Commit b397a7d2 authored by Iustin Pop's avatar Iustin Pop
Browse files

Merge branch 'next' into branch-2.1

Conflicts:
	lib/backend.py: non-trivial conflict but easy to solve
parents 25f9901f 360b0dc2
......@@ -19,7 +19,12 @@
# 02110-1301, USA.
"""Functions used by the node daemon"""
"""Functions used by the node daemon
@var _ALLOWED_UPLOAD_FILES: denotes which files are accepted in
the L{UploadFile} function
"""
import os
......@@ -145,6 +150,31 @@ def _CleanDirectory(path, exclude=None):
utils.RemoveFile(full_name)
def _BuildUploadFileList():
"""Build the list of allowed upload files.
This is abstracted so that it's built only once at module import time.
"""
allowed_files = set([
constants.CLUSTER_CONF_FILE,
constants.ETC_HOSTS,
constants.SSH_KNOWN_HOSTS_FILE,
constants.VNC_PASSWORD_FILE,
constants.RAPI_CERT_FILE,
constants.RAPI_USERS_FILE,
])
for hv_name in constants.HYPER_TYPES:
hv_class = hypervisor.GetHypervisor(hv_name)
allowed_files.update(hv_class.GetAncillaryFiles())
return frozenset(allowed_files)
_ALLOWED_UPLOAD_FILES = _BuildUploadFileList()
def JobQueuePurge():
"""Removes job queue files and archived jobs.
......@@ -1425,20 +1455,7 @@ def UploadFile(file_name, data, mode, uid, gid, atime, mtime):
if not os.path.isabs(file_name):
_Fail("Filename passed to UploadFile is not absolute: '%s'", file_name)
allowed_files = set([
constants.CLUSTER_CONF_FILE,
constants.ETC_HOSTS,
constants.SSH_KNOWN_HOSTS_FILE,
constants.VNC_PASSWORD_FILE,
constants.RAPI_CERT_FILE,
constants.RAPI_USERS_FILE,
])
for hv_name in constants.HYPER_TYPES:
hv_class = hypervisor.GetHypervisor(hv_name)
allowed_files.update(hv_class.GetAncillaryFiles())
if file_name not in allowed_files:
if file_name not in _ALLOWED_UPLOAD_FILES:
_Fail("Filename passed to UploadFile not in allowed upload targets: '%s'",
file_name)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment