def _ebStatus(self, reason, requestId, msg = b"request failed"):
code = FX_FAILURE
message = msg
if isinstance(reason.value, (IOError, OSError)):
if reason.value.errno == errno.ENOENT: # no such file
code = FX_NO_SUCH_FILE
message = networkString(reason.value.strerror)
elif reason.value.errno == errno.EACCES: # permission denied
code = FX_PERMISSION_DENIED
message = networkString(reason.value.strerror)
elif reason.value.errno == errno.EEXIST:
code = FX_FILE_ALREADY_EXISTS
else:
log.err(reason)
elif isinstance(reason.value, EOFError): # EOF
code = FX_EOF
if reason.value.args:
message = networkString(reason.value.args[0])
elif isinstance(reason.value, NotImplementedError):
code = FX_OP_UNSUPPORTED
if reason.value.args:
message = networkString(reason.value.args[0])
elif isinstance(reason.value, SFTPError):
code = reason.value.code
message = networkString(reason.value.message)
else:
log.err(reason)
self._sendStatus(requestId, code, message)
def lsLine(name, s):
"""
Build an 'ls' line for a file ('file' in its generic sense, it
can be of any type).
"""
mode = s.st_mode
perms = array.array('B', b'-'*10)
ft = stat.S_IFMT(mode)
if stat.S_ISDIR(ft): perms[0] = ord('d')
elif stat.S_ISCHR(ft): perms[0] = ord('c')
elif stat.S_ISBLK(ft): perms[0] = ord('b')
elif stat.S_ISREG(ft): perms[0] = ord('-')
elif stat.S_ISFIFO(ft): perms[0] = ord('f')
elif stat.S_ISLNK(ft): perms[0] = ord('l')
elif stat.S_ISSOCK(ft): perms[0] = ord('s')
else: perms[0] = ord('!')
# user
if mode&stat.S_IRUSR:perms[1] = ord('r')
if mode&stat.S_IWUSR:perms[2] = ord('w')
if mode&stat.S_IXUSR:perms[3] = ord('x')
# group
if mode&stat.S_IRGRP:perms[4] = ord('r')
if mode&stat.S_IWGRP:perms[5] = ord('w')
if mode&stat.S_IXGRP:perms[6] = ord('x')
# other
if mode&stat.S_IROTH:perms[7] = ord('r')
if mode&stat.S_IWOTH:perms[8] = ord('w')
if mode&stat.S_IXOTH:perms[9] = ord('x')
# suid/sgid
if mode&stat.S_ISUID:
if perms[3] == ord('x'): perms[3] = ord('s')
else: perms[3] = ord('S')
if mode&stat.S_ISGID:
if perms[6] == ord('x'): perms[6] = ord('s')
else: perms[6] = ord('S')
lsresult = [
perms.tostring(),
networkString(str(s.st_nlink)).rjust(5),
b' ',
networkString(str(s.st_uid)).ljust(9),
networkString(str(s.st_gid)).ljust(9),
networkString(str(s.st_size)).rjust(8),
b' ',
]
# need to specify the month manually, as strftime depends on locale
ttup = localtime(s.st_mtime)
sixmonths = 60 * 60 * 24 * 7 * 26
if s.st_mtime + sixmonths < time(): # last edited more than 6mo ago
strtime = strftime("%%s %d %Y ", ttup)
else:
strtime = strftime("%%s %d %H:%M ", ttup)
lsresult.append(networkString(strtime % (_MONTH_NAMES[ttup[1]],)))
lsresult.append(name)
return b''.join(lsresult)
def getRequestHostname(self):
"""
Function overload to fix ipv6 bug:
http://twistedmatrix.com/trac/ticket/6014
"""
host = self.getHeader(b'host')
if host:
if host[0]=='[':
return host.split(']',1)[0] + "]"
return networkString(host.split(':', 1)[0])
return networkString(self.getHost().host)
def welcomeMessage(self):
"""Override me to return a string which will be sent to the client
before login."""
x = self.factory.__class__
return networkString("\r\n" + x.__module__ + '.' + x.__name__ +
'\r\nTwisted %s\r\n' % copyright.version
)
def receivedHeader(self, helo, origin, recipients):
"""
Generate a received header string for a message.
@type helo: 2-L{tuple} of (L{bytes}, L{bytes})
@param helo: The client's identity as sent in the HELO command and its
IP address.
