Hello community, here is the log from the commit of package haas-proxy for openSUSE:Factory checked in at 2018-09-07 15:42:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/haas-proxy (Old) and /work/SRC/openSUSE:Factory/.haas-proxy.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haas-proxy" Fri Sep 7 15:42:13 2018 rev:3 rq:633752 version:1.9 Changes: -------- --- /work/SRC/openSUSE:Factory/haas-proxy/haas-proxy.changes 2018-02-22 15:03:01.336760124 +0100 +++ /work/SRC/openSUSE:Factory/.haas-proxy.new/haas-proxy.changes 2018-09-07 15:43:49.434252222 +0200 @@ -1,0 +2,8 @@ +Tue Aug 21 07:37:52 UTC 2018 - michal.hruse...@opensuse.org + +- update to version 1.9 + * improved logging + * better handling of some error states + * dynamic searching for sshpass + +------------------------------------------------------------------- Old: ---- haas-proxy-1.6.tar.gz New: ---- haas-proxy-1.9.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haas-proxy.spec ++++++ --- /var/tmp/diff_new_pack.jVrnEe/_old 2018-09-07 15:43:49.830251799 +0200 +++ /var/tmp/diff_new_pack.jVrnEe/_new 2018-09-07 15:43:49.834251794 +0200 @@ -16,12 +16,12 @@ # -%define hash 23f35089b0cccbdf2b4557f9bf6bab4b0bbdac57 +%define hash bbf8629d1d64840407eefc23d2b6c8835365347b Name: haas-proxy -Version: 1.6 +Version: 1.9 Release: 0 Summary: Man in the middle proxy for honeypot as a service -License: GPL-2.0 +License: GPL-2.0-only Group: Productivity/Networking/Security URL: https://haas.nic.cz Source0: https://gitlab.labs.nic.cz/haas/proxy/raw/%{hash}/release/%{name}-%{version}.tar.gz ++++++ haas-proxy-1.6.tar.gz -> haas-proxy-1.9.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haas-proxy-1.6/PKG-INFO new/haas-proxy-1.9/PKG-INFO --- old/haas-proxy-1.6/PKG-INFO 2018-02-20 11:07:41.000000000 +0100 +++ new/haas-proxy-1.9/PKG-INFO 2018-07-30 09:26:55.000000000 +0200 @@ -1,11 +1,11 @@ Metadata-Version: 1.1 Name: haas-proxy -Version: 1.6 +Version: 1.9 Summary: Honeypot proxy is tool for redirectiong SSH session from local computer to server of HaaS with additional information. Home-page: https://haas.nic.cz Author: CZ.NIC Labs Author-email: h...@nic.cz -License: GPLv2 +License: GPLv3 Description-Content-Type: UNKNOWN Description: UNKNOWN Platform: UNKNOWN diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haas-proxy-1.6/haas_proxy/log.py new/haas-proxy-1.9/haas_proxy/log.py --- old/haas-proxy-1.6/haas_proxy/log.py 2017-12-27 11:13:23.000000000 +0100 +++ new/haas-proxy-1.9/haas_proxy/log.py 2018-07-30 09:24:56.000000000 +0200 @@ -23,4 +23,6 @@ 'warning': logging.WARNING, 'debug': logging.DEBUG, }.get(level, logging.INFO), + format='%(asctime)s %(levelname)s %(name)s %(message)s', + datefmt='%Y-%m-%dT%H:%M:%S', ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haas-proxy-1.6/haas_proxy/proxy.py new/haas-proxy-1.9/haas_proxy/proxy.py --- old/haas-proxy-1.6/haas_proxy/proxy.py 2018-02-20 11:05:46.000000000 +0100 +++ new/haas-proxy-1.9/haas_proxy/proxy.py 2018-07-18 10:12:27.000000000 +0200 @@ -19,7 +19,7 @@ from twisted.python.compat import networkString from haas_proxy.balancer import Balancer -from haas_proxy.utils import force_text +from haas_proxy.utils import force_text, which class ProxyService(service.Service): @@ -44,6 +44,7 @@ """ Overridden SSHConnection for disabling logs a traceback about a failed direct-tcpip connections """ + # pylint: disable=invalid-name,inconsistent-return-statements def ssh_CHANNEL_OPEN(self, packet): # pylint: disable=unbalanced-tuple-unpacking @@ -52,14 +53,28 @@ if