def check_account_noverify(self, username):
""" Return success/fail for system-enabled accounts.
For some usernames, such as 'new' or 'anonymous', a correct
password or public key is not required -- any will do. We return
True if ``username`` is one of these configurable account names
and if it is enabled.
This method has two side effects, it may set the instance
attribute ``new_user`` or ``anonymous`` to True if it is enabled
by configuration and the username is of their matching handles.
"""
if check_new_user(username):
# if allowed, allow new@, etc. to apply for an account.
self.new = True
self.log.debug('accepted without authentication, {0!r}: '
'it is an alias for new user application.'
.format(username))
return True
elif check_bye_user(username):
# not allowed to login using bye@, logoff@, etc.
self.log.debug('denied user, {0!r}: it is an alias for logoff'
.format(username))
return False
elif check_anonymous_user(username):
# if enabled, allow ssh anonymous@, root@, etc.
self.log.debug('anonymous user, {0!r} accepted by configuration.'
.format(username))
self.anonymous = True
return True
return False
def check_account_noverify(self, username):
""" Return success/fail for system-enabled accounts.
For some usernames, such as 'new' or 'anonymous', a correct
password or public key is not required -- any will do. We return
True if ``username`` is one of these configurable account names
and if it is enabled.
This method has two side effects, it may set the instance
attribute ``new_user`` or ``anonymous`` to True if it is enabled
by configuration and the username is of their matching handles.
"""
if check_new_user(username):
# if allowed, allow new@, etc. to apply for an account.
self.new = True
self.log.debug('accepted without authentication, {0!r}: '
'it is an alias for new user application.'
.format(username))
return True
elif check_bye_user(username):
# not allowed to login using bye@, logoff@, etc.
self.log.debug('denied user, {0!r}: it is an alias for logoff'
.format(username))
return False
elif check_anonymous_user(username):
# if enabled, allow ssh anonymous@, root@, etc.
self.log.debug('anonymous user, {0!r} accepted by configuration.'
.format(username))
self.anonymous = True
return True
return False
def run(self):
"""
Perform rfc1282 (rlogin) connection establishment.
Determine terminal type, telnet options, window size,
and tcp socket options before spawning a new session.
"""
try:
self._set_socket_opts()
self.banner()
# Receive on-connect data-value pairs, may raise ValueError.
data = self.get_connect_data()
# parse into dict,
parsed = self.parse_connect_data(data)
for key, value in parsed.items():
if value:
self.log.debug('{client.addrport}: {key}={value}'
.format(client=self.client,
key=key, value=value))
# and apply to session-local self.client.env.
self.apply_environment(parsed)
# The server returns a zero byte to indicate that it has received
# these strings and is now in data transfer mode.
if self.client.is_active():
self.client.send_str(bytes('\x00'))
# The remote server indicates to the client that it can accept
# window size change information by requesting a window size
# message (as out of band data) just after connection
# establishment and user identification exchange. The client
# should reply to this request with the current window size.
#
# Disabled: neither SyncTERM or BSD rlogin honors this, and
# we haven't got any code to parse it. Its in the RFC but ..
self.client.send_urgent_str(bytes('\x80'))
matrix_kwargs = {}
username = parsed.get('server-user-name', 'new')
if check_new_user(username):
# new@ login may be allowed
matrix_kwargs['new'] = True
if check_bye_user(username):
# rlogin as 'bye', 'logoff', etc. not allowed
raise ValueError('Bye user {0!r} used by rlogin'
.format(username))
if check_anonymous_user(username):
# anonymous@ login may be allowed
matrix_kwargs['anonymous'] = True
if self.client.is_active():
return spawn_client_session(client=self.client,
matrix_kwargs=matrix_kwargs)
except socket.error as err:
self.log.debug('{client.addrport}: connection closed: {err}'
.format(client=self.client, err=err))
except EOFError:
self.log.debug('{client.addrport}: EOF from client'
.format(client=self.client))
except Exception as err:
self.log.debug('{client.addrport}: connection closed: {err}'
.format(client=self.client, err=err))
finally:
self.stopped = True
self.client.deactivate()
def run(self):
"""
Perform rfc1282 (rlogin) connection establishment.
Determine terminal type, telnet options, window size,
and tcp socket options before spawning a new session.
"""
try:
self._set_socket_opts()
self.banner()
# Receive on-connect data-value pairs, may raise ValueError.
data = self.get_connect_data()
# parse into dict,
parsed = self.parse_connect_data(data)
for key, value in parsed.items():
if value:
self.log.debug('{client.addrport}: {key}={value}'.format(
client=self.client, key=key, value=value))
# and apply to session-local self.client.env.
self.apply_environment(parsed)
# The server returns a zero byte to indicate that it has received
# these strings and is now in data transfer mode.
if self.client.is_active():
self.client.send_str(bytes('\x00'))
# The remote server indicates to the client that it can accept
# window size change information by requesting a window size
# message (as out of band data) just after connection
# establishment and user identification exchange. The client
# should reply to this request with the current window size.
#
# Disabled: neither SyncTERM or BSD rlogin honors this, and
# we haven't got any code to parse it. Its in the RFC but ..
self.client.send_urgent_str(bytes('\x80'))
matrix_kwargs = {}
username = parsed.get('server-user-name', 'new')
if check_new_user(username):
# new@ login may be allowed
matrix_kwargs['new'] = True
if check_bye_user(username):
# rlogin as 'bye', 'logoff', etc. not allowed
raise ValueError(
'Bye user {0!r} used by rlogin'.format(username))
if check_anonymous_user(username):
# anonymous@ login may be allowed
matrix_kwargs['anonymous'] = True
if self.client.is_active():
return spawn_client_session(client=self.client,
matrix_kwargs=matrix_kwargs)
except socket.error as err:
self.log.debug(
'{client.addrport}: connection closed: {err}'.format(
client=self.client, err=err))
except EOFError:
self.log.debug('{client.addrport}: EOF from client'.format(
client=self.client))
except Exception as err:
self.log.debug(
'{client.addrport}: connection closed: {err}'.format(
client=self.client, err=err))
finally:
self.stopped = True
self.client.deactivate()
