X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/1f43dd857829bd1134837c43a8ac5d653c0c68b1..22b165b48c33239aefee631ffbb00079c5486866:/services/api/app/controllers/arvados/v1/collections_controller.rb diff --git a/services/api/app/controllers/arvados/v1/collections_controller.rb b/services/api/app/controllers/arvados/v1/collections_controller.rb index 2844cb4c7a..a0c64aa6e6 100644 --- a/services/api/app/controllers/arvados/v1/collections_controller.rb +++ b/services/api/app/controllers/arvados/v1/collections_controller.rb @@ -1,5 +1,3 @@ -require 'locator' - class Arvados::V1::CollectionsController < ApplicationController def create # Collections are owned by system_user. Creating a collection has @@ -15,7 +13,6 @@ class Arvados::V1::CollectionsController < ApplicationController # Check permissions on the collection manifest. # If any signature cannot be verified, return 403 Permission denied. - perms_ok = true api_token = current_api_client_authorization.andand.api_token signing_opts = { key: Rails.configuration.blob_signing_key, @@ -24,32 +21,38 @@ class Arvados::V1::CollectionsController < ApplicationController } resource_attrs[:manifest_text].lines.each do |entry| entry.split[1..-1].each do |tok| - # TODO(twp): fail the request if this match fails. - # Add in Phase 4 (see #2755) - loc = Locator.parse(tok) - if loc and loc.signature - if !api_token - logger.warn "No API token present; cannot verify signature on #{loc}" - perms_ok = false - elsif !Blob.verify_signature tok, signing_opts - logger.warn "Invalid signature on locator #{loc}" - perms_ok = false - end + if /^[[:digit:]]+:[[:digit:]]+:/.match tok + # This is a filename token, not a blob locator. Note that we + # keep checking tokens after this, even though manifest + # format dictates that all subsequent tokens will also be + # filenames. Safety first! + elsif Blob.verify_signature tok, signing_opts + # OK. + elsif Locator.parse(tok).andand.signature + # Signature provided, but verify_signature did not like it. + logger.warn "Invalid signature on locator #{tok}" + raise ArvadosModel::PermissionDeniedError + elsif Rails.configuration.permit_create_collection_with_unsigned_manifest + # No signature provided, but we are running in insecure mode. + logger.debug "Missing signature on locator #{tok} ignored" + elsif Blob.new(tok).empty? + # No signature provided -- but no data to protect, either. + else + logger.warn "Missing signature on locator #{tok}" + raise ArvadosModel::PermissionDeniedError end end end - unless perms_ok - raise ArvadosModel::PermissionDeniedError - end # Remove any permission signatures from the manifest. resource_attrs[:manifest_text] - .gsub!(/[[:xdigit:]]{32}(\+[[:digit:]]+)?(\+\S+)/) { |word| + .gsub!(/ [[:xdigit:]]{32}(\+[[:digit:]]+)?(\+\S+)/) { |word| + word.strip! loc = Locator.parse(word) if loc - loc.without_signature.to_s + " " + loc.without_signature.to_s else - word + " " + word end } @@ -60,11 +63,11 @@ class Arvados::V1::CollectionsController < ApplicationController @object.save! rescue ActiveRecord::RecordNotUnique logger.debug resource_attrs.inspect - if resource_attrs[:manifest_text] and resource_attrs[:uuid] + if @object.manifest_text and @object.uuid @existing_object = model_class. where('uuid=? and manifest_text=?', - resource_attrs[:uuid], - resource_attrs[:manifest_text]). + @object.uuid, + @object.manifest_text). first @object = @existing_object || @object end @@ -95,12 +98,13 @@ class Arvados::V1::CollectionsController < ApplicationController ttl: Rails.configuration.blob_signing_ttl, } @object[:manifest_text] - .gsub!(/[[:xdigit:]]{32}(\+[[:digit:]]+)?(\+\S+)/) { |word| + .gsub!(/ [[:xdigit:]]{32}(\+[[:digit:]]+)?(\+\S+)/) { |word| + word.strip! loc = Locator.parse(word) if loc - Blob.sign_locator(word, signing_opts) + " " + Blob.sign_locator(word, signing_opts) else - word + " " + word end } end