134
134
del os.environ[k]
135
135
for (k,v) in req.get_cgi_environ().items():
136
136
os.environ[k] = v
137
fixup_environ(req, script_path)
139
139
# usage: tramp uid jail_dir working_dir script_path
140
140
pid = subprocess.Popen(
141
[trampoline, str(uid), jail_dir, working_dir, interpreter,
141
[trampoline, str(uid), ivle.conf.jail_base, ivle.conf.jail_src_base,
142
ivle.conf.jail_system, jail_dir, working_dir, interpreter,
143
144
stdin=f, stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
387
# Remove SCRIPT_FILENAME. Not part of CGI spec (see SCRIPT_NAME).
389
# PATH_INFO is wrong because the script doesn't physically exist.
390
# Apache makes it relative to the "serve" app. It should actually be made
391
# relative to the student's script. intepretservice does that in the jail,
392
# so here we just clear it.
393
env['PATH_INFO'] = ''
394
env['PATH_TRANSLATED'] = ''
396
388
# CGI specifies that REMOTE_HOST SHOULD be set, and MAY just be set to
397
389
# REMOTE_ADDR. Since Apache does not appear to set this, set it to
399
391
if 'REMOTE_HOST' not in env and 'REMOTE_ADDR' in env:
400
392
env['REMOTE_HOST'] = env['REMOTE_ADDR']
394
env['PATH_INFO'] = ''
395
del env['PATH_TRANSLATED']
397
normuri = os.path.normpath(req.uri)
398
env['SCRIPT_NAME'] = normuri
402
400
# SCRIPT_NAME is the path to the script WITHOUT PATH_INFO.
403
script_name = req.uri
404
env['SCRIPT_NAME'] = script_name
401
# We don't care about these if the script is null (ie. noop).
402
# XXX: We check for /home because we don't want to interfere with
403
# CGIRequest, which fileservice still uses.
404
if script_path and script_path.startswith('/home'):
405
normscript = os.path.normpath(script_path)
407
uri_into_jail = studpath.url_to_jailpaths(os.path.normpath(req.path))[2]
409
# PATH_INFO is wrong because the script doesn't physically exist.
410
env['PATH_INFO'] = uri_into_jail[len(normscript):]
411
if len(env['PATH_INFO']) > 0:
412
env['SCRIPT_NAME'] = normuri[:-len(env['PATH_INFO'])]
406
414
# SERVER_SOFTWARE is actually not Apache but IVLE, since we are
407
415
# custom-making the CGI request.
410
418
# Additional environment variables
411
419
username = studpath.url_to_jailpaths(req.path)[0]
412
420
env['HOME'] = os.path.join('/home', username)
422
class ExecutionError(Exception):
425
def execute_raw(user, jail_dir, working_dir, binary, args):
426
'''Execute a binary in a user's jail, returning the raw output.
428
The binary is executed in the given working directory with the given
429
args. A tuple of (stdout, stderr) is returned.
432
tramp = location_cgi_python
433
tramp_dir = os.path.split(location_cgi_python)[0]
435
# Fire up trampoline. Vroom, vroom.
436
proc = subprocess.Popen(
437
[tramp, str(user.unixid), ivle.conf.jail_base,
438
ivle.conf.jail_src_base, ivle.conf.jail_system, jail_dir,
439
working_dir, binary] + args,
440
stdin=subprocess.PIPE, stdout=subprocess.PIPE,
441
stderr=subprocess.PIPE, cwd=tramp_dir, close_fds=True)
442
exitcode = proc.wait()
445
raise ExecutionError('subprocess ended with code %d, stderr %s' %
446
(exitcode, proc.stderr.read()))
447
return (proc.stdout.read(), proc.stderr.read())