Browse Source

Refactoring

master-3.5
parent
commit
c193eee22b
  1. 266
      pym/console/application/cert_func.py
  2. 179
      pym/console/application/cert_verify.py
  3. 239
      pym/console/application/cl_client.py
  4. 229
      pym/console/application/client_class.py
  5. 60
      pym/console/application/create_cert.py
  6. 57
      pym/console/application/function.py
  7. 67
      pym/console/application/methods_func.py
  8. 52
      pym/console/application/pid_information.py
  9. 60
      pym/console/application/sid_func.py
  10. 11
      pym/console/console_main.py
  11. 7
      pym/console/datavars.py
  12. 10
      pym/console/variables/console.py

266
pym/console/application/cert_func.py

@ -1,4 +1,4 @@
#-*- coding: utf-8 -*-
# -*- coding: utf-8 -*-
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org
#
@ -14,13 +14,18 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import os, pwd
import sys, subprocess
import socket, time
import os
import pwd
import sys
import subprocess
import socket
import time
import urllib2
from calculate.console.application.function import _print
from function import get_ip_mac_type
from calculate.console.application.sid_func import get_sid
import OpenSSL, hashlib
import OpenSSL
import hashlib
from client_class import HTTPSClientCertTransport
from cert_verify import VerifyError
from calculate.core.datavars import DataVarsCore
@ -28,42 +33,47 @@ from calculate.core.server.methods_func import get_password
from calculate.lib.cl_lang import setLocalTranslate
from calculate.lib.utils.common import getpass
from calculate.lib.utils.files import listDirectory
setLocalTranslate('cl_console3',sys.modules[__name__])
_ = lambda x: x
setLocalTranslate('cl_console3', sys.modules[__name__])
VERSION = 0.11
def client_post_cert (client, clVars, show_info = False):
def client_post_cert(client, clVars, show_info=False):
""" send a certificate server for check """
sid = get_sid(client.SID_FILE)
lang = os.environ['LANG'][:2]
_result_post_cert, _result_sid = client.service.init_session(sid, lang)
result_post_cert = _result_post_cert[1].integer
result_sid = _result_sid[1].integer
if os.environ.get("DEBUG"):
print _("The client uses certificate %s (server ID %s)") %(client.CERT_FILE, result_post_cert[0])
print _("The client uses certificate %s (server ID %s)") % (
client.CERT_FILE, result_post_cert[0])
if result_post_cert[0] == -4:
print _("Certificate not found on the server")
print _("the client uses certificate %s") %client.CERT_FILE
print _('You can generate a new certificate using options --gen-cert-by and '\
print _("the client uses certificate %s") % client.CERT_FILE
print _('You can generate a new certificate '
'using options --gen-cert-by and '
'--get-cert-from')
raise Exception(3)
# client_sid(sid, client, cert_id = results[0][0], clVars = clVars)
# client_sid(sid, client, cert_id = results[0][0], clVars = clVars)
if result_post_cert[0] == -3:
print _("Certificate not sent!")
elif result_post_cert[0] == -2:
print _("Using the upstream certificate")
else:
if show_info:
print _(" Your certifitate ID = %d") %(result_post_cert[0])
print _(" Your certifitate ID = %d") % (result_post_cert[0])
try:
if result_post_cert[1] == -2:
print _("The certificate has expired")
elif result_post_cert[1] > 0:
if show_info:
print _("The certificate expires after %d days") \
%(result_post_cert[1])
% (result_post_cert[1])
except:
pass
@ -75,27 +85,30 @@ def client_post_cert (client, clVars, show_info = False):
if show_info:
if result_sid[1] == 1:
print _(" New Session")
else: print _(" Old Session")
print _(" Your session ID = %s") %sid
#Creation of secret key of the client
def new_key_req(key, cert_path, server_host_name, private_key_passwd = None, \
auto = False):
from create_cert import generateRSAKey, makePKey, makeRequest,\
passphrase_callback
else:
print _(" Old Session")
print _(" Your session ID = %s") % sid
# Creation of secret key of the client
def new_key_req(key, cert_path, server_host_name, private_key_passwd=None,
auto=False):
from create_cert import generateRSAKey, makePKey, makeRequest, \
passphrase_callback
rsa = generateRSAKey()
rsa.save_key(key+'_pub', cipher=None, callback = lambda *unused: None)
rsa.save_key(key + '_pub', cipher=None, callback=lambda *unused: None)
pkey = makePKey(rsa)
if not passphrase_callback(private_key_passwd):
pkey.save_key(key, cipher = None, callback = lambda *unused: None)
pkey.save_key(key, cipher=None, callback=lambda *unused: None)
else:
pkey.save_key(key, callback= lambda *unused: str(private_key_passwd))
pkey.save_key(key, callback=lambda *unused: str(private_key_passwd))
req = makeRequest(rsa, pkey, server_host_name, auto)
crtreq = req.as_pem()
req_file = cert_path + '/%s.csr' %server_host_name
req_file = cert_path + '/%s.csr' % server_host_name
crtfile = open(req_file, 'w')
crtfile.write(crtreq)
crtfile.close()
@ -104,13 +117,14 @@ def new_key_req(key, cert_path, server_host_name, private_key_passwd = None, \
try:
pwdObj = pwd.getpwnam(user_name)
except KeyError, e:
_print (e)
_print(e)
return None
os.chown(key, pwdObj.pw_uid, pwdObj.pw_gid)
os.chmod(key, 0600)
return req_file
def delete_old_cert(client):
try:
os.unlink(client.CERT_FILE)
@ -118,15 +132,16 @@ def delete_old_cert(client):
os.unlink(client.PKEY_FILE)
os.unlink(client.PubKEY_FILE)
except OSError, e:
_print (e.message)
_print(e.message)
def client_post_request (cert_path, args):
def client_post_request(cert_path, args):
if os.path.exists(cert_path + 'req_id'):
print \
_("You already sent a certificate signature request.")
