summaryrefslogtreecommitdiffstats
path: root/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py')
-rw-r--r--src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py34
1 files changed, 12 insertions, 22 deletions
diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
index 2c926fae7..71e407d17 100644
--- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
+++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py
@@ -1,35 +1,22 @@
+""" CfgEncryptedGenerator lets you encrypt your plaintext
+:ref:`server-plugins-generators-cfg` files on the server. """
+
import logging
import Bcfg2.Server.Plugin
from Bcfg2.Server.Plugins.Cfg import CfgGenerator, SETUP
try:
- from Bcfg2.Encryption import ssl_decrypt, EVPError
+ from Bcfg2.Encryption import bruteforce_decrypt, EVPError
have_crypto = True
except ImportError:
have_crypto = False
logger = logging.getLogger(__name__)
-def passphrases():
- section = "encryption"
- if SETUP.cfp.has_section(section):
- return dict([(o, SETUP.cfp.get(section, o))
- for o in SETUP.cfp.options(section)])
- else:
- return dict()
-
-def decrypt(crypted):
- if not have_crypto:
- msg = "Cfg: M2Crypto is not available: %s" % entry.get("name")
- logger.error(msg)
- raise Bcfg2.Server.Plugin.PluginExecutionError(msg)
- for passwd in passphrases().values():
- try:
- return ssl_decrypt(crypted, passwd)
- except EVPError:
- pass
- raise EVPError("Failed to decrypt")
-
class CfgEncryptedGenerator(CfgGenerator):
+ """ CfgEncryptedGenerator lets you encrypt your plaintext
+ :ref:`server-plugins-generators-cfg` files on the server. """
+
+ #: Handle .crypt files
__extensions__ = ["crypt"]
def __init__(self, fname, spec, encoding):
@@ -38,6 +25,7 @@ class CfgEncryptedGenerator(CfgGenerator):
msg = "Cfg: M2Crypto is not available: %s" % entry.get("name")
logger.error(msg)
raise Bcfg2.Server.Plugin.PluginExecutionError(msg)
+ __init__.__doc__ = CfgGenerator.__init__.__doc__
def handle_event(self, event):
if event.code2str() == 'deleted':
@@ -51,13 +39,15 @@ class CfgEncryptedGenerator(CfgGenerator):
return
# todo: let the user specify a passphrase by name
try:
- self.data = decrypt(crypted)
+ self.data = bruteforce_decrypt(crypted, setup=SETUP)
except EVPError:
msg = "Failed to decrypt %s" % self.name
logger.error(msg)
raise Bcfg2.Server.Plugin.PluginExecutionError(msg)
+ handle_event.__doc__ = CfgGenerator.handle_event.__doc__
def get_data(self, entry, metadata):
if self.data is None:
raise Bcfg2.Server.Plugin.PluginExecutionError("Failed to decrypt %s" % self.name)
return CfgGenerator.get_data(self, entry, metadata)
+ get_data.__doc__ = CfgGenerator.get_data.__doc__
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-07-03 08:46:15 +0000