Currently, the license files must be individual files, located in /opt/thinlinc/etc/licenses/. One idea is to allow putting a ZIP file with multiple license files here. Advantages: * ZIP files are binary, so the risk that the files are damaged during transmission are somewhat smaller. * We would only need to deliver one single file when giving out licenses. * We could start giving out much smaller licenses files by default, without making it impractical for us and the customer. For example, assume that we never creates license files bigger than 10. Then, the issue of "splitting" licenses would be resolved: Customers can simply move licenses out of the ZIP file and to another server, something that can be done even with Windows explorer. Note though that this last point would need to be done in conjunction with changes to the license generator; the ZIP should be created automatically in that case.
Fixed in 29180.
TAG updated in 29182.
Commit r29179 which refers to this bug removes parse_licenselog() which is used by tl-collect-licensestats. Traceback (most recent call last): File "./tl-collect-licensestats", line 13, in <module> from thinlinc . vsm . licensehandler import parse_licenselog ImportError: cannot import name parse_licenselog
(In reply to comment #3) > Commit r29179 which refers to this bug removes parse_licenselog() which is used > by tl-collect-licensestats. > > > Traceback (most recent call last): > File "./tl-collect-licensestats", line 13, in <module> > from thinlinc . vsm . licensehandler import parse_licenselog > ImportError: cannot import name parse_licenselog Reversed in 29311.
Created attachment 574 [details] Zip file created on windows 7 This ZIP file is created by built in "Send To -> Compressed ZIP file" on a windows 7 workstation.
(In reply to comment #5) > Created an attachment (id=574) [details] > Zip file created on windows 7 > > This ZIP file is created by built in "Send To -> Compressed ZIP file" on a > windows 7 workstation. Verified that python zipfile works with zip file created on win7 platform.
Created attachment 575 [details] ZIP file created on Win7 workstation The first zip file seems to include the text file uncompressed which zipfile python handles.. This zip file contains a bigger file that actually is compressed.
(In reply to comment #7) > Created an attachment (id=575) [details] > ZIP file created on Win7 workstation > > The first zip file seems to include the text file uncompressed which zipfile > python handles.. This zip file contains a bigger file that actually is > compressed. The text file in this was using zipfile.ZipInfo uses compress_type 8, decompression of this file worked as expected.
Python zipfile module only supports uncompressed and deflate compression using zlib of files in a zip archive. The latest version of Zip specification supports 22 different compression algorithms and zipfile only supports 2 as mentioned above. However, deflate was the origin algorithm and is standard for any zip compressor and as the attached files shows they are produced out of the box. Verified and working using ThinLinc build 4501. Tested using a zip file including valid and invalid (older ThinLinc) license files.
Forgot to test using a zip file with files compressed using other algorithms, the following traceback was the result: 2014-09-29 14:01:04 INFO vsmserver.license: Updating license data from disk to memory Traceback (most recent call last): File "/opt/thinlinc/sbin/vsmserver", line 20, in <module> VSMServer ( sys . argv ) File "/opt/thinlinc/modules/thinlinc/vsm/vsmserver.py", line 116, in __init__ self . licensehandler . update_licenses ( ) File "/opt/thinlinc/modules/thinlinc/vsm/licensehandler.py", line 174, in update_licenses OOOO0OOoO0O0 = oOOoo0Oo . open ( o00OO00OoO ) File "/usr/lib64/python2.7/zipfile.py", line 1006, in open close_fileobj=should_close) File "/usr/lib64/python2.7/zipfile.py", line 530, in __init__ raise NotImplementedError("compression type %d (%s)" % (self._compress_type, descr)) NotImplementedError: compression type 14 (lzma)
(In reply to comment #10) > 2014-09-29 14:01:04 INFO vsmserver.license: Updating license data from disk to > memory > Traceback (most recent call last): > File "/opt/thinlinc/sbin/vsmserver", line 20, in <module> > VSMServer ( sys . argv ) > File "/opt/thinlinc/modules/thinlinc/vsm/vsmserver.py", line 116, in __init__ > self . licensehandler . update_licenses ( ) > File "/opt/thinlinc/modules/thinlinc/vsm/licensehandler.py", line 174, in > update_licenses > OOOO0OOoO0O0 = oOOoo0Oo . open ( o00OO00OoO ) > File "/usr/lib64/python2.7/zipfile.py", line 1006, in open > close_fileobj=should_close) > File "/usr/lib64/python2.7/zipfile.py", line 530, in __init__ > raise NotImplementedError("compression type %d (%s)" % > (self._compress_type, descr)) > NotImplementedError: compression type 14 (lzma) Seems to crash the vsmserver, can't connect to the ThinLinc environment after a restart using a zip file with another compression algo.
(In reply to comment #11) > (In reply to comment #10) > > > 2014-09-29 14:01:04 INFO vsmserver.license: Updating license data from disk to > > memory > > Traceback (most recent call last): > > File "/opt/thinlinc/sbin/vsmserver", line 20, in <module> > > VSMServer ( sys . argv ) > > File "/opt/thinlinc/modules/thinlinc/vsm/vsmserver.py", line 116, in __init__ > > self . licensehandler . update_licenses ( ) > > File "/opt/thinlinc/modules/thinlinc/vsm/licensehandler.py", line 174, in > > update_licenses > > OOOO0OOoO0O0 = oOOoo0Oo . open ( o00OO00OoO ) > > File "/usr/lib64/python2.7/zipfile.py", line 1006, in open > > close_fileobj=should_close) > > File "/usr/lib64/python2.7/zipfile.py", line 530, in __init__ > > raise NotImplementedError("compression type %d (%s)" % > > (self._compress_type, descr)) > > NotImplementedError: compression type 14 (lzma) > > Seems to crash the vsmserver, can't connect to the ThinLinc environment after a > restart using a zip file with another compression algo. r29428.
