Keeper-Security · idimov-keeper · Jan 9, 2025 · Jan 10, 2025
diff --git a/keepercommander/__main__.py b/keepercommander/__main__.py
@@ -14,8 +14,8 @@
 import argparse
 from typing import Optional
 
-import certifi
 import json
+import certifi
 import logging
 import os
 import re

diff --git a/keepercommander/commands/discoveryrotation.py b/keepercommander/commands/discoveryrotation.py
@@ -2725,7 +2725,7 @@ def setup_logging(self, convo_id, log_queue, logging_level):
         logger.debug("Logging setup complete.")
         return logger
 
-    async def connect(self, params, record_uid, convo_num, host, port,
+    async def connect(self, params, record_uid, gateway_uid, convo_num, host, port,
                       log_queue, seed, target_host, target_port, socks):
 
         # Setup custom logging to put logs into log_queue
@@ -2756,7 +2756,7 @@ async def connect(self, params, record_uid, convo_num, host, port,
         # Set up the pc
         print_ready_event = asyncio.Event()
         kill_server_event = asyncio.Event()
-        pc = WebRTCConnection(params=params, record_uid=record_uid, symmetric_key=symmetric_key,
+        pc = WebRTCConnection(params=params, record_uid=record_uid, gateway_uid=gateway_uid, symmetric_key=symmetric_key,
                               print_ready_event=print_ready_event, kill_server_event=kill_server_event,
                               logger=logger, server=params.server)
 
@@ -2792,7 +2792,7 @@ async def connect(self, params, record_uid, convo_num, host, port,
         finally:
             logger.debug("--> STOP LISTENING FOR MESSAGES FROM GATEWAY --------")
 
-    def pre_connect(self, params, record_uid, convo_num, host, port,
+    def pre_connect(self, params, record_uid, gateway_uid, convo_num, host, port,
                     seed, target_host, target_port, socks):
         tunnel_name = f"{convo_num}"
 
@@ -2821,6 +2821,7 @@ def custom_exception_handler(_loop, context):
                 self.connect(
                     params=params,
                     record_uid=record_uid,
+                    gateway_uid=gateway_uid,
                     convo_num=convo_num,
                     host=host,
                     port=port,
@@ -2892,12 +2893,12 @@ def execute(self, params, **kwargs):
         micro_version = sys.version_info.micro
 
         if (major_version, minor_version, micro_version) < (from_version[0], from_version[1], from_version[2]):
-            print(f"{bcolors.FAIL}This code requires Python {from_version[0]}.{from_version[1]}.{from_version[2]} or higher. "
+            print(f"{bcolors.FAIL}This command requires Python {from_version[0]}.{from_version[1]}.{from_version[2]} or higher. "
                   f"You are using {major_version}.{minor_version}.{micro_version}.{bcolors.ENDC}")
             return
-        if (major_version, minor_version, micro_version) >= (tom_version[0], from_version[1], from_version[2]):
-            print(f"{bcolors.FAIL}This code requires Python {from_version[0]}.{from_version[1]}.{from_version[2]} or higher. "
-                  f"You are using {major_version}.{minor_version}.{micro_version}.{bcolors.ENDC}")
+        if (major_version, minor_version, micro_version) >= (to_version[0], to_version[1], to_version[2]):
+            print(f"{bcolors.FAIL}This command is compatible with Python versions below {to_version[0]}.{to_version[1]}.{to_version[2]} "
+                  f"(Current Python version: {major_version}.{minor_version}.{micro_version}){bcolors.ENDC}")
             return
 
         record_uid = kwargs.get('uid')
@@ -2963,8 +2964,19 @@ def execute(self, params, **kwargs):
         base64_seed = client_private_seed.get_default_value(str).encode('utf-8')
         seed = base64_to_bytes(base64_seed)
 
-        t = threading.Thread(target=self.pre_connect, args=(params, record_uid, convo_num, host, port,
-                                                            seed, target_host, target_port, socks)
+        # gateway = kwargs.get('gateway_uid')  # type: Optional[str]
+        # if gateway:
+        #     gateways = gateway_helper.get_all_gateways(params)
+        #     gateway_uid = next((utils.base64_url_encode(x.controllerUid) for x in gateways
+        #                         if utils.base64_url_encode(x.controllerUid) == gateway
+        #                         or x.controllerName.casefold() == gateway.casefold()), None)
+        gateway_uid = self.get_gateway_uid_from_record(params, record_uid)
+        if not gateway_uid:
+            print(f"{bcolors.FAIL}Gateway not found for record {record_uid}.{bcolors.ENDC}")
+            return
+
+        t = threading.Thread(target=self.pre_connect, args=(params, record_uid, gateway_uid, convo_num,
+                                                            host, port, seed, target_host, target_port, socks)
                              )
 
