def get_fd(socket_name): # Socket to recive the file descriptor fdsock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM) fdsock.bind("") address = fdsock.getsockname() # Socket to connect to the pl-vif-create process # and send the PASSFD message sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) sock.connect(socket_name) emsg = base64.b64encode(PASSFD_MSG) eargs = base64.b64encode(address) encoded = "%s|%s\n" % (emsg, eargs) sock.send(encoded) # Receive fd (fd, msg) = passfd.recvfd(fdsock) # Receive reply reply = sock.recv(1024) reply = base64.b64decode(reply) sock.close() fdsock.close() return fd
def _shutdown_server(self, sock): ''' TODO divide this into 2 parts: 1. pass listener socket 2. pass accepted sockets ''' # get listener fd from previous server instance listenerfd, msg = passfd.recvfd(sock) print >>sys.stderr, time.ctime(), 'got listener', listenerfd accepted = set() for _ in range(self._get_worker_fds_num()): a, msg = passfd.recvfd(sock) print >>sys.stderr, time.ctime(), 'recved accepted', a accepted.add(a) return listenerfd, accepted
def test_sanity_checks(self): self.assertRaises(TypeError, recvfd, "foo") s = socket.socket(socket.AF_INET) self.assertRaises(ValueError, recvfd, s) (s0, s1) = socket.socketpair(socket.AF_UNIX, socket.SOCK_STREAM, 0) f = file("/dev/zero") sendfd(s0, f) recvfd(s1) # Using integers sendfd(s0.fileno(), f.fileno()) recvfd(s1.fileno()) self.assertRaises(TypeError, sendfd, s0, "foo") # Assuming fd 255 is not valid self.assertRaises(OSError, sendfd, s0, 255)
def do_PROC_SIN(self, cmdname): self.reply(354, "Pass the file descriptor now, with `%s\\n' as payload." % cmdname) try: fd, payload = passfd.recvfd(self._rfd, len(cmdname) + 1) except (IOError, RuntimeError), e: self.reply(500, "Error receiving FD: %s" % str(e)) return
def do_PROC_SIN(self, cmdname): self.reply( 354, "Pass the file descriptor now, with `%s\\n' as payload." % cmdname) try: fd, payload = passfd.recvfd(self._rfd, len(cmdname) + 1) except (IOError, RuntimeError), e: self.reply(500, "Error receiving FD: %s" % str(e)) return
def recvfd(fd): retry = 1000 while True: try: return passfd.recvfd(fd) except OSError as err: retry -= 1 if retry <= 0 or err.errno != errno.EINTR: raise
def doRead(self): reactor.removeReader(self) try: fd = recvfd(self.fd)[0] except Exception as e: self._close() self.proc.got_no_fd(e) else: self._close() self.proc.got_fd(fd)
def set_x11(self, protoname, hexkey): # Returns a socket ready to accept() connections self._send_cmd("X11", "SET", protoname, hexkey) self._read_and_check_reply() # Receive the socket self._send_cmd("X11", "SOCK") fd, payload = passfd.recvfd(self._rfd, 1) self._read_and_check_reply() skt = socket.fromfd(fd, socket.AF_INET, socket.SOCK_DGRAM) os.close(fd) # fromfd dup()'s return skt
def parent_tests(self, s, dgram = False): # First message is not even sent s.send("1") self.vrfy_recv(recvfd(s), "a") s.send("2") self.vrfy_recv(recvfd(s), "\0") s.send("3") self.vrfy_recv(recvfd(s), "foobar") s.send("4") self.vrfy_recv(recvfd(s, msg_buf = 11), "long string") # is long if not dgram: self.assertEquals(s.recv(8), " is long") # re-sync s.send("5") self.assertEquals(s.recv(100), "foobar") s.send("6") self.assertRaises(RuntimeError, recvfd, s) # No fd received # s.send("7") f, m = recvfd(s) self.assertRaises(OSError, os.fdopen, f, "w") s.send("8") (f, msg) = recvfd(s) self.assertEquals(msg, "writing") os.write(f, "foo") s.send("9")
def parent_tests(self, s, dgram=False): # First message is not even sent s.send("1") self.vrfy_recv(recvfd(s), "a") s.send("2") self.vrfy_recv(recvfd(s), "\0") s.send("3") self.vrfy_recv(recvfd(s), "foobar") s.send("4") self.vrfy_recv(recvfd(s, msg_buf=11), "long string") # is long if not dgram: self.assertEquals(s.recv(8), " is long") # re-sync s.send("5") self.assertEquals(s.recv(100), "foobar") s.send("6") self.assertRaises(RuntimeError, recvfd, s) # No fd received # s.send("7") f, m = recvfd(s) self.assertRaises(OSError, os.fdopen, f, "w") s.send("8") (f, msg) = recvfd(s) self.assertEquals(msg, "writing") os.write(f, "foo") s.send("9")
