Revert "Fix Brocade FC SAN lookup MITM vulnerability"

This reverts commit ab4f572126.

The change is being reverted as it broke the Brocade FC SAN lookup
functionality.  The change uses configuration options from
ssh_utils that are not initialized when the Brocade driver is
run causing an exception to be thrown complaining that
CONF.ssh_hosts_key_file is used before it is initialized.

The right solution is to change the Brocade driver to use ssh_utils to
make SSH connections.

Conflicts:

	cinder/zonemanager/drivers/brocade/brcd_fc_san_lookup_service.py

Change-Id: I7814c3da9c0e6fcf3143969e74304a48cafcb3d1
Closes-bug: 1398488
(cherry-picked from commit 57103807c5)
This commit is contained in:
Jay S. Bryant 2014-12-02 14:35:06 -06:00
parent d656d37a28
commit 498fe7e1c1
2 changed files with 17 additions and 20 deletions

View File

@ -42,8 +42,6 @@ _device_map_to_verify = {
'initiator_port_wwn_list': ['10008c7cff523b01'],
'target_port_wwn_list': ['20240002ac000a50']}}
CONF = cfg.CONF
class TestBrcdFCSanLookupService(brcd_lookup.BrcdFCSanLookupService,
test.TestCase):
@ -79,14 +77,16 @@ class TestBrcdFCSanLookupService(brcd_lookup.BrcdFCSanLookupService,
@mock.patch.object(paramiko.hostkeys.HostKeys, 'load')
def test_create_ssh_client(self, load_mock):
CONF.ssh_hosts_key_file = 'dummy_host_key_file'
CONF.strict_ssh_host_key_policy = True
ssh_client = self.create_ssh_client()
mock_args = {}
mock_args['known_hosts_file'] = 'dummy_host_key_file'
mock_args['missing_key_policy'] = paramiko.RejectPolicy()
ssh_client = self.create_ssh_client(**mock_args)
self.assertEqual(ssh_client._host_keys_filename, 'dummy_host_key_file')
self.assertTrue(isinstance(ssh_client._policy, paramiko.RejectPolicy))
CONF.strict_ssh_host_key_policy = False
ssh_client = self.create_ssh_client()
self.assertTrue(isinstance(ssh_client._policy, paramiko.AutoAddPolicy))
mock_args = {}
ssh_client = self.create_ssh_client(**mock_args)
self.assertIsNone(ssh_client._host_keys_filename)
self.assertTrue(isinstance(ssh_client._policy, paramiko.WarningPolicy))
@mock.patch.object(brcd_lookup.BrcdFCSanLookupService,
'get_nameserver_info')

View File

@ -17,7 +17,6 @@
#
from oslo.config import cfg
import paramiko
from cinder import exception
@ -31,8 +30,6 @@ from cinder.zonemanager.fc_san_lookup_service import FCSanLookupService
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
class BrcdFCSanLookupService(FCSanLookupService):
"""The SAN lookup service that talks to Brocade switches.
@ -49,7 +46,7 @@ class BrcdFCSanLookupService(FCSanLookupService):
super(BrcdFCSanLookupService, self).__init__(**kwargs)
self.configuration = kwargs.get('configuration', None)
self.create_configuration()
self.client = self.create_ssh_client()
self.client = self.create_ssh_client(**kwargs)
def create_configuration(self):
"""Configuration specific to SAN context values."""
@ -64,16 +61,16 @@ class BrcdFCSanLookupService(FCSanLookupService):
self.fabric_configs = fabric_opts.load_fabric_configurations(
fabric_names)
def create_ssh_client(self):
def create_ssh_client(self, **kwargs):
ssh_client = paramiko.SSHClient()
known_hosts_file = CONF.ssh_hosts_key_file
if not known_hosts_file:
raise exception.ParameterNotFound(param='ssh_hosts_key_file')
ssh_client.load_host_keys(known_hosts_file)
if CONF.strict_ssh_host_key_policy:
missing_key_policy = paramiko.RejectPolicy()
known_hosts_file = kwargs.get('known_hosts_file', None)
if known_hosts_file is None:
ssh_client.load_system_host_keys()
else:
missing_key_policy = paramiko.AutoAddPolicy()
ssh_client.load_host_keys(known_hosts_file)
missing_key_policy = kwargs.get('missing_key_policy', None)
if missing_key_policy is None:
missing_key_policy = paramiko.WarningPolicy()
ssh_client.set_missing_host_key_policy(missing_key_policy)
return ssh_client