From c193eee22b853fc9a14a69e0dc8fbbcc364436c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A5=D0=B8=D1=80=D0=B5=D1=86=D0=BA=D0=B8=D0=B9=20=D0=9C?= =?UTF-8?q?=D0=B8=D1=85=D0=B0=D0=B8=D0=BB?= Date: Mon, 14 Nov 2016 10:55:24 +0300 Subject: [PATCH] Refactoring --- pym/console/application/cert_func.py | 266 ++++++++++++--------- pym/console/application/cert_verify.py | 179 +++++++------- pym/console/application/cl_client.py | 239 +++++++++--------- pym/console/application/client_class.py | 229 ++++++++++-------- pym/console/application/create_cert.py | 60 ++--- pym/console/application/function.py | 57 ++--- pym/console/application/methods_func.py | 67 +++--- pym/console/application/pid_information.py | 52 ++-- pym/console/application/sid_func.py | 60 +++-- pym/console/console_main.py | 11 +- pym/console/datavars.py | 7 +- pym/console/variables/console.py | 10 +- 12 files changed, 677 insertions(+), 560 deletions(-) diff --git a/pym/console/application/cert_func.py b/pym/console/application/cert_func.py index 5bda2dd..82d3a1c 100644 --- a/pym/console/application/cert_func.py +++ b/pym/console/application/cert_func.py @@ -1,4 +1,4 @@ -#-*- coding: utf-8 -*- +# -*- coding: utf-8 -*- # Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org # @@ -14,13 +14,18 @@ # See the License for the specific language governing permissions and # limitations under the License. -import os, pwd -import sys, subprocess -import socket, time +import os +import pwd +import sys +import subprocess +import socket +import time import urllib2 +from calculate.console.application.function import _print from function import get_ip_mac_type from calculate.console.application.sid_func import get_sid -import OpenSSL, hashlib +import OpenSSL +import hashlib from client_class import HTTPSClientCertTransport from cert_verify import VerifyError from calculate.core.datavars import DataVarsCore @@ -28,42 +33,47 @@ from calculate.core.server.methods_func import get_password from calculate.lib.cl_lang import setLocalTranslate from calculate.lib.utils.common import getpass from calculate.lib.utils.files import listDirectory -setLocalTranslate('cl_console3',sys.modules[__name__]) + +_ = lambda x: x +setLocalTranslate('cl_console3', sys.modules[__name__]) VERSION = 0.11 -def client_post_cert (client, clVars, show_info = False): + +def client_post_cert(client, clVars, show_info=False): """ send a certificate server for check """ sid = get_sid(client.SID_FILE) - + lang = os.environ['LANG'][:2] _result_post_cert, _result_sid = client.service.init_session(sid, lang) result_post_cert = _result_post_cert[1].integer result_sid = _result_sid[1].integer if os.environ.get("DEBUG"): - print _("The client uses certificate %s (server ID %s)") %(client.CERT_FILE, result_post_cert[0]) + print _("The client uses certificate %s (server ID %s)") % ( + client.CERT_FILE, result_post_cert[0]) if result_post_cert[0] == -4: print _("Certificate not found on the server") - print _("the client uses certificate %s") %client.CERT_FILE - print _('You can generate a new certificate using options --gen-cert-by and '\ + print _("the client uses certificate %s") % client.CERT_FILE + print _('You can generate a new certificate ' + 'using options --gen-cert-by and ' '--get-cert-from') raise Exception(3) -# client_sid(sid, client, cert_id = results[0][0], clVars = clVars) + # client_sid(sid, client, cert_id = results[0][0], clVars = clVars) if result_post_cert[0] == -3: print _("Certificate not sent!") elif result_post_cert[0] == -2: print _("Using the upstream certificate") else: if show_info: - print _(" Your certifitate ID = %d") %(result_post_cert[0]) + print _(" Your certifitate ID = %d") % (result_post_cert[0]) try: if result_post_cert[1] == -2: print _("The certificate has expired") elif result_post_cert[1] > 0: if show_info: print _("The certificate expires after %d days") \ - %(result_post_cert[1]) + % (result_post_cert[1]) except: pass @@ -75,27 +85,30 @@ def client_post_cert (client, clVars, show_info = False): if show_info: if result_sid[1] == 1: print _(" New Session") - else: print _(" Old Session") - print _(" Your session ID = %s") %sid - -#Creation of secret key of the client -def new_key_req(key, cert_path, server_host_name, private_key_passwd = None, \ - auto = False): - from create_cert import generateRSAKey, makePKey, makeRequest,\ - passphrase_callback + else: + print _(" Old Session") + print _(" Your session ID = %s") % sid + + +# Creation of secret key of the client +def new_key_req(key, cert_path, server_host_name, private_key_passwd=None, + auto=False): + from create_cert import generateRSAKey, makePKey, makeRequest, \ + passphrase_callback + rsa = generateRSAKey() - rsa.save_key(key+'_pub', cipher=None, callback = lambda *unused: None) + rsa.save_key(key + '_pub', cipher=None, callback=lambda *unused: None) pkey = makePKey(rsa) if not passphrase_callback(private_key_passwd): - pkey.save_key(key, cipher = None, callback = lambda *unused: None) + pkey.save_key(key, cipher=None, callback=lambda *unused: None) else: - pkey.save_key(key, callback= lambda *unused: str(private_key_passwd)) + pkey.save_key(key, callback=lambda *unused: str(private_key_passwd)) req = makeRequest(rsa, pkey, server_host_name, auto) crtreq = req.as_pem() - req_file = cert_path + '/%s.csr' %server_host_name + req_file = cert_path + '/%s.csr' % server_host_name crtfile = open(req_file, 'w') crtfile.write(crtreq) crtfile.close() @@ -104,13 +117,14 @@ def new_key_req(key, cert_path, server_host_name, private_key_passwd = None, \ try: pwdObj = pwd.getpwnam(user_name) except KeyError, e: - _print (e) + _print(e) return None os.chown(key, pwdObj.pw_uid, pwdObj.pw_gid) os.chmod(key, 0600) return req_file + def delete_old_cert(client): try: os.unlink(client.CERT_FILE) @@ -118,15 +132,16 @@ def delete_old_cert(client): os.unlink(client.PKEY_FILE) os.unlink(client.PubKEY_FILE) except OSError, e: - _print (e.message) + _print(e.message) -def client_post_request (cert_path, args): + +def client_post_request(cert_path, args): if os.path.exists(cert_path + 'req_id'): print \ _("You already sent a certificate signature request.") - _print (_("Request ID = %s") %open(cert_path + 'req_id', 'r').read()) - ans = raw_input (_("Send a new request? y/[n]: ")) - if not ans.lower() in ['y','yes']: + _print(_("Request ID = %s") % open(cert_path + 'req_id', 'r').read()) + ans = raw_input(_("Send a new request? y/[n]: ")) + if not ans.lower() in ['y', 'yes']: return 0 clVars = DataVarsCore() clVars.importCore() @@ -134,49 +149,51 @@ def client_post_request (cert_path, args): port = args.port or clVars.Get('core.cl_core_port') - url = "https://%s:%s/?wsdl" %(args.by_host, port) - print '%s\n'% url, _("connecting...") + url = "https://%s:%s/?wsdl" % (args.by_host, port) + print '%s\n' % url, _("connecting...") from client_class import Client_suds + try: - client = Client_suds(url, transport = HTTPSClientCertTransport \ - (None, None, cert_path)) + client = Client_suds(url, transport=HTTPSClientCertTransport \ + (None, None, cert_path)) except (KeyboardInterrupt, urllib2.URLError), e: - print '\n'+_("Closing. Connection error.") - _print (_("Error: %s") %e) + print '\n' + _("Closing. Connection error.") + _print(_("Error: %s") % e) return 0 client.wsdl.services[0].setlocation(url) - + server_host_name = client.service.get_server_host_name() - + key = os.path.join(cert_path, server_host_name + '.key') - csr_file = os.path.join(cert_path, server_host_name +'.csr') + csr_file = os.path.join(cert_path, server_host_name + '.csr') if os.path.exists(key) and os.path.exists(csr_file): print _("the private key and request now exist") ask = raw_input(_("Create a new private key and request? y/[n]: ")) - if ask.lower() in ['y','yes']: + if ask.lower() in ['y', 'yes']: passwd = get_password() - new_key_req(key, cert_path, server_host_name, - private_key_passwd = passwd) + new_key_req(key, cert_path, server_host_name, + private_key_passwd=passwd) else: passwd = get_password() new_key_req(key, cert_path, server_host_name, - private_key_passwd = passwd) + private_key_passwd=passwd) ip, mac, client_type = get_ip_mac_type() data = open(csr_file).read() - res = client.service.post_client_request(request = data, ip = ip,\ - mac = mac, client_type = client_type) + res = client.service.post_client_request(request=data, ip=ip, + mac=mac, client_type=client_type) if int(res) < 0: print _("The server has not signed the certificate!") return 1 fc = open(os.path.join(cert_path, 'req_id'), 'w') fc.write(res) fc.close() - _print (_("Your request ID = %s") %res + '.\n', - _("To submit the certificate request on the server use command") + \ - '\n'+'cl-core --sign-client ID_CLIENT_REQUEST') + _print(_("Your request ID = %s") % res + '.\n', + _("To submit the certificate request on the server use command") + \ + '\n' + 'cl-core --sign-client ID_CLIENT_REQUEST') return 0 - + + def client_get_cert(cert_path, args): clVars = DataVarsCore() clVars.importCore() @@ -184,35 +201,38 @@ def client_get_cert(cert_path, args): if not os.path.exists(os.path.join(cert_path, 'req_id')): print _("Request not sent or file %s deleted") \ - %(os.path.join(cert_path, 'req_id')) + % (os.path.join(cert_path, 'req_id')) return 1 fc = open(os.path.join(cert_path, 'req_id'), 'r') req_id = fc.read() fc.close() port = args.port or clVars.Get('core.cl_core_port') - url = "https://%s:%s/?wsdl" %(args.from_host, port) - print '%s\n' %url, _("connecting...") - + url = "https://%s:%s/?wsdl" % (args.from_host, port) + print '%s\n' % url, _("connecting...") + from client_class import Client_suds + try: - client = Client_suds(url, \ - transport = HTTPSClientCertTransport(None, None, cert_path)) + client = Client_suds(url, + transport=HTTPSClientCertTransport(None, None, + cert_path)) except KeyboardInterrupt: print _("Closing. Connection error.") + return 1 client.wsdl.services[0].setlocation(url) - + server_host_name = client.service.get_server_host_name() - + if not os.path.exists(os.path.join(cert_path, server_host_name + '.csr')): print _("Request %s not found on the client's side") \ - %(os.path.join(cert_path, server_host_name + '.csr')) + % (os.path.join(cert_path, server_host_name + '.csr')) return 1 request = open(os.path.join(cert_path, server_host_name + '.csr')).read() md5 = hashlib.md5() md5.update(request) md5sum = md5.hexdigest() - + result = client.service.get_client_cert(req_id, md5sum) cert = result[0][0] try: @@ -224,9 +244,9 @@ def client_get_cert(cert_path, args): return 1 elif cert == '2': print _("Signature request not examined yet.") - print _("Your request ID = %s") %req_id + '.\n',\ - _("To submit the certificate request on the server use command") + \ - '\n'+'cl-core --sign-client ID_CLIENT_REQUEST' + print _("Your request ID = %s") % req_id + '.