trezor-agent/sshagent/__main__.py

import os
import re
import sys
import argparse
import subprocess

from . import trezor
from . import server

import logging
log = logging.getLogger(__name__)


def identity_from_gitconfig():
    out = subprocess.check_output(args='git config --list --local'.split())
    config = [line.split('=', 1) for line in out.strip().split('\n')]
    config_dict = dict(item for item in config if len(item) == 2)

    name_regex = re.compile(r'^remote\..*\.trezor$')
    names = [item[0] for item in config if name_regex.match(item[0])]
    if len(names) != 1:
        log.error('please add "trezor" key '
                  'to a single remote section at .git/config')
        sys.exit(1)
    key_name = names[0]
    identity_label = config_dict.get(key_name)
    if identity_label:
        return identity_label

    # extract remote name marked as TREZOR's
    section_name, _ = key_name.rsplit('.', 1)

    key_name = section_name + '.url'
    url = config_dict[key_name]
    log.debug('using "%s=%s" from git-config', key_name, url)

    user, url = url.split('@', 1)
    host, path = url.split(':', 1)
    return 'ssh://{0}@{1}/{2}'.format(user, host, path)


def create_parser():
    p = argparse.ArgumentParser()
    p.add_argument('-v', '--verbose', default=0, action='count')

    p.add_argument('identity', type=str, default=None,
                   help='proto://[user@]host[:port][/path]')

    g = p.add_mutually_exclusive_group()
    g.add_argument('-s', '--shell', default=False, action='store_true',
                   help='run $SHELL as subprocess under SSH agent')
    g.add_argument('-c', '--connect', default=False, action='store_true',
                   help='connect to specified host via SSH')
    p.add_argument('command', type=str, nargs='*', metavar='ARGUMENT',
                   help='command to run under the SSH agent')
    return p


def setup_logging(verbosity):
    fmt = ('%(asctime)s %(levelname)-12s %(message)-100s '
           '[%(filename)s:%(lineno)d]')
    levels = [logging.WARNING, logging.INFO, logging.DEBUG]
    level = levels[min(verbosity, len(levels) - 1)]
    logging.basicConfig(format=fmt, level=level)


def trezor_agent():
    args = create_parser().parse_args()
    setup_logging(verbosity=args.verbose)

    with trezor.Client(factory=trezor.TrezorLibrary) as client:

        label = args.identity
        command = args.command

        if label == 'git':
            label = identity_from_gitconfig()
            log.info('using identity %r for git command %r', label, command)
            if command:
                command = ['git'] + command

        identity = client.get_identity(label=label)
        public_key = client.get_public_key(identity=identity)

        use_shell = False
        if args.connect:
            def to_ascii(s):
                return s.encode('ascii')

            command = ['ssh', to_ascii(identity.host)]
            if identity.user:
                command += ['-l', to_ascii(identity.user)]
            if identity.port:
                command += ['-p', to_ascii(identity.port)]
            log.debug('SSH connect: %r', command)
            command = command + args.command

        if args.shell:
            command, use_shell = os.environ['SHELL'], True
            log.debug('using shell: %r', command)

        if not command:
            sys.stdout.write(public_key)
            return

        def signer(label, blob):
            identity = client.get_identity(label=label)
            return client.sign_ssh_challenge(identity=identity, blob=blob)

        try:
            with server.serve(public_keys=[public_key], signer=signer) as env:
                return server.run_process(command=command, environ=env,
                                          use_shell=use_shell)
        except KeyboardInterrupt:
            log.info('server stopped')


def trezor_verify():

    p = argparse.ArgumentParser()
    p.add_argument('-v', '--verbose', default=0, action='count')
    p.add_argument('-a', '--address', default=None)
    p.add_argument('identity')
    args = p.parse_args()

    setup_logging(verbosity=args.verbose)
    with trezor.Client(factory=trezor.TrezorLibrary) as client:
        client.sign_identity(identity=args.identity,
                             expected_address=args.address)
trezor: use identities instead of labels 2015-07-03 13:09:49 +00:00			`import os`
trezor-agent: automatic support for git identity The agent uses local 'git config', and chooses the url marked as "trezor = true". 2015-07-04 18:57:57 +00:00			`import re`
split main script code into __main__.py 2015-06-15 13:37:16 +00:00			`import sys`
			`import argparse`
trezor-agent: automatic support for git identity The agent uses local 'git config', and chooses the url marked as "trezor = true". 2015-07-04 18:57:57 +00:00			`import subprocess`
split main script code into __main__.py 2015-06-15 13:37:16 +00:00
code refactoring 2015-06-15 15:13:10 +00:00			`from . import trezor`
			`from . import server`
split main script code into __main__.py 2015-06-15 13:37:16 +00:00
fix PEP8 2015-06-16 07:20:11 +00:00			`import logging`
			`log = logging.getLogger(__name__)`

