summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChris St. Pierre <chris.a.st.pierre@gmail.com>2014-04-25 07:52:35 -0400
committerChris St. Pierre <chris.a.st.pierre@gmail.com>2014-04-25 07:53:55 -0400
commit5888be3f06738f6a93cd6afab930369bdd2eb023 (patch)
treecfac9c12e03be5a113e3462e083b7754663da7a7
parent49ad7e5039b96a3d849924c5748fde6e1ea7e8bc (diff)
downloadbcfg2-5888be3f06738f6a93cd6afab930369bdd2eb023.tar.gz
bcfg2-5888be3f06738f6a93cd6afab930369bdd2eb023.tar.bz2
bcfg2-5888be3f06738f6a93cd6afab930369bdd2eb023.zip
reduce logging from failed decryption with decrypt=lax
-rw-r--r--src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py21
-rw-r--r--src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py14
-rw-r--r--src/lib/Bcfg2/Server/Plugins/Properties.py20
3 files changed, 25 insertions, 30 deletions
diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
index cf7eae75b..0a30a070a 100644
--- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
+++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
@@ -1,12 +1,11 @@
""" CfgEncryptedGenerator lets you encrypt your plaintext
:ref:`server-plugins-generators-cfg` files on the server. """
-import Bcfg2.Server.Plugins.Cfg
from Bcfg2.Server.Plugin import PluginExecutionError
-from Bcfg2.Server.Plugins.Cfg import CfgGenerator
+from Bcfg2.Server.Plugins.Cfg import CfgGenerator, SETUP
try:
from Bcfg2.Encryption import bruteforce_decrypt, EVPError, \
- get_algorithm
+ get_algorithm, CFG_SECTION
HAS_CRYPTO = True
except ImportError:
HAS_CRYPTO = False
@@ -27,7 +26,6 @@ class CfgEncryptedGenerator(CfgGenerator):
CfgGenerator.__init__(self, fname, spec, encoding)
if not HAS_CRYPTO:
raise PluginExecutionError("M2Crypto is not available")
- __init__.__doc__ = CfgGenerator.__init__.__doc__
def handle_event(self, event):
CfgGenerator.handle_event(self, event)
@@ -36,15 +34,18 @@ class CfgEncryptedGenerator(CfgGenerator):
# todo: let the user specify a passphrase by name
try:
self.data = bruteforce_decrypt(
- self.data,
- setup=Bcfg2.Server.Plugins.Cfg.SETUP,
- algorithm=get_algorithm(Bcfg2.Server.Plugins.Cfg.SETUP))
+ self.data, setup=SETUP,
+ algorithm=get_algorithm(SETUP))
except EVPError:
- raise PluginExecutionError("Failed to decrypt %s" % self.name)
- handle_event.__doc__ = CfgGenerator.handle_event.__doc__
+ strict = SETUP.cfp.get(CFG_SECTION, "decrypt",
+ default="strict")
+ msg = "Cfg: Failed to decrypt %s" % self.name
+ if strict:
+ raise PluginExecutionError(msg)
+ else:
+ self.logger.debug(msg)
def get_data(self, entry, metadata):
if self.data is None:
raise PluginExecutionError("Failed to decrypt %s" % self.name)
return CfgGenerator.get_data(self, entry, metadata)
- get_data.__doc__ = CfgGenerator.get_data.__doc__
diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py
index e890fdecb..ac031461a 100644
--- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py
+++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py
@@ -31,7 +31,6 @@ class CfgPrivateKeyCreator(CfgCreator, StructFile):
pubkey_path = os.path.dirname(self.name) + ".pub"
pubkey_name = os.path.join(pubkey_path, os.path.basename(pubkey_path))
self.pubkey_creator = CfgPublicKeyCreator(pubkey_name)
- __init__.__doc__ = CfgCreator.__init__.__doc__
@property
def category(self):
@@ -55,7 +54,6 @@ class CfgPrivateKeyCreator(CfgCreator, StructFile):
