CASSH v1.4.0: Admin can force signature

Nicolas Beguier · Nicolas Beguier · commit 6e68525ce5fa · 2017-11-21T15:05:49.000+01:00
diff --git a/cassh b/cassh
@@ -31,6 +31,8 @@ if sys.version_info < (3, 0):
 # Debug
 # from pdb import set_trace as st
 
+VERSION = '%(prog)s 1.4.0'
+
 def read_conf(conf_path):
     """
     Read CASSH configuration file and return metadata.
@@ -176,14 +178,19 @@ class CASSH(object):
             exit(1)
         print(req.text)
 
-    def sign(self, do_write_on_disk, uid=None):
+    def sign(self, do_write_on_disk, uid=None, force=False):
         """
         Sign a public key.
         """
         pubkey = open('%s.pub' % self.key_path, 'rb')
         try:
-            req = self.session.post(self.url + '/client' + \
-                self.auth_url(prefix='?username=%s' % self.name), data=pubkey, verify=False)
+            if force:
+                req = self.session.post(self.url + '/client' + \
+                    self.auth_url(prefix='?username=%s&admin_force=true' % self.name), \
+                    data=pubkey, verify=False)
+            else:
+                req = self.session.post(self.url + '/client' + \
+                    self.auth_url(prefix='?username=%s' % self.name), data=pubkey, verify=False)
         except ConnectionError:
             print('Connection error : %s' % self.url)
             exit(1)
@@ -255,7 +262,7 @@ if __name__ == '__main__':
 
     SUBPARSERS = PARSER.add_subparsers(help='commands')
 
-    PARSER.add_argument('--version', action='version', version='%(prog)s 1.3.0')
+    PARSER.add_argument('--version', action='version', version=VERSION)
 
     # ADMIN Arguments
     ADMIN_PARSER = SUBPARSERS.add_parser('admin',\
@@ -274,6 +281,8 @@ if __name__ == '__main__':
     SIGN_PARSER = SUBPARSERS.add_parser('sign', help='Sign its key by remote ssh ca server.')
     SIGN_PARSER.add_argument('-d', '--display-only', action='store_true',\
         help='Display key in shell only.')
+    SIGN_PARSER.add_argument('-f', '--force', action='store_true',\
+        help='Admin can force signature if server enable it.')
     SIGN_PARSER.add_argument('-u', '--uid', action='store',\
         help='Force UID in key ownership.')
 
@@ -299,7 +308,7 @@ if __name__ == '__main__':
         print('[user]')
         print('# name : it\'s the user you will use to log in every server')
         print('name = user')
-        print('# key_path : This key path won\'t be use to log in, a copy will be made for the certificate.')
+        print('# key_path : This key path won\'t be use to log in, a copy will be made.')
         print('# We assume that `${key_path}` exists and `${key_path}.pub` too.')
         print('# WARNING: Never delete these keys')
         print('key_path = ~/.ssh/id_rsa')
@@ -323,7 +332,7 @@ if __name__ == '__main__':
     if sys.argv[1] == 'add':
         LBC.add()
     elif sys.argv[1] == 'sign':
-        LBC.sign(not ARGS.display_only, uid=ARGS.uid)
+        LBC.sign(not ARGS.display_only, uid=ARGS.uid, force=ARGS.force)
     elif sys.argv[1] == 'status':
         LBC.status()
     elif sys.argv[1] == 'ca':
