[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Cluster-devel] conga luci/cluster/form-macros luci/homebase/f ...



CVSROOT:	/cvs/cluster
Module name:	conga
Changes by:	rmccabe sourceware org	2007-01-04 00:19:49

Modified files:
	luci/cluster   : form-macros 
	luci/homebase  : form-macros 
	luci/site/luci/Extensions: homebase_adapters.py ricci_bridge.py 
	                           ricci_communicator.py 
	ricci/ricci    : Makefile Ricci.cpp 

Log message:
	fix for bugs found while testing the fix for bz201394

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/cluster/form-macros.diff?cvsroot=cluster&r1=1.139&r2=1.140
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/homebase/form-macros.diff?cvsroot=cluster&r1=1.51&r2=1.52
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/Extensions/homebase_adapters.py.diff?cvsroot=cluster&r1=1.43&r2=1.44
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/Extensions/ricci_bridge.py.diff?cvsroot=cluster&r1=1.52&r2=1.53
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/Extensions/ricci_communicator.py.diff?cvsroot=cluster&r1=1.23&r2=1.24
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/Makefile.diff?cvsroot=cluster&r1=1.17&r2=1.18
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/Ricci.cpp.diff?cvsroot=cluster&r1=1.21&r2=1.22

--- conga/luci/cluster/form-macros	2007/01/02 20:12:22	1.139
+++ conga/luci/cluster/form-macros	2007/01/04 00:19:48	1.140
@@ -243,6 +243,8 @@
 
 			<tfoot class="systemsTable">
 				<tr class="systemsTable"><td colspan="2" class="systemsTable">
+					<input type="hidden" name="trust_shown" value="1"
+						tal:condition="add_cluster" />
 					<ul class="vanilla deploy">
 						<li class="vanilla">
 							<input type="radio" name="download_pkgs"
@@ -332,6 +334,7 @@
 								src python: 'trusted' in sys and '/luci/lock-ok.png' or ('fp' in sys and '/luci/lock-closed.png' or '/luci/lock-open.png');
 								title sys/fp | string:no key fingerprint available" />
 						<input type="hidden"
+							tal:condition="exists: sys/fp"
 							tal:attributes="
 								id python: '__SYSTEM%dFingerprint' % cur_sysnum;
 								name python: '__SYSTEM%dFingerprint' % cur_sysnum;
@@ -2900,6 +2903,8 @@
 
 			<tfoot class="systemsTable">
 				<tr class="systemsTable"><td colspan="2" class="systemsTable">
+					<input type="hidden" name="trust_shown" value="1"
+						tal:condition="add_cluster" />
 					<ul class="vanilla deploy">
 						<li class="vanilla">
 							<input type="radio" name="download_pkgs" value="1"
@@ -2994,6 +2999,7 @@
 								src python: 'trusted' in sys and '/luci/lock-ok.png' or ('fp' in sys and '/luci/lock-closed.png' or '/luci/lock-open.png');
 								title sys/fp | string:no key fingerprint available" />
 						<input type="hidden"
+							tal:condition="exists: sys/fp"
 							tal:attributes="
 								id python: '__SYSTEM%dFingerprint' % cur_sysnum;
 								name python: '__SYSTEM%dFingerprint' % cur_sysnum;
--- conga/luci/homebase/form-macros	2007/01/02 20:12:22	1.51
+++ conga/luci/homebase/form-macros	2007/01/04 00:19:48	1.52
@@ -353,6 +353,8 @@
 						tal:define="sys python: new_systems[cur_sys]">
 
 						<td class="systemsTable">
+							<input type="hidden" name="trust_shown" value="1" />
+
 							<input class="hbInputSys" type="text"
 								tal:attributes="
 									id python: '__SYSTEM%d:Addr' % cur_sysnum;
@@ -376,6 +378,7 @@
 									title sys/fp | string:no key fingerprint available"
 							/>
 							<input type="hidden"
+								tal:condition="exists: sys/fp"
 								tal:attributes="
 									id python: '__SYSTEM%dFingerprint' % cur_sysnum;
 									name python: '__SYSTEM%dFingerprint' % cur_sysnum;
@@ -639,6 +642,8 @@
 						tal:define="sys python: new_systems[cur_sys]">
 
 						<td class="systemsTable">
+							<input type="hidden" name="trust_shown" value="1" />
+
 							<input class="hbInputSys" type="text"
 								tal:attributes="
 									id python: '__SYSTEM%d:Addr' % cur_sysnum;
@@ -663,6 +668,7 @@
 									title sys/fp | string:no key fingerprint available"
 							/>
 							<input type="hidden"
+								tal:condition="exists: sys/fp"
 								tal:attributes="
 									id python: '__SYSTEM%dFingerprint' % cur_sysnum;
 									name python: '__SYSTEM%dFingerprint' % cur_sysnum;
@@ -761,7 +767,7 @@
 			tal:attributes="value add_cluster/pass | string:0" />
 
