Tim Landscheidt has uploaded a new change for review.
https://gerrit.wikimedia.org/r/205184
Change subject: Tools: Ensure that webservice is not called by normal users
......................................................................
Tools: Ensure that webservice is not called by normal users
Bug: T66219
Bug: T96491
Change-Id: I22d0839330fcca61daa2405800a341239d151329
---
M modules/toollabs/files/webservice2
1 file changed, 6 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/84/205184/1
diff --git a/modules/toollabs/files/webservice2
b/modules/toollabs/files/webservice2
index 9885ad2..195efc0 100644
--- a/modules/toollabs/files/webservice2
+++ b/modules/toollabs/files/webservice2
@@ -138,7 +138,12 @@
pwd_entry = pwd.getpwuid(os.getuid())
USER = pwd_entry.pw_name
HOME = pwd_entry.pw_dir
-TOOL = re.sub(r'^%s.' % PREFIX, '', USER) # Tool users are of form
PREFIX.TOOLNAME
+
+# Ensure that we are indeed a tool.
+if not USER.startswith(PREFIX + '.'):
+ sys.stderr.write('Only tool accounts have web services.\n')
+ sys.exit(1)
+TOOL = USER[len(PREFIX) + 1:]
# Read memlimit customizations for individual tools, set by
# admins for tools that require more than usual memory limits.
--
To view, visit https://gerrit.wikimedia.org/r/205184
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I22d0839330fcca61daa2405800a341239d151329
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Tim Landscheidt <t...@tim-landscheidt.de>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
