Bug #5681
closedBug #5712: Defining long classes (about > 2064 char) in CFEngine causes segfault
Technique "SSH keys distribution" 2.0 - adding large number of keys breaks the policy generation
Description
Using a Directive based on a "SSH keys distribution" 2.0 Technique.
I add 13 keys, that's a 13 lines, 5131 bytes file.
Option: flush the authorized keys file before updating : yes
Policy generation fails with following error:
⇨ cf-promise check fails for promises generated at '/var/rudder/share/3026aaf6-dd31-4d07-80b1-a810c8e250a4.new/rules/cfengine-community' ⇨ expand.c:287: ProgrammingError: ExpandAndMapIteratorsFromScalar called with invalid strlen
Updated by Fabrice FLORE-THÉBAULT about 10 years ago
I have another issue with the same technique, maybe it is related so i add it here:
I have setup a directive with 2 keys for an user, with option: flush the authorized keys file before updating : yes
After a run i can onserve following :
- The directive is "repaired".
- In the .ssh/authorized_keys i observe:
- the first key is duplicated after each run, until i have 3 times te line with the first key;
- the second keys is prepended by spaces.
ssh-rsa AAAAAA aaaaaa ssh-rsa AAAAAA aaaaaa ssh-rsa AAAAAA aaaaaa ssh-rsa BBBBBB bbbbbb
Updated by Fabrice FLORE-THÉBAULT about 10 years ago
NB: With option "Do you want to flush the authorized keys file before updating: No", then the first key is duplicated ad nauseam.
Updated by Fabrice FLORE-THÉBAULT about 10 years ago
Maybe important: in this directive, i have 3 ssh keys, and the impacted key item is "SSH key #3". This makes situation similar to #5561.
Updated by Fabrice FLORE-THÉBAULT about 10 years ago
Update: the fact that key is "SSH key #3" is important. If i break the ssh-key directive into 3 different directives, then the duplication of the key disappears.
Updated by Matthieu CERDA about 10 years ago
- Status changed from New to Discussion
- Assignee set to Matthieu CERDA
- Priority changed from N/A to 2
Hello Fabrice.
The second issue looks indeed like a dupe of http://www.rudder-project.org/redmine/issues/5561, but it should not happen on CFE 3.5...
Do you have the latest 2.10 Techniques ?
Updated by Nicolas CHARLES about 10 years ago
I can definitively reproduce the issue
If the key is too long ( roughly around the 1K length, then the class definition segfault)
We need to update the technique to not use such long classes
Updated by Nicolas CHARLES about 10 years ago
- Status changed from Discussion to Pending technical review
- Assignee changed from Matthieu CERDA to Jonathan CLARKE
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/552
Updated by Nicolas CHARLES about 10 years ago
- Project changed from Rudder to 24
- Category deleted (
Techniques)
Updated by Nicolas CHARLES about 10 years ago
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
Applied in changeset commit:57907a5427f621e6194fe0a6f278d637b5af1f39.
Updated by Jonathan CLARKE about 10 years ago
Applied in changeset commit:c636404292c6a974798778f7eb940939482bb07a.
Updated by Vincent MEMBRÉ about 10 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 2.10.7 and 2.11.4, which were released today.
- Announcement 2.10 2.11
- Changelog 2.10 2.11
- Download information: https://www.rudder-project.org/site/get-rudder/downloads/