commit f78785f7d53e9d126ba51ee9e381f5ae9b3d0368 Author: Marek 'marx' Grac Date: Mon Oct 7 15:41:09 2013 +0200 fence_vmware_soap, fence_ovh: Caching problem with SOAP library Both fence agents are built on top of SUDS library which creates a cache file. Unfortunately, it is not yet possible to completely move cache or remove it. Due to possible security issue (symlink vulnerability) we have decided to solve this problem as simply as possible. So '/tmp' was changed to an automatically generated temp directory which is removed at the exit of fence agent as we won't reuse it anyway. Resolves: rhbz#1014000 diff --git a/fence/agents/ovh/fence_ovh.py b/fence/agents/ovh/fence_ovh.py index 881aa90..2ec3fa0 100644 --- a/fence/agents/ovh/fence_ovh.py +++ b/fence/agents/ovh/fence_ovh.py @@ -9,6 +9,7 @@ # This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. import sys, time +import shutil, tempfile from datetime import datetime from suds.client import Client from suds.xsd.doctor import ImportDoctor, Import @@ -61,6 +62,10 @@ def soap_login(options): imp.filter.add('http://soapi.ovh.com/manager') d = ImportDoctor(imp) + tmp_dir = tempfile.mkdtemp() + tempfile.tempdir = tmp_dir + atexit.register(remove_tmp_dir, tmp_dir) + try: soap = Client(url, doctor=d) session = soap.service.login(options["--username"], options["--password"], 'en', 0) @@ -69,6 +74,9 @@ def soap_login(options): options["session"] = session return soap + +def remove_tmp_dir(tmp_dir): + shutil.rmtree(tmp_dir) def main(): device_opt = [ "login", "passwd", "port", "email" ] diff --git a/fence/agents/vmware_soap/fence_vmware_soap.py b/fence/agents/vmware_soap/fence_vmware_soap.py index 365f8cc..ac7f0d9 100644 --- a/fence/agents/vmware_soap/fence_vmware_soap.py +++ b/fence/agents/vmware_soap/fence_vmware_soap.py @@ -1,6 +1,7 @@ #!/usr/bin/python import sys, exceptions +import shutil, tempfile sys.path.append("@FENCEAGENTSLIBDIR@") from suds.client import Client @@ -20,6 +21,11 @@ def soap_login(options): url = "http://" url += options["--ip"] + ":" + str(options["--ipport"]) + "/sdk" + + tmp_dir = tempfile.mkdtemp() + tempfile.tempdir = tmp_dir + atexit.register(remove_tmp_dir, tmp_dir) + try: conn = Client(url + "/vimService.wsdl") conn.set_options(location = url) @@ -155,6 +161,9 @@ def set_power_status(conn, options): else: conn.service.PowerOffVM_Task(mo_machine) +def remove_tmp_dir(tmp_dir): + shutil.rmtree(tmp_dir) + def main(): device_opt = [ "ipaddr", "login", "passwd", "web", "ssl", "port" ]