 		<input name="cluster_os" type="hidden"
-			tal:attributes="value add_cluster/cluster_os | string:rhel5" />
+			tal:attributes="value add_cluster/cluster_os | nothing" />
 
 		<table id="systemsTable" class="systemsTable" border="0" cellspacing="0">
 			<thead class="systemsTable">
@@ -786,6 +792,7 @@
 
 			<tfoot class="systemsTable">
 				<tr class="systemsTable"><td colspan="2" class="systemsTable">
+					<input type="hidden" name="trust_shown" value="1" />
 					<ul class="vanilla">
 						<li class="vanilla">
 							<input name="check_certs" type="checkbox"
@@ -854,6 +861,7 @@
 								src python: 'trusted' in sys and '/luci/lock-ok.png' or ('fp' in sys and '/luci/lock-closed.png' or '/luci/lock-open.png');
 								title sys/fp | string:no key fingerprint available" />
 						<input type="hidden"
+							tal:condition="exists: sys/fp"
 							tal:attributes="
 								id python: '__SYSTEM%dFingerprint' % cur_sysnum;
 								name python: '__SYSTEM%dFingerprint' % cur_sysnum;
@@ -936,6 +944,9 @@
 
 			<tfoot class="systemsTable">
 				<tr class="systemsTable"><td colspan="2" class="systemsTable">
+					<input type="hidden" name="trust_shown" value="1"
+						tal:condition="cur_sys" />
+
 					<ul class="vanilla">
 						<li class="vanilla"><input name="check_certs" type="checkbox">View system certificates before sending any passwords.</li>
 						<li class="vanilla"><input type="checkbox" name="allSameCheckBox" id="allSameCheckBox" onClick="allPasswdsSame(this.form);"/>Authenticate to all cluster nodes using the password provided above.</li>
--- conga/luci/site/luci/Extensions/homebase_adapters.py	2007/01/02 20:12:22	1.43
+++ conga/luci/site/luci/Extensions/homebase_adapters.py	2007/01/04 00:19:49	1.44
@@ -174,6 +174,12 @@
 	except:
 		cur_host_trusted = False
 
+	trust_shown = False
+	try:
+		trust_shown = request.form.has_key('trust_shown')
+	except:
+		trust_shown = False
+
 	cur_host_fp = None
 	try:
 		cur_host_fp = request.form['host_fingerprint'].strip()
@@ -183,7 +189,7 @@
 		cur_host_fp = None
 
 	try:
-		rc = RicciCommunicator(cur_host)
+		rc = RicciCommunicator(cur_host, enforce_trust=False)
 		if not rc:
 			raise Exception, 'rc is None'
 		cur_fp = rc.fingerprint()
@@ -194,7 +200,7 @@
 	except Exception, e:
 		luci_log.debug_verbose('vACI2: %s: %s' % (cur_host, str(e)))
 		request.SESSION.set('add_cluster_initial', cur_entry)
-		return (False, { 'errors': [ 'Unable to establish a secure connection to the ricci agent on %s: %s' \
+		return (False, { 'errors': [ 'Unable to establish a connection to the ricci agent on %s: %s' \
 			% (cur_host, str(e)) ] })
 
 	if not check_certs or cur_host_trusted:
@@ -205,6 +211,10 @@
 				request.SESSION.set('add_cluster_initial', cur_entry)
 				luci_log.info('SECURITY: %s' % errmsg)
 				return (False, { 'errors': [ errmsg ] })
+			if trust_shown is True and cur_host_trusted is False:
+				errmsg = 'You must elect to trust \"%s\" or abort the addition of the cluster to Luci.' % cur_host
+				request.SESSION.set('add_cluster_initial', cur_entry)
+				return (False, { 'errors': [ errmsg ] })
 			rc.trust()
 		except Exception, e:
 			luci_log.debug_verbose('vACI3: %s %s' % (cur_host, str(e)))
@@ -224,11 +234,11 @@
 		return (True, { 'messages': [ msg ] })
 
 	try:
-		del rc
 		request.SESSION.delete('add_cluster_initial')
 	except:
 		pass
 
+	rc = None
 	try:
 		rc = RicciCommunicator(cur_host, enforce_trust=True)
 		if not rc:
@@ -272,7 +282,11 @@
 		return (False, { 'errors': [ errmsg ] })
 
 	cluster_name = cluster_info[0]
+
 	cluster_os = resolveOSType(rc.os())
+	luci_log.debug_verbose('vACI5a: cluster os is %s (%s)' \
+		% (cluster_os, rc.os()))
+
 	try:
 		cluster_conf = getClusterConf(rc)
 	except:
@@ -340,6 +354,12 @@
 		luci_log.debug_verbose('PHF1: numStorage field missing: %s' % str(e))
 		errors.append('The number of systems entered could not be determined.')
 
