def handle_connection(sock: socket):
if not challenge_client(sock):
_print('Challenge failed')
gevent.sleep(2000)
sock.close()
return
_print('Challenge OK!')
sock = wrap_socket(sock, server_side=True, certfile='server.pem')
try:
code = read_code(sock)
stdin_fd, stdout_fd = pipe_socket(sock)
_print("Start executing received code in sandbox")
with execute_code_in_sandbox(code, stdin=stdin_fd, stdout=stdout_fd, stderr=None, max_cpu_time=2) as p:
retval = p.wait()
if retval == -24:
print("resource_limit_exceeded\n")
f.write(b'ERROR resource_limit_exceeded\n')
elif retval != 0:
print(f"Code execution returned ERROR {retval}\n")
else:
print(f"Code execution returned OK = {retval}\n")
except Exception as ex:
_print(traceback.format_exc())
sys.stdout.write(f"Exception: {type(ex).__name__}\n")
f.write(b'ERROR exception\n')
def check(self, url, host_info):
host_info[self.description()] = None
host_ip = socket.getaddrinfo(url, 443)[0][4][0]
try:
sock = socket.socket()
sock.connect((host_ip, 443))
except socket.error:
host_info["ssl checked"].set(True)
host_info[self.description()] = True
return True
try:
sock = ssl.wrap_socket(sock,
ca_certs="/etc/ssl/certs/ca-certificates.crt",
cert_reqs=ssl.CERT_NONE,
)
cert = sock.getpeercert()
except ssl.SSLError:
host_info["ssl checked"].set(True)
host_info[self.description()] = True
return True
host_info["ssl checked"].set(False)
host_info[self.description()] = False
return False
def _create_socket(self):
"""
Creates a new SSL enabled socket and sets its timeout.
"""
log.warning('No certificate check is performed for SSL connections')
s = super(SSL, self)._create_socket()
return wrap_socket(s)
def do_sendrecv(self):
buf = ''
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(sock)
self.ssl_sock = ssl_sock
ssl_sock.connect((self.host, self.port))
print 'conneted'
ssl_sock.send("USER abcd abcd abcd :abcd\r\n")
ssl_sock.send("NICK " + self.nick +"\r\n")
#ssl_sock.send("JOIN #teamnop\r\n")
while True:
result = ssl_sock.recv(4086)
if result.__len__() == 0 :
break
buf += result.replace('\r','')
while True:
nextpos = buf.find('\n')
if nextpos == -1:
break
parseinfo = parser.parser(buf[:nextpos])
try:
func = getattr( ircservice, 'on_' + parseinfo.get_command().lower())
func(self,*parseinfo.get_all())
except AttributeError:
pass
print parseinfo.get_command(), parseinfo.get_all()
buf = buf[nextpos+1:]
ssl_sock.close()
print 'closed'
def test_ssl_proxy(self):
fix_sslwrap()
self.test_input = "Hiya, this is a test".encode("utf-8")
keyfile = os.path.join(package_directory,
"templates/default/ssl/ssl.key")
certfile = os.path.join(package_directory,
"templates/default/ssl/ssl.crt")
mock_service = StreamServer(("127.0.0.1", 0),
self.echo_server,
keyfile=keyfile,
certfile=certfile)
gevent.spawn(mock_service.start)
gevent.sleep(1)
proxy = Proxy(
"proxy",
"127.0.0.1",
mock_service.server_port,
keyfile=keyfile,
certfile=certfile,
)
server = proxy.get_server("127.0.0.1", 0)
gevent.spawn(server.start)
gevent.sleep(1)
s = wrap_socket(socket(), keyfile=keyfile, certfile=certfile)
s.connect(("127.0.0.1", server.server_port))
s.sendall(self.test_input)
received = s.recv(len(self.test_input))
self.assertEqual(self.test_input, received)
mock_service.stop(1)
def __init__(self, *args, **kwargs):
Connection.__init__(self, *args, **kwargs)
self.connected_event = Event()
self._write_queue = Queue()
self._callbacks = {}
self._push_watchers = defaultdict(set)
sockerr = None
addresses = socket.getaddrinfo(self.host, self.port, socket.AF_UNSPEC, socket.SOCK_STREAM)
for (af, socktype, proto, canonname, sockaddr) in addresses:
try:
self._socket = socket.socket(af, socktype, proto)
if self.ssl_options:
self._socket = ssl.wrap_socket(self._socket, **self.ssl_options)
self._socket.settimeout(1.0)
self._socket.connect(sockaddr)
sockerr = None
break
except socket.error as err:
sockerr = err
if sockerr:
raise socket.error(sockerr.errno, "Tried connecting to %s. Last error: %s" % ([a[4] for a in addresses], sockerr.strerror))
if self.sockopts:
for args in self.sockopts:
self._socket.setsockopt(*args)
self._read_watcher = gevent.spawn(self.handle_read)
self._write_watcher = gevent.spawn(self.handle_write)
self._send_options_message()
def childproxy(conn, headers, conn_name='', serv_name=''):
if proxy_type == 'http':
s = socket.socket()
connect_proxy(conn, s, headers, conn_name, serv_name)
elif proxy_type == 'https':
print('https')
sock = ssl.wrap_socket(socket.socket())
connect_proxy(conn, sock, headers, conn_name, serv_name)
elif proxy_type == 'socks':
method, version, scm, address, path, params, query, fragment = parse_header(
headers)
s = socket.socket()
geventsocks.connect(s, address)
print('connect {} success'.format(serv_name))
if headers.startswith('CONNECT'):
conn.sendall(b'HTTP/1.1 200 Connection established\r\n\r\n')
create_pipe(conn, s, conn_name=conn_name, serv_name=serv_name)
else:
raw_headers = headers
headers = make_headers(headers)
s.sendall(headers.encode())
print(conn_name, '[{}]'.format(time.strftime('%Y-%m-%d %H:%M:%S')),
raw_headers.split('\r\n')[0])
g = gevent.spawn(from_serv_to_cli, conn, s, conn_name, serv_name)
try:
from_cli_to_serv(conn, s, conn_name, serv_name)
# for buf in iter(lambda:conn.recv(1024*16), b''):
# s.sendall(buf)
except (BrokenPipeError, ConnectionResetError):
