I am trying to telnet into a Cisco Switch and run a couple of commands on it. I am able to check if the host doesn't exist, not sure how to check if the username or password is correct. This is what I got so far(This is part of my class)
def login(self):
if self.user_name and self.password:
try:
self.connection=telnetlib.Telnet(self.telnet_host)
try:
self.connection.read_until('sername:',1)
self.connection.write(self.user_name+'\r\n')
self.connection.read_until('assword:',1)
self.connection.write(self.password+'\r\n')
self.connection.read_until(self.prompt,1)
print "Connected"
self.loggedON=True
except EOFError:
print "Authentication to "+ self.telnet_host+" failed.\n"
return
except:
print "Can't connect to "+self.telnet_host+"\n"
return
else:
if not self.user_name:
self.user_name=raw_input("Username: ")
self.login()
else:
self.password=raw_input("Password: ")
self.login()
It will still say it is connected even if the wrong password or username.
You could also try Exscript:
from Exscript.util.start import quickstart
def do_something(conn):
conn.autoinit()
conn.execute('show version')
quickstart('telnet://localhost', do_something)
The quickstart() function asks the user for username and password (use start() if that is not what you want). Login failure (and other errors) are handeled automatically. You may also want to look at Exscript.util.start.
First of all, you shouldn't have a blanket try/except block like that. Catch exceptions more narrowly. Also, as others have commented, you might consider SNMP.
Having said that, if you push ahead with Telnet, you might as well just reuse someone else's code. I found this for example with a simple Google search.
Related
In my tool the users can provide a mail backend using certain infos on a model and send their mails via the backend which gets created from those values. This all works, but I would love to have a quick check if the provided backend actually will work before using it. Using something like this check_mail_connection doesn't work as this actually returns False even though I entered valid connection parameters.
from django.core.mail import get_connection
class User(models.Model):
...
def get_mail_connection(self, fail_silently=False)
return get_connection(host=self.email_host,
port=self.email_port,
username=self.email_username,
password=self.email_password ... )
def check_mail_connection(self) -> bool:
from socket import error as socket_error
from smtplib import SMTP, SMTPConnectError
smtp = SMTP(host=self.email_host, port=self.email_port)
try:
smtp.connect()
return True
except SMTPConnectError:
return False
except socket_error:
return False
I don't want to send a test mail to confirm, as this can easily get lost or fail on a different part of the system. This feature is for sending out emails from the users mail servers, as I suspect most of my users have a mail server anyways and I basically offer white labeling and similar stuff to them.
You have the following line smtp.connect() in your code that attempts to make a connection. If you look at the documentation for smtplib the signature for this method is:
SMTP.connect(host='localhost', port=0)
Meaning you are trying to connect to localhost with port 25 (standard SMTP port). Of course there is no server listening there and you get a ConnectionRefusedError which you catch and return False. In fact you don't even need to call connect because the documentation states:
If the optional host and port parameters are given, the SMTP
connect() method is called with those parameters during
initialization.
Hence you can simply write:
def check_mail_connection(self) -> bool:
from smtplib import SMTP
try:
smtp = SMTP(host=self.email_host, port=self.email_port)
return True
except OSError:
return False
You can also simply use the open method of the email backend's instance rather than creating the SMTP instance and calling connect yourself:
def check_mail_connection(self) -> bool:
try:
email_backend = self.get_mail_connection()
silent_exception = email_backend.open() is None
email_backend.close()
return not silent_exception
except OSError:
return False
I have a few questions for you and would like for you to answer these questions before we can go further.
What type of OS are you running the server on?
What mail client and tutorial did you follow? Postfix?
Can a user on the server send local mail to another user on the server?
What ports are open and what type of security features do you have installed?
What did your logs say when the email failed?
Are you self hosting/ are you acting as the server admin?
(It's fine if this is your first time. Everyone had a first day.)
SSL and A FQDN isn't too important if your just sending mail out. The system will still work, you just won't be able to receive mail.
(I'm talking from the sense of making sure it at least will send an email. You should at least use SSL as it can be gotten for free.)
If you checked all of these things, there is a part of the mail client that you are using and it probably won't send mail out unless it has approval. There are a lot of variables.
All of these things matter or it wont work.
Sorry meant to make this as a comment. I'm not use to speaking on here.
Basically i have client, ip = s.accept()
i want to send and receive send and receive, but printing out the second receive returns nothing
I'm connecting through Putty RAW Mode, i tried different programs but nothing worked.
def function(client, ip):
print(Fore.YELLOW + f"Connection from {ip} Established")
client.send("Username: ".encode("utf-8"))
username = client.recv(1024).decode("utf-8")
client.send("Password: ".encode("utf-8"))
password = client.recv(1024).decode("utf-8")
print(username + ":" + password)
I expected it to output "username:password"
but it returns "username:"
You seem to just expect the first recv to get the username and the second recv to get the password by magic or luck. If there's some protocol that allows you tell where the username ends and the password begins, you need to implement it.
Your first call to recv might get just the first letter of the username. Maybe the first call got the username and the second call got a space or newline character between the username and the password and you haven't read the password yet. Who knows?
If there's no way to know where the boundary between the username and password is, there's no way this code can possibly work. If there is some way, what is that way and where is the code that implements it?
Is your code supposed to receive the username before you send the Password: prompt? If so, where's the code to do that? You call recv, but you don't check to see if it's the username. It could just be the first character of the username. It could be more. You need to look at it and see what it is. Do not send the Password: prompt until you've received the entire username. You have to actually implement whatever protocol you are using and the client has to use that same protocol.
I'm having trouble with one of my scripts seemingly disconnecting from my FTP during long batches of jobs. To counter this, I've attempted to make a module as shown below:
def connect_ftp(ftp):
print "ftp1"
starttime = time.time()
retry = False
try:
ftp.voidcmd("NOOP")
print "ftp2"
except:
retry = True
print "ftp3"
print "ftp4"
while (retry):
try:
print "ftp5"
ftp.connect()
ftp.login('LOGIN', 'CENSORED')
print "ftp6"
retry = False
print "ftp7"
except IOError as e:
print "ftp8"
retry = True
sys.stdout.write("\rTime disconnected - "+str(time.time()-starttime))
sys.stdout.flush()
print "ftp9"
I call the function using only:
ftp = ftplib.FTP('CENSORED')
connect_ftp(ftp)
However, I've traced how the code runs using print lines, and on the first use of the module (before the FTP is even connected to) my script runs ftp.voidcmd("NOOP") and does not except it, so no attempt is made to connect to the FTP initially.
The output is:
ftp1
ftp2
ftp4
ftp success #this is ran after the module is called
I admit my code isn't the best or prettiest, and I haven't implemented anything yet to make sure I'm not reconnecting constantly if I keep failing to reconnect, but I can't work out why this isn't working for the life of me so I don't see a point in expanding the module yet. Is this even the best approach for connecting/reconnecting to an FTP?
Thank you in advance
This connects to the server:
ftp = ftplib.FTP('CENSORED')
So, naturally the NOOP command succeeds, as it does not need an authenticated connection.
Your connect_ftp is correct, except that you need to specify a hostname in your connect call.
How to Skip the login password prompt if not entered or password is wrong..
I have Below python fabric code.. which works fine but stucks with wrong passwords..
import sys
from fabric.api import *
env.skip_bad_hosts=True
env.command_timeout=60
env.user = 'test'
env.shell = "/bin/sh -c"
env.warn_only = True
env.password = 'mypass'
def read_hosts():
env.hosts = [line.strip() for line in sys.stdin.readlines()]
def cyberark():
with settings(warn_only=True):
output=sudo("/monitor.sh",shell=False)
When i run it, it stands there only until i break it manually...
[pc-karn] Executing task 'cyberark'
[pc-karn] sudo: /monitor.sh
[pc-karn] Login password for 'test':
Is there anyway to set the env where if the password given wrong with 2 consecutive sequence and it will go to the next host in line.
You can use this parameters -
with settings(abort_on_prompts=True):
This parameter terminate the program when prompt the user for input. You can read about it here.
I don't know if this solve your problem, as far as i know Fabric what you are looking for is not possible, but at least you know your program always terminate, and can fix the passwords issue.
