[torqueusers] Apache/PHP based job submission portal
Jan Ploski
Jan.Ploski at offis.de
Fri May 30 12:13:22 MDT 2008
Prakash Velayutham wrote:
> Thanks for all your responses.
>
> I think the solution Jan suggested would be nice to implement and least
> exploitable. Please correct me if I am wrong.
>
> Jan,
>
> Do you have a skeleton code that you would be willing to provide? Is
> this C-based?
It is Perl-based and rather trivial:
#!/usr/bin/perl
use strict;
use warnings;
use IO::Socket::INET;
my $REQUEST_DIR = '/var/spool/res-server';
# this directory has the following permissions:
# drwx-wxr-t 2 root users 40 May 30 20:07 res-server
# so that users can write requests to it, but they can't
# see nor delete each others' requests
my $AUTHORIZED_USERS = {
jploski => 1,
tpetrol => 1,
# other users here ...
};
my $server = IO::Socket::INET->new(
LocalAddr => '127.0.0.1',
Proto => 'tcp',
Type => SOCK_STREAM,
LocalPort => 29876,
Listen => 4) || die "bind: $!";
for (;;)
{
accept(my $client, $server);
close($client);
my @files = <$REQUEST_DIR/*.req>;
foreach my $f(@files)
{
my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,
$atime,$mtime,$ctime,$blksize,$blocks) = stat($f);
my $user = getpwuid($uid);
my $request = `cat $f`;
unlink($f) || die "unlink: $!";
next if (!$AUTHORIZED_USERS->{$user});
chomp($request);
# .. do something with $request ..
# in our case we fill a $nodespec (not shown)
# because we want to create a Maui reservation
# on the user's behalf:
my $cmd = "setres -u $user -s +00:00:00 -d 00:15:00 '$nodespec' >
/dev/null 2>&1";
system($cmd);
# error handling not shown
}
}
The client script just writes the request file to the target directory
and invokes system("netcat 127.0.0.1 29876") to connect and wake up the
server.
Regards,
Jan Ploski
More information about the torqueusers
mailing list