From: Evan Broder <broder@mit.edu>
Date: Mon, 7 Apr 2008 00:08:04 +0000 (-0400)
Subject: Validate the locker name before using it for anything
X-Git-Tag: sipb-xen-www/3.4~56
X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/commitdiff_plain/6615e67c6de090b18e33aa77e87255bd9f65d9a9

Validate the locker name before using it for anything

svn path=/trunk/packages/sipb-xen-www/; revision=408
---

diff --git a/code/getafsgroups.py b/code/getafsgroups.py
index 899de81..9e0f31f 100644
--- a/code/getafsgroups.py
+++ b/code/getafsgroups.py
@@ -1,6 +1,7 @@
 #!/usr/bin/python
 import pprint
 import subprocess
+from webcommon import InvalidInput
 
 # import ldap
 # l = ldap.open("W92-130-LDAP-2.mit.edu")
@@ -34,6 +35,11 @@ def getAfsGroupMembers(group, cell):
         return []
     return [line.strip() for line in p.stdout.readlines()[1:]]
 
+def getLockerPath(locker):
+    if '/' in locker or locker in ['.', '..']:
+        raise InvalidInput('owner', locker, 'Locker name is invalid.')
+    return '/mit/' + locker
+
 def checkAfsGroup(user, group, cell):
     """
     checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell
@@ -41,14 +47,14 @@ def checkAfsGroup(user, group, cell):
     return user in getAfsGroupMembers(group, cell)
 
 def getCell(locker):
-    p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker], 
+    p = subprocess.Popen(["fs", "whichcell", getLockerPath(locker)], 
                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     if p.wait():
         raise MyException(p.stderr.read())
     return p.stdout.read().split()[-1][1:-1]
 
 def getLockerAcl(locker):
-    p = subprocess.Popen(["fs", "listacl", "/mit/" + locker], 
+    p = subprocess.Popen(["fs", "listacl", getLockerPath(locker)], 
                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     if p.wait():
         raise MyException(p.stderr.read())
@@ -58,7 +64,7 @@ def getLockerAcl(locker):
         fields = line.split()
         if fields[0] == 'Negative':
             break
-        if 'rlidwka' in fields[1]:
+        if 'a' in fields[1]:
             values.append(fields[0])
     return values
 
@@ -79,7 +85,7 @@ def notLockerOwner(user, locker):
         if entry == user or (entry[0:6] == "system" and 
                                 checkAfsGroup(user, entry, cell)):
             return False
-    return "You don't have admin bits on /mit/" + locker
+    return "You don't have admin bits on " + getLockerPath(locker)
 
 
 if __name__ == "__main__":
diff --git a/code/main.py b/code/main.py
index ebbd7dd..8204fb4 100755
--- a/code/main.py
+++ b/code/main.py
@@ -448,7 +448,7 @@ The administrator field determines who can access the console and
 power on and off the machine.  This can be either a user or a moira
 group.""",
                         quotas="""
-Quotas are determined on a per-locker basis.  Each quota may have a
+Quotas are determined on a per-locker basis.  Each locker may have a
 maximum of 512 megabytes of active ram, 50 gigabytes of disk, and 4
 active machines.""",
                         console="""