diff options
Diffstat (limited to 'src/lib/Bcfg2/Server')
4 files changed, 76 insertions, 48 deletions
diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedCheetahGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedCheetahGenerator.py index 3e714c01f..9eed633c4 100644 --- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedCheetahGenerator.py +++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedCheetahGenerator.py @@ -2,12 +2,14 @@ .cheetah.crypt files)""" from Bcfg2.Server.Plugins.Cfg.CfgCheetahGenerator import CfgCheetahGenerator -from Bcfg2.Server.Plugins.Cfg.CfgEncryptedGenerator import CfgEncryptedGenerator +from Bcfg2.Server.Plugins.Cfg.CfgEncryptedGenerator \ + import CfgEncryptedGenerator + class CfgEncryptedCheetahGenerator(CfgCheetahGenerator, CfgEncryptedGenerator): """ CfgEncryptedCheetahGenerator lets you encrypt your Cheetah :ref:`server-plugins-generators-cfg` files on the server """ - + #: handle .crypt.cheetah or .cheetah.crypt files __extensions__ = ['cheetah.crypt', 'crypt.cheetah'] diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py index 71e407d17..f8d08b394 100644 --- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py +++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py @@ -2,15 +2,17 @@ :ref:`server-plugins-generators-cfg` files on the server. """ import logging -import Bcfg2.Server.Plugin +from Bcfg2.Server.Plugin import PluginExecutionError from Bcfg2.Server.Plugins.Cfg import CfgGenerator, SETUP try: - from Bcfg2.Encryption import bruteforce_decrypt, EVPError - have_crypto = True + from Bcfg2.Encryption import bruteforce_decrypt, EVPError, \ + get_algorithm + HAS_CRYPTO = True except ImportError: - have_crypto = False + HAS_CRYPTO = False + +LOGGER = logging.getLogger(__name__) -logger = logging.getLogger(__name__) class CfgEncryptedGenerator(CfgGenerator): """ CfgEncryptedGenerator lets you encrypt your plaintext @@ -21,10 +23,10 @@ class CfgEncryptedGenerator(CfgGenerator): def __init__(self, fname, spec, encoding): CfgGenerator.__init__(self, fname, spec, encoding) - if not have_crypto: - msg = "Cfg: M2Crypto is not available: %s" % entry.get("name") - logger.error(msg) - raise Bcfg2.Server.Plugin.PluginExecutionError(msg) + if not HAS_CRYPTO: + msg = "Cfg: M2Crypto is not available" + LOGGER.error(msg) + raise PluginExecutionError(msg) __init__.__doc__ = CfgGenerator.__init__.__doc__ def handle_event(self, event): @@ -35,19 +37,20 @@ class CfgEncryptedGenerator(CfgGenerator): except UnicodeDecodeError: crypted = open(self.name, mode='rb').read() except: - logger.error("Failed to read %s" % self.name) + LOGGER.error("Failed to read %s" % self.name) return # todo: let the user specify a passphrase by name try: - self.data = bruteforce_decrypt(crypted, setup=SETUP) + self.data = bruteforce_decrypt(crypted, setup=SETUP, + algorithm=get_algorithm(SETUP)) except EVPError: msg = "Failed to decrypt %s" % self.name - logger.error(msg) - raise Bcfg2.Server.Plugin.PluginExecutionError(msg) + LOGGER.error(msg) + raise PluginExecutionError(msg) handle_event.__doc__ = CfgGenerator.handle_event.__doc__ def get_data(self, entry, metadata): if self.data is None: - raise Bcfg2.Server.Plugin.PluginExecutionError("Failed to decrypt %s" % self.name) + raise PluginExecutionError("Failed to decrypt %s" % self.name) return CfgGenerator.get_data(self, entry, metadata) get_data.__doc__ = CfgGenerator.get_data.__doc__ diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenshiGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenshiGenerator.py index 0d5d98ba6..6fd70e69f 100644 --- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenshiGenerator.py +++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenshiGenerator.py @@ -1,15 +1,17 @@ """ Handle encrypted Genshi templates (.crypt.genshi or .genshi.crypt files) """ +import logging from Bcfg2.Compat import StringIO +from Bcfg2.Server.Plugin import PluginExecutionError +from Bcfg2.Server.Plugins.Cfg import SETUP from Bcfg2.Server.Plugins.Cfg.CfgGenshiGenerator import CfgGenshiGenerator -from Bcfg2.Server.Plugins.Cfg.CfgEncryptedGenerator import CfgEncryptedGenerator try: - from Bcfg2.Encryption import bruteforce_decrypt + from Bcfg2.Encryption import bruteforce_decrypt, get_algorithm + HAS_CRYPTO = True except ImportError: - # CfgGenshiGenerator will raise errors if crypto doesn't exist - pass + HAS_CRYPTO = False try: from genshi.template import TemplateLoader @@ -17,21 +19,25 @@ except ImportError: # CfgGenshiGenerator will raise errors if genshi doesn't exist TemplateLoader = object +LOGGER = logging.getLogger(__name__) + class EncryptedTemplateLoader(TemplateLoader): """ Subclass :class:`genshi.template.TemplateLoader` to decrypt the data on the fly as it's read in using :func:`Bcfg2.Encryption.bruteforce_decrypt` """ def _instantiate(self, cls, fileobj, filepath, filename, encoding=None): - plaintext = StringIO(bruteforce_decrypt(fileobj.read())) + plaintext = \ + StringIO(bruteforce_decrypt(fileobj.read(), + algorithm=get_algorithm(SETUP))) return TemplateLoader._instantiate(self, cls, plaintext, filepath, filename, encoding=encoding) - + class CfgEncryptedGenshiGenerator(CfgGenshiGenerator): """ CfgEncryptedGenshiGenerator lets you encrypt your Genshi :ref:`server-plugins-generators-cfg` files on the server """ - + #: handle .crypt.genshi or .genshi.crypt files __extensions__ = ['genshi.crypt', 'crypt.genshi'] @@ -39,3 +45,9 @@ class CfgEncryptedGenshiGenerator(CfgGenshiGenerator): #: when it's read in __loader_cls__ = EncryptedTemplateLoader + def __init__(self, fname, spec, encoding): + CfgGenshiGenerator.