fi
;;
*)
args=( "${args[@]}" "$1" )
;;
esac
shift
done
[ -n "$verbose" ] && echo scp -oPort=$PROXY_PORT "${OPTS[@]}" "${args[@]}"
exec scp -oPort=$PROXY_PORT "${OPTS[@]}" "${args[@]}"
"""
base_class = get_class('Server')
class Server(base_class):
def add_cmdline_options(self, parser):
base_class.add_cmdline_options(self, parser)
parser.add_option("", "--get-pssh", dest="action",
help="display pssh client script.",
action="store_const",
const="get_pssh",
)
parser.add_option("", "--get-pscp", dest="action",
help="display pscp client script.",
action="store_const",
const="get_pscp",
)
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
from sshproxy import get_class
from sshproxy.dispatcher import Dispatcher
from sshproxy.server import Server
base = get_class('Dispatcher')
class ConsoleExtra_Dispatcher(base):
acl_open = "acl(cmd_open)"
def cmd_open(self, *args):
"""
open user@site
Open a shell session on user@site.
"""
self.check_args(1, args, strict=True)
server = Server()
server.args = list(args)
server.do_shell_session()
from sshproxy.config import get_config, ConfigSection, path
from sshproxy import keys
from sshproxy.proxy import ProxyShell
from sshproxy.backend import Backend
class LogUsersConfigSection(ConfigSection):
section_id = "logusers"
section_defaults = {"logdir": "@logusers"}
types = {"logdir": path}
LogUsersConfigSection.register()
ProxyShell = get_class("ProxyShell")
class LoggedProxyShell(ProxyShell):
tr_table = {}
_tr_table = {"\r\n": "\n", "\r": "\n", "\n": "\n", "<": "<INF>", ">": "<SUP>"}
def __reginit__(self, *args, **kw):
conf = get_config("logusers")
if not os.path.isdir(conf["logdir"]):
os.makedirs(conf["logdir"])
self.logdir = conf["logdir"]
# fill our translation table
for key in dir(keys):
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
from sshproxy import get_class
I18n = get_class("I18n")
class LangPack_fr(I18n):
encoding = 'utf8'
messages = {
1557792624: u"exécute des commandes d'administration",
-2139151278: u"liste les sites autorisés",
1318597108: u"ERREUR: %s n'existe pas dans votre environnement\n",
433505454: u"ERREUR: Vous n'êtes pas autorisé à ouvrir une "
"session shell sur %s\n",
-1260436857: u"""
kill user@site
Ferme toutes les connections vers user@site.
""",
from sshproxy.registry import Registry
from sshproxy.server import Server
from sshproxy import log
from sshproxy.util import chanfmt
# set suboptions
#telnetlib.SEND = chr(1)
#
#tnd = {}
#for v in dir(telnetlib):
# try:
# tnd[getattr(telnetlib, v)] = v
# except TypeError:
# pass
Server = get_class('Server')
class TelnetEnabledServer(Server):
def do_shell_session(self):
site = self.args[0]
if not self.authorize(site, need_login=True):
self.chan.send(
chanfmt(
_(u"ERROR: %s does not exist in "
"your scope\n") % site))
return False
kind = self.get_ns_tag('site', 'kind', '')
if not kind == 'telnet':
return Server.do_shell_session(self)
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
from sshproxy import get_class
I18n = get_class("I18n")
class LangPack_fr(I18n):
encoding = 'utf8'
messages = {
1557792624:
u"exécute des commandes d'administration",
-2139151278:
u"liste les sites autorisés",
1318597108:
u"ERREUR: %s n'existe pas dans votre environnement\n",
433505454:
u"ERREUR: Vous n'êtes pas autorisé à ouvrir une "
"session shell sur %s\n",
# };
# struct rpldsk_packet {
# uint16_t size;
# uint8_t event, magic;
# struct rpltime time;
# } __attribute__((packed));
packet = struct.pack("HBBQL", len(data), event, 0xEE, sec, usec)
return packet + data
def __del__(self):
self.log.close()
Server = get_class('Server')
class TTYrplServer(Server):
def do_shell_session(self):
client_enable = istrue(self.get_ns_tag('client', 'log_me', 'no'))
# The following line is useless because the site namespace is not
# yet set up at this point. We get the site 'log_me' tag by
# overriding the authorize method, hence the UGLY HACK comment.
site_enable = istrue(self.get_ns_tag('site', 'log_me', 'no'))
if client_enable or site_enable:
TTYrplProxyShell.register()
return Server.do_shell_session(self)
def authorize(self, user_site, need_login=True):
# UGLY HACK
auth = Server.authorize(self, user_site, need_login=True)
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
from sshproxy import get_class
Server = get_class("Server")
class AlternateLoginServer(Server):
alternate_login_sep = '?'
