iT ddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl m Z ddl mZmZmZmZddlmZddlmZddlmZddlmZddlmZmZdd lmZdd lm Z dd l!m"Z"m#Z#dd l$m%Z%dd l&m'Z'm(Z(m)Z)ddl*m+Z+ddl,m-Z-m.Z.ddl/m0Z0m1Z1ddl2m3Z3ejhdZ5de fdZ6Gdde(Z7ddddejpZ8Gdde1Z9GddejtZ;ded!ee<d"eI LL+Y7     !X - LLI J ~~''%/ LLV W 0  z * ./h'  s;A&D$$AE.-E.cHeZdZUeeefed<deeeffdZdedefdZy)ProxyPackagesLoader file_statusc||_yN)r<)selfr<s r8__init__zProxyPackagesLoader.__init__Js &r)rc:|jj|dS)NF)r<r()r?r)s r8 path_existszProxyPackagesLoader.path_existsMs##D%00rAN) r$ __module__ __qualname__rstrbool__annotations__r@rCrAr8r;r;Gs7c4i 'DdO'111rAr;z import os def report_exists(files): command('cockpit.report-exists', {name: os.path.exists(name) for name in files}) z import os def check_os_release(_argv): try: with open('/etc/os-release') as f: command('cockpit.check-os-release', f.read()) except OSError: command('cockpit.check-os-release', "") z import os def force_exec(argv): try: os.execvp(argv[0], argv) except OSError as e: command('cockpit.fail-no-cockpit', str(e)) ) report_existscheck_os_release force_execcHeZdZUded<deffd ZdeddfdZd dZxZ S) DefaultRoutingRulez Peer | Nonepeerrouterc$t||yr>)superr@)r?rP __class__s r8r@zDefaultRoutingRule.__init__os  rAoptionsrc|jSr>)rO)r?rTs r8 apply_rulezDefaultRoutingRule.apply_rulers yyrAcR|j|jjyyr>)rOcloser?s r8shutdownzDefaultRoutingRule.shutdownus 99 IIOO  !rArN) r$rDrErHrr@rrVrZ __classcell__rSs@r8rNrNls- !v!*rArNc reZdZUdZeed<dedeefdZdedededeefd Z d ed e d e e d eddf dZ y)AuthorizeResponder)z ferny.askpasscockpit.report-existscockpit.fail-no-cockpitcockpit.check-os-releaserPbasic_passwordc2||_||_|du|_yr>)rPrchave_basic_password)r?rPrcs r8r@zAuthorizeResponder.__init__~s ,#1#= rAmessagesprompthintrc XKtjd||||jrId|jvr7|j+tjd||j}d|_|S|dk(ryt j d|}t j d|}i}|r]|r[|jd}|dk(rtjd |y |d |jdd |d <|jd|d<tjdtj} d| } | d ztj|jjz} |jj | fd|||dd|d{} | j#| st%d| d| | j'| j)} tj*| jj} tjdt-| | S7w)Nz3AuthorizeResponder: prompt %r, messages %r, hint %rz password:z=AuthorizeResponder: sending Basic auth password for prompt %rnonez&\n(\w+) key fingerprint is:? ([^.\n]+)zauthenticity of host '([^ ]+) z 127.0.0.1z,auto-accepting fingerprint for 127.0.0.1: %syes z login-datazhost-keydefault-zX-Conversation F)timeoutrfrgrhechozAuthorizeResponder: response z does not match challenge zReturning a %d chars response)r,r-relowerrcresearchgroupr&getpidtimebase64 b64encodeencodedecoderPrequest_authorization startswithr removeprefixstrip b64decodelen)r?rfrgrhreplyfp_match host_matchargshostname challenge_idchallenge_prefix challengeresponseb64s r8 do_askpasszAuthorizeResponder.do_askpasss JFT\^bc  # # v||~(E"". \^de++&*# 6>99FOYY@&I   !''