/usr/lib/python2.7/dist-packages/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py is in bcfg2-server 1.4.0~pre2+git141-g6d40dace6358-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | """ CfgEncryptedGenerator lets you encrypt your plaintext
:ref:`server-plugins-generators-cfg` files on the server. """
import Bcfg2.Options
from Bcfg2.Server.Plugin import PluginExecutionError
from Bcfg2.Server.Plugins.Cfg import CfgGenerator
try:
from Bcfg2.Server.Encryption import bruteforce_decrypt, EVPError
HAS_CRYPTO = True
except ImportError:
HAS_CRYPTO = False
class CfgEncryptedGenerator(CfgGenerator):
""" CfgEncryptedGenerator lets you encrypt your plaintext
:ref:`server-plugins-generators-cfg` files on the server. """
#: Handle .crypt files
__extensions__ = ["crypt"]
#: Low priority to avoid matching host- or group-specific
#: .genshi.crypt and .cheetah.crypt files
__priority__ = 50
def __init__(self, fname, spec):
CfgGenerator.__init__(self, fname, spec)
if not HAS_CRYPTO:
raise PluginExecutionError("M2Crypto is not available")
def handle_event(self, event):
CfgGenerator.handle_event(self, event)
if self.data is None:
return
# todo: let the user specify a passphrase by name
try:
self.data = bruteforce_decrypt(self.data)
except EVPError:
msg = "Cfg: Failed to decrypt %s" % self.name
if Bcfg2.Options.setup.lax_decryption:
self.logger.debug(msg)
else:
raise PluginExecutionError(msg)
def get_data(self, entry, metadata):
if self.data is None:
raise PluginExecutionError("Failed to decrypt %s" % self.name)
return CfgGenerator.get_data(self, entry, metadata)
|