From 5888be3f06738f6a93cd6afab930369bdd2eb023 Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Fri, 25 Apr 2014 07:52:35 -0400 Subject: reduce logging from failed decryption with decrypt=lax --- .../Server/Plugins/Cfg/CfgEncryptedGenerator.py | 21 +++++++++++---------- .../Server/Plugins/Cfg/CfgPrivateKeyCreator.py | 14 ++++++-------- src/lib/Bcfg2/Server/Plugins/Properties.py | 20 ++++++++------------ 3 files changed, 25 insertions(+), 30 deletions(-) diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py index cf7eae75b..0a30a070a 100644 --- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py +++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py @@ -1,12 +1,11 @@ """ CfgEncryptedGenerator lets you encrypt your plaintext :ref:`server-plugins-generators-cfg` files on the server. """ -import Bcfg2.Server.Plugins.Cfg from Bcfg2.Server.Plugin import PluginExecutionError -from Bcfg2.Server.Plugins.Cfg import CfgGenerator +from Bcfg2.Server.Plugins.Cfg import CfgGenerator, SETUP try: from Bcfg2.Encryption import bruteforce_decrypt, EVPError, \ - get_algorithm + get_algorithm, CFG_SECTION HAS_CRYPTO = True except ImportError: HAS_CRYPTO = False @@ -27,7 +26,6 @@ class CfgEncryptedGenerator(CfgGenerator): CfgGenerator.__init__(self, fname, spec, encoding) if not HAS_CRYPTO: raise PluginExecutionError("M2Crypto is not available") - __init__.__doc__ = CfgGenerator.__init__.__doc__ def handle_event(self, event): CfgGenerator.handle_event(self, event) @@ -36,15 +34,18 @@ class CfgEncryptedGenerator(CfgGenerator): # todo: let the user specify a passphrase by name try: self.data = bruteforce_decrypt( - self.data, - setup=Bcfg2.Server.Plugins.Cfg.SETUP, - algorithm=get_algorithm(Bcfg2.Server.Plugins.Cfg.SETUP)) + self.data, setup=SETUP, + algorithm=get_algorithm(SETUP)) except EVPError: - raise PluginExecutionError("Failed to decrypt %s" % self.name) - handle_event.__doc__ = CfgGenerator.handle_event.__doc__ + strict = SETUP.cfp.get(CFG_SECTION, "decrypt", + default="strict") + msg = "Cfg: Failed to decrypt %s" % self.name + if strict: + raise PluginExecutionError(msg) + else: + self.logger.debug(msg) def get_data(self, entry, metadata): if self.data is None: raise PluginExecutionError("Failed to decrypt %s" % self.name) return CfgGenerator.get_data(self, entry, metadata) - get_data.__doc__ = CfgGenerator.get_data.__doc__ diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py index e890fdecb..ac031461a 100644 --- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py +++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgPrivateKeyCreator.py @@ -31,7 +31,6 @@ class CfgPrivateKeyCreator(CfgCreator, StructFile): pubkey_path = os.path.dirname(self.name) + ".pub" pubkey_name = os.path.join(pubkey_path, os.path.basename(pubkey_path)) self.pubkey_creator = CfgPublicKeyCreator(pubkey_name) - __init__.__doc__ = CfgCreator.__init__.__doc__ @property def category(self): @@ -55,7 +54,6 @@ class CfgPrivateKeyCreator(CfgCreator, StructFile): def handle_event(self, event): CfgCreator.handle_event(self, event) StructFile.HandleEvent(self, event) - handle_event.__doc__ = CfgCreator.handle_event.__doc__ def _gen_keypair(self, metadata, spec=None): """ Generate a keypair according to the given client medata @@ -201,10 +199,6 @@ class CfgPrivateKeyCreator(CfgCreator, StructFile): def Index(self): StructFile.Index(self) if HAS_CRYPTO: - strict = self.xdata.get( - "decrypt", - SETUP.cfp.get(Bcfg2.Encryption.CFG_SECTION, "decrypt", - default="strict")) == "strict" for el in self.xdata.xpath("//*[@encrypted]"): try: el.text = self._decrypt(el).encode('ascii', @@ -213,13 +207,17 @@ class CfgPrivateKeyCreator(CfgCreator, StructFile): self.logger.info("Cfg: Decrypted %s to gibberish, skipping" % el.tag) except Bcfg2.Encryption.EVPError: + default_strict = SETUP.cfp.get( + Bcfg2.Encryption.CFG_SECTION, "decrypt", + default="strict") + strict = self.xdata.get("decrypt", + default_strict) == "strict" msg = "Cfg: Failed to decrypt %s element in %s" % \ (el.tag, self.name) if strict: raise PluginExecutionError(msg) else: - self.logger.info(msg) - Index.__doc__ = StructFile.Index.__doc__ + self.logger.debug(msg) def _decrypt(self, element): """ Decrypt a single encrypted element """ diff --git a/src/lib/Bcfg2/Server/Plugins/Properties.py b/src/lib/Bcfg2/Server/Plugins/Properties.py index 8c6cf799a..ac0cc884a 100644 --- a/src/lib/Bcfg2/Server/Plugins/Properties.py +++ b/src/lib/Bcfg2/Server/Plugins/Properties.py @@ -172,7 +172,6 @@ class XMLPropertyFile(Bcfg2.Server.Plugin.StructFile, PropertyFile): Bcfg2.Server.Plugin.StructFile.__init__(self, name, fam=fam, should_monitor=should_monitor) PropertyFile.__init__(self, name) - __init__.__doc__ = Bcfg2.Server.Plugin.StructFile.__init__.__doc__ def _write(self): open(self.name, "wb").write( @@ -180,7 +179,6 @@ class XMLPropertyFile(Bcfg2.Server.Plugin.StructFile, PropertyFile): xml_declaration=False, pretty_print=True).decode('UTF-8')) return True - _write.__doc__ = PropertyFile._write.__doc__ def validate_data(self): """ ensure that the data in this object validates against the @@ -203,30 +201,28 @@ class XMLPropertyFile(Bcfg2.Server.Plugin.StructFile, PropertyFile): self.name) else: return True - validate_data.__doc__ = PropertyFile.validate_data.__doc__ def Index(self): Bcfg2.Server.Plugin.StructFile.Index(self) if HAS_CRYPTO: - strict = self.xdata.get( - "decrypt", - SETUP.cfp.get(Bcfg2.Encryption.CFG_SECTION, "decrypt", - default="strict")) == "strict" for el in self.xdata.xpath("//*[@encrypted]"): try: el.text = self._decrypt(el).encode('ascii', 'xmlcharrefreplace') except UnicodeDecodeError: - LOGGER.info("Properties: Decrypted %s to gibberish, " - "skipping" % el.tag) + self.logger.info("Properties: Decrypted %s to gibberish, " + "skipping" % el.tag) except Bcfg2.Encryption.EVPError: + strict = self.xdata.get( + "decrypt", + SETUP.cfp.get(Bcfg2.Encryption.CFG_SECTION, "decrypt", + default="strict")) == "strict" msg = "Properties: Failed to decrypt %s element in %s" % \ - (el.tag, self.name) + (el.tag, self.name) if strict: raise PluginExecutionError(msg) else: - LOGGER.info(msg) - Index.__doc__ = Bcfg2.Server.Plugin.StructFile.Index.__doc__ + self.logger.debug(msg) def _decrypt(self, element): """ Decrypt a single encrypted properties file element """ -- cgit v1.2.3-1-g7c22