From f7cdad6b141b86eeb6e52c0ba590f475d166aa65 Mon Sep 17 00:00:00 2001
From: Sol Jerome <solj@ices.utexas.edu>
Date: Thu, 25 Mar 2010 21:10:13 +0000
Subject: SSHbase: Generate known_hosts file in consistent order (Patch from
 Lee Loucks)

From Ticket #869:

Because the order of a python set is dependent on the order of the hash
of entries of that set, the get_skn method generates a entries in the
ssh_known_hosts with the names ordered according to their has instead of
a consistent (from the user point of view) order. Some entries are IP,
hostname and other entries are hostname, IP.

This patch corrects that.

Signed-off-by: Sol Jerome <solj@ices.utexas.edu>

git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5793 ce84e21b-d406-0410-9b95-82705330c041
---
 src/lib/Server/Plugins/SSHbase.py | 63 ++++++++++++++++++++-------------------
 1 file changed, 32 insertions(+), 31 deletions(-)

(limited to 'src')

diff --git a/src/lib/Server/Plugins/SSHbase.py b/src/lib/Server/Plugins/SSHbase.py
index d66a458ca..4e26001c1 100644
--- a/src/lib/Server/Plugins/SSHbase.py
+++ b/src/lib/Server/Plugins/SSHbase.py
@@ -64,7 +64,7 @@ class SSHbase(Bcfg2.Server.Plugin.Plugin,
                          '/etc/ssh/ssh_host_key': self.build_hk,
                          '/etc/ssh/ssh_host_key.pub': self.build_hk}}
         self.ipcache = {}
-	self.namecache = {}
+        self.namecache = {}
         self.__skn = False
 
     def get_skn(self):
@@ -82,7 +82,7 @@ class SSHbase(Bcfg2.Server.Plugin.Plugin,
                 names[cmeta.hostname] = set([cmeta.hostname])
                 names[cmeta.hostname].update(cmeta.aliases)
                 newnames = set()
-		newips = set()
+                newips = set()
                 for name in names[cmeta.hostname]:
                     newnames.add(name.split('.')[0])
                     try:
@@ -91,14 +91,15 @@ class SSHbase(Bcfg2.Server.Plugin.Plugin,
                         continue
                 names[cmeta.hostname].update(newnames)
                 names[cmeta.hostname].update(cmeta.addresses)
-		names[cmeta.hostname].update(newips)
-		# TODO: Only perform reverse lookups on IPs if an option is set.
-		if True:
-		    for ip in newips:
-			try:
-			    names[cmeta.hostname].update(self.get_namecache_entry(ip))
-			except:
-			    continue
+                names[cmeta.hostname].update(newips)
+                # TODO: Only perform reverse lookups on IPs if an option is set.
+                if True:
+                    for ip in newips:
+                        try:
+                            names[cmeta.hostname].update(self.get_namecache_entry(ip))
+                        except:
+                            continue
+                names[cmeta.hostname] = sorted(names[cmeta.hostname])
             # now we have our name cache
             pubkeys = [pubk for pubk in self.entries.keys() \
                        if pubk.find('.pub.H_') != -1]
@@ -170,27 +171,27 @@ class SSHbase(Bcfg2.Server.Plugin.Plugin,
                 raise socket.gaierror
 
     def get_namecache_entry(self, cip):
-	'''build a cache of name lookups from client IP addresses'''
-	if cip in self.namecache:
-	    # lookup cached name from IP
-	    if self.namecache[cip]:
-		return self.namecache[cip]
-	    else:
-		raise socket.gaierror
-	else:
-	    # add an entry that has not been cached
-	    try:
-		rvlookup = socket.gethostbyaddr(cip)
-		if rvlookup[0]:
-		    self.namecache[cip] = [rvlookup[0]]
-		else:
-		    self.namecache[cip] = []
-		self.namecache[cip].extend(rvlookup[1])
-		return self.namecache[cip]
-	    except socket.gaierror:
-		self.namecache[cip] = False
-		self.logger.error("Failed to find any names associated with IP address %s" % cip)
-		raise
+        '''build a cache of name lookups from client IP addresses'''
+        if cip in self.namecache:
+            # lookup cached name from IP
+            if self.namecache[cip]:
+                return self.namecache[cip]
+            else:
+                raise socket.gaierror
+        else:
+            # add an entry that has not been cached
+            try:
+                rvlookup = socket.gethostbyaddr(cip)
+                if rvlookup[0]:
+                    self.namecache[cip] = [rvlookup[0]]
+                else:
+                    self.namecache[cip] = []
+                self.namecache[cip].extend(rvlookup[1])
+                return self.namecache[cip]
+            except socket.gaierror:
+                self.namecache[cip] = False
+                self.logger.error("Failed to find any names associated with IP address %s" % cip)
+                raise
 
     def build_skn(self, entry, metadata):
         '''This function builds builds a host specific known_hosts file'''
-- 
cgit v1.2.3-1-g7c22