Merge pull request #107 from apel/release-2.4.1

Release 2.4.1 to master
apel · Sep 4, 2019 · 821bcf4 · 821bcf4
2 parents ea9d944 + dbb6383
commit 821bcf4
Show file tree

Hide file tree

Showing 17 changed files with 263 additions and 224 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,5 +1,11 @@
 Changelog for ssm
 =================
+* Tue Sep 03 2019 Adrian Coveney <adrian.coveney@stfc.ac.uk> - 2.4.1-1
+ - Fixed handling of OpenSSL errors so that messages that have been tampered
+   with are now rejected.
+ - Changed logging to remove excessive messages from a 3rd-party module used
+   when sending via AMS.
+
 * Thu Aug 01 2019 Adrian Coveney <adrian.coveney@stfc.ac.uk> - 2.4.0-1
  - Added support for sending and receiving messages using the ARGO Messaging
    Service (AMS).
@@ -83,7 +89,7 @@ Changelog for ssm
  - Verify any certificate supplied for encrypting messages
    against the CA path
  - Receiver can check CRLs on certificates
- 
+
  * Wed Feb 27 2013 Will Rogers <will.rogers@stfc.ac.uk>  - 2.0.3-0
  - Add support for messages signed with quopri or base64
    content-transfer-encoding (for UNICORE).

diff --git a/CODEOWNERS b/CODEOWNERS
@@ -0,0 +1,5 @@
+# These owners will be the default owners for everything in the repo, unless a
+# later match is added and takes precedence. They will be requested for review
+# when someone opens a pull request.
+
+*    @apel/code-reviewers
diff --git a/LICENSE b/LICENSE
@@ -15,9 +15,9 @@ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 granting the License.
 
 "Legal Entity" shall mean the union of the acting entity and all other entities that control, are
-controlled by, or are under common control with that entity. 
+controlled by, or are under common control with that entity.
 For the purposes of this definition, "control" means (i) the power, direct or indirect,
-to cause the direction or management of such entity, whether by contract 
+to cause the direction or management of such entity, whether by contract
 or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares,
 or (iii) beneficial ownership of such entity.
 
@@ -79,57 +79,57 @@ the following conditions:
 
     You must cause any modified files to carry prominent notices stating that You changed the files; and
 
-    You must retain, in the Source form of any Derivative Works that You distribute, all copyright, 
-    patent, trademark, and attribution notices from the Source form of the Work, excluding those 
+    You must retain, in the Source form of any Derivative Works that You distribute, all copyright,
+    patent, trademark, and attribution notices from the Source form of the Work, excluding those
     notices that do not pertain to any part of the Derivative Works; and
 
-    If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative 
-    Works that You distribute must include a readable copy of the attribution notices contained 
-    within such NOTICE file, excluding those notices that do not pertain to any part of the 
-    Derivative Works, in at least one of the following places: within a NOTICE text file 
-    distributed as part of the Derivative Works; within the Source form or documentation, 
-    if provided along with the Derivative Works; or, within a display generated by the 
-    Derivative Works, if and wherever such third-party notices normally appear. 
-    The contents of the NOTICE file are for informational purposes only and do not modify 
-    the License. You may add Your own attribution notices within Derivative Works that 
+    If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative
+    Works that You distribute must include a readable copy of the attribution notices contained
+    within such NOTICE file, excluding those notices that do not pertain to any part of the
+    Derivative Works, in at least one of the following places: within a NOTICE text file
+    distributed as part of the Derivative Works; within the Source form or documentation,
+    if provided along with the Derivative Works; or, within a display generated by the
+    Derivative Works, if and wherever such third-party notices normally appear.
+    The contents of the NOTICE file are for informational purposes only and do not modify
+    the License. You may add Your own attribution notices within Derivative Works that
     You distribute, alongside or as an addendum to the NOTICE text from the Work, provided
-    that such additional attribution notices cannot be construed as modifying the License. 
-    You may add Your own copyright statement to Your modifications and may provide additional 
-    or different license terms and conditions for use, reproduction, or distribution of Your 
+    that such additional attribution notices cannot be construed as modifying the License.
+    You may add Your own copyright statement to Your modifications and may provide additional
+    or different license terms and conditions for use, reproduction, or distribution of Your
     modifications, or for any such Derivative Works as a whole, provided Your use, reproduction,
     and distribution of the Work otherwise complies with the conditions stated in this License.
 
