From 191f762aee7f7412e3d3b3840de914b9326aa888 Mon Sep 17 00:00:00 2001
From: "David E. Eisenstat" <deisenst@cs.princeton.edu>
Date: Fri, 10 Nov 2006 21:08:41 +0000
Subject: [PATCH] Disallow multiple conf_files instances and have conf_files
 use curl with certificates.

---
 conf_files.py  | 114 +++++++++++++++++++++++++++++--------------------
 curlwrapper.py |  16 +++++++
 safexmlrpc.py  |  16 +++----
 ticket.py      |   2 +-
 tools.py       |   8 ++--
 5 files changed, 94 insertions(+), 62 deletions(-)
 create mode 100644 curlwrapper.py

diff --git a/conf_files.py b/conf_files.py
index 868db2c..d76ec37 100644
--- a/conf_files.py
+++ b/conf_files.py
@@ -5,55 +5,75 @@ import os
 import pwd
 import sha
 import string
-import urllib
+import threading
 
+import config
+import curlwrapper
 import logger
 import tools
 
 
-BOOT_SERVER = "plc-a.demo.vmware"
-
-
-def checksum(path):
-    try:
-        f = open(path)
-        try: return sha.new(f.read()).digest()
-        finally: f.close()
-    except IOError: return None
-
-def system(cmd):
-    if cmd:
-        logger.log('cf: running command %s' % cmd)
-        return os.system(cmd)
-    else: return 0
-
-def conf_file(cf_rec):
-    if not cf_rec['enabled']: return
-    dest = cf_rec['dest']
-    logger.log('cf: considering file %s' % dest)
-    err_cmd = cf_rec['error_cmd']
-    mode = string.atoi(cf_rec['file_permissions'], base=8)
-    uid = pwd.getpwnam(cf_rec['file_owner'])[2]
-    gid = grp.getgrnam(cf_rec['file_group'])[2]
-    src, msg = urllib.urlretrieve('https://%s%s' % (BOOT_SERVER, cf_rec['source']))
-    if not cf_rec['always_update'] and checksum(src) == checksum(dest):
-        logger.log('cf: skipping file %s, always_update is false and checksums are identical' % dest)
-        return
-    if system(cf_rec['preinstall_cmd']):
-        system(err_cmd)
-        if not cf_rec['ignore_cmd_errors']: return
-    logger.log('cf: installing file %s' % dest)
-    os.chmod(src, mode)
-    os.chown(src, uid, gid)
-    os.rename(src, dest)
-    if system(cf_rec['postinstall_cmd']): system(err_cmd)
-
-def GetSlivers_callback(data):
-    def run():
-        for d in data:
-            for f in d['conf_files']:
-                try: conf_file(f)
-                except: logger.log_exc()
-    tools.as_daemon_thread(run)
-
-def start(options): pass
+class conf_files:
+    def __init__(self):
+        self.cond = threading.Condition()
+        self.config = config.Config()
+        self.data = None
+
+    def checksum(self, path):
+        try:
+            f = open(path)
+            try: return sha.new(f.read()).digest()
+            finally: f.close()
+        except IOError: return None
+
+    def system(self, cmd):
+        if cmd:
+            logger.log('conf_files: running command %s' % cmd)
+            return os.system(cmd)
+        else: return 0
+
+    def update_conf_file(self, cf_rec):
+        if not cf_rec['enabled']: return
+        dest = cf_rec['dest']
+        logger.log('conf_files: considering file %s' % dest)
+        err_cmd = cf_rec['error_cmd']
+        mode = string.atoi(cf_rec['file_permissions'], base=8)
+        uid = pwd.getpwnam(cf_rec['file_owner'])[2]
+        gid = grp.getgrnam(cf_rec['file_group'])[2]
+        url = 'https://%s/%s' % (self.config.PLC_BOOT_HOST, cf_rec['source'])
+        contents = curlwrapper.retrieve(url)
+        logger.log('conf_files: retrieving url %s' % url)
+        if not cf_rec['always_update'] and sha.new(contents).digest() == self.checksum(dest):
+            logger.log('conf_files: skipping file %s, always_update is false and checksums are identical' % dest)
+            return
+        if self.system(cf_rec['preinstall_cmd']):
+            self.system(err_cmd)
+            if not cf_rec['ignore_cmd_errors']: return
+        logger.log('conf_files: installing file %s' % dest)
+        tools.write_file(dest, lambda f: f.write(contents), mode=mode, uidgid=(uid,gid))
+        if self.system(cf_rec['postinstall_cmd']): system(err_cmd)
+
+    def run(self):
+        while True:
+            self.cond.acquire()
+            while self.data == None: self.cond.wait()
+            data = self.data
+            self.data = None
+            self.cond.release()
+            for d in data:
+                for f in d['conf_files']:
+                    try: self.update_conf_file(f)
+                    except: logger.log_exc()
+
+    def callback(self, data):
+        if data != None:
+            self.cond.acquire()
+            self.data = data
+            self.cond.notify()
+            self.cond.release()
+
+main = conf_files()
+
+def GetSlivers_callback(data): main.callback(data)
+
+def start(options): tools.as_daemon_thread(main.run)
diff --git a/curlwrapper.py b/curlwrapper.py
new file mode 100644
index 0000000..ce273a3
--- /dev/null
+++ b/curlwrapper.py
@@ -0,0 +1,16 @@
+from subprocess import PIPE, Popen
+
+
+class CurlException(Exception): pass
+
+def retrieve(url, postdata=None):
+    options = ('/usr/bin/curl', '--cacert', '/usr/boot/cacert.pem')
+    if postdata: options += ('--data', '@-')
+    p = Popen(options + (url,), stdin=PIPE, stdout=PIPE, stderr=PIPE)
+    if postdata: p.stdin.write(postdata)
+    p.stdin.close()
+    data = p.stdout.read()
+    err = p.stderr.read()
+    rc = p.wait()
+    if rc != 0: raise CurlException(err)
+    else: return data
diff --git a/safexmlrpc.py b/safexmlrpc.py
index 96865df..f4bd5af 100644
--- a/safexmlrpc.py
+++ b/safexmlrpc.py
@@ -1,6 +1,6 @@
 """Leverage curl to make XMLRPC requests that check the server's credentials."""
 
