37
37
# working on smaller output
39
39
CGI_BLOCK_SIZE = 65535
40
PATH = "/usr/local/bin:/usr/bin:/bin"
41
42
def interpret_file(req, owner, jail_dir, filename, interpreter, gentle=True):
42
43
"""Serves a file by interpreting it using one of IVLE's builtin
73
74
# (Note that paths "relative" to the jail actually begin with a '/' as
74
75
# they are absolute in the jailspace)
76
return interpreter(owner.unixid, jail_dir, working_dir, filename_abs, req,
77
return interpreter(owner, jail_dir, working_dir, filename_abs, req,
89
90
self.headers = {} # Header names : values
91
def execute_cgi(interpreter, uid, jail_dir, working_dir, script_path,
92
def execute_cgi(interpreter, owner, jail_dir, working_dir, script_path,
94
95
trampoline: Full path on the local system to the CGI wrapper program
96
uid: User ID of the owner of the file.
97
owner: User object of the owner of the file.
97
98
jail_dir: Absolute path of owner's jail directory.
98
99
working_dir: Directory containing the script file relative to owner's
129
130
f.seek(0) # Rewind, for reading
131
132
# Set up the environment
132
# This automatically asks mod_python to load up the CGI variables into the
133
# environment (which is a good first approximation)
134
old_env = os.environ.copy()
135
for k in os.environ.keys():
137
for (k,v) in req.get_cgi_environ().items():
139
fixup_environ(req, script_path)
133
environ = cgi_environ(req, script_path, owner)
141
135
# usage: tramp uid jail_dir working_dir script_path
142
cmd_line = [trampoline, str(uid), req.config['paths']['jails']['mounts'],
143
req.config['paths']['jails']['src'],
144
req.config['paths']['jails']['template'],
145
jail_dir, working_dir, interpreter, script_path]
136
cmd_line = [trampoline, str(owner.unixid),
137
req.config['paths']['jails']['mounts'],
138
req.config['paths']['jails']['src'],
139
req.config['paths']['jails']['template'],
140
jail_dir, working_dir, interpreter, script_path]
146
141
# Popen doesn't like unicode strings. It hateses them.
147
142
cmd_line = [(s.encode('utf-8') if isinstance(s, unicode) else s)
148
143
for s in cmd_line]
149
144
pid = subprocess.Popen(cmd_line,
150
145
stdin=f, stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
153
# Restore the environment
154
for k in os.environ.keys():
156
for (k,v) in old_env.items():
146
cwd=tramp_dir, env=environ)
159
148
# We don't want any output! Bail out after the process terminates.
226
215
if len(split) == 1:
227
216
split = headers.split('\n', 1)
229
# Is this an internal IVLE error condition?
230
hs = cgiflags.headers
231
if 'X-IVLE-Error-Type' in hs:
232
t = hs['X-IVLE-Error-Type']
233
if t == IVLEError.__name__:
234
raise IVLEError(int(hs['X-IVLE-Error-Code']),
235
hs['X-IVLE-Error-Message'])
218
# If not executing in gentle mode (which presents CGI violations
219
# to users nicely), check if this an internal IVLE error
221
if not cgiflags.gentle:
222
hs = cgiflags.headers
223
if 'X-IVLE-Error-Type' in hs:
238
225
raise IVLEJailError(hs['X-IVLE-Error-Type'],
239
226
hs['X-IVLE-Error-Message'],
240
227
hs['X-IVLE-Error-Info'])
242
raise IVLEError(500, 'bad error headers written by CGI')
229
raise AssertionError("Bad error headers written by CGI.")
244
231
# Check to make sure the required headers were written
245
232
if cgiflags.wrote_html_warning or not cgiflags.gentle:
299
286
process_cgi_output(req, line + '\n', cgiflags)
289
# Check if CGI field-name is valid
290
CGI_SEPERATORS = set(['(', ')', '<', '>', '@', ',', ';', ':', '\\', '"',
291
'/', '[', ']', '?', '=', '{', '}', ' ', '\t'])
292
if any((char in CGI_SEPERATORS for char in name)):
294
if not cgiflags.gentle:
295
message = """An unexpected server error has occured."""
298
# Header contained illegal characters
299
message = """You printed an invalid CGI header. CGI header
300
field-names can not contain any of the following characters:
301
<code>( ) < > @ , ; : \\ " / [ ] ? = { } <em>SPACE
303
write_html_warning(req, message, warning=warning)
304
cgiflags.wrote_html_warning = True
305
# Handle the rest of this line as normal data
306
process_cgi_output(req, line + '\n', cgiflags)
302
309
# Read CGI headers
303
310
value = value.strip()
304
311
if name == "Content-Type":
361
368
# python-server-page
364
def fixup_environ(req, script_path):
365
"""Assuming os.environ has been written with the CGI variables from
366
apache, make a few changes for security and correctness.
371
def cgi_environ(req, script_path, user):
372
"""Gets CGI variables from apache and makes a few changes for security and
368
375
Does not modify req, only reads it.
371
378
# Comments here are on the heavy side, explained carefully for security
372
379
# reasons. Please read carefully before making changes.
381
# This automatically asks mod_python to load up the CGI variables into the
382
# environment (which is a good first approximation)
383
for (k,v) in req.get_cgi_environ().items():
374
386
# Remove DOCUMENT_ROOT and SCRIPT_FILENAME. Not part of CGI spec and
375
387
# exposes unnecessary details about server.
418
430
env['SERVER_SOFTWARE'] = "IVLE/" + ivle.__version__
420
432
# Additional environment variables
421
username = split_path(req.path)[0]
433
username = user.login
422
434
env['HOME'] = os.path.join('/home', username)
424
438
class ExecutionError(Exception):
444
458
for s in cmd_line]
445
459
proc = subprocess.Popen(cmd_line,
446
460
stdin=subprocess.PIPE, stdout=subprocess.PIPE,
447
stderr=subprocess.PIPE, cwd=tramp_dir, close_fds=True)
461
stderr=subprocess.PIPE, cwd=tramp_dir, close_fds=True,
462
env={'HOME': os.path.join('/home', user.login),
465
'LOGNAME': user.login})
449
467
(stdout, stderr) = proc.communicate()
450
468
exitcode = proc.returncode
452
470
if exitcode != 0:
453
raise ExecutionError('subprocess ended with code %d, stderr %s' %
454
(exitcode, proc.stderr.read()))
471
raise ExecutionError('subprocess ended with code %d, stderr: "%s"' %
455
473
return (stdout, stderr)
added
removed
ivle/interpret.py
