def get_fd(socket_name):
# Socket to recive the file descriptor
fdsock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
fdsock.bind("")
address = fdsock.getsockname()
# Socket to connect to the pl-vif-create process
# and send the PASSFD message
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
sock.connect(socket_name)
emsg = base64.b64encode(PASSFD_MSG)
eargs = base64.b64encode(address)
encoded = "%s|%s\n" % (emsg, eargs)
sock.send(encoded)
# Receive fd
(fd, msg) = passfd.recvfd(fdsock)
# Receive reply
reply = sock.recv(1024)
reply = base64.b64decode(reply)
sock.close()
fdsock.close()
return fd
def _shutdown_server(self, sock):
'''
TODO divide this into 2 parts:
1. pass listener socket
2. pass accepted sockets
'''
# get listener fd from previous server instance
listenerfd, msg = passfd.recvfd(sock)
print >>sys.stderr, time.ctime(), 'got listener', listenerfd
accepted = set()
for _ in range(self._get_worker_fds_num()):
a, msg = passfd.recvfd(sock)
print >>sys.stderr, time.ctime(), 'recved accepted', a
accepted.add(a)
return listenerfd, accepted
def get_fd(socket_name):
# Socket to recive the file descriptor
fdsock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
fdsock.bind("")
address = fdsock.getsockname()
# Socket to connect to the pl-vif-create process
# and send the PASSFD message
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
sock.connect(socket_name)
emsg = base64.b64encode(PASSFD_MSG)
eargs = base64.b64encode(address)
encoded = "%s|%s\n" % (emsg, eargs)
sock.send(encoded)
# Receive fd
(fd, msg) = passfd.recvfd(fdsock)
# Receive reply
reply = sock.recv(1024)
reply = base64.b64decode(reply)
sock.close()
fdsock.close()
return fd
def test_sanity_checks(self):
self.assertRaises(TypeError, recvfd, "foo")
s = socket.socket(socket.AF_INET)
self.assertRaises(ValueError, recvfd, s)
(s0, s1) = socket.socketpair(socket.AF_UNIX, socket.SOCK_STREAM, 0)
f = file("/dev/zero")
sendfd(s0, f)
recvfd(s1)
# Using integers
sendfd(s0.fileno(), f.fileno())
recvfd(s1.fileno())
self.assertRaises(TypeError, sendfd, s0, "foo")
# Assuming fd 255 is not valid
self.assertRaises(OSError, sendfd, s0, 255)
def test_sanity_checks(self):
self.assertRaises(TypeError, recvfd, "foo")
s = socket.socket(socket.AF_INET)
self.assertRaises(ValueError, recvfd, s)
(s0, s1) = socket.socketpair(socket.AF_UNIX, socket.SOCK_STREAM, 0)
f = file("/dev/zero")
sendfd(s0, f)
recvfd(s1)
# Using integers
sendfd(s0.fileno(), f.fileno())
recvfd(s1.fileno())
self.assertRaises(TypeError, sendfd, s0, "foo")
# Assuming fd 255 is not valid
self.assertRaises(OSError, sendfd, s0, 255)
def do_PROC_SIN(self, cmdname):
self.reply(354,
"Pass the file descriptor now, with `%s\\n' as payload." %
cmdname)
try:
fd, payload = passfd.recvfd(self._rfd, len(cmdname) + 1)
except (IOError, RuntimeError), e:
self.reply(500, "Error receiving FD: %s" % str(e))
return
def do_PROC_SIN(self, cmdname):
self.reply(
354,
"Pass the file descriptor now, with `%s\\n' as payload." % cmdname)
try:
fd, payload = passfd.recvfd(self._rfd, len(cmdname) + 1)
except (IOError, RuntimeError), e:
self.reply(500, "Error receiving FD: %s" % str(e))
return
def recvfd(fd):
retry = 1000
while True:
try:
return passfd.recvfd(fd)
except OSError as err:
retry -= 1
if retry <= 0 or err.errno != errno.EINTR:
raise
def doRead(self): reactor.removeReader(self) try: fd = recvfd(self.fd)[0] except Exception as e: self._close() self.proc.got_no_fd(e) else: self._close() self.proc.got_fd(fd)
def set_x11(self, protoname, hexkey):
# Returns a socket ready to accept() connections
self._send_cmd("X11", "SET", protoname, hexkey)
self._read_and_check_reply()
