_type': 'error_text', 'text'
: try_again_string})
return (output_objects, returnvalues.CLIENT_ERROR)
# create directory to store vgrid files
try:
os.mkdir(base_dir)
except Exception, exc:
output_objects.append(
{'object_type': 'error_text', 'text'
: """Could not create %(_label)s directory, remember to create
parent %(_label)s before creating a sub-%(_label)s.""" % \
{'_label': configuration.site_vgrid_label}
})
return (output_objects, returnvalues.CLIENT_ERROR)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
title_entry = find_entry(output_objects, 'title')
title_entry['text'] = 'Runtime env support'
output_objects.append({'object_type': 'header', 'text'
: 'Test runtime environment support'})
client_dir = client_id_dir(client_id)
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
logger.warning('%s invalid input: %s' % (op_name, accepted))
return (accepted, returnvalues.CLIENT_ERROR)
resource_list = accepted['unique_resource_name']
re_name = accepted['re_name'][-1]
status = returnvalues.OK
visible_res = user_visible_res_confs(configuration, client_id)
if not re_name:
output_objects.append(
{'object_type': 'error_text', 'text'
: 'Please specify the name of the runtime environment!'})
return (output_objects, returnvalues.CLIENT_ERROR)
if not valid_dir_input(configuration.re_home, re_name):
logger.warning(
"possible illegal directory traversal attempt re_name '%s'"
% re_name)
output_objects.append({'object_type': 'error_text', 'text'
: 'Illegal runtime environment name: "%s"'
% re_name})
return (output_objects, returnvalues.CLIENT_ERROR)
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = os.path.abspath(os.path.join(configuration.user_home,
client_dir)) + os.sep
for visible_res_name in resource_list:
if not visible_res_name in visible_res.keys():
logger.warning('User %s not allowed to view %s (%s)' % \
(client_id, visible_res_name, visible_res.keys()))
output_objects.append({'object_type': 'error_text',
'text': 'invalid resource %s' % \
visible_res_name})
status = returnvalues.CLIENT_ERROR
continue
if not is_owner(client_id, visible_res_name,
configuration.resource_home, logger):
output_objects.append(
{'object_type': 'error_text', 'text':
'You must be an owner of the resource to validate runtime '
'environment support. (resource %s)' % visible_res_name})
status = returnvalues.CLIENT_ERROR
continue
(re_dict, re_msg) = get_re_dict(re_name, configuration)
if not re_dict:
output_objects.append(
{'object_type': 'error_text', 'text':
'Could not get re_dict %s' % re_msg})
status = returnvalues.SYSTEM_ERROR
continue
if not testresource_has_re_specified(visible_res_name, re_name,
configuration):
output_objects.append(
{'object_type': 'error_text', 'text':
'You must specify the runtime environment in the resource'
'configuration before verifying if it is supported!'})
status = returnvalues.CLIENT_ERROR
continue
base64string = ''
for stringpart in re_dict['TESTPROCEDURE']:
base64string += stringpart
mrslfile_content = base64.decodestring(base64string)
try:
(filehandle, mrslfile) = tempfile.mkstemp(text=True)
os.write(filehandle, mrslfile_content)
os.close(filehandle)
create_verify_files(['status', 'stdout', 'stderr'], re_name,
re_dict, base_dir, logger)
except Exception, exc:
output_objects.append(
{'object_type': 'error_text', 'text':
'Could not write test job for %s: %s' % (visible_res_name,
exc)})
status = returnvalues.SYSTEM_ERROR
continue
forceddestination_dict = {'UNIQUE_RESOURCE_NAME': visible_res_name,
'RE_NAME': re_name}
(success, msg) = new_job(mrslfile, client_id, configuration,
forceddestination_dict)
if not success:
output_objects.append(
{'object_type': 'error_text', 'text':
'Submit test job failed %s: %s' % (visible_res_name,
msg)})
status = returnvalues.SYSTEM_ERROR
try:
os.remove(mrslfile)
except:
pass
output_objects.append(
{'object_type': 'text', 'text':
'Runtime environment test job for %s successfuly submitted! %s' \
% (visible_res_name, msg)})
