def __patch_it__(): import paramiko from sshproxy import log if paramiko.__version_info__ <= (1, 7, 2): import p_paramiko_passwdenc log.info("Runtime patch to paramiko password encoding applied")
def _sock_accept(self): if self.sock_type == socket.AF_UNIX and self.sock_addr[0] == '\x00': return IPCServer._sock_accept(self) real_sock, address = self.sock.accept() log.info("IPC: Accepting new secure client %s", address) host_key = paramiko.DSSKey(filename="/etc/sshproxy/id_dsa") transport = paramiko.Transport(real_sock) transport.load_server_moduli() transport.add_server_key(host_key) # start the server interface negotiation_ev = threading.Event() transport.start_server(negotiation_ev, SSHServer(self.sock_addr)) while not negotiation_ev.isSet(): negotiation_ev.wait(0.5) if not transport.is_active(): log.error("SIPC: SSH negotiation failed") raise 'SSH negotiation failed' sock = transport.accept(5) self.real_sock = real_sock self.transport = transport return sock, address
def do_shell_session(self): site = self.args[0] if not self.authorize(site, need_login=True): self.chan.send(chanfmt(_(u"ERROR: %s does not exist in " "your scope\n") % site)) return False kind = self.get_ns_tag('site', 'kind', '') if not kind == 'telnet': return Server.do_shell_session(self) else: site = self.args.pop(0) if not self.check_acl('telnet_session'): self.chan.send(chanfmt("ERROR: You are not allowed to" " open a telnet session on %s" "\n" % site)) return False self.update_ns('client', { 'type': 'telnet_session' }) log.info("Connecting to %s (telnet)", site) conn = TelnetProxy(self.chan, self.connect_telnet(), self.monitor) try: self.exit_status = conn.loop() except KeyboardInterrupt: return True except Exception, e: self.chan.send("\r\n ERROR: It seems you found a bug." "\r\n Please report this error " "to your administrator.\r\n" "Exception class: <%s>\r\n\r\n" % e.__class__.__name__) log.exception("An unknown exception occured") raise
def __patch_it__(): import paramiko.common from sshproxy import log if paramiko.__version_info__ >= (1, 7, 2): return import p_paramiko_osrandom randpool = p_paramiko_osrandom.OSRandomPool() impacted_modules = [ 'common', 'dsskey', 'hostkeys', 'packet', 'pkey', 'rsakey', 'transport', # the following modules do not seem to use the # randpool object, although they import it from common # so let's patch them too, just in case 'auth_handler', 'channel', 'client', 'kex_gex', 'kex_group1', 'server', 'sftp', 'sftp_attr', 'sftp_file', 'sftp_handle', 'sftp_server', 'sftp_si', 'util', ] for name in impacted_modules: modname = 'paramiko.%s' % name module = __import__(modname, fromlist=[name]) module.randpool = randpool paramiko.randpool = randpool if 'Crypto.Util.randpool.' not in repr(paramiko.common.randpool): log.info("Runtime patch to paramiko random generator applied")
def _sock_connect(self, real_sock, sock_addr): if self.sock_type == socket.AF_UNIX and self.sock_addr[0] == '\x00': return IPCClient._sock_connect(self, real_sock, sock_addr) real_sock.connect(sock_addr) log.info("IPC: Connecting to secure server %s", sock_addr) transport = paramiko.Transport(real_sock) ev = threading.Event() transport.start_client(ev) while not ev.isSet(): ev.wait(0.5) if not transport.is_active(): log.error("SIPC: SSH negotiation failed") raise 'SSH negotiation failed' ev = threading.Event() key_file = get_config("sipc").get("key_file") if not os.path.isfile(key_file): key_file = get_config("sshproxy").get("hostkey_file") key = paramiko.DSSKey(filename=key_file) transport.auth_publickey('sshproxy-IPC', key, ev) while not ev.isSet(): ev.wait(0.5) if not transport.is_authenticated(): log.error("SIPC: SSH authentication failed") raise 'SSH authentication failed' sock = transport.open_channel('sshproxy-IPC') self.real_sock = real_sock self.transport = transport return sock
def do_shell_session(self): site = self.args[0] if not self.authorize(site, need_login=True): self.chan.send( chanfmt( _(u"ERROR: %s does not exist in " "your scope\n") % site)) return False kind = self.get_ns_tag('site', 'kind', '') if not kind == 'telnet': return Server.do_shell_session(self) else: site = self.args.pop(0) if not self.check_acl('telnet_session'): self.chan.send( chanfmt("ERROR: You are not allowed to" " open a telnet session on %s" "\n" % site)) return False self.update_ns('client', {'type': 'telnet_session'}) log.info("Connecting to %s (telnet)", site) conn = TelnetProxy(self.chan, self.connect_telnet(), self.monitor) try: self.exit_status = conn.loop() except KeyboardInterrupt: return True except Exception, e: self.chan.send("\r\n ERROR: It seems you found a bug." "\r\n Please report this error " "to your administrator.\r\n" "Exception class: <%s>\r\n\r\n" % e.__class__.__name__) log.exception("An unknown exception occured") raise