File: //opt/saltstack/salt/lib/python3.10/site-packages/salt/states/__pycache__/ssh_auth.cpython-310.pyc
o
�����N�gUN�����������������������@���sj���d�Z�d�d�l�Z�d�d�l�Z�d�d���Z�d�d���Z� � � � � �d�d
d���Z� � � � � �d�d�d
��Z� � � � � �d�d�d���Z�d�S�)�aC���
Control of entries in SSH authorized_key files
==============================================
The information stored in a user's SSH authorized key file can be easily
controlled via the ssh_auth state. Defaults can be set by the enc, options,
and comment keys. These defaults can be overridden by including them in the
name.
Since the YAML specification limits the length of simple keys to 1024
characters, and since SSH keys are often longer than that, you may have
to use a YAML 'explicit key', as demonstrated in the second example below.
.. code-block:: yaml
AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyY==:
ssh_auth.present:
- user: root
- enc: ssh-dss
? AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyY==...
:
ssh_auth.present:
- user: root
- enc: ssh-dss
thatch:
ssh_auth.present:
- user: root
- source: salt://ssh_keys/thatch.id_rsa.pub
- config: '%h/.ssh/authorized_keys'
sshkeys:
ssh_auth.present:
- user: root
- enc: ssh-rsa
- options:
- option1="value1"
- option2="value2 flag2"
- comment: myuser
- names:
- AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyY==
- ssh-dss AAAAB3NzaCL0sQ9fJ5bYTEyY== user@domain
- option3="value3" ssh-dss AAAAB3NzaC1kcQ9J5bYTEyY== other@testdomain
- AAAAB3NzaC1kcQ9fJFF435bYTEyY== newcomment
sshkeys:
ssh_auth.manage:
- user: root
- enc: ssh-rsa
- options:
- option1="value1"
- option2="value2 flag2"
- comment: myuser
- ssh_keys:
- AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyY==
- ssh-dss AAAAB3NzaCL0sQ9fJ5bYTEyY== user@domain
- option3="value3" ssh-dss AAAAB3NzaC1kcQ9J5bYTEyY== other@testdomain
- AAAAB3NzaC1kcQ9fJFF435bYTEyY== newcomment
�����Nc���������������� ���C���s����d�}�|�rMt�d���|�|�|�t�|�d���} | r2d�}�| ����D�]�\�}
}�|�d�k�r q�|�d�|���d�|
��d���7�}�q�|�r2|�|�f�S�t�j�t�d ��j���j���d
d���}�|�rEd�|�f�S�d�d
|���d���f�S�t�� d���}
|
�
|���}�|�sl|�����}�|�d���}�t�|���d�k�rk|�d���}�n&|��
d���ry|��
d�����d���}�|��
d�������}�|�d���}�|�d���}�t�|���d�k�r�|�d���}�t�d���|�|�|�|�|�|�|�d���}�|�d�k�r�d�|���d�|���d���}�|�|�f�S�|�d�k�r�d�|���d�|���d���}�|�|�f�S�|�d�k�r�d�}�d���|�|���}�|�|�f�S�)�z"
Run checks for "present"
N��ssh.check_key_file����saltenv��fingerprint_hash_type����existsz�Set to z�: ��
� test.ping��ssh_auth.errorFT��All host keys in file z� are already present�,^(.*?)\s?((?:sk-)?(?:ssh\-|ecds)[\w-]+\s.+)$r����������������,������
ssh.check_key����configr������update��Key �
for user z� is set to be updated��addz� is set to be added�9The authorized host key {} is already present for user {})���__salt__��__env__��items��sys��modules�
__module__��__context__��pop��re��compile��search��split��len��group��format����user��name��enc��comment��options��sourcer����r������result��keys��key��status��err��sshre��fullkey��key_and_comment��comps��check��r9����H/opt/saltstack/salt/lib/python3.10/site-packages/salt/states/ssh_auth.py�
_present_testB���sz�������������������������������������������������
���
�
�������������
�������������������������������� ��� ������������������r;���c���������������� ���C���sv���d�}�|�rLt�d���|�|�|�t�|�d���} | r1d�}�t�| ������D�]�\�}
}�|�d�k�r"q�|�d�|
��d���7�}�q�|�r1|�|�f�S�t�j�t�d���j���j���d d���}�|�rDd
|�f�S�d�d�|���d
��f�S�t �
d���}
|
��|���}�|�sk|�����}�|�d���}�t
|���d�k�rj|�d���}�n&|���d���rx|���d�����d���}�|���d�������}�|�d���}�|�d���}�t
|���d�k�r�|�d���}�t�d���|�|�|�|�|�|�|�d���}�|�d�k�s�|�d�k�r�d�|���d�|���d���}�|�|�f�S�d�}�d�}�|�|�f�S�)�z!