__init__(self, fname, spec, encoding) + if not HAS_CRYPTO: + msg = "Cfg: M2Crypto is not available" + LOGGER.error(msg) + raise PluginExecutionError(msg) diff --git a/src/lib/Bcfg2/Server/Plugins/Properties.py b/src/lib/Bcfg2/Server/Plugins/Properties.py index 1b925ce46..590d536a9 100644 --- a/src/lib/Bcfg2/Server/Plugins/Properties.py +++ b/src/lib/Bcfg2/Server/Plugins/Properties.py @@ -5,46 +5,50 @@ import copy import logging import lxml.etree import Bcfg2.Server.Plugin +from Bcfg2.Server.Plugin import PluginExecutionError try: from Bcfg2.Encryption import ssl_decrypt, get_passphrases, \ - bruteforce_decrypt, EVPError - have_crypto = True + get_algorithm, bruteforce_decrypt, EVPError + HAS_CRYPTO = True except ImportError: - have_crypto = False + HAS_CRYPTO = False -logger = logging.getLogger(__name__) +LOGGER = logging.getLogger(__name__) SETUP = None class PropertyFile(Bcfg2.Server.Plugin.StructFile): - """Class for properties files.""" + """ Class for properties files. """ + def write(self): """ Write the data in this data structure back to the property file """ if not SETUP.cfp.getboolean("properties", "writes_enabled", default=True): - msg = "Properties files write-back is disabled in the configuration" - logger.error(msg) - raise Bcfg2.Server.Plugin.PluginExecutionError(msg) + msg = "Properties files write-back is disabled in the " + \ + "configuration" + LOGGER.error(msg) + raise PluginExecutionError(msg) try: self.validate_data() - except Bcfg2.Server.Plugin.PluginExecutionError: + except PluginExecutionError: msg = "Cannot write %s: %s" % (self.name, sys.exc_info()[1]) - logger.error(msg) - raise Bcfg2.Server.Plugin.PluginExecutionError(msg) + LOGGER.error(msg) + raise PluginExecutionError(msg) try: open(self.name, - "wb").write(lxml.etree.tostring(self.xdata, - xml_declaration=False, - pretty_print=True).decode('UTF-8')) + "wb").write( + lxml.etree.tostring(self.xdata, + xml_declaration=False, + pretty_print=True).decode('UTF-8')) return True except IOError: err = sys.exc_info()[1] msg = "Failed to write %s: %s" % (self.name, err) - logger.error(msg) - raise Bcfg2.Server.Plugin.PluginExecutionError(msg) + LOGGER.error(msg) + raise PluginExecutionError(msg) def validate_data(self): """ ensure that the data in this object validates against the @@ -55,31 +59,34 @@ class PropertyFile(Bcfg2.Server.Plugin.StructFile): schema = lxml.etree.XMLSchema(file=schemafile) except: err = sys.exc_info()[1] - raise Bcfg2.Server.Plugin.PluginExecutionError("Failed to process schema for %s: %s" % (self.name, err)) + raise PluginExecutionError("Failed to process schema for %s: " + "%s" % (self.name, err)) else: # no schema exists return True if not schema.validate(self.xdata): - raise Bcfg2.Server.Plugin.PluginExecutionError("Data for %s fails to validate; run bcfg2-lint for more details" % self.name) + raise PluginExecutionError("Data for %s fails to validate; run " + "bcfg2-lint for more details" % + self.name) else: return True def Index(self): Bcfg2.Server.Plugin.StructFile.Index(self) if self.xdata.get("encryption", "false").lower() != "false": - if not have_crypto: + if not HAS_CRYPTO: msg = "Properties: M2Crypto is not available: %s" % self.name - logger.error(msg) - raise Bcfg2.Server.Plugin.PluginExecutionError(msg) + LOGGER.error(msg) + raise PluginExecutionError(msg) for el in self.xdata.xpath("//*[@encrypted]"): try: el.text = self._decrypt(el) except EVPError: msg = "Failed to decrypt %s element in %s" % (el.tag, self.name) - logger.error(msg) - raise Bcfg2.Server.PluginExecutionError(msg) + LOGGER.error(msg) + raise PluginExecutionError(msg) def _decrypt(self, element): if not element.text.strip(): @@ -88,14 +95,18 @@ class PropertyFile(Bcfg2.Server.Plugin.StructFile): try: passphrase = passes[element.get("encrypted")] try: - return ssl_decrypt(element.text, passphrase) + return ssl_decrypt(element.text, passphrase, + algorithm=get_algorithm(SETUP)) except EVPError: # error is raised below pass except KeyError: - return bruteforce_decrypt(element.text, passphrases=passes.values()) + return bruteforce_decrypt(element.text, + passphrases=passes.values(), + algorithm=get_algorithm(SETUP)) raise EVPError("Failed to decrypt") + class PropDirectoryBacked(Bcfg2.Server.Plugin.DirectoryBacked): __child__ = PropertyFile patterns = re.compile(r'.*\.xml$') |