def new_open_ssl(self, host = '', port = IMAP4_SSL_PORT):
"""Setup connection to remote server on "host:port".
(default: localhost:standard IMAP4 SSL port).
This connection will be used by the routines:
read, readline, send, shutdown.
"""
self.host = host
self.port = port
#This connects to the first ip found ipv4/ipv6
#Added by Adriaan Peeters <*****@*****.**> based on a socket
#example from the python documentation:
#http://www.python.org/doc/lib/socket-example.html
res = socket.getaddrinfo(host, port, socket.AF_UNSPEC,
socket.SOCK_STREAM)
# Try all the addresses in turn until we connect()
last_error = 0
for remote in res:
af, socktype, proto, canonname, sa = remote
self.sock = socket.socket(af, socktype, proto)
last_error = self.sock.connect_ex(sa)
if last_error == 0:
break
else:
self.sock.close()
if last_error != 0:
# FIXME
raise socket.error(last_error)
if sys.version_info[0] <= 2 and sys.version_info[1] <= 2:
self.sslobj = socket.ssl(self.sock, self.keyfile, self.certfile)
else:
self.sslobj = socket.ssl(self.sock._sock, self.keyfile, self.certfile)
self.sslobj = sslwrapper(self.sslobj)
def handle_accept( self ):
socket,address = self.accept()
if self.sslKeyFile:
socket.ssl(socket,self.sslKeyFile,self.sslCertFile)
conn = Connection(address, sock=socket, listener=self)
conn.onRequest = self.onRequest
if self.onConnected:
self.onConnected(conn)
def __init__(self, sock, keyfile=None, certfile=None):
log.trace()
self.sock = sock
self.sock.setblocking(1)
if keyfile and certfile:
self.ssl = socket.ssl(self.sock, keyfile, certfile)
else:
self.ssl = socket.ssl(self.sock)
self.buf = ''
self.bufsize = 128
def dossl(self):
""" enable ssl on the socket. """
if self.stopped: return
try: import ssl ; self.connection = ssl.wrap_socket(self.sock)
except ImportError: self.connection = socket.ssl(self.sock)
if self.connection: return True
else: return False
def beginssl(self):
"""beginssl() -> None
Begin secure communication. You should only call this once in the
lifetime of the socket.
If SSL/TLS negotiation succeeds, the agent will jump to 'secure'
state. On error, jump to 'end'.
"""
if (self.ssl):
self.log.warning('already started ssl on this connection')
return
if (not self.sock):
self.log.warning('cannot start ssl because socket is not open')
self.log.debug('beginning ssl negotiation')
try:
self.sock.setblocking(1) # Apparently necessary
self.ssl = socket.ssl(self.sock)
self.sock.setblocking(0)
except Exception, ex:
self.log.error('unable to begin ssl on %s:%d: %s',
self.host, self.port, ex)
self.perform('error', ex, self)
self.stop()
return
def request(scheme, method, host, path, headers, data='', verbose=0):
"""Make an HTTP or HTTPS request; return the entire reply as a string."""
request = method + ' ' + path + ' HTTP/1.0\r\n'
for name, value in headers.items():
capname = '-'.join([part.capitalize() for part in name.split('-')])
request += capname + ': ' + str(value) + '\r\n'
request += '\r\n' + data
host, port = host.split('@')[-1], [80, 443][scheme == 'https']
if ':' in host:
host, port = host.split(':', 1)
import socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
if verbose >= 3:
print >>sys.stderr, 'connect:', host, port
sock.connect((host, int(port)))
file = scheme == 'https' and socket.ssl(sock) or sock.makefile()
if verbose >= 3:
print >>sys.stderr, ('\r\n' + request.rstrip()).replace(
'\r\n', '\nrequest: ').lstrip()
file.write(request)
if hasattr(file, 'flush'):
file.flush()
chunks = []
try:
while not (chunks and len(chunks[-1]) == 0):
chunks.append(file.read())
except socket.error:
pass
return ''.join(chunks)
def test_connect(self):
import socket, gc
ss = socket.ssl(self.s)
self.s.close()
del ss
gc.collect()
def _get_connection(self, uri, headers=None):
# Check to see if there are proxy settings required for this request.
proxy = None
if uri.scheme == 'https':
proxy = os.environ.get('https_proxy')
elif uri.scheme == 'http':
proxy = os.environ.get('http_proxy')
if not proxy:
return HttpClient._get_connection(self, uri, headers=headers)
# Now we have the URL of the appropriate proxy server.
# Get a username and password for the proxy if required.
proxy_auth = _get_proxy_auth()
if uri.scheme == 'https':
import socket
if proxy_auth:
proxy_auth = 'Proxy-authorization: %s' % proxy_auth
# Construct the proxy connect command.
port = uri.port
if not port:
port = 443
proxy_connect = 'CONNECT %s:%s HTTP/1.0\r\n' % (uri.host, port)
# Set the user agent to send to the proxy
user_agent = ''
if headers and 'User-Agent' in headers:
user_agent = 'User-Agent: %s\r\n' % (headers['User-Agent'])
proxy_pieces = '%s%s%s\r\n' % (proxy_connect, proxy_auth, user_agent)
# Find the proxy host and port.
proxy_uri = Uri.parse_uri(proxy)
if not proxy_uri.port:
proxy_uri.port = '80'
# Connect to the proxy server, very simple recv and error checking
p_sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
p_sock.connect((proxy_uri.host, int(proxy_uri.port)))
p_sock.sendall(proxy_pieces)
response = ''
# Wait for the full response.
while response.find("\r\n\r\n") == -1:
response += p_sock.recv(8192)
p_status = response.split()[1]
if p_status != str(200):
raise ProxyError('Error status=%s' % str(p_status))
# Trivial setup for ssl socket.
sslobj = None
if ssl is not None:
sslobj = ssl.wrap_socket(p_sock, None, None)
else:
sock_ssl = socket.ssl(p_sock, None, Nonesock_)
sslobj = httplib.FakeSocket(p_sock, sock_ssl)
# Initalize httplib and replace with the proxy socket.
connection = httplib.HTTPConnection(proxy_uri.host)
connection.sock = sslobj
return connection
elif uri.scheme == 'http':
proxy_uri = Uri.parse_uri(proxy)
if not proxy_uri.port:
proxy_uri.port = '80'
if proxy_auth:
headers['Proxy-Authorization'] = proxy_auth.strip()
return httplib.HTTPConnection(proxy_uri.host, int(proxy_uri.port))
return None
def connect(self):
"Connect to a host on a given (SSL) port."
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((self.host, self.port))
ssl = socket.ssl(sock, self.key_file, self.cert_file)
self.sock = FakeSocket(sock, ssl)
def connect(self):
log.debug("%s: connecting: host='%s' port='%s' ssl='%s' openssl='%s' allow_dh='%s'" % \
( str(self), str(self.host), str(self.port), str(self.use_ssl), str(self.use_openssl), str(self.allow_dh) ) )
if self.use_openssl:
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.openssl_ctx = SSL.Context(SSL.TLSv1_METHOD)
if self.allow_dh:
# Add DH cipher
# FIXME - should get the right string to add only DH... even if this is what openssl does anyways
# according to the current documentation.
self.openssl_ctx.set_cipher_list("ALL")
self.openssl_conn = SSL.Connection(self.openssl_ctx, self.sock)
self.openssl_conn.connect((self.host, self.port))
elif self.use_ssl:
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.sock.connect((self.host, self.port))
self.ssl_sock = socket.ssl(self.sock)
else:
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.sock.connect((self.host, self.port))
log.debug("%s: connected: host='%s' port='%i' ssl='%s' openssl='%s' allow_dh='%s'" % \
( str(self), self.host, self.port, str(self.use_ssl), str(self.use_openssl), str(self.allow_dh) ) )
def connect(self):
# TODO(frew): When we drop support for <2.6 (in the far distant future),
# change this to socket.create_connection.
self.sock = _create_connection((self.host, self.port))
if self._tunnel_host:
self._tunnel()
