Esempio n. 1
0
    def _getOSVersionAndRelease():
        osVersionRelease = None
        ts = transaction.initReadOnlyTransaction()
        for h in ts.dbMatch('Providename', "oraclelinux-release"):
            SYSRELVER = 'system-release(releasever)'
            version = sstr(h['version'])
            release = sstr(h['release'])
            if SYSRELVER in (sstr(provide) for provide in h['providename']):
                provides = dict((sstr(n), sstr(v))
                                for n,v in zip(h['providename'], h['provideversion']))
                release = '%s-%s' % (version, release)
                version = provides[SYSRELVER]
            osVersionRelease = (sstr(h['name']), version, release)
            return osVersionRelease
        else:
            for h in ts.dbMatch('Providename', "redhat-release"):
                SYSRELVER = 'system-release(releasever)'
                version = sstr(h['version'])
                release = sstr(h['release'])
                if SYSRELVER in (sstr(provide) for provide in h['providename']):
                    provides = dict((sstr(n), sstr(v))
                                    for n,v in zip(h['providename'], h['provideversion']))
                    release = '%s-%s' % (version, release)
                    version = provides[SYSRELVER]
                osVersionRelease = (sstr(h['name']), version, release)
                return osVersionRelease
            else:
                # new SUSE always has a baseproduct link which point to the
                # product file of the first installed product (the OS)
                # all rpms containing a product must provide "product()"
                # search now for the package providing the base product
                baseproduct = '/etc/products.d/baseproduct'
                if os.path.exists(baseproduct):
                    bp = os.path.abspath(os.path.join(os.path.dirname(baseproduct), os.readlink(baseproduct)))
                    for h in ts.dbMatch('Providename', "product()"):
                        if bstr(bp) in h['filenames']:
                            osVersionRelease = (sstr(h['name']), sstr(h['version']), sstr(h['release']))
                            # zypper requires a exclusive lock on the rpmdb. So we need
                            # to close it here.
                            ts.ts.closeDB()
                            return osVersionRelease
                else:
                    # for older SUSE versions we need to search for distribution-release
                    # package which also has /etc/SuSE-release file
                    for h in ts.dbMatch('Providename', "distribution-release"):
                        osVersionRelease = (sstr(h['name']), sstr(h['version']), sstr(h['release']))
                        if bstr('/etc/SuSE-release') in h['filenames']:
                            # zypper requires a exclusive lock on the rpmdb. So we need
                            # to close it here.
                            ts.ts.closeDB()
                            return osVersionRelease

                log = up2dateLog.initLog()
                log.log_me("Error: Could not determine what version of Linux you are running. "\
                           "Check if the product is installed correctly. Aborting.")
                raise up2dateErrors.RpmError(
                    "Could not determine what version of Linux you "\
                    "are running.\nIf you get this error, try running \n\n"\
                    "\t\trpm --rebuilddb\n\n")
Esempio n. 2
0
 def _add_proxy_headers(self):
     if not self.__username:
         return
     # Authenticated proxy
     userpass = "******" % (self.__username, self.__password)
     enc_userpass = base64.encodestring(bstr(userpass)).replace(
         bstr("\n"), bstr(""))
     self.putheader("Proxy-Authorization", "Basic %s" % sstr(enc_userpass))
Esempio n. 3
0
    def process(self, data):
        # Assume straight text/xml
        self.data = data

        # Content-Encoding header
        if self.encoding == self.ENCODE_GZIP:
            import gzip
            encoding_name = self.encodings[self.ENCODE_GZIP][0]
            self.set_header("Content-Encoding", encoding_name)
            f = SmartIO(force_mem=1)
            gz = gzip.GzipFile(mode="wb",
                               compresslevel=COMPRESS_LEVEL,
                               fileobj=f)
            if sys.version_info[0] == 3:
                gz.write(bstr(data))
            else:
                gz.write(sstr(data))
            gz.close()
            self.data = f.getvalue()
            f.close()
        elif self.encoding == self.ENCODE_ZLIB:
            import zlib
            encoding_name = self.encodings[self.ENCODE_ZLIB][0]
            self.set_header("Content-Encoding", encoding_name)
            obj = zlib.compressobj(COMPRESS_LEVEL)
            self.data = obj.compress(data.encode()) + obj.flush()
        elif self.encoding == self.ENCODE_GPG:
            # XXX: fix me.
            raise NotImplementedError(self.transfer, self.encoding)

        # Content-Transfer-Encoding header
        if self.transfer == self.TRANSFER_BINARY:
            transfer_name = self.transfers[self.TRANSFER_BINARY]
            self.set_header("Content-Transfer-Encoding", transfer_name)
            self.set_header("Content-Type", "application/binary")
        elif self.transfer == self.TRANSFER_BASE64:
            import base64
            transfer_name = self.transfers[self.TRANSFER_BASE64]
            self.set_header("Content-Transfer-Encoding", transfer_name)
            self.set_header("Content-Type", "text/base64")
            self.data = base64.encodestring(self.data).decode()

        self.set_header("Content-Length", len(bstr(self.data)))

        rpc_version = __version__
        if len(__version__.split()) > 1:
            rpc_version = __version__.split()[1]