_print (_("Request ID = %s") %open(cert_path + 'req_id', 'r').read())
ans = raw_input (_("Send a new request? y/[n]: "))
if not ans.lower() in ['y','yes']:
_print(_("Request ID = %s") % open(cert_path + 'req_id', 'r').read())
ans = raw_input(_("Send a new request? y/[n]: "))
if not ans.lower() in ['y', 'yes']:
return 0
clVars = DataVarsCore()
clVars.importCore()
@ -134,49 +149,51 @@ def client_post_request (cert_path, args):
port = args.port or clVars.Get('core.cl_core_port')
url = "https://%s:%s/?wsdl" %(args.by_host, port)
print '%s\n'% url, _("connecting...")
url = "https://%s:%s/?wsdl" % (args.by_host, port)
print '%s\n' % url, _("connecting...")
from client_class import Client_suds
try:
client = Client_suds(url, transport = HTTPSClientCertTransport \
(None, None, cert_path))
client = Client_suds(url, transport=HTTPSClientCertTransport \
(None, None, cert_path))
except (KeyboardInterrupt, urllib2.URLError), e:
print '\n'+_("Closing. Connection error.")
_print (_("Error: %s") %e)
print '\n' + _("Closing. Connection error.")
_print(_("Error: %s") % e)
return 0
client.wsdl.services[0].setlocation(url)
server_host_name = client.service.get_server_host_name()
key = os.path.join(cert_path, server_host_name + '.key')
csr_file = os.path.join(cert_path, server_host_name +'.csr')
csr_file = os.path.join(cert_path, server_host_name + '.csr')
if os.path.exists(key) and os.path.exists(csr_file):
print _("the private key and request now exist")
ask = raw_input(_("Create a new private key and request? y/[n]: "))
if ask.lower() in ['y','yes']:
if ask.lower() in ['y', 'yes']:
passwd = get_password()
new_key_req(key, cert_path, server_host_name,
private_key_passwd = passwd)
new_key_req(key, cert_path, server_host_name,
private_key_passwd=passwd)
else:
passwd = get_password()
new_key_req(key, cert_path, server_host_name,
private_key_passwd = passwd)
private_key_passwd=passwd)
ip, mac, client_type = get_ip_mac_type()
data = open(csr_file).read()
res = client.service.post_client_request(request = data, ip = ip,\
mac = mac, client_type = client_type)
res = client.service.post_client_request(request=data, ip=ip,
mac=mac, client_type=client_type)
if int(res) < 0:
print _("The server has not signed the certificate!")
return 1
fc = open(os.path.join(cert_path, 'req_id'), 'w')
fc.write(res)
fc.close()
_print (_("Your request ID = %s") %res + '.\n',
_("To submit the certificate request on the server use command") + \
'\n'+'cl-core --sign-client ID_CLIENT_REQUEST')
_print(_("Your request ID = %s") % res + '.\n',
_("To submit the certificate request on the server use command") + \
'\n' + 'cl-core --sign-client ID_CLIENT_REQUEST')
return 0
def client_get_cert(cert_path, args):
clVars = DataVarsCore()
clVars.importCore()
@ -184,35 +201,38 @@ def client_get_cert(cert_path, args):
if not os.path.exists(os.path.join(cert_path, 'req_id')):
print _("Request not sent or file %s deleted") \
%(os.path.join(cert_path, 'req_id'))
% (os.path.join(cert_path, 'req_id'))
return 1
fc = open(os.path.join(cert_path, 'req_id'), 'r')
req_id = fc.read()
fc.close()
port = args.port or clVars.Get('core.cl_core_port')
url = "https://%s:%s/?wsdl" %(args.from_host, port)
print '%s\n' %url, _("connecting...")
url = "https://%s:%s/?wsdl" % (args.from_host, port)
print '%s\n' % url, _("connecting...")
from client_class import Client_suds
try:
client = Client_suds(url, \
transport = HTTPSClientCertTransport(None, None, cert_path))
client = Client_suds(url,
transport=HTTPSClientCertTransport(None, None,
cert_path))
except KeyboardInterrupt:
print _("Closing. Connection error.")
return 1
client.wsdl.services[0].setlocation(url)
server_host_name = client.service.get_server_host_name()
if not os.path.exists(os.path.join(cert_path, server_host_name + '.csr')):
print _("Request %s not found on the client's side") \
%(os.path.join(cert_path, server_host_name + '.csr'))
% (os.path.join(cert_path, server_host_name + '.csr'))
return 1
request = open(os.path.join(cert_path, server_host_name + '.csr')).read()
md5 = hashlib.md5()
md5.update(request)
md5sum = md5.hexdigest()
result = client.service.get_client_cert(req_id, md5sum)
cert = result[0][0]
try:
@ -224,9 +244,9 @@ def client_get_cert(cert_path, args):
return 1
elif cert == '2':
print _("Signature request not examined yet.")
print _("Your request ID = %s") %req_id + '.\n',\
_("To submit the certificate request on the server use command") + \
'\n'+'cl-core --sign-client ID_CLIENT_REQUEST'
print _("Your request ID = %s") % req_id + '.\n', \
_("To submit the certificate request on the server use command") + \
'\n' + 'cl-core --sign-client ID_CLIENT_REQUEST'
return 1
elif cert == '3':
print _("Request or signature not matching earlier data.")
