def run(self, terms, variables, **kwargs):
filename = self.get_filename()
password = self.get_password()
ret = []
kp = PyKeePass(filename, password)
for term in terms:
path, attribute = term.rsplit('.', 1)
found = kp.find_entries_by_path(path, first=True)
if not found:
raise AnsibleError(
"Entry %s not found in keepass-Database %s" % \
(path, filename)
)
if attribute.startswith('attr_'):
dict = found.custom_properties
value = dict[attribute[len('attr_'):]]
else:
value = getattr(found, attribute)
ret.append(value)
return ret
def process():
args = get_args()
print(args.dbpath)
if not os.path.exists(args.dbpath):
print("DB file path does not exist", file=sys.stderr)
sys.exit(1)
password = getpass()
try:
db = KP(args.dbpath, password=password)
except FileNotFoundError:
print("DB file path does not exist", file=sys.stderr)
sys.exit(1)
except OSError:
print("Invalid password", file=sys.stderr)
sys.exit(1)
except Exception:
print("Misc error", file=sys.stderr)
sys.exit(1)
groups = db.find_groups_by_name(args.groupname)
if len(groups) == 0:
print("Group does not exist", file=sys.stderr)
sys.exit(1)
if len(groups) > 1:
print("Multiple groups of that name exist. Cannot continue",
file=sys.stderr)
sys.exit(1)
group = groups[0]
## Only grab from root
path = "".join([db.root_group.path, args.entrytitle])
entries = db.find_entries_by_path(path)
if len(entries) == 0:
print("Entry by that title does not exist", file=sys.stderr)
for entry in entries:
group.append(entry)
db.save()
def run(self, terms, variables, **kwargs):
filename = self.get_filename()
password = self.get_password()
ret = []
kp = PyKeePass(filename, password)
for term in terms:
path, attribute = term.rsplit('.', 1)
found = kp.find_entries_by_path(path, first=True)
if not found:
raise AnsibleError(
"Entry %s not found in keepass-Database %s" % \
(path, filename)
)
value = getattr(found, attribute)
ret.append(value)
return ret
def run(self, terms, variables, **kwargs):
filename = self.get_filename()
password = self.get_password()
ret = []
kp = PyKeePass(filename, password)
for term in terms:
path, attribute = term.rsplit('.', 1)
found = kp.find_entries_by_path(path, first=True)
if not found:
raise AnsibleError(
"Entry %s not found in keepass-Database %s" % \
(path, filename)
)
value = getattr(found, attribute)
ret.append(value)
return ret
class TestSshEntries(unittest.TestCase):
def setUp(self):
self.kdb = PyKeePass('./keys.kdbx', '1234')
self.agent = SshAgentClient()
def tearDown(self):
self.agent.close()
def test_embedded_rsa(self):
entry = self.kdb.find_entries_by_path('embedded_keys/id_rsa')[0]
ssh_entry = SshEntry(self.kdb, entry)
private_key = ssh_entry.private_key
self.agent.add_key(private_key)
self.assertTrue(self.agent.is_key_active(private_key))
def test_embedded_dsa(self):
entry = self.kdb.find_entries_by_path('embedded_keys/id_dsa')[0]
ssh_entry = SshEntry(self.kdb, entry)
private_key = ssh_entry.private_key
self.agent.add_key(private_key)
self.assertTrue(self.agent.is_key_active(private_key))
def test_embedded_ecdsa(self):
entry = self.kdb.find_entries_by_path('embedded_keys/id_ecdsa')[0]
ssh_entry = SshEntry(self.kdb, entry)
private_key = ssh_entry.private_key
self.agent.add_key(private_key)
self.assertTrue(self.agent.is_key_active(private_key))
def test_file_rsa(self):
entry = self.kdb.find_entries_by_path('file_keys/id_rsa')[0]
ssh_entry = SshEntry(self.kdb, entry)
private_key = ssh_entry.private_key
self.agent.add_key(private_key)
self.assertTrue(self.agent.is_key_active(private_key))
def test_file_dsa(self):
entry = self.kdb.find_entries_by_path('file_keys/id_dsa')[0]
ssh_entry = SshEntry(self.kdb, entry)
private_key = ssh_entry.private_key
self.agent.add_key(private_key)
self.assertTrue(self.agent.is_key_active(private_key))
def test_file_ecdsa(self):
entry = self.kdb.find_entries_by_path('file_keys/id_ecdsa')[0]
ssh_entry = SshEntry(self.kdb, entry)
private_key = ssh_entry.private_key
self.agent.add_key(private_key)
self.assertTrue(self.agent.is_key_active(private_key))
def test_passwordless_rsa(self):
entry = self.kdb.find_entries_by_path('without_passphrase/id_rsa')[0]
ssh_entry = SshEntry(self.kdb, entry)
private_key = ssh_entry.private_key
self.agent.add_key(private_key)
self.assertTrue(self.agent.is_key_active(private_key))
def test_passwordless_dsa(self):
entry = self.kdb.find_entries_by_path('without_passphrase/id_dsa')[0]
