91 lines
3.6 KiB
Python
91 lines
3.6 KiB
Python
from paramiko.config import SSHConfig
|
|
from os.path import expandvars, isdir, isfile, join
|
|
from os import open as os_open, write, close, truncate, makedirs, O_WRONLY, O_CREAT
|
|
|
|
|
|
def setting_pki_openssh_client(dico, config):
|
|
config_dir = expandvars('$HOME/.ssh')
|
|
config_file = join(config_dir, 'config')
|
|
identityfile = join(expandvars('$HOME/.ssh'), f'risotto_{dico["organization_name"]}')
|
|
known_hosts = expandvars('$HOME/.ssh/known_hosts')
|
|
hostname = f'*.{dico["organization_name"]}'
|
|
new_data = {'identityfile': [identityfile],
|
|
'stricthostkeychecking': 'yes',
|
|
'hostname': hostname,
|
|
'user': dico['cn'],
|
|
}
|
|
ssh = SSHConfig()
|
|
if isfile(config_file):
|
|
ssh.parse(open(config_file))
|
|
if hostname not in ssh.get_hostnames():
|
|
print(f'\n\nIl faudrait ajouter dans le fichier "{config_file}" :')
|
|
print(f'Host {hostname}')
|
|
for key, value in new_data.items():
|
|
if key == 'hostname':
|
|
continue
|
|
print(f' {key} {value}')
|
|
print('\n')
|
|
else:
|
|
current_data = dict(ssh.lookup(hostname))
|
|
if current_data != new_data:
|
|
current = set(current_data)
|
|
new = set(new_data)
|
|
add = new - current
|
|
modify = [key for key in new if key in current and current_data[key] != new_data[key]]
|
|
if add or modify:
|
|
print(f'\n\nModifications suggérées de la section "Host {hostname}" du fichier "{config_file}" :')
|
|
for line in add:
|
|
value = new_data[line]
|
|
if isinstance(value, list):
|
|
value = ','.join(value)
|
|
print(f' - ajouter "{line} {value}"')
|
|
for line in modify:
|
|
value = new_data[line]
|
|
if isinstance(value, list):
|
|
value = ','.join(value)
|
|
print(f' - modifier "{line} {current_data[line]}" en "{line} {value}"')
|
|
print('\n')
|
|
else:
|
|
if not isdir(config_dir):
|
|
makedirs(config_dir, 0o700)
|
|
fh = os_open(config_file, O_WRONLY | O_CREAT, 0o400)
|
|
truncate(fh, 0)
|
|
write(fh, f'Host {hostname}\n'.encode())
|
|
for key, value in new_data.items():
|
|
if key == 'hostname':
|
|
continue
|
|
if isinstance(value, list):
|
|
value = ','.join(value)
|
|
write(fh, f' {key} {value}\n'.encode())
|
|
close(fh)
|
|
fh = os_open(f'{identityfile}.pub', O_WRONLY | O_CREAT, 0o400)
|
|
truncate(fh, 0)
|
|
write(fh, dico['certificate'].encode())
|
|
write(fh, b'\n')
|
|
close(fh)
|
|
if 'private_key' in dico:
|
|
fh = os_open(identityfile, O_WRONLY | O_CREAT, 0o400)
|
|
truncate(fh, 0)
|
|
write(fh, dico['private_key'].encode())
|
|
write(fh, b'\n')
|
|
close(fh, )
|
|
content = [f'@cert-authority *.cadoles.com {dico["chain"]}']
|
|
if isfile(known_hosts):
|
|
with open(known_hosts) as fh:
|
|
old = fh.read().strip()
|
|
for line in old.split('\n'):
|
|
if line.startswith(f'@cert-authority {hostname} '):
|
|
continue
|
|
content.append(line)
|
|
fh = os_open(known_hosts, O_WRONLY | O_CREAT, 0o400)
|
|
truncate(fh, 0)
|
|
for line in content:
|
|
write(fh, f'{line}\n'.encode())
|
|
close(fh)
|
|
print('Certificat mise à jour')
|
|
|
|
|
|
def get(message):
|
|
if message == 'v1.setting.pki.openssh.client.get':
|
|
return setting_pki_openssh_client
|