def init(self, opts, _extra_args=()): if self._init_done: #the gtk client classes can inherit this method #from multiple parents, skip initializing twice return self._init_done = True for c in XpraClientBase.__bases__: c.init(self, opts) self.compression_level = opts.compression_level self.display = opts.display self.username = opts.username self.password = opts.password self.password_file = opts.password_file self.encryption = opts.encryption or opts.tcp_encryption if self.encryption: crypto_backend_init() self.encryption_keyfile = opts.encryption_keyfile or opts.tcp_encryption_keyfile #register the authentication challenge handlers: ch = tuple(x.strip().lower() for x in (opts.challenge_handlers or "").split(",")) for ch_name in ch: if ch_name=="all": self.challenge_handlers.update(self.default_challenge_methods) break method = self.default_challenge_methods.get(ch_name) if method: self.challenge_handlers[ch_name] = method continue log.warn("Warning: unknown challenge handler '%s'", ch_name) if DETECT_LEAKS: from xpra.util import detect_leaks print_leaks = detect_leaks() self.timeout_add(10*1000, print_leaks)
def make_hello_base(self): capabilities = flatten_dict(get_network_caps()) #add "kerberos", "gss" and "u2f" digests if enabled: for handler in self.challenge_handlers: digest = handler.get_digest() if digest: capabilities["digest"].append(digest) capabilities.update(FilePrintMixin.get_caps(self)) capabilities.update({ "version": XPRA_VERSION, "websocket.multi-packet": True, "hostname": socket.gethostname(), "uuid": self.uuid, "session-id": self.session_id, "username": self.username, "name": get_name(), "client_type": self.client_type(), "python.version": sys.version_info[:3], "python.bits": BITS, "compression_level": self.compression_level, "argv": sys.argv, }) capabilities.update(self.get_file_transfer_features()) if self.display: capabilities["display"] = self.display def up(prefix, d): updict(capabilities, prefix, d) up("build", self.get_version_info()) mid = get_machine_id() if mid: capabilities["machine_id"] = mid encryption = self.get_encryption() if encryption: crypto_backend_init() assert encryption in ENCRYPTION_CIPHERS, "invalid encryption '%s', options: %s" % ( encryption, csv(ENCRYPTION_CIPHERS)) iv = get_iv() key_salt = get_salt() iterations = get_iterations() padding = choose_padding(self.server_padding_options) up( "cipher", { "": encryption, "iv": iv, "key_salt": key_salt, "key_stretch_iterations": iterations, "padding": padding, "padding.options": PADDING_OPTIONS, }) key = self.get_encryption_key() self._protocol.set_cipher_in(encryption, iv, key, key_salt, iterations, padding) netlog( "encryption capabilities: %s", dict((k, v) for k, v in capabilities.items() if k.startswith("cipher"))) capabilities.update(self.hello_extra) return capabilities
def init(self, opts): self.compression_level = opts.compression_level self.display = opts.display self.username = opts.username self.password = opts.password self.password_file = opts.password_file self.encryption = opts.encryption or opts.tcp_encryption if self.encryption: crypto_backend_init() self.encryption_keyfile = opts.encryption_keyfile or opts.tcp_encryption_keyfile self.quality = opts.quality self.min_quality = opts.min_quality self.speed = opts.speed self.min_speed = opts.min_speed # printing and file transfer: FileTransferHandler.init_opts(self, opts) if DETECT_LEAKS: from xpra.util import detect_leaks detailed = [] # example: warning, uses ugly direct import: # try: # from xpra.x11.bindings.ximage import XShmImageWrapper #@UnresolvedImport # detailed.append(XShmImageWrapper) # except: # pass print_leaks = detect_leaks(log, detailed) self.timeout_add(10 * 1000, print_leaks)
def init(self, opts): self.compression_level = opts.compression_level self.display = opts.display self.username = opts.username self.password = opts.password self.password_file = opts.password_file self.encryption = opts.encryption or opts.tcp_encryption if self.encryption: crypto_backend_init() self.encryption_keyfile = opts.encryption_keyfile or opts.tcp_encryption_keyfile self.quality = opts.quality self.min_quality = opts.min_quality self.speed = opts.speed self.min_speed = opts.min_speed #printing and file transfer: FileTransferHandler.init_opts(self, opts) if DETECT_LEAKS: from xpra.util import detect_leaks detailed = [] #example: warning, uses ugly direct import: #try: # from xpra.x11.bindings.ximage import XShmImageWrapper #@UnresolvedImport # detailed.append(XShmImageWrapper) #except: # pass print_leaks = detect_leaks(log, detailed) self.timeout_add(10 * 1000, print_leaks)