# ssl and FakeSocket got deprecated. Try for the new hotness of wrap_ssl,
# with fallback. Note: Since can_validate_certs() just checks for the
# ssl module, it's equivalent to attempting to import ssl from
# the function, but doesn't require a dynamic import, which doesn't
# play nicely with dev_appserver.
if can_validate_certs():
self.sock = ssl.wrap_socket(self.sock,
keyfile=self.key_file,
certfile=self.cert_file,
ca_certs=self.ca_certs,
cert_reqs=self.cert_reqs)
if self.cert_reqs & ssl.CERT_REQUIRED:
cert = self.sock.getpeercert()
hostname = self.host.split(":", 0)[0]
if not self._validate_certificate_hostname(cert, hostname):
raise InvalidCertificateException(hostname, cert,
"hostname mismatch")
else:
ssl_socket = socket.ssl(self.sock,
keyfile=self.key_file,
certfile=self.cert_file)
self.sock = httplib.FakeSocket(self.sock, ssl_socket)
def __doSSLHandshake(self, session=None):
if USE_TLSLITE:
self.sslSock=TLSConnection(self.s)
if session:
if DEBUG: print "Doing SSL resuming session using TLSLite"
self.sslSock.handshakeClientCert(session=session)
return
if DEBUG: print "Doing SSL handshake using TLSLite"
cert = None
key = None
if self.certFile:
s = open(self.certFile).read()
x509 = X509()
x509.parse(s)
cert = X509CertChain([x509])
if self.keyFile:
s = open(self.keyFile).read()
key = parsePEMKey(s, private=True)
self.sslSock.handshakeClientCert(cert, key,
self.session, None, None, False)
self.sslSock.closeSocket = False
else:
if DEBUG: print "Doing SSL handshake using builtin SSL"
self.sslSock=socket.ssl(self.s, self.keyFile, self.certFile)
def execPPPd(params):
tunnel_host = params["tunnel_host0"]
tunnel_port = int(params["tunnel_port0"])
serviceid = "f5vpn-%s" % tunnel_host
request = """GET /myvpn?sess=%s HTTP/1.0\r
Cookie: MRHSession=%s\r
\r
""" % (
params["Session_ID"],
params["Session_ID"],
)
for i in range(5):
try:
ssl_socket = proxy_connect(tunnel_host, tunnel_port)
ssl_socket.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, True)
ssl = socket.ssl(ssl_socket)
ssl.write(request)
initial_data = ssl.read()
break
except socket.sslerror, e:
# Sometimes the server seems to respond with "EOF occurred in violation of protocol"
# instead of establishing the connection. Try to deal with this by retrying...
if e.args[0] != 8:
raise
sys.stderr.write("VPN socket unexpectedly closed during connection setup, retrying (%d/5)...\n" % (i + 1))
def test_https_socket():
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('www.verisign.com', 443))
ssl_sock = socket.ssl(s)
ssl_sock.server()
ssl_sock.issuer()
s.close()
def __negotiatehttps(self, destaddr, destport):
# now connect, very simple recv and error checking
try:
self._sock = _socket.ssl(self._sock)
self.__negotiatehttp(destaddr, destport)
except Exception, e:
raise _socket.error(e)
def is_ssl(hostname, port=443):
"""<comment-ja>
指定したホスト:ポートがSSLに対応しているか調べる。
@param hostname: ホスト名
@type hostname: str
@param port: ポート番号
@type port: int
@return: SSL対応=True | SSL非対応=False
@rtype: bool
</comment-ja>
<comment-en>
English Comment
</comment-en>
"""
try:
_s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
_s.settimeout(5.0)
_s.connect((hostname, port))
if socket.ssl(_s):
return True
else:
return False
except:
return False
def connect(self, host='localhost', port=0):
if not port and (host.find(':') == host.rfind(':')):
i = host.rfind(':')
if i >= 0:
host, port = host[:i], host[i+1:]
try: port = int(port)
except ValueError:
raise socket.error, "nonnumeric port"
if not port: port = self.SSMTP_PORT
if self.debuglevel > 0: print>>stderr, 'connect:', (host, port)
msg = "getaddrinfo returns an empty list"
self.sock = None
for res in socket.getaddrinfo(host, port, 0, socket.SOCK_STREAM):
af, socktype, proto, canonname, sa = res
try:
self.sock = socket.socket(af, socktype, proto)
if self.debuglevel > 0: print>>stderr, 'connect:', (host, port)
self.sock.connect(sa)
# MB: Make the SSL connection.
sslobj = socket.ssl(self.sock, self.keyfile, self.certfile)
except socket.error, msg:
if self.debuglevel > 0:
print>>stderr, 'connect fail:', (host, port)
if self.sock:
self.sock.close()
self.sock = None
continue
break
def connect(self):
# TODO(frew): When we drop support for <2.6 (in the far distant future),
# change this to socket.create_connection.
self.sock = _create_connection((self.host, self.port))
if self._tunnel_host:
self._tunnel()
# ssl and FakeSocket got deprecated. Try for the new hotness of wrap_ssl,
# with fallback.
try:
import ssl
self.sock = ssl.wrap_socket(self.sock,
keyfile=self.key_file,
certfile=self.cert_file,
ca_certs=self.ca_certs,
cert_reqs=self.cert_reqs)
if self.cert_reqs & ssl.CERT_REQUIRED:
cert = self.sock.getpeercert()
hostname = self.host.split(':', 0)[0]
if not self._validate_certificate_hostname(cert, hostname):
raise InvalidCertificateException(hostname, cert,
'hostname mismatch')
except ImportError:
ssl = socket.ssl(self.sock,
keyfile=self.key_file,
certfile=self.cert_file)
self.sock = httplib.FakeSocket(self.sock, ssl)
def open(self, host, port):
"""Setup 'self.sock' and 'self.file'."""
self.port = IMAP4_PORT
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.sock.connect((self.host, self.port))
self.ssl = socket.ssl(self.sock._sock,None,None)
self.file = self.makefile('r')
def _read_write(self, soc, max_idling=20,ssl=False):
if ssl:
connection = socket.ssl(self.connection)
else:
connection = self.connection
iw = [connection, soc]
ow = []
count = 0
while 1:
count += 1
(ins, _, exs) = select.select(iw, ow, iw, 3)
if exs: break
if ins:
for i in ins:
if i is soc:
out = connection
else:
out = soc
data = i.recv(8192)
if data:
out.send(data)
count = 0
else:
self.log.debug( "\t idle %s" % count)
if count == max_idling: break
def poll(self):
import socket, ssl
self.port = self.port or ports.ssl
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((self.resolve(self.site), self.port))
sslSocket = socket.ssl(s)
if self.v:
issuer_details = sslSocket.issuer().replace('/', '\n')
server_details = sslSocket.server().replace('/', '\n')
self.v_out += issuer_details
self.v_out += server_details
if sslSocket.cipher():
status = "%s-%s-%s" % (sslSocket.cipher()[0], sslSocket.cipher()[1], sslSocket.cipher()[2])
else:
status = 'unavailable'
if self.vv:
self.vv_out += 'remote pem certificate\n'
self.vv_out += ssl.get_server_certificate(('74.125.225.85', 443))
return 0, status
except socket.error, e:
if self.v or self.vv:
print 'socket error', e
return 1, e
def proxy_ssl(self):
host = '%s:%d' % (self.host, self.port)
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
sock.connect((self.proxy, int(self.proxy_port)))
except:
raise
boto.log.debug("Proxy connection: CONNECT %s HTTP/1.0\r\n", host)
sock.sendall("CONNECT %s HTTP/1.0\r\n" % host)
sock.sendall("User-Agent: %s\r\n" % UserAgent)
if self.proxy_user and self.proxy_pass:
for k, v in self.get_proxy_auth_header().items():
sock.sendall("%s: %s\r\n" % (k, v))
# See discussion about this config option at
# https://groups.google.com/forum/?fromgroups#!topic/boto-dev/teenFvOq2Cc
if config.getbool('Boto', 'send_crlf_after_proxy_auth_headers', False):
sock.sendall("\r\n")
else:
sock.sendall("\r\n")
resp = httplib.HTTPResponse(sock, strict=True, debuglevel=self.debug)
resp.begin()
if resp.status != 200:
# Fake a socket error, use a code that make it obvious it hasn't
# been generated by the socket library
raise socket.error(-71,
"Error talking to HTTP proxy %s:%s: %s (%s)" %
(self.proxy, self.proxy_port, resp.status, resp.reason))
# We can safely close the response, it duped the original socket
resp.close()
h = httplib.HTTPConnection(host)
if self.https_validate_certificates and HAVE_HTTPS_CONNECTION:
boto.log.debug("wrapping ssl socket for proxied connection; "
"CA certificate file=%s",
self.ca_certificates_file)
key_file = self.http_connection_kwargs.get('key_file', None)
cert_file = self.http_connection_kwargs.get('cert_file', None)
sslSock = ssl.wrap_socket(sock, keyfile=key_file,
certfile=cert_file,
cert_reqs=ssl.CERT_REQUIRED,
ca_certs=self.ca_certificates_file)
cert = sslSock.getpeercert()
hostname = self.host.split(':', 0)[0]
if not https_connection.ValidateCertificateHostname(cert, hostname):
raise https_connection.InvalidCertificateException(
hostname, cert, 'hostname mismatch')
else:
# Fallback for old Python without ssl.wrap_socket
if hasattr(httplib, 'ssl'):
sslSock = httplib.ssl.SSLSocket(sock)
else:
sslSock = socket.ssl(sock, None, None)
sslSock = httplib.FakeSocket(sock, sslSock)
# This is a bit unclean
h.sock = sslSock
return h
def connect(self, options):
"""
Connects to an IRC server and initializes the connection.
Required options:
'server' 'port' 'nickname' 'username' 'realname'
Other options:
'password'
'channels' -- List. Channels to autojoin.
'ssl' -- Boolean.
