2016-04-22 10:08:02 -06:00
|
|
|
# Copyright 2016 OpenMarket Ltd
|
2019-04-10 00:23:48 -06:00
|
|
|
# Copyright 2019 New Vector Ltd.
|
2016-04-22 10:08:02 -06:00
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
2019-04-10 00:23:48 -06:00
|
|
|
import sys
|
|
|
|
import traceback
|
2016-04-22 10:08:02 -06:00
|
|
|
|
|
|
|
from twisted.conch import manhole_ssh
|
2018-07-09 00:09:20 -06:00
|
|
|
from twisted.conch.insults import insults
|
2019-04-10 00:23:48 -06:00
|
|
|
from twisted.conch.manhole import ColoredManhole, ManholeInterpreter
|
2016-04-25 10:34:25 -06:00
|
|
|
from twisted.conch.ssh.keys import Key
|
2018-07-09 00:09:20 -06:00
|
|
|
from twisted.cred import checkers, portal
|
2016-04-25 10:34:25 -06:00
|
|
|
|
|
|
|
PUBLIC_KEY = (
|
2018-09-11 03:42:10 -06:00
|
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHhGATaW4KhE23+7nrH4jFx3yLq9OjaEs5"
|
|
|
|
"XALqeK+7385NlLja3DE/DO9mGhnd9+bAy39EKT3sTV6+WXQ4yD0TvEEyUEMtjWkSEm6U32+C"
|
|
|
|
"DaS3TW/vPBUMeJQwq+Ydcif1UlnpXrDDTamD0AU9VaEvHq+3HAkipqn0TGpKON6aqk4vauDx"
|
|
|
|
"oXSsV5TXBVrxP/y7HpMOpU4GUWsaaacBTKKNnUaQB4UflvydaPJUuwdaCUJGTMjbhWrjVfK+"
|
|
|
|
"jslseSPxU6XvrkZMyCr4znxvuDxjMk1RGIdO7v+rbBMLEgqtSMNqJbYeVCnj2CFgc3fcTcld"
|
|
|
|
"X2uOJDrJb/WRlHulthCh"
|
2016-04-25 10:34:25 -06:00
|
|
|
)
|
|
|
|
|
|
|
|
PRIVATE_KEY = """-----BEGIN RSA PRIVATE KEY-----
|
2018-09-11 03:42:10 -06:00
|
|
|
MIIEpQIBAAKCAQEAx4RgE2luCoRNt/u56x+Ixcd8i6vTo2hLOVwC6nivu9/OTZS4
|
|
|
|
2twxPwzvZhoZ3ffmwMt/RCk97E1evll0OMg9E7xBMlBDLY1pEhJulN9vgg2kt01v
|
|
|
|
7zwVDHiUMKvmHXIn9VJZ6V6ww02pg9AFPVWhLx6vtxwJIqap9ExqSjjemqpOL2rg
|
|
|
|
8aF0rFeU1wVa8T/8ux6TDqVOBlFrGmmnAUyijZ1GkAeFH5b8nWjyVLsHWglCRkzI
|
|
|
|
24Vq41Xyvo7JbHkj8VOl765GTMgq+M58b7g8YzJNURiHTu7/q2wTCxIKrUjDaiW2
|
|
|
|
HlQp49ghYHN33E3JXV9rjiQ6yW/1kZR7pbYQoQIDAQABAoIBAQC8KJ0q8Wzzwh5B
|
|
|
|
esa1dQHZ8+4DEsL/Amae66VcVwD0X3cCN1W2IZ7X5W0Ij2kBqr8V51RYhcR+S+Ek
|
|
|
|
BtzSiBUBvbKGrqcMGKaUgomDIMzai99hd0gvCCyZnEW1OQhFkNkaRNXCfqiZJ27M
