3 from PLC.Faults import *
4 from PLC.Parameter import Parameter
5 from PLC.Debug import profile
6 from PLC.Table import Row, Table
7 from PLC.KeyTypes import KeyType, KeyTypes
11 Representation of a row in the keys table. To use, instantiate with a
12 dict of values. Update as you would a dict. Commit to the database
17 primary_key = 'key_id'
18 join_tables = ['person_key']
20 'key_id': Parameter(int, "Key identifier"),
21 'key_type': Parameter(str, "Key type"),
22 'key': Parameter(str, "Key value", max = 4096),
25 def validate_key_type(self, key_type):
26 if key_type not in KeyTypes(self.api):
27 raise PLCInvalidArgument, "Invalid key type"
30 def validate_key(self, key):
33 # Key must not be blacklisted
34 rows = self.api.db.selectall("SELECT 1 from keys" \
35 " WHERE key = %(key)s" \
36 " AND is_blacklisted IS True",
39 raise PLCInvalidArgument, "Key is blacklisted and cannot be used"
50 if self['key_type'] == 'ssh':
51 # Accept only SSH version 2 keys without options. From
54 # Each protocol version 2 public key consists of: options,
55 # keytype, base64 encoded key, comment. The options field
56 # is optional...The comment field is not used for anything
57 # (but may be convenient for the user to identify the
58 # key). For protocol version 2 the keytype is ``ssh-dss''
61 good_ssh_key = r'^.*(?:ssh-dss|ssh-rsa)[ ]+[A-Za-z0-9+/=]+(?: .*)?$'
62 if not re.match(good_ssh_key, key, re.IGNORECASE):
63 raise PLCInvalidArgument, "Invalid SSH version 2 public key"
65 def blacklist(self, commit = True):
67 Permanently blacklist key (and all other identical keys),
68 preventing it from ever being added again. Because this could
69 affect multiple keys associated with multiple accounts, it
73 assert 'key_id' in self
76 # Get all matching keys
77 rows = self.api.db.selectall("SELECT key_id FROM keys WHERE key = %(key)s",
79 key_ids = [row['key_id'] for row in rows]
81 assert self['key_id'] in key_ids
83 # Keep the keys in the table
84 self.api.db.do("UPDATE keys SET is_blacklisted = True" \
85 " WHERE key_id IN (%s)" % ", ".join(map(str, key_ids)))
87 # But disassociate them from all join tables
88 for table in ['person_key']:
89 self.api.db.do("DELETE FROM %s WHERE key_id IN (%s)" % \
90 (table, ", ".join(map(str, key_ids))))
97 Representation of row(s) from the keys table in the
101 def __init__(self, api, key_id_list = None, is_blacklisted = False):
104 sql = "SELECT %s FROM keys WHERE True" % \
105 ", ".join(Key.fields)
107 if is_blacklisted is not None:
108 sql += " AND is_blacklisted IS %(is_blacklisted)s"
111 sql += " AND key_id IN (%s)" % ", ".join(map(str, key_id_list))
113 rows = self.api.db.selectall(sql, locals())
116 self[row['key_id']] = Key(api, row)