@type origin: L{Address}
@param origin: The origination address of the message.
@type recipients: L{list} of L{User}
@param recipients: The destination addresses for the message.
@rtype: L{bytes}
@return: A received header string.
"""
authStr = heloStr = b""
if self.user:
authStr = b" auth=" + self.user.encode('xtext')
if helo[0]:
heloStr = b" helo=" + helo[0]
fromUser = (b"from " + helo[0] + b" ([" + helo[1] + b"]" +
heloStr + authStr)
by = (b"by " + self.host + b" with " + self.protocolName +
b" (" + networkString(longversion) + b")")
forUser = (b"for <" + b' '.join(map(bytes, recipients)) + b"> " +
smtp.rfc822date())
return (b"Received: " + fromUser + b"\n\t" + by +
b"\n\t" + forUser)
def _doSingleRangeRequest(self, request, startAndEnd):
"""
Set up the response for Range headers that specify a single range.
This method checks if the request is satisfiable and sets the response
code and Content-Range header appropriately. The return value
indicates which part of the resource to return.
@param request: The Request object.
@param startAndEnd: A 2-tuple of start of the byte range as specified by
the header and the end of the byte range as specified by the header.
At most one of the start and end may be C{None}.
@return: A 2-tuple of the offset and size of the range to return.
offset == size == 0 indicates that the request is not satisfiable.
"""
start, end = startAndEnd
offset, size = self._rangeToOffsetAndSize(start, end)
if offset == size == 0:
# This range doesn't overlap with any of this resource, so the
# request is unsatisfiable.
request.setResponseCode(http.REQUESTED_RANGE_NOT_SATISFIABLE)
request.setHeader(
b'content-range', networkString('bytes */%d' % (self.getFileSize(),)))
else:
request.setResponseCode(http.PARTIAL_CONTENT)
request.setHeader(
b'content-range', self._contentRange(offset, size))
return offset, size
def render_GET(self, request):
data = json.dumps(request.args)
request.setHeader(b"content-type", networkString("application/json"))
request.setHeader(b"content-length", intToBytes(len(data)))
if request.method == b"HEAD":
return b""
return data
def processEnded(self, reason=None):
"""
When we are told the process ended, try to notify the other side about
how the process ended using the exit-signal or exit-status requests.
Also, close the channel.
"""
if reason is not None:
err = reason.value
if err.signal is not None:
signame = self._getSignalName(err.signal)
if (getattr(os, 'WCOREDUMP', None) is not None and
os.WCOREDUMP(err.status)):
log.msg('exitSignal: %s (core dumped)' % (signame,))
coreDumped = 1
else:
log.msg('exitSignal: %s' % (signame,))
coreDumped = 0
self.session.conn.sendRequest(self.session, b'exit-signal',
common.NS(networkString(signame[3:])) +
chr(coreDumped) + common.NS(b'') + common.NS(b''))
elif err.exitCode is not None:
log.msg('exitCode: %r' % (err.exitCode,))
self.session.conn.sendRequest(self.session, b'exit-status',
struct.pack('>L', err.exitCode))
self.session.loseConnection()
def render_GET(self, request):
data = json.dumps(request.args)
request.setHeader(b'content-type', networkString('application/json'))
request.setHeader(b'content-length', intToBytes(len(data)))
if request.method == b'HEAD':
return b''
return data
def render(self, request):
"""
Render me to a web client.
Load my file, execute it in a special namespace (with 'request' and
'__file__' global vars) and finish the request. Output to the web-page
will NOT be handled with print - standard output goes to the log - but
with request.write.
