Ejemplo n.º 1
0
            fi
            ;;
        *)
            args=( "${args[@]}" "$1" )

            ;;
    esac
    shift
done


[ -n "$verbose" ] && echo scp -oPort=$PROXY_PORT "${OPTS[@]}" "${args[@]}"
exec scp -oPort=$PROXY_PORT "${OPTS[@]}" "${args[@]}"
"""

base_class = get_class('Server')

class Server(base_class):
    def add_cmdline_options(self, parser):
        base_class.add_cmdline_options(self, parser)
        parser.add_option("", "--get-pssh", dest="action",
                help="display pssh client script.",
                action="store_const",
                const="get_pssh",
                )
        parser.add_option("", "--get-pscp", dest="action",
                help="display pscp client script.",
                action="store_const",
                const="get_pscp",
                )
Ejemplo n.º 2
0
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301  USA

from sshproxy import get_class
from sshproxy.dispatcher import Dispatcher
from sshproxy.server import Server

base = get_class('Dispatcher')

class ConsoleExtra_Dispatcher(base):
    acl_open = "acl(cmd_open)"
    def cmd_open(self, *args):
        """
        open user@site

        Open a shell session on user@site.
        """
        self.check_args(1, args, strict=True)

        server = Server()

        server.args = list(args)
        server.do_shell_session()
Ejemplo n.º 3
0
from sshproxy.config import get_config, ConfigSection, path
from sshproxy import keys
from sshproxy.proxy import ProxyShell
from sshproxy.backend import Backend


class LogUsersConfigSection(ConfigSection):
    section_id = "logusers"
    section_defaults = {"logdir": "@logusers"}
    types = {"logdir": path}


LogUsersConfigSection.register()


ProxyShell = get_class("ProxyShell")


class LoggedProxyShell(ProxyShell):
    tr_table = {}
    _tr_table = {"\r\n": "\n", "\r": "\n", "\n": "\n", "<": "<INF>", ">": "<SUP>"}

    def __reginit__(self, *args, **kw):
        conf = get_config("logusers")
        if not os.path.isdir(conf["logdir"]):
            os.makedirs(conf["logdir"])

        self.logdir = conf["logdir"]

        # fill our translation table
        for key in dir(keys):
Ejemplo n.º 4
0
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301  USA

from sshproxy import get_class


I18n = get_class("I18n")

class LangPack_fr(I18n):

    encoding = 'utf8'
    messages = {
        1557792624: u"exécute des commandes d'administration",
        -2139151278: u"liste les sites autorisés",
        1318597108: u"ERREUR: %s n'existe pas dans votre environnement\n",
        433505454: u"ERREUR: Vous n'êtes pas autorisé à ouvrir une "
                    "session shell sur %s\n",
        -1260436857: u"""
        kill user@site
        
        Ferme toutes les connections vers user@site.
        """,
Ejemplo n.º 5
0
from sshproxy.registry import Registry
from sshproxy.server import Server
from sshproxy import log
from sshproxy.util import chanfmt

# set suboptions
#telnetlib.SEND = chr(1)
#
#tnd = {}
#for v in dir(telnetlib):
#    try:
#        tnd[getattr(telnetlib, v)] = v
#    except TypeError:
#        pass

Server = get_class('Server')


class TelnetEnabledServer(Server):
    def do_shell_session(self):
        site = self.args[0]
        if not self.authorize(site, need_login=True):
            self.chan.send(
                chanfmt(
                    _(u"ERROR: %s does not exist in "
                      "your scope\n") % site))
            return False

        kind = self.get_ns_tag('site', 'kind', '')
        if not kind == 'telnet':
            return Server.do_shell_session(self)
Ejemplo n.º 6
0
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301  USA

from sshproxy import get_class

I18n = get_class("I18n")


class LangPack_fr(I18n):

    encoding = 'utf8'
    messages = {
        1557792624:
        u"exécute des commandes d'administration",
        -2139151278:
        u"liste les sites autorisés",
        1318597108:
        u"ERREUR: %s n'existe pas dans votre environnement\n",
        433505454:
        u"ERREUR: Vous n'êtes pas autorisé à ouvrir une "
        "session shell sur %s\n",
Ejemplo n.º 7
0
        # };
        # struct rpldsk_packet {
        #      uint16_t size;
        #      uint8_t event, magic;
        #      struct rpltime time;
        # } __attribute__((packed));
        packet = struct.pack("HBBQL", len(data), event, 0xEE, sec, usec)

        return packet + data

    def __del__(self):
        self.log.close()



Server = get_class('Server')

class TTYrplServer(Server):
    def do_shell_session(self):
        client_enable = istrue(self.get_ns_tag('client', 'log_me', 'no'))
        # The following line is useless because the site namespace is not
        # yet set up at this point. We get the site 'log_me' tag by
        # overriding the authorize method, hence the UGLY HACK comment.
        site_enable = istrue(self.get_ns_tag('site', 'log_me', 'no'))
        if client_enable or site_enable:
            TTYrplProxyShell.register()
        return Server.do_shell_session(self)

    def authorize(self, user_site, need_login=True):
        # UGLY HACK
        auth = Server.authorize(self, user_site, need_login=True)
Ejemplo n.º 8
0
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301  USA

from sshproxy import get_class


Server = get_class("Server")

class AlternateLoginServer(Server):
    alternate_login_sep = '?'
    alternate_login_at = '='

    def set_exec_args(self, argstr):
        args = self.args
        value = Server.set_exec_args(self, argstr)
        self.args = args + self.args
        return value

