diff options
| author | Narayan Desai <desai@mcs.anl.gov> | 2004-10-30 15:07:47 +0000 |
|---|---|---|
| committer | Narayan Desai <desai@mcs.anl.gov> | 2004-10-30 15:07:47 +0000 |
| commit | f6adc6692a2dd951ae803ea7d549572c37d3385f (patch) | |
| tree | 6832c45e0f3e95f053f1cd65a88aa56482a49112 | |
| parent | b7e7a347a9b9a8d2c3b7316c02f12562ff9f34a0 (diff) | |
| download | bcfg2-f6adc6692a2dd951ae803ea7d549572c37d3385f.tar.gz bcfg2-f6adc6692a2dd951ae803ea7d549572c37d3385f.tar.bz2 bcfg2-f6adc6692a2dd951ae803ea7d549572c37d3385f.zip | |
change name
use constructor
2004/10/30 10:04:37-05:00 anl.gov!desai
Rename: src/lib/Server/Generators/sshbase.py -> src/lib/Server/Generators/SSHbase.py
(Logical change 1.136)
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@617 ce84e21b-d406-0410-9b95-82705330c041
| -rw-r--r-- | src/lib/Server/Generators/SSHbase.py | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/src/lib/Server/Generators/SSHbase.py b/src/lib/Server/Generators/SSHbase.py index e69de29bb..76b18bcc5 100644 --- a/src/lib/Server/Generators/SSHbase.py +++ b/src/lib/Server/Generators/SSHbase.py @@ -0,0 +1,110 @@ +'''This module manages ssh key files for bcfg2''' +__revision__ = '$Revision$' + +from binascii import b2a_base64 +from os import rename, system +from socket import gethostbyname, gaierror + +from Bcfg2.Server.Generator import Generator, DirectoryBacked + +class SSHbase(Generator): + '''The sshbase generator manages ssh host keys (both v1 and v2) + for hosts. It also manages the ssh_known_hosts file. It can + integrate host keys from other management domains and similarly + export its keys. The repository contains files in the following + formats: + + ssh_host_key.H_(hostname) -> the v1 host private key for + (hostname) + ssh_host_key.pub.H_(hostname) -> the v1 host public key + for (hostname) + ssh_host_(dr)sa_key.H_(hostname) -> the v2 ssh host + private key for (hostname) + ssh_host_(dr)sa_key.pub.H_(hostname) -> the v2 ssh host + public key for (hostname) + ssh_known_hosts -> the current known hosts file. this + is regenerated each time a new key is generated. +''' + __name__ = 'SSHbase' + __version__ = '$Id$' + __author__ = 'bcfg-dev@mcs.anl.gov' + + pubkeys = ["ssh_host_dsa_key.pub.H_%s", + "ssh_host_rsa_key.pub.H_%s", "ssh_host_key.pub.H_%s"] + hostkeys = ["ssh_host_dsa_key.H_%s", + "ssh_host_rsa_key.H_%s", "ssh_host_key.H_%s"] + + def __init__(self, core, datastore): + Generator.__init__(self, core, datastore) + self.repository = DirectoryBacked(self.data, self.core.fam) + self.__provides__ = {'ConfigFile': + {'/etc/ssh/ssh_known_hosts':self.build_skn, + '/etc/ssh/ssh_host_dsa_key':self.build_hk, + '/etc/ssh/ssh_host_rsa_key':self.build_hk, + '/etc/ssh/ssh_host_dsa_key.pub':self.build_hk, + '/etc/ssh/ssh_host_rsa_key.pub':self.build_hk, + '/etc/ssh/ssh_host_key':self.build_hk, + '/etc/ssh/ssh_host_key.pub':self.build_hk}} + + def build_skn(self, entry, metadata): + '''This function builds builds a host specific known_hosts file''' + client = metadata.hostname + filedata = self.repository.entries['ssh_known_hosts'].data + ipaddr = gethostbyname(client) + keylist = [x % client for x in self.pubkeys] + for hostkey in keylist: + filedata += "%s,%s,%s %s" % (client, "%s.mcs.anl.gov"%(client), + ipaddr, self.repository.entries[hostkey].data) + entry.attrib.update({'owner':'root', 'group':'root', 'perms':'0644'}) + entry.text = filedata + + def build_hk(self, entry, metadata): + '''This binds host key data into entries''' + client = metadata.hostname + filename = "%s.H_%s" % (entry.attrib['name'].split('/')[-1], client) + if filename not in self.repository.entries.keys(): + self.GenerateHostKeys(client) + self.GenerateKnownHosts() + keydata = self.repository.entries[filename].data + perms = '0600' + if filename[-4:] == '.pub': + perms = '0644' + entry.attrib.update({'owner':'root', 'group':'root', 'perms':perms}) + entry.text = keydata + if "ssh_host_key.H_" in filename: + entry.attrib['encoding'] = 'base64' + entry.text = b2a_base64(keydata) + + def GenerateKnownHosts(self): + '''Build the static portion of known_hosts (for all hosts)''' + output = '' + for filename, entry in self.repository.entries.iteritems(): + if ".pub.H_" in filename: + h = filename.split('_')[-1] + try: + ipaddr = gethostbyname(h) + output += "%s,%s.mcs.anl.gov,%s %s" % (h, h, ipaddr, entry.data) + except gaierror: + continue + self.repository.entries['ssh_known_hosts'].data = output + + def GenerateHostKeys(self, client): + '''Generate new host keys for client''' + keylist = [x % client for x in self.hostkeys] + for hostkey in keylist: + if 'ssh_host_rsa_key.H_' in hostkey: + keytype = 'rsa' + elif 'ssh_host_dsa_key.H_' in hostkey: + keytype = 'dsa' + else: + keytype = 'rsa1' + + if hostkey not in self.repository.entries.keys(): + fileloc = "%s/%s" % (self.data, hostkey) + system('ssh-keygen -q -f %s -N "" -t %s -C root@%s < /dev/null' % (fileloc, keytype, client)) + rename("%s.pub"%(fileloc),"%s/" % + (self.data, )+".".join(hostkey.split('.')[:-1]+['pub']+[hostkey.split('.')[-1]])) + self.repository.AddEntry(hostkey) + self.repository.AddEntry("%s.pub"%(hostkey)) + # call the notifier for global + |