def get_enable_credential_password(context):
credentials = context.get('credentials')
enable_credential_password = ""
login_creds = context.get('login_creds', [])
fallback_cred = context.get('default_cred_name', "")
if not login_creds:
login_creds = [fallback_cred]
if not isinstance(login_creds, list):
login_creds = [login_creds]
final_credential = login_creds[-1] if login_creds else ""
if credentials:
enable_pw_checks = [
(context.get('previous_credential', ""), 'enable_password'),
(final_credential, 'enable_password'),
(fallback_cred, 'enable_password'),
(ENABLE_CRED_NAME, 'password'),
(context.get('default_cred_name', ""), 'password'),
]
for cred_name, key in enable_pw_checks:
if cred_name:
candidate_enable_pw = credentials.get(cred_name, {}).get(key)
if candidate_enable_pw:
enable_credential_password = candidate_enable_pw
break
else:
raise UniconAuthenticationError('{}: Could not find an enable credential.'.\
format(context.get('hostname', "")))
return to_plaintext(enable_credential_password)
def common_cred_username_handler(spawn, context, credential):
""" Send the current credential's username. """
try:
spawn.sendline(to_plaintext(
context['credentials'][credential]['username']))
except KeyError:
raise UniconAuthenticationError("No username found "
"for credential {}.".format(credential))
def passphrase_handler(spawn, context, session):
""" Handles SSH passphrase prompt """
credential = get_current_credential(context=context, session=session)
try:
spawn.sendline(to_plaintext(
context['credentials'][credential]['passphrase']))
except KeyError:
raise UniconAuthenticationError("No passphrase found "
"for credential {}.".format(credential))
def expert_password_handler(spawn, context, session):
credentials = context.get('credentials')
expert_credential_password = credentials.get('expert', {}).get('password')
expert_password = to_plaintext(expert_credential_password)
sleep(0.1)
spawn.sendline(expert_password)
sleep(0.1)
spawn.sendline()
def enable_password_handler(spawn, context, session):
if 'password_attempts' not in session:
session['password_attempts'] = 1
else:
session['password_attempts'] += 1
if session.password_attempts > spawn.settings.PASSWORD_ATTEMPTS:
raise UniconAuthenticationError('Too many enable password retries')
credentials = context.get('credentials')
enable_password = to_plaintext(credentials.get('enable', {}).get('password', ''))
spawn.sendline(enable_password)
def enable_password_handler(spawn, context, session):
credentials = context.get('credentials')
enable_credential = credentials[ENABLE_CRED_NAME] if credentials else None
if enable_credential:
try:
spawn.sendline(to_plaintext(enable_credential['password']))
except KeyError as exc:
raise UniconAuthenticationError(
"No password has been defined "
"for credential {}.".format(ENABLE_CRED_NAME))
else:
spawn.sendline(context['enable_password'])
def sudo_password_handler(spawn, context):
""" Password handler for sudo command
Need a better place for 'sudo' password, using line_password as workaround
"""
credentials = context.get('credentials')
if credentials:
try:
spawn.sendline(
to_plaintext(credentials[SUDO_CRED_NAME]['password']))
except KeyError as exc:
raise UniconAuthenticationError("No password has been defined "
"for credential '{}'.".format(SUDO_CRED_NAME))
else:
spawn.sendline(context['line_password'])
def enable_password_handler(spawn, context, session):
credentials = context.get('credentials')
enable_credential = credentials[ENABLE_CRED_NAME] if credentials else None
if enable_credential:
try:
spawn.sendline(to_plaintext(enable_credential['password']))
except KeyError as exc:
raise UniconAuthenticationError("No password has been defined "
"for credential {}.".format(ENABLE_CRED_NAME))
else:
if 'password_attempts' not in session:
session['password_attempts'] = 1
else:
session['password_attempts'] += 1
if session.password_attempts > spawn.settings.PASSWORD_ATTEMPTS:
raise UniconAuthenticationError('Too many enable password retries')
spawn.sendline(context['enable_password'])
def sudo_password_handler(spawn, context, session):
""" Password handler for sudo command
"""
if 'sudo_attempts' not in session:
session['sudo_attempts'] = 1
else:
raise UniconAuthenticationError('sudo failure')
credentials = context.get('credentials')
if credentials:
try:
spawn.sendline(
to_plaintext(credentials['sudo']['password']))
except KeyError:
raise UniconAuthenticationError("No password has been defined "
"for sudo credential.")
else:
raise UniconAuthenticationError("No credentials has been defined for sudo.")
def common_cred_password_handler(spawn, context, session, credential,
reuse_current_credential=False):
""" Send the current credential's password.
The current credential is then invalidated as long as
reuse_current_credential is set to `False`.
Invalidating a credential means that if any subsequent usernames/passwords
are requested, the next credential in session['cred_iter'] is consumed.
"""
try:
spawn.sendline(to_plaintext(
context['credentials'][credential]['password']))
except KeyError:
raise UniconAuthenticationError("No password found "
"for credential {}.".format(credential))
if not reuse_current_credential:
invalidate_current_credential(context=context, session=session)
def get_enable_credential_password(context):
""" Get the enable password from the credentials.
1. If there is a previous credential (the last credential used to respond to
a password prompt), use its enable_password member if it exists.
2. Otherwise, if the user specified a list of credentials, pick the final one in the list and
use its enable_password member if it exists.
3. Otherwise, if there is a default credential, use its enable_password member if it exists.
4. Otherwise, use the well known "enable" credential, password member if it exists.
5. Otherwise, use the default credential "password" member if it exists.
6. Otherwise, raise error that no enable password could be found.
"""
credentials = context.get('credentials')
enable_credential_password = ""
login_creds = context.get('login_creds', [])
fallback_cred = context.get('default_cred_name', "")
if not login_creds:
login_creds = [fallback_cred]
if not isinstance(login_creds, list):
login_creds = [login_creds]
# Pick the last item in the login_creds list to select the intended
# credential even if the device does not ask for a password on login
# and the given credential is not consumed.
final_credential = login_creds[-1] if login_creds else ""
if credentials:
enable_pw_checks = [
(context.get('previous_credential', ""), 'enable_password'),
(final_credential, 'enable_password'),
(fallback_cred, 'enable_password'),
(ENABLE_CRED_NAME, 'password'),
(context.get('default_cred_name', ""), 'password'),
]
for cred_name, key in enable_pw_checks:
if cred_name:
candidate_enable_pw = credentials.get(cred_name, {}).get(key)
if candidate_enable_pw:
enable_credential_password = candidate_enable_pw
break
else:
raise UniconAuthenticationError('{}: Could not find an enable credential.'.
format(context.get('hostname', "")))
return to_plaintext(enable_credential_password)
def enable_username_handler(spawn, context, session):
credentials = context.get('credentials')
enable_username = to_plaintext(credentials.get('enable', {}).get('username', ''))
spawn.sendline(enable_username)