@ -241,13 +261,13 @@ def client_get_cert(cert_path, args):
try:
os.unlink(cert_path + 'req_id')
except OSError, e:
_print (e.message)
print _('Certificate saved. Your certificate ID: %s') %req_id
_print(e.message)
print _('Certificate saved. Your certificate ID: %s') % req_id
user_name = pwd.getpwuid(os.getuid()).pw_name
try:
pwdObj = pwd.getpwnam(user_name)
except KeyError, e:
_print (e)
_print(e)
return None
os.chown(cert_file, pwdObj.pw_uid, pwdObj.pw_gid)
os.chmod(cert_file, 0600)
@ -261,7 +281,7 @@ def client_get_cert(cert_path, args):
cl_client_cert_dir = clVars.Get('core.cl_client_cert_dir')
homePath = clVars.Get('ur_home_path')
cl_client_cert_dir = cl_client_cert_dir.replace("~",homePath)
cl_client_cert_dir = cl_client_cert_dir.replace("~", homePath)
root_cert_md5 = os.path.join(cl_client_cert_dir, "ca/cert_list")
md5 = hashlib.md5()
@ -271,7 +291,7 @@ def client_get_cert(cert_path, args):
print "md5sum = ", md5sum
if not os.path.exists(root_cert_md5):
fc = open(root_cert_md5,"w")
fc = open(root_cert_md5, "w")
fc.close()
filename = None
@ -280,32 +300,31 @@ def client_get_cert(cert_path, args):
# for each line
for line in t.splitlines():
# Split string into a words list
words = line.split(' ',1)
words = line.split(' ', 1)
if words[0] == md5sum:
filename = words[1]
if not filename:
certobj = OpenSSL.crypto.load_certificate \
(OpenSSL.SSL.FILETYPE_PEM, ca_root)
(OpenSSL.SSL.FILETYPE_PEM, ca_root)
Issuer = certobj.get_issuer().get_components()
for item in Issuer:
if item[0] == 'CN':
filename = item[1]
fc = open(root_cert_md5,"a")
fc.write('%s %s\n' %(md5sum, filename))
fc = open(root_cert_md5, "a")
fc.write('%s %s\n' % (md5sum, filename))
fc.close()
if not filename:
print _('Field "CN" not found in the certificate!')
return 1
fd = open(os.path.join(cl_client_cert_dir, 'ca', filename), 'w')
fd.write(ca_root)
fd.close()
user_root_cert = clVars.Get('core.cl_user_root_cert')
user_root_cert = user_root_cert.replace("~",homePath)
user_root_cert = user_root_cert.replace("~", homePath)
fa = open(user_root_cert, 'a')
fa.write(ca_root)
fa.close()
@ -314,94 +333,103 @@ def client_get_cert(cert_path, args):
else:
print _("The file containing the CA certificate now exists")
return 0
def client_post_auth(client):
""" authorization client or post request """
sid = get_sid(client.SID_FILE)
client.sid = int(sid)
try:
if os.path.exists(client.CERT_FILE):
pass#client_post_cert(client)
pass # client_post_cert(client)
else:
#client_post_request(client)
print _("You do not have a certificate. Use option --gen-cert-by HOST to generate a new request or --get-cert-from HOST to get a new certificate from the server.")
# client_post_request(client)
print _(
"You do not have a certificate. Use option --gen-cert-by HOST to generate a new request or --get-cert-from HOST to get a new certificate from the server.")
raise Exception(1)
# print client.service.versions(sid, VERSION)
# print client.service.versions(sid, VERSION)
except VerifyError, e:
print e.value
raise Exception(1)
########## Get password
def getRunProc():
"""List run program"""
def getCmd(procNum):
cmdLineFile = '/proc/%s/cmdline'%procNum
cmdLineFile = '/proc/%s/cmdline' % procNum
try:
if os.path.exists(cmdLineFile):
return [open(cmdLineFile,'r').read().strip(), procNum]
return [open(cmdLineFile, 'r').read().strip(), procNum]
except:
pass
return ["", procNum]
if not os.access('/proc',os.R_OK):
if not os.access('/proc', os.R_OK):
return []
return map(getCmd,
filter(lambda x:x.isdigit(),
listDirectory('/proc')))
filter(lambda x: x.isdigit(),
listDirectory('/proc')))
def owner(pid):
UID = 1
for ln in open('/proc/%s/status' %pid):
for ln in open('/proc/%s/status' % pid):
if ln.startswith('Uid:'):
uid = int(ln.split()[UID])
return pwd.getpwuid(uid).pw_name
def create_socket(file_path, username):
host = '' # ip
host = '' # ip
port = 5501 # порт
find_proc = False
# if not file_path:
# home_path = pwd.getpwuid(os.getuid()).pw_dir
# file_path = os.path.join(home_path, '.calculate', 'passwd_daemon')
# if not username:
# username = pwd.getpwuid(os.getuid()).pw_name
for run_commands in filter(lambda x:'cl-consoled' in \
x[0],getRunProc()):
# if not file_path:
# home_path = pwd.getpwuid(os.getuid()).pw_dir
# file_path = os.path.join(home_path, '.calculate', 'passwd_daemon')
# if not username:
# username = pwd.getpwuid(os.getuid()).pw_name
for run_commands in filter(lambda x: 'cl-consoled' in \
x[0], getRunProc()):
if 'python' in run_commands[0]:
if username == owner(run_commands[1]):
#print 'YES'
# print 'YES'
find_proc = True
if not find_proc:
try:
os.unlink(file_path)
except OSError, e:
_print (e.message)
_print(e.message)
cmd = ['cl-consoled']
#print cmd
subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE,
stdout = subprocess.PIPE, stderr=subprocess.PIPE)
# print cmd
subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE,
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
while True:
try:
s.bind((host,port)) # ассоциировать адрес с сокетом
s.bind((host, port)) # ассоциировать адрес с сокетом
break
except socket.error:
port += 1
return s
def set_password(s, req, size):
password = getpass.getpass(_('Password: '))
msg = '%s,%s' %(req,password)
