From 4cda54ab60d8a115fb9d1fb1f0461257e7a86702 Mon Sep 17 00:00:00 2001 From: Josiah Baldwin Date: Fri, 26 Sep 2025 14:16:18 -0700 Subject: [PATCH] Revert "Feat/run console commands" --- src/meshctrl/session.py | 145 +++--------------- tests/environment/__init__.py | 4 +- tests/environment/client.dockerfile | 2 +- tests/environment/meshcentral.dockerfile | 4 +- .../scripts/client/agent_server.py | 2 +- .../scripts/meshcentral/create_users.py | 6 +- tests/test_sanity.py | 9 ++ tests/test_session.py | 35 +---- 8 files changed, 47 insertions(+), 160 deletions(-) diff --git a/src/meshctrl/session.py b/src/meshctrl/session.py index cf1b737..e6d1897 100644 --- a/src/meshctrl/session.py +++ b/src/meshctrl/session.py @@ -184,7 +184,7 @@ class Session(object): async def _listen_data_task(self, websocket): async for message in websocket: await self._eventer.emit("raw", message) - # Meshcentral does pong wrong and breaks our parsing, so fix it here. This is fixed now, but we want compatibility with old versions. + # Meshcentral does pong wrong and breaks our parsing, so fix it here. if message == '{action:"pong"}': message = '{"action":"pong"}' @@ -1473,7 +1473,7 @@ class Session(object): return nid result = {n: {"complete": False, "result": [], "command": command} for n in nodeids} - async def _console(): + async def _(): async for event in self.events({"action": "msg", "type": "console"}): node = match_nodeid(event["nodeid"], nodeids) if node: @@ -1485,131 +1485,34 @@ class Session(object): elif (event["value"].startswith("Run commands")): continue result[node]["result"].append(event["value"]) - - # We create this task AFTER getting the first message, but I don't feel like implementing this twice, so we'll pass in the first message and have it parsed immediately - async def _reply(responseid, start_data=None): - # Returns True when all results are in, Falsey otherwise - def _parse_event(event): - node = match_nodeid(event["nodeid"], nodeids) - if node: - result.setdefault(node, {})["complete"] = True - result[node]["result"].append(event["result"]) - if all(_["complete"] for key, _ in result.items()): - return True - if start_data is not None: - if _parse_event(start_data): - return - async for event in self.events({"action": "msg", "type": "runcommands", "responseid": responseid}): - if _parse_event(event): - break - - async def __(command, tg, tasks): + async def __(command): data = await self._send_command(command, "run_command", timeout=timeout) - if data.get("type", None) != "runcommands" and data.get("result", "ok").lower() != "ok": + if data.get("result", "ok").lower() != "ok": raise exceptions.ServerError(data["result"]) - elif data.get("type", None) != "runcommands" and data.get("result", "ok").lower() == "ok": - expect_response = False - console_task = tg.create_task(asyncio.wait_for(_console(), timeout=timeout)) - if not ignore_output: - userid = (await self.user_info())["_id"] - for n in nodeids: - device_info = await self.device_info(n, timeout=timeout) - try: - permissions = device_info.mesh.links.get(userid, {}).get("rights",constants.DeviceRights.norights)\ - # This should work for device rights, but it only seems to work for mesh rights. Not sure why, but I can't get the events to show up when the user only has individual device rights - # |device_info.get("links", {}).get(userid, {}).get("rights", constants.DeviceRights.norights) - # If we don't have agentconsole rights, we won't be able te read the output, so fill in blanks on this node - if not permissions&constants.DeviceRights.agentconsole: - result[n]["complete"] = True - else: - expect_response = True - except AttributeError: - result[n]["complete"] = True - if expect_response: - tasks.append(console_task) - else: - console_task.cancel() - elif data.get("type", None) == "runcommands" and not ignore_output: - tasks.append(tg.create_task(asyncio.wait_for(_reply(data["responseid"], start_data=data), timeout=timeout))) + + expect_response = False + if not ignore_output: + userid = (await self.user_info())["_id"] + for n in nodeids: + device_info = await self.device_info(n, timeout=timeout) + try: + permissions = device_info.mesh.links.get(userid, {}).get("rights",constants.DeviceRights.norights)\ + # This should work for device rights, but it only seems to work for mesh rights. Not sure why, but I can't get the events to show up when the user only has individual