<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Bcfg2.Server.Plugins.Cfg.CfgAuthorizedKeysGenerator — Bcfg2 1.3.0 documentation</title> <link rel="stylesheet" href="../../../../../_static/default.css" type="text/css" /> <link rel="stylesheet" href="../../../../../_static/pygments.css" type="text/css" /> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '../../../../../', VERSION: '1.3.0', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="../../../../../_static/jquery.js"></script> <script type="text/javascript" src="../../../../../_static/underscore.js"></script> <script type="text/javascript" src="../../../../../_static/doctools.js"></script> <script type="text/javascript" src="../../../../../_static/sidebar.js"></script> <link rel="shortcut icon" href="../../../../../_static/favicon.ico"/> <link rel="top" title="Bcfg2 1.3.0 documentation" href="../../../../../index.html" /> <link rel="up" title="Bcfg2.Server.Plugins.Cfg" href="../Cfg.html" /> <link rel="stylesheet" href="../../../../../_static/bcfg2.css" type=""/> </head> <body> <div style="text-align: left; padding: 10px 10px 15px 15px"> <a href="../../../../../index.html"><img src="../../../../../_static/bcfg2_logo.png" border="0" alt="sampledoc"/></a> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="../../../../../genindex.html" title="General Index" accesskey="I">index</a></li> <li class="right" > <a href="../../../../../py-modindex.html" title="Python Module Index" >modules</a> |</li> <li><a href="../../../../../index.html">home</a> | </li> <!--<li><a href="../../../../../search.html">search</a> | </li>--> <li><a href="../../../../../help/index.html">help</a> | </li> <li><a href="../../../../../contents.html">documentation </a> »</li> <li><a href="../../../../index.html" >Module code</a> »</li> <li><a href="../../Plugins.html" >Bcfg2.Server.Plugins</a> »</li> <li><a href="../Cfg.html" accesskey="U">Bcfg2.Server.Plugins.Cfg</a> »</li> </ul> </div> <div class="document"> <div class="documentwrapper"> <div class="bodywrapper"> <div class="body"> <h1>Source code for Bcfg2.Server.Plugins.Cfg.CfgAuthorizedKeysGenerator</h1><div class="highlight"><pre> <span class="sd">""" The CfgAuthorizedKeysGenerator generates ``authorized_keys`` files</span> <span class="sd">based on an XML specification of which SSH keypairs should granted</span> <span class="sd">access. """</span> <span class="kn">import</span> <span class="nn">lxml.etree</span> <span class="kn">from</span> <span class="nn">Bcfg2.Server.Plugin</span> <span class="kn">import</span> <span class="n">StructFile</span><span class="p">,</span> <span class="n">PluginExecutionError</span> <span class="kn">from</span> <span class="nn">Bcfg2.Server.Plugins.Cfg</span> <span class="kn">import</span> <span class="n">CfgGenerator</span><span class="p">,</span> <span class="n">SETUP</span><span class="p">,</span> <span class="n">CFG</span> <span class="kn">from</span> <span class="nn">Bcfg2.Server.Plugins.Metadata</span> <span class="kn">import</span> <span class="n">ClientMetadata</span> <div class="viewcode-block" id="CfgAuthorizedKeysGenerator"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgAuthorizedKeysGenerator.CfgAuthorizedKeysGenerator">[docs]</a><span class="k">class</span> <span class="nc">CfgAuthorizedKeysGenerator</span><span class="p">(</span><span class="n">CfgGenerator</span><span class="p">,</span> <span class="n">StructFile</span><span class="p">):</span> <span class="sd">""" The CfgAuthorizedKeysGenerator generates authorized_keys files</span> <span class="sd"> based on an XML specification of which SSH keypairs should granted</span> <span class="sd"> access. """</span> <span class="c">#: Different configurations for different clients/groups can be</span> <span class="c">#: handled with Client and Group tags within authorizedkeys.xml</span> <span class="n">__specific__</span> <span class="o">=</span> <span class="bp">False</span> <span class="c">#: Handle authorized keys XML files</span> <span class="n">__basenames__</span> <span class="o">=</span> <span class="p">[</span><span class="s">'authorizedkeys.xml'</span><span class="p">,</span> <span class="s">'authorized_keys.xml'</span><span class="p">]</span> <span class="c">#: This handler is experimental, in part because it depends upon</span> <span class="c">#: the (experimental) CfgPrivateKeyCreator handler</span> <span class="n">experimental</span> <span class="o">=</span> <span class="bp">True</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">fname</span><span class="p">):</span> <span class="n">CfgGenerator</span><span class="o">.