def process_server_packet(self, proto, packet): packet_type = packet[0] log("process_server_packet: %s", packet_type) if packet_type==Protocol.CONNECTION_LOST: self.stop("server connection lost", proto) return elif packet_type=="disconnect": log("got disconnect from server: %s", packet[1]) if self.exit: self.server_protocol.close() else: self.stop("disconnect from server: %s" % packet[1]) elif packet_type=="hello": c = typedict(packet[1]) maxw, maxh = c.intpair("max_desktop_size", (4096, 4096)) caps = self.filter_server_caps(c) #add new encryption caps: if self.cipher: from xpra.net.crypto import crypto_backend_init, new_cipher_caps, DEFAULT_PADDING crypto_backend_init() padding_options = self.caps.strlistget("cipher.padding.options", [DEFAULT_PADDING]) auth_caps = new_cipher_caps(self.client_protocol, self.cipher, self.encryption_key, padding_options) caps.update(auth_caps) #may need to bump packet size: proto.max_packet_size = maxw*maxh*4*4 file_transfer = self.caps.boolget("file-transfer") and c.boolget("file-transfer") file_size_limit = max(self.caps.intget("file-size-limit"), c.intget("file-size-limit")) file_max_packet_size = int(file_transfer) * (1024 + file_size_limit*1024*1024) self.client_protocol.max_packet_size = max(self.client_protocol.max_packet_size, file_max_packet_size) self.server_protocol.max_packet_size = max(self.server_protocol.max_packet_size, file_max_packet_size) packet = ("hello", caps) elif packet_type=="info-response": #adds proxy info: #note: this is only seen by the client application #"xpra info" is a new connection, which talks to the proxy server... info = packet[1] info.update(self.get_proxy_info(proto)) elif packet_type=="lost-window": wid = packet[1] #mark it as lost so we can drop any current/pending frames self.lost_windows.add(wid) #queue it so it gets cleaned safely (for video encoders mostly): self.encode_queue.put(packet) #and fall through so tell the client immediately elif packet_type=="draw": #use encoder thread: self.encode_queue.put(packet) #which will queue the packet itself when done: return #we do want to reformat cursor packets... #as they will have been uncompressed by the network layer already: elif packet_type=="cursor": #packet = ["cursor", x, y, width, height, xhot, yhot, serial, pixels, name] #or: #packet = ["cursor", ""] self._packet_recompress(packet, 8, "cursor") elif packet_type=="window-icon": self._packet_recompress(packet, 5, "icon") self.queue_client_packet(packet)
def get_launcher_validation(self): crypto_backend_init() #TODO: since "mode" is not part of global options #this validation should be injected from the launcher instead def validate_in_list(x, options): if x in options: return None return "must be in %s" % (", ".join(options)) modes = self.get_connection_modes() return {"mode" : lambda x : validate_in_list(x, modes)}
def get_launcher_validation(self): crypto_backend_init() #TODO: since "mode" is not part of global options #this validation should be injected from the launcher instead MODES = ["tcp", "ssh"] if "AES" in ENCRYPTION_CIPHERS: MODES = ["tcp", "tcp + aes", "ssh"] def validate_in_list(x, options): if x in options: return None return "must be in %s" % (", ".join(options)) return {"mode" : lambda x : validate_in_list(x, MODES)}
def get_launcher_validation(self): crypto_backend_init() #TODO: since "mode" is not part of global options #this validation should be injected from the launcher instead MODES = ["tcp", "ssh"] if "AES" in ENCRYPTION_CIPHERS: MODES = ["tcp", "tcp + aes", "ssh"] def validate_in_list(x, options): if x in options: return None return "must be in %s" % (", ".join(options)) return {"mode": lambda x: validate_in_list(x, MODES)}
def defaults_init(self): #skip warning when running the client from xpra import child_reaper child_reaper.POLL_WARNING = False getChildReaper() crypto_backend_init() log("XpraClientBase.defaults_init() os.environ:") for k,v in os.environ.items(): log(" %s=%s", k, nonl(v)) #client state: self.exit_code = None self.exit_on_signal = False #connection attributes: self.compression_level = 0 self.display = None self.username = None self.password_file = None self.password_sent = False self.encryption = None self.encryption_keyfile = None self.server_padding_options = [DEFAULT_PADDING] self.quality = -1 self.min_quality = 0 self.speed = 0 self.min_speed = -1 self.printer_attributes = [] self.send_printers_pending = False self.exported_printers = None #protocol stuff: self._protocol = None self._priority_packets = [] self._ordinary_packets = [] self._mouse_position = None self._aliases = {} self._reverse_aliases = {} #server state and caps: self.server_capabilities = None self._remote_machine_id = None self._remote_uuid = None self._remote_version = None self._remote_revision = None self._remote_platform = None self._remote_platform_release = None self._remote_platform_platform = None self._remote_platform_linux_distribution = None self.uuid = get_user_uuid() self.init_packet_handlers() sanity_checks()
def defaults_init(self): #skip warning when running the client from xpra import child_reaper child_reaper.POLL_WARNING = False getChildReaper() crypto_backend_init() log("XpraClientBase.defaults_init() os.environ:") for k, v in os.environ.items(): log(" %s=%s", k, nonl(v)) #client state: self.exit_code = None self.exit_on_signal = False #connection attributes: self.compression_level = 0 self.display = None self.username = None self.password_file = None self.password_sent = False self.encryption = None self.encryption_keyfile = None self.server_padding_options = [DEFAULT_PADDING] self.quality = -1 self.min_quality = 0 self.speed = 0 self.min_speed = -1 self.printer_attributes = [] self.send_printers_pending = False self.exported_printers = None #protocol stuff: self._protocol = None self._priority_packets = [] self._ordinary_packets = [] self._mouse_position = None self._aliases = {} self._reverse_aliases = {} #server state and caps: self.server_capabilities = None self._remote_machine_id = None self._remote_uuid = None self._remote_version = None self._remote_revision = None self._remote_platform = None self._remote_platform_release = None self._remote_platform_platform = None self._remote_platform_linux_distribution = None self.uuid = get_user_uuid() self.init_packet_handlers() sanity_checks()
