def open(self, user, path):
self.fd = None
self.closed = False
if self.request.headers['Origin'] not in (
'http://%s' % self.request.headers['Host'],
'https://%s' % self.request.headers['Host']):
self.log.warning(
'Unauthorized connection attempt: from : %s to: %s' % (
self.request.headers['Origin'],
self.request.headers['Host']))
self.close()
return
self.socket = utils.Socket(self.ws_connection.stream.socket)
self.set_nodelay(True)
self.log.info('Websocket opened %r' % self.socket)
self.path = path
self.user = user if user else None
self.caller = self.callee = None
# If local we have the user connecting
if self.socket.local and self.socket.user is not None:
self.caller = self.socket.user
if tornado.options.options.unsecure:
if self.user:
try:
self.callee = utils.User(name=self.user)
except LookupError:
self.log.debug(
"Can't switch to user %s" % self.user, exc_info=True)
self.callee = None
# If no user where given and we are local, keep the same user
# as the one who opened the socket
# ie: the one openning a terminal in borwser
if not self.callee and not self.user and self.socket.local:
self.callee = self.caller
else:
user = utils.parse_cert(self.stream.socket.getpeercert())
assert user, 'No user in certificate'
self.user = user
try:
self.callee = utils.User(name=self.user)
except LookupError:
raise Exception('Invalid user in certificate')
TermWebSocket.terminals.add(self)
motd = (self.render_string(
tornado.options.options.motd,
butterfly=self,
version=__version__,
opts=tornado.options.options,
colors=utils.ansi_colors)
.decode('utf-8')
.replace('\r', '')
.replace('\n', '\r\n'))
self.write_message(motd)
self.pty()
def create_terminal(self):
socket = utils.Socket(self.ws_connection.stream.socket)
user = self.request.query_arguments.get('user',
[b''])[0].decode('utf-8')
path = self.request.query_arguments.get('path',
[b''])[0].decode('utf-8')
secure_user = None
if tornado.options.options.username is not None:
user = utils.User(name=user)
elif not tornado.options.options.unsecure:
user = utils.parse_cert(
self.ws_connection.stream.socket.getpeercert())
assert user, 'No user in certificate'
try:
user = utils.User(name=user)
except LookupError:
raise Exception('Invalid user in certificate')
# Certificate authed user
secure_user = user
elif socket.local and socket.user == utils.User() and not user:
# Local to local returning browser user
secure_user = socket.user
elif user:
try:
user = utils.User(name=user)
except LookupError:
raise Exception('Invalid user')
if secure_user:
user = secure_user
if self.session in self.sessions and self.session in (
self.sessions_secure_users):
if user.name != self.sessions_secure_users[self.session]:
# Restrict to authorized users
raise tornado.web.HTTPError(403)
else:
self.sessions_secure_users[self.session] = user.name
self.sessions[self.session].append(self)
terminal = Terminal.sessions.get(self.session)
# Handling terminal session
if terminal:
TermWebSocket.last.write_message(terminal.history)
# And returning, we don't want another terminal
return
# New session, opening terminal
terminal = Terminal(user, path, self.session, socket,
self.request.full_url().replace('/ctl/', '/'),
self.render_string, TermWebSocket.broadcast)
terminal.pty()
self.log.info('Openning session %s for secure user %r' %
(self.session, user))
def open(self, user, path):
self.fd = None
self.closed = False
if self.request.headers['Origin'] not in (
'http://%s' % self.request.headers['Host'],
'https://%s' % self.request.headers['Host']):
self.log.warning(
'Unauthorized connection attempt: from : %s to: %s' %
(self.request.headers['Origin'], self.request.headers['Host']))
self.close()
return
self.socket = utils.Socket(self.ws_connection.stream.socket)
self.set_nodelay(True)
self.log.info('Websocket opened %r' % self.socket)
self.path = path
self.user = user if user else None
self.caller = self.callee = None
# If local we have the user connecting
if self.socket.local and self.socket.user is not None:
self.caller = self.socket.user
if tornado.options.options.unsecure:
if self.user:
try:
self.callee = utils.User(name=self.user)
except LookupError:
self.log.debug("Can't switch to user %s" % self.user,
exc_info=True)
self.callee = None
# If no user where given and we are local, keep the same user
# as the one who opened the socket
# ie: the one openning a terminal in borwser
if not self.callee and not self.user and self.socket.local:
self.callee = self.caller
else:
user = utils.parse_cert(self.stream.socket.getpeercert())
