calculate
/
calculate-utils-3-console
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: calculate:master
Branches Tags
calculate:master
calculate:py3_forced
calculate:legacy27
calculate:migr_to_suds
calculate:master-3.5
calculate:master3.4
calculate:master3.3
calculate:develop
..
compare: calculate:migr_to_suds
Branches Tags
calculate:master
calculate:py3_forced
calculate:legacy27
calculate:migr_to_suds
calculate:master-3.5
calculate:master3.4
calculate:master3.3
calculate:develop

No commits in common. 'master' and 'migr_to_suds' have entirely different histories.
master ... migr_to_su

15 changed files with 837 additions and 616 deletions
Show Stats

5
.gitignore vendored
Unescape View File

@ -1,5 +0,0 @@
revert_changes_to_vmachine
push_to_vmachine*
.vscode
*.pyc
*.pyo

2
bin/cl-console
Unescape View File

@ -1,4 +1,4 @@
#!/usr/bin/env python
#!/usr/bin/env python2
#-*- coding: utf-8 -*-
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org

28
bin/cl-consoled
Unescape View File

@ -15,7 +15,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
from importlib import reload
import socket
import sys, pwd, os
import random, string, datetime
@ -23,6 +22,7 @@ import subprocess
from calculate.console.application.cert_func import owner, getRunProc
reload(sys)
sys.setdefaultencoding("utf-8")
from calculate.lib.cl_lang import setLocalTranslate
setLocalTranslate('calculate_console',sys.modules[__name__])
@ -63,17 +63,17 @@ def start():
passwd_list = []
error_num = 0
print('password daemon start')
print 'password daemon start'
time_last = datetime.datetime.now()
find_flag = False
while 1:
char_list = [random.choice(string.ascii_letters) for x in range(128)]
char_list = [random.choice(string.letters) for x in xrange(128)]
hash_val = "".join(char_list)
fd = open(file_path, 'w')
fd.write("%d %s" %(port, hash_val))
fd.close()
os.chmod(file_path, 0o600)
os.chmod(file_path, 0600)
if error_num:
return 1
@ -82,10 +82,10 @@ def start():
try:
client, address = s.accept()
except KeyboardInterrupt:
print()
print
return 1
print("server: got connection from %s port %d" \
%(address[0], address[1]))
print "server: got connection from %s port %d" \
%(address[0], address[1])
# получаем данные от клиента с размером size=1024
data = client.recv(size)
@ -102,7 +102,7 @@ def start():
if hash_val != userhash:
error_msg = 'Error: incorrect hash'
print(error_msg)
print error_msg
client.send(error_msg)
error_num += 1
break
@ -119,7 +119,7 @@ def start():
find_flag = False
break
error_msg = 'Error: password not found'
print(error_msg)
print error_msg
client.send(error_msg)
msg = client.recv(size)
@ -132,7 +132,7 @@ def start():
break
if r_host != s_host or r_port != s_port:
error_msg = 'Error: mismatch destination hosts'
print(error_msg)
print error_msg
client.send(error_msg)
data = ''
break
@ -147,7 +147,7 @@ def start():
delete, s_host, s_port, username, userhash = data.split(',')
if hash_val != userhash:
error_msg = 'Error: incorrect hash'
print(error_msg)
print error_msg
client.send(error_msg)
error_num += 1
break
@ -162,7 +162,7 @@ def start():
break
else:
error_msg = 'Error: incorrect data'
print(error_msg)
print error_msg
client.send(error_msg)
error_num += 1
break
@ -173,7 +173,7 @@ def stop():
username = pwd.getpwuid(os.getuid()).pw_name
for run_commands in filter(lambda x:'cl-consoled' in \
x[0], getRunProc()):
x[0],getRunProc()):
if 'python' in run_commands[0]:
if username == owner(run_commands[1]) and \
str(os.getpid()) != run_commands[1]:
@ -186,7 +186,7 @@ if __name__=='__main__':
stop()
if not args.stop:
while True:
print('start')
print 'start'
res = start()
if res != 408:
sys.exit(res)

147
pym/console/application/cert_func.py
Unescape View File

@ -20,13 +20,13 @@ import sys
import subprocess
import socket
import time
import urllib.request as urllib2
from urllib.error import URLError
from .function import _print, get_ip_mac_type, parse_error
import urllib2
from calculate.console.application.function import _print
from function import get_ip_mac_type
import OpenSSL
import hashlib
from .client_class import HTTPSClientCertTransport
from .cert_verify import VerifyError
from client_class import HTTPSClientCertTransport
from cert_verify import VerifyError
from calculate.core.datavars import DataVarsCore
from calculate.core.server.methods_func import get_password
from calculate.lib.cl_lang import setLocalTranslate
@ -48,32 +48,32 @@ def client_post_cert(client, clVars, show_info=False):
result_sid = _result_sid[1].integer
if os.environ.get("DEBUG"):
print(_("The client uses certificate {certfile} "
print _("The client uses certificate {certfile} "
"(server ID {cert_id})").format(
certfile=client.CERT_FILE, cert_id=result_post_cert[0]))
certfile=client.CERT_FILE, cert_id=result_post_cert[0])
if result_post_cert[0] == -4:
print(_("Certificate not found on the server"))
print(_("the client uses certificate %s") % client.CERT_FILE)
print(_('You can generate a new certificate '
print _("Certificate not found on the server")
print _("the client uses certificate %s") % client.CERT_FILE
print _('You can generate a new certificate '
'using options --gen-cert-by and '
'--get-cert-from'))
'--get-cert-from')
raise Exception(3)
# client_sid(sid, client, cert_id = results[0][0], clVars = clVars)
if result_post_cert[0] == -3:
print(_("Certificate not sent!"))
print _("Certificate not sent!")
elif result_post_cert[0] == -2:
print(_("Using the upstream certificate"))
print _("Using the upstream certificate")
else:
if show_info:
print(_(" Your certifitate ID = %d") % (result_post_cert[0]))
print _(" Your certifitate ID = %d") % (result_post_cert[0])
try:
if result_post_cert[1] == -2:
print(_("The certificate has expired"))
print _("The certificate has expired")
elif result_post_cert[1] > 0:
if show_info:
print(_("The certificate expires after %d days") % (
result_post_cert[1]))
print _("The certificate expires after %d days") % (
result_post_cert[1])
except:
pass
@ -82,16 +82,16 @@ def client_post_cert(client, clVars, show_info=False):
if show_info:
if result_sid[1] == 1:
print(_(" New Session"))
print _(" New Session")
else:
print(_(" Old Session"))
print(_(" Your session ID = %s") % sid)
print _(" Old Session")
print _(" Your session ID = %s") % sid
# Creation of secret key of the client
def new_key_req(key, cert_path, server_host_name, private_key_passwd=None,
auto=False):
from .create_cert import generateRSAKey, makePKey, makeRequest, \
from create_cert import generateRSAKey, makePKey, makeRequest, \
passphrase_callback
rsa = generateRSAKey()
@ -107,18 +107,18 @@ def new_key_req(key, cert_path, server_host_name, private_key_passwd=None,
crtreq = req.as_pem()
req_file = cert_path + '/%s.csr' % server_host_name
crtfile = open(req_file, 'wb')
crtfile = open(req_file, 'w')
crtfile.write(crtreq)
crtfile.close()
user_name = pwd.getpwuid(os.getuid()).pw_name
try:
pwdObj = pwd.getpwnam(user_name)
except KeyError as e:
_print(parse_error(e))
except KeyError, e:
_print(e)
return None
os.chown(key, pwdObj.pw_uid, pwdObj.pw_gid)
os.chmod(key, 0o600)
os.chmod(key, 0600)
return req_file
@ -129,15 +129,16 @@ def delete_old_cert(client):
os.unlink(client.REQ_FILE)
os.unlink(client.PKEY_FILE)
os.unlink(client.PubKEY_FILE)
except OSError as e:
_print(parse_error(e))
except OSError, e:
_print(e.message)
def client_post_request(cert_path, args):
if os.path.exists(cert_path + 'req_id'):
print(_("You already sent a certificate signature request."))
print \
_("You already sent a certificate signature request.")
_print(_("Request ID = %s") % readFile(cert_path + 'req_id'))
ans = input(_("Send a new request? y/[n]: "))
ans = raw_input(_("Send a new request? y/[n]: "))
if not ans.lower() in ['y', 'yes']:
return 0
clVars = DataVarsCore()
@ -147,14 +148,14 @@ def client_post_request(cert_path, args):
port = args.port or clVars.Get('core.cl_core_port')
url = "https://%s:%s/?wsdl" % (args.by_host, port)
print('%s\n' % url, _("connecting..."))
from .client_class import Client_suds
print '%s\n' % url, _("connecting...")
from client_class import Client_suds
try:
client = Client_suds(url, transport=HTTPSClientCertTransport \
(None, None, cert_path))
except (KeyboardInterrupt, URLError) as e:
print('\n' + _("Closing. Connection error."))
except (KeyboardInterrupt, urllib2.URLError), e:
print '\n' + _("Closing. Connection error.")
_print(_("Error: %s") % e)
return 0
client.wsdl.services[0].setlocation(url)
@ -164,8 +165,8 @@ def client_post_request(cert_path, args):
key = os.path.join(cert_path, server_host_name + '.key')
csr_file = os.path.join(cert_path, server_host_name + '.csr')
if os.path.exists(key) and os.path.exists(csr_file):
print(_("the private key and request now exist"))
ask = input(_("Create a new private key and request? y/[n]: "))
print _("the private key and request now exist")
ask = raw_input(_("Create a new private key and request? y/[n]: "))
if ask.lower() in ['y', 'yes']:
passwd = get_password()
new_key_req(key, cert_path, server_host_name,
@ -180,7 +181,7 @@ def client_post_request(cert_path, args):
res = client.service.post_client_request(request=data, ip=ip,
mac=mac, client_type=client_type)
if int(res) < 0:
print(_("The server has not signed the certificate!"))
print _("The server has not signed the certificate!")
return 1
fc = open(os.path.join(cert_path, 'req_id'), 'w')
fc.write(res)
@ -197,8 +198,8 @@ def client_get_cert(cert_path, args):
clVars.flIniFile()
if not os.path.exists(os.path.join(cert_path, 'req_id')):
print(_("Request not sent or file %s deleted") \
% (os.path.join(cert_path, 'req_id')))
print _("Request not sent or file %s deleted") \
% (os.path.join(cert_path, 'req_id'))
return 1
fc = open(os.path.join(cert_path, 'req_id'), 'r')
req_id = fc.read()
@ -206,26 +207,26 @@ def client_get_cert(cert_path, args):
port = args.port or clVars.Get('core.cl_core_port')
url = "https://%s:%s/?wsdl" % (args.from_host, port)
print('%s\n' % url, _("connecting..."))
print '%s\n' % url, _("connecting...")
from .client_class import Client_suds
from client_class import Client_suds
try:
client = Client_suds(url,
transport=HTTPSClientCertTransport(None, None,
cert_path))
except KeyboardInterrupt:
print(_("Closing. Connection error."))
print _("Closing. Connection error.")
return 1
client.wsdl.services[0].setlocation(url)
server_host_name = client.service.get_server_host_name()
if not os.path.exists(os.path.join(cert_path, server_host_name + '.csr')):
print(_("Request %s not found on the client's side") \
% (os.path.join(cert_path, server_host_name + '.csr')))
print _("Request %s not found on the client's side") \
% (os.path.join(cert_path, server_host_name + '.csr'))
return 1
request = readFile(os.path.join(cert_path, server_host_name + '.csr'), binary=True)
request = readFile(os.path.join(cert_path, server_host_name + '.csr'))
md5 = hashlib.md5()
md5.update(request)
md5sum = md5.hexdigest()
@ -237,19 +238,19 @@ def client_get_cert(cert_path, args):
except IndexError:
ca_root = None
if cert == '1':
print(_("Signature request rejected!"))
print _("Signature request rejected!")
return 1
elif cert == '2':
print(_("Signature request not examined yet."))
print(_("Your request ID = %s") % req_id + '.\n', \
print _("Signature request not examined yet.")
print _("Your request ID = %s") % req_id + '.\n', \
_("To submit the certificate request on the server use command") + \
'\n' + 'cl-core --sign-client ID_CLIENT_REQUEST')
'\n' + 'cl-core --sign-client ID_CLIENT_REQUEST'
return 1
elif cert == '3':
print(_("Request or signature not matching earlier data."))
print _("Request or signature not matching earlier data.")
return 1
elif cert == '4':
print(_("The request was sent from another IP."))
print _("The request was sent from another IP.")
return 1
cert_file = os.path.join(cert_path, server_host_name + '.crt')
fc = open(cert_file, 'w')
@ -257,17 +258,17 @@ def client_get_cert(cert_path, args):
fc.close()
try:
os.unlink(cert_path + 'req_id')
except OSError as e:
_print(parse_error(e))
print(_('Certificate saved. Your certificate ID: %s') % req_id)
except OSError, e:
_print(e.message)
print _('Certificate saved. Your certificate ID: %s') % req_id
user_name = pwd.getpwuid(os.getuid()).pw_name
try:
pwdObj = pwd.getpwnam(user_name)
except KeyError as e:
_print(parse_error(e))
except KeyError, e:
_print(e)
return None
os.chown(cert_file, pwdObj.pw_uid, pwdObj.pw_gid)
os.chmod(cert_file, 0o600)
os.chmod(cert_file, 0600)
if ca_root:
system_ca_db = clVars.Get('core.cl_glob_root_cert')
@ -282,10 +283,10 @@ def client_get_cert(cert_path, args):
root_cert_md5 = os.path.join(cl_client_cert_dir, "ca/cert_list")
md5 = hashlib.md5()
md5.update(ca_root.encode("UTF-8"))
md5.update(ca_root)
md5sum = md5.hexdigest()
print("\n=================================================")
print("md5sum = ", md5sum)
print "\n================================================="
print "md5sum = ", md5sum
if not os.path.exists(root_cert_md5):
fc = open(root_cert_md5, "w")
@ -305,15 +306,15 @@ def client_get_cert(cert_path, args):
(OpenSSL.SSL.FILETYPE_PEM, ca_root)
Issuer = certobj.get_issuer().get_components()
for item in Issuer:
if item[0] == b'CN':
filename = item[1].decode("UTF-8")
if item[0] == 'CN':
filename = item[1]
fc = open(root_cert_md5, "a")
fc.write('%s %s\n' % (md5sum, filename))
fc.close()
if not filename:
print(_('Field "CN" not found in the certificate!'))
print _('Field "CN" not found in the certificate!')
return 1
fd = open(os.path.join(cl_client_cert_dir, 'ca', filename), 'w')
@ -325,10 +326,10 @@ def client_get_cert(cert_path, args):
fa = open(user_root_cert, 'a')
fa.write(ca_root)
fa.close()
print(_("filename = "), filename)
print(_("Certificate added"))
print _("filename = "), filename
print _("Certificate added")
else:
print(_("The file containing the CA certificate now exists"))
print _("The file containing the CA certificate now exists")
return 0
@ -341,12 +342,12 @@ def client_post_auth(client):
pass # client_post_cert(client)
else:
# client_post_request(client)
print(_(
"You do not have a certificate. Use option --gen-cert-by HOST to generate a new request or --get-cert-from HOST to get a new certificate from the server."))
print _(
"You do not have a certificate. Use option --gen-cert-by HOST to generate a new request or --get-cert-from HOST to get a new certificate from the server.")
raise Exception(1)
# print client.service.versions(sid, VERSION)
except VerifyError as e:
print(e.value)
except VerifyError, e:
print e.value
raise Exception(1)
@ -365,7 +366,9 @@ def getRunProc():
if not os.access('/proc', os.R_OK):
return []
return [getCmd(x) for x in listDirectory('/proc') if x.isdigit()]
return map(getCmd,
filter(lambda x: x.isdigit(),
listDirectory('/proc')))
def owner(pid):
@ -396,8 +399,8 @@ def create_socket(file_path, username):
if not find_proc:
try:
os.unlink(file_path)
except OSError as e:
_print(parse_error(e))
except OSError, e:
_print(e.message)
cmd = ['cl-consoled']
# print cmd

