Initializing email notifications

LibrIT · Mar 5, 2020 · cef464c · mrsheepsheep · Mar 5, 2020 · cef464c
1 parent 35ddac7
commit cef464c
Show file tree

Hide file tree

Showing 5 changed files with 73 additions and 2 deletions.
diff --git a/passhportd/app/views_mod/target/target.py b/passhportd/app/views_mod/target/target.py
@@ -437,6 +437,8 @@ def target_adduser():
         return utils.response('ERROR: "' + targetname + '" -> ' + \
                                e.message, 409)
 
+    utils.notif("User " + username + " has now access to " + targetname + ".", 
+                "[PaSSHport] " + username + " can access " + targetname )
     return utils.response('OK: "' + username + '" added to "' + \
                           targetname + '"', 200)
 
@@ -482,6 +484,8 @@ def target_rmuser():
         return utils.response('ERROR: "' + targetname + '" -> ' + \
                               e.message, 409)
 
+    utils.notif("User " + username + " lost access to " + targetname + ".", 
+                "[PaSSHport] " + username + " removed from " + targetname )
     return utils.response('OK: "' + username + '" removed from "' + \
                           targetname + '"', 200)
 
@@ -521,6 +525,10 @@ def target_addusergroup():
         return utils.response('ERROR: "' + targetname + '" -> ' + \
                               e.message, 409)
 
+    utils.notif("Users from group" + usergroupname + " can now access " + \
+                targetname + ".\n\nAffected users:\n" + \
+                str(ug.all_username_list()), "[PaSSHport] " + usergroupname + \
+                " can now access " + targetname)
     return utils.response('OK: "' + usergroupname + '" added to "' + \
                           targetname + '"', 200)
 
@@ -566,6 +574,10 @@ def target_rmusergroup():
         return utils.response('ERROR: "' + targetname + '" -> ' + \
                               e.message, 409)
 
+    utils.notif("Users from group" + usergroupname + " lost access to " + \
+                targetname + ".\n\nAffected users:\n" + \
+                str(ug.all_username_list()), "[PaSSHport] " + usergroupname + \
+                " removed from " + targetname)
     return utils.response('OK: "' + usergroupname + '" removed from "' + \
                           targetname + '"', 200)
 
@@ -664,7 +676,7 @@ def extgetaccess(ip, targetname, username):
     return utils.response(response, 200)
 
 
-@app.route("/exttargetaccess/close/<targetname>/<username>")
+@app.route("/exttargetaccess/closebyname/<targetname>/<username>")
 def extcloseaccessbyname(targetname, username):
     """Close a connection determined by target name and user name"""
     # Determine associated pid

diff --git a/passhportd/app/views_mod/targetgroup/targetgroup.py b/passhportd/app/views_mod/targetgroup/targetgroup.py
@@ -239,6 +239,8 @@ def targetgroup_adduser():
         return utils.response('ERROR: "' + targetgroupname + '" -> ' + \
                               e.message, 409)
 
+    utils.notif("User " + username + " is now in " + targetgroupname + ".", 
+                "[PaSSHport] " + username + " joins " + targetgroupname )
     return utils.response('OK: "' + username + '" added to "' + \
                           targetgroupname + '"', 200)
 
@@ -284,6 +286,8 @@ def targetgroup_rmuser():
         return utils.response('ERROR: "' + targetgroupname + '" -> ' + \
                               e.message, 409)
 
+    utils.notif("User " + username + " has been removed from " + targetgroupname + ".", 
+                "[PaSSHport] " + username + " removed from " + targetgroupname )
     return utils.response('OK: "' + username + '" removed from "' + \
                           targetgroupname + '"', 200)
 
@@ -322,7 +326,9 @@ def targetgroup_addtarget():
     except exc.SQLAlchemyError as e:
         return utils.response('ERROR: "' + targetgroupname + '" -> ' + \
                               e.message, 409)
-
+
+    utils.notif("Users from " + targetgroupname+ " can now access to " + targetame + ".", 
+                "[PaSSHport] " + targetname + " access granted to " + targetgroupname )
     return utils.response('OK: "' + targetname + '" added to "' + \
                           targetgroupname + '"', 200)
 
@@ -368,6 +374,10 @@ def targetgroup_rmtarget():
         return utils.response('ERROR: "' + targetgroupname + '" -> ' + \
                               e.message, 409)
 
+    utils.notif("Users from " + targetgroupname+ " can not access to " + \
+                                                     targetame + "anymore.",
+                "[PaSSHport] " + targetname + " removed from " + \
+                                                        targetgroupname )
     return utils.response('OK: "' + targetname + '" removed from "' + \
                           targetgroupname + '"', 200)
 
@@ -407,6 +417,9 @@ def targetgroup_addusergroup():
         return utils.response('ERROR: "' + targetgroupname + '" -> ' + \
                               e.message, 409)
 