device rights + # |device_info.get("links", {}).get(userid, {}).get("rights", constants.DeviceRights.norights) + # If we don't have agentconsole rights, we won't be able te read the output, so fill in blanks on this node + if not permissions&constants.DeviceRights.agentconsole: + result[n]["complete"] = True + else: + expect_response = True + except AttributeError: + result[n]["complete"] = True tasks = [] async with asyncio.TaskGroup() as tg: - tasks.append(tg.create_task(__({ "action": 'runcommands', "nodeids": nodeids, "type": (2 if powershell else 0), "cmds": command, "runAsUser": runAsUser, "reply": not ignore_output}, tg, tasks))) - - return {n: v | {"result": "".join(v["result"])} for n,v in result.items()} - - async def run_console_command(self, nodeids, command, powershell=False, runasuser=False, runasuseronly=False, ignore_output=False, timeout=None): - ''' - Run a mesh console command on any number of nodes. WARNING: Non namespaced call. Calling this function again before it returns may cause unintended consequences. - - Args: - nodeids (str|list[str]): Unique ids of nodes on which to run the command - command (str): Command to run - ignore_output (bool): Don't bother trying to get the output. Every device will return an empty string for its result. - timeout (int): duration in seconds to wait for a response before throwing an error - - Returns: - dict[str, ~meshctrl.types.RunCommandResponse]: Dict containing mapped output of the commands by device - - Raises: - :py:class:`~meshctrl.exceptions.ServerError`: Error text from server if there is a failure - :py:class:`~meshctrl.exceptions.SocketError`: Info about socket closure - ValueError: `Invalid device id` if device is not found - asyncio.TimeoutError: Command timed out - ''' - if isinstance(nodeids, str): - nodeids = [nodeids] - - def match_nodeid(id, ids): - for nid in ids: - if (nid == id): - return nid - if (nid[6:] == id): - return nid - if (f"node//{nid}" == id): - return nid - - result = {n: {"complete": False, "result": [], "command": command} for n in nodeids} - async def _console(): - async for event in self.events({"action": "msg", "type": "console"}): - node = match_nodeid(event["nodeid"], nodeids) - if node: - result[node]["result"].append(event["value"]) - result.setdefault(node, {})["complete"] = True - if all(_["complete"] for key, _ in result.items()): - break - async def __(command, tg, tasks): - data = await self._send_command(command, "run_console_command", timeout=timeout) - - if data.get("type", None) != "runcommands" and data.get("result", "ok").lower() != "ok": - raise exceptions.ServerError(data["result"]) - elif data.get("type", None) != "runcommands" and data.get("result", "ok").lower() == "ok": - expect_response = False - console_task = tg.create_task(asyncio.wait_for(_console(), timeout=timeout)) - if not ignore_output: - userid = (await self.user_info())["_id"] - for n in nodeids: - device_info = await self.device_info(n, timeout=timeout) - try: - permissions = device_info.mesh.links.get(userid, {}).get("rights",constants.DeviceRights.norights)\ - # This should work for device rights, but it only seems to work for mesh rights. Not sure why, but I can't get the events to show up when the user only has individual device rights - # |device_info.get("links", {}).get(userid, {}).get("rights", constants.DeviceRights.norights) - # If we don't have agentconsole rights, we won't be able te read the output, so fill in blanks on this node - if not permissions&constants.DeviceRights.agentconsole: - result[n]["complete"] = True - else: - expect_response = True - except AttributeError: - result[n]["complete"] = True - if expect_response: - tasks.append(console_task) - else: - console_task.cancel() - - tasks = [] - async with asyncio.TaskGroup() as tg: - tasks.append(tg.create_task(__({ "action": 'runcommands', "nodeids": nodeids, "type": 4, "cmds": command}, tg, tasks))) + if expect_response: + tasks.append(tg.create_task(asyncio.wait_for(_(), timeout=timeout))) + tasks.append(tg.create_task(__({ "action": 'runcommands', "nodeids": nodeids, "type": (2 if powershell else 0), "cmds": command, "runAsUser": runAsUser }))) return {n: v | {"result": "".join(v["result"])} for n,v in result.items()} diff --git a/tests/environment/__init__.py b/tests/environment/__init__.py index 3c62614..7bc9cb3 100644 --- a/tests/environment/__init__.py +++ b/tests/environment/__init__.py @@ -37,9 +37,7 @@ class Agent(object): self._clienturl = clienturl self._dockerurl = dockerurl r = requests.post(f"{self._clienturl}/add-agent", json={"url": f"{self._dockerurl}", "meshid": self.meshid}) - agent_json = r.json() - self.nodeid = agent_json["id"] - self.nodehex = agent_json["hex"] + self.nodeid = r.json()["id"] def __enter__(self): return self diff --git a/tests/environment/client.dockerfile b/tests/environment/client.dockerfile index cd21c3c..2016d3c 100644 --- a/tests/environment/client.dockerfile +++ b/tests/environment/client.dockerfile @@ -1,4 +1,4 @@ -FROM python:3.13 +FROM python:3.12 WORKDIR /usr/local/app # Install the application dependencies diff --git a/tests/environment/meshcentral.dockerfile b/tests/environment/meshcentral.dockerfile index b97a6da..af192ae 100644 --- a/tests/environment/meshcentral.dockerfile +++ b/tests/environment/meshcentral.dockerfile @@ -1,8 +1,8 @@ -FROM ghcr.io/ylianst/meshcentral:1.1.50 +FROM ghcr.io/ylianst/meshcentral:latest RUN apk add curl RUN apk add python3 WORKDIR /opt/meshcentral/ COPY ./scripts/meshcentral ./scripts COPY ./config/meshcentral/data /opt/meshcentral/meshcentral-data COPY ./config/meshcentral/overrides /opt/meshcentral/meshcentral -ENTRYPOINT ["python3", "/opt/meshcentral/scripts/create_users.py"] \ No newline at end of file +CMD ["python3", "/opt/meshcentral/scripts/create_users.py"] \ No newline at end of file diff --git a/tests/environment/scripts/client/agent_server.py b/tests/environment/scripts/client/agent_server.py index 52e42e8..1ee8639 100644 --- a/tests/environment/scripts/client/agent_server.py +++ b/tests/environment/scripts/client/agent_server.py @@ -53,7 +53,7 @@ def add_agent(): time.sleep(.1) else: raise Exception(f"Failed to start agent: {text}") - return {"id": agent_id, "hex": agent_hex} + return {"id": agent_id} @api.route('/remove-agent/', methods=['POST']) def remove_agent(agentid): diff --git a/tests/environment/scripts/meshcentral/create_users.py b/tests/environment/scripts/meshcentral/create_users.py index 3ceb4b7..76263cf 100644 --- a/tests/environment/scripts/meshcentral/create_users.py +++ b/tests/environment/scripts/meshcentral/create_users.py @@ -7,9 +7,9 @@ thisdir = os.path.abspath(os.path.dirname(__file__)) with open(os.path.join(thisdir, "users.json")) as infile: users = json.load(infile) for username, password in users.items(): - print(subprocess.check_output(["node", "/opt/meshcentral/meshcentral", "--createaccount", username, "--pass", password, "--name", username])) + subprocess.check_output(["node", "/opt/meshcentral/meshcentral", "--createaccount", username, "--pass", password, "--name", username]) -print(subprocess.check_output(["node", "/opt/meshcentral/meshcentral", "--adminaccount", "admin"])) +subprocess.check_output(["node", "/opt/meshcentral/meshcentral", "--adminaccount", "admin"]) -subprocess.call(["bash", "/opt/meshcentral/entrypoint.sh"]) \ No newline at end of file +subprocess.call(["bash", "/opt/meshcentral/startup.sh"]) \ No newline at end of file diff --git a/tests/test_sanity.py b/tests/test_sanity.py index e2b1a62..835c876 100644 --- a/tests/test_sanity.py +++ b/tests/test_sanity.py @@ -9,7 +9,16 @@ import requests async def test_sanity(env): async with meshctrl.Session(env.mcurl, user="unprivileged", password=env.users["unprivileged"], ignore_ssl=True) as s: + got_pong = asyncio.Event() + async def _(): + async for raw in s.raw_messages(): + if raw == '{action:"pong"}': + got_pong.set() + break + ping_task = None async with asyncio.TaskGroup() as tg: + tg.create_task(asyncio.wait_for(_(), timeout=5)) + tg.create_task(asyncio.wait_for(got_pong.wait(), timeout=5)) ping_task = tg.create_task(s.ping(timeout=10)) print("\ninfo ping: {}\n".format(ping_task.result())) print("\ninfo user_info: {}\n".format(await s.user_info())) diff --git a/tests/test_session.py b/tests/test_session.py index dd1c973..ca2d163 100644 --- a/tests/test_session.py +++ b/tests/test_session.py @@ -251,28 +251,7 @@ async def test_mesh_device(env): assert "Run commands completed." not in r[agent2.nodeid]["result"], "Didn't parse run command ending correctly" assert "meshagent" in (await privileged_session.run_command(agent.nodeid, "ls", timeout=10))[agent.nodeid]["result"], "ls gave incorrect data" - # Test run_commands missing device - try: - await