|
|
|
|
fqvSUiU2eOwh9fCvmxoA6Of8o3FbzcJ+1GMcobWRllDtLmj6lgVbDzuA+0jC5daB
|
|
|
|
9Tj1pBzu3wn3ufxiS+gBnJ+7NcXH3E73lqCcPa2ufbZ1haxfiGCnRIhFXuQDgxFX
|
|
|
|
vKdEfDgtvas6r1ahGbc+b/q8E8fZT7cABuIU4yfOORK+MhpyWbvoyyzuVGKj3PKt
|
|
|
|
KSPJu5CZAoGBAOkoJfAVyYteqKcmGTanGqQnAY43CaYf6GdSPX/jg+JmKZg0zqMC
|
|
|
|
jWZUtPb93i+jnOInbrnuHOiHAxI8wmhEPed28H2lC/LU8PzlqFkZXKFZ4vLOhhRB
|
|
|
|
/HeHCFIDosPFlohWi3b+GAjD7sXgnIuGmnXWe2ea/TS3yersifDEoKKjAoGBANsQ
|
|
|
|
gJX2cJv1c3jhdgcs8vAt5zIOKcCLTOr/QPmVf/kxjNgndswcKHwsxE/voTO9q+TF
|
|
|
|
v/6yCSTxAdjuKz1oIYWgi/dZo82bBKWxNRpgrGviU3/zwxiHlyIXUhzQu78q3VS/
|
|
|
|
7S1XVbc7qMV++XkYKHPVD+nVG/gGzFxumX7MLXfrAoGBAJit9cn2OnjNj9uFE1W6
|
|
|
|
r7N254ndeLAUjPe73xH0RtTm2a4WRopwjW/JYIetTuYbWgyujc+robqTTuuOZjAp
|
|
|
|
H/CG7o0Ym251CypQqaFO/l2aowclPp/dZhpPjp9GSjuxFBZLtiBB3DNBOwbRQzIK
|
|
|
|
/vLTdRQvZkgzYkI4i0vjNt3JAoGBANP8HSKBLymMlShlrSx2b8TB9tc2Y2riohVJ
|
|
|
|
2ttqs0M2kt/dGJWdrgOz4mikL+983Olt/0P9juHDoxEEMK2kpcPEv40lnmBpYU7h
|
|
|
|
s8yJvnBLvJe2EJYdJ8AipyAhUX1FgpbvfxmASP8eaUxsegeXvBWTGWojAoS6N2o+
|
|
|
|
0KSl+l3vAoGAFqm0gO9f/Q1Se60YQd4l2PZeMnJFv0slpgHHUwegmd6wJhOD7zJ1
|
|
|
|
CkZcXwiv7Nog7AI9qKJEUXLjoqL+vJskBzSOqU3tcd670YQMi1aXSXJqYE202K7o
|
|
|
|
EddTrx3TNpr1D5m/f+6mnXWrc8u9y1+GNx9yz889xMjIBTBI9KqaaOs=
|
2016-04-25 10:34:25 -06:00
|
|
|
-----END RSA PRIVATE KEY-----"""
|
2016-04-22 10:08:02 -06:00
|
|
|
|
|
|
|
|
2016-04-25 07:59:21 -06:00
|
|
|
def manhole(username, password, globals):
|
2016-04-22 10:08:02 -06:00
|
|
|
"""Starts a ssh listener with password authentication using
|
|
|
|
the given username and password. Clients connecting to the ssh
|
|
|
|
listener will find themselves in a colored python shell with
|
|
|
|
the supplied globals.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
username(str): The username ssh clients should auth with.
|
|
|
|
password(str): The password ssh clients should auth with.
|
|
|
|
globals(dict): The variables to expose in the shell.