print('server: {} client: {} close'.format(
serv_name, conn_name))
g.kill()
return
def __init__(self, *args, **kwargs):
Connection.__init__(self, *args, **kwargs)
self.connected_event = Event()
self._write_queue = Queue()
self._callbacks = {}
self._push_watchers = defaultdict(set)
sockerr = None
addresses = socket.getaddrinfo(self.host, self.port, socket.AF_UNSPEC, socket.SOCK_STREAM)
for (af, socktype, proto, canonname, sockaddr) in addresses:
try:
self._socket = socket.socket(af, socktype, proto)
if self.ssl_options:
self._socket = ssl.wrap_socket(self._socket, **self.ssl_options)
self._socket.settimeout(1.0)
self._socket.connect(sockaddr)
sockerr = None
break
except socket.error as err:
sockerr = err
if sockerr:
raise socket.error(sockerr.errno, "Tried connecting to %s. Last error: %s" % ([a[4] for a in addresses], sockerr.strerror))
if self.sockopts:
for args in self.sockopts:
self._socket.setsockopt(*args)
self._read_watcher = gevent.spawn(self.handle_read)
self._write_watcher = gevent.spawn(self.handle_write)
self._send_options_message()
def connect(self, hostport):
if self.connected:
self.disconnect()
self.sock = socket.create_connection(hostport)
self.conn = ssl.wrap_socket(self.sock)
self.connected = True
def connect(self, host=None, port=None, address_family=None):
"""
Method that initiates a connection to an EPP host
"""
host = host or self.host
self.sock = socket.socket(address_family or socket.AF_INET, socket.SOCK_STREAM)
self.sock.settimeout(self.socket_connect_timeout) # connect timeout
self.sock.connect((host, port or self.port))
local_sock_addr = self.sock.getsockname()
local_addr, local_port = local_sock_addr[:2]
self.log.debug('connected local=%s:%s remote=%s:%s',
local_addr, local_port, self.sock.getpeername()[0], port)
self.sock.settimeout(self.socket_timeout) # regular timeout
if self.ssl_enable:
self.sock = ssl.wrap_socket(self.sock, self.keyfile, self.certfile,
ssl_version=self.ssl_version,
ciphers=self.ssl_ciphers,
server_side=False,
cert_reqs=self.cert_required,
ca_certs=self.cacerts)
self.log.debug('%s negotiated with local=%s:%s remote=%s:%s', self.sock.version(),
local_addr, local_port, self.sock.getpeername()[0], port)
if self.validate_hostname:
try:
match_hostname(self.sock.getpeercert(), host)
except CertificateError as exp:
self.log.exception("SSL hostname mismatch")
raise EppConnectionError(str(exp))
self.greeting = EppResponse.from_xml(self.read().decode('utf-8'))
def test_ssl_proxy_with_decoder(self):
fix_sslwrap()
self.test_input = 'Hiya, this is a test'.encode('utf-8')
keyfile = os.path.join(package_directory,
'templates/default/ssl/ssl.key')
certfile = os.path.join(package_directory,
'templates/default/ssl/ssl.crt')
mock_service = StreamServer(('127.0.0.1', 0),
self.echo_server,
keyfile=keyfile,
certfile=certfile)
gevent.spawn(mock_service.start)
gevent.sleep(1)
proxy = Proxy(
'proxy',
'127.0.0.1',
mock_service.server_port,
decoder='conpot.protocols.misc.ascii_decoder.AsciiDecoder',
keyfile=keyfile,
certfile=certfile)
server = proxy.get_server('127.0.0.1', 0)
gevent.spawn(server.start)
gevent.sleep(1)
s = wrap_socket(socket(), keyfile, certfile)
s.connect(('127.0.0.1', server.server_port))
s.sendall(self.test_input)
received = s.recv(len(self.test_input))
self.assertEqual(self.test_input, received)
mock_service.stop(1)
def test_ssl_proxy(self):
self.test_input = 'Hiya, this is a test'
keyfile = os.path.join(package_directory, 'templates/example_ssl.key')
certfile = os.path.join(package_directory, 'templates/example_ssl.crt')
mock_service = StreamServer(('127.0.0.1', 0),
self.echo_server,
keyfile=keyfile,
certfile=certfile)
gevent.spawn(mock_service.start)
gevent.sleep(1)
proxy = Proxy('proxy',
'127.0.0.1',
mock_service.server_port,
keyfile=keyfile,
certfile=certfile)
server = proxy.get_server('127.0.0.1', 0)
gevent.spawn(server.start)
gevent.sleep(1)
s = wrap_socket(socket(), keyfile, certfile)
s.connect(('127.0.0.1', server.server_port))
s.sendall(self.test_input)
received = s.recv(len(self.test_input))
self.assertEqual(self.test_input, received)
mock_service.stop(1)
def connect(self, hostport):
if self.connected:
self.disconnect()
self.sock = socket.create_connection(hostport)
self.conn = ssl.wrap_socket(self.sock)
self.connected = True
def starttls(self, keyfile=None, certfile=None):
"""Puts the connection to the SMTP server into TLS mode.
If there has been no previous EHLO or HELO command this session, this
method tries ESMTP EHLO first.
If the server supports TLS, this will encrypt the rest of the SMTP
session. If you provide the keyfile and certfile parameters,
the identity of the SMTP server and client can be checked. This,
however, depends on whether the socket module really checks the
certificates.
This method may raise the following exceptions:
SMTPHeloError The server didn't reply properly to
the helo greeting.
"""
self.ehlo_or_helo_if_needed()
if not self.has_extn("starttls"):
raise SMTPException("STARTTLS extension not supported by server.")
(resp, reply) = self.docmd("STARTTLS")
if resp == 220:
if not _have_ssl:
raise RuntimeError("No SSL support included in this Python")
self.sock = ssl.wrap_socket(self.sock, keyfile, certfile)
self.file = SSLFakeFile(self.sock)