admin_session.run_command([agent.nodeid, "notanid"], "ls", timeout=10) - except* (meshctrl.exceptions.ServerError, ValueError): - pass - else: - raise Exception("Run command on a device that doesn't exist did not raise an exception") - - r = await admin_session.run_console_command([agent.nodeid, agent2.nodeid], "info", timeout=10) - print("\ninfo run_console_command: {}\n".format(r)) - assert agent.nodeid in r[agent.nodeid]["result"], "Run console command gave bad response" - assert agent2.nodeid in r[agent2.nodeid]["result"], "Run console command gave bad response" - - # Test run_commands missing device - try: - await admin_session.run_console_command([agent.nodeid, "notanid"], "info", timeout=10) - except* (meshctrl.exceptions.ServerError, ValueError): - pass - else: - raise Exception("Run console command on a device that doesn't exist did not raise an exception") - - # Test run commands with individual device permissions + # Test run commands with ndividual device permissions try: await unprivileged_session.run_command(agent.nodeid, "ls", timeout=10) except* (meshctrl.exceptions.ServerError, ValueError): @@ -287,7 +266,7 @@ async def test_mesh_device(env): else: raise Exception("Unprivileged user has access to device it should not") - assert (await admin_session.add_users_to_device((await unprivileged_session.user_info())["_id"], agent.nodeid, meshctrl.constants.DeviceRights.norights)), "Failed to add user to device" + assert (await admin_session.add_users_to_device((await unprivileged_session.user_info())["_id"], agent.nodeid, meshctrl.constants.MeshRights.norights)), "Failed to add user to device" try: await unprivileged_session.run_command(agent.nodeid, "ls", ignore_output=True, timeout=10) @@ -305,14 +284,12 @@ async def test_mesh_device(env): assert r.links[(await unprivileged_session.user_info())["_id"]]["rights"] == meshctrl.constants.DeviceRights.norights, "Unprivileged user has too many rights!" - assert (await admin_session.add_users_to_device([(await unprivileged_session.user_info())["_id"]], agent.nodeid, meshctrl.constants.DeviceRights.fullrights)), "Failed to modify user's permissions" + assert (await admin_session.add_users_to_device([(await unprivileged_session.user_info())["_id"]], agent.nodeid, meshctrl.constants.DeviceRights.remotecontrol|meshctrl.constants.DeviceRights.agentconsole|meshctrl.constants.DeviceRights.remotecommands)), "Failed to modify user's permissions" - assert (await unprivileged_session.device_info(agent.nodeid, timeout=10)).links[(await unprivileged_session.user_info())["_id"]]["rights"] == meshctrl.constants.DeviceRights.fullrights, "Adding permissions did not update unprivileged user." + assert (await unprivileged_session.device_info(agent.nodeid, timeout=10)).links[(await unprivileged_session.user_info())["_id"]]["rights"] == meshctrl.constants.DeviceRights.remotecontrol|meshctrl.constants.DeviceRights.agentconsole|meshctrl.constants.DeviceRights.remotecommands, "Adding permissions did not update unprivileged user." - # For now, this expects no response. If we ever figure out why the server isn't sending console information to us when it should, fix this. + # For now, this expects no response. If we ever figure out why the server isn't sending console information te us when it should, fix this. # assert "meshagent" in (await unprivileged_session.run_command(agent.nodeid, "ls", timeout=10))[agent.nodeid]["result"], "ls gave incorrect data" - # Meshcentral has a 10 second cache on user perms. - #await asyncio.sleep(15) await unprivileged_session.run_command(agent.nodeid, "ls", timeout=10) assert await admin_session.move_to_device_group(agent.nodeid, mesh2.meshid, timeout=5), "Failed to move mesh to new device group" @@ -326,7 +303,7 @@ async def test_mesh_device(env): assert await admin_session.move_to_device_group([agent.nodeid], mesh.name, isname=True, timeout=5), "Failed to move mesh to new device group by name" - # For now, this expects no response. If we ever figure out why the server isn't sending console information te us when it should, fix this. + # For now, this expe namects no response. If we ever figure out why the server isn't sending console information te us when it should, fix this. # assert "meshagent" in (await unprivileged_session.run_command(agent.nodeid, "ls", timeout=10))[agent.nodeid]["result"], "ls gave incorrect data" try: await unprivileged_session.run_command(agent.nodeid, "ls", timeout=10)