-from subprocess import PIPE, Popen
+import curlwrapper
 import xmlrpclib
 
 
@@ -9,16 +9,10 @@ CURL = '/usr/bin/curl'
 class CertificateCheckingSafeTransport(xmlrpclib.Transport):
     def request(self, host, handler, request_body, verbose=0):
         self.verbose = verbose
-        p = Popen((CURL, '--cacert', '/usr/boot/cacert.pem', '--data', '@-', 'https://%s%s' % (host, handler)), stdin=PIPE, stdout=PIPE, stderr=PIPE)
-        p.stdin.write(request_body)
-        p.stdin.close()
-        contents = p.stdout.read()
-        p.stdout.close()
-        error = p.stderr.read()
-        p.stderr.close()
-        rc = p.wait()
-        if rc != 0: raise xmlrpclib.ProtocolError(host + handler, rc, error, '')
-        return xmlrpclib.loads(contents)[0]
+        try:
+            contents = curlwrapper.retrieve('https://%s%s' % (host, handler), request_body)
+            return xmlrpclib.loads(contents)[0]
+        except curlwrapper.CurlException, e: raise xmlrpclib.ProtocolError(host + handler, -1, str(e), '')
 
 class ServerProxy(xmlrpclib.ServerProxy):
     def __init__(self, handler, *args, **kw_args): xmlrpclib.ServerProxy.__init__(self, handler, CertificateCheckingSafeTransport())
diff --git a/ticket.py b/ticket.py
index 62aeb6f..8ba00d2 100644
--- a/ticket.py
+++ b/ticket.py
@@ -13,7 +13,7 @@ GPG = '/usr/bin/gpg'
 def sign(data):
     """Return <data> signed with the default GPG key."""
     msg = dumps((data,))
-    p = _popen_gpg('--armor', '--sign')
+    p = _popen_gpg('--armor', '--sign', '--keyring', '/etc/planetlab/secring.gpg', '--no-default-keyring')
     p.stdin.write(msg)
     p.stdin.close()
     signed_msg = p.stdout.read()
diff --git a/tools.py b/tools.py
index 0533570..b6e5405 100644
--- a/tools.py
+++ b/tools.py
@@ -72,12 +72,14 @@ def pid_file():
         write_file(PID_FILE, lambda f: f.write(str(os.getpid())))
     return other_pid
 
-def write_file(filename, do_write):
+def write_file(filename, do_write, **kw_args):
     """Write file <filename> atomically by opening a temporary file, using <do_write> to write that file, and then renaming the temporary file."""
-    os.rename(write_temp_file(do_write), filename)
+    os.rename(write_temp_file(do_write, **kw_args), filename)
 
-def write_temp_file(do_write):
+def write_temp_file(do_write, mode=None, uidgid=None):
     fd, temporary_filename = tempfile.mkstemp()
+    if mode: os.chmod(temporary_filename, mode)
+    if uidgid: os.chown(temporary_filename, *uidgid)
     f = os.fdopen(fd, 'w')
     try: do_write(f)
     finally: f.close()
-- 
2.43.0