</span><span class="n">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">fname</span><span class="p">,</span> <span class="bp">None</span><span class="p">,</span> <span class="bp">None</span><span class="p">)</span> <span class="n">StructFile</span><span class="o">.</span><span class="n">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">fname</span><span class="p">)</span> <span class="bp">self</span><span class="o">.</span><span class="n">cache</span> <span class="o">=</span> <span class="nb">dict</span><span class="p">()</span> <span class="bp">self</span><span class="o">.</span><span class="n">core</span> <span class="o">=</span> <span class="n">CFG</span><span class="o">.</span><span class="n">core</span> <span class="n">__init__</span><span class="o">.</span><span class="n">__doc__</span> <span class="o">=</span> <span class="n">CfgGenerator</span><span class="o">.</span><span class="n">__init__</span><span class="o">.</span><span class="n">__doc__</span> <span class="nd">@property</span> <div class="viewcode-block" id="CfgAuthorizedKeysGenerator.category"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgAuthorizedKeysGenerator.CfgAuthorizedKeysGenerator.category">[docs]</a> <span class="k">def</span> <span class="nf">category</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> <span class="sd">""" The name of the metadata category that generated keys are</span> <span class="sd"> specific to """</span> <span class="k">if</span> <span class="p">(</span><span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">has_section</span><span class="p">(</span><span class="s">"sshkeys"</span><span class="p">)</span> <span class="ow">and</span> <span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">has_option</span><span class="p">(</span><span class="s">"sshkeys"</span><span class="p">,</span> <span class="s">"category"</span><span class="p">)):</span> <span class="k">return</span> <span class="n">SETUP</span><span class="o">.</span><span class="n">cfp</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"sshkeys"</span><span class="p">,</span> <span class="s">"category"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">None</span> </div> <div class="viewcode-block" id="CfgAuthorizedKeysGenerator.handle_event"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgAuthorizedKeysGenerator.CfgAuthorizedKeysGenerator.handle_event">[docs]</a> <span class="k">def</span> <span class="nf">handle_event</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">event</span><span class="p">):</span> <span class="n">CfgGenerator</span><span class="o">.</span><span class="n">handle_event</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">event</span><span class="p">)</span> <span class="n">StructFile</span><span class="o">.</span><span class="n">HandleEvent</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">event</span><span class="p">)</span> <span class="bp">self</span><span class="o">.</span><span class="n">cache</span> <span class="o">=</span> <span class="nb">dict</span><span class="p">()</span></div> <span class="n">handle_event</span><span class="o">.</span><span class="n">__doc__</span> <span class="o">=</span> <span class="n">CfgGenerator</span><span class="o">.</span><span class="n">handle_event</span><span class="o">.</span><span class="n">__doc__</span> <div class="viewcode-block" id="CfgAuthorizedKeysGenerator.get_data"><a class="viewcode-back" href="../../../../../development/cfg.html#Bcfg2.Server.Plugins.Cfg.CfgAuthorizedKeysGenerator.CfgAuthorizedKeysGenerator.get_data">[docs]</a> <span class="k">def</span> <span class="nf">get_data</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">entry</span><span class="p">,</span> <span class="n">metadata</span><span class="p">):</span> <span class="n">spec</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">XMLMatch</span><span class="p">(</span><span class="n">metadata</span><span class="p">)</span> <span class="n">rv</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">allow</span> <span class="ow">in</span> <span class="n">spec</span><span class="o">.</span><span class="n">findall</span><span class="p">(</span><span class="s">"Allow"</span><span class="p">):</span> <span class="n">params</span> <span class="o">=</span> <span class="s">''</span> <span class="k">if</span> <span class="n">allow</span><span class="o">.