Auto merged

2005/09/07 12:35:15-05:00 anl.gov!desai Merge rename: src/lib/Server/Generators/SSHbase.py -> src/lib/Server/Plugins/SSHbase.py 2005/09/06 22:29:42-05:00 anl.gov!desai self.__provides__ ==> self.Entries 2005/09/06 22:22:57-05:00 anl.gov!desai switch to new plugin API switch to using Plugin.LogError instead of raw syslog calls 2005/09/06 22:19:00-05:00 anl.gov!desai Rename: src/lib/Server/Generators/SSHbase.py -> src/lib/Server/Plugins/SSHbase.py (Logical change 1.300) git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@1208 ce84e21b-d406-0410-9b95-82705330c041
author: Narayan Desai <desai@mcs.anl.gov> 2005-09-07 17:35:15 +0000
committer: Narayan Desai <desai@mcs.anl.gov> 2005-09-07 17:35:15 +0000
commit: e37575dd6511b3ecc5e2f268ded35dca0d9ab0fe (patch)
tree: 968206c6ac1ae235a60a32984747f4858a4cb97a /src/lib/Server/Plugins/SSHbase.py
parent: acf03b02d41481713cecad1251213d1d478d52a5 (diff)
download: bcfg2-e37575dd6511b3ecc5e2f268ded35dca0d9ab0fe.tar.gz
bcfg2-e37575dd6511b3ecc5e2f268ded35dca0d9ab0fe.tar.bz2
bcfg2-e37575dd6511b3ecc5e2f268ded35dca0d9ab0fe.zip
1 files changed, 132 insertions, 0 deletions
diff --git a/src/lib/Server/Plugins/SSHbase.py b/src/lib/Server/Plugins/SSHbase.py
index e69de29bb..32345d5d6 100644
--- a/src/lib/Server/Plugins/SSHbase.py
+++ b/src/lib/Server/Plugins/SSHbase.py
@@ -0,0 +1,132 @@
+'''This module manages ssh key files for bcfg2'''
+__revision__ = '$Revision$'
+
+from binascii import b2a_base64
+from os import rename, system
+from socket import gethostbyname, gaierror
+
+from Bcfg2.Server.Plugin import Plugin, DirectoryBacked
+
+class SSHbase(Plugin):
+    '''The sshbase generator manages ssh host keys (both v1 and v2)
+    for hosts.  It also manages the ssh_known_hosts file. It can
+    integrate host keys from other management domains and similarly
+    export its keys. The repository contains files in the following
+    formats:
+
+    ssh_host_key.H_(hostname) -> the v1 host private key for
+      (hostname)
+    ssh_host_key.pub.H_(hostname) -> the v1 host public key
+      for (hostname)
+    ssh_host_(dr)sa_key.H_(hostname) -> the v2 ssh host
+      private key for (hostname)
+    ssh_host_(dr)sa_key.pub.H_(hostname) -> the v2 ssh host
+      public key for (hostname)
+    ssh_known_hosts -> the current known hosts file. this
+      is regenerated each time a new key is generated.
+'''
+    __name__ = 'SSHbase'
+    __version__ = '$Id$'
+    __author__ = 'bcfg-dev@mcs.anl.gov'
+
+    pubkeys = ["ssh_host_dsa_key.pub.H_%s",
+                "ssh_host_rsa_key.pub.H_%s", "ssh_host_key.pub.H_%s"]
+    hostkeys = ["ssh_host_dsa_key.H_%s",
+                "ssh_host_rsa_key.H_%s", "ssh_host_key.H_%s"]
+
+    def __init__(self, core, datastore):
+        Plugin.__init__(self, core, datastore)
+        self.repository = DirectoryBacked(self.data, self.core.fam)
+        self.Entries = {'ConfigFile':
+                             {'/etc/ssh/ssh_known_hosts':self.build_skn, 
+                              '/etc/ssh/ssh_host_dsa_key':self.build_hk,
+                              '/etc/ssh/ssh_host_rsa_key':self.build_hk,
+                              '/etc/ssh/ssh_host_dsa_key.pub':self.build_hk,
+                              '/etc/ssh/ssh_host_rsa_key.pub':self.build_hk,
+                              '/etc/ssh/ssh_host_key':self.build_hk,
+                              '/etc/ssh/ssh_host_key.pub':self.build_hk}}
+        self.ipcache = {}
+        self.domains = ['mcs.anl.gov', 'bgl.mcs.anl.gov', 'globus.org', 'uc.teragrid.org']
+
+    def get_ipcache_entry(self, client):
+        '''build a cache of dns results'''
+        if self.ipcache.has_key(client):
+            return self.ipcache[client]
+        else:
+            # need to add entry
+            if self.repository.entries.has_key('domains'):
+                domains = self.repository.entries['domains'].split()
