summaryrefslogtreecommitdiffstats
path: root/src/lib/Server/Generators/SSHbase.py
blob: 76b18bcc5faf690361e35252056bfb6ddf7278c8 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110

'''This module manages ssh key files for bcfg2'''
__revision__ = '$Revision$'

from binascii import b2a_base64
from os import rename, system
from socket import gethostbyname, gaierror

from Bcfg2.Server.Generator import Generator, DirectoryBacked

class SSHbase(Generator):
    '''The sshbase generator manages ssh host keys (both v1 and v2)
    for hosts.  It also manages the ssh_known_hosts file. It can
    integrate host keys from other management domains and similarly
    export its keys. The repository contains files in the following
    formats:

    ssh_host_key.H_(hostname) -> the v1 host private key for
      (hostname)
    ssh_host_key.pub.H_(hostname) -> the v1 host public key
      for (hostname)
    ssh_host_(dr)sa_key.H_(hostname) -> the v2 ssh host
      private key for (hostname)
    ssh_host_(dr)sa_key.pub.H_(hostname) -> the v2 ssh host
      public key for (hostname)
    ssh_known_hosts -> the current known hosts file. this
      is regenerated each time a new key is generated.
'''
    __name__ = 'SSHbase'
    __version__ = '$Id$'
    __author__ = 'bcfg-dev@mcs.anl.gov'

    pubkeys = ["ssh_host_dsa_key.pub.H_%s",
                "ssh_host_rsa_key.pub.H_%s", "ssh_host_key.pub.H_%s"]
    hostkeys = ["ssh_host_dsa_key.H_%s",
                "ssh_host_rsa_key.H_%s", "ssh_host_key.H_%s"]

    def __init__(self, core, datastore):
        Generator.__init__(self, core, datastore)
        self.repository = DirectoryBacked(self.data, self.core.fam)
        self.__provides__ = {'ConfigFile':
                             {'/etc/ssh/ssh_known_hosts':self.build_skn, 
                              '/etc/ssh/ssh_host_dsa_key':self.build_hk,
                              '/etc/ssh/ssh_host_rsa_key':self.build_hk,
                              '/etc/ssh/ssh_host_dsa_key.pub':self.build_hk,
                              '/etc/ssh/ssh_host_rsa_key.pub':self.build_hk,
                              '/etc/ssh/ssh_host_key':self.build_hk,
                              '/etc/ssh/ssh_host_key.pub':self.build_hk}}

    def build_skn(self, entry, metadata):
        '''This function builds builds a host specific known_hosts file'''
        client = metadata.hostname
        filedata = self.repository.entries['ssh_known_hosts'].data
        ipaddr = gethostbyname(client)
        keylist = [x % client for x in self.pubkeys]
        for hostkey in keylist:
            filedata += "%s,%s,%s %s" % (client, "%s.mcs.anl.gov"%(client),
                                         ipaddr, self.repository.entries[hostkey].data)
        entry.attrib.update({'owner':'root', 'group':'root', 'perms':'0644'})
        entry.text = filedata

    def build_hk(self, entry, metadata):
        '''This binds host key data into entries'''
        client = metadata.hostname
        filename = "%s.H_%s" % (entry.attrib['name'].split('/')[-1], client)
        if filename not in self.repository.entries.keys():
            self.GenerateHostKeys(client)
            self.GenerateKnownHosts()
        keydata = self.repository.entries[filename].data
        perms = '0600'
        if filename[-4:] == '.pub':
            perms = '0644'
        entry.attrib.update({'owner':'root', 'group':'root', 'perms':perms})
        entry.text = keydata
        if "ssh_host_key.H_" in filename:
            entry.attrib['encoding'] = 'base64'
            entry.text = b2a_base64(keydata)

    def GenerateKnownHosts(self):
        '''Build the static portion of known_hosts (for all hosts)'''
        output = ''
        for filename, entry in self.repository.entries.iteritems():
            if ".pub.H_" in filename:
                h = filename.split('_')[-1]
                try:
                    ipaddr = gethostbyname(h)
                    output += "%s,%s.mcs.anl.gov,%s %s" % (h, h, ipaddr, entry.data)
                except gaierror:
                    continue
        self.repository.entries['ssh_known_hosts'].data = output

    def GenerateHostKeys(self, client):
        '''Generate new host keys for client'''
        keylist = [x % client for x in self.hostkeys]
        for hostkey in keylist:
            if 'ssh_host_rsa_key.H_' in hostkey:
                keytype = 'rsa'
            elif 'ssh_host_dsa_key.H_' in hostkey:
                keytype = 'dsa'
            else:
                keytype = 'rsa1'

            if hostkey not in self.repository.entries.keys():
                fileloc = "%s/%s" % (self.data, hostkey)
                system('ssh-keygen -q -f %s -N "" -t %s -C root@%s < /dev/null' % (fileloc, keytype, client))
                rename("%s.pub"%(fileloc),"%s/" %
                       (self.data, )+".".join(hostkey.split('.')[:-1]+['pub']+[hostkey.split('.')[-1]]))
                self.repository.AddEntry(hostkey)
                self.repository.AddEntry("%s.pub"%(hostkey))
        # call the notifier for global
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-07-10 22:58:48 +0000