64
pym/console/application/cert_verify.py
Unescape View File

@ -18,7 +18,7 @@ import os
import re
import sys
import OpenSSL
from .function import _print, parse_error
from calculate.console.application.function import _print
from calculate.core.datavars import DataVarsCore
from calculate.lib.utils.files import readFile
@ -45,10 +45,10 @@ def verify(server_cert, crl_path, flag):
Issuer = certobj.get_issuer().get_components()
CN, L = None, None
for i in Issuer:
if i[0] == b'CN':
CN = i[1].decode("UTF-8")
elif i[0] == b'L':
L = i[1].decode("UTF-8")
if i[0] == 'CN':
CN = i[1]
elif i[0] == 'L':
L = i[1]
if CN and len(CN) > 2:
crl_file = crl_path + CN
@ -57,12 +57,12 @@ def verify(server_cert, crl_path, flag):
host = L.split(':')[0]
except:
if not flag:
print(_("fields CN and L in the CA certificate are incorrect!"))
print _("fields CN and L in the CA certificate are incorrect!")
return 0
crl_file = crl_path + host
else:
if not flag:
print(_("fields CN and L in the CA certificate are incorrect!"))
print _("fields CN and L in the CA certificate are incorrect!")
return 0
if not os.path.exists(crl_file):
@ -82,16 +82,16 @@ def verify(server_cert, crl_path, flag):
for rvk in revoked_objects:
if serverSerial == int(rvk.get_serial(), 16):
print(_("This certificate has been revoked!"))
print(_("Serial") + _(': %s\n') % rvk.get_serial().decode("UTF-8") + _(
"Revoke date") + _(': %s') % rvk.get_rev_date().decode("UTF-8"))
print _("This certificate has been revoked!")
print _("Serial") + _(': %s\n') % rvk.get_serial() + _(
"Revoke date") + _(': %s') % rvk.get_rev_date()
raise VerifyError('CRL Exception')
return 0
def get_CRL(path_to_cert):
print('update CRL')
print 'update CRL'
""" get new CRL (Certificate Revocation List) from all CA """
# local CRL
CRL_path = os.path.join(path_to_cert, 'ca/crl/')
@ -101,13 +101,13 @@ def get_CRL(path_to_cert):
try:
os.makedirs(path_to_cert)
except OSError:
print(_("Failed to create directory %s") % path_to_cert)
print _("Failed to create directory %s") % path_to_cert
raise Exception(1)
try:
os.makedirs(os.path.join(path_to_cert, 'ca'))
except OSError:
print(_("Failed to create directory %s") % (
os.path.join(path_to_cert, 'ca')))
print _("Failed to create directory %s") % (
os.path.join(path_to_cert, 'ca'))
raise Exception(1)
os.makedirs(CRL_path)
@ -145,16 +145,16 @@ def get_CRL(path_to_cert):
Subject = certobj.get_subject().get_components()
last_subj = ""
for subj in Subject:
if subj[0] == b'L':
url = "https://" + subj[1].decode("UTF-8") + "/?wsdl"
if subj[0] == b'CN':
CN = subj[1].decode("UTF-8")
if subj[0] == 'L':
url = "https://" + subj[1] + "/?wsdl"
if subj[0] == 'CN':
CN = subj[1]
last_subj = subj
if url:
new_crl = None
from .client_class import Client_suds
from .client_class import HTTPSClientCertTransport
from client_class import Client_suds
from client_class import HTTPSClientCertTransport
# connect to ca server (url get from certificates)
client = None
try:
@ -164,7 +164,7 @@ def get_CRL(path_to_cert):
client.set_parameters(path_to_cert, None, None, None)
new_crl = client.service.get_crl()
except VerifyError as e:
except VerifyError, e:
_print(e.value)
# rm_ca_from_trusted(ca)
raise Exception(1)
@ -175,7 +175,7 @@ def get_CRL(path_to_cert):
if CN and len(CN) > 2:
CRL_file = CRL_path + CN
else:
host = last_subj[1].split(b':')[0].decode("UTF-8")
host = last_subj[1].split(':')[0]
CRL_file = CRL_path + host
if new_crl == ' ':
open(CRL_file, 'w').close()
@ -188,7 +188,7 @@ def get_CRL(path_to_cert):
with open(CRL_file, 'w') as fd:
fd.write(new_crl)
print(_("CRL added"))
print _("CRL added")
find_ca_in_crl(CRL_path, all_ca_certs_list)
@ -200,8 +200,8 @@ def find_ca_in_crl(CRL_path, all_ca_certs_list):
Issuer = certobj.get_issuer().get_components()
CN = ""
for item in Issuer:
if item[0] == b'CN':
CN = item[1].decode("UTF-8")
if item[0] == 'CN':
CN = item[1]
serverSerial = certobj.get_serial_number()
CRL = CRL_path + CN
if not os.path.exists(CRL):
@ -243,7 +243,7 @@ def rm_ca_from_trusted(ca_cert):
import hashlib
md5 = hashlib.md5()
md5.update(ca_cert.encode("UTF-8"))
md5.update(ca_cert)
md5sum = md5.hexdigest()
# search ca certificate in user ca list
@ -260,8 +260,8 @@ def rm_ca_from_trusted(ca_cert):
if ca_cert == readFile(filename):
try:
os.unlink(filename)
except OSError as e:
_print(parse_error(e))
except OSError, e:
_print(e.message)
else:
newfile += (line + '\n')
else:
@ -284,8 +284,8 @@ def rm_ca_from_trusted(ca_cert):
if ca_cert != cert:
new_user_ca_certs.append(cert)
else:
print(_("CA certificate deleted from the list of user "
"trusted certificates"))
print _("CA certificate deleted from the list of user "
"trusted certificates")
fd = open(user_ca_db, 'w')
for cert in new_user_ca_certs:
@ -304,8 +304,8 @@ def rm_ca_from_trusted(ca_cert):
if ca_cert != cert:
new_system_ca_certs.append(cert)
else:
print(_("CA certificate deleted from the list of system "
"trusted certificates"))
print _("CA certificate deleted from the list of system "
"trusted certificates")
fd = open(system_ca_db, 'w')
for cert in new_system_ca_certs:

