Merge branch 'master' of ssh://git.fedoraproject.org/git/hosted/func

7 files changed, 293 insertions, 56 deletions

diff --git a/certs/master-keys.py b/certs/master-keys.py
new file mode 100644
index 0000000..f576b77
--- /dev/null
+++ b/certs/master-keys.py
@@ -0,0 +1,44 @@
+#!/usr/bin/python -tt
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Library General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+# Copyright (c) 2007 Red Hat, inc 
+#- Written by Seth Vidal skvidal @ fedoraproject.org
+
+import sys
+import os
+import os.path
+import func.certs 
+
+
+cadir = '/etc/pki/func/ca'
+ca_key_file = '%s/funcmaster.key' % cadir
+ca_cert_file = '%s/funcmaster.crt' % cadir
+
+
+def main():
+    keypair = None
+    try:
+        if not os.path.exists(cadir):
+            os.makedirs(cadir)
+        if not os.path.exists(ca_key_file):
+            func.certs.create_ca(ca_key_file=ca_key_file, ca_cert_file=ca_cert_file)
+    except:
+        return 1
+        
+    return 0
+
+
+if __name__ == "__main__":
+   sys.exit(main())
+       
diff --git a/certs/slave-keys.py b/certs/slave-keys.py
index dee0fd5..00ed81f 100644
--- a/certs/slave-keys.py
+++ b/certs/slave-keys.py
@@ -1,75 +1,48 @@
 #!/usr/bin/python -tt
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Library General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+# Copyright (c) 2007 Red Hat, inc 
+#- Written by Seth Vidal skvidal @ fedoraproject.org
 
 import sys
 import os
 import os.path
-from OpenSSL import crypto
-import socket
+from  exceptions import Exception
 
+import func.certs
 
-def_country = 'UN'
-def_state = 'FC'
-def_local = 'Func-ytown'
-def_org = 'func'
-def_ou = 'slave-key'
-
-cert_dir = '/home/skvidal/tmp/t'
+cert_dir = '/etc/pki/func'
 key_file = '%s/slave.pem' % cert_dir
 csr_file = '%s/slave.csr' % cert_dir
 
+def submit_csr_to_master(csrfile, master):
+    # stuff happens here - I can just cram the csr in a POST if need be
+    pass
 
-def make_cert(dest=None):
-    pkey = crypto.PKey()
-    pkey.generate_key(crypto.TYPE_RSA, 2048)
-    if dest:
-        destfo = open(dest, 'w')
-        destfo.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
-        destfo.close()
-    
-    return pkey
-
-def make_csr(pkey, dest=None, cn=None):
-    req = crypto.X509Req()
-    req.get_subject()
-    subj  = req.get_subject()
-    subj.C = def_country
-    subj.ST = def_state
-    subj.L = def_local
-    subj.O = def_org
-    subj.OU = def_ou
-    if cn:
-        subj.CN = cn
-    else:
-        subj.CN = socket.getfqdn()
-    subj.emailAddress = 'root@%s' % subj.CN       
-        
-    req.set_pubkey(pkey)
-    req.sign(pkey, 'md5')
-    if dest:
-        destfo = open(dest, 'w')
-        destfo.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, req))
-        destfo.close()
-
-    return req
-
-def retrieve_key_from_file(keyfile):
-    fo = open(keyfile, 'r')
-    buf = fo.read()
-    keypair = crypto.load_privatekey(crypto.FILETYPE_PEM, buf)
-    return keypair
-    
 def main():
     keypair = None
     try:
         if not os.path.exists(cert_dir):
             os.makedirs(cert_dir)
         if not os.path.exists(key_file):
-            keypair = make_cert(dest=key_file)
+            keypair = func.certs.make_keypair(dest=key_file)
         if not os.path.exists(csr_file):
             if not keypair:
-                keypair = retrieve_key_from_file(key_file)
-            csr = make_csr(keypair, dest=csr_file)
-    except:
+                keypair = func.certs.retrieve_key_from_file(key_file)
+            csr = func.certs.make_csr(keypair, dest=csr_file)
+    except Exception, e: # need a little more specificity here
+        print e
         return 1
         
     return 0
@@ -77,4 +50,4 @@ def main():
 
