mirror of
https://github.com/thegeeklab/ansible-later.git
synced 2024-11-25 22:30:42 +00:00
294 lines
10 KiB
Python
294 lines
10 KiB
Python
# Copyright (C) 2006-2007 Robey Pointer <robeypointer@gmail.com>
|
|
# Copyright (C) 2012 Olle Lundberg <geek@nerd.sh>
|
|
#
|
|
# This file is part of paramiko.
|
|
#
|
|
# Paramiko is free software; you can redistribute it and/or modify it under the
|
|
# terms of the GNU Lesser General Public License as published by the Free
|
|
# Software Foundation; either version 2.1 of the License, or (at your option)
|
|
# any later version.
|
|
#
|
|
# Paramiko is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
|
# A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
|
|
# details.
|
|
#
|
|
# You should have received a copy of the GNU Lesser General Public License
|
|
# along with Paramiko; if not, write to the Free Software Foundation, Inc.,
|
|
# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
|
|
|
|
"""
|
|
Configuration file (aka ``ssh_config``) support.
|
|
"""
|
|
|
|
import fnmatch
|
|
import os
|
|
import re
|
|
import shlex
|
|
import socket
|
|
|
|
SSH_PORT = 22
|
|
|
|
|
|
class SSHConfig(object):
|
|
"""
|
|
Representation of config information as stored in the format used by
|
|
OpenSSH. Queries can be made via `lookup`. The format is described in
|
|
OpenSSH's ``ssh_config`` man page. This class is provided primarily as a
|
|
convenience to posix users (since the OpenSSH format is a de-facto
|
|
standard on posix) but should work fine on Windows too.
|
|
|
|
.. versionadded:: 1.6
|
|
"""
|
|
|
|
SETTINGS_REGEX = re.compile(r"(\w+)(?:\s*=\s*|\s+)(.+)")
|
|
|
|
def __init__(self):
|
|
"""
|
|
Create a new OpenSSH config object.
|
|
"""
|
|
self._config = []
|
|
|
|
def parse(self, file_obj):
|
|
"""
|
|
Read an OpenSSH config from the given file object.
|
|
|
|
:param file_obj: a file-like object to read the config file from
|
|
"""
|
|
host = {"host": ["*"], "config": {}}
|
|
for line in file_obj:
|
|
# Strip any leading or trailing whitespace from the line.
|
|
# Refer to https://github.com/paramiko/paramiko/issues/499
|
|
line = line.strip()
|
|
if not line or line.startswith("#"):
|
|
continue
|
|
|
|
match = re.match(self.SETTINGS_REGEX, line)
|
|
if not match:
|
|
raise Exception("Unparsable line {}".format(line))
|
|
key = match.group(1).lower()
|
|
value = match.group(2)
|
|
|
|
if key == "host":
|
|
self._config.append(host)
|
|
host = {"host": self._get_hosts(value), "config": {}}
|
|
elif key == "proxycommand" and value.lower() == "none":
|
|
# Store 'none' as None; prior to 3.x, it will get stripped out
|
|
# at the end (for compatibility with issue #415). After 3.x, it
|
|
# will simply not get stripped, leaving a nice explicit marker.
|
|
host["config"][key] = None
|
|
else:
|
|
if value.startswith('"') and value.endswith('"'):
|
|
value = value[1:-1]
|
|
|
|
# identityfile, localforward, remoteforward keys are special
|
|
# cases, since they are allowed to be specified multiple times
|
|
# and they should be tried in order of specification.
|
|
if key in ["identityfile", "localforward", "remoteforward"]:
|
|
if key in host["config"]:
|
|
host["config"][key].append(value)
|
|
else:
|
|
host["config"][key] = [value]
|
|
elif key not in host["config"]:
|
|
host["config"][key] = value
|
|
self._config.append(host)
|
|
|
|
def lookup(self, hostname):
|
|
"""
|
|
Return a dict of config options for a given hostname.
|
|
|
|
The host-matching rules of OpenSSH's ``ssh_config`` man page are used:
|
|
For each parameter, the first obtained value will be used. The
|
|
configuration files contain sections separated by ``Host``
|
|
specifications, and that section is only applied for hosts that match
|
|
one of the patterns given in the specification.
|
|
|
|
Since the first obtained value for each parameter is used, more host-
|
|
specific declarations should be given near the beginning of the file,
|
|
and general defaults at the end.
|
|
|
|
The keys in the returned dict are all normalized to lowercase (look for
|
|
``"port"``, not ``"Port"``. The values are processed according to the
|
|
rules for substitution variable expansion in ``ssh_config``.
|
|
|
|
:param str hostname: the hostname to lookup
|
|
"""
|
|
matches = [
|
|
config
|
|
for config in self._config
|
|
if self._allowed(config["host"], hostname)
|
|
]
|
|
|
|
ret = {}
|
|
for match in matches:
|
|
for key, value in match["config"].items():
|
|
if key not in ret:
|
|
# Create a copy of the original value,
|
|
# else it will reference the original list
|
|
# in self._config and update that value too
|
|
# when the extend() is being called.
|
|
ret[key] = value[:] if value is not None else value
|
|
elif key == "identityfile":
|
|
ret[key].extend(value)
|
|
ret = self._expand_variables(ret, hostname)
|
|
# TODO: remove in 3.x re #670
|
|
if "proxycommand" in ret and ret["proxycommand"] is None:
|
|
del ret["proxycommand"]
|
|
return ret
|
|
|
|
def get_hostnames(self):
|
|
"""
|
|
Return the set of literal hostnames defined in the SSH config (both
|
|
explicit hostnames and wildcard entries).
