From a75391899459f6123721631613c5d044fc4795af Mon Sep 17 00:00:00 2001 From: Kotresh HR Date: Wed, 20 Dec 2017 15:24:11 +0530 Subject: [PATCH 377/385] fips/geo-rep: Replace MD5 with SHA256 MD5 is not fips compliant. Hence replacing with SHA256. NOTE: The hash is used to form the ctl_path for the ssh connection. The length of ctl_path for ssh connection should not be > 108. ssh fails with ctl_path too long if it is so. But when rsync is piped to ssh, it is not taking > 90. rsync is failing with error number 12. Hence using first 32 bytes of hash. Hash collision doesn't matter as only one sock file is created per directory. Backport of: > Patch: https://review.gluster.org/19061 > Updates: #230 > Change-Id: I58aeb32a80b5422f6ac0188cf33fbecccbf08ae7 > Signed-off-by: Kotresh HR BUG: 1459709 Change-Id: I58aeb32a80b5422f6ac0188cf33fbecccbf08ae7 Signed-off-by: Kotresh HR Reviewed-on: https://code.engineering.redhat.com/gerrit/149772 Tested-by: RHGS Build Bot Reviewed-by: Aravinda Vishwanathapura Krishna Murthy Reviewed-by: Sunil Kumar Heggodu Gopala Acharya --- geo-replication/syncdaemon/master.py | 4 ++-- geo-replication/syncdaemon/syncdutils.py | 26 ++++++++++++++++---------- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/geo-replication/syncdaemon/master.py b/geo-replication/syncdaemon/master.py index 6de2c77..cd135df 100644 --- a/geo-replication/syncdaemon/master.py +++ b/geo-replication/syncdaemon/master.py @@ -23,7 +23,7 @@ from threading import Condition, Lock from datetime import datetime from gconf import gconf from syncdutils import Thread, GsyncdError, boolify, escape_space_newline -from syncdutils import unescape_space_newline, gauxpfx, md5hex, selfkill +from syncdutils import unescape_space_newline, gauxpfx, escape1, selfkill from syncdutils import lstat, errno_wrap, FreeObject, lf, matching_disk_gfid from syncdutils import NoStimeAvailable, PartialHistoryAvailable @@ -771,7 +771,7 @@ class GMasterChangelogMixin(GMasterCommon): selfkill() def setup_working_dir(self): - workdir = os.path.join(gconf.working_dir, md5hex(gconf.local_path)) + workdir = os.path.join(gconf.working_dir, escape1(gconf.local_path)) logging.debug('changelog working dir %s' % workdir) return workdir diff --git a/geo-replication/syncdaemon/syncdutils.py b/geo-replication/syncdaemon/syncdutils.py index d798356..3218192 100644 --- a/geo-replication/syncdaemon/syncdutils.py +++ b/geo-replication/syncdaemon/syncdutils.py @@ -60,11 +60,7 @@ try: except ImportError: import urllib -try: - from hashlib import md5 as md5 -except ImportError: - # py 2.4 - from md5 import new as md5 +from hashlib import sha256 as sha256 # auxiliary gfid based access prefix _CL_AUX_GFID_PFX = ".gfid/" @@ -97,6 +93,8 @@ def escape(s): to turn whatever data to creatable representation""" return urllib.quote_plus(s) +def escape1(s): + return s.replace("/", "-").strip("-") def unescape(s): """inverse of .escape""" @@ -175,13 +173,21 @@ def setup_ssh_ctl(ctld, remote_addr, resource_url): gconf.ssh_ctl_dir = ctld content = "SLAVE_HOST=%s\nSLAVE_RESOURCE_URL=%s" % (remote_addr, resource_url) - content_md5 = md5hex(content) + content_sha256 = sha256hex(content) + """ + The length of ctl_path for ssh connection should not be > 108. + ssh fails with ctl_path too long if it is so. But when rsync + is piped to ssh, it is not taking > 90. Hence using first 32 + bytes of hash. Hash collision doesn't matter as only one sock + file is created per directory. + """ + content_sha256 = content_sha256[:32] fname = os.path.join(gconf.ssh_ctl_dir, - "%s.mft" % content_md5) + "%s.mft" % content_sha256) create_manifest(fname, content) ssh_ctl_path = os.path.join(gconf.ssh_ctl_dir, - "%s.sock" % content_md5) + "%s.sock" % content_sha256) gconf.ssh_ctl_args = ["-oControlMaster=auto", "-S", ssh_ctl_path] @@ -536,8 +542,8 @@ def gauxpfx(): return _CL_AUX_GFID_PFX -def md5hex(s): - return md5(s).hexdigest() +def sha256hex(s): + return sha256(s).hexdigest() def selfkill(sig=SIGTERM): -- 1.8.3.1