class LuksVolume(_BaseVolume):
"""Model for storing Luks passphrases."""
AUDIT_LOG_MODEL = LuksAccessLog
ACCESS_ERR_CLS = LuksAccessError
ESCROW_TYPE_NAME = 'luks'
REQUIRED_PROPERTIES = base_settings.LUKS_REQUIRED_PROPERTIES + [
'passphrase',
'hostname',
'platform_uuid',
'owners',
'volume_uuid',
]
SEARCH_FIELDS = [
('owner', 'Device Owner'),
('hostname', 'Hostname'),
('volume_uuid', 'Volume UUID'),
('created_by', 'Escrow Username'),
('platform_uuid', 'MrMagoo Host UUID'),
('hdd_serial', 'Hard Drive Serial Number'),
]
SECRET_PROPERTY_NAME = 'passphrase'
passphrase = encrypted_property.EncryptedBlobProperty(
_LUKS_PASSPHRASE_ENCRYPTION_KEY_NAME)
hdd_serial = db.StringProperty()
platform_uuid = db.StringProperty()
class FileVaultVolume(_BaseVolume):
"""Model for storing FileVault Volume passphrases, with various metadata."""
AUDIT_LOG_MODEL = FileVaultAccessLog
ACCESS_ERR_CLS = FileVaultAccessError
ESCROW_TYPE_NAME = 'filevault'
REQUIRED_PROPERTIES = base_settings.FILEVAULT_REQUIRED_PROPERTIES + [
'passphrase', 'volume_uuid'
]
SEARCH_FIELDS = [
('owner', 'Owner Username'),
('created_by', 'Escrow Username'),
('hdd_serial', 'Hard Drive Serial Number'),
('hostname', 'Hostname'),
('serial', 'Machine Serial Number'),
('platform_uuid', 'Platform UUID'),
('volume_uuid', 'Volume UUID'),
]
SECRET_PROPERTY_NAME = 'passphrase'
ALLOW_OWNER_CHANGE = True
# NOTE(ogle): For self-service encryption, owner/created_by may the same.
# Furthermore, created_by may go away if we implement unattended encryption
# via machine/certificate-based auth.
passphrase = encrypted_property.EncryptedBlobProperty(
_FILEVAULT_PASSPHRASE_ENCRYPTION_KEY_NAME)
platform_uuid = db.StringProperty() # sp_platform_uuid in facter.
serial = db.StringProperty() # serial number of the machine.
hdd_serial = db.StringProperty() # hard drive disk serial number.
@classmethod
def NormalizeHostname(cls, hostname):
"""Ensures hostname is non-fully qualified and lowercased."""
return super(FileVaultVolume, cls).NormalizeHostname(hostname,
strip_fqdn=True)
class LinuxFirmwarePassword(_BaseFirmwarePassword):
"""Model for storing Linux Firmware passwords, with various metadata."""
AUDIT_LOG_MODEL = LinuxFirmwarePasswordAccessLog
TARGET_PROPERTY_NAME = '_manufacturer_serial_machine_uuid'
ESCROW_TYPE_NAME = 'linux_firmware'
SECRET_PROPERTY_NAME = 'password'
REQUIRED_PROPERTIES = [
'manufacturer', 'serial', 'password', 'hostname', 'machine_uuid'
]
SEARCH_FIELDS = [
('asset_tags', 'Asset Tag'),
('hostname', 'Hostname'),
('manufacturer', 'Machine Manufacturer'),
('serial', 'Machine Serial Number'),
('machine_uuid', 'Machine UUID'),
]
password = encrypted_property.EncryptedBlobProperty(
_LINUX_FIRMWARE_PASSWORD_ENCRYPTION_KEY_NAME)
manufacturer = db.StringProperty() # /sys/class/dmi/id/sys_vendor.
serial = db.StringProperty() # /sys/class/dmi/id/product_serial.
machine_uuid = db.StringProperty() # /sys/class/dmi/id/product_uuid.
_manufacturer_serial_machine_uuid = db.ComputedProperty(
lambda self: self.manufacturer + self.serial + self.machine_uuid)
class BitLockerVolume(_BaseVolume):
"""Model for storing BitLocker Volume keys."""
ACCESS_ERR_CLS = BitLockerAccessError
ESCROW_TYPE_NAME = 'bitlocker'
REQUIRED_PROPERTIES = [
'dn', 'hostname', 'parent_guid', 'recovery_key', 'volume_uuid'
]
SEARCH_FIELDS = [
('hostname', 'Hostname'),
('volume_uuid', 'Volume UUID'),
]
SECRET_PROPERTY_NAME = 'recovery_key'
recovery_key = encrypted_property.EncryptedBlobProperty(
_BITLOCKER_PASSPHRASE_ENCRYPTION_KEY_NAME)
dn = db.StringProperty()
parent_guid = db.StringProperty()
when_created = db.DateTimeProperty()
@classmethod
def NormalizeHostname(cls, hostname):
"""Ensures hostname is non-fully qualified and lowercased."""
return super(BitLockerVolume,
cls).NormalizeHostname(hostname, strip_fqdn=True).upper()
class AppleFirmwarePassword(_BaseFirmwarePassword):
"""Model for storing Apple Firmware passwords, with various metadata."""
