diff options
author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2014-04-25 07:53:36 -0400 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2014-04-25 07:53:55 -0400 |
commit | a88ce57202d778d0a4d95ef45d3d9361471c4525 (patch) | |
tree | cb3cdc3cb3e116b80318e415f84ba18ad6d3d6e2 /src | |
parent | 5888be3f06738f6a93cd6afab930369bdd2eb023 (diff) | |
download | bcfg2-a88ce57202d778d0a4d95ef45d3d9361471c4525.tar.gz bcfg2-a88ce57202d778d0a4d95ef45d3d9361471c4525.tar.bz2 bcfg2-a88ce57202d778d0a4d95ef45d3d9361471c4525.zip |
do not bruteforce Properties decrypts with unknown passphrase
this greatly decreases startup time with lots of data encrypted with
missing passphrases
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/Bcfg2/Server/Plugins/Properties.py | 17 |
1 files changed, 5 insertions, 12 deletions
diff --git a/src/lib/Bcfg2/Server/Plugins/Properties.py b/src/lib/Bcfg2/Server/Plugins/Properties.py index ac0cc884a..6f054fd33 100644 --- a/src/lib/Bcfg2/Server/Plugins/Properties.py +++ b/src/lib/Bcfg2/Server/Plugins/Properties.py @@ -231,19 +231,12 @@ class XMLPropertyFile(Bcfg2.Server.Plugin.StructFile, PropertyFile): passes = Bcfg2.Encryption.get_passphrases(SETUP) try: passphrase = passes[element.get("encrypted")] - try: - return Bcfg2.Encryption.ssl_decrypt( - element.text, passphrase, - algorithm=Bcfg2.Encryption.get_algorithm(SETUP)) - except Bcfg2.Encryption.EVPError: - # error is raised below - pass - except KeyError: - # bruteforce_decrypt raises an EVPError with a sensible - # error message, so we just let it propagate up the stack - return Bcfg2.Encryption.bruteforce_decrypt( - element.text, passphrases=passes.values(), + return Bcfg2.Encryption.ssl_decrypt( + element.text, passphrase, algorithm=Bcfg2.Encryption.get_algorithm(SETUP)) + except KeyError: + raise Bcfg2.Encryption.EVPError("No passphrase named '%s'" % + element.get("encrypted")) raise Bcfg2.Encryption.EVPError("Failed to decrypt") def get_additional_data(self, metadata): |