alternate_login_at = '='
def set_exec_args(self, argstr):
args = self.args
value = Server.set_exec_args(self, argstr)
self.args = args + self.args
return value
def check_auth_password(self, username, password):
if self.alternate_login_sep in username:
username, site = username.split(self.alternate_login_sep, 1)
site = site.replace(self.alternate_login_at, '@')
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
from sshproxy import get_class
Server = get_class("Server")
class RemoteLoggingServer(Server):
def connect_site(self, site_tags=None, site_ref=None):
main_chan = Server.connect_site(self, site_tags, site_ref)
rlog_chan = main_chan.transport.open_session()
proxy_user = self.get_ns_tag('client', 'username')
site_user = self.get_ns_tag('site', 'login')
client_ip = self.get_ns_tag('client', 'ip_addr')
cmdline = ('logger -p daemon.notice "User %s logged in as %s from %s"'
% (proxy_user, site_user, client_ip))
rlog_chan.exec_command(cmdline)
rlog_chan.close()
return main_chan
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
from sshproxy import get_class
from sshproxy.dispatcher import Dispatcher
from sshproxy.server import Server
base = get_class('Dispatcher')
class ConsoleExtra_Dispatcher(base):
acl_open = "acl(cmd_open)"
def cmd_open(self, *args):
"""
open user@site
Open a shell session on user@site.
"""
self.check_args(1, args, strict=True)
server = Server()
return paramiko.AUTH_FAILED
def check_channel_request(self, kind, chanid):
if kind == 'sshproxy-IPC':
return paramiko.OPEN_SUCCEEDED
addr = self.sock_addr[0]
log.error("ATTENTION: unauthorized attempt to connect "
"on IPC channel type '%s' from %s@%s" %
(kind, self.username, addr))
return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
IPCServer = get_class("IPCServer")
class SIPCServer(IPCServer):
def _sock_accept(self):
if self.sock_type == socket.AF_UNIX and self.sock_addr[0] == '\x00':
return IPCServer._sock_accept(self)
real_sock, address = self.sock.accept()
log.info("IPC: Accepting new secure client %s", address)
host_key = paramiko.DSSKey(filename="/etc/sshproxy/id_dsa")
transport = paramiko.Transport(real_sock)
transport.load_server_moduli()
transport.add_server_key(host_key)
from sshproxy.backend import Backend
class LogUsersConfigSection(ConfigSection):
section_id = 'logusers'
section_defaults = {
'logdir': '@logusers',
}
types = {
'logdir': path,
}
LogUsersConfigSection.register()
ProxyShell = get_class('ProxyShell')
class LoggedProxyShell(ProxyShell):
tr_table = {}
_tr_table = {
'\r\n': '\n',
'\r': '\n',
'\n': '\n',
'<': '<INF>',
'>': '<SUP>',
}
def __reginit__(self, *args, **kw):
conf = get_config('logusers')
if not os.path.isdir(conf['logdir']):
from sshproxy.server import Server
from sshproxy import log
from sshproxy.util import chanfmt
# set suboptions
#telnetlib.SEND = chr(1)
#
#tnd = {}
#for v in dir(telnetlib):
# try:
# tnd[getattr(telnetlib, v)] = v
# except TypeError:
# pass
Server = get_class('Server')
class TelnetEnabledServer(Server):
def do_shell_session(self):
site = self.args[0]
if not self.authorize(site, need_login=True):
self.chan.send(chanfmt(_(u"ERROR: %s does not exist in "
"your scope\n") % site))
return False
kind = self.get_ns_tag('site', 'kind', '')
if not kind == 'telnet':
return Server.do_shell_session(self)
else:
site = self.args.pop(0)
"on IPC channel from %s@%s" % (username, addr))
return paramiko.AUTH_FAILED
def check_channel_request(self, kind, chanid):
if kind == 'sshproxy-IPC':
return paramiko.OPEN_SUCCEEDED
addr = self.sock_addr[0]
log.error("ATTENTION: unauthorized attempt to connect "
"on IPC channel type '%s' from %s@%s" %
(kind, self.username, addr))
return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
IPCServer = get_class("IPCServer")
class SIPCServer(IPCServer):
def _sock_accept(self):
if self.sock_type == socket.AF_UNIX and self.sock_addr[0] == '\x00':
return IPCServer._sock_accept(self)
real_sock, address = self.sock.accept()
log.info("IPC: Accepting new secure client %s", address)
host_key = paramiko.DSSKey(filename="/etc/sshproxy/id_dsa")
transport = paramiko.Transport(real_sock)
transport.load_server_moduli()
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
import os
from sshproxy import get_class
from sshproxy import aclparser
from sshproxy import log
base = get_class('ACLRuleParser')
class ACLRuleParser(base):
def func_len(self, *args):
if len(args) != 1:
log.warning("Warning: function len takes exactly 1 argument.")
return
return len(args[0])
def func_substr(self, *args):
if len(args) != 3:
log.warning("Warning: function substr takes exactly 3 arguments.")
return
start = args[0]
end = args[1]