def handle_client(child): fd, msg = passfd.recvfd(child) command = ['hades', 'shell', '--session-id', session_id, user] def preexec(): # make process group, script sometimes does kill(0, TERM) os.setpgrp() proc = subprocess.Popen( wrap_in_pty(command), stdin=fd, stdout=fd, stderr=fd, preexec_fn=preexec) os.close(fd) threading.Thread(target=handle_resize, args=[child, proc]).start() proc.wait() child.sendall('F') child.close()
def _rpc_read_bson(sock, allow_fd_passing=False): sock_file = sock.makefile('r') fd_count, = struct.unpack('!I', sock_file.read(4)) if fd_count == 0 or allow_fd_passing: fds = [ FD(passfd.recvfd(sock)[0]) for i in xrange(fd_count) ] else: raise IOError('client tried to pass fds') raw_length, = struct.unpack('!I', sock_file.read(4)) raw = sock_file.read(raw_length) result = _bson.BSON(raw).decode() if fd_count != 0: result['fds'] = fds elif 'fds' in result: del result['fds'] return result
def pass_to_daemon(conn, cmd="start-tls"): # print "Sending fd" s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) s.connect("/tmp/tlsd.sock") ret = passfd.sendfd(s, conn.fileno(), cmd) # print "Send %s bytes" % ret # print "Receiving fd..." fd, msg = passfd.recvfd(s) # print " fd: %s" % fd # print " message: %s" % msg if msg.split()[0] == "ERR": conn.close() s.close() return conn, s, msg.split()[1], msg.split()[2] if msg.split()[0] == "OK": sock = socket.fromfd(fd, socket.AF_INET, socket.SOCK_STREAM) return sock, s, 0, msg.split()[1]
def pass_to_daemon(conn, cmd='start-tls'): #print "Sending fd" s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) s.connect("/tmp/tlsd.sock") ret = passfd.sendfd(s, conn.fileno(), cmd) #print "Send %s bytes" % ret #print "Receiving fd..." fd, msg = passfd.recvfd(s) #print " fd: %s" % fd #print " message: %s" % msg if (msg.split()[0] == 'ERR'): conn.close() s.close() return conn, s, msg.split()[1], msg.split()[2] if (msg.split()[0] == 'OK'): sock = socket.fromfd(fd, socket.AF_INET, socket.SOCK_STREAM) return sock, s, 0, msg.split()[1]
def run(self): logger.debug("Starting %s", self.name) logger.debug("Waiting for fd") fd, msg = passfd.recvfd(self.clnt_cmd) logger.debug("Received fd: %s; message: %s", fd, msg) # Find out type of socket temp_s = socket.fromfd(fd, socket.AF_UNIX, socket.SOCK_STREAM) styp = temp_s.getsockopt(socket.SOL_SOCKET, socket.SO_TYPE) # IPv6 or IPv4? if ':' in temp_s.getsockname()[0]: sfam = socket.AF_INET6 else: sfam = socket.AF_INET del temp_s logger.debug("Creating socket from fd %s with family %d and type %d", fd, sfam, styp) self.connection = socket.fromfd(fd, sfam, styp) self.remote_port = self.connection.getpeername()[1] clnt_fd = 0 ret_msg = "OK" try: msg_split = msg.split() if msg_split[0] == 'start-tls': #format of msg is: start-tls [server_name [flags]] if len(msg_split) > 1: logger.debug("SNI: %s", msg_split[1]) self.server_name = msg_split[1] if len(msg_split) > 2: validator.parse_flags(msg_split[2]) clnt_fd = self.start_tls() elif msg_split[0] == "recv-tls": #format of msg is: recv-tls [flags] if len(msg_split) > 1: validator.parse_flags(msg_split[1]) clnt_fd = self.recv_tls() else: raise Exception('Unknown Command') except libtlsd.validation.InsecureLookupException: ret_msg = "ERR 1 InsecureLookupException" except libtlsd.validation.LDAPUserNotFound: ret_msg = "ERR 2 LDAPUserNotFound" except libtlsd.validation.DaneError: ret_msg = "ERR 3 DaneError" except: logger.debug('Unspecified error: %s', sys.exc_info()[0]) traceback.print_exc() ret_msg = "ERR 99 Unspecified" if validator.validated_identity: ret_msg += ' %s' % (validator.validated_identity) logger.debug("Sending substitute fd: %s", clnt_fd) passfd.sendfd(self.clnt_cmd, clnt_fd, ret_msg) if clnt_fd == 0: return 0 # Create list of all sockets in correct order to always read the session socket first inputs = [] inputs.append(self.session) inputs.append(self.clnt_data) inputs.append(self.clnt_cmd) logger.info("Connection setup done forwarding all traffic...") while (not self.stop): inputready, outputready, exceptready = select.select( inputs, [], []) for s in inputready: data = s.recv(BUF_SIZE) if data: if s is self.clnt_cmd: self.process_cmd(data) elif s is self.clnt_data: self.session.send(data) elif s is self.session: self.clnt_data.send(data) else: # Interpret empty result as closed connection and close all # Ignore termination of cmd socket if s is self.clnt_cmd: logger.info('Client cmd socket was closed') inputs.remove(self.clnt_cmd) else: self.close_connections() logger.debug("Terminating %s", self.name)
