Project

General

Profile

0001-Fix-4648-store-default-values-securely.patch

fixed file creation race condition - Marek Hulán, 03/14/2014 07:34 AM

View differences:

lib/kafo/configuration.rb
1 1
# encoding: UTF-8
2 2
require 'yaml'
3
require 'tmpdir'
3 4
require 'kafo/puppet_module'
4 5
require 'kafo/password_manager'
5 6

  
......
74 75

  
75 76
    def params_default_values
76 77
      @params_default_values ||= begin
78
        @logger.debug "Creating tmp dir within #{app[:default_values_dir]}..."
79
        temp_dir = Dir.mktmpdir(nil, app[:default_values_dir])
80
        KafoConfigure.register_cleanup_path temp_dir
77 81
        @logger.info "Parsing default values from puppet modules..."
78
        command = PuppetCommand.new("#{includes} dump_values(#{params})").append('2>&1').command
82
        command = PuppetCommand.new("$temp_dir=\"#{temp_dir}\" #{includes} dump_values(#{params})").append('2>&1').command
79 83
        @logger.debug `#{command}`
80 84
        unless $?.exitstatus == 0
81 85
          log = app[:log_dir] + '/' + app[:log_name]
......
84 88
          KafoConfigure.exit(:defaults_error)
85 89
        end
86 90
        @logger.info "... finished"
87
        YAML.load_file(File.join(KafoConfigure.config.app[:default_values_dir], 'default_values.yaml'))
91
        YAML.load_file(File.join(temp_dir, 'default_values.yaml'))
88 92
      end
89 93
    end
90 94

  
lib/kafo/kafo_configure.rb
17 17
  class KafoConfigure < Clamp::Command
18 18
    include StringHelper
19 19

  
20

  
21 20
    class << self
22 21
      attr_accessor :config, :root_dir, :config_file, :gem_root, :temp_config_file,
23 22
                    :modules_dir, :kafo_modules_dir, :verbose, :app_options, :logger
24 23
      attr_writer :hooking
25 24

  
25
      def cleanup_paths
26
        @cleanup_paths ||= []
27
      end
28

  
26 29
      def hooking
27 30
        @hooking ||= Hooking.new
28 31
      end
......
105 108
    end
106 109

  
107 110
    def self.exit(code)
111
      cleanup
108 112
      @exit_code = translate_exit_code(code)
109 113
      throw :exit
110 114
    end
......
128 132
      end
129 133
    end
130 134

  
135
    def self.cleanup
136
      # make sure default values are removed from /tmp
137
      (self.cleanup_paths + ['/tmp/default_values.yaml']).each do |file|
138
        logger.debug "Cleaning #{file}"
139
        FileUtils.rm_rf(file)
140
      end
141
    end
142

  
143
    def self.register_cleanup_path(path)
144
      self.cleanup_paths<< path
145
    end
146

  
147
    def register_cleanup_path(path)
148
      self.class.register_cleanup_path(path)
149
    end
150

  
151
    def cleanup_paths
152
      self.class.cleanup_paths
153
    end
154

  
131 155
    def help
132 156
      self.class.help(invocation_path, self)
133 157
    end
modules/kafo_configure/lib/puppet/parser/functions/dump_values.rb
9 9
      [arg, found_value.nil? ? arg : found_value]
10 10
    end
11 11
    data = Hash[data]
12
    dump_dir = YAML.load_file(lookupvar('kafo_config_file'))[:default_values_dir]
13
    File.open("#{dump_dir}/default_values.yaml", 'w') { |file| file.write(YAML.dump(data)) }
12

  
13
    dump_dir = lookupvar('temp_dir')
14
    file_name = "#{dump_dir}/default_values.yaml"
15

  
16
    File.open(file_name, File::WRONLY|File::CREAT|File::EXCL, 0600) { |file| file.write(YAML.dump(data)) }
14 17
  end
15 18
end
16
-