# Receive the socket
self._send_cmd("X11", "SOCK")
fd, payload = passfd.recvfd(self._rfd, 1)
self._read_and_check_reply()
skt = socket.fromfd(fd, socket.AF_INET, socket.SOCK_DGRAM)
os.close(fd) # fromfd dup()'s
return skt
def set_x11(self, protoname, hexkey):
# Returns a socket ready to accept() connections
self._send_cmd("X11", "SET", protoname, hexkey)
self._read_and_check_reply()
# Receive the socket
self._send_cmd("X11", "SOCK")
fd, payload = passfd.recvfd(self._rfd, 1)
self._read_and_check_reply()
skt = socket.fromfd(fd, socket.AF_INET, socket.SOCK_DGRAM)
os.close(fd) # fromfd dup()'s
return skt
def parent_tests(self, s, dgram = False):
# First message is not even sent
s.send("1")
self.vrfy_recv(recvfd(s), "a")
s.send("2")
self.vrfy_recv(recvfd(s), "\0")
s.send("3")
self.vrfy_recv(recvfd(s), "foobar")
s.send("4")
self.vrfy_recv(recvfd(s, msg_buf = 11), "long string") # is long
if not dgram:
self.assertEquals(s.recv(8), " is long") # re-sync
s.send("5")
self.assertEquals(s.recv(100), "foobar")
s.send("6")
self.assertRaises(RuntimeError, recvfd, s) # No fd received
#
s.send("7")
f, m = recvfd(s)
self.assertRaises(OSError, os.fdopen, f, "w")
s.send("8")
(f, msg) = recvfd(s)
self.assertEquals(msg, "writing")
os.write(f, "foo")
s.send("9")
def parent_tests(self, s, dgram=False):
# First message is not even sent
s.send("1")
self.vrfy_recv(recvfd(s), "a")
s.send("2")
self.vrfy_recv(recvfd(s), "\0")
s.send("3")
self.vrfy_recv(recvfd(s), "foobar")
s.send("4")
self.vrfy_recv(recvfd(s, msg_buf=11), "long string") # is long
if not dgram:
self.assertEquals(s.recv(8), " is long") # re-sync
s.send("5")
self.assertEquals(s.recv(100), "foobar")
s.send("6")
self.assertRaises(RuntimeError, recvfd, s) # No fd received
#
s.send("7")
f, m = recvfd(s)
self.assertRaises(OSError, os.fdopen, f, "w")
s.send("8")
(f, msg) = recvfd(s)
self.assertEquals(msg, "writing")
os.write(f, "foo")
s.send("9")
def handle_client(child):
fd, msg = passfd.recvfd(child)
command = ['hades', 'shell', '--session-id', session_id, user]
def preexec():
# make process group, script sometimes does kill(0, TERM)
os.setpgrp()
proc = subprocess.Popen(
wrap_in_pty(command), stdin=fd, stdout=fd, stderr=fd, preexec_fn=preexec)
os.close(fd)
threading.Thread(target=handle_resize, args=[child, proc]).start()
proc.wait()
child.sendall('F')
child.close()
def _rpc_read_bson(sock, allow_fd_passing=False):
sock_file = sock.makefile('r')
fd_count, = struct.unpack('!I', sock_file.read(4))
if fd_count == 0 or allow_fd_passing:
fds = [ FD(passfd.recvfd(sock)[0]) for i in xrange(fd_count) ]
else:
raise IOError('client tried to pass fds')
raw_length, = struct.unpack('!I', sock_file.read(4))
raw = sock_file.read(raw_length)
result = _bson.BSON(raw).decode()
if fd_count != 0:
result['fds'] = fds
elif 'fds' in result:
del result['fds']
return result
def pass_to_daemon(conn, cmd="start-tls"):
# print "Sending fd"
s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
s.connect("/tmp/tlsd.sock")
ret = passfd.sendfd(s, conn.fileno(), cmd)
# print "Send %s bytes" % ret
# print "Receiving fd..."
fd, msg = passfd.recvfd(s)
# print " fd: %s" % fd
# print " message: %s" % msg
if msg.split()[0] == "ERR":
conn.close()
s.close()
return conn, s, msg.split()[1], msg.split()[2]
if msg.split()[0] == "OK":
sock = socket.fromfd(fd, socket.AF_INET, socket.SOCK_STREAM)
return sock, s, 0, msg.split()[1]
def pass_to_daemon(conn, cmd='start-tls'):
#print "Sending fd"
s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
s.connect("/tmp/tlsd.sock")
ret = passfd.sendfd(s, conn.fileno(), cmd)
#print "Send %s bytes" % ret
#print "Receiving fd..."