+    utils.notif("Users from " + usergroupname + \
+               " can now access to the targets from " + targetgroupame + ".", 
+                "[PaSSHport] " + usergroupname + " added to " + targetgroupname)
     return utils.response('OK: "' + usergroupname + '" added to "' + \
                           targetgroupname + '"', 200)
 
@@ -452,6 +465,10 @@ def targetgroup_rmusergroup():
         return utils.response('ERROR: "' + targetgroupname + '" -> ' + \
                               e.message, 409)
 
+    utils.notif("Users from " + usergroupname + \
+               " lost access to the targets from " + targetgroupame + ".", 
+               "[PaSSHport] " + usergroupname + " removed from " + \
+                                                          targetgroupname)
     return utils.response('OK: "' + usergroupname + '" removed from "' + \
                           targetgroupname + '"', 200)
 
@@ -497,6 +514,10 @@ def targetgroup_addtargetgroup():
         return utils.response('ERROR: "' + targetgroupname + '" -> ' + \
                               e.message, 409)
 
+    utils.notif("Users from " + subtargetgroupname + \
+               " can access to the targets from " + targetgroupame + ".", 
+               "[PaSSHport] " + subtargetgroupname + " added to " + \
+                                                          targetgroupname)
     return utils.response('OK: "' + subtargetgroupname + '" added to "' + \
                           targetgroupname + '"', 200)
 
@@ -544,6 +565,11 @@ def targetgroup_rmtargetgroup():
         return utils.response('ERROR: "' + targetgroupname + '" -> ' + \
                               e.message, 409)
 
+    utils.notif("Users from " + subtargetgroupname + \
+               " removed access to " + targetgroupame + ".", 
+               "[PaSSHport] " + subtargetgroupname + " removed from " + \
+                                                          targetgroupname)
+    return utils.response('OK: "' + subtargetgroupname + '" added to "' + \
     return utils.response('OK: "' + subtargetgroupname + '" removed from "' + \
                           targetgroupname + '"', 200)
 

diff --git a/passhportd/app/views_mod/utilities.py b/passhportd/app/views_mod/utilities.py
@@ -3,6 +3,7 @@
 import config
 import os
 import stat
+import smtplib
 
 from io import open
 from sshpubkeys import SSHKey
@@ -192,3 +193,23 @@ def is_number(s):
         return True
     except ValueError:
         return False
+
+# Notifications
+def send_email(msg, subject, recipient):
+    """Simply send the email to recipient"""
+    server = smtplib.SMTP(config.NOTIF_SMTP)
+    from_mail = config.NOTIF_FROM
+    app.logger.info("Notification sent to: " + recipient)
+    server.sendmail(from_mail, recipient, "Subject: " + subject + "\n\n" +msg)
+    server.quit()
+
+
+def notif(msg,subject="PaSSHport Notification", emergency="log"):
+    """Send the msg via parmeters notification"""
+    if emergency == "log":
+            if config.NOTIF_LOG_TYPE == "email":
+                for recipient in config.NOTIF_TO.split(","):
+                    try:
+                        send_email(msg, subject, recipient)
+                    except:
+                        app.logger.error("Error sending email. Check config.")
diff --git a/passhportd/config.py b/passhportd/config.py
@@ -49,6 +49,12 @@
 SSL_KEY         = conf.get("SSL", "SSL_KEY")
 
 
+""" NOTIFICATIONS """
+NOTIF_LOG_TYPE  = conf.get("NOTIFICATIONS", "NOTIF_LOG_TYPE", fallback='None')
+NOTIF_TO        = conf.get("NOTIFICATIONS", "NOTIF_TO", fallback='root')
+NOTIF_FROM      = conf.get("NOTIFICATIONS", "NOTIF_FROM", fallback='passhport@bastion')
+NOTIF_SMTP      = conf.get("NOTIFICATIONS", "SMTP", fallback='127.0.0.1')
+
 """ MISC """
 MAXLOGSIZE      = conf.get("MISC", "MAXLOGSIZE")
 NODE_NAME       = conf.get("MISC", "NODE_NAME")

diff --git a/passhportd/passhportd.ini b/passhportd/passhportd.ini
@@ -41,6 +41,12 @@ PYTHON_PATH      = /home/passhport/passhport-run-env/bin/python3
 #External access (optional - commercial use)
 OPEN_ACCESS_PATH = /home/passhport/passhwall.sh
 
+[NOTIFICATIONS]
+NOTIF_LOG_TYPE  = email
+NOTIF_TO        = root, admin@passhport
+NOFIT_FROM      = passhport@bastion
+NOTIF_SMTP      = 127.0.0.1
+
 [MISC]
 # Maximum log file size in MB
 MAXLOGSIZE = 5