def test_blank_lines(self):
lines = ['', '\t', ' ']
self.load_file.return_value = '\n'.join(lines)
ret = ssh_util.parse_ssh_config('some real file')
self.assertEqual(len(lines), len(ret))
for line in ret:
self.assertEqual('', line.line)
def test_blank_lines(self):
lines = ['', '\t', ' ']
self.load_file.return_value = '\n'.join(lines)
ret = ssh_util.parse_ssh_config('some real file')
self.assertEqual(len(lines), len(ret))
for line in ret:
self.assertEqual('', line.line)
def test_blank_lines(self):
lines = ["", "\t", " "]
self.load_file.return_value = "\n".join(lines)
ret = ssh_util.parse_ssh_config("some real file")
self.assertEqual(len(lines), len(ret))
for line in ret:
self.assertEqual("", line.line)
def test_upper_case_with_equals(self):
self.load_file.return_value = 'Foo=bar'
ret = ssh_util.parse_ssh_config('some real file')
self.assertEqual(1, len(ret))
self.assertEqual('foo', ret[0].key)
self.assertEqual('bar', ret[0].value)
def test_comment_line(self):
comment_line = '# This is a comment'
self.load_file.return_value = comment_line
ret = ssh_util.parse_ssh_config('some real file')
self.assertEqual(1, len(ret))
self.assertEqual(comment_line, ret[0].line)
def test_empty_file(self):
self.load_file.return_value = ''
ret = ssh_util.parse_ssh_config('some real file')
self.assertEqual([], ret)
def test_not_a_file(self):
self.isfile.return_value = False
self.load_file.side_effect = IOError
ret = ssh_util.parse_ssh_config('not a real file')
self.assertEqual([], ret)
def test_upper_case_with_equals(self):
self.load_file.return_value = 'Foo=bar'
ret = ssh_util.parse_ssh_config('some real file')
self.assertEqual(1, len(ret))
self.assertEqual('foo', ret[0].key)
self.assertEqual('bar', ret[0].value)
def test_comment_line(self):
comment_line = '# This is a comment'
self.load_file.return_value = comment_line
ret = ssh_util.parse_ssh_config('some real file')
self.assertEqual(1, len(ret))
self.assertEqual(comment_line, ret[0].line)
def test_empty_file(self):
self.load_file.return_value = ''
ret = ssh_util.parse_ssh_config('some real file')
self.assertEqual([], ret)
def test_not_a_file(self):
self.isfile.return_value = False
self.load_file.side_effect = IOError
ret = ssh_util.parse_ssh_config('not a real file')
self.assertEqual([], ret)
def handle(_name, cfg, cloud, log, args):
if len(args) != 0:
# if run from command line, and give args, wipe the chpasswd['list']
password = args[0]
if 'chpasswd' in cfg and 'list' in cfg['chpasswd']:
del cfg['chpasswd']['list']
else:
password = util.get_cfg_option_str(cfg, "password", None)
expire = True
plist = None
if 'chpasswd' in cfg:
chfg = cfg['chpasswd']
plist = util.get_cfg_option_str(chfg, 'list', plist)
expire = util.get_cfg_option_bool(chfg, 'expire', expire)
if not plist and password:
(users, _groups) = ds.normalize_users_groups(cfg, cloud.distro)
(user, _user_config) = ds.extract_default(users)
if user:
plist = "%s:%s" % (user, password)
else:
log.warn("No default or defined user to change password for.")
errors = []
if plist:
plist_in = []
randlist = []
users = []
for line in plist.splitlines():
u, p = line.split(':', 1)
if p == "R" or p == "RANDOM":
p = rand_user_password()
randlist.append("%s:%s" % (u, p))
plist_in.append("%s:%s" % (u, p))
users.append(u)
ch_in = '\n'.join(plist_in) + '\n'
try:
log.debug("Changing password for %s:", users)
util.subp(['chpasswd'], ch_in)
except Exception as e:
errors.append(e)
util.logexc(log, "Failed to set passwords with chpasswd for %s",
users)
if len(randlist):
blurb = ("Set the following 'random' passwords\n",
'\n'.join(randlist))
sys.stderr.write("%s\n%s\n" % blurb)
if expire:
expired_users = []
for u in users:
try:
util.subp(['passwd', '--expire', u])
expired_users.append(u)
except Exception as e:
errors.append(e)
util.logexc(log, "Failed to set 'expire' for %s", u)
if expired_users:
log.debug("Expired passwords for: %s users", expired_users)
change_pwauth = False
pw_auth = None
if 'ssh_pwauth' in cfg:
if util.is_true(cfg['ssh_pwauth']):
change_pwauth = True
pw_auth = 'yes'
elif util.is_false(cfg['ssh_pwauth']):
change_pwauth = True
pw_auth = 'no'
elif str(cfg['ssh_pwauth']).lower() == 'unchanged':
log.debug('Leaving auth line unchanged')
change_pwauth = False
elif not str(cfg['ssh_pwauth']).strip():
log.debug('Leaving auth line unchanged')
change_pwauth = False
elif not cfg['ssh_pwauth']:
log.debug('Leaving auth line unchanged')
change_pwauth = False
else:
msg = 'Unrecognized value %s for ssh_pwauth' % cfg['ssh_pwauth']
util.logexc(log, msg)
if change_pwauth:
replaced_auth = False
# See: man sshd_config
old_lines = ssh_util.parse_ssh_config(ssh_util.DEF_SSHD_CFG)
new_lines = []
i = 0