def handle_event(self, event):
CfgCreator.handle_event(self, event)
StructFile.HandleEvent(self, event)
- handle_event.__doc__ = CfgCreator.handle_event.__doc__
def _gen_keypair(self, metadata, spec=None):
""" Generate a keypair according to the given client medata
@@ -201,10 +199,6 @@ class CfgPrivateKeyCreator(CfgCreator, StructFile):
def Index(self):
StructFile.Index(self)
if HAS_CRYPTO:
- strict = self.xdata.get(
- "decrypt",
- SETUP.cfp.get(Bcfg2.Encryption.CFG_SECTION, "decrypt",
- default="strict")) == "strict"
for el in self.xdata.xpath("//*[@encrypted]"):
try:
el.text = self._decrypt(el).encode('ascii',
@@ -213,13 +207,17 @@ class CfgPrivateKeyCreator(CfgCreator, StructFile):
self.logger.info("Cfg: Decrypted %s to gibberish, skipping"
% el.tag)
except Bcfg2.Encryption.EVPError:
+ default_strict = SETUP.cfp.get(
+ Bcfg2.Encryption.CFG_SECTION, "decrypt",
+ default="strict")
+ strict = self.xdata.get("decrypt",
+ default_strict) == "strict"
msg = "Cfg: Failed to decrypt %s element in %s" % \
(el.tag, self.name)
if strict:
raise PluginExecutionError(msg)
else:
- self.logger.info(msg)
- Index.__doc__ = StructFile.Index.__doc__
+ self.logger.debug(msg)
def _decrypt(self, element):
""" Decrypt a single encrypted element """
diff --git a/src/lib/Bcfg2/Server/Plugins/Properties.py b/src/lib/Bcfg2/Server/Plugins/Properties.py
index 8c6cf799a..ac0cc884a 100644
--- a/src/lib/Bcfg2/Server/Plugins/Properties.py
+++ b/src/lib/Bcfg2/Server/Plugins/Properties.py
@@ -172,7 +172,6 @@ class XMLPropertyFile(Bcfg2.Server.Plugin.StructFile, PropertyFile):
Bcfg2.Server.Plugin.StructFile.__init__(self, name, fam=fam,
should_monitor=should_monitor)
PropertyFile.__init__(self, name)
- __init__.__doc__ = Bcfg2.Server.Plugin.StructFile.__init__.__doc__
def _write(self):
open(self.name, "wb").write(
@@ -180,7 +179,6 @@ class XMLPropertyFile(Bcfg2.Server.Plugin.StructFile, PropertyFile):
xml_declaration=False,
pretty_print=True).decode('UTF-8'))
return True
- _write.__doc__ = PropertyFile._write.__doc__
def validate_data(self):
""" ensure that the data in this object validates against the
@@ -203,30 +201,28 @@ class XMLPropertyFile(Bcfg2.Server.Plugin.StructFile, PropertyFile):
self.name)
else:
return True
- validate_data.__doc__ = PropertyFile.validate_data.__doc__
def Index(self):
Bcfg2.Server.Plugin.StructFile.Index(self)
if HAS_CRYPTO:
- strict = self.xdata.get(
- "decrypt",
- SETUP.cfp.get(Bcfg2.Encryption.CFG_SECTION, "decrypt",
- default="strict")) == "strict"
for el in self.xdata.xpath("//*[@encrypted]"):
try:
el.text = self._decrypt(el).encode('ascii',
'xmlcharrefreplace')
except UnicodeDecodeError:
- LOGGER.info("Properties: Decrypted %s to gibberish, "
- "skipping" % el.tag)
+ self.logger.info("Properties: Decrypted %s to gibberish, "
+ "skipping" % el.tag)
except Bcfg2.Encryption.EVPError:
+ strict = self.xdata.get(
+ "decrypt",
+ SETUP.cfp.get(Bcfg2.Encryption.CFG_SECTION, "decrypt",
+ default="strict")) == "strict"
msg = "Properties: Failed to decrypt %s element in %s" % \
- (el.tag, self.name)
+ (el.tag, self.name)
if strict:
raise PluginExecutionError(msg)
else:
- LOGGER.info(msg)
- Index.__doc__ = Bcfg2.Server.Plugin.StructFile.Index.__doc__
+ self.logger.debug(msg)
def _decrypt(self, element):
""" Decrypt a single encrypted properties file element """