msg = '%s,%s' % (req, password)
s.send(msg)
resp = s.recv(size)
if resp.startswith('Error'):
_print (resp)
_print(resp)
return password
def clear_password(server_host, server_port):
size = 1024 # размер данных
username = pwd.getpwuid(os.getuid()).pw_name
@ -417,18 +445,19 @@ def clear_password(server_host, server_port):
while connect_error < 10:
if os.path.isfile(file_path):
serv_port, hash_val = open(file_path, 'r').read().split()
break
s.connect(('localhost', int(serv_port)))
req = 'delete,%s,%s,%s,%s' % (server_host, str(server_port),
username, hash_val)
s.send(req)
s.recv(size)
return
else:
connect_error += 1
time.sleep(0.3)
s.connect(('localhost', int(serv_port)))
break
except socket.error:
time.sleep(0.3)
req = 'delete,%s,%s,%s,%s' %(server_host, str(server_port), username,
hash_val)
s.send(req)
resp = s.recv(size)
def socket_connect(s, file_path):
connect_error = 0
@ -437,15 +466,15 @@ def socket_connect(s, file_path):
while connect_error < 10:
if os.path.isfile(file_path):
serv_port, hash_val = open(file_path, 'r').read().split()
break
s.connect(('localhost', int(serv_port)))
return s, hash_val
else:
connect_error += 1
time.sleep(0.3)
s.connect(('localhost', int(serv_port)))
break
except socket.error:
time.sleep(0.3)
return s, hash_val
def get_password_from_daemon(server_host, server_port, wait_thread):
size = 1024 # размер данных
@ -458,7 +487,8 @@ def get_password_from_daemon(server_host, server_port, wait_thread):
s = create_socket(file_path, username)
s, hash_val = socket_connect(s, file_path)
req = '%s,%s,%s,%s' %(server_host,str(server_port),username,hash_val)
req = '%s,%s,%s,%s' % (
server_host, str(server_port), username, hash_val)
s.send(req)
resp = s.recv(size)
if resp.startswith('Error'):

179
pym/console/application/cert_verify.py

@ -1,4 +1,4 @@
#-*- coding: utf-8 -*-
# -*- coding: utf-8 -*-
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org
#
@ -14,35 +14,41 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import os, re, glob, sys
import os
import re
import sys
import OpenSSL
from calculate.console.application.function import _print
from calculate.core.datavars import DataVarsCore
from calculate.lib.cl_lang import setLocalTranslate
setLocalTranslate('cl_console3',sys.modules[__name__])
_ = lambda x: x
setLocalTranslate('cl_console3', sys.modules[__name__])
class VerifyError(Exception):
def __init__(self, value):
self.value = value
def __str__(self):
return repr(self.value)
# check recall of server certificate
def verify(server_cert, crl_path, flag):
certobj = OpenSSL.crypto.load_certificate \
(OpenSSL.SSL.FILETYPE_PEM, server_cert)
certobj = OpenSSL.crypto.load_certificate(
OpenSSL.SSL.FILETYPE_PEM, server_cert)
serverSerial = certobj.get_serial_number()
Issuer = certobj.get_issuer().get_components()
CN, L = None, None
for i in Issuer:
if i[0] == 'CN':
CN = i[1]
CN = i[1]
elif i[0] == 'L':
L = i[1]
L = i[1]
if CN and len(CN) > 2:
crl_file = crl_path + CN
elif L:
@ -55,31 +61,30 @@ def verify(server_cert, crl_path, flag):
crl_file = crl_path + host
else:
if not flag:
print _( "fields CN and L in the CA certificate are incorrect!")
print _("fields CN and L in the CA certificate are incorrect!")
return 0
if not os.path.exists(crl_file):
if not flag:
pass
# print _("This certificate can not be verified in the CRL.")
# print _("This certificate can not be verified in the CRL.")
return 0
with open(crl_file, 'r') as _crl_file:
crl = "".join(_crl_file.readlines())
if crl == '':
return 0
crl_object = OpenSSL.crypto.load_crl(OpenSSL.crypto.FILETYPE_PEM, crl)
revoked_objects = crl_object.get_revoked()
for rvk in revoked_objects:
if serverSerial == int(rvk.get_serial(), 16):
print _("This certificate has been revoked!")
print _("Serial")+ _(': %s\n') %rvk.get_serial() + _("Revoke date") + \
_(': %s') %rvk.get_rev_date()
print _("Serial") + _(': %s\n') % rvk.get_serial() + _(
"Revoke date") + _(': %s') % rvk.get_rev_date()
raise VerifyError('CRL Exception')
return 0
@ -95,100 +100,105 @@ def get_CRL(path_to_cert):
try:
os.makedirs(path_to_cert)
except OSError:
print _("Failed to create directory %s") %path_to_cert
print _("Failed to create directory %s") % path_to_cert
raise Exception(1)
try:
os.makedirs(os.path.join(path_to_cert, 'ca'))
except OSError:
print _("Failed to create directory %s") \
%(os.path.join(path_to_cert, 'ca'))
print _("Failed to create directory %s") % (
os.path.join(path_to_cert, 'ca'))
raise Exception(1)
os.makedirs(CRL_path)
clVars = DataVarsCore()
clVars.importCore()
clVars.flIniFile()
# user and system ca and root certificates
user_root_cert = clVars.Get('core.cl_user_root_cert')
homePath = clVars.Get('ur_home_path')
user_root_cert = user_root_cert.replace("~",homePath)
user_root_cert = user_root_cert.replace("~", homePath)
glob_root_cert = clVars.Get('core.cl_glob_root_cert')
if os.path.exists(user_root_cert):
user_ca_certs = open(user_root_cert, 'r').read()
else: user_ca_certs = ''
else:
user_ca_certs = ''
if os.path.exists(glob_root_cert):
glob_ca_certs = open(glob_root_cert, 'r').read()
else: glob_ca_certs = ''
else:
glob_ca_certs = ''
# get certificates list fron text
p = re.compile('[-]+[\w ]+[-]+\n+[\w\n\+\\=/]+[-]+[\w ]+[-]+\n?')
