def _credential_vars(credential):
ansible_dict = {}
username = credential.get('username')
password = credential.get('password')
ssh_keyfile = credential.get('ssh_keyfile')
sudo_password = credential.get('sudo_password')
ansible_dict['ansible_user'] = username
if password:
ansible_dict['ansible_ssh_pass'] = \
decrypt_data_as_unicode(password)
if ssh_keyfile:
ansible_dict['ansible_ssh_private_key_file'] = ssh_keyfile
if sudo_password:
ansible_dict['ansible_become_pass'] = \
decrypt_data_as_unicode(sudo_password)
return ansible_dict
def get_connect_data(scan_task):
"""Extract the connection information from the scan task.
:param scan_task: The scan tasks
:returns: A tuple of (host, port, user, password)
"""
credential = get_credential(scan_task)
user = credential.username
password = decrypt_data_as_unicode(credential.password)
host = scan_task.source.get_hosts()[0]
port = scan_task.source.port
return (host, port, user, password)
def test_hostcred_set_become_pass(self):
"""Ensure we can set the become password."""
data = {'name': 'cred1',
'cred_type': Credential.NETWORK_CRED_TYPE,
'username': '******',
'password': '******',
'become_method': 'doas',
'become_password': '******'}
self.create_expect_201(data)
self.assertEqual(Credential.objects.count(), 1)
self.assertEqual(
decrypt_data_as_unicode(Credential.objects.get().become_password),
'pass')
def vcenter_connect(scan_task):
"""Connect to VCenter.
:param scan_task: The scan task
:returns: VCenter connection object.
"""
vcenter = None
disable_ssl = None
ssl_cert_verify = None
ssl_protocol = None
source = scan_task.source
credential = source.credentials.all().first()
user = credential.username
host = scan_task.source.get_hosts()[0]
password = decrypt_data_as_unicode(credential.password)
port = scan_task.source.port
options = source.options
if options:
if options.disable_ssl and options.disable_ssl is True:
disable_ssl = True
if options.ssl_cert_verify is not None:
ssl_cert_verify = options.ssl_cert_verify
ssl_protocol = options.get_ssl_protocol()
if disable_ssl:
vcenter = SmartConnectNoSSL(host=host,
user=user,
pwd=password,
port=port)
elif ssl_protocol is None and ssl_cert_verify is None:
vcenter = SmartConnect(host=host, user=user, pwd=password, port=port)
else:
ssl_context = None
if ssl_protocol is None:
ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_SSLv23)
else:
ssl_context = ssl.SSLContext(protocol=ssl_protocol)
if ssl_cert_verify is False:
ssl_context.verify_mode = ssl.CERT_NONE
vcenter = SmartConnect(host=host,
user=user,
pwd=password,
port=port,
sslContext=ssl_context)
atexit.register(Disconnect, vcenter)
return vcenter
def _credential_vars(credential):
"""Build a dictionary containing cred information."""
ansible_dict = {}
username = credential.get('username')
password = credential.get('password')
ssh_keyfile = credential.get('ssh_keyfile')
become_method = credential.get('become_method')
become_user = credential.get('become_user')
become_password = credential.get('become_password')
ansible_dict['ansible_user'] = username
if password:
ansible_dict['ansible_ssh_pass'] = \
decrypt_data_as_unicode(password)
if ssh_keyfile:
ansible_dict['ansible_ssh_private_key_file'] = ssh_keyfile
if become_password:
ansible_dict['ansible_become_pass'] = \
decrypt_data_as_unicode(become_password)
if become_method:
ansible_dict['ansible_become_method'] = become_method
if become_user:
ansible_dict['ansible_become_user'] = become_user
return ansible_dict
def vcenter_connect(scan_task):
"""Connect to VCenter.
:param scan_task: The scan task
:returns: VCenter connection object.
"""
credential = scan_task.source.credentials.all().first()
user = credential.username
host = scan_task.source.hosts.all().first().host_range
password = decrypt_data_as_unicode(credential.password)
port = scan_task.source.port
# TO DO: Fix port handling and SSL options
vcenter = SmartConnectNoSSL(host=host, user=user, pwd=password, port=port)
atexit.register(Disconnect, vcenter)
return vcenter
def _handle_ssh_passphrase(credential):
"""Attempt to setup login via passphrase if necessary.
:param credential: The credential used for connections
"""
if (credential.get('ssh_keyfile') is not None
and credential.get('ssh_passphrase') is not None):
keyfile = credential.get('ssh_keyfile')
passphrase = \
decrypt_data_as_unicode(credential['ssh_passphrase'])
cmd_string = 'ssh-add {}'.format(keyfile)
try:
child = pexpect.spawn(cmd_string, timeout=12)
phrase = [pexpect.EOF, 'Enter passphrase for .*:']
i = child.expect(phrase)
while i:
child.sendline(passphrase)
i = child.expect(phrase)
except pexpect.exceptions.TIMEOUT:
pass
