class LuksVolume(_BaseVolume): """Model for storing Luks passphrases.""" AUDIT_LOG_MODEL = LuksAccessLog ACCESS_ERR_CLS = LuksAccessError ESCROW_TYPE_NAME = 'luks' REQUIRED_PROPERTIES = base_settings.LUKS_REQUIRED_PROPERTIES + [ 'passphrase', 'hostname', 'platform_uuid', 'owners', 'volume_uuid', ] SEARCH_FIELDS = [ ('owner', 'Device Owner'), ('hostname', 'Hostname'), ('volume_uuid', 'Volume UUID'), ('created_by', 'Escrow Username'), ('platform_uuid', 'MrMagoo Host UUID'), ('hdd_serial', 'Hard Drive Serial Number'), ] SECRET_PROPERTY_NAME = 'passphrase' passphrase = encrypted_property.EncryptedBlobProperty( _LUKS_PASSPHRASE_ENCRYPTION_KEY_NAME) hdd_serial = db.StringProperty() platform_uuid = db.StringProperty()
class FileVaultVolume(_BaseVolume): """Model for storing FileVault Volume passphrases, with various metadata.""" AUDIT_LOG_MODEL = FileVaultAccessLog ACCESS_ERR_CLS = FileVaultAccessError ESCROW_TYPE_NAME = 'filevault' REQUIRED_PROPERTIES = base_settings.FILEVAULT_REQUIRED_PROPERTIES + [ 'passphrase', 'volume_uuid' ] SEARCH_FIELDS = [ ('owner', 'Owner Username'), ('created_by', 'Escrow Username'), ('hdd_serial', 'Hard Drive Serial Number'), ('hostname', 'Hostname'), ('serial', 'Machine Serial Number'), ('platform_uuid', 'Platform UUID'), ('volume_uuid', 'Volume UUID'), ] SECRET_PROPERTY_NAME = 'passphrase' ALLOW_OWNER_CHANGE = True # NOTE(ogle): For self-service encryption, owner/created_by may the same. # Furthermore, created_by may go away if we implement unattended encryption # via machine/certificate-based auth. passphrase = encrypted_property.EncryptedBlobProperty( _FILEVAULT_PASSPHRASE_ENCRYPTION_KEY_NAME) platform_uuid = db.StringProperty() # sp_platform_uuid in facter. serial = db.StringProperty() # serial number of the machine. hdd_serial = db.StringProperty() # hard drive disk serial number. @classmethod def NormalizeHostname(cls, hostname): """Ensures hostname is non-fully qualified and lowercased.""" return super(FileVaultVolume, cls).NormalizeHostname(hostname, strip_fqdn=True)
class LinuxFirmwarePassword(_BaseFirmwarePassword): """Model for storing Linux Firmware passwords, with various metadata.""" AUDIT_LOG_MODEL = LinuxFirmwarePasswordAccessLog TARGET_PROPERTY_NAME = '_manufacturer_serial_machine_uuid' ESCROW_TYPE_NAME = 'linux_firmware' SECRET_PROPERTY_NAME = 'password' REQUIRED_PROPERTIES = [ 'manufacturer', 'serial', 'password', 'hostname', 'machine_uuid' ] SEARCH_FIELDS = [ ('asset_tags', 'Asset Tag'), ('hostname', 'Hostname'), ('manufacturer', 'Machine Manufacturer'), ('serial', 'Machine Serial Number'), ('machine_uuid', 'Machine UUID'), ] password = encrypted_property.EncryptedBlobProperty( _LINUX_FIRMWARE_PASSWORD_ENCRYPTION_KEY_NAME) manufacturer = db.StringProperty() # /sys/class/dmi/id/sys_vendor. serial = db.StringProperty() # /sys/class/dmi/id/product_serial. machine_uuid = db.StringProperty() # /sys/class/dmi/id/product_uuid. _manufacturer_serial_machine_uuid = db.ComputedProperty( lambda self: self.manufacturer + self.serial + self.machine_uuid)
class BitLockerVolume(_BaseVolume): """Model for storing BitLocker Volume keys.""" ACCESS_ERR_CLS = BitLockerAccessError ESCROW_TYPE_NAME = 'bitlocker' REQUIRED_PROPERTIES = [ 'dn', 'hostname', 'parent_guid', 'recovery_key', 'volume_uuid' ] SEARCH_FIELDS = [ ('hostname', 'Hostname'), ('volume_uuid', 'Volume UUID'), ] SECRET_PROPERTY_NAME = 'recovery_key' recovery_key = encrypted_property.EncryptedBlobProperty( _BITLOCKER_PASSPHRASE_ENCRYPTION_KEY_NAME) dn = db.StringProperty() parent_guid = db.StringProperty() when_created = db.DateTimeProperty() @classmethod def NormalizeHostname(cls, hostname): """Ensures hostname is non-fully qualified and lowercased.""" return super(BitLockerVolume, cls).NormalizeHostname(hostname, strip_fqdn=True).upper()
class AppleFirmwarePassword(_BaseFirmwarePassword): """Model for storing Apple Firmware passwords, with various metadata.""" AUDIT_LOG_MODEL = AppleFirmwarePasswordAccessLog TARGET_PROPERTY_NAME = 'serial' ESCROW_TYPE_NAME = 'apple_firmware' SECRET_PROPERTY_NAME = 'password' REQUIRED_PROPERTIES = [ 'platform_uuid', 'password', 'hostname', 'serial', ] SEARCH_FIELDS = [ ('asset_tags', 'Asset Tag'), ('hostname', 'Hostname'), ('serial', 'Machine Serial Number'), ('platform_uuid', 'Platform UUID'), ] password = encrypted_property.EncryptedBlobProperty( _APPLE_FIRMWARE_PASSWORD_ENCRYPTION_KEY_NAME) serial = db.StringProperty() platform_uuid = db.StringProperty() # sp_platform_uuid in facter.