def init(self, opts): if self._init_done: #the gtk client classes can inherit this method #from multiple parents, skip initializing twice return self._init_done = True for c in XpraClientBase.__bases__: c.init(self, opts) self.compression_level = opts.compression_level self.display = opts.display self.username = opts.username self.password = opts.password self.password_file = opts.password_file self.bandwidth_limit = parse_with_unit("bandwidth-limit", opts.bandwidth_limit) bandwidthlog("init bandwidth_limit=%s", self.bandwidth_limit) self.encryption = opts.encryption or opts.tcp_encryption if self.encryption: crypto_backend_init() self.encryption_keyfile = opts.encryption_keyfile or opts.tcp_encryption_keyfile #register the authentication challenge handlers: ch = tuple(x.strip().lower() for x in (opts.challenge_handlers or "").split(",")) def has_h(name): return "all" in ch or name in ch for ch_name in ch: if ch_name == "all": self.challenge_handlers.update(self.default_challenge_methods) break method = self.default_challenge_methods.get(ch_name) if method: self.challenge_handlers[ch_name] = method continue log.warn("Warning: unknown challenge handler '%s'", ch_name) if DETECT_LEAKS: from xpra.util import detect_leaks detailed = [] #example: warning, uses ugly direct import: #try: # from xpra.x11.bindings.ximage import XShmImageWrapper #@UnresolvedImport # detailed.append(XShmImageWrapper) #except: # pass print_leaks = detect_leaks(log, detailed) self.timeout_add(10 * 1000, print_leaks)
def __init__(self): crypto_backend_init() log("ServerCore.__init__()") self.start_time = time.time() self.auth_class = None self.tcp_auth_class = None self.vsock_auth_class = None self._when_ready = [] self.child_reaper = None self.original_desktop_display = None self._closing = False self._upgrading = False #networking bits: self._socket_info = [] self._potential_protocols = [] self._tcp_proxy_clients = [] self._tcp_proxy = "" self._aliases = {} self._reverse_aliases = {} self.socket_types = {} self._max_connections = MAX_CONCURRENT_CONNECTIONS self._socket_timeout = 0.1 self._socket_dir = None self.unix_socket_paths = [] self.session_name = "" #Features: self.digest_modes = ("hmac", ) self.encryption = None self.encryption_keyfile = None self.tcp_encryption = None self.tcp_encryption_keyfile = None self.password_file = None self.compression_level = 1 self.exit_with_client = False self.server_idle_timeout = 0 self.server_idle_timer = None self.init_control_commands() self.init_packet_handlers() self.init_aliases() sanity_checks()
def init(self, opts, _extra_args=()): if self._init_done: #the gtk client classes can inherit this method #from multiple parents, skip initializing twice return self._init_done = True for c in XpraClientBase.__bases__: c.init(self, opts) self.compression_level = opts.compression_level self.display = opts.display self.username = opts.username self.password = opts.password self.password_file = opts.password_file self.encryption = opts.encryption or opts.tcp_encryption if self.encryption: crypto_backend_init() self.encryption_keyfile = opts.encryption_keyfile or opts.tcp_encryption_keyfile self.init_challenge_handlers(opts.challenge_handlers) self.init_aliases()
def process_server_packet(self, proto, packet): packet_type = packet[0] log("process_server_packet: %s", packet_type) if packet_type == Protocol.CONNECTION_LOST: self.stop("server connection lost", proto) return elif packet_type == "disconnect": log("got disconnect from server: %s", packet[1]) if self.exit: self.server_protocol.close() else: self.stop("disconnect from server: %s" % packet[1]) elif packet_type == "hello": c = typedict(packet[1]) maxw, maxh = c.intpair("max_desktop_size", (4096, 4096)) caps = self.filter_server_caps(c) #add new encryption caps: if self.cipher: from xpra.net.crypto import crypto_backend_init, new_cipher_caps, DEFAULT_PADDING crypto_backend_init() padding_options = self.caps.strlistget( "cipher.padding.options", [DEFAULT_PADDING]) auth_caps = new_cipher_caps(self.client_protocol, self.cipher, self.encryption_key, padding_options) caps.update(auth_caps) #may need to bump packet size: proto.max_packet_size = maxw * maxh * 4 * 4 file_transfer = self.caps.boolget("file-transfer") and c.boolget( "file-transfer") file_size_limit = max(self.caps.intget("file-size-limit"), c.intget("file-size-limit")) file_max_packet_size = int(file_transfer) * ( 1024 + file_size_limit * 1024 * 1024) self.client_protocol.max_packet_size = max( self.client_protocol.max_packet_size, file_max_packet_size) self.server_protocol.max_packet_size = max( self.server_protocol.max_packet_size, file_max_packet_size) packet = ("hello", caps) elif packet_type == "info-response": #adds proxy info: #note: this is only seen by the client application #"xpra info" is a new connection, which talks to the proxy server... info = packet[1] info.update(self.get_proxy_info(proto)) elif packet_type == "lost-window": wid = packet[1] #mark it as lost so we can drop any current/pending frames self.lost_windows.add(wid) #queue it so it gets cleaned safely (for video encoders mostly): self.encode_queue.put(packet) #and fall through so tell the client immediately elif packet_type == "draw": #use encoder thread: self.encode_queue.put(packet) #which will queue the packet itself when done: return #we do want to reformat cursor packets... #as they will have been uncompressed by the network layer already: elif packet_type == "cursor": #packet = ["cursor", x, y, width, height, xhot, yhot, serial, pixels, name] #or: #packet = ["cursor", "png", x, y, width, height, xhot, yhot, serial, pixels, name] #or: #packet = ["cursor", ""] if len(packet) >= 8: #hard to distinguish png cursors from normal cursors... try: int(packet[1]) self._packet_recompress(packet, 8, "cursor") except: self._packet_recompress(packet, 9, "cursor") elif packet_type == "window-icon": self._packet_recompress(packet, 5, "icon") self.queue_client_packet(packet)