user_ca_certs_list = p.findall(user_ca_certs)
glob_ca_certs_list = p.findall(glob_ca_certs)
# association in one list
all_ca_certs_list = user_ca_certs_list + glob_ca_certs_list
for ca in all_ca_certs_list:
certobj = OpenSSL.crypto.load_certificate \
(OpenSSL.SSL.FILETYPE_PEM, ca)
certobj = OpenSSL.crypto.load_certificate(OpenSSL.SSL.FILETYPE_PEM, ca)
# get url from certificates
url = None
CN = None
Subject = certobj.get_subject().get_components()
last_subj = ""
for subj in Subject:
if subj[0] == 'L':
url = "https://" + subj[1] +"/?wsdl"
url = "https://" + subj[1] + "/?wsdl"
if subj[0] == 'CN':
CN = subj[1]
last_subj = subj
if url:
new_crl = None
from client_class import Client_suds
from client_class import HTTPSClientCertTransport
# connect to ca server (url get from certificates)
client = None
try:
client = Client_suds(url,\
transport = HTTPSClientCertTransport(None, None, \
client = Client_suds(
url, transport=HTTPSClientCertTransport(None, None,
path_to_cert))
client.set_parameters (path_to_cert, None, None)
client.set_parameters(path_to_cert, None, None)
new_crl = client.service.get_crl()
except VerifyError, e:
_print (e.value)
#rm_ca_from_trusted(ca)
_print(e.value)
# rm_ca_from_trusted(ca)
raise Exception(1)
except:
pass
client.wsdl.services[0].setlocation(url)
if 'new_crl' in locals():
if new_crl:
if CN and len(CN) > 2:
CRL_file = CRL_path + CN
else:
host = subj[1].split(':')[0]
CRL_file = CRL_path + host
if new_crl == ' ':
open(CRL_file, 'w')
#if os.path.exists(CRL_file):
#os.unlink(CRL_file)
if new_crl:
if CN and len(CN) > 2:
CRL_file = CRL_path + CN
else:
host = last_subj[1].split(':')[0]
CRL_file = CRL_path + host
if new_crl == ' ':
open(CRL_file, 'w')
# if os.path.exists(CRL_file):
# os.unlink(CRL_file)
continue
if os.path.exists(CRL_file):
if open(CRL_file, 'r').read() == new_crl:
continue
if os.path.exists(CRL_file):
if open(CRL_file, 'r').read() == new_crl:
continue
fd = open(CRL_file, 'w')
fd.write(new_crl)
fd.close()
print _("CRL added")
find_ca_in_crl (CRL_path, all_ca_certs_list)
def find_ca_in_crl (CRL_path, all_ca_certs_list):
CRL_name_list = glob.glob(CRL_path + '*')
fd = open(CRL_file, 'w')
fd.write(new_crl)
fd.close()
print _("CRL added")
find_ca_in_crl(CRL_path, all_ca_certs_list)
def find_ca_in_crl(CRL_path, all_ca_certs_list):
for ca in all_ca_certs_list:
certobj = OpenSSL.crypto.load_certificate \
(OpenSSL.SSL.FILETYPE_PEM, ca)
certobj = OpenSSL.crypto.load_certificate(
OpenSSL.SSL.FILETYPE_PEM, ca)
Issuer = certobj.get_issuer().get_components()
CN = ""
for item in Issuer:
if item[0] == 'CN':
CN = item[1]
@ -196,13 +206,13 @@ def find_ca_in_crl (CRL_path, all_ca_certs_list):
CRL = CRL_path + CN
if not os.path.exists(CRL):
continue
with open(CRL, 'r') as _crl_file:
crl = "".join(_crl_file.readlines())
try:
crl_object = OpenSSL.crypto.load_crl \
(OpenSSL.crypto.FILETYPE_PEM, crl)
crl_object = OpenSSL.crypto.load_crl(
OpenSSL.crypto.FILETYPE_PEM, crl)
except:
continue
revoked_objects = crl_object.get_revoked()
@ -211,30 +221,33 @@ def find_ca_in_crl (CRL_path, all_ca_certs_list):
if serverSerial == int(rvk.get_serial(), 16):
rm_ca_from_trusted(ca)
def rm_ca_from_trusted(ca_cert):
clVars = DataVarsCore()
clVars.importCore()
clVars.flIniFile()
user_ca_dir = clVars.Get('core.cl_client_cert_dir')
homePath = clVars.Get('ur_home_path')
user_ca_dir = user_ca_dir.replace("~",homePath)
user_ca_dir = user_ca_dir.replace("~", homePath)
user_ca_dir = os.path.join(user_ca_dir, 'ca')
user_ca_list = os.path.join(user_ca_dir, 'cert_list')
user_ca_db = clVars.Get('core.cl_user_root_cert')
homePath = clVars.Get('ur_home_path')
user_ca_db = user_ca_db.replace("~",homePath)
user_ca_db = user_ca_db.replace("~", homePath)
system_ca_dir = clVars.Get('core.cl_core_cert_path')
system_ca_list = os.path.join(system_ca_dir, 'cert_list')
system_ca_db = clVars.Get('core.cl_glob_root_cert')
import hashlib
md5 = hashlib.md5()
md5.update(ca_cert)
md5sum = md5.hexdigest()
# search ca certificate in user ca list
newfile = ''
with open(user_ca_list) as fd:
t = fd.read()
# See each line
@ -248,52 +261,52 @@ def rm_ca_from_trusted(ca_cert):
try:
os.unlink(filename)
except OSError, e:
_print (e.message)
_print(e.message)
else:
newfile += (line + '\n')
else:
newfile += (line + '\n')
fd.close()
fn = open(user_ca_list, 'w')
fn.write(newfile)
fn.close()
p = re.compile('[-]+[\w ]+[-]+\n+[\w\n\+\\=/]+[-]+[\w ]+[-]+\n?')