"""
request.setHeader(b"x-powered-by", networkString("Twisted/%s" % copyright.version))
namespace = {'request': request,
'__file__': _coerceToFilesystemEncoding("", self.filename),
'registry': self.registry}
try:
execfile(self.filename, namespace, namespace)
except IOError as e:
if e.errno == 2: #file not found
request.setResponseCode(http.NOT_FOUND)
request.write(resource.NoResource("File not found.").render(request))
except:
io = NativeStringIO()
traceback.print_exc(file=io)
output = util._PRE(io.getvalue())
if _PY3:
output = output.encode("utf8")
request.write(output)
request.finish()
return server.NOT_DONE_YET
def createServer(self, resource):
self.p = reactor.listenTCP(
0, server.Site(resource), interface="127.0.0.1")
self.addCleanup(self.p.stopListening)
self.port = self.p.getHost().port
self.proxy = xmlrpc.Proxy(
networkString('http://127.0.0.1:%d' % self.port))
def test_authInfoInURL(self):
url = "http://%s:%[email protected]:%d/" % (
nativeString(self.user), nativeString(self.password), self.port)
p = xmlrpc.Proxy(networkString(url))
d = p.callRemote("authinfo")
d.addCallback(self.assertEqual, [self.user, self.password])
return d
def _packAttributes(self, attrs):
flags = 0
data = b''
if 'size' in attrs:
data += struct.pack('!Q', attrs['size'])
flags |= FILEXFER_ATTR_SIZE
if 'uid' in attrs and 'gid' in attrs:
data += struct.pack('!2L', attrs['uid'], attrs['gid'])
flags |= FILEXFER_ATTR_OWNERGROUP
if 'permissions' in attrs:
data += struct.pack('!L', attrs['permissions'])
flags |= FILEXFER_ATTR_PERMISSIONS
if 'atime' in attrs and 'mtime' in attrs:
data += struct.pack('!2L', attrs['atime'], attrs['mtime'])
flags |= FILEXFER_ATTR_ACMODTIME
extended = []
for k in attrs:
if k.startswith('ext_'):
ext_type = NS(networkString(k[4:]))
ext_data = NS(attrs[k])
extended.append(ext_type+ext_data)
if extended:
data += struct.pack('!L', len(extended))
data += b''.join(extended)
flags |= FILEXFER_ATTR_EXTENDED
return struct.pack('!L', flags) + data
def _writeTest(self, write):
"""
Helper for testing L{IProcessTransport} write functionality. This
method spawns a child process and gives C{write} a chance to write some
bytes to it. It then verifies that the bytes were actually written to
it (by relying on the child process to echo them back).
@param write: A two-argument callable. This is invoked with a process
transport and some bytes to write to it.
"""
reactor = self.buildReactor()
ended = Deferred()
protocol = _ShutdownCallbackProcessProtocol(ended)
bytesToSend = b"hello, world" + networkString(os.linesep)
program = (
b"import sys\n"
b"sys.stdout.write(sys.stdin.readline())\n"
)
def startup():
transport = reactor.spawnProcess(
protocol, pyExe, [pyExe, b"-c", program])
try:
write(transport, bytesToSend)
except:
err(None, "Unhandled exception while writing")
transport.signalProcess('KILL')
reactor.callWhenRunning(startup)
ended.addCallback(lambda ignored: reactor.stop())
self.runReactor(reactor)
self.assertEqual(bytesToSend, b"".join(protocol.received[1]))
def _set(self, cmd, key, val, flags, expireTime, cas):
"""
Internal wrapper for setting values.
"""
if self._disconnected:
return fail(RuntimeError("not connected"))
if not isinstance(key, bytes):
return fail(ClientError(
"Invalid type for key: %s, expecting bytes" % (type(key),)))
if len(key) > self.MAX_KEY_LENGTH:
return fail(ClientError("Key too long"))
if not isinstance(val, bytes):
return fail(ClientError(
"Invalid type for value: %s, expecting bytes" %
(type(val),)))
if cas:
cas = b" " + cas
length = len(val)
fullcmd = b" ".join([
cmd, key,
networkString("%d %d %d" % (flags, expireTime, length))]) + cas
self.sendLine(fullcmd)
self.sendLine(val)
cmdObj = Command(cmd, key=key, flags=flags, length=length)
self._current.append(cmdObj)
return cmdObj._deferred
def proxy(self, factory=None):
p = xmlrpc.Proxy(networkString("http://127.0.0.1:%d" % self.port))
if factory is None:
p.queryFactory = self.queryFactory
else:
p.queryFactory = factory
return p
def createServer(self, resource):
self.p = reactor.listenTCP(0,
server.Site(resource),
interface="127.0.0.1")
self.addCleanup(self.p.stopListening)
self.port = self.p.getHost().port
self.proxy = xmlrpc.Proxy(
networkString('http://127.0.0.1:%d' % self.port))
def packet_EXTENDED(self, data):
requestId = data[:4]
data = data[4:]
extName, extData = getNS(data)
d = defer.maybeDeferred(self.client.extendedRequest, extName, extData)
d.addCallback(self._cbExtended, requestId)
d.addErrback(self._ebStatus, requestId, networkString(
'extended %s failed' % extName))
def test_erroneousResponse(self):
"""
Test that calling the xmlrpc client on a static http server raises
an exception.