*H;& KZX #+1X^^A->,?{KD &nnQ/DO))+a }5 ,\N;$s*V-=-=fmmo-N-U-U-WW :::9CCGDLBH@D@E C >B CC""#34&/z9STdSefh h##$45;;=##CJJL188: 4c(mDCsFH*H(BH*commandrfdsstderrNc Ktjd||||dk(rg|\}tt||j_|jj jdt|jtg|dk(rtd|d|dk(rht|d tjd tjd ttD]<}t fd |jDs&tjd |ytjd  td5}t|j!}ddd j'dj'dk(r: j'd|j'dk(rtjd|y j'd j'ddd j'dd} td| y#1swYxYw#t"$r } tj%d| Yd} ~ yd} ~ wwxYww)NzGot ferny command %s %s %sr`)loaderrraz no-cockpit)messagerbz'cockpit.check-os-release: remote OS: %rz,cockpit.check-os-release: supported OSes: %rc3LK|]\}}j||k(ywr>)r().0kv remote_oss r8 z7AuthorizeResponder.do_custom_command..s#HAy}}Q'1,Hs!$z8cockpit.check-os-release: remote matches supported OS %rz$cockpit.check-os-release: remote: %rz/etc/os-releasezIfailed to read local /etc/os-release, skipping OS compatibility check: %sID VERSION_IDz7cockpit.check-os-release: remote OS matches local OS %rNAME?rm) unsupported)r,r-rr;rPpackages routing_rulesinsertrrrr rallitemsopenreadOSErrorwarningr() r?rrrrr<osinfofthis_oserrs @r8do_custom_commandz$AuthorizeResponder.do_custom_commands 17D&I - -LK#+3F{3S#TDKK KK % % , ,Q0B4;;Q`Pa0b c / / tAw? ? 0 0(a1I LLBI N LLG X( HHHLL![]cd   LL? K +,9.qvvx8G9 }}T"gkk$&77IMM,v>x}> EEcEERUEN%Hs%H%%Hd3i%HY\%Hae%HrAr_commentcddd|fdfS)Npython3z-icz# rIrI)rs r8python_interpreterrs u7)n -r 11rAcmddest ssh_askpassssh_optsc|jd\}}}|jr?|jds.|jdr|jdr|dd}d|d|g}nd|g}dg||t j |d |d d ffS) N:[]rkz-pz--sshz SSH_ASKPASS=z DISPLAY=xzSSH_ASKPASS_REQUIRE=force) rpartitionisdigitendswithr~shlexjoin)rrrrhost_port destinations r8via_sshrsOOC(MD!T ||~dmmC0 ??3 DMM#$6":DT4. Tl    & (- 3  {o& #  rAenvc&ddgd|D|dfS)Nz flatpak-spawnz--hostc3&K|] }d| yw)z--env=NrI)rkvs r8rz flatpak_spawn..s &BF2$- &srIrI)rrs r8 flatpak_spawnr s2  &# &     rAceZdZUded<dededejffd Zdd Z dd Z dd Z d e ed e eddfdZ ddZdeddfdZxZS)SshPeerzMLiteral["always"] | Literal["never"] | Literal["supported"] | Literal["auto"]moderPrrc||_|j|_tj|_t |jj dz |_d|_t|)|y)Nzuser-known-hosts) r remote_bridgetempfileTemporaryDirectorytmpdirrnameknown_hosts_filercrRr@)r?rPrrrSs r8r@zSshPeer.__init__s[&!//113 $T[[%5%5 69K K,0  rArNcKtjjdr|jd{y|j d{y77w)Nz/.flatpak-info)r&r)existsconnect_from_flatpakconnect_from_bastion_hostrYs r8do_connect_transportzSshPeer.do_connect_transport sD 77>>* +++- - -002 2 2 . 