assert user, 'No user in certificate'
self.user = user
try:
self.callee = utils.User(name=self.user)
except LookupError:
raise Exception('Invalid user in certificate')
TermWebSocket.terminals.add(self)
if tornado.options.options.motd != '':
motd = (self.render_string(
tornado.options.options.motd,
butterfly=self,
version=__version__,
opts=tornado.options.options,
colors=utils.ansi_colors).decode('utf-8').replace(
'\r', '').replace('\n', '\r\n'))
self.write_message(motd)
self.pty()
def create_terminal(self):
socket = utils.Socket(self.ws_connection.stream.socket)
user = self.request.query_arguments.get(
'user', [b''])[0].decode('utf-8')
path = self.request.query_arguments.get(
'path', [b''])[0].decode('utf-8')
secure_user = None
if not tornado.options.options.unsecure:
user = utils.parse_cert(
self.ws_connection.stream.socket.getpeercert())
assert user, 'No user in certificate'
try:
user = utils.User(name=user)
except LookupError:
raise Exception('Invalid user in certificate')
# Certificate authed user
secure_user = user
elif socket.local and socket.user == utils.User() and not user:
# Local to local returning browser user
secure_user = socket.user
elif user:
try:
user = utils.User(name=user)
except LookupError:
raise Exception('Invalid user')
if secure_user:
user = secure_user
if self.session in self.sessions and self.session in (
self.sessions_secure_users):
if user.name != self.sessions_secure_users[self.session]:
# Restrict to authorized users
raise tornado.web.HTTPError(403)
else:
self.sessions_secure_users[self.session] = user.name
self.sessions[self.session].append(self)
terminal = Terminal.sessions.get(self.session)
# Handling terminal session
if terminal:
TermWebSocket.last.write_message(terminal.history)
# And returning, we don't want another terminal
return
# New session, opening terminal
terminal = Terminal(
user, path, self.session, socket,
self.request.full_url().replace('/ctl/', '/'), self.render_string,
TermWebSocket.broadcast)
terminal.pty()
self.log.info('Openning session %s for secure user %r' % (
self.session, user))
def get(self):
if tornado.options.options.unsecure:
raise tornado.web.HTTPError(403)
cert = self.request.get_ssl_certificate()
user = utils.parse_cert(cert)
if not user:
raise tornado.web.HTTPError(403)
self.set_header('Content-Type', 'application/json')
self.write(tornado.escape.json_encode({
'sessions': sorted(
TermWebSocket.sessions),
'user': user
}))
def get(self):
if tornado.options.options.unsecure:
raise tornado.web.HTTPError(403)
cert = self.request.get_ssl_certificate()
user = utils.parse_cert(cert)
if not user:
raise tornado.web.HTTPError(403)
self.set_header('Content-Type', 'application/json')
self.write(tornado.escape.json_encode({
'sessions': sorted(
TermWebSocket.sessions.get(user, [])),
'user': user
}))
def open(self, user, path):
if self.request.headers['Origin'] != 'http%s://%s' % (
"s" if not tornado.options.options.unsecure else "",
self.request.headers['Host']):
self.log.warning(
'Unauthorized connection attempt: from : %s to: %s' % (
self.request.headers['Origin'],
self.request.headers['Host']))
self.close()
return
self.socket = utils.Socket(self.ws_connection.stream.socket)
self.set_nodelay(True)
self.log.info('Websocket opened %r' % self.socket)
self.path = path
self.user = user.decode('utf-8') if user else None
self.caller = self.callee = None
# If local we have the user connecting
if self.socket.local and self.socket.user is not None:
self.caller = self.socket.user
if tornado.options.options.unsecure:
if self.user:
try:
self.callee = utils.User(name=self.user)
except LookupError:
self.callee = None
# If no user where given and we are local, keep the same user
# as the one who opened the socket
# ie: the one openning a terminal in borwser
if not self.callee and not self.user and self.socket.local:
self.callee = self.caller
else:
user = utils.parse_cert(self.request.get_ssl_certificate())
assert user, 'No user in certificate'
self.user = user
try:
self.callee = utils.User(name=self.user)
except LookupError:
raise Exception('Invalid user in certificate')
self.write_message(motd(self.socket))
self.pty()
def open(self, user, path):
if self.request.headers['Origin'] != 'http%s://%s' % (
"s" if not tornado.options.options.unsecure else "",
self.request.headers['Host']):
self.log.warning(
'Unauthorized connection attempt: from : %s to: %s' %
(self.request.headers['Origin'], self.request.headers['Host']))
self.close()
return