        # other headers
        self.set_header(
            "X-Transport-Info",
            'Extended Capabilities Transport (C) Red Hat, Inc (version %s)' %
            rpc_version)
        self.__processed = 1
Esempio n. 4
0
 def _read_username(self):
     tty = open("/dev/tty", "rb+", buffering=0)
     tty.write(bstr("SUSE Manager username: "******"\n"))
         sys.exit(0)
     if username is None:
         # EOF
         tty.write(bstr("\n"))
         sys.exit(0)
     return username.strip()
Esempio n. 5
0
def idn_puny_to_unicode(hostname):
    """ Convert Internationalized domain name from Punycode (RFC3492) to Unicode """
    if hostname is None:
        return None
    else:
        hostname = bstr(hostname)
        return hostname.decode('idna')
Esempio n. 6
0
def getContentChecksum(checksum_type, contents):
    if hashlib_has_usedforsecurity:
        engine = hashlib.new(checksum_type, usedforsecurity=False)
    else:
        engine = hashlib.new(checksum_type)
    engine.update(bstr(contents))
    return engine.hexdigest()
Esempio n. 7
0
    def send_http(self, host, handler="/RPC2"):
        if not self.__processed:
            raise NotProcessed

        self._host = host

        if self._connection is None:
            raise Exception("No connection object found")
        self._connection.connect()
        # wrap self data into binary object, otherwise HTTPConnection.request
        # will encode it as ISO-8859-1 https://docs.python.org/3/library/http.client.html#httpconnection-objects
        self._connection.request(self.method,
                                 handler,
                                 body=bstr(self.data),
                                 headers=self.headers)

        response = self._connection.getresponse()

        if not self.response_acceptable(response):
            raise xmlrpclib.ProtocolError("%s %s" % (self._host, handler),
                                          response.status, response.reason,
                                          response.msg)

        # A response object has read() and close() methods, so we can safely
        # pass the whole object back
        return response.msg, response
Esempio n. 8
0
    def __init__(self, socket, trusted_certs=None):
        # SSL.Context object
        self._ctx = None
        # SSL.Connection object
        self._connection = None
        self._sock = socket
        self._trusted_certs = []
        # convert None to empty list
        trusted_certs = trusted_certs or []
        for f in trusted_certs:
            self.add_trusted_cert(f)
        # SSL method to use
        if hasattr(SSL, 'PROTOCOL_TLS'):
            self._ssl_method = SSL.PROTOCOL_TLS
        else:
            self._ssl_method = SSL.PROTOCOL_SSLv23

        # Buffer size for reads
        self._buffer_size = 8192

        # Position, for tell()
        self._pos = 0
        # Buffer
        self._buffer = bstr("")

        # Flag to show if makefile() was called
        self._makefile_called = 0

        self._closed = None
Esempio n. 9
0
def genPublicCaCert(password, d, verbosity=0, forceYN=0):
    """ public CA certificate (client-side) generation """

    ca_key = os.path.join(d['--dir'], os.path.basename(d['--ca-key']))
    ca_cert_name = os.path.basename(d['--ca-cert'])
    ca_cert = os.path.join(d['--dir'], ca_cert_name)

    genPublicCaCert_dependencies(password, d, forceYN)

    configFile = genCaConf(d, verbosity)
    args = ("/usr/bin/openssl req -passin pass:%s -text -config %s "
            "-new -x509 -days %s -%s -key %s -out %s"
            % ('%s', repr(cleanupAbsPath(configFile.filename)),
               repr(d['--cert-expiration']),
               MD, repr(cleanupAbsPath(ca_key)),
               repr(cleanupAbsPath(ca_cert))))

    if verbosity >= 0:
        print("\nGenerating public CA certificate: %s" % ca_cert)
        print("Using distinguishing variables:")
        for k in ('--set-country', '--set-state', '--set-city', '--set-org',
                  '--set-org-unit', '--set-common-name', '--set-email'):
            print('    %s%s = "%s"' % (k, ' '*(18-len(k)), d[k]))
        if verbosity > 1:
            print("Commandline:", args % "PASSWORD")

    try:
        rotated = rotateFile(filepath=ca_cert, verbosity=verbosity)
        if verbosity>=0 and rotated:
            print("Rotated: %s --> %s" \
                  % (d['--ca-cert'], os.path.basename(rotated)))
    except ValueError:
        pass

    cwd = chdir(_getWorkDir())
    try:
        ret, out_stream, err_stream = rhn_popen(args % repr(password))
    finally:
        chdir(cwd)

    out = out_stream.read(); out_stream.close()
    err = err_stream.read(); err_stream.close()
    if ret:
        raise GenPublicCaCertException("Certificate Authority public "
                                   "SSL certificate generation failed:\n%s\n"
                                   "%s" % (out, err))
    if verbosity > 2:
        if out:
            print("STDOUT:", out)
        if err:
            print("STDERR:", err)

    latest_txt = os.path.join(d['--dir'], 'latest.txt')
    fo = open(latest_txt, 'wb')
    fo.write(bstr('%s\n' % ca_cert_name))
    fo.close()