2s!3AAAAAAcKtd\}}|jdk7r"t||jt\}}t ||\}}|j ||d{y7w)Ncockpit-bridge localhost)rrrr9rboot)r?rrs r8rzSshPeer.connect_from_flatpak'se%&67S   { *sD$4$46J6LMHC c*SiiS!!!sA$A.&A,'A.cvKd}ddg}|jjdd{}t|d}|jdrtt j |ddj }|jd\}}}|jd\}}|_|rtjd ||d |gz }|j|dd gz }td \} } td } t| tsJt| } | j!stj#d| t%j&d} | |dd| gz }|/|j(j+||dd|j(gz }t-| |j.| g|\} } |j1| | d{y77w)Nz-ozNumberOfPasswordPrompts=1*rzBasic rz,got username %s and password from Basic authz-lzPasswordAuthentication=norz${libexecdir}/cockpit-askpassz+Could not find cockpit-askpass helper at %rCOCKPIT_SSH_KNOWN_HOSTS_FILEzGlobalKnownHostsFile=zUserKnownHostsfile=)rPrequest_authorization_objectrr~ryrr| partitionrcr,r-rr isinstancerFrrerrorr&getenvr write_textrrr)r? known_hostsrauthrdecoded user_passwordruserrraskpassrenv_known_hostss r8rz!SshPeer.connect_from_bastion_host4s 12[[==cBB4,   x (&&x|4;;=G,3,=,=d,C )M1k+8+B+B3+G (D!T( KTRt $    & T67 7D&&67S##BC'3'''7m !!# LLF P))$BC  & T2?2CDE ED  "  ! ! , ,[ 9 T01F1F0IJK KD3 0 0+EESiiS!!!CCB "s"%F9F4FF9.F7/F97F9rrcKt|}tjt|j|j |g}t jd|||j|||dd{}|jdk(rddgffg}nE|jdk(rddgffg}n.|jd k(r ddgffd gffg}n|jd k(sJg}tjg|d ttjgf|jt }|j#|j%|j'd{y77w)Nz Launching command: cmd=%s env=%sT)rstart_new_sessionautotry_execralwaysrL supportedrKneverrJ)gadgets)r r InteractionAgentr_rPrcr,r-spawnrr make_bootloaderrrget_condition_filesstepsBEIBOOT_GADGETSwriter{ communicate)r?rrbeiboot_helperagent transportexec_cockpit_bridge_stepsstage1s r8rz SshPeer.boot]sw,T2&&(:4;;H[H[(\^l'mn 7cB**S#et*TT    '*48H7I6K)L(M %   8 +*6:J9K8M)N(O %   ; .*48H7I6K)LOadfchNi(j %%%0 00(* %++- &- tN$F$F$HIJ K-  ! !- # $  (!!!-U, "s%A0E2E3CEEEEcd|_yr>)rcrYs r8do_superuser_init_donezSshPeer.do_superuser_init_donezs "rArcxtjd||jdut|dj drSt|d}|j;tjd|j d||jd|_ytjd|j dd y) Nz*SshPeer.do_authorize: %r; have password %srzplain1:cookiez-SshPeer.do_authorize: responded with password authorize)rr rz0SshPeer.do_authorize: authentication-unavailablezauthentication-unavailable)rr problem)r,r-rcrr~ write_control)r?rr s r8 do_authorizezSshPeer.do_authorize}s A7DL_L_gkLkl 7K ( 3 3I >Wh/F"". LM"";vPTPcPc"d&*# GH ;vGcdrAr[)r$rDrErHrrFargparse Namespacer@rrrrrr rrr\r]s@r8rrsv YY!v!C!x?Q?Q!3 "'"R"hsm"(3-"D":# eJ e4 erArcneZdZUdZeeed<eed<dejffd Z d dZ dZ d dZ xZS) SshBridgeNrssh_peerrct|}t| |gt||j||_|j |_yr>)rNrRr@rrrrO)r?rrulerSs r8r@zSshBridge.__init__sA"$' $  d&6&6= MM rAcyr>rIrYs r8 do_send_initzSshBridge.do_send_inits rAcftjd||jj|y)NzSshBridge.do_init: %r)r,r-rr)r?rs r8do_initzSshBridge.do_inits%  ,g6 ##G,rAcN|jj|jyr>)radd_done_callbackrXrYs r8 setup_sessionzSshBridge.setup_sessions '' 3rAr[)r$rDrErrrrHrrrr@rrrr\r]s@r8rrs9#'Hhx ' "X// " - 4rArcRKtjdt|}tt j | t |jjd{}|jjjr9|jdddd|jjji|jdi}t|t s|jdd d yt|t sJd |d <|jr,t j!