<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Bcfg2.Server.Plugins.Cfg.CfgAuthorizedKeysGenerator — Bcfg2 1.3.0 documentation</title>
<link rel="stylesheet" href="../../../../../_static/default.css" type="text/css" />
<link rel="stylesheet" href="../../../../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../../../../',
VERSION: '1.3.0',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../../../../../_static/jquery.js"></script>
<script type="text/javascript" src="../../../../../_static/underscore.js"></script>
<script type="text/javascript" src="../../../../../_static/doctools.js"></script>
<script type="text/javascript" src="../../../../../_static/sidebar.js"></script>
<link rel="shortcut icon" href="../../../../../_static/favicon.ico"/>
<link rel="top" title="Bcfg2 1.3.0 documentation" href="../../../../../index.html" />
<link rel="up" title="Bcfg2.Server.Plugins.Cfg" href="../Cfg.html" />
<link rel="stylesheet" href="../../../../../_static/bcfg2.css" type=""/>
</head>
<body>
<div style="text-align: left; padding: 10px 10px 15px 15px">
<a href="../../../../../index.html"><img src="../../../../../_static/bcfg2_logo.png" border="0" alt="sampledoc"/></a>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../../../../../genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="../../../../../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li><a href="../../../../../index.html">home</a> | </li>
<!--<li><a href="../../../../../search.html">search</a> | </li>-->
<li><a href="../../../../../help/index.html">help</a> | </li>
<li><a href="../../../../../contents.html">documentation </a> »</li>
<li><a href="../../../../index.html" >Module code</a> »</li>
<li><a href="../../Plugins.html" >Bcfg2.Server.Plugins</a> »</li>
<li><a href="../Cfg.html" accesskey="U">Bcfg2.Server.Plugins.Cfg</a> »</li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body">
<h1>Source code for Bcfg2.Server.Plugins.Cfg.CfgAuthorizedKeysGenerator</h1><div class="highlight"><pre>
<span class="sd">""" The CfgAuthorizedKeysGenerator generates ``authorized_keys`` files</span>
<span class="sd">based on an XML specification of which SSH keypairs should granted</span>
<span class="sd">access. """</span>
<span class="kn">import</span> <span class="nn">lxml.etree</span>
<span class="kn">from</span> <span class="nn">Bcfg2.Server.Plugin</span> <span class="kn">import</span> <span class="n">StructFile</span><span class="p">,</span> <span class="n">PluginExecutionError</span>
<span class="kn">from</span> <span class="nn">Bcfg2.Server.Plugins.Cfg</span> <span class="kn">import</span> <span class="n">CfgGenerator</span><span class="p">,</span> <span class="n">SETUP</span><span class="p">,</span> <span class="n">CFG</span>
<span class="kn">from</span> <span class="nn">Bcfg2.Server.Plugins.Metadata</span> <span class="kn">import</span> <span class="n">ClientMetadata</span>
<div class="viewcode-block" id="CfgAuthorizedKeysGenerator"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgAuthorizedKeysGenerator.CfgAuthorizedKeysGenerator">[docs]</a><span class="k">class</span> <span class="nc">CfgAuthorizedKeysGenerator</span><span class="p">(</span><span class="n">CfgGenerator</span><span class="p">,</span> <span class="n">StructFile</span><span class="p">):</span>
<span class="sd">""" The CfgAuthorizedKeysGenerator generates authorized_keys files</span>
<span class="sd"> based on an XML specification of which SSH keypairs should granted</span>
<span class="sd"> access. """</span>
<span class="c">#: Different configurations for different clients/groups can be</span>
<span class="c">#: handled with Client and Group tags within authorizedkeys.xml</span>
<span class="n">__specific__</span> <span class="o">=</span> <span class="bp">False</span>
<span class="c">#: Handle authorized keys XML files</span>
<span class="n">__basenames__</span> <span class="o">=</span> <span class="p">[</span><span class="s">'authorizedkeys.xml'</span><span class="p">,</span> <span class="s">'authorized_keys.xml'</span><span class="p">]</span>
<span class="c">#: This handler is experimental, in part because it depends upon</span>
<span class="c">#: the (experimental) CfgPrivateKeyCreator handler</span>
<span class="n">experimental</span> <span class="o">=</span> <span class="bp">True</span>
<span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">fname</span><span class="p">):</span>