    # permissions:
    os.chmod(ca_cert, int('0644',8))
    os.chmod(latest_txt, int('0644',8))
Esempio n. 10
0
 def __parse_action_data(self, action):
     """ Parse action data and returns (method, params) """
     data = action['action']
     parser, decoder = xmlrpclib.getparser()
     parser.feed(bstr(data))
     parser.close()
     params = decoder.close()
     method = decoder.getmethodname()
     return (method, params)
Esempio n. 11
0
 def _read_bytes(stream, amt):
     ret = bstr('')
     while amt:
         buf = stream.read(min(amt, BUFFER_SIZE))
         if not buf:
             return ret
         ret = ret + buf
         amt = amt - len(buf)
     return ret
Esempio n. 12
0
def xccdf_eval(args, cache_only=None):
    if cache_only:
        return (0, 'no-ops for caching', {})

    results_dir = None
    if ('id' in args) and ('file_size' in args) and args['file_size'] > 0:
        results_dir = tempfile.mkdtemp()
        pwd = os.getcwd()
        os.chdir(results_dir)

    results_file = tempfile.NamedTemporaryFile(dir=results_dir)
    params, oscap_err = _process_params(args['params'], results_file.name,
                                        results_dir)

    oscap_err += _run_oscap(['xccdf', 'eval'] + params + [args['path']])
    if results_dir:
        os.chdir(pwd)

    if not _assert_xml(results_file.file):
        del (results_file)
        _cleanup_temp(results_dir)
        return (1, 'oscap tool did not produce valid xml.\n' + oscap_err, {})

    ret, resume, xslt_err = _xccdf_resume(results_file.name,
                                          temp_dir=results_dir)
    if ret != 0 or resume == '':
        del (results_file)
        _cleanup_temp(results_dir)
        return (1, 'Problems with extracting resume:\n' + xslt_err, {})

    try:
        up_err = _upload_results(results_file, results_dir, args)
    except:
        # An error during the upload must not prevent scan completion
        log.log_exception(*sys.exc_info())
        up_err = "Upload of detailed results failed. Fatal error in Python code occurred"
    del (results_file)
    _cleanup_temp(results_dir)
    return (0, 'openscap scan completed', {
        'resume':
        encodestring(resume),
        'errors':
        encodestring(bstr(oscap_err) + bstr(xslt_err) + bstr(up_err))
    })
Esempio n. 13
0
def _copy_file_to_fd(filename, fd):
    f = open(filename)
    buffer_size = 16384
    count = 0
    while 1:
        buf = f.read(buffer_size)
        if not buf:
            break
        os.write(fd, bstr(buf))
        count = count + len(buf)
    return count
Esempio n. 14
0
def sha256_file(filename):
    engine = hashlib.new('sha256')

    fh = open(filename, "rb")
    while 1:
        buf = fh.read(4096)
        if not buf:
            break

        engine.update(bstr(buf))

    return engine.hexdigest()
Esempio n. 15
0
 def read_to_file(self, file):
     """Copies the contents of this File object into another file
     object"""
     fd = self._get_file()
     while 1:
         buf = fd.read(self.bufferSize)
         if not buf:
             break
         if sys.version_info[0] == 3:
             file.write(bstr(buf))
         else:
             file.write(sstr(buf))
     return file
Esempio n. 16
0
    def read(self, amt=None):
        """
        Reads up to amt bytes from the SSL connection.
        """
        self._check_closed()
        # Initially, the buffer size is the default buffer size.
        # Unfortunately, pending() does not return meaningful data until
        # recv() is called, so we only adjust the buffer size after the
        # first read
        buffer_size = self._buffer_size

        buffer_length = len(self._buffer)
        # Read only the specified amount of data
        while buffer_length < amt or amt is None:
            # if amt is None (read till the end), fills in self._buffer
            if amt is not None:
                buffer_size = min(amt - buffer_length, buffer_size)

            try:
                data = self._connection.recv(buffer_size)

                self._buffer = self._buffer + data
                buffer_length = len(self._buffer)

                # More bytes to read?
                pending = self._connection.pending()
                if pending == 0 and buffer_length == amt:
                    # we're done here
                    break
            except SSL.SSLError as err:
                if err.args[0] == SSL.SSL_ERROR_ZERO_RETURN:
                    # Nothing more to be read
                    break
                elif err.args[0] == SSL.SSL_ERROR_SYSCALL:
                    e = sys.exc_info()[1]
                    print("SSL exception", e.args)
                    break
                elif err.args[0] == SSL.SSL_ERROR_WANT_WRITE:
                    self._poll(select.POLLOUT, 'read')
                elif err.args[0] == SSL.SSL_ERROR_WANT_READ:
                    self._poll(select.POLLIN, 'read')

        if amt:
            ret = self._buffer[:amt]
            self._buffer = self._buffer[amt:]
        else:
            ret = self._buffer
            self._buffer = bstr("")

        self._pos = self._pos + len(ret)
        return ret
Esempio n. 17
0
def generate_random_string(length=20):
    if not length:
        return ''
    random_bytes = 16
    length = int(length)
    s = hashlib.new('sha1')
    s.update(bstr("%.8f" % time.time()))
    s.update(bstr(str(os.getpid())))
    devrandom = open('/dev/urandom', mode='rb')
    result = []
    cur_length = 0
    while 1:
        s.update(bstr(devrandom.read(random_bytes)))
        buf = s.hexdigest()
        result.append(buf)
        cur_length = cur_length + len(buf)
        if cur_length >= length:
            break

    devrandom.close()

    result = ''.join(result)[:length]
    return result.lower()
Esempio n. 18
0
    def acquire(self):
        """acquire the lock; else raise LockfileLockedException."""

