Bug 4898

Summary: Support license files contained in ZIP files
Product: ThinLinc Reporter: Peter Åstrand <astrand>
Component: License systemAssignee: Peter Åstrand <astrand>
Status: CLOSED FIXED    
Severity: Normal CC: hean01
Priority: P2 Keywords: hean01_tester, relnotes
Version: 4.1.0   
Target Milestone: 4.3.0   
Hardware: PC   
OS: Unknown   
Acceptance Criteria:
Attachments: Zip file created on windows 7
ZIP file created on Win7 workstation

Description Peter Åstrand cendio 2013-11-13 11:10:25 CET
Currently, the license files must be individual files, located in /opt/thinlinc/etc/licenses/. One idea is to allow putting a ZIP file with multiple license files here. Advantages:


* ZIP files are binary, so the risk that the files are damaged during transmission are somewhat smaller. 

* We would only need to deliver one single file when giving out licenses. 

* We could start giving out much smaller licenses files by default, without making it impractical for us and the customer. For example, assume that we never creates license files bigger than 10. Then, the issue of "splitting" licenses would be resolved: Customers can simply move licenses out of the ZIP file and to another server, something that can be done even with Windows explorer. 

Note though that this last point would need to be done in conjunction with changes to the license generator; the ZIP should be created automatically in that case.
Comment 1 Peter Åstrand cendio 2014-07-07 16:35:24 CEST
Fixed in 29180.
Comment 2 Peter Åstrand cendio 2014-07-08 12:50:18 CEST
TAG updated in 29182.
Comment 3 Henrik Andersson cendio 2014-08-18 12:47:49 CEST
Commit r29179 which refers to this bug removes parse_licenselog() which is used by  tl-collect-licensestats.


Traceback (most recent call last):
  File "./tl-collect-licensestats", line 13, in <module>
    from thinlinc . vsm . licensehandler import parse_licenselog
ImportError: cannot import name parse_licenselog
Comment 4 Peter Åstrand cendio 2014-09-01 14:02:28 CEST
(In reply to comment #3)
> Commit r29179 which refers to this bug removes parse_licenselog() which is used
> by  tl-collect-licensestats.
> 
> 
> Traceback (most recent call last):
>   File "./tl-collect-licensestats", line 13, in <module>
>     from thinlinc . vsm . licensehandler import parse_licenselog
> ImportError: cannot import name parse_licenselog

Reversed in 29311.
Comment 5 Henrik Andersson cendio 2014-09-25 14:45:11 CEST
Created attachment 574 [details]
Zip file created on windows 7

This ZIP file is created by built in "Send To -> Compressed ZIP file" on a windows 7 workstation.
Comment 6 Henrik Andersson cendio 2014-09-25 14:50:28 CEST
(In reply to comment #5)
> Created an attachment (id=574) [details]
> Zip file created on windows 7
> 
> This ZIP file is created by built in "Send To -> Compressed ZIP file" on a
> windows 7 workstation.

Verified that python zipfile works with zip file created on win7 platform.
Comment 7 Henrik Andersson cendio 2014-09-25 14:54:47 CEST
Created attachment 575 [details]
ZIP file created on Win7 workstation

The first zip file seems to include the text file uncompressed which zipfile python handles.. This zip file contains a bigger file that actually is compressed.
Comment 8 Henrik Andersson cendio 2014-09-25 14:58:24 CEST
(In reply to comment #7)
> Created an attachment (id=575) [details]
> ZIP file created on Win7 workstation
> 
> The first zip file seems to include the text file uncompressed which zipfile
> python handles.. This zip file contains a bigger file that actually is
> compressed.

The text file in this was using zipfile.ZipInfo uses compress_type 8, decompression of this file worked as expected.
Comment 9 Henrik Andersson cendio 2014-09-29 08:51:55 CEST
Python zipfile module only supports uncompressed and deflate compression using zlib of files in a zip archive. The latest version of Zip specification supports 22 different compression algorithms and zipfile only supports 2 as mentioned above.

However, deflate was the origin algorithm and is standard for any zip compressor and as the attached files shows they are produced out of the box.

Verified and working using ThinLinc build 4501.