self.socket = utils.Socket(self.ws_connection.stream.socket)
self.set_nodelay(True)
self.log.info('Websocket opened %r' % self.socket)
self.path = path
self.user = user.decode('utf-8') if user else None
self.caller = self.callee = None
# If local we have the user connecting
if self.socket.local and self.socket.user is not None:
self.caller = self.socket.user
if tornado.options.options.unsecure:
if self.user:
try:
self.callee = utils.User(name=self.user)
except LookupError:
self.callee = None
# If no user where given and we are local, keep the same user
# as the one who opened the socket
# ie: the one openning a terminal in borwser
if not self.callee and not self.user and self.socket.local:
self.callee = self.caller
else:
user = utils.parse_cert(self.request.get_ssl_certificate())
assert user, 'No user in certificate'
self.user = user
try:
self.callee = utils.User(name=self.user)
except LookupError:
raise Exception('Invalid user in certificate')
self.write_message(motd(self.socket))
self.pty()
def open(self, user, path, session):
self.session = session
self.closed = False
self.secure_user = None
# Prevent cross domain
if self.request.headers['Origin'] not in (
'http://%s' % self.request.headers['Host'],
'https://%s' % self.request.headers['Host']):
self.log.warning(
'Unauthorized connection attempt: from : %s to: %s' %
(self.request.headers['Origin'], self.request.headers['Host']))
self.close()
return
TermWebSocket.sockets.append(self)
self.log.info('Websocket opened %r' % self)
self.set_nodelay(True)
socket = utils.Socket(self.ws_connection.stream.socket)
opts = tornado.options.options
if not opts.unsecure:
user = utils.parse_cert(
self.ws_connection.stream.socket.getpeercert())
assert user, 'No user in certificate'
try:
user = utils.User(name=user)
except LookupError:
raise Exception('Invalid user in certificate')
# Certificate authed user
self.secure_user = user
elif socket.local and socket.user == utils.User():
# Local to local returning browser user
self.secure_user = socket.user
# Handling terminal session
if session:
if session in self.user_sessions:
# Session already here, registering websocket
self.user_sessions[session].append(self)
self.write_message('S' + TermWebSocket.history[session])
# And returning, we don't want another terminal
return
else:
# New session, opening terminal
self.user_sessions[session] = [self]
TermWebSocket.history[session] = ''
terminal = Terminal(user, path, session, socket,
self.request.headers['Host'], self.render_string,
self.write)
terminal.pty()
if session:
if not self.secure_user:
self.log.error(
'No terminal session without secure authenticated user'
'or local user.')
self._terminal = terminal
self.session = None
else:
self.log.info('Openning session %s for secure user %r' %
(session, self.secure_user))
self.user_terminals[session] = terminal
else:
self._terminal = terminal
def open(self, user, path, session):
self.session = session
self.closed = False
self.secure_user = None
# Prevent cross domain
if self.request.headers['Origin'] not in (
'http://%s' % self.request.headers['Host'],
'https://%s' % self.request.headers['Host']):
self.log.warning(
'Unauthorized connection attempt: from : %s to: %s' % (
self.request.headers['Origin'],
self.request.headers['Host']))
self.close()
return
TermWebSocket.sockets.append(self)
self.log.info('Websocket opened %r' % self)
self.set_nodelay(True)
socket = utils.Socket(self.ws_connection.stream.socket)
opts = tornado.options.options
if not opts.unsecure:
user = utils.parse_cert(
self.ws_connection.stream.socket.getpeercert())
assert user, 'No user in certificate'
try:
user = utils.User(name=user)
except LookupError:
raise Exception('Invalid user in certificate')
# Certificate authed user
self.secure_user = user
elif socket.local and socket.user == utils.User():
# Local to local returning browser user
self.secure_user = socket.user
# Handling terminal session
if session:
if session in self.user_sessions:
# Session already here, registering websocket
self.user_sessions[session].append(self)
self.write_message('S' + TermWebSocket.history[session])
# And returning, we don't want another terminal
return
else:
# New session, opening terminal
self.user_sessions[session] = [self]
TermWebSocket.history[session] = ''
terminal = Terminal(
user, path, session, socket,
self.request.headers['Host'], self.render_string, self.write)
terminal.pty()
if session:
if not self.secure_user:
self.log.error(
'No terminal session without secure authenticated user'
'or local user.')