 if __name__ == "__main__":
    sys.exit(main())
-       
\ No newline at end of file
+       
diff --git a/client/dumb_client.py b/client/dumb_client.py
new file mode 100644
index 0000000..173b3a3
--- /dev/null
+++ b/client/dumb_client.py
@@ -0,0 +1,42 @@
+#!/usr/bin/python
+
+
+# all the cool kids would use optparse instead
+import getopt
+import sys
+import xmlrpclib
+
+
+verbose = 0
+
+try:
+    opts, args = getopt.getopt(sys.argv, "hvs:",
+                               ["help",
+                                "verbose",
+                                "server="])
+except getopt.error, e:
+    print _("Error parsing list arguments: %s") % e
+    self.print_help()
+    # FIXME: error handling
+    
+
+server = "http://127.0.0.1:51234"
+for (opt, val) in opts:
+    if opt in ["-h", "--help"]:
+        self.print_help()
+        sys.exit()
+    if opt in ["-v", "--verbose"]:
+        verbose = verbose + 1
+    if opt in ["-s", "--server"]:
+        server = val
+
+s = xmlrpclib.ServerProxy(server)
+
+args = args[1:]
+method = args[0]
+print "calling %s with args: %s" % (method, args[1:])
+
+# thats some pretty code right there aint it? -akl
+# we can't call "call" on s, since thats a rpc, so
+# we call gettatr around it. 
+print getattr(s, method)(*args[1:])
diff --git a/func/__init__.py b/func/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/func/__init__.py
diff --git a/func/certs.py b/func/certs.py
new file mode 100644
index 0000000..aafa58e
--- /dev/null
+++ b/func/certs.py
@@ -0,0 +1,133 @@
+#!/usr/bin/python -tt
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Library General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+# Copyright (c) 2007 Red Hat, inc 
+#- Written by Seth Vidal skvidal @ fedoraproject.org
+
+from OpenSSL import crypto
+import socket
+import os
+
+def_country = 'UN'
+def_state = 'FC'
+def_local = 'Func-ytown'
+def_org = 'func'
+def_ou = 'slave-key'
+
+def make_keypair(dest=None):
+    pkey = crypto.PKey()
+    pkey.generate_key(crypto.TYPE_RSA, 2048)
+    if dest:
+        destfo = open(dest, 'w')
+        destfo.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
+        destfo.close()
+    
+    return pkey
+
+def make_csr(pkey, dest=None, cn=None):
+    req = crypto.X509Req()
+    req.get_subject()
+    subj  = req.get_subject()
+    subj.C = def_country
+    subj.ST = def_state
+    subj.L = def_local
+    subj.O = def_org
+    subj.OU = def_ou
+    if cn:
+        subj.CN = cn
+    else:
+        subj.CN = socket.getfqdn()
+    subj.emailAddress = 'root@%s' % subj.CN       
+        
+    req.set_pubkey(pkey)
+    req.sign(pkey, 'md5')
+    if dest:
+        destfo = open(dest, 'w')
+        destfo.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, req))
+        destfo.close()
+
+    return req
+
+def retrieve_key_from_file(keyfile):
+    fo = open(keyfile, 'r')
+    buf = fo.read()
+    keypair = crypto.load_privatekey(crypto.FILETYPE_PEM, buf)
+    return keypair
+    
+def retrieve_csr_from_file(csrfile):
+    fo = open(csrfile, 'r')
+    buf = fo.read()
+    csrreq = crypto.load_certificate_request(crypto.FILETYPE_PEM, buf)
+    return csrreq
+
+def retrieve_cert_from_file(certfile):
+    fo = open(certfile, 'r')
+    buf = fo.read()
+    cert = crypto.load_certificate(crypto.FILETYPE_PEM, buf)
+    return cert
+
+def create_ca(CN="Func Certificate Authority", ca_key_file=None, ca_cert_file=None):
+    cakey = make_keypair(dest=ca_key_file)
+    careq = make_csr(cakey, cn=CN)
+    cacert = crypto.X509()
+    cacert.set_serial_number(0)
+    cacert.gmtime_adj_notBefore(0)
+    cacert.gmtime_adj_notAfter(60*60*24*365*10) # 10 yrs - hard to beat this kind of cert!
+    cacert.set_issuer(careq.get_subject())
+    cacert.set_subject(careq.get_subject())
+    cacert.set_pubkey(careq.get_pubkey())
+    cacert.sign(cakey, 'md5')
+    if ca_cert_file:
+        destfo = open(ca_cert_file, 'w')
+        destfo.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cacert))
+        destfo.close()
+                                            
+def _get_serial_number(cadir):
+    serial = '%s/serial.txt' % cadir
+    i = 1
+    if os.path.exists(serial):
+        f = open(serial, 'r').read()
+        f = f.replace('\n','')
+        try:
+            i = int(f)
+            i+=1      
+        except ValueError, e:
+            i = 1
+            
+    _set_serial_number(cadir, i)        
+    return i
+
+def _set_serial_number(cadir, last):
+    serial = '%s/serial.txt' % cadir
+    f = open(serial, 'w')
+    f.write(str(last))
+    f.close()
+            
+        
+
+def create_slave_certificate(csr, cakey, cacert, cadir, slave_cert_file=None):
+    cert = crypto.X509()
+    cert.set_serial_number(_get_serial_number(cadir))
+    cert.gmtime_adj_notBefore(0)
+    cert.gmtime_adj_notAfter(60*60*24*365*10) # 10 yrs - hard to beat this kind of cert!
+    cert.set_issuer(cacert.get_subject())
+    cert.set_subject(csr.get_subject())
+    cert.set_pubkey(csr.get_pubkey())
+    cert.sign(cakey, 'md5')
+    if slave_cert_file:
+        destfo = open(slave_cert_file, 'w')
+        destfo.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
+        destfo.close()
+    return cert
+    
\ No newline at end of file
diff --git a/modules/reboot.py b/modules/reboot.py
new file mode 100755
index 0000000..72f9a24
--- /dev/null
+++ b/modules/reboot.py
@@ -0,0 +1,29 @@
+# Copyright 2007, Red Hat, Inc
+# James Bowes <jbowes@redhat.com>
+#
+# This software may be freely redistributed under the terms of the GNU
+# general public license.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+
+from modules import web_svc
+
+import subprocess
+
+class Reboot(web_svc.WebSvc):
+
+    def __init__(self):
+        self.methods = {
+                "reboot_reboot" : self.reboot
+        }
+        web_svc.WebSvc.__init__(self)
+
+    def reboot(self, when='now', message=''):
+        return subprocess.call(["/sbin/shutdown", '-r', when, message])
+
+
+methods = Reboot()
+register_rpc = methods.register_rpc
diff --git a/server/server.py b/server/server.py
index d6fffd5..b167938 100755
--- a/server/server.py
+++ b/server/server.py
@@ -22,7 +22,7 @@ import sys
 import traceback
 