def recv_fd(): fd, _ = passfd.recvfd(KCHAN) f = os.fdopen(fd, 'r') return f
def run(self): logger.debug("Starting %s", self.name) logger.debug("Waiting for fd") fd, msg = passfd.recvfd(self.clnt_cmd) logger.debug("Received fd: %s; message: %s", fd, msg) # Find out type of socket temp_s = socket.fromfd(fd, socket.AF_UNIX, socket.SOCK_STREAM) styp = temp_s.getsockopt(socket.SOL_SOCKET, socket.SO_TYPE) # IPv6 or IPv4? if ':' in temp_s.getsockname()[0]: sfam = socket.AF_INET6 else: sfam = socket.AF_INET del temp_s logger.debug("Creating socket from fd %s with family %d and type %d", fd, sfam, styp) self.connection = socket.fromfd(fd, sfam, styp) self.remote_port = self.connection.getpeername()[1] clnt_fd = 0 ret_msg = "OK" try: msg_split = msg.split() if msg_split[0] == 'start-tls': #format of msg is: start-tls [server_name [flags]] if len(msg_split) > 1: logger.debug("SNI: %s", msg_split[1]) self.server_name = msg_split[1] if len(msg_split) > 2: validator.parse_flags(msg_split[2]) clnt_fd = self.start_tls() elif msg_split[0] == "recv-tls": #format of msg is: recv-tls [flags] if len(msg_split) > 1: validator.parse_flags(msg_split[1]) clnt_fd = self.recv_tls() else: raise Exception('Unknown Command') except libtlsd.validation.InsecureLookupException: ret_msg = "ERR 1 InsecureLookupException" except libtlsd.validation.LDAPUserNotFound: ret_msg = "ERR 2 LDAPUserNotFound" except libtlsd.validation.DaneError: ret_msg = "ERR 3 DaneError" except: logger.debug('Unspecified error: %s', sys.exc_info()[0]) traceback.print_exc() ret_msg = "ERR 99 Unspecified" if validator.validated_identity: ret_msg += ' %s' % (validator.validated_identity) logger.debug("Sending substitute fd: %s", clnt_fd) passfd.sendfd(self.clnt_cmd, clnt_fd, ret_msg) if clnt_fd == 0: return 0 # Create list of all sockets in correct order to always read the session socket first inputs = [] inputs.append(self.session) inputs.append(self.clnt_data) inputs.append(self.clnt_cmd) logger.info("Connection setup done forwarding all traffic...") while(not self.stop): inputready, outputready, exceptready = select.select(inputs, [], []) for s in inputready: data = s.recv(BUF_SIZE) if data: if s is self.clnt_cmd: self.process_cmd(data) elif s is self.clnt_data: self.session.send(data) elif s is self.session: self.clnt_data.send(data) else: # Interpret empty result as closed connection and close all # Ignore termination of cmd socket if s is self.clnt_cmd: logger.info('Client cmd socket was closed') inputs.remove(self.clnt_cmd) else: self.close_connections() logger.debug("Terminating %s", self.name)
# We're in the parent. # ioctl() will only pass raw filedescriptors. Find fd of fileObj. fd = fileObj.fileno() # Send to the child os.write(wfd, "x") passfd.sendfd(wfd, fd) # Wait for child to terminate, then exit. os.waitpid(pid, 0) fileObj.close() sys.exit(0) else: # We're in the child. fileObj.close() print os.read(rfd, 1) fd = passfd.recvfd(rfd) # Reopen the filedescriptor as a Python File-object. fileObj = os.fdopen(fd, 'r') # Example usage: Read file, print the first line. data = fileObj.readline() print "Read line: %r, expected %r" % (data, line) assert line == data sys.exit(0)
import sys import socket FAMILY = socket.AF_UNIX TYPE = socket.SOCK_STREAM tab2kernel = socket.fromfd(int(sys.argv[1]), FAMILY, TYPE) #tab2kernel.send("firebird.ucsd.edu:80") #print tab2kernel.recv(4096) while True: try : data = sys.stdin.readline() tab2kernel.send(data) (fd, msg) = passfd.recvfd(tab2kernel, msg_buf=4096) print msg if int(fd) == 0: print "tab:connection failed" else: http_soc = socket.fromfd(int(fd), FAMILY, TYPE) http_soc.send("GET /index.html\n") print http_soc.recv(4096) http_soc.close() except: print "tab:error"
# ioctl() will only pass raw filedescriptors. Find fd of fileObj. fd = fileObj.fileno() # Send to the child os.write(wfd, "x") passfd.sendfd(wfd, fd) # Wait for child to terminate, then exit. os.waitpid(pid, 0) fileObj.close() sys.exit(0) else: # We're in the child. fileObj.close() print os.read(rfd, 1) fd = passfd.recvfd(rfd) # Reopen the filedescriptor as a Python File-object. fileObj = os.fdopen(fd, 'r') # Example usage: Read file, print the first line. data = fileObj.readline() print "Read line: %r, expected %r" % (data, line) assert line == data sys.exit(0)