\n', \ + _("To submit the certificate request on the server use command") + \ + '\n' + 'cl-core --sign-client ID_CLIENT_REQUEST' return 1 elif cert == '3': print _("Request or signature not matching earlier data.") @@ -241,13 +261,13 @@ def client_get_cert(cert_path, args): try: os.unlink(cert_path + 'req_id') except OSError, e: - _print (e.message) - print _('Certificate saved. Your certificate ID: %s') %req_id + _print(e.message) + print _('Certificate saved. Your certificate ID: %s') % req_id user_name = pwd.getpwuid(os.getuid()).pw_name try: pwdObj = pwd.getpwnam(user_name) except KeyError, e: - _print (e) + _print(e) return None os.chown(cert_file, pwdObj.pw_uid, pwdObj.pw_gid) os.chmod(cert_file, 0600) @@ -261,7 +281,7 @@ def client_get_cert(cert_path, args): cl_client_cert_dir = clVars.Get('core.cl_client_cert_dir') homePath = clVars.Get('ur_home_path') - cl_client_cert_dir = cl_client_cert_dir.replace("~",homePath) + cl_client_cert_dir = cl_client_cert_dir.replace("~", homePath) root_cert_md5 = os.path.join(cl_client_cert_dir, "ca/cert_list") md5 = hashlib.md5() @@ -271,7 +291,7 @@ def client_get_cert(cert_path, args): print "md5sum = ", md5sum if not os.path.exists(root_cert_md5): - fc = open(root_cert_md5,"w") + fc = open(root_cert_md5, "w") fc.close() filename = None @@ -280,32 +300,31 @@ def client_get_cert(cert_path, args): # for each line for line in t.splitlines(): # Split string into a words list - words = line.split(' ',1) + words = line.split(' ', 1) if words[0] == md5sum: filename = words[1] if not filename: certobj = OpenSSL.crypto.load_certificate \ - (OpenSSL.SSL.FILETYPE_PEM, ca_root) + (OpenSSL.SSL.FILETYPE_PEM, ca_root) Issuer = certobj.get_issuer().get_components() for item in Issuer: if item[0] == 'CN': filename = item[1] - - fc = open(root_cert_md5,"a") - fc.write('%s %s\n' %(md5sum, filename)) + + fc = open(root_cert_md5, "a") + fc.write('%s %s\n' % (md5sum, filename)) fc.close() - + if not filename: print _('Field "CN" not found in the certificate!') return 1 - + fd = open(os.path.join(cl_client_cert_dir, 'ca', filename), 'w') fd.write(ca_root) fd.close() - - + user_root_cert = clVars.Get('core.cl_user_root_cert') - user_root_cert = user_root_cert.replace("~",homePath) + user_root_cert = user_root_cert.replace("~", homePath) fa = open(user_root_cert, 'a') fa.write(ca_root) fa.close() @@ -314,94 +333,103 @@ def client_get_cert(cert_path, args): else: print _("The file containing the CA certificate now exists") return 0 - + + def client_post_auth(client): """ authorization client or post request """ sid = get_sid(client.SID_FILE) client.sid = int(sid) try: if os.path.exists(client.CERT_FILE): - pass#client_post_cert(client) + pass # client_post_cert(client) else: - #client_post_request(client) - print _("You do not have a certificate. Use option --gen-cert-by HOST to generate a new request or --get-cert-from HOST to get a new certificate from the server.") + # client_post_request(client) + print _( + "You do not have a certificate. Use option --gen-cert-by HOST to generate a new request or --get-cert-from HOST to get a new certificate from the server.") raise Exception(1) -# print client.service.versions(sid, VERSION) + # print client.service.versions(sid, VERSION) except VerifyError, e: print e.value raise Exception(1) - + + ########## Get password def getRunProc(): """List run program""" + def getCmd(procNum): - cmdLineFile = '/proc/%s/cmdline'%procNum + cmdLineFile = '/proc/%s/cmdline' % procNum try: if os.path.exists(cmdLineFile): - return [open(cmdLineFile,'r').read().strip(), procNum] + return [open(cmdLineFile, 'r').read().strip(), procNum] except: pass return ["", procNum] - if not os.access('/proc',os.R_OK): + + if not os.access('/proc', os.R_OK): return [] return map(getCmd, - filter(lambda x:x.isdigit(), - listDirectory('/proc'))) + filter(lambda x: x.isdigit(), + listDirectory('/proc'))) + def owner(pid): UID = 1 - for ln in open('/proc/%s/status' %pid): + for ln in open('/proc/%s/status' % pid): if ln.startswith('Uid:'): uid = int(ln.split()[UID]) return pwd.getpwuid(uid).pw_name + def create_socket(file_path, username): - host = '' # ip + host = '' # ip port = 5501 # порт find_proc = False -# if not file_path: -# home_path = pwd.getpwuid(os.getuid()).pw_dir -# file_path = os.path.join(home_path, '.calculate', 'passwd_daemon') -# if not username: -# username = pwd.getpwuid(os.getuid()).pw_name - - for run_commands in filter(lambda x:'cl-consoled' in \ - x[0],getRunProc()): + # if not file_path: + # home_path = pwd.getpwuid(os.getuid()).pw_dir + # file_path = os.path.join(home_path, '.calculate', 'passwd_daemon') + # if not username: + # username = pwd.getpwuid(os.getuid()).pw_name + + for run_commands in filter(lambda x: 'cl-consoled' in \ + x[0], getRunProc()): if 'python' in run_commands[0]: if username == owner(run_commands[1]): - #print 'YES' + # print 'YES' find_proc = True if not find_proc: try: os.unlink(file_path) except OSError, e: - _print (e.message) + _print(e.message) cmd = ['cl-consoled'] - #print cmd - subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE, - stdout = subprocess.PIPE, stderr=subprocess.PIPE) + # print cmd + subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE, + stdout=subprocess.PIPE, stderr=subprocess.PIPE) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) while True: try: - s.bind((host,port)) # ассоциировать адрес с сокетом + s.bind((host, port)) # ассоциировать адрес с сокетом break except socket.error: port += 1 return s + def set_password(s, req, size): password = getpass.getpass(_('Password: ')) - msg = '%s,%s' %(req,password) + msg = '%s,%s' % (req, password) s.send(msg) resp = s.recv(size) if resp.startswith('Error'): - _print (resp) + _print(resp) return password + def clear_password(server_host, server_port): size = 1024 # размер данных username = pwd.getpwuid(os.getuid()).pw_name @@ -417,18 +445,19 @@ def clear_password(server_host, server_port): while connect_error < 10: if os.path.isfile(file_path): serv_port, hash_val = open(file_path, 'r').read().split() - break + s.connect(('localhost', int(serv_port))) + req = 'delete,%s,%s,%s,%s' % (server_host, str(server_port), + username, hash_val) + s.send(req) + s.recv(size) + return else: connect_error += 1 time.sleep(0.3) - s.connect(('localhost', int(serv_port))) break except socket.error: time.sleep(0.3) - req = 'delete,%s,%s,%s,%s' %(server_host, str(server_port), username, - hash_val) - s.send(req) - resp = s.recv(size) + def socket_connect(s, file_path): connect_error = 0 @@ -437,15 +466,15 @@ def socket_connect(s, file_path): while connect_error < 10: if os.path.isfile(file_path): serv_port, hash_val = open(file_path, 'r').read().split() - break + s.connect(('localhost', int(serv_port))) + return s, hash_val else: connect_error += 1 time.sleep(0.3) - s.connect(('localhost', int(serv_port))) break except socket.error: time.sleep(0.3) - return s, hash_val + def get_password_from_daemon(server_host, server_port, wait_thread): size = 1024 # размер данных @@ -458,7 +487,8 @@ def get_password_from_daemon(server_host, server_port, wait_thread): s = create_socket(file_path, username) s, hash_val = socket_connect(s, file_path) - req = '%s,%s,%s,%s' %(server_host,str(server_port),username,hash_val) + req = '%s,%s,%s,%s' % ( + server_host, str(server_port), username, hash_val) s.send(req) resp = s.recv(size) if resp.startswith('Error'): diff --git a/pym/console/application/cert_verify.py b/pym/console/application/cert_verify.py index 72ba4f3..752be30 100644 --- a/pym/console/application/cert_verify.py +++ b/pym/console/application/cert_verify.py @@ -1,4 +1,4 @@ -#-*- coding: utf-8 -*- +# -*- coding: utf-8 -*- # Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org # @@ -14,35 +14,41 @@ # See the License for the specific language governing permissions and # limitations under the License. -import os, re, glob, sys +import os +import re +import sys import OpenSSL +from calculate.console.application.function import _print from calculate.core.datavars import DataVarsCore from calculate.lib.cl_lang import setLocalTranslate -setLocalTranslate('cl_console3',sys.modules[__name__]) + +_ = lambda x: x +setLocalTranslate('cl_console3', sys.modules[__name__]) + class VerifyError(Exception): def __init__(self, value): self.value = value + def __str__(self): return repr(self.value) # check recall of server certificate def verify(server_cert, crl_path, flag): - - certobj = OpenSSL.crypto.load_certificate \ - (OpenSSL.SSL.FILETYPE_PEM, server_cert) + certobj = OpenSSL.crypto.load_certificate( + OpenSSL.SSL.FILETYPE_PEM, server_cert) serverSerial = certobj.get_serial_number() - + Issuer = certobj.get_issuer().get_components() CN, L = None, None for i in Issuer: if i[0] == 'CN': - CN = i[1] + CN = i[1] elif i[0] == 'L': - L = i[1] - + L = i[1] + if CN and len(CN) > 2: crl_file = crl_path + CN elif L: @@ -55,31 +61,30 @@ def verify(server_cert, crl_path, flag): crl_file = crl_path + host else: if not flag: - print _( "fields CN and L in the CA certificate are incorrect!") + print _("fields CN and L in the CA certificate are incorrect!") return 0 if not os.path.exists(crl_file): if not flag: pass -# print _("This certificate can not be verified in the CRL.") + # print _("This certificate can not be verified in the CRL.") return 0 - + with open(crl_file, 'r') as _crl_file: crl = "".join(_crl_file.readlines()) - + if crl == '': return 0 crl_object = OpenSSL.crypto.load_crl(OpenSSL.crypto.FILETYPE_PEM, crl) - revoked_objects = crl_object.get_revoked() for rvk in revoked_objects: if serverSerial == int(rvk.get_serial(), 16): print _("This certificate has been revoked!") - print _("Serial")+ _(': %s\n') %rvk.get_serial() + _("Revoke date") + \ - _(': %s') %rvk.get_rev_date() - + print _("Serial") + _(': %s\n') % rvk.get_serial() + _( + "Revoke date") + _(': %s') % rvk.get_rev_date() + raise VerifyError('CRL Exception') return 0 @@ -95,100 +100,105 @@ def get_CRL(path_to_cert): try: os.makedirs(path_to_cert) except OSError: - print _("Failed to create directory %s") %path_to_cert + print _("Failed to create directory %s") % path_to_cert raise Exception(1) try: os.makedirs(os.path.join(path_to_cert, 'ca')) except OSError: - print _("Failed to create directory %s") \ - %(os.path.join(path_to_cert, 'ca')) + print _("Failed to create directory %s") % ( + os.path.join(path_to_cert, 'ca')) raise Exception(1) os.makedirs(CRL_path) - + clVars = DataVarsCore() clVars.importCore() clVars.flIniFile() # user and system ca and root certificates user_root_cert = clVars.Get('core.cl_user_root_cert') homePath = clVars.Get('ur_home_path') - user_root_cert = user_root_cert.replace("~",homePath) + user_root_cert = user_root_cert.replace("~", homePath) glob_root_cert = clVars.Get('core.cl_glob_root_cert') - + if os.path.exists(user_root_cert): user_ca_certs = open(user_root_cert, 'r').read() - else: user_ca_certs = '' + else: + user_ca_certs = '' if os.path.exists(glob_root_cert): glob_ca_certs = open(glob_root_cert, 'r').read() - else: glob_ca_certs = '' - + else: + glob_ca_certs = '' + # get certificates list fron text p = re.compile('[-]+[\w ]+[-]+\n+[\w\n\+\\=/]+[-]+[\w ]+[-]+\n?') user_ca_certs_list = p.findall(user_ca_certs) glob_ca_certs_list = p.findall(glob_ca_certs) - + # association in one list all_ca_certs_list = user_ca_certs_list + glob_ca_certs_list for ca in all_ca_certs_list: - certobj = OpenSSL.crypto.load_certificate \ - (OpenSSL.SSL.FILETYPE_PEM, ca) + certobj = OpenSSL.crypto.load_certificate(OpenSSL.SSL.FILETYPE_PEM, ca) # get url from certificates url = None CN = None Subject = certobj.get_subject().get_components() + last_subj = "" for subj in Subject: if subj[0] == 'L': - url = "https://" + subj[1] +"/?wsdl" + url = "https://" + subj[1] + "/?wsdl" if subj[0] == 'CN': CN = subj[1] + last_subj = subj if url: + new_crl = None from client_class import Client_suds from client_class import HTTPSClientCertTransport # connect to ca server (url get from certificates) + client = None try: - client = Client_suds(url,\ - transport = HTTPSClientCertTransport(None, None, \ + client = Client_suds( + url, transport=HTTPSClientCertTransport(None, None, path_to_cert)) - client.set_parameters (path_to_cert, None, None) + client.set_parameters(path_to_cert, None, None) new_crl = client.service.get_crl() except VerifyError, e: - _print (e.value) - #rm_ca_from_trusted(ca) + _print(e.value) + # rm_ca_from_trusted(ca) raise Exception(1) except: pass client.wsdl.services[0].setlocation(url) - if 'new_crl' in locals(): - if new_crl: - if CN and len(CN) > 2: - CRL_file = CRL_path + CN - else: - host = subj[1].split(':')[0] - CRL_file = CRL_path + host - if new_crl == ' ': - open(CRL_file, 'w') - #if os.path.exists(CRL_file): - #os.unlink(CRL_file) + if new_crl: + if CN and len(CN) > 2: + CRL_file = CRL_path + CN + else: + host = last_subj[1].split(':')[0] + CRL_file = CRL_path + host + if new_crl == ' ': + open(CRL_file, 'w') + # if os.path.exists(CRL_file): + # os.unlink(CRL_file) + continue + if os.path.exists(CRL_file): + if open(CRL_file, 'r').read() == new_crl: continue - if os.path.exists(CRL_file): - if open(CRL_file, 'r').read() == new_crl: - continue - - fd = open(CRL_file, 'w') - fd.write(new_crl) - fd.close() - print _("CRL added") - find_ca_in_crl (CRL_path, all_ca_certs_list) - -def find_ca_in_crl (CRL_path, all_ca_certs_list): - CRL_name_list = glob.glob(CRL_path + '*') + + fd = open(CRL_file, 'w') + fd.write(new_crl) + fd.close() + print _("CRL added") + find_ca_in_crl(CRL_path, all_ca_certs_list) + + +def find_ca_in_crl(CRL_path, all_ca_certs_list): for ca in all_ca_certs_list: - certobj = OpenSSL.crypto.load_certificate \ - (OpenSSL.SSL.FILETYPE_PEM, ca) - + certobj = OpenSSL.crypto.load_certificate( + OpenSSL.SSL.FILETYPE_PEM, ca) + Issuer = certobj.get_issuer().get_components() + CN = "" for item in Issuer: if item[0] == 'CN': CN = item[1] @@ -196,13 +206,13 @@ def find_ca_in_crl (CRL_path, all_ca_certs_list): CRL = CRL_path + CN if not os.path.exists(CRL): continue - + with open(CRL, 'r') as _crl_file: crl = "".join(_crl_file.readlines()) - + try: - crl_object = OpenSSL.crypto.load_crl \ - (OpenSSL.crypto.FILETYPE_PEM, crl) + crl_object = OpenSSL.crypto.load_crl( + OpenSSL.crypto.FILETYPE_PEM, crl) except: continue revoked_objects = crl_object.get_revoked() @@ -211,30 +221,33 @@ def find_ca_in_crl (CRL_path, all_ca_certs_list): if serverSerial == int(rvk.get_serial(), 16): rm_ca_from_trusted(ca) + def rm_ca_from_trusted(ca_cert): clVars = DataVarsCore() clVars.importCore() clVars.flIniFile() - + user_ca_dir = clVars.Get('core.cl_client_cert_dir') homePath = clVars.Get('ur_home_path') - user_ca_dir = user_ca_dir.replace("~",homePath) + user_ca_dir = user_ca_dir.replace("~", homePath) user_ca_dir = os.path.join(user_ca_dir, 'ca') user_ca_list = os.path.join(user_ca_dir, 'cert_list') user_ca_db = clVars.Get('core.cl_user_root_cert') homePath = clVars.Get('ur_home_path') - user_ca_db = user_ca_db.replace("~",homePath) - + user_ca_db = user_ca_db.replace("~", homePath) + system_ca_dir = clVars.Get('core.cl_core_cert_path') system_ca_list = os.path.join(system_ca_dir, 'cert_list') system_ca_db = clVars.Get('core.cl_glob_root_cert') - + import hashlib + md5 = hashlib.md5() md5.update(ca_cert) md5sum = md5.hexdigest() # search ca certificate in user ca list + newfile = '' with open(user_ca_list) as fd: t = fd.read() # See each line @@ -248,52 +261,52 @@ def rm_ca_from_trusted(ca_cert): try: os.unlink(filename) except OSError, e: - _print (e.message) + _print(e.message) else: newfile += (line + '\n') else: newfile += (line + '\n') - + fd.close() fn = open(user_ca_list, 'w') fn.write(newfile) fn.close() - + p = re.compile('[-]+[\w ]+[-]+\n+[\w\n\+\\=/]+[-]+[\w ]+[-]+\n?') - + # open, write and split user ca certificates user_ca_certs = open(user_ca_db, 'r').read() user_ca_certs_list = p.findall(user_ca_certs) - + if ca_cert in user_ca_certs_list: new_user_ca_certs = [] for cert in user_ca_certs_list: if ca_cert != cert: new_user_ca_certs.append(cert) else: - print _("CA certificate deleted from the list of user " \ + print _("CA certificate deleted from the list of user " "trusted certificates") - + fd = open(user_ca_db, 'w') for cert in new_user_ca_certs: fd.write(cert) fd.close() - + if not os.path.exists(system_ca_db): open(system_ca_db, 'w') - + system_ca_certs = open(system_ca_db, 'r').read() system_ca_certs_list = p.findall(system_ca_certs) - + if ca_cert in system_ca_certs_list: new_system_ca_certs = [] for cert in system_ca_certs_list: if ca_cert != cert: new_system_ca_certs.append(cert) else: - print _("CA certificate deleted from the list of system " \ + print _("CA certificate deleted from the list of system " "trusted certificates") - + fd = open(system_ca_db, 'w') for cert in new_system_ca_certs: fd.write(cert) diff --git a/pym/console/application/cl_client.py b/pym/console/application/cl_client.py index 1cda035..d6a4e33 100644 --- a/pym/console/application/cl_client.py +++ b/pym/console/application/cl_client.py @@ -1,4 +1,4 @@ -#-*- coding: utf-8 -*- +# -*- coding: utf-8 -*- # Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org # @@ -20,12 +20,16 @@ from sudsds.transport import TransportError from client_class import Client_suds import traceback as tb -import time, logging -import os, sys -import threading, urllib2 +import time +import logging +import os +import sys +import threading +import urllib2 from pid_information import client_list_methods -from cert_func import client_post_auth, client_post_request, client_get_cert,\ - client_post_cert, get_password_from_daemon, clear_password +from cert_func import (client_post_auth, client_post_request, client_get_cert, + client_post_cert, get_password_from_daemon, + clear_password) from sid_func import session_clean, client_session_info, client_session_list from cert_verify import get_CRL, VerifyError @@ -33,11 +37,13 @@ import M2Crypto, OpenSSL from calculate.core.datavars import DataVarsCore from client_class import HTTPSClientCertTransport from methods_func import call_method, get_method_argparser, parse, get_view -from function import MessageReceiver, MessageDispatcher, clear, _print, \ - get_view_params +from function import (MessageReceiver, MessageDispatcher, clear, _print, + get_view_params) from calculate.lib.utils.files import makeDirectory, readLinesFile from calculate.lib.cl_lang import setLocalTranslate -setLocalTranslate('cl_console3',sys.modules[__name__]) + +_ = lambda x: x +setLocalTranslate('cl_console3', sys.modules[__name__]) def get_message_receiver(client): @@ -48,6 +54,7 @@ def get_entire_message_receiver(client, pid): return MessageReceiver.from_entire(client, pid, MessageDispatcher(Methods()), Display()) + def client_signal(client): Vars = DataVarsCore() Vars.importCore() @@ -57,7 +64,7 @@ def client_signal(client): except: client_active = 15 while True: - if os.path.exists(client.SID_FILE) : + if os.path.exists(client.SID_FILE): fi = open(client.SID_FILE, 'r') temp = fi.read() fi.close() @@ -71,6 +78,7 @@ def client_signal(client): raise Exception(1) time.sleep(float(client_active)) + class StoppableThread(threading.Thread): def __init__(self): super(StoppableThread, self).__init__() @@ -79,8 +87,7 @@ class StoppableThread(threading.Thread): self._paused = threading.Event() def run(self): - l = ['|','/','-','\\','|','/','-','\\'] - i = 0 + l = ['|', '/', '-', '\\', '|', '/', '-', '\\'] while True: for i in l: sys.stdout.write("\r\r" + i) @@ -92,7 +99,6 @@ class StoppableThread(threading.Thread): sys.stdout.write("\b") sys.stdout.flush() return 0 - def pause(self): self._pause.set() @@ -113,6 +119,7 @@ class StoppableThread(threading.Thread): def paused(self): return self._pause.isSet() + def connect_with_cert(cert, path_to_cert, url, args, wait_thread, clVarsCore, crypto_Error, Connect_Error): flag_thread_start = False @@ -121,50 +128,53 @@ def connect_with_cert(cert, path_to_cert, url, args, wait_thread, clVarsCore, CERT_KEY = os.path.join(path_to_cert, cert_name + '.key') if not os.path.isfile(CERT_FILE) or not os.path.isfile(CERT_KEY): Connect_Error = 1 - return (None, 1, crypto_Error, False, None) + return None, 1, crypto_Error, False, None client = None bio = M2Crypto.BIO.openfile(CERT_KEY) - rsa = M2Crypto.m2.rsa_read_key(bio._ptr(),lambda *unused: None) + rsa = M2Crypto.m2.rsa_read_key(bio._ptr(), lambda *unused: None) + store_passwd = None if not rsa: port = args.port or clVarsCore.Get('core.cl_core_port') - store_passwd = get_password_from_daemon(args.host, args.port, - wait_thread) - if 'store_passwd' in locals(): - key_passwd = store_passwd - else: - key_passwd = None + store_passwd = get_password_from_daemon(args.host, port, wait_thread) + key_passwd = store_passwd + er = None try: ca_certs = os.path.join(path_to_cert, 'ca/ca_root.crt') - client = Client_suds(url, transport=HTTPSClientCertTransport \ - (CERT_KEY, CERT_FILE, path_to_cert, password=key_passwd, - ca_certs = ca_certs, wait_thread = wait_thread)) + client = Client_suds( + url, transport=HTTPSClientCertTransport( + CERT_KEY, CERT_FILE, path_to_cert, password=key_passwd, + ca_certs=ca_certs, wait_thread=wait_thread)) if not wait_thread.isAlive(): wait_thread = StoppableThread() flag_thread_start = True wait_thread.start() client.wsdl.services[0].setlocation(url) - client.set_parameters (path_to_cert, CERT_FILE, CERT_KEY) + client.set_parameters(path_to_cert, CERT_FILE, CERT_KEY) wait_thread.stop() client_post_cert(client, clVarsCore) Connect_Error = 0 except VerifyError, e: Connect_Error = 1 + er = e except