summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2016-03-25 17:24:54 -0400
committerJoey Hess2016-03-25 17:24:54 -0400
commit9c97ec26003581b1b1238b3921b43ba9baaaa80f (patch)
tree4b566283d4178357c6e4c0a09ddc5f485a334c35
parentd28385a684903b09f6587e55cb872face58c2b60 (diff)
Avoid generating excessively long paths to the unix socket file used for ssh connection caching.
Mostly. Can still generate a too long one if $HOME is longer than 60 bytes.
-rw-r--r--debian/changelog8
-rw-r--r--doc/forum/unix__95__listener:___34____47__home__47__experiences__47__instrumentation__47__picca__47__.ssh__47__propellor__47__diffabs6.exp.synchrotron-soleil.fr.sock.j3awdJtqk5r3HB1I__34___too_long_for_Unix_domain_socket/comment_1_9d72cfc76d5ef15de5de54be2567a23e._comment33
-rw-r--r--src/Propellor/Ssh.hs41
3 files changed, 79 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog
index 2c2b2ea7..86add5db 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+propellor (2.17.1) UNRELEASED; urgency=medium
+
+ * Avoid generating excessively long paths to the unix socket file
+ used for ssh connection caching. Mostly. Can still generate a too long
+ one if $HOME is longer than 60 bytes.
+
+ -- Joey Hess <id@joeyh.name> Fri, 25 Mar 2016 17:23:25 -0400
+
propellor (2.17.0) unstable; urgency=medium
* Added initial support for FreeBSD.
diff --git a/doc/forum/unix__95__listener:___34____47__home__47__experiences__47__instrumentation__47__picca__47__.ssh__47__propellor__47__diffabs6.exp.synchrotron-soleil.fr.sock.j3awdJtqk5r3HB1I__34___too_long_for_Unix_domain_socket/comment_1_9d72cfc76d5ef15de5de54be2567a23e._comment b/doc/forum/unix__95__listener:___34____47__home__47__experiences__47__instrumentation__47__picca__47__.ssh__47__propellor__47__diffabs6.exp.synchrotron-soleil.fr.sock.j3awdJtqk5r3HB1I__34___too_long_for_Unix_domain_socket/comment_1_9d72cfc76d5ef15de5de54be2567a23e._comment
new file mode 100644
index 00000000..642eae7b
--- /dev/null
+++ b/doc/forum/unix__95__listener:___34____47__home__47__experiences__47__instrumentation__47__picca__47__.ssh__47__propellor__47__diffabs6.exp.synchrotron-soleil.fr.sock.j3awdJtqk5r3HB1I__34___too_long_for_Unix_domain_socket/comment_1_9d72cfc76d5ef15de5de54be2567a23e._comment
@@ -0,0 +1,33 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2016-03-25T20:39:29Z"
+ content="""
+What's going on here is propellor has asked ssh to use that as a socket,
+but unix has a hoary old limit on the length of filenames to unix domain
+sockets -- something around 100 characters max depending on the OS (108 on
+linux I believe).
+
+40 characters of that budget is used up by the somewhat long HOME path, 17
+characters are tacked on by ssh (for no really good reason given the
+limited budget). This leaves propellor 57 characters to make a unique
+socket name that's not too ugly, but it decided to put the whole hostname
+in there, which blows past the budget in this case.
+
+So, I have changed the code to try to respect the budget while still coming
+up with the best filename it can.
+
+So in your case the new path will be something like
+"/home/experiences/instrumentation/picca/.ssh/propellor/diffabs6.e-44ecb7d0.j3awdJtqk5r3HB1I"
+-- 91 bytes, so under the limit.
+
+If someone has HOME set to something longer than ~60 characters,
+propellor will still break. Since the socket file has to be at a
+stable location, and so more or less needs to live under HOME, it's hard to
+avoid the problem entirely.
+
+I did consider moving the sockets to /tmp to avoid HOME length causing a
+problem, but then other users on the system could DOS propellor by creating
+the directory in /tmp, which would at best make it fall back to not using
+the ssh socket and so asking repeatedly for passwords.
+"""]]
diff --git a/src/Propellor/Ssh.hs b/src/Propellor/Ssh.hs
index b00eb651..3e4806ea 100644
--- a/src/Propellor/Ssh.hs
+++ b/src/Propellor/Ssh.hs
@@ -2,9 +2,11 @@ module Propellor.Ssh where
import Propellor.Base
import Utility.UserInfo
+import Utility.FileSystemEncoding
import System.PosixCompat
import Data.Time.Clock.POSIX
+import qualified Data.Hash.MD5 as MD5
-- Parameters can be passed to both ssh and scp, to enable a ssh connection
-- caching socket.
@@ -16,9 +18,8 @@ import Data.Time.Clock.POSIX
sshCachingParams :: HostName -> IO [CommandParam]
sshCachingParams hn = do
home <- myHomeDir
- let cachedir = home </> ".ssh" </> "propellor"
- createDirectoryIfMissing False cachedir
- let socketfile = cachedir </> hn ++ ".sock"
+ let socketfile = socketFile home hn
+ createDirectoryIfMissing False (takeDirectory socketfile)
let ps =
[ Param "-o"
, Param ("ControlPath=" ++ socketfile)
@@ -42,3 +43,37 @@ sshCachingParams hn = do
[ Param "localhost" ]
nukeFile f
tenminutes = 600
+
+-- Generate a socket filename inside the home directory.
+--
+-- There's a limit in the size of unix domain sockets, of approximately
+-- 100 bytes. Try to never construct a filename longer than that.
+--
+-- When space allows, include the full hostname in the socket filename.
+-- Otherwise, include at least a partial md5sum of it,
+-- to avoid using the same socket file for multiple hosts.
+socketFile :: FilePath -> HostName -> FilePath
+socketFile home hn = selectSocketFile
+ [ sshdir </> hn ++ ".sock"
+ , sshdir </> hn
+ , sshdir </> take 10 hn ++ "-" ++ md5
+ , sshdir </> md5
+ , home </> ".propellor-" ++ md5
+ ]
+ (".propellor-" ++ md5)
+ where
+ sshdir = home </> ".ssh" </> "propellor"
+ md5 = take 9 $ MD5.md5s $ MD5.Str hn
+
+selectSocketFile :: [FilePath] -> FilePath -> FilePath
+selectSocketFile [] fallback = fallback
+selectSocketFile [f] _ = f
+selectSocketFile (f:fs) fallback
+ | valid_unix_socket_path f = f
+ | otherwise = selectSocketFile fs fallback
+
+valid_unix_socket_path :: FilePath -> Bool
+valid_unix_socket_path f = length (decodeW8 f) < 100 - reservedbyssh
+ where
+ -- ssh tacks on 17 or so characters when making a socket
+ reservedbyssh = 18