"""
# Initialize the socket.
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.socket.connect((options['server'], options['port']))
try:
if options['ssl']: # SSL ftw!
print 'Congratulations! You have a SSL-encrypted connection.'
self.ssl = True
self.ssl_socket = socket.ssl(self.socket)
print 'Server SSL Certificate:', repr(self.ssl_socket.server())
print 'Issuer SSL Certificate:', repr(self.ssl_socket.issuer())
print 'IMPORTANT: If you do not trust the issuer, press \
control-C to disconnect now!'
except KeyError:
pass
def _connect(self,host,port,login,password,delay):
self.host=host
self.port=port
self.login=login
self.password=password
self.line_delay=delay
log_info('Connecting to IRC at %s:%u' % (host, port))
self.last_send_time=0
self.last_ping_time = time.time()
self.quitting = False
self.buffered_data = ""
self.userstable=dict()
self.registered_users=set()
try:
self.irc = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )
if self.use_ssl:
try:
raise RuntimeError('')
self.irc_ssl_context = ssl.create_default_context()
self.sslirc = self.irc_ssl_context.wrap_socket(self.irc, host)
self.sslirc.connect ( ( host, port ) )
except Exception,e:
log_warn('Failed to create SSL context, using fallback code: %s' % str(e))
self.irc.connect ( ( host, port ) )
self.sslirc = socket.ssl(self.irc)
except Exception, e:
log_error( 'Error initializing IRC: %s' % str(e))
return False
def tryHttpsServer(self, port):
try:
socket.setdefaulttimeout(self.timeout)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((self.target, int(port)))
ssl_sock = socket.ssl(s)
#print "Server:", ssl_sock.server()
#print "Issuer:", ssl_sock.issuer()
ssl_sock.write("GET / HTTP/1.0\n\n\n")
data = ssl_sock.read(1024)
del ssl_sock
s.close()
if data.lower().find("http/") == 0:
self.addToDict(self.target + "_services", str(port) + "/https")
pos = data.lower().find("server:")
if self.verbose:
self.gom.echo( "Response: %s" % repr(data) )
if pos > -1:
data = data[pos+len("server:"):]
data = data[:data.find("\n")]
return data
else:
return "HTTP-SSL Server"
else:
return False
except:
return False
def test_timeout():
test_support.requires('network')
if test_support.verbose:
print "test_timeout ..."
# A service which issues a welcome banner (without need to write
# anything).
# XXX ("gmail.org", 995) has been unreliable so far, from time to time
# XXX non-responsive for hours on end (& across all buildbot slaves,
# XXX so that's not just a local thing).
ADDR = "gmail.org", 995
s = socket.socket()
s.settimeout(30.0)
try:
s.connect(ADDR)
except socket.timeout:
print >> sys.stderr, """\
WARNING: an attempt to connect to %r timed out, in
test_timeout. That may be legitimate, but is not the outcome we hoped
for. If this message is seen often, test_timeout should be changed to
use a more reliable address.""" % (ADDR,)
return
ss = socket.ssl(s)
# Read part of return welcome banner twice.
ss.read(1)
ss.read(1)
s.close()
def connect(self, server, port, nickname, password=None, username=None,
ircname=None, localaddress="", localport=0, ssl=False, ipv6=False):
"""Connect/reconnect to a server.
Arguments:
server -- Server name.
port -- Port number.
nickname -- The nickname.
password -- Password (if any).
username -- The username.
ircname -- The IRC name ("realname").
localaddress -- Bind the connection to a specific local IP address.
localport -- Bind the connection to a specific local port.
ssl -- Enable support for ssl.
ipv6 -- Enable support for ipv6.
This function can be called to reconnect a closed connection.
Returns the ServerConnection object.
"""
if self.connected:
self.disconnect("Changing servers")
self.previous_buffer = ""
self.handlers = {}
self.real_server_name = ""
self.real_nickname = nickname
self.server = server
self.port = port
self.nickname = nickname
self.username = username or nickname
self.ircname = ircname or nickname
self.password = password
self.localaddress = localaddress
self.localport = localport
self.localhost = socket.gethostname()
if ipv6:
self.socket = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
else:
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
self.socket.bind((self.localaddress, self.localport))
self.socket.connect((self.server, self.port))
if ssl:
self.ssl = socket.ssl(self.socket)
except socket.error, x:
self.socket.close()
self.socket = None
raise ServerConnectionError, "Couldn't connect to socket: %s" % x
def authenticate(self, username=None, password=None):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('www.princeton.edu', 443))
ssl_sock = socket.ssl(s)
# Set a simple HTTP request -- use httplib in actual code.
ssl_sock.write("GET /~point/validate/validate.html HTTP/1.0\r\nAuthorization: Basic " + base64.b64encode(username+":"+password) + "\r\nHost: www.princeton.edu\r\nConnection: close\r\n\r\n")
# Read a chunk of data. Will not necessarily
# read all the data returned by the server.
data = ssl_sock.read()
# Note that you need to close the underlying socket, not the SSL object.
del ssl_sock
s.close()
if data.startswith('HTTP/1.1 200 OK'):
u = User.objects.get_or_create(username=username, defaults={'is_staff':False,'is_active':True,'is_superuser':False,'email':username+'@princeton.edu'})
u = u[0]
u.set_password(password)
u.save()
return u
else:
return None
def Request(self, request):
"""Connects and sends a single HTTP request."""
self.log.Log(2, '=== sending to %s:%d ===\n%s\n=== end of request ===\n' %
(self.host, self.port, request))
# Get a file object for an appropriate socket (with or without SSL).
sock = socket.socket()
sock.connect((self.host, self.port))
if self.scheme == 'https':
sockfile = socket.ssl(sock)
else:
sockfile = sock.makefile()
# Send the HTTP request.
sockfile.write(request)
if hasattr(sockfile, 'flush'):
sockfile.flush()
# Read back the entire reply.
reply = []
try:
while reply[-1:] != ['']:
reply.append(sockfile.read())
except socket.error, e:
# Usually SSL_ERROR_EOF just means we reached end-of-file.
if e.args[0] != socket.SSL_ERROR_EOF:
raise
def connect(self, server, port): socket.setdefaulttimeout(300) self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.socket.connect((server, port)) self.sock = socket.ssl(self.socket) self._loop()
def connect(self, DATA, verbose=1):
"DATA = ('host', PORT, 'file.key', 'file.crt', timeout, 'socket_family')"
self.try_again_with_timeout_zero = False # false - no, true - yes
# this values has been checked before already...
if len(DATA) < 4:
self.append_error(_T('Certificate names not set.'))
if len(DATA) > 2 and not os.path.isfile(DATA[2]):
self.append_error('%s %s' %
(DATA[2], _T('Private key file not found.')))
DATA[2] = None
if len(DATA) > 3 and not os.path.isfile(DATA[3]):
self.append_error('%s %s' %
(DATA[3], _T('Certificate key file not found.')))
DATA[3] = None
try:
port = int(
DATA[1]
) # port has been checked in previous code, but for safety...
except ValueError as msg:
self.append_error(
'%s: %s' % (_T('Invalid port value'), six.text_type(DATA[1])))
else:
DATA[1] = port
if self._parent.is_error():
return 0 # if any errors occured there's no point in
family = {}
family[socket.AF_INET] = 'IPv4'
if getattr(socket, 'AF_INET6', None):
family[socket.AF_INET6] = 'IPv6'
elif verbose > 1:
self.append_note(
_T('Socket type IPv6 (AF_INET6) is not present in socket module.'
))
family_rev = {}
for k, v in list(family.items()):
family_rev[v.lower()] = k
ok = 0
self._conn = None
try:
self._timeout = float(DATA[4])
except ValueError:
pass
if DATA[5]:
socket_family = family_rev.get(DATA[5].lower(), socket.AF_INET)
else:
try:
tc = socket.getaddrinfo(DATA[0], DATA[1])
socket_family = tc[0][0]
except socket.error as error:
self.append_error('getaddrinfo() socket.error %s' % error)
socket_family = socket.AF_INET
if verbose > 1:
self.append_note('%s: ${BOLD}%s${NORMAL}.' %
(_T('Used socket type'), family[socket_family]))
try:
self._conn = socket.socket(socket_family, socket.SOCK_STREAM)
ok = 1
except socket.error as error:
self.append_error('Create socket.error %s' % error)
# WinXP IPv6: [10047] Address family not supported
except TypeError as msg:
self.append_error('Create socket.error (socket.getaddrinfo): %s' %
msg)
if self._conn is None:
return 0
if self._timeout:
if verbose > 1:
self.append_note('Socket timeout: ${BOLD}%.1f${NORMAL} sec.' %
self._timeout)
self._conn.settimeout(self._timeout)
#self.append_note('%s ${BOLD}%s${NORMAL}, port %d ...'%(_T('Connecting to'), DATA[0], DATA[1]))
self.append_note('%s %s, port %d ...' %
(_T('Connecting to'), DATA[0], DATA[1]))
try:
self._conn.connect((DATA[0], DATA[1]))
except socket.error as tmsg:
self.append_error('%s %s.\n' %
(_T('I cannot connect to the server'), DATA[0]))
self.append_error('Connection socket.error: %s (%s:%s)' %
(six.text_type(tmsg), DATA[0], DATA[1]))
except (KeyboardInterrupt, EOFError):
self.append_error(_T('Interrupted by user'))
if not ok:
return ok
if verbose > 1:
self.append_note(_T('Connection established.'))
self.append_note(_T('Try to open SSL layer...'))
if self._parent.is_error():
return 0 # if any errors occured there's no point in
ssl_ok = 0
try:
if len(DATA) > 3 and DATA[2] and DATA[3]:
if ssl:
# python 2.6
self._conn_ssl = ssl.wrap_socket(self._conn,
keyfile=DATA[2],
certfile=DATA[3])
else:
# python 2.5
self._conn_ssl = socket.ssl(self._conn, DATA[2], DATA[3])
else:
self.append_note(
_T('Certificates missing. Trying to connect without SSL!'))
self._conn_ssl = socket.ssl(self._conn)
ssl_ok = 1
except socket.sslerror as msg:
self.append_error('socket.sslerror: %s (%s:%s)' %
(six.text_type(msg), DATA[0], DATA[1]))
err_note = {
1:
_T('Certificate not signed by verified certificate authority.'