When I want to dodge a password prompt but continue my script on fail, I use abort_on_prompts=True and catch the SystemExit exception that is raised by abort_on_prompt.
try :
with settings(abort_on_prompts=True):
output=sudo("/monitor.sh",shell=False)
except SystemExit as se :
print "What I want to do when it fails"
I'm looking for a way to let my python program handle authentication through pam.
I'm using http://code.google.com/p/web2py/source/browse/gluon/contrib/pam.py for this, which works out great as long as my python program runs as root which is not ideal to my opinion.
How can I make use of pam for username/password validation without requiring root privs?
short: use a proper Python PAM implementation, setup PAM properly.
long: In a sane PAM setup, you do not need root privileges. In the end this is one of the things PAM provides, privilege separation.
pam_unix has a way to check the password for you. Seems the PAM implementation of web2py (note, it's from some contrib subdirectory...) is not doing the right thing. Maybe your PAM setup is not correct, which is hard to tell without further information; this also depends heavily on operating system and flavour/distribution.
There are multiple PAM bindings for Python out there (unfortunately nothing in the standard library), use these instead. And for configuration, there are tons of tutorials, find the right one for your system.
old/wrong, don't do this: You do not need to be root, you only need to be able to read /etc/shadow. This file has usually group shadow with read only access. So you simply need to add the user that is running the PAM check in the shadow group.
groupadd <user> shadow should do the trick.
I think the pam module is your best choice, but you don't have to embed it into your program directly. You could write a simple service which binds to a port on localhost, or listens on a UNIX domain socket, and fills PAM requests for other processes on the same host. Then have your web2py application connect to it for user/password validation.
For example:
import asyncore
import pam
import socket
class Client(asyncore.dispatcher_with_send):
def __init__(self, sock):
asyncore.dispatcher_with_send.__init__(self, sock)
self._buf = ''
def handle_read(self):
data = self._buf + self.recv(1024)
if not data:
self.close()
return
reqs, data = data.rsplit('\r\n', 1)
self._buf = data
for req in reqs.split('\r\n'):
try:
user, passwd = req.split()
except:
self.send('bad\r\n')
else:
if pam.authenticate(user, passwd):
self.send('ok\r\n')
else:
self.send('fail\r\n')
def handle_close(self):
self.close()
class Service(asyncore.dispatcher_with_send):
def __init__(self, addr):
asyncore.dispatcher_with_send.__init__(self)
self.create_socket(socket.AF_INET, socket.SOCK_STREAM)
self.set_reuse_addr()
self.bind(addr)
self.listen(1)
def handle_accept(self):
conn, _ = self.accept()
Client(conn)
def main():
addr = ('localhost', 8317)
Service(addr)
try:
asyncore.loop()
except KeyboardInterrupt:
pass
if __name__ == '__main__':
main()
Usage:
% telnet localhost 8317
bob abc123
ok
larry badpass
fail
incomplete
bad
At the end I ended up using pexpect and trying to su - username.
It's a bit slow, but it works pretty good.
The below example isn't polished but you'll get the idea.
Cheers,
Jay
#!/usr/bin/python
import pexpect
def pam(username, password):
'''Accepts username and password and tried to use PAM for authentication'''
try:
child = pexpect.spawn('/bin/su - %s'%(username))
child.expect('Password:')
child.sendline(password)
result=child.expect(['su: Authentication failure',username])
child.close()
except Exception as err:
child.close()
print ("Error authenticating. Reason: "%(err))
return False
if result == 0:
print ("Authentication failed for user %s."%(username))
return False
else:
print ("Authentication succeeded for user %s."%(username))
return True
if __name__ == '__main__':
print pam(username='default',password='chandgeme')
Maybe python-pam can work for you.
Not if you use they usual system (unix style) login credentials. At some point the PAM library must read the shadow file which is only readable by root. However, if you use a PAM profile that authenticates with an alternate method, such as LDAP or a database, then it can work without needing root.
This is one reason I developed my own framework that runs different parts of the URL path space under different user credentials. The login part (only) can run as root to authenticate with PAM (system), other path subtree handlers run as different users.
I'm using the PyPAM module for this.