def password_handler(spawn, context, session, reuse_current_credential=False): """ handles password prompt """ if session.get('bmc_login') == 1: credential = BMC_CRED # BMC login automatically uses a specific named credential and doesn't # use credentials from the login_creds list. reuse_current_credential = True else: credential = get_current_credential(context=context, session=session) if credential: common_cred_password_handler( spawn=spawn, context=context, credential=credential, session=session, reuse_current_credential=reuse_current_credential) else: spawn_command = spawn.spawn_command spawn_command_list = spawn_command.split() protocol = spawn_command_list[0] if session.get('enable_login') == 1: spawn.sendline(context['enable_password']) elif session.get('bmc_login') == 1: spawn.sendline(context['bmc_password']) else: spawn.sendline(context['xr_password']) # if this password fails, try with tacacs password session['tacacs_login'] = 1
def incorrect_login_handler(spawn, context, session): # In nxos device if the first attempt password prompt occur before # username prompt, it will get Login incorrect error. # Reset the cred_iter to try again if 'incorrect_login_attempts' not in session: session.pop('cred_iter', None) credential = get_current_credential(context=context, session=session) if credential and 'incorrect_login_attempts' in session: # If credentials have been supplied, there are no login retries. # The user must supply appropriate credentials to ensure login # does not fail. Skip it for the first attempt raise UniconAuthenticationError( 'Login failure, either wrong username or password') else: if 'incorrect_login_attempts' not in session: session['incorrect_login_attempts'] = 1 # Let's give a chance for unicon to login with right credentials # let's give three attempts if session['incorrect_login_attempts'] <= 3: session['incorrect_login_attempts'] = \ session['incorrect_login_attempts'] + 1 else: raise UniconAuthenticationError( 'Login failure, either wrong username or password')
def password_handler(spawn, context, session): """ handles password prompt """ credential = get_current_credential(context=context, session=session) if credential: common_cred_password_handler( spawn=spawn, context=context, credential=credential, session=session) else: if 'password_attempts' not in session: session['password_attempts'] = 1 else: session['password_attempts'] += 1 if session.password_attempts > spawn.settings.PASSWORD_ATTEMPTS: raise UniconAuthenticationError('Too many password retries') if context.get('username', '') == spawn.last_sent.rstrip() or ssh_tacacs_handler(spawn, context): spawn.sendline(context['tacacs_password']) else: spawn.sendline(context['line_password']) cred_actions = context.get('cred_action', {}).get(credential, {}) if cred_actions: post_action = cred_actions.get('post', '') action = re.match(r'(send|sendline)\((.*)\)', post_action) if action: method = action.group(1) args = action.group(2) spawn.log.info('Executing post credential command: {}'.format(post_action)) getattr(spawn, method)(args) elif credential and getattr(spawn.settings, 'SENDLINE_AFTER_CRED', None) == credential: spawn.log.info("Sending return after credential '{}'".format(credential)) spawn.sendline()
def line_password_handler(spawn, context, session): credential = get_current_credential(context=context, session=session) if credential: common_cred_password_handler( spawn=spawn, context=context, credential=credential, session=session) else: spawn.sendline(context['line_password'])
def username_handler(spawn, context, session): credential = get_current_credential(context=context, session=session) if credential: common_cred_username_handler(spawn=spawn, context=context, credential=credential) else: spawn.sendline(context['username'])
def passphrase_handler(spawn, context, session): """ Handles SSH passphrase prompt """ credential = get_current_credential(context=context, session=session) try: spawn.sendline(to_plaintext( context['credentials'][credential]['passphrase'])) except KeyError: raise UniconAuthenticationError("No passphrase found " "for credential {}.".format(credential))
def login_handler(spawn, context, session): """ handles login prompt """ credential = get_current_credential(context=context, session=session) if credential: common_cred_username_handler( spawn=spawn, context=context, credential=credential) else: spawn.sendline(context['username']) session['tacacs_login'] = 1
def admin_password_handler(spawn, context, session): """ handles admin password prompt """ credential = get_current_credential(context=context, session=session) if credential: common_cred_password_handler( spawn=spawn, context=context, credential=credential, session=session, reuse_current_credential=True) else: spawn.sendline(context['tacacs_password'])
def send_admin_password(spawn, context, session): credential = get_current_credential(context=context, session=session) if credential: common_cred_password_handler( spawn=spawn, context=context, credential=credential, session=session, reuse_current_credential=True) else: if context.get('tacacs_login') == 1: spawn.sendline(context['tacacs_password']) session['tacacs_login'] = 0 else: spawn.sendline(context['enable_password'])
def password_handler(spawn, context, session): """ handles password prompt """ credential = get_current_credential(context=context, session=session) if credential: common_cred_password_handler( spawn=spawn, context=context, credential=credential, session=session) else: if session.get('tacacs_login') == 1: spawn.sendline(context['tacacs_password']) session['tacacs_login'] = 0 else: spawn.sendline(context['enable_password'])
def login_handler(spawn, context, session): """ handles login prompt """ credential = get_current_credential(context=context, session=session) if credential: common_cred_username_handler( spawn=spawn, context=context, credential=credential) else: if context.get('tacacs_username'): spawn.sendline(context['tacacs_username']) elif context.get('username'): spawn.sendline(context['username']) else: raise SubCommandFailure("There is no information available about " "username/tacacs_username") session['tacacs_login'] = 1
def incorrect_login_handler(spawn, context, session): credential = get_current_credential(context=context, session=session) if credential: # If credentials have been supplied, there are no login retries. # The user must supply appropriate credentials to ensure login # does not fail. raise UniconAuthenticationError( 'Login failure, either wrong username or password') else: if 'incorrect_login_attempts' not in session: session['incorrect_login_attempts'] = 1 # Let's give a change for unicon to login with right credentials # let's give three attempts if session['incorrect_login_attempts'] <= 3: session['incorrect_login_attempts'] = \ session['incorrect_login_attempts'] + 1 else: raise UniconAuthenticationError( 'Login failure, either wrong username or password')
def password_handler(spawn, context, session): """ handles password prompt """ credential = get_current_credential(context=context, session=session) if credential: common_cred_password_handler( spawn=spawn, context=context, credential=credential, session=session) else: if 'password_attempts' not in session: session['password_attempts'] = 1 else: session['password_attempts'] += 1 if session.password_attempts > spawn.settings.PASSWORD_ATTEMPTS: raise UniconAuthenticationError('Too many password retries') if context['username'] == spawn.last_sent.rstrip() or \ ssh_tacacs_handler(spawn, context): spawn.sendline(context['tacacs_password']) else: spawn.sendline(context['line_password'])