ssh_entry = SshEntry(self.kdb, entry)
private_key = ssh_entry.private_key
self.agent.add_key(private_key)
self.assertTrue(self.agent.is_key_active(private_key))
def test_passwordless_ecdsa(self):
entry = self.kdb.find_entries_by_path('without_passphrase/id_ecdsa')[0]
ssh_entry = SshEntry(self.kdb, entry)
private_key = ssh_entry.private_key
self.agent.add_key(private_key)
self.assertTrue(self.agent.is_key_active(private_key))
class EntryFunctionTests(unittest.TestCase):
# get some things ready before testing
def setUp(self):
self.kp = PyKeePass(os.path.join(base_dir, 'test.kdbx'),
password='******',
keyfile=os.path.join(base_dir, 'test.key'))
#---------- Finding entries -----------
def test_find_entries_by_title(self):
results = self.kp.find_entries_by_title('root_entry')
self.assertEqual(len(results), 1)
results = self.kp.find_entries_by_title('Root_entry',
regex=True,
flags='i',
first=True)
self.assertEqual('root_entry', results.title)
def test_find_entries_by_username(self):
results = self.kp.find_entries_by_username('foobar_user')
self.assertEqual(len(results), 2)
results = self.kp.find_entries_by_username('Foobar_user',
regex=True,
flags='i',
first=True)
self.assertEqual('foobar_user', results.username)
def test_find_entries_by_password(self):
results = self.kp.find_entries_by_password('passw0rd')
self.assertEqual(len(results), 2)
results = self.kp.find_entries_by_password('Passw0rd',
regex=True,
flags='i',
first=True)
self.assertEqual('passw0rd', results.password)
def test_find_entries_by_url(self):
results = self.kp.find_entries_by_url('http://example.com')
self.assertEqual(len(results), 2)
results = self.kp.find_entries_by_url('http://example.com', first=True)
self.assertEqual('http://example.com', results.url)
def test_find_entries_by_notes(self):
results = self.kp.find_entries_by_notes('entry notes')
self.assertEqual(len(results), 1)
results = self.kp.find_entries_by_notes('entry notes', regex=True)
self.assertEqual(len(results), 2)
results = self.kp.find_entries_by_notes('Entry notes',
regex=True,
flags='i',
first=True)
self.assertEqual('root entry notes', results.notes)
def test_find_entries_by_path(self):
results = self.kp.find_entries_by_path('foobar_group/group_entry')
self.assertEqual(len(results), 1)
results = self.kp.find_entries_by_path('foobar_group/Group_entry',
regex=True,
flags='i',
first=True)
self.assertIsInstance(results, Entry)
self.assertEqual('group_entry', results.title)
def test_find_entries_by_uuid(self):
results = self.kp.find_entries_by_uuid('zF9+zSoASMqWIcIio0ewuw==')[0]
self.assertIsInstance(results, Entry)
self.assertEqual('zF9+zSoASMqWIcIio0ewuw==', results.uuid)
self.assertEqual('foobar_user', results.username)
def test_find_entries_by_string(self):
results = self.kp.find_entries_by_string(
{'custom_field': 'custom field value'})[0]
self.assertIsInstance(results, Entry)
self.assertEqual('custom field value',
results.get_custom_property('custom_field'))
self.assertEqual('HnN4bHSVjEybPf8nOq1bVA==', results.uuid)
def test_find_entries(self):
results = self.kp.find_entries(title='Root_entry', regex=True)
self.assertEqual(len(results), 0)
results = self.kp.find_entries(title='Root_entry',
regex=True,
flags='i',
first=True)
self.assertEqual('root_entry', results.title)
results = self.kp.find_entries(url="http://example.com")
self.assertEqual(len(results), 2)
results = self.kp.find_entries(notes="entry notes",
url="http://example.com")
self.assertEqual(len(results), 1)
self.assertTrue(
self.kp.find_entries(title='group_entry', first=True) in results)
# test `group` argument
results = self.kp.find_entries(title='foobar_entry', group=None)
self.assertEqual(len(results), 3)
group = self.kp.find_groups(name='foobar_group', first=True)
results = self.kp.find_entries(title='foobar_entry', group=group)
self.assertEqual(len(results), 2)
#---------- Adding/Deleting entries -----------
def test_add_delete_move_entry(self):
unique_str = 'test_add_entry_'
expiry_time = datetime.now()
entry = self.kp.add_entry(self.kp.root_group,
unique_str + 'title',
unique_str + 'user',
unique_str + 'pass',
url=unique_str + 'url',
notes=unique_str + 'notes',
tags=unique_str + 'tags',
expiry_time=expiry_time,
icon=icons.KEY)
results = self.kp.find_entries_by_title(unique_str + 'title')
self.assertEqual(len(results), 1)
results = self.kp.find_entries_by_title(unique_str + 'title',
