From f3296c034427447b72c3d842bb2ff4b3f716200a Mon Sep 17 00:00:00 2001 From: mkaay Date: Wed, 26 Jan 2011 15:02:14 +0100 Subject: modularized remote backends --- module/lib/SecureXMLRPCServer.py | 130 ++++++++++++++++++++++++++++++++++++ module/remote/RemoteManager.py | 68 +++++++++++++++++++ module/remote/SecureXMLRPCServer.py | 130 ------------------------------------ module/remote/XMLRPCBackend.py | 41 ++++++++++++ 4 files changed, 239 insertions(+), 130 deletions(-) create mode 100644 module/lib/SecureXMLRPCServer.py create mode 100644 module/remote/RemoteManager.py delete mode 100644 module/remote/SecureXMLRPCServer.py create mode 100644 module/remote/XMLRPCBackend.py (limited to 'module') diff --git a/module/lib/SecureXMLRPCServer.py b/module/lib/SecureXMLRPCServer.py new file mode 100644 index 000000000..48586ee0b --- /dev/null +++ b/module/lib/SecureXMLRPCServer.py @@ -0,0 +1,130 @@ +# Source: http://sources.gentoo.org/viewcvs.py/gimli/server/SecureXMLRPCServer.py?view=markup +# which seems to be based on http://www.sabren.net/code/python/SecureXMLRPCServer.py +# +# Changes: +# 2007-01-06 Christian Hoffmann +# * Bugfix: replaced getattr by hasattr in the conditional +# (lead to an error otherwise) +# * SecureXMLRPCServer: added self.instance = None, otherwise a "wrong" +# exception is raised when calling unknown methods via xmlrpc +# * Added HTTP Basic authentication support +# +# Modified for the Sceradon project +# +# This code is in the public domain +# and is provided AS-IS WITH NO WARRANTY WHATSOEVER. +# $Id: SecureXMLRPCServer.py 5 2007-01-06 17:54:13Z hoffie $ + +from SimpleXMLRPCServer import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler +import SocketServer +import socket +import base64 + + +class SecureSocketConnection: + def __init__(self, connection): + self.__dict__["connection"] = connection + + def __getattr__(self, name): + return getattr(self.__dict__["connection"], name) + + def __setattr__(self, name, value): + setattr(self.__dict__["connection"], name, value) + + def shutdown(self, how=1): + self.__dict__["connection"].shutdown() + + def accept(self): + connection, address = self.__dict__["connection"].accept() + return (SecureSocketConnection(connection), address) + +class SecureSocketServer(SocketServer.TCPServer, SocketServer.ThreadingMixIn): + def __init__(self, addr, cert, key, requestHandler, verify_cert_func=None): + SSL = __import__("OpenSSL", globals(), locals(), "SSL", -1).SSL + SocketServer.TCPServer.__init__(self, addr, requestHandler) + ctx = SSL.Context(SSL.SSLv23_METHOD) + if not verify_cert_func and hasattr(self, 'verify_client_cert'): + verify_cert_func = getattr(self, 'verify_client_cert') + if verify_cert_func: + ctx.set_verify(SSL.VERIFY_PEER|SSL.VERIFY_FAIL_IF_NO_PEER_CERT, verify_cert_func) + ctx.use_privatekey_file(key) + ctx.use_certificate_file(cert) + + tmpConnection = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM)) + self.socket = SecureSocketConnection(tmpConnection) + + self.server_bind() + self.server_activate() + + def finish_request(self, request, client_address): + """Finish one request by instantiating RequestHandlerClass.""" + self.RequestHandlerClass(request, client_address, self) + +####################################### +########### Request Handler ########### +####################################### + +class AuthXMLRPCRequestHandler(SimpleXMLRPCRequestHandler): + def __init__(self, request, client_address, server): + self.authMap = server.getAuthenticationMap() + SimpleXMLRPCRequestHandler.__init__(self, request, client_address, server) + + def setup(self): + self.connection = self.request + self.rfile = socket._fileobject(self.request, "rb", self.rbufsize) + self.wfile = socket._fileobject(self.request, "wb", self.wbufsize) + + def do_POST(self): + # authentication + if self.authMap is not None: # explicit None! + if self.headers.has_key('authorization') and self.headers['authorization'].startswith('Basic '): + authenticationString = base64.b64decode(self.headers['authorization'].split(' ')[1]) + if authenticationString.find(':') != -1: + username, password = authenticationString.split(':', 1) + if self.authMap.has_key(username) and self.verifyPassword(username, password): + return SimpleXMLRPCRequestHandler.do_POST(self) + self.send_response(401) + self.end_headers() + return False + return SimpleXMLRPCRequestHandler.do_POST(self) + + def verifyPassword(self, username, givenPassword): + return self.authMap[username] == givenPassword + + +class SecureXMLRPCRequestHandler(AuthXMLRPCRequestHandler): + def __init__(self, request, client_address, server, client_digest=None): + self.authMap = server.getAuthenticationMap() + SimpleXMLRPCRequestHandler.