fd, msg = passfd.recvfd(s)
#print " fd: %s" % fd
#print " message: %s" % msg
if (msg.split()[0] == 'ERR'):
conn.close()
s.close()
return conn, s, msg.split()[1], msg.split()[2]
if (msg.split()[0] == 'OK'):
sock = socket.fromfd(fd, socket.AF_INET, socket.SOCK_STREAM)
return sock, s, 0, msg.split()[1]
def run(self):
logger.debug("Starting %s", self.name)
logger.debug("Waiting for fd")
fd, msg = passfd.recvfd(self.clnt_cmd)
logger.debug("Received fd: %s; message: %s", fd, msg)
# Find out type of socket
temp_s = socket.fromfd(fd, socket.AF_UNIX, socket.SOCK_STREAM)
styp = temp_s.getsockopt(socket.SOL_SOCKET, socket.SO_TYPE)
# IPv6 or IPv4?
if ':' in temp_s.getsockname()[0]:
sfam = socket.AF_INET6
else:
sfam = socket.AF_INET
del temp_s
logger.debug("Creating socket from fd %s with family %d and type %d",
fd, sfam, styp)
self.connection = socket.fromfd(fd, sfam, styp)
self.remote_port = self.connection.getpeername()[1]
clnt_fd = 0
ret_msg = "OK"
try:
msg_split = msg.split()
if msg_split[0] == 'start-tls':
#format of msg is: start-tls [server_name [flags]]
if len(msg_split) > 1:
logger.debug("SNI: %s", msg_split[1])
self.server_name = msg_split[1]
if len(msg_split) > 2:
validator.parse_flags(msg_split[2])
clnt_fd = self.start_tls()
elif msg_split[0] == "recv-tls":
#format of msg is: recv-tls [flags]
if len(msg_split) > 1:
validator.parse_flags(msg_split[1])
clnt_fd = self.recv_tls()
else:
raise Exception('Unknown Command')
except libtlsd.validation.InsecureLookupException:
ret_msg = "ERR 1 InsecureLookupException"
except libtlsd.validation.LDAPUserNotFound:
ret_msg = "ERR 2 LDAPUserNotFound"
except libtlsd.validation.DaneError:
ret_msg = "ERR 3 DaneError"
except:
logger.debug('Unspecified error: %s', sys.exc_info()[0])
traceback.print_exc()
ret_msg = "ERR 99 Unspecified"
if validator.validated_identity:
ret_msg += ' %s' % (validator.validated_identity)
logger.debug("Sending substitute fd: %s", clnt_fd)
passfd.sendfd(self.clnt_cmd, clnt_fd, ret_msg)
if clnt_fd == 0:
return 0
# Create list of all sockets in correct order to always read the session socket first
inputs = []
inputs.append(self.session)
inputs.append(self.clnt_data)
inputs.append(self.clnt_cmd)
logger.info("Connection setup done forwarding all traffic...")
while (not self.stop):
inputready, outputready, exceptready = select.select(
inputs, [], [])
for s in inputready:
data = s.recv(BUF_SIZE)
if data:
if s is self.clnt_cmd:
self.process_cmd(data)
elif s is self.clnt_data:
self.session.send(data)
elif s is self.session:
self.clnt_data.send(data)
else:
# Interpret empty result as closed connection and close all
# Ignore termination of cmd socket
if s is self.clnt_cmd:
logger.info('Client cmd socket was closed')
inputs.remove(self.clnt_cmd)
else:
self.close_connections()
logger.debug("Terminating %s", self.name)
def recv_fd(): fd, _ = passfd.recvfd(KCHAN) f = os.fdopen(fd, 'r') return f
def run(self):
logger.debug("Starting %s", self.name)
logger.debug("Waiting for fd")
fd, msg = passfd.recvfd(self.clnt_cmd)
logger.debug("Received fd: %s; message: %s", fd, msg)
# Find out type of socket
temp_s = socket.fromfd(fd, socket.AF_UNIX, socket.SOCK_STREAM)
styp = temp_s.getsockopt(socket.SOL_SOCKET, socket.SO_TYPE)
