/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos

  • Committer: Teddy Hogeborn
  • Date: 2023-02-07 23:03:33 UTC
  • mto: This revision was merged to the branch mainline in revision 408.
  • Revision ID: teddy@recompile.se-20230207230333-5halrp7943pgb3w1
Server: Bug fix: Stagger checker runs when creating clients

* mandos (Client.enable()): Do not set self.expires here; move it to
  "init_checker".
  (Client.init_checker()): Take new "randomize_start" argument.  If
  True, randomize delay before starting checker.  Also, do not start
  checker right now, but instead extend expire time so that the
  scheduled checker always has time to run.
  (Checker.start_checker): Take new "start_was_randomized" argument.
  If True, reset scheduled checker runs to be 'interval' apart,
  instead of using the initial delay.  (Bug fix)
  (main): On startup, pass argument randomize_start=True to
  client.init_checker() when initizlizing checkers for all enabled
  clients.

Reported-by: Louis Charreau <Louis.Charreau@vadesecure.com>
Suggested-by: Louis Charreau <Louis.Charreau@vadesecure.com>
Fixes: 1200 ("Server: Stagger checker runs when creating clients")

Show diffs side-by-side

added added

removed removed

Lines of Context:
143
143
if sys.version_info < (3, 2):
144
144
    configparser.Configparser = configparser.SafeConfigParser
145
145
 
146
 
version = "1.8.16"
 
146
version = "1.8.15"
147
147
stored_state_file = "clients.pickle"
148
148
 
149
149
log = logging.getLogger(os.path.basename(sys.argv[0]))
961
961
            # key_id() and fingerprint() functions
962
962
            client["key_id"] = (section.get("key_id", "").upper()
963
963
                                .replace(" ", ""))
964
 
            client["fingerprint"] = (section.get("fingerprint",
965
 
                                                 "").upper()
 
964
            client["fingerprint"] = (section["fingerprint"].upper()
966
965
                                     .replace(" ", ""))
967
 
            if not (client["key_id"] or client["fingerprint"]):
968
 
                log.error("Skipping client %s without key_id or"
969
 
                          " fingerprint", client_name)
970
 
                del settings[client_name]
971
 
                continue
972
966
            if "secret" in section:
973
967
                client["secret"] = codecs.decode(section["secret"]
974
968
                                                 .encode("utf-8"),