"""
proxy = xmlrpc.Proxy(networkString("http://127.0.0.1:%d/" %
(self.port.getHost().port,)))
return self.assertFailure(proxy.callRemote("someMethod"), ValueError)
def packet_EXTENDED(self, data):
requestId = data[:4]
data = data[4:]
extName, extData = getNS(data)
d = defer.maybeDeferred(self.client.extendedRequest, extName, extData)
d.addCallback(self._cbExtended, requestId)
d.addErrback(self._ebStatus, requestId,
networkString('extended %s failed' % extName))
def test_erroneousResponse(self):
"""
Test that calling the xmlrpc client on a static http server raises
an exception.
"""
proxy = xmlrpc.Proxy(networkString("http://127.0.0.1:%d/" %
(self.port.getHost().port,)))
return self.assertFailure(proxy.callRemote("someMethod"), ValueError)
def _realPath(_):
d = self.client.realPath(b'testLink')
self._emptyBuffers()
d.addCallback(
self.assertEqual,
os.path.join(networkString(os.getcwd()), self.testDir,
b'testfile1'))
return d
def _realPath(_):
d = self.client.realPath(b'testLink')
self._emptyBuffers()
d.addCallback(
self.assertEqual,
os.path.join(
networkString(os.getcwd()), self.testDir, b'testfile1'))
return d
def selectGraphicRendition(self, *attributes):
# each member of attributes must be a native string
attrs = []
for a in attributes:
attrs.append(networkString(a))
self.write(b'\x1b[' +
b';'.join(attrs) +
b'm')
def _setContentHeaders(self, request, size=None):
"""
Set the Content-length and Content-type headers for this request.
This method is not appropriate for requests for multiple byte ranges;
L{_doMultipleRangeRequest} will set these headers in that case.
@param request: The L{Request} object.
@param size: The size of the response. If not specified, default to
C{self.getFileSize()}.
"""
if size is None:
size = self.getFileSize()
request.setHeader(b'content-length', intToBytes(size))
if self.type:
request.setHeader(b'content-type', networkString(self.type))
if self.encoding:
request.setHeader(b'content-encoding', networkString(self.encoding))
def __bytes__(self):
if self.code > 0:
res = [networkString("%.3d %s" % (self.code, self.resp))]
else:
res = [self.resp]
if self.log:
res.append(self.log)
res.append(b'')
return b'\n'.join(res)
def test_errorGet(self):
"""
A classic GET on the xml server should return a NOT_ALLOWED.
"""
d = client.getPage(networkString("http://127.0.0.1:%d/" % (self.port,)))
d = self.assertFailure(d, error.Error)
d.addCallback(
lambda exc: self.assertEqual(int(exc.args[0]), http.NOT_ALLOWED))
return d
def test_explicitAuthInfoOverride(self):
p = xmlrpc.Proxy(
networkString("http://*****:*****@127.0.0.1:%d/" % (self.port, )),
self.user,
self.password,
)
d = p.callRemote("authinfo")
d.addCallback(self.assertEqual, [self.user, self.password])
return d
def test_timeoutNotTriggering(self):
"""
When a non-zero timeout is passed to L{getPage} and the page is
retrieved before the timeout period elapses, the L{Deferred} is
called back with the contents of the page.
"""
d = client.getPage(self.getURL("host"), timeout=100)
d.addCallback(self.assertEqual, networkString("127.0.0.1:%s" % (self.portno,)))
return d
def _setContentHeaders(self, request, size=None):
"""
Set the Content-length and Content-type headers for this request.
This method is not appropriate for requests for multiple byte ranges;
L{_doMultipleRangeRequest} will set these headers in that case.
@param request: The L{Request} object.
@param size: The size of the response. If not specified, default to
C{self.getFileSize()}.