<span class="n">CfgGenerator</span><span class="o">.</span><span class="n">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">fname</span><span class="p">,</span> <span class="bp">None</span><span class="p">,</span> <span class="bp">None</span><span class="p">)</span>
<span class="n">StructFile</span><span class="o">.</span><span class="n">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">fname</span><span class="p">)</span>
<span class="bp">self</span><span class="o">.</span><span class="n">cache</span> <span class="o">=</span> <span class="nb">dict</span><span class="p">()</span>
<span class="bp">self</span><span class="o">.</span><span class="n">core</span> <span class="o">=</span> <span class="n">CFG</span><span class="o">.</span><span class="n">core</span>
<span class="n">__init__</span><span class="o">.</span><span class="n">__doc__</span> <span class="o">=</span> <span class="n">CfgGenerator</span><span class="o">.</span><span class="n">__init__</span><span class="o">.</span><span class="n">__doc__</span>
<span class="nd">@property</span>
<div class="viewcode-block" id="CfgAuthorizedKeysGenerator.category"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgAuthorizedKeysGenerator.CfgAuthorizedKeysGenerator.category">[docs]</a> <span class="k">def</span> <span class="nf">category</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
<span class="sd">""" The name of the metadata category that generated keys are</span>
<span class="sd"> specific to """</span>
<span class="k">if</span> <span class="p">(</span><span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">has_section</span><span class="p">(</span><span class="s">"sshkeys"</span><span class="p">)</span> <span class="ow">and</span>
<span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">has_option</span><span class="p">(</span><span class="s">"sshkeys"</span><span class="p">,</span> <span class="s">"category"</span><span class="p">)):</span>
<span class="k">return</span> <span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"sshkeys"</span><span class="p">,</span> <span class="s">"category"</span><span class="p">)</span>
<span class="k">return</span> <span class="bp">None</span>
</div>
<div class="viewcode-block" id="CfgAuthorizedKeysGenerator.handle_event"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgAuthorizedKeysGenerator.CfgAuthorizedKeysGenerator.handle_event">[docs]</a> <span class="k">def</span> <span class="nf">handle_event</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">event</span><span class="p">):</span>
<span class="n">CfgGenerator</span><span class="o">.</span><span class="n">handle_event</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">event</span><span class="p">)</span>
<span class="n">StructFile</span><span class="o">.</span><span class="n">HandleEvent</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">event</span><span class="p">)</span>
<span class="bp">self</span><span class="o">.</span><span class="n">cache</span> <span class="o">=</span> <span class="nb">dict</span><span class="p">()</span></div>
<span class="n">handle_event</span><span class="o">.</span><span class="n">__doc__</span> <span class="o">=</span> <span class="n">CfgGenerator</span><span class="o">.</span><span class="n">handle_event</span><span class="o">.</span><span class="n">__doc__</span>
<div class="viewcode-block" id="CfgAuthorizedKeysGenerator.get_data"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgAuthorizedKeysGenerator.CfgAuthorizedKeysGenerator.get_data">[docs]</a> <span class="k">def</span> <span class="nf">get_data</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">entry</span><span class="p">,</span> <span class="n">metadata</span><span class="p">):</span>
<span class="n">spec</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">XMLMatch</span><span class="p">(</span><span class="n">metadata</span><span class="p">)</span>
<span class="n">rv</span> <span class="o">=</span> <span class="p">[]</span>
<span class="k">for</span> <span class="n">allow</span> <span class="ow">in</span> <span class="n">spec</span><span class="o">.</span><span class="n">findall</span><span class="p">(</span><span class="s">"Allow"</span><span class="p">):</span>
<span class="n">params</span> <span class="o">=</span> <span class="s">''</span>
