diff options
author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-05-16 16:40:34 -0400 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-05-16 16:40:34 -0400 |
commit | 6548c501939194cc9927bc9fca3921e3329967f9 (patch) | |
tree | 0bdf2bcf294fe95088b9e81f3dc8f5427dd561e7 /src/lib/Bcfg2/Server/Plugins/Cfg | |
parent | 8b163951cb19c1e70d90ce6f7f8b4a8a6e63da1b (diff) | |
download | bcfg2-6548c501939194cc9927bc9fca3921e3329967f9.tar.gz bcfg2-6548c501939194cc9927bc9fca3921e3329967f9.tar.bz2 bcfg2-6548c501939194cc9927bc9fca3921e3329967f9.zip |
added Cfg drivers for encrypted genshi/cheetah templates
Diffstat (limited to 'src/lib/Bcfg2/Server/Plugins/Cfg')
3 files changed, 71 insertions, 17 deletions
diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedCheetahGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedCheetahGenerator.py new file mode 100644 index 000000000..3911cff62 --- /dev/null +++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedCheetahGenerator.py @@ -0,0 +1,14 @@ +import logging +from Bcfg2.Server.Plugins.Cfg.CfgCheetahGenerator import CfgCheetahGenerator +from Bcfg2.Server.Plugins.Cfg.CfgEncryptedGenerator import CfgEncryptedGenerator + +logger = logging.getLogger(__name__) + +class CfgEncryptedCheetahGenerator(CfgCheetahGenerator, CfgEncryptedGenerator): + __extensions__ = ['cheetah.crypt', 'crypt.cheetah'] + + def handle_event(self, event): + CfgEncryptedGenerator.handle_event(self, event) + + def get_data(self, entry, metadata): + CfgCheetahGenerator.get_data(self, entry, metadata) diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py index 6ba470fd5..9b2db3100 100644 --- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py +++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py @@ -9,6 +9,22 @@ except ImportError: logger = logging.getLogger(__name__) +def passphrases(): + section = "cfg:encryption" + if SETUP.cfp.has_section(section): + return dict([(o, SETUP.cfp.get(section, o)) + for o in SETUP.cfp.options(section)]) + else: + return dict() + +def decrypt(crypted): + for passwd in passphrases().values(): + try: + return ssl_decrypt(crypted, passwd) + except EVPError: + pass + raise EVPError("Failed to decrypt %s" % self.name) + class CfgEncryptedGenerator(CfgGenerator): __extensions__ = ["crypt"] @@ -19,15 +35,6 @@ class CfgEncryptedGenerator(CfgGenerator): logger.error(msg) raise Bcfg2.Server.Plugin.PluginExecutionError(msg) - @property - def passphrases(self): - section = "cfg:encryption" - if SETUP.cfp.has_section(section): - return dict([(o, SETUP.cfp.get(section, o)) - for o in SETUP.cfp.options(section)]) - else: - return dict() - def handle_event(self, event): if event.code2str() == 'deleted': return @@ -39,14 +46,12 @@ class CfgEncryptedGenerator(CfgGenerator): logger.error("Failed to read %s" % self.name) return # todo: let the user specify a passphrase by name - self.data = None - for passwd in self.passphrases.values(): - try: - self.data = ssl_decrypt(crypted, passwd) - return - except EVPError: - pass - logger.error("Failed to decrypt %s" % self.name) + try: + self.data = decrypt(crypted) + except EVPError: + err = sys.exc_info()[1] + logger.error(err) + raise Bcfg2.Server.Plugin.PluginExecutionError(err) def get_data(self, entry, metadata): if self.data is None: diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenshiGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenshiGenerator.py new file mode 100644 index 000000000..3845c438b --- /dev/null +++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenshiGenerator.py @@ -0,0 +1,35 @@ +import logging +from Bcfg2.Bcfg2Py3k import StringIO +from Bcfg2.Server.Plugins.Cfg import SETUP +from Bcfg2.Server.Plugins.Cfg.CfgGenshiGenerator import CfgGenshiGenerator +from Bcfg2.Server.Plugins.Cfg.CfgEncryptedGenerator import decrypt, \ + CfgEncryptedGenerator + +logger = logging.getLogger(__name__) + +try: + from genshi.template import TemplateLoader, loader +except ImportError: + # CfgGenshiGenerator will raise errors if genshi doesn't exist + pass + +def crypted_loader(filename): + loadfunc = loader.directory(os.path.dirname(filename)) + filepath, filename, fileobj, uptodate = loadfunc(filename) + return (filepath, filename, StringIO(decrypt(fileobj.read())), uptodate) + + +class CfgEncryptedGenshiGenerator(CfgGenshiGenerator, CfgEncryptedGenerator): + __extensions__ = ['genshi.crypt', 'crypt.genshi'] + + def __init__(self, fname, spec, encoding): + CfgEncryptedGenerator.__init__(self, fname, spec, encoding) + CfgGenshiGenerator.__init__(self, fname, spec, encoding) + self.loader = TemplateLoader([crypted_loader]) + + def handle_event(self, event): + CfgEncryptedGenerator.handle_event(self, event) + CfgGenshiGenerator.handle_event(self, event) + + def get_data(self, entry, metadata): + CfgGenshiGenerator.get_data(self, entry, metadata) |