        try:
            fcntl.flock(self.f, fcntl.LOCK_EX | fcntl.LOCK_NB)
        except IOError:
            if sys.exc_info()[1].errno == EWOULDBLOCK:
                raise LockfileLockedException(
                    "cannot acquire lock on %s." % self.lockfile, None,
                    sys.exc_info()[2])
            else:
                raise
        # unlock upon exit
        fcntl.fcntl(self.f, fcntl.F_SETFD, 1)
        # truncate and write the pid
        os.ftruncate(self.f, 0)
        os.write(self.f, bstr(str(self.pid) + '\n'))
Esempio n. 19
0
    def readline(self, length=None):
        """
        Reads a single line (up to `length' characters long) from the SSL
        connection.
        """
        self._check_closed()
        while True:
            # charcount contains the number of chars to be outputted (or None
            # if none to be outputted at this time)
            charcount = None
            i = self._buffer.find(bstr('\n'))
            if i >= 0:
                # Go one char past newline
                charcount = i + 1
            elif length and len(self._buffer) >= length:
                charcount = length

            if charcount is not None:
                ret = self._buffer[:charcount]
                self._buffer = self._buffer[charcount:]
                self._pos = self._pos + len(ret)
                return ret

            # Determine the number of chars to be read next
            bufsize = self._buffer_size
            if length:
                # we know length > len(self._buffer)
                bufsize = min(self._buffer_size, length - len(self._buffer))

            try:
                data = self._connection.recv(bufsize)
                self._buffer = self._buffer + data
            except SSL.SSLError as err:
                if err.args[0] == SSL.SSL_ERROR_ZERO_RETURN:
                    # Nothing more to be read
                    break
                elif err.args[0] == SSL.SSL_ERROR_WANT_WRITE:
                    self._poll(select.POLLOUT, 'readline')
                elif err.args[0] == SSL.SSL_ERROR_WANT_READ:
                    self._poll(select.POLLIN, 'readline')

        # We got here if we're done reading, so return everything
        ret = self._buffer
        self._buffer = ""
        self._pos = self._pos + len(ret)
        return ret
Esempio n. 20
0
    def run(self):
        log_debug(2)
        r = self.repository
        files = r.list_files()

        if not files:
            die(1, "No managed files.")

        label = "Config Channel"
        maxlen = max([len(s[0]) for s in files])
        maxlen = max(maxlen, len(label)) + 2
        print("%-10s %8s %-8s %10s %+3s    %*s    %s" %
              ('Mode', 'Owner', 'Group', 'Size', 'Rev', maxlen, label, "File"))

        arg_files = []
        if len(sys.argv) > 2:
            arg_files = sys.argv[2:len(sys.argv)]

        for file in files:

            if len(arg_files) and not file[1] in arg_files:
                continue

            # Get the file info
            finfo = r.get_file_info(file[1])[1]
            # Get the file length
            if finfo['encoding'] == 'base64':
                fsize = len(base64.decodestring(bstr(finfo['file_contents'])))
            else:
                # * indicates raw 'unencoded' size
                fsize = '*' + str(len(finfo['file_contents']))

            if finfo['filetype'] == 'symlink':
                permstr = ostr_to_sym('777', finfo['filetype'])
                dest = "%s -> %s" % (file[1], finfo['symlink'])
                fsize = str(len(finfo['symlink']))
                finfo['username'] = '******'
                finfo['groupname'] = 'root'
            else:
                permstr = ostr_to_sym(finfo['filemode'],
                                      finfo['filetype']) or ''
                dest = file[1]
            print("%10s %8s %-8s %10s %+3s    %*s    %s" %
                  (permstr, finfo['username'], finfo['groupname'], fsize,
                   finfo['revision'], maxlen, file[0], dest))
Esempio n. 21
0
    def log_debug(self, debug_level, *args):
        if debug_level <= self.debug_level:
            info_out = (time.strftime("%Y-%m-%d %H:%M:%S",
                                      time.localtime(time.time())),
                        self.get_caller(), " ".join([str(x) for x in args]))

            outstring = "%s %s: %s\n" % info_out
            sys.stdout.write(outstring)

            if not Logger.logfile is None:
                try:
                    fd = os.open(Logger.logfile,
                                 os.O_APPEND | os.O_RDWR | os.O_CREAT,
                                 int("0600", 8))
                    os.write(fd, bstr(outstring))
                    os.close(fd)
                except IOError:
                    raise
Esempio n. 22
0
    def main(self):
        if self.options.serverUrl:
            rhnreg.cfg.set("serverURL", self.options.serverUrl)
        if self.options.sslCACert:
            rhnreg.cfg.set("sslCACert", self.options.sslCACert)

        if not (self.options.activationkey or
                (self.options.username and self.options.password)):
            print(_("A username and password are required "\
                    "to register a system."))
            sys.exit(-1)

        if rhnreg.registered() and not self.options.force:
            print(
                _("This system is already registered. Use --force to override")
            )
            sys.exit(-1)

        rhnreg.getCaps()

        if not self.options.nopackages:
            getArch = 0
            if rhnreg.cfg['supportsExtendedPackageProfile']:
                getArch = 1
            packageList = pkgUtils.getInstalledPackageList(getArch=getArch)
        else:
            packageList = []

        hardwareList = hardware.Hardware()

        if self.options.profilename:
            profilename = self.options.profilename
        else:
            profilename = RegisterKsCli.__generateProfileName(hardwareList)

        other = {}
        if self.options.systemorgid:
            other['org_id'] = self.options.systemorgid