sshagent: add spaces between functions 2015-06-16 07:03:48 +00:00
trezor-agent: automatic support for git identity The agent uses local 'git config', and chooses the url marked as "trezor = true". 2015-07-04 18:57:57 +00:00			`def identity_from_gitconfig():`
			`out = subprocess.check_output(args='git config --list --local'.split())`
fix PEP8 2015-07-21 11:38:26 +00:00			`config = [line.split('=', 1) for line in out.strip().split('\n')]`
agent: allow identity label specification 2015-07-20 13:04:43 +00:00			`config_dict = dict(item for item in config if len(item) == 2)`
trezor-agent: automatic support for git identity The agent uses local 'git config', and chooses the url marked as "trezor = true". 2015-07-04 18:57:57 +00:00
			`name_regex = re.compile(r'^remote\..*\.trezor$')`
trezor-agent: improve gitconfig parsing 2015-07-06 06:36:56 +00:00			`names = [item[0] for item in config if name_regex.match(item[0])]`
			`if len(names) != 1:`
fix PEP8 2015-07-21 11:38:26 +00:00			`log.error('please add "trezor" key '`
			`'to a single remote section at .git/config')`
trezor-agent: improve gitconfig parsing 2015-07-06 06:36:56 +00:00			`sys.exit(1)`
agent: allow identity label specification 2015-07-20 13:04:43 +00:00			`key_name = names[0]`
			`identity_label = config_dict.get(key_name)`
			`if identity_label:`
			`return identity_label`

fix PEP8 2015-07-21 11:38:26 +00:00			`# extract remote name marked as TREZOR's`
			`section_name, _ = key_name.rsplit('.', 1)`
trezor-agent: improve gitconfig parsing 2015-07-06 06:36:56 +00:00
			`key_name = section_name + '.url'`
			`url = config_dict[key_name]`
agent: allow identity label specification 2015-07-20 13:04:43 +00:00			`log.debug('using "%s=%s" from git-config', key_name, url)`
trezor-agent: refactor identity_from_gitconfig() a bit 2015-07-05 12:10:24 +00:00
			`user, url = url.split('@', 1)`
			`host, path = url.split(':', 1)`
			`return 'ssh://{0}@{1}/{2}'.format(user, host, path)`
trezor-agent: automatic support for git identity The agent uses local 'git config', and chooses the url marked as "trezor = true". 2015-07-04 18:57:57 +00:00

main: integration identity verification 2015-07-22 10:48:15 +00:00			`def create_parser():`
split main script code into __main__.py 2015-06-15 13:37:16 +00:00			`p = argparse.ArgumentParser()`
agent: add --shell and --connect flags --shell: opens $SHELL as subprocess --connect: connect via SSH to specified identity's host 2015-07-04 08:22:44 +00:00			`p.add_argument('-v', '--verbose', default=0, action='count')`
agent: fix argument parser 2015-07-04 07:47:32 +00:00
trezor-agent: automatic support for git identity The agent uses local 'git config', and chooses the url marked as "trezor = true". 2015-07-04 18:57:57 +00:00			`p.add_argument('identity', type=str, default=None,`
trezor: use identities instead of labels 2015-07-03 13:09:49 +00:00			`help='proto://[user@]host[:port][/path]')`
agent: add --shell and --connect flags --shell: opens $SHELL as subprocess --connect: connect via SSH to specified identity's host 2015-07-04 08:22:44 +00:00
			`g = p.add_mutually_exclusive_group()`
			`g.add_argument('-s', '--shell', default=False, action='store_true',`
			`help='run $SHELL as subprocess under SSH agent')`
			`g.add_argument('-c', '--connect', default=False, action='store_true',`
			`help='connect to specified host via SSH')`
agent: small fixes 2015-07-04 09:29:49 +00:00			`p.add_argument('command', type=str, nargs='*', metavar='ARGUMENT',`
trezor-agent: use single identity per invocation 2015-07-04 06:23:36 +00:00			`help='command to run under the SSH agent')`
main: integration identity verification 2015-07-22 10:48:15 +00:00			`return p`
fix PEP8 2015-07-21 11:38:26 +00:00
split main script code into __main__.py 2015-06-15 13:37:16 +00:00
main: integration identity verification 2015-07-22 10:48:15 +00:00			`def setup_logging(verbosity):`
fix PEP8 2015-07-21 11:38:26 +00:00			`fmt = ('%(asctime)s %(levelname)-12s %(message)-100s '`
			`'[%(filename)s:%(lineno)d]')`
agent: add --shell and --connect flags --shell: opens $SHELL as subprocess --connect: connect via SSH to specified identity's host 2015-07-04 08:22:44 +00:00			`levels = [logging.WARNING, logging.INFO, logging.DEBUG]`
main: integration identity verification 2015-07-22 10:48:15 +00:00			`level = levels[min(verbosity, len(levels) - 1)]`
fix PEP8 2015-07-21 11:38:26 +00:00			`logging.basicConfig(format=fmt, level=level)`
split main script code into __main__.py 2015-06-15 13:37:16 +00:00
main: integration identity verification 2015-07-22 10:48:15 +00:00
			`def trezor_agent():`
			`args = create_parser().parse_args()`
			`setup_logging(verbosity=args.verbose)`

