def sockets():
"""
Spawn a looper which loops over socket data and creates
the sockets.
It should only ever loop over a maximum of two - standard (std)
and SSL (ssl).
This way we're able to detect incoming connection vectors and
handle them accordingly.
A dictionary of sockets is then returned to later be added to
the IOLoop.
"""
socks = {}
for s in ports():
try:
port = options.ssl_port if s == "ssl" else options.port
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.setblocking(0)
sock.bind((options.host, port))
sock.listen(5)
socks[s] = sock
except socket.error as e:
if e.errno == 13:
log.error("Permission denied, could not bind to %s:%s" %
(options.host, port))
else:
log.error(e)
sys.exit(1)
return socks
def set_options():
"""
Set our default options, overriding them as required i.e. for SSL.
Also outputs warning message when using Debug and Delay modes and is
responsible for warning about deprecated options.
"""
# Deprecated options check
opts.deprecated_opts()
if options.debug:
print("""WARNING: Using the debug flag!\n"""
"""This will generate a lots of disk I/O """
"""and large log files\n""")
if options.delay > 0:
print("""WARNING: Using the delay flag!\n"""
"""The delay flag is a blocking action """
"""and will cause connections to block.\n""")
if options.ssl and not ssl:
log.error("Unable to use SSL as SSL library is not compiled in")
sys.exit(1)
if options.ssl:
try:
verify_ssl_opts()
except BlackholeSSLException as e:
log.error(e)
sys.exit(1)
# Override SSL options based on options passed in
sslkwargs['keyfile'] = options.ssl_key
sslkwargs['certfile'] = options.ssl_cert
def sockets():
"""
Spawn a looper which loops over socket data and creates
the sockets.
It should only ever loop over a maximum of two - standard (std)
and SSL (ssl).
This way we're able to detect incoming connection vectors and
handle them accordingly.
A dictionary of sockets is then returned to later be added to
the IOLoop.
"""
socks = {}
for s in ports():
try:
port = options.ssl_port if s == "ssl" else options.port
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.setblocking(0)
sock.bind((options.host, port))
sock.listen(5)
socks[s] = sock
except socket.error as e:
if e.errno == 13:
log.error("Permission denied, could not bind to %s:%s" %
(options.host, port))
else:
log.error(e)
sys.exit(1)
return socks
def set_options():
"""
Set our default options, overriding them as required i.e. for SSL.
Also outputs warning message when using Debug and Delay modes and is
responsible for warning about deprecated options.
"""
# Deprecated options check
opts.deprecated_opts()
if options.debug:
print("""WARNING: Using the debug flag!\n"""
"""This will generate a lots of disk I/O """
"""and large log files\n""")
if options.delay > 0:
print("""WARNING: Using the delay flag!\n"""
"""The delay flag is a blocking action """
"""and will cause connections to block.\n""")
if options.ssl and not ssl:
log.error("Unable to use SSL as SSL library is not compiled in")
sys.exit(1)
if options.ssl:
try:
verify_ssl_opts()
except BlackholeSSLException as e:
log.error(e)
sys.exit(1)
# Override SSL options based on options passed in
sslkwargs['keyfile'] = options.ssl_key
sslkwargs['certfile'] = options.ssl_cert
def setuid():
"""
Change our existing user.
Used to drop from root privileges down to a less
privileged user
MUST be called AFTER setgid, not before.
"""
try:
os.setuid(pwd.getpwnam(options.user).pw_uid)
except KeyError:
log.error("User '%s' does not exist" % options.user)
sys.exit(1)
except OSError:
log.error("You do not have permission to switch to user '%s'" %
options.user)
sys.exit(1)
def setgid():
"""
Change our existing group.
Used to drop from root privileges down to a less
privileged group.
MUST be called BEFORE setuid, not after.
"""
try:
os.setgid(grp.getgrnam(options.group).gr_gid)
except KeyError:
log.error("Group '%s' does not exist" % options.group)
sys.exit(1)
except OSError:
log.error("You do not have permission to switch to group '%s'" %
options.group)
sys.exit(1)
def setuid():
"""
Change our existing user.
Used to drop from root privileges down to a less
privileged user
MUST be called AFTER setgid, not before.
"""
try:
os.setuid(pwd.getpwnam(options.user).pw_uid)
except KeyError:
log.error("User '%s' does not exist" % options.user)
sys.exit(1)
except OSError:
log.error("You do not have permission to switch to user '%s'"
% options.user)
sys.exit(1)
def setgid():
"""
Change our existing group.
Used to drop from root privileges down to a less
privileged group.
MUST be called BEFORE setuid, not after.
"""
try:
os.setgid(grp.getgrnam(options.group).gr_gid)
except KeyError:
log.error("Group '%s' does not exist" % options.group)
sys.exit(1)
except OSError:
log.error("You do not have permission to switch to group '%s'"
% options.group)
sys.exit(1)
def connection_stream(connection):
"""
Detect which socket the connection is being made on,
create and iostream for the connection, wrapping it
in SSL if connected over the SSL socket.
"""
if connection.getsockname()[1] == options.ssl_port and options.ssl:
try:
ssl_connection = ssl.wrap_socket(connection, **sslkwargs)
except (ssl.SSLError, socket.error), e:
if e.errno == ssl.SSL_ERROR_EOF or e.errno == errno.ECONNABORTED:
ssl_connection.close()
return
else:
raise
# Do a nasty blanket Exception until SSL exceptions are fully known
try:
return iostream.SSLIOStream(ssl_connection)
except Exception, e:
log.error(e)
ssl_connection.close()
return
