From 55de1ebdf9bbac6dd03cdb7765ffa5e408a27d16 Mon Sep 17 00:00:00 2001
From: root <root@test-bcfg2-00.i>
Date: Sat, 13 Mar 2010 13:00:01 -0500
Subject: Automatically add additional host aliases to ssh_known_hosts.

---
 src/lib/Server/Plugins/SSHbase.py | 35 ++++++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/src/lib/Server/Plugins/SSHbase.py b/src/lib/Server/Plugins/SSHbase.py
index 9739b9801..d66a458ca 100644
--- a/src/lib/Server/Plugins/SSHbase.py
+++ b/src/lib/Server/Plugins/SSHbase.py
@@ -64,6 +64,7 @@ class SSHbase(Bcfg2.Server.Plugin.Plugin,
                          '/etc/ssh/ssh_host_key': self.build_hk,
                          '/etc/ssh/ssh_host_key.pub': self.build_hk}}
         self.ipcache = {}
+	self.namecache = {}
         self.__skn = False
 
     def get_skn(self):
@@ -81,14 +82,23 @@ class SSHbase(Bcfg2.Server.Plugin.Plugin,
                 names[cmeta.hostname] = set([cmeta.hostname])
                 names[cmeta.hostname].update(cmeta.aliases)
                 newnames = set()
+		newips = set()
                 for name in names[cmeta.hostname]:
                     newnames.add(name.split('.')[0])
                     try:
-                        newnames.add(self.get_ipcache_entry(name)[0])
+                        newips.add(self.get_ipcache_entry(name)[0])
                     except:
                         continue
                 names[cmeta.hostname].update(newnames)
                 names[cmeta.hostname].update(cmeta.addresses)
+		names[cmeta.hostname].update(newips)
+		# TODO: Only perform reverse lookups on IPs if an option is set.
+		if True:
+		    for ip in newips:
+			try:
+			    names[cmeta.hostname].update(self.get_namecache_entry(ip))
+			except:
+			    continue
             # now we have our name cache
             pubkeys = [pubk for pubk in self.entries.keys() \
                        if pubk.find('.pub.H_') != -1]
@@ -159,6 +169,29 @@ class SSHbase(Bcfg2.Server.Plugin.Plugin,
                 self.logger.error("Failed to find IP address for %s" % client)
                 raise socket.gaierror
 
+    def get_namecache_entry(self, cip):
+	'''build a cache of name lookups from client IP addresses'''
+	if cip in self.namecache:
+	    # lookup cached name from IP
+	    if self.namecache[cip]:
+		return self.namecache[cip]
+	    else:
+		raise socket.gaierror
+	else:
+	    # add an entry that has not been cached
+	    try:
+		rvlookup = socket.gethostbyaddr(cip)
+		if rvlookup[0]:
+		    self.namecache[cip] = [rvlookup[0]]
+		else:
+		    self.namecache[cip] = []
+		self.namecache[cip].extend(rvlookup[1])
+		return self.namecache[cip]
+	    except socket.gaierror:
+		self.namecache[cip] = False
+		self.logger.error("Failed to find any names associated with IP address %s" % cip)
+		raise
+
     def build_skn(self, entry, metadata):
         '''This function builds builds a host specific known_hosts file'''
         client = metadata.hostname
-- 
cgit v1.2.3-1-g7c22