[X2Go-Commits] [x2goclient] 18/38: {pyhoca-cli, pyhoca/cli/frontend.py}: Add --non-interactive cmdline option for forcefully preventing password queries on the TTY.
git-admin at x2go.org
git-admin at x2go.org
Fri Dec 15 21:15:22 CET 2023
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch master
in repository x2goclient.
commit fc0d0b7632cd10fe06f03ffdd1da1f566a7580fe
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Thu Nov 25 12:59:11 2021 +0100
{pyhoca-cli,pyhoca/cli/frontend.py}: Add --non-interactive cmdline option for forcefully preventing password queries on the TTY.
---
debian/changelog | 2 ++
man/man1/pyhoca-cli.1 | 3 +++
pyhoca-cli | 13 +++++++++++
pyhoca/cli/frontend.py | 62 ++++++++++++++++++++++++++++++++++++++------------
4 files changed, 65 insertions(+), 15 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index a56540b4..b29d5f8a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -21,6 +21,8 @@ pyhoca-cli (0.6.1.3-0x2go1) UNRELEASED; urgency=medium
* New upstream release (0.6.1.3):
- pyhoca-cli: Print debug message before exiting pyhoca-cli.
- Fix typo in man page.
+ - Add --non-interactive cmdline option for forcefully preventing password
+ queries on the TTY.
-- X2Go Release Manager <git-admin at x2go.org> Thu, 26 Dec 2019 17:03:42 +0100
diff --git a/man/man1/pyhoca-cli.1 b/man/man1/pyhoca-cli.1
index cf0c1e18..9b2dfeae 100644
--- a/man/man1/pyhoca-cli.1
+++ b/man/man1/pyhoca-cli.1
@@ -65,6 +65,9 @@ Legacy parameter, still supported, but using positional argument [\fI<user>@\fR]
.TP
\*(T<\fB\-P, \-\-session-profile\fR \fI<SESSION_PROFILE_NAME>\fR\*(T>
The name of the session profile to be used to make the connection.
+.TP
+\*(T<\fB\-\-non\-interactive\fR\*(T>
+Enforce non-interactive mode. Avoid any TTY interaction during runtime.
.SH ACTIONS
\fBpyhoca-cli\fR accepts exclusively one of the listed actions:
.TP
diff --git a/pyhoca-cli b/pyhoca-cli
index 454c9a42..fd08ad9e 100755
--- a/pyhoca-cli
+++ b/pyhoca-cli
@@ -139,6 +139,7 @@ action_options = [
{'args':['--list-profiles'], 'default': False, 'action': 'store_true', 'help': 'list user\'s X2Go pre-configured session profiles', },
{'args':['-P','--session-profile'], 'default': None, 'help': 'load x2goclient session profiles and use the session profile SESSION_PROFILE', },
{'args':['--list-cmdline-features'], 'default': False, 'action': 'store_true', 'help': 'show a list of parseable command line features available in this PyHoca-CLI version', },
+ {'args':['--non-interactive'], 'default': False, 'action': 'store_true', 'help': 'Prevent PyHoca-CLI from ever interactively asking for a password', },
]
action_features = [ 'NEW',
'TRY_RESUME',
@@ -150,6 +151,7 @@ action_features = [ 'NEW',
'LIST_DESKTOPS',
'SESSION_PROFILE',
'LIST_CLIENT_FEATURES',
+ 'NON_INTERACTIVE',
]
if _X2GOCLIENT_OS == "Linux":
action_options.append(
@@ -458,6 +460,17 @@ Possible values for the --pack NX option are:
if int(a.auth_attempts) < 1:
a.auth_attempts = "1"
+ # --non-interactive option.
+ if a.non_interactive and a.force_password and not a.password:
+ runtime_error ("--non-interactive in combination with --force-password needs --password cmdline option", parser=p, exitcode=1)
+
+ if a.non_interactive:
+ logger('in case of a authentication failure, pyhoca-cli will *NOT* '
+ 'interactively ask for a password.', x2go.loglevel_WARN, )
+ else:
+ logger('in case of a authentication failure, pyhoca-cli will '
+ 'interactively ask for a password.', x2go.loglevel_WARN, )
+
if a.server:
