def read_file(filename, password):
"""
Decrypt contents of file with the given key, and return as a string.
Assume that we're reading files that we encrypted. (i.e. we're not trying
to read files encrypted manually with gpg)
Also note that the password here is the user password, not the actual
AES key. To get that we must read the first 8 bytes of the file to get
the correct salt to use to convert the password to the key.
Returns a tuple of (salt, json)
"""
if not os.path.exists(filename):
raise NoSuchFileException()
f = open(filename, 'r')
# 2 byte version in hex
ver = f.read(2)
# 8 byte salt
salt = f.read(8)
# 16 byte initialization vector
iv = f.read(16)
log.debug("Read version: %s salt: %s iv: %s" % (ver, salt, iv))
cont = f.read()
try:
return_me = decrypt(cont, password, salt, iv)
except Exception, e:
log.warn("Exception while decrypting the configuration file: %s" % e)
# raise
raise DecryptionException
def read_file(filename, password):
"""
Decrypt contents of file with the given key, and return as a string.
Assume that we're reading files that we encrypted. (i.e. we're not trying
to read files encrypted manually with gpg)
Also note that the password here is the user password, not the actual
AES key. To get that we must read the first 8 bytes of the file to get
the correct salt to use to convert the password to the key.
Returns a tuple of (salt, json)
"""
if not os.path.exists(filename):
raise NoSuchFileException()
f = open(filename, 'r')
# 2 byte version in hex
ver = f.read(2)
# 8 byte salt
salt = f.read(8)
# 16 byte initialization vector
iv = f.read(16)
log.debug("Read version: %s salt: %s iv: %s" % (ver, salt, iv))
cont = f.read()
try:
return_me = decrypt(cont, password, salt, iv)
except Exception, e:
log.warn("Exception while decrypting the configuration file: %s" % e)
# raise
raise DecryptionException
def _find_auths(self, authnames):
""" Return a list of Auth objects for the with the given names. """
auth_objs = []
for authname in authnames:
auth = self.config.get_auth(authname)
# FIXME: what do we do if an authname is invalid?
# for now, we ignore it
if auth:
auth_objs.append(auth)
else:
log.warn("No such auth: %s" % authname)
return auth_objs
def _find_auths(self, authnames):
""" Return a list of Auth objects for the with the given names. """
auth_objs = []
for authname in authnames:
auth = self.config.get_auth(authname)
#FIXME: what do we do if an authname is invalid?
# for now, we ignore it
if auth:
auth_objs.append(auth)
else:
log.warn("No such auth: %s" % authname)
return auth_objs
def connect(self, ssh_job):
# do the actual paramiko ssh connection
# Copy the list of ports, we'll modify it as we go:
ports_to_try = list(ssh_job.ports)
found_port = None # we'll set this once we identify a port that works
found_auth = False
while True:
if found_auth:
break
if found_port != None:
log.warn("Found ssh on %s:%s, but no auths worked." %
(ssh_job.ip, found_port))
break
if len(ports_to_try) == 0:
log.debug("Could not find/connect to ssh on: %s" % ssh_job.ip)
err = _("unable to connect")
ssh_job.error = err
break
port = ports_to_try.pop(0)
for auth in ssh_job.auths:
ssh_job.error = None
debug_str = "%s:%s/%s" % (ssh_job.ip, port, auth.name)
# this checks the case of a passphrase we can't decrypt
try:
pkey = get_pkey(auth)
except paramiko.SSHException, e:
# paramiko throws an SSHException for pretty much everything... ;-<
log.error("ssh key error for %s: %s" % (debug_str, str(e)))
ssh_job.error = str(e)
continue
self.ssh = paramiko.SSHClient()
self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
log.info("trying: %s" % debug_str)
self.show_connect(ssh_job, port, auth)
self.ssh.connect(ssh_job.ip, port=int(port),
username=auth.username,
password=auth.password,
pkey=pkey,
allow_agent=ssh_job.allow_agent,
look_for_keys=ssh_job.look_for_keys,
timeout=ssh_job.timeout)
ssh_job.port = port
ssh_job.auth = auth
found_port = port
found_auth = True
log.info("success: %s" % debug_str)
break
# Implies we've found an SSH server listening:
except paramiko.AuthenticationException, e:
# Because we stop checking ports once we find one where ssh
# is listening, we can report the error message here and it
# will end up in the final report correctly:
err = _("login failed")
log.error(err)
ssh_job.error = err
found_port = port
continue
# No route to host:
except socket.error, e:
log.warn("No route to host, skipping port: %s" % debug_str)
ssh_job.error = str(e)
break
def connect(self, ssh_job):
# do the actual paramiko ssh connection
# Copy the list of ports, we'll modify it as we go:
ports_to_try = list(ssh_job.ports)
found_port = None # we'll set this once we identify a port that works
found_auth = False
while True:
if found_auth:
break
if found_port is not None:
log.warn("Found ssh on %s:%s, but no auths worked." %
(ssh_job.ip, found_port))
break
if len(ports_to_try) == 0:
log.debug("Could not find/connect to ssh on: %s" % ssh_job.ip)
err = _("unable to connect")
ssh_job.error = err
break
port = ports_to_try.pop(0)
for auth in ssh_job.auths:
ssh_job.error = None
debug_str = "%s:%s/%s" % (ssh_job.ip, port, auth.name)
# this checks the case of a passphrase we can't decrypt
try:
pkey = get_pkey(auth)
except paramiko.SSHException as e:
# paramiko throws an SSHException for pretty much everything... ;-<
log.error("ssh key error for %s: %s" % (debug_str, str(e)))
ssh_job.error = str(e)
continue
self.ssh = paramiko.SSHClient()
self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
log.info("trying: %s" % debug_str)
self.show_connect(ssh_job, port, auth)
self.ssh.connect(ssh_job.ip, port=int(port),
username=auth.username,
password=auth.password,
pkey=pkey,
allow_agent=ssh_job.allow_agent,
look_for_keys=ssh_job.look_for_keys,
timeout=ssh_job.timeout)
ssh_job.port = port
ssh_job.auth = auth
found_port = port
found_auth = True
log.info("success: %s" % debug_str)
break
# Implies we've found an SSH server listening:
except paramiko.AuthenticationException as e:
# Because we stop checking ports once we find one where ssh
# is listening, we can report the error message here and it
# will end up in the final report correctly:
err = _("login failed")
log.error(err)
ssh_job.error = err
found_port = port
continue
# No route to host:
except socket.error as e:
log.warn("No route to host, skipping port: %s" % debug_str)
ssh_job.error = str(e)
break
# TODO: Hitting a live port that isn't ssh will result in
# paramiko.SSHException, do we need to handle this explicitly?
# Something else happened:
except Exception as detail:
log.warn("Connection error: %s - %s" % (debug_str,
str(detail)))
ssh_job.error = str(detail)
continue