# IPv6 or IPv4?
if ':' in temp_s.getsockname()[0]:
sfam = socket.AF_INET6
else:
sfam = socket.AF_INET
del temp_s
logger.debug("Creating socket from fd %s with family %d and type %d", fd, sfam, styp)
self.connection = socket.fromfd(fd, sfam, styp)
self.remote_port = self.connection.getpeername()[1]
clnt_fd = 0
ret_msg = "OK"
try:
msg_split = msg.split()
if msg_split[0] == 'start-tls':
#format of msg is: start-tls [server_name [flags]]
if len(msg_split) > 1:
logger.debug("SNI: %s", msg_split[1])
self.server_name = msg_split[1]
if len(msg_split) > 2:
validator.parse_flags(msg_split[2])
clnt_fd = self.start_tls()
elif msg_split[0] == "recv-tls":
#format of msg is: recv-tls [flags]
if len(msg_split) > 1:
validator.parse_flags(msg_split[1])
clnt_fd = self.recv_tls()
else:
raise Exception('Unknown Command')
except libtlsd.validation.InsecureLookupException:
ret_msg = "ERR 1 InsecureLookupException"
except libtlsd.validation.LDAPUserNotFound:
ret_msg = "ERR 2 LDAPUserNotFound"
except libtlsd.validation.DaneError:
ret_msg = "ERR 3 DaneError"
except:
logger.debug('Unspecified error: %s', sys.exc_info()[0])
traceback.print_exc()
ret_msg = "ERR 99 Unspecified"
if validator.validated_identity:
ret_msg += ' %s' % (validator.validated_identity)
logger.debug("Sending substitute fd: %s", clnt_fd)
passfd.sendfd(self.clnt_cmd, clnt_fd, ret_msg)
if clnt_fd == 0:
return 0
# Create list of all sockets in correct order to always read the session socket first
inputs = []
inputs.append(self.session)
inputs.append(self.clnt_data)
inputs.append(self.clnt_cmd)
logger.info("Connection setup done forwarding all traffic...")
while(not self.stop):
inputready, outputready, exceptready = select.select(inputs, [], [])
for s in inputready:
data = s.recv(BUF_SIZE)
if data:
if s is self.clnt_cmd:
self.process_cmd(data)
elif s is self.clnt_data:
self.session.send(data)
elif s is self.session:
self.clnt_data.send(data)
else:
# Interpret empty result as closed connection and close all
# Ignore termination of cmd socket
if s is self.clnt_cmd:
logger.info('Client cmd socket was closed')
inputs.remove(self.clnt_cmd)
else:
self.close_connections()
logger.debug("Terminating %s", self.name)
# We're in the parent.
# ioctl() will only pass raw filedescriptors. Find fd of fileObj.
fd = fileObj.fileno()
# Send to the child
os.write(wfd, "x")
passfd.sendfd(wfd, fd)
# Wait for child to terminate, then exit.
os.waitpid(pid, 0)
fileObj.close()
sys.exit(0)
else:
# We're in the child.
fileObj.close()
print os.read(rfd, 1)
fd = passfd.recvfd(rfd)
# Reopen the filedescriptor as a Python File-object.
fileObj = os.fdopen(fd, 'r')
# Example usage: Read file, print the first line.
data = fileObj.readline()
print "Read line: %r, expected %r" % (data, line)
assert line == data
sys.exit(0)
import sys
import socket
FAMILY = socket.AF_UNIX
TYPE = socket.SOCK_STREAM
tab2kernel = socket.fromfd(int(sys.argv[1]), FAMILY, TYPE)
#tab2kernel.send("firebird.ucsd.edu:80")
#print tab2kernel.recv(4096)
while True:
try :
data = sys.stdin.readline()
tab2kernel.send(data)
(fd, msg) = passfd.recvfd(tab2kernel, msg_buf=4096)
print msg
if int(fd) == 0:
print "tab:connection failed"
else:
http_soc = socket.fromfd(int(fd), FAMILY, TYPE)
http_soc.send("GET /index.html\n")
print http_soc.recv(4096)
http_soc.close()
except:
print "tab:error"
# ioctl() will only pass raw filedescriptors. Find fd of fileObj.
fd = fileObj.fileno()
# Send to the child
os.write(wfd, "x")
passfd.sendfd(wfd, fd)
# Wait for child to terminate, then exit.
os.waitpid(pid, 0)
fileObj.close()
sys.exit(0)
else:
# We're in the child.
fileObj.close()
print os.read(rfd, 1)
fd = passfd.recvfd(rfd)
# Reopen the filedescriptor as a Python File-object.
fileObj = os.fdopen(fd, 'r')
# Example usage: Read file, print the first line.
data = fileObj.readline()
print "Read line: %r, expected %r" % (data, line)
assert line == data
sys.exit(0)
def recv_fd():
fd, _ = passfd.recvfd(KCHAN)
f = os.fdopen(fd, 'r')
return f