OpenSSL.crypto.Error, e: Connect_Error = 1 crypto_Error = 1 + er = e except urllib2.URLError, e: Connect_Error = 1 - except Exception, e: + er = e + except Exception as e: + er = e if e.message == 3: wait_thread.stop() sys.exit(1) Connect_Error = 1 if flag_thread_start: wait_thread.stop() - return (client, Connect_Error, crypto_Error, - True if 'store_passwd' in locals() else False, - e if 'e' in locals() else None) + return (client, Connect_Error, crypto_Error, + True if store_passwd is not None else False, er) + def get_server_hostname(host, path_to_cert): compliance_file = os.path.join(path_to_cert, 'compliance_server_names') @@ -172,11 +182,12 @@ def get_server_hostname(host, path_to_cert): fd = open(compliance_file, 'w') fd.close() for line in readLinesFile(compliance_file): - adress, server_hostname = line.split(' ',1) + adress, server_hostname = line.split(' ', 1) if adress == host: return server_hostname return None + def add_server_hostname(host, path_to_cert, server_hostname): try: compliance_file = os.path.join(path_to_cert, 'compliance_server_names') @@ -186,14 +197,14 @@ def add_server_hostname(host, path_to_cert, server_hostname): temp_file = '' find_flag = False for line in readLinesFile(compliance_file): - adress, temp_server_hostname = line.split(' ',1) + adress, temp_server_hostname = line.split(' ', 1) if adress == host: - temp_file += "%s %s\n" %(adress, server_hostname) + temp_file += "%s %s\n" % (adress, server_hostname) find_flag = True else: - temp_file += line+'\n' + temp_file += line + '\n' if not find_flag: - temp_file += "%s %s\n" %(host, server_hostname) + temp_file += "%s %s\n" % (host, server_hostname) fd = open(compliance_file, 'w') fd.write(temp_file) fd.close() @@ -202,23 +213,10 @@ def add_server_hostname(host, path_to_cert, server_hostname): print e return False + def https_server(client, args, unknown_args, url, clVarsCore, wait_thread): client_post_auth(client) -# sym_link = os.path.basename(sys.argv[0]) -# if sym_link != 'cl-console': -# wait_thread.stop() -# results = client.service.get_methods(client.sid, 'console') -# find_flag = False -# if hasattr (results, 'stringArray'): -# for _array in results.stringArray: -# if _array.string[0] == sym_link: -# args.method = _array.string[1] -# find_flag = True -# break -# if not find_flag: -# _print (_('Method not found for %s') %sym_link) - if args.stop_consoled: wait_thread.stop() os.system('cl-consoled --stop') @@ -242,9 +240,11 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread): wait_thread.stop() if args.dump: from pid_information import client_pid_info + client_pid_info(client) else: from pid_information import client_list_pid + client_list_pid(client) return 0 @@ -267,6 +267,7 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread): if args.pid_kill: wait_thread.stop() from pid_information import client_pid_kill + return client_pid_kill(client, args.pid_kill) retCode = 0 @@ -289,7 +290,8 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread): _unknown_args = method_parser.fixBoolVariables(unknown_args) - _args, _unknown_args = method_parser.parse_known_args(_unknown_args) + _args, _unknown_args = method_parser.parse_known_args( + _unknown_args) if dispatch_usenew == _args.no_questions: method_parser.print_help() @@ -308,16 +310,16 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread): client.no_progress = args.no_progress try: mr.analysis(method_result) - #analysis(client, client.sid, method_result) + # analysis(client, client.sid, method_result) except urllib2.URLError, e: - _print (e) + _print(e) except KeyboardInterrupt: try: print mess = method_result[0][0] pid = int(mess.message) result = client.service.pid_kill(pid, client.sid) - if result in [0,2]: + if result in [0, 2]: print _('Process terminated') elif result == -1: print _("Certificate not found on the server") @@ -334,14 +336,15 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread): pid = int(mess.message) except: return 1 - retCode = \ - 1 if int(client.service.pid_info(client.sid,pid)[0][1]) else 0 + retCode = 1 if int( + client.service.pid_info(client.sid, pid)[0][1]) else 0 if not args.keep_result: client.service.clear_pid_cache(client.sid, pid) client.service.clear_method_cache(client.sid, args.method) wait_thread.stop() return retCode + def main(wait_thread): parser = parse() args, unknown_args = parser.parse_known_args() @@ -361,6 +364,7 @@ def main(wait_thread): cl_wsdl = ob.Get('cl_wsdl_available') # создать симлинки на команды from calculate.core.server.func import initialization + initialization(cl_wsdl) ob.close() if sym_link in loaded_methods.LoadedMethods.conMethods.keys(): @@ -398,7 +402,7 @@ def main(wait_thread): path_to_cert = args.path_to_cert if not path_to_cert: path_to_cert = clVarsCore.Get('core.cl_client_cert_dir') - path_to_cert = path_to_cert.replace("~",homePath) + path_to_cert = path_to_cert.replace("~", homePath) for dirs in ['', 'ca', 'trusted']: dir_path = os.path.join(path_to_cert, dirs) @@ -407,12 +411,12 @@ def main(wait_thread): wait_thread.stop() sys.stdout.write('\r') sys.stdout.flush() - print _("Failed to create directory %s") %dir_path + print _("Failed to create directory %s") % dir_path return 1 if args.update_crl: wait_thread.stop() - getCRL = threading.Thread(target=get_CRL, args = (path_to_cert, )) + getCRL = threading.Thread(target=get_CRL, args=(path_to_cert,)) getCRL.start() getCRL.join() print 'CRL updated' @@ -420,24 +424,26 @@ def main(wait_thread): if args.by_host: wait_thread.stop() - client_post_request (path_to_cert, args) + client_post_request(path_to_cert, args) return 0 if args.from_host: wait_thread.stop() - client_get_cert (path_to_cert, args) + client_get_cert(path_to_cert, args) return 0 - url = "https://%s:%s/?wsdl" %(host, port) + url = "https://%s:%s/?wsdl" % (host, port) clear() serv_hostname = get_server_hostname(host, path_to_cert) get_name_flag = False + client = None if serv_hostname: Connect_Error = 1 crypto_Error = 0 client, Connect_Error, crypto_Error, passwd_flag, e = \ - connect_with_cert (serv_hostname, path_to_cert, url, args, - wait_thread, clVarsCore, crypto_Error, Connect_Error) + connect_with_cert(serv_hostname, path_to_cert, url, args, + wait_thread, clVarsCore, crypto_Error, + Connect_Error) if not wait_thread.isAlive(): wait_thread = StoppableThread() wait_thread.start() @@ -457,62 +463,64 @@ def main(wait_thread): get_name_flag = False if get_name_flag: - try: - client.port = port - return_val = 1 + if client: try: - return_val = https_server(client, args, unknown_args, url, \ - clVarsCore, wait_thread) - except urllib2.URLError, e: - print _('Error: '), e + client.port = port + return_val = 1 + try: + return_val = https_server(client, args, unknown_args, url, + clVarsCore, wait_thread) + except urllib2.URLError, e: + print _('Error: '), e + except KeyboardInterrupt: + wait_thread.stop() + red = '\n' + '\033[31m * \033[0m' + print red + _("Manually interrupted") + except Exception, e: + wait_thread.stop() + if type(e.message) != int: + if e.message: + print e.message + elif e.args: + print e + return 1 + wait_thread.stop() + return return_val + except WebFault, f: + print _("Exception: %s") % f + _print(f.fault) + except TransportError, te: + print _("Exception: %s") % te except KeyboardInterrupt: wait_thread.stop() - red = '\n'+'\033[31m * \033[0m' + red = '\n' + '\033[31m * \033[0m' print red + _("Manually interrupted") except Exception, e: - wait_thread.stop() - if type(e.message) != int: - if e.message: - print e.message - elif e.args: - print e -# tb.print_exc() - return 1 - wait_thread.stop() - return return_val - except WebFault, f: - print _("Exception: %s") %f - _print (f.fault) - except TransportError, te: - print _("Exception: %s") %te - except KeyboardInterrupt: - wait_thread.stop() - red = '\n'+'\033[31m * \033[0m' - print red + _("Manually interrupted") - except Exception, e: - print _("Exception: %s") %e - tb.print_exc() + print _("Exception: %s") % e + tb.print_exc() wait_thread.stop() + server_host_name = "" try: - client = Client_suds(url, \ - transport = HTTPSClientCertTransport(None,None, path_to_cert)) + client = Client_suds( + url, transport=HTTPSClientCertTransport(None, None, path_to_cert)) client.wsdl.services[0].setlocation(url) server_host_name = client.service.get_server_host_name() if not add_server_hostname(host, path_to_cert, server_host_name): print 'compliance_file write error!' - del (client) + del client except urllib2.URLError, e: wait_thread.stop() - print '\b' + _('Failed to connect')+':', e + print '\b' + _('Failed to connect') + ':', e return 1 except KeyboardInterrupt: wait_thread.stop() - red = '\n'+'\033[31m * \033[0m' + red = '\n' + '\033[31m * \033[0m' print red + _("Manually interrupted") try: import glob + all_cert_list = glob.glob(os.path.join(path_to_cert, '*.crt')) fit_cert_list = [] for client_cert_path in all_cert_list: @@ -520,16 +528,18 @@ def main(wait_thread): client_cert_name = client_cert.replace('.crt', '') if server_host_name.endswith(client_cert_name): fit_cert_list.append(client_cert_name) - fit_cert_list.sort(key = len) + fit_cert_list.sort(key=len) Connect_Error = 1 crypto_Error = 0 e = None + passwd_flag = False - for i in range (0, len(fit_cert_list)): + for i in range(0, len(fit_cert_list)): cert_name = fit_cert_list.pop() client, Connect_Error, crypto_Error, passwd_flag, e = \ - connect_with_cert (cert_name, path_to_cert, url, args, - wait_thread, clVarsCore, crypto_Error, Connect_Error) + connect_with_cert(cert_name, path_to_cert, url, args, + wait_thread, clVarsCore, crypto_Error, + Connect_Error) if not wait_thread.isAlive(): wait_thread = StoppableThread() wait_thread.start() @@ -537,7 +547,7 @@ def main(wait_thread): if Connect_Error == 0: break - #If the certificate file misses + # If the certificate file misses if Connect_Error: if crypto_Error and passwd_flag: wait_thread.stop() @@ -555,21 +565,22 @@ def main(wait_thread): CERT_FILE = None CERT_KEY = None - client = Client_suds(url, transport = HTTPSClientCertTransport \ - (CERT_KEY, CERT_FILE, path_to_cert)) + client = Client_suds( + url, transport=HTTPSClientCertTransport(CERT_KEY, CERT_FILE, + path_to_cert)) client.wsdl.services[0].setlocation(url) - client.set_parameters (path_to_cert, CERT_FILE, CERT_KEY) + client.set_parameters(path_to_cert, CERT_FILE, CERT_KEY) client.port = port return_val = 1 try: - return_val = https_server(client, args, unknown_args, url, \ + return_val = https_server(client, args, unknown_args, url, clVarsCore, wait_thread) except urllib2.URLError, e: print _('Error: '), e except KeyboardInterrupt: wait_thread.stop() - red = '\n'+'\033[31m * \033[0m' + red = '\n' + '\033[31m * \033[0m' print red + _("Manually interrupted") except Exception, e: wait_thread.stop() @@ -578,21 +589,21 @@ def main(wait_thread): print e.message elif e.args: print e -# tb.print_exc() + # tb.print_exc() return 1 wait_thread.stop() return return_val -#---------------------------------------------------- + # ---------------------------------------------------- except WebFault, f: - print _("Exception: %s") %f - _print (f.fault) + print _("Exception: %s") % f + _print(f.fault) except TransportError, te: - print _("Exception: %s") %te + print _("Exception: %s") % te except KeyboardInterrupt: wait_thread.stop() - red = '\n'+'\033[31m * \033[0m' + red = '\n' + '\033[31m * \033[0m' print red + _("Manually interrupted") except Exception, e: - print _("Exception: %s") %e + print _("Exception: %s") % e tb.print_exc() wait_thread.stop() diff --git a/pym/console/application/client_class.py b/pym/console/application/client_class.py index 7d39743..efabf7c 100644 --- a/pym/console/application/client_class.py +++ b/pym/console/application/client_class.py @@ -1,4 +1,4 @@ -#-*- coding: utf-8 -*- +# -*- coding: utf-8 -*- # Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org # @@ -15,41 +15,51 @@ # limitations under the License. import urllib2 as u2 -if hasattr(u2,"ssl"): + +if hasattr(u2, "ssl"): u2.ssl._create_default_https_context = u2.ssl._create_unverified_context -import os, sys -import socket, ssl -import OpenSSL, hashlib, M2Crypto +import os +import sys +import socket +import ssl +import OpenSSL +import hashlib +import M2Crypto from calculate.core.datavars import DataVarsCore from calculate.lib.datavars import DataVars from sudsds.client import Client from cert_verify import verify, get_CRL -from sudsds.transport.http import HttpTransport, SUDSHTTPRedirectHandler, \ - CheckingHTTPSConnection, CheckingHTTPSHandler, \ - PYOPENSSL_AVAILABLE, PyOpenSSLSocket +from sudsds.transport.http import (HttpTransport, SUDSHTTPRedirectHandler, + CheckingHTTPSConnection, + CheckingHTTPSHandler, + PYOPENSSL_AVAILABLE, PyOpenSSLSocket) from sudsds.transport import Transport from sudsds.properties import Unskin from cookielib import CookieJar, DefaultCookiePolicy from logging import getLogger from calculate.console.datavars import DataVarsConsole from calculate.lib.cl_lang import setLocalTranslate -setLocalTranslate('cl_console3',sys.modules[__name__]) + +_ = lambda x: x +setLocalTranslate('cl_console3', sys.modules[__name__]) log = getLogger(__name__) flag = 0 + class Client_suds(Client): - def set_parameters (self, path_to_cert, CERT_FILE, PKEY_FILE): + def set_parameters(self, path_to_cert, CERT_FILE, PKEY_FILE): self.path_to_cert = path_to_cert if not CERT_FILE: CERT_FILE = '' self.CERT_FILE = CERT_FILE - self.REQ_FILE = path_to_cert + 'client.csr' + self.REQ_FILE = path_to_cert + 'client.csr' self.PKEY_FILE = PKEY_FILE self.SID_FILE = path_to_cert + 'sid.int' self.CRL_PATH = path_to_cert + 'ca/crl/' if not os.path.exists(self.CRL_PATH): os.makedirs(self.CRL_PATH) + class CheckingClientHTTPSConnection(CheckingHTTPSConnection): """based on httplib.HTTPSConnection code - extended to support server certificate verification and client certificate authorization""" @@ -63,14 +73,14 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection): """ CheckingHTTPSConnection.__init__(self, host, ca_certs, cert_verifier, keyobj, certobj, **kw) -# self.ClientObj = ClientObj + # self.ClientObj = ClientObj self.cert_path = cert_path self.ca_certs = ca_certs self.CRL_PATH = os.path.join(cert_path, 'ca/crl/') self.wait_thread = wait_thread # get filename store cert server - def cert_list (self, host, ca_certs, server_cert): + def cert_list(self, host, ca_certs, server_cert): if host == '127.0.0.1': host = 'localhost' if not os.path.exists(self.trusted_path): @@ -79,7 +89,7 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection): except OSError: pass if not os.path.exists(ca_certs): - fc = open(ca_certs,"w") + fc = open(ca_certs, "w") fc.close() filename = None try: @@ -107,13 +117,13 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection): except: print _("Failed to open the file"), self.trusted_path, filename return None - + def add_all_ca_cert(self, list_ca_certs): # so root cert be first, ca after clVarsCore = DataVarsCore() clVarsCore.importCore() clVarsCore.flIniFile() - + list_ca_certs.reverse() system_ca_db = clVarsCore.Get('core.cl_glob_root_cert') @@ -121,11 +131,11 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection): clVars.flIniFile() homePath = clVars.Get('ur_home_path') cl_client_cert_dir = clVarsCore.Get('core.cl_client_cert_dir') - cl_client_cert_dir = cl_client_cert_dir.replace("~",homePath) + cl_client_cert_dir = cl_client_cert_dir.replace("~", homePath) root_cert_md5 = os.path.join(cl_client_cert_dir, "ca/cert_list") user_root_cert = clVarsCore.Get('core.cl_user_root_cert') - user_root_cert = user_root_cert.replace("~",homePath) + user_root_cert = user_root_cert.replace("~", homePath) for cert in list_ca_certs: if os.path.exists(system_ca_db): @@ -141,40 +151,41 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection): md5sum = md5.hexdigest() print "\n=================================================" print "md5sum = ", md5sum - + if not os.path.exists(root_cert_md5): - fc = open(root_cert_md5,"w") + fc = open(root_cert_md5, "w") fc.close() - + filename = None with open(root_cert_md5) as fd: t = fd.read() # for each line for line in t.splitlines(): # Split string into a words list - words = line.split(' ',1) + words = line.split(' ', 1) if words[0] == md5sum: filename = words[1] if not filename: - certobj = OpenSSL.crypto.load_certificate \ - (OpenSSL.SSL.FILETYPE_PEM, cert) + certobj = OpenSSL.crypto.load_certificate( + OpenSSL.SSL.FILETYPE_PEM, cert) Issuer = certobj.get_issuer().get_components() for item in Issuer: if item[0] == 'CN': filename = item[1] - - fc = open(root_cert_md5,"a") - fc.write('%s %s\n' %(md5sum, filename)) + + fc = open(root_cert_md5, "a") + fc.write('%s %s\n' % (md5sum, filename)) fc.close() - + if not filename: print _('Field "CN" not found in the certificate!') return 1 - - fd = open(os.path.join(cl_client_cert_dir,'ca/',filename),'w') + + fd = open(os.path.join(cl_client_cert_dir, 'ca/', filename), + 'w') fd.write(cert) fd.close() - + fa = open(user_root_cert, 'a') fa.write(cert) fa.close() @@ -185,9 +196,9 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection): get_CRL(cl_client_cert_dir) def add_ca_cert(self, cert, list_ca_certs): - url = 'https://%s:%s/?wsdl' %(self.host, self.port) - client = Client_suds(url, transport = HTTPSClientCertTransport \ - (None, None, self.cert_path)) + url = 'https://%s:%s/?wsdl' % (self.host, self.port) + client = Client_suds( + url, transport=HTTPSClientCertTransport(None, None, self.cert_path)) client.wsdl.services[0].setlocation(url) cert = client.service.get_ca() if cert == '1': @@ -197,10 +208,10 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection): if cert == '2': print _("CA certificate not found on the server") raise Exception(1) - + try: - certobj = OpenSSL.crypto.load_certificate \ - (OpenSSL.SSL.FILETYPE_PEM, cert) + certobj = OpenSSL.crypto.load_certificate( + OpenSSL.SSL.FILETYPE_PEM, cert) except: print _("Error. Certificate not added to trusted") raise Exception(1) @@ -209,13 +220,13 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection): Issuer = certobj.get_issuer().get_components() print '\n', _("Issuer") for i in Issuer: - print "%s : %s" %(i[0], i[1]) + print "%s : %s" % (i[0], i[1]) Subject = certobj.get_subject().get_components() print '\n', _("Subject") for subj in Subject: - print "%s : %s" %(subj[0], subj[1]) - ans = raw_input (_("Add the CA certificate to trusted? y/[n]:")) - if ans.lower() in ['y','yes']: + print "%s : %s" % (subj[0], subj[1]) + ans = raw_input(_("Add the CA certificate to trusted? y/[n]:")) + if ans.lower() in ['y', 'yes']: list_ca_certs.append(cert) self.add_all_ca_cert(list_ca_certs) else: @@ -225,35 +236,36 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection): def add_server_cert(self, cert): self.wait_thread.stop() print _("Untrusted server certificate!") - certobj = OpenSSL.crypto.load_certificate \ - (OpenSSL.SSL.FILETYPE_PEM, cert) + certobj = OpenSSL.crypto.load_certificate( + OpenSSL.SSL.FILETYPE_PEM, cert) print '\n' + _("Fingerprint = %s") % certobj.digest('SHA1') print _("Serial Number = "), certobj.get_serial_number() Issuer = certobj.get_issuer().get_components() print '\n' + _("Issuer") for i in Issuer: - print "%s : %s" %(i[0], i[1]) + print "%s : %s" % (i[0], i[1]) Subject = certobj.get_subject().get_components() print '\n' + _("Subject") for item in Subject: - print "%s : %s" %(item[0], item[1]) - + print "%s : %s" % (item[0], item[1]) + print '\n' + _('Add this server certificate to trusted (s) or') print _('Try to add the CA and root certificates to trusted (c) or') - choice = raw_input (_("Quit (q)? s/c/[q]: ")) + choice = raw_input(_("Quit (q)? s/c/[q]: ")) if choice.lower() in ['s', 'c']: - #self.sock = ssl.wrap_socket(sock) + # self.sock = ssl.wrap_socket(sock) ca_certs = os.path.join(self.trusted_path, "cert.list") - + if not os.path.exists(ca_certs): - fc = open(ca_certs,"w") + fc = open(ca_certs, "w") fc.close() - + if self.host == '127.0.0.1': host = 'localhost' - else: host = self.host + else: + host = self.host filename = host - fc = open(self.trusted_path + filename,"w") + fc = open(self.trusted_path + filename, "w") fc.write(cert) fc.close() with open(ca_certs) as fd: @@ -267,7 +279,7 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection): if words[0] == host: return 0 # Open file with compliance server certificates and server hostname - fcl = open(ca_certs,"a") + fcl = open(ca_certs, "a") fcl.write(host + ' ' + filename + '\n') fcl.close() if choice.lower() != 'c': @@ -278,26 +290,26 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection): clVars.flIniFile() cl_client_cert_dir = clVars.Get('core.cl_client_cert_dir') homePath = clVars.Get('ur_home_path') - cl_client_cert_dir = cl_client_cert_dir.replace("~",homePath) + cl_client_cert_dir = cl_client_cert_dir.replace("~", homePath) root_cert_dir = os.path.join(cl_client_cert_dir, "ca") - + if not os.path.exists(root_cert_dir): try: os.makedirs(root_cert_dir) except OSError: - print _("Failed to create directory %s") %root_cert_dir + print _("Failed to create directory %s") % root_cert_dir raise Exception(1) - + print '\n' + _("Add the CA and root certificates") self.list_ca_certs = [] self.add_ca_cert(cert, self.list_ca_certs) return 3 - elif not choice.lower() in ['c','s']: + elif not choice.lower() in ['c', 's']: return 4 def connect_trusted_root(self, sock, root_cert, crl_certs): self.ca_path = self.cert_path + "ca/" - server_cert = ssl.get_server_certificate(addr = (self.host, self.port)) + server_cert = ssl.get_server_certificate(addr=(self.host, self.port)) global