def setupManhole(application, config): """Setup an SSH manhole for the API service. The manhole port is taken from the C{manhole-port} option in the config file. If this option is not provided the api port plus 100 is used. @param application: The fluidinfo API L{Application} object. @param config: The configuration object. """ servicePort = config.getint('service', 'port') if config.has_option('service', 'manhole-port'): manholePort = config.getint('service', 'manhole-port') else: manholePort = servicePort + 100 def getManhole(_): manhole = Manhole(globals()) ps1 = 'fluidinfo-api [%d] > ' % servicePort ps2 = '... '.rjust(len(ps1)) manhole.ps = (ps1, ps2) return manhole realm = TerminalRealm() realm.chainedProtocolFactory.protocolFactory = getManhole portal = Portal(realm) portal.registerChecker(SSHPublicKeyDatabase()) factory = ConchFactory(portal) manholeService = TCPServer(manholePort, factory, interface='127.0.0.1') manholeService.setServiceParent(application)
def generateChecker(self, argstring=''): """ This checker factory ignores the argument string. Everything needed to authenticate users is pulled out of the public keys listed in user .ssh/ directories. """ return SSHPublicKeyDatabase()
def getShellFactory(interpreterType, **namespace): realm = ShellTerminalRealm(namespace, CommandAPI) sshPortal = portal.Portal(realm) factory = manhole_ssh.ConchFactory(sshPortal) factory.privateKeys = {'ssh-rsa': dreamssh_util.getPrivKey()} factory.publicKeys = {'ssh-rsa': dreamssh_util.getPubKey()} factory.portal.registerChecker(SSHPublicKeyDatabase()) return factory
def getGameShellFactory(**namespace): game = None sshRealm = gameshell.TerminalRealm(namespace, game) sshPortal = portal.Portal(sshRealm) factory = manhole_ssh.ConchFactory(sshPortal) factory.privateKeys = {'ssh-rsa': util.getPrivKey()} factory.publicKeys = {'ssh-rsa': util.getPubKey()} factory.portal.registerChecker(SSHPublicKeyDatabase()) return factory
def test_registerChecker(self): """ L{SSHProcotolChecker.registerChecker} should add the given checker to the list of registered checkers. """ checker = SSHProtocolChecker() self.assertEquals(checker.credentialInterfaces, []) checker.registerChecker(SSHPublicKeyDatabase(), ) self.assertEquals(checker.credentialInterfaces, [ISSHPrivateKey]) self.assertIsInstance(checker.checkers[ISSHPrivateKey], SSHPublicKeyDatabase)
def test_registerCheckerWithInterface(self): """ If a apecific interface is passed into L{SSHProtocolChecker.registerChecker}, that interface should be registered instead of what the checker specifies in credentialIntefaces. """ checker = SSHProtocolChecker() self.assertEquals(checker.credentialInterfaces, []) checker.registerChecker(SSHPublicKeyDatabase(), IUsernamePassword) self.assertEquals(checker.credentialInterfaces, [IUsernamePassword]) self.assertIsInstance(checker.checkers[IUsernamePassword], SSHPublicKeyDatabase)
def setUp(self): self.checker = SSHPublicKeyDatabase() self.sshDir = FilePath(self.mktemp()) self.sshDir.makedirs() self.key1 = base64.encodestring("foobar") self.key2 = base64.encodestring("eggspam") self.content = "t1 %s foo\nt2 %s egg\n" % (self.key1, self.key2) self.mockos = MockOS() self.mockos.path = self.sshDir.path self.patch(os.path, "expanduser", self.mockos.expanduser) self.patch(pwd, "getpwnam", self.mockos.getpwnam) self.patch(os, "seteuid", self.mockos.seteuid) self.patch(os, "setegid", self.mockos.setegid)
def setUp(self): self.checker = SSHPublicKeyDatabase() self.key1 = base64.encodestring("foobar") self.key2 = base64.encodestring("eggspam") self.content = "t1 %s foo\nt2 %s egg\n" % (self.key1, self.key2) self.mockos = MockOS() self.mockos.path = FilePath(self.mktemp()) self.mockos.path.makedirs() self.sshDir = self.mockos.path.child('.ssh') self.sshDir.makedirs() userdb = UserDatabase() userdb.addUser('user', 'password', 1, 2, 'first last', self.mockos.path.path, '/bin/shell') self.patch(pwd, "getpwnam", userdb.getpwnam) self.patch(os, "seteuid", self.mockos.seteuid) self.patch(os, "setegid", self.mockos.setegid)
"""Authentication/authorization backend using the 'login' PAM service""" credentialInterfaces = IUsernamePassword, implements(ICredentialsChecker) def requestAvatarId(self, credentials): if pam.authenticate(credentials.username, credentials.password): return defer.succeed(credentials.username) return defer.fail(UnauthorizedLogin("invalid password")) class UnixSSHdFactory(factory.SSHFactory): publicKeys = {'ssh-rsa': keys.Key.fromString(data=publicKey)} privateKeys = {'ssh-rsa': keys.Key.fromString(data=privateKey)} services = { 'ssh-userauth': userauth.SSHUserAuthServer, 'ssh-connection': connection.SSHConnection } # Components have already been registered in twisted.conch.unix portal = portal.Portal(UnixSSHRealm()) portal.registerChecker(PamPasswordDatabase()) # Supports PAM portal.registerChecker(SSHPublicKeyDatabase()) # Supports PKI UnixSSHdFactory.portal = portal if __name__ == '__main__': reactor.listenTCP(5022, UnixSSHdFactory()) reactor.run()