Gitiles
Code Review Sign In
gerrit.cesnet.cz / github / CESNET / Netopeer2GUI / a74783210760a2c2c3bfc9d2983b550b6a806740^! / . / backend / connections.py
commita74783210760a2c2c3bfc9d2983b550b6a806740[log] [tgz]
authorRadek Krejci <rkrejci@cesnet.cz>Tue Jun 19 13:09:52 2018 +0200
committerRadek Krejci <rkrejci@cesnet.cz>Tue Jun 19 13:09:52 2018 +0200
tree39b80d537b9006d7e3a63395f4042d2eff98bd3d
parent70895e1ce5d7519b015a63dbec41067f19ef8ba4 [diff] [blame]
gui CHANGE storing device fingerprint

When user confirms the device's fingerprint, do not ask again next time
the device is being connected.

diff --git a/backend/connections.py b/backend/connections.py
index 166de56..b5114cf 100644
--- a/backend/connections.py
+++ b/backend/connections.py

@@ -16,7 +16,7 @@
 import netconf2 as nc
 
 from .inventory import INVENTORY
-from .devices import devices_get
+from .devices import devices_get, devices_replace
 from .error import NetopeerException
 from .data import *
 
@@ -39,19 +39,36 @@
 
 
 def hostkey_check(hostname, state, keytype, hexa, priv):
-	params = {'id': priv, 'hostname' : hostname, 'state' : state, 'keytype' : keytype, 'hexa' : hexa}
+	if 'fingerprint' in priv['device']:
+		# check according to the stored fingerprint from previous connection
+		if hexa == priv['device']['fingerprint']:
+			return True
+		elif state != 2:
+			print("Incorrect host key state")
+			state = 2
+
+	# ask frontend/user for hostkey check
+	params = {'id': priv['session']['session_id'], 'hostname' : hostname, 'state' : state, 'keytype' : keytype, 'hexa' : hexa}
 	socketio.emit('hostcheck', params, callback = hostkey_check_send)
 
 	timeout = Timeout(30)
 	try:
-		e = hostcheck[priv] = event.Event()
+		# wait for response from the frontend
+		e = hostcheck[priv['session']['session_id']] = event.Event()
 		result = e.wait()
 	except Timeout:
+		# no response received within the timeout
 		return False;
 	finally:
-		hostcheck.pop(priv, None)
+		# we have the response
+		hostcheck.pop(priv['session']['session_id'], None)
 		timeout.cancel()
 
+	if result:
+		# store confirmed fingerprint for future connections
+		priv['device']['fingerprint'] = hexa;
+		devices_replace(priv['device']['id'], priv['session']['user'].username, priv['device'])
+
 	return result
 
 
@@ -77,7 +94,7 @@
 	nc.setSearchpath(path)
 
 	ssh = nc.SSH(device['username'], password=device['password'])
-	ssh.setAuthHostkeyCheckClb(hostkey_check, session['session_id'])
+	ssh.setAuthHostkeyCheckClb(hostkey_check, {'session': session, 'device' : device})
 	try:
 		ncs = nc.Session(device['hostname'], device['port'], ssh)
 	except Exception as e: