Ryan Barry has uploaded a new change for review. Change subject: Deprecate ovirtfunctions.rng_status() ......................................................................
Deprecate ovirtfunctions.rng_status() Do something more pythonic, merge into the existing ovirt.node.utils.security.Ssh class Change-Id: I98730b91618a2f3cb65c7058c9fbe2ad50b80f11 Signed-off-by: Ryan Barry <[email protected]> --- M src/ovirt/node/config/migrate.py M src/ovirt/node/utils/security.py M src/ovirtnode/ovirtfunctions.py 3 files changed, 20 insertions(+), 24 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/51/34951/1 diff --git a/src/ovirt/node/config/migrate.py b/src/ovirt/node/config/migrate.py index 29dd139..78be5fe 100644 --- a/src/ovirt/node/config/migrate.py +++ b/src/ovirt/node/config/migrate.py @@ -127,11 +127,12 @@ def translate_ssh(self): from ovirt.node.utils import parse_bool + from ovirt.node.utils.security import Ssh if self.__is_persisted("/etc/ssh/sshd_config"): pw_auth_enabled = ovirtfunctions.augtool_get( "/files/etc/ssh/sshd_config/PasswordAuthentication") - rng_bytes, aes_disabled = ovirtfunctions.rng_status() + rng_bytes, aes_disabled = Ssh().rng_status().values() rng_bytes = None if rng_bytes == 0 else rng_bytes aes_disabled = aes_disabled == 1 diff --git a/src/ovirt/node/utils/security.py b/src/ovirt/node/utils/security.py index 946913b..808da43 100644 --- a/src/ovirt/node/utils/security.py +++ b/src/ovirt/node/utils/security.py @@ -142,18 +142,15 @@ Returns: The status of aes_ni """ - import ovirtnode.ovirtfunctions as ofunc - rng, aes = ofunc.rng_status() + rng, aes = self.rng_status().values() if disable in [True, False]: self.__update_profile(rng, disable) else: self.logger.warning("Unknown value for AES NI: %s" % disable) - return ofunc.rng_status()[1] # FIXME should rurn bool - # and does it return disable_aes_ni? + return self.rng_status()["disable_aesni"] def strong_rng(self, num_bytes=None): - import ovirtnode.ovirtfunctions as ofunc - rng, aes = ofunc.rng_status() + rng, aes = self.rng_status().values() if (valid.Empty() | valid.Number(bounds=[0, None])).\ validate(num_bytes): self.__update_profile(num_bytes, aes) @@ -162,7 +159,19 @@ else: self.logger.warning("Unknown value for RNG num bytes: " + "%s" % num_bytes) - return ofunc.rng_status()[0] + return self.rng_status()["rng_bytes"] + + def rng_status(self): + rng_status = {"rng_bytes": None, + "disable_aes_ni": False} + f = File("/etc/profile") + if f.findall(r'SSH_USE_STRONG_RNG=\d+'): + rng_status["rng_bytes"] = f.findall(r'SSH_USE_STRONG_RNG=\d+' + )[0].split('=')]1] + if f.findall(r'DISABLE_AES_NI='): + rng_status["disable_aes_ni"] = True + return rng_status + def restart(self): self.logger.debug("Restarting SSH") diff --git a/src/ovirtnode/ovirtfunctions.py b/src/ovirtnode/ovirtfunctions.py index f09955a..b093fc6 100644 --- a/src/ovirtnode/ovirtfunctions.py +++ b/src/ovirtnode/ovirtfunctions.py @@ -1759,22 +1759,8 @@ return "on" == output.strip() def rng_status(): - bit_value = 0 - disable_aes_ni = 0 - try: - with open("/etc/profile") as f: - for line in f: - try: - if "SSH_USE_STRONG_RNG" in line: - export , kv = line.split() - key, bit_value = kv.split("=") - elif "OPENSSL_DISABLE_AES_NI=" in line: - disable_aes_ni = 1 - except: - pass - except: - pass - return (bit_value, disable_aes_ni) + from ovirt.node.utils.security import Ssh + return Ssh().rng_status().values() def get_cmdline_args(): with open("/proc/cmdline") as cmdline: -- To view, visit http://gerrit.ovirt.org/34951 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I98730b91618a2f3cb65c7058c9fbe2ad50b80f11 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: master Gerrit-Owner: Ryan Barry <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
