def main(): if len(sys.argv) < 2: print 'Usage: %s [version] [--install] [--local|username password]' % sys.argv[0] print 'Where [version] is the branch you want to checkout' print 'and username and password are for your eduforge account' print 'Eg. %s 0.7 --local' % sys.argv[0] else: version = sys.argv[1] branch = 'http://exe.cfdl.auckland.ac.nz/svn/exe/branches/%s' % version origDir = Path(sys.argv[0]).abspath().dirname() tmp = TempDirPath() os.chdir(tmp) os.system('svn export %s exe' % branch) (origDir/'../../exe/webui/firefox').copytree(tmp/'exe/exe/webui/firefox') os.chdir(tmp/'exe') tarball = Path('../exe-%s-source.tgz' % version).abspath() os.system('tar czf %s *' % tarball) os.chdir(tmp) if '--local' not in sys.argv: try: from paramiko import Transport except ImportError: print 'To upload you need to install paramiko python library from:' print 'http://www.lag.net/paramiko' sys.exit(2) from socket import socket, gethostbyname s = socket() s.connect((gethostbyname('shell.eduforge.org'), 22)) t = Transport(s) t.connect() t.auth_password(sys.argv[-2], sys.argv[-1]) f = t.open_sftp_client() f.chdir('/home/pub/exe') f.put(tarball.encode('utf8'), tarball.basename().encode('utf8')) if os.getuid() == 0: tarball.copyfile('/usr/portage/distfiles/' + tarball.basename()) os.chdir(tmp/'exe/installs/gentoo') newEbuildFilename = Path('exe-%s.ebuild' % version).abspath() if not newEbuildFilename.exists(): Path('exe-0.7.ebuild').copy(newEbuildFilename) if os.getuid() == 0: ebuildDir = Path('/usr/local/portage/dev-python/exe') if ebuildDir.exists(): ebuildDir.rmtree() ebuildDir.makedirs() os.chdir(ebuildDir) newEbuildFilename.copy(ebuildDir) filesDir = ebuildDir/'files' filesDir.makedirs() Path(tmp/'exe/installs/gentoo/all-config.patch').copy(filesDir) if '--local' not in sys.argv: oldTarball = Path('/usr/portage/distfiles/')/tarball.basename() if oldTarball.exists(): oldTarball.remove() os.environ['GENTOO_MIRRORS']='' os.system('ebuild %s fetch' % newEbuildFilename.basename()) os.system('ebuild %s manifest' % newEbuildFilename.basename()) os.system('ebuild %s digest' % newEbuildFilename.basename()) if '--install' in sys.argv: os.system('ebuild %s install' % newEbuildFilename.basename())
def main(): try: from paramiko import Transport except ImportError: print print 'To upload you need to install paramiko python library from:' print 'http://www.lag.net/paramiko', print 'or on ubuntu go: apt-get install python2.4-paramiko' print sys.exit(2) server = 'shell.eduforge.org' basedir = '/home/pub/exe/' print 'Please enter password for %s@%s:' % (sys.argv[-1], server) password = getpass() print 'Renaming files' install = Path('eXe_install_windows.exe') newName = Path('eXe-install-%s.exe' % release) install = renameFile(install, newName) ready2run = Path('exes.exe') newName = Path('eXe-ready2run-%s.exe' % release) ready2run = renameFile(ready2run, newName) print 'Uploading' print 'connecting to %s...' % server from socket import socket, gethostbyname s = socket() s.connect((gethostbyname(server), 22)) t = Transport(s) t.connect() t.auth_password(sys.argv[-1], password) sftp = t.open_sftp_client() sftp.chdir(basedir) upFile(sftp, install) upFile(sftp, ready2run)
def _connect(self): host_id = self._host_cfg['host_id'] host, port = self._host_cfg[host_id, 'host'] user = self._host_cfg[host_id, 'user'] passwd = self._host_cfg[host_id, 'password'] timeout = self._host_cfg[host_id, 'timeout'] or None known_hosts = self._host_cfg[host_id, 'known_hosts'] key_type = self._host_cfg[host_id, 'key_type'] key_file = self._host_cfg[host_id, 'key_file'] key_pass = self._host_cfg[host_id, 'key_pass'] try: if key_type: key = _KEY_TYPES[key_type](filename=key_file, password=key_pass) _logger.debug('private key: %s', key.get_name()) else: key = None hostname = utils.format_knownhost(host, port) hostkeys = HostKeys(known_hosts) transport = Transport((host, port)) transport.start_client(timeout=timeout) hostkey = transport.get_remote_server_key() if not hostkeys.check(hostname, hostkey): raise SSHException('Incorrect hostkey') if key: transport.auth_publickey(user, key) else: transport.auth_password(user, passwd) client = transport.open_sftp_client() client.get_channel().settimeout(timeout) _logger.debug('client for %s created', hostname) return client except (OSError, SSHException) as ex: raise ConnectError(f'Connection to server "{host}:{port}"' f' failed: {ex.args!s}')
def ssh_check(self, sock): private_key = paramiko.RSAKey.from_private_key_file(self.private) transport = Transport(sock=sock) try: transport.start_client() except SSHException as error: Print("{} {}".format(self.username, error), colour="red") try: if self.password is None: transport.auth_publickey(self.username, private_key) else: transport.auth_password(self.username, self.password) if transport.is_authenticated(): Print("{} {} connection Successfully.".format( self.hostname, self.username), colour="green") except ssh_exception.SSHException, e: print("{} {}".format(self.hostname, e.message)) Print("{} {} Error in username or password.".format( self.hostname, self.username), colour="red") # LinuxSSHAuth(hostname='q12469v.cloud.shbt.qihoo.net',username='******').auth() # def ssh_check(hostname,username,password,port=22): # sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # sock.settimeout(3) # sock.connect((hostname, port)) # transport = Transport(sock=sock) # try: # transport.start_client() # except SSHException as error: # Print("{} {}".format(hostname, error), "red") # try: # transport.auth_password(username, password) # if transport.is_authenticated(): # Print("{} {} connection Successfully.".format(hostname, username), "green") # except ssh_exception.AuthenticationException, e: # print("{} {}".format(hostname, e.message)) # Print("{} {} Error in username or password.\nExit installation.".format(hostname, username), "red") # # ssh_check(hostname='zjtdev01v.cloud.corp.qihoo.net',username='******',password='******')
def ssh_check(self, sock): private_key = paramiko.RSAKey.from_private_key_file(self.private) transport = Transport(sock=sock) try: transport.start_client() except SSHException as error: Print("{} {}".format(self.username, error), colour="red") try: if self.password is None: transport.auth_publickey(self.username, private_key) else: transport.auth_password(self.username, self.password) if transport.is_authenticated(): Print("{} {} connection Successfully.".format( self.hostname, self.username), colour="green") except ssh_exception.SSHException, e: print("{} {}".format(self.hostname, e.message)) Print("{} {} Error in username or password.".format( self.hostname, self.username), colour="red")
def main(): try: from paramiko import Transport except ImportError: print print "To upload you need to install paramiko python library from:" print "http://www.lag.net/paramiko", print "or on ubuntu go: apt-get install python2.4-paramiko" print sys.exit(2) # Setup for eduforge server = "shell.eduforge.org" basedir = "/home/pub/exe/" print "Please enter password for %s@%s:" % (sys.argv[-1], server) password = getpass() # Get the version # Rename the files print "Renaming files" install = Path("eXe_install_windows.exe") newName = Path("eXe-install-%s.exe" % release) install = renameFile(install, newName) ready2run = Path("exes.exe") newName = Path("eXe-ready2run-%s.exe" % release) ready2run = renameFile(ready2run, newName) # Upload print "Uploading" print "connecting to %s..." % server from socket import socket, gethostbyname s = socket() s.connect((gethostbyname(server), 22)) t = Transport(s) t.connect() t.auth_password(sys.argv[-1], password) sftp = t.open_sftp_client() sftp.chdir(basedir) upFile(sftp, install) upFile(sftp, ready2run)
def main(): try: from paramiko import Transport except ImportError: print print 'To upload you need to install paramiko python library from:' print 'http://www.lag.net/paramiko', print 'or on ubuntu go: apt-get install python2.4-paramiko' print sys.exit(2) # Setup for eduforge server = 'shell.eduforge.org' basedir = '/home/pub/exe/' print 'Please enter password for %s@%s:' % (sys.argv[-1], server) password = getpass() # Get the version # Rename the files print 'Renaming files' install = Path('eXe_install_windows.exe') newName = Path('eXe-install-%s.exe' % release) install = renameFile(install, newName) ready2run = Path('exes.exe') newName = Path('eXe-ready2run-%s.exe' % release) ready2run = renameFile(ready2run, newName) # Upload print 'Uploading' print 'connecting to %s...' % server from socket import socket, gethostbyname s = socket() s.connect((gethostbyname(server), 22)) t = Transport(s) t.connect() t.auth_password(sys.argv[-1], password) sftp = t.open_sftp_client() sftp.chdir(basedir) upFile(sftp, install) upFile(sftp, ready2run)
class MikoTransport(Transport): def __init__( self, host: str, port: int = -1, auth_username: str = "", auth_private_key: str = "", auth_password: str = "", auth_strict_key: bool = True, timeout_socket: int = 5, timeout_transport: int = 5, timeout_exit: bool = True, ssh_config_file: str = "", ssh_known_hosts_file: str = "", ) -> None: """ MikoTransport Object Inherit from Transport ABC MikoTransport <- Transport (ABC) Args: host: host ip/name to connect to port: port to connect to auth_username: username for authentication auth_private_key: path to private key for authentication auth_password: password for authentication auth_strict_key: True/False to enforce strict key checking (default is True) timeout_socket: timeout for establishing socket in seconds timeout_transport: timeout for ssh transport in seconds timeout_exit: True/False close transport if timeout encountered ssh_config_file: string to path for ssh config file ssh_known_hosts_file: string to path for ssh known hosts file Returns: N/A # noqa: DAR202 Raises: N/A """ cfg_port, cfg_user, cfg_private_key = self._process_ssh_config(host, ssh_config_file) if port == -1: port = cfg_port or 22 super().__init__( host, port, timeout_socket, timeout_transport, timeout_exit, ) self.auth_username: str = auth_username or cfg_user self.auth_private_key: str = auth_private_key or cfg_private_key self.auth_password: str = auth_password self.auth_strict_key: bool = auth_strict_key self.ssh_known_hosts_file: str = ssh_known_hosts_file self.session: ParamikoTransport self.channel: Channel self.socket = Socket(host=self.host, port=self.port, timeout=self.timeout_socket) @staticmethod def _process_ssh_config(host: str, ssh_config_file: str) -> Tuple[Optional[int], str, str]: """ Method to parse ssh config file In the future this may move to be a 'helper' function as it should be very similar between paramiko and and ssh2-python... for now it can be a static method as there may be varying supported args between the two transport drivers. Args: host: host to lookup in ssh config file ssh_config_file: string path to ssh config file; passed down from `Scrape`, or the `NetworkDriver` or subclasses of it, in most cases. Returns: Tuple: port to use for ssh, username to use for ssh, identity file (private key) to use for ssh auth Raises: N/A """ ssh = SSHConfig(ssh_config_file) host_config = ssh.lookup(host) return host_config.port, host_config.user or "", host_config.identity_file or "" def open(self) -> None: """ Parent method to open session, authenticate and acquire shell Args: N/A Returns: N/A # noqa: DAR202 Raises: Exception: if socket handshake fails ScrapliAuthenticationFailed: if all authentication means fail """ if not self.socket.socket_isalive(): self.socket.socket_open() try: self.session = ParamikoTransport(self.socket.sock) self.session.start_client() except Exception as exc: LOG.critical(f"Failed to complete handshake with host {self.host}; Exception: {exc}") raise exc if self.auth_strict_key: LOG.debug(f"Attempting to validate {self.host} public key") self._verify_key() self._authenticate() if not self._isauthenticated(): msg = f"Authentication to host {self.host} failed" LOG.critical(msg) raise ScrapliAuthenticationFailed(msg) self._open_channel() def _verify_key(self) -> None: """ Verify target host public key, raise exception if invalid/unknown Args: N/A Returns: N/A # noqa: DAR202 Raises: KeyVerificationFailed: if host is not in known hosts KeyVerificationFailed: if host is in known hosts but public key does not match """ known_hosts = SSHKnownHosts(self.ssh_known_hosts_file) if self.host not in known_hosts.hosts.keys(): raise KeyVerificationFailed(f"{self.host} not in known_hosts!") remote_server_key = self.session.get_remote_server_key() remote_public_key = remote_server_key.get_base64() if known_hosts.hosts[self.host]["public_key"] != remote_public_key: raise KeyVerificationFailed( f"{self.host} in known_hosts but public key does not match!" ) def _authenticate(self) -> None: """ Parent method to try all means of authentication Args: N/A Returns: N/A # noqa: DAR202 Raises: ScrapliAuthenticationFailed: if authentication fails """ if self.auth_private_key: self._authenticate_public_key() if self._isauthenticated(): LOG.debug(f"Authenticated to host {self.host} with public key auth") return if not self.auth_password or not self.auth_username: msg = ( f"Failed to authenticate to host {self.host} with private key " f"`{self.auth_private_key}`. Unable to continue authentication, " "missing username, password, or both." ) LOG.critical(msg) raise ScrapliAuthenticationFailed(msg) self._authenticate_password() if self._isauthenticated(): LOG.debug(f"Authenticated to host {self.host} with password") def _authenticate_public_key(self) -> None: """ Attempt to authenticate with public key authentication Args: N/A Returns: N/A # noqa: DAR202 Raises: N/A """ try: paramiko_key = RSAKey(filename=self.auth_private_key) self.session.auth_publickey(self.auth_username, paramiko_key) except AuthenticationException as exc: LOG.critical( f"Public key authentication with host {self.host} failed. Exception: {exc}." ) except Exception as exc: # pylint: disable=W0703 LOG.critical( "Unknown error occurred during public key authentication with host " f"{self.host}; Exception: {exc}" ) def _authenticate_password(self) -> None: """ Attempt to authenticate with password authentication Args: N/A Returns: N/A # noqa: DAR202 Raises: Exception: if unknown (i.e. not auth failed) exception occurs """ try: self.session.auth_password(self.auth_username, self.auth_password) except AuthenticationException as exc: LOG.critical( f"Password authentication with host {self.host} failed. Exception: {exc}." "\n\tNote: Paramiko automatically attempts both standard auth as well as keyboard " "interactive auth. Paramiko exception about bad auth type may be misleading!" ) except Exception as exc: LOG.critical( "Unknown error occurred during password authentication with host " f"{self.host}; Exception: {exc}" ) raise exc def _isauthenticated(self) -> bool: """ Check if session is authenticated Args: N/A Returns: bool: True if authenticated, else False Raises: N/A """ authenticated: bool = self.session.is_authenticated() return authenticated def _open_channel(self) -> None: """ Open channel, acquire pty, request interactive shell Args: N/A Returns: N/A # noqa: DAR202 Raises: N/A """ self.channel = self.session.open_session() self.set_timeout(self.timeout_transport) self.channel.get_pty() self.channel.invoke_shell() LOG.debug(f"Channel to host {self.host} opened") def close(self) -> None: """ Close session and socket Args: N/A Returns: N/A # noqa: DAR202 Raises: N/A """ self.channel.close() LOG.debug(f"Channel to host {self.host} closed") self.socket.socket_close() def isalive(self) -> bool: """ Check if socket is alive and session is authenticated Args: N/A Returns: bool: True if socket is alive and session authenticated, else False Raises: N/A """ if self.socket.socket_isalive() and self.session.is_alive() and self._isauthenticated(): return True return False def read(self) -> bytes: """ Read data from the channel Args: N/A Returns: bytes: bytes output as read from channel Raises: N/A """ channel_read: bytes = self.channel.recv(65535) return channel_read def write(self, channel_input: str) -> None: """ Write data to the channel Args: channel_input: string to send to channel Returns: N/A # noqa: DAR202 Raises: N/A """ self.channel.send(channel_input) # type: ignore def set_timeout(self, timeout: int) -> None: """ Set session timeout Args: timeout: timeout in seconds Returns: N/A # noqa: DAR202 Raises: N/A """ self.channel.settimeout(timeout)
class AuthTest (unittest.TestCase): def setUp(self): self.socks = LoopSocket() self.sockc = LoopSocket() self.sockc.link(self.socks) self.tc = Transport(self.sockc) self.ts = Transport(self.socks) def tearDown(self): self.tc.close() self.ts.close() self.socks.close() self.sockc.close() def start_server(self): host_key = RSAKey.from_private_key_file(_support('test_rsa.key')) self.public_host_key = RSAKey(data=host_key.asbytes()) self.ts.add_server_key(host_key) self.event = threading.Event() self.server = NullServer() self.assertTrue(not self.event.is_set()) self.ts.start_server(self.event, self.server) def verify_finished(self): self.event.wait(1.0) self.assertTrue(self.event.is_set()) self.assertTrue(self.ts.is_active()) def test_bad_auth_type(self): """ verify that we get the right exception when an unsupported auth type is requested. """ self.start_server() try: self.tc.connect(hostkey=self.public_host_key, username='******', password='******') self.assertTrue(False) except: etype, evalue, etb = sys.exc_info() self.assertEqual(BadAuthenticationType, etype) self.assertEqual(['publickey'], evalue.allowed_types) def test_bad_password(self): """ verify that a bad password gets the right exception, and that a retry with the right password works. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) try: self.tc.auth_password(username='******', password='******') self.assertTrue(False) except: etype, evalue, etb = sys.exc_info() self.assertTrue(issubclass(etype, AuthenticationException)) self.tc.auth_password(username='******', password='******') self.verify_finished() def test_no_auth(self): """ Test that a no auth connection is created when not providing any credentials. """ self.start_server() try: self.tc.connect(hostkey=self.public_host_key) remain = self.tc.auth_none(username='******') self.assertTrue(False) except: etype, evalue, etb = sys.exc_info() self.assertTrue(issubclass(etype, AuthenticationException)) self.verify_finished() def test_multipart_auth(self): """ verify that multipart auth works. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) remain = self.tc.auth_password(username='******', password='******') self.assertEqual(['publickey'], remain) key = DSSKey.from_private_key_file(_support('test_dss.key')) remain = self.tc.auth_publickey(username='******', key=key) self.assertEqual([], remain) self.verify_finished() def test_interactive_auth(self): """ verify keyboard-interactive auth works. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) def handler(title, instructions, prompts): self.got_title = title self.got_instructions = instructions self.got_prompts = prompts return ['cat'] remain = self.tc.auth_interactive('commie', handler) self.assertEqual(self.got_title, 'password') self.assertEqual(self.got_prompts, [('Password', False)]) self.assertEqual([], remain) self.verify_finished() def test_interactive_auth_fallback(self): """ verify that a password auth attempt will fallback to "interactive" if password auth isn't supported but interactive is. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) remain = self.tc.auth_password('commie', 'cat') self.assertEqual([], remain) self.verify_finished() def test_auth_utf8(self): """ verify that utf-8 encoding happens in authentication. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) remain = self.tc.auth_password('utf8', _pwd) self.assertEqual([], remain) self.verify_finished() def test_auth_non_utf8(self): """ verify that non-utf-8 encoded passwords can be used for broken servers. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) remain = self.tc.auth_password('non-utf8', '\xff') self.assertEqual([], remain) self.verify_finished() def test_auth_gets_disconnected(self): """ verify that we catch a server disconnecting during auth, and report it as an auth failure. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) try: remain = self.tc.auth_password('bad-server', 'hello') except: etype, evalue, etb = sys.exc_info() self.assertTrue(issubclass(etype, AuthenticationException)) @slow def test_auth_non_responsive(self): """ verify that authentication times out if server takes to long to respond (or never responds). """ self.tc.auth_timeout = 1 # 1 second, to speed up test self.start_server() self.tc.connect() try: remain = self.tc.auth_password('unresponsive-server', 'hello') except: etype, evalue, etb = sys.exc_info() self.assertTrue(issubclass(etype, AuthenticationException)) self.assertTrue('Authentication timeout' in str(evalue))