# RFC 3207:
# The client MUST discard any knowledge obtained from
# the server, such as the list of SMTP service extensions,
# which was not obtained from the TLS negotiation itself.
self.helo_resp = None
self.ehlo_resp = None
self.esmtp_features = {}
self.does_esmtp = 0
return (resp, reply)
def connect(self, host, port=None):
"""
Method that initiates a connection to an EPP host
"""
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.sock.settimeout(self.socket_connect_timeout) # connect timeout
self.sock.connect((host, port or self.port))
local_sock_addr = self.sock.getsockname()
local_addr, local_port = local_sock_addr[:2]
self.log.debug('connected local=%s:%s remote=%s:%s',
local_addr, local_port, self.sock.getpeername()[0], port)
self.sock.settimeout(self.socket_timeout) # regular timeout
if self.ssl_enable:
self.sock = ssl.wrap_socket(self.sock, self.keyfile, self.certfile,
ssl_version=self.ssl_version,
ciphers=self.ssl_ciphers,
server_side=False,
cert_reqs=self.cert_required,
ca_certs=self.cacerts)
self.log.debug('%s negotiated with local=%s:%s remote=%s:%s', self.sock.version(),
local_addr, local_port, self.sock.getpeername()[0], port)
if self.validate_hostname:
try:
match_hostname(self.sock.getpeercert(), host)
except CertificateError as exp:
self.log.exception("SSL hostname mismatch")
raise EppConnectionError(str(exp))
self.greeting = EppResponse.from_xml(self.read().decode('utf-8'))
def connect(self, timeout=None):
if not self._connected:
try:
sock = socket.create_connection(self._server, timeout)
if not self._ssl_enable:
self._socket = sock
else:
self._socket = ssl.wrap_socket(
sock,
keyfile=self._keyfile,
certfile=self._certfile,
ca_certs=self._ca_cert,
cert_reqs=ssl.CERT_REQUIRED,
ssl_version=ssl.PROTOCOL_SSLv23)
except socket.error as err_msg:
self._socket = None
self._handle_event(self.SESSION_ERROR)
return -1
else:
self._connected = True
self._socket.settimeout(None)
self._set_socket_options()
self._handle_event(self.SESSION_ESTABLISHED)
return 0
return 0
def check(self, url, host_info):
host_info[self.description()] = None
host_ip = socket.getaddrinfo(url, 443)[0][4][0]
try:
sock = socket.socket()
sock.connect((host_ip, 443))
except socket.error:
host_info["ssl checked"].set(True)
host_info[self.description()] = True
return True
try:
sock = ssl.wrap_socket(
sock,
ca_certs="/etc/ssl/certs/ca-certificates.crt",
cert_reqs=ssl.CERT_NONE,
)
cert = sock.getpeercert()
except ssl.SSLError:
host_info["ssl checked"].set(True)
host_info[self.description()] = True
return True
host_info["ssl checked"].set(False)
host_info[self.description()] = False
return False
def childproxy(conn, headers, conn_name='', serv_name=''):
if proxy_type == 'http':
s = socket.socket()
connect_proxy(conn, s, headers, conn_name, serv_name)
elif proxy_type == 'https':
print('https')
sock = ssl.wrap_socket(socket.socket())
connect_proxy(conn, sock, headers, conn_name, serv_name)
elif proxy_type == 'socks':
method, version, scm, address, path, params, query, fragment = parse_header(headers)
s = socket.socket()
geventsocks.connect(s, address)
print('connect {} success'.format(serv_name))
if headers.startswith('CONNECT'):
conn.sendall(b'HTTP/1.1 200 Connection established\r\n\r\n')
create_pipe(conn, s, conn_name=conn_name, serv_name=serv_name)
else:
raw_headers = headers
headers = make_headers(headers)
s.sendall(headers.encode())
print(conn_name,
'[{}]'.format(time.strftime('%Y-%m-%d %H:%M:%S')),
raw_headers.split('\r\n')[0])
g = gevent.spawn(from_serv_to_cli, conn, s, conn_name, serv_name)
try:
from_cli_to_serv(conn, s, conn_name, serv_name)
# for buf in iter(lambda:conn.recv(1024*16), b''):
# s.sendall(buf)
except (BrokenPipeError, ConnectionResetError):
print('server: {} client: {} close'.format(serv_name, conn_name) )
g.kill()
return
def check(self, url, host_info):
host_info[self.description()] = None
if host_info["ssl checked"].get():
return None
else:
host_ip = socket.getaddrinfo(url, 443)[0][4][0]
try:
sock = socket.socket()
except socket.error:
host_info[self.description()] = False
return False
try:
sock = ssl.wrap_socket(sock,
ca_certs="/etc/ssl/certs/ca-certificates.crt",
cert_reqs=ssl.CERT_NONE,
ssl_version=ssl.PROTOCOL_SSLv3,
)
sock.connect((host_ip, 443))
cert = sock.getpeercert()
usedcipher = str(sock.cipher())
except ssl.SSLError:
host_info[self.description()] = False
return False
if (re.search(r'SSLv3', usedcipher)):
host_info[self.description()] = True
return True
host_info[self.description()] = False
return False
def _get_socket(self, host, port, timeout):
if self.debuglevel > 0:
print >> stderr, 'connect:', (host, port)
new_socket = socket.create_connection((host, port), timeout)
new_socket = ssl.wrap_socket(new_socket, self.keyfile,
self.certfile)
self.file = SSLFakeFile(new_socket)
return new_socket
def handle(self, sock, address):
session = conpot_core.get_session(self.proxy_id, address[0],
address[1])
logger.info('New connection from {0}:{1} on {2} proxy. ({3})'.format(
address[0], address[1], self.proxy_id, session.id))
proxy_socket = socket()
if self.keyfile and self.certfile:
proxy_socket = wrap_socket(proxy_socket, self.keyfile,
self.certfile)
try:
proxy_socket.connect((self.proxy_host, self.proxy_port))
except _socket.error as ex:
logger.error(
'Error while connecting to proxied service at ({0}, {1}): {2}'.
format(self.proxy_host, self.proxy_port, ex))
self._close([proxy_socket, sock])
return
sockets = [proxy_socket, sock]
while len(sockets) == 2:
gevent.sleep()
sockets_read, _, sockets_err = select.select(
sockets, [], sockets, 10)
if len(sockets_err) > 0:
self._close([proxy_socket, sock])
break
for s in sockets_read:
data = s.recv(1024)
if len(data) is 0:
self._close([proxy_socket, sock])
if s is proxy_socket:
logging.info(
'Closing proxy connection because the proxied socket closed.'
)
sockets = []
break
elif s is sock:
logging.info(
'Closing proxy connection because the remote socket closed'
)
sockets = []
break
else:
assert False
if s is proxy_socket:
self.handle_out_data(data, sock, session)
elif s is sock:
self.handle_in_data(data, proxy_socket, session)
else:
assert False
proxy_socket.close()
sock.close()
def _check_feedback_connection(self):
if self._feedback_connection is None:
tcp_socket = socket.socket(
socket.AF_INET, socket.SOCK_STREAM, 0)
s = ssl.wrap_socket(tcp_socket, ssl_version=ssl.PROTOCOL_SSLv3,
**self._sslargs)
addr = ["feedback.push.apple.com", 2196]
if self._sandbox:
addr[0] = "feedback.sandbox.push.apple.com"
s.connect_ex(tuple(addr))
self._feedback_connection = s