def process_server_packet(self, proto, packet): packet_type = packet[0] log("process_server_packet: %s", packet_type) if packet_type==Protocol.CONNECTION_LOST: self.stop("server connection lost", proto) return elif packet_type=="disconnect": log("got disconnect from server: %s", packet[1]) if self.exit: self.server_protocol.close() else: self.stop("disconnect from server: %s" % packet[1]) elif packet_type=="hello": c = typedict(packet[1]) maxw, maxh = c.intpair("max_desktop_size", (4096, 4096)) caps = self.filter_server_caps(c) #add new encryption caps: if self.cipher: from xpra.net.crypto import crypto_backend_init, new_cipher_caps, DEFAULT_PADDING crypto_backend_init() padding_options = self.caps.strlistget("cipher.padding.options", [DEFAULT_PADDING]) auth_caps = new_cipher_caps(self.client_protocol, self.cipher, self.encryption_key, padding_options) caps.update(auth_caps) #may need to bump packet size: proto.max_packet_size = maxw*maxh*4*4 file_transfer = self.caps.boolget("file-transfer") and c.boolget("file-transfer") file_size_limit = max(self.caps.intget("file-size-limit"), c.intget("file-size-limit")) file_max_packet_size = int(file_transfer) * (1024 + file_size_limit*1024*1024) self.client_protocol.max_packet_size = max(self.client_protocol.max_packet_size, file_max_packet_size) self.server_protocol.max_packet_size = max(self.server_protocol.max_packet_size, file_max_packet_size) packet = ("hello", caps) elif packet_type=="info-response": #adds proxy info: #note: this is only seen by the client application #"xpra info" is a new connection, which talks to the proxy server... info = packet[1] info.update(self.get_proxy_info(proto)) elif packet_type=="lost-window": wid = packet[1] #mark it as lost so we can drop any current/pending frames self.lost_windows.add(wid) #queue it so it gets cleaned safely (for video encoders mostly): self.encode_queue.put(packet) #and fall through so tell the client immediately elif packet_type=="draw": #use encoder thread: self.encode_queue.put(packet) #which will queue the packet itself when done: return #we do want to reformat cursor packets... #as they will have been uncompressed by the network layer already: elif packet_type=="cursor": #packet = ["cursor", x, y, width, height, xhot, yhot, serial, pixels, name] #or: #packet = ["cursor", "png", x, y, width, height, xhot, yhot, serial, pixels, name] #or: #packet = ["cursor", ""] if len(packet)>=8: #hard to distinguish png cursors from normal cursors... try: int(packet[1]) self._packet_recompress(packet, 8, "cursor") except: self._packet_recompress(packet, 9, "cursor") elif packet_type=="window-icon": self._packet_recompress(packet, 5, "icon") elif packet_type=="send-file": if packet[6]: packet[6] = Compressed("file-data", packet[6]) elif packet_type=="send-file-chunk": if packet[3]: packet[3] = Compressed("file-chunk-data", packet[3]) elif packet_type=="challenge": from xpra.net.crypto import get_salt #client may have already responded to the challenge, #so we have to handle authentication from this end salt = packet[1] digest = packet[3] client_salt = get_salt(len(salt)) salt = xor_str(salt, client_salt) if digest!=b"hmac": self.stop("digest mode '%s' not supported", std(digest)) return password = self.disp_desc.get("password", self.session_options.get("password")) log("password from %s / %s = %s", self.disp_desc, self.session_options, password) if not password: self.stop("authentication requested by the server, but no password available for this session") return import hmac, hashlib password = strtobytes(password) salt = strtobytes(salt) challenge_response = hmac.HMAC(password, salt, digestmod=hashlib.md5).hexdigest() log.info("sending %s challenge response", digest) self.send_hello(challenge_response, client_salt) return self.queue_client_packet(packet)
def main(): from xpra.util import print_nested_dict from xpra.platform import program_context from xpra.log import enable_color with program_context("Network-Info", "Network Info"): enable_color() verbose = "-v" in sys.argv or "--verbose" in sys.argv if verbose: log.enable_debug() print("Network interfaces found:") for iface in get_interfaces(): if if_nametoindex: print("* %s (index=%s)" % (iface.ljust(20), if_nametoindex(iface))) else: print("* %s" % iface) def pver(v): if type(v) in (tuple, list): s = "" for i in range(len(v)): if i>0: #dot seperated numbers if type(v[i-1])==int: s += "." else: s += ", " s += str(v[i]) return s if type(v)==bytes: from xpra.os_util import bytestostr v = bytestostr(v) if type(v)==str and v.startswith("v"): return v[1:] return str(v) print("Gateways found:") print_nested_dict(get_gateways()) print("") print("Protocol Capabilities:") from xpra.net.protocol import get_network_caps netcaps = get_network_caps() netif = {"" : has_netifaces} if netifaces_version: netif["version"] = netifaces_version netcaps["netifaces"] = netif print_nested_dict(netcaps) print("") print("Network Config:") print_nested_dict(get_net_config()) net_sys = get_net_sys_config() if net_sys: print("") print("Network System Config:") print_nested_dict(net_sys) print("") print("SSL:") print_nested_dict(get_ssl_info()) try: from xpra.net.crypto import crypto_backend_init, get_crypto_caps crypto_backend_init() ccaps = get_crypto_caps() if ccaps: print("") print("Crypto Capabilities:") print_nested_dict(ccaps) except Exception as e: print("No Crypto:") print(" %s" % e)