server: serve should be a context manager 2015-06-17 13:52:11 +00:00			`with trezor.Client(factory=trezor.TrezorLibrary) as client:`
trezor-agent: automatic support for git identity The agent uses local 'git config', and chooses the url marked as "trezor = true". 2015-07-04 18:57:57 +00:00
			`label = args.identity`
			`command = args.command`

			`if label == 'git':`
			`label = identity_from_gitconfig()`
agent: allow identity label specification 2015-07-20 13:04:43 +00:00			`log.info('using identity %r for git command %r', label, command)`
trezor-agent: automatic support for git identity The agent uses local 'git config', and chooses the url marked as "trezor = true". 2015-07-04 18:57:57 +00:00			`if command:`
			`command = ['git'] + command`

			`identity = client.get_identity(label=label)`
agent: fix argument parser 2015-07-04 07:47:32 +00:00			`public_key = client.get_public_key(identity=identity)`
server: serve should be a context manager 2015-06-17 13:52:11 +00:00
trezor-agent: automatic support for git identity The agent uses local 'git config', and chooses the url marked as "trezor = true". 2015-07-04 18:57:57 +00:00			`use_shell = False`
agent: add --shell and --connect flags --shell: opens $SHELL as subprocess --connect: connect via SSH to specified identity's host 2015-07-04 08:22:44 +00:00			`if args.connect:`
fix PEP8 2015-07-21 11:38:26 +00:00			`def to_ascii(s):`
			`return s.encode('ascii')`

agent: add --shell and --connect flags --shell: opens $SHELL as subprocess --connect: connect via SSH to specified identity's host 2015-07-04 08:22:44 +00:00			`command = ['ssh', to_ascii(identity.host)]`
			`if identity.user:`
			`command += ['-l', to_ascii(identity.user)]`
			`if identity.port:`
			`command += ['-p', to_ascii(identity.port)]`
			`log.debug('SSH connect: %r', command)`
main: fix invocation via ssh 2015-07-20 15:05:59 +00:00			`command = command + args.command`
agent: add --shell and --connect flags --shell: opens $SHELL as subprocess --connect: connect via SSH to specified identity's host 2015-07-04 08:22:44 +00:00
			`if args.shell:`
agent: fix argument parser 2015-07-04 07:47:32 +00:00			`command, use_shell = os.environ['SHELL'], True`
agent: add --shell and --connect flags --shell: opens $SHELL as subprocess --connect: connect via SSH to specified identity's host 2015-07-04 08:22:44 +00:00			`log.debug('using shell: %r', command)`

			`if not command:`
			`sys.stdout.write(public_key)`
			`return`
server: serve should be a context manager 2015-06-17 13:52:11 +00:00
trezor: refactor label parsing and handling 2015-07-04 18:15:09 +00:00			`def signer(label, blob):`
			`identity = client.get_identity(label=label)`
			`return client.sign_ssh_challenge(identity=identity, blob=blob)`
server: serve should be a context manager 2015-06-17 13:52:11 +00:00
			`try:`
agent: fix argument parser 2015-07-04 07:47:32 +00:00			`with server.serve(public_keys=[public_key], signer=signer) as env:`
agent: add --shell and --connect flags --shell: opens $SHELL as subprocess --connect: connect via SSH to specified identity's host 2015-07-04 08:22:44 +00:00			`return server.run_process(command=command, environ=env,`
			`use_shell=use_shell)`
server: serve should be a context manager 2015-06-17 13:52:11 +00:00			`except KeyboardInterrupt:`
			`log.info('server stopped')`
main: integration identity verification 2015-07-22 10:48:15 +00:00

			`def trezor_verify():`

			`p = argparse.ArgumentParser()`
			`p.add_argument('-v', '--verbose', default=0, action='count')`
			`p.add_argument('-a', '--address', default=None)`
			`p.add_argument('identity')`
			`args = p.parse_args()`

			`setup_logging(verbosity=args.verbose)`
			`with trezor.Client(factory=trezor.TrezorLibrary) as client:`
			`client.sign_identity(identity=args.identity,`
			`expected_address=args.address)`