Tested using a zip file including valid and invalid (older ThinLinc) license files.
Comment 10 Henrik Andersson cendio 2014-09-29 14:04:24 CEST
Forgot to test using a zip file with files compressed using other algorithms,
the following traceback was the result:

2014-09-29 14:01:04 INFO vsmserver.license: Updating license data from disk to memory
Traceback (most recent call last):
  File "/opt/thinlinc/sbin/vsmserver", line 20, in <module>
    VSMServer ( sys . argv )
  File "/opt/thinlinc/modules/thinlinc/vsm/vsmserver.py", line 116, in __init__
    self . licensehandler . update_licenses ( )
  File "/opt/thinlinc/modules/thinlinc/vsm/licensehandler.py", line 174, in update_licenses
    OOOO0OOoO0O0 = oOOoo0Oo . open ( o00OO00OoO )
  File "/usr/lib64/python2.7/zipfile.py", line 1006, in open
    close_fileobj=should_close)
  File "/usr/lib64/python2.7/zipfile.py", line 530, in __init__
    raise NotImplementedError("compression type %d (%s)" % (self._compress_type, descr))
NotImplementedError: compression type 14 (lzma)
Comment 11 Henrik Andersson cendio 2014-09-29 14:23:26 CEST
(In reply to comment #10)

> 2014-09-29 14:01:04 INFO vsmserver.license: Updating license data from disk to
> memory
> Traceback (most recent call last):
>   File "/opt/thinlinc/sbin/vsmserver", line 20, in <module>
>     VSMServer ( sys . argv )
>   File "/opt/thinlinc/modules/thinlinc/vsm/vsmserver.py", line 116, in __init__
>     self . licensehandler . update_licenses ( )
>   File "/opt/thinlinc/modules/thinlinc/vsm/licensehandler.py", line 174, in
> update_licenses
>     OOOO0OOoO0O0 = oOOoo0Oo . open ( o00OO00OoO )
>   File "/usr/lib64/python2.7/zipfile.py", line 1006, in open
>     close_fileobj=should_close)
>   File "/usr/lib64/python2.7/zipfile.py", line 530, in __init__
>     raise NotImplementedError("compression type %d (%s)" %
> (self._compress_type, descr))
> NotImplementedError: compression type 14 (lzma)

Seems to crash the vsmserver, can't connect to the ThinLinc environment after a restart using a zip file with another compression algo.
Comment 12 Peter Åstrand cendio 2014-09-29 16:03:36 CEST
(In reply to comment #11)
> (In reply to comment #10)
> 
> > 2014-09-29 14:01:04 INFO vsmserver.license: Updating license data from disk to
> > memory
> > Traceback (most recent call last):
> >   File "/opt/thinlinc/sbin/vsmserver", line 20, in <module>
> >     VSMServer ( sys . argv )
> >   File "/opt/thinlinc/modules/thinlinc/vsm/vsmserver.py", line 116, in __init__
> >     self . licensehandler . update_licenses ( )
> >   File "/opt/thinlinc/modules/thinlinc/vsm/licensehandler.py", line 174, in
> > update_licenses
> >     OOOO0OOoO0O0 = oOOoo0Oo . open ( o00OO00OoO )
> >   File "/usr/lib64/python2.7/zipfile.py", line 1006, in open
> >     close_fileobj=should_close)
> >   File "/usr/lib64/python2.7/zipfile.py", line 530, in __init__
> >     raise NotImplementedError("compression type %d (%s)" %
> > (self._compress_type, descr))
> > NotImplementedError: compression type 14 (lzma)
> 
> Seems to crash the vsmserver, can't connect to the ThinLinc environment after a
> restart using a zip file with another compression algo.

r29428.
Comment 13 Henrik Andersson cendio 2014-09-30 14:12:07 CEST
Putting a zip file with password produces a traceback and stops vsmserver:

2014-09-30 14:11:10 INFO vsmserver.license: Updating license data from disk to memory
Traceback (most recent call last):
  File "/opt/thinlinc/sbin/vsmserver", line 20, in <module>
    VSMServer ( sys . argv )
  File "/opt/thinlinc/modules/thinlinc/vsm/vsmserver.py", line 116, in __init__
    self . licensehandler . update_licenses ( )
  File "/opt/thinlinc/modules/thinlinc/vsm/licensehandler.py", line 174, in update_licenses
    OOOO0OOoO0O0 = oOOoo0Oo . open ( o00OO00OoO )
  File "/usr/lib64/python2.7/zipfile.py", line 986, in open
    "password required for extraction" % name
RuntimeError: File server.crt is encrypted, password required for extraction
Comment 14 Peter Åstrand cendio 2014-09-30 14:32:46 CEST
(In reply to comment #13)
> Putting a zip file with password produces a traceback and stops vsmserver:
> 
> 2014-09-30 14:11:10 INFO vsmserver.license: Updating license data from disk to
> memory
> Traceback (most recent call last):
>   File "/opt/thinlinc/sbin/vsmserver", line 20, in <module>
>     VSMServer ( sys . argv )
>   File "/opt/thinlinc/modules/thinlinc/vsm/vsmserver.py", line 116, in __init__
>     self . licensehandler . update_licenses ( )
>   File "/opt/thinlinc/modules/thinlinc/vsm/licensehandler.py", line 174, in
> update_licenses
>     OOOO0OOoO0O0 = oOOoo0Oo . open ( o00OO00OoO )
>   File "/usr/lib64/python2.7/zipfile.py", line 986, in open
>     "password required for extraction" % name
> RuntimeError: File server.crt is encrypted, password required for extraction