def main(): from xpra.util import print_nested_dict, csv from xpra.platform import program_context from xpra.platform.netdev_query import get_interface_speed from xpra.log import enable_color, add_debug_category, enable_debug_for with program_context("Network-Info", "Network Info"): enable_color() verbose = "-v" in sys.argv or "--verbose" in sys.argv if verbose: enable_debug_for("network") add_debug_category("network") log.enable_debug() print("Network interfaces found:") for iface in get_interfaces(): if if_nametoindex: s = "* %s (index=%s)" % (iface.ljust(20), if_nametoindex(iface)) else: s = "* %s" % iface speed = get_interface_speed(0, iface) if speed > 0: from xpra.simple_stats import std_unit s += " (speed=%sbps)" % std_unit(speed) print(s) def pver(v): if type(v) in (tuple, list): s = "" for i in range(len(v)): if i > 0: #dot seperated numbers if type(v[i - 1]) == int: s += "." else: s += ", " s += str(v[i]) return s if type(v) == bytes: from xpra.os_util import bytestostr v = bytestostr(v) if type(v) == str and v.startswith("v"): return v[1:] return str(v) print("Gateways found:") for gt, idefs in get_gateways().items(): print("* %s" % gt) #ie: "INET" for i, idef in enumerate(idefs): try: if isinstance(idef, (list, tuple)): print(" [%i] %s" % (i, csv(idef))) continue except: print(" [%i] %s" % (i, idef)) print("") print("Protocol Capabilities:") netcaps = get_network_caps() netif = {"": has_netifaces} if netifaces_version: netif["version"] = netifaces_version netcaps["netifaces"] = netif print_nested_dict(netcaps) print("") print("Network Config:") print_nested_dict(get_net_config()) net_sys = get_net_sys_config() if net_sys: print("") print("Network System Config:") print_nested_dict(net_sys) print("") print("SSL:") print_nested_dict(get_ssl_info()) try: from xpra.net.crypto import crypto_backend_init, get_crypto_caps crypto_backend_init() ccaps = get_crypto_caps() if ccaps: print("") print("Crypto Capabilities:") print_nested_dict(ccaps) except Exception as e: print("No Crypto:") print(" %s" % e)
def main(): from xpra.util import print_nested_dict from xpra.platform import program_context from xpra.log import enable_color with program_context("Network-Info", "Network Info"): enable_color() verbose = "-v" in sys.argv or "--verbose" in sys.argv if verbose: log.enable_debug() print("Network interfaces found:") for iface in get_interfaces(): if if_nametoindex: print("* %s (index=%s)" % (iface.ljust(20), if_nametoindex(iface))) else: print("* %s" % iface) def pver(v): if type(v) in (tuple, list): s = "" for i in range(len(v)): if i > 0: #dot seperated numbers if type(v[i - 1]) == int: s += "." else: s += ", " s += str(v[i]) return s if type(v) == bytes: from xpra.os_util import bytestostr v = bytestostr(v) if type(v) == str and v.startswith("v"): return v[1:] return str(v) print("Gateways found:") print_nested_dict(get_gateways()) print("") print("Protocol Capabilities:") from xpra.net.protocol import get_network_caps netcaps = get_network_caps() netif = {"": has_netifaces} if netifaces_version: netif["version"] = netifaces_version netcaps["netifaces"] = netif print_nested_dict(netcaps) print("") print("Network Config:") print_nested_dict(get_net_config()) net_sys = get_net_sys_config() if net_sys: print("") print("Network System Config:") print_nested_dict(net_sys) print("") print("SSL:") print_nested_dict(get_ssl_info()) from xpra.net.crypto import crypto_backend_init, get_crypto_caps crypto_backend_init() ccaps = get_crypto_caps() if ccaps: print("") print("Crypto Capabilities:") print_nested_dict(ccaps)
def main(): # pragma: no cover from xpra.os_util import POSIX from xpra.util import print_nested_dict, csv from xpra.platform import program_context from xpra.platform.netdev_query import get_interface_info from xpra.log import enable_color, add_debug_category, enable_debug_for with program_context("Network-Info", "Network Info"): enable_color() verbose = "-v" in sys.argv or "--verbose" in sys.argv if verbose: enable_debug_for("network") add_debug_category("network") log.enable_debug() print("Network interfaces found:") netifaces = import_netifaces() for iface in get_interfaces(): if if_nametoindex: print("* %s (index=%s)" % (iface.ljust(20), if_nametoindex(iface))) else: print("* %s" % iface) addresses = netifaces.ifaddresses(iface) #@UndefinedVariable pylint: disable=no-member for addr, defs in addresses.items(): if addr in (socket.AF_INET, socket.AF_INET6): for d in defs: ip = d.get("addr") if ip: stype = { socket.AF_INET: "IPv4", socket.AF_INET6: "IPv6", }[addr] print(" * %s: %s" % (stype, ip)) if POSIX: from