|
2016-04-25 07:59:21 -06:00
|
|
|
|
|
|
|
Returns:
|
|
|
|
twisted.internet.protocol.Factory: A factory to pass to ``listenTCP``
|
2016-04-22 10:08:02 -06:00
|
|
|
"""
|
2018-10-19 05:26:00 -06:00
|
|
|
if not isinstance(password, bytes):
|
|
|
|
password = password.encode('ascii')
|
2016-04-22 10:08:02 -06:00
|
|
|
|
|
|
|
checker = checkers.InMemoryUsernamePasswordDatabaseDontUse(
|
|
|
|
**{username: password}
|
|
|
|
)
|
|
|
|
|
|
|
|
rlm = manhole_ssh.TerminalRealm()
|
|
|
|
rlm.chainedProtocolFactory = lambda: insults.ServerProtocol(
|
2019-04-10 00:23:48 -06:00
|
|
|
SynapseManhole,
|
2016-04-22 10:08:02 -06:00
|
|
|
dict(globals, __name__="__console__")
|
|
|
|
)
|
|
|
|
|
2016-04-25 10:34:25 -06:00
|
|
|
factory = manhole_ssh.ConchFactory(portal.Portal(rlm, [checker]))
|
2018-10-18 16:24:00 -06:00
|
|
|
factory.publicKeys[b'ssh-rsa'] = Key.fromString(PUBLIC_KEY)
|
|
|
|
factory.privateKeys[b'ssh-rsa'] = Key.fromString(PRIVATE_KEY)
|
2016-04-25 10:34:25 -06:00
|
|
|
|
|
|
|
return factory
|
2019-04-10 00:23:48 -06:00
|
|
|
|
|
|
|
|
|
|
|
class SynapseManhole(ColoredManhole):
|
|
|
|
"""Overrides connectionMade to create our own ManholeInterpreter"""
|
|
|
|
def connectionMade(self):
|
|
|
|
super(SynapseManhole, self).connectionMade()
|
|
|
|
|
|
|
|
# replace the manhole interpreter with our own impl
|
|
|
|
self.interpreter = SynapseManholeInterpreter(self, self.namespace)
|
|
|
|
|
|
|
|
# this would also be a good place to add more keyHandlers.
|
|
|
|
|
|
|
|
|
|
|
|
class SynapseManholeInterpreter(ManholeInterpreter):
|
|
|
|
def showsyntaxerror(self, filename=None):
|
|
|
|
"""Display the syntax error that just occurred.
|
|
|
|
|
|
|
|
Overrides the base implementation, ignoring sys.excepthook. We always want
|
|
|
|
any syntax errors to be sent to the terminal, rather than sentry.
|
|
|
|
"""
|
|
|
|
type, value, tb = sys.exc_info()
|
|
|
|
sys.last_type = type
|
|
|
|
sys.last_value = value
|
|
|
|
sys.last_traceback = tb
|
|
|
|
if filename and type is SyntaxError:
|
|
|
|
# Work hard to stuff the correct filename in the exception
|
|
|
|
try:
|
|
|
|
msg, (dummy_filename, lineno, offset, line) = value.args
|
|
|
|
except ValueError:
|
|
|
|
# Not the format we expect; leave it alone
|
|
|
|
pass
|
|
|
|
else:
|
|
|
|
# Stuff in the right filename
|
|
|
|
value = SyntaxError(msg, (filename, lineno, offset, line))
|
|
|
|
sys.last_value = value
|
|
|
|
lines = traceback.format_exception_only(type, value)
|
|
|
|
self.write(''.join(lines))
|
|
|
|
|
|
|
|
def showtraceback(self):
|
|
|
|
"""Display the exception that just occurred.
|
|
|
|
|
|
|
|
Overrides the base implementation, ignoring sys.excepthook. We always want
|
|
|
|
any syntax errors to be sent to the terminal, rather than sentry.
|
|
|
|
"""
|
|
|
|
sys.last_type, sys.last_value, last_tb = ei = sys.exc_info()
|
|
|
|
sys.last_traceback = last_tb
|
|
|
|
try:
|
|
|
|
# We remove the first stack item because it is our own code.
|
|
|
|
lines = traceback.format_exception(ei[0], ei[1], last_tb.tb_next)
|
|
|
|
self.write(''.join(lines))
|
|
|
|
finally:
|
|
|
|
last_tb = ei = None
|