</span><span class="n">find</span><span class="p">(</span><span class="s">"Params"</span><span class="p">)</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="n">params</span> <span class="o">=</span> <span class="s">","</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="s">"="</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">p</span><span class="p">)</span> <span class="k">for</span> <span class="n">p</span> <span class="ow">in</span> <span class="n">allow</span><span class="o">.</span><span class="n">find</span><span class="p">(</span><span class="s">"Params"</span><span class="p">)</span><span class="o">.</span><span class="n">attrib</span><span class="o">.</span><span class="n">items</span><span class="p">())</span> <span class="n">pubkey_name</span> <span class="o">=</span> <span class="n">allow</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"from"</span><span class="p">)</span> <span class="k">if</span> <span class="n">pubkey_name</span><span class="p">:</span> <span class="n">host</span> <span class="o">=</span> <span class="n">allow</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"host"</span><span class="p">)</span> <span class="n">group</span> <span class="o">=</span> <span class="n">allow</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">"group"</span><span class="p">)</span> <span class="k">if</span> <span class="n">host</span><span class="p">:</span> <span class="n">key_md</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">core</span><span class="o">.</span><span class="n">build_metadata</span><span class="p">(</span><span class="n">host</span><span class="p">)</span> <span class="k">elif</span> <span class="n">group</span><span class="p">:</span> <span class="n">key_md</span> <span class="o">=</span> <span class="n">ClientMetadata</span><span class="p">(</span><span class="s">"dummy"</span><span class="p">,</span> <span class="n">group</span><span class="p">,</span> <span class="p">[</span><span class="n">group</span><span class="p">],</span> <span class="p">[],</span> <span class="nb">set</span><span class="p">(),</span> <span class="nb">set</span><span class="p">(),</span> <span class="nb">dict</span><span class="p">(),</span> <span class="bp">None</span><span class="p">,</span> <span class="bp">None</span><span class="p">,</span> <span class="bp">None</span><span class="p">,</span> <span class="bp">None</span><span class="p">)</span> <span class="k">elif</span> <span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">category</span> <span class="ow">and</span> <span class="ow">not</span> <span class="n">metadata</span><span class="o">.</span><span class="n">group_in_category</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">category</span><span class="p">)):</span> <span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="s">"Cfg: </span><span class="si">%s</span><span class="s"> ignoring Allow from </span><span class="si">%s</span><span class="s">: "</span> <span class="s">"No group in category </span><span class="si">%s</span><span class="s">"</span> <span class="o">%</span> <span class="p">(</span><span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">,</span> <span class="n">pubkey_name</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">category</span><span class="p">))</span> <span class="k">continue</span> <span class="k">else</span><span class="p">:</span> <span class="n">key_md</span> <span class="o">=</span> <span class="n">metadata</span> <span class="n">key_entry</span> <span class="o">=</span> <span class="n">lxml</span><span class="o">.</span><span class="n">etree</span><span class="o">.</span><span class="n">Element</span><span class="p">(</span><span class="s">"Path"</span><span class="p">,</span> <span class="n">name</span><span class="o">=</span><span class="n">pubkey_name</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="bp">self</span><span class="o">.</span><span class="n">core</span><span class="o">.