def accept_let(self):
while True:
sock, addr = self.sock.accept()
try:
sock = ssl.wrap_socket(sock, keyfile=self.keyfile,
certfile=self.certfile, server_side=True,
cert_reqs=ssl.CERT_REQUIRED, ca_certs=self.cacerts)
except ssl.SSLError, e:
print e
continue
self.clients.spawn(self.client_let, sock, addr)
def _check_send_connection(self):
if self._push_connection is None:
tcp_socket = socket.socket(
socket.AF_INET, socket.SOCK_STREAM, 0)
s = ssl.wrap_socket(tcp_socket, ssl_version=ssl.PROTOCOL_SSLv3,
**self._sslargs)
addr = ["gateway.push.apple.com", 2195]
if self._sandbox:
addr[0] = "gateway.sandbox.push.apple.com"
s.connect_ex(tuple(addr))
self._push_connection = s
self._error_greenlet = gevent.spawn(self.save_err, self._error_loop)
def create_socket(timeout=None, **ssl_args):
"""客户端创建,返回sock
"""
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
if timeout:
sock.settimeout(timeout)
if ssl_args:
from gevent.ssl import wrap_socket
sock = wrap_socket(sock, **ssl_args)
return sock
def _check_feedback_connection(self):
if self._feedback_connection is None:
tcp_socket = socket.socket(
socket.AF_INET, socket.SOCK_STREAM, 0)
s = ssl.wrap_socket(tcp_socket, ssl_version=ssl.PROTOCOL_TLSv1,
**self._sslargs)
addr = ["feedback.push.apple.com", 2196]
if self._sandbox:
addr[0] = "feedback.sandbox.push.apple.com"
logger.debug('Connecting to %s' % addr[0])
s.connect_ex(tuple(addr))
self._feedback_connection = s
def create_socket(timeout=None, **ssl_args):
"""客户端创建,返回sock
"""
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
if timeout:
sock.settimeout(timeout)
if ssl_args:
from gevent.ssl import wrap_socket
sock = wrap_socket(sock, **ssl_args)
return sock
def _check_send_connection(self):
if self._push_connection is None:
tcp_socket = socket.socket(
socket.AF_INET, socket.SOCK_STREAM, 0)
s = ssl.wrap_socket(tcp_socket, ssl_version=ssl.PROTOCOL_TLSv1,
**self._sslargs)
addr = ["gateway.push.apple.com", 2195]
if self._sandbox:
addr[0] = "gateway.sandbox.push.apple.com"
logger.debug('Connecting to %s' % addr[0])
s.connect_ex(tuple(addr))
self._push_connection = s
self._error_greenlet = gevent.spawn(self.save_err,
self._error_loop)
def connect(self):
logging.debug('Connect to apns start')
self._socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self._socket.settimeout(10)
logging.debug('Connect to apns step 1')
self._socket.connect((self.server, self.port))
logging.debug('Connect to apns step 2')
self._ssl = ssl.wrap_socket(
self._socket,
self.key_file,
self.cert_file)
logging.debug('Connect to apns step 3')
self.connection_alive = True
logging.debug('Connect to apns end')
def handle(self, sock, address):
session = conpot_core.get_session(self.proxy_id, address[0], address[1])
logger.info('New connection from {0}:{1} on {2} proxy. ({3})'.format(address[0], address[1],
self.proxy_id, session.id))
proxy_socket = socket()
if self.keyfile and self.certfile:
proxy_socket = wrap_socket(proxy_socket, self.keyfile, self.certfile)
try:
proxy_socket.connect((self.proxy_host, self.proxy_port))
except _socket.error as ex:
logger.error('Error while connecting to proxied service at ({0}, {1}): {2}'
.format(self.proxy_host, self.proxy_port, ex))
self._close([proxy_socket, sock])
return
sockets = [proxy_socket, sock]
while len(sockets) == 2:
gevent.sleep()
sockets_read, _, sockets_err = select.select(sockets, [], sockets, 10)
if len(sockets_err) > 0:
self._close([proxy_socket, sock])
break
for s in sockets_read:
data = s.recv(1024)
if len(data) is 0:
self._close([proxy_socket, sock])
if s is proxy_socket:
logging.info('Closing proxy connection because the proxied socket closed.')
sockets = []
break
elif s is sock:
logging.info('Closing proxy connection because the remote socket closed')
sockets = []
break
else:
assert False
if s is proxy_socket:
self.handle_out_data(data, sock, session)
elif s is sock:
self.handle_in_data(data, proxy_socket, session)
else:
assert False
proxy_socket.close()
sock.close()
def create_connection(address, timeout=None, **ssl_args):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 0)
if timeout:
sock.settimeout(timeout)
if ssl_args:
from gevent.ssl import wrap_socket
sock = wrap_socket(sock, **ssl_args)
host = address[0]
port = int(address[1])
sock.connect((host, port))
return sock
def check_connection(self):
if self._connection == None:
print "Connecting to server[%s]" % (self._addr)
sock = ssl.wrap_socket(socket(AF_INET, SOCK_STREAM, 0),
self._key_file,
self._cert_file,
ssl_version=ssl.PROTOCOL_SSLv3)
host, port = self._addr.split(':')
ret = sock.connect_ex((host, int(port)))
if ret == 0:
print "Connection established to addr[%s]" % (self._addr)
self._connection = sock
return True
print "Connecting failed to addr[%s]" % (self._addr)
return False
return True
def connect(self, host, port=None):
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.sock.settimeout(self.socket_connect_timeout) # connect timeout
self.sock.connect((host, port or self.port))
self.sock.settimeout(self.socket_timeout) # regular timeout
if self.ssl_enable:
self.sock = ssl.wrap_socket(self.sock, self.keyfile, self.certfile,
ssl_version=self.ssl_version,
ciphers=self.ssl_ciphers,
server_side=False,
cert_reqs=self.cert_required,
ca_certs=self.cacerts)
if self.validate_hostname:
try:
match_hostname(self.sock.getpeercert(), host)
except CertificateError, e:
self.log.exception("SSL hostname mismatch")
raise EppConnectionError(str(e))
def create_connection(address, timeout=None, **ssl_args):
"""客户端创建连接,返回sock
:自带有一个 from gevent.socket import create_connection, 不过没有ssl参数
"""
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 0)
if timeout:
sock.settimeout(timeout)
if ssl_args:
from gevent.ssl import wrap_socket
sock = wrap_socket(sock, **ssl_args)
host = address[0]
port = int(address[1])
sock.connect((host, port))
return sock
def getUserStatus(conn, userName):
if not auth(conn):
return DENIED
validate_name(userName)
splt = userName.split('@')
rMsg = [RM.USER_STATUS_RESP,]
if splt[1] == conn.domain:
user_exists(userName)
if userName in conn.connTbl:
addr = conn.connTbl[userName].address
rMsg.append((authList[addr], addr[0], addr[1]))
else:
rMsg.append(((userName, status.OFFLINE), 0, 0))
else:
# if the user is not from this domain, send a message to the appropriate server
address = (bSock.gethostbyname(splt[1]), 8888)
sock = socket.socket()
sock = ssl.wrap_socket(sock)
sock.connect(address)
sock.sendall(msgpack.packb([RM.AUTHENTICATE_SERVER, conn.domain]))
rVal = sock.recv(4096)
rVal = msgpack.unpackb(rVal)