204
pym/console/application/cl_client.py
Unescape View File

@ -16,35 +16,34 @@
from calculate.core.server.local_call import Display, Methods, has_force_arg
from calculate.lib.utils.tools import unpack_single_opts
import calculate.contrib
# from sudsds import WebFault
from suds import WebFault
# from sudsds.transport import TransportError
from suds.transport import TransportError
from .client_class import Client_suds
from client_class import Client_suds
import traceback as tb
import time
import logging
import os
import sys
import threading
import urllib.request as urllib2
from urllib.error import URLError
from .pid_information import client_list_methods
from .cert_func import (client_post_auth, client_post_request, client_get_cert,
import urllib2
from pid_information import client_list_methods
from cert_func import (client_post_auth, client_post_request, client_get_cert,
client_post_cert, get_password_from_daemon,
clear_password)
from .sid_func import session_clean, client_session_info, client_session_list
from .cert_verify import get_CRL, VerifyError
from sid_func import session_clean, client_session_info, client_session_list
from cert_verify import get_CRL, VerifyError
import M2Crypto
import OpenSSL
from calculate.core.datavars import DataVarsCore
from .client_class import HTTPSClientCertTransport
from .methods_func import call_method, get_method_argparser, parse, get_view
from .function import (MessageReceiver, MessageDispatcher, clear, _print,
get_view_params, parse_error)
from client_class import HTTPSClientCertTransport
from methods_func import call_method, get_method_argparser, parse, get_view
from function import (MessageReceiver, MessageDispatcher, clear, _print,
get_view_params)
from calculate.lib.utils.files import makeDirectory, readLinesFile
from calculate.lib.cl_lang import setLocalTranslate
from M2Crypto import BIO
_ = lambda x: x
setLocalTranslate('cl_console3', sys.modules[__name__])
@ -72,15 +71,15 @@ def client_signal(client):
try:
client.service.active_client(sid)
except:
print(_('no connection to the server!'))
print _('no connection to the server!')
raise Exception(1)
time.sleep(float(client_active))
class StoppableThread(threading.Thread):
def __init__(self):
super().__init__()
self._thread_stopped = threading.Event()
super(StoppableThread, self).__init__()
self._stop = threading.Event()
self._pause = threading.Event()
self._paused = threading.Event()
@ -109,10 +108,10 @@ class StoppableThread(threading.Thread):
self._pause.clear()
def stop(self):
self._thread_stopped.set()
self._stop.set()
def stopped(self):
return self._thread_stopped.isSet()
return self._stop.isSet()
def paused(self):
return self._pause.isSet()
@ -129,25 +128,12 @@ def connect_with_cert(cert, path_to_cert, url, args, wait_thread, clVarsCore,
return None, 1, crypto_Error, False, None
client = None
rsa_password = args.cert_passwd or ""
with open(CERT_KEY) as inf:
if 'ENCRYPTED' in inf.readline():
if not args.cert_passwd:
Connect_Error = 1
return None, 1, crypto_Error, False, _("RSA key contain ENCRYPTED. Use '--cert-passwd' to provide password")
try:
bio = M2Crypto.BIO.openfile(CERT_KEY)
rsa = M2Crypto.m2.rsa_read_key(bio._ptr(), lambda *unused: bytes(rsa_password, 'utf-8'))
except SystemError as e:
Connect_Error = 1
return None, 1, crypto_Error, False, _("Failed to read rsa key")
bio = M2Crypto.BIO.openfile(CERT_KEY)
rsa = M2Crypto.m2.rsa_read_key(bio._ptr(), lambda *unused: "")
store_passwd = None
if not rsa:
try:
port = args.port or clVarsCore.Get('core.cl_core_port')
store_passwd = get_password_from_daemon(args.host, port, wait_thread)
except TypeError:
return None, 1, crypto_Error, False, _("Failed to get password from daemon or provided password is incorrect")
port = args.port or clVarsCore.Get('core.cl_core_port')
store_passwd = get_password_from_daemon(args.host, port, wait_thread)
key_passwd = store_passwd
er = None
try:
@ -155,8 +141,8 @@ def connect_with_cert(cert, path_to_cert, url, args, wait_thread, clVarsCore,
client = Client_suds(
url, transport=HTTPSClientCertTransport(
CERT_KEY, CERT_FILE, path_to_cert, password=key_passwd,
ca_certs=ca_certs, wait_thread=wait_thread, rsa_password=bytes(rsa_password, 'utf-8')))
if not wait_thread.is_alive():
ca_certs=ca_certs, wait_thread=wait_thread))
if not wait_thread.isAlive():
wait_thread = StoppableThread()
flag_thread_start = True
wait_thread.start()
@ -165,19 +151,19 @@ def connect_with_cert(cert, path_to_cert, url, args, wait_thread, clVarsCore,
wait_thread.stop()
client_post_cert(client, clVarsCore)
Connect_Error = 0
except VerifyError as e:
except VerifyError, e:
Connect_Error = 1
er = e
except OpenSSL.crypto.Error as e:
except OpenSSL.crypto.Error, e:
Connect_Error = 1
crypto_Error = 1
er = e
except URLError as e:
except urllib2.URLError, e:
Connect_Error = 1
er = e
except Exception as e:
er = e
if e == 3:
if e.message == 3:
wait_thread.stop()
sys.exit(1)
Connect_Error = 1
@ -220,8 +206,8 @@ def add_server_hostname(host, path_to_cert, server_hostname):
fd.write(temp_file)
fd.close()
return True
except Exception as e:
print(e)
except Exception, e:
print e
return False
@ -248,7 +234,7 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread):
return 0
if args.pid_res == "list":
from .pid_information import client_pid_info
from pid_information import client_pid_info
wait_thread.stop()
client_pid_info(client, wait_thread)
return 0
@ -261,7 +247,7 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread):
if args.pid_res:
wait_thread.stop()
if not args.pid_res.isdigit():
print(_("Wrong PID"))
print _("Wrong PID")
return 1
mr = get_entire_message_receiver(client, int(args.pid_res))
if mr:
@ -274,7 +260,7 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread):
if args.pid_kill:
wait_thread.stop()
from .pid_information import client_pid_kill
from pid_information import client_pid_kill
return client_pid_kill(client, args.pid_kill)
@ -309,8 +295,8 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread):
dispatch_usenew = _args.no_questions
finally:
wait_thread.stop()
# sys.stdout.write("\b")
# sys.stdout.flush()
sys.stdout.write("\b")
sys.stdout.flush()
client.service.clear_method_cache(client.sid, args.method)
method_parser.print_help()
else:
@ -321,25 +307,25 @@ def https_server(client, args, unknown_args, url, clVarsCore, wait_thread):
try:
mr.analysis(method_result)
# analysis(client, client.sid, method_result)
except URLError as e:
_print(parse_error(e))
except urllib2.URLError, e:
_print(e)
except KeyboardInterrupt:
try:
print()
print
mess = method_result[0][0]
pid = int(mess.message)
result = client.service.pid_kill(pid, client.sid)
if result in [0, 2]:
print(_('Process terminated'))
print _('Process terminated')
elif result == -1:
print(_("Certificate not found on the server"))
print _("Certificate not found on the server")
elif result == -2:
print(_("Session not matching your certificate"))
print _("Session not matching your certificate")
elif result == 1:
print(_("Failed to terminate the process"))
print _("Failed to terminate the process")
mr.analysis(method_result)
except Exception as e:
_print(parse_error(e))
except Exception, e:
_print(e.message)
try:
mess = method_result[0][0]
@ -384,16 +370,16 @@ def main(wait_thread):
if not args.method and args.help:
wait_thread.stop()
# sys.stdout.write('\r')
# sys.stdout.flush()
sys.stdout.write('\r')
sys.stdout.flush()
parser.print_help()
return 0
if not args.method:
if unknown_args:
wait_thread.stop()
# sys.stdout.write('\r')
# sys.stdout.flush()
sys.stdout.write('\r')
sys.stdout.flush()
args = parser.parse_args(
list(unpack_single_opts(sys.argv[1:])))
@ -412,7 +398,6 @@ def main(wait_thread):
port = args.port or clVarsCore.GetInteger('core.cl_core_port')
host = args.host
path_to_cert = args.path_to_cert
if not path_to_cert:
path_to_cert = clVarsCore.Get('core.cl_client_cert_dir')
path_to_cert = path_to_cert.replace("~", homePath)
@ -424,7 +409,7 @@ def main(wait_thread):
wait_thread.stop()
sys.stdout.write('\r')
sys.stdout.flush()
print(_("Failed to create directory %s") % dir_path)
print _("Failed to create directory %s") % dir_path
return 1
if args.update_crl:
@ -432,7 +417,7 @@ def main(wait_thread):
getCRL = threading.Thread(target=get_CRL, args=(path_to_cert,))
getCRL.start()
getCRL.join()
print('CRL updated')
print 'CRL updated'
return 0
if args.by_host:
@ -445,7 +430,7 @@ def main(wait_thread):
return 0
url = "https://%s:%s/?wsdl" % (host, port)
try:
from calculate.lib.utils.dbus_tools import run_dbus_core
run_dbus_core(host, port)
@ -456,7 +441,6 @@ def main(wait_thread):
serv_hostname = get_server_hostname(host, path_to_cert)
get_name_flag = False
client = None
if serv_hostname:
Connect_Error = 1
crypto_Error = 0
@ -464,7 +448,7 @@ def main(wait_thread):
connect_with_cert(serv_hostname, path_to_cert, url, args,
wait_thread, clVarsCore, crypto_Error,
Connect_Error)
if not wait_thread.is_alive():
if not wait_thread.isAlive():
wait_thread = StoppableThread()
wait_thread.start()
get_name_flag = True
@ -473,13 +457,13 @@ def main(wait_thread):
wait_thread.stop()
sys.stdout.write('\r')
sys.stdout.flush()
print(_('Invalid password'))
print _('Invalid password')
# delete password from daemon list
clear_password(host, port)
elif e:
wait_thread.stop()
if type(e) != int:
print(_('Error: '), e)
if type(e.message) != int:
print _('Error: '), e
get_name_flag = False
if get_name_flag:
@ -490,33 +474,33 @@ def main(wait_thread):
try:
return_val = https_server(client, args, unknown_args, url,
clVarsCore, wait_thread)
except URLError as e:
print(_('Error: '), e)
except urllib2.URLError, e:
print _('Error: '), e
except KeyboardInterrupt:
wait_thread.stop()
red = '\n' + '\033[31m * \033[0m'
print(red + _("Manually interrupted"))
except Exception as e:
print red + _("Manually interrupted")
except Exception, e:
wait_thread.stop()
if type(e) != int:
if e:
print(e)
if type(e.message) != int:
if e.message:
print e.message
elif e.args:
print(e)
print e
return 1
wait_thread.stop()
return return_val
except WebFault as f:
print(_("Exception: %s") % f)
except WebFault, f:
print _("Exception: %s") % f
_print(f.fault)
except TransportError as te:
print(_("Exception: %s") % te)
except TransportError, te:
print _("Exception: %s") % te
except KeyboardInterrupt:
wait_thread.stop()
red = '\n' + '\033[31m * \033[0m'
print(red + _("Manually interrupted"))
except Exception as e:
print(_("Exception: %s") % e)
print red + _("Manually interrupted")
except Exception, e:
print _("Exception: %s") % e
tb.print_exc()
wait_thread.stop()
@ -527,16 +511,16 @@ def main(wait_thread):
client.wsdl.services[0].setlocation(url)
server_host_name = client.service.get_server_host_name()
if not add_server_hostname(host, path_to_cert, server_host_name):
print('compliance_file write error!')
print 'compliance_file write error!'
del client
except URLError as e:
except urllib2.URLError, e:
wait_thread.stop()
print('\b' + _('Failed to connect') + ':', e)
print '\b' + _('Failed to connect') + ':', e
return 1
except KeyboardInterrupt:
wait_thread.stop()
red = '\n' + '\033[31m * \033[0m'
print(red + _("Manually interrupted"))
print red + _("Manually interrupted")
try:
import glob
@ -560,7 +544,7 @@ def main(wait_thread):
connect_with_cert(cert_name, path_to_cert, url, args,
wait_thread, clVarsCore, crypto_Error,
Connect_Error)
if not wait_thread.is_alive():
if not wait_thread.isAlive():
wait_thread = StoppableThread()
wait_thread.start()
@ -571,16 +555,16 @@ def main(wait_thread):
if Connect_Error:
if crypto_Error and passwd_flag:
wait_thread.stop()
# sys.stdout.write('\r')
# sys.stdout.flush()
print(_('Invalid password'))
sys.stdout.write('\r')
sys.stdout.flush()
print _('Invalid password')
# delete password from daemon list
clear_password(host, port)
return 1
elif e:
wait_thread.stop()
if type(e) != int:
print(_('Error: '), e)
if type(e.message) != int:
print _('Error: '), e
return 1
CERT_FILE = None
@ -596,34 +580,34 @@ def main(wait_thread):
try:
return_val = https_server(client, args, unknown_args, url,
clVarsCore, wait_thread)
except URLError as e:
print(_('Error: '), e)
except urllib2.URLError, e:
print _('Error: '), e
except KeyboardInterrupt:
wait_thread.stop()
red = '\n' + '\033[31m * \033[0m'
print(red + _("Manually interrupted"))
except Exception as e:
print red + _("Manually interrupted")
except Exception, e:
wait_thread.stop()
if type(e) != int:
if e:
print(e)
if type(e.message) != int:
if e.message:
print e.message
elif e.args:
print(e)
print e
# tb.print_exc()
return 1
wait_thread.stop()
return return_val
# ----------------------------------------------------
except WebFault as f:
print(_("Exception: %s") % f)
except WebFault, f:
print _("Exception: %s") % f
_print(f.fault)
except TransportError as te:
print(_("Exception: %s") % te)
except TransportError, te:
print _("Exception: %s") % te
except KeyboardInterrupt:
wait_thread.stop()
red = '\n' + '\033[31m * \033[0m'
print(red + _("Manually interrupted"))
except Exception as e:
print(_("Exception: %s") % e)
print red + _("Manually interrupted")
except Exception, e:
print _("Exception: %s") % e
tb.print_exc()
wait_thread.stop()