),
2:
'%s\n%s' %
(_T('Server configuration is not valid. Contact administrator.'
),
_T('If this client runs under MS Windows and timeout is not zero, it is probably SLL bug! Set timeout back to zero.'
)),
}
try:
text = err_note.get(msg[0], None)
if text: self.append_error(text)
except (TypeError, IndexError):
pass
self.try_again_with_timeout_zero = msg[
0] == 2 # false - no, true - yes
except (KeyboardInterrupt, EOFError):
self.append_error(_T('Interrupted by user'))
if ssl_ok:
if verbose > 1: self.append_note(_T('SSL layer opened.'))
else:
self._conn.close()
self._conn = None
ok = 0
return ok
import socket, sys
test_type = sys.argv[1]
port = int(sys.argv[2])
socket_type = sys.argv[3]
s = socket.socket(socket.AF_INET)
s.connect(("127.0.0.1", port))
s.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 40000)
if socket_type == 'ssl':
s2 = socket.ssl(s)
send = s2.write
recv = s2.read
else:
send = s.send
recv = s.recv
print >> sys.stderr, ">> Making %s request to port %d" % (socket_type, port)
send("GET /error HTTP/1.0\r\n")
send("Host: localhost\r\n")
if test_type == "lingeringClose":
print >> sys.stderr, ">> Sending lots of data"
send("Content-Length: 1000000\r\n\r\n")
send("X" * 1000000)
else:
send('\r\n')
#import time
def test_str_and_repr(self):
conn = socket.socket()
conn.connect(('sdb.amazonaws.com', 443))
ssl_conn = socket.ssl(conn) # pylint:disable=no-member
assert str(ssl_conn)
assert repr(ssl_conn)
if error not in state.reported_errors or \
options["globals", "verbose"] or \
state.reported_errors[error] < then:
print >>sys.stderr, error
# Record this error in the list of ones we have seen this
# session.
state.reported_errors[error] = now
self.lineCallback('-ERR %s\r\n' % error)
self.lineCallback('') # "The socket's been closed."
self.close()
else:
if ssl:
try:
self.ssl_socket = socket.ssl(self.socket)
except socket.sslerror, why:
if why[0] == 1: # error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol'
# Probably not SSL after all.
print >> sys.stderr, "Can't use SSL"
else:
raise
else:
self.send = self.send_ssl
self.recv = self.recv_ssl
self.socket.setblocking(0)
def send_ssl(self, data):
return self.ssl_socket.write(data)
def handle_expt(self):
def test_connect(self):
import socket, gc
ss = socket.ssl(self.s)
self.s.close()
del ss; gc.collect()
def PrepareConnection(service, full_uri):
"""Opens a connection to the server based on the full URI.
This method is deprecated, instead use libs.atom.http.HttpClient.request.
Examines the target URI and the proxy settings, which are set as
environment variables, to open a connection with the server. This
connection is used to make an HTTP request.
Args:
service: libs.atom.AtomService or a subclass. It must have a server string which
represents the server host to which the request should be made. It may also
have a dictionary of additional_headers to send in the HTTP request.
full_uri: str Which is the target relative (lacks protocol and host) or
absolute URL to be opened. Example:
'https://www.google.com/accounts/ClientLogin' or
'base/feeds/snippets' where the server is set to www.google.com.
Returns:
A tuple containing the httplib.HTTPConnection and the full_uri for the
request.
"""
deprecation('calling deprecated function PrepareConnection')
(server, port, ssl, partial_uri) = ProcessUrl(service, full_uri)
if ssl:
# destination is https
proxy = os.environ.get('https_proxy')
if proxy:
(p_server, p_port, p_ssl, p_uri) = ProcessUrl(service, proxy, True)
proxy_username = os.environ.get('proxy-username')
if not proxy_username:
proxy_username = os.environ.get('proxy_username')
proxy_password = os.environ.get('proxy-password')
if not proxy_password:
proxy_password = os.environ.get('proxy_password')
if proxy_username:
user_auth = base64.encodestring(
'%s:%s' % (proxy_username, proxy_password))
proxy_authorization = ('Proxy-authorization: Basic %s\r\n' %
(user_auth.strip()))
else:
proxy_authorization = ''
proxy_connect = 'CONNECT %s:%s HTTP/1.0\r\n' % (server, port)
user_agent = 'User-Agent: %s\r\n' % (
service.additional_headers['User-Agent'])
proxy_pieces = (proxy_connect + proxy_authorization + user_agent +
'\r\n')
#now connect, very simple recv and error checking
p_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
p_sock.connect((p_server, p_port))
p_sock.sendall(proxy_pieces)
response = ''
# Wait for the full response.
while response.find("\r\n\r\n") == -1:
response += p_sock.recv(8192)
p_status = response.split()[1]
if p_status != str(200):
raise libs.atom.http.ProxyError('Error status=%s' % p_status)
# Trivial setup for ssl socket.
ssl = socket.ssl(p_sock, None, None)
fake_sock = httplib.FakeSocket(p_sock, ssl)
# Initalize httplib and replace with the proxy socket.
connection = httplib.HTTPConnection(server)
connection.sock = fake_sock
full_uri = partial_uri
else:
connection = httplib.HTTPSConnection(server, port)
full_uri = partial_uri
else:
# destination is http
proxy = os.environ.get('http_proxy')
if proxy:
(p_server, p_port, p_ssl,
p_uri) = ProcessUrl(service.server, proxy, True)
proxy_username = os.environ.get('proxy-username')
if not proxy_username:
proxy_username = os.environ.get('proxy_username')
proxy_password = os.environ.get('proxy-password')
if not proxy_password:
proxy_password = os.environ.get('proxy_password')
if proxy_username:
UseBasicAuth(service, proxy_username, proxy_password, True)
connection = httplib.HTTPConnection(p_server, p_port)
if not full_uri.startswith("http://"):
if full_uri.startswith("/"):
full_uri = "http://%s%s" % (service.server, full_uri)
else:
full_uri = "http://%s/%s" % (service.server, full_uri)
else:
connection = httplib.HTTPConnection(server, port)
full_uri = partial_uri
return (connection, full_uri)
def wrap_socket(sock, ca_certs=None, cert_reqs=None):
return socket.ssl(sock)
def _get_connection(self, uri, headers=None):
# Check to see if there are proxy settings required for this request.
proxy = None
if uri.scheme == 'https':
proxy = os.environ.get('https_proxy')
elif uri.scheme == 'http':
proxy = os.environ.get('http_proxy')
if not proxy:
return HttpClient._get_connection(self, uri, headers=headers)