class TransportTest(unittest.TestCase): def setUp(self): self.socks = LoopSocket() self.sockc = LoopSocket() self.sockc.link(self.socks) self.tc = Transport(self.sockc) self.ts = Transport(self.socks) def tearDown(self): self.tc.close() self.ts.close() self.socks.close() self.sockc.close() def setup_test_server(self): host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() self.server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, self.server) self.tc.connect(hostkey=public_host_key) self.tc.auth_password(username='******', password='******') event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) def test_1_security_options(self): o = self.tc.get_security_options() self.assertEquals(type(o), SecurityOptions) self.assert_(('aes256-cbc', 'blowfish-cbc') != o.ciphers) o.ciphers = ('aes256-cbc', 'blowfish-cbc') self.assertEquals(('aes256-cbc', 'blowfish-cbc'), o.ciphers) try: o.ciphers = ('aes256-cbc', 'made-up-cipher') self.assert_(False) except ValueError: pass try: o.ciphers = 23 self.assert_(False) except TypeError: pass def test_2_compute_key(self): self.tc.K = 123281095979686581523377256114209720774539068973101330872763622971399429481072519713536292772709507296759612401802191955568143056534122385270077606457721553469730659233569339356140085284052436697480759510519672848743794433460113118986816826624865291116513647975790797391795651716378444844877749505443714557929L self.tc.H = unhexlify('0C8307CDE6856FF30BA93684EB0F04C2520E9ED3') self.tc.session_id = self.tc.H key = self.tc._compute_key('C', 32) self.assertEquals( '207E66594CA87C44ECCBA3B3CD39FDDB378E6FDB0F97C54B2AA0CFBF900CD995', hexlify(key).upper()) def test_3_simple(self): """ verify that we can establish an ssh link with ourselves across the loopback sockets. this is hardly "simple" but it's simpler than the later tests. :) """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.assertEquals(None, self.tc.get_username()) self.assertEquals(None, self.ts.get_username()) self.assertEquals(False, self.tc.is_authenticated()) self.assertEquals(False, self.ts.is_authenticated()) self.ts.start_server(event, server) self.tc.connect(hostkey=public_host_key, username='******', password='******') event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) self.assertEquals('slowdive', self.tc.get_username()) self.assertEquals('slowdive', self.ts.get_username()) self.assertEquals(True, self.tc.is_authenticated()) self.assertEquals(True, self.ts.is_authenticated()) def test_4_special(self): """ verify that the client can demand odd handshake settings, and can renegotiate keys in mid-stream. """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, server) options = self.tc.get_security_options() options.ciphers = ('aes256-cbc', ) options.digests = ('hmac-md5-96', ) self.tc.connect(hostkey=public_host_key, username='******', password='******') event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) self.assertEquals('aes256-cbc', self.tc.local_cipher) self.assertEquals('aes256-cbc', self.tc.remote_cipher) self.assertEquals(12, self.tc.packetizer.get_mac_size_out()) self.assertEquals(12, self.tc.packetizer.get_mac_size_in()) self.tc.send_ignore(1024) self.tc.renegotiate_keys() self.ts.send_ignore(1024) def test_5_keepalive(self): """ verify that the keepalive will be sent. """ self.tc.set_hexdump(True) host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, server) self.tc.connect(hostkey=public_host_key, username='******', password='******') event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) self.assertEquals(None, getattr(server, '_global_request', None)) self.tc.set_keepalive(1) time.sleep(2) self.assertEquals('*****@*****.**', server._global_request) def test_6_bad_auth_type(self): """ verify that we get the right exception when an unsupported auth type is requested. """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, server) try: self.tc.connect(hostkey=public_host_key, username='******', password='******') self.assert_(False) except: etype, evalue, etb = sys.exc_info() self.assertEquals(BadAuthenticationType, etype) self.assertEquals(['publickey'], evalue.allowed_types) def test_7_bad_password(self): """ verify that a bad password gets the right exception, and that a retry with the right password works. """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, server) self.tc.ultra_debug = True self.tc.connect(hostkey=public_host_key) try: self.tc.auth_password(username='******', password='******') self.assert_(False) except: etype, evalue, etb = sys.exc_info() self.assert_(issubclass(etype, SSHException)) self.tc.auth_password(username='******', password='******') event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) def test_8_multipart_auth(self): """ verify that multipart auth works. """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, server) self.tc.ultra_debug = True self.tc.connect(hostkey=public_host_key) remain = self.tc.auth_password(username='******', password='******') self.assertEquals(['publickey'], remain) key = DSSKey.from_private_key_file('tests/test_dss.key') remain = self.tc.auth_publickey(username='******', key=key) self.assertEquals([], remain) event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) def test_9_interactive_auth(self): """ verify keyboard-interactive auth works. """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, server) self.tc.ultra_debug = True self.tc.connect(hostkey=public_host_key) def handler(title, instructions, prompts): self.got_title = title self.got_instructions = instructions self.got_prompts = prompts return ['cat'] remain = self.tc.auth_interactive('commie', handler) self.assertEquals(self.got_title, 'password') self.assertEquals(self.got_prompts, [('Password', False)]) self.assertEquals([], remain) event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) def test_A_interactive_auth_fallback(self): """ verify that a password auth attempt will fallback to "interactive" if password auth isn't supported but interactive is. """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, server) self.tc.ultra_debug = True self.tc.connect(hostkey=public_host_key) remain = self.tc.auth_password('commie', 'cat') self.assertEquals([], remain) event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) def test_B_exec_command(self): """ verify that exec_command() does something reasonable. """ self.setup_test_server() chan = self.tc.open_session() schan = self.ts.accept(1.0) try: chan.exec_command('no') self.assert_(False) except SSHException, x: pass chan = self.tc.open_session() chan.exec_command('yes') schan = self.ts.accept(1.0) schan.send('Hello there.\n') schan.send_stderr('This is on stderr.\n') schan.close() f = chan.makefile() self.assertEquals('Hello there.\n', f.readline()) self.assertEquals('', f.readline()) f = chan.makefile_stderr() self.assertEquals('This is on stderr.\n', f.readline()) self.assertEquals('', f.readline()) # now try it with combined stdout/stderr chan = self.tc.open_session() chan.exec_command('yes') schan = self.ts.accept(1.0) schan.send('Hello there.\n') schan.send_stderr('This is on stderr.\n') schan.close() chan.set_combine_stderr(True) f = chan.makefile() self.assertEquals('Hello there.\n', f.readline()) self.assertEquals('This is on stderr.\n', f.readline()) self.assertEquals('', f.readline())
