summaryrefslogtreecommitdiffstats
path: root/src/lib/Server/Plugins/SSHbase.py
Commit message (Collapse)AuthorAgeFilesLines
* SSHbase: Don't mark keys as "sensitive" by defaultHolger Weiß2011-12-021-1/+0
| | | | | | By default, don't set the "sensitive" attribute for private SSH keys, as this breaks pulling them with bcfg2-admin. Users can set the attribute in an info.xml file.
* SSHbase: Sort ssh_known_host entries by hostnameHolger Weiß2011-11-021-1/+2
| | | | | Sort the (non-static) public keys in the auto-generated ssh_known_hosts files by hostname (or group).
* SSHbase: Add missing newlineHolger Weiß2011-11-021-1/+1
| | | | | A newline character was missing before the first localhost entry in the ssh_known_hosts files created by SSHbase.
* fixed several bugs with creation of new ssh host keysChris St. Pierre2011-10-281-12/+30
|
* got a little overzealous with the .rstrip()Chris St. Pierre2011-10-281-1/+1
|
* fixed bug with inclusion of bogus ssh host keys in ssh_known_hostsChris St. Pierre2011-10-271-0/+2
|
* Add a number of features to SSHbase:Chris St. Pierre2011-10-271-125/+196
| | | | | | | * Support for group-specific host keys * Support for fully static host- and group-specific ssh_known_hosts * (Support for totally generic host keys and ssh_known_hosts, too, but that's pretty useless.) * Support for info.xml, info, and :info files; only info.xml is likely to be useful, with the <Path> directive
* SSHbase: ECDSA key support from ticket #1063Sol Jerome2011-10-201-2/+10
| | | | Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
* fixed indentation bug in SSHbase introduced in ↵Chris St. Pierre2011-09-061-26/+24
| | | | cb8b988774c573bb8f6840aa60be0ced60323940
* SSHbase: Create only requested key typesHolger Weiß2011-08-261-38/+41
| | | | | | | | | | Instead of always creating DSA, RSA, and RSA1 key pairs when any of them is missing, create only the key pair currently requested via Bcfg2. That is, the abstract configuration entries now determine which key types are generated (and therefore included in the ssh_known_hosts files). The rationale is that many sites don't use RSA1 keys anymore.
* Be more patient for notifications about generated SSHkeys.Mike McCallister2011-08-091-8/+13
| | | | | | | Previously, we wanted one second for the FileMonitor to notify us about newly generated SSHkeys. Now, we wait up to ten seconds before logging a warning and giving up. (cherry picked from commit 204ddcddea55b1f8eed5f6dfe4dd2967bac5bad7)
* fixed more unescaped shell commandsChris St. Pierre2011-08-051-5/+16
|
* Removed the explicit calls to AddEntry from SSHbase.py in favor ofMike McCallister2011-08-051-3/+7
| | | | | | | | | | | | | | | allowing the normal FileMonitor events to populate the data structures. We now call the File Monitor's handle_events_in_interval() method after generating new host keys, so that the normal code paths can populate the data structures used for binding to file data. We need the explicit call because we can't wait for the server's normal event queue processing to discover the changes; we need the newly-generated keys available immediately for binding during the current connection with the client. (cherry picked from commit 74a6e4707725710f6629b292902f2312710e4980)
* fixed security bugs with unescaped input to the shellChris St. Pierre2011-08-051-2/+1
|
* New Info attribute: "sensitive"Holger Weiß2011-06-291-2/+4
| | | | | | The contents/diffs of <Path>s which are marked as "sensitive" are now omitted from the reports transmitted to the server, so that they won't end up in the statistics database.