 from rhpl.translate import _, N_, textdomain, utf8
-I18N_DOMAIN = "vf_server"
+I18N_DOMAIN = "func"
 
 # our modules
 import codes
@@ -78,6 +78,10 @@ class XmlRpcInterface(object):
         find a handler method 
         """
 
+        # Recognize ipython's tab completion calls
+        if method == 'trait_names' or method == '_getAttributeNames':
+            return self.handlers.keys()
+
         return self.get_dispatch_method(method)(*params)
 
 # ======================================================================================
@@ -154,7 +158,19 @@ def main(argv):
     """
 
     modules = module_loader.load_modules()
-    print "modules", modules
+
+    print "\n\n\n\n\n"
+    print " WARNING WARNING WARNING"
+    print "DANGER DANGER DANGER"
+    print "\n\n\n\n"
+    print "THERE IS NO AUTHENTICATION IN THIS VERSION"
+    print "DO NOT RUN ON A MACHINE EXPOSED TO ANYONE YOU DO NOT TRUST"
+    print " THEY CAN DO VERY BAD THINGS"
+    print "\n\n\n\n\n"
+    print "Really, don't do that. It is not at all secure at the moment"
+    print "like, at all."
+    print ""
+    print "Seriously.\n\n"
 
     try:
         websvc = XmlRpcInterface(modules=modules)