if rVal[0] != RM.AUTHENTICATED:
raise RPCError
sock.sendall(msgpack.packb([RM.GET_USER_STATUS, userName]))
rVal = sock.recv(4096)
rVal = msgpack.unpackb(rVal)
if rVal[0] == RM.USER_NOT_FOUND:
raise UserNotFound
elif rVal[0] == RM.USER_STATUS_RESP:
rMsg.append(rVal[1])
else:
raise RPCError
sock.close()
return rMsg
def _fetch_socket(self):
if self.using_ssl:
if 'ssl_version' in self.config and self.config['ssl_version']:
if self.config['ssl_version'] == 2:
ssl_version = ssl.PROTOCOL_SSLv2
elif self.config['ssl_version'] == 3:
ssl_version = ssl.PROTOCOL_SSLv3
else:
ssl_version = ssl.PROTOCOL_SSLv23
else:
# SSLv23 is the default for python ssl and gevent ssl
ssl_version = ssl.PROTOCOL_SSLv23
return ssl.wrap_socket(
socket.socket(),
cert_reqs=ssl.CERT_REQUIRED,
ca_certs=get_certs_bundle(),
ssl_version=ssl_version)
else:
return socket.socket()
def unregisterFriend(conn, friend, un=None):
if not auth(conn):
return DENIED
if conn.domain in friend:
user_exists(friend)
userName = un
if un == None:
userName = authList[conn.address][0]
del_q = "DELETE FROM friends WHERE userName=? AND friend=?;"
execute_query(del_q, (userName, friend))
execute_query(del_q, (friend, userName))
splt = friend.split("@")
if splt[1] != conn.domain:
if authList[conn.address][1] != status.SERVER:
address = (bSock.gethostbyname(splt[1]), 8888)
sock = socket.socket()
sock = ssl.wrap_socket(sock)
sock.connect(address)
# authenicate
sock.sendall(msgpack.packb([RM.AUTHENTICATE_SERVER, conn.domain]))
rVal = sock.recv(4096)
rVal = msgpack.unpackb(rVal)
if rVal[0] != RM.AUTHENTICATED:
raise RPCError
# send the request
sock.sendall(msgpack.packb([RM.SERVER_SEND_UNFRIEND, userName, friend]))
rVal = sock.recv(4096)
rVal = msgpack.unpackb(rVal)
if rVal[0] != RM.SUCCESS:
raise RPCError
sock.close()
return [RM.SUCCESS, "Friend Unregistered"]
def test_ssl_proxy(self):
self.test_input = 'Hiya, this is a test'
keyfile = os.path.join(package_directory, 'templates/example_ssl.key')
certfile = os.path.join(package_directory, 'templates/example_ssl.crt')
mock_service = StreamServer(('127.0.0.1', 0), self.echo_server, keyfile=keyfile, certfile=certfile)
gevent.spawn(mock_service.start)
gevent.sleep(1)
proxy = Proxy('proxy', '127.0.0.1', mock_service.server_port, keyfile=keyfile, certfile=certfile)
server = proxy.get_server('127.0.0.1', 0)
gevent.spawn(server.start)
gevent.sleep(1)
s = wrap_socket(socket(), keyfile, certfile)
s.connect(('127.0.0.1', server.server_port))
s.sendall(self.test_input)
received = s.recv(len(self.test_input))
self.assertEqual(self.test_input, received)
mock_service.stop(1)
def acceptFriend(conn, friend):
if not auth(conn):
return DENIED
if conn.domain in friend:
user_exists(friend)
acceptor = authList[conn.address]
# flip the accept bit for the user that accepted the request
upd_q = "UPDATE friends SET accepted='true' WHERE userName=? AND friend=?;"
execute_query(upd_q, (acceptor[0],friend))
splt = friend.split("@")
# if other user is on this domain, set their accept bit as well
if splt[1] == conn.domain:
execute_query(upd_q, (friend, acceptor[0]))
# if the friend is online, push a notification
# to them that their friend request has been accepted
if friend in conn.connTbl:
conn.connTbl[friend].send([RM.PUSH_FRIEND_ACCEPT, acceptor[0], acceptor[1]])
else:
# if the user is not from this domain, send a message to the appropriate server
address = (bSock.gethostbyname(splt[1]), 8888)
sock = socket.socket()
sock = ssl.wrap_socket(sock)
sock.connect(address)
sock.sendall(msgpack.packb([RM.AUTHENTICATE_SERVER, conn.domain]))
rVal = sock.recv(4096)
rVal = msgpack.unpackb(rVal)
if rVal[0] != RM.AUTHENTICATED:
raise RPCError
sock.sendall(msgpack.packb([RM.SERVER_SEND_ACCEPT, friend, acceptor[0], acceptor[1]]))
rVal = sock.recv(4096)
rVal = msgpack.unpackb(rVal)
if rVal[0] != RM.SUCCESS:
raise RPCError
sock.close()
return [RM.SUCCESS, "Friend Request Accepted"]
def test_ssl_proxy(self):
fix_sslwrap()
self.test_input = "Hiya, this is a test"
keyfile = os.path.join(package_directory, "templates/default/ssl/ssl.key")
certfile = os.path.join(package_directory, "templates/default/ssl/ssl.crt")
mock_service = StreamServer(("127.0.0.1", 0), self.echo_server, keyfile=keyfile, certfile=certfile)
gevent.spawn(mock_service.start)
gevent.sleep(1)
proxy = Proxy("proxy", "127.0.0.1", mock_service.server_port, keyfile=keyfile, certfile=certfile)
server = proxy.get_server("127.0.0.1", 0)
gevent.spawn(server.start)
gevent.sleep(1)
s = wrap_socket(socket(), keyfile, certfile)
s.connect(("127.0.0.1", server.server_port))
s.sendall(self.test_input)
received = s.recv(len(self.test_input))
self.assertEqual(self.test_input, received)
mock_service.stop(1)
def connect(self, use_ssl=False):
msg = '%s' % 'SSL: ' if use_ssl else ''
logger.debug('%s Initial connection' % msg)
try:
if use_ssl:
msg += 'Connection: Warp with SSL'
self.socket = ssl.wrap_socket(self.socket)
else:
msg += 'Connection: Start connecting'
self.socket = socket.create_connection((self.ip, self.port),
timeout=self._timeout)
self.socket.settimeout(self._timeout)
except socket.timeout:
raise ConnectTimeout
except Exception as e:
raise
else:
msg += 'Connection: success'
self._closed = False
finally:
logger.debug(msg)
def run(self):
tcp_ip_delay = 0
http_delay = 0
notify_on_exit = True
while True:
try:
raw_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
if self.secure:
self.sock = ssl.wrap_socket(raw_sock)
else:
self.sock = raw_sock
self.sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1)
self.sock.settimeout(self.timeout)
self.sock.connect((self.host, self.port))
self.sock.send(self.headers)
self.sock.send(self.body)
status = self._get_status_and_consume_headers()
if status == 200:
self._notify('connect', self.id)
tcp_ip_delay = 0
http_delay = 0
self._consume_stream()
else:
self.sock.close()
if status > 500:
http_delay = self._incr_http_delay(http_delay)
sleep(http_delay)
else: # we're doing something wrong
logging.warning(status)
notify_on_exit = False
break
except (socket.timeout, socket.error), err:
logging.info(err, exc_info=True)
self.sock.close()
tcp_ip_delay = self._incr_tcp_ip_delay(tcp_ip_delay)
sleep(tcp_ip_delay)
except gevent.GreenletExit:
self.sock.close()
notify_on_exit = False
break
def test_ssl_proxy_with_decoder(self):
fix_sslwrap()
self.test_input = 'Hiya, this is a test'.encode('utf-8')
keyfile = os.path.join(package_directory, 'templates/default/ssl/ssl.key')
certfile = os.path.join(package_directory, 'templates/default/ssl/ssl.crt')
