X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/57d7ce9de300d1340ed12d61248e7cea6bd1be15..7178ac911e7b160c1348da404b5aa07b9829d3c8:/services/api/app/models/collection.rb diff --git a/services/api/app/models/collection.rb b/services/api/app/models/collection.rb index 520f617868..accd2cc62c 100644 --- a/services/api/app/models/collection.rb +++ b/services/api/app/models/collection.rb @@ -1,14 +1,19 @@ +require 'arvados/keep' + class Collection < ArvadosModel include HasUuid include KindAndEtag include CommonApiTemplate + before_validation :check_signatures + before_validation :strip_manifest_text before_validation :set_portable_data_hash validate :ensure_hash_matches_manifest_text + # Query only undeleted collections by default. + default_scope where("expires_at IS NULL or expires_at > CURRENT_TIMESTAMP") + api_accessible :user, extend: :common do |t| - t.add :data_size - t.add :files t.add :name t.add :description t.add :properties @@ -16,11 +21,57 @@ class Collection < ArvadosModel t.add :manifest_text end - def self.attributes_required_columns - super.merge({ "data_size" => ["manifest_text"], - "files" => ["manifest_text"], - "id" => ["id"] - }) + def check_signatures + return false if self.manifest_text.nil? + + return true if current_user.andand.is_admin + + if self.manifest_text_changed? + # Check permissions on the collection manifest. + # If any signature cannot be verified, raise PermissionDeniedError + # which will return 403 Permission denied to the client. + api_token = current_api_client_authorization.andand.api_token + signing_opts = { + key: Rails.configuration.blob_signing_key, + api_token: api_token, + ttl: Rails.configuration.blob_signing_ttl, + } + self.manifest_text.lines.each do |entry| + entry.split[1..-1].each do |tok| + if /^[[:digit:]]+:[[:digit:]]+:/.match tok + # This is a filename token, not a blob locator. Note that we + # keep checking tokens after this, even though manifest + # format dictates that all subsequent tokens will also be + # filenames. Safety first! + elsif Blob.verify_signature tok, signing_opts + # OK. + elsif Keep::Locator.parse(tok).andand.signature + # Signature provided, but verify_signature did not like it. + logger.warn "Invalid signature on locator #{tok}" + raise ArvadosModel::PermissionDeniedError + elsif Rails.configuration.permit_create_collection_with_unsigned_manifest + # No signature provided, but we are running in insecure mode. + logger.debug "Missing signature on locator #{tok} ignored" + elsif Blob.new(tok).empty? + # No signature provided -- but no data to protect, either. + else + logger.warn "Missing signature on locator #{tok}" + raise ArvadosModel::PermissionDeniedError + end + end + end + end + true + end + + def strip_manifest_text + if self.manifest_text_changed? + # Remove any permission signatures from the manifest. + Collection.munge_manifest_locators(self[:manifest_text]) do |loc| + loc.without_signature.to_s + end + end + true end def set_portable_data_hash @@ -28,9 +79,13 @@ class Collection < ArvadosModel self.portable_data_hash = "#{Digest::MD5.hexdigest(manifest_text)}+#{manifest_text.length}" elsif portable_data_hash_changed? begin - loc = Locator.parse!(self.portable_data_hash) + loc = Keep::Locator.parse!(self.portable_data_hash) loc.strip_hints! - self.portable_data_hash = loc.to_s + if loc.size + self.portable_data_hash = loc.to_s + else + self.portable_data_hash = "#{loc.hash}+#{self.manifest_text.length}" + end rescue ArgumentError => e errors.add(:portable_data_hash, "#{e}") return false @@ -67,74 +122,16 @@ class Collection < ArvadosModel end end - def data_size - inspect_manifest_text if @data_size.nil? or manifest_text_changed? - @data_size - end - - def files - inspect_manifest_text if @files.nil? or manifest_text_changed? - @files - end - - def inspect_manifest_text - if !manifest_text - @data_size = false - @files = [] - return - end - - @data_size = 0 - tmp = {} - - manifest_text.split("\n").each do |stream| - toks = stream.split(" ") - - stream = toks[0].gsub /\\(\\|[0-7]{3})/ do |escape_sequence| - case $1 - when '\\' '\\' - else $1.to_i(8).chr - end - end - - toks[1..