# open, write and split user ca certificates
user_ca_certs = open(user_ca_db, 'r').read()
user_ca_certs_list = p.findall(user_ca_certs)
if ca_cert in user_ca_certs_list:
new_user_ca_certs = []
for cert in user_ca_certs_list:
if ca_cert != cert:
new_user_ca_certs.append(cert)
else:
print _("CA certificate deleted from the list of user " \
print _("CA certificate deleted from the list of user "
"trusted certificates")
fd = open(user_ca_db, 'w')
for cert in new_user_ca_certs:
fd.write(cert)
fd.close()
if not os.path.exists(system_ca_db):
open(system_ca_db, 'w')
system_ca_certs = open(system_ca_db, 'r').read()
system_ca_certs_list = p.findall(system_ca_certs)
if ca_cert in system_ca_certs_list:
new_system_ca_certs = []
for cert in system_ca_certs_list:
if ca_cert != cert:
new_system_ca_certs.append(cert)
else:
print _("CA certificate deleted from the list of system " \
print _("CA certificate deleted from the list of system "
"trusted certificates")
fd = open(system_ca_db, 'w')
for cert in new_system_ca_certs:
fd.write(cert)

239
pym/console/application/cl_client.py

@ -1,4 +1,4 @@
#-*- coding: utf-8 -*-
# -*- coding: utf-8 -*-
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org
#
@ -20,12 +20,16 @@ from sudsds.transport import TransportError
from client_class import Client_suds
import traceback as tb
import time, logging
import os, sys
import threading, urllib2
import time
import logging
import os
import sys
import threading
import urllib2
from pid_information import client_list_methods
from cert_func import client_post_auth, client_post_request, client_get_cert,\
client_post_cert, get_password_from_daemon, clear_password
from cert_func import (client_post_auth, client_post_request, client_get_cert,
client_post_cert, get_password_from_daemon,
clear_password)
from sid_func import session_clean, client_session_info, client_session_list
from cert_verify import get_CRL, VerifyError
@ -33,11 +37,13 @@ import M2Crypto, OpenSSL
from calculate.core.datavars import DataVarsCore
from client_class import HTTPSClientCertTransport
from methods_func import call_method, get_method_argparser, parse, get_view
from function import MessageReceiver, MessageDispatcher, clear, _print, \
get_view_params
from function import (MessageReceiver, MessageDispatcher, clear, _print,
get_view_params)
from calculate.lib.utils.files import makeDirectory, readLinesFile
from calculate.lib.cl_lang import setLocalTranslate
setLocalTranslate('cl_console3',sys.modules[__name__])
_ = lambda x: x
setLocalTranslate('cl_console3', sys.modules[__name__])
def get_message_receiver(client):
@ -48,6 +54,7 @@ def get_entire_message_receiver(client, pid):
return MessageReceiver.from_entire(client, pid,
MessageDispatcher(Methods()), Display())
def client_signal(client):
Vars = DataVarsCore()
Vars.importCore()
@ -57,7 +64,7 @@ def client_signal(client):
except:
client_active = 15
while True:
if os.path.exists(client.SID_FILE) :
if os.path.exists(client.SID_FILE):
fi = open(client.SID_FILE, 'r')
temp = fi.read()
fi.close()
@ -71,6 +78,7 @@ def client_signal(client):
raise Exception(1)
time.sleep(float(client_active))
class StoppableThread(threading.Thread):
def __init__(self):
super(StoppableThread, self).__init__()
@ -79,8 +87,7 @@ class StoppableThread(threading.Thread):
self._paused = threading.Event()
def run(self):
l = ['|','/','-','\\','|','/','-','\\']
i = 0
l = ['|', '/', '-', '\\', '|', '/', '-', '\\']
while True:
for i in l:
sys.stdout.write("\r\r" + i)
@ -92,7 +99,6 @@ class StoppableThread(threading.Thread):
sys.stdout.write("\b")
sys.stdout.flush()
return 0
def pause(self):
self._pause.set()
@ -113,6 +119,7 @@ class StoppableThread(threading.Thread):
def paused(self):
return self._pause.isSet()
def connect_with_cert(cert, path_to_cert, url, args, wait_thread, clVarsCore,
crypto_Error, Connect_Error):
flag_thread_start = False
@ -121,50 +128,53 @@ def connect_with_cert(cert, path_to_cert, url, args, wait_thread, clVarsCore,
CERT_KEY = os.path.join(path_to_cert, cert_name + '.key')
if not os.path.isfile(CERT_FILE) or not os.path.isfile(CERT_KEY):
Connect_Error = 1
return (None, 1, crypto_Error, False, None)
return None, 1, crypto_Error, False, None
client = None
bio = M2Crypto.BIO.openfile(CERT_KEY)
rsa = M2Crypto.m2.rsa_read_key(bio._ptr(),lambda *unused: None)
rsa = M2Crypto.m2.rsa_read_key(bio._ptr(), lambda *unused: None)
store_passwd = None
if not rsa:
port = args.port or clVarsCore.Get('core.cl_core_port')
store_passwd = get_password_from_daemon(args.host, args.port,
wait_thread)
if 'store_passwd' in locals():
key_passwd = store_passwd
else:
key_passwd = None
store_passwd = get_password_from_daemon(args.host, port, wait_thread)
key_passwd = store_passwd
er = None
try:
ca_certs = os.path.join(path_to_cert, 'ca/ca_root.crt')