mock_service = StreamServer(('127.0.0.1', 0), self.echo_server, keyfile=keyfile, certfile=certfile)
gevent.spawn(mock_service.start)
gevent.sleep(1)
proxy = Proxy('proxy', '127.0.0.1', mock_service.server_port,
decoder='conpot.protocols.misc.ascii_decoder.AsciiDecoder', keyfile=keyfile, certfile=certfile)
server = proxy.get_server('127.0.0.1', 0)
gevent.spawn(server.start)
gevent.sleep(1)
s = wrap_socket(socket(), keyfile, certfile)
s.connect(('127.0.0.1', server.server_port))
s.sendall(self.test_input)
received = s.recv(len(self.test_input))
self.assertEqual(self.test_input, received)
mock_service.stop(1)
def connect(self, timeout=None):
if not self._connected:
try:
sock = socket.create_connection(self._server, timeout)
if not self._ssl_enable:
self._socket = sock
else:
self._socket = ssl.wrap_socket(sock, keyfile=self._keyfile,
certfile=self._certfile, ca_certs=self._ca_cert,
cert_reqs=ssl.CERT_REQUIRED,
ssl_version=ssl.PROTOCOL_TLSv1)
except socket.error as err_msg:
self._socket = None
self._handle_event(self.SESSION_ERROR)
return -1
else:
self._connected = True
self._socket.settimeout(None)
self._set_socket_options()
self._handle_event(self.SESSION_ESTABLISHED)
return 0
return 0
def smtp_STARTTLS(self, arg):
if arg:
self.push('501 Syntax: STARTTLS')
return
self.push('220 Ready to start TLS')
if self.data:
self.push('500 Too late to changed')
return
try:
self.conn = ssl.wrap_socket(self.conn, **self.server.ssl)
self.state = self.COMMAND
self.seen_greeting = 0
self.rcpttos = []
self.mailfrom = None
self.tls = True
except Exception as err:
logger.error(err, exc_info=True)
self.push('503 certificate is FAILED')
self.close_when_done()
def smtp_STARTTLS(self, arg):
if arg:
self.push("501 Syntax: STARTTLS")
return
self.push("220 Ready to start TLS")
if self.data:
self.push("500 Too late to changed")
return
try:
self.conn = ssl.wrap_socket(self.conn, **self.server.ssl)
self.state = self.COMMAND
self.seen_greeting = 0
self.rcpttos = []
self.mailfrom = None
self.tls = True
except Exception as err:
logger.error(err, exc_info=True)
self.push("503 certificate is FAILED")
self.close_when_done()
def get_resp(req, https=False):
url = '{host}{path}'.format(host=req.split('\r\n')[1].split(' ')[1],
path=req.split('\r\n')[0].split(' ')[1])
info = '{method} {url}'.format(method=req.split(' ')[0], url=url)
# print(info)
host, port = get_host_port(req, https)
if https:
s = ssl.wrap_socket(socket.socket(), ssl_version=ssl.PROTOCOL_TLSv1)
s.settimeout(5)
else:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
s.connect((host, port))
# print('connect ok')
except socket.timeout as e:
print(e)
return
s.sendall(req.encode('utf-8'))
# print('send ok')
resp = b''
while 1:
# buf and not buf.startswith(b'WebSocket')\
# and not buf.endswith(b'\r\n\r\n'):
try:
buf = s.recv(1024 * 8)
except socket.timeout as e:
print(e)
break
# print('{}......{}'.format(buf[:50],buf[-50:]))
resp += buf
if not buf or\
buf.startswith(b'WebSocket') and buf.endswith(b'\r\n\r\n'):
break
# print('RECV {}'.format(url))
return resp, info
def _sslwrapper(family, socktype, proto):
sock = socket.socket(family, socktype, proto)
return ssl.wrap_socket(sock,
cert_reqs=self.cert_reqs,
ca_certs=self.ca_certs)
def handle(self, sock, address):
session = conpot_core.get_session(self.proxy_id, address[0], address[1], sock.getsockname()[0], sock.getsockname()[1])
logger.info(
'New connection from %s:%s on %s proxy. (%s)',
address[0], address[1], self.proxy_id, session.id)
proxy_socket = socket()
if self.keyfile and self.certfile:
proxy_socket = wrap_socket(proxy_socket, self.keyfile, self.certfile)
try:
proxy_socket.connect((self.proxy_host, self.proxy_port))
except _socket.error:
logger.exception('Error while connecting to proxied service at ({}, {})'.format(self.proxy_host,
self.proxy_port))
self._close([proxy_socket, sock])
return
sockets = [proxy_socket, sock]
while len(sockets) == 2:
if Proxy.stop_servers:
self._close([proxy_socket, sock])
break
gevent.sleep(0)
ProxyAddresses.put(proxy_socket, [address[0], address[1]])
sockets_read, _, sockets_err = select.select(sockets, [], sockets, 10)
if len(sockets_err) > 0:
self._close([proxy_socket, sock])
break
for s in sockets_read:
socket_close_reason = 'socket closed'
try:
data = s.recv(1024)
except _socket.error as socket_err:
data = []
socket_close_reason = str(socket_err)
if len(data) is 0:
ProxyAddresses.clear_unused(proxy_socket)
self._close([proxy_socket, sock])
if s is proxy_socket:
logging.warning(
'Closing proxied socket while receiving (%s, %s): %s.',
self.proxy_host, self.proxy_port, socket_close_reason)
sockets = []
break
elif s is sock:
logging.warning(
'Closing connection to remote while receiving from remote (%s, %s): %s',
socket_close_reason, address[0], address[1])
sockets = []
break
else:
assert False
try:
if s is proxy_socket:
self.handle_out_data(data, sock, session)
elif s is sock:
self.handle_in_data(data, proxy_socket, session)
else:
assert False
except _socket.error as socket_err:
if s is proxy_socket:
destination = 'proxied socket'
else:
destination = 'remote connection'
logger.warning('Error while sending data to %s: %s.', destination, str(socket_err))
sockets = []
break
session.set_ended()
proxy_socket.close()
sock.close()
'unfriend': test_unfriend,
'accept': test_accept,
'listener': test_listener,
'getAllStat': test_getAllStatus,
'getStatus': test_getUserStatus,
'cert': test_cert,
'ms_send': test_multiServer_sender,
'ms_listen': test_multiServer_listen,
}
if __name__ == '__main__':
address = (bSock.gethostbyname(bSock.gethostbyname(sys.argv[3])), 8888)
sock = socket.socket()
sock = ssl.wrap_socket(sock)
sock.connect(address)
if sys.argv[1] in testMap:
func = testMap[sys.argv[1]]
func(sys.argv[2])
#sendQ.put([RM.AUTHENTICATE_USER,"*****@*****.**","12345"])
#sendQ.put([RM.UNREGISTER_FRIEND, "*****@*****.**"])
#sendQ.put([RM.REGISTER_STATUS, motmot.status.AWAY])
#sendQ.put([RM.ACCEPT_FRIEND, "*****@*****.**"])
#sendQ.put([RM.REGISTER_FRIEND, "*****@*****.**"])
#sendQ.put([RM.GET_ALL_STATUSES])
#cert = open('cert/motmot.crt').read()
#sendQ.put([RM.SIGN_CERT_REQUEST, cert])
recv = recvGreenlet(sock)
recv.start()
def ssl_connect(cls,host,port,ssl_kwargs,**kwargs):
if kwargs.pop('ipv6',False):
kwargs['family'] = socket.AF_INET6
s = cls._connect(host,port,**kwargs)
s2 = ssl.wrap_socket(s,**ssl_kwargs)
return cls(s2)
def handle(self, source, address):
log.debug("New remote client connected from %s", address)
# ssl negotiation
if not self.unix_socket_used:
ssl_req_data = source.recv(1024)
if self.local_ssl_opt:
log.debug("SSL Negotiation.")