|
|
"""
|
|
hosts = set()
|
|
for entry in self._config:
|
|
hosts.update(entry["host"])
|
|
return hosts
|
|
|
|
def _allowed(self, hosts, hostname):
|
|
match = False
|
|
for host in hosts:
|
|
if host.startswith("!") and fnmatch.fnmatch(hostname, host[1:]):
|
|
return False
|
|
elif fnmatch.fnmatch(hostname, host):
|
|
match = True
|
|
return match
|
|
|
|
def _expand_variables(self, config, hostname):
|
|
"""
|
|
Return a dict of config options with expanded substitutions
|
|
for a given hostname.
|
|
|
|
Please refer to man ``ssh_config`` for the parameters that
|
|
are replaced.
|
|
|
|
:param dict config: the config for the hostname
|
|
:param str hostname: the hostname that the config belongs to
|
|
"""
|
|
|
|
if "hostname" in config:
|
|
config["hostname"] = config["hostname"].replace("%h", hostname)
|
|
else:
|
|
config["hostname"] = hostname
|
|
|
|
if "port" in config:
|
|
port = config["port"]
|
|
else:
|
|
port = SSH_PORT
|
|
|
|
user = os.getenv("USER")
|
|
if "user" in config:
|
|
remoteuser = config["user"]
|
|
else:
|
|
remoteuser = user
|
|
|
|
host = socket.gethostname().split(".")[0]
|
|
fqdn = LazyFqdn(config, host)
|
|
homedir = os.path.expanduser("~")
|
|
replacements = {
|
|
"controlpath": [
|
|
("%h", config["hostname"]),
|
|
("%l", fqdn),
|
|
("%L", host),
|
|
("%n", hostname),
|
|
("%p", port),
|
|
("%r", remoteuser),
|
|
("%u", user),
|
|
],
|
|
"identityfile": [
|
|
("~", homedir),
|
|
("%d", homedir),
|
|
("%h", config["hostname"]),
|
|
("%l", fqdn),
|
|
("%u", user),
|
|
("%r", remoteuser),
|
|
],
|
|
"proxycommand": [
|
|
("~", homedir),
|
|
("%h", config["hostname"]),
|
|
("%p", port),
|
|
("%r", remoteuser),
|
|
],
|
|
}
|
|
|
|
for k in config:
|
|
if config[k] is None:
|
|
continue
|
|
if k in replacements:
|
|
for find, replace in replacements[k]:
|
|
if isinstance(config[k], list):
|
|
for item in range(len(config[k])):
|
|
if find in config[k][item]:
|
|
config[k][item] = config[k][item].replace(
|
|
find, str(replace)
|
|
)
|
|
else:
|
|
if find in config[k]:
|
|
config[k] = config[k].replace(find, str(replace))
|
|
return config
|
|
|
|
def _get_hosts(self, host):
|
|
"""
|
|
Return a list of host_names from host value.
|
|
"""
|
|
try:
|
|
return shlex.split(host)
|
|
except ValueError:
|
|
raise Exception("Unparsable host {}".format(host))
|
|
|
|
|
|
class LazyFqdn(object):
|
|
"""
|
|
Returns the host's fqdn on request as string.
|
|
"""
|
|
|
|
def __init__(self, config, host=None):
|
|
self.fqdn = None
|
|
self.config = config
|
|
self.host = host
|
|
|
|
def __str__(self):
|
|
if self.fqdn is None:
|
|
#
|
|
# If the SSH config contains AddressFamily, use that when
|
|
# determining the local host's FQDN. Using socket.getfqdn() from
|
|
# the standard library is the most general solution, but can
|
|
# result in noticeable delays on some platforms when IPv6 is
|
|
# misconfigured or not available, as it calls getaddrinfo with no
|
|
# address family specified, so both IPv4 and IPv6 are checked.
|
|
#
|
|
|
|
# Handle specific option
|
|
fqdn = None
|
|
address_family = self.config.get("addressfamily", "any").lower()
|
|
if address_family != "any":
|
|
try:
|
|
family = socket.AF_INET6
|
|
if address_family == "inet":
|
|
socket.AF_INET
|
|
results = socket.getaddrinfo(
|
|
self.host,
|
|
None,
|
|
family,
|
|
socket.SOCK_DGRAM,
|
|
socket.IPPROTO_IP,
|
|
socket.AI_CANONNAME,
|
|
)
|
|
for res in results:
|
|
af, socktype, proto, canonname, sa = res
|
|
if canonname and "." in canonname:
|
|
fqdn = canonname
|
|
break
|
|
# giaerror -> socket.getaddrinfo() can't resolve self.host
|
|
# (which is from socket.gethostname()). Fall back to the
|
|
# getfqdn() call below.
|
|
except socket.gaierror:
|
|
pass
|
|
# Handle 'any' / unspecified
|
|
if fqdn is None:
|
|
fqdn = socket.getfqdn()
|
|
# Cache
|
|
self.fqdn = fqdn
|
|
return self.fqdn
|