Run checks for "absent"
Nr����r����r����r����z�Set to remove: r����r ���r
���FTr����z� are already absentr����r����r
���r����r����r����r����r����r����r����r����r����z� is set for removalz�Key is already absent)�r����r������listr����r����r����r����r����r ���r!���r"���r#���r$���r%���r&���r(���r9���r9���r:�����_absent_test����sj�������������������������������������������������
�
�������������
�������������������������������� ����������r=�����ssh-rsar������.ssh/authorized_keysc����������������
���K���s����|�i�d�d�d���} |�d�k�rTt���d���}
|
��|���}�|�s,|���d�d���}�|�d���}�t�|���d�k�r+|�d���}�n(|���d���r9|���d�����d ��}�|���d�����d�d���}
|
d���}�|
d���}�t�|
��d
k�rT|
d���}�t�d���rmt�|�|�|�|�|�p`g�|�|�|���\�| d�<�| d
<�| S�|�d�k�rzt�d���|�d�t d���}�|�d�k�r�|�s�d�}�nl|�d�k�r�|�r�t�d���|�t d���}�d�}�t���d���}
|��
����d���}�|�D�]=}�|
��|���}�|�s�t�d���|�|�|�t |�d���}�q�|���d���}�|�d���}�|�d���}�t�|���d�k�r�|�d���n�d�}�t�d���|�|�|�|�|�p�g�|�|�d���}�q�n�t�d���|�|�|�|�|�p�g�|�|�d���}�|�d�k���r�d�| d���|�<�d���|�|���| d
<�| S�|�d�k���r�d���|�|���| d
<�| S�|�d k���r(d!| d���|�<�d"��|�|���| d
<�| S�|�d�k���r:d�| d�<�d#��|���| d
<�| S�|�d$k���r_d�| d�<�t
j�t�d%��j���j���d&d���}�|���rY|�| d
<�| S�d'| d
<�| S�|�d(k���si|�d)k���rqd�| d�<�d*| d
<�| S�)+aa���
Verifies that the specified SSH key is present for the specified user
name
The SSH key to manage
user
The user who owns the SSH authorized keys file to modify
enc
Defines what type of key is being used, can be ed25519, ecdsa,
ssh-rsa, ssh-dss or any other type as of openssh server version 8.7.
comment
The comment to be placed with the SSH public key
source
The source file for the key(s). Can contain any number of public keys,
in standard "authorized_keys" format. If this is set, comment and enc
will be ignored.
.. note::
The source file must contain keys in the format ``<enc> <key>
<comment>``. If you have generated a keypair using PuTTYgen, then you
will need to do the following to retrieve an OpenSSH-compatible public
key.
1. In PuTTYgen, click ``Load``, and select the *private* key file (not
the public key), and click ``Open``.
2. Copy the public key from the box labeled ``Public key for pasting
into OpenSSH authorized_keys file``.
3. Paste it into a new file.
options
The options passed to the key, pass a list object
config
The location of the authorized keys file relative to the user's home
directory, defaults to ".ssh/authorized_keys". Token expansion %u and
%h for username and home path supported.
fingerprint_hash_type
The public key fingerprint hash type that the public key fingerprint
was originally hashed with. This defaults to ``sha256`` if not specified.
Tr������r*�����changesr/���r,���r����Nr����r����r
���r����r������testr/���r,���z
cp.get_url��r����z�no key��cp.get_file_strF��^(sk-)?(ssh\-|ecds).*r����z�ssh.set_auth_key_from_file)�r����r����r������ z�ssh.set_auth_key)�r+���r,���r-���r����r������replaceZ�UpdatedrA���z2The authorized host key {} for user {} was updatedz no changer������newZ�Newz0The authorized host key {} for user {} was addedz4Failed to add the ssh key. Source file {} is missingZ�failr ���r
���z[Failed to add the ssh key. Is the home directory available, and/or does the key file exist?��invalidz�Invalid public keyz@Invalid public ssh key, most likely has spaces or invalid syntax)�r!���r"���r#���r$���r%���r&�����__opts__r;���r����r������rstrip��matchr'���r����r����r����r����r ���)�r*���r)���r+���r,���r.���r-���r����r������kwargs��retr4���r5���r6���r7�����source_path��datar1�����filehasoptions��keylineZ�key_type� key_valueZ�key_commentr3���r9���r9���r:�����present����s�����8��
�
�������������
������������������������������������
��������������
�����
�����������������
��������������������������������������������
����������
����������"
�����������
�����������
��������������
����������������rT���c���������������� ���C���s����|�i�d�d�d���}�t�d���r t�|�|�|�|�|�p�g�|�|�|���\�|�d�<�|�d�<�|�S�|�d�k�rht�d���|�t�d���} d }
t���d
��}�| ������d���} | D�]*}�|���|���}
|
sSt�d���|�|�|�t�|�d
��|�d�<�q<|���d���}�t�d���|�|�d���|�|�d���|�d�<�q<nSt���d���}�|�� |���}
|
s�|���d�d���}�|�d���}�t
|���d�k�r�|�d���}�n&|
��d���r�|
��d�����d���}�|
��d�������}�|�d���}�|�d���}�t
|���d�k�r�|�d���}�t�d���|�|�|�|�d���|�d�<�|�d���d�k�r�d |�d�<�|�S�|�d���d�k�r�d�|�d���|�<�|�S�)�az���
Verifies that the specified SSH key is absent
name
The SSH key to manage
user
The user who owns the SSH authorized keys file to modify
enc
Defines what type of key is being used, can be ed25519, ecdsa,
ssh-rsa, ssh-dss or any other type as of openssh server version 8.7.
