Changeset 1225


Ignore:
Timestamp:
04/17/13 18:24:00 (11 years ago)
Author:
nanardon
Message:

Add ssh fp support

This patch add support for SSH finger print DNS support. Nethost have now an
sshfp attribute to hold fingerprint. The fingerprint are added into DNS zones

This patch also make 'checkzone' test optional and not enable by default.

Location:
trunk
Files:
1 added
7 edited

Legend:

Unmodified
Added
Removed

  • trunk/LATMOS-Accounts-Web/lib/LATMOS/Accounts/Web/Model/AttrForms.pm

    r1190 r1225  
    128128            date 
    129129            unexported 
     130            sshfp 
    130131        ) ], 
    131132    }, 

  • trunk/LATMOS-Accounts/Makefile.PL

    r1201 r1225  
    5858        bin/la-sql-upgrade 
    5959        bin/la-sql-edit-form 
     60        bin/la-sql-updsshfp 
    6061        bin/la-test-mail 
    6162        ) ], 

  • trunk/LATMOS-Accounts/bin/la-sql-upgrade.in

    r1186 r1225  
    2626    'no-commit'      => \my $nocommit, 
    2727    'v|verbose'      => \my $verbose, 
     28    'h|help'         => sub { pod2usage(1); }, 
    2829) or pod2usage(); 
    2930 

  • trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql/Nethost.pm

    r1224 r1225  
    8484                multiple => 1, 
    8585                input => sub { lc($_[0]) }, 
     86            }, 
     87            sshfp => { multiple => 1, }, 
     88            sshfpUpdate  => { 
     89                managed => 1, 
    8690            }, 
    8791        } 
     
    158162        delete($data{ipFrom}); 
    159163    } 
     164    if ($data{sshfpUpdate}) { 
     165        open my $h, '<', \$data{sshfpUpdate}; 
     166        my @sshfps; 
     167        while (my $line = <$h>) { 
     168            my ($type, $mode, $key) = $line =~ /^\S+\s+IN\s+SSHFP\s+(\d)\s+(\d)\s+(\S+)/i 
     169                or do { 
     170                    la_log(LA_ERR, "Seems to not be a ssh-keygen line: %s", $line); 
     171                    return; 
     172                }; 
     173            la_log(LA_DEBUG, "found sshfp %s %s %s", $type, $mode, $key); 
     174            push(@sshfps, "$type $mode $key"); 
     175        } 
     176        close($h); 
     177        delete($data{sshfpUpdate}); 
     178        $data{sshfp} = \@sshfps; 
     179    } 
    160180 
    161181    $self->SUPER::set_fields(%data) 

  • trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Task/Buildnet.pm

    r1218 r1225  
    318318sub _checkzone_output { 
    319319    my ($self, $ozone, $output) = @_; 
     320 
     321    if (!$self->_la->val('network', 'checkzone')) { 
     322        return 1; 
     323    } 
    320324 
    321325    my ($fh, $filename) = tempfile(); 
     
    479483                } 
    480484            } 
     485            foreach (grep { $_ } $host_o->get_attributes('sshfp')) { 
     486                $dbzone .= sprintf( 
     487                    "%-30s IN    SSHFP    %s\n", 
     488                    $res, 
     489                    $_, 
     490                ); 
     491            } 
    481492        } 
    482493    } 

  • trunk/LATMOS-Accounts/man/man5/latmos-accounts.ini.pod

    r1077 r1225  
    9191If set, must contains an email address where error will be sent in batch mode. 
    9292 
     93=head2 checkzone 
     94 
     95If set generated DNS zones will be first written in a temporary files and 
     96checked by C<checkzone> utility. 
     97 
     98If the test fail the zone is not generated and temporary file not removed for 
     99analysis. 
     100 
    93101=head2 BASES SECTIONS 
    94102 

  • trunk/LATMOS-Accounts/sqldata/attributes.csv

    r1221 r1225  
    4343"nethost","noInheritPuppet","" 
    4444"nethost","encryptKey","EnCrypt Key" 
     45"nethost","sshfp","" 
    4546"netzone","group","" 
    4647"netzone","net","" 
Note: See TracChangeset for help on using the changeset viewer.