"""
if size is None:
size = self.getFileSize()
request.setHeader(b'content-length', intToBytes(size))
if self.type:
request.setHeader(b'content-type', networkString(self.type))
if self.encoding:
request.setHeader(b'content-encoding', networkString(self.encoding))
def __bytes__(self):
if self.code > 0:
res = [networkString("%.3d %s" % (self.code, self.resp))]
else:
res = [self.resp]
if self.log:
res.append(self.log)
res.append(b'')
return b'\n'.join(res)
def test_timeoutNotTriggering(self):
"""
When a non-zero timeout is passed to L{getPage} and the page is
retrieved before the timeout period elapses, the L{Deferred} is
called back with the contents of the page.
"""
d = client.getPage(self.getURL("host"), timeout=100)
d.addCallback(self.assertEqual,
networkString("127.0.0.1:%s" % (self.portno,)))
return d
def _mkuid(self):
"""
(internal) Generate an opaque, unique ID for a user's session.
"""
from hashlib import md5
import random
self.counter = self.counter + 1
return md5(networkString(
"%s_%s" % (str(random.random()) , str(self.counter)))
).hexdigest()
def test_errorGet(self):
"""
A classic GET on the xml server should return a NOT_ALLOWED.
"""
agent = client.Agent(reactor)
d = agent.request(b"GET", networkString("http://127.0.0.1:%d/" % (self.port,)))
def checkResponse(response):
self.assertEqual(response.code, http.NOT_ALLOWED)
d.addCallback(checkResponse)
return d
def _mkuid(self):
"""
(internal) Generate an opaque, unique ID for a user's session.
"""
from hashlib import md5
import random
self.counter = self.counter + 1
return md5(networkString(
"%s_%s" % (str(random.random()) , str(self.counter)))
).hexdigest()
def makeSignedArguments(params, signKey, signSecret, body):
params['timestamp'] = [networkString(_utcnow())]
params['seq'] = [b"1"]
params['key'] = [networkString(signKey)]
params['nonce'] = [networkString(str(random.randint(0, 9007199254740992)))]
# HMAC[SHA256]_{secret} (key | timestamp | seq | nonce | body) => signature
hm = hmac.new(signSecret.encode('utf8'), None, hashlib.sha256)
hm.update(params['key'][0])
hm.update(params['timestamp'][0])
hm.update(params['seq'][0])
hm.update(params['nonce'][0])
hm.update(body)
signature = base64.urlsafe_b64encode(hm.digest())
params['signature'] = [signature]
return params
def test_errorGet(self):
"""
A classic GET on the xml server should return a NOT_ALLOWED.
"""
agent = client.Agent(reactor)
d = agent.request(b"GET", networkString("http://127.0.0.1:%d/" % (self.port,)))
def checkResponse(response):
self.assertEqual(response.code, http.NOT_ALLOWED)
d.addCallback(checkResponse)
return d
def test_authInfoInURL(self):
url = "http://%s:%[email protected]:%d/" % (
nativeString(self.user),
nativeString(self.password),
self.port,
)
p = xmlrpc.Proxy(networkString(url))
d = p.callRemote("authinfo")
d.addCallback(self.assertEqual, [self.user, self.password])
return d
def test_errorXMLContent(self):
"""
Test that an invalid XML input returns an L{xmlrpc.Fault}.
"""
d = client.getPage(networkString("http://127.0.0.1:%d/" % (self.port,)),
method=b"POST", postdata=b"foo")
def cb(result):
self.assertRaises(xmlrpc.Fault, xmlrpclib.loads, result)
d.addCallback(cb)
return d
def setUp(self):
"""
Create a new XML-RPC server with C{allowNone} set to C{True}.
"""
kwargs = {self.flagName: True}
self.p = reactor.listenTCP(
0, server.Site(Test(**kwargs)), interface="127.0.0.1")
self.addCleanup(self.p.stopListening)
self.port = self.p.getHost().port
self.proxy = xmlrpc.Proxy(
networkString("http://127.0.0.1:%d/" % (self.port,)), **kwargs)
def makeAPICall(self, path, method="POST", params=None):
if params:
postdata = json.dumps(params)
else:
postdata = None
uri = networkString("http://127.0.0.1:%d/API/%s" %
(self.plainPortno, path))
return client.getPage(uri,
method=method,
timeout=1,
postdata=postdata,
headers={'X-Bitmask-Auth': 'aaa'})
def render_GET(self, request):
if self.size:
request.setHeader(b'content-length', intToBytes(self.size))
if self.type:
request.setHeader(b'content-type', networkString(self.type))
if self.encoding:
request.setHeader(b'content-encoding', networkString(self.encoding))
request.setResponseCode(http.OK)
