diff --git a/machines/migrations/0084_sshfingerprint.py b/machines/migrations/0084_sshfingerprint.py new file mode 100644 index 00000000..7e59734f --- /dev/null +++ b/machines/migrations/0084_sshfingerprint.py @@ -0,0 +1,33 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.10.7 on 2018-07-29 11:39 +from __future__ import unicode_literals + +from django.db import migrations, models +import django.db.models.deletion +import re2o.mixins + + +class Migration(migrations.Migration): + + dependencies = [ + ('machines', '0083_remove_duplicate_rights'), + ] + + operations = [ + migrations.CreateModel( + name='SshFingerprint', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('pub_key_entry', models.TextField(help_text='SSH public key', max_length=2048)), + ('algo', models.CharField(choices=[('ssh-rsa', 'ssh-rsa'), ('ssh-ed25519', 'ssh-ed25519'), ('ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp256'), ('ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp384'), ('ecdsa-sha2-nistp521', 'ecdsa-sha2-nistp521'), ('ecdsa-sha2-nistp521', 'ecdsa-sha2-nistp521')], max_length=32)), + ('comment', models.CharField(blank=True, help_text='Comment', max_length=255, null=True)), + ('machine', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='machines.Machine')), + ], + options={ + 'verbose_name': 'SSH fingerprint', + 'verbose_name_plural': 'SSH fingerprints', + 'permissions': (('view_sshfingerprint', 'Can see an SSH fingerprint'),), + }, + bases=(re2o.mixins.RevMixin, re2o.mixins.AclMixin, models.Model), + ), + ] diff --git a/machines/models.py b/machines/models.py index 66a2a03a..5dd75fb2 100644 --- a/machines/models.py +++ b/machines/models.py @@ -32,6 +32,8 @@ import re from ipaddress import IPv6Address from itertools import chain from netaddr import mac_bare, EUI, IPSet, IPRange, IPNetwork, IPAddress +import hashlib +import base64 from django.db import models from django.db.models.signals import post_save, post_delete @@ -229,6 +231,25 @@ class SshFingerprint(RevMixin, AclMixin, models.Model): blank=True ) + @cached_property + def algo_id(self): + """Return the id of the algorithme for this key""" + if "ecdsa" in self.algo: + return 3 + elif "rsa" in self.algo: + return 1 + else: + return 2 + + @cached_property + def hash(self): + """Return the hashs for the pub key with correct id + cf RFC, 1 is sha1 , 2 sha256""" + return { + "1" : hashlib.sha1(base64.b64decode(self.pub_key_entry)).hexdigest(), + "2" : hashlib.sha256(base64.b64decode(self.pub_key_entry)).hexdigest(), + } + class Meta: permissions = ( ("view_sshfingerprint", "Can see an SSH fingerprint"), @@ -246,7 +267,7 @@ class SshFingerprint(RevMixin, AclMixin, models.Model): return self.machine.can_delete(user_request, *args, **kwargs) def __str__(self): - return str(self.algo) + ' ' + str(self.hash_entry) + ' ' + str(self.comment) + return str(self.algo) + ' ' + str(self.comment) class MachineType(RevMixin, AclMixin, models.Model): @@ -611,6 +632,12 @@ class Extension(RevMixin, AclMixin, models.Model): entry += "@ IN AAAA " + str(self.origin_v6) return entry + def get_associated_sshfpr(self): + from re2o.utils import all_active_assigned_interfaces + return (all_active_assigned_interfaces() + .filter(type__ip_type__extension=self) + .filter(machine)) + def get_associated_a_records(self): from re2o.utils import all_active_assigned_interfaces return (all_active_assigned_interfaces()