dropbear: Allow port forwarding if option is set
[slapos.git] / slapos / recipe / dropbear.py
1 ##############################################################################
2 #
3 # Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
4 #
5 # WARNING: This program as such is intended to be used by professional
6 # programmers who take the whole responsibility of assessing all potential
7 # consequences resulting from its eventual inadequacies and bugs
8 # End users who are looking for a ready-to-use solution with commercial
9 # guarantees and support are strongly adviced to contract a Free Software
10 # Service Company
11 #
12 # This program is Free Software; you can redistribute it and/or
13 # modify it under the terms of the GNU General Public License
14 # as published by the Free Software Foundation; either version 3
15 # of the License, or (at your option) any later version.
16 #
17 # This program is distributed in the hope that it will be useful,
18 # but WITHOUT ANY WARRANTY; without even the implied warranty of
19 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 # GNU General Public License for more details.
21 #
22 # You should have received a copy of the GNU General Public License
23 # along with this program; if not, write to the Free Software
24 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
25 #
26 ##############################################################################
27 import os
28 import itertools
29 from slapos.recipe.librecipe import GenericBaseRecipe
30
31 class KnownHostsFile(dict):
32
33 def __init__(self, filename):
34 self._filename = filename
35
36 def _load(self):
37 if os.path.exists(self._filename):
38 with open(self._filename, 'r') as keyfile:
39 for line in keyfile:
40 host, key = [column.strip() for column in line.split(' ', 1)]
41 self[host] = key
42
43 def _dump(self):
44 with open(self._filename, 'w') as keyfile:
45 for key, value in self.items():
46 if key is not None and value is not None:
47 keyfile.write('%(host)s %(key)s\n' % {'host': key,
48 'key': value})
49
50 def __enter__(self):
51 self._load()
52
53 def __exit__(self, exc_type, exc_value, traceback):
54 self._dump()
55
56
57
58 class AuthorizedKeysFile(object):
59
60 def __init__(self, filename):
61 self.filename = filename
62
63 def append(self, key):
64 """Append the key to the file if the key's not in the file
65 """
66 # Create the file it it does not exist
67 try:
68 file_ = os.open(self.filename, os.O_CREAT | os.O_EXCL)
69 os.close(file_)
70 except:
71 pass
72
73 with open(self.filename, 'r') as keyfile:
74 # itertools.imap avoid loading all the authorized_keys file in
75 # memory which would be counterproductive.
76 present = (key.strip() in itertools.imap(lambda k: k.strip(),
77 keyfile))
78 try:
79 keyfile.seek(-1, os.SEEK_END)
80 ended_by_newline = (keyfile.read() == '\n')
81 except IOError:
82 ended_by_newline = True
83
84 if not present:
85 with open(self.filename, 'a') as keyfile:
86 if not ended_by_newline:
87 keyfile.write('\n')
88 keyfile.write(key.strip())
89
90 class Recipe(GenericBaseRecipe):
91
92 def install(self):
93 path_list = []
94
95 dropbear_cmd = [self.options['dropbear-binary']]
96 # Don't fork into background
97 dropbear_cmd.append('-F')
98 # Log on stderr
99 dropbear_cmd.append('-E')
100 # Don't display motd
101 dropbear_cmd.append('-m')
102 # Disable password login
103 dropbear_cmd.extend(['-s', '-g'])
104 # Disable port forwarding
105 if not self.optionIsTrue('allow-port-forwarding', default=False):
106 dropbear_cmd.extend(['-j', '-k'])
107
108 host = self.options['host']
109 if ':' in host:
110 host = '[%s]' % host
111 port = self.options['port']
112 binding_address = '%s:%s' % (host, port)
113 dropbear_cmd.extend(['-p', binding_address])
114 # Single user mode
115 dropbear_cmd.append('-n')
116 # Keep connection alive for 5 minutes
117 dropbear_cmd.extend(['-K', '300'])
118
119 if 'dss-keyfile' in self.options:
120 dropbear_cmd.extend(['-d', self.options['dss-keyfile']])
121 else:
122 dropbear_cmd.extend(['-r', self.options['rsa-keyfile']])
123
124 env = {}
125 if 'home' in self.options:
126 env['DROPBEAR_OVERRIDE_HOME'] = self.options['home']
127
128 if 'shell' in self.options:
129 env['DROPBEAR_OVERRIDE_SHELL'] = self.options['shell']
130
131 wrapper = self.createPythonScript(
132 self.options['wrapper'],
133 'slapos.recipe.librecipe.execute.executee',
134 (dropbear_cmd, env, )
135 )
136 path_list.append(wrapper)
137
138 return path_list
139
140 class Client(GenericBaseRecipe):
141
142 def install(self):
143 env = dict()
144
145 if 'home' in self.options:
146 env['HOME'] = self.options['home']
147 self.createDirectory(self.options['home'], '.ssh')
148
149 dropbear_cmd = [self.options['dbclient-binary'], '-T']
150 if self.optionIsTrue('force-host-key', default=False):
151 dropbear_cmd.extend(['-y'])
152
153 if 'identity-file' in self.options:
154 dropbear_cmd.extend(['-i', self.options['identity-file']])
155
156 wrapper = self.createPythonScript(
157 self.options['wrapper'],
158 'slapos.recipe.librecipe.execute.executee',
159 (dropbear_cmd, env, )
160 )
161
162 return [wrapper]
163
164
165 def keysplit(s):
166 """
167 Split a string like "ssh-rsa AKLFKJSL..... ssh-rsa AAAASAF...."
168 and return the individual key_type + key strings.
169 """
170 si = iter(s.split(' '))
171 while True:
172 key_type = next(si)
173 try:
174 key_value = next(si)
175 except StopIteration:
176 # odd number of elements, should not happen, yield the last one by itself
177 yield key_type
178 break
179 yield '%s %s' % (key_type, key_value)
180
181
182 class AddAuthorizedKey(GenericBaseRecipe):
183
184 def install(self):
185 path_list = []
186
187 ssh = self.createDirectory(self.options['home'], '.ssh')
188 path_list.append(ssh)
189
190 authorized_keys = AuthorizedKeysFile(os.path.join(ssh, 'authorized_keys'))
191 for key in keysplit(self.options['key']):
192 # XXX key might actually be the string 'None' or 'null'
193 authorized_keys.append(key)
194
195 return path_list
196