-5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution 
-intentionally submitted for inclusion in the Work by You to the Licensor shall be under 
-the terms and conditions of this License, without any additional terms or conditions. 
-Notwithstanding the above, nothing herein shall supersede or modify the terms of any 
-separate license agreement you may have executed with Licensor regarding such 
+5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution
+intentionally submitted for inclusion in the Work by You to the Licensor shall be under
+the terms and conditions of this License, without any additional terms or conditions.
+Notwithstanding the above, nothing herein shall supersede or modify the terms of any
+separate license agreement you may have executed with Licensor regarding such
 Contributions.
 
-6. Trademarks. This License does not grant permission to use the trade names, 
-trademarks, service marks, or product names of the Licensor, except as required 
-for reasonable and customary use in describing the origin of the Work and reproducing 
+6. Trademarks. This License does not grant permission to use the trade names,
+trademarks, service marks, or product names of the Licensor, except as required
+for reasonable and customary use in describing the origin of the Work and reproducing
 the content of the NOTICE file.
 
-7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, 
+7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing,
 Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, 
-without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, 
-or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the 
-appropriateness of using or redistributing the Work and assume any risks associated with 
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including,
+without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY,
+or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the
+appropriateness of using or redistributing the Work and assume any risks associated with
 Your exercise of permissions under this License.
 
-8. Limitation of Liability. In no event and under no legal theory, whether in tort 
-(including negligence), contract, or otherwise, unless required by applicable law 
-(such as deliberate and grossly negligent acts) or agreed to in writing, shall any 
-Contributor be liable to You for damages, including any direct, indirect, special, 
-incidental, or consequential damages of any character arising as a result of this 
-License or out of the use or inability to use the Work (including but not limited 
-to damages for loss of goodwill, work stoppage, computer failure or malfunction, 
-or any and all other commercial damages or losses), even if such Contributor has 
+8. Limitation of Liability. In no event and under no legal theory, whether in tort
+(including negligence), contract, or otherwise, unless required by applicable law
+(such as deliberate and grossly negligent acts) or agreed to in writing, shall any
+Contributor be liable to You for damages, including any direct, indirect, special,
+incidental, or consequential damages of any character arising as a result of this
+License or out of the use or inability to use the Work (including but not limited
+to damages for loss of goodwill, work stoppage, computer failure or malfunction,
+or any and all other commercial damages or losses), even if such Contributor has
 been advised of the possibility of such damages.
 
-9. Accepting Warranty or Additional Liability. While redistributing the Work or 
+9. Accepting Warranty or Additional Liability. While redistributing the Work or
 Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance
 of support, warranty, indemnity, or other liability obligations and/or rights consistent
 with this License. However, in accepting such obligations, You may act only on Your own

diff --git a/README.md b/README.md
@@ -132,7 +132,7 @@ All file and directory names must use hex characters: `[0-9a-f]`.
 
  * Create a directory within /var/spool/apel/outgoing with a name
    of EIGHT hex characters e.g. `12345678`
- * Put files in this directory with names of FOURTEEN hex 
+ * Put files in this directory with names of FOURTEEN hex
    e.g. `1234567890abcd`
 
 #### Without the dirq module
@@ -147,7 +147,7 @@ Use the Python or Perl dirq libraries:
  * Python: http://pypi.python.org/pypi/dirq
  * Perl: http://search.cpan.org/~lcons/Directory-Queue/
 
-Create a QueueSimple object with path /var/spool/apel/outgoing/ and 
+Create a QueueSimple object with path /var/spool/apel/outgoing/ and
 add your messages.
 