class DuplicityKeyPair(base.BasePassphrase, services.InventoryServiceBackupPassphraseProperties): """Model for storing Duplicity key pairs. Duplicity backups are assosiated with user and not machine. http://duplicity.nongnu.org/ """ ACCESS_ERR_CLS = DuplicityAccessError AUDIT_LOG_MODEL = DuplicityAccessLog ESCROW_TYPE_NAME = 'duplicity' REQUIRED_PROPERTIES = base_settings.DUPLICITY_REQUIRED_PROPERTIES + [ 'key_pair', 'owners', 'volume_uuid', ] MUTABLE_PROPERTIES = ( base.BasePassphrase.MUTABLE_PROPERTIES + services.InventoryServiceBackupPassphraseProperties.MUTABLE_PROPERTIES) SEARCH_FIELDS = [ ('owner', 'Owner Username'), ('hostname', 'Hostname'), ] SECRET_PROPERTY_NAME = 'key_pair' TARGET_PROPERTY_NAME = 'volume_uuid' platform_uuid = db.StringProperty() key_pair = encrypted_property.EncryptedBlobProperty( _DUPLICITY_KEY_PAIR_ENCRYPTION_KEY_NAME) volume_uuid = db.StringProperty() # UUID of the backup.
class AppleFirmwarePassword(base.BasePassphrase): """Model for storing Apple Firmware passwords, with various metadata.""" TARGET_PROPERTY_NAME = 'serial' ESCROW_TYPE_NAME = 'apple_firmware' SECRET_PROPERTY_NAME = 'password' REQUIRED_PROPERTIES = [ 'platform_uuid', 'password', 'hostname', 'serial', ] SEARCH_FIELDS = [ ('hostname', 'Hostname'), ('serial', 'Machine Serial Number'), ('platform_uuid', 'Platform UUID'), ('asset_tags', 'Asset Tag'), ] ACCESS_ERR_CLS = base.AccessError password = encrypted_property.EncryptedBlobProperty( _APPLE_FIRMWARE_PASSWORD_ENCRYPTION_KEY_NAME) serial = db.StringProperty() platform_uuid = db.StringProperty() # sp_platform_uuid in facter. asset_tags = db.StringListProperty() def ToDict(self, skip_secret=False): o = super(AppleFirmwarePassword, self).ToDict(skip_secret) o['asset_tags'] = ', '.join(self.asset_tags) return o
class WindowsFirmwarePassword(base.BasePassphrase): """Model for storing Windows Firmware passwords, with various metadata.""" TARGET_PROPERTY_NAME = 'serial' ESCROW_TYPE_NAME = 'windows_firmware' SECRET_PROPERTY_NAME = 'password' REQUIRED_PROPERTIES = ['serial', 'password', 'hostname', 'smbios_guid'] SEARCH_FIELDS = [ ('hostname', 'Hostname'), ('serial', 'Machine Serial Number'), ('smbios_guid', 'SMBIOS UUID'), ('asset_tags', 'Asset Tag'), ] ACCESS_ERR_CLS = base.AccessError password = encrypted_property.EncryptedBlobProperty( _WINDOWS_FIRMWARE_PASSWORD_ENCRYPTION_KEY_NAME) # serial from WMI query: 'Select SerialNumber from Win32_BIOS' serial = db.StringProperty() # smbios_guid from WMI query: 'Select UUID from Win32_ComputerSystemProduct' smbios_guid = db.StringProperty() asset_tags = db.StringListProperty() def ToDict(self, skip_secret=False): o = super(WindowsFirmwarePassword, self).ToDict(skip_secret) o['asset_tags'] = ', '.join(self.asset_tags) return o
class LinuxFirmwarePassword(base.BasePassphrase): """Model for storing Linux Firmware passwords, with various metadata.""" TARGET_PROPERTY_NAME = '_manufacturer_serial_machine_uuid' ESCROW_TYPE_NAME = 'linux_firmware' SECRET_PROPERTY_NAME = 'password' REQUIRED_PROPERTIES = [ 'manufacturer', 'serial', 'password', 'hostname', 'machine_uuid' ] SEARCH_FIELDS = [ ('hostname', 'Hostname'), ('manufacturer', 'Machine Manufacturer'), ('serial', 'Machine Serial Number'), ('machine_uuid', 'Machine UUID'), ('asset_tags', 'Asset Tag'), ] ACCESS_ERR_CLS = base.AccessError password = encrypted_property.EncryptedBlobProperty( _LINUX_FIRMWARE_PASSWORD_ENCRYPTION_KEY_NAME) manufacturer = db.StringProperty() # /sys/class/dmi/id/sys_vendor. serial = db.StringProperty() # /sys/class/dmi/id/product_serial. machine_uuid = db.StringProperty() # /sys/class/dmi/id/product_uuid. _manufacturer_serial_machine_uuid = db.ComputedProperty( lambda self: self.manufacturer + self.serial + self.machine_uuid) asset_tags = db.StringListProperty() def ToDict(self, skip_secret=False): o = super(LinuxFirmwarePassword, self).ToDict(skip_secret) o['asset_tags'] = ', '.join(self.asset_tags) return o
class DuplicityKeyPair(_BaseVolume): """Model for storing Duplicity key pairs.""" ACCESS_ERR_CLS = DuplicityAccessError ESCROW_TYPE_NAME = 'duplicity' REQUIRED_PROPERTIES = base_settings.DUPLICITY_REQUIRED_PROPERTIES + [ 'key_pair', 'owner', 'volume_uuid', ] SECRET_PROPERTY_NAME = 'key_pair' platform_uuid = db.StringProperty() key_pair = encrypted_property.EncryptedBlobProperty( _DUPLICITY_KEY_PAIR_ENCRYPTION_KEY_NAME)
class LenovoFirmwarePassword(base.BasePassphrase): """Model for storing Lenovo Firmware passwords, with various metadata.""" TARGET_PROPERTY_NAME = 'serial' ESCROW_TYPE_NAME = 'lenovo_firmware' SECRET_PROPERTY_NAME = 'password' REQUIRED_PROPERTIES = [ 'serial', 'password', 'hostname', ] ACCESS_ERR_CLS = base.AccessError password = encrypted_property.EncryptedBlobProperty( _LENOVO_FIRMWARE_PASSWORD_ENCRYPTION_KEY_NAME) serial = db.StringProperty()
class BitLockerVolume(_BaseVolume): """Model for storing BitLocker Volume keys.""" AUDIT_LOG_MODEL = BitLockerAccessLog ACCESS_ERR_CLS = BitLockerAccessError ESCROW_TYPE_NAME = 'bitlocker' REQUIRED_PROPERTIES = [ 'dn', 'hostname', 'parent_guid', 'recovery_key', 'volume_uuid', 'recovery_guid', ] SEARCH_FIELDS = [ ('hostname', 'Hostname'), ('volume_uuid', 'Volume UUID'), ] SECRET_PROPERTY_NAME = 'recovery_key' recovery_key = encrypted_property.EncryptedBlobProperty( _BITLOCKER_PASSPHRASE_ENCRYPTION_KEY_NAME) dn = db.StringProperty() parent_guid = db.StringProperty() recovery_guid = db.StringProperty() # Real creation time. 'created' property contains time of AD sync. when_created = db.DateTimeProperty() @classmethod def NormalizeHostname(cls, hostname): """Ensures hostname is non-fully qualified and lowercased.""" return super(BitLockerVolume, cls).NormalizeHostname(hostname, strip_fqdn=True).upper() def ToDict(self, skip_secret=False): d = super(BitLockerVolume, self).ToDict(skip_secret) # remove AD sync time. del d['created'] return d
class WindowsFirmwarePassword(_BaseFirmwarePassword): """Model for storing Windows Firmware passwords, with various metadata.""" AUDIT_LOG_MODEL = WindowsFirmwarePasswordAccessLog TARGET_PROPERTY_NAME = 'serial' ESCROW_TYPE_NAME = 'windows_firmware' SECRET_PROPERTY_NAME = 'password' REQUIRED_PROPERTIES = ['serial', 'password', 'hostname', 'smbios_guid'] SEARCH_FIELDS = [ ('asset_tags', 'Asset Tag'), ('hostname', 'Hostname'), ('serial', 'Machine Serial Number'), ('smbios_guid', 'SMBIOS UUID'), ] password = encrypted_property.EncryptedBlobProperty( _WINDOWS_FIRMWARE_PASSWORD_ENCRYPTION_KEY_NAME) # serial from WMI query: 'Select SerialNumber from Win32_BIOS' serial = db.StringProperty() # smbios_guid from WMI query: 'Select UUID from Win32_ComputerSystemProduct' smbios_guid = db.StringProperty()