Added ability to store Cfg files with AES encryption

author: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2012-05-15 13:24:58 -0400
committer: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2012-05-15 13:24:58 -0400
commit: d221337beaaafd7ce71717da64e4c9d91babd712 (patch)
tree: fb8cba5caf9e8e42f71c523707fffcf5cbcb22ff /src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
parent: 4df3945eeecb31e3234e894202868a373c95e3aa (diff)
download: bcfg2-d221337beaaafd7ce71717da64e4c9d91babd712.tar.gz
bcfg2-d221337beaaafd7ce71717da64e4c9d91babd712.tar.bz2
bcfg2-d221337beaaafd7ce71717da64e4c9d91babd712.zip
1 files changed, 54 insertions, 0 deletions
diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
new file mode 100644
index 000000000..6ba470fd5
--- /dev/null
+++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
@@ -0,0 +1,54 @@
+import logging
+import Bcfg2.Server.Plugin
+from Bcfg2.Server.Plugins.Cfg import CfgGenerator, SETUP
+try:
+    from Bcfg2.Encryption import ssl_decrypt, EVPError
+    have_crypto = True
+except ImportError:
+    have_crypto = False
+
+logger = logging.getLogger(__name__)
+
+class CfgEncryptedGenerator(CfgGenerator):
+    __extensions__ = ["crypt"]
+
+    def __init__(self, fname, spec, encoding):
+        CfgGenerator.__init__(self, fname, spec, encoding)
+        if not have_crypto:
+            msg = "Cfg: M2Crypto is not available: %s" % entry.get("name")
+            logger.error(msg)
+            raise Bcfg2.Server.Plugin.PluginExecutionError(msg)
+
+    @property
+    def passphrases(self):
+        section = "cfg:encryption"
+        if SETUP.cfp.has_section(section):
+            return dict([(o, SETUP.cfp.get(section, o))
+                         for o in SETUP.cfp.options(section)])
+        else:
+            return dict()
+
+    def handle_event(self, event):
+        if event.code2str() == 'deleted':
+            return
+        try:
+            crypted = open(self.name).read()
+        except UnicodeDecodeError:
+            crypted = open(self.name, mode='rb').read()
+        except:
+            logger.error("Failed to read %s" % self.name)
+            return
+        # todo: let the user specify a passphrase by name
+        self.data = None
+        for passwd in self.passphrases.values():
+            try:
+                self.data = ssl_decrypt(crypted, passwd)
+                return
+            except EVPError:
+                pass
+        logger.error("Failed to decrypt %s" % self.name)
+
+    def get_data(self, entry, metadata):
+        if self.data is None:
+            raise Bcfg2.Server.Plugin.PluginExecutionError("Failed to decrypt %s" % self.name)
+        return CfgGenerator.get_data(self, entry, metadata)
author	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2012-05-15 13:24:58 -0400
committer	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2012-05-15 13:24:58 -0400
commit	d221337beaaafd7ce71717da64e4c9d91babd712 (patch)
tree	fb8cba5caf9e8e42f71c523707fffcf5cbcb22ff /src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
parent	4df3945eeecb31e3234e894202868a373c95e3aa (diff)
download	bcfg2-d221337beaaafd7ce71717da64e4c9d91babd712.tar.gz bcfg2-d221337beaaafd7ce71717da64e4c9d91babd712.tar.bz2 bcfg2-d221337beaaafd7ce71717da64e4c9d91babd712.zip