404
pym/console/application/client_class.py
Unescape View File

@ -14,7 +14,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import urllib.request as u2
import urllib2 as u2
if hasattr(u2, "ssl"):
u2.ssl._create_default_https_context = u2.ssl._create_unverified_context
import os
@ -24,23 +25,33 @@ import ssl
import OpenSSL
import hashlib
import M2Crypto
from M2Crypto import BIO
import calculate.contrib
from calculate.core.datavars import DataVarsCore
from calculate.lib.datavars import DataVars
import calculate.contrib
# from sudsds.client import Client
from suds.client import Client
from .cert_verify import verify, get_CRL
import http.client as httplib
from cert_verify import verify, get_CRL
# from sudsds.transport.http import (HttpTransport, SUDSHTTPRedirectHandler,
# CheckingHTTPSConnection,
# CheckingHTTPSHandler,
# PYOPENSSL_AVAILABLE, PyOpenSSLSocket)
import httplib
from suds.transport.http import HttpTransport
from .pyopenssl_wrapper import PyOpenSSLSocket
try:
from pyopenssl_wrapper import PyOpenSSLSocket
except ImportError:
PYOPENSSL_AVAILABLE = False
else:
PYOPENSSL_AVAILABLE = True
# from sudsds.transport import Transport
# from sudsds.properties import Unskin
from suds.transport import Transport
from suds.properties import Unskin
from http.cookiejar import CookieJar, DefaultCookiePolicy
from cookielib import CookieJar, DefaultCookiePolicy
from logging import getLogger
from ..datavars import DataVarsConsole
from calculate.console.datavars import DataVarsConsole
from calculate.lib.cl_lang import setLocalTranslate
from .sid_func import SessionId
from calculate.console.application.sid_func import SessionId
from calculate.lib.utils.files import readFile
_ = lambda x: x
@ -75,58 +86,94 @@ class SUDSHTTPRedirectHandler(u2.HTTPRedirectHandler):
else:
raise u2.HTTPError(req.get_full_url(), code, msg, headers, fp)
# class CheckingHTTPSConnection(httplib.HTTPSConnection):
# """based on httplib.HTTPSConnection code - extended to support
# server certificate verification and client certificate authorization"""
# response_class = MyHTTPResponse
# FORCE_SSL_VERSION = None
# SERVER_CERT_CHECK = True # might be turned off when a workaround is needed
# def __init__(self, host, ca_certs=None, cert_verifier=None,
# keyobj=None, certobj=None, **kw):
# """cert_verifier is a function returning either True or False
# based on whether the certificate was found to be OK,
# keyobj and certobj represent internal PyOpenSSL structures holding
# the key and certificate respectively.
# """
# httplib.HTTPSConnection.__init__(self, host, **kw)
# self.ca_certs = ca_certs
# self.cert_verifier = cert_verifier
# self.keyobj = keyobj
# self.certobj = certobj
# def connect(self):
# sock = socket.create_connection((self.host, self.port), self.timeout)
# if hasattr(self, '_tunnel_host') and self._tunnel_host:
# self.sock = sock
# self._tunnel()
# if self.FORCE_SSL_VERSION:
# add = {'ssl_version': self.FORCE_SSL_VERSION}
# else:
# add = {}
# if self.SERVER_CERT_CHECK and self.ca_certs:
# add['cert_reqs'] = ssl.CERT_REQUIRED
# else:
# add['cert_reqs'] = ssl.CERT_NONE
# # try to use PyOpenSSL by default
# if PYOPENSSL_AVAILABLE:
# wrap_class = PyOpenSSLSocket
# add['keyobj'] = self.keyobj
# add['certobj'] = self.certobj
# add['keyfile'] = self.key_file
# add['certfile'] = self.cert_file
# else:
# wrap_class = ssl.SSLSocket
# self.sock = wrap_class(sock, ca_certs=self.ca_certs, **add)
# #if self.cert_verifier and self.SERVER_CERT_CHECK:
# # if not self.cert_verifier(self.sock.getpeercert()):
# # raise Exception("Server certificate did not pass security check.",
# # self.sock.getpeercert())
class MyHTTPResponse(httplib.HTTPResponse):
def __init__(self, sock, debuglevel=0, strict=0, method=None):
httplib.HTTPResponse.__init__(self, sock, debuglevel, strict, method)
class CheckingHTTPSConnection(httplib.HTTPSConnection):
"""based on httplib.HTTPSConnection code - extended to support
server certificate verification and client certificate authorization"""
response_class = MyHTTPResponse
FORCE_SSL_VERSION = None
SERVER_CERT_CHECK = True # might be turned off when a workaround is needed
def __init__(self, host, ca_certs=None, cert_verifier=None,
keyobj=None, certobj=None, **kw):
"""cert_verifier is a function returning either True or False
based on whether the certificate was found to be OK,
keyobj and certobj represent internal PyOpenSSL structures holding
the key and certificate respectively.
"""
httplib.HTTPSConnection.__init__(self, host, **kw)
self.ca_certs = ca_certs
self.cert_verifier = cert_verifier
self.keyobj = keyobj
self.certobj = certobj
def connect(self):
sock = socket.create_connection((self.host, self.port), self.timeout)
if hasattr(self, '_tunnel_host') and self._tunnel_host:
self.sock = sock
self._tunnel()
if self.FORCE_SSL_VERSION:
add = {'ssl_version': self.FORCE_SSL_VERSION}
else:
add = {}
if self.SERVER_CERT_CHECK and self.ca_certs:
add['cert_reqs'] = ssl.CERT_REQUIRED
else:
add['cert_reqs'] = ssl.CERT_NONE
# try to use PyOpenSSL by default
if PYOPENSSL_AVAILABLE:
wrap_class = PyOpenSSLSocket
add['keyobj'] = self.keyobj
add['certobj'] = self.certobj
add['keyfile'] = self.key_file
add['certfile'] = self.cert_file
else:
wrap_class = ssl.SSLSocket
self.sock = wrap_class(sock, ca_certs=self.ca_certs, **add)
#if self.cert_verifier and self.SERVER_CERT_CHECK:
# if not self.cert_verifier(self.sock.getpeercert()):
# raise Exception("Server certificate did not pass security check.",
# self.sock.getpeercert())
class CheckingHTTPSHandler(u2.HTTPSHandler):
def __init__(self, ca_certs=None, cert_verifier=None,
client_certfile=None, client_keyfile=None,
client_keyobj=None, client_certobj=None,
*args, **kw):
"""cert_verifier is a function returning either True or False
based on whether the certificate was found to be OK"""
u2.HTTPSHandler.__init__(self, *args, **kw)
self.ca_certs = ca_certs
self.cert_verifier = cert_verifier
self.client_keyfile = client_keyfile # filename
self.client_certfile = client_certfile # filename
self.keyobj = client_keyobj
self.certobj = client_certobj
# FOR DEBUG
# self.set_http_debuglevel(100)
def https_open(self, req):
def open(*args, **kw):
new_kw = dict(ca_certs=self.ca_certs,
cert_verifier=self.cert_verifier,
cert_file=self.client_certfile,
key_file=self.client_keyfile,
keyobj=self.keyobj,
certobj=self.certobj)
new_kw.update(kw)
return CheckingHTTPSConnection(*args, **new_kw)
return self.do_open(open, req)
https_request = u2.AbstractHTTPHandler.do_request_
class Client_suds(SessionId, Client):
@ -146,12 +193,9 @@ class Client_suds(SessionId, Client):
class CheckingClientHTTPSConnection(httplib.HTTPSConnection):
"""based on httplib.HTTPSConnection code"""
response_class = httplib.HTTPResponse
FORCE_SSL_VERSION = None
SERVER_CERT_CHECK = True # might be turned off when a workaround is needed
class CheckingClientHTTPSConnection(CheckingHTTPSConnection):
"""based on httplib.HTTPSConnection code - extended to support
server certificate verification and client certificate authorization"""
def __init__(self, cert_path, host, ca_certs=None, cert_verifier=None,
keyobj=None, certobj=None, wait_thread=None, **kw):
@ -160,12 +204,11 @@ class CheckingClientHTTPSConnection(httplib.HTTPSConnection):
keyobj and certobj represent internal PyOpenSSL structures holding
the key and certificate respectively.
"""
httplib.HTTPSConnection.__init__(self, host, **kw)
self.ca_certs = ca_certs
self.cert_verifier = cert_verifier
self.keyobj = keyobj
self.certobj = certobj
CheckingHTTPSConnection.__init__(self, host, ca_certs, cert_verifier,
keyobj, certobj, **kw)
# self.ClientObj = ClientObj
self.cert_path = cert_path
self.ca_certs = ca_certs
self.CRL_PATH = os.path.join(cert_path, 'ca/crl/')
self.wait_thread = wait_thread
@ -196,7 +239,7 @@ class CheckingClientHTTPSConnection(httplib.HTTPSConnection):
if not filename:
return None
except:
print(_("Certificate not found on the client`s side"))
print _("Certificate not found on the client`s side")
return None
try:
fd = open(self.trusted_path + filename, 'r')
@ -205,7 +248,7 @@ class CheckingClientHTTPSConnection(httplib.HTTPSConnection):
if store_cert == server_cert:
return filename
except:
print(_("Failed to open the file"), self.trusted_path, filename)
print _("Failed to open the file"), self.trusted_path, filename
return None
def add_all_ca_cert(self, list_ca_certs):
@ -237,10 +280,10 @@ class CheckingClientHTTPSConnection(httplib.HTTPSConnection):
continue
md5 = hashlib.md5()
md5.update(cert.encode("UTF-8"))
md5.update(cert)
md5sum = md5.hexdigest()
print("\n=================================================")
print("md5sum = ", md5sum)
print "\n================================================="
print "md5sum = ", md5sum
if not os.path.exists(root_cert_md5):
fc = open(root_cert_md5, "w")
@ -260,15 +303,15 @@ class CheckingClientHTTPSConnection(httplib.HTTPSConnection):
OpenSSL.SSL.FILETYPE_PEM, cert)
Issuer = certobj.get_issuer().get_components()
for item in Issuer:
if item[0] == b'CN':
filename = item[1].decode("UTF-8")
if item[0] == 'CN':
filename = item[1]
fc = open(root_cert_md5, "a")
fc.write('%s %s\n' % (md5sum, filename))
fc.close()
if not filename:
print(_('Field "CN" not found in the certificate!'))
print _('Field "CN" not found in the certificate!')
return 1
fd = open(os.path.join(cl_client_cert_dir, 'ca/', filename),
@ -279,10 +322,10 @@ class CheckingClientHTTPSConnection(httplib.HTTPSConnection):
fa = open(user_root_cert, 'a')
fa.write(cert)
fa.close()
print(_("filename = "), filename)
print(_("Certificate added"))
print _("filename = "), filename
print _("Certificate added")
else:
print(_("The file containing the CA certificate now exists"))
print _("The file containing the CA certificate now exists")
get_CRL(cl_client_cert_dir)
def add_ca_cert(self, cert, list_ca_certs):
@ -292,56 +335,56 @@ class CheckingClientHTTPSConnection(httplib.HTTPSConnection):
client.wsdl.services[0].setlocation(url)
cert = client.service.get_ca()
if cert == '1':
print(_("Invalid server certificate!"))
print _("Invalid server certificate!")
raise Exception(1)
if cert == '2':
