From 3d63bafdfcba9c650ee211a3845e1dfcee64246f Mon Sep 17 00:00:00 2001 From: Diogo Castro Date: Mon, 22 Mar 2021 11:46:47 +0100 Subject: [PATCH] Check and fix public links --- cernbox-share | 1 + python/cernbox_utils/cmd_share_admin.py | 30 ++++++++++++++++--------- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/cernbox-share b/cernbox-share index 20c582f..e757dd2 100755 --- a/cernbox-share +++ b/cernbox-share @@ -97,6 +97,7 @@ def main(): subcmd.add_argument("--project-name", default="", action='store', help="check project and override home directory") subcmd.add_argument("--logdir",default="",action="store",help="log directory") subcmd.add_argument("--orphans", default=False, action='store_true', help="check for shares already marked as orphans") + subcmd.add_argument("--public-links", default=False, action='store_true', help="Check public links as well (if not, it will only check internal shares)") subcmd.add_argument("shares_owner", help="'-' to check all users in the system") subcmd = subparser.add_parser('remove-orphan-xbits', help="remove xbits which were set in the initial implementation in the parent ACLs") diff --git a/python/cernbox_utils/cmd_share_admin.py b/python/cernbox_utils/cmd_share_admin.py index 42114ca..d47466d 100644 --- a/python/cernbox_utils/cmd_share_admin.py +++ b/python/cernbox_utils/cmd_share_admin.py @@ -39,7 +39,15 @@ def verify(args,config,eos,db): fh.setFormatter(logging.Formatter("%(asctime)s %(message)s")) logger.addHandler(fh) - shares=db.get_share(owner=args.shares_owner,share_type="regular",orphans=args.orphans) + share_type="regular" + if args.public_links: + if args.deep_fs_check: + logger.critical("Cannot set deep fs scan with public links option") + return + # Search for normal shares AND public links + share_type=None + + shares=db.get_share(owner=args.shares_owner,share_type=share_type,orphans=args.orphans) # if needed this can be used to split read from write traffic in order not to overload the instance @@ -142,7 +150,7 @@ def verify(args,config,eos,db): except KeyError: unique_share_keys[unique_key] = s - if s.file_target.count("/")>1: + if s.share_type != 3 and s.file_target.count("/")>1: logger.error("FILE_TARGET_MULTIPLE_SLASH_PROBLEM id=%d owner=%s sharee=%s target='%s' fid=%s stime=%s",s.id,s.uid_owner,s.share_with,s.file_target,fid,s.stime) fixed_target='/%s'%os.path.basename(s.file_target) assert("'" not in fixed_target) @@ -164,6 +172,8 @@ def verify(args,config,eos,db): if s.share_type == 1: logger.info("Share type 1 (egroup). Not checking if destination exists") + elif s.share_type == 3: + logger.info("Share type 3 (public link). Not checking if destination exists") else: try: pwd.getpwnam(s.share_with) @@ -181,16 +191,16 @@ def verify(args,config,eos,db): if args.fix: db.set_orphan(s.id, orphan=0) - - # this is the expected ACL entry in the shared directory tree - acl = cernbox_utils.sharing.share2acl(s) + if s.share_type != 3: + # this is the expected ACL entry in the shared directory tree + acl = cernbox_utils.sharing.share2acl(s) - shared_fids.setdefault(fid,[]).append(acl) + shared_fids.setdefault(fid,[]).append(acl) - p = os.path.normpath(f.file)+"/" # append trailing slash, otherwise directories which basename is a substring give false positive, e.g.: /eos/user/k/kuba/tmp.readonly /eos/user/k/kuba/tmp - p = p.decode('utf8') - shared_paths[p] = fid - shared_acls.setdefault(p,[]).append(acl) + p = os.path.normpath(f.file)+"/" # append trailing slash, otherwise directories which basename is a substring give false positive, e.g.: /eos/user/k/kuba/tmp.readonly /eos/user/k/kuba/tmp + p = p.decode('utf8') + shared_paths[p] = fid + shared_acls.setdefault(p,[]).append(acl) logger.info("Expected shared paths with visibility to others (%s)",len(shared_acls))