<span class="k">if</span> <span class="n">allow</span><span class="o">.</span><span class="n">find</span><span class="p">(</span><span class="s">"Params"</span><span class="p">)</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span>
<span class="n">params</span> <span class="o">=</span> <span class="s">","</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="s">"="</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">p</span><span class="p">)</span>
<span class="k">for</span> <span class="n">p</span> <span class="ow">in</span> <span class="n">allow</span><span class="o">.</span><span class="n">find</span><span class="p">(</span><span class="s">"Params"</span><span class="p">)</span><span class="o">.</span><span class="n">attrib</span><span class="o">.</span><span class="n">items</span><span class="p">())</span>
<span class="n">pubkey_name</span> <span class="o">=</span> <span class="n">allow</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"from"</span><span class="p">)</span>
<span class="k">if</span> <span class="n">pubkey_name</span><span class="p">:</span>
<span class="n">host</span> <span class="o">=</span> <span class="n">allow</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"host"</span><span class="p">)</span>
<span class="n">group</span> <span class="o">=</span> <span class="n">allow</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"group"</span><span class="p">)</span>
<span class="k">if</span> <span class="n">host</span><span class="p">:</span>
<span class="n">key_md</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">core</span><span class="o">.</span><span class="n">build_metadata</span><span class="p">(</span><span class="n">host</span><span class="p">)</span>
<span class="k">elif</span> <span class="n">group</span><span class="p">:</span>
<span class="n">key_md</span> <span class="o">=</span> <span class="n">ClientMetadata</span><span class="p">(</span><span class="s">"dummy"</span><span class="p">,</span> <span class="n">group</span><span class="p">,</span> <span class="p">[</span><span class="n">group</span><span class="p">],</span> <span class="p">[],</span>
<span class="nb">set</span><span class="p">(),</span> <span class="nb">set</span><span class="p">(),</span> <span class="nb">dict</span><span class="p">(),</span> <span class="bp">None</span><span class="p">,</span>
<span class="bp">None</span><span class="p">,</span> <span class="bp">None</span><span class="p">,</span> <span class="bp">None</span><span class="p">)</span>
<span class="k">elif</span> <span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">category</span> <span class="ow">and</span>
<span class="ow">not</span> <span class="n">metadata</span><span class="o">.</span><span class="n">group_in_category</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">category</span><span class="p">)):</span>
<span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="s">"Cfg: </span><span class="si">%s</span><span class="s"> ignoring Allow from </span><span class="si">%s</span><span class="s">: "</span>
<span class="s">"No group in category </span><span class="si">%s</span><span class="s">"</span> <span class="o">%</span>
<span class="p">(</span><span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">,</span> <span class="n">pubkey_name</span><span class="p">,</span>
<span class="bp">self</span><span class="o">.</span><span class="n">category</span><span class="p">))</span>
<span class="k">continue</span>
<span class="k">else</span><span class="p">:</span>
<span class="n">key_md</span> <span class="o">=</span> <span class="n">metadata</span>
<span class="n">key_entry</span> <span class="o">=</span> <span class="n">lxml</span><span class="o">.</span><span class="n">etree</span><span class="o">.</span><span class="n">Element</span><span class="p">(</span><span class="s">"Path"</span><span class="p">,</span> <span class="n">name</span><span class="o">=</span><span class="n">pubkey_name</span><span class="p">)</span>
<span class="k">try</span><span class="p">:</span>
<span class="bp">self</span><span class="o">.</span><span class="n">core</span><span class="o">.</span><span class="n">Bind</span><span class="p">(</span><span class="n">key_entry</span><span class="p">,</span> <span class="n">key_md</span><span class="p">)</span>
<span class="k">except</span> <span class="n">PluginExecutionError</span><span class="p">:</span>
