Set an AES dropfile to request the master update the publish session key
(cachedir, user=None, master_id="")
| 119 | |
| 120 | |
| 121 | def dropfile(cachedir, user=None, master_id=""): |
| 122 | """ |
| 123 | Set an AES dropfile to request the master update the publish session key |
| 124 | """ |
| 125 | dfn_next = os.path.join(cachedir, ".dfn-next") |
| 126 | dfn = os.path.join(cachedir, ".dfn") |
| 127 | # set a mask (to avoid a race condition on file creation) and store original. |
| 128 | with salt.utils.files.set_umask(0o277): |
| 129 | log.info("Rotating AES key") |
| 130 | if os.path.isfile(dfn): |
| 131 | log.info("AES key rotation already requested") |
| 132 | return |
| 133 | |
| 134 | if os.path.isfile(dfn) and not os.access(dfn, os.W_OK): |
| 135 | os.chmod(dfn, stat.S_IRUSR | stat.S_IWUSR) |
| 136 | with salt.utils.files.fopen(dfn_next, "w+") as fp_: |
| 137 | fp_.write(master_id) |
| 138 | os.chmod(dfn_next, stat.S_IRUSR) |
| 139 | if user and not salt.utils.platform.is_windows(): |
| 140 | try: |
| 141 | import pwd |
| 142 | |
| 143 | uid = pwd.getpwnam(user).pw_uid |
| 144 | os.chown(dfn_next, uid, -1) |
| 145 | except (KeyError, ImportError, OSError): |
| 146 | pass |
| 147 | os.rename(dfn_next, dfn) |
| 148 | |
| 149 | |
| 150 | def _write_private(keydir, keyname, key, passphrase=None): |