summaryrefslogtreecommitdiffstats
path: root/src/sbin
diff options
context:
space:
mode:
authorChris St. Pierre <chris.a.st.pierre@gmail.com>2013-11-12 15:29:11 -0500
committerChris St. Pierre <chris.a.st.pierre@gmail.com>2013-11-12 15:29:17 -0500
commit0b1e543b2de0e8dccb986d758fe9c65a0366b9f6 (patch)
treeb5ebbe73d8655b0bb244f189f67cf06a305203e1 /src/sbin
parente3692852e897fbce142d5c296ad34f33c1526cc8 (diff)
downloadbcfg2-0b1e543b2de0e8dccb986d758fe9c65a0366b9f6.tar.gz
bcfg2-0b1e543b2de0e8dccb986d758fe9c65a0366b9f6.tar.bz2
bcfg2-0b1e543b2de0e8dccb986d758fe9c65a0366b9f6.zip
bcfg2-crypt: backported fixes in b5b26415161e715fe4d22d69328b06801ff7124d
Diffstat (limited to 'src/sbin')
-rwxr-xr-xsrc/sbin/bcfg2-crypt47
1 files changed, 25 insertions, 22 deletions
diff --git a/src/sbin/bcfg2-crypt b/src/sbin/bcfg2-crypt
index 98a1ca4b0..851d38906 100755
--- a/src/sbin/bcfg2-crypt
+++ b/src/sbin/bcfg2-crypt
@@ -50,6 +50,10 @@ class PassphraseError(Exception):
passphrase to encrypt or decrypt with """
+class DecryptError(Exception):
+ """ Exception raised when decryption fails. """
+
+
class CryptoTool(object):
""" Generic decryption/encryption interface base object """
def __init__(self, filename, setup):
@@ -169,23 +173,19 @@ class CfgDecryptor(Decryptor):
self.data, self.passphrase,
Bcfg2.Encryption.get_algorithm(self.setup))
except Bcfg2.Encryption.EVPError:
- self.logger.info("Could not decrypt %s with the "
- "specified passphrase" % self.filename)
- return False
+ raise DecryptError("Could not decrypt %s with the "
+ "specified passphrase" % self.filename)
except:
- err = sys.exc_info()[1]
- self.logger.error("Error decrypting %s: %s" %
- (self.filename, err))
- return False
+ raise DecryptError("Error decrypting %s: %s" %
+ (self.filename, sys.exc_info()[1]))
else: # no passphrase given, brute force
try:
return Bcfg2.Encryption.bruteforce_decrypt(
self.data, passphrases=self.passphrases.values(),
algorithm=Bcfg2.Encryption.get_algorithm(self.setup))
except Bcfg2.Encryption.EVPError:
- self.logger.info("Could not decrypt %s with any passphrase" %
- self.filename)
- return False
+ raise DecryptError("Could not decrypt %s with any passphrase" %
+ self.filename)
def get_destination_filename(self, original_filename):
if original_filename.endswith(".crypt"):
@@ -288,19 +288,20 @@ class PropertiesDecryptor(Decryptor, PropertiesCryptoMixin):
default_xpath = '//*[@encrypted]'
def decrypt(self):
+ decrypted = False
xdata = lxml.etree.XML(self.data, parser=XMLParser)
for elt in self._get_elements(xdata):
try:
pname, passphrase = self._get_element_passphrase(elt)
except PassphraseError:
- self.logger.error(str(sys.exc_info()[1]))
- return False
+ raise DecryptError(str(sys.exc_info()[1]))
self.logger.debug("Decrypting %s" % print_xml(elt))
try:
decrypted = Bcfg2.Encryption.ssl_decrypt(
elt.text, passphrase,
Bcfg2.Encryption.get_algorithm(self.setup)).strip()
- except Bcfg2.Encryption.EVPError:
+ decrypted = True
+ except (Bcfg2.Encryption.EVPError, TypeError):
self.logger.error("Could not decrypt %s, skipping" %
print_xml(elt))
try:
@@ -314,7 +315,11 @@ class PropertiesDecryptor(Decryptor, PropertiesCryptoMixin):
# a different key, and wound up with gibberish.
self.logger.warning("Decrypted %s to gibberish, skipping" %
elt.tag)
- return xdata
+ if decrypted:
+ return xdata
+ else:
+ raise DecryptError("Failed to decrypt any data in %s" %
+ self.filename)
def _write(self, filename, data):
PropertiesCryptoMixin._write(self, filename, data)
@@ -437,10 +442,7 @@ def main(): # pylint: disable=R0912,R0915
try:
data = tool.decrypt()
mode = "decrypt"
- except: # pylint: disable=W0702
- pass
- if data is False:
- data = None
+ except DecryptError:
logger.info("Failed to decrypt %s, trying encryption" % fname)
try:
tool = tools[0](fname, setup)
@@ -450,10 +452,11 @@ def main(): # pylint: disable=R0912,R0915
mode = "encrypt"
if data is None:
- data = getattr(tool, mode)()
- if data is None:
- logger.error("Failed to %s %s, skipping" % (mode, fname))
- continue
+ try:
+ data = getattr(tool, mode)()
+ except DecryptError:
+ logger.error("Failed to %s %s, skipping" % (mode, fname))
+ continue
if setup['crypt_stdout']:
if len(setup['args']) > 1:
print("----- %s -----" % fname)