def _save_cert_str_as_file(cert_txt, file_name): cert_start = cert_txt.find(BeginCertificateTag) if cert_start >= 0: cert_txt = cert_txt[cert_start + len(BeginCertificateTag):] cert_end = cert_txt.find(EndCertificateTag) if cert_end >= 0: cert_txt = cert_txt[:cert_end] cert_txt = cert_txt.strip() cert_txt = "{0}\n{1}\n{2}\n".format(BeginCertificateTag, cert_txt, EndCertificateTag) ext_utils.set_file_contents(file_name, cert_txt)
def _reset_sshd_config(sshd_file_path): ssh_default_config_filename = _get_default_ssh_config_filename() ssh_default_config_file_path = os.path.join(os.getcwd(), 'resources', ssh_default_config_filename) if not (os.path.exists(ssh_default_config_file_path)): ssh_default_config_file_path = os.path.join(os.getcwd(), 'resources', 'default') # handle CoreOS differently if isinstance(MyDistro, dist_utils.CoreOSDistro): # Parse sshd port from ssh_default_config_file_path sshd_port = 22 regex = re.compile(r"^Port\s+(\d+)", re.VERBOSE) with open(ssh_default_config_file_path) as f: for line in f: match = regex.match(line) if match: sshd_port = match.group(1) break # Prepare cloud init config for coreos-cloudinit f = tempfile.NamedTemporaryFile(delete=False) f.close() cfg_tempfile = f.name cfg_content = "#cloud-config\n\n" # Overwrite /etc/ssh/sshd_config cfg_content += "write_files:\n" cfg_content += " - path: {0}\n".format(sshd_file_path) cfg_content += " permissions: 0600\n" cfg_content += " owner: root:root\n" cfg_content += " content: |\n" for line in ext_utils.get_file_contents( ssh_default_config_file_path).split('\n'): cfg_content += " {0}\n".format(line) # Change the sshd port in /etc/systemd/system/sshd.socket cfg_content += "\ncoreos:\n" cfg_content += " units:\n" cfg_content += " - name: sshd.socket\n" cfg_content += " command: restart\n" cfg_content += " content: |\n" cfg_content += " [Socket]\n" cfg_content += " ListenStream={0}\n".format(sshd_port) cfg_content += " Accept=yes\n" ext_utils.set_file_contents(cfg_tempfile, cfg_content) ext_utils.run(['coreos-cloudinit', '-from-file', cfg_tempfile], chk_err=False) os.remove(cfg_tempfile) else: shutil.copyfile(ssh_default_config_file_path, sshd_file_path) MyDistro.restart_ssh_service()
def create_account(self, user, password, expiration, thumbprint): """ Create a user account, with 'user', 'password', 'expiration', ssh keys and sudo permissions. Returns None if successful, error string on failure. """ userentry = None try: userentry = pwd.getpwnam(user) except (EnvironmentError, KeyError): pass uidmin = None try: uidmin = int(ext_utils.get_line_starting_with("UID_MIN", "/etc/login.defs").split()[1]) except (ValueError, KeyError, AttributeError, EnvironmentError): pass if uidmin is None: uidmin = 100 if userentry is not None and userentry[2] < uidmin and userentry[2] != self.CORE_UID: logger.error( "CreateAccount: " + user + " is a system user. Will not set password.") return "Failed to set password for system user: "******" (0x06)." if userentry is None: command = ['useradd', '--create-home', '--password', '*', user] if expiration is not None: command += ['--expiredate', expiration.split('.')[0]] if ext_utils.run(command): logger.error("Failed to create user account: " + user) return "Failed to create user account: " + user + " (0x07)." else: logger.log("CreateAccount: " + user + " already exists. Will update password.") if password is not None: self.change_password(user, password) try: if password is None: ext_utils.set_file_contents("/etc/sudoers.d/waagent", user + " ALL = (ALL) NOPASSWD: ALL\n") else: ext_utils.set_file_contents("/etc/sudoers.d/waagent", user + " ALL = (ALL) ALL\n") os.chmod("/etc/sudoers.d/waagent", 0o440) except EnvironmentError: logger.error("CreateAccount: Failed to configure sudo access for user.") return "Failed to configure sudo privileges (0x08)." home = self.get_home() if thumbprint is not None: ssh_dir = home + "/" + user + "/.ssh" ext_utils.create_dir(ssh_dir, user, 0o700) pub = ssh_dir + "/id_rsa.pub" prv = ssh_dir + "/id_rsa" ext_utils.run_command_and_write_stdout_to_file(['ssh-keygen', '-y', '-f', thumbprint + '.prv'], pub) ext_utils.set_file_contents(prv, ext_utils.get_file_contents(thumbprint + ".prv")) for f in [pub, prv]: os.chmod(f, 0o600) ext_utils.change_owner(f, user) ext_utils.set_file_contents(ssh_dir + "/authorized_keys", ext_utils.get_file_contents(pub)) ext_utils.change_owner(ssh_dir + "/authorized_keys", user) logger.log("Created user account: " + user) return None
