diff options
author | Michael DeHaan <mdehaan@mdehaan.rdu.redhat.com> | 2007-09-21 11:27:02 -0400 |
---|---|---|
committer | Michael DeHaan <mdehaan@mdehaan.rdu.redhat.com> | 2007-09-21 11:27:02 -0400 |
commit | 89a9dd51a62552a2e9550ec4e12b9a452762f5aa (patch) | |
tree | 4a4eb16d252be34d6885bc8cdc9945bf158f63a0 | |
parent | a4ca1866ea731b67638a65c5cb8e052f07cdbaa1 (diff) | |
parent | f945d9b43021fccde0544d4580778ae13ca50e22 (diff) | |
download | third_party-func-89a9dd51a62552a2e9550ec4e12b9a452762f5aa.tar.gz third_party-func-89a9dd51a62552a2e9550ec4e12b9a452762f5aa.tar.xz third_party-func-89a9dd51a62552a2e9550ec4e12b9a452762f5aa.zip |
Merge branch 'master' of ssh://git.fedoraproject.org/git/hosted/func
-rw-r--r-- | certs/master-keys.py | 44 | ||||
-rw-r--r-- | certs/slave-keys.py | 81 | ||||
-rw-r--r-- | client/dumb_client.py | 42 | ||||
-rw-r--r-- | func/__init__.py | 0 | ||||
-rw-r--r-- | func/certs.py | 133 | ||||
-rwxr-xr-x | modules/reboot.py | 29 | ||||
-rwxr-xr-x | server/server.py | 20 |
7 files changed, 293 insertions, 56 deletions
diff --git a/certs/master-keys.py b/certs/master-keys.py new file mode 100644 index 0000000..f576b77 --- /dev/null +++ b/certs/master-keys.py @@ -0,0 +1,44 @@ +#!/usr/bin/python -tt +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Library General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# Copyright (c) 2007 Red Hat, inc +#- Written by Seth Vidal skvidal @ fedoraproject.org + +import sys +import os +import os.path +import func.certs + + +cadir = '/etc/pki/func/ca' +ca_key_file = '%s/funcmaster.key' % cadir +ca_cert_file = '%s/funcmaster.crt' % cadir + + +def main(): + keypair = None + try: + if not os.path.exists(cadir): + os.makedirs(cadir) + if not os.path.exists(ca_key_file): + func.certs.create_ca(ca_key_file=ca_key_file, ca_cert_file=ca_cert_file) + except: + return 1 + + return 0 + + +if __name__ == "__main__": + sys.exit(main()) + diff --git a/certs/slave-keys.py b/certs/slave-keys.py index dee0fd5..00ed81f 100644 --- a/certs/slave-keys.py +++ b/certs/slave-keys.py @@ -1,75 +1,48 @@ #!/usr/bin/python -tt +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Library General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# Copyright (c) 2007 Red Hat, inc +#- Written by Seth Vidal skvidal @ fedoraproject.org import sys import os import os.path -from OpenSSL import crypto -import socket +from exceptions import Exception +import func.certs -def_country = 'UN' -def_state = 'FC' -def_local = 'Func-ytown' -def_org = 'func' -def_ou = 'slave-key' - -cert_dir = '/home/skvidal/tmp/t' +cert_dir = '/etc/pki/func' key_file = '%s/slave.pem' % cert_dir csr_file = '%s/slave.csr' % cert_dir +def submit_csr_to_master(csrfile, master): + # stuff happens here - I can just cram the csr in a POST if need be + pass -def make_cert(dest=None): - pkey = crypto.PKey() - pkey.generate_key(crypto.TYPE_RSA, 2048) - if dest: - destfo = open(dest, 'w') - destfo.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) - destfo.close() - - return pkey - -def make_csr(pkey, dest=None, cn=None): - req = crypto.X509Req() - req.get_subject() - subj = req.get_subject() - subj.C = def_country - subj.ST = def_state - subj.L = def_local - subj.O = def_org - subj.OU = def_ou - if cn: - subj.CN = cn - else: - subj.CN = socket.getfqdn() - subj.emailAddress = 'root@%s' % subj.CN - - req.set_pubkey(pkey) - req.sign(pkey, 'md5') - if dest: - destfo = open(dest, 'w') - destfo.