# FIXME: depending on self.size, eg when 128kB, we might want to directly return bytes
# instead of the overhead setting up a producer etc ..
# if we want to serve directly out of ZIP files, we cannot support HTTP
# range requests, as the file-like object returned for a file within an archive
# does not support seek() (it will raise "not implemented" - 2018/06 with Python 3.6.5)
producer = NoRangeStaticProducer(request, self.file)
producer.start()
# and make sure the connection doesn't get closed
return server.NOT_DONE_YET
def test_longPassword(self):
"""
C{QueryProtocol} uses the C{base64.b64encode} function to encode user
name and password in the I{Authorization} header, so that it doesn't
embed new lines when using long inputs.
"""
longPassword = self.password * 40
p = xmlrpc.Proxy(networkString("http://127.0.0.1:%d/" % (
self.port,)), self.user, longPassword)
d = p.callRemote("authinfo")
d.addCallback(self.assertEqual, [self.user, longPassword])
return d
def proxy(self, factory=None):
"""
Return a new xmlrpc.Proxy for the test site created in
setUp(), using the given factory as the queryFactory, or
self.queryFactory if no factory is provided.
"""
p = xmlrpc.Proxy(networkString("http://127.0.0.1:%d/" % self.port))
if factory is None:
p.queryFactory = self.queryFactory
else:
p.queryFactory = factory
return p
def ssh_CHANNEL_OPEN(self, packet):
"""
The other side wants to get a channel. Payload::
string channel name
uint32 remote channel number
uint32 remote window size
uint32 remote maximum packet size
<channel specific data>
We get a channel from self.getChannel(), give it a local channel number
and notify the other side. Then notify the channel by calling its
channelOpen method.
"""
channelType, rest = common.getNS(packet)
senderChannel, windowSize, maxPacket = struct.unpack(">3L", rest[:12])
packet = rest[12:]
try:
channel = self.getChannel(channelType, windowSize, maxPacket, packet)
localChannel = self.localChannelID
self.localChannelID += 1
channel.id = localChannel
self.channels[localChannel] = channel
self.channelsToRemoteChannel[channel] = senderChannel
self.localToRemoteChannel[localChannel] = senderChannel
openConfirmPacket = (
struct.pack(
">4L",
senderChannel,
localChannel,
channel.localWindowSize,
channel.localMaxPacket,
)
+ channel.specificData
)
self.transport.sendPacket(MSG_CHANNEL_OPEN_CONFIRMATION, openConfirmPacket)
channel.channelOpen(packet)
except Exception as e:
self._log.failure("channel open failed")
if isinstance(e, error.ConchError):
textualInfo, reason = e.args
if isinstance(textualInfo, int):
# See #3657 and #3071
textualInfo, reason = reason, textualInfo
else:
reason = OPEN_CONNECT_FAILED
textualInfo = "unknown failure"
self.transport.sendPacket(
MSG_CHANNEL_OPEN_FAILURE,
struct.pack(">2L", senderChannel, reason)
+ common.NS(networkString(textualInfo))
+ common.NS(b""),
)
def _makeContext(self):
ctx = self._contextFactory(self.method)
# Disallow insecure SSLv2. Applies only for SSLv23_METHOD.
ctx.set_options(SSL.OP_NO_SSLv2)
if self.certificate is not None and self.privateKey is not None:
ctx.use_certificate(self.certificate)
ctx.use_privatekey(self.privateKey)
for extraCert in self.extraCertChain:
ctx.add_extra_chain_cert(extraCert)
# Sanity check
ctx.check_privatekey()
verifyFlags = SSL.VERIFY_NONE
if self.verify:
verifyFlags = SSL.VERIFY_PEER
if self.requireCertificate:
verifyFlags |= SSL.VERIFY_FAIL_IF_NO_PEER_CERT
if self.verifyOnce:
verifyFlags |= SSL.VERIFY_CLIENT_ONCE
if self.caCerts:
store = ctx.get_cert_store()
for cert in self.caCerts:
store.add_cert(cert)