channel_type != b'direct-tcpip': return SSHConnectionTwisted.ssh_CHANNEL_OPEN(self, packet) - senderChannel, _ = struct.unpack('>3L', rest[:12]) log.err('channel open failed, direct-tcpip is not allowed') - reason = OPEN_CONNECT_FAILED - self.transport.sendPacket( - MSG_CHANNEL_OPEN_FAILURE, - struct.pack('>2L', senderChannel, reason) + - common.NS(networkString('unknown failure')) + common.NS(b'') - ) + try: + senderChannel, _ = struct.unpack('>3L', rest[:12]) + except ValueError: + # Some bad packet, ignore it completely without responding. + pass + else: + self.transport.sendPacket( + MSG_CHANNEL_OPEN_FAILURE, + struct.pack('>2L', senderChannel, OPEN_CONNECT_FAILED) + + common.NS(networkString('unknown failure')) + common.NS(b'') + ) + + # pylint: disable=invalid-name,inconsistent-return-statements + def ssh_CHANNEL_DATA(self, packet): + try: + return SSHConnectionTwisted.ssh_CHANNEL_DATA(self, packet) + except KeyError: + # Some packets send data to the channel even it's not successfully opened. + # Very probably direct-tcpip types which has bad packet resulting in not + # responding in `ssh_CHANNEL_OPEN`. Ignore it as it's unimportant. + pass # pylint: disable=abstract-method @@ -130,7 +145,7 @@ self.password = password self.channelLookup.update({b'session': session.SSHSession}) - # # pylint: disable=invalid-name + # pylint: disable=invalid-name def getUserGroupId(self): """ Returns tuple with user and group ID. @@ -138,12 +153,14 @@ """ return 0, 0 + # pylint: disable=invalid-name def getHomeDir(self): """ Method needed by `SSHSessionForUnixConchUser.openShell`. """ return "/root" + # pylint: disable=invalid-name def getShell(self): """ Method needed by `SSHSessionForUnixConchUser.openShell`. @@ -169,7 +186,7 @@ # pylint: disable=no-member self.pty = reactor.spawnProcess( proto, - executable='/usr/bin/sshpass', + executable=which('sshpass'), args=self.honeypot_ssh_arguments, env=self.environ, path='/', @@ -191,7 +208,7 @@ # pylint: disable=no-member self.pty = reactor.spawnProcess( proto, - executable='/usr/bin/sshpass', + executable=which('sshpass'), args=self.honeypot_ssh_arguments + [cmd], env=self.environ, path='/', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haas-proxy-1.6/haas_proxy/twisted/plugins/haas_proxy_plugin.py new/haas-proxy-1.9/haas_proxy/twisted/plugins/haas_proxy_plugin.py --- old/haas-proxy-1.6/haas_proxy/twisted/plugins/haas_proxy_plugin.py 2018-02-16 17:12:43.000000000 +0100 +++ new/haas-proxy-1.9/haas_proxy/twisted/plugins/haas_proxy_plugin.py 2018-07-18 10:12:27.000000000 +0200 @@ -90,6 +90,7 @@ raise usage.UsageError('Device token is not valid') +# pylint: disable=useless-object-inheritance @implementer(IServiceMaker, IPlugin) class MyServiceMaker(object): tapname = 'haas_proxy' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haas-proxy-1.6/haas_proxy/utils.py new/haas-proxy-1.9/haas_proxy/utils.py --- old/haas-proxy-1.6/haas_proxy/utils.py 2017-08-11 12:33:44.000000000 +0200 +++ new/haas-proxy-1.9/haas_proxy/utils.py 2018-07-18 10:12:27.000000000 +0200 @@ -2,6 +2,10 @@ Useful functions used by HaaS proxy. """ +import os +import sys + + def force_text(value): """ Helper to deal with bytes and str in Python 2 vs. Python 3. Needed to have @@ -12,3 +16,71 @@ if isinstance(value, bytes): return str(value, 'utf-8') return str(value) + + +# This function is copy-pasted from shutils. It using for compatibility with python 2.7 and 3.6 because shutils +# hasn't which() function in python 2.7. It will be removed when support python 2.7 