class AuthTest (unittest.TestCase): def setUp(self): self.socks = LoopSocket() self.sockc = LoopSocket() self.sockc.link(self.socks) self.tc = Transport(self.sockc) self.ts = Transport(self.socks) def tearDown(self): self.tc.close() self.ts.close() self.socks.close() self.sockc.close() def start_server(self): host_key = RSAKey.from_private_key_file(test_path('test_rsa.key')) self.public_host_key = RSAKey(data=host_key.asbytes()) self.ts.add_server_key(host_key) self.event = threading.Event() self.server = NullServer() self.assertTrue(not self.event.is_set()) self.ts.start_server(self.event, self.server) def verify_finished(self): self.event.wait(1.0) self.assertTrue(self.event.is_set()) self.assertTrue(self.ts.is_active()) def test_1_bad_auth_type(self): """ verify that we get the right exception when an unsupported auth type is requested. """ self.start_server() try: self.tc.connect(hostkey=self.public_host_key, username='******', password='******') self.assertTrue(False) except: etype, evalue, etb = sys.exc_info() self.assertEqual(BadAuthenticationType, etype) self.assertEqual(['publickey'], evalue.allowed_types) def test_2_bad_password(self): """ verify that a bad password gets the right exception, and that a retry with the right password works. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) try: self.tc.auth_password(username='******', password='******') self.assertTrue(False) except: etype, evalue, etb = sys.exc_info() self.assertTrue(issubclass(etype, AuthenticationException)) self.tc.auth_password(username='******', password='******') self.verify_finished() def test_3_multipart_auth(self): """ verify that multipart auth works. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) remain = self.tc.auth_password(username='******', password='******') self.assertEqual(['publickey'], remain) key = DSSKey.from_private_key_file(test_path('test_dss.key')) remain = self.tc.auth_publickey(username='******', key=key) self.assertEqual([], remain) self.verify_finished() def test_4_interactive_auth(self): """ verify keyboard-interactive auth works. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) def handler(title, instructions, prompts): self.got_title = title self.got_instructions = instructions self.got_prompts = prompts return ['cat'] remain = self.tc.auth_interactive('commie', handler) self.assertEqual(self.got_title, 'password') self.assertEqual(self.got_prompts, [('Password', False)]) self.assertEqual([], remain) self.verify_finished() def test_5_interactive_auth_fallback(self): """ verify that a password auth attempt will fallback to "interactive" if password auth isn't supported but interactive is. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) remain = self.tc.auth_password('commie', 'cat') self.assertEqual([], remain) self.verify_finished() def test_6_auth_utf8(self): """ verify that utf-8 encoding happens in authentication. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) remain = self.tc.auth_password('utf8', _pwd) self.assertEqual([], remain) self.verify_finished() def test_7_auth_non_utf8(self): """ verify that non-utf-8 encoded passwords can be used for broken servers. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) remain = self.tc.auth_password('non-utf8', '\xff') self.assertEqual([], remain) self.verify_finished() def test_8_auth_gets_disconnected(self): """ verify that we catch a server disconnecting during auth, and report it as an auth failure. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) try: remain = self.tc.auth_password('bad-server', 'hello') except: etype, evalue, etb = sys.exc_info() self.assertTrue(issubclass(etype, AuthenticationException)) def test_9_auth_non_responsive(self): """ verify that authentication times out if server takes to long to respond (or never responds). """ self.tc.auth_timeout = 1 # 1 second, to speed up test self.start_server() self.tc.connect() try: remain = self.tc.auth_password('unresponsive-server', 'hello') except: etype, evalue, etb = sys.exc_info() self.assertTrue(issubclass(etype, AuthenticationException)) self.assertTrue('Authentication timeout' in str(evalue))
class SSH2NetSessionParamiko: def __init__(self, p_self): """ Initialize SSH2NetSessionParamiko Object This object, through composition, allows for using Paramiko as the underlying "driver" for SSH2Net instead of the default "ssh2-python". Paramiko will be ever so slightly slower but as you will most likely be I/O constrained it shouldn't matter! "ssh2-python" as of 20 October 2019 has a bug preventing keyboard interactive authentication from working as desired; this is the reason Paramiko is in here now! Args: p_self: SSH2Net object Returns: N/A # noqa Raises: N/A # noqa """ self.__dict__ = p_self.__dict__ self._session_alive = p_self._session_alive self._session_open = p_self._session_open self._channel_alive = p_self._channel_alive def _session_open_connect(self) -> None: """ Perform session handshake for paramiko (instead of default ssh2-python) Args: N/A # noqa Returns: N/A # noqa Raises: RequirementsNotSatisfied: if paramiko is not installed Exception: catch all for unknown exceptions during session handshake """ try: from paramiko import Transport # noqa except ModuleNotFoundError as exc: err = f"Module '{exc.name}' not installed!" msg = f"***** {err} {'*' * (80 - len(err))}" fix = ( f"To resolve this issue, install '{exc.name}'. You can do this in one of the " "following ways:\n" "1: 'pip install -r requirements-paramiko.txt'\n" "2: 'pip install ssh2net[paramiko]'") warning = "\n" + msg + "\n" + fix + "\n" + msg warnings.warn(warning) raise RequirementsNotSatisfied try: self.session = Transport(self.sock) self.session.start_client() self.session.set_timeout = self._set_timeout except Exception as exc: logging.critical( f"Failed to complete handshake with host {self.host}; " f"Exception: {exc}") raise exc def _session_public_key_auth(self) -> None: """ Perform public key based auth on SSH2NetSession Args: N/A # noqa Returns: N/A # noqa Raises: Exception: catch all for unhandled exceptions """ try: self.session.auth_publickey(self.auth_user, self.auth_public_key) except AuthenticationException: logging.critical( f"Public key authentication with host {self.host} failed.") except Exception as exc: logging.critical( "Unknown error occurred during public key authentication with host " f"{self.host}; Exception: {exc}") raise exc def _session_password_auth(self) -> None: """ Perform password or keyboard interactive based auth on SSH2NetSession Args: N/A # noqa Returns: N/A # noqa Raises: AuthenticationFailed: if authentication fails Exception: catch all for unknown other exceptions """ try: self.session.auth_password(self.auth_user, self.auth_password) except AuthenticationException as exc: logging.critical( f"Password authentication with host {self.host} failed. Exception: {exc}." "\n\tNote: Paramiko automatically attempts both standard auth as well as keyboard " "interactive auth. Paramiko exception about bad auth type may be misleading!" ) raise AuthenticationFailed except Exception as exc: logging.critical( "Unknown error occurred during password authentication with host " f"{self.host}; Exception: {exc}") raise exc def _channel_open_driver(self) -> None: """ Open channel Args: N/A # noqa Returns: N/A # noqa Raises: N/A # noqa """ self.channel = self.session.open_session() self.channel.get_pty() logging.debug(f"Channel to host {self.host} opened") def _channel_invoke_shell(self) -> None: """ Invoke shell on channel Additionally, this "re-points" some ssh2net method calls to the appropriate paramiko methods. This happens as ssh2net is primarily built on "ssh2-python" and there is not full parity between paramiko/ssh2-python. Args: N/A # noqa Returns: N/A # noqa Raises: N/A # noqa """ self._shell = True self.channel.invoke_shell() self.channel.read = self._paramiko_read_channel self.channel.write = self.channel.sendall self.session.set_blocking = self._set_blocking self.channel.flush = self._flush def _paramiko_read_channel(self): """ Patch channel.read method for paramiko driver "ssh2-python" returns a tuple of bytes and data, "paramiko" simply returns the data from the channel, patch this for parity with "ssh2-python". Args: N/A # noqa Returns: N/A # noqa Raises: N/A # noqa """ channel_read = self.channel.recv(1024) return None, channel_read def _flush(self): """ Patch a "flush" method for paramiko driver Need to investigate this further for two things: 1) is "flush" even necessary when using ssh2-python driver? 