print(_("CA certificate not found on the server"))
print _("CA certificate not found on the server")
raise Exception(1)
try:
certobj = OpenSSL.crypto.load_certificate(
OpenSSL.SSL.FILETYPE_PEM, cert)
except:
print(_("Error. Certificate not added to trusted"))
print _("Error. Certificate not added to trusted")
raise Exception(1)
print('\n', _("Fingerprint = %s") % certobj.digest('SHA1'))
print(_("Serial Number = "), certobj.get_serial_number())
print '\n', _("Fingerprint = %s") % certobj.digest('SHA1')
print _("Serial Number = "), certobj.get_serial_number()
Issuer = certobj.get_issuer().get_components()
print('\n', _("Issuer"))
print '\n', _("Issuer")
for i in Issuer:
print("%s : %s" % (i[0], i[1]))
print "%s : %s" % (i[0], i[1])
Subject = certobj.get_subject().get_components()
print('\n', _("Subject"))
print '\n', _("Subject")
for subj in Subject:
print("%s : %s" % (subj[0], subj[1]))
ans = input(_("Add the CA certificate to trusted? y/[n]:"))
print "%s : %s" % (subj[0], subj[1])
ans = raw_input(_("Add the CA certificate to trusted? y/[n]:"))
if ans.lower() in ['y', 'yes']:
list_ca_certs.append(cert)
self.add_all_ca_cert(list_ca_certs)
else:
print(_("Certificate not added to trusted"))
print _("Certificate not added to trusted")
# add certificate server in trusted
def add_server_cert(self, cert):
self.wait_thread.stop()
print(_("Untrusted server certificate!"))
print _("Untrusted server certificate!")
certobj = OpenSSL.crypto.load_certificate(
OpenSSL.SSL.FILETYPE_PEM, cert)
print('\n' + _("Fingerprint = %s") % certobj.digest('SHA1'))
print(_("Serial Number = "), certobj.get_serial_number())
print '\n' + _("Fingerprint = %s") % certobj.digest('SHA1')
print _("Serial Number = "), certobj.get_serial_number()
Issuer = certobj.get_issuer().get_components()
print('\n' + _("Issuer"))
print '\n' + _("Issuer")
for i in Issuer:
print("%s : %s" % (i[0], i[1]))
print "%s : %s" % (i[0], i[1])
Subject = certobj.get_subject().get_components()
print('\n' + _("Subject"))
print '\n' + _("Subject")
for item in Subject:
print("%s : %s" % (item[0], item[1]))
print "%s : %s" % (item[0], item[1])
print('\n' + _('Add this server certificate to trusted (s) or'))
print(_('Try to add the CA and root certificates to trusted (c) or'))
choice = input(_("Quit (q)? s/c/[q]: "))
print '\n' + _('Add this server certificate to trusted (s) or')
print _('Try to add the CA and root certificates to trusted (c) or')
choice = raw_input(_("Quit (q)? s/c/[q]: "))
if choice.lower() in ['s', 'c']:
# self.sock = ssl.wrap_socket(sock)
ca_certs = os.path.join(self.trusted_path, "cert.list")
@ -387,10 +430,10 @@ class CheckingClientHTTPSConnection(httplib.HTTPSConnection):
try:
os.makedirs(root_cert_dir)
except OSError:
print(_("Failed to create directory %s") % root_cert_dir)
print _("Failed to create directory %s") % root_cert_dir
raise Exception(1)
print('\n' + _("Add the CA and root certificates"))
print '\n' + _("Add the CA and root certificates")
self.list_ca_certs = []
self.add_ca_cert(cert, self.list_ca_certs)
return 3
@ -419,11 +462,16 @@ class CheckingClientHTTPSConnection(httplib.HTTPSConnection):
else:
add = {}
add['cert_reqs'] = ssl.CERT_REQUIRED
add['keyobj'] = self.keyobj
add['certobj'] = self.certobj
add['keyfile'] = self.key_file
add['certfile'] = self.cert_file
self.sock = PyOpenSSLSocket(sock, ca_certs=self.ca_certs, **add)
# try to use PyOpenSSL by default
if PYOPENSSL_AVAILABLE:
wrap_class = PyOpenSSLSocket
add['keyobj'] = self.keyobj
add['certobj'] = self.certobj
add['keyfile'] = self.key_file
add['certfile'] = self.cert_file
else:
wrap_class = ssl.SSLSocket
self.sock = wrap_class(sock, ca_certs=self.ca_certs, **add)
return 0
except:
return 1
@ -450,11 +498,17 @@ class CheckingClientHTTPSConnection(httplib.HTTPSConnection):
else:
add = {}
add['cert_reqs'] = ssl.CERT_NONE
add['keyobj'] = self.keyobj
add['certobj'] = self.certobj
add['keyfile'] = self.key_file
add['certfile'] = self.cert_file
self.sock = PyOpenSSLSocket(sock, ca_certs=None, **add)
# try to use PyOpenSSL by default
if PYOPENSSL_AVAILABLE:
wrap_class = PyOpenSSLSocket
add['keyobj'] = self.keyobj
add['certobj'] = self.certobj
add['keyfile'] = self.key_file
add['certfile'] = self.cert_file
else:
wrap_class = ssl.SSLSocket
self.sock = wrap_class(sock, ca_certs=None, **add)
return 0
except Exception:
HTTPSClientCertTransport.filename = None
@ -508,7 +562,7 @@ class CheckingClientHTTPSConnection(httplib.HTTPSConnection):
elif result_server_con == 3:
continue
elif result_server_con == 4:
print(_('This server is not trusted'))
print _('This server is not trusted')
self.wait_thread.stop()
sys.exit(1)
elif result_root_con == 2:
@ -518,24 +572,19 @@ class CheckingClientHTTPSConnection(httplib.HTTPSConnection):
break
class CheckingClientHTTPSHandler(u2.HTTPSHandler):
class CheckingClientHTTPSHandler(CheckingHTTPSHandler):
def __init__(self, cert_path, ca_certs=None, cert_verifier=None,
client_certfile=None, client_keyfile=None,
client_keyobj=None, client_certobj=None,
client_keyobj=None, client_certobj=None, wait_thread=None,
*args, **kw):
"""cert_verifier is a function returning either True or False
based on whether the certificate was found to be OK"""
u2.HTTPSHandler.__init__(self, *args, **kw)
self.ca_certs = ca_certs
self.cert_verifier = cert_verifier
self.client_keyfile = client_keyfile # filename
self.client_certfile = client_certfile # filename
self.keyobj = client_keyobj
self.certobj = client_certobj
# FOR DEBUG
# self.set_http_debuglevel(100)
CheckingHTTPSHandler.__init__(self, ca_certs, cert_verifier,
client_keyfile, client_certfile,
client_keyobj, client_certobj)
# self.ClientObj = ClientObj
self.cert_path = cert_path
self.wait_thread = wait_thread
def https_open(self, req):
def open(*args, **kw):
@ -543,10 +592,12 @@ class CheckingClientHTTPSHandler(u2.HTTPSHandler):
cert_verifier=self.cert_verifier,
cert_file=self.client_certfile,
key_file=self.client_keyfile,
keyobj=self.keyobj,
certobj=self.certobj)
keyobj=self.keyobj, certobj=self.certobj,
wait_thread=self.wait_thread)
new_kw.update(kw)
return CheckingClientHTTPSConnection(self.cert_path, *args, **new_kw)
return CheckingClientHTTPSConnection(self.cert_path,
*args, **new_kw)
return self.do_open(open, req)
https_request = u2.AbstractHTTPHandler.do_request_
@ -558,71 +609,62 @@ class HTTPSClientCertTransport(HttpTransport):
client_keyfile=None, client_certfile=None,
client_keyobj=None, client_certobj=None,
cookie_callback=None, user_agent_string=None,
wait_thread=None, rsa_password=None, **kwargs):
wait_thread=None, **kwargs):
Transport.__init__(self)
# self.ClientObj = parent
self.key = key
self.cert = cert
self.cert_path = path_to_cert
self.rsa_password = rsa_password or b""
if key:
with open(cert) as cert_file:
client_certobj = OpenSSL.crypto.load_certificate \
(OpenSSL.SSL.FILETYPE_PEM, cert_file.read())
if password:
with open(key) as key_file:
client_keyobj = OpenSSL.crypto.load_privatekey \
(OpenSSL.SSL.FILETYPE_PEM, key_file.read(),
password)
else:
import M2Crypto
bio = M2Crypto.BIO.openfile(key)
rsa = M2Crypto.m2.rsa_read_key(bio._ptr(),lambda *unused: self.rsa_password)
if not rsa:
raise OpenSSL.crypto.Error
with open(key) as key_file:
client_keyobj = OpenSSL.crypto.load_privatekey(OpenSSL.SSL.FILETYPE_PEM,
key_file.read(), passphrase=self.rsa_password or None)
client_certobj = OpenSSL.crypto.load_certificate(
OpenSSL.SSL.FILETYPE_PEM, file(cert).read())
if password:
client_keyobj = OpenSSL.crypto.load_privatekey(
OpenSSL.SSL.FILETYPE_PEM, file(key).read(), str(password))
else:
bio = M2Crypto.BIO.openfile(key)
rsa = M2Crypto.m2.rsa_read_key(bio._ptr(), lambda *unused: "")
if not rsa:
raise OpenSSL.crypto.Error
client_keyobj = OpenSSL.crypto.load_privatekey(
OpenSSL.SSL.FILETYPE_PEM, file(key).read())
Unskin(self.options).update(kwargs)
self.cookiejar = CookieJar(DefaultCookiePolicy())
self.cookie_callback = cookie_callback
self.user_agent_string = user_agent_string
log.debug("Proxy: %s", self.options.proxy)
#TODO to be removed:
# artifacts from old times:
if ca_certs or (client_keyfile and client_certfile) \
or (client_keyobj and client_certobj):
https_handler = CheckingClientHTTPSHandler(cert_path=path_to_cert,
ca_certs=ca_certs,
cert_verifier=cert_verifier,
client_keyfile=client_keyfile,
client_certfile=client_certfile,
client_keyobj=client_keyobj,
client_certobj=client_certobj)
else:
https_handler = u2.HTTPSHandler()
self.urlopener = u2.build_opener(SUDSHTTPRedirectHandler(),
u2.HTTPCookieProcessor(self.cookiejar),
https_handler)
# relic from old times:
# from dslib.network import ProxyManager
# proxy_handler = ProxyManager.HTTPS_PROXY.create_proxy_handler()
# proxy_auth_handler = ProxyManager.HTTPS_PROXY.create_proxy_auth_handler()
# apparently, dslib simply returned None on create_proxy_auth_handler
# if this is ever needed, probably use urllib2.ProxyBasicAuthHandler
# proxy_auth_handler = None
proxy_auth_handler = None
# and create_proxy_handler SHOULD HAVE eval'd to this:
# proxy_handler = urllib2.ProxyHandler({"https" : "https://hostname"})
# but because no hostname was given, it also just returned None
# proxy_handler = None
#these two literally do nothing right now
# if proxy_handler:
# self.urlopener.add_handler(proxy_handler)
# if proxy_auth_handler:
# self.urlopener.add_handler(proxy_auth_handler)
self.urlopener.addheaders = [('User-agent', str(self.user_agent_string))]
proxy_handler = None
if (ca_certs or (client_keyfile and client_certfile)
or (client_keyobj and client_certobj)):
https_handler = CheckingClientHTTPSHandler(
cert_path=path_to_cert,
ca_certs=ca_certs,
cert_verifier=cert_verifier,
client_keyfile=client_keyfile,
client_certfile=client_certfile,
client_keyobj=client_keyobj,
client_certobj=client_certobj,
wait_thread=wait_thread)
else:
https_handler = u2.HTTPSHandler()
self.urlopener = u2.build_opener(SUDSHTTPRedirectHandler(),
u2.HTTPCookieProcessor(self.cookiejar),
https_handler)
if proxy_handler:
self.urlopener.add_handler(proxy_handler)
if proxy_auth_handler:
self.urlopener.add_handler(proxy_auth_handler)
self.urlopener.addheaders = [('User-agent', self.user_agent_string)]