client = Client_suds(url, transport=HTTPSClientCertTransport \
(CERT_KEY, CERT_FILE, path_to_cert, password=key_passwd,
ca_certs = ca_certs, wait_thread = wait_thread))
client = Client_suds(
url, transport=HTTPSClientCertTransport(
CERT_KEY, CERT_FILE, path_to_cert, password=key_passwd,
ca_certs=ca_certs, wait_thread=wait_thread))
if not wait_thread.isAlive():
wait_thread = StoppableThread()
flag_thread_start = True
wait_thread.start()
client.wsdl.services[0].setlocation(url)
client.set_parameters (path_to_cert, CERT_FILE, CERT_KEY)
client.set_parameters(path_to_cert, CERT_FILE, CERT_KEY)
wait_thread.stop()
client_post_cert(client, clVarsCore)
Connect_Error = 0
except VerifyError, e:
Connect_Error = 1
er = e
except OpenSSL.crypto.Error, e:
Connect_Error = 1
crypto_Error = 1
er = e
except urllib2.URLError, e:
Connect_Error = 1
except Exception, e:
er = e
except Exception as e:
er = e
if e.message == 3:
wait_thread.stop()
sys.exit(1)
Connect_Error = 1
if flag_thread_start:
wait_thread.stop()
return (client, Connect_Error, crypto_Error,
True if 'store_passwd' in locals() else False,
e if 'e' in locals() else None)
return (client, Connect_Error, crypto_Error,
True if store_passwd is not None else False, er)
def get_server_hostname(host, path_to_cert):
compliance_file = os.path.join(path_to_cert, 'compliance_server_names')
@ -172,11 +182,12 @@ def get_server_hostname(host, path_to_cert):
fd = open(compliance_file, 'w')
fd.close()
for line in readLinesFile(compliance_file):
adress, server_hostname = line.split(' ',1)
adress, server_hostname = line.split(' ', 1)
if adress == host:
return server_hostname
return None
def add_server_hostname(host, path_to_cert, server_hostname):
try:
compliance_file = os.path.join(path_to_cert, 'compliance_server_names')
@ -186,14 +197,14 @@ def add_server_hostname(host, path_to_cert, server_hostname):
temp_file = ''
find_flag = False
for line in readLinesFile(compliance_file):
adress, temp_server_hostname = line.split(' ',1)
adress, temp_server_hostname = line.split(' ', 1)
if adress == host:
temp_file += "%s %s\n" %(adress, server_hostname)
temp_file += "%s %s\n" % (adress, server_hostname)
find_flag = True
else:
temp_file += line+'\n'
temp_file += line + '\n'
if not find_flag:
temp_file += "%s %s\n" %(host, server_hostname)
temp_file += "%s %s\n" % (host, server_hostname)
fd = open(compliance_file, 'w')
fd.write(temp_file)
fd.close()
@ -202,23 +213,10 @@ def add_server_hostname(host, path_to_cert, server_hostname):
print e
return False
def https_server(client, args, unknown_args, url, clVarsCore, wait_thread):
client_post_auth(client)
# sym_link = os.path.basename(sys.argv[0])
# if sym_link != 'cl-console':
# wait_thread.stop()
# results = client.service.get_methods(client.sid, 'console')
# find_flag = False
# if hasattr (results, 'stringArray'):
# for _array in results.stringArray:
# if _array.string[0] == sym_link:
# args.method = _array.string[1]
# find_flag = True
# break
# if not find_flag:
# _print (_('Method not found for %s') %sym_link)
if args.stop_consoled:
wait_thread.stop()
os.system('cl-consoled --stop')
@ -242,9 +240,11 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread):
wait_thread.stop()
if args.dump:
from pid_information import client_pid_info
client_pid_info(client)
else:
from pid_information import client_list_pid
client_list_pid(client)
return 0
@ -267,6 +267,7 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread):
if args.pid_kill:
wait_thread.stop()
from pid_information import client_pid_kill
return client_pid_kill(client, args.pid_kill)
retCode = 0
@ -289,7 +290,8 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread):
_unknown_args = method_parser.fixBoolVariables(unknown_args)
_args, _unknown_args = method_parser.parse_known_args(_unknown_args)
_args, _unknown_args = method_parser.parse_known_args(
_unknown_args)
if dispatch_usenew == _args.no_questions:
method_parser.print_help()
@ -308,16 +310,16 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread):
client.no_progress = args.no_progress
try:
mr.analysis(method_result)
#analysis(client, client.sid, method_result)
# analysis(client, client.sid, method_result)
except urllib2.URLError, e:
_print (e)
_print(e)
except KeyboardInterrupt:
try:
print
mess = method_result[0][0]
pid = int(mess.message)
result = client.service.pid_kill(pid, client.sid)
if result in [0,2]:
if result in [0, 2]:
print _('Process terminated')
elif result == -1:
print _("Certificate not found on the server")
@ -334,14 +336,15 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread):
pid = int(mess.message)
except:
return 1
retCode = \
1 if int(client.service.pid_info(client.sid,pid)[0][1]) else 0
retCode = 1 if int(
client.service.pid_info(client.sid, pid)[0][1]) else 0
if not args.keep_result:
client.service.clear_pid_cache(client.sid, pid)
