Skip to content

Commit 18b4499

Browse files
committed
Manually merge PR163 to address a number of sandbox resource crashes by migrating legacy direct /dev/urandom use to os.urandom and a few file read+writes to the fileio helpers.
git-svn-id: svn+ssh://svn.code.sf.net/p/migrid/code/trunk@6178 b75ad72c-e7d7-11dd-a971-7dbc132099af
1 parent 76bb689 commit 18b4499

File tree

5 files changed

+31
-47
lines changed

5 files changed

+31
-47
lines changed

mig/server/jobscriptgenerator.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
# --- BEGIN_HEADER ---
55
#
66
# jobscriptgenerator - dynamically generate job script right before job handout
7-
# Copyright (C) 2003-2021 The MiG Project lead by Brian Vinter
7+
# Copyright (C) 2003-2024 The MiG Project lead by Brian Vinter
88
#
99
# This file is part of MiG.
1010
#
@@ -182,8 +182,8 @@ def create_job_script(
182182
# TODO: hexlify is an awfully space wasting URL-safe encoding.
183183
# We should just use something like the proposed secure method from
184184
# http://stackoverflow.com/a/23728630/2213647
185-
sessionid = hexlify(open('/dev/urandom').read(session_id_bytes))
186-
iosessionid = hexlify(open('/dev/urandom').read(session_id_bytes))
185+
sessionid = hexlify(os.urandom(session_id_bytes))
186+
iosessionid = hexlify(os.urandom(session_id_bytes))
187187
helper_dict_filename = os.path.join(configuration.resource_home,
188188
unique_resource_name,
189189
'empty_job_helper_dict.%s' % exe)
@@ -475,7 +475,7 @@ def create_arc_job(
475475
return (None, 'Error. empty job for ARC?')
476476

477477
# generate random session ID:
478-
sessionid = hexlify(open('/dev/urandom').read(session_id_bytes))
478+
sessionid = hexlify(os.urandom(session_id_bytes))
479479
logger.debug('session ID (for creating links): %s' % sessionid)
480480

481481
client_dir = client_id_dir(client_id)

mig/shared/confparser.py

Lines changed: 5 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
# --- BEGIN_HEADER ---
55
#
66
# confparser - parse resource configurations
7-
# Copyright (C) 2003-2021 The MiG Project lead by Brian Vinter
7+
# Copyright (C) 2003-2024 The MiG Project lead by Brian Vinter
88
#
99
# This file is part of MiG.
1010
#
@@ -34,6 +34,7 @@
3434
from __future__ import absolute_import
3535

3636
from mig.shared.conf import get_configuration_object
37+
from mig.shared.fileio import write_file
3738
from mig.shared.parser import parse, check_types
3839
from mig.shared.refunctions import is_runtime_environment, get_re_dict
3940
from mig.shared.resconfkeywords import get_keywords_dict as \
@@ -77,6 +78,7 @@ def run(configuration, localfile_spaces, unique_resource_name,
7778

7879
if not configuration:
7980
configuration = get_configuration_object()
81+
_logger = configuration.logger
8082

8183
(status, msg, conf) = get_resource_config_dict(configuration,
8284
localfile_spaces)
@@ -230,12 +232,6 @@ def run(configuration, localfile_spaces, unique_resource_name,
230232
else:
231233
return (True, 'Everything ok')
232234

233-
try:
234-
fsock = open(filename, 'w')
235-
st = dumps(conf, 0)
236-
fsock.write(st)
237-
fsock.close()
238-
except Exception as err:
239-
return (False, "Fatal error: could not open %r for writing!\n Msg: %s"
240-
% (filename, err))
235+
if not write_file(dumps(conf, 0), filename, _logger):
236+
return (False, "Fatal error: could not open %r for writing!" % filename)
241237
return (True, 'Everything ok, config updated')

mig/shared/functionality/ssscreateimg.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
# --- BEGIN_HEADER ---
55
#
66
# ssscreateimg - Back end to SSS zip generator
7-
# Copyright (C) 2003-2023 The MiG Project lead by Brian Vinter
7+
# Copyright (C) 2003-2024 The MiG Project lead by Brian Vinter
88
#
99
# This file is part of MiG.
1010
#
@@ -92,7 +92,7 @@ def main(client_id, user_arguments_dict):
9292
win_solution = accepted['win_solution'][-1]
9393
vgrid_list = accepted['vgrid']
9494
cputime = 1000000
95-
sandboxkey = hexlify(open('/dev/urandom').read(32))
95+
sandboxkey = hexlify(os.urandom(32))
9696
ip_address = 'UNKNOWN'
9797
if 'REMOTE_ADDR' in os.environ:
9898
ip_address = os.environ['REMOTE_ADDR']

mig/shared/resource.py

Lines changed: 14 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
# --- BEGIN_HEADER ---
55
#
66
# resource - resource configuration functions
7-
# Copyright (C) 2003-2023 The MiG Project lead by Brian Vinter
7+
# Copyright (C) 2003-2024 The MiG Project lead by Brian Vinter
88
#
99
# This file is part of MiG.
1010
#
@@ -49,7 +49,8 @@
4949
from mig.shared.base import client_id_dir
5050
from mig.shared.confparser import get_resource_config_dict, run
5151
from mig.shared.defaults import exe_leader_name, keyword_auto
52-
from mig.shared.fileio import pickle, move, walk
52+
from mig.shared.fileio import pickle, move, walk, write_file, read_file_lines, \
53+
write_file_lines
5354
from mig.shared.modified import mark_resource_modified, mark_vgrid_modified
5455
from mig.shared.pwcrypto import make_simple_hash
5556
from mig.shared.resconfkeywords import get_resource_specs, get_exenode_specs, \
@@ -826,6 +827,7 @@ def empty_resource_config(configuration):
826827
def write_resource_config(configuration, resource_conf, conf_path):
827828
"""Write resource_conf dictionary settings into conf_path on disk"""
828829