14
pym/console/application/create_cert.py
Unescape View File

@ -50,7 +50,7 @@ def makeRequest(pubkey, pkey, serv_host, auto=False):
if auto:
c = 'n'
else:
c = input(_("Enter the certificate data manually? y/[n]: "))
c = raw_input(_("Enter the certificate data manually? y/[n]: "))
# Get HostName
host_name = socket.getfqdn()
list_host_name = host_name.split('.')
@ -69,20 +69,20 @@ def makeRequest(pubkey, pkey, serv_host, auto=False):
# list_host_name[len(list_host_name)-1]+"@"+serv_host
# else:
# host_name = socket.getfqdn()
_CN = input(_('Host Name [%s]: ') % result_host_name)
_CN = raw_input(_('Host Name [%s]: ') % result_host_name)
name.CN = _CN or result_host_name
_OU = input(_('User Name [%s]: ') % username)
_OU = raw_input(_('User Name [%s]: ') % username)
name.OU = _OU or username
_O = input(_('Organization Name: '))
_O = raw_input(_('Organization Name: '))
name.O = _O or ""
_L = input(_('Network address (hostname or IP) [%s]: ')
_L = raw_input(_('Network address (hostname or IP) [%s]: ')
% host_name)
name.L = _L or ""
_ST = input(_('City: '))
_ST = raw_input(_('City: '))
name.ST = _ST or ""
_C = input(_('Country (2 characters): [%s]') % lang)
_C = raw_input(_('Country (2 characters): [%s]') % lang)
name.C = _C or lang
else:

21
pym/console/application/function.py
Unescape View File

@ -27,19 +27,15 @@ from calculate.core.server.cert_cmd import getHwAddr, getIpLocal
from calculate.core.server.local_call import print_brief_group
from calculate.lib.cl_lang import setLocalTranslate
from calculate.lib.utils.files import readFile
import calculate.contrib
# from sudsds import MethodNotFound
from suds import MethodNotFound
_ = lambda x: x
setLocalTranslate('cl_console3', sys.modules[__name__])
def _print(*args):
print(" ".join(map(str, args)))
print " ".join(map(lambda x: unicode(x).encode('utf-8'), args))
def parse_error(e):
if hasattr(e, "message"):
return e.message
return e
# get list of certificate and session id
@ -53,14 +49,14 @@ def clear():
try:
os.unlink(filename)
except OSError as e:
_print(parse_error(e))
_print(e.message)
except Exception:
print(_("Failed to clear the cache! "))
print _("Failed to clear the cache! ")
return 1
def get_ip_global():
import urllib.request as urllib2
import urllib2
strURL = 'http://api.wipmania.com/'
f = urllib2.urlopen(urllib2.Request(strURL))
@ -324,8 +320,9 @@ class MessageDispatcher(object):
def ask_choice(self, message):
message, answers = message.message.split('|')
answers = [(x[0], x[1].strip(')')) for x
in (y.split('(') for y in answers.split(','))]
answers = map(lambda x: (x[0], x[1].strip(')')),
map(lambda x: x.split('('),
answers.split(',')))
answer = self.methods.askChoice(message, answers)
self.parent.send_message(answer)
@ -340,5 +337,3 @@ class MessageDispatcher(object):
def ask_password(self, message):
answer = self.methods.askPassword(message.message, message.id == 2)
self.parent.send_message(answer)

14
pym/console/application/methods_func.py
Unescape View File

@ -18,13 +18,12 @@ import argparse
import sys
from calculate.core.server.api_types import ViewInfoAdapter
from calculate.core.server.local_call import Methods, has_force_arg
from .function import _create_obj, get_view_params, print_brief, _print
from function import _create_obj, get_view_params, print_brief, _print
from calculate.lib.cl_lang import setLocalTranslate
from urllib.error import URLError
_ = lambda x: x
setLocalTranslate('cl_console3', sys.modules[__name__])
import urllib.request as urllib2
import urllib2
from calculate.core.server.methods_func import get_method_argparser, \
collect_object, RawAndDefaultsHelpFormatter, \
@ -94,16 +93,13 @@ def parse():
'--stdin-passwords', action='store_true', default=False,
dest='stdin_passwd',
help=_("use passwords from standard input for users accounts"))
parser.add_argument(
'--cert-passwd', default=None, dest='cert_passwd',
help=_("password for rsa key"), metavar='PASSWORD')
return parser
def get_view(client, method, sid, view_params):
try:
view = client.service[0][method + '_view'](client.sid, view_params)
except URLError as e:
except urllib2.URLError, e:
_print(_('Failed to connect') + ':', e)
raise Exception(1)
return view
@ -171,7 +167,7 @@ def call_method(client, args, unknown_args, wait_thread):
method_result = client.service[0][method](client.sid,
param_object)
if not method_result:
print(_('Method not available'))
print _('Method not available')
return None
if (method_result.ReturnedMessage[0].type and
method_result.ReturnedMessage[0].type != "pid"):
@ -208,7 +204,7 @@ def call_method(client, args, unknown_args, wait_thread):
param_object = {}
method_result = client.service[0][method](client.sid, param_object)
if not method_result:
print(_('Method not available'))
print _('Method not available')
return None
if (method_result.ReturnedMessage[0].type and
method_result.ReturnedMessage[0].type != "pid"):