##### TODO: ssh_config to be moved into Python X2Go!!!!
diff --git a/pyhoca/cli/frontend.py b/pyhoca/cli/frontend.py
index c24d064c..c3bc74be 100644
--- a/pyhoca/cli/frontend.py
+++ b/pyhoca/cli/frontend.py
@@ -384,6 +384,8 @@ class PyHocaCLI(x2go.X2GoClient):
self.auth_attempts = int(self.args.auth_attempts)
+ self.non_interactive = bool(self.args.non_interactive)
+
if args.list_profiles:
@@ -496,6 +498,11 @@ class PyHocaCLI(x2go.X2GoClient):
if self.args.force_password:
force_password_auth = True
+ if self.non_interactive:
+ non_interactive = True
+ else:
+ non_interactive = False
+
passphrase = None
passphrase_unlock_counter = 3
@@ -516,6 +523,9 @@ class PyHocaCLI(x2go.X2GoClient):
# show interactive password prompt
if force_password_auth and not cmdline_password:
+ if non_interactive:
+ _auth_count -= 1
+ continue
password = getpass.getpass()
@@ -544,7 +554,7 @@ class PyHocaCLI(x2go.X2GoClient):
# x2go.PasswordRequiredException: This exception gets raised if an SSH pubkey is protected by a passphrase
- if not force_password_auth and passphrase_unlock_counter >= 1:
+ if not non_interactive and not force_password_auth and passphrase_unlock_counter >= 1:
if passphrase == '':
self._pyhoca_logger('empty SSH key passphrase (%s), try again...' % self.args.ssh_privkey, loglevel=x2go.loglevel_WARN, )
self._pyhoca_logger('unlock SSH key file (%s)' % self.args.ssh_privkey, loglevel=x2go.loglevel_NOTICE, )
@@ -555,7 +565,13 @@ class PyHocaCLI(x2go.X2GoClient):
continue
if not force_password_auth and _auth_count >= 1:
- self._pyhoca_logger('unlocking of SSH key failed, proceeding with interactive login', loglevel=x2go.loglevel_WARN, )
+ if non_interactive:
+ self._runtime_error('unlocking of SSH key failed.',
+ exitcode=-203)
+ else:
+ self._pyhoca_logger('unlocking of SSH key failed, '
+ 'proceeding with interactive '
+ 'login', loglevel=x2go.loglevel_WARN, )
force_password_auth = True
password = None
passphrase = None
@@ -572,7 +588,7 @@ class PyHocaCLI(x2go.X2GoClient):
self._pyhoca_logger('passwordless login for ,,%s\'\' failed [AuthException]' % _username, loglevel=x2go.loglevel_WARN, )
# if the previous login attempt was pubkey based, enforce interactive login for the next round...
- if not password and _auth_count >= 1:
+ if not non_interactive and not password and _auth_count >= 1:
self._pyhoca_logger('proceeding to interactive login for user ,,%s\'\'' % _username, loglevel=x2go.loglevel_NOTICE, )
force_password_auth = True
# undo auth counter decrement
@@ -580,12 +596,22 @@ class PyHocaCLI(x2go.X2GoClient):
# a password was provided via the command line
elif password and cmdline_password and _auth_count >= 1:
- self._pyhoca_logger('cmdline provided password failed, proceeding to interactive login for user ,,%s\'\'' % _username, loglevel=x2go.loglevel_WARN, )
+ if not non_interactive:
+ self._pyhoca_logger('cmdline provided password '
+ 'failed, proceeding to '
+ 'interactive login for '
+ 'user ,,%s\'\'' % _username,
+ loglevel=x2go.loglevel_WARN, )
+ else:
+ self._runtime_error('cmdline provided password '
+ 'failed.',
+ exitcode=-204)
+
force_password_auth = True
cmdline_password = False
# else, if the previous attempt was already interactive, offer re-trying
- elif force_password_auth and _auth_count >= 1:
+ elif not non_interactive and force_password_auth and _auth_count >= 1:
self._pyhoca_logger('please re-try login for user ,,%s\'\'' % _username, loglevel=x2go.loglevel_NOTICE, )
passphrase = None
@@ -600,7 +626,8 @@ class PyHocaCLI(x2go.X2GoClient):
except x2go.SSHException as e:
# this bit only captures problems with the SSH key file, other
- # SSHExceptions are simply ignored (and we proceed to interactive login)
+ # SSHExceptions are simply ignored and we proceed to
+ # interactive login, if non_interactive is NOT set.
if str(e).lower().startswith('could not deserialize key data') \
:
@@ -619,8 +646,11 @@ class PyHocaCLI(x2go.X2GoClient):
continue
if not force_password_auth and _auth_count >= 1:
-
- self._pyhoca_logger('unlocking of SSH key failed, proceeding with interactive login', loglevel=x2go.loglevel_WARN, )
+ if non_interactive:
+ self._runtime_error('unlocking of SSH key failed.',
+ exitcode=-205)
+ else:
+ self._pyhoca_logger('unlocking of SSH key failed, proceeding with interactive login', loglevel=x2go.loglevel_WARN, )
force_password_auth = True
password = None
passphrase = None
@@ -643,13 +673,15 @@ class PyHocaCLI(x2go.X2GoClient):
self._runtime_error(str(e), exitcode=253)
else:
-
- self._pyhoca_logger('[SSHException] the following error will be ignored: %s' % str(e), loglevel=x2go.loglevel_WARN)
- self._pyhoca_logger('proceeding to interactive login for user ,,%s\'\'' % _username, loglevel=x2go.loglevel_NOTICE, )
- force_password_auth = True
- password = None
- passphrase = None
- _auth_count += 1
+ if non_interactive:
+ self._runtime_error('[SSHException] the following error occured: %s' % str(e), exitcode=-206)
+ else:
+ self._pyhoca_logger('[SSHException] the following error will be ignored: %s' % str(e), loglevel=x2go.loglevel_WARN)
+ self._pyhoca_logger('proceeding to interactive login for user ,,%s\'\'' % _username, loglevel=x2go.loglevel_NOTICE, )
+ force_password_auth = True
+ password = None
+ passphrase = None
+ _auth_count += 1
if not connected and _auth_count <= 0:
if self.auth_attempts >= 2:
--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git
More information about the x2go-commits
mailing list