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)) - destfo.close() - - return req - -def retrieve_key_from_file(keyfile): - fo = open(keyfile, 'r') - buf = fo.read() - keypair = crypto.load_privatekey(crypto.FILETYPE_PEM, buf) - return keypair - def main(): keypair = None try: if not os.path.exists(cert_dir): os.makedirs(cert_dir) if not os.path.exists(key_file): - keypair = make_cert(dest=key_file) + keypair = func.certs.make_keypair(dest=key_file) if not os.path.exists(csr_file): if not keypair: - keypair = retrieve_key_from_file(key_file) - csr = make_csr(keypair, dest=csr_file) - except: + keypair = func.certs.retrieve_key_from_file(key_file) + csr = func.certs.make_csr(keypair, dest=csr_file) + except Exception, e: # need a little more specificity here + print e return 1 return 0 @@ -77,4 +50,4 @@ def main(): if __name__ == "__main__": sys.exit(main()) -
\ No newline at end of file + diff --git a/client/dumb_client.py b/client/dumb_client.py new file mode 100644 index 0000000..173b3a3 --- /dev/null +++ b/client/dumb_client.py @@ -0,0 +1,42 @@ +#!/usr/bin/python + + +# all the cool kids would use optparse instead +import getopt +import sys +import xmlrpclib + + +verbose = 0 + +try: + opts, args = getopt.getopt(sys.argv, "hvs:", + ["help", + "verbose", + "server="]) +except getopt.error, e: + print _("Error parsing list arguments: %s") % e + self.print_help() + # FIXME: error handling + + +server = "http://127.0.0.1:51234" +for (opt, val) in opts: + if opt in ["-h", "--help"]: + self.print_help() + sys.exit() + if opt in ["-v", "--verbose"]: + verbose = verbose + 1 + if opt in ["-s", "--server"]: + server = val + +s = xmlrpclib.ServerProxy(server) + +args = args[1:] +method = args[0] +print "calling %s with args: %s" % (method, args[1:]) + +# thats some pretty code right there aint it? -akl +# we can't call "call" on s, since thats a rpc, so +# we call gettatr around it. +print getattr(s, method)(*args[1:]) diff --git a/func/__init__.py b/func/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/func/__init__.py diff --git a/func/certs.py b/func/certs.py new file mode 100644 index 0000000..aafa58e --- /dev/null +++ b/func/certs.py @@ -0,0 +1,133 @@ +#!/usr/bin/python -tt +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Library General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# Copyright (c) 2007 Red Hat, inc +#- Written by Seth Vidal skvidal @ fedoraproject.org + +from OpenSSL import crypto +import socket +import os + +def_country = 'UN' +def_state = 'FC' +def_local = 'Func-ytown' +def_org = 'func' +def_ou = 'slave-key' + +def make_keypair(dest=None): + pkey = crypto.PKey() + pkey.generate_key(crypto.TYPE_RSA, 2048) + if dest: + destfo = open(dest, 'w') + destfo.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) + destfo.close() + + return pkey + +def make_csr(pkey, dest=None, cn=None): + req = crypto.X509Req() + req.get_subject() + subj = req.get_subject() + subj.C = def_country + subj.ST = def_state + subj.L = def_local + subj.O = def_org + subj.OU = def_ou + if cn: + subj.CN = cn + else: + subj.CN = socket.getfqdn() + subj.emailAddress = 'root@%s' % subj.CN + + req.set_pubkey(pkey) + req.sign(pkey, 'md5') + if dest: + destfo = open(dest, 'w') + destfo.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)) + destfo.close() + + return req + +def retrieve_key_from_file(keyfile): + fo = open(keyfile, 'r') + buf = fo.read() + keypair = crypto.load_privatekey(crypto.FILETYPE_PEM, buf) + return keypair + +def retrieve_csr_from_file(csrfile): + fo = open(csrfile, 'r') + buf = fo.read() + csrreq = crypto.load_certificate_request(crypto.FILETYPE_PEM, buf) + return csrreq + +def retrieve_cert_from_file(certfile): + fo = open(certfile, 'r') + buf = fo.read() + cert = crypto.load_certificate(crypto.FILETYPE_PEM, buf) + return