def password_handler(spawn, context, session, reuse_current_credential=False):
""" handles password prompt
"""
if session.get('bmc_login') == 1:
credential = BMC_CRED
# BMC login automatically uses a specific named credential and doesn't
# use credentials from the login_creds list.
reuse_current_credential = True
else:
credential = get_current_credential(context=context, session=session)
if credential:
common_cred_password_handler(
spawn=spawn, context=context, credential=credential,
session=session, reuse_current_credential=reuse_current_credential)
else:
spawn_command = spawn.spawn_command
spawn_command_list = spawn_command.split()
protocol = spawn_command_list[0]
if session.get('enable_login') == 1:
spawn.sendline(context['enable_password'])
elif session.get('bmc_login') == 1:
spawn.sendline(context['bmc_password'])
else:
spawn.sendline(context['xr_password'])
# if this password fails, try with tacacs password
session['tacacs_login'] = 1
def incorrect_login_handler(spawn, context, session):
# In nxos device if the first attempt password prompt occur before
# username prompt, it will get Login incorrect error.
# Reset the cred_iter to try again
if 'incorrect_login_attempts' not in session:
session.pop('cred_iter', None)
credential = get_current_credential(context=context, session=session)
if credential and 'incorrect_login_attempts' in session:
# If credentials have been supplied, there are no login retries.
# The user must supply appropriate credentials to ensure login
# does not fail. Skip it for the first attempt
raise UniconAuthenticationError(
'Login failure, either wrong username or password')
else:
if 'incorrect_login_attempts' not in session:
session['incorrect_login_attempts'] = 1
# Let's give a chance for unicon to login with right credentials
# let's give three attempts
if session['incorrect_login_attempts'] <= 3:
session['incorrect_login_attempts'] = \
session['incorrect_login_attempts'] + 1
else:
raise UniconAuthenticationError(
'Login failure, either wrong username or password')
def password_handler(spawn, context, session):
""" handles password prompt
"""
credential = get_current_credential(context=context, session=session)
if credential:
common_cred_password_handler(
spawn=spawn, context=context, credential=credential,
session=session)
else:
if 'password_attempts' not in session:
session['password_attempts'] = 1
else:
session['password_attempts'] += 1
if session.password_attempts > spawn.settings.PASSWORD_ATTEMPTS:
raise UniconAuthenticationError('Too many password retries')
if context.get('username', '') == spawn.last_sent.rstrip() or ssh_tacacs_handler(spawn, context):
spawn.sendline(context['tacacs_password'])
else:
spawn.sendline(context['line_password'])
cred_actions = context.get('cred_action', {}).get(credential, {})
if cred_actions:
post_action = cred_actions.get('post', '')
action = re.match(r'(send|sendline)\((.*)\)', post_action)
if action:
method = action.group(1)
args = action.group(2)
spawn.log.info('Executing post credential command: {}'.format(post_action))
getattr(spawn, method)(args)
elif credential and getattr(spawn.settings, 'SENDLINE_AFTER_CRED', None) == credential:
spawn.log.info("Sending return after credential '{}'".format(credential))
spawn.sendline()
def line_password_handler(spawn, context, session):
credential = get_current_credential(context=context, session=session)
if credential:
common_cred_password_handler(
spawn=spawn, context=context, credential=credential,
session=session)
else:
spawn.sendline(context['line_password'])
def username_handler(spawn, context, session):
credential = get_current_credential(context=context, session=session)
if credential:
common_cred_username_handler(spawn=spawn,
context=context,
credential=credential)
else:
spawn.sendline(context['username'])
def passphrase_handler(spawn, context, session):
""" Handles SSH passphrase prompt """
credential = get_current_credential(context=context, session=session)
try:
spawn.sendline(to_plaintext(
context['credentials'][credential]['passphrase']))
except KeyError:
raise UniconAuthenticationError("No passphrase found "
"for credential {}.".format(credential))
def login_handler(spawn, context, session):
""" handles login prompt
"""
credential = get_current_credential(context=context, session=session)
if credential:
common_cred_username_handler(
spawn=spawn, context=context, credential=credential)
else:
spawn.sendline(context['username'])
session['tacacs_login'] = 1
def admin_password_handler(spawn, context, session):
""" handles admin password prompt
"""
credential = get_current_credential(context=context, session=session)
if credential:
common_cred_password_handler(
spawn=spawn, context=context, credential=credential,
session=session, reuse_current_credential=True)
else:
spawn.sendline(context['tacacs_password'])
def send_admin_password(spawn, context, session):
credential = get_current_credential(context=context, session=session)
if credential:
common_cred_password_handler(
spawn=spawn, context=context, credential=credential,
session=session, reuse_current_credential=True)
else:
if context.get('tacacs_login') == 1:
spawn.sendline(context['tacacs_password'])
session['tacacs_login'] = 0
else:
spawn.sendline(context['enable_password'])
def password_handler(spawn, context, session):
""" handles password prompt
"""
credential = get_current_credential(context=context, session=session)
if credential:
common_cred_password_handler(
spawn=spawn, context=context, credential=credential,
session=session)
else:
if session.get('tacacs_login') == 1:
spawn.sendline(context['tacacs_password'])
session['tacacs_login'] = 0
else:
spawn.sendline(context['enable_password'])
def login_handler(spawn, context, session):
""" handles login prompt
"""
credential = get_current_credential(context=context, session=session)
if credential:
common_cred_username_handler(
spawn=spawn, context=context, credential=credential)
else:
if context.get('tacacs_username'):
spawn.sendline(context['tacacs_username'])
elif context.get('username'):
spawn.sendline(context['username'])
else:
raise SubCommandFailure("There is no information available about "
"username/tacacs_username")
session['tacacs_login'] = 1
def incorrect_login_handler(spawn, context, session):
credential = get_current_credential(context=context, session=session)
if credential:
# If credentials have been supplied, there are no login retries.
# The user must supply appropriate credentials to ensure login
# does not fail.
raise UniconAuthenticationError(
'Login failure, either wrong username or password')
else:
if 'incorrect_login_attempts' not in session:
session['incorrect_login_attempts'] = 1
# Let's give a change for unicon to login with right credentials
# let's give three attempts
if session['incorrect_login_attempts'] <= 3:
session['incorrect_login_attempts'] = \
session['incorrect_login_attempts'] + 1
else:
raise UniconAuthenticationError(
'Login failure, either wrong username or password')
def password_handler(spawn, context, session):
""" handles password prompt
"""
credential = get_current_credential(context=context, session=session)
if credential:
common_cred_password_handler(
spawn=spawn, context=context, credential=credential,
session=session)
else:
if 'password_attempts' not in session:
session['password_attempts'] = 1
else:
session['password_attempts'] += 1
if session.password_attempts > spawn.settings.PASSWORD_ATTEMPTS:
raise UniconAuthenticationError('Too many password retries')
if context['username'] == spawn.last_sent.rstrip() or \
ssh_tacacs_handler(spawn, context):
spawn.sendline(context['tacacs_password'])
else:
spawn.sendline(context['line_password'])
