Custom Query (894 matches)


Show under each result:

Results (106 - 108 of 894)

Ticket Owner Reporter Resolution Summary
#1030 desai fixed Better handling of floating cert-authenticated clients

A floating, cert-authenticated client can be not recognized properly by hostname if it resolves to an arbitrary name in reverse DNS.

Background: Metadata.resolve_client, called from @exposed Core's methods, falls back to reverse DNS lookup for client's name, because the name is not preserved thanks to bailing off early from Metadata.AuthenticateConnection.

(This issue can be related to #936.)

Here comes a patch which enables caching of client names for cert-based floating clients. The patch is against modified 1.2.0pre3-HEAD-9070f86, tested with Python 2.7. Line numbers may be slightly off.

diff --git a/src/lib/Server/Plugins/ b/src/lib/Server/Plugins/
--- a/src/lib/Server/Plugins/
+++ b/src/lib/Server/Plugins/
@@ -568,15 +568,28 @@
                                       'Client', name=client,
         self.clients[client] = profile

-    def resolve_client(self, addresspair):
+    def resolve_client(self, addresspair, cleanup_cache=False):
         """Lookup address locally or in DNS to get a hostname."""
         if addresspair in self.session_cache:
+            # client _was_ cached, so there can be some expired entries
+            # we need to clean them up to avoid potentially infinite memory swell
+            cache_ttl = 90
+            if cleanup_cache:
+                # remove entries for this client's IP address with _any_ port numbers
+                # - perhaps a priority queue could be faster?
+                curtime = time.time()
+                for addrpair in self.session_cache.keys():
+                     if addresspair[0] == addrpair[0]:
+                         (stamp, _) = self.session_cache[addrpair]
+                         if curtime - stamp > cache_ttl:
+                             del self.session_cache[addrpair]
+            # return the cached data
             (stamp, uuid) = self.session_cache[addresspair]
-            if time.time() - stamp < 90:
+            if time.time() - stamp < cache_ttl:
                 return self.session_cache[addresspair][1]
         address = addresspair[0]
         if address in self.addresses:
             if len(self.addresses[address]) != 1:
                 self.logger.error("Address %s has multiple reverse assignments; a uuid must be used" % (address))
@@ -738,10 +751,13 @@

         if not addr_is_valid:
             return False

         if id_method == 'cert' and auth_type != 'cert+password':
+            # remember the cert-derived client name for this connection
+            if client in self.floating:
+                self.session_cache[address] = (time.time(), client)
             # we are done if cert+password not required
             return True

         if client not in self.passwords:
             if client in
diff --git a/src/lib/Server/ b/src/lib/Server/
--- a/src/lib/Server/
+++ b/src/lib/Server/
@@ -349,11 +349,11 @@
     def GetProbes(self, address):
         """Fetch probes for a particular client."""
         resp = lxml.etree.Element('probes')
-            name = self.metadata.resolve_client(address)
+            name = self.metadata.resolve_client(address, cleanup_cache=True)
             meta = self.build_metadata(name)

             for plugin in [p for p in list(self.plugins.values()) \
                            if isinstance(p, Bcfg2.Server.Plugin.Probing)]:
                 for probe in plugin.GetProbes(meta):


#630 solj [email protected] fixed Blast and SYSV client tools using suboptimal 'mktemp'

Both the Blast and SYSV client package tools use tempfile.mktemp(), which is insecure, and leaves the temporary file around after bcfg2 has finished running. This eventually leaves me with many Solaris boxes with /tmp full of tmpXXXXXX files.

The attached patch uses tempfile.NamedTemporaryFile?() instead, which solves both of these problems. This requires python 2.3, though; is that acceptable?

#477 desai [email protected] fixed Block, Character, and FIFO

Ability for Bcfg to create block, character, and FIFO devices.

Note: See TracQuery for help on using queries.