+            else:
+                domains = self.domains
+            for domain in domains:
+                try:
+                    fqdn = "%s.%s" % (client, domain)
+                    ipaddr = gethostbyname("%s.%s" % (client, domain))
+                    self.ipcache[client] = (ipaddr, fqdn)
+                    return (ipaddr, fqdn)
+                except gaierror:
+                    continue
+            self.LogError("Failed to find fqdn for %s" % client)
+            raise gaierror
+
+    def cache_skn(self):
+        '''build memory cache of the ssh known hosts file'''
+        self.static_skn = ''
+        for pubkey in [pubk for pubk in self.repository.entries.keys() if pubk.find('.pub.H_') != -1]:
+            hostname = pubkey.split('H_')[1]
+            try:
+                (ipaddr, fqdn) = self.get_ipcache_entry(hostname)
+            except gaierror:
+                continue
+            self.static_skn += "%s,%s,%s %s" % (hostname, fqdn, ipaddr,
+                                         self.repository.entries[pubkey].data)
+            
+
+    def build_skn(self, entry, metadata):
+        '''This function builds builds a host specific known_hosts file'''
+        client = metadata.hostname
+        if not hasattr(self, 'static_skn'):
+            self.cache_skn()
+        entry.text = self.static_skn
+        for hostkey in [keytmpl % client for keytmpl in self.pubkeys]:
+            entry.text += "localhost,localhost.localdomain,127.0.0.1 %s" % (
+                self.repository.entries[hostkey].data)
+        entry.attrib.update({'owner':'root', 'group':'root', 'perms':'0644'})
+
+    def build_hk(self, entry, metadata):
+        '''This binds host key data into entries'''
+        client = metadata.hostname
+        filename = "%s.H_%s" % (entry.get('name').split('/')[-1], client)
+        if filename not in self.repository.entries.keys():
+            self.GenerateHostKeys(client)
+            if hasattr(self, 'static_skn'):
+                del self.static_skn
+        keydata = self.repository.entries[filename].data
+        perms = '0600'
+        if entry.get('name')[-4:] == '.pub':
+            perms = '0644'
+        entry.attrib.update({'owner':'root', 'group':'root', 'perms':perms})
+        entry.text = keydata
+        if "ssh_host_key.H_" == filename[:15]:
+            entry.attrib['encoding'] = 'base64'
+            entry.text = b2a_base64(keydata)
+
+    def GenerateHostKeys(self, client):
+        '''Generate new host keys for client'''
+        keylist = [keytmpl % client for keytmpl in self.hostkeys]
+        for hostkey in keylist:
+            if 'ssh_host_rsa_key.H_' == hostkey[:19]:
+                keytype = 'rsa'
+            elif 'ssh_host_dsa_key.H_' == hostkey[:19]:
+                keytype = 'dsa'
+            else:
+                keytype = 'rsa1'
+
+            if hostkey not in self.repository.entries.keys():
+                fileloc = "%s/%s" % (self.data, hostkey)
+                system('ssh-keygen -q -f %s -N "" -t %s -C root@%s < /dev/null' % (fileloc, keytype, client))
+                rename("%s.pub"%(fileloc),"%s/" %
+                       (self.data, )+".".join(hostkey.split('.')[:-1]+['pub']+[hostkey.split('.')[-1]]))
+                self.repository.AddEntry(hostkey)
+                self.repository.AddEntry("%s.pub"%(hostkey))
+
author	Narayan Desai <desai@mcs.anl.gov>	2005-09-07 17:35:15 +0000
committer	Narayan Desai <desai@mcs.anl.gov>	2005-09-07 17:35:15 +0000
commit	e37575dd6511b3ecc5e2f268ded35dca0d9ab0fe (patch)
tree	968206c6ac1ae235a60a32984747f4858a4cb97a /src/lib/Server/Plugins/SSHbase.py
parent	acf03b02d41481713cecad1251213d1d478d52a5 (diff)
download	bcfg2-e37575dd6511b3ecc5e2f268ded35dca0d9ab0fe.tar.gz bcfg2-e37575dd6511b3ecc5e2f268ded35dca0d9ab0fe.tar.bz2 bcfg2-e37575dd6511b3ecc5e2f268ded35dca0d9ab0fe.zip