self._terminal = terminal
self.session = None
else:
self.log.info('Openning session %s for secure user %r' % (
session, self.secure_user))
self.user_terminals[session] = terminal
else:
self._terminal = terminal
def create_terminal(self):
socket = utils.Socket(self.ws_connection.stream.socket)
user = self.request.query_arguments.get('user',
[b''])[0].decode('utf-8')
path = self.request.query_arguments.get('path',
[b''])[0].decode('utf-8')
secure_user = None
self.CMD_SETUP['path'] = str(path)
if not tornado.options.options.unsecure:
user = utils.parse_cert(
self.ws_connection.stream.socket.getpeercert())
assert user, 'No user in certificate'
try:
user = utils.User(name=user)
except LookupError:
raise Exception('Invalid user in certificate')
# Certificate authed user
secure_user = user
elif socket.local and socket.user == utils.User() and not user:
# Local to local returning browser user
secure_user = socket.user
elif user:
try:
user = utils.User(name=user)
except LookupError:
raise Exception('Invalid user')
if secure_user:
user = secure_user
if self.session in self.sessions and self.session in (
self.sessions_secure_users):
if user.name != self.sessions_secure_users[self.session]:
# Restrict to authorized users
raise tornado.web.HTTPError(403)
else:
self.sessions_secure_users[self.session] = user.name
self.sessions[self.session].append(self)
terminal = Terminal.sessions.get(self.session)
# Handling terminal session
if terminal:
TermWebSocket.last.write_message(terminal.history)
# And returning, we don't want another terminal
return
self.CMD_SETUP['path'] = str(path)
self.CMD_SETUP['uri'] = str(self.request.full_url().replace(
'/ctl/', '/'))
self.CMD_SETUP['user'] = str(user)
self.CMD_SETUP['urlparse'] = urlparse(self.CMD_SETUP['uri'])[4]
self.CMD_SETUP['parse_qs'] = parse_qs(self.CMD_SETUP['urlparse'])
wrapper_mode_config = get_wrapper_mode_config()
MISSING_PARAMS = []
INVALID_PARAMS = []
for rp in wrapper_mode_config['REQUIRED_PARAMS']:
if not rp in self.CMD_SETUP['parse_qs'].keys():
MISSING_PARAMS.append(rp)
else:
IS_VALID_OPTION = True
if rp in wrapper_mode_config['PARAM_OPTIONS'].keys():
IS_VALID_OPTION = False
for possible_value in wrapper_mode_config['PARAM_OPTIONS'][
rp]:
if self.CMD_SETUP['parse_qs'][rp][0] == possible_value:
IS_VALID_OPTION = True
if not IS_VALID_OPTION:
INVALID_PARAMS.append(rp)
if len(MISSING_PARAMS) > 0:
err = f'{len(MISSING_PARAMS)} Missing URL parameters: {", ".join(MISSING_PARAMS)}'
print(f'ERROR: {err}')
tornado.options.options.cmd = "echo -e '{}'".format(err)
elif len(INVALID_PARAMS) > 0:
err = f'{len(INVALID_PARAMS)} Invalid URL parameters: {", ".join(INVALID_PARAMS)}'
print(f'ERROR: {err}')
tornado.options.options.cmd = "echo -e '{}'".format(err)
else:
HOST_NAME = self.CMD_SETUP['parse_qs']['hostname'][0]
SERVICE_DESCRIPTION = ''
tornado.options.options.cmd = write_script_template(self)
sys.stderr.write('CMD={}\n'.format(tornado.options.options.cmd))
# New session, opening terminal
terminal = Terminal(user, path, self.session, socket,
self.request.full_url().replace('/ctl/', '/'),
self.render_string, TermWebSocket.broadcast,
self.CMD_SETUP)
terminal.pty()
self.log.info('Opening session %s for secure user %r' %
(self.session, user))