source.send("S")
source = wrap_socket(source,
keyfile=self.local_ssl_key,
certfile=self.local_ssl_cert,
server_side=True)
source.settimeout(60)
else:
source.send("N")
response, auth_response = None, None
# Receive client data (used for create peer key)
log.debug("Waiting for client data...")
client_data = source.recv(2024)
# create or get from pool one socket
from_pool, dst_sock, response, auth_response = self.create_dst_connection(
client_data)
remote_ssl_opt = settings.get_remote_ssl()
if not from_pool:
# send ssl negotiation with remote server
if remote_ssl_opt and not self.remote_unix_socket_used:
dst_sock.send(utils.make_ssl_request())
rsp = dst_sock.recv(1024)
if rsp[0] == "S":
dst_sock = wrap_socket(dst_sock)
else:
raise Exception("Server does not support ssl connections")
dst_sock.send(client_data)
auth_error, response, auth_response = self.handle_authentication(
source, dst_sock)
else:
auth_code = struct.unpack("!i", response[5:][:4])[0]
if auth_code == 5:
log.debug("Authenticating client...")
source.send(auth_response)
else:
source.send(response)
error_generator, auth_error, error = None, False, False
source.setblocking(0)
dst_sock.setblocking(0)
log.debug("Entering on recv/send loop...")
while not error:
_r, _w, _e = select.select([source, dst_sock], [], [])
for _in in _r:
_data = read_until_fail(_in)
if not _data or _data[0] == b'X':
error, error_generator = True, _in
break
if _data[0] == 'E':
self.send(source, _data)
error, auth_error = True, True
if _in == dst_sock:
ok = self.send(source, _data)
if not ok:
error, error_generator = True, _in
break
else:
self.send(dst_sock, _data)
log.debug("Connection is closed in any socket.")
# if error found on database or authentication error, close all connections
if error_generator != source or auth_error:
log.debug("Server connection is break. Closing all connections.")
dst_sock.close()
source.close()
return
log.debug("Client connection is break.")
# send reset query
send_data = [
utils.create_query_data("DISCARD ALL;"),
utils.create_statement_description(),
utils.create_flush_stetement(),
]
ok = False
if _data:
ok = self.send(dst_sock, b"".join(send_data))
if ok:
log.debug("Reset database connection state.")
response_data = read_until_fail(dst_sock)
if client_data not in self.queues:
self.queues[client_data] = Queue()
if self.queues[client_data].qsize() < 30:
self.queues[client_data].put(
(dst_sock, response, auth_response))
log.debug("Returning connection to pool.")
log.debug("Current pool size: %s",
self.queues[client_data].qsize())
else:
dst_sock.close()
def handle(self, sock, address):
session = conpot_core.get_session(self.proxy_id, address[0],
address[1])
logger.info('New connection from {0}:{1} on {2} proxy. ({3})'.format(
address[0], address[1], self.proxy_id, session.id))
proxy_socket = socket()
if self.keyfile and self.certfile:
proxy_socket = wrap_socket(proxy_socket, self.keyfile,
self.certfile)
try:
proxy_socket.connect((self.proxy_host, self.proxy_port))
except _socket.error as ex:
logger.error(
'Error while connecting to proxied service at ({0}, {1}): {2}'.
format(self.proxy_host, self.proxy_port, ex))
self._close([proxy_socket, sock])
return
sockets = [proxy_socket, sock]
while len(sockets) == 2:
gevent.sleep()
sockets_read, _, sockets_err = select.select(
sockets, [], sockets, 10)
if len(sockets_err) > 0:
self._close([proxy_socket, sock])
break
for s in sockets_read:
socket_close_reason = 'socket closed'
try:
data = s.recv(1024)
except _socket.error as socket_err:
data = []
socket_close_reason = str(socket_err)
if len(data) is 0:
self._close([proxy_socket, sock])
if s is proxy_socket:
logging.warning(
'Closing proxied socket while receiving ({0}, {1}): {2}.'
.format(self.proxy_host, self.proxy_port,
socket_close_reason))
sockets = []
break
elif s is sock:
logging.warning(
'Closing connection to remote while receiving from remote ({0}, {1}): {2}'
.format(socket_close_reason, address[0],
address[1]))
sockets = []
break
else:
assert False
try:
if s is proxy_socket:
self.handle_out_data(data, sock, session)
elif s is sock:
self.handle_in_data(data, proxy_socket, session)
else:
assert False
except _socket.error as socket_err:
if s is proxy_socket:
destination = 'proxied socket'
else:
destination = 'remote connection'
logger.warning(
'Error while sending data to {0}: {1}.'.format(
destination, str(socket_err)))
sockets = []
break
session.set_ended()
proxy_socket.close()
sock.close()
def main():
"""Run the daemon from the command line"""
opts = parse_arguments(sys.argv[1:])
# Initialize logger
lvl = logging.DEBUG if opts.debug else logging.INFO
global logger
logger = logging.getLogger("vncauthproxy")
logger.setLevel(lvl)
formatter = logging.Formatter(("%(asctime)s %(module)s[%(process)d] "
" %(levelname)s: %(message)s"),
"%Y-%m-%d %H:%M:%S")
handler = logging.FileHandler(opts.log_file)
handler.setFormatter(formatter)
logger.addHandler(handler)
try:
# Create pidfile
pidf = pidlockfile.TimeoutPIDLockFile(opts.pid_file, 10)
# Init ephemeral port pool
ports = range(opts.min_port, opts.max_port + 1)
# Init VncAuthProxy class attributes
VncAuthProxy.server_timeout = opts.server_timeout
VncAuthProxy.connect_retries = opts.connect_retries
VncAuthProxy.retry_wait = opts.retry_wait
VncAuthProxy.connect_timeout = opts.connect_timeout
VncAuthProxy.ports = ports
VncAuthProxy.authdb = parse_auth_file(opts.auth_file)
VncAuthProxy.keyfile = opts.key_file
VncAuthProxy.certfile = opts.cert_file
VncAuthProxy.proxy_address = opts.proxy_listen_address
VncAuthProxy.fqdn = socket.getfqdn()
sockets = get_listening_sockets(opts.listen_port,
opts.listen_address,
reuse_addr=True)
wrap_ssl = lambda sock: sock
if opts.enable_ssl:
ssl_prot = ssl.PROTOCOL_TLSv1
wrap_ssl = lambda sock: ssl.wrap_socket(sock,
server_side=True,
keyfile=opts.key_file,
certfile=opts.cert_file,
ssl_version=ssl_prot)