2) if it is necessary, is there a combination of reads/writes that would implement this in a sane fashion for paramiko Args: N/A # noqa Returns: N/A # noqa Raises: N/A # noqa """ while True: time.sleep(0.01) if self.channel.recv_ready(): self._paramiko_read_channel() else: self.channel.write("\n") return def _set_blocking(self, blocking): # Add docstring # need to reset timeout because it seems paramiko sets it to 0 if you set to non blocking # paramiko uses seconds instead of ms self.channel.setblocking(blocking) self.channel.settimeout(self.session_timeout / 1000) def _set_timeout(self, timeout): # paramiko uses seconds instead of ms self.channel.settimeout(timeout / 1000)
class AuthTest(unittest.TestCase): def setUp(self): self.socks = LoopSocket() self.sockc = LoopSocket() self.sockc.link(self.socks) self.tc = Transport(self.sockc) self.ts = Transport(self.socks) def tearDown(self): self.tc.close() self.ts.close() self.socks.close() self.sockc.close() def start_server(self): host_key = RSAKey.from_private_key_file(_support("test_rsa.key")) self.public_host_key = RSAKey(data=host_key.asbytes()) self.ts.add_server_key(host_key) self.event = threading.Event() self.server = NullServer() self.assertTrue(not self.event.is_set()) self.ts.start_server(self.event, self.server) def verify_finished(self): self.event.wait(1.0) self.assertTrue(self.event.is_set()) self.assertTrue(self.ts.is_active()) def test_1_bad_auth_type(self): """ verify that we get the right exception when an unsupported auth type is requested. """ self.start_server() try: self.tc.connect( hostkey=self.public_host_key, username="******", password="******", ) self.assertTrue(False) except: etype, evalue, etb = sys.exc_info() self.assertEqual(BadAuthenticationType, etype) self.assertEqual(["publickey"], evalue.allowed_types) def test_2_bad_password(self): """ verify that a bad password gets the right exception, and that a retry with the right password works. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) try: self.tc.auth_password(username="******", password="******") self.assertTrue(False) except: etype, evalue, etb = sys.exc_info() self.assertTrue(issubclass(etype, AuthenticationException)) self.tc.auth_password(username="******", password="******") self.verify_finished() def test_3_multipart_auth(self): """ verify that multipart auth works. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) remain = self.tc.auth_password(username="******", password="******") self.assertEqual(["publickey"], remain) key = DSSKey.from_private_key_file(_support("test_dss.key")) remain = self.tc.auth_publickey(username="******", key=key) self.assertEqual([], remain) self.verify_finished() def test_4_interactive_auth(self): """ verify keyboard-interactive auth works. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) def handler(title, instructions, prompts): self.got_title = title self.got_instructions = instructions self.got_prompts = prompts return ["cat"] remain = self.tc.auth_interactive("commie", handler) self.assertEqual(self.got_title, "password") self.assertEqual(self.got_prompts, [("Password", False)]) self.assertEqual([], remain) self.verify_finished() def test_5_interactive_auth_fallback(self): """ verify that a password auth attempt will fallback to "interactive" if password auth isn't supported but interactive is. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) remain = self.tc.auth_password("commie", "cat") self.assertEqual([], remain) self.verify_finished() def test_6_auth_utf8(self): """ verify that utf-8 encoding happens in authentication. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) remain = self.tc.auth_password("utf8", _pwd) self.assertEqual([], remain) self.verify_finished() def test_7_auth_non_utf8(self): """ verify that non-utf-8 encoded passwords can be used for broken servers. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) remain = self.tc.auth_password("non-utf8", "\xff") self.assertEqual([], remain) self.verify_finished() def test_8_auth_gets_disconnected(self): """ verify that we catch a server disconnecting during auth, and report it as an auth failure. """ self.start_server() self.tc.connect(hostkey=self.public_host_key) try: remain = self.tc.auth_password("bad-server", "hello") except: etype, evalue, etb = sys.exc_info() self.assertTrue(issubclass(etype, AuthenticationException)) @slow def test_9_auth_non_responsive(self): """ verify that authentication times out if server takes to long to respond (or never responds). """ self.tc.auth_timeout = 1 # 1 second, to speed up test self.start_server() self.tc.connect() try: remain = self.tc.auth_password("unresponsive-server", "hello") except: etype, evalue, etb = sys.exc_info() self.assertTrue(issubclass(etype, AuthenticationException)) self.assertTrue("Authentication timeout" in str(evalue))
class ParamikoSshConnection(BaseSshConnection): def connect(self, wait_prompt=True): self.socket = socket(AF_INET, SOCK_STREAM) self.socket.connect((self.hostname, self.port)) self.session = Transport(self.socket) self.session.start_client() if self.password is not None: self.session.auth_password(self.username, self.password) elif self.key_algorithm != DSA_KEY_ALGORITHM: key = RSAKey.from_private_key_file( self.private_key_file, self.key_passphrase ) self.session.auth_publickey(self.username, key) else: key = DSSKey.from_private_key_file( self.private_key_file, self.key_passphrase ) self.session.auth_publickey(self.username, key) self.channel = self.session.open_session() self.channel.get_pty() self.channel.invoke_shell() if wait_prompt: self.receive() @property def connected(self): return bool( self.socket and not self.socket._closed and self.session and self.channel ) def send(self, line, socket_timeout=None): socket_timeout = ( socket_timeout if socket_timeout is not None else self.socket_timeout ) self.channel.settimeout(socket_timeout) size = self.channel.sendall(line + "\n") return size def receive( self, regex=None, socket_timeout=None, timeout=None, buffer_size=None ): regex = regex if regex is not None else self.prompt_regex socket_timeout = ( socket_timeout if socket_timeout is not None else self.socket_timeout ) timeout = timeout if timeout is not None else self.timeout buffer_size = ( buffer_size if buffer_size is not None else self.buffer_size ) assert regex is not None assert socket_timeout is None or isinstance( socket_timeout, (int, float) ) assert timeout is None or isinstance(timeout, (int, float)) assert isinstance(buffer_size, int) and buffer_size > 0 self.channel.settimeout(socket_timeout) start = time() output = self.channel.recv(buffer_size).decode() LOG.debug(output) size = len(output) duration = time() - start while ( not regex.search(output) and (timeout is None or duration < timeout) and size > 0 ): data = self.channel.recv(buffer_size).decode() LOG.debug(data) size = len(data) output += data duration = time() - start if size < 0 and size != LIBSSH2_ERROR_EAGAIN: raise ReceiveException(size, output, duration) if not size: raise SocketTimeoutException( output, socket_timeout, duration, regex.pattern ) if timeout is not None and duration >= timeout: raise ReceiveTimeoutException( output, timeout, duration, regex.pattern ) return self.sanitize(output) def disconnect(self): if self.session: self.session.close() if self.channel: self.channel.close() if self.socket: self.socket.close()