        # Try to get the virt uuid and put it in "other".
        (virt_uuid, virt_type) = rhnreg.get_virt_info()
        if not virt_uuid is None:
            other['virt_uuid'] = virt_uuid
            other['virt_type'] = virt_type

        # If specified, send up the EUS channel label for subscription.
        if self.options.use_eus_channel:
            if self.options.activationkey:
                print(
                    _("Usage of --use-eus-channel option with --activationkey is not supported. Please use username and password instead."
                      ))
                sys.exit(-1)
            if not rhnreg.server_supports_eus():
                print(
                    _("The server you are registering against does not support EUS."
                      ))
                sys.exit(-1)

            channels = rhnreg.getAvailableChannels(self.options.username,
                                                   self.options.password)
            other['channel'] = channels['default_channel']

        try:
            systemId = rhnreg.registerSystem(self.options.username,
                                             self.options.password,
                                             profilename,
                                             self.options.activationkey, other)
        except (up2dateErrors.AuthenticationTicketError,
                up2dateErrors.RhnUuidUniquenessError,
                up2dateErrors.CommunicationError,
                up2dateErrors.AuthenticationOrAccountCreationError):
            e = sys.exc_info()[1]
            print("%s" % e.errmsg)
            sys.exit(1)

        # collect hardware info, inluding hostname
        if not self.options.nohardware:
            rhnreg.sendHardware(systemId, hardwareList)

        if not self.options.nopackages:
            rhnreg.sendPackages(systemId, packageList)

        if self.options.contactinfo:
            print(
                _("Warning: --contactinfo option has been deprecated. Please login to the server web user Interface and update your contactinfo. "
                  ))

        # write out the new id
        rhnreg.writeSystemId(bstr(systemId))

        # assume successful communication with server
        # remember to save the config options
        rhnreg.cfg.save()

        # Send virtualization information to the server.  We must do this
        # *after* writing out the system id.
        if not self.options.novirtinfo:
            rhnreg.sendVirtInfo(systemId)

        # do this after writing out system id, bug #147513
        if not self.options.norhnsd:
            rhnreg.startRhnsd()

        try:
            present, conf_changed = rhnreg.pluginEnable()
            if not present:
                sys.stderr.write(
                    sstr(
                        _("Warning: %s is not present, could not enable it.") %
                        PM_PLUGIN_NAME))
        except IOError:
            e = sys.exc_info()[1]
            sys.stderr.write(
                sstr(
                    _("Warning: Could not open %s\n%s is not enabled.\n") %
                    (PM_PLUGIN_CONF, PM_PLUGIN_NAME) + e.errmsg))
        return RegisterKsCli.__runRhnCheck(self.options.verbose)
Esempio n. 23
0
def genServerRpm(d, verbosity=0):
    """ generates server's SSL key set RPM """

    serverKeyPairDir = os.path.join(d['--dir'],
                                    getMachineName(d['--set-hostname']))

    server_key_name = os.path.basename(d['--server-key'])
    server_key = os.path.join(serverKeyPairDir, server_key_name)

    server_cert_name = os.path.basename(d['--server-cert'])
    server_cert = os.path.join(serverKeyPairDir, server_cert_name)

    server_cert_req_name = os.path.basename(d['--server-cert-req'])
    server_cert_req = os.path.join(serverKeyPairDir, server_cert_req_name)

    jabberd_ssl_cert_name = os.path.basename(d['--jabberd-ssl-cert'])
    jabberd_ssl_cert = os.path.join(serverKeyPairDir, jabberd_ssl_cert_name )

    server_rpm_name = os.path.basename(d['--server-rpm'])
    server_rpm = os.path.join(serverKeyPairDir, server_rpm_name)

    postun_scriptlet = os.path.join(d['--dir'], 'postun.scriptlet')

    genServerRpm_dependencies(d)

    if verbosity>=0:
        sys.stderr.write("\n...working...\n")
    # check for old installed RPM.
    oldHdr = getInstalledHeader(LEGACY_SERVER_RPM_NAME1)
    if oldHdr and LEGACY_SERVER_RPM_NAME1 != server_rpm_name:
        sys.stderr.write("""
** NOTE ** older-styled RPM installed (%s),
           it needs to be removed before installing the web server's RPM that
           is about to generated.
""" % LEGACY_SERVER_RPM_NAME1)

    if not oldHdr:
        oldHdr = getInstalledHeader(LEGACY_SERVER_RPM_NAME2)
        if oldHdr and LEGACY_SERVER_RPM_NAME2 != server_rpm_name:
            sys.stderr.write("""
** NOTE ** older-styled RPM installed (%s),
           it needs to be removed before installing the web server's RPM that
           is about to generated.
""" % LEGACY_SERVER_RPM_NAME2)