client.service.clear_method_cache(client.sid, args.method)
wait_thread.stop()
return retCode
def main(wait_thread):
parser = parse()
args, unknown_args = parser.parse_known_args()
@ -361,6 +364,7 @@ def main(wait_thread):
cl_wsdl = ob.Get('cl_wsdl_available')
# создать симлинки на команды
from calculate.core.server.func import initialization
initialization(cl_wsdl)
ob.close()
if sym_link in loaded_methods.LoadedMethods.conMethods.keys():
@ -398,7 +402,7 @@ def main(wait_thread):
path_to_cert = args.path_to_cert
if not path_to_cert:
path_to_cert = clVarsCore.Get('core.cl_client_cert_dir')
path_to_cert = path_to_cert.replace("~",homePath)
path_to_cert = path_to_cert.replace("~", homePath)
for dirs in ['', 'ca', 'trusted']:
dir_path = os.path.join(path_to_cert, dirs)
@ -407,12 +411,12 @@ def main(wait_thread):
wait_thread.stop()
sys.stdout.write('\r')
sys.stdout.flush()
print _("Failed to create directory %s") %dir_path
print _("Failed to create directory %s") % dir_path
return 1
if args.update_crl:
wait_thread.stop()
getCRL = threading.Thread(target=get_CRL, args = (path_to_cert, ))
getCRL = threading.Thread(target=get_CRL, args=(path_to_cert,))
getCRL.start()
getCRL.join()
print 'CRL updated'
@ -420,24 +424,26 @@ def main(wait_thread):
if args.by_host:
wait_thread.stop()
client_post_request (path_to_cert, args)
client_post_request(path_to_cert, args)
return 0
if args.from_host:
wait_thread.stop()
client_get_cert (path_to_cert, args)
client_get_cert(path_to_cert, args)
return 0
url = "https://%s:%s/?wsdl" %(host, port)
url = "https://%s:%s/?wsdl" % (host, port)
clear()
serv_hostname = get_server_hostname(host, path_to_cert)
get_name_flag = False
client = None
if serv_hostname:
Connect_Error = 1
crypto_Error = 0
client, Connect_Error, crypto_Error, passwd_flag, e = \
connect_with_cert (serv_hostname, path_to_cert, url, args,
wait_thread, clVarsCore, crypto_Error, Connect_Error)
connect_with_cert(serv_hostname, path_to_cert, url, args,
wait_thread, clVarsCore, crypto_Error,
Connect_Error)
if not wait_thread.isAlive():
wait_thread = StoppableThread()
wait_thread.start()
@ -457,62 +463,64 @@ def main(wait_thread):
get_name_flag = False
if get_name_flag:
try:
client.port = port
return_val = 1
if client:
try:
return_val = https_server(client, args, unknown_args, url, \
clVarsCore, wait_thread)
except urllib2.URLError, e:
print _('Error: '), e
client.port = port
return_val = 1
try:
return_val = https_server(client, args, unknown_args, url,
clVarsCore, wait_thread)
except urllib2.URLError, e:
print _('Error: '), e
except KeyboardInterrupt:
wait_thread.stop()
red = '\n' + '\033[31m * \033[0m'
print red + _("Manually interrupted")
except Exception, e:
wait_thread.stop()
if type(e.message) != int:
if e.message:
print e.message
elif e.args:
print e
return 1
wait_thread.stop()
return return_val
except WebFault, f:
print _("Exception: %s") % f
_print(f.fault)
except TransportError, te:
print _("Exception: %s") % te
except KeyboardInterrupt:
wait_thread.stop()
red = '\n'+'\033[31m * \033[0m'
red = '\n' + '\033[31m * \033[0m'
print red + _("Manually interrupted")
except Exception, e:
wait_thread.stop()
if type(e.message) != int:
if e.message:
print e.message
elif e.args:
print e
# tb.print_exc()
return 1
wait_thread.stop()
return return_val
except WebFault, f:
print _("Exception: %s") %f
_print (f.fault)
except TransportError, te:
print _("Exception: %s") %te
except KeyboardInterrupt:
wait_thread.stop()
red = '\n'+'\033[31m * \033[0m'
print red + _("Manually interrupted")
except Exception, e:
print _("Exception: %s") %e
tb.print_exc()
print _("Exception: %s") % e
tb.print_exc()
wait_thread.stop()
server_host_name = ""
try:
client = Client_suds(url, \
transport = HTTPSClientCertTransport(None,None, path_to_cert))
client = Client_suds(
url, transport=HTTPSClientCertTransport(None, None, path_to_cert))
client.wsdl.services[0].setlocation(url)
server_host_name = client.service.get_server_host_name()
if not add_server_hostname(host, path_to_cert, server_host_name):
print 'compliance_file write error!'
del (client)
del client
except urllib2.URLError, e:
wait_thread.stop()
print '\b' + _('Failed to connect')+':', e
print '\b' + _('Failed to connect') + ':', e
return 1
except KeyboardInterrupt:
wait_thread.stop()
red = '\n'+'\033[31m * \033[0m'
red = '\n' + '\033[31m * \033[0m'
print red + _("Manually interrupted")
try:
import glob
all_cert_list = glob.glob(os.path.join(path_to_cert, '*.crt'))
fit_cert_list = []
for client_cert_path in all_cert_list:
@ -520,16 +528,18 @@ def main(wait_thread):
client_cert_name = client_cert.replace('.crt', '')
if server_host_name.endswith(client_cert_name):
fit_cert_list.append(client_cert_name)
fit_cert_list.sort(key = len)
fit_cert_list.sort(key=len)
Connect_Error = 1
crypto_Error = 0
e = None
passwd_flag = False