# Now we have the URL of the appropriate proxy server.
# Get a username and password for the proxy if required.
proxy_auth = _get_proxy_auth()
if uri.scheme == 'https':
import socket
if proxy_auth:
proxy_auth = 'Proxy-authorization: %s' % proxy_auth
# Construct the proxy connect command.
port = uri.port
if not port:
port = 443
proxy_connect = 'CONNECT %s:%s HTTP/1.0\r\n' % (uri.host, port)
# Set the user agent to send to the proxy
user_agent = ''
if headers and 'User-Agent' in headers:
user_agent = 'User-Agent: %s\r\n' % (headers['User-Agent'])
proxy_pieces = '%s%s%s\r\n' % (proxy_connect, proxy_auth,
user_agent)
# Find the proxy host and port.
proxy_uri = Uri.parse_uri(proxy)
if not proxy_uri.port:
proxy_uri.port = '80'
# Connect to the proxy server, very simple recv and error checking
p_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
p_sock.connect((proxy_uri.host, int(proxy_uri.port)))
p_sock.sendall(proxy_pieces)
response = ''
# Wait for the full response.
while response.find("\r\n\r\n") == -1:
response += p_sock.recv(8192)
p_status = response.split()[1]
if p_status != str(200):
raise ProxyError('Error status=%s' % str(p_status))
# Trivial setup for ssl socket.
sslobj = None
if ssl is not None:
sslobj = ssl.wrap_socket(p_sock, None, None)
else:
sock_ssl = socket.ssl(p_sock, None, Nonesock_)
sslobj = httplib.FakeSocket(p_sock, sock_ssl)
# Initalize httplib and replace with the proxy socket.
connection = httplib.HTTPConnection(proxy_uri.host)
connection.sock = sslobj
return connection
elif uri.scheme == 'http':
proxy_uri = Uri.parse_uri(proxy)
if not proxy_uri.port:
proxy_uri.port = '80'
if proxy_auth:
headers['Proxy-Authorization'] = proxy_auth.strip()
return httplib.HTTPConnection(proxy_uri.host, int(proxy_uri.port))
return None
class Client(Stream):
def __init__(self,
host,
port,
namespace,
debug=[DBG_ALWAYS],
log=None,
sock=None,
id=None,
connection=TCP,
hostIP=None,
proxy=None):
Stream.__init__(self, namespace, debug, log, id)
self._host = host
self._port = port
self._sock = sock
self._connection = connection
if hostIP: self._hostIP = hostIP
else: self._hostIP = host
self._proxy = proxy
self._sslObj = None
self._sslIssuer = None
self._sslServer = None
def getSocket(self):
return self._sock
def connect(self):
"""Attempt to connect to specified host"""
self.DEBUG(
"client connect called to %s %s type %i" %
(self._host, self._port, self._connection), DBG_INIT)
Stream.connect(self)
## TODO: check below that stdin/stdout are actually open
if self._connection == STDIO:
self._setupComms()
return
self._sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
if self._proxy:
self._sock.connect((self._proxy['host'], self._proxy['port']))
else:
self._sock.connect((self._hostIP, self._port))
except socket.error, e:
self.DEBUG("socket error: " + str(e), DBG_CONN_ERROR)
raise
if self._connection == TCP_SSL:
try:
self.DEBUG("Attempting to create ssl socket", DBG_INIT)
self._sslObj = socket.ssl(self._sock, None, None)
self._sslIssuer = self._sslObj.issuer()
self._sslServer = self._sslObj.server()
except:
self.DEBUG("Socket Error: No SSL Support", DBG_CONN_ERROR)
raise
self._setupComms()
if self._proxy:
self.DEBUG("Proxy connected", DBG_INIT)
if self._proxy.has_key('type'): type = self._proxy['type'].upper()
else: type = 'CONNECT'
connector = []
if type == 'CONNECT':
connector.append(u'CONNECT %s:%s HTTP/1.0' %
(self._hostIP, self._port))
elif type == 'PUT':
connector.append(u'PUT http://%s:%s/ HTTP/1.0' %
(self._hostIP, self._port))
else:
self.DEBUG("Proxy Error: unknown proxy type", DBG_CONN_ERROR)
raise error('Unknown proxy type: ' + type)
connector.append('Proxy-Connection: Keep-Alive')
connector.append('Pragma: no-cache')
connector.append('Host: %s:%s' % (self._hostIP, self._port))
connector.append('User-Agent: Jabberpy/' + VERSION)
if self._proxy.has_key('user') and self._proxy.has_key('password'):
credentials = '%s:%s' % (self._proxy['user'],
self._proxy['password'])
credentials = encodestring(credentials).strip()
connector.append('Proxy-Authorization: Basic ' + credentials)
connector.append('\r\n')
bak = self._read, self._write
self.write('\r\n'.join(connector))
reply = self.read().replace('\r', '')
self._read, self._write = bak
try:
proto, code, desc = reply.split('\n')[0].split(' ', 2)
except:
raise error('Invalid proxy reply')
if code <> '200':
raise error('Invalid proxy reply: %s %s %s' %
(proto, code, desc))
while reply.find('\n\n') == -1:
reply += self.read().replace('\r', '')
self.DEBUG("Jabber server connected", DBG_INIT)
self.header()
def test_issuer(self):
import socket, gc
ss = socket.ssl(self.s)
assert isinstance(ss.issuer(), str)
self.s.close()
del ss; gc.collect()
def connect(self,
server,
port,
nickname,
password=None,
username=None,
ircname=None,
localaddress="",
localport=0,
ssl=False,
ipv6=False):
"""Connect/reconnect to a server.
Arguments:
server -- Server name.
port -- Port number.
nickname -- The nickname.
password -- Password (if any).
username -- The username.
ircname -- The IRC name ("realname").
localaddress -- Bind the connection to a specific local IP address.
localport -- Bind the connection to a specific local port.
ssl -- Enable support for ssl.
ipv6 -- Enable support for ipv6.
This function can be called to reconnect a closed connection.
Returns the ServerConnection object.
"""
if self.connected:
self.disconnect("Changing servers")
self.previous_buffer = ""
self.handlers = {}
self.real_server_name = ""
self.real_nickname = nickname
self.server = server
self.port = port
self.nickname = nickname
self.username = username or nickname
self.ircname = ircname or nickname
self.password = password
self.localaddress = localaddress
self.localport = localport
self.localhost = socket.gethostname()
if ipv6:
self.socket = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
else:
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
self.socket.bind((self.localaddress, self.localport))
self.socket.connect((self.server, self.port))
if ssl:
self.ssl = socket.ssl(self.socket)
except socket.error, x:
self.socket.close()
self.socket = None
raise ServerConnectionError, "Couldn't connect to socket: %s" % x
def __init__(self, ipAddr, portNo=1304, debug=False):
"""Initialize with SSL sock
"""
NOXChannel.__init__(self, ipAddr, portNo, debug)
##Reference to SSL socket for channel
self.sslsock = socket.ssl(self.sock)
def proxy_ssl(self, host=None, port=None):
if host and port:
host = '%s:%d' % (host, port)
else:
host = '%s:%d' % (self.host, self.port)
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
sock.connect((self.proxy, int(self.proxy_port)))
if "timeout" in self.http_connection_kwargs:
sock.settimeout(self.http_connection_kwargs["timeout"])
except:
raise
boto.log.debug("Proxy connection: CONNECT %s HTTP/1.0\r\n", host)
sock.sendall("CONNECT %s HTTP/1.0\r\n" % host)
sock.sendall("User-Agent: %s\r\n" % UserAgent)
if self.proxy_user and self.proxy_pass:
for k, v in self.get_proxy_auth_header().items():
sock.sendall("%s: %s\r\n" % (k, v))
# See discussion about this config option at
# https://groups.google.com/forum/?fromgroups#!topic/boto-dev/teenFvOq2Cc
if config.getbool('Boto', 'send_crlf_after_proxy_auth_headers', False):
sock.sendall("\r\n")
else:
sock.sendall("\r\n")
resp = httplib.HTTPResponse(sock, strict=True, debuglevel=self.debug)
resp.begin()
if resp.status != 200:
# Fake a socket error, use a code that make it obvious it hasn't
# been generated by the socket library
raise socket.error(-71,
"Error talking to HTTP proxy %s:%s: %s (%s)" %
(self.proxy, self.proxy_port,
resp.status, resp.reason))
# We can safely close the response, it duped the original socket
resp.close()
h = httplib.HTTPConnection(host)
if self.https_validate_certificates and HAVE_HTTPS_CONNECTION:
boto.log.debug("wrapping ssl socket for proxied connection; "
"CA certificate file=%s",
self.ca_certificates_file)
key_file = self.http_connection_kwargs.get('key_file', None)
cert_file = self.http_connection_kwargs.get('cert_file', None)
sslSock = ssl.wrap_socket(sock, keyfile=key_file,
certfile=cert_file,
cert_reqs=ssl.CERT_REQUIRED,
ca_certs=self.ca_certificates_file)
cert = sslSock.getpeercert()
hostname = self.host.split(':', 0)[0]
if not https_connection.ValidateCertificateHostname(cert, hostname):
raise https_connection.InvalidCertificateException(
hostname, cert, 'hostname mismatch')
else:
# Fallback for old Python without ssl.wrap_socket
if hasattr(httplib, 'ssl'):
sslSock = httplib.ssl.SSLSocket(sock)
else:
sslSock = socket.ssl(sock, None, None)
sslSock = httplib.FakeSocket(sock, sslSock)
# This is a bit unclean
h.sock = sslSock
return h
s = socket.socket()
s.settimeout(30.0)
try:
s.connect(ADDR)
except socket.timeout:
error_msg('timed out')
return
except socket.error, exc: # In case connection is refused.
if exc.args[0] == errno.ECONNREFUSED:
error_msg('was refused')
return
else:
raise
ss = socket.ssl(s)
# Read part of return welcome banner twice.
ss.read(1)
ss.read(1)
s.close()
def test_rude_shutdown():
if test_support.verbose:
print "test_rude_shutdown ..."
