1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
""" CfgEncryptedGenerator lets you encrypt your plaintext
:ref:`server-plugins-generators-cfg` files on the server. """
from Bcfg2.Server.Plugin import PluginExecutionError
from Bcfg2.Server.Plugins.Cfg import CfgGenerator, SETUP
try:
from Bcfg2.Encryption import bruteforce_decrypt, EVPError, \
get_algorithm, CFG_SECTION
HAS_CRYPTO = True
except ImportError:
HAS_CRYPTO = False
class CfgEncryptedGenerator(CfgGenerator):
""" CfgEncryptedGenerator lets you encrypt your plaintext
:ref:`server-plugins-generators-cfg` files on the server. """
#: Handle .crypt files
__extensions__ = ["crypt"]
#: Low priority to avoid matching host- or group-specific
#: .genshi.crypt and .cheetah.crypt files
__priority__ = 50
def __init__(self, fname, spec, encoding):
CfgGenerator.__init__(self, fname, spec, encoding)
if not HAS_CRYPTO:
raise PluginExecutionError("M2Crypto is not available")
def handle_event(self, event):
CfgGenerator.handle_event(self, event)
if self.data is None:
return
# todo: let the user specify a passphrase by name
try:
self.data = bruteforce_decrypt(
self.data, setup=SETUP,
algorithm=get_algorithm(SETUP))
except EVPError:
strict = SETUP.cfp.get(CFG_SECTION, "decrypt",
default="strict")
msg = "Cfg: Failed to decrypt %s" % self.name
if strict:
raise PluginExecutionError(msg)
else:
self.logger.debug(msg)
def get_data(self, entry, metadata):
if self.data is None:
raise PluginExecutionError("Failed to decrypt %s" % self.name)
return CfgGenerator.get_data(self, entry, metadata)
|