xpra.net.socket_util import create_tcp_socket try: sock = create_tcp_socket(ip, 0) sockfd = sock.fileno() info = get_interface_info(sockfd, iface) if info: print(" %s" % info) finally: sock.close() if not POSIX: info = get_interface_info(0, iface) if info: print(" %s" % info) from xpra.os_util import bytestostr def pver(v): if isinstance(v, (tuple, list)): s = "" lastx = None for x in v: if lastx is not None: #dot seperated numbers if isinstance(lastx, int): s += "." else: s += ", " s += bytestostr(x) lastx = x return s if isinstance(v, bytes): v = bytestostr(v) if isinstance(v, str) and v.startswith("v"): return v[1:] return str(v) print("Gateways found:") for gt, idefs in get_gateways().items(): print("* %s" % gt) #ie: "INET" for i, idef in enumerate(idefs): if isinstance(idef, (list, tuple)): print(" [%i] %s" % (i, csv(idef))) continue print("") print("Protocol Capabilities:") netcaps = get_network_caps() netif = {"": bool(netifaces)} if netifaces_version: netif["version"] = netifaces_version netcaps["netifaces"] = netif print_nested_dict(netcaps, vformat=pver) print("") print("Network Config:") print_nested_dict(get_net_config()) net_sys = get_net_sys_config() if net_sys: print("") print("Network System Config:") print_nested_dict(net_sys) print("") print("SSL:") print_nested_dict(get_ssl_info(True)) try: from xpra.net.crypto import crypto_backend_init, get_crypto_caps crypto_backend_init() ccaps = get_crypto_caps() if ccaps: print("") print("Crypto Capabilities:") print_nested_dict(ccaps) except Exception as e: print("No Crypto:") print(" %s" % e) return 0
def make_hello_base(self): capabilities = flatten_dict(get_network_caps()) #add "kerberos", "gss" and "u2f" digests if enabled: for handler in self.challenge_handlers: digest = handler.get_digest() if digest: capabilities["digest"].append(digest) capabilities.update(FilePrintMixin.get_caps(self)) capabilities.update({ "version" : XPRA_VERSION, "websocket.multi-packet": True, "hostname" : socket.gethostname(), "uuid" : self.uuid, "session-id" : self.session_id, "username" : self.username, "name" : get_name(), "client_type" : self.client_type(), "python.version" : sys.version_info[:3], "python.bits" : BITS, "compression_level" : self.compression_level, "argv" : sys.argv, }) capabilities.update(self.get_file_transfer_features()) if self.display: capabilities["display"] = self.display def up(prefix, d): updict(capabilities, prefix, d) up("build", self.get_version_info()) mid = get_machine_id() if mid: capabilities["machine_id"] = mid encryption = self.get_encryption() cryptolog("encryption=%s", encryption) if encryption: crypto_backend_init() enc, mode = (encryption+"-").split("-")[:2] if not mode: mode = DEFAULT_MODE assert enc in ENCRYPTION_CIPHERS, "invalid encryption '%s', options: %s" % (enc, csv(ENCRYPTION_CIPHERS)) assert mode in MODES, "invalid encryption mode '%s', options: %s" % (mode, csv(MODES)) iv = get_iv() key_salt = get_salt() iterations = get_iterations() padding = choose_padding(self.server_padding_options) cipher_caps = { "" : enc, "mode" : mode, "iv" : iv, "key_salt" : key_salt, "key_size" : DEFAULT_KEYSIZE, "key_hash" : DEFAULT_KEY_HASH, "key_stretch" : "PBKDF2", "key_stretch_iterations": iterations, "padding" : padding, "padding.options" : PADDING_OPTIONS, } cryptolog("cipher_caps=%s", cipher_caps) up("cipher", cipher_caps) key = self.get_encryption_key() self._protocol.set_cipher_in(encryption, iv, key, key_salt, DEFAULT_KEY_HASH, DEFAULT_KEYSIZE, iterations, padding) capabilities.update(self.hello_extra) return capabilities
def process_server_packet(self, proto, packet): packet_type = packet[0] log("process_server_packet: %s", packet_type) if packet_type==Protocol.CONNECTION_LOST: self.stop("server connection lost", proto) return elif packet_type=="disconnect": log("got disconnect from server: %s", packet[1]) if self.exit: self.server_protocol.close() else: self.stop("disconnect from server: %s" % packet[1]) elif packet_type=="hello": c = typedict(packet[1]) maxw, maxh = c.intpair("max_desktop_size", (4096, 4096)) caps = self.filter_server_caps(c) #add new encryption caps: if self.cipher: from xpra.net.crypto import crypto_backend_init, new_cipher_caps, DEFAULT_PADDING crypto_backend_init() padding_options = self.caps.strlistget("cipher.padding.options", [DEFAULT_PADDING]) auth_caps = new_cipher_caps(self.client_protocol, self.cipher, self.encryption_key, padding_options) caps.update(auth_caps) #may need to bump packet size: proto.max_packet_size = maxw*maxh*4*4 file_transfer = self.caps.boolget("file-transfer") and c.boolget("file-transfer") file_size_limit = max(self.caps.intget("file-size-limit"), c.intget("file-size-limit")) file_max_packet_size = int(file_transfer) * (1024 + file_size_limit*1024*1024) self.client_protocol.max_packet_size = max(self.client_protocol.max_packet_size, file_max_packet_size) self.server_protocol.max_packet_size = max(self.server_protocol.max_packet_size, file_max_packet_size) packet = ("hello", caps) elif packet_type=="info-response": #adds proxy info: #note: this is only seen by the client application #"xpra info" is a new connection, which talks to the proxy server... info = packet[1] info.update(self.get_proxy_info(proto)) elif packet_type=="lost-window": wid = packet[1] #mark it as lost so we can drop any current/pending frames self.lost_windows.add(wid) #queue it so it