try:
import threading
except ImportError:
return
def connect(self):
log.debug('ProxyHTTPSConnection.connectt():Called... ')
ProxyHTTPConnection.connect(self)
#make the sock ssl-aware
ssl = socket.ssl(self.sock, self.key_file, self.cert_file)
self.sock = httplib.FakeSocket(self.sock, ssl)
import socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
#sock.connect(( 'www.xfocus.net',443 ) )
sock.connect(('127.0.0.1', 300))
ssl = socket.ssl(sock)
ssl.write("get / http/1.1\nhost: www.xfocus.net\n\n")
print ssl.read(1024)
def convert_to_ssl(sock):
return socket.ssl(sock)
def connect(self):
sock = TimeoutSocket(self.timeout)
sock.connect((self.host, self.port))
realsock = getattr(sock.sock, '_sock', sock.sock)
ssl = socket.ssl(realsock, self.key_file, self.cert_file)
self.sock = httplib.FakeSocket(sock, ssl)
def __init__(self, raw_socket):
self._ssl = socket.ssl(raw_socket)
def fetchIloData(self, iloaddress):
results = dict()
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
sock.connect((iloaddress, 443))
except socket.gaierror:
return results
except socket.error:
return results
s = socket.ssl(sock)
xml_header = '<?xml version="1.0"?>'
xml = """<RIBCL version="2.21">
<LOGIN USER_LOGIN="******" PASSWORD="******">
<SERVER_INFO MODE="READ" >
<GET_HOST_DATA />
<GET_EMBEDDED_HEALTH />
</SERVER_INFO>
<RIB_INFO MODE="read">
<GET_NETWORK_SETTINGS/>
</RIB_INFO>
</LOGIN>
</RIBCL>
"""
xml = xml_header + "\n" + (xml %
(wikipedia.config.bot_hpilo2_ilo_username,
wikipedia.config.bot_hpilo2_ilo_password))
for line in xml.split("\n"):
s.write(line + "\r\n")
data = ""
while True:
try:
data = data + s.read()
if "</RIB_INFO>" in data: break
except socket.sslerror:
break
del s
sock.close()
# now process data
data = data.split("\n")
in_host_data = False
for line in data:
if '<GET_HOST_DATA>' in line:
in_host_data = True
continue
if '</GET_HOST_DATA>' in line:
in_host_data = False
continue
if not in_host_data: continue
if not '<SMBIOS_RECORD ' in line: continue
smbios_data = line.split("B64_DATA=\"")[1].split("\"")[0]
smbios_data = base64.b64decode(smbios_data)
if 'TYPE="1"' in line:
# System ID
this = dict()
# byte 0 is the type, MUST be 1
# byte 1 is the length, on HP machines I've only observed 0x19 (SMBIOS v2.1-2.3.4) or 0x1Bh (2.4 or latter)
length = ord(smbios_data[0x1])
strings = smbios_data[length:].split("\x00")
# byte 5 is the productname (string#)
self.from_smbios_string('productname', smbios_data, strings,
length, 0x5, this)
# byte 6 is the version (string#)
self.from_smbios_string('version', smbios_data, strings,
length, 0x6, this)
# byte 7 is the serialnumber (string#)
self.from_smbios_string('serialnumber', smbios_data, strings,
length, 0x7, this)
# byte 8 is the uuid (16 bytes)
# byte 19 is the sku number (string#)
self.from_smbios_string('skunumber', smbios_data, strings,
length, 0x19, this)
# byte 1a is the family (string#)
self.from_smbios_string('family', smbios_data, strings, length,
0x1a, this)
results.update(this)
if 'TYPE="4"' in line:
# CPU ID
length = ord(smbios_data[0x1])
strings = smbios_data[length:].split("\x00")
if 'TYPE="17"' in line:
# Memory
this = dict()
length = ord(smbios_data[0x1])
strings = smbios_data[length:].split("\x00")
self.from_smbios_string('device_locator', smbios_data, strings,
length, 0x10, this)
self.from_smbios_string('bank_locator', smbios_data, strings,
length, 0x11, this)
this['size'] = struct.unpack('H', smbios_data[0x0c:0x0e])[0]
if not results.has_key('ram'):
results['ram'] = list()
results['ram'].append(this)
if 'TYPE="209"' in line:
# NIC Ethernet Addresses
results['nicmac1'] = "%02X:%02X:%02X:%02X:%02X:%02X" % (
ord(smbios_data[6]), ord(smbios_data[7]),
ord(smbios_data[8]), ord(smbios_data[9]),
ord(smbios_data[10]), ord(smbios_data[11]))
results['nicmac2'] = "%02X:%02X:%02X:%02X:%02X:%02X" % (
ord(smbios_data[14]), ord(smbios_data[15]),
ord(smbios_data[16]), ord(smbios_data[17]),
ord(smbios_data[18]), ord(smbios_data[19]))
in_network_settings = False
for line in data:
if not in_network_settings and not '<GET_NETWORK_SETTINGS>' in line:
continue
if '<GET_NETWORK_SETTINGS>' in line:
in_network_settings = True
continue
if '</GET_NETWORK_SETTINGS>' in line:
in_network_settings = False
continue
if in_network_settings and '<MAC_ADDRESS' in line:
value = line.split("VALUE=\"")[1].split("\"")[0]
results['oobmac'] = value.upper()
in_power_supplies = False
this_power_supply = ''
results['rpsused'] = 0
for line in data:
if not in_power_supplies and not '<POWER_SUPPLIES>' in line:
continue
if '<POWER_SUPPLIES>' in line:
in_power_supplies = True
continue
if '</POWER_SUPPLIES>' in line:
in_power_supplies = False
continue
if in_power_supplies:
if '<SUPPLY>' in line: this_power_supply = ''
if this_power_supply == None:
pass
elif this_power_supply == '':
if '<LABEL' in line:
this_power_supply = line.split(
"Power Supply ")[1].split("\"")[0]
elif len(this_power_supply) > 0:
if '<STATUS' in line:
value = line.split("VALUE = \"")[1].split("\"")[0]
if value == "Ok":
results['rpsused'] = results['rpsused'] + 1
if '</SUPPLY' in line: this_power_supply = None
return results
class Ilo(object):
"""Represents an iLO/iLO2/iLO3/RILOE II management interface on a
specific host. A new connection using the specified login, password
and timeout will be made for each API call."""
XML_HEADER = '<?xml version="1.0"?>\r\n'
HTTP_HEADER = "POST /ribcl HTTP/1.1\r\nHost: localhost\r\nContent-length: %d\r\nConnection: Close\r\n\r\n"
def __init__(self, hostname, login, password, timeout=60, port=443):
self.hostname = hostname
self.login = login
self.password = password
self.timeout = timeout
self.debug = 0
self.protocol = None
self.port = port
def __str__(self):
return "iLO interface of %s" % self.hostname
def _debug(self, level, message):
if self.debug >= level:
print >> sys.stderr, message
def _request(self, xml):
"""Given an ElementTree.Element, serialize it and do the request.
Returns an ElementTree.Element containing the response"""
if not self.protocol:
# Do a bogus request, using the HTTP protocol. If there is no
# header (see special case in communicate(), we should be using the
# raw protocol
header, data = self._communicate('<RIBCL VERSION="2.0"></RIBCL>',
ILO_HTTP)
if header:
self.protocol = ILO_HTTP
else:
self.protocol = ILO_RAW
# Serialize the XML
xml = "\r\n".join(etree.tostringlist(xml)) + '\r\n'
header, data = self._communicate(xml, self.protocol)
# This thing usually contains multiple XML messages
messages = []
while data:
pos = data.find('<?xml', 5)
if pos == -1:
message = self._parse_message(data)
data = None
else:
message = self._parse_message(data[:pos])
data = data[pos:]
# _parse_message returns None if a message has no useful content
if message is not None:
messages.append(message)
if not messages:
return header, None
elif len(messages) == 1:
return header, messages[0]
else:
return header, messages
def _communicate(self, xml, protocol):
"""Set up an https connection and do an HTTP/raw socket request"""
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(self.timeout)
self._debug(1, "Connecting to %s:%d" % (self.hostname, self.port))
try:
sock.connect((self.hostname, self.port))
except socket.timeout:
raise IloError("Timeout connecting to %s:%d" %
(self.hostname, self.port))
except socket.error, e:
raise IloError("Error connecting to %s:%d: %s" %
(self.hostname, self.port, str(e)))
try:
sock = socket.ssl(sock)
except socket.sslerror, e:
raise IloError("Cannot establish ssl session with %s:%d: %s" %
(self.hostname, self.port, e.message))
def connect(self):
ProxyHTTPConnection.connect(self)
# Make the sock ssl-aware
ssl = socket.ssl(self.sock, self.key_file, self.cert_file)
self.sock = httplib.FakeSocket(self.sock, ssl)
def open(self, host=None, port=None):
"""Do whatever IMAP4_SSL would do in open, but call sslwrap
with cert verification"""
#IMAP4_SSL.open(self, host, port) uses the below 2 lines:
self.host = host
self.port = port
#rather than just self.sock = socket.create_connection((host, port))
#we use the below part to be able to connect to ipv6 addresses too
#This connects to the first ip found ipv4/ipv6
#Added by Adriaan Peeters <*****@*****.**> based on a socket
#example from the python documentation:
#http://www.python.org/doc/lib/socket-example.html
res = socket.getaddrinfo(host, port, socket.AF_UNSPEC,
socket.SOCK_STREAM)
# Try all the addresses in turn until we connect()
last_error = 0
for remote in res:
af, socktype, proto, canonname, sa = remote
self.sock = socket.socket(af, socktype, proto)
last_error = self.sock.connect_ex(sa)
if last_error == 0:
break
else:
self.sock.close()
if last_error != 0:
# FIXME
raise socket.error(last_error)
# Allow sending of keep-alive message seems to prevent some servers
# from closing SSL on us leading to deadlocks
self.sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1)
#connected to socket, now wrap it in SSL
try:
if self._cacertfile:
requirecert = ssl.CERT_REQUIRED
else:
requirecert = ssl.CERT_NONE
self.sslobj = ssl.wrap_socket(self.sock, self.keyfile,
self.certfile,
ca_certs = self._cacertfile,
cert_reqs = requirecert)
except NameError:
#Python 2.4/2.5 don't have the ssl module, we need to
#socket.ssl() here but that doesn't allow cert
#verification!!!