-1].each do |tok| - if (re = tok.match /^[0-9a-f]{32}/) - blocksize = nil - tok.split('+')[1..-1].each do |hint| - if !blocksize and hint.match /^\d+$/ - blocksize = hint.to_i - end - if (re = hint.match /^GS(\d+)$/) - blocksize = re[1].to_i - end - end - @data_size = false if !blocksize - @data_size += blocksize if @data_size - else - if (re = tok.match /^(\d+):(\d+):(\S+)$/) - filename = re[3].gsub /\\(\\|[0-7]{3})/ do |escape_sequence| - case $1 - when '\\' '\\' - else $1.to_i(8).chr - end - end - fn = stream + '/' + filename - i = re[2].to_i - if tmp[fn] - tmp[fn] += i - else - tmp[fn] = i - end - end - end + def self.munge_manifest_locators(manifest) + # Given a manifest text and a block, yield each locator, + # and replace it with whatever the block returns. + manifest.andand.gsub!(/ [[:xdigit:]]{32}(\+[[:digit:]]+)?(\+\S+)/) do |word| + if loc = Keep::Locator.parse(word.strip) + " " + yield(loc) + else + " " + word end end - - @files = [] - tmp.each do |k, v| - re = k.match(/^(.+)\/(.+)/) - @files << [re[1], re[2], v] - end end def self.normalize_uuid uuid @@ -153,7 +150,8 @@ class Collection < ArvadosModel [hash_part, size_part].compact.join '+' end - def self.uuids_for_docker_image(search_term, search_tag=nil, readers=nil) + # Return array of Collection objects + def self.find_all_for_docker_image(search_term, search_tag=nil, readers=nil) readers ||= [Thread.current[:user]] base_search = Link. readable_by(*readers). @@ -163,12 +161,17 @@ class Collection < ArvadosModel # If the search term is a Collection locator that contains one file # that looks like a Docker image, return it. - if loc = Locator.parse(search_term) + if loc = Keep::Locator.parse(search_term) loc.strip_hints! coll_match = readable_by(*readers).where(portable_data_hash: loc.to_s).limit(1).first - if coll_match and (coll_match.files.size == 1) and - (coll_match.files[0][1] =~ /^[0-9A-Fa-f]{64}\.tar$/) - return [coll_match.uuid] + if coll_match + # Check if the Collection contains exactly one file whose name + # looks like a saved Docker image. + manifest = Keep::Manifest.new(coll_match.manifest_text) + if manifest.exact_file_count?(1) and + (manifest.files[0][1] =~ /^[0-9A-Fa-f]{64}\.tar$/) + return [coll_match] + end end end @@ -193,21 +196,14 @@ class Collection < ArvadosModel # so that anything with an image timestamp is considered more recent than # anything without; then we use the link's created_at as a tiebreaker. uuid_timestamps = {} - matches.find_each do |link| - c = Collection.find_by_uuid(link.head_uuid) - uuid_timestamps[c.uuid] = - [(-link.properties["image_timestamp"].to_datetime.to_i rescue 0), - -link.created_at.to_i] + matches.all.map do |link| + uuid_timestamps[link.head_uuid] = [(-link.properties["image_timestamp"].to_datetime.to_i rescue 0), + -link.created_at.to_i] end - uuid_timestamps.keys.sort_by { |uuid| uuid_timestamps[uuid] } + Collection.where('uuid in (?)', uuid_timestamps.keys).sort_by { |c| uuid_timestamps[c.uuid] } end def self.for_latest_docker_image(search_term, search_tag=nil, readers=nil) - image_uuid = uuids_for_docker_image(search_term, search_tag, readers).first - if image_uuid.nil? - nil - else - find_by_uuid(image_uuid) - end + find_all_for_docker_image(search_term, search_tag, readers).first end end