    def check_auth_password(self, username, password):
        if self.alternate_login_sep in username:
            username, site = username.split(self.alternate_login_sep, 1)
            site = site.replace(self.alternate_login_at, '@')
Ejemplo n.º 9
0
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301  USA

from sshproxy import get_class

Server = get_class("Server")

class RemoteLoggingServer(Server):
    def connect_site(self, site_tags=None, site_ref=None):
        main_chan = Server.connect_site(self, site_tags, site_ref)

        rlog_chan = main_chan.transport.open_session()
        proxy_user = self.get_ns_tag('client', 'username')
        site_user = self.get_ns_tag('site', 'login')
        client_ip = self.get_ns_tag('client', 'ip_addr')
        cmdline = ('logger -p daemon.notice "User %s logged in as %s from %s"'
                            % (proxy_user, site_user, client_ip))
        rlog_chan.exec_command(cmdline)
        rlog_chan.close()

        return main_chan
Ejemplo n.º 10
0
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301  USA

from sshproxy import get_class
from sshproxy.dispatcher import Dispatcher
from sshproxy.server import Server

base = get_class('Dispatcher')


class ConsoleExtra_Dispatcher(base):
    acl_open = "acl(cmd_open)"

    def cmd_open(self, *args):
        """
        open user@site

        Open a shell session on user@site.
        """
        self.check_args(1, args, strict=True)

        server = Server()
Ejemplo n.º 11
0
        return paramiko.AUTH_FAILED

    def check_channel_request(self, kind, chanid):
        if kind == 'sshproxy-IPC':
            return paramiko.OPEN_SUCCEEDED

        addr = self.sock_addr[0]
        log.error("ATTENTION: unauthorized attempt to connect "
                  "on IPC channel type '%s' from %s@%s" %
                    (kind, self.username, addr))

        return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED



IPCServer = get_class("IPCServer")

class SIPCServer(IPCServer):
    def _sock_accept(self):
        if self.sock_type == socket.AF_UNIX and self.sock_addr[0] == '\x00':
            return IPCServer._sock_accept(self)

        real_sock, address = self.sock.accept()
        log.info("IPC: Accepting new secure client %s", address)

        host_key = paramiko.DSSKey(filename="/etc/sshproxy/id_dsa")

        transport = paramiko.Transport(real_sock)

        transport.load_server_moduli()
        transport.add_server_key(host_key)
Ejemplo n.º 12
0
from sshproxy.backend import Backend


class LogUsersConfigSection(ConfigSection):
    section_id = 'logusers'
    section_defaults = {
        'logdir': '@logusers',
    }
    types = {
        'logdir': path,
    }


LogUsersConfigSection.register()

ProxyShell = get_class('ProxyShell')


class LoggedProxyShell(ProxyShell):
    tr_table = {}
    _tr_table = {
        '\r\n': '\n',
        '\r': '\n',
        '\n': '\n',
        '<': '<INF>',
        '>': '<SUP>',
    }

    def __reginit__(self, *args, **kw):
        conf = get_config('logusers')
        if not os.path.isdir(conf['logdir']):
Ejemplo n.º 13
0
from sshproxy.server import Server
from sshproxy import log
from sshproxy.util import chanfmt

# set suboptions
#telnetlib.SEND = chr(1)
#
#tnd = {}
#for v in dir(telnetlib):
#    try:
#        tnd[getattr(telnetlib, v)] = v
#    except TypeError:
#        pass


Server = get_class('Server')

class TelnetEnabledServer(Server):

    def do_shell_session(self):
        site = self.args[0]
        if not self.authorize(site, need_login=True):
            self.chan.send(chanfmt(_(u"ERROR: %s does not exist in "
                                        "your scope\n") % site))
            return False

        kind = self.get_ns_tag('site', 'kind', '')
        if not kind == 'telnet':
            return Server.do_shell_session(self)
        else:
            site = self.args.pop(0)
Ejemplo n.º 14
0
                  "on IPC channel from %s@%s" % (username, addr))
        return paramiko.AUTH_FAILED

    def check_channel_request(self, kind, chanid):
        if kind == 'sshproxy-IPC':
            return paramiko.OPEN_SUCCEEDED

        addr = self.sock_addr[0]
        log.error("ATTENTION: unauthorized attempt to connect "
                  "on IPC channel type '%s' from %s@%s" %
                  (kind, self.username, addr))

        return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED


IPCServer = get_class("IPCServer")


class SIPCServer(IPCServer):
    def _sock_accept(self):
        if self.sock_type == socket.AF_UNIX and self.sock_addr[0] == '\x00':
            return IPCServer._sock_accept(self)

        real_sock, address = self.sock.accept()
        log.info("IPC: Accepting new secure client %s", address)

        host_key = paramiko.DSSKey(filename="/etc/sshproxy/id_dsa")

        transport = paramiko.Transport(real_sock)

        transport.load_server_moduli()
Ejemplo n.º 15
0
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301  USA

import os

from sshproxy import get_class
from sshproxy import aclparser
from sshproxy import log

base = get_class('ACLRuleParser')

class ACLRuleParser(base):

    def func_len(self, *args):
        if len(args) != 1:
            log.warning("Warning: function len takes exactly 1 argument.")
            return
        return len(args[0])

    def func_substr(self, *args):
        if len(args) != 3:
            log.warning("Warning: function substr takes exactly 3 arguments.")
            return
        start = args[0]
        end = args[1]