</span><span class="n">Bind</span><span class="p">(</span><span class="n">key_entry</span><span class="p">,</span> <span class="n">key_md</span><span class="p">)</span> <span class="k">except</span> <span class="n">PluginExecutionError</span><span class="p">:</span> <span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">info</span><span class="p">(</span><span class="s">"Cfg: </span><span class="si">%s</span><span class="s"> skipping Allow from </span><span class="si">%s</span><span class="s">: "</span> <span class="s">"No key found"</span> <span class="o">%</span> <span class="p">(</span><span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">,</span> <span class="n">pubkey_name</span><span class="p">))</span> <span class="k">continue</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">key_entry</span><span class="o">.</span><span class="n">text</span><span class="p">:</span> <span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="s">"Cfg: </span><span class="si">%s</span><span class="s"> skipping Allow from </span><span class="si">%s</span><span class="s">: "</span> <span class="s">"Empty public key"</span> <span class="o">%</span> <span class="p">(</span><span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">,</span> <span class="n">pubkey_name</span><span class="p">))</span> <span class="k">continue</span> <span class="n">pubkey</span> <span class="o">=</span> <span class="n">key_entry</span><span class="o">.</span><span class="n">text</span> <span class="k">elif</span> <span class="n">allow</span><span class="o">.</span><span class="n">text</span><span class="p">:</span> <span class="n">pubkey</span> <span class="o">=</span> <span class="n">allow</span><span class="o">.</span><span class="n">text</span><span class="o">.</span><span class="n">strip</span><span class="p">()</span> <span class="k">else</span><span class="p">:</span> <span class="bp">self</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="s">"Cfg: </span><span class="si">%s</span><span class="s"> ignoring empty Allow tag: </span><span class="si">%s</span><span class="s">"</span> <span class="o">%</span> <span class="p">(</span><span class="n">metadata</span><span class="o">.</span><span class="n">hostname</span><span class="p">,</span> <span class="n">lxml</span><span class="o">.</span><span class="n">etree</span><span class="o">.</span><span class="n">tostring</span><span class="p">(</span><span class="n">allow</span><span class="p">)))</span> <span class="k">continue</span> <span class="n">rv</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s">" "</span><span class="o">.</span><span class="n">join</span><span class="p">([</span><span class="n">params</span><span class="p">,</span> <span class="n">pubkey</span><span class="p">])</span><span class="o">.</span><span class="n">strip</span><span class="p">())</span> <span class="k">return</span> <span class="s">"</span><span class="se">\n</span><span class="s">"</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">rv</span><span class="p">)</span></div> <span class="n">get_data</span><span class="o">.</span><span class="n">__doc__</span> <span class="o">=</span> <span class="n">CfgGenerator</span><span class="o">.</span><span class="n">get_data</span><span class="o">.</span><span class="n">__doc__</span></div> </pre></div> </div> </div> </div> <div class="sphinxsidebar"> <div class="sphinxsidebarwrapper"> <div id="searchbox" style="display: none"> <h3>Quick search</h3> <form class="search" action="../../../../../search.html" method="get"> <input type="text" name="q" /> <input type="submit" value="Go" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> <p class="searchtip" style="font-size: 90%"> Enter search terms or a module, class or function name. </p> </div> <script type="text/javascript">$('#searchbox').show(0);</script> </div> </div> <div class="clearer"></div> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="../../../../../genindex.html" title="General Index" >index</a></li> <li class="right" > <a href="../../../../../py-modindex.html" title="Python Module Index" >modules</a> |</li> <li><a href="../../../../../index.html">home</a> | </li> <!--<li><a href="../../../../../search.html">search</a> | </li>--> <li><a href="../../../../../help/index.html">help</a> | </li> <li><a href="../../../../../contents.html">documentation </a> »</li> <li><a href="../../../../index.html" >Module code</a> »</li> <li><a href="../../Plugins.html" >Bcfg2.Server.Plugins</a> »</li> <li><a href="../Cfg.html" >Bcfg2.Server.Plugins.Cfg</a> »</li> </ul> </div> <div class="footer"> © Copyright 2009-2013, Narayan Desai. Last updated on Mar 20, 2013. Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3. </div> </body> </html>