830+
_logger = configuration.logger
829831
lines = []
830832
for (field, __) in get_resource_specs(configuration):
831833
value = resource_conf.get(field, None)
@@ -866,9 +868,7 @@ def write_resource_config(configuration, resource_conf, conf_path):
866868
if not os.path.isdir(os.path.dirname(conf_path)):
867869
os.makedirs(os.path.dirname(conf_path))
868870

869-
conf_fd = open(conf_path, 'w')
870-
conf_fd.write('\n'.join(lines))
871-
conf_fd.close()
871+
write_file('\n'.join(lines), conf_path, _logger)
872872

873873
return lines
874874

@@ -1038,6 +1038,7 @@ def create_resource_conf(
10381038
relative path it will prefixed with the resource_pending dir of the
10391039
client_id.
10401040
"""
1041+
_logger = configuration.logger
10411042
if new_resource:
10421043
msg = """
10431044
Trying to create configuration for new resource: '%s.%d' from file '%s':
@@ -1077,7 +1078,7 @@ def create_resource_conf(
10771078
"""
10781079
Failure:
10791080
resource_name: '%s'
1080-
does'nt match hosturl: '%s'
1081+
doesn't match hosturl: '%s'
10811082
in configfile: '%s'"""\
10821083
% (resource_name, config_dict['HOSTURL'], pending_file)
10831084
return (False, msg)
@@ -1094,21 +1095,13 @@ def create_resource_conf(
10941095
pending_file)
10951096
return (False, msg)
10961097

1097-
try:
1098-
fr = open(pending_file, 'r')
1099-
fw = open(tmpfile, 'w')
1100-
readline = fr.readline()
1101-
while len(readline) > 0:
1102-
fw.write(readline.replace(keyword_auto, "%d" %
1103-
resource_identifier))
1104-
readline = fr.readline()
1105-
fw.close()
1106-
fr.close()
1107-
except Exception as err:
1108-
1109-
msg += \
1110-
'Failed to apply hostidentifier to configfile. Failure: %s'\
1111-
% err
1098+
pending_lines = read_file_lines(pending_file, _logger)
1099+
replaced_lines = []
1100+
for line in pending_lines:
1101+
replaced_lines.append(line.replace(keyword_auto, "%d" %
1102+
resource_identifier))
1103+
if not write_file_lines(replaced_lines, tmpfile, _logger):
1104+
msg += 'Failed to apply hostidentifier to configfile.'
11121105
return (False, msg)
11131106

11141107
unique_resource_name = "%s.%d" % (resource_name, resource_identifier)

mig/shared/sandbox.py

Lines changed: 6 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
# --- BEGIN_HEADER ---
55
#
66
# sandbox - shared sandbox helpers
7-
# Copyright (C) 2003-2021 The MiG Project lead by Brian Vinter
7+
# Copyright (C) 2003-2024 The MiG Project lead by Brian Vinter
88
#
99
# This file is part of MiG.
1010
#
@@ -35,7 +35,7 @@
3535
from mig.shared.base import hexlify
3636
from mig.shared.conf import get_configuration_object
3737
from mig.shared.defaults import default_vgrid, keyword_auto
38-
from mig.shared.fileio import make_symlink
38+
from mig.shared.fileio import make_symlink, write_named_tempfile
3939
from mig.shared.resource import create_resource
4040
from mig.shared.serial import load, dump
4141

@@ -173,10 +173,7 @@ def create_oneclick_resource(
173173
# write the conf string to a temporary conf file
174174
# create_resource removes the tempfile automatically
175175

176-
tmp_file = tempfile.NamedTemporaryFile(delete=False)
177-
tmp_file.write(res_conf_string)
178-
tmp_file.close()
179-
pending_file = tmp_file.name
176+
pending_file = write_named_tempfile(configuration, res_conf_string)
180177

181178
(status, id_msg) = create_resource(configuration, sandboxkey,
182179
resource_name, pending_file)
@@ -190,6 +187,7 @@ def create_oneclick_resource(
190187

191188
exe_pgid_file = configuration.resource_home + unique_resource_name\
192189
+ os.sep + 'EXE_%s.PGID' % exe_name
190+
193191
try:
194192
fd = open(exe_pgid_file, 'w')
195193
fd.write('stopped')
@@ -314,10 +312,7 @@ def create_sss_resource(
314312
# write the conf string to a temporary conf file
315313
# create_resource removes the tempfile automatically
316314

317-
tmp_file = tempfile.NamedTemporaryFile(delete=False)
318-
tmp_file.write(res_conf_string)
319-
tmp_file.close()
320-
pending_file = tmp_file.name
315+
pending_file = write_named_tempfile(configuration, res_conf_string)
321316

322317
(status, id_msg) = create_resource(configuration, sandboxkey,
323318
resource_name, pending_file)
@@ -368,7 +363,7 @@ def get_resource(client_id, configuration, logger):
368363

369364
# Generate key, and set cookie
370365

371-
sandboxkey = hexlify(open('/dev/urandom').read(32))
366+
sandboxkey = hexlify(os.urandom(32))
372367
cookie = 'Set-Cookie: ' + __MIG_ONECLICK_COOKIE__ + '='\
373368
+ sandboxkey + '; '\
374369
+ 'expires=Thu 31-Jan-2099 12:00:00 GMT; path=/; '\

0 commit comments

Comments
 (0)