    # check for new installed RPM.
    # Work out the release number.
    hdr = getInstalledHeader(server_rpm_name)

    #find RPMs in the directory as well.
    filenames = glob.glob("%s-*.noarch.rpm" % server_rpm)
    if filenames:
        filename = sortRPMs(filenames)[-1]
        h = get_package_header(filename)
        if hdr is None:
            hdr = h
        else:
            comp = hdrLabelCompare(h, hdr)
            if comp > 0:
                hdr = h

    epo, ver, rel = None, '1.0', '0'
    if hdr is not None:
        epo, ver, rel = hdr['epoch'], hdr['version'], hdr['release']

    # bump the release - and let's not be too smart about it
    #                    assume the release is a number.
    if rel:
        rel = str(int(rel)+1)

    description = SERVER_RPM_SUMMARY + """
Best practices suggests that this RPM should only be installed on the web
server with this hostname: %s
""" % d['--set-hostname']

    # Determine which jabberd user exists:
    jabberd_user = None
    possible_jabberd_users = ['jabberd', 'jabber']
    for juser_attempt in possible_jabberd_users:
        try:
            pwd.getpwnam(juser_attempt)
            jabberd_user = juser_attempt
        except:
            # user doesn't exist, try the next
            pass
    if jabberd_user is None:
        print("WARNING: No jabber/jabberd user on system, skipping " +
                "jabberd.pem generation.")

    jabberd_cert_string = ""
    if jabberd_user is not None:
        jabberd_cert_string = \
            "/etc/pki/spacewalk/jabberd/server.pem:0600,%s,%s=%s" % \
            (jabberd_user, jabberd_user, repr(cleanupAbsPath(jabberd_ssl_cert)))


    ## build the server RPM
    args = (os.path.join(CERT_PATH, 'gen-rpm.sh') + " "
            "--name %s --version %s --release %s --packager %s --vendor %s "
            "--group 'RHN/Security' --summary %s --description %s --postun %s "
            "/etc/httpd/conf/ssl.key/server.key:0600=%s "
            "/etc/httpd/conf/ssl.crt/server.crt=%s "
            "%s "
            % (repr(server_rpm_name), ver, rel, repr(d['--rpm-packager']),
               repr(d['--rpm-vendor']),
               repr(SERVER_RPM_SUMMARY), repr(description),
               repr(cleanupAbsPath(postun_scriptlet)),
               repr(cleanupAbsPath(server_key)),
               repr(cleanupAbsPath(server_cert)),
               jabberd_cert_string
               ))

    abs_server_cert_req = cleanupAbsPath(server_cert_req)
    if os.path.exists(abs_server_cert_req):
        args += ("/etc/httpd/conf/ssl.csr/server.csr=%s"
                 % repr(abs_server_cert_req))
    else:
        sys.stderr.write("WARNING: Not bundling %s to server RPM "
                         "(file not found)." %
                         repr(server_cert_req))

    serverRpmName = "%s-%s-%s" % (server_rpm, ver, rel)

    if verbosity >= 0:
        print("""
Generating web server's SSL key pair/set RPM:
    %s.src.rpm
    %s.noarch.rpm""" % (serverRpmName, serverRpmName))
        if verbosity > 1:
            print("Commandline:", args)

    if verbosity >= 4:
        print('Current working directory:', os.getcwd())
        print("Writing postun_scriptlet:", postun_scriptlet)
    open(postun_scriptlet, 'w').write(POST_UNINSTALL_SCRIPT)

    _disableRpmMacros()
    cwd = chdir(serverKeyPairDir)
    try:
        ret, out_stream, err_stream = rhn_popen(args)
    finally:
        chdir(cwd)
        _reenableRpmMacros()
        os.unlink(postun_scriptlet)

    out = out_stream.read(); out_stream.close()
    err = err_stream.read(); err_stream.close()

    if ret or not os.path.exists("%s.noarch.rpm" % serverRpmName):
        raise GenServerRpmException("web server's SSL key set RPM generation "
                                    "failed:\n%s\n%s" % (out, err))
    if verbosity > 2:
        if out:
            print("STDOUT:", out)
        if err:
            print("STDERR:", err)

    os.chmod('%s.noarch.rpm' % serverRpmName, int('0600',8))

    # generic the tarball necessary for Spacewalk Proxy against hosted installations
    tarballFilepath = genProxyServerTarball(d, version=ver, release=rel,
                                            verbosity=verbosity)