def main(): if len(sys.argv) < 2: print 'Usage: %s [version] [--install] [--local|username password]' % sys.argv[0] print 'Where [version] is the branch you want to checkout' print 'and username and password are for your eduforge account' print 'Eg. %s 0.7 --local' % sys.argv[0] else: version = sys.argv[1] # Calc the svn branch name branch = 'http://exe.cfdl.auckland.ac.nz/svn/exe/branches/%s' % version # Get the original exe dir origDir = Path(sys.argv[0]).abspath().dirname() # Make the temp dir tmp = TempDirPath() os.chdir(tmp) # Do the export os.system('svn export %s exe' % branch) # Copy firefox accross (origDir/'../../exe/webui/firefox').copytree(tmp/'exe/exe/webui/firefox') # Now make the tarball os.chdir(tmp/'exe') tarball = Path('../exe-%s-source.tgz' % version).abspath() os.system('tar czf %s *' % tarball) os.chdir(tmp) # Upload it if '--local' not in sys.argv: # Connect with sftp try: from paramiko import Transport except ImportError: print 'To upload you need to install paramiko python library from:' print 'http://www.lag.net/paramiko' sys.exit(2) from socket import socket, gethostbyname s = socket() s.connect((gethostbyname('shell.eduforge.org'), 22)) t = Transport(s) t.connect() t.auth_password(sys.argv[-2], sys.argv[-1]) f = t.open_sftp_client() # See that the directory structure looks good f.chdir('/home/pub/exe') f.put(tarball.encode('utf8'), tarball.basename().encode('utf8')) # If we're root, copy the tarball to the portage cache dir to save # downloading it when emerging (for me anyway) if os.getuid() == 0: tarball.copyfile('/usr/portage/distfiles/' + tarball.basename()) # Copy the ebuild file os.chdir(tmp/'exe/installs/gentoo') newEbuildFilename = Path('exe-%s.ebuild' % version).abspath() if not newEbuildFilename.exists(): Path('exe-0.7.ebuild').copy(newEbuildFilename) # If we're root, rebuild the digests and remake the install if os.getuid() == 0: ebuildDir = Path('/usr/local/portage/dev-python/exe') if ebuildDir.exists(): ebuildDir.rmtree() ebuildDir.makedirs() os.chdir(ebuildDir) newEbuildFilename.copy(ebuildDir) # Copy the patch file filesDir = ebuildDir/'files' filesDir.makedirs() Path(tmp/'exe/installs/gentoo/all-config.patch').copy(filesDir) # Remove any old source if it exists and we're supposed to download # it if '--local' not in sys.argv: oldTarball = Path('/usr/portage/distfiles/')/tarball.basename() if oldTarball.exists(): oldTarball.remove() os.environ['GENTOO_MIRRORS']='' os.system('ebuild %s fetch' % newEbuildFilename.basename()) os.system('ebuild %s manifest' % newEbuildFilename.basename()) os.system('ebuild %s digest' % newEbuildFilename.basename()) if '--install' in sys.argv: os.system('ebuild %s install' % newEbuildFilename.basename())
tmp.chdir() os.system("dpkg-scanpackages pool /dev/null | gzip -9c > pool/Packages.gz") if "copy" in sys.argv: if "index" in sys.argv: print "copying index file to", exeDir (pool / "Packages.gz").copy(exeDir) pool = exeDir if server: print "connecting to %s..." % server from socket import socket, gethostbyname s = socket() s.connect((gethostbyname(server), 22)) t = Transport(s) t.connect() t.auth_password(sys.argv[-1], password) f = t.open_sftp_client() f.chdir(basedir) poolDir = "ubuntu/pool" packageDirs = [ "ubuntu/dists/current/main/binary-i386", "ubuntu/dists/current/main/binary-arm", "ubuntu/dists/current/main/binary-alpha", ] if "checkDirs" in sys.argv: print "Checking directory structure..." for fn in packageDirs + [poolDir]: for part in fn.split("/"): files = f.listdir() if part not in files: print "Creating Dir on server:", fn, ":", part
def main(): if len(sys.argv) < 2: print 'Usage: %s [version] [--install] [--local|username password]' % sys.argv[0] print 'Where [version] is the branch you want to checkout' print 'and username and password are for your eduforge account' print 'Eg. %s 0.7 --local' % sys.argv[0] else: version = sys.argv[1] # Calc the svn branch name branch = 'http://exe.cfdl.auckland.ac.nz/svn/exe/branches/%s' % version # Get the original exe dir origDir = Path(sys.argv[0]).abspath().dirname() # Make the temp dir tmp = TempDirPath() os.chdir(tmp) # Do the export os.system('svn export %s exe' % branch) # Copy firefox accross (origDir/'../../exe/webui/firefox').copytree(tmp/'exe/exe/webui/firefox') # Now make the tarball os.chdir(tmp/'exe') tarball = Path('../exe-%s-source.tgz' % version).abspath() os.system('tar czf %s *' % tarball) os.chdir(tmp) # Upload it if '--local' not in sys.argv: # Connect with sftp try: from paramiko import Transport except ImportError: print 'To upload you need to install paramiko python library from:' print 'http://www.lag.net/paramiko' sys.exit(2) from socket import socket, gethostbyname s = socket() s.connect((gethostbyname('shell.eduforge.org'), 22)) t = Transport(s) t.connect() t.auth_password(sys.argv[-2], sys.argv[-1]) f = t.open_sftp_client() # See that the directory structure looks good f.chdir('/home/pub/exe') f.put(tarball.encode('utf8'), tarball.basename().encode('utf8')) # If we're root, copy the tarball to the portage cache dir to save # downloading it when emerging (for me anyway) if os.getuid() == 0: tarball.copyfile('/usr/portage/distfiles/' + tarball.basename()) # Copy the ebuild file os.chdir(tmp/'exe/installs/gentoo') newEbuildFilename = Path('exe-%s.ebuild' % version).abspath() if not newEbuildFilename.exists(): Path('exe-0.7.ebuild').copy(newEbuildFilename) # If we're root, rebuild the digests and remake the install if os.getuid() == 0: ebuildDir = Path('/usr/local/portage/dev-python/exe') if ebuildDir.exists(): ebuildDir.rmtree() ebuildDir.makedirs() os.chdir(ebuildDir) newEbuildFilename.copy(ebuildDir) # Copy the patch file filesDir = ebuildDir/'files' filesDir.makedirs() Path(tmp/'exe/installs/gentoo/all-config.patch').copy(filesDir) # Remove any old source if it exists and we're supposed to download # it if '--local' not in sys.argv: oldTarball = Path('/usr/portage/distfiles/')/tarball.basename() if oldTarball.exists(): oldTarball.remove() os.environ['GENTOO_MIRRORS']='' os.system('ebuild %s fetch' % newEbuildFilename.basename()) os.system('ebuild %s manifest' % newEbuildFilename.basename()) os.system('ebuild %s digest' % newEbuildFilename.basename()) if '--install' in sys.argv: os.system('ebuild %s install' % newEbuildFilename.basename())
