Loading transfer_service/data_rpc_server.py +4 −4 Original line number Diff line number Diff line Loading @@ -169,10 +169,10 @@ class DataRPCServer(RedisRPCServer): "errorCode": 2, "errorMsg": errorMsg } return response uid = os.stat(folderPath).st_uid gid = os.stat(folderPath).st_gid # Check if uid and gid match and avoid privilege escalation if uid == userInfo[1] and gid == userInfo[2] and uid >= 1000 and gid >= 100: uid = userInfo[1] gid = userInfo[2] # Avoid privilege escalation if uid >= 1000 and gid >= 100: # If write permissions are set and the 'store' folder is not empty, # it means that data is ready to be copied, otherwise, nothing can # be done until the write permissions are restored or new data is Loading transfer_service/system_utils.py +13 −7 Original line number Diff line number Diff line Loading @@ -6,11 +6,12 @@ # import os import pwd import re import shutil import sys from config import Config class SystemUtils(object): Loading @@ -24,19 +25,24 @@ class SystemUtils(object): } def __init__(self): pass config = Config("/etc/vos_ts/vos_ts.conf") params = config.loadSection("transfer_node") self.vospaceUserBasePath = params["base_path"] def userInfo(self, username): """ Returns username, UID and GID associated to a given user, using the Python password database module (pwd). Obtains username, UID and GID associated to a given user from the user directory (name.surname) on the transfer node. """ try: info = pwd.getpwnam(username) except KeyError: vospaceUserFolderPath = self.vospaceUserBasePath.replace("{username}", username) uid = os.stat(vospaceUserFolderPath).st_uid gid = os.stat(vospaceUserFolderPath).st_gid except OSError: return False else: return [ info[0], info[2], info[3] ] return [ username, uid, gid ] def findIllegalCharacters(self, name): """Checks for file/dir names containing illegal characters.""" Loading Loading
transfer_service/data_rpc_server.py +4 −4 Original line number Diff line number Diff line Loading @@ -169,10 +169,10 @@ class DataRPCServer(RedisRPCServer): "errorCode": 2, "errorMsg": errorMsg } return response uid = os.stat(folderPath).st_uid gid = os.stat(folderPath).st_gid # Check if uid and gid match and avoid privilege escalation if uid == userInfo[1] and gid == userInfo[2] and uid >= 1000 and gid >= 100: uid = userInfo[1] gid = userInfo[2] # Avoid privilege escalation if uid >= 1000 and gid >= 100: # If write permissions are set and the 'store' folder is not empty, # it means that data is ready to be copied, otherwise, nothing can # be done until the write permissions are restored or new data is Loading
transfer_service/system_utils.py +13 −7 Original line number Diff line number Diff line Loading @@ -6,11 +6,12 @@ # import os import pwd import re import shutil import sys from config import Config class SystemUtils(object): Loading @@ -24,19 +25,24 @@ class SystemUtils(object): } def __init__(self): pass config = Config("/etc/vos_ts/vos_ts.conf") params = config.loadSection("transfer_node") self.vospaceUserBasePath = params["base_path"] def userInfo(self, username): """ Returns username, UID and GID associated to a given user, using the Python password database module (pwd). Obtains username, UID and GID associated to a given user from the user directory (name.surname) on the transfer node. """ try: info = pwd.getpwnam(username) except KeyError: vospaceUserFolderPath = self.vospaceUserBasePath.replace("{username}", username) uid = os.stat(vospaceUserFolderPath).st_uid gid = os.stat(vospaceUserFolderPath).st_gid except OSError: return False else: return [ info[0], info[2], info[3] ] return [ username, uid, gid ] def findIllegalCharacters(self, name): """Checks for file/dir names containing illegal characters.""" Loading
Cristiano Urban <cristiano.urban@inaf.it>Cristiano Urban <cristiano.urban@inaf.it>