def read_file(filename, password): """ Decrypt contents of file with the given key, and return as a string. Assume that we're reading files that we encrypted. (i.e. we're not trying to read files encrypted manually with gpg) Also note that the password here is the user password, not the actual AES key. To get that we must read the first 8 bytes of the file to get the correct salt to use to convert the password to the key. Returns a tuple of (salt, json) """ if not os.path.exists(filename): raise NoSuchFileException() f = open(filename, 'r') # 2 byte version in hex ver = f.read(2) # 8 byte salt salt = f.read(8) # 16 byte initialization vector iv = f.read(16) log.debug("Read version: %s salt: %s iv: %s" % (ver, salt, iv)) cont = f.read() try: return_me = decrypt(cont, password, salt, iv) except Exception, e: log.warn("Exception while decrypting the configuration file: %s" % e) # raise raise DecryptionException
def _find_auths(self, authnames): """ Return a list of Auth objects for the with the given names. """ auth_objs = [] for authname in authnames: auth = self.config.get_auth(authname) # FIXME: what do we do if an authname is invalid? # for now, we ignore it if auth: auth_objs.append(auth) else: log.warn("No such auth: %s" % authname) return auth_objs
def _find_auths(self, authnames): """ Return a list of Auth objects for the with the given names. """ auth_objs = [] for authname in authnames: auth = self.config.get_auth(authname) #FIXME: what do we do if an authname is invalid? # for now, we ignore it if auth: auth_objs.append(auth) else: log.warn("No such auth: %s" % authname) return auth_objs
def connect(self, ssh_job): # do the actual paramiko ssh connection # Copy the list of ports, we'll modify it as we go: ports_to_try = list(ssh_job.ports) found_port = None # we'll set this once we identify a port that works found_auth = False while True: if found_auth: break if found_port != None: log.warn("Found ssh on %s:%s, but no auths worked." % (ssh_job.ip, found_port)) break if len(ports_to_try) == 0: log.debug("Could not find/connect to ssh on: %s" % ssh_job.ip) err = _("unable to connect") ssh_job.error = err break port = ports_to_try.pop(0) for auth in ssh_job.auths: ssh_job.error = None debug_str = "%s:%s/%s" % (ssh_job.ip, port, auth.name) # this checks the case of a passphrase we can't decrypt try: pkey = get_pkey(auth) except paramiko.SSHException, e: # paramiko throws an SSHException for pretty much everything... ;-< log.error("ssh key error for %s: %s" % (debug_str, str(e))) ssh_job.error = str(e) continue self.ssh = paramiko.SSHClient() self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) try: log.info("trying: %s" % debug_str) self.show_connect(ssh_job, port, auth) self.ssh.connect(ssh_job.ip, port=int(port), username=auth.username, password=auth.password, pkey=pkey, allow_agent=ssh_job.allow_agent, look_for_keys=ssh_job.look_for_keys, timeout=ssh_job.timeout) ssh_job.port = port ssh_job.auth = auth found_port = port found_auth = True log.info("success: %s" % debug_str) break # Implies we've found an SSH server listening: except paramiko.AuthenticationException, e: # Because we stop checking ports once we find one where ssh # is listening, we can report the error message here and it # will end up in the final report correctly: err = _("login failed") log.error(err) ssh_job.error = err found_port = port continue # No route to host: except socket.error, e: log.warn("No route to host, skipping port: %s" % debug_str) ssh_job.error = str(e) break
def connect(self, ssh_job): # do the actual paramiko ssh connection # Copy the list of ports, we'll modify it as we go: ports_to_try = list(ssh_job.ports) found_port = None # we'll set this once we identify a port that works found_auth = False while True: if found_auth: break if found_port is not None: log.warn("Found ssh on %s:%s, but no auths worked." % (ssh_job.ip, found_port)) break if len(ports_to_try) == 0: log.debug("Could not find/connect to ssh on: %s" % ssh_job.ip) err = _("unable to connect") ssh_job.error = err break port = ports_to_try.pop(0) for auth in ssh_job.auths: ssh_job.error = None debug_str = "%s:%s/%s" % (ssh_job.ip, port, auth.name) # this checks the case of a passphrase we can't decrypt try: pkey = get_pkey(auth) except paramiko.SSHException as e: # paramiko throws an SSHException for pretty much everything... ;-< log.error("ssh key error for %s: %s" % (debug_str, str(e))) ssh_job.error = str(e) continue self.ssh = paramiko.SSHClient() self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) try: log.info("trying: %s" % debug_str) self.show_connect(ssh_job, port, auth) self.ssh.connect(ssh_job.ip, port=int(port), username=auth.username, password=auth.password, pkey=pkey, allow_agent=ssh_job.allow_agent, look_for_keys=ssh_job.look_for_keys, timeout=ssh_job.timeout) ssh_job.port = port ssh_job.auth = auth found_port = port found_auth = True log.info("success: %s" % debug_str) break # Implies we've found an SSH server listening: except paramiko.AuthenticationException as e: # Because we stop checking ports once we find one where ssh # is listening, we can report the error message here and it # will end up in the final report correctly: err = _("login failed") log.error(err) ssh_job.error = err found_port = port continue # No route to host: except socket.error as e: log.warn("No route to host, skipping port: %s" % debug_str) ssh_job.error = str(e) break # TODO: Hitting a live port that isn't ssh will result in # paramiko.SSHException, do we need to handle this explicitly? # Something else happened: except Exception as detail: log.warn("Connection error: %s - %s" % (debug_str, str(detail))) ssh_job.error = str(detail) continue