diff options
| author | root <root@test-bcfg2-00.i> | 2010-03-13 13:00:01 -0500 |
|---|---|---|
| committer | root <root@test-bcfg2-00.i> | 2010-03-13 13:00:01 -0500 |
| commit | 55de1ebdf9bbac6dd03cdb7765ffa5e408a27d16 (patch) | |
| tree | 48968542b3f1e45a9f804610b1a7be4e32399e22 | |
| parent | 39bff3d6a9c5ce8002afd6d2f95761e7e3124b5a (diff) | |
| download | bcfg2-55de1ebdf9bbac6dd03cdb7765ffa5e408a27d16.tar.gz bcfg2-55de1ebdf9bbac6dd03cdb7765ffa5e408a27d16.tar.bz2 bcfg2-55de1ebdf9bbac6dd03cdb7765ffa5e408a27d16.zip | |
Automatically add additional host aliases to ssh_known_hosts.
| -rw-r--r-- | src/lib/Server/Plugins/SSHbase.py | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/src/lib/Server/Plugins/SSHbase.py b/src/lib/Server/Plugins/SSHbase.py index 9739b9801..d66a458ca 100644 --- a/src/lib/Server/Plugins/SSHbase.py +++ b/src/lib/Server/Plugins/SSHbase.py @@ -64,6 +64,7 @@ class SSHbase(Bcfg2.Server.Plugin.Plugin, '/etc/ssh/ssh_host_key': self.build_hk, '/etc/ssh/ssh_host_key.pub': self.build_hk}} self.ipcache = {} + self.namecache = {} self.__skn = False def get_skn(self): @@ -81,14 +82,23 @@ class SSHbase(Bcfg2.Server.Plugin.Plugin, names[cmeta.hostname] = set([cmeta.hostname]) names[cmeta.hostname].update(cmeta.aliases) newnames = set() + newips = set() for name in names[cmeta.hostname]: newnames.add(name.split('.')[0]) try: - newnames.add(self.get_ipcache_entry(name)[0]) + newips.add(self.get_ipcache_entry(name)[0]) except: continue names[cmeta.hostname].update(newnames) names[cmeta.hostname].update(cmeta.addresses) + names[cmeta.hostname].update(newips) + # TODO: Only perform reverse lookups on IPs if an option is set. + if True: + for ip in newips: + try: + names[cmeta.hostname].update(self.get_namecache_entry(ip)) + except: + continue # now we have our name cache pubkeys = [pubk for pubk in self.entries.keys() \ if pubk.find('.pub.H_') != -1] @@ -159,6 +169,29 @@ class SSHbase(Bcfg2.Server.Plugin.Plugin, self.logger.error("Failed to find IP address for %s" % client) raise socket.gaierror + def get_namecache_entry(self, cip): + '''build a cache of name lookups from client IP addresses''' + if cip in self.namecache: + # lookup cached name from IP + if self.namecache[cip]: + return self.namecache[cip] + else: + raise socket.gaierror + else: + # add an entry that has not been cached + try: + rvlookup = socket.gethostbyaddr(cip) + if rvlookup[0]: + self.namecache[cip] = [rvlookup[0]] + else: + self.namecache[cip] = [] + self.namecache[cip].extend(rvlookup[1]) + return self.namecache[cip] + except socket.gaierror: + self.namecache[cip] = False + self.logger.error("Failed to find any names associated with IP address %s" % cip) + raise + def build_skn(self, entry, metadata): '''This function builds builds a host specific known_hosts file''' client = metadata.hostname |