 #### Without the dirq module
@@ -163,14 +163,14 @@ add your messages using the `add` method.
  * Run 'ssmsend'
  * SSM will pick up any messages and send them to the configured
    queue on the configured broker
-   
+
 ### Sender (sending via the ARGO Messaging Service (AMS))
 
  * Edit your sender configuration, usually under `/etc/apel/sender.cfg`, as per the [migration instructions](migrating_to_ams.md#sender) with some minor differences:
    * There is no need to add the `[sender]` section as it already exists. Instead change the `protocol` to `AMS`.
    * Set `ams_project` to the appropriate project.
  * Then run 'ssmsend'. SSM will pick up any messages and send them via the ARGO Messaging Service.
- 
+
 ### Sender (container)
  * Download the example [configuration file](conf/sender.cfg)
  * Edit the downloaded `sender.cfg` file as above for sending either via the [EGI message brokers](README.md#sender-sending-via-the-egi-message-brokers) or the [ARGO Messaging Service](README.md#sender-sending-via-the-argo-messaging-service-ams).
@@ -185,9 +185,9 @@ add your messages using the `add` method.
      stfc/ssm
  ```
  * The line `-v /path/to/persistently/log:/var/log/apel \` is only required if you want to access the sender log as a file. If `console: true` is set in your `sender.cfg`, the container will also log to stdout/stderr.
- 
+
 ### Receiver (service)
-  
+
  * Run `service apelssm start`
  * If this fails, check /var/log/apel/ssmreceive.log for details
  * To stop, run `service apelssm stop`
@@ -214,7 +214,7 @@ add your messages using the `add` method.
  * SSM will receive any messages on the specified queue and
    write them to the filesystem
  * To stop, run ```'kill `cat /var/run/apel/ssm.pid`'```
- 
+
 ### Receiver (receiving via the ARGO Messaging Service (AMS))
 
  * Edit your receiver configuration, usually under `/etc/apel/receiver.cfg`, as per the [migration instructions](migrating_to_ams.md#receiver) with some minor differences:

diff --git a/apel-ssm.spec b/apel-ssm.spec
@@ -4,7 +4,7 @@
 %endif
 
 Name:           apel-ssm
-Version:        2.4.0
+Version:        2.4.1
 %define releasenumber 1
 Release:        %{releasenumber}%{?dist}
 Summary:        Secure stomp messenger
@@ -100,6 +100,12 @@ rm -rf $RPM_BUILD_ROOT
 %doc %_defaultdocdir/%{name}
 
 %changelog
+* Tue Sep 03 2019 Adrian Coveney <adrian.coveney@stfc.ac.uk> - 2.4.1-1
+ - Fixed handling of OpenSSL errors so that messages that have been tampered
+   with are now rejected.
+ - Changed logging to remove excessive messages from a 3rd-party module used
+   when sending via AMS.
+
 * Thu Aug 01 2019 Adrian Coveney <adrian.coveney@stfc.ac.uk> - 2.4.0-1
  - Added support for sending and receiving messages using the ARGO Messaging
    Service (AMS).
@@ -183,14 +189,14 @@ rm -rf $RPM_BUILD_ROOT
  - Verify any certificate supplied for encrypting messages
    against the CA path
  - Receiver can check CRLs on certificates
- 
+
  * Wed Feb 27 2013 Will Rogers <will.rogers@stfc.ac.uk>  - 2.0.3-0
  - Add support for messages signed with quopri or base64
    content-transfer-encoding (for UNICORE).
 
  * Tue Feb 26 2013 Will Rogers <will.rogers@stfc.ac.uk>  - 2.0.2-0
  - Fix SSL connection for receiver
- 
+
  * Fri Feb 8 2013 Will Rogers <will.rogers@stfc.ac.uk>  - 2.0.1-0
  - Fix crash when receiver sends ping message
 
@@ -206,6 +212,6 @@ rm -rf $RPM_BUILD_ROOT
 
  * Thu Jan 03 2013 Will Rogers <will.rogers@stfc.ac.uk>  - 0.0.2-0
  - Fixed connection freeze
- 
+
  * Fri Oct 02 2012 Will Rogers <will.rogers@stfc.ac.uk>  - 0.0.1-0
  - First tag