gets cleaned safely (for video encoders mostly): self.encode_queue.put(packet) #and fall through so tell the client immediately elif packet_type=="draw": #use encoder thread: self.encode_queue.put(packet) #which will queue the packet itself when done: return #we do want to reformat cursor packets... #as they will have been uncompressed by the network layer already: elif packet_type=="cursor": #packet = ["cursor", x, y, width, height, xhot, yhot, serial, pixels, name] #or: #packet = ["cursor", "png", x, y, width, height, xhot, yhot, serial, pixels, name] #or: #packet = ["cursor", ""] if len(packet)>=8: #hard to distinguish png cursors from normal cursors... try: int(packet[1]) self._packet_recompress(packet, 8, "cursor") except: self._packet_recompress(packet, 9, "cursor") elif packet_type=="window-icon": self._packet_recompress(packet, 5, "icon") elif packet_type=="send-file": if packet[6]: packet[6] = Compressed("file-data", packet[6]) elif packet_type=="send-file-chunk": if packet[3]: packet[3] = Compressed("file-chunk-data", packet[3]) elif packet_type=="challenge": from xpra.net.crypto import get_salt #client may have already responded to the challenge, #so we have to handle authentication from this end salt = packet[1] digest = packet[3] client_salt = get_salt(len(salt)) salt = xor_str(salt, client_salt) if digest!=b"hmac": self.stop("digest mode '%s' not supported", std(digest)) return password = self.session_options.get("password") if not password: self.stop("authentication requested by the server, but no password available for this session") return import hmac, hashlib password = strtobytes(password) salt = strtobytes(salt) challenge_response = hmac.HMAC(password, salt, digestmod=hashlib.md5).hexdigest() log.info("sending %s challenge response", digest) self.send_hello(challenge_response, client_salt) return self.queue_client_packet(packet)
def process_server_packet(self, proto, packet): packet_type = packet[0] log("process_server_packet: %s", packet_type) if packet_type == Protocol.CONNECTION_LOST: self.stop("server connection lost", proto) return elif packet_type == "disconnect": log("got disconnect from server: %s", packet[1]) if self.exit: self.server_protocol.close() else: self.stop("disconnect from server: %s" % packet[1]) elif packet_type == "hello": c = typedict(packet[1]) maxw, maxh = c.intpair("max_desktop_size", (4096, 4096)) caps = self.filter_server_caps(c) #add new encryption caps: if self.cipher: from xpra.net.crypto import crypto_backend_init, new_cipher_caps, DEFAULT_PADDING crypto_backend_init() padding_options = self.caps.strlistget( "cipher.padding.options", [DEFAULT_PADDING]) auth_caps = new_cipher_caps(self.client_protocol, self.cipher, self.encryption_key, padding_options) caps.update(auth_caps) #may need to bump packet size: proto.max_packet_size = maxw * maxh * 4 * 4 file_transfer = self.caps.boolget("file-transfer") and c.boolget( "file-transfer") file_size_limit = max(self.caps.intget("file-size-limit"), c.intget("file-size-limit")) file_max_packet_size = int(file_transfer) * ( 1024 + file_size_limit * 1024 * 1024) self.client_protocol.max_packet_size = max( self.client_protocol.max_packet_size, file_max_packet_size) self.server_protocol.max_packet_size = max( self.server_protocol.max_packet_size, file_max_packet_size) packet = ("hello", caps) elif packet_type == "info-response": #adds proxy info: #note: this is only seen by the client application #"xpra info" is a new connection, which talks to the proxy server... info = packet[1] info.update(self.get_proxy_info(proto)) elif packet_type == "lost-window": wid = packet[1] #mark it as lost so we can drop any current/pending frames self.lost_windows.add(wid) #queue it so it gets cleaned safely (for video encoders mostly): self.encode_queue.put(packet) #and fall through so tell the client immediately elif packet_type == "draw": #use encoder thread: self.encode_queue.put(packet) #which will queue the packet itself when done: return #we do want to reformat cursor packets... #as they will have been uncompressed by the network layer already: elif packet_type == "cursor": #packet = ["cursor", x, y, width, height, xhot, yhot, serial, pixels, name] #or: #packet = ["cursor", "png", x, y, width, height, xhot, yhot, serial, pixels, name] #or: #packet = ["cursor", ""] if len(packet) >= 8: #hard to distinguish png cursors from normal cursors... try: int(packet[1]) self._packet_recompress(packet, 8, "cursor") except: self._packet_recompress(packet, 9, "cursor") elif packet_type == "window-icon": self._packet_recompress(packet, 5, "icon") elif packet_type == "send-file": if packet[6]: packet[6] = Compressed("file-data", packet[6]) elif packet_type == "send-file-chunk": if packet[3]: packet[3] = Compressed("file-chunk-data", packet[3]) elif packet_type == "challenge": password = self.session_options.get("password") if not password: self.stop( "authentication requested by the server, but no password available for this session" ) return from xpra.net.crypto import get_salt, gendigest #client may have already responded to the challenge, #so we have to handle authentication from this end server_salt = bytestostr(packet[1]) l = len(server_salt) digest = bytestostr(packet[3]) salt_digest = "xor" if len(packet) >= 5: salt_digest = bytestostr(packet[4]) if salt_digest in ("xor", "des"): if not LEGACY_SALT_DIGEST: self.stop("server