-
Notifications
You must be signed in to change notification settings - Fork 5
/
vcycle-cgi
executable file
·89 lines (80 loc) · 2.95 KB
/
vcycle-cgi
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#!/usr/bin/python
#
# vcycle-cgi - Accept HTTP PUT requests of $JOBOUTPUTS files
#
# Andrew McNab, University of Manchester.
# Copyright (c) 2013-9. All rights reserved.
#
# Redistribution and use in source and binary forms, with or
# without modification, are permitted provided that the following
# conditions are met:
#
# o Redistributions of source code must retain the above
# copyright notice, this list of conditions and the following
# disclaimer.
# o Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials
# provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
import os
import sys
try:
(machinesDirectory, spaceName, hostName, subDirectory, fileName) = os.environ['REQUEST_URI'].replace('//','/').split('/')[1:6]
except:
print 'Status: 404 Not Found'
print
sys.exit(0)
# These components cannot contain "/" (the split character). Is that sufficient sanitisation?
if (machinesDirectory != 'machines' or
subDirectory != 'joboutputs' or
not os.path.isdir('/var/lib/vcycle/shared/spaces/' + spaceName + '/current/' + hostName + '/joboutputs')):
print 'Status: 404 Not Found'
print
sys.exit(0)
try:
httpsX509dn = open('/var/lib/vcycle/shared/spaces/' + spaceName + '/current/' + hostName + '/https_x509dn', 'r').read()
except:
print 'Status: 403 Forbidden'
print
sys.exit(0)
if 'SSL_CLIENT_S_DN' not in os.environ:
print 'Status: 403 Forbidden'
print
sys.exit(0)
if os.environ['SSL_CLIENT_S_DN'][0] == '/':
# Use slash format DN without modification
x509Client = os.environ['SSL_CLIENT_S_DN']
else:
# Convert comma DN format to slashes
x509ClientList = os.environ['SSL_CLIENT_S_DN'].split(',')
x509ClientList.reverse()
x509Client = '/' + '/'.join(x509ClientList)
if not x509Client.startswith(httpsX509dn):
print 'Status: 403 Forbidden'
print
sys.exit(0)
try:
f = open('/var/lib/vcycle/shared/spaces/' + spaceName + '/current/' + hostName + '/joboutputs/' + fileName, 'w')
f.write(sys.stdin.read())
f.close()
except:
print 'Status: 500 Internal Server Error (3)'
print
else:
print 'Status: 200 OK'
print