Skip to content
Permalink
Browse files Browse the repository at this point in the history
Backported unescaped shell command fixes from master branch
  • Loading branch information
stpierre committed Aug 11, 2011
1 parent bc6cb45 commit 46795ae
Show file tree
Hide file tree
Showing 5 changed files with 45 additions and 26 deletions.
22 changes: 17 additions & 5 deletions src/lib/Server/Admin/Viz.py
@@ -1,5 +1,6 @@
import getopt
from subprocess import Popen, PIPE
import pipes
import Bcfg2.Server.Admin

class Viz(Bcfg2.Server.Admin.MetadataCore):
Expand Down Expand Up @@ -62,7 +63,8 @@ def __call__(self, args):

data = self.Visualize(self.get_repo_path(), hset, bset,
kset, outputfile)
print data
if data:
print(data)
raise SystemExit, 0

def Visualize(self, repopath, hosts=False,
Expand All @@ -73,11 +75,21 @@ def Visualize(self, repopath, hosts=False,
else:
format = 'png'

cmd = "dot -T%s" % (format)
cmd = ["dot", "-T", format]
if output:
cmd += " -o %s" % output
dotpipe = Popen(cmd, shell=True, stdin=PIPE,
stdout=PIPE, close_fds=True)
cmd.extend(["-o", output])
try:
dotpipe = Popen(cmd, stdin=PIPE, stdout=PIPE, close_fds=True)
except OSError:
# on some systems (RHEL 6), you cannot run dot with
# shell=True. on others (Gentoo with Python 2.7), you
# must. In yet others (RHEL 5), either way works. I have
# no idea what the difference is, but it's kind of a PITA.
cmd = ["dot", "-T", pipes.quote(format)]
if output:
cmd.extend(["-o", pipes.quote(output)])
dotpipe = Popen(cmd, shell=True,
stdin=PIPE, stdout=PIPE, close_fds=True)
try:
dotpipe.stdin.write("digraph groups {\n")
except:
Expand Down
18 changes: 9 additions & 9 deletions src/lib/Server/Plugins/Cfg.py
Expand Up @@ -7,6 +7,7 @@
import os
import re
import tempfile
from subprocess import Popen, PIPE

import Bcfg2.Server.Plugin

Expand All @@ -32,17 +33,16 @@ def process_delta(data, delta):
basefile.write(data)
basefile.close()
os.close(basehandle)
dhandle, dname = tempfile.mkstemp()
dfile = open(dname, 'w')
dfile.write(delta.data)
dfile.close()
os.close(dhandle)
ret = os.system("patch -uf %s < %s > /dev/null 2>&1" \
% (basefile.name, dfile.name))

cmd = ["patch", "-u", "-f", basefile.name]
patch = Popen(cmd, stdin=PIPE, stdout=PIPE, stderr=PIPE)
stderr = patch.communicate(input=delta.data)[1]
ret = patch.wait()
output = open(basefile.name, 'r').read()
[os.unlink(fname) for fname in [basefile.name, dfile.name]]
os.unlink(basefile.name)
if ret >> 8 != 0:
raise Bcfg2.Server.Plugin.PluginExecutionError, ('delta', delta)
logger.error("Error applying diff %s: %s" % (delta.name, stderr))
raise Bcfg2.Server.Plugin.PluginExecutionError('delta', delta)
return output

class CfgMatcher:
Expand Down
1 change: 0 additions & 1 deletion src/lib/Server/Plugins/Hg.py
@@ -1,6 +1,5 @@
import os
from mercurial import ui, hg
from subprocess import Popen, PIPE
import Bcfg2.Server.Plugin

# for debugging output only
Expand Down
27 changes: 17 additions & 10 deletions src/lib/Server/Plugins/SSHbase.py
Expand Up @@ -3,6 +3,7 @@

import binascii
import os
import sys
import socket
import shutil
import tempfile
Expand Down Expand Up @@ -162,8 +163,7 @@ def get_ipcache_entry(self, client):
self.ipcache[client] = (ipaddr, client)
return (ipaddr, client)
except socket.gaierror:
cmd = "getent hosts %s" % client
ipaddr = Popen(cmd, shell=True, \
ipaddr = Popen(["getent", "hosts", client],
stdout=PIPE).stdout.read().strip().split()
if ipaddr:
self.ipcache[client] = (ipaddr, client)
Expand Down Expand Up @@ -252,19 +252,26 @@ def GenerateHostKeys(self, client):
"H_%s" % client])
tempdir = tempfile.mkdtemp()
temploc = "%s/%s" % (tempdir, hostkey)
cmd = 'ssh-keygen -q -f %s -N "" -t %s -C root@%s < /dev/null'
os.system(cmd % (temploc, keytype, client))
shutil.copy(temploc, fileloc)
shutil.copy("%s.pub" % temploc, publoc)
self.AddEntry(hostkey)
self.AddEntry(".".join([hostkey.split('.')[0]]+['pub', "H_%s" \
% client]))
cmd = ["ssh-keygen", "-q", "-f", temploc, "-N", "",
"-t", keytype, "-C", "root@%s" % client]
proc = Popen(cmd, stdout=PIPE, stdin=PIPE)
proc.communicate()
proc.wait()

try:
shutil.copy(temploc, fileloc)
shutil.copy("%s.pub" % temploc, publoc)
except IOError:
err = sys.exc_info()[1]
self.logger.error("Temporary SSH keys not found: %s" % err)
try:
os.unlink(temploc)
os.unlink("%s.pub" % temploc)
os.rmdir(tempdir)
except OSError:
self.logger.error("Failed to unlink temporary ssh keys")
err = sys.exc_info()[1]
self.logger.error("Failed to unlink temporary ssh keys: %s"
% err)

def AcceptChoices(self, _, metadata):
return [Bcfg2.Server.Plugin.Specificity(hostname=metadata.hostname)]
Expand Down
3 changes: 2 additions & 1 deletion src/lib/Server/Plugins/Svn.py
@@ -1,4 +1,5 @@
import os
import pipes
from subprocess import Popen, PIPE
import Bcfg2.Server.Plugin

Expand Down Expand Up @@ -35,7 +36,7 @@ def get_revision(self):
"""Read svn revision information for the Bcfg2 repository."""
try:
data = Popen(("env LC_ALL=C svn info %s" %
(self.datastore)), shell=True,
pipes.quote(self.datastore)), shell=True,
stdout=PIPE).communicate()[0].split('\n')
return [line.split(': ')[1] for line in data \
if line[:9] == 'Revision:'][-1]
Expand Down

0 comments on commit 46795ae

Please sign in to comment.