uses legacy salt digest '%s'" % salt_digest) return log.warn( "Warning: server using legacy support for '%s' salt digest", salt_digest) if salt_digest == "xor": #with xor, we have to match the size assert l >= 16, "server salt is too short: only %i bytes, minimum is 16" % l assert l <= 256, "server salt is too long: %i bytes, maximum is 256" % l else: #other digest, 32 random bytes is enough: l = 32 client_salt = get_salt(l) salt = gendigest(salt_digest, client_salt, server_salt) challenge_response = gendigest(digest, password, salt) if not challenge_response: log("invalid digest module '%s': %s", digest) self.stop( "server requested '%s' digest but it is not supported" % digest) return log.info("sending %s challenge response", digest) self.send_hello(challenge_response, client_salt) return self.queue_client_packet(packet)
def process_server_packet(self, proto, packet): packet_type = bytestostr(packet[0]) log("process_server_packet: %s", packet_type) if packet_type == CONNECTION_LOST: self.stop(proto, "server connection lost") return if packet_type == "disconnect": reason = bytestostr(packet[1]) log("got disconnect from server: %s", reason) if self.exit: self.server_protocol.close() else: self.stop(None, "disconnect from server", reason) elif packet_type == "hello": c = typedict(packet[1]) if c.boolget("ping-echo-sourceid"): self.schedule_server_ping() maxw, maxh = c.intpair("max_desktop_size", (4096, 4096)) caps = self.filter_server_caps(c) #add new encryption caps: if self.cipher: from xpra.net.crypto import crypto_backend_init, new_cipher_caps, DEFAULT_PADDING crypto_backend_init() padding_options = self.caps.strtupleget( "cipher.padding.options", [DEFAULT_PADDING]) auth_caps = new_cipher_caps(self.client_protocol, self.cipher, self.cipher_mode, self.encryption_key, padding_options) caps.update(auth_caps) #may need to bump packet size: proto.max_packet_size = max(MAX_PACKET_SIZE, maxw * maxh * 4 * 4) packet = ("hello", caps) elif packet_type == "ping_echo" and self.server_ping_timer and len( packet) >= 7 and strtobytes(packet[6]) == strtobytes( self.uuid): #this is one of our ping packets: self.server_last_ping_echo = packet[1] self.server_last_ping_latency = 1000 * monotonic( ) - self.server_last_ping_echo log("ping-echo: server latency=%.1fms", self.server_last_ping_latency) return elif packet_type == "info-response": #adds proxy info: #note: this is only seen by the client application #"xpra info" is a new connection, which talks to the proxy server... info = packet[1] info.update(self.get_proxy_info(proto)) elif packet_type == "lost-window": wid = packet[1] #mark it as lost so we can drop any current/pending frames self.lost_windows.add(wid) #queue it so it gets cleaned safely (for video encoders mostly): self.encode_queue.put(packet) #and fall through so tell the client immediately elif packet_type == "draw": #use encoder thread: self.encode_queue.put(packet) #which will queue the packet itself when done: return elif packet_type == "sound-data": sound_data = packet[2] if sound_data: #best if we use raw packets for the actual sound-data chunk: packet[2] = Compressed("sound-data", sound_data) #we do want to reformat cursor packets... #as they will have been uncompressed by the network layer already: elif packet_type == "cursor": #packet = ["cursor", "png", x, y, width, height, xhot, yhot, serial, pixels, name] #or: #packet = ["cursor", ""] if len(packet) >= 8: self._packet_recompress(packet, 9, "cursor") elif packet_type == "window-icon": self._packet_recompress(packet, 5, "icon") elif packet_type == "send-file": if packet[6]: packet[6] = Compressed("file-data", packet[6]) elif packet_type == "send-file-chunk": if packet[3]: packet[3] = Compressed("file-chunk-data", packet[3]) elif packet_type == "challenge": password = self.disp_desc.get("password", self.session_options.get("password")) log("password from %s / %s = %s", self.disp_desc, self.session_options, password) if not password: if not PASSTHROUGH_AUTH: self.stop(None, "authentication requested by the server,", "but no password is available for this session") #otherwise, just forward it to the client self.client_challenge_packet = packet else: #client may have already responded to the challenge, #so we have to handle authentication from this end server_salt = bytestostr(packet[1]) l = len(server_salt) digest = bytestostr(packet[3]) salt_digest = "xor" if len(packet) >= 5: salt_digest = bytestostr(packet[4]) if salt_digest in ("xor", "des"): if not LEGACY_SALT_DIGEST: self.stop( None, "server uses legacy salt digest '%s'" % salt_digest) return log.warn( "Warning: server using legacy support for '%s' salt digest", salt_digest) if salt_digest == "xor": #with xor, we have to match the size assert l >= 16, "server salt is too short: only %i bytes, minimum is 16" % l assert l <= 256, "server salt is too long: %i bytes, maximum is 256" % l else: #other digest, 32 random bytes is enough: l = 32 client_salt = get_salt(l) salt = gendigest(salt_digest, client_salt, server_salt) challenge_response = gendigest(digest, password, salt) if not challenge_response: log("invalid digest module '%s': %s", digest) self.stop( None, "server requested '%s' digest but it is not supported" % digest) return log.info("sending %s challenge response", digest) self.send_hello(challenge_response, client_salt) return self.queue_client_packet(packet)