valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-07 00:55:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add logging to the crypt module

Browse Source
This commit is contained in:
Thomas S Hatch 2011-03-24 21:18:02 -06:00
parent 8fce758b73
commit cd503267c4
1 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
salt/crypt.py
View File

@ -50,7 +50,9 @@ class MasterKeys(dict):
key = None
try:
key = RSA.load_key(self.rsa_path, callback=foo_pass)
self.opts['logger'].debug('Loaded master key: ' + self.rsa_path)
except:
self.opts['logger'].info('Generating master key: ' + self.rsa_path)
gen = RSA.gen_key(2048, 1)
gen.save_key(self.rsa_path, callback=foo_pass)
gen.save_pub_key(self.pub_path)
@ -60,7 +62,7 @@ class MasterKeys(dict):
def __get_pub_str(self):
'''
Returns the tring contents of the public key
Returns the string contents of the public key
'''
if not os.path.isfile(self.pub_path):
key.save_pub_key(self.pub_path)
@ -89,7 +91,9 @@ class Auth(object):
key = None
try:
key = RSA.load_key(self.rsa_path, callback=foo_pass)
self.opts['logger'].debug('Loaded minion key: ' + self.rsa_path)
except:
self.opts['logger'].info('Generating minion key: ' + self.rsa_path)
gen = RSA.gen_key(2048, 1)
gen.save_key(self.rsa_path, callback=foo_pass)
pub_path = os.path.join(self.opts['pki_dir'], 'minion.pub')
@ -122,6 +126,7 @@ class Auth(object):
Pass in the encrypted aes key.
Returns the decrypted aes seed key, a string
'''
self.opts['logger'].info('Decypting the current master AES key')
key = self.get_priv_key()
return key.private_decrypt(aes, 4)
@ -141,12 +146,17 @@ class Auth(object):
local_master_pub = open(m_pub_fn).read()
if not master_pub == local_master_pub:
# This is not the last master we connected to
self.opts['logger'].error('The master key has changed, the'\
+ ' salt master could have been subverted, verify'\
+ ' salt master\'s public key')
return False
else:
open(m_pub_fn, 'w+').write(master_pub)
pub = RSA.load_pub_key(tmp_pub)
if pub.public_decrypt(token, 5) == 'salty bacon':
return True
self.opts['logger'].error('The salt master has failed verification'\
+ ' for an unknown reason, verify your salt keys')
return False
def sign_in(self):
@ -169,14 +179,15 @@ class Auth(object):
+ ' public key!\nTo repair this issue, delete the'\
+ ' public key for this minion on the Salt Master'\
+ ' and restart this minion.\nOr restart the Salt'\
+ ' Master in open mode to clean out the keys.'
sys.stderr.write(err + '\n')
+ ' Master in open mode to clean out the keys. The'\
+ ' Salr Minion will now exit.'
self.opts['logger'].critical(err)
sys.exit(42)
else:
err = 'The Salt Master has cached the public key for'\
+ ' this node, this salt minion will wait for 10'\
+ ' seconds before attempting to re-authenticate'
sys.stderr.write(err + '\n')
self.opts['logger'].error(err)
return 'retry'
if not self.verify_master(payload['pub_key'], payload['token']):
m_pub_fn = os.path.join(self.opts['pki_dir'], 'master.pub')
@ -185,7 +196,7 @@ class Auth(object):
+ ' Salt Master, then remove the master public key and'\
+ ' restart the Salt Minion.\nThe master public key can be'\
+ ' found at:\n' + m_pub_fn
sys.stderr.write(err + '\n')
self.opts['logger'].critical(err)
sys.exit(42)
auth['aes'] = self.decrypt_aes(payload['aes'])
auth['publish_port'] = payload['publish_port']