+	trust_shown = False
+	try:
+		trust_shown = request.form.has_key('trust_shown')
+	except:
+		trust_shown = False
+
 	incomplete = False
 	i = 0
 	while i < num_storage:
@@ -385,10 +405,10 @@
 				cur_system['prev_auth'] = rc.authed()
 				fp = rc.fingerprint()
 
-				if cur_set_trust is True:
+				if cur_set_trust is True and cur_fp is not None:
 					cur_system['fp'] = cur_fp
 					if cur_fp != fp[1]:
-						errmsg = 'The key fingerprint for %s has changed from under us. It was \"%s\" and is now \"%s\".' % (cur_host, cur_fp, fp[1])
+						errmsg = '1The key fingerprint for %s has changed from under us. It was \"%s\" and is now \"%s\".' % (cur_host, cur_fp, fp[1])
 						errors.append(errmsg)
 						luci_log.info('SECURITY: %s' % errmsg)
 						cur_system['error'] = True
@@ -418,14 +438,20 @@
 				luci_log.debug_verbose('PHF2: %s: %s' \
 					% (cur_host, str(e)))
 		else:
-			# The user doesn't care. Trust the system.
 			try:
-				rc = RicciCommunicator(cur_host)
+				rc = RicciCommunicator(cur_host, enforce_trust=False)
 				if not rc:
 					raise Exception, 'rc is None'
-				rc.trust()
-				cur_system['trusted'] = True
-				cur_system['prev_auth'] = rc.authed()
+
+				if not rc.trusted() and (trust_shown is True and cur_set_trust is False):
+					incomplete = True
+					cur_system['error'] = True
+					errors.append('You must either trust \"%s\" or remove it.' % cur_host)
+				else:
+					# The user doesn't care. Trust the system.
+					rc.trust()
+					cur_system['trusted'] = True
+					cur_system['prev_auth'] = rc.authed()
 			except Exception, e:
 				incomplete = True
 				cur_system['error'] = True
@@ -503,14 +529,15 @@
 
 		if (cur_host_trusted or not check_certs) and cur_passwd:
 			try:
-				rc = RicciCommunicator(cur_host, enforce_trust=False)
+				rc = RicciCommunicator(cur_host)
 				prev_auth = rc.authed()
 			except Exception, e:
 				errors.append('Unable to connect to the ricci agent on %s: %s' \
 					% (cur_host, str(e)))
 				incomplete = True
 				cur_system['errors'] = True
-				luci_log.debug_verbose('VAC2: %s: %s' % cur_host, str(e))
+				luci_log.debug_verbose('VAC2: %s: %s' \
+					% (cur_host, str(e)))
 				continue
 
 			try:
@@ -553,6 +580,8 @@
 
 			cur_os = resolveOSType(rc.os())
 			if cur_os != cluster_os:
+				luci_log.debug_verbose('VAC5a: \"%s\" / \"%s\" -> \"%s\"' \
+					% (cluster_os, rc.os(), cur_os))
 				incomplete = True
 				cur_system['errors'] = True
 
@@ -563,7 +592,7 @@
 						luci_log.debug_verbose('VAC6: %s: %s' % (cur_host, str(e)))
 
 				err_msg = 'Node %s reports its cluster version is %s and we expect %s' \
-					% (cur_os, cluster_os)
+					% (cur_host, cur_os, cluster_os)
 
 				errors.append(err_msg)
 				luci_log.debug_verbose('VAC7: %s' % err_msg)
@@ -1415,7 +1444,7 @@
 		return 'Unable to find storage system %s: %s' % (systemName, str(e))
 
