[SRU] Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eucalyptus (Ubuntu) |
Fix Released
|
Medium
|
James Page | ||
Lucid |
Invalid
|
Medium
|
Unassigned | ||
Maverick |
Won't Fix
|
Medium
|
James Page | ||
Natty |
Fix Released
|
Medium
|
James Page | ||
Oneiric |
Fix Released
|
Medium
|
James Page |
Bug Description
SRU Information:
IMPATCT: If minor clock drift is encountered between Eucalyptus NC and CC then any messages that are in the future are rejected by RampartC, even if the time difference is minimal.
FIX: Patch supplied by upstream to permit minor time differences between nodes in Rampart configuration - this formed part of the 2.0.3 security release of Eucalyptus.
PATCH: see attached clock_drift.patch and associated branches for each release.
TEST CASE:
- Requires at minimum a two node eucalyptus installation.
- Clock difference between the two nodes should be introduced.
- Webservice messages will then be dropped between the two nodes.
REGRESSION POTENTIAL: Minimal - patch supplied from upstream released version so should be well tested.
>>>>>>>
Original Bug Report:
In both EucalyptusNC/
This happens on a default Ubuntu 11.04 x64 cloud server installation, after a full upgrade (apt-get update && apt-get dist-upgrade) and a reboot.
Eucalyptus' package version is 2.0.1+bzr1256-
For a more detailed description on this issue, see a question I asked in ServerFault: http://
Related branches
- Ubuntu branches: Pending requested
-
Diff: 2347 lines (+2232/-2)14 files modified.pc/29-euca_conf-sslv3.patch/tools/euca_conf.in (+1555/-0)
.pc/30-clock_drift.patch/tools/client-policy-template.xml (+73/-0)
.pc/30-clock_drift.patch/tools/service-policy-template.xml (+67/-0)
.pc/30-clock_drift.patch/util/euca_axis.c (+459/-0)
.pc/applied-patches (+2/-0)
debian/changelog (+13/-0)
debian/eucalyptus-cloud.upstart (+1/-0)
debian/patches/29-euca_conf-sslv3.patch (+18/-0)
debian/patches/30-clock_drift.patch (+38/-0)
debian/patches/series (+2/-0)
tools/client-policy-template.xml (+1/-0)
tools/euca_conf.in (+1/-1)
tools/service-policy-template.xml (+1/-0)
util/euca_axis.c (+1/-1)
Changed in eucalyptus (Ubuntu Oneiric): | |
assignee: | nobody → James Page (james-page) |
status: | Confirmed → In Progress |
summary: |
- Rampart's configuration on Ubuntu's package doesn't define a default - ClockSkewBuffer + [SRU] Rampart's configuration on Ubuntu's package doesn't define a + default ClockSkewBuffer |
description: | updated |
description: | updated |
Changed in eucalyptus (Ubuntu Natty): | |
assignee: | nobody → James Page (james-page) |
Changed in eucalyptus (Ubuntu Maverick): | |
assignee: | nobody → James Page (james-page) |
status: | Confirmed → In Progress |
Changed in eucalyptus (Ubuntu Natty): | |
status: | Confirmed → In Progress |
tags: | removed: verification-done |
Changed in eucalyptus (Ubuntu Maverick): | |
status: | Fix Committed → Won't Fix |
This issue was solved in Eucalyptus 2.0.3 (upstream) with the attached patch. It's just a 2 liners that ensure rampartC policy to be more lenient on the time difference.