def sockets(): """ Spawn a looper which loops over socket data and creates the sockets. It should only ever loop over a maximum of two - standard (std) and SSL (ssl). This way we're able to detect incoming connection vectors and handle them accordingly. A dictionary of sockets is then returned to later be added to the IOLoop. """ socks = {} for s in ports(): try: port = options.ssl_port if s == "ssl" else options.port sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) sock.setblocking(0) sock.bind((options.host, port)) sock.listen(5) socks[s] = sock except socket.error as e: if e.errno == 13: log.error("Permission denied, could not bind to %s:%s" % (options.host, port)) else: log.error(e) sys.exit(1) return socks
def set_options(): """ Set our default options, overriding them as required i.e. for SSL. Also outputs warning message when using Debug and Delay modes and is responsible for warning about deprecated options. """ # Deprecated options check opts.deprecated_opts() if options.debug: print("""WARNING: Using the debug flag!\n""" """This will generate a lots of disk I/O """ """and large log files\n""") if options.delay > 0: print("""WARNING: Using the delay flag!\n""" """The delay flag is a blocking action """ """and will cause connections to block.\n""") if options.ssl and not ssl: log.error("Unable to use SSL as SSL library is not compiled in") sys.exit(1) if options.ssl: try: verify_ssl_opts() except BlackholeSSLException as e: log.error(e) sys.exit(1) # Override SSL options based on options passed in sslkwargs['keyfile'] = options.ssl_key sslkwargs['certfile'] = options.ssl_cert
def setuid(): """ Change our existing user. Used to drop from root privileges down to a less privileged user MUST be called AFTER setgid, not before. """ try: os.setuid(pwd.getpwnam(options.user).pw_uid) except KeyError: log.error("User '%s' does not exist" % options.user) sys.exit(1) except OSError: log.error("You do not have permission to switch to user '%s'" % options.user) sys.exit(1)
def setgid(): """ Change our existing group. Used to drop from root privileges down to a less privileged group. MUST be called BEFORE setuid, not after. """ try: os.setgid(grp.getgrnam(options.group).gr_gid) except KeyError: log.error("Group '%s' does not exist" % options.group) sys.exit(1) except OSError: log.error("You do not have permission to switch to group '%s'" % options.group) sys.exit(1)
def connection_stream(connection): """ Detect which socket the connection is being made on, create and iostream for the connection, wrapping it in SSL if connected over the SSL socket. """ if connection.getsockname()[1] == options.ssl_port and options.ssl: try: ssl_connection = ssl.wrap_socket(connection, **sslkwargs) except (ssl.SSLError, socket.error), e: if e.errno == ssl.SSL_ERROR_EOF or e.errno == errno.ECONNABORTED: ssl_connection.close() return else: raise # Do a nasty blanket Exception until SSL exceptions are fully known try: return iostream.SSLIOStream(ssl_connection) except Exception, e: log.error(e) ssl_connection.close() return