 	try:
-		rc = RicciCommunicator(systemName)
+		rc = RicciCommunicator(systemName, enforce_trust=False)
 		if rc is None:
 			raise Exception, 'rc is None'
 	except Exception, e:
@@ -1486,7 +1515,7 @@
 	except:
 		# It's not a storage system, so unauthenticate.
 		try:
-			rc = RicciCommunicator(systemName)
+			rc = RicciCommunicator(systemName, enforce_trust=False)
 			rc.unauth()
 		except Exception, e:
 			luci_log.debug_verbose('delClusterSystem0: ricci error for %s: %s' \
--- conga/luci/site/luci/Extensions/ricci_bridge.py	2006/12/21 05:08:49	1.52
+++ conga/luci/site/luci/Extensions/ricci_bridge.py	2007/01/04 00:19:49	1.53
@@ -597,8 +597,6 @@
 	# temporary workaround for ricci bug
 	system_info = rc.hostname()
 	try:
-#		FIXME
-#		rc = RicciCommunicator(system_info, enforce_trust=True)
 		rc = RicciCommunicator(system_info)
 		if rc is None:
 			raise Exception, 'unknown error'
--- conga/luci/site/luci/Extensions/ricci_communicator.py	2006/12/21 05:08:49	1.23
+++ conga/luci/site/luci/Extensions/ricci_communicator.py	2007/01/04 00:19:49	1.24
@@ -15,7 +15,7 @@
     pass
 
 class RicciCommunicator:
-    def __init__(self, hostname, enforce_trust=False, port=11111):
+    def __init__(self, hostname, enforce_trust=True, port=11111):
         self.__hostname = hostname
         self.__port = port
         
@@ -57,8 +57,7 @@
         self.__dom0 = hello.firstChild.getAttribute('xen_host') == 'true'
         
         pass
-    
-    
+
     def hostname(self):
         luci_log.debug_verbose('RC:hostname: [auth %d] reported hostname = %s' \
             % (self.__authed, self.__hostname))
@@ -76,16 +75,16 @@
             % (self.__authed, self.__cluname, self.__clualias, self.__hostname))
         return (self.__cluname, self.__clualias)
     def os(self):
-        luci_log.debug_verbose('RC:os: [auth %d] reported system_name = %s for %s' \
+        luci_log.debug_verbose('RC:os: [auth %d] reported os = %s for %s' \
             % (self.__authed, self.__os, self.__hostname))
         return self.__os
     def dom0(self):
-        luci_log.debug_verbose('RC:dom0: [auth %d] reported system_name = %s for %s' \
+        luci_log.debug_verbose('RC:dom0: [auth %d] reported dom0 = %s for %s' \
             % (self.__authed, self.__dom0, self.__hostname))
         return self.__dom0
 
     def fingerprint(self):
-		return self.ss.peer_fingerprint()
+        return self.ss.peer_fingerprint()
 
     def trust(self):
         return self.ss.trust()
@@ -115,11 +114,19 @@
         resp = self.__receive(self.__timeout_auth)
         self.__authed = resp.firstChild.getAttribute('authenticated') == 'true'
 
+        if self.__authed:
+            try:
+                self.__cluname = resp.firstChild.getAttribute('clustername')
+                self.__clualias = resp.firstChild.getAttribute('clusteralias')
+                self.__reported_hostname = resp.firstChild.getAttribute('hostname')
+                self.__os = resp.firstChild.getAttribute('os')
+                self.__dom0 = resp.firstChild.getAttribute('xen_host') == 'true'
+            except:
+                pass
         luci_log.debug_verbose('RC:auth1: auth call returning %d' \
-			% self.__authed)
+            % self.__authed)
         return self.__authed
 
-
     def unauth(self):
         doc = minidom.Document()
         ricci = doc.createElement('ricci')
--- conga/ricci/ricci/Makefile	2006/10/24 21:54:29	1.17
+++ conga/ricci/ricci/Makefile	2007/01/04 00:19:49	1.18
@@ -40,7 +40,8 @@
 
 INCLUDE     += `pkg-config --cflags dbus-1`
 CFLAGS      += 
-CXXFLAGS    += -DDBUS_MAJOR_VERSION="${dbus_major_version}" -DDBUS_MINOR_VERSION="${dbus_minor_version}"
+CXXFLAGS    += -DDBUS_MAJOR_VERSION="${dbus_major_version}" -DDBUS_MINOR_VERSIO
+N="${dbus_minor_version}"
 LDFLAGS     += `pkg-config --libs dbus-1`
 
 
--- conga/ricci/ricci/Ricci.cpp	2006/11/20 23:10:58	1.21
+++ conga/ricci/ricci/Ricci.cpp	2007/01/04 00:19:49	1.22
@@ -134,7 +134,6 @@
   String function = req.get_attr("function");
   if (function == "") {
     success = RRC_MISSING_FUNCTION;
-    
   } else if (function == "authenticate") {
     String passwd = req.get_attr("password");
     bool passwd_ok = false;
@@ -145,7 +144,7 @@
     }
     
     if (passwd_ok) {
-      resp = ricci_header(true);
+      resp = ricci_header(true, true);
       success = RRC_SUCCESS;
       save_cert = true;
     } else {


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]