cert + +def create_ca(CN="Func Certificate Authority", ca_key_file=None, ca_cert_file=None): + cakey = make_keypair(dest=ca_key_file) + careq = make_csr(cakey, cn=CN) + cacert = crypto.X509() + cacert.set_serial_number(0) + cacert.gmtime_adj_notBefore(0) + cacert.gmtime_adj_notAfter(60*60*24*365*10) # 10 yrs - hard to beat this kind of cert! + cacert.set_issuer(careq.get_subject()) + cacert.set_subject(careq.get_subject()) + cacert.set_pubkey(careq.get_pubkey()) + cacert.sign(cakey, 'md5') + if ca_cert_file: + destfo = open(ca_cert_file, 'w') + destfo.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cacert)) + destfo.close() + +def _get_serial_number(cadir): + serial = '%s/serial.txt' % cadir + i = 1 + if os.path.exists(serial): + f = open(serial, 'r').read() + f = f.replace('\n','') + try: + i = int(f) + i+=1 + except ValueError, e: + i = 1 + + _set_serial_number(cadir, i) + return i + +def _set_serial_number(cadir, last): + serial = '%s/serial.txt' % cadir + f = open(serial, 'w') + f.write(str(last)) + f.close() + + + +def create_slave_certificate(csr, cakey, cacert, cadir, slave_cert_file=None): + cert = crypto.X509() + cert.set_serial_number(_get_serial_number(cadir)) + cert.gmtime_adj_notBefore(0) + cert.gmtime_adj_notAfter(60*60*24*365*10) # 10 yrs - hard to beat this kind of cert! + cert.set_issuer(cacert.get_subject()) + cert.set_subject(csr.get_subject()) + cert.set_pubkey(csr.get_pubkey()) + cert.sign(cakey, 'md5') + if slave_cert_file: + destfo = open(slave_cert_file, 'w') + destfo.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) + destfo.close() + return cert +
\ No newline at end of file diff --git a/modules/reboot.py b/modules/reboot.py new file mode 100755 index 0000000..72f9a24 --- /dev/null +++ b/modules/reboot.py @@ -0,0 +1,29 @@ +# Copyright 2007, Red Hat, Inc +# James Bowes <jbowes@redhat.com> +# +# This software may be freely redistributed under the terms of the GNU +# general public license. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + +from modules import web_svc + +import subprocess + +class Reboot(web_svc.WebSvc): + + def __init__(self): + self.methods = { + "reboot_reboot" : self.reboot + } + web_svc.WebSvc.__init__(self) + + def reboot(self, when='now', message=''): + return subprocess.call(["/sbin/shutdown", '-r', when, message]) + + +methods = Reboot() +register_rpc = methods.register_rpc diff --git a/server/server.py b/server/server.py index d6fffd5..b167938 100755 --- a/server/server.py +++ b/server/server.py @@ -22,7 +22,7 @@ import sys import traceback from rhpl.translate import _, N_, textdomain, utf8 -I18N_DOMAIN = "vf_server" +I18N_DOMAIN = "func" # our modules import codes @@ -78,6 +78,10 @@ class XmlRpcInterface(object): find a handler method """ + # Recognize ipython's tab completion calls + if method == 'trait_names' or method == '_getAttributeNames': + return self.handlers.keys() + return self.get_dispatch_method(method)(*params) # ====================================================================================== @@ -154,7 +158,19 @@ def main(argv): """ modules = module_loader.load_modules() - print "modules", modules + + print "\n\n\n\n\n" + print " WARNING WARNING WARNING" + print "DANGER DANGER DANGER" + print "\n\n\n\n" + print "THERE IS NO AUTHENTICATION IN THIS VERSION" + print "DO NOT RUN ON A MACHINE EXPOSED TO ANYONE YOU DO NOT TRUST" + print " THEY CAN DO VERY BAD THINGS" + print "\n\n\n\n\n" + print "Really, don't do that. It is not at all secure at the moment" + print "like, at all." + print "" + print "Seriously.\n\n" try: websvc = XmlRpcInterface(modules=modules) |