29437.
Comment 15 Henrik Andersson cendio 2014-09-30 15:48:59 CEST
Used a zip bomb with the license loader, no crash yet but server is still starting up after 1 hour. This could easily be prevent using a sanity check of ZipInfo.file_size eg. skip uncompressing file if uncompressed file size is larger than 5k...
Comment 16 Peter Åstrand cendio 2014-09-30 16:08:56 CEST
(In reply to comment #15)
> Used a zip bomb with the license loader, no crash yet but server is still
> starting up after 1 hour. This could easily be prevent using a sanity check of
> ZipInfo.file_size eg. skip uncompressing file if uncompressed file size is
> larger than 5k...

Discussed. No risk of causing this as non-root. Little risk that root does this by mistake. Not adding any code for this at this point.
Comment 17 Henrik Andersson cendio 2014-10-01 10:56:13 CEST
(In reply to comment #12)
> (In reply to comment #11)
> > (In reply to comment #10)
> > 
> > > 2014-09-29 14:01:04 INFO vsmserver.license: Updating license data from disk to
> > > memory
> > > Traceback (most recent call last):
> > >   File "/opt/thinlinc/sbin/vsmserver", line 20, in <module>
> > >     VSMServer ( sys . argv )
> > >   File "/opt/thinlinc/modules/thinlinc/vsm/vsmserver.py", line 116, in __init__
> > >     self . licensehandler . update_licenses ( )
> > >   File "/opt/thinlinc/modules/thinlinc/vsm/licensehandler.py", line 174, in
> > > update_licenses
> > >     OOOO0OOoO0O0 = oOOoo0Oo . open ( o00OO00OoO )
> > >   File "/usr/lib64/python2.7/zipfile.py", line 1006, in open
> > >     close_fileobj=should_close)
> > >   File "/usr/lib64/python2.7/zipfile.py", line 530, in __init__
> > >     raise NotImplementedError("compression type %d (%s)" %
> > > (self._compress_type, descr))
> > > NotImplementedError: compression type 14 (lzma)
> > 
> > Seems to crash the vsmserver, can't connect to the ThinLinc environment after a
> > restart using a zip file with another compression algo.
> 
> r29428.

Tested using ThinLinc build 4507, looks good:

2014-10-01 10:54:47 WARNING vsmserver.license: Ignoring member user-50-2621.license: compression type 14 (lzma)
2014-10-01 10:54:47 WARNING vsmserver.license: Ignoring member user-50-2622.license: compression type 14 (lzma)
2014-10-01 10:54:47 INFO vsmserver.license: License summary: 10 concurrent users. Hard limit of 11 concurrent users.
Comment 18 Henrik Andersson cendio 2014-10-01 10:57:44 CEST
(In reply to comment #14)
> (In reply to comment #13)
> > Putting a zip file with password produces a traceback and stops vsmserver:
> > 
> > 2014-09-30 14:11:10 INFO vsmserver.license: Updating license data from disk to
> > memory
> > Traceback (most recent call last):
> >   File "/opt/thinlinc/sbin/vsmserver", line 20, in <module>
> >     VSMServer ( sys . argv )
> >   File "/opt/thinlinc/modules/thinlinc/vsm/vsmserver.py", line 116, in __init__
> >     self . licensehandler . update_licenses ( )
> >   File "/opt/thinlinc/modules/thinlinc/vsm/licensehandler.py", line 174, in
> > update_licenses
> >     OOOO0OOoO0O0 = oOOoo0Oo . open ( o00OO00OoO )
> >   File "/usr/lib64/python2.7/zipfile.py", line 986, in open
> >     "password required for extraction" % name
> > RuntimeError: File server.crt is encrypted, password required for extraction
> 
> 29437.

Tested using ThinLinc build 4507, looks good:

2014-10-01 10:56:55 WARNING vsmserver.license: Ignoring member user-50-2622.license: File user-50-2622.license is encrypted, password required for extraction
2014-10-01 10:56:55 INFO vsmserver.license: License summary: 10 concurrent users. Hard limit of 11 concurrent users. 
2014-10-01 10:56:55 INFO vsmserver.session: Loaded 1 sessions for 1 users from file