def scrub_settings_file(self): content = ext_utils.get_file_contents(self._context._settings_file) redacted = HandlerUtility.redact_protected_settings(content) ext_utils.set_file_contents(self._context._settings_file, redacted)
def do_heartbeat_report(self, heartbeat_file, status, code, message): # heartbeat health_report = '[{"version":"1.0","heartbeat":{"status":"' + status + '","code":"' + code + '","Message":"' + message + '"}}]' if ext_utils.set_file_contents(heartbeat_file, health_report) is None: self.error('Unable to wite heartbeat info to ' + heartbeat_file)
def _set_most_recent_seq(self, seq): ext_utils.set_file_contents('mrseq', str(seq))
def parse(xml_text, configuration, is_deprovision=False): """ Parse xml tree, retrieving user and ssh key information. Return self. """ ofv_env = OvfEnv() logger.log_if_verbose(re.sub("<UserPassword>.*?<", "<UserPassword>*<", xml_text)) dom = xml.dom.minidom.parseString(xml_text) if len(dom.getElementsByTagNameNS(ofv_env.OvfNs, "Environment")) != 1: logger.error("Unable to parse OVF XML.") section = None newer = False for p in dom.getElementsByTagNameNS(ofv_env.WaNs, "ProvisioningSection"): for n in p.childNodes: if n.localName == "Version": verparts = get_node_text_data(n).split('.') major = int(verparts[0]) minor = int(verparts[1]) if major > ofv_env.MajorVersion: newer = True if major != ofv_env.MajorVersion: break if minor > ofv_env.MinorVersion: newer = True section = p if newer: logger.warning( "Newer provisioning configuration detected. Please consider updating waagent.") if section is None: logger.error( "Could not find ProvisioningSection with major version=" + str(ofv_env.MajorVersion)) return None ofv_env.ComputerName = get_node_text_data(section.getElementsByTagNameNS(ofv_env.WaNs, "HostName")[0]) ofv_env.UserName = get_node_text_data(section.getElementsByTagNameNS(ofv_env.WaNs, "UserName")[0]) if is_deprovision: return ofv_env try: ofv_env.UserPassword = get_node_text_data(section.getElementsByTagNameNS(ofv_env.WaNs, "UserPassword")[0]) except (KeyError, ValueError, AttributeError, IndexError): pass try: cd_section = section.getElementsByTagNameNS(ofv_env.WaNs, "CustomData") if len(cd_section) > 0: ofv_env.CustomData = get_node_text_data(cd_section[0]) if len(ofv_env.CustomData) > 0: ext_utils.set_file_contents(constants.LibDir + '/CustomData', bytearray( translate_custom_data(ofv_env.CustomData, configuration))) logger.log('Wrote ' + constants.LibDir + '/CustomData') else: logger.error('<CustomData> contains no data!') except Exception as e: logger.error(str(e) + ' occured creating ' + constants.LibDir + '/CustomData') disable_ssh_passwd = section.getElementsByTagNameNS(ofv_env.WaNs, "DisableSshPasswordAuthentication") if len(disable_ssh_passwd) != 0: ofv_env.DisableSshPasswordAuthentication = (get_node_text_data(disable_ssh_passwd[0]).lower() == "true") for pkey in section.getElementsByTagNameNS(ofv_env.WaNs, "PublicKey"): logger.log_if_verbose(repr(pkey)) fp = None path = None for c in pkey.childNodes: if c.localName == "Fingerprint": fp = get_node_text_data(c).upper() logger.log_if_verbose(fp) if c.localName == "Path": path = get_node_text_data(c) logger.log_if_verbose(path) ofv_env.SshPublicKeys += [[fp, path]] for keyp in section.getElementsByTagNameNS(ofv_env.WaNs, "KeyPair"): fp = None path = None logger.log_if_verbose(repr(keyp)) for c in keyp.childNodes: if c.localName == "Fingerprint": fp = get_node_text_data(c).upper() logger.log_if_verbose(fp) if c.localName == "Path": path = get_node_text_data(c) logger.log_if_verbose(path) ofv_env.SshKeyPairs += [[fp, path]] return ofv_env