def add_public_key(session, user, public_key_str):
"""Add a public key for a particular user.
Args:
session: db session
user: User model of user in question
public_key_str: public key to add
Return created PublicKey model or raises DuplicateKey if key is already in use.
"""
pubkey = sshpubkey.PublicKey.from_str(public_key_str)
db_pubkey = PublicKey(
user=user,
public_key='%s %s %s' % (pubkey.key_type, pubkey.key, pubkey.comment),
fingerprint=pubkey.fingerprint,
key_size=pubkey.key_size,
key_type=pubkey.key_type,
)
try:
db_pubkey.add(session)
Counter.incr(session, "updates")
except IntegrityError:
session.rollback()
raise DuplicateKey()
session.commit()
return db_pubkey
def add_public_key(session, user, public_key_str):
"""Add a public key for a particular user.
Args:
session: db session
user: User model of user in question
public_key_str: public key to add
Return created PublicKey model or raises DuplicateKey if key is already in use.
"""
pubkey = sshpubkeys.SSHKey(public_key_str, strict=True)
pubkey.parse()
db_pubkey = PublicKey(
user=user,
public_key=pubkey.keydata.strip(),
fingerprint=pubkey.hash_md5().replace(b"MD5:", b""),
key_size=pubkey.bits,
key_type=pubkey.key_type,
)
try:
db_pubkey.add(session)
Counter.incr(session, "updates")
except IntegrityError:
session.rollback()
raise DuplicateKey()
session.commit()
return db_pubkey
def add_public_key(session, user, public_key_str):
"""Add a public key for a particular user.
Args:
session: db session
user: User model of user in question
public_key_str: public key to add
Throws:
DuplicateKey if key is already in use
PublicKeyParseError if key can't be parsed
BadPublicKey if a plugin rejects the key
Returns:
PublicKey model object representing the key
"""
pubkey = sshpubkeys.SSHKey(public_key_str, strict=True)
try:
pubkey.parse()
except sshpubkeys.InvalidKeyException as e:
raise PublicKeyParseError(e.message)
try:
get_plugin_proxy().will_add_public_key(pubkey)
except PluginRejectedPublicKey as e:
raise BadPublicKey(e.message)
db_pubkey = PublicKey(
user=user,
public_key=pubkey.keydata.strip(),
fingerprint=pubkey.hash_md5().replace(b"MD5:", b""),
fingerprint_sha256=pubkey.hash_sha256().replace(b"SHA256:", b""),
key_size=pubkey.bits,
key_type=pubkey.key_type,
comment=pubkey.comment,
)
try:
db_pubkey.add(session)
Counter.incr(session, "updates")
except IntegrityError:
session.rollback()
raise DuplicateKey()
session.commit()
return db_pubkey
def add_public_key(session, user, public_key_str):
"""Add a public key for a particular user.
Args:
session: db session
user: User model of user in question
public_key_str: public key to add
Throws:
DuplicateKey if key is already in use
PublicKeyParseError if key can't be parsed
BadPublicKey if a plugin rejects the key
Returns:
PublicKey model object representing the key
"""
pubkey = sshpubkeys.SSHKey(public_key_str, strict=True)
try:
pubkey.parse()
except sshpubkeys.InvalidKeyException as e:
raise PublicKeyParseError(str(e))
try:
get_plugin_proxy().will_add_public_key(pubkey)
except PluginRejectedPublicKey as e:
raise BadPublicKey(str(e))
db_pubkey = PublicKey(
user=user,
public_key=pubkey.keydata.strip(),
fingerprint=pubkey.hash_md5().replace("MD5:", ""),
fingerprint_sha256=pubkey.hash_sha256().replace("SHA256:", ""),
key_size=pubkey.bits,
key_type=pubkey.key_type,
comment=pubkey.comment,
)
try:
db_pubkey.add(session)
Counter.incr(session, "updates")
except IntegrityError:
session.rollback()
raise DuplicateKey()
session.commit()
return db_pubkey
def get(self, name=None):
cutoff = int(self.get_argument("cutoff", 100))
include_role_users = self.get_argument("include_role_users",
"no") == "yes"
with self.graph.lock:
if not name:
return self.success({
"users":
sorted([
k for k, v in self.graph.user_metadata.iteritems()
if include_role_users or (not v["role_user"])
]),
})
if name in self.graph.user_metadata:
md = self.graph.user_metadata[name]
details = self.graph.get_user_details(name, cutoff)
else:
return self.notfound("User (%s) not found." % name)
for key in md["public_keys"]:
db_key = PublicKey.get(self.session, id=key["id"])
perms = get_public_key_permissions(self.session, db_key)
# Convert to set to remove duplicates, then back to list for json-serializability
key["permissions"] = list(
set([(perm.name, perm.argument) for perm in perms]))
out = {"user": {"name": name}}
try_update(out["user"], md)
try_update(out, details)
return self.success(out)