Putting a zip file with password produces a traceback and stops vsmserver: 2014-09-30 14:11:10 INFO vsmserver.license: Updating license data from disk to memory Traceback (most recent call last): File "/opt/thinlinc/sbin/vsmserver", line 20, in <module> VSMServer ( sys . argv ) File "/opt/thinlinc/modules/thinlinc/vsm/vsmserver.py", line 116, in __init__ self . licensehandler . update_licenses ( ) File "/opt/thinlinc/modules/thinlinc/vsm/licensehandler.py", line 174, in update_licenses OOOO0OOoO0O0 = oOOoo0Oo . open ( o00OO00OoO ) File "/usr/lib64/python2.7/zipfile.py", line 986, in open "password required for extraction" % name RuntimeError: File server.crt is encrypted, password required for extraction
(In reply to comment #13) > Putting a zip file with password produces a traceback and stops vsmserver: > > 2014-09-30 14:11:10 INFO vsmserver.license: Updating license data from disk to > memory > Traceback (most recent call last): > File "/opt/thinlinc/sbin/vsmserver", line 20, in <module> > VSMServer ( sys . argv ) > File "/opt/thinlinc/modules/thinlinc/vsm/vsmserver.py", line 116, in __init__ > self . licensehandler . update_licenses ( ) > File "/opt/thinlinc/modules/thinlinc/vsm/licensehandler.py", line 174, in > update_licenses > OOOO0OOoO0O0 = oOOoo0Oo . open ( o00OO00OoO ) > File "/usr/lib64/python2.7/zipfile.py", line 986, in open > "password required for extraction" % name > RuntimeError: File server.crt is encrypted, password required for extraction 29437.
Used a zip bomb with the license loader, no crash yet but server is still starting up after 1 hour. This could easily be prevent using a sanity check of ZipInfo.file_size eg. skip uncompressing file if uncompressed file size is larger than 5k...
(In reply to comment #15) > Used a zip bomb with the license loader, no crash yet but server is still > starting up after 1 hour. This could easily be prevent using a sanity check of > ZipInfo.file_size eg. skip uncompressing file if uncompressed file size is > larger than 5k... Discussed. No risk of causing this as non-root. Little risk that root does this by mistake. Not adding any code for this at this point.
(In reply to comment #12) > (In reply to comment #11) > > (In reply to comment #10) > > > > > 2014-09-29 14:01:04 INFO vsmserver.license: Updating license data from disk to > > > memory > > > Traceback (most recent call last): > > > File "/opt/thinlinc/sbin/vsmserver", line 20, in <module> > > > VSMServer ( sys . argv ) > > > File "/opt/thinlinc/modules/thinlinc/vsm/vsmserver.py", line 116, in __init__ > > > self . licensehandler . update_licenses ( ) > > > File "/opt/thinlinc/modules/thinlinc/vsm/licensehandler.py", line 174, in > > > update_licenses > > > OOOO0OOoO0O0 = oOOoo0Oo . open ( o00OO00OoO ) > > > File "/usr/lib64/python2.7/zipfile.py", line 1006, in open > > > close_fileobj=should_close) > > > File "/usr/lib64/python2.7/zipfile.py", line 530, in __init__ > > > raise NotImplementedError("compression type %d (%s)" % > > > (self._compress_type, descr)) > > > NotImplementedError: compression type 14 (lzma) > > > > Seems to crash the vsmserver, can't connect to the ThinLinc environment after a > > restart using a zip file with another compression algo. > > r29428. Tested using ThinLinc build 4507, looks good: 2014-10-01 10:54:47 WARNING vsmserver.license: Ignoring member user-50-2621.license: compression type 14 (lzma) 2014-10-01 10:54:47 WARNING vsmserver.license: Ignoring member user-50-2622.license: compression type 14 (lzma) 2014-10-01 10:54:47 INFO vsmserver.license: License summary: 10 concurrent users. Hard limit of 11 concurrent users.
(In reply to comment #14) > (In reply to comment #13) > > Putting a zip file with password produces a traceback and stops vsmserver: > > > > 2014-09-30 14:11:10 INFO vsmserver.license: Updating license data from disk to > > memory > > Traceback (most recent call last): > > File "/opt/thinlinc/sbin/vsmserver", line 20, in <module> > > VSMServer ( sys . argv ) > > File "/opt/thinlinc/modules/thinlinc/vsm/vsmserver.py", line 116, in __init__ > > self . licensehandler . update_licenses ( ) > > File "/opt/thinlinc/modules/thinlinc/vsm/licensehandler.py", line 174, in > > update_licenses > > OOOO0OOoO0O0 = oOOoo0Oo . open ( o00OO00OoO ) > > File "/usr/lib64/python2.7/zipfile.py", line 986, in open > > "password required for extraction" % name > > RuntimeError: File server.crt is encrypted, password required for extraction > > 29437. Tested using ThinLinc build 4507, looks good: 2014-10-01 10:56:55 WARNING vsmserver.license: Ignoring member user-50-2622.license: File user-50-2622.license is encrypted, password required for extraction 2014-10-01 10:56:55 INFO vsmserver.license: License summary: 10 concurrent users. Hard limit of 11 concurrent users. 2014-10-01 10:56:55 INFO vsmserver.session: Loaded 1 sessions for 1 users from file
