From ff0048a3a26c9076c8052a8c7be171e4364f0d09 Mon Sep 17 00:00:00 2001
From: "Chris St. Pierre" <chris.a.st.pierre@gmail.com>
Date: Thu, 7 Feb 2013 10:00:37 -0500
Subject: moved common file locking code into Bcfg2.Utils

---
 src/lib/Bcfg2/Server/Plugins/Metadata.py | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

(limited to 'src/lib/Bcfg2/Server/Plugins/Metadata.py')

diff --git a/src/lib/Bcfg2/Server/Plugins/Metadata.py b/src/lib/Bcfg2/Server/Plugins/Metadata.py
index ef0c152fd..df98e6ea8 100644
--- a/src/lib/Bcfg2/Server/Plugins/Metadata.py
+++ b/src/lib/Bcfg2/Server/Plugins/Metadata.py
@@ -15,6 +15,7 @@ import Bcfg2.Server
 import Bcfg2.Server.Lint
 import Bcfg2.Server.Plugin
 import Bcfg2.Server.FileMonitor
+from Bcfg2.Utils import locked
 from Bcfg2.Compat import MutableMapping, all, wraps  # pylint: disable=W0622
 from Bcfg2.version import Bcfg2VersionInfo
 
@@ -27,15 +28,6 @@ except ImportError:
 LOGGER = logging.getLogger(__name__)
 
 
-def locked(fd):
-    """ Acquire a lock on a file """
-    try:
-        fcntl.lockf(fd, fcntl.LOCK_EX | fcntl.LOCK_NB)
-    except IOError:
-        return True
-    return False
-
-
 if HAS_DJANGO:
     class MetadataClientModel(models.Model,
                               Bcfg2.Server.Plugin.PluginDatabaseModel):
@@ -195,7 +187,7 @@ class XMLMetadataConfig(Bcfg2.Server.Plugin.XMLFileBacked):
         newcontents = lxml.etree.tostring(dataroot, xml_declaration=False,
                                           pretty_print=True).decode('UTF-8')
 
-        while locked(fd) == True:
+        while locked(fd):
             pass
         try:
             datafile.write(newcontents)
-- 
cgit v1.2.3-1-g7c22


From b8ebd636ac3a5e2919b3e62041019f26acb1e2c0 Mon Sep 17 00:00:00 2001
From: "Chris St. Pierre" <chris.a.st.pierre@gmail.com>
Date: Thu, 7 Feb 2013 10:01:16 -0500
Subject: Metadata: allowed setting global default authentication type

---
 src/lib/Bcfg2/Server/Plugins/Metadata.py | 32 ++++++++++++--------------------
 1 file changed, 12 insertions(+), 20 deletions(-)

(limited to 'src/lib/Bcfg2/Server/Plugins/Metadata.py')

diff --git a/src/lib/Bcfg2/Server/Plugins/Metadata.py b/src/lib/Bcfg2/Server/Plugins/Metadata.py
index df98e6ea8..bd02739d5 100644
--- a/src/lib/Bcfg2/Server/Plugins/Metadata.py
+++ b/src/lib/Bcfg2/Server/Plugins/Metadata.py
@@ -677,8 +677,7 @@ class Metadata(Bcfg2.Server.Plugin.Metadata,
                     self.raddresses[clname] = set()
                 self.raddresses[clname].add(caddr)
             if 'auth' in client.attrib:
-                self.auth[client.get('name')] = client.get('auth',
-                                                           'cert+password')
+                self.auth[client.get('name')] = client.get('auth')
             if 'uuid' in client.attrib:
                 self.uuid[client.get('uuid')] = clname
             if client.get('secure', 'false').lower() == 'true':
@@ -1192,7 +1191,8 @@ class Metadata(Bcfg2.Server.Plugin.Metadata,
             # look at cert.cN
             client = certinfo['commonName']
             self.debug_log("Got cN %s; using as client name" % client)
-            auth_type = self.auth.get(client, 'cert+password')
+            auth_type = self.auth.get(client,
+                                      self.core.setup['authentication'])
         elif user == 'root':
             id_method = 'address'
             try:
@@ -1215,12 +1215,8 @@ class Metadata(Bcfg2.Server.Plugin.Metadata,
         self.debug_log("Authenticating client %s" % client)
 
         # next we validate the address
-        if id_method == 'uuid':
-            addr_is_valid = True
-        else:
-            addr_is_valid = self.validate_client_address(client, address)
-
-        if not addr_is_valid:
+        if (id_method != 'uuid' and
+            not self.validate_client_address(client, address)):
             return False
 
         if id_method == 'cert' and auth_type != 'cert+password':
@@ -1230,23 +1226,19 @@ class Metadata(Bcfg2.Server.Plugin.Metadata,
             # we are done if cert+password not required
             return True
 
