Exemple #1
0
    def check_account_noverify(self, username):
        """ Return success/fail for system-enabled accounts.

        For some usernames, such as 'new' or 'anonymous', a correct
        password or public key is not required -- any will do. We return
        True if ``username`` is one of these configurable account names
        and if it is enabled.

        This method has two side effects, it may set the instance
        attribute ``new_user`` or ``anonymous`` to True if it is enabled
        by configuration and the username is of their matching handles.
        """
        if check_new_user(username):
            # if allowed, allow new@, etc. to apply for an account.
            self.new = True
            self.log.debug('accepted without authentication, {0!r}: '
                           'it is an alias for new user application.'
                           .format(username))
            return True

        elif check_bye_user(username):
            # not allowed to login using bye@, logoff@, etc.
            self.log.debug('denied user, {0!r}: it is an alias for logoff'
                           .format(username))
            return False

        elif check_anonymous_user(username):
            # if enabled, allow ssh anonymous@, root@, etc.
            self.log.debug('anonymous user, {0!r} accepted by configuration.'
                           .format(username))
            self.anonymous = True
            return True

        return False
Exemple #2
0
    def check_account_noverify(self, username):
        """ Return success/fail for system-enabled accounts.

        For some usernames, such as 'new' or 'anonymous', a correct
        password or public key is not required -- any will do. We return
        True if ``username`` is one of these configurable account names
        and if it is enabled.

        This method has two side effects, it may set the instance
        attribute ``new_user`` or ``anonymous`` to True if it is enabled
        by configuration and the username is of their matching handles.
        """
        if check_new_user(username):
            # if allowed, allow new@, etc. to apply for an account.
            self.new = True
            self.log.debug('accepted without authentication, {0!r}: '
                           'it is an alias for new user application.'
                           .format(username))
            return True

        elif check_bye_user(username):
            # not allowed to login using bye@, logoff@, etc.
            self.log.debug('denied user, {0!r}: it is an alias for logoff'
                           .format(username))
            return False

        elif check_anonymous_user(username):
            # if enabled, allow ssh anonymous@, root@, etc.
            self.log.debug('anonymous user, {0!r} accepted by configuration.'
                           .format(username))
            self.anonymous = True
            return True

        return False
Exemple #3
0
    def run(self):
        """
        Perform rfc1282 (rlogin) connection establishment.

        Determine terminal type, telnet options, window size,
        and tcp socket options before spawning a new session.
        """
        try:
            self._set_socket_opts()

            self.banner()

            # Receive on-connect data-value pairs, may raise ValueError.
            data = self.get_connect_data()

            # parse into dict,
            parsed = self.parse_connect_data(data)
            for key, value in parsed.items():
                if value:
                    self.log.debug('{client.addrport}: {key}={value}'
                                   .format(client=self.client,
                                           key=key, value=value))

            # and apply to session-local self.client.env.
            self.apply_environment(parsed)

            # The server returns a zero byte to indicate that it has received
            # these strings and is now in data transfer mode.
            if self.client.is_active():
                self.client.send_str(bytes('\x00'))

                # The remote server indicates to the client that it can accept
                # window size change information by requesting a window size
                # message (as out of band data) just after connection
                # establishment and user identification exchange.  The client
                # should reply to this request with the current window size.
                #
                # Disabled: neither SyncTERM or BSD rlogin honors this, and
                # we haven't got any code to parse it. Its in the RFC but ..
                self.client.send_urgent_str(bytes('\x80'))

            matrix_kwargs = {}
            username = parsed.get('server-user-name', 'new')
            if check_new_user(username):
                # new@ login may be allowed
                matrix_kwargs['new'] = True
            if check_bye_user(username):
                # rlogin as 'bye', 'logoff', etc. not allowed
                raise ValueError('Bye user {0!r} used by rlogin'
                                 .format(username))
            if check_anonymous_user(username):
                # anonymous@ login may be allowed
                matrix_kwargs['anonymous'] = True

            if self.client.is_active():
                return spawn_client_session(client=self.client,
                                            matrix_kwargs=matrix_kwargs)
        except socket.error as err:
            self.log.debug('{client.addrport}: connection closed: {err}'
                           .format(client=self.client, err=err))
        except EOFError:
            self.log.debug('{client.addrport}: EOF from client'
                           .format(client=self.client))
        except Exception as err:
            self.log.debug('{client.addrport}: connection closed: {err}'
                           .format(client=self.client, err=err))
        finally:
            self.stopped = True
        self.client.deactivate()
Exemple #4
0
    def run(self):
        """
        Perform rfc1282 (rlogin) connection establishment.

        Determine terminal type, telnet options, window size,
        and tcp socket options before spawning a new session.
        """
        try:
            self._set_socket_opts()

            self.banner()

            # Receive on-connect data-value pairs, may raise ValueError.
            data = self.get_connect_data()

            # parse into dict,
            parsed = self.parse_connect_data(data)
            for key, value in parsed.items():
                if value:
                    self.log.debug('{client.addrport}: {key}={value}'.format(
                        client=self.client, key=key, value=value))

            # and apply to session-local self.client.env.
            self.apply_environment(parsed)

            # The server returns a zero byte to indicate that it has received
            # these strings and is now in data transfer mode.
            if self.client.is_active():
                self.client.send_str(bytes('\x00'))

                # The remote server indicates to the client that it can accept
                # window size change information by requesting a window size
                # message (as out of band data) just after connection
                # establishment and user identification exchange.  The client
                # should reply to this request with the current window size.
                #
                # Disabled: neither SyncTERM or BSD rlogin honors this, and
                # we haven't got any code to parse it. Its in the RFC but ..
                self.client.send_urgent_str(bytes('\x80'))

            matrix_kwargs = {}
            username = parsed.get('server-user-name', 'new')
            if check_new_user(username):
                # new@ login may be allowed
                matrix_kwargs['new'] = True
            if check_bye_user(username):
                # rlogin as 'bye', 'logoff', etc. not allowed
                raise ValueError(
                    'Bye user {0!r} used by rlogin'.format(username))
            if check_anonymous_user(username):
                # anonymous@ login may be allowed
                matrix_kwargs['anonymous'] = True

            if self.client.is_active():
                return spawn_client_session(client=self.client,
                                            matrix_kwargs=matrix_kwargs)
        except socket.error as err:
            self.log.debug(
                '{client.addrport}: connection closed: {err}'.format(
                    client=self.client, err=err))
        except EOFError:
            self.log.debug('{client.addrport}: EOF from client'.format(
                client=self.client))
        except Exception as err:
            self.log.debug(
                '{client.addrport}: connection closed: {err}'.format(
                    client=self.client, err=err))
        finally:
            self.stopped = True
        self.client.deactivate()