def add_public_key_to_user(self, key, user):
# type: (str, str) -> None
sql_user = User.get(self.session, name=user)
assert sql_user
public_key = SSHKey(key, strict=True)
public_key.parse()
sql_public_key = PublicKey(
user_id=sql_user.id,
public_key=public_key.keydata.strip(),
fingerprint=public_key.hash_md5().replace("MD5:", ""),
fingerprint_sha256=public_key.hash_sha256().replace("SHA256:", ""),
key_size=public_key.bits,
key_type=public_key.key_type,
comment=public_key.comment,
)
sql_public_key.add(self.session)
def get(self, name=None):
cutoff = int(self.get_argument("cutoff", 100))
include_role_users = self.get_argument("include_role_users", "no") == "yes"
with self.graph.lock:
if not name:
return self.success({
"users": sorted([k
for k, v in self.graph.user_metadata.iteritems()
if include_role_users or (not v["role_user"])]),
})
if name in self.graph.user_metadata:
md = self.graph.user_metadata[name]
details = self.graph.get_user_details(name, cutoff)
else:
return self.notfound("User (%s) not found." % name)
for key in md["public_keys"]:
db_key = PublicKey.get(self.session, id=key["id"])
perms = get_public_key_permissions(self.session, db_key)
# Convert to set to remove duplicates, then back to list for json-serializability
key["permissions"] = list(set([(perm.name, perm.argument) for perm in perms]))
out = {"user": {"name": name}}
try_update(out["user"], md)
try_update(out, details)
return self.success(out)
def test_list_public_keys(async_server, browser, session, users,
groups): # noqa: F811
permission = Permission.get_or_create(session,
name=AUDIT_SECURITY,
description="")[0]
user = users["*****@*****.**"]
group = groups["group-admins"]
add_member(group, user, role="owner")
grant_permission(group, permission, "public_keys")
# Pagination defaults to 100 keys per page
for i in range(120):
key = PublicKey(
user=user,
public_key="KEY:{}".format(i),
fingerprint="MD5:{}".format(i),
fingerprint_sha256="SHA256:{}".format(i),
key_size=4096,
key_type="ssh-rsa",
comment="",
)
key.add(session)
session.commit()
fe_url = url(async_server, "/users/public-keys")
browser.get(fe_url)
page = PublicKeysPage(browser)
row = page.find_public_key_row("SHA256:0")
assert row.user == user.username
assert row.key_size == "4096"
assert row.key_type == "ssh-rsa"
assert page.find_public_key_row("SHA256:99")
with pytest.raises(NoSuchElementException):
page.find_public_key_row("SHA256:100")
def test_list_public_keys(async_server, browser, session, users, groups): # noqa: F811
permission = Permission.get_or_create(session, name=AUDIT_SECURITY, description="")[0]
user = users["*****@*****.**"]
group = groups["group-admins"]
add_member(group, user, role="owner")
grant_permission(group, permission, "public_keys")
# Pagination defaults to 100 keys per page
for i in range(120):
key = PublicKey(
user=user,
public_key="KEY:{}".format(i),
fingerprint="MD5:{}".format(i),
fingerprint_sha256="SHA256:{}".format(i),
key_size=4096,
key_type="ssh-rsa",
comment="",
)
key.add(session)
session.commit()
fe_url = url(async_server, "/users/public-keys")
browser.get(fe_url)
page = PublicKeysPage(browser)
row = page.find_public_key_row("SHA256:0")
assert row.user == user.username
assert row.key_size == "4096"
assert row.key_type == "ssh-rsa"
assert page.find_public_key_row("SHA256:99")
with pytest.raises(NoSuchElementException):
page.find_public_key_row("SHA256:100")
def test_list_public_keys(tmpdir: LocalPath, setup: SetupTest,
browser: Chrome) -> None:
with setup.transaction():
setup.add_user_to_group("*****@*****.**", "admins")
setup.grant_permission_to_group(AUDIT_SECURITY, "public_keys",
"admins")
user = User.get(setup.session, name="*****@*****.**")
assert user
# Pagination defaults to 100 keys per page
with setup.transaction():
for i in range(120):
key = PublicKey(
user=user,
public_key="KEY:{}".format(i),
fingerprint="MD5:{}".format(i),
fingerprint_sha256="SHA256:{}".format(i),
key_size=4096,
key_type="ssh-rsa",
comment="",
)
key.add(setup.session)
with frontend_server(tmpdir, "*****@*****.**") as frontend_url:
browser.get(url(frontend_url, "/users/public-keys"))
page = PublicKeysPage(browser)
row = page.find_public_key_row("SHA256:0")
assert row.user == user.username
assert row.key_size == "4096"
assert row.key_type == "ssh-rsa"
assert page.find_public_key_row("SHA256:99")
with pytest.raises(NoSuchElementException):
page.find_public_key_row("SHA256:100")