This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2goclient. commit fc0d0b7632cd10fe06f03ffdd1da1f566a7580fe Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Thu Nov 25 12:59:11 2021 +0100 {pyhoca-cli,pyhoca/cli/frontend.py}: Add --non-interactive cmdline option for forcefully preventing password queries on the TTY. --- debian/changelog | 2 ++ man/man1/pyhoca-cli.1 | 3 +++ pyhoca-cli | 13 +++++++++++ pyhoca/cli/frontend.py | 62 ++++++++++++++++++++++++++++++++++++++------------ 4 files changed, 65 insertions(+), 15 deletions(-) diff --git a/debian/changelog b/debian/changelog index a56540b4..b29d5f8a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -21,6 +21,8 @@ pyhoca-cli (0.6.1.3-0x2go1) UNRELEASED; urgency=medium * New upstream release (0.6.1.3): - pyhoca-cli: Print debug message before exiting pyhoca-cli. - Fix typo in man page. + - Add --non-interactive cmdline option for forcefully preventing password + queries on the TTY. -- X2Go Release Manager <git-admin@x2go.org> Thu, 26 Dec 2019 17:03:42 +0100 diff --git a/man/man1/pyhoca-cli.1 b/man/man1/pyhoca-cli.1 index cf0c1e18..9b2dfeae 100644 --- a/man/man1/pyhoca-cli.1 +++ b/man/man1/pyhoca-cli.1 @@ -65,6 +65,9 @@ Legacy parameter, still supported, but using positional argument [\fI<user>@\fR] .TP \*(T<\fB\-P, \-\-session-profile\fR \fI<SESSION_PROFILE_NAME>\fR\*(T> The name of the session profile to be used to make the connection. +.TP +\*(T<\fB\-\-non\-interactive\fR\*(T> +Enforce non-interactive mode. Avoid any TTY interaction during runtime. .SH ACTIONS \fBpyhoca-cli\fR accepts exclusively one of the listed actions: .TP diff --git a/pyhoca-cli b/pyhoca-cli index 454c9a42..fd08ad9e 100755 --- a/pyhoca-cli +++ b/pyhoca-cli @@ -139,6 +139,7 @@ action_options = [ {'args':['--list-profiles'], 'default': False, 'action': 'store_true', 'help': 'list user\'s X2Go pre-configured session profiles', }, {'args':['-P','--session-profile'], 'default': None, 'help': 'load x2goclient session profiles and use the session profile SESSION_PROFILE', }, {'args':['--list-cmdline-features'], 'default': False, 'action': 'store_true', 'help': 'show a list of parseable command line features available in this PyHoca-CLI version', }, + {'args':['--non-interactive'], 'default': False, 'action': 'store_true', 'help': 'Prevent PyHoca-CLI from ever interactively asking for a password', }, ] action_features = [ 'NEW', 'TRY_RESUME', @@ -150,6 +151,7 @@ action_features = [ 'NEW', 'LIST_DESKTOPS', 'SESSION_PROFILE', 'LIST_CLIENT_FEATURES', + 'NON_INTERACTIVE', ] if _X2GOCLIENT_OS == "Linux": action_options.append( @@ -458,6 +460,17 @@ Possible values for the --pack NX option are: if int(a.auth_attempts) < 1: a.auth_attempts = "1" + # --non-interactive option. + if a.non_interactive and a.force_password and not a.password: + runtime_error ("--non-interactive in combination with --force-password needs --password cmdline option", parser=p, exitcode=1) + + if a.non_interactive: + logger('in case of a authentication failure, pyhoca-cli will *NOT* ' + 'interactively ask for a password.', x2go.loglevel_WARN, ) + else: + logger('in case of a authentication failure, pyhoca-cli will ' + 'interactively ask for a password.', x2go.loglevel_WARN, ) + if a.server: ##### TODO: ssh_config to be moved into Python X2Go!!!! diff --git a/pyhoca/cli/frontend.py b/pyhoca/cli/frontend.py index c24d064c..c3bc74be 100644 --- a/pyhoca/cli/frontend.py +++ b/pyhoca/cli/frontend.py @@ -384,6 +384,8 @@ class PyHocaCLI(x2go.X2GoClient): self.auth_attempts = int(self.args.auth_attempts) + self.non_interactive = bool(self.args.non_interactive) + if args.list_profiles: @@ -496,6 +498,11 @@ class PyHocaCLI(x2go.X2GoClient): if self.args.force_password: force_password_auth = True + if self.non_interactive: + non_interactive = True + else: + non_interactive = False + passphrase = None passphrase_unlock_counter = 3 @@ -516,6 +523,9 @@ class PyHocaCLI(x2go.X2GoClient): # show interactive password prompt if force_password_auth and not cmdline_password: + if non_interactive: + _auth_count -= 1 + continue password = getpass.getpass() @@ -544,7 +554,7 @@ class PyHocaCLI(x2go.X2GoClient): # x2go.PasswordRequiredException: This exception gets raised if an SSH pubkey is protected by a passphrase - if not force_password_auth and passphrase_unlock_counter >= 1: + if not non_interactive and not force_password_auth and passphrase_unlock_counter >= 1: if passphrase == '': self._pyhoca_logger('empty SSH key passphrase (%s), try again...' % self.args.ssh_privkey, loglevel=x2go.loglevel_WARN, ) self._pyhoca_logger('unlock SSH key file (%s)' % self.args.ssh_privkey, loglevel=x2go.loglevel_NOTICE, ) @@ -555,7 +565,13 @@ class PyHocaCLI(x2go.X2GoClient): continue if not force_password_auth and _auth_count >= 1: - self._pyhoca_logger('unlocking of SSH key failed, proceeding with interactive login', loglevel=x2go.loglevel_WARN, ) + if non_interactive: + self._runtime_error('unlocking of SSH key failed.', + exitcode=-203) + else: + self._pyhoca_logger('unlocking of SSH key failed, ' + 'proceeding with interactive ' + 'login', loglevel=x2go.loglevel_WARN, ) force_password_auth = True password = None passphrase = None @@ -572,7 +588,7 @@ class PyHocaCLI(x2go.X2GoClient): self._pyhoca_logger('passwordless login for ,,%s\'\' failed [AuthException]' % _username, loglevel=x2go.loglevel_WARN, ) # if the previous login attempt was pubkey based, enforce interactive login for the next round... - if not password and _auth_count >= 1: + if not non_interactive and not password and _auth_count >= 1: self._pyhoca_logger('proceeding to interactive login for user ,,%s\'\'' % _username, loglevel=x2go.loglevel_NOTICE, ) force_password_auth = True # undo auth counter decrement @@ -580,12 +596,22 @@ class PyHocaCLI(x2go.X2GoClient): # a password was provided via the command line elif password and cmdline_password and _auth_count >= 1: - self._pyhoca_logger('cmdline provided password failed, proceeding to interactive login for user ,,%s\'\'' % _username, loglevel=x2go.loglevel_WARN, ) + if not non_interactive: + self._pyhoca_logger('cmdline provided password ' + 'failed, proceeding to ' + 'interactive login for ' + 'user ,,%s\'\'' % _username, + loglevel=x2go.loglevel_WARN, ) + else: + self._runtime_error('cmdline provided password ' + 'failed.', + exitcode=-204) + force_password_auth = True cmdline_password = False # else, if the previous attempt was already interactive, offer re-trying - elif force_password_auth and _auth_count >= 1: + elif not non_interactive and force_password_auth and _auth_count >= 1: self._pyhoca_logger('please re-try login for user ,,%s\'\'' % _username, loglevel=x2go.loglevel_NOTICE, ) passphrase = None @@ -600,7 +626,8 @@ class PyHocaCLI(x2go.X2GoClient): except x2go.SSHException as e: # this bit only captures problems with the SSH key file, other - # SSHExceptions are simply ignored (and we proceed to interactive login) + # SSHExceptions are simply ignored and we proceed to + # interactive login, if non_interactive is NOT set. if str(e).lower().startswith('could not deserialize key data') \ : @@ -619,8 +646,11 @@ class PyHocaCLI(x2go.X2GoClient): continue if not force_password_auth and _auth_count >= 1: - - self._pyhoca_logger('unlocking of SSH key failed, proceeding with interactive login', loglevel=x2go.loglevel_WARN, ) + if non_interactive: + self._runtime_error('unlocking of SSH key failed.', + exitcode=-205) + else: + self._pyhoca_logger('unlocking of SSH key failed, proceeding with interactive login', loglevel=x2go.loglevel_WARN, ) force_password_auth = True password = None passphrase = None @@ -643,13 +673,15 @@ class PyHocaCLI(x2go.X2GoClient): self._runtime_error(str(e), exitcode=253) else: - - self._pyhoca_logger('[SSHException] the following error will be ignored: %s' % str(e), loglevel=x2go.loglevel_WARN) - self._pyhoca_logger('proceeding to interactive login for user ,,%s\'\'' % _username, loglevel=x2go.loglevel_NOTICE, ) - force_password_auth = True - password = None - passphrase = None - _auth_count += 1 + if non_interactive: + self._runtime_error('[SSHException] the following error occured: %s' % str(e), exitcode=-206) + else: + self._pyhoca_logger('[SSHException] the following error will be ignored: %s' % str(e), loglevel=x2go.loglevel_WARN) + self._pyhoca_logger('proceeding to interactive login for user ,,%s\'\'' % _username, loglevel=x2go.loglevel_NOTICE, ) + force_password_auth = True + password = None + passphrase = None + _auth_count += 1 if not connected and _auth_count <= 0: if self.auth_attempts >= 2: -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git