if self._cacertfile:
#user configured a CA certificate, but python 2.4/5 doesn't
#allow us to easily check it. So bail out here.
raise Exception("SSL CA Certificates cannot be checked with python <=2.6. Abort")
self.sslobj = socket.ssl(self.sock, self.keyfile,
self.certfile)
else:
#ssl.wrap_socket worked and cert is verified (if configured),
#now check that hostnames also match if we have a CA cert.
if self._cacertfile:
error = self._verifycert(self.sslobj.getpeercert(), host)
if error:
raise ssl.SSLError("SSL Certificate host name mismatch: %s" % error)
# imaplib2 uses this to poll()
self.read_fd = self.sock.fileno()
class session(pgraph.graph):
def __init__(self,
session_filename=None,
skip=0,
sleep_time=1.0,
log_level=logging.INFO,
logfile=None,
logfile_level=logging.DEBUG,
proto="tcp",
bind=None,
restart_interval=0,
timeout=5.0,
web_port=26000,
crash_threshold=3,
restart_sleep_time=300):
'''
Extends pgraph.graph and provides a container for architecting protocol dialogs.
@type session_filename: String
@kwarg session_filename: (Optional, def=None) Filename to serialize persistant data to
@type skip: Integer
@kwarg skip: (Optional, def=0) Number of test cases to skip
@type sleep_time: Float
@kwarg sleep_time: (Optional, def=1.0) Time to sleep in between tests
@type log_level: Integer
@kwarg log_level: (Optional, def=logger.INFO) Set the log level
@type logfile: String
@kwarg logfile: (Optional, def=None) Name of log file
@type logfile_level: Integer
@kwarg logfile_level: (Optional, def=logger.INFO) Set the log level for the logfile
@type proto: String
@kwarg proto: (Optional, def="tcp") Communication protocol ("tcp", "udp", "ssl")
@type bind: Tuple (host, port)
@kwarg bind: (Optional, def=random) Socket bind address and port
@type timeout: Float
@kwarg timeout: (Optional, def=5.0) Seconds to wait for a send/recv prior to timing out
@type restart_interval: Integer
@kwarg restart_interval (Optional, def=0) Restart the target after n test cases, disable by setting to 0
@type crash_threshold: Integer
@kwarg crash_threshold (Optional, def=3) Maximum number of crashes allowed before a node is exhaust
@type restart_sleep_time: Integer
@kwarg restart_sleep_time: Optional, def=300) Time in seconds to sleep when target can't be restarted
@type web_port: Integer
@kwarg web_port: (Optional, def=26000) Port for monitoring fuzzing campaign via a web browser
'''
# run the parent classes initialization routine first.
pgraph.graph.__init__(self)
self.session_filename = session_filename
self.skip = skip
self.sleep_time = sleep_time
self.proto = proto.lower()
self.bind = bind
self.ssl = False
self.restart_interval = restart_interval
self.timeout = timeout
self.web_port = web_port
self.crash_threshold = crash_threshold
self.restart_sleep_time = restart_sleep_time
# Initialize logger
self.logger = logging.getLogger("Sulley_logger")
self.logger.setLevel(log_level)
formatter = logging.Formatter(
'[%(asctime)s] [%(levelname)s] -> %(message)s')
if logfile != None:
filehandler = logging.FileHandler(logfile)
filehandler.setLevel(logfile_level)
filehandler.setFormatter(formatter)
self.logger.addHandler(filehandler)
consolehandler = logging.StreamHandler()
consolehandler.setFormatter(formatter)
consolehandler.setLevel(log_level)
self.logger.addHandler(consolehandler)
self.total_num_mutations = 0
self.total_mutant_index = 0
self.fuzz_node = None
self.targets = []
self.netmon_results = {}
self.procmon_results = {}
self.protmon_results = {}
self.pause_flag = False
self.crashing_primitives = {}
if self.proto == "tcp":
self.proto = socket.SOCK_STREAM
elif self.proto == "ssl":
self.proto = socket.SOCK_STREAM
self.ssl = True
elif self.proto == "udp":
self.proto = socket.SOCK_DGRAM
else:
raise sex.SullyRuntimeError("INVALID PROTOCOL SPECIFIED: %s" %
self.proto)
# import settings if they exist.
self.import_file()
# create a root node. we do this because we need to start fuzzing from a single point and the user may want
# to specify a number of initial requests.
self.root = pgraph.node()
self.root.name = "__ROOT_NODE__"
self.root.label = self.root.name
self.last_recv = None
self.add_node(self.root)
####################################################################################################################
def add_node(self, node):
'''
Add a pgraph node to the graph. We overload this routine to automatically generate and assign an ID whenever a
node is added.
@type node: pGRAPH Node
@param node: Node to add to session graph
'''
node.number = len(self.nodes)
node.id = len(self.nodes)
if not self.nodes.has_key(node.id):
self.nodes[node.id] = node
return self
####################################################################################################################
def add_target(self, target):
'''
Add a target to the session. Multiple targets can be added for parallel fuzzing.
@type target: session.target
@param target: Target to add to session
'''
# pass specified target parameters to the PED-RPC server.
target.pedrpc_connect()
# add target to internal list.
self.targets.append(target)
####################################################################################################################
def connect(self, src, dst=None, callback=None):
'''
Create a connection between the two requests (nodes) and register an optional callback to process in between
transmissions of the source and destination request. Leverage this functionality to handle situations such as
challenge response systems. The session class maintains a top level node that all initial requests must be
connected to. Example::
sess = sessions.session()
sess.connect(sess.root, s_get("HTTP"))
If given only a single parameter, sess.connect() will default to attaching the supplied node to the root node.
This is a convenient alias and is identical to the second line from the above example::
sess.connect(s_get("HTTP"))
If you register callback method, it must follow this prototype::
def callback(session, node, edge, sock)
Where node is the node about to be sent, edge is the last edge along the current fuzz path to "node", session
is a pointer to the session instance which is useful for snagging data such as sesson.last_recv which contains
the data returned from the last socket transmission and sock is the live socket. A callback is also useful in
situations where, for example, the size of the next packet is specified in the first packet. As another
example, if you need to fill in the dynamic IP address of the target register a callback that snags the IP
from sock.getpeername()[0].
@type src: String or Request (Node)
@param src: Source request name or request node
@type dst: String or Request (Node)
@param dst: Destination request name or request node
@type callback: Function
@param callback: (Optional, def=None) Callback function to pass received data to between node xmits
@rtype: pgraph.edge
@return: The edge between the src and dst.
'''
# if only a source was provided, then make it the destination and set the source to the root node.
if not dst:
dst = src
src = self.root
# if source or destination is a name, resolve the actual node.
if type(src) is str:
src = self.find_node("name", src)
if type(dst) is str:
dst = self.find_node("name", dst)
# if source or destination is not in the graph, add it.
if src != self.root and not self.find_node("name", src.name):
self.add_node(src)
if not self.find_node("name", dst.name):
self.add_node(dst)
# create an edge between the two nodes and add it to the graph.
edge = connection(src.id, dst.id, callback)
self.add_edge(edge)
return edge
####################################################################################################################
def export_file(self):
'''
Dump various object values to disk.
@see: import_file()
'''
if not self.session_filename:
return
data = {}
data["session_filename"] = self.session_filename
data["skip"] = self.total_mutant_index
data["sleep_time"] = self.sleep_time
data["restart_sleep_time"] = self.restart_sleep_time
data["proto"] = self.proto
data["restart_interval"] = self.restart_interval
data["timeout"] = self.timeout
data["web_port"] = self.web_port
data["crash_threshold"] = self.crash_threshold
data["total_num_mutations"] = self.total_num_mutations
data["total_mutant_index"] = self.total_mutant_index
data["netmon_results"] = self.netmon_results
data["procmon_results"] = self.procmon_results
data['protmon_results'] = self.protmon_results
data["pause_flag"] = self.pause_flag
fh = open(self.session_filename, "wb+")
fh.write(zlib.compress(cPickle.dumps(data, protocol=2)))
fh.close()
####################################################################################################################
def fuzz(self, this_node=None, path=[]):
'''
Call this routine to get the ball rolling. No arguments are necessary as they are both utilized internally
during the recursive traversal of the session graph.