AUDIT_LOG_MODEL = AppleFirmwarePasswordAccessLog
TARGET_PROPERTY_NAME = 'serial'
ESCROW_TYPE_NAME = 'apple_firmware'
SECRET_PROPERTY_NAME = 'password'
REQUIRED_PROPERTIES = [
'platform_uuid',
'password',
'hostname',
'serial',
]
SEARCH_FIELDS = [
('asset_tags', 'Asset Tag'),
('hostname', 'Hostname'),
('serial', 'Machine Serial Number'),
('platform_uuid', 'Platform UUID'),
]
password = encrypted_property.EncryptedBlobProperty(
_APPLE_FIRMWARE_PASSWORD_ENCRYPTION_KEY_NAME)
serial = db.StringProperty()
platform_uuid = db.StringProperty() # sp_platform_uuid in facter.
class DuplicityKeyPair(base.BasePassphrase,
services.InventoryServiceBackupPassphraseProperties):
"""Model for storing Duplicity key pairs.
Duplicity backups are assosiated with user and not machine.
http://duplicity.nongnu.org/
"""
ACCESS_ERR_CLS = DuplicityAccessError
AUDIT_LOG_MODEL = DuplicityAccessLog
ESCROW_TYPE_NAME = 'duplicity'
REQUIRED_PROPERTIES = base_settings.DUPLICITY_REQUIRED_PROPERTIES + [
'key_pair',
'owners',
'volume_uuid',
]
MUTABLE_PROPERTIES = (
base.BasePassphrase.MUTABLE_PROPERTIES +
services.InventoryServiceBackupPassphraseProperties.MUTABLE_PROPERTIES)
SEARCH_FIELDS = [
('owner', 'Owner Username'),
('hostname', 'Hostname'),
]
SECRET_PROPERTY_NAME = 'key_pair'
TARGET_PROPERTY_NAME = 'volume_uuid'
platform_uuid = db.StringProperty()
key_pair = encrypted_property.EncryptedBlobProperty(
_DUPLICITY_KEY_PAIR_ENCRYPTION_KEY_NAME)
volume_uuid = db.StringProperty() # UUID of the backup.
class AppleFirmwarePassword(base.BasePassphrase):
"""Model for storing Apple Firmware passwords, with various metadata."""
TARGET_PROPERTY_NAME = 'serial'
ESCROW_TYPE_NAME = 'apple_firmware'
SECRET_PROPERTY_NAME = 'password'
REQUIRED_PROPERTIES = [
'platform_uuid',
'password',
'hostname',
'serial',
]
SEARCH_FIELDS = [
('hostname', 'Hostname'),
('serial', 'Machine Serial Number'),
('platform_uuid', 'Platform UUID'),
('asset_tags', 'Asset Tag'),
]
ACCESS_ERR_CLS = base.AccessError
password = encrypted_property.EncryptedBlobProperty(
_APPLE_FIRMWARE_PASSWORD_ENCRYPTION_KEY_NAME)
serial = db.StringProperty()
platform_uuid = db.StringProperty() # sp_platform_uuid in facter.
asset_tags = db.StringListProperty()
def ToDict(self, skip_secret=False):
o = super(AppleFirmwarePassword, self).ToDict(skip_secret)
o['asset_tags'] = ', '.join(self.asset_tags)
return o
class WindowsFirmwarePassword(base.BasePassphrase):
"""Model for storing Windows Firmware passwords, with various metadata."""
TARGET_PROPERTY_NAME = 'serial'
ESCROW_TYPE_NAME = 'windows_firmware'
SECRET_PROPERTY_NAME = 'password'
REQUIRED_PROPERTIES = ['serial', 'password', 'hostname', 'smbios_guid']
SEARCH_FIELDS = [
('hostname', 'Hostname'),
('serial', 'Machine Serial Number'),
('smbios_guid', 'SMBIOS UUID'),
('asset_tags', 'Asset Tag'),
]
ACCESS_ERR_CLS = base.AccessError
password = encrypted_property.EncryptedBlobProperty(
_WINDOWS_FIRMWARE_PASSWORD_ENCRYPTION_KEY_NAME)
# serial from WMI query: 'Select SerialNumber from Win32_BIOS'
serial = db.StringProperty()
# smbios_guid from WMI query: 'Select UUID from Win32_ComputerSystemProduct'
smbios_guid = db.StringProperty()
asset_tags = db.StringListProperty()
def ToDict(self, skip_secret=False):
o = super(WindowsFirmwarePassword, self).ToDict(skip_secret)
o['asset_tags'] = ', '.join(self.asset_tags)
return o
class LinuxFirmwarePassword(base.BasePassphrase):
"""Model for storing Linux Firmware passwords, with various metadata."""