44
pym/console/application/pid_information.py
Unescape View File

@ -13,7 +13,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from .function import _print
from calculate.console.application.function import _print
import sys
import datetime
@ -35,14 +35,14 @@ def pid_inf(client, sid, pids, wait_thread=None):
sys.stdout.write("\b")
sys.stdout.flush()
if s == "":
print(_("PID not found"))
print _("PID not found")
return 1
if s[0][0] == "Permission denied":
print(_("Permission denied"))
print _("Permission denied")
return 1
_print(_(u"Process name: %s") % s[0][4])
print(_(u"ID: %s") % s[0][0])
print _(u"ID: %s") % s[0][0]
_print(_(u"Start time: %s") % s[0][2].partition(".")[0])
if s[0][1] == '1':
status = _(u"Active")
@ -50,9 +50,9 @@ def pid_inf(client, sid, pids, wait_thread=None):
status = _(u"Completed")
else:
status = _(u"Killed")
print(_(u"Status: %s") % status)
print _(u"Status: %s") % status
if not mark.last:
print()
print
return 0
@ -65,13 +65,13 @@ def client_list_pid(client):
try:
list_pid = client.service.list_pid(sid=sid)
if list_pid[0][0] == 0:
print(red + _("PIDs not found for this session!"))
print red + _("PIDs not found for this session!")
return 0
else:
for i in list_pid[0]:
print(green + "pid - %d" % i)
print green + "pid - %d" % i
except Exception:
print(red + _("Error fetching the PID list from the server"))
print red + _("Error fetching the PID list from the server")
return 1
return len(list_pid[0])
@ -83,13 +83,13 @@ def gen_pid_ls(client):
try:
list_pid = client.service.list_pid(sid=sid)
if list_pid[0][0] == 0:
print(_("PIDs not found for this session!"))
print _("PIDs not found for this session!")
return 0
else:
for i in list_pid[0]:
pid_ls.append(i)
except Exception:
print(_("Error fetching the PID list from the server"))
print _("Error fetching the PID list from the server")
return 0
return pid_ls
@ -115,25 +115,25 @@ def client_list_methods(client):
TR_METH = 3 # Translate method name
results = client.service.get_methods(client.sid, client_types)
if not results:
print(_('No methods available'))
print _('No methods available')
return 1
try:
if results[DAT][RES][RES][COM] == '0':
print(_('No methods available'))
print _('No methods available')
return 1
except:
pass
print(_("Available methods:"))
print _("Available methods:")
group_dict = {}
for group in results.stringArray:
if len(group.string) == 4:
group_dict[group.string[METH]] = group.string[TR_METH]
if len(group.string) == 3:
group_dict[group.string[METH]] = group.string[TR_METH - 1]
sort_keys = list(group_dict.keys())
sort_keys = group_dict.keys()
sort_keys.sort()
for key in sort_keys:
print(" %s - %s" % (key, group_dict[key]))
print " %s - %s" % (key, group_dict[key])
def client_pid_kill(client, pid):
@ -141,15 +141,15 @@ def client_pid_kill(client, pid):
result = client.service.pid_kill(pid, sid)
if result == 0:
print(_("Process completed"))
print _("Process completed")
elif result == 2:
print(_("Process killed"))
print _("Process killed")
elif result == 3:
print(_("Process not found"))
print _("Process not found")
elif result == -1:
print(_("Certificate not found on the server"))
print _("Certificate not found on the server")
elif result == -2:
print(_("Session not matching your certificate"))
print _("Session not matching your certificate")
elif result == 1:
print(_("Failed to terminate the process"))
print _("Failed to terminate the process")
return 0

430
pym/console/application/pyopenssl_wrapper.py
Unescape View File

@ -1,28 +1,35 @@
#-*- coding: utf-8 -*-
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""
This is just a simple copy of the ssl.py module contained in the Python
standard library. It was modified to work with PyOpenSSL and only to the
extent that it works with the DS server. It might not work for any other
purpose.
"""
import textwrap
import _ssl # if we can't import it, let the error propagate
from _ssl import SSLError
from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
from _ssl import PROTOCOL_SSLv23, PROTOCOL_TLSv1, PROTOCOL_TLSv1_2
from _ssl import PROTOCOL_SSLv23, PROTOCOL_TLSv1
from _ssl import RAND_status, RAND_add
from _ssl import \
SSL_ERROR_ZERO_RETURN, \
SSL_ERROR_WANT_READ, \
SSL_ERROR_WANT_WRITE, \
SSL_ERROR_WANT_X509_LOOKUP, \
SSL_ERROR_SYSCALL, \
SSL_ERROR_SSL, \
SSL_ERROR_WANT_CONNECT, \
SSL_ERROR_EOF, \
SSL_ERROR_INVALID_ERROR_CODE
# from socket import socket
from socket import SocketIO
import io
from socket import socket, _fileobject
from socket import getnameinfo as _getnameinfo
import base64 # for DER-to-PEM translation
# the OpenSSL stuff
import OpenSSL
_ssl_to_openssl_cert_op_remap = {
@ -33,114 +40,313 @@ _ssl_to_openssl_cert_op_remap = {
_ssl_to_openssl_version_remap = {
PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
PROTOCOL_TLSv1_2 : OpenSSL.SSL.TLSv1_2_METHOD
PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
}
class PyOpenSSLSocket(OpenSSL.SSL.Connection):
class PyOpenSSLSocket (socket):
"""This class implements a subtype of socket.socket that wraps
the underlying OS socket in an SSL context when necessary, and
provides read and write methods over that channel."""
def __init__(self, sock, keyfile=None, certfile=None,
server_side=False, cert_reqs=CERT_NONE,
ssl_version=PROTOCOL_TLSv1_2, ca_certs=None,
ssl_version=PROTOCOL_SSLv23, ca_certs=None,
do_handshake_on_connect=True,
suppress_ragged_eofs=True,
keyobj=None, certobj=None):
socket.__init__(self, _sock=sock._sock)
# the initializer for socket trashes the methods (tsk, tsk), so...
self.send = lambda data, flags=0: PyOpenSSLSocket.send(self, data, flags)
self.sendto = lambda data, addr, flags=0: PyOpenSSLSocket.sendto(self, data, addr, flags)
self.recv = lambda buflen=1024, flags=0: PyOpenSSLSocket.recv(self, buflen, flags)
self.recvfrom = lambda addr, buflen=1024, flags=0: PyOpenSSLSocket.recvfrom(self, addr, buflen, flags)
self.recv_into = lambda buffer, nbytes=None, flags=0: PyOpenSSLSocket.recv_into(self, buffer, nbytes, flags)
self.recvfrom_into = lambda buffer, nbytes=None, flags=0: PyOpenSSLSocket.recvfrom_into(self, buffer, nbytes, flags)
context = PyOpenSSLSocket.make_context(
keyfile = keyfile,
certfile = certfile,
cert_reqs = cert_reqs,
ssl_version = ssl_version,
ca_certs = ca_certs,
keyobj = keyobj,
certobj = certobj)
super().__init__(context, sock)
self.setblocking(True)
self.set_connect_state()
if do_handshake_on_connect:
timeout = self.gettimeout()
try:
self.settimeout(None)
self.do_handshake()
finally:
self.settimeout(timeout)
self._io_refs = 0
if certfile and not keyfile:
keyfile = certfile
# see if it's connected
try:
socket.getpeername(self)
except:
# no, no connection yet
self._sslobj = None
else:
# yes, create the SSL object
self._sslobj = sslwrap(self._sock, server_side,
keyfile, certfile,
cert_reqs, ssl_version, ca_certs,
keyobj=keyobj, certobj=certobj)
if do_handshake_on_connect:
timeout = self.gettimeout()
try:
self.settimeout(None)
self.do_handshake()
finally:
self.settimeout(timeout)
self.keyfile = keyfile
self.certfile = certfile
self.cert_reqs = cert_reqs
self.ssl_version = ssl_version
self.ca_certs = ca_certs
self.do_handshake_on_connect = do_handshake_on_connect
self.suppress_ragged_eofs = suppress_ragged_eofs
self._makefile_refs = 0
self.keyobj = keyobj
self.certobj = certobj
def read(self, len=1024):
"""Read up to LEN bytes and return them.
Return zero-length string on EOF."""
try:
return self._sslobj.read(len)
except SSLError, x:
if x.args[0] == SSL_ERROR_EOF and self.suppress_ragged_eofs:
return ''
else:
raise
def write(self, data):
"""Write DATA to the underlying SSL channel. Returns
number of bytes of DATA actually transmitted."""
return self._sslobj.write(data)
def getpeercert(self, binary_form=False):
"""Returns a formatted version of the data in the
certificate provided by the other end of the SSL channel.
Return None if no certificate was provided, {} if a
certificate was provided, but not validated."""
return self._sslobj.get_peer_certificate()
def cipher (self):
if not self._sslobj:
return None
else:
return self._sslobj.cipher()
def send (self, data, flags=0):
if self._sslobj:
if flags != 0:
raise ValueError(
"non-zero flags not allowed in calls to send() on %s" %
self.__class__)
while True:
try:
v = self._sslobj.write(data)
except SSLError, x:
if x.args[0] == SSL_ERROR_WANT_READ:
return 0
elif x.args[0] == SSL_ERROR_WANT_WRITE:
return 0
else:
raise
else:
return v
else:
return socket.send(self, data, flags)
def sendto (self, data, addr, flags=0):
if self._sslobj:
raise ValueError("sendto not allowed on instances of %s" %
self.__class__)
else:
return socket.sendto(self, data, addr, flags)
def sendall (self, data, flags=0):
if self._sslobj:
if flags != 0:
raise ValueError(
"non-zero flags not allowed in calls to sendall() on %s" %
self.__class__)
amount = len(data)
count = 0
while (count < amount):
v = self.send(data[count:])
count += v
return amount
else:
return socket.sendall(self, data, flags)
def recv (self, buflen=1024, flags=0):
if self._sslobj:
if flags != 0:
raise ValueError(
"non-zero flags not allowed in calls to sendall() on %s" %
self.__class__)
while True:
try:
return self.read(buflen)
except SSLError, x:
if x.args[0] == SSL_ERROR_WANT_READ:
continue
else:
raise x
else:
return socket.recv(self, buflen, flags)
def recv_into (self, buffer, nbytes=None, flags=0):
if buffer and (nbytes is None):
nbytes = len(buffer)
elif nbytes is None:
nbytes = 1024
if self._sslobj:
if flags != 0:
raise ValueError(
"non-zero flags not allowed in calls to recv_into() on %s" %
self.__class__)
while True:
try:
tmp_buffer = self.read(nbytes)
v = len(tmp_buffer)
buffer[:v] = tmp_buffer
return v
except SSLError, x:
if x.args[0] == SSL_ERROR_WANT_READ:
continue
else:
raise x
else:
return socket.recv_into(self, buffer, nbytes, flags)
def recvfrom (self, addr, buflen=1024, flags=0):
if self._sslobj:
raise ValueError("recvfrom not allowed on instances of %s" %
self.__class__)
else:
return socket.recvfrom(self, addr, buflen, flags)
def recvfrom_into (self, buffer, nbytes=None, flags=0):
if self._sslobj:
raise ValueError("recvfrom_into not allowed on instances of %s" %
self.__class__)
else:
return socket.recvfrom_into(self, buffer, nbytes, flags)
def pending (self):
if self._sslobj:
return self._sslobj.pending()
else:
return 0
def unwrap (self):
if self._sslobj:
s = self._sslobj.shutdown()
self._sslobj = None
return s
else:
raise ValueError("No SSL wrapper around " + str(self))
def shutdown (self, how):
self._sslobj = None
socket.shutdown(self, how)
def close (self):
if self._makefile_refs < 1:
self._sslobj = None
socket.close(self)
else:
self._makefile_refs -= 1
def do_handshake (self):
"""Perform a TLS/SSL handshake."""
self._sslobj.do_handshake()
def connect(self, addr):
print("PYOPENSSL CONNECT")
super().connect(addr)
"""Connects to remote ADDR, and then wraps the connection in
an SSL channel."""
# Here we assume that the socket is client-side, and not
# connected at the time of the call. We connect it, then wrap it.
if self._sslobj:
raise ValueError("attempt to connect already-connected PyOpenSSLSocket!")
socket.connect(self, addr)
self._sslobj = sslwrap(self._sock, False, self.keyfile, self.certfile,
self.cert_reqs, self.ssl_version,
self.ca_certs,
keyobj=self.keyobj, certobj=self.certobj)
if self.do_handshake_on_connect:
self.do_handshake()
def close (self):
if self._io_refs < 1:
self._socket.close()
else:
self._io_refs -= 1
def makefile(self, mode="r", buffering=None, *,
encoding=None, errors=None, newline=None):
"""makefile(...) -> an I/O stream connected to the socket
The arguments are as for io.open() after the filename, except the only
supported mode values are 'r' (default), 'w' and 'b'.
"""
if not set(mode) <= {"r", "w", "b"}:
raise ValueError("invalid mode %r (only r, w, b allowed)" % (mode,))
writing = "w" in mode
reading = "r" in mode or not writing
assert reading or writing
binary = "b" in mode
rawmode = ""
if reading:
rawmode += "r"
if writing:
rawmode += "w"
raw = SocketIO(self, rawmode)
self._io_refs += 1
if buffering is None:
buffering = -1
if buffering < 0:
buffering = io.DEFAULT_BUFFER_SIZE
if buffering == 0:
if not binary:
raise ValueError("unbuffered streams must be binary")
return raw
if reading and writing:
buffer = io.BufferedRWPair(raw, raw, buffering)
elif reading:
buffer = io.BufferedReader(raw, buffering)
else:
assert writing
buffer = io.BufferedWriter(raw, buffering)
if binary:
return buffer
text = io.TextIOWrapper(buffer, encoding, errors, newline)
text.mode = mode
return text
@staticmethod
def make_context(keyfile=None, certfile=None,
cert_reqs=CERT_NONE, ssl_version=PROTOCOL_TLSv1_2,
ca_certs=None, keyobj=None, certobj=None):
ctx = OpenSSL.SSL.Context(_ssl_to_openssl_version_remap[ssl_version])
if ca_certs:
ctx.load_verify_locations(ca_certs)
ctx.set_verify(_ssl_to_openssl_cert_op_remap[cert_reqs], verify_connection)
if keyobj:
ctx.use_privatekey(keyobj)
elif keyfile:
ctx.use_privatekey_file(keyfile)
if certobj:
ctx.use_certificate(certobj)
elif certfile:
ctx.use_certificate_file(certfile)
ctx.set_options(0x4000) # THIS IS THE KEY TO SUCCESS OF DS
return ctx
def accept(self):
"""Accepts a new connection from a remote client, and returns
a tuple containing that new connection wrapped with a server-side
SSL channel, and the address of the remote client."""
newsock, addr = socket.accept(self)
return (PyOpenSSLSocket(newsock,
keyfile=self.keyfile,
certfile=self.certfile,
server_side=True,
cert_reqs=self.cert_reqs,
ssl_version=self.ssl_version,
ca_certs=self.ca_certs,
do_handshake_on_connect=self.do_handshake_on_connect,
suppress_ragged_eofs=self.suppress_ragged_eofs),
addr)
def makefile(self, mode='r', bufsize=-1):
"""Make and return a file-like object that
works with the SSL connection. Just use the code
from the socket module."""
self._makefile_refs += 1
return _fileobject(self, mode, bufsize)
def wrap_socket(sock, keyfile=None, certfile=None,
server_side=False, cert_reqs=CERT_NONE,
ssl_version=PROTOCOL_SSLv23, ca_certs=None,
do_handshake_on_connect=True,
suppress_ragged_eofs=True):
return PyOpenSSLSocket(sock, keyfile=keyfile, certfile=certfile,
server_side=server_side, cert_reqs=cert_reqs,
ssl_version=ssl_version, ca_certs=ca_certs,
do_handshake_on_connect=do_handshake_on_connect,
suppress_ragged_eofs=suppress_ragged_eofs)
def verify_connection(conn, x509, error_code, depth, ret_code):
# no extra validation - just return whatever OpenSSL already
# decided during its check
return bool(ret_code)
return bool(ret_code)
def sslwrap(sock, server_side=False, keyfile=None, certfile=None,
cert_reqs=CERT_NONE, ssl_version=PROTOCOL_SSLv23,
ca_certs=None, keyobj=None, certobj=None):
"""this is modification of _ssl.sslwrap that uses PyOpenSSL,
keyobj and certobj are new parameters allowing setting the
key and cert not by filename, but from internal PyOpenSSL
structures.
"""
ctx = OpenSSL.SSL.Context(_ssl_to_openssl_version_remap[ssl_version])
if ca_certs:
ctx.load_verify_locations(ca_certs)
ctx.set_verify(_ssl_to_openssl_cert_op_remap[cert_reqs], verify_connection)
if keyobj:
ctx.use_privatekey(keyobj)
elif keyfile:
ctx.use_privatekey_file(keyfile)
if certobj:
ctx.use_certificate(certobj)
elif certfile:
ctx.use_certificate_file(certfile)
ctx.set_options(0x4000) # THIS IS THE KEY TO SUCCESS OF DS
ssl_sock = OpenSSL.SSL.Connection(ctx, sock)
ssl_sock.setblocking(True)
ssl_sock.set_connect_state()
return ssl_sock