@type this_node: request (node)
@param this_node: (Optional, def=None) Current node that is being fuzzed.
@type path: List
@param path: (Optional, def=[]) Nodes along the path to the current one being fuzzed.
'''
# if no node is specified, then we start from the root node and initialize the session.
if not this_node:
# we can't fuzz if we don't have at least one target and one request.
if not self.targets:
raise sex.SullyRuntimeError("NO TARGETS SPECIFIED IN SESSION")
if not self.edges_from(self.root.id):
raise sex.SullyRuntimeError("NO REQUESTS SPECIFIED IN SESSION")
this_node = self.root
try:
self.server_init()
except:
return
# TODO: complete parallel fuzzing, will likely have to thread out each target
target = self.targets[0]
# step through every edge from the current node.
for edge in self.edges_from(this_node.id):
# the destination node is the one actually being fuzzed.
self.fuzz_node = self.nodes[edge.dst]
num_mutations = self.fuzz_node.num_mutations()
# keep track of the path as we fuzz through it, don't count the root node.
# we keep track of edges as opposed to nodes because if there is more then one path through a set of
# given nodes we don't want any ambiguity.
path.append(edge)
current_path = " -> ".join(
[self.nodes[e.src].name for e in path[1:]])
current_path += " -> %s" % self.fuzz_node.name
self.logger.info("current fuzz path: %s" % current_path)
self.logger.info(
"fuzzed %d of %d total cases" %
(self.total_mutant_index, self.total_num_mutations))
done_with_fuzz_node = False
crash_count = 0
# loop through all possible mutations of the fuzz node.
while not done_with_fuzz_node:
# if we need to pause, do so.
self.pause()
# if we have exhausted the mutations of the fuzz node, break out of the while(1).
# note: when mutate() returns False, the node has been reverted to the default (valid) state.
if not self.fuzz_node.mutate():
self.logger.error(
"all possible mutations for current fuzz node exhausted"
)
done_with_fuzz_node = True
continue
# make a record in the session that a mutation was made.
self.total_mutant_index += 1
# if we've hit the restart interval, restart the target.
if self.restart_interval and self.total_mutant_index % self.restart_interval == 0:
self.logger.error("restart interval of %d reached" %
self.restart_interval)
self.restart_target(target)
# exception error handling routine, print log message and restart target.
def error_handler(e, msg, target, sock=None):
if sock:
sock.close()
msg += "\nException caught: %s" % repr(e)
msg += "\nRestarting target and trying again"
self.logger.critical(msg)
self.restart_target(target)
# if we don't need to skip the current test case.
if self.total_mutant_index > self.skip:
self.logger.info(
"fuzzing %d of %d" %
(self.fuzz_node.mutant_index, num_mutations))
# attempt to complete a fuzz transmission. keep trying until we are successful, whenever a failure
# occurs, restart the target.
while 1:
# instruct the debugger/sniffer that we are about to send a new fuzz.
if target.procmon:
try:
target.procmon.pre_send(
self.total_mutant_index)
except Exception, e:
error_handler(e,
"failed on procmon.pre_send()",
target)
continue
if target.netmon:
try:
target.netmon.pre_send(self.total_mutant_index)
except Exception, e:
error_handler(e, "failed on netmon.pre_send()",
target)
continue
try:
# establish a connection to the target.
(family, socktype, proto, canonname,
sockaddr) = socket.getaddrinfo(
target.host, target.port)[0]
sock = socket.socket(family, self.proto)
except Exception, e:
error_handler(e, "failed creating socket", target)
continue
if self.bind:
try:
sock.bind(self.bind)
except Exception, e:
error_handler(e, "failed binding on socket",
target, sock)
continue
try:
sock.settimeout(self.timeout)
# Connect is needed only for TCP stream
if self.proto == socket.SOCK_STREAM:
sock.connect((target.host, target.port))
except Exception, e:
error_handler(e, "failed connecting on socket",
target, sock)
continue
# if SSL is requested, then enable it.
if self.ssl:
try:
ssl = socket.ssl(sock)
sock = httplib.FakeSocket(sock, ssl)
except Exception, e:
error_handler(e, "failed ssl setup", target,
sock)
continue
def _ssl_wrapper(sck, **kwargs):
ssl_sck = socket.ssl(sck, **kwargs)
return FakeSocket(sck, ssl_sck)
def __init__(self, sock):
self.ssl = socket.ssl(sock)
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('localhost', 8080))
sslSocket = socket.ssl(s)
print repr(sslSocket.server())
print repr(sslSocket.issuer())
sslSocket.write('5\n\njacob')
s.close()
def _prepare_connection(self, url, headers):
proxy_settings = os.environ.get('%s_proxy' % url.protocol)
if not proxy_settings:
# The request was HTTP or HTTPS, but there was no appropriate proxy set.
return HttpClient._prepare_connection(self, url, headers)
else:
proxy_auth = _get_proxy_auth(proxy_settings)
proxy_netloc = _get_proxy_net_location(proxy_settings)
if url.protocol == 'https':
# Set any proxy auth headers
if proxy_auth:
proxy_auth = 'Proxy-authorization: %s' % proxy_auth
# Construct the proxy connect command.
port = url.port
if not port:
port = '443'
proxy_connect = 'CONNECT %s:%s HTTP/1.0\r\n' % (url.host, port)
# Set the user agent to send to the proxy
if headers and 'User-Agent' in headers:
user_agent = 'User-Agent: %s\r\n' % (headers['User-Agent'])
else:
user_agent = 'User-Agent: python\r\n'
proxy_pieces = '%s%s%s\r\n' % (proxy_connect, proxy_auth, user_agent)
# Find the proxy host and port.
proxy_url = atom.url.parse_url(proxy_netloc)
if not proxy_url.port:
proxy_url.port = '80'
# Connect to the proxy server, very simple recv and error checking
p_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
p_sock.connect((proxy_url.host, int(proxy_url.port)))
p_sock.sendall(proxy_pieces)
response = ''
# Wait for the full response.
while response.find("\r\n\r\n") == -1:
response += p_sock.recv(8192)
p_status = response.split()[1]
if p_status != str(200):
raise ProxyError('Error status=%s' % str(p_status))
# Trivial setup for ssl socket.
sslobj = None
if ssl_imported:
sslobj = ssl.wrap_socket(p_sock, None, None)
else:
sock_ssl = socket.ssl(p_sock, None, None)
sslobj = http.client.FakeSocket(p_sock, sock_ssl)
# Initalize httplib and replace with the proxy socket.
connection = http.client.HTTPConnection(proxy_url.host)
connection.sock = sslobj
return connection
else:
# If protocol was not https.
# Find the proxy host and port.
proxy_url = atom.url.parse_url(proxy_netloc)
if not proxy_url.port:
proxy_url.port = '80'
if proxy_auth:
headers['Proxy-Authorization'] = proxy_auth.strip()
return http.client.HTTPConnection(proxy_url.host, int(proxy_url.port))
def sendssl(self, packet, host, port):
self.numthreads += 1
try:
socket.setdefaulttimeout(3000)
ssl_sock = None
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
if self.verbose:
self.om.echo("Connecting to %s:%d" % (host, int(port)))
else:
if self.verbose:
sys.stdout.write(".")
sys.stdout.flush()
s.connect((host, int(port)))
ssl_sock = socket.ssl(s)
if self.verbose or self.web_mode:
self.om.echo("Request (size %d):" % (len(packet)))
if not self.web_mode:
self.om.echo(repr(packet[0:1024]))
self.om.echo()
if not self.line_mode:
ssl_sock.send(packet)
res = ssl_sock.recv(128)
if self.verbose:
if not self.web_mode:
self.om.echo("Response:")
self.om.echo(repr(res))
else:
if res.find("500") > -1:
self.om.echo("***Interesting response")
self.om.echo(repr(res))
else:
for line in StringIO.StringIO(packet):
ssl_sock.send(line)
res = ssl_sock.recv(128)
if self.verbose:
self.om.echo("Response:")
self.om.echo(repr(res))
except:
if self.last_error != str(sys.exc_info()[1]):
if self.verbose:
self.om.echo("Exception:")
last_error = str(sys.exc_info()[1])
self.om.echo(last_error)
if sys.exc_info()[1][0] == 111:
self.om.echo("*** Found a bug?")
self.om.echo("Waiting for a while....")
if self.maxthreads == 1:
time.sleep(1)
# try:
# raw_input("Continue (Ctrl+C or Enter)?")
# except:
# self.om.echo("Ok. Aborted.")
# sys.exit(0)
self.numthreads -= 1
del ssl_sock
s.close()
if self.wait_time > 0:
time.sleep(float(self.wait_time))
def _ssl_wrap_socket(sock, key_file, cert_file):
ssl = socket.ssl(sock, key_file, cert_file)
return httplib.FakeSocket(sock, ssl)
