From 9675e9ba7f55a236c1e6c12bbebbeffb0d323ad9 Mon Sep 17 00:00:00 2001 From: Narayan Desai Date: Mon, 12 Jun 2006 15:11:57 +0000 Subject: * Fix fatal server setup error * Back out SSL code (for now) git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@1876 ce84e21b-d406-0410-9b95-82705330c041 --- src/lib/Client/Proxy.py | 23 ++++++++++++++++------- src/lib/Server/Component.py | 22 +++++++++++++--------- src/sbin/bcfg2-server | 3 ++- 3 files changed, 31 insertions(+), 17 deletions(-) (limited to 'src') diff --git a/src/lib/Client/Proxy.py b/src/lib/Client/Proxy.py index 9c2837817..d8e1dea19 100644 --- a/src/lib/Client/Proxy.py +++ b/src/lib/Client/Proxy.py @@ -15,7 +15,7 @@ class poSSLFile: def __init__(self, sock, master): self.sock = sock self.master = master - self.read = self.sock.read + #self.read = self.sock.read self.master.count += 1 def close(self): @@ -24,6 +24,7 @@ class poSSLFile: self.sock.close() def readline(self): + print "in readline" data = '' char = self.read(1) while char != '\n': @@ -33,14 +34,18 @@ class poSSLFile: return data def read(self, size=None): - print "in read" + print "in read", size if size: data = '' while not data: try: data = self.sock.read(size) - except ZeroReturnError: - print "caught ssl error; retrying" + except OpenSSL.SSL.ZeroReturnError: + break + return data + else: + print "no size" + data = self.sock.read() return data class pSockMaster: @@ -56,7 +61,7 @@ class pSockMaster: self.count -= 1 if not self.count: self._connection.close() - + class PHTTPSConnection(httplib.HTTPSConnection): "This class allows communication via SSL." @@ -76,10 +81,14 @@ class PHTTPSConnection(httplib.HTTPSConnection): self._sock.connect((self.host, self.port)) self.sock = pSockMaster(self._sock) + def send(self, msg): + print "sending message %s" % (msg) + self._sock.sendall(msg) + class PHTTPS(httplib.HTTPS): _connection_class = PHTTPSConnection -class SafeTransport(xmlrpclib.Transport): +class OSSafeTransport(xmlrpclib.Transport): """Handles an HTTPS transaction to an XML-RPC server.""" def make_connection(self, host): # create a HTTPS connection object from a host descriptor @@ -136,7 +145,7 @@ class SafeProxy: else: address = self.__get_location(component) try: - self.proxy = xmlrpclib.ServerProxy(address, transport=SafeTransport()) + self.proxy = xmlrpclib.ServerProxy(address, transport=xmlrpclib.SafeTransport()) except IOError, io_error: self.log.error("Invalid server URL %s: %s" % (address, io_error)) raise CobaltComponentError diff --git a/src/lib/Server/Component.py b/src/lib/Server/Component.py index e88b5cabe..f57dd7ccc 100644 --- a/src/lib/Server/Component.py +++ b/src/lib/Server/Component.py @@ -24,6 +24,8 @@ class CobaltXMLRPCRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler): # get arguments data = self.rfile.read(int(self.headers["content-length"])) response = self.server._cobalt_marshalled_dispatch(data, self.client_address) + except OpenSSL.SSL.SysCallError: + log.error("Client %s unexpectedly closed connection" % (self.client_address[0])) except: # This should only happen if the module is buggy # internal error, report as HTTP server error log.error("Unexcepted handler failure in do_POST", exc_info=1) @@ -51,9 +53,10 @@ class SSLServer(BaseHTTPServer.HTTPServer): def __init__(self, address, keyfile, handler): SocketServer.BaseServer.__init__(self, address, handler) ctxt = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD) - ctxt.use_privatekey_file ('/tmp/keys/server.pkey') - ctxt.use_certificate_file('/tmp/keys/server.cert') - ctxt.load_verify_locations('/tmp/keys/CA.cert') + print keyfile + ctxt.use_privatekey_file (keyfile) + ctxt.use_certificate_file(keyfile) + #ctxt.load_verify_locations('/tmp/keys/CA.cert') ctxt.set_verify(OpenSSL.SSL.VERIFY_PEER, self.verify_cb) self.socket = OpenSSL.SSL.Connection(ctxt, socket.socket(self.address_family, self.socket_type)) @@ -77,11 +80,12 @@ class SSLServer(BaseHTTPServer.HTTPServer): try: self.process_request(request, client_address) except Exception, err: - print err, type(err) - try: - if err[0][0][0] == 'SSL routines': + if isinstance(err, OpenSSL.SSL.Error): + if isinstance(err, OpenSSL.SSL.SysCallError): + log.error("Client %s unexpectedly closed connection" % (client_address[0])) + else: log.error("%s from %s" % (err[0][0][2], client_address[0])) - except: + else: log.error("Unknown socket I/O failure from %s" % (client_address[0]), exc_info=1) self.close_request(request) @@ -120,8 +124,8 @@ class Component(SSLServer, else: location = (socket.gethostname(), 0) try: - #keyfile = self.cfile.get('communication', 'key') - keyfile = '/tmp/keys/server.pkey' + keyfile = self.cfile.get('communication', 'key') + #keyfile = '/tmp/keys/server.pkey' except ConfigParser.NoOptionError: print "No key specified in cobalt.conf" raise SystemExit, 1 diff --git a/src/sbin/bcfg2-server b/src/sbin/bcfg2-server index daa79d090..142ed766d 100755 --- a/src/sbin/bcfg2-server +++ b/src/sbin/bcfg2-server @@ -51,7 +51,8 @@ class Bcfg2Serv(Bcfg2.Server.Component.Component): Bcfg2.Server.Component.Component.__init__(self, setup) self.shut = False except Bcfg2.Server.Component.ComponentInitError: - self.shut = True + logger.critical("Failed to setup server") + raise SystemExit, 1 # set shutdown handlers for sigint and sigterm signal.signal(signal.SIGINT, self.start_shutdown) -- cgit v1.2.3-1-g7c22