comment
The comment to be placed with the SSH public key
options
The options passed to the key, pass a list object
source
The source file for the key(s). Can contain any number of public keys,
in standard "authorized_keys" format. If this is set, comment, enc and
options will be ignored.
.. versionadded:: 2015.8.0
config
The location of the authorized keys file relative to the user's home
directory, defaults to ".ssh/authorized_keys". Token expansion %u and
%h for username and home path supported.
fingerprint_hash_type
The public key fingerprint hash type that the public key fingerprint
was originally hashed with. This defaults to ``sha256`` if not specified.
.. versionadded:: 2016.11.7
Tr����r@���rB���r/���r,���rD���rC���FrE���r����z�ssh.rm_auth_key_from_filer����rF���z�ssh.rm_auth_keyr����r����r����Nr����r
���r����r����z%User authorized keys file not presentz�Key removedZ�RemovedrA���)�rJ���r=���r����r����r!���r"���rK���r$���rL���r#���r%���r&���)�r*���r)���r+���r,���r.���r-���r����r����rN���r1���rQ���r4���rR���r5���r6���r7���r9���r9���r:�����absent����sx����/�����������������������
������
�����
�����������������
��������������
�
�������������
�����������������
�������������rU���c ���������������
���K���sD���d�i�d�d�d���}
g�}�|�D�]
}�|���|���d�������q�t�d���|�|�|�d�������}
t�|
����|���}�|�D�],}�t�d���r>|���d���}�|�|
d <�d
|
d�<�q*t�|�|�f�|�|�|�|�|�|�d���| ����d ��}�|�|
d
��|�<�q*|�D�]F}�t�|�|�|�|�|�|�|�|�f�i�| ����}�|�d
��rx|
d
��� |�d
������n�|
d ����d�|�d ����7���<�|
d ���
��|
d <�|�d���d
u�r�d
|
d�<�qY|�d���s�d�|
d�<�qY|
S�)�a����
.. versionadded:: 3000
Ensures that only the specified ssh_keys are present for the specified user
ssh_keys
The SSH key to manage
user
The user who owns the SSH authorized keys file to modify
enc
Defines what type of key is being used, can be ed25519, ecdsa,
ssh-rsa, ssh-dss or any other type as of openssh server version 8.7.
comment
The comment to be placed with the SSH public key
source
The source file for the key(s). Can contain any number of public keys,
in standard "authorized_keys" format. If this is set, comment and enc
will be ignored.
.. note::
The source file must contain keys in the format ``<enc> <key>
<comment>``. If you have generated a keypair using PuTTYgen, then you
will need to do the following to retrieve an OpenSSH-compatible public
key.
1. In PuTTYgen, click ``Load``, and select the *private* key file (not
the public key), and click ``Open``.
2. Copy the public key from the box labeled ``Public key for pasting
into OpenSSH authorized_keys file``.
3. Paste it into a new file.
options
The options passed to the keys, pass a list object
config
The location of the authorized keys file relative to the user's home
directory, defaults to ".ssh/authorized_keys". Token expansion %u and
%h for username and home path supported.
fingerprint_hash_type
The public key fingerprint hash type that the public key fingerprint
was originally hashed with. This defaults to ``sha256`` if not specified.
r����Tr@���rF���z
ssh.auth_keys)�r)���r����r����rB���z� Key set for removalr,���Nr/���)�r+���r,���r.���r-���r����r����rA���r����F)���extendr$���r����r0�����set�
differencerJ���rU���rT���r������strip)�r*���Z�ssh_keysr)���r+���r,���r.���r-���r����r����rM���rN���Z�all_potential_keysZ�ssh_keyZ
existing_keysZ�remove_keysZ
remove_keyZ�remove_commentZ
run_returnr9���r9���r:�����manage����sl����;����������������������
���
������������������������ ���
��������������������������� ������������
���������rZ���)�r>���r����r����Nr?���N)���__doc__r!���r����r;���r=���rT���rU���rZ���r9���r9���r9���r:�����<module>����s6������=�����L�H����������
���<����������
��}������������