1 In-house patch for the temporary removal of Paramiko dependency in |
1 In-house patch for the temporary removal of Paramiko dependency in |
2 Cinder. This patch is Solaris-specific and not suitable for upstream |
2 Cinder. This patch is Solaris-specific and not suitable for upstream |
3 |
3 |
4 --- cinder-2013.1.4/cinder/utils.py.orig 2013-10-17 11:21:37.000000000 -0700 |
4 --- cinder-2013.2.3/cinder/utils.py.orig 2014-04-03 11:42:36.000000000 -0700 |
5 +++ cinder-2013.1.4/cinder/utils.py 2014-03-08 11:55:09.044072461 -0800 |
5 +++ cinder-2013.2.3/cinder/utils.py 2014-04-09 00:14:56.141352333 -0700 |
6 @@ -27,7 +27,6 @@ |
6 @@ -43,7 +43,6 @@ |
7 import inspect |
7 from eventlet import greenthread |
8 import itertools |
8 from eventlet import pools |
9 import os |
9 from oslo.config import cfg |
10 -import paramiko |
10 -import paramiko |
11 import pyclbr |
11 |
12 import random |
12 from cinder.brick.initiator import connector |
13 import re |
13 from cinder import exception |
14 @@ -233,135 +232,6 @@ |
14 @@ -142,125 +141,6 @@ |
15 return out, err |
15 return processutils.execute(*cmd, **kwargs) |
16 |
16 |
17 |
17 |
18 -def ssh_execute(ssh, cmd, process_input=None, |
18 -def check_ssh_injection(cmd_list): |
19 - addl_env=None, check_exit_code=True): |
19 - ssh_injection_pattern = ['`', '$', '|', '||', ';', '&', '&&', '>', '>>', |
20 - LOG.debug(_('Running cmd (SSH): %s'), cmd) |
20 - '<'] |
21 - if addl_env: |
|
22 - raise exception.Error(_('Environment not supported over SSH')) |
|
23 - |
21 - |
24 - if process_input: |
22 - # Check whether injection attacks exist |
25 - # This is (probably) fixable if we need it... |
23 - for arg in cmd_list: |
26 - raise exception.Error(_('process_input not supported over SSH')) |
24 - arg = arg.strip() |
27 - |
25 - |
28 - stdin_stream, stdout_stream, stderr_stream = ssh.exec_command(cmd) |
26 - # Check for matching quotes on the ends |
29 - channel = stdout_stream.channel |
27 - is_quoted = re.match('^(?P<quote>[\'"])(?P<quoted>.*)(?P=quote)$', arg) |
|
28 - if is_quoted: |
|
29 - # Check for unescaped quotes within the quoted argument |
|
30 - quoted = is_quoted.group('quoted') |
|
31 - if quoted: |
|
32 - if (re.match('[\'"]', quoted) or |
|
33 - re.search('[^\\\\][\'"]', quoted)): |
|
34 - raise exception.SSHInjectionThreat(command=str(cmd_list)) |
|
35 - else: |
|
36 - # We only allow spaces within quoted arguments, and that |
|
37 - # is the only special character allowed within quotes |
|
38 - if len(arg.split()) > 1: |
|
39 - raise exception.SSHInjectionThreat(command=str(cmd_list)) |
30 - |
40 - |
31 - #stdin.write('process_input would go here') |
41 - # Second, check whether danger character in command. So the shell |
32 - #stdin.flush() |
42 - # special operator must be a single argument. |
|
43 - for c in ssh_injection_pattern: |
|
44 - if arg == c: |
|
45 - continue |
33 - |
46 - |
34 - # NOTE(justinsb): This seems suspicious... |
47 - result = arg.find(c) |
35 - # ...other SSH clients have buffering issues with this approach |
48 - if not result == -1: |
36 - stdout = stdout_stream.read() |
49 - if result == 0 or not arg[result - 1] == '\\': |
37 - stderr = stderr_stream.read() |
50 - raise exception.SSHInjectionThreat(command=cmd_list) |
38 - stdin_stream.close() |
|
39 - stdout_stream.close() |
|
40 - stderr_stream.close() |
|
41 - |
|
42 - exit_status = channel.recv_exit_status() |