first=True)
self.assertEqual(results.title, unique_str + 'title')
self.assertEqual(results.username, unique_str + 'user')
self.assertEqual(results.password, unique_str + 'pass')
self.assertEqual(results.url, unique_str + 'url')
self.assertEqual(results.notes, unique_str + 'notes')
self.assertEqual(results.tags, [unique_str + 'tags'])
# convert naive datetime to utc
expiry_time_utc = expiry_time.replace(tzinfo=tz.gettz()).astimezone(
tz.gettz('UTC'))
self.assertEqual(results.icon, icons.KEY)
sub_group = self.kp.add_group(self.kp.root_group, 'sub_group')
self.kp.move_entry(entry, sub_group)
results = self.kp.find_entries(path='sub_group/' +
'test_add_entry_title',
first=True)
self.assertEqual(results.title, entry.title)
self.kp.delete_entry(entry)
results = self.kp.find_entries_by_title(unique_str + 'title',
first=True)
self.assertIsNone(results)
# test adding entry which exists in another group
subgroup = self.kp.find_groups(name='subgroup2', first=True)
self.kp.add_entry(subgroup,
title='foobar_entry',
username='******',
password='******')
# test adding entry to root which exists in subgroup
self.kp.add_entry(subgroup,
title='foobar_entry2',
username='******',
password='******')
self.kp.add_entry(self.kp.root_group,
title='foobar_entry2',
username='******',
password='******')
#---------- Entries name collision exception -----------
def test_raise_exception_entry(self):
unique_str = 'test_add_entry_'
entry = self.kp.add_entry(self.kp.root_group,
unique_str + 'title',
unique_str + 'user',
unique_str + 'pass',
url=unique_str + 'url',
notes=unique_str + 'notes',
tags=unique_str + 'tags',
icon=icons.KEY)
self.assertRaises(Exception, entry)
# ---------- Entries representation -----------
def test_print_entries(self):
self.assertIsInstance(self.kp.entries.__repr__(), str)
def main():
"""
Out main processing function
:return:
"""
if not is_root():
if is_atty():
elevate.elevate(graphical=False)
else:
elevate.elevate()
args = parse_arguments()
if args.terminate:
terminate()
exit()
if args.configure:
configure()
exit()
# load configuration
config = load_conf(args.config)
if "url" not in config:
config["url"] = input("Enter SSO gateway: ")
# look for credentials in the arguments
if args.email is None:
if "store" in config:
if "email" in config["store"]:
email = config["store"]["email"]
if "password" in config["store"]:
password = config["store"]["password"]
elif "type" in config["store"]:
if config["store"]["type"] == "keepassxc":
kp_password = getpass.getpass("Enter KeepassXC Password: "******"store"]["database"],
password=kp_password)
entry = kp.find_entries_by_path(config["store"]["entry"])
email = entry.username
password = entry.password
else:
email = args.email
options = Options()
if not args.show:
options.headless = True
options.add_argument("--no-sandbox")
browser = webdriver.Chrome(executable_path="/usr/local/bin/chromedriver",
options=options)
browser.get(config["url"])
time.sleep(1)
assert "HPE Log on" in browser.title
input_username = browser.find_element_by_name("pf.username")
input_username.clear()
input_username.send_keys(email)
input_password = browser.find_element_by_name("pf.pass")
input_password.clear()
input_password.send_keys(password)
input_password.send_keys(Keys.RETURN)
print("Waiting for PingID MFA Approval")
while browser.title != "Pulse Connect Secure - Home":
if "HP Global VPN - Confirmation Open Sessions" in browser.title:
try:
input_postfix_sid = browser.find_element_by_name("postfixSID")
input_postfix_sid.click()
except selenium.common.exceptions.NoSuchElementException:
pass
try:
input_btn_continue = browser.find_element_by_name(
"btnContinue")
input_btn_continue.click()
except selenium.common.exceptions.NoSuchElementException:
time.sleep(1)
cookies = browser.get_cookies()
for cookie in cookies:
if cookie["name"] == "DSID":
dsid = cookie["value"]
browser.quit()
if args.echo:
print(
"/usr/sbin/openconnect --pid-file=/var/run/pingmfa --background --protocol nc -C DSID={} https://global.remoteaccess.hp.com"
.format(dsid))
exit()
attempt_count = 0
while attempt_count < args.attempts:
command = "/usr/sbin/openconnect --pid-file=/var/run/pingmfa --background --protocol nc -C DSID={} https://global.remoteaccess.hp.com".format(
dsid)
cmd_args = shlex.split(command)
result = subprocess.run(cmd_args)
attempt_count += 1
if result.returncode == 0:
exit()
time.sleep(1)