class TransportTest (unittest.TestCase): def setUp(self): self.socks = LoopSocket() self.sockc = LoopSocket() self.sockc.link(self.socks) self.tc = Transport(self.sockc) self.ts = Transport(self.socks) def tearDown(self): self.tc.close() self.ts.close() self.socks.close() self.sockc.close() def setup_test_server(self): host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() self.server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, self.server) self.tc.connect(hostkey=public_host_key) self.tc.auth_password(username='******', password='******') event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) def test_1_security_options(self): o = self.tc.get_security_options() self.assertEquals(type(o), SecurityOptions) self.assert_(('aes256-cbc', 'blowfish-cbc') != o.ciphers) o.ciphers = ('aes256-cbc', 'blowfish-cbc') self.assertEquals(('aes256-cbc', 'blowfish-cbc'), o.ciphers) try: o.ciphers = ('aes256-cbc', 'made-up-cipher') self.assert_(False) except ValueError: pass try: o.ciphers = 23 self.assert_(False) except TypeError: pass def test_2_compute_key(self): self.tc.K = 123281095979686581523377256114209720774539068973101330872763622971399429481072519713536292772709507296759612401802191955568143056534122385270077606457721553469730659233569339356140085284052436697480759510519672848743794433460113118986816826624865291116513647975790797391795651716378444844877749505443714557929L self.tc.H = unhexlify('0C8307CDE6856FF30BA93684EB0F04C2520E9ED3') self.tc.session_id = self.tc.H key = self.tc._compute_key('C', 32) self.assertEquals('207E66594CA87C44ECCBA3B3CD39FDDB378E6FDB0F97C54B2AA0CFBF900CD995', hexlify(key).upper()) def test_3_simple(self): """ verify that we can establish an ssh link with ourselves across the loopback sockets. this is hardly "simple" but it's simpler than the later tests. :) """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.assertEquals(None, self.tc.get_username()) self.assertEquals(None, self.ts.get_username()) self.assertEquals(False, self.tc.is_authenticated()) self.assertEquals(False, self.ts.is_authenticated()) self.ts.start_server(event, server) self.tc.connect(hostkey=public_host_key, username='******', password='******') event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) self.assertEquals('slowdive', self.tc.get_username()) self.assertEquals('slowdive', self.ts.get_username()) self.assertEquals(True, self.tc.is_authenticated()) self.assertEquals(True, self.ts.is_authenticated()) def test_4_special(self): """ verify that the client can demand odd handshake settings, and can renegotiate keys in mid-stream. """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, server) options = self.tc.get_security_options() options.ciphers = ('aes256-cbc',) options.digests = ('hmac-md5-96',) self.tc.connect(hostkey=public_host_key, username='******', password='******') event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) self.assertEquals('aes256-cbc', self.tc.local_cipher) self.assertEquals('aes256-cbc', self.tc.remote_cipher) self.assertEquals(12, self.tc.packetizer.get_mac_size_out()) self.assertEquals(12, self.tc.packetizer.get_mac_size_in()) self.tc.send_ignore(1024) self.tc.renegotiate_keys() self.ts.send_ignore(1024) def test_5_keepalive(self): """ verify that the keepalive will be sent. """ self.tc.set_hexdump(True) host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, server) self.tc.connect(hostkey=public_host_key, username='******', password='******') event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) self.assertEquals(None, getattr(server, '_global_request', None)) self.tc.set_keepalive(1) time.sleep(2) self.assertEquals('*****@*****.**', server._global_request) def test_6_bad_auth_type(self): """ verify that we get the right exception when an unsupported auth type is requested. """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, server) try: self.tc.connect(hostkey=public_host_key, username='******', password='******') self.assert_(False) except: etype, evalue, etb = sys.exc_info() self.assertEquals(BadAuthenticationType, etype) self.assertEquals(['publickey'], evalue.allowed_types) def test_7_bad_password(self): """ verify that a bad password gets the right exception, and that a retry with the right password works. """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, server) self.tc.ultra_debug = True self.tc.connect(hostkey=public_host_key) try: self.tc.auth_password(username='******', password='******') self.assert_(False) except: etype, evalue, etb = sys.exc_info() self.assert_(issubclass(etype, SSHException)) self.tc.auth_password(username='******', password='******') event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) def test_8_multipart_auth(self): """ verify that multipart auth works. """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, server) self.tc.ultra_debug = True self.tc.connect(hostkey=public_host_key) remain = self.tc.auth_password(username='******', password='******') self.assertEquals(['publickey'], remain) key = DSSKey.from_private_key_file('tests/test_dss.key') remain = self.tc.auth_publickey(username='******', key=key) self.assertEquals([], remain) event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) def test_9_interactive_auth(self): """ verify keyboard-interactive auth works. """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, server) self.tc.ultra_debug = True self.tc.connect(hostkey=public_host_key) def handler(title, instructions, prompts): self.got_title = title self.got_instructions = instructions self.got_prompts = prompts return ['cat'] remain = self.tc.auth_interactive('commie', handler) self.assertEquals(self.got_title, 'password') self.assertEquals(self.got_prompts, [('Password', False)]) self.assertEquals([], remain) event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) def test_A_interactive_auth_fallback(self): """ verify that a password auth attempt will fallback to "interactive" if password auth isn't supported but interactive is. """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, server) self.tc.ultra_debug = True self.tc.connect(hostkey=public_host_key) remain = self.tc.auth_password('commie', 'cat') self.assertEquals([], remain) event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) def test_B_exec_command(self): """ verify that exec_command() does something reasonable. """ self.setup_test_server() chan = self.tc.open_session() schan = self.ts.accept(1.0) try: chan.exec_command('no') self.assert_(False) except SSHException, x: pass chan = self.tc.open_session() chan.exec_command('yes') schan = self.ts.accept(1.0) schan.send('Hello there.\n') schan.send_stderr('This is on stderr.\n') schan.close() f = chan.makefile() self.assertEquals('Hello there.\n', f.readline()) self.assertEquals('', f.readline()) f = chan.makefile_stderr() self.assertEquals('This is on stderr.\n', f.readline()) self.assertEquals('', f.readline()) # now try it with combined stdout/stderr chan = self.tc.open_session() chan.exec_command('yes') schan = self.ts.accept(1.0) schan.send('Hello there.\n') schan.send_stderr('This is on stderr.\n') schan.close() chan.set_combine_stderr(True) f = chan.makefile() self.assertEquals('Hello there.\n', f.readline()) self.assertEquals('This is on stderr.\n', f.readline()) self.assertEquals('', f.readline())