flag if self.cert_file: @@ -308,6 +320,7 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection): raise Exception(1) else: import time + time.sleep(0.1) try: @@ -333,7 +346,7 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection): def connect_trusted_server(self, sock, crl_certs): self.trusted_path = self.cert_path + "trusted/" ca_cert_list = self.trusted_path + "cert.list" - server_cert = ssl.get_server_certificate(addr = (self.host, self.port)) + server_cert = ssl.get_server_certificate(addr=(self.host, self.port)) global flag if self.cert_file: f = verify(server_cert, crl_certs, flag) @@ -341,10 +354,10 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection): flag = 1 elif f == 1: raise Exception(1) - #if not hasattr(HTTPSClientCertTransport, 'filename') or \ - #HTTPSClientCertTransport.filename == None: - HTTPSClientCertTransport.filename = self.cert_list \ - (self.host, ca_cert_list, server_cert) + # if not hasattr(HTTPSClientCertTransport, 'filename') or \ + # HTTPSClientCertTransport.filename == None: + HTTPSClientCertTransport.filename = self.cert_list( + self.host, ca_cert_list, server_cert) if HTTPSClientCertTransport.filename: try: if self.FORCE_SSL_VERSION: @@ -365,7 +378,6 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection): return 0 except Exception: -# print (e) HTTPSClientCertTransport.filename = None return 1 else: @@ -382,47 +394,51 @@ class CheckingClientHTTPSConnection(CheckingHTTPSConnection): self.Vars.flIniFile() user_root_cert = self.Vars.Get('core.cl_user_root_cert') homePath = self.Vars.Get('ur_home_path') - user_root_cert = user_root_cert.replace("~",homePath) + user_root_cert = user_root_cert.replace("~", homePath) result_user_root = 1 while True: if os.path.exists(user_root_cert): - result_user_root = self.connect_trusted_root(sock, \ - user_root_cert, self.CRL_PATH) + result_user_root = self.connect_trusted_root(sock, + user_root_cert, + self.CRL_PATH) if result_user_root == 1: glob_root_cert = self.Vars.Get('core.cl_glob_root_cert') result_root_con = 1 if os.path.exists(glob_root_cert): sock = socket.create_connection((self.host, self.port), - self.timeout, self.source_address) + self.timeout, + self.source_address) if self._tunnel_host: self.sock = sock self._tunnel() - result_root_con = self.connect_trusted_root(sock, \ - glob_root_cert, self.CRL_PATH) + result_root_con = self.connect_trusted_root(sock, + glob_root_cert, + self.CRL_PATH) if result_root_con == 1: sock = socket.create_connection((self.host, self.port), - self.timeout, self.source_address) + self.timeout, + self.source_address) if self._tunnel_host: self.sock = sock self._tunnel() - result_server_con = self.connect_trusted_server \ - (sock, self.CRL_PATH) - if result_server_con in [1,2]: - raise Exception (1) + result_server_con = self.connect_trusted_server( + sock, self.CRL_PATH) + if result_server_con in [1, 2]: + raise Exception(1) elif result_server_con == 3: continue elif result_server_con == 4: print _('This server is not trusted') self.wait_thread.stop() sys.exit(1) -# raise Exception (_('This server is not trusted')) elif result_root_con == 2: - raise Exception (1) + raise Exception(1) elif result_user_root == 2: - raise Exception (1) + raise Exception(1) break + class CheckingClientHTTPSHandler(CheckingHTTPSHandler): def __init__(self, cert_path, ca_certs=None, cert_verifier=None, client_certfile=None, client_keyfile=None, @@ -431,9 +447,9 @@ class CheckingClientHTTPSHandler(CheckingHTTPSHandler): """cert_verifier is a function returning either True or False based on whether the certificate was found to be OK""" CheckingHTTPSHandler.__init__(self, ca_certs, cert_verifier, - client_keyfile, client_certfile, - client_keyobj, client_certobj) -# self.ClientObj = ClientObj + client_keyfile, client_certfile, + client_keyobj, client_certobj) + # self.ClientObj = ClientObj self.cert_path = cert_path self.wait_thread = wait_thread @@ -448,58 +464,63 @@ class CheckingClientHTTPSHandler(CheckingHTTPSHandler): new_kw.update(kw) return CheckingClientHTTPSConnection(self.cert_path, *args, **new_kw) + return self.do_open(open, req) https_request = u2.AbstractHTTPHandler.do_request_ + class HTTPSClientCertTransport(HttpTransport): - def __init__(self, key, cert, path_to_cert, password = None, + def __init__(self, key, cert, path_to_cert, password=None, ca_certs=None, cert_verifier=None, client_keyfile=None, client_certfile=None, client_keyobj=None, client_certobj=None, cookie_callback=None, user_agent_string=None, wait_thread=None, **kwargs): Transport.__init__(self) -# self.ClientObj = parent + # self.ClientObj = parent self.key = key self.cert = cert self.cert_path = path_to_cert if key: - client_certobj = OpenSSL.crypto.load_certificate \ - (OpenSSL.SSL.FILETYPE_PEM, file(cert).read()) + client_certobj = OpenSSL.crypto.load_certificate( + OpenSSL.SSL.FILETYPE_PEM, file(cert).read()) if password: - client_keyobj = OpenSSL.crypto.load_privatekey \ - (OpenSSL.SSL.FILETYPE_PEM, file(key).read(), - str(password)) + client_keyobj = OpenSSL.crypto.load_privatekey( + OpenSSL.SSL.FILETYPE_PEM, file(key).read(), str(password)) else: bio = M2Crypto.BIO.openfile(key) - rsa = M2Crypto.m2.rsa_read_key(bio._ptr(),lambda *unused:None) + rsa = M2Crypto.m2.rsa_read_key(bio._ptr(), lambda *unused: None) if not rsa: raise OpenSSL.crypto.Error - client_keyobj = OpenSSL.crypto.load_privatekey \ - (OpenSSL.SSL.FILETYPE_PEM, file(key).read()) + client_keyobj = OpenSSL.crypto.load_privatekey( + OpenSSL.SSL.FILETYPE_PEM, file(key).read()) Unskin(self.options).update(kwargs) self.cookiejar = CookieJar(DefaultCookiePolicy()) self.cookie_callback = cookie_callback self.user_agent_string = user_agent_string log.debug("Proxy: %s", self.options.proxy) from dslib.network import ProxyManager + proxy_handler = ProxyManager.HTTPS_PROXY.create_proxy_handler() proxy_auth_handler = \ - ProxyManager.HTTPS_PROXY.create_proxy_auth_handler() - if ca_certs or (client_keyfile and client_certfile) \ - or (client_keyobj and client_certobj): - https_handler = CheckingClientHTTPSHandler(cert_path=path_to_cert, - ca_certs=ca_certs, cert_verifier=cert_verifier, - client_keyfile=client_keyfile, client_certfile = \ - client_certfile, client_keyobj=client_keyobj, - client_certobj=client_certobj, - wait_thread=wait_thread) + ProxyManager.HTTPS_PROXY.create_proxy_auth_handler() + if (ca_certs or (client_keyfile and client_certfile) + or (client_keyobj and client_certobj)): + https_handler = CheckingClientHTTPSHandler( + cert_path=path_to_cert, + ca_certs=ca_certs, + cert_verifier=cert_verifier, + client_keyfile=client_keyfile, + client_certfile=client_certfile, + client_keyobj=client_keyobj, + client_certobj=client_certobj, + wait_thread=wait_thread) else: https_handler = u2.HTTPSHandler() self.urlopener = u2.build_opener(SUDSHTTPRedirectHandler(), - u2.HTTPCookieProcessor(self.cookiejar), - https_handler) + u2.HTTPCookieProcessor(self.cookiejar), + https_handler) if proxy_handler: self.urlopener.add_handler(proxy_handler) if proxy_auth_handler: diff --git a/pym/console/application/create_cert.py b/pym/console/application/create_cert.py index 3f0b742..56cf366 100644 --- a/pym/console/application/create_cert.py +++ b/pym/console/application/create_cert.py @@ -1,4 +1,4 @@ -#-*- coding: utf-8 -*- +# -*- coding: utf-8 -*- # Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org # @@ -19,22 +19,28 @@ import socket from M2Crypto import RSA, X509, EVP, m2 from calculate.lib.datavars import DataVars from calculate.lib.cl_lang import setLocalTranslate -setLocalTranslate('cl_console3',sys.modules[__name__]) + +_ = lambda x: x +setLocalTranslate('cl_console3', sys.modules[__name__]) + def passphrase_callback(v): if type(v) == int or not v: return None return str(v) + def generateRSAKey(): return RSA.gen_key(2048, m2.RSA_F4) + def makePKey(key): pkey = EVP.PKey() pkey.assign_rsa(key) return pkey -def makeRequest(pubkey, pkey, serv_host, auto = False): + +def makeRequest(pubkey, pkey, serv_host, auto=False): """ create query to the signing on server """ req = X509.Request() # Seems to default to 0, but we can now set it as well, so just API test @@ -44,11 +50,11 @@ def makeRequest(pubkey, pkey, serv_host, auto = False): if auto: c = 'n' else: - c = raw_input (_("Enter the certificate data manually? y/[n]: ")) + c = raw_input(_("Enter the certificate data manually? y/[n]: ")) # Get HostName host_name = socket.getfqdn() list_host_name = host_name.split('.') - result_host_name = list_host_name[0]+"@"+serv_host + result_host_name = list_host_name[0] + "@" + serv_host # Get username clVars = DataVars() clVars.flIniFile() @@ -56,36 +62,36 @@ def makeRequest(pubkey, pkey, serv_host, auto = False): # Get language lang = clVars.Get('os_locale_locale')[:2] if c.lower() in ['y', 'yes']: - #if serv_host in host_name: - #host_name = host_name.replace('.'+serv_host, '') - #list_host_name = host_name.split('.') - #result_host_name = \ - #list_host_name[len(list_host_name)-1]+"@"+serv_host - #else: - #host_name = socket.getfqdn() - name.CN = raw_input (_('Host Name [%s]: ') %result_host_name) + # if serv_host in host_name: + # host_name = host_name.replace('.'+serv_host, '') + # list_host_name = host_name.split('.') + # result_host_name = \ + # list_host_name[len(list_host_name)-1]+"@"+serv_host + # else: + # host_name = socket.getfqdn() + name.CN = raw_input(_('Host Name [%s]: ') % result_host_name) if name.CN in ['', None]: name.CN = result_host_name - name.OU = raw_input (_('User Name [%s]: ') %username) + name.OU = raw_input(_('User Name [%s]: ') % username) if name.OU in ['', None]: name.OU = username - name.O = raw_input (_('Organization Name: ')) - name.L = raw_input (_('Network address (hostname or IP) [%s]: ')\ - %host_name) - name.ST = raw_input (_('City: ')) - name.C = raw_input (_('Country (2 characters): [%s]') %lang) + name.O = raw_input(_('Organization Name: ')) + name.L = raw_input(_('Network address (hostname or IP) [%s]: ') + % host_name) + name.ST = raw_input(_('City: ')) + name.C = raw_input(_('Country (2 characters): [%s]') % lang) if not name.C: - name.C = lang + name.C = lang else: - name.CN = result_host_name # Имя сертификата (Common Name); - name.OU = username # Название отдела (Organization Unit); - name.O = 'My Company'# Название организации (Organization Name); - name.L = host_name # Название города (Locality Name); - name.ST = 'My State'# Название региона (State Name); - name.C = lang # Двухсимвольный код страны (Country); + name.CN = result_host_name # Имя сертификата (Common Name); + name.OU = username # Название отдела (Organization Unit); + name.O = 'My Company' # Название организации (Organization Name); + name.L = host_name # Название города (Locality Name); + name.ST = 'My State' # Название региона (State