* PY3K: Finish server-side code fixesSol Jerome2011-06-141-8/+13
| | | | Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
* Add missing import sys.Raul Cuza2011-06-141-0/+1
|
* SSHbase: PY3K string join method fixSol Jerome2011-05-061-1/+1
| | | | Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
* Plugins: Add full PY3K compatibilitySol Jerome2011-04-261-1/+2
| | | | Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
* Plugins: PY3K + PEP8 fixesSol Jerome2011-04-061-16/+16
| | | | Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
* SSHbase: Fix hang when file not present on clientSol Jerome2011-01-311-3/+7
| | | | Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
* Updated files to match PEP 257 Fabian Affolter2010-06-091-13/+14
| | | | git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5904 ce84e21b-d406-0410-9b95-82705330c041
* SSHbase: Use shutil as per Lee's suggestion in Ticket #866Sol Jerome2010-03-251-2/+3
| | | | | | | | | | | | | | | | | | | | | From the ticket: --- From what I can tell, there is an os.system call (line #214 of Bcfg2/Server/Plugins/SSHbase.py) that is supposed to fire off ssh-keygen to generate the keys in a temporary directory. It seems that this call isn't generating the keys correctly. Adding in some debug os.listdir(tempdir) calls before and after the os.system call, shows that there are no files before and after the os.system call. Running the command manually generates valid key pairs. --- So, while this commit won't fix the os.system call, it should at least prevent the plugin from generating empty ssh keys. Signed-off-by: Sol Jerome <solj@ices.utexas.edu> git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5794 ce84e21b-d406-0410-9b95-82705330c041
* SSHbase: Generate known_hosts file in consistent order (Patch from Lee Loucks)Sol Jerome2010-03-251-31/+32
| | | | | | | | | | | | | | | | From Ticket #869: Because the order of a python set is dependent on the order of the hash of entries of that set, the get_skn method generates a entries in the ssh_known_hosts with the names ordered according to their has instead of a consistent (from the user point of view) order. Some entries are IP, hostname and other entries are hostname, IP. This patch corrects that. Signed-off-by: Sol Jerome <solj@ices.utexas.edu> git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5793 ce84e21b-d406-0410-9b95-82705330c041
* Automatically add additional host aliases to ssh_known_hosts.root2010-03-131-1/+34
|
* POSIX: Remove support for old-style posix entriesSol Jerome2009-11-191-21/+27
| | | | | | | | | | | This commit forces the user to specify <Path> entries on the server side while still maintaining compatibility with old clients via the POSIXCompat plugin. Signed-off-by: Sol Jerome <solj@ices.utexas.edu> git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5582 ce84e21b-d406-0410-9b95-82705330c041
* Pylint/PEP 8 Code cleanupsSol Jerome2009-10-071-8/+9
| | | | | | Signed-off-by: Sol Jerome <solj@ices.utexas.edu> git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5477 ce84e21b-d406-0410-9b95-82705330c041
* SSHbase: defer ssh_known_hosts file building until metadata is workingNarayan Desai2009-07-271-1/+4
| | | | git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5387 ce84e21b-d406-0410-9b95-82705330c041
* SSHbase: fix skn caching (Fixes startup behavior (-40s on my repo))Narayan Desai2009-07-161-2/+2
| | | | | | | | Our cache check actually triggered skn build early, causing extremely poor startup performance in general. (and extremely bad performance on repositories with large quantities of keys) git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5332 ce84e21b-d406-0410-9b95-82705330c041
* SSHbase: add an error message for non-resolving clientsNarayan Desai2009-07-141-0/+4
| | | | git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5326 ce84e21b-d406-0410-9b95-82705330c041
* Rework SSHbase alias/address supportNarayan Desai2009-07-111-32/+28
| | | | | | | | | | | | | | | | | | | Rework metadata so that each instance has addresses and aliases instance attributes containing manually specified addresses and alias names. Unify pub key resolution loop to process this data once per client. Change: only clients with active metadata will be included in ssh_known_hosts data now. Other keys can be stored in *.static, in final known_hosts file format. Also, a more exhaustive search for ip addresses is now performed. DNS resolution for the client hostname, as well as all aliases is performed. Manually specified addresses are added included as well. This should also fix some tracebacks reported by Cory and Teknix, as well as improve performance. git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5319 ce84e21b-d406-0410-9b95-82705330c041