__init__(self, request, client_address, server) + self.client_digest = client_digest + +##################################### +########### XMLRPC Server ########### +##################################### + +class AuthXMLRPCServer(SimpleXMLRPCServer): + def __init__(self, address, authenticationMap = None, handler=AuthXMLRPCRequestHandler): + SimpleXMLRPCServer.__init__(self, address, requestHandler=handler) + self.logRequests = False + self._send_traceback_header = False + self.encoding = "utf-8" + self.allow_none = True + self.authenticationMap = authenticationMap + + def getAuthenticationMap(self): + return self.authenticationMap + +class SecureXMLRPCServer(AuthXMLRPCServer, SecureSocketServer): + def __init__(self, address, cert, key, authenticationMap = None, handler=SecureXMLRPCRequestHandler, verify_cert_func=None): + self.logRequests = False + self._send_traceback_header = False + self.encoding = "utf-8" + self.allow_none = True + SecureSocketServer.__init__(self, address, cert, key, handler, verify_cert_func) + # This comes from SimpleXMLRPCServer.__init__()->SimpleXMLRPCDispatcher.__init__() + self.funcs = {} + self.instance = None + self.authenticationMap = authenticationMap + + def getAuthenticationMap(self): + return self.authenticationMap diff --git a/module/remote/RemoteManager.py b/module/remote/RemoteManager.py new file mode 100644 index 000000000..bc40ea124 --- /dev/null +++ b/module/remote/RemoteManager.py @@ -0,0 +1,68 @@ +# -*- coding: utf-8 -*- +""" + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, + or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, see . + + @author: mkaay +""" + +from threading import Thread +from traceback import print_exc + +class BackendBase(Thread): + def __init__(self, manager): + Thread.__init__(self) + self.manager = manager + self.core = manager.core + + def run(self): + self.core.log.info(_("Starting %s") % self.__class__.__name__) + try: + self.serve() + except: + self.core.log.error(_("%s: Remote backend error") % self.__class__.__name__) + if self.core.debug: + print_exc() + + def setup(self): + pass + + def checkDeps(self): + return True + + def serve(self): + pass + +class RemoteManager(): + available = ("XMLRPCBackend", ) + + def __init__(self, core): + self.core = core + self.backends = [] + + def startBackends(self): + for b in self.available: + klass = getattr(__import__("module.remote.%s" % b, globals(), locals(), [b] , -1), b) + backend = klass(self) + if not backend.checkDeps(): + continue + try: + backend.setup() + except: + self.core.log.error(_("Failed loading backend %s") % b) + if self.core.debug: + print_exc() + else: + backend.start() + self.backends.append(backend) + diff --git a/module/remote/SecureXMLRPCServer.py b/module/remote/SecureXMLRPCServer.py deleted file mode 100644 index 48586ee0b..000000000 --- a/module/remote/SecureXMLRPCServer.py +++ /dev/null @@ -1,130 +0,0 @@ -# Source: http://sources.gentoo.org/viewcvs.py/gimli/server/SecureXMLRPCServer.py?view=markup -# which seems to be based on http://www.sabren.net/code/python/SecureXMLRPCServer.py -# -# Changes: -# 2007-01-06 Christian Hoffmann -# * Bugfix: replaced getattr by hasattr in the conditional -# (lead to an error otherwise) -# * SecureXMLRPCServer: added self.instance = None, otherwise a "wrong" -# exception is raised when calling unknown methods via xmlrpc -# * Added HTTP Basic authentication support -# -# Modified for the Sceradon project -# -# This code is in the public domain -# and is provided AS-IS WITH NO WARRANTY WHATSOEVER. -# $Id: SecureXMLRPCServer.py 5 2007-01-06 17:54:13Z hoffie $ - -from SimpleXMLRPCServer import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler -import SocketServer -import socket -import base64 - - -class SecureSocketConnection: - def __init__(self, connection): - self.__dict__["connection"] = connection - - def __getattr__(self, name): - return getattr(self.__dict__["connection"], name) - - def __setattr__(self, name, value): - setattr(self.__dict__["connection"], name, value) - - def shutdown(self, how=1): - self.__dict__["connection"].shutdown() - - def accept(self): - connection, address = self.__dict__["connection"].accept() - return (SecureSocketConnection(connection), address) - -class SecureSocketServer(SocketServer.TCPServer, SocketServer.ThreadingMixIn): - def __init__(self, addr, cert, key, requestHandler, verify_cert_func=None): - SSL = __import__("OpenSSL", globals(), locals(), "SSL", -1).SSL - SocketServer.TCPServer.