-        if client not in self.passwords:
-            if client in self.secure:
-                self.logger.error("Client %s in secure mode but has no "
-                                  "password" % address[0])
-                return False
-            if password != self.password:
-                self.logger.error("Client %s used incorrect global password" %
-                                  address[0])
-                return False
+        if client not in self.passwords and client in self.secure:
+            self.logger.error("Client %s in secure mode but has no password" %
+                              address[0])
+            return False
+
         if client not in self.secure:
             if client in self.passwords:
                 plist = [self.password, self.passwords[client]]
             else:
                 plist = [self.password]
             if password not in plist:
-                self.logger.error("Client %s failed to use either allowed "
-                                  "password" % address[0])
+                self.logger.error("Client %s failed to use an allowed password"
+                                  % address[0])
                 return False
         else:
             # client in secure mode and has a client password
-- 
cgit v1.2.3-1-g7c22


From fb723b0164318459e337911cf243ba497d8f6683 Mon Sep 17 00:00:00 2001
From: "Chris St. Pierre" <chris.a.st.pierre@gmail.com>
Date: Thu, 7 Feb 2013 10:14:31 -0500
Subject: Metadata: process default client bootstrap mode properly

---
 src/lib/Bcfg2/Server/Plugins/Metadata.py | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

(limited to 'src/lib/Bcfg2/Server/Plugins/Metadata.py')

diff --git a/src/lib/Bcfg2/Server/Plugins/Metadata.py b/src/lib/Bcfg2/Server/Plugins/Metadata.py
index bd02739d5..383e8e1dc 100644
--- a/src/lib/Bcfg2/Server/Plugins/Metadata.py
+++ b/src/lib/Bcfg2/Server/Plugins/Metadata.py
@@ -384,7 +384,7 @@ class MetadataGroup(tuple):
 
 
 class Metadata(Bcfg2.Server.Plugin.Metadata,
-               Bcfg2.Server.Plugin.Statistics,
+               Bcfg2.Server.Plugin.ClientRunHooks,
                Bcfg2.Server.Plugin.DatabaseBacked):
     """This class contains data for bcfg2 server metadata."""
     __author__ = 'bcfg-dev@mcs.anl.gov'
@@ -392,7 +392,7 @@ class Metadata(Bcfg2.Server.Plugin.Metadata,
 
     def __init__(self, core, datastore, watch_clients=True):
         Bcfg2.Server.Plugin.Metadata.__init__(self)
-        Bcfg2.Server.Plugin.Statistics.__init__(self, core, datastore)
+        Bcfg2.Server.Plugin.ClientRunHooks.__init__(self)
         Bcfg2.Server.Plugin.DatabaseBacked.__init__(self, core, datastore)
         self.watch_clients = watch_clients
         self.states = dict()
@@ -1252,12 +1252,11 @@ class Metadata(Bcfg2.Server.Plugin.Metadata,
         return True
     # pylint: enable=R0911,R0912
 
-    def process_statistics(self, meta, _):
-        """ Hook into statistics interface to toggle clients in
-        bootstrap mode """
-        client = meta.hostname
-        if client in self.auth and self.auth[client] == 'bootstrap':
-            self.update_client(client, dict(auth='cert'))
+    def end_statistics(self, metadata):
+        """ Hook to toggle clients in bootstrap mode """
+        if self.auth.get(metadata.hostname,
+                         self.core.setup('authentication')) == 'bootstrap':
+            self.update_client(metadata.hostname, dict(auth='cert'))
 
     def viz(self, hosts, bundles, key, only_client, colors):
         """Admin mode viz support."""
-- 
cgit v1.2.3-1-g7c22


From d624e7eba92731c99909d74a1c20d502a6695837 Mon Sep 17 00:00:00 2001
From: "Chris St. Pierre" <chris.a.st.pierre@gmail.com>
Date: Fri, 8 Mar 2013 13:34:06 -0500
Subject: Metadata: fixed typo

---
 src/lib/Bcfg2/Server/Plugins/Metadata.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib/Bcfg2/Server/Plugins/Metadata.py')

diff --git a/src/lib/Bcfg2/Server/Plugins/Metadata.py b/src/lib/Bcfg2/Server/Plugins/Metadata.py
index 383e8e1dc..09ecfaf82 100644
--- a/src/lib/Bcfg2/Server/Plugins/Metadata.py
+++ b/src/lib/Bcfg2/Server/Plugins/Metadata.py
@@ -1255,7 +1255,7 @@ class Metadata(Bcfg2.Server.Plugin.Metadata,
     def end_statistics(self, metadata):
         """ Hook to toggle clients in bootstrap mode """
         if self.auth.get(metadata.hostname,
-                         self.core.setup('authentication')) == 'bootstrap':
+                         self.core.setup['authentication']) == 'bootstrap':
             self.update_client(metadata.hostname, dict(auth='cert'))
 
     def viz(self, hosts, bundles, key, only_client, colors):
-- 
cgit v1.2.3-1-g7c22