|
43 - |
|
44 - # exit_status == -1 if no exit code was returned |
|
45 - if exit_status != -1: |
|
46 - LOG.debug(_('Result was %s') % exit_status) |
|
47 - if check_exit_code and exit_status != 0: |
|
48 - raise exception.ProcessExecutionError(exit_code=exit_status, |
|
49 - stdout=stdout, |
|
50 - stderr=stderr, |
|
51 - cmd=cmd) |
|
52 - channel.close() |
|
53 - return (stdout, stderr) |
|
54 - |
51 - |
55 - |
52 - |
56 -def create_channel(client, width, height): |
53 -def create_channel(client, width, height): |
57 - """Invoke an interactive shell session on server.""" |
54 - """Invoke an interactive shell session on server.""" |
58 - channel = client.invoke_shell() |
55 - channel = client.invoke_shell() |
117 - Return an item from the pool, when one is available. This may |
114 - Return an item from the pool, when one is available. This may |
118 - cause the calling greenthread to block. Check if a connection is active |
115 - cause the calling greenthread to block. Check if a connection is active |
119 - before returning it. For dead connections create and return a new |
116 - before returning it. For dead connections create and return a new |
120 - connection. |
117 - connection. |
121 - """ |
118 - """ |
122 - if self.free_items: |
119 - conn = super(SSHPool, self).get() |
123 - conn = self.free_items.popleft() |
120 - if conn: |
124 - if conn: |
121 - if conn.get_transport().is_active(): |
125 - if conn.get_transport().is_active(): |
122 - return conn |
126 - return conn |
123 - else: |
127 - else: |
124 - conn.close() |
128 - conn.close() |
125 - return self.create() |
129 - return self.create() |
|
130 - if self.current_size < self.max_size: |
|
131 - created = self.create() |
|
132 - self.current_size += 1 |
|
133 - return created |
|
134 - return self.channel.get() |
|
135 - |
126 - |
136 - def remove(self, ssh): |
127 - def remove(self, ssh): |
137 - """Close an ssh client and remove it if in free_items.""" |
128 - """Close an ssh client and remove it from free_items.""" |
138 - ssh.close() |
129 - ssh.close() |
|
130 - ssh = None |
139 - if ssh in self.free_items: |
131 - if ssh in self.free_items: |
140 - self.free_items.pop(ssh) |
132 - self.free_items.pop(ssh) |
141 - ssh = None |
|
142 - |
|
143 - if self.current_size > 0: |
133 - if self.current_size > 0: |
144 - self.current_size -= 1 |
134 - self.current_size -= 1 |
145 - |
135 - |
146 - |
136 - |
147 def cinderdir(): |
137 def cinderdir(): |
148 import cinder |
138 import cinder |
149 return os.path.abspath(cinder.__file__).split('cinder/__init__.py')[0] |
139 return os.path.abspath(cinder.__file__).split('cinder/__init__.py')[0] |
150 --- cinder-2013.1.4/cinder.egg-info/requires.txt.orig Wed Feb 26 10:56:39 2014 |
140 |
151 +++ cinder-2013.1.4/cinder.egg-info/requires.txt Wed Feb 26 10:58:01 2014 |
|
152 @@ -14,7 +14,6 @@ |
|
153 sqlalchemy-migrate>=0.7.2 |
|
154 stevedore>=0.8.0 |
|
155 suds>=0.4 |
|
156 -paramiko |
|
157 Babel>=0.9.6 |
|
158 iso8601>=0.1.4 |
|
159 setuptools_git>=0.4 |
|
160 --- cinder-2013.1.4/tools/pip-requires.orig Wed Feb 26 10:56:38 2014 |
|
161 +++ cinder-2013.1.4/tools/pip-requires Wed Feb 26 10:58:25 2014 |
|
162 @@ -14,7 +14,6 @@ |
|
163 sqlalchemy-migrate>=0.7.2 |
|
164 stevedore>=0.8.0 |
|
165 suds>=0.4 |
|
166 -paramiko |
|
167 Babel>=0.9.6 |
|
168 iso8601>=0.1.4 |
|
169 setuptools_git>=0.4 |
|