Merge pull request #569 from thunderbirdGreg/master

automatic password change corrections & removing debug
LibrIT · Jun 30, 2021 · 143fd5c · 143fd5c
2 parents c33cc1a + b7d51e6
commit 143fd5c
Show file tree

Hide file tree

Showing 7 changed files with 23 additions and 92 deletions.
diff --git a/passhport/connections_utils/password.py b/passhport/connections_utils/password.py
diff --git a/passhport/connections_utils/ssh.py b/passhport/connections_utils/ssh.py
@@ -9,14 +9,14 @@
 import os, requests, shlex, sys
 
 def connect(target, filelog, login, port, sshoptions, pid, url_passhport, 
-            cert, ssh_script, username, originalcmd):
+            cert, ssh_script, username, targetname, originalcmd):
     """ Simply launch the ssh connection or execute the ssh command"""
     if not originalcmd:
         # We replace this process by the connexion to free some memory
         os.execl("/bin/bash", " ",
                  ssh_script,
                  filelog, str(port), login, target, str(pid),
-                 url_passhport, cert, username, sshoptions)
+                 url_passhport, cert, username, targetname, sshoptions)
 
     else:
         ssh_args = [

diff --git a/passhport/passhport b/passhport/passhport
@@ -13,7 +13,6 @@ import uuid, readline, glob
 
 from connections_utils import ssh
 from connections_utils import scp
-from connections_utils import password
 from ui_utils import completer
 
 
@@ -170,7 +169,7 @@ def checkandconnect(indexed_target_list, choice, username, originalcmd,
             cert = SSL_CERTIFICAT
         # Standard SSH connection
         ssh.connect(target, filelog, login, port, sshoptions, pid,
-                    url_passhport, cert, SSH_SCRIPT, username, originalcmd)
+                    url_passhport, cert, SSH_SCRIPT, username, targetname, originalcmd)
 
     return True
 

diff --git a/passhport/passhport-connect.sh b/passhport/passhport-connect.sh
@@ -11,6 +11,7 @@ URL=$6
 CERT=$7
 OPTION="$@"
 USERNAME="$8"
+TARGETNAME="$9"
 OPTIONS=""
 KEEPCONNECT="$(grep '^KEEPCONNECT[[:space:]]=[[:space:]]True$' /etc/passhport/passhport.ini | wc -l)"
 PASSHHOMEDIR="/home/passhport"
@@ -26,7 +27,7 @@ trap "echo 'You are not allowed to stop disconnection. Consider Ctrl-D.'" SIGHUP
 i=0
 for option in ${OPTION}
 do
-    if [ "$i" -lt "8" ]
+    if [ "$i" -lt "9" ]
     then
         i=$(($i +1))
     else
@@ -40,8 +41,10 @@ script -q --timing=${FILELOG}.timing ${FILELOG} -c "ssh -t -p ${PORT} ${LOGIN}@$
 if [ "${CERT}" == "/dev/null" ]
 then
     wget -qO - ${URL}connection/ssh/endsession/${PID} &> /dev/null
+    wget -qO - ${URL}target/changepassword/${TARGETNAME} &> /dev/null
 else
     wget --ca-certificate=${CERT} -qO - ${URL}connection/ssh/endsession/${PID} &> /dev/null
+    wget --ca-certificate=${CERT} -qO - ${URL}target/changepassword/${TARGETNAME} &> /dev/null
 fi
 
 # Launch PaSSHport with the same user after the connection

diff --git a/passhportd/app/models_mod/usergroup.py b/passhportd/app/models_mod/usergroup.py
@@ -358,7 +358,6 @@ def accessible_target_list(self, checked_usergroups = [], mode="string"):
                                          checked_usergroups, mode="obj"):
                     if target not in accessible_targets:
                         if mode == "string":
-                            print(target)
                             accessible_targets.append(target.name)
                         else:
                             accessible_targets.append(target)

diff --git a/passhportd/app/views.py b/passhportd/app/views.py
@@ -234,7 +234,6 @@ def checkandterminatesshsession():
                logentry.Logentry.logfilename.like(
                                    config.NODE_NAME + '-%'))).all()
 
-    app.logger.error(lentries)
     if not lentries:
         return "No active connection."
 

diff --git a/passhportd/app/views_mod/target/target.py b/passhportd/app/views_mod/target/target.py
@@ -757,3 +757,19 @@ def getpassword(targetname, number = 20):
     output = output[:-2] + '\n]'
 
     return utils.response(output, 200) 
+
+@app.route("/target/changepassword/<targetname>")
+def changetargetpassword(targetname):
+    """Change the password for the target if and only if the target
+    is defined with automatic root password change option"""
+
+    t = target.Target.query.filter_by(name=targetname).first()
+    if t is None:
+        return utils.response('ERROR: No target with the name "' + \
+                               targetname + '" in the database.', 417)
+
+    t.changepass(format(datetime.now(), '%Y%m%dT%H%M'))
+
+    return utils.response("Automatic password change routine done on: " + \
+                               targetname, 200)
+