Changeset 408

Timestamp:

Apr 6, 2008, 8:08:04 PM (16 years ago)

Author:

broder

Message:

Validate the locker name before using it for anything

Location:

trunk/packages/sipb-xen-www/code

Files:

• getafsgroups.py (modified) (6 diffs)
• main.py (modified) (1 diff)

trunk/packages/sipb-xen-www/code/getafsgroups.py

@@ -2 +2 @@
 import pprint
 import subprocess
+from webcommon import InvalidInput
 
 # import ldap
@@ -35 +36 @@
     return [line.strip() for line in p.stdout.readlines()[1:]]
 
+def getLockerPath(locker):
+    if '/' in locker or locker in ['.', '..']:
+        raise InvalidInput('owner', locker, 'Locker name is invalid.')
+    return '/mit/' + locker
+
 def checkAfsGroup(user, group, cell):
     """
@@ -42 +48 @@
 
 def getCell(locker):
-    p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker], 
+    p = subprocess.Popen(["fs", "whichcell", getLockerPath(locker)], 
                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     if p.wait():
@@ -49 +55 @@
 
 def getLockerAcl(locker):
-    p = subprocess.Popen(["fs", "listacl", "/mit/" + locker], 
+    p = subprocess.Popen(["fs", "listacl", getLockerPath(locker)], 
                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     if p.wait():
@@ -59 +65 @@
         if fields[0] == 'Negative':
             break
-        if 'rlidwka' in fields[1]:
+        if 'a' in fields[1]:
             values.append(fields[0])
     return values
@@ -80 +86 @@
                                 checkAfsGroup(user, entry, cell)):
             return False
-    return "You don't have admin bits on /mit/" + locker
+    return "You don't have admin bits on " + getLockerPath(locker)
 
 

trunk/packages/sipb-xen-www/code/main.py

@@ -449 +449 @@
 group.""",
                         quotas="""
-Quotas are determined on a per-locker basis.  Each quota may have a
+Quotas are determined on a per-locker basis.  Each locker may have a
 maximum of 512 megabytes of active ram, 50 gigabytes of disk, and 4
 active machines.""",