    # write-out latest.txt information
    latest_txt = os.path.join(serverKeyPairDir, 'latest.txt')
    fo = open(latest_txt, 'wb')
    fo.write(bstr('%s.noarch.rpm\n' % os.path.basename(serverRpmName)))
    fo.write(bstr('%s.src.rpm\n' % os.path.basename(serverRpmName)))
    fo.write(bstr('%s\n' % os.path.basename(tarballFilepath)))
    fo.close()
    os.chmod(latest_txt, int('0600',8))

    if verbosity >= 0:
        print("""
Deploy the server's SSL key pair/set RPM:
    (NOTE: the SUSE Manager or Proxy installers may do this step for you.)
    The "noarch" RPM needs to be deployed to the machine working as a
    web server, or SUSE Manager, or SUSE Manager Proxy.
    Presumably %s.""" % repr(d['--set-hostname']))

    return "%s.noarch.rpm" % serverRpmName
Esempio n. 24
0
def genCaRpm(d, verbosity=0):
    """ generates ssl cert RPM. """

    ca_cert_name = os.path.basename(d['--ca-cert'])
    ca_cert = os.path.join(d['--dir'], ca_cert_name)
    ca_cert_rpm_name = os.path.basename(d['--ca-cert-rpm'])
    ca_cert_rpm = os.path.join(d['--dir'], ca_cert_rpm_name)

    genCaRpm_dependencies(d)

    if verbosity>=0:
        sys.stderr.write("\n...working...")
    # Work out the release number.
    hdr = getInstalledHeader(ca_cert_rpm)

    #find RPMs in the directory
    filenames = glob.glob("%s-*.noarch.rpm" % ca_cert_rpm)
    if filenames:
        filename = sortRPMs(filenames)[-1]
        h = get_package_header(filename)
        if hdr is None:
            hdr = h
        else:
            comp = hdrLabelCompare(h, hdr)
            if comp > 0:
                hdr = h

    epo, ver, rel = None, '1.0', '0'
    if hdr is not None:
        epo, ver, rel = hdr['epoch'], hdr['version'], hdr['release']

    # bump the release - and let's not be too smart about it
    #                    assume the release is a number.
    if rel:
        rel = str(int(rel)+1)

    update_trust_script = os.path.join(CERT_PATH, 'update-ca-cert-trust.sh')

    # build the CA certificate RPM
    args = (os.path.join(CERT_PATH, 'gen-rpm.sh') + " "
            "--name %s --version %s --release %s --packager %s --vendor %s "
            "--group 'RHN/Security' --summary %s --description %s "
            "--post %s --postun %s "
            "/usr/share/rhn/%s=%s"
            % (repr(ca_cert_rpm_name), ver, rel, repr(d['--rpm-packager']),
               repr(d['--rpm-vendor']), repr(CA_CERT_RPM_SUMMARY),
               repr(CA_CERT_RPM_SUMMARY),
               repr(update_trust_script), repr(update_trust_script),
               repr(ca_cert_name), repr(cleanupAbsPath(ca_cert))))
    clientRpmName = '%s-%s-%s' % (ca_cert_rpm, ver, rel)
    if verbosity >= 0:
        print("""
Generating CA public certificate RPM:
    %s.src.rpm
    %s.noarch.rpm""" % (clientRpmName, clientRpmName))
        if verbosity > 1:
            print("Commandline:", args)

    _disableRpmMacros()
    cwd = chdir(d['--dir'])
    try:
        ret, out_stream, err_stream = rhn_popen(args)
    except Exception:
        chdir(cwd)
        _reenableRpmMacros()
        raise
    chdir(cwd)
    _reenableRpmMacros()

    out = out_stream.read(); out_stream.close()
    err = err_stream.read(); err_stream.close()

    if ret or not os.path.exists("%s.noarch.rpm" % clientRpmName):
        raise GenCaCertRpmException("CA public SSL certificate RPM generation "
                                "failed:\n%s\n%s" % (out, err))
    if verbosity > 2:
        if out:
            print("STDOUT:", out)
        if err:
            print("STDERR:", err)
    os.chmod('%s.noarch.rpm' % clientRpmName, int('0644',8))

    # write-out latest.txt information
    latest_txt = os.path.join(d['--dir'], 'latest.txt')
    fo = open(latest_txt, 'wb')
    fo.write(bstr('%s\n' % ca_cert_name))
    fo.write(bstr('%s.noarch.rpm\n' % os.path.basename(clientRpmName)))
    fo.write(bstr('%s.src.rpm\n' % os.path.basename(clientRpmName)))
    fo.close()
    os.chmod(latest_txt, int('0644',8))

    if verbosity >= 0:
        print("""
Make the public CA certificate publically available:
    (NOTE: the SUSE Manager Server or Proxy installers may do this step for you.)
    The "noarch" RPM and raw CA certificate can be made publically accessible
    by copying it to the /srv/www/htdocs/pub directory of your SUSE Manager Server or
    Proxy.""")


    return '%s.noarch.rpm' % clientRpmName
Esempio n. 25
0
    def diff_file(self, channel, path, local_file, revision):
        r = self.repository
        try:
            info = r.get_raw_file_info(channel, path, revision)
            if 'encoding' in info and info['file_contents']:
                if info['encoding'] == 'base64':
                    info['file_contents'] = base64.decodestring(
                        bstr(info['file_contents']))
                else:
                    die(9, 'Error: unknown encoding %s' % info['encoding'])
        except cfg_exceptions.RepositoryFileMissingError:
            die(
                2,
                "Error: no such file %s (revision %s) in config channel %s" %
                (path, revision, channel))
        if os.path.islink(local_file) and info['filetype'] != 'symlink':
            die(
                8,
                "Cannot diff %s; the file on the system is a symbolic link while the file in the channel is not. "
                % local_file)
        if info['filetype'] == 'symlink' and not os.path.islink(local_file):
            die(
                8,
                "Cannot diff %s; the file on the system is not a symbolic link while the file in the channel is. "
                % local_file)
        if info['filetype'] == 'symlink':
            src_link = info['symlink']
            dest_link = os.readlink(local_file)
            if src_link != os.readlink(local_file):
                return "Symbolic links differ. Channel: '%s' -> '%s'   System: '%s' -> '%s' \n " % (
                    path, src_link, path, dest_link)
            return ""