# It'd be nice if pyOpenSSL let us pass None here for this behavior (as
# the underlying OpenSSL API call allows NULL to be passed). It
# doesn't, so we'll supply a function which does the same thing.
def _verifyCallback(conn, cert, errno, depth, preverify_ok):
return preverify_ok
ctx.set_verify(verifyFlags, _verifyCallback)
if self.verifyDepth is not None:
ctx.set_verify_depth(self.verifyDepth)
if self.enableSingleUseKeys:
ctx.set_options(SSL.OP_SINGLE_DH_USE)
if self.fixBrokenPeers:
ctx.set_options(self._OP_ALL)
if self.enableSessions:
name = "%s-%d" % (reflect.qual(self.__class__), _sessionCounter())
sessionName = md5(networkString(name)).hexdigest()
ctx.set_session_id(sessionName)
if not self.enableSessionTickets:
ctx.set_options(self._OP_NO_TICKET)
return ctx
def test_equality(self):
"""
Two L{HashedEntry} instances compare equal if and only if they represent
the same host and key in exactly the same way: the host salt, host hash,
public key type, public key, and comment fields must all be equal.
"""
hostSalt = b"gJbSEPBG9ZSBoZpHNtZBD1bHKBA"
hostHash = b"bQv+0Xa0dByrwkA1EB0E7Xop/Fo"
publicKey = Key.fromString(sampleKey)
keyType = networkString(publicKey.type())
comment = b"hello, world"
entry = HashedEntry(hostSalt, hostHash, keyType, publicKey, comment)
duplicate = HashedEntry(hostSalt, hostHash, keyType, publicKey,
comment)
# Vary the host salt
self.assertNormalEqualityImplementation(
entry,
duplicate,
HashedEntry(hostSalt[::-1], hostHash, keyType, publicKey, comment),
)
# Vary the host hash
self.assertNormalEqualityImplementation(
entry,
duplicate,
HashedEntry(hostSalt, hostHash[::-1], keyType, publicKey, comment),
)
# Vary the key type
self.assertNormalEqualityImplementation(
entry,
duplicate,
HashedEntry(hostSalt, hostHash, keyType[::-1], publicKey, comment),
)
# Vary the key
self.assertNormalEqualityImplementation(
entry,
duplicate,
HashedEntry(hostSalt, hostHash, keyType,
Key.fromString(otherSampleKey), comment),
)
# Vary the comment
self.assertNormalEqualityImplementation(
entry,
duplicate,
HashedEntry(hostSalt, hostHash, keyType, publicKey, comment[::-1]),
)
def _ebStatus(self, reason, requestId, msg=b"request failed"):
code = FX_FAILURE
message = msg
if isinstance(reason.value, (IOError, OSError)):
if reason.value.errno == errno.ENOENT: # No such file
code = FX_NO_SUCH_FILE
message = networkString(reason.value.strerror)
elif reason.value.errno == errno.EACCES: # Permission denied
code = FX_PERMISSION_DENIED
message = networkString(reason.value.strerror)
elif reason.value.errno == errno.EEXIST:
code = FX_FILE_ALREADY_EXISTS
else:
self._log.failure(
"Request {requestId} failed: {message}",
failure=reason,
requestId=requestId,
message=message,
)
elif isinstance(reason.value, EOFError): # EOF
code = FX_EOF
if reason.value.args:
message = networkString(reason.value.args[0])
elif isinstance(reason.value, NotImplementedError):
code = FX_OP_UNSUPPORTED
if reason.value.args:
message = networkString(reason.value.args[0])
elif isinstance(reason.value, SFTPError):
code = reason.value.code
message = networkString(reason.value.message)
else:
self._log.failure(
"Request {requestId} failed with unknown error: {message}",
failure=reason,
requestId=requestId,
message=message,
)
self._sendStatus(requestId, code, message)
def _contentRange(self, offset, size):
"""
Return a string suitable for the value of a Content-Range header for a
range with the given offset and size.
The offset and size are not sanity checked in any way.
@param offset: How far into this resource the range begins.
@param size: How long the range is.
@return: The value as appropriate for the value of a Content-Range
header.