__init__(self, addr, requestHandler) - ctx = SSL.Context(SSL.SSLv23_METHOD) - if not verify_cert_func and hasattr(self, 'verify_client_cert'): - verify_cert_func = getattr(self, 'verify_client_cert') - if verify_cert_func: - ctx.set_verify(SSL.VERIFY_PEER|SSL.VERIFY_FAIL_IF_NO_PEER_CERT, verify_cert_func) - ctx.use_privatekey_file(key) - ctx.use_certificate_file(cert) - - tmpConnection = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM)) - self.socket = SecureSocketConnection(tmpConnection) - - self.server_bind() - self.server_activate() - - def finish_request(self, request, client_address): - """Finish one request by instantiating RequestHandlerClass.""" - self.RequestHandlerClass(request, client_address, self) - -####################################### -########### Request Handler ########### -####################################### - -class AuthXMLRPCRequestHandler(SimpleXMLRPCRequestHandler): - def __init__(self, request, client_address, server): - self.authMap = server.getAuthenticationMap() - SimpleXMLRPCRequestHandler.__init__(self, request, client_address, server) - - def setup(self): - self.connection = self.request - self.rfile = socket._fileobject(self.request, "rb", self.rbufsize) - self.wfile = socket._fileobject(self.request, "wb", self.wbufsize) - - def do_POST(self): - # authentication - if self.authMap is not None: # explicit None! - if self.headers.has_key('authorization') and self.headers['authorization'].startswith('Basic '): - authenticationString = base64.b64decode(self.headers['authorization'].split(' ')[1]) - if authenticationString.find(':') != -1: - username, password = authenticationString.split(':', 1) - if self.authMap.has_key(username) and self.verifyPassword(username, password): - return SimpleXMLRPCRequestHandler.do_POST(self) - self.send_response(401) - self.end_headers() - return False - return SimpleXMLRPCRequestHandler.do_POST(self) - - def verifyPassword(self, username, givenPassword): - return self.authMap[username] == givenPassword - - -class SecureXMLRPCRequestHandler(AuthXMLRPCRequestHandler): - def __init__(self, request, client_address, server, client_digest=None): - self.authMap = server.getAuthenticationMap() - SimpleXMLRPCRequestHandler.__init__(self, request, client_address, server) - self.client_digest = client_digest - -##################################### -########### XMLRPC Server ########### -##################################### - -class AuthXMLRPCServer(SimpleXMLRPCServer): - def __init__(self, address, authenticationMap = None, handler=AuthXMLRPCRequestHandler): - SimpleXMLRPCServer.__init__(self, address, requestHandler=handler) - self.logRequests = False - self._send_traceback_header = False - self.encoding = "utf-8" - self.allow_none = True - self.authenticationMap = authenticationMap - - def getAuthenticationMap(self): - return self.authenticationMap - -class SecureXMLRPCServer(AuthXMLRPCServer, SecureSocketServer): - def __init__(self, address, cert, key, authenticationMap = None, handler=SecureXMLRPCRequestHandler, verify_cert_func=None): - self.logRequests = False - self._send_traceback_header = False - self.encoding = "utf-8" - self.allow_none = True - SecureSocketServer.__init__(self, address, cert, key, handler, verify_cert_func) - # This comes from SimpleXMLRPCServer.__init__()->SimpleXMLRPCDispatcher.__init__() - self.funcs = {} - self.instance = None - self.authenticationMap = authenticationMap - - def getAuthenticationMap(self): - return self.authenticationMap diff --git a/module/remote/XMLRPCBackend.py b/module/remote/XMLRPCBackend.py new file mode 100644 index 000000000..6a7f9f96e --- /dev/null +++ b/module/remote/XMLRPCBackend.py @@ -0,0 +1,41 @@ +# -*- coding: utf-8 -*- +""" + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, + or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, see . + + @author: mkaay, RaNaN +""" + +import module.lib.SecureXMLRPCServer as Server +from module.remote.RemoteManager import BackendBase + +from traceback import print_exc + +class XMLRPCBackend(BackendBase): + def setup(self): + server_addr = (self.core.config['remote']['listenaddr'], int(self.core.config['remote']['port'])) + usermap = {self.core.config.username: self.core.config.password} + if self.core.config['ssl']['activated']: + if exists(self.core.config['ssl']['cert']) and exists(self.core.config['ssl']['key']): + self.server = Server.SecureXMLRPCServer(server_addr, self.core.config['ssl']['cert'], + self.core.config['ssl']['key'], usermap) + else: + self.core.log.warning(_("SSL Certificates not found, fallback to auth XMLRPC server")) + self.server = Server.AuthXMLRPCServer(server_addr, usermap) + else: + self.server = Server.AuthXMLRPCServer(server_addr, usermap) + + self.server.register_instance(self.core.server_methods) + + def serve(self): + self.server.serve_forever() -- cgit v1.2.3