        response_output = ""
        content_differs = False
        if 'is_binary' in info and info['is_binary'] == 'Y':
            from_content = info['file_contents']
            to_file = open(local_file, 'rb')
            to_content = to_file.read()
            to_file.close()
            if len(from_content) != len(to_content):
                content_differs = True
            else:
                for i in range(len(from_content)):
                    if from_content[i] != to_content[i]:
                        content_differs = True
                        break
            if content_differs:
                response_output = "Binary file content differs\n"
        else:
            fromlines = sstr(info['file_contents']).splitlines(1)
            tofile = open(local_file, 'r')
            tolines = tofile.readlines()
            tofile.close()
            diff_output = difflib.unified_diff(fromlines, tolines,
                                               info['path'], local_file)
            first_row = second_row = ''
            try:
                first_row = next(diff_output)
                # if content was same, exception thrown so following
                # lines don't execute
                content_differs = True
                second_row = next(diff_output)
                response_output = ''.join(list(diff_output))
            except StopIteration:
                pass

        file_stat = os.lstat(local_file)
        local_info = r.make_stat_info(local_file, file_stat)
        # rhel4 do not support selinux
        if not 'selinux_ctx' in local_info:
            local_info['selinux_ctx'] = ''
        if 'selinux_ctx' not in info:
            info['selinux_ctx'] = ''
        if not content_differs and not self.__attributes_differ(
                info, local_info):
            return ""
        else:
            template = "%s %s\t%s\tattributes: %s %s %s %s\tconfig channel: %s\trevision: %s"
            if 'modified' not in info:
                info['modified'] = ''
            first_row = template % (
                '---',
                path,
                str(info['modified']),
                ostr_to_sym(info['filemode'], info['filetype']),
                info['username'],
                info['groupname'],
                info['selinux_ctx'],
                channel,
                info['revision'],
            )
            second_row = template % (
                '+++', local_file,
                f_date(datetime.fromtimestamp(local_info['mtime'])),
                ostr_to_sym(local_info['mode'],
                            'file'), local_info['user'], local_info['group'],
                local_info['selinux_ctx'], 'local file', None)
        return first_row + '\n' + second_row + '\n' + response_output
Esempio n. 26
0
    def process(self, file_struct, directory=None, strict_ownership=1):
        # Older servers will not return directories; if filetype is missing,
        # assume file

        if file_struct.get('filetype') == 'directory':
            if directory is None:
                directory = ""
            return None, utils.mkdir_p(directory + file_struct['path'])

        if directory:
            directory += os.path.split(file_struct['path'])[0]
        if file_struct.get('filetype') == 'symlink':
            if 'symlink' not in file_struct:
                raise Exception("Missing key symlink")

            (fullpath, dirs_created, fd) = maketemp(prefix=".rhn-cfg-tmp",
                                                    directory=directory)
            os.close(fd)
            os.unlink(fullpath)
            os.symlink(file_struct['symlink'], fullpath)
            return fullpath, dirs_created

        for k in self.file_struct_fields.keys():
            if k not in file_struct:
                # XXX
                raise Exception("Missing key %s" % k)

        encoding = ''

        if 'encoding' in file_struct:
            encoding = file_struct['encoding']

        contents = file_struct['file_contents']

        if contents and (encoding == 'base64'):
            contents = decodestring(bstr(contents))

        delim_start = file_struct['delim_start']
        delim_end = file_struct['delim_end']

        if ('checksum' in file_struct and 'checksum_type' in file_struct
                and 'verify_contents' in file_struct
                and file_struct['verify_contents']):
            if file_struct['checksum'] != utils.getContentChecksum(
                    file_struct['checksum_type'], contents):
                raise Exception(
                    "Corrupt file received: Content checksums do not match!")
        elif ('md5sum' in file_struct and 'verify_contents' in file_struct
              and file_struct['verify_contents']):
            if file_struct['md5sum'] != utils.getContentChecksum(
                    'md5', contents):
                raise Exception(
                    "Corrupt file received: Content checksums do not match!")
        elif ('verify_contents' in file_struct
              and file_struct['verify_contents']):
            raise Exception(
                "Corrupt file received: missing checksum information!")

        (fullpath, dirs_created, fd) = maketemp(prefix=".rhn-cfg-tmp",
                                                directory=directory)

        try:
            os.write(fd, bstr(contents))
        except Exception:
            raise
        finally:
            os.close(fd)

        # try to set mtime and ctime of the file to
        # the last modified time on the server
        if 'modified' in file_struct:
            try:
                modified = xmlrpc_time(file_struct['modified'].value)
                epoch_time = time.mktime(modified)
                os.utime(fullpath, (epoch_time, epoch_time))
            except (ValueError, AttributeError):
                # we can't parse modified time
                pass

        return fullpath, dirs_created