         # Setting the thread as a daemon thread
@@ -3056,3 +3068,29 @@ def print_fail(con_num):
         else:
             print_fail(convo_num)
 
+    def get_config_uid_from_record(self, params, record_uid):
+        record = vault.KeeperRecord.load(params, record_uid)
+        if not isinstance(record, vault.TypedRecord):
+            raise CommandError('', f"{bcolors.FAIL}Record {record_uid} not found.{bcolors.ENDC}")
+        record_type = record.record_type
+        if record_type not in ("pamMachine pamDatabase pamDirectory pamRemoteBrowser").split():
+            raise CommandError('', f"{bcolors.FAIL}This record's type is not supported for tunnels. "
+                                f"Tunnels are only supported on pamMachine, pamDatabase, pamDirectory, "
+                                f"and pamRemoteBrowser records{bcolors.ENDC}")
+
+        encrypted_session_token, encrypted_transmission_key, transmission_key = get_keeper_tokens(params)
+        existing_config_uid = get_config_uid(params, encrypted_session_token, encrypted_transmission_key, record_uid)
+        return existing_config_uid
+
+    def get_gateway_uid_from_record(self, params, record_uid):
+        gateway_uid = ''
+        pam_config_uid = self.get_config_uid_from_record(params, record_uid)
+        if pam_config_uid:
+            record = vault.KeeperRecord.load(params, pam_config_uid)
+            if record:
+                field = record.get_typed_field('pamResources')
+                value = field.get_default_value(dict)
+                if value:
+                    gateway_uid = value.get('controllerUid', '') or ''
+
+        return gateway_uid
diff --git a/keepercommander/commands/password_report.py b/keepercommander/commands/password_report.py
@@ -14,9 +14,10 @@
 
 from .base import report_output_parser, Command, try_resolve_path, FolderMixin, dump_report_data, field_to_title
 from ..error import CommandError
-from .. import vault, generator, vault_extensions
+from .. import vault, generator, vault_extensions, utils
 
 password_report_parser = argparse.ArgumentParser(prog='password-report', parents=[report_output_parser], description='Display record password report.')
+password_report_parser.add_argument('-v', '--verbose', dest='verbose', action='store_true', help='Display verbose information')
 password_report_parser.add_argument('--policy', dest='policy', action='store',
                                     help='Password complexity policy. Length,Lower,Upper,Digits,Special. Default is 12,2,2,2,0')
 password_report_parser.add_argument('-l', '--length', dest='length', type=int, action='store', help='Minimum password length.')
@@ -32,6 +33,7 @@ def get_parser(self):
         return password_report_parser
 
     def execute(self, params, **kwargs):
+        verbose = kwargs.get('verbose') is True
         p_length = 0
         p_lower = 0
         p_upper = 0
@@ -90,6 +92,10 @@ def execute(self, params, **kwargs):
         records = list(FolderMixin.get_records_in_folder_tree(params, folder_uid))
         table = []
         header = ['record_uid', 'title', 'description', 'length', 'lower', 'upper', 'digits', 'special']
+        if verbose:
+            header.append('score')
+            if params.breach_watch:
+                header.append('status')
 
         fmt = kwargs.get('format')
 
@@ -123,7 +129,23 @@ def execute(self, params, **kwargs):
             if isinstance(description, str):
                 if len(description) > 32:
                     description = description[:30] + '...'
-            table.append([record_uid, title, description, strength.length, strength.lower, strength.caps, strength.digits, strength.symbols])
+            row = [record_uid, title, description, strength.length, strength.lower, strength.caps, strength.digits, strength.symbols]
+            if verbose:
+                row.append(utils.password_score(password))
+                if params.breach_watch:
+                    status = ''
+                    bw_record = params.breach_watch_records.get(record_uid)
+                    if isinstance(bw_record, dict):
+                        data = bw_record.get('data_unencrypted')
+                        if isinstance(data, dict):
+                            passwords = data.get('passwords')
+                            if isinstance(passwords, list):
+                                password_status = next((x for x in passwords if x.get('value') == password), None)
+                                if isinstance(password_status, dict):
+                                    status = password_status.get('status')
+                    row.append(status)
+
+            table.append(row)
 
         if fmt != 'json':
             header = [field_to_title(x) for x in header]

diff --git a/keepercommander/commands/tunnel/port_forward/endpoint.py b/keepercommander/commands/tunnel/port_forward/endpoint.py
@@ -692,6 +692,7 @@ async def signal_channel(self, kind: str, base64_nonce: str):
         '''
         router_response = router_send_action_to_gateway(
             params=self.params,
+            destination_gateway_uid_str=self.gateway_uid,
             gateway_action=GatewayActionWebRTCSession(
                 inputs={
                     "recordUid": self.record_uid,