* SSHBase: Make SSHBase aware of aliasesSol Jerome2009-06-231-1/+16
| | | | | | | | | | | SSHBase is now aware of aliases listed in the clients.xml file. ClientMetadata now includes `addresses` which are a mapping from an alias to an (ip, name) tuple. The ip addresses can be specified either in clients.xml as an address attribute to the Alias or in DNS. Signed-off-by: Sol Jerome <solj@ices.utexas.edu> git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5295 ce84e21b-d406-0410-9b95-82705330c041
* os.popen is deprecated in 2.6 (http://docs.python.org/library/os.html#os.popen)Sol Jerome2009-02-201-2/+6
| | | | | | | Signed-off-by: Sol Jerome <solj@ices.utexas.edu> git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5088 ce84e21b-d406-0410-9b95-82705330c041
* Infrastructure and initial implementation of the Packages pluginNarayan Desai2009-01-211-1/+1
| | | | git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5029 ce84e21b-d406-0410-9b95-82705330c041
* Split pull functionality into PullSource/PullTarget and rebase Cfg and ↵Narayan Desai2009-01-111-1/+1
| | | | | | SSHbase on PullTarget git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5011 ce84e21b-d406-0410-9b95-82705330c041
* Finish up PullSource plugin workNarayan Desai2009-01-101-1/+2
| | | | git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5010 ce84e21b-d406-0410-9b95-82705330c041
* This patch is stage 1 of the plugin capabilities reworkNarayan Desai2009-01-051-8/+17
| | | | | | | | - define new plugin base classes - switch Plugin.__name__ => Plugin.name git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5004 ce84e21b-d406-0410-9b95-82705330c041
* Update dictionary accesses to work with Python 3.0Sol Jerome2008-12-221-3/+3
| | | | git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4999 ce84e21b-d406-0410-9b95-82705330c041
* Fix pull modeNarayan Desai2008-08-191-1/+1
| | | | git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4880 ce84e21b-d406-0410-9b95-82705330c041
* SSHbase: improve tempfile handling (patch from f.pauget) (Resolves Ticket #588)Narayan Desai2008-08-051-2/+4
| | | | git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4854 ce84e21b-d406-0410-9b95-82705330c041
* Change to typed plugin systemNarayan Desai2008-06-091-1/+1
| | | | git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4680 ce84e21b-d406-0410-9b95-82705330c041
* Fix SSHbase key managment in arbitrary locationsNarayan Desai2008-03-271-3/+8
| | | | git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4458 ce84e21b-d406-0410-9b95-82705330c041
* Rework bcfg2-admin pullNarayan Desai2008-03-241-20/+11
| | | | | | | | | - forward port Cfg and SSHbase support - reimplement admin mode - add verbose flag, and implement initial interactive mode, also force mode git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4446 ce84e21b-d406-0410-9b95-82705330c041
* Implement support for .static files of external public keysNarayan Desai2008-01-221-1/+9
| | | | git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4281 ce84e21b-d406-0410-9b95-82705330c041
* SSHbase: Re-add workaround to handle skn caching in event handlerNarayan Desai2007-12-311-0/+3
| | | | git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4154 ce84e21b-d406-0410-9b95-82705330c041
* sshbase: replace ssh_known_hosts cache mechanism with a python propertyNarayan Desai2007-12-281-31/+27
| | | | git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4124 ce84e21b-d406-0410-9b95-82705330c041
* Fix race when no keys exist and known_hosts is first in the bundle [bugfix]Narayan Desai2007-12-041-0/+2
| | | | git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@4046 ce84e21b-d406-0410-9b95-82705330c041
* bcfg2-admin pull fixesNarayan Desai2007-11-121-1/+1
| | | | git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@3947 ce84e21b-d406-0410-9b95-82705330c041
* Second stage of the root->0 backout (from GP)Narayan Desai2007-11-021-2/+2
| | | | git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@3906 ce84e21b-d406-0410-9b95-82705330c041
* Implement bcfg2-admin pull support for info files/metadata changes (Resolves ↵Narayan Desai2007-10-301-1/+1
| | | | | | Ticket #480) git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@3886 ce84e21b-d406-0410-9b95-82705330c041
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-07-21 03:05:51 +0000