ends. +# pylint:disable=invalid-name,too-many-branches,unneeded-not +def which(cmd, mode=os.F_OK | os.X_OK, path=None): + """Given a command, mode, and a PATH string, return the path which + conforms to the given mode on the PATH, or None if there is no such + file. + + `mode` defaults to os.F_OK | os.X_OK. `path` defaults to the result + of os.environ.get("PATH"), or can be overridden with a custom search + path. + + """ + + # Check that a given file can be accessed with the correct mode. + # Additionally check that `file` is not a directory, as on Windows + # directories pass the os.access check. + def _access_check(fn, mode): + return (os.path.exists(fn) and os.access(fn, mode) + and not os.path.isdir(fn)) + + # If we're given a path with a directory part, look it up directly rather + # than referring to PATH directories. This includes checking relative to the + # current directory, e.g. ./script + if os.path.dirname(cmd): + if _access_check(cmd, mode): + return cmd + return None + + if path is None: + path = os.environ.get("PATH", os.defpath) + if not path: + return None + path = path.split(os.pathsep) + + if sys.platform == "win32": + # The current directory takes precedence on Windows. + if not os.curdir in path: + path.insert(0, os.curdir) + + # PATHEXT is necessary to check on Windows. + pathext = os.environ.get("PATHEXT", "").split(os.pathsep) + # See if the given file matches any of the expected path extensions. + # This will allow us to short circuit when given "python.exe". + # If it does match, only test that one, otherwise we have to try + # others. + if any(cmd.lower().endswith(ext.lower()) for ext in pathext): + files = [cmd] + else: + files = [cmd + ext for ext in pathext] + else: + # On other platforms you don't have things like PATHEXT to tell you + # what file suffixes are executable, so just pass on cmd as-is. + files = [cmd] + + seen = set() + # pylint:disable=redefined-builtin + for dir in path: + normdir = os.path.normcase(dir) + if not normdir in seen: + seen.add(normdir) + for thefile in files: + name = os.path.join(dir, thefile) + if _access_check(name, mode): + return name + return None diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haas-proxy-1.6/haas_proxy.egg-info/PKG-INFO new/haas-proxy-1.9/haas_proxy.egg-info/PKG-INFO --- old/haas-proxy-1.6/haas_proxy.egg-info/PKG-INFO 2018-02-20 11:07:41.000000000 +0100 +++ new/haas-proxy-1.9/haas_proxy.egg-info/PKG-INFO 2018-07-30 09:26:55.000000000 +0200 @@ -1,11 +1,11 @@ Metadata-Version: 1.1 Name: haas-proxy -Version: 1.6 +Version: 1.9 Summary: Honeypot proxy is tool for redirectiong SSH session from local computer to server of HaaS with additional information. Home-page: https://haas.nic.cz Author: CZ.NIC Labs Author-email: h...@nic.cz -License: GPLv2 +License: GPLv3 Description-Content-Type: UNKNOWN Description: UNKNOWN Platform: UNKNOWN diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haas-proxy-1.6/setup.py new/haas-proxy-1.9/setup.py --- old/haas-proxy-1.6/setup.py 2018-02-20 11:06:41.000000000 +0100 +++ new/haas-proxy-1.9/setup.py 2018-07-30 09:26:19.000000000 +0200 @@ -21,7 +21,7 @@ setup( name='haas-proxy', - version='1.6', + version='1.9', packages=[ 'haas_proxy', 'haas_proxy.twisted.plugins', @@ -40,7 +40,7 @@ author='CZ.NIC Labs', author_email='h...@nic.cz', description='Honeypot proxy is tool for redirectiong SSH session from local computer to server of HaaS with additional information.', - license='GPLv2', + license='GPLv3', classifiers=[ 'Programming Language :: Python :: 2',