"""
return networkString('bytes %d-%d/%d' %
(offset, offset + size - 1, self.getFileSize()))
def getChallenge(self):
if self.challenge:
return self.challenge
# The data encoded in the first ready response contains an
# presumptively arbitrary string of random digits, a timestamp, and
# the fully-qualified primary host name of the server. The syntax of
# the unencoded form must correspond to that of an RFC 822 'msg-id'
# [RFC822] as described in [POP3].
# -- RFC 2195
r = random.randrange(0x7fffffff)
t = time.time()
self.challenge = networkString('<%d.%d@%s>' % (
r, t, nativeString(self.host) if self.host else None))
return self.challenge
def test_invalidOpaque(self):
"""
L{DigestCredentialFactory.decode} raises L{LoginFailed} when the opaque
value does not contain all the required parts.
"""
credentialFactory = FakeDigestCredentialFactory(
self.algorithm, self.realm)
challenge = credentialFactory.getChallenge(self.clientAddress.host)
exc = self.assertRaises(
LoginFailed,
credentialFactory._verifyOpaque,
b"badOpaque",
challenge["nonce"],
self.clientAddress.host,
)
self.assertEqual(str(exc), "Invalid response, invalid opaque value")
badOpaque = b"foo-" + b64encode(b"nonce,clientip")
exc = self.assertRaises(
LoginFailed,
credentialFactory._verifyOpaque,
badOpaque,
challenge["nonce"],
self.clientAddress.host,
)
self.assertEqual(str(exc), "Invalid response, invalid opaque value")
exc = self.assertRaises(
LoginFailed,
credentialFactory._verifyOpaque,
b"",
challenge["nonce"],
self.clientAddress.host,
)
self.assertEqual(str(exc), "Invalid response, invalid opaque value")
badOpaque = b"foo-" + b64encode(b",".join(
(challenge["nonce"], networkString(
self.clientAddress.host), b"foobar")))
exc = self.assertRaises(
LoginFailed,
credentialFactory._verifyOpaque,
badOpaque,
challenge["nonce"],
self.clientAddress.host,
)
self.assertEqual(str(exc),
"Invalid response, invalid opaque/time values")
def test_errorXMLContent(self):
"""
Test that an invalid XML input returns an L{xmlrpc.Fault}.
"""
agent = client.Agent(reactor)
d = agent.request(
uri=networkString("http://127.0.0.1:%d/" % (self.port,)),
method=b"POST",
bodyProducer=client.FileBodyProducer(BytesIO(b"foo")))
d.addCallback(client.readBody)
def cb(result):
self.assertRaises(xmlrpc.Fault, xmlrpclib.loads, result)
d.addCallback(cb)
return d
def _uncleanSocketTest(self, callback):
self.filename = self.mktemp()
source = networkString(
("from twisted.internet import protocol, reactor\n"
"reactor.listenUNIX(%r, protocol.ServerFactory(),"
"wantPID=True)\n") % (self.filename, ))
env = {
b'PYTHONPATH':
FilePath(os.pathsep.join(sys.path)).asBytesMode().path
}
pyExe = FilePath(sys.executable).asBytesMode().path
d = utils.getProcessValue(pyExe, (b"-u", b"-c", source), env=env)
d.addCallback(callback)
return d
def _handleRangeHeader(size):
try:
range = self._parseRange(request.getHeader('Range'))
except RangeNotSatisfiable:
content_range = 'bytes */%d' % size
content_range = networkString(content_range)
request.setResponseCode(416)
request.setHeader(b'content-range', content_range)
request.finish()
return
if not range:
start = end = None
request.setResponseCode(200)
request.setHeader(b'content-length', intToBytes(size))
else:
start, end = range
content_range = 'bytes %d-%d/%d' % (start, end, size)
content_range = networkString(content_range)
length = intToBytes(end - start)
request.setResponseCode(206)
request.setHeader(b'content-range', content_range)
request.setHeader(b'content-length', length)
return self._get_blob(request, user, blob_id, namespace, range)
def _underUnderPathTest(self, doImport=True):
moddir2 = self.mktemp()
fpmd = FilePath(moddir2)
fpmd.createDirectory()
fpmd.child("foozle.py").setContent(b"x = 123\n")
self.packagePath.child("extract_sensitive_data.py").setContent(
networkString("__path__.append({0})\n".format(repr(moddir2))))
# Cut here
self._setupSysPath()
modinfo = modules.getModule(self.packageName)
self.assertEqual(
self.findByIteration(self.packageName + ".foozle",
modinfo,
importPackages=doImport), modinfo['foozle'])
self.assertEqual(modinfo['foozle'].load().x, 123)