<span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">info</span><span class="p">(</span><span class="s">"Cfg: </span><span class="si">%s</span><span class="s"> skipping Allow from </span><span class="si">%s</span><span class="s">: "</span>
<span class="s">"No key found"</span> <span class="o">%</span> <span class="p">(</span><span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">,</span>
<span class="n">pubkey_name</span><span class="p">))</span>
<span class="k">continue</span>
<span class="k">if</span> <span class="ow">not</span> <span class="n">key_entry</span><span class="o">.</span><span class="n">text</span><span class="p">:</span>
<span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="s">"Cfg: </span><span class="si">%s</span><span class="s"> skipping Allow from </span><span class="si">%s</span><span class="s">: "</span>
<span class="s">"Empty public key"</span> <span class="o">%</span>
<span class="p">(</span><span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">,</span> <span class="n">pubkey_name</span><span class="p">))</span>
<span class="k">continue</span>
<span class="n">pubkey</span> <span class="o">=</span> <span class="n">key_entry</span><span class="o">.</span><span class="n">text</span>
<span class="k">elif</span> <span class="n">allow</span><span class="o">.</span><span class="n">text</span><span class="p">:</span>
<span class="n">pubkey</span> <span class="o">=</span> <span class="n">allow</span><span class="o">.</span><span class="n">text</span><span class="o">.</span><span class="n">strip</span><span class="p">()</span>
<span class="k">else</span><span class="p">:</span>
<span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="s">"Cfg: </span><span class="si">%s</span><span class="s"> ignoring empty Allow tag: </span><span class="si">%s</span><span class="s">"</span> <span class="o">%</span>
<span class="p">(</span><span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">,</span>
<span class="n">lxml</span><span class="o">.</span><span class="n">etree</span><span class="o">.</span><span class="n">tostring</span><span class="p">(</span><span class="n">allow</span><span class="p">)))</span>
<span class="k">continue</span>
<span class="n">rv</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s">" "</span><span class="o">.</span><span class="n">join</span><span class="p">([</span><span class="n">params</span><span class="p">,</span> <span class="n">pubkey</span><span class="p">])</span><span class="o">.</span><span class="n">strip</span><span class="p">())</span>
<span class="k">return</span> <span class="s">"</span><span class="se">\n</span><span class="s">"</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">rv</span><span class="p">)</span></div>
<span class="n">get_data</span><span class="o">.</span><span class="n">__doc__</span> <span class="o">=</span> <span class="n">CfgGenerator</span><span class="o">.</span><span class="n">get_data</span><span class="o">.</span><span class="n">__doc__</span></div>
</pre></div>
</div>
</div>
</div>
<div class="sphinxsidebar">
<div class="sphinxsidebarwrapper">
<div id="searchbox" style="display: none">
<h3>Quick search</h3>
<form class="search" action="../../../../../search.html" method="get">
<input type="text" name="q" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
<p class="searchtip" style="font-size: 90%">
Enter search terms or a module, class or function name.
</p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../../../../../genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="../../../../../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li><a href="../../../../../index.html">home</a> | </li>
<!--<li><a href="../../../../../search.html">search</a> | </li>-->
<li><a href="../../../../../help/index.html">help</a> | </li>
<li><a href="../../../../../contents.html">documentation </a> »</li>
<li><a href="../../../../index.html" >Module code</a> »</li>
<li><a href="../../Plugins.html" >Bcfg2.Server.Plugins</a> »</li>
<li><a href="../Cfg.html" >Bcfg2.Server.Plugins.Cfg</a> »</li>
</ul>
</div>
<div class="footer">
© Copyright 2009-2013, Narayan Desai.
Last updated on Mar 20, 2013.
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3.
</div>
</body>
</html>
distrib
>
Fedora
>
17
>
i386
>
media
>
updates
>
by-pkgid
>
b50d8ee6d7871fcc13c0677a9364ed59
>
files
>
35
