diff options
author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-01-17 09:20:37 -0500 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-01-17 09:20:37 -0500 |
commit | ae58c24f72a8ed72327fbc3f7305bd69ec6a13db (patch) | |
tree | e8614b54239161156d76424251cfc868643488a0 /src/sbin/bcfg2-crypt | |
parent | 873a373c7eda0ba523ea8b78c3c45d7e8f189628 (diff) | |
download | bcfg2-ae58c24f72a8ed72327fbc3f7305bd69ec6a13db.tar.gz bcfg2-ae58c24f72a8ed72327fbc3f7305bd69ec6a13db.tar.bz2 bcfg2-ae58c24f72a8ed72327fbc3f7305bd69ec6a13db.zip |
Made a few encryption things simpler:
* Only one strict/lax setting, in [encryption], rather than separate
settings in [properties] and [sshkeys]
* No longer necessary to enable encryption on each Properties file
Diffstat (limited to 'src/sbin/bcfg2-crypt')
-rwxr-xr-x | src/sbin/bcfg2-crypt | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/src/sbin/bcfg2-crypt b/src/sbin/bcfg2-crypt index 9eab7bd29..fde6af582 100755 --- a/src/sbin/bcfg2-crypt +++ b/src/sbin/bcfg2-crypt @@ -55,7 +55,7 @@ class Encryptor(object): def set_passphrase(self): """ set the passphrase for the current file """ - if (not self.setup.cfp.has_section("encryption") or + if (not self.setup.cfp.has_section(Bcfg2.Encryption.CFG_SECTION) or len(Bcfg2.Encryption.get_passphrases(self.setup)) == 0): self.logger.error("No passphrases available in %s" % self.setup['configfile']) @@ -70,9 +70,11 @@ class Encryptor(object): self.pname = self.setup['passphrase'] if self.pname: - if self.setup.cfp.has_option("encryption", self.pname): - self.passphrase = self.setup.cfp.get("encryption", - self.pname) + if self.setup.cfp.has_option(Bcfg2.Encryption.CFG_SECTION, + self.pname): + self.passphrase = \ + self.setup.cfp.get(Bcfg2.Encryption.CFG_SECTION, + self.pname) self.logger.debug("Using passphrase %s specified on command " "line" % self.pname) return True @@ -241,8 +243,10 @@ class Encryptor(object): self.logger.info("No passphrase given on command line or " "found in file") return False - elif self.setup.cfp.has_option("encryption", pname): - passphrase = self.setup.cfp.get("encryption", pname) + elif self.setup.cfp.has_option(Bcfg2.Encryption.CFG_SECTION, + pname): + passphrase = self.setup.cfp.get(Bcfg2.Encryption.CFG_SECTION, + pname) else: self.logger.error("Could not find passphrase %s in %s" % (pname, self.setup['configfile'])) @@ -339,13 +343,12 @@ class PropertiesEncryptor(Encryptor): # find root element while xdata.getparent() != None: xdata = xdata.getparent() - xdata.set("encryption", "true") return lxml.etree.tostring(xdata, xml_declaration=False, pretty_print=True).decode('UTF-8') def _get_passphrase(self, chunk): - pname = chunk.get("encrypted") or chunk.get("encryption") + pname = chunk.get("encrypted") if pname and pname.lower() != "true": return pname return None |