diff --git a/bin/apel-ssm b/bin/apel-ssm
@@ -19,7 +19,7 @@ start() {
     if [ $RETVAL -ne 0 ]; then
         failure;
     else
-	success;
+        success;
     fi;
     echo
     return $RETVAL
@@ -32,8 +32,8 @@ stop() {
         RETVAL=$?
         if [ $RETVAL -ne 0 ]; then
             failure;
-	else 
-	    success;
+        else
+            success;
         fi;
     else
         RETVAL=1
@@ -61,7 +61,7 @@ case "$1" in
             stop
             start
             ;;
-            
+
         reload)
             stop
             start

diff --git a/bin/receiver.py b/bin/receiver.py
@@ -31,7 +31,7 @@
 import ldap
 import os
 import sys
-from optparse import OptionParser 
+from optparse import OptionParser
 from daemon import DaemonContext
 import ConfigParser
 
@@ -72,32 +72,32 @@ def main():
     '''
     ver = "SSM %s.%s.%s" % __version__
     op = OptionParser(description=__doc__, version=ver)
-    op.add_option('-c', '--config', help='location of config file', 
+    op.add_option('-c', '--config', help='location of config file',
                   default='/etc/apel/receiver.cfg')
-    op.add_option('-l', '--log_config', 
-                  help='location of logging config file (optional)', 
+    op.add_option('-l', '--log_config',
+                  help='location of logging config file (optional)',
                   default='/etc/apel/logging.cfg')
-    op.add_option('-d', '--dn_file', 
-                  help='location of the file containing valid DNs', 
+    op.add_option('-d', '--dn_file',
+                  help='location of the file containing valid DNs',
                   default='/etc/apel/dns')
-    
+
     (options, unused_args) = op.parse_args()
-        
+
     cp = ConfigParser.ConfigParser()
     cp.read(options.config)
-    
+
     # Check for pidfile
     pidfile = cp.get('daemon', 'pidfile')
     if os.path.exists(pidfile):
         print 'Cannot start SSM.  Pidfile %s already exists.' % pidfile
         sys.exit(1)
-    
+
     # set up logging
     try:
         if os.path.exists(options.log_config):
             logging.config.fileConfig(options.log_config)
         else:
-            set_up_logging(cp.get('logging', 'logfile'), 
+            set_up_logging(cp.get('logging', 'logfile'),
                            cp.get('logging', 'level'),
                            cp.getboolean('logging', 'console'))
     except (ConfigParser.Error, ValueError, IOError), err:
@@ -195,16 +195,16 @@ def main():
         log.error('System will exit.')
         log.info(LOG_BREAK)
         sys.exit(1)
-        
+
     log.info('The SSM will run as a daemon.')
-    
+
     # We need to preserve the file descriptor for any log files.
     rootlog = logging.getLogger()
     log_files = [x.stream for x in rootlog.handlers]
     dc = DaemonContext(files_preserve=log_files)
-        
+
     try:
-        ssm = Ssm2(brokers, 
+        ssm = Ssm2(brokers,
                    cp.get('messaging','path'),
                    cert=cp.get('certificates','certificate'),
                    key=cp.get('certificates','key'),
@@ -220,7 +220,7 @@ def main():
         log.info('Fetching valid DNs.')
         dns = get_dns(options.dn_file)
         ssm.set_dns(dns)
-        
+
     except Exception, e:
         log.fatal('Failed to initialise SSM: %s', e)
         log.info(LOG_BREAK)
@@ -274,10 +274,10 @@ def main():
         log.error('The SSM will exit.')
         ssm.shutdown()
         dc.close()
-        
+
     log.info('Receiving SSM has shut down.')
     log.info(LOG_BREAK)
-    
-    
+
+
 if __name__ == '__main__':
     main()