|jj|d<|j||jj#tjd|j? |jAd{y7V#t$j&$rT}t$j(j+t-|}tjd||t|t$j.rd}nlt|t$j0rd}nOt|t$j2rd}n2t|t4rd}nt|t$j6rd}nd}|jjjrA|jd|t-||jjjn|jd|t-| Yd}~yd}~wt8$r=}tjd||j|j:dYd}~yd}~wtj<$rtjdYywxYw7#tB$rYywxYww)NzHi. How are you today?r z x-login-datarpz known-hosts)rrr  login_data capabilitiesinitzprotocol-errorzcapabilities must be a dict)rrrTzexplicit-superuserrz.ferny.InteractionError: %s, interpreted as: %rzauthentication-failedzinvalid-hostkeyzunknown-hostkeyz unknown-hostzinternal-error)rrrrzCockpitProblem: %s)rz"Peer bridge got cancelled, exitingz/Startup done. Looping until connection closes.)"r,r-rrasyncioget_running_loopdictrstartrrr read_text setdefaultrrfromkeys thaw_endpointr InteractionError ssh_errorsget_exception_for_ssh_stderrrFSshAuthenticationErrorSshChangedHostKeyErrorSshHostKeyErrorrSshErrorrattrsCancelledErrorrrBrokenPipeError)rbridgerr!excrrs r8runr7s LL)* t_F7++-v66V__22445 ?? + + 2 2 4  #~c!6??#C#C#M#M#OW ! ))."= ,-  9ISp q ,----1 )* ??"&--0H0H"IGJ W%%%'@ LLBC    """u50  ! !  ==c#hG EsER eU99 :-G u;; <'G u44 5'G w '$G u~~ .-G&G ?? + + 2 2 4  #e*-3__-M-M-W-W-Y ! [  #e* U  )3/SYY7  ! ! 9: #    s?N'"F=$F:%BF=N'A:F=;%N'!N4N5N9N':F==NE L N' N,3M$N'$+NN'NN'N N$!N'#N$$N'crtjtjd}|j dgddd|j dd |j d d |j }t |jtjt||jy)Nz@cockpit-bridge is run automatically inside of a Cockpit session.) descriptionz--remote-bridge)rrrrrzHow to run cockpit-bridge from the remote host: auto: if installed (default), never: always copy the local one; supported: if not installed, copy local one for compatible OSes, fail otherwise; always: fail if not installed)choicesrohelpz--debug store_true)actionrz5Name of the remote host to connect to, or 'localhost')r;)r-) rinstallrArgumentParser add_argument parse_argsr r-r#r7)parserrs r8mainrCs   $ $1s tF )3[ek89   ,7  ,cd    D # KKD ,rA__main__r[)Frr#ryimportlib.resourcesr!loggingr&rtrrrxpathlibrtypingrrrrcockpitrcockpit._vendorr cockpit._vendor.beir cockpit.beipackr cockpit.bridger r cockpit.channelrcockpit.channels.packagesrcockpit.jsonutilrrcockpit.osinforcockpit.packagesrrr cockpit.peerrcockpit.protocolrrcockpit.routerrrcockpit.transportsr getLoggerr,r9r;rrNAskpassHandlerr_rFrrrrrrr7rCr$rIrAr8rYs    44!*/:.50)GGA.-   , -dD1.1 . /6  uH--uHp22hsmXc].J(K2#cQVW_`cWdfnorfsWsQt,x}8C=U8C=RZ[^R_C_=`sedsel44:D N-$ zFrA