Name); + name.C = lang # Двухсимвольный код страны (Country); req.set_subject_name(name) - + ext1 = X509.new_extension('Comment', 'Auto Generated') extstack = X509.X509_Extension_Stack() extstack.push(ext1) diff --git a/pym/console/application/function.py b/pym/console/application/function.py index 979f02b..66eb444 100644 --- a/pym/console/application/function.py +++ b/pym/console/application/function.py @@ -1,4 +1,4 @@ -#-*- coding: utf-8 -*- +# -*- coding: utf-8 -*- # Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org # @@ -30,28 +30,32 @@ from sudsds import MethodNotFound from calculate.console.application.sid_func import get_sid +_ = lambda x: x setLocalTranslate('cl_console3', sys.modules[__name__]) def _print(*args): print " ".join(map(lambda x: unicode(x).encode('utf-8'), args)) + # get list of certificate and session id -def clear (): +def clear(): """ delete caching suds file """ try: import glob + for filename in glob.glob("/tmp/suds/suds-*"): - #print "delete", filename + # print "delete", filename try: - os.unlink (filename) + os.unlink(filename) except OSError as e: _print(e.message) - except: + except Exception: print _("Failed to clear the cache! ") return 1 - + + def get_ip_global(): import urllib2 @@ -62,22 +66,16 @@ def get_ip_global(): f.close() return outerIP -def get_ip_mac_type(client_type = None): - results = [] - #try: - results.append ( getIpLocal() ) - #except: - #results.append ('no_ip') - #try: - results.append ( getHwAddr()) - #except: - #results.append ('no_mac') + +def get_ip_mac_type(client_type=None): + results = [getIpLocal(), getHwAddr()] if client_type: - results.append (client_type) + results.append(client_type) else: - results.append ('console') + results.append('console') return results + def print_brief(view, brief_label): for Group in view.groups.GroupField: if Group.name: @@ -86,7 +84,7 @@ def print_brief(view, brief_label): print_brief_group(Group.fields.Field, Group.name) -def _return_revoked_serials(self, crlfile): +def _return_revoked_serials(crlfile): try: serials = [] crltext = open(crlfile, 'r').read() @@ -99,7 +97,8 @@ def _return_revoked_serials(self, crlfile): call = '/usr/bin/openssl crl -text -noout -in %s' % crlfile call = shlex.split(call) serials = [] - (res,err)=subprocess.Popen(call, stdout=subprocess.PIPE).communicate() + (res, err) = subprocess.Popen(call, + stdout=subprocess.PIPE).communicate() for line in res.split('\n'): if line.find('Serial Number:') == -1: continue @@ -109,18 +108,20 @@ def _return_revoked_serials(self, crlfile): serials.append(serial) return serials + def _create_obj(client, method): try: view_params = create_obj(client, method) except MethodNotFound: if method.endswith('_view'): method = method[:-5] - _print (_('Method not found: ') + method) + _print(_('Method not found: ') + method) raise Exception(1) return view_params -def get_view_params(client, method, step = None, expert = None, brief = None, - onlyhelp = False, dispatch_usenew = False): + +def get_view_params(client, method, step=None, expert=None, brief=None, + onlyhelp=False, dispatch_usenew=False): view_params = _create_obj(client, method) view_params.step = step view_params.expert = expert @@ -135,7 +136,8 @@ class MessageReceiver(object): Объект организует цикл получения сообщений от WsdlServer и передает их на обработку MessageDispatcher """ - class States: + + class States(object): Messages = 0 Progress = 1 Finish = 2 @@ -159,7 +161,7 @@ class MessageReceiver(object): sid = get_sid(client.SID_FILE) list_pid = client.service.list_pid(sid=sid) if hasattr(list_pid, 'integer'): - if not pid in list_pid.integer: + if pid not in list_pid.integer: display.print_error( _("The process does not exist or does not belong to " "your session")) @@ -185,6 +187,7 @@ class MessageReceiver(object): self.get_messages() except Exception as e: import traceback + traceback.print_exc() elif message.type == 'error': self.display.print_error(message.message) @@ -208,7 +211,7 @@ class MessageReceiver(object): if self.state == self.States.Messages: current_frame = self.get_client_frame() while current_frame in [None, [], ""]: - time.sleep(float(self.client.frame_period)/10) + time.sleep(float(self.client.frame_period) / 10) current_frame = self.get_client_frame() for item in current_frame[0]: self.message_dispatcher.dispatch_message(item) @@ -244,6 +247,7 @@ class MessageDispatcher(object): В дальнейшем взаимодействует с parent через методы get_progress, get_table, send_message, поле State """ + def __init__(self, methods=None): """ @param methods: Common @@ -333,4 +337,3 @@ class MessageDispatcher(object): def ask_password(self, message): answer = self.methods.askPassword(message.message, message.id == 2) self.parent.send_message(answer) - diff --git a/pym/console/application/methods_func.py b/pym/console/application/methods_func.py index 7029afe..a8cd5c1 100644 --- a/pym/console/application/methods_func.py +++ b/pym/console/application/methods_func.py @@ -1,4 +1,4 @@ -#-*- coding: utf-8 -*- +# -*- coding: utf-8 -*- # Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org # @@ -14,24 +14,26 @@ # See the License for the specific language governing permissions and # limitations under the License. -import argparse, sys +import argparse +import sys from calculate.core.server.api_types import ViewInfoAdapter from calculate.core.server.local_call import Methods, has_force_arg from function import _create_obj, get_view_params, print_brief, _print from calculate.lib.cl_lang import setLocalTranslate +_ = lambda x: x setLocalTranslate('cl_console3', sys.modules[__name__]) import urllib2 from calculate.core.server.methods_func import get_method_argparser, \ - collect_object, RawAndDefaultsHelpFormatter, \ - check_result_msg, get_param_pwd, display_error + collect_object, RawAndDefaultsHelpFormatter, \ + check_result_msg, get_param_pwd, display_error def parse(): - parser = argparse.ArgumentParser(add_help=False, - formatter_class=RawAndDefaultsHelpFormatter) -# parser = argparse.ArgumentParser(add_help=False) + parser = argparse.ArgumentParser( + add_help=False, formatter_class=RawAndDefaultsHelpFormatter) + # parser = argparse.ArgumentParser(add_help=False) parser.add_argument( '-h', '--help', action='store_true', default=False, dest='help', help=_("show this help message and exit")) @@ -44,33 +46,32 @@ def parse(): '--port', type=int, dest='port', help=_('port number')) parser.add_argument( - '--host', type=str, default = 'localhost', dest='host', + '--host', type=str, default='localhost', dest='host', help=_('destination host')) parser.add_argument( - '--gen-cert-by', type=str, dest='by_host', metavar = 'HOST', - help = \ - _('send a certificate signature request to the server')) + '--gen-cert-by', type=str, dest='by_host', metavar='HOST', + help=_('send a certificate signature request to the server')) parser.add_argument( - '--get-cert-from', type=str, dest='from_host', metavar = 'HOST', + '--get-cert-from', type=str, dest='from_host', metavar='HOST', help=_('get the signed certificate from the server')) parser.add_argument( - '--cert-path', type=str, dest='path_to_cert', metavar = 'PATH', + '--cert-path', type=str, dest='path_to_cert', metavar='PATH', help=_('path to the cert and key files')) parser.add_argument( '--list-pid', action='store_true', default=False, dest='list_pid', help=_("view the list of running processes")) parser.add_argument( - '--dump', action='store_true', default=False, dest = 'dump', + '--dump', action='store_true', default=False, dest='dump', help=_('dump (to be used with option --list-pid)')) parser.add_argument( - '--pid-result', type=int, metavar = 'PID', + '--pid-result', type=int, metavar='PID', dest='pid_res', help=_("view the result of the process")) parser.add_argument( '--keep-result', action='store_true', default=False, dest='keep_result', help=_("keep the cache of the " "process results")) parser.add_argument( - '--pid-kill', type=int, metavar = 'PID', + '--pid-kill', type=int, metavar='PID', dest='pid_kill', help=_("kill the selected process")) parser.add_argument( '--session-clean', action='store_true', default=False, @@ -79,7 +80,7 @@ def parse(): '--session-info', action='store_true', default=False, dest='session_info', help=_("view the session information")) parser.add_argument( - '--session-num-info', type=int, metavar = 'SID', + '--session-num-info', type=int, metavar='SID', dest='session_num_info', help=_("view information about session = SID")) parser.add_argument( @@ -94,21 +95,23 @@ def parse(): dest='stop_consoled', help=_("stop cl-consoled")) parser.add_argument( '--no-progress', action='store_true', default=False, - dest = 'no_progress', help=_('do not display the progress bar')) + dest='no_progress', help=_('do not display the progress bar')) parser.add_argument( '--stdin-passwords', action='store_true', default=False, - dest = 'stdin_passwd', + dest='stdin_passwd', help=_("use passwords from standard input for users accounts")) return parser + def get_view(client, method, sid, view_params): try: view = client.service[0][method + '_view'](client.sid, view_params) except urllib2.URLError, e: - _print (_('Failed to connect')+':', e) + _print(_('Failed to connect') + ':', e) raise Exception(1) return view + def call_method(client, args, unknown_args, wait_thread): method = args.method stdin_passwd = args.stdin_passwd @@ -157,25 +160,27 @@ def call_method(client, args, unknown_args, wait_thread): wait_thread.stop() sys.stdout.write('\r') sys.stdout.flush() - _print (_('Unknown parameter'), i) + _print(_('Unknown parameter'), i) raise Exception(1) if view.groups is not None: param_object, steps = collect_object(client, param_object, view, args, - wait_thread,stdin_passwd=stdin_passwd) - if steps.label and hasattr (param_object, 'CheckOnly'): + wait_thread, + stdin_passwd=stdin_passwd) + if steps.label and hasattr(param_object, 'CheckOnly'): param_object['CheckOnly'] = True check_res = {} while True: - method_result = client.service[0][method](client.sid,param_object) + method_result = client.service[0][method](client.sid, + param_object) if not method_result: print _('Method not available') return None - if method_result.ReturnedMessage[0].type and \ - method_result.ReturnedMessage[0].type != "pid": + if (method_result.ReturnedMessage[0].type and + method_result.ReturnedMessage[0].type != "pid"): wait_thread.stop() check_res = check_result_msg(method_result, view, - check_res,args) + check_res, args) if not check_res: return None else: @@ -184,8 +189,8 @@ def call_method(client, args, unknown_args, wait_thread): else: break - view_params = get_view_params(client, method + '_view', step = None, \ - expert = True, brief = True) + view_params = get_view_params(client, method + '_view', step=None, + expert=True, brief=True) view = get_view(client, method, client.sid, view_params) wait_thread.stop() sys.stdout.write('\r') @@ -207,8 +212,8 @@ def call_method(client, args, unknown_args, wait_thread): if not method_result: print _('Method not available') return None - if method_result.ReturnedMessage[0].type and \ - method_result.ReturnedMessage[0].type != "pid": + if (method_result.ReturnedMessage[0].type and + method_result.ReturnedMessage[0].type != "pid"): view = ViewInfoAdapter(view) for error in method_result.ReturnedMessage: display_error(error, args, view.groups) diff --git a/pym/console/application/pid_information.py b/pym/console/application/pid_information.py index 1f1eae1..751f053 100644 --- a/pym/console/application/pid_information.py +++ b/pym/console/application/pid_information.py @@ -1,4 +1,4 @@ -#-*- coding: utf-8 -*- +# -*- coding: utf-8 -*- # Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org # @@ -13,13 +13,17 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +from calculate.console.application.function import _print from calculate.console.application.sid_func import get_sid import sys + +_ = lambda x: x from calculate.lib.cl_lang import setLocalTranslate -setLocalTranslate('cl_console3',sys.modules[__name__]) + +setLocalTranslate('cl_console3', sys.modules[__name__]) client_types = "console" -#client_types = "gui" + def pid_inf(client, sid, pids): """ get and show information about process """ @@ -32,9 +36,9 @@ def pid_inf(client, sid, pids): print _("Permission denied") return 1 - _print ('\n', _(u"Process name: %s") %s[0][4]) - print _(u"Process ID: %s") %s[0][0] - _print (_(u"%s: process started") %s[0][2]) + _print('\n', _(u"Process name: %s") % s[0][4]) + print _(u"Process ID: %s") % s[0][0] + _print(_(u"%s: process started") % s[0][2]) if s[0][1] == '1': print _(u"Process active") elif s[0][1] == '0': @@ -43,6 +47,7 @@ def pid_inf(client, sid, pids): print _(u"Process killed") return 0 + def client_list_pid(client): """ get all process id for this session """ sid = get_sid(client.SID_FILE) @@ -50,54 +55,58 @@ def client_list_pid(client): red = '\033[31m * \033[0m' green = '\033[32m * \033[0m' try: - list_pid = client.service.list_pid(sid = sid) + list_pid = client.service.list_pid(sid=sid) if list_pid[0][0] == 0: print red + _("PIDs not found for this session!") return 0 else: for i in list_pid[0]: - print green + "pid - %d" %i - except: + print green + "pid - %d" % i + except Exception: print red + _("Error fetching the PID list from the server") return 1 return len(list_pid[0]) + def gen_pid_ls(client): """ generation list with pid for this session """ sid = get_sid(client.SID_FILE) pid_ls = [] try: - list_pid = client.service.list_pid(sid = sid) + list_pid = client.service.list_pid(sid=sid) if list_pid[0][0] == 0: print _("PIDs not found for this session!") return 0 else: for i in list_pid[0]: pid_ls.append(i) - except: + except Exception: print _("Error fetching the PID list from the server") return 0 return pid_ls + def client_pid_info(client): """ get information about selected process (or about all) """ -# try: + # try: sid = get_sid(client.SID_FILE) pid_ls = gen_pid_ls(client) if pid_ls: pid_inf(client, sid, pid_ls) -# except: + + +# except: # print _("Error get data") # return 1 # return 0 def client_list_methods(client): """ get & show all available methods for this certificate """ - DAT = 0 # Access to data soap structure - RES = 0 # Access to result - COM = 0 # Getting command line - METH = 1 # Getting method line - TR_METH = 3 # Translate method name + DAT = 0 # Access to data soap structure + RES = 0 # Access to result + COM = 0 # Getting command line + METH = 1 # Getting method line + TR_METH = 3 # Translate method name results = client.service.get_methods(client.sid, client_types) if not results: print _('No methods available') @@ -111,15 +120,16 @@ def client_list_methods(client): print _("Available methods:") group_dict = {} for group in results.stringArray: - if len (group.string) == 4: + if len(group.string) == 4: group_dict[group.string[METH]] = group.string[TR_METH] - if len (group.string) == 3: - group_dict[group.string[METH]] = group.string[TR_METH-1] + if len(group.string) == 3: + group_dict[group.string[METH]] = group.string[TR_METH - 1] sort_keys = group_dict.keys() sort_keys.sort() for key in sort_keys: print " %s - %s" % (key, group_dict[key]) + def client_pid_kill(client, pid): sid = get_sid(client.SID_FILE) diff --git a/pym/console/application/sid_func.py b/pym/console/application/sid_func.py index aeded08..61e9bd8 100644 --- a/pym/console/application/sid_func.py +++ b/pym/console/application/sid_func.py @@ -16,8 +16,12 @@ import os import sys + +_ = lambda x: x from calculate.lib.cl_lang import setLocalTranslate -setLocalTranslate('cl_console3',sys.modules[__name__]) + +setLocalTranslate('cl_console3', sys.modules[__name__]) + def client_del_sid(client): """ delete this session """ @@ -32,7 +36,7 @@ def client_del_sid(client): print _("Failed to obtain certificate data!") return -2 if s[0][0] == "Permission denied": - _print (_("%s: permission denied") % s[1][1]) + print _("%s: permission denied") % s[1][1] return -3 if s[0][0] == '0': @@ -40,11 +44,12 @@ def client_del_sid(client): fi.write('0') fi.close() print _("SID deleted!") - except: + except Exception: print _("SID deletion error on the server") return 1 return 0 + def sid_inf(client, sid): red = '\033[31m * \033[0m' green = '\033[32m * \033[0m' @@ -61,39 +66,41 @@ def sid_inf(client, sid): return -3 print _('Session information: ') - print green + _(u"Session number: %s") %sid - print green + _(u"Certificate number: %s") %s[0][0] - _print (green + _(u"Certificate issued on %s") %s[0][1]) - print green + "ip - %s" %s[0][2] - print green + "MAC - %s\n" %s[0][3] + print green + _(u"Session number: %s") % sid + print green + _(u"Certificate number: %s") % s[0][0] + print green + _(u"Certificate issued on %s") % s[0][1] + print green + "ip - %s" % s[0][2] + print green + "MAC - %s\n" % s[0][3] return 0 -def client_session_info(client, sid = None): + +def client_session_info(client, sid=None): """ select session for get information """ try: select_sid = sid if sid else client.sid sid_inf(client, select_sid) except Exception, e: - if type (e.message) == tuple and len(e.message) == 2 \ - and e.message[1] == 'Forbidden': + if type(e.message) == tuple and len(e.message) == 2 \ + and e.message[1] == 'Forbidden': print _("Access forbidden!") else: print e return 1 + def client_session_list(client): red = '\033[31m * \033[0m' green = '\033[32m * \033[0m' try: res = client.service.get_sessions(client.sid) except Exception, e: - if type (e.message) == tuple and len(e.message) == 2 \ - and e.message[1] == 'Forbidden': + if type(e.message) == tuple and len(e.message) == 2 \ + and e.message[1] == 'Forbidden': print _("Access forbidden!") else: print e return 1 - if hasattr (res, 'string'): + if hasattr(res, 'string'): if res.string: print _('Active sessions on the server: ') for session_id in res.string: @@ -102,29 +109,30 @@ def client_session_list(client): return 0 print red + _('No active sessions on the server') + def session_clean(client): try: res = client.service.clear_session_cache(client.sid) - except Exception, e: - if type (e.message) == tuple and len(e.message) == 2 \ - and e.message[1] == 'Forbidden': + if res: + print _('Error clearing the session cache') + else: + print _('Session cache cleared') + except Exception as e: + if type(e.message) == tuple and len(e.message) == 2 \ + and e.message[1] == 'Forbidden': print _("Access forbidden!") else: print e - if res: - print _('Error clearing the session cache') - else: - print _('Session cache cleared') -def get_sid (SID_FILE): - if not os.path.exists(SID_FILE): - fi = open(SID_FILE, 'w') +def get_sid(sid_file): + if not os.path.exists(sid_file): + fi = open(sid_file, 'w') fi.write('0') fi.close() sid = 0 else: - fi = open(SID_FILE, 'r') + fi = open(sid_file, 'r') sid = fi.read() fi.close() - return sid \ No newline at end of file + return sid diff --git a/pym/console/console_main.py b/pym/console/console_main.py index 0060dc3..bff7e3f 100755 --- a/pym/console/console_main.py +++ b/pym/console/console_main.py @@ -1,5 +1,5 @@ #!/usr/bin/env python2 -#-*- coding: utf-8 -*- +# -*- coding: utf-8 -*- # Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org # @@ -19,19 +19,22 @@ def console_main(): import sys from calculate.console.application.cl_client import main, StoppableThread from calculate.console.application.function import _print + reload(sys) sys.setdefaultencoding("utf-8") import __builtin__ from calculate.lib.cl_lang import setLocalTranslate - setLocalTranslate('calculate_console',sys.modules[__name__]) + + _ = lambda x: x + setLocalTranslate('calculate_console', sys.modules[__name__]) __builtin__.__dict__['_print'] = _print + wait_thread = StoppableThread() try: - wait_thread = StoppableThread() sys.exit(main(wait_thread)) except KeyboardInterrupt: wait_thread.stop() red = '\033[31m * \033[0m' - print '\n'+red+_('Interrupted by the user') + print '\n' + red + _('Interrupted by the user') sys.exit(1) diff --git a/pym/console/datavars.py b/pym/console/datavars.py index 5a77b5a..103d667 100755 --- a/pym/console/datavars.py +++ b/pym/console/datavars.py @@ -1,4 +1,4 @@ -#-*- coding: utf-8 -*- +# -*- coding: utf-8 -*- # Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org # @@ -19,11 +19,14 @@ __app__ = "Calculate Console" from calculate.lib.datavars import DataVars + class DataVarsConsole(DataVars): """Variable class for installation""" def importConsole(self, **args): - '''Заполнить конфигурацию переменных, для десктопа''' + """ + Заполнить конфигурацию переменных, для десктопа + """ self.importVariables() self.importVariables('calculate.core.variables') self.importVariables('calculate.console.variables') diff --git a/pym/console/variables/console.py b/pym/console/variables/console.py index 68aebe5..76ed4ee 100755 --- a/pym/console/variables/console.py +++ b/pym/console/variables/console.py @@ -1,4 +1,4 @@ -#-*- coding: utf-8 -*- +# -*- coding: utf-8 -*- # Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org # @@ -18,7 +18,8 @@ import sys from os import path from calculate.lib.cl_lang import setLocalTranslate -setLocalTranslate('cl_console3',sys.modules[__name__]) + +setLocalTranslate('cl_console3', sys.modules[__name__]) class VariableClGuiData(Variable): @@ -27,12 +28,15 @@ class VariableClGuiData(Variable): """ value = '/var/calculate/server' + class VariableClGuiDatabase(Variable): """ Variable store name files containing clients certificates """ + def get(self): - return path.join(self.Get('cl_gui_data'),"client_certs/Database") + return path.join(self.Get('cl_gui_data'), "client_certs/Database") + class VariableClGuiImagePath(Variable): """