# Become a daemon:
# Redirect stdout and stderr to handler.stream to catch
# early errors in the daemonization process [e.g., pidfile creation]
# which will otherwise go to /dev/null.
daemon_context = AllFilesDaemonContext(pidfile=pidf,
umask=0022,
stdout=handler.stream,
stderr=handler.stream,
files_preserve=[handler.stream])
# Remove any stale PID files, left behind by previous invocations
if daemon.runner.is_pidfile_stale(pidf):
logger.warning("Removing stale PID lock file %s", pidf.path)
pidf.break_lock()
try:
daemon_context.open()
except (AlreadyLocked, LockTimeout):
raise InternalError(("Failed to lock PID file %s, another "
"instance running?"), pidf.path)
logger.info("Became a daemon")
# A fork() has occured while daemonizing,
# we *must* reinit gevent
gevent.reinit()
# Catch signals to ensure graceful shutdown,
#
# Uses gevent.signal so the handler fires even during
# gevent.socket.accept()
gevent.signal(SIGINT, fatal_signal_handler, "SIGINT")
gevent.signal(SIGTERM, fatal_signal_handler, "SIGTERM")
except InternalError as err:
logger.critical(err)
sys.exit(1)
except Exception as err:
logger.critical("Unexpected error:")
logger.exception(err)
sys.exit(1)
while True:
try:
client = None
rlist, _, _ = select(sockets, [], [])
for ctrl in rlist:
client, _ = ctrl.accept()
client = wrap_ssl(client)
logger.info("New control connection")
VncAuthProxy.spawn(logger, client)
continue
except Exception as err:
logger.error("Unexpected error:")
logger.exception(err)
if client:
client.close()
continue
except SystemExit:
break
try:
logger.info("Closing control sockets")
while sockets:
sock = sockets.pop()
sock.close()
daemon_context.close()
sys.exit(0)
except Exception as err:
logger.critical("Unexpected error:")
logger.exception(err)
sys.exit(1)
def __init__(self, address):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(address)
sock = ssl.wrap_socket(sock)
super(SocketClient, self).__init__(sock)
def handle(self, sock, address):
session = conpot_core.get_session(
self.proxy_id,
address[0],
address[1],
sock.getsockname()[0],
sock.getsockname()[1],
)
logger.info(
"New connection from %s:%s on %s proxy. (%s)",
address[0],
address[1],
self.proxy_id,
session.id,
)
proxy_socket = socket()
if self.keyfile and self.certfile:
proxy_socket = wrap_socket(
proxy_socket, keyfile=self.keyfile, certfile=self.certfile
)
try:
proxy_socket.connect((self.proxy_host, self.proxy_port))
except _socket.error:
logger.exception(
"Error while connecting to proxied service at ({}, {})".format(
self.proxy_host, self.proxy_port
)
)
self._close([proxy_socket, sock])
return
sockets = [proxy_socket, sock]
while len(sockets) == 2:
gevent.sleep(0)
sockets_read, _, sockets_err = select.select(sockets, [], sockets, 10)
if len(sockets_err) > 0:
self._close([proxy_socket, sock])
break
for s in sockets_read:
socket_close_reason = "socket closed"
try:
data = s.recv(1024)
except _socket.error as socket_err:
data = []
socket_close_reason = str(socket_err)
if len(data) is 0:
self._close([proxy_socket, sock])
if s is proxy_socket:
logging.warning(
"Closing proxied socket while receiving (%s, %s): %s.",
self.proxy_host,
self.proxy_port,
socket_close_reason,
)
sockets = []
break
elif s is sock:
logging.warning(
"Closing connection to remote while receiving from remote (%s, %s): %s",
socket_close_reason,
address[0],
address[1],
)
sockets = []
break
else:
assert False
try:
if s is proxy_socket:
self.handle_out_data(data, sock, session)
elif s is sock:
self.handle_in_data(data, proxy_socket, session)
else:
assert False
except _socket.error as socket_err:
if s is proxy_socket:
destination = "proxied socket"
else:
destination = "remote connection"
logger.warning(
"Error while sending data to %s: %s.",
destination,
str(socket_err),
)
sockets = []
break
session.set_ended()
proxy_socket.close()
sock.close()
def handle(self, sock, address):
session = conpot_core.get_session(self.proxy_id, address[0], address[1])
logger.info('New connection from {0}:{1} on {2} proxy. ({3})'.format(address[0], address[1],
self.proxy_id, session.id))
proxy_socket = socket()
if self.keyfile and self.certfile:
proxy_socket = wrap_socket(proxy_socket, self.keyfile, self.certfile)
try:
proxy_socket.connect((self.proxy_host, self.proxy_port))
except _socket.error as ex:
logger.error('Error while connecting to proxied service at ({0}, {1}): {2}'
.format(self.proxy_host, self.proxy_port, ex))
self._close([proxy_socket, sock])
return
sockets = [proxy_socket, sock]
while len(sockets) == 2:
gevent.sleep()
sockets_read, _, sockets_err = select.select(sockets, [], sockets, 10)
if len(sockets_err) > 0:
self._close([proxy_socket, sock])
break
for s in sockets_read:
socket_close_reason = 'socket closed'
try:
data = s.recv(1024)
except _socket.error as socket_err:
data = []
socket_close_reason = str(socket_err)
if len(data) is 0:
self._close([proxy_socket, sock])
if s is proxy_socket:
logging.warning('Closing proxied socket while receiving ({0}, {1}): {2}.'
.format(self.proxy_host, self.proxy_port, socket_close_reason))
sockets = []
break
elif s is sock:
logging.warning('Closing connection to remote while receiving from remote ({0}, {1}): {2}'
.format(socket_close_reason, address[0], address[1]))
sockets = []
break
else:
assert False
try:
if s is proxy_socket:
self.handle_out_data(data, sock, session)
elif s is sock:
self.handle_in_data(data, proxy_socket, session)
else:
assert False
except _socket.error as socket_err:
if s is proxy_socket:
destination = 'proxied socket'
else:
destination = 'remote connection'
logger.warning('Error while sending data to {0}: {1}.'.format(destination, str(socket_err)))
sockets = []
break
session.set_ended()
proxy_socket.close()
sock.close()
import time
from gevent import ssl, socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Require a certificate from the server. We used a self-signed certificate
# so here ca_certs must be the server certificate itself.
ssl_sock = ssl.wrap_socket(s,
ca_certs="server.crt",
cert_reqs=ssl.CERT_REQUIRED)
ssl_sock.connect(('localhost', 5500))
# ssl_sock.connect(('localhost', 9092))
ssl_sock.sendall(b'login superadmin password\n')
while True:
time.sleep(5)
ssl_sock.sendall(b'ping null\n')
print(ssl_sock.recv(4096))
ssl_sock.close()
def _create_socket(self):
return wrap_socket(Tcp._create_socket(self), server_side=False)
