def do_remote_execution(self):
site = self.args.pop(0)
if not self.authorize(site, need_login=True):
self.chan.send(chanfmt(_(u"ERROR: %s does not exist in "
"your scope\n") % site))
return False
self.update_ns('proxy', {'cmdline': (' '.join(self.args)).strip()})
if not self.check_acl('remote_exec'):
self.chan.send(chanfmt(_(u"ERROR: You are not allowed to"
" exec that command on %s"
"\n") % site))
return False
self.update_ns('client', {
'type': 'remote_exec',
})
conn = proxy.ProxyCmd(self.chan, self.connect_site(), self.monitor)
try:
self.exit_status = conn.loop()
except AuthenticationException, msg:
self.chan.send(_(u"\r\n ERROR: %s.") % msg +
_(u"\r\n Please report this error "
"to your administrator.\r\n\r\n"))
self.report_failure("site_authentication_error", msg)
return False
def do_shell_session(self):
site = self.args.pop(0)
if not self.authorize(site, need_login=True):
self.chan.send(chanfmt(_(u"ERROR: %s does not exist in "
"your scope\n") % site))
return False
if not self.check_acl('shell_session'):
self.chan.send(chanfmt(_(u"ERROR: You are not allowed to"
" open a shell session on %s"
"\n") % site))
return False
self.update_ns('client', {
'type': 'shell_session'
})
log.info("Connecting to %s", site)
conn = proxy.ProxyShell(self.chan, self.connect_site(), self.monitor)
try:
self.exit_status = conn.loop()
except AuthenticationException, msg:
self.chan.send(_(u"\r\n ERROR: %s.") % msg +
_(u"\r\n Please report this error "
"to your administrator.\r\n\r\n"))
self.report_failure("site_authentication_error", msg)
return False
def opt_admin(self, options, *args):
if not len(args):
self.chan.send(chanfmt(_(u'Missing argument, try --admin help '
'to get a list of commands.\n')))
return
resp = self.dispatcher.console('%s' % ' '.join(args)) or ''
self.chan.send(chanfmt(resp+'\n'))
def start(self):
# start transport for the client
self.transport = paramiko.Transport(self.client)
self.transport.set_log_channel("paramiko")
# debug !!
#self.transport.set_hexdump(1)
try:
self.transport.load_server_moduli()
except:
raise
self.transport.add_server_key(self.host_key)
# start the server interface
negotiation_ev = threading.Event()
self.init_subsystems()
self.transport.start_server(negotiation_ev, self)
while not negotiation_ev.isSet():
negotiation_ev.wait(0.5)
if not self.transport.is_active():
raise 'SSH negotiation failed'
chan = self.transport.accept(60)
if chan is None:
log.error('cannot open the channel. '
'Check the transport object. Exiting..')
return
log.info('Authenticated %s', self.username)
self.event.wait(15)
if not self.event.isSet():
log.error('client never asked for a shell or a command.'
' Exiting.')
sys.exit(1)
self.set_channel(chan)
namespace = self.monitor.call('get_namespace')
self.dispatcher = Dispatcher(self.monitor, namespace)
try:
try:
# this is the entry point after initialization have been done
self.do_work()
# after this point, client is disconnected
except SSHProxyError, msg:
log.exception(msg)
chan.send(chanfmt(str(msg)+'\n'))
except Exception, msg:
log.exception("An error occured: %s" % msg)
chan.send(chanfmt(_(u"An error occured: %s\n") % msg))
def do_scp(self):
args = []
argv = self.args[1:]
while True:
if argv[0][0] == '-':
args.append(argv.pop(0))
continue
break
site, path = argv[0].split(':', 1)
if not self.authorize(site, need_login=True):
self.chan.send(chanfmt(_(u"ERROR: %s does not exist "
"in your scope\n") % site))
return False
if '-t' in args:
upload = True
scpdir = 'upload'
else:
upload = False
scpdir = 'download'
self.update_ns('proxy', {
'scp_dir': scpdir,
'scp_path': path or '.',
'scp_args': ' '.join(args)
})
# check ACL for the given direction, then if failed, check general ACL
if not ((self.check_acl('scp_' + scpdir)) or
self.check_acl('scp_transfer')):
self.chan.send(chanfmt(_(u"ERROR: You are not allowed to"
" do scp file transfert in this"
" directory or direction on %s\n") % site))
return False
self.update_ns('client', {
'type': 'scp_%s' % scpdir,
})
conn = proxy.ProxyScp(self.chan, self.connect_site(), self.monitor)
try:
self.exit_status = conn.loop()
except AuthenticationException, msg:
self.chan.send("\r\n ERROR: %s." % msg +
"\r\n Please report this error "
"to your administrator.\r\n\r\n")
self.report_failure("site_authentication_error", msg)
return False
def print_help(self, file=None):
"""print_help(file : file = stdout)
Print an extended help message, listing all options and any
help text provided with them, to 'file' (default stdout).
"""
self.chan.send(chanfmt(_(self.format_help())))
def chan_send(self, s):
chan = self.chan
s = chanfmt(s)
sz = len(s)
while sz:
sent = chan.send(s)
if sent:
s = s[sent:]
sz = sz - sent
def do_console(self):
if not self.check_acl('console_session'):
self.chan.send(chanfmt(_(u"ERROR: You are not allowed to"
" open a console session.\n")))
return False
self.monitor.call('update_ns', 'client', {'type': 'console'})
if hasattr(self, 'term'):
return self.dispatcher.console()
else:
return self.console_no_pty()
def queue_message(self, msg=None):
chan = getattr(self, 'chan', None)
if not hasattr(self, 'qmsg'):
self.qmsg = []
if msg is not None:
self.qmsg.append(msg)
if not chan:
return
while len(self.qmsg):
chan.send(chanfmt(self.qmsg.pop(0)))
def print_version(self, file=None):
"""print_version(file : file = stdout)
Print the version message for this program (self.version) to
'file' (default stdout). As with print_usage(), any occurence
of "%prog" in self.version is replaced by the current program's
name. Does nothing if self.version is empty or undefined.
"""
if self.version:
self.chan.send(chanfmt(self.get_version()))
def print_usage(self, file=None):
"""print_usage(file : file = stdout)
Print the usage message for the current program (self.usage) to
'file' (default stdout). Any occurence of the string "%prog" in
self.usage is replaced with the name of the current program
(basename of sys.argv[0]). Does nothing if self.usage is empty
or not defined.
"""
if self.usage:
self.chan.send(chanfmt(self.get_usage()))
def opt_get_pubkey(self, options, *args):
result = []
for site in args:
spubkey = util.get_site_pubkey(site)
if spubkey is None:
result.append(_(u"%s: No privkey tag found") % site)
continue
if len(spubkey):
result.append('%s: %s' % (site, ' '.join(spubkey)))
else:
result.append(_(u"%s: No privkey found") % site)
if not result:
result.append(_(u'Please give at least a site.'))
self.chan.send(chanfmt('\n'.join(result)+'\n'))
def ipc_announce(self, msg):
self.client_chan.send(util.chanfmt(msg))
def exit(self, status=0, msg=None):
if msg:
self.chan.send(chanfmt(msg))
raise 'EXIT'
def ipc_announce(self, msg):
self.client_chan.send(util.chanfmt(msg))