for (i, line) in enumerate(old_lines):
# Keywords are case-insensitive and arguments are case-sensitive
if line.key == 'passwordauthentication':
log.debug("Replacing auth line %s with %s", i + 1, pw_auth)
replaced_auth = True
line.value = pw_auth
new_lines.append(line)
if not replaced_auth:
log.debug("Adding new auth line %s", i + 1)
replaced_auth = True
new_lines.append(ssh_util.SshdConfigLine('',
'PasswordAuthentication',
pw_auth))
lines = [str(l) for l in new_lines]
util.write_file(ssh_util.DEF_SSHD_CFG, "\n".join(lines))
try:
cmd = cloud.distro.init_cmd # Default service
cmd.append(cloud.distro.get_option('ssh_svcname', 'ssh'))
cmd.append('restart')
if 'systemctl' in cmd: # Switch action ordering
cmd[1], cmd[2] = cmd[2], cmd[1]
cmd = filter(None, cmd) # Remove empty arguments
util.subp(cmd)
log.debug("Restarted the ssh daemon")
except:
util.logexc(log, "Restarting of the ssh daemon failed")
if len(errors):
log.debug("%s errors occured, re-raising the last one", len(errors))
raise errors[-1]
def handle(_name, cfg, cloud, log, args):
if len(args) != 0:
# if run from command line, and give args, wipe the chpasswd['list']
password = args[0]
if 'chpasswd' in cfg and 'list' in cfg['chpasswd']:
del cfg['chpasswd']['list']
else:
password = util.get_cfg_option_str(cfg, "password", None)
expire = True
plist = None
if 'chpasswd' in cfg:
chfg = cfg['chpasswd']
plist = util.get_cfg_option_str(chfg, 'list', plist)
expire = util.get_cfg_option_bool(chfg, 'expire', expire)
if not plist and password:
(users, _groups) = ug_util.normalize_users_groups(cfg, cloud.distro)
(user, _user_config) = ug_util.extract_default(users)
if user:
plist = "%s:%s" % (user, password)
else:
log.warn("No default or defined user to change password for.")
errors = []
if plist:
plist_in = []
randlist = []
users = []
for line in plist.splitlines():
u, p = line.split(':', 1)
if p == "R" or p == "RANDOM":
p = rand_user_password()
randlist.append("%s:%s" % (u, p))
plist_in.append("%s:%s" % (u, p))
users.append(u)
ch_in = '\n'.join(plist_in) + '\n'
try:
log.debug("Changing password for %s:", users)
util.subp(['chpasswd'], ch_in)
except Exception as e:
errors.append(e)
util.logexc(log, "Failed to set passwords with chpasswd for %s",
users)
if len(randlist):
blurb = ("Set the following 'random' passwords\n",
'\n'.join(randlist))
sys.stderr.write("%s\n%s\n" % blurb)
if expire:
expired_users = []
for u in users:
try:
util.subp(['passwd', '--expire', u])
expired_users.append(u)
except Exception as e:
errors.append(e)
util.logexc(log, "Failed to set 'expire' for %s", u)
if expired_users:
log.debug("Expired passwords for: %s users", expired_users)
change_pwauth = False
pw_auth = None
if 'ssh_pwauth' in cfg:
if util.is_true(cfg['ssh_pwauth']):
change_pwauth = True
pw_auth = 'yes'
elif util.is_false(cfg['ssh_pwauth']):
change_pwauth = True
pw_auth = 'no'
elif str(cfg['ssh_pwauth']).lower() == 'unchanged':
log.debug('Leaving auth line unchanged')
change_pwauth = False
elif not str(cfg['ssh_pwauth']).strip():
log.debug('Leaving auth line unchanged')
change_pwauth = False
elif not cfg['ssh_pwauth']:
log.debug('Leaving auth line unchanged')
change_pwauth = False
else:
msg = 'Unrecognized value %s for ssh_pwauth' % cfg['ssh_pwauth']
util.logexc(log, msg)
if change_pwauth:
replaced_auth = False
# See: man sshd_config
old_lines = ssh_util.parse_ssh_config(ssh_util.DEF_SSHD_CFG)
new_lines = []
i = 0
for (i, line) in enumerate(old_lines):
# Keywords are case-insensitive and arguments are case-sensitive
if line.key == 'passwordauthentication':
log.debug("Replacing auth line %s with %s", i + 1, pw_auth)
replaced_auth = True
line.value = pw_auth
new_lines.append(line)
if not replaced_auth:
log.debug("Adding new auth line %s", i + 1)
replaced_auth = True
new_lines.append(ssh_util.SshdConfigLine('',
'PasswordAuthentication',
pw_auth))
lines = [str(l) for l in new_lines]
util.write_file(ssh_util.DEF_SSHD_CFG, "\n".join(lines))
try:
cmd = cloud.distro.init_cmd # Default service
cmd.append(cloud.distro.get_option('ssh_svcname', 'ssh'))
cmd.append('restart')
if 'systemctl' in cmd: # Switch action ordering
cmd[1], cmd[2] = cmd[2], cmd[1]
cmd = filter(None, cmd) # Remove empty arguments
util.subp(cmd)
log.debug("Restarted the ssh daemon")
except Exception:
util.logexc(log, "Restarting of the ssh daemon failed")
if len(errors):
log.debug("%s errors occured, re-raising the last one", len(errors))
raise errors[-1]
def test_upper_case_with_equals(self):
self.load_file.return_value = "Foo=bar"
ret = ssh_util.parse_ssh_config("some real file")
self.assertEqual(1, len(ret))
self.assertEqual("foo", ret[0].key)
self.assertEqual("bar", ret[0].value)