60
pym/console/application/sid_func.py
Unescape View File

@ -31,21 +31,21 @@ def sid_inf(client, sid):
green = '\033[32m * \033[0m'
s = client.service.sid_info(sid)
if s[0][0] == "-1":
print(red + _("Session non registered on the server!"))
print red + _("Session non registered on the server!")
return -1
if s[0][0] == "-2":
print(red + _("Failed to obtain certificate data!"))
print red + _("Failed to obtain certificate data!")
return -2
if s[0][0] == "Permission denied":
print(red + _("%s: permission denied") % s[0][1])
print red + _("%s: permission denied") % s[0][1]
return -3
print(_('Session information: '))
print(green + _(u"ID: %s") % sid)
print(green + _(u"Certificate number: %s") % s[0][0])
print(green + _(u"Certificate issued: %s") % s[0][1].partition(".")[0])
print(green + "IP: %s" % s[0][2])
print(green + "MAC: %s\n" % s[0][3])
print _('Session information: ')
print green + _(u"ID: %s") % sid
print green + _(u"Certificate number: %s") % s[0][0]
print green + _(u"Certificate issued: %s") % s[0][1].partition(".")[0]
print green + "IP: %s" % s[0][2]
print green + "MAC: %s\n" % s[0][3]
return 0
@ -54,12 +54,12 @@ def client_session_info(client, sid=None):
try:
select_sid = sid if sid else client.sid
sid_inf(client, select_sid)
except Exception as e:
if type(e) == tuple and len(e) == 2 \
and e[1] == 'Forbidden':
print(_("Access forbidden!"))
except Exception, e:
if type(e.message) == tuple and len(e.message) == 2 \
and e.message[1] == 'Forbidden':
print _("Access forbidden!")
else:
_print(parseError(e))
print e
return 1
@ -68,39 +68,39 @@ def client_session_list(client):
green = '\033[32m * \033[0m'
try:
res = client.service.get_sessions(client.sid)
except Exception as e:
if type(e) == tuple and len(e) == 2 \
and e[1] == 'Forbidden':
print(_("Access forbidden!"))
except Exception, e:
if type(e.message) == tuple and len(e.message) == 2 \
and e.message[1] == 'Forbidden':
print _("Access forbidden!")
else:
_print(parseError(e))
print e
return 1
if hasattr(res, 'string'):
if res.string:
print(_('Active sessions on the server: '))
print _('Active sessions on the server: ')
for session_id in res.string:
print(green + session_id)
print()
print green + session_id
print
return 0
print(red + _('No active sessions on the server'))
print red + _('No active sessions on the server')
def session_clean(client):
try:
res = client.service.clear_session_cache(client.sid)
if res:
print(_('Error clearing the session cache'))
print _('Error clearing the session cache')
else:
print(_('Session cache cleared'))
print _('Session cache cleared')
except Exception as e:
if type(e) == tuple and len(e) == 2 \
and e[1] == 'Forbidden':
print(_("Access forbidden!"))
if type(e.message) == tuple and len(e.message) == 2 \
and e.message[1] == 'Forbidden':
print _("Access forbidden!")
else:
_print(parseError(e))
print e
class SessionId():
class SessionId(object):
SID_FILE = None
HOST = None
SID_LOCK = None

14
pym/console/console_main.py
Unescape View File

@ -1,4 +1,4 @@
#!/usr/bin/env python
#!/usr/bin/env python2
# -*- coding: utf-8 -*-
# Copyright 2012-2016 Mir Calculate. http://www.calculate-linux.org
@ -14,16 +14,16 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from importlib import reload
def console_main():
import sys
from .application.cl_client import main, StoppableThread
from .application.function import _print
from calculate.console.application.cl_client import main, StoppableThread
from calculate.console.application.function import _print
reload(sys)
# sys.setdefaultencoding("utf-8")
import builtins as __builtin__
sys.setdefaultencoding("utf-8")
import __builtin__
from calculate.lib.cl_lang import setLocalTranslate
_ = lambda x: x
@ -36,5 +36,5 @@ def console_main():
except KeyboardInterrupt:
wait_thread.stop()
red = '\033[31m * \033[0m'
print('\n' + red + _('Manually interrupted'))
print '\n' + red + _('Manually interrupted')
sys.exit(1)

2
pym/console/variables/__init__.py
Unescape View File

@ -14,6 +14,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
from . import console
import console
section = "console"

Write Preview
Loading…
Cancel
Save