TARGET_PROPERTY_NAME = '_manufacturer_serial_machine_uuid'
ESCROW_TYPE_NAME = 'linux_firmware'
SECRET_PROPERTY_NAME = 'password'
REQUIRED_PROPERTIES = [
'manufacturer', 'serial', 'password', 'hostname', 'machine_uuid'
]
SEARCH_FIELDS = [
('hostname', 'Hostname'),
('manufacturer', 'Machine Manufacturer'),
('serial', 'Machine Serial Number'),
('machine_uuid', 'Machine UUID'),
('asset_tags', 'Asset Tag'),
]
ACCESS_ERR_CLS = base.AccessError
password = encrypted_property.EncryptedBlobProperty(
_LINUX_FIRMWARE_PASSWORD_ENCRYPTION_KEY_NAME)
manufacturer = db.StringProperty() # /sys/class/dmi/id/sys_vendor.
serial = db.StringProperty() # /sys/class/dmi/id/product_serial.
machine_uuid = db.StringProperty() # /sys/class/dmi/id/product_uuid.
_manufacturer_serial_machine_uuid = db.ComputedProperty(
lambda self: self.manufacturer + self.serial + self.machine_uuid)
asset_tags = db.StringListProperty()
def ToDict(self, skip_secret=False):
o = super(LinuxFirmwarePassword, self).ToDict(skip_secret)
o['asset_tags'] = ', '.join(self.asset_tags)
return o
class DuplicityKeyPair(_BaseVolume):
"""Model for storing Duplicity key pairs."""
ACCESS_ERR_CLS = DuplicityAccessError
ESCROW_TYPE_NAME = 'duplicity'
REQUIRED_PROPERTIES = base_settings.DUPLICITY_REQUIRED_PROPERTIES + [
'key_pair',
'owner',
'volume_uuid',
]
SECRET_PROPERTY_NAME = 'key_pair'
platform_uuid = db.StringProperty()
key_pair = encrypted_property.EncryptedBlobProperty(
_DUPLICITY_KEY_PAIR_ENCRYPTION_KEY_NAME)
class LenovoFirmwarePassword(base.BasePassphrase):
"""Model for storing Lenovo Firmware passwords, with various metadata."""
TARGET_PROPERTY_NAME = 'serial'
ESCROW_TYPE_NAME = 'lenovo_firmware'
SECRET_PROPERTY_NAME = 'password'
REQUIRED_PROPERTIES = [
'serial',
'password',
'hostname',
]
ACCESS_ERR_CLS = base.AccessError
password = encrypted_property.EncryptedBlobProperty(
_LENOVO_FIRMWARE_PASSWORD_ENCRYPTION_KEY_NAME)
serial = db.StringProperty()
class BitLockerVolume(_BaseVolume):
"""Model for storing BitLocker Volume keys."""
AUDIT_LOG_MODEL = BitLockerAccessLog
ACCESS_ERR_CLS = BitLockerAccessError
ESCROW_TYPE_NAME = 'bitlocker'
REQUIRED_PROPERTIES = [
'dn',
'hostname',
'parent_guid',
'recovery_key',
'volume_uuid',
'recovery_guid',
]
SEARCH_FIELDS = [
('hostname', 'Hostname'),
('volume_uuid', 'Volume UUID'),
]
SECRET_PROPERTY_NAME = 'recovery_key'
recovery_key = encrypted_property.EncryptedBlobProperty(
_BITLOCKER_PASSPHRASE_ENCRYPTION_KEY_NAME)
dn = db.StringProperty()
parent_guid = db.StringProperty()
recovery_guid = db.StringProperty()
# Real creation time. 'created' property contains time of AD sync.
when_created = db.DateTimeProperty()
@classmethod
def NormalizeHostname(cls, hostname):
"""Ensures hostname is non-fully qualified and lowercased."""
return super(BitLockerVolume,
cls).NormalizeHostname(hostname, strip_fqdn=True).upper()
def ToDict(self, skip_secret=False):
d = super(BitLockerVolume, self).ToDict(skip_secret)
# remove AD sync time.
del d['created']
return d
class WindowsFirmwarePassword(_BaseFirmwarePassword):
"""Model for storing Windows Firmware passwords, with various metadata."""
AUDIT_LOG_MODEL = WindowsFirmwarePasswordAccessLog
TARGET_PROPERTY_NAME = 'serial'
ESCROW_TYPE_NAME = 'windows_firmware'
SECRET_PROPERTY_NAME = 'password'
REQUIRED_PROPERTIES = ['serial', 'password', 'hostname', 'smbios_guid']
SEARCH_FIELDS = [
('asset_tags', 'Asset Tag'),
('hostname', 'Hostname'),
('serial', 'Machine Serial Number'),
('smbios_guid', 'SMBIOS UUID'),
]
password = encrypted_property.EncryptedBlobProperty(
_WINDOWS_FIRMWARE_PASSWORD_ENCRYPTION_KEY_NAME)
# serial from WMI query: 'Select SerialNumber from Win32_BIOS'
serial = db.StringProperty()
# smbios_guid from WMI query: 'Select UUID from Win32_ComputerSystemProduct'
smbios_guid = db.StringProperty()
