[Update] 解决sftp登录，绕过校验系统用户手动登录的情况

a246ff2d · BaiJiangJie · 8b1eab83 · a246ff2d · a246ff2d · a246ff2d
Commit a246ff2d authored Jul 24, 2019 by BaiJiangJie
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 5 deletions

connection.py coco/connection.py +4 -0

const.py coco/const.py +6 -0

proxy.py coco/proxy.py +7 -5

sftp.py coco/sftp.py +4 -0

No files found.
--- a/coco/connection.py
+++ b/coco/connection.py
@@ -4,6 +4,8 @@
 import re
 import socket
 import telnetlib
+from .const import MANUAL_LOGIN
+

 try:
    import selectors
@@ -87,6 +89,8 @@ class SSHConnection:
        获取系统用户的认证信息，密码或秘钥
        :return: system user have full info
        """
+        if self.system_user.login_mode == MANUAL_LOGIN:
+            return
        password, private_key = \
            app_service.get_system_user_auth_info(self.system_user, self.asset)
        self.system_user.password = password

--- a/coco/const.py
+++ b/coco/const.py
@@ -8,3 +8,9 @@ PERMS_ACTION_NAME_ALL = 'all'
 PERMS_ACTION_NAME_CONNECT = 'connect'
 PERMS_ACTION_NAME_UPLOAD_FILE = 'upload_file'
 PERMS_ACTION_NAME_DOWNLOAD_FILE = 'download_file'
+
+#
+# System User login mode choices
+#
+MANUAL_LOGIN = 'manual'
+AUTO_LOGIN = 'auto'
--- a/coco/proxy.py
+++ b/coco/proxy.py
@@ -7,18 +7,20 @@ import time

 from .session import Session
 from .models import Server, TelnetServer
-from .const import PERMS_ACTION_NAME_CONNECT
+from .const import (
+    PERMS_ACTION_NAME_CONNECT, MANUAL_LOGIN
+)
 from .connection import SSHConnection, TelnetConnection
 from .service import app_service
 from .conf import config
-from .utils import wrap_with_line_feed as wr, wrap_with_warning as warning, \
-     get_logger, net_input, ugettext as _, ignore_error
+from .utils import (
+    wrap_with_line_feed as wr, wrap_with_warning as warning, ugettext as _,
+    get_logger, net_input, ignore_error
+)


 logger = get_logger(__file__)
 BUF_SIZE = 4096
-MANUAL_LOGIN = 'manual'
-AUTO_LOGIN = 'auto'


 class ProxyServer:

--- a/coco/sftp.py
+++ b/coco/sftp.py
@@ -118,6 +118,10 @@ class SFTPServer(paramiko.SFTPServerInterface):
        if not asset or not system_user:
            raise PermissionError("No asset or system user explicit")

+        if system_user.login_mode == 'manual':
+            raise PermissionError("System user is in manual login mode, please "
+                                  "use SSH protocol to connect assets first.")
+
        cache_key = '{}@{}'.format(su, host)
        if cache_key not in self._sftp:
            conn = SSHConnection.new_connection(self.server.connection.user,