def callRemote(self, method, *args):
def cancel(d):
factory.deferred = None
connector.disconnect()
factory = self.queryFactory(
self.path, self.host, method, self.user,
self.password, self.allowNone, args, cancel, self.useDateTime)
#factory = xmlrpc._QueryFactory(
# self.path, self.host, method, self.user,
# self.password, self.allowNone, args)
if self.secure:
try:
self.SSLClientContext
except NameError:
print "Must Set a SSL Context"
print "use self.setSSLClientContext() first"
# Its very bad to connect to ssl without some kind of
# verfication of who your talking to
# Using the default sslcontext without verification
# Can lead to man in the middle attacks
ReactorThread().connectSSL(self.host, self.port or 443,
factory, self.SSLClientContext,
timeout=self.connectTimeout)
else:
ReactorThread().connectTCP(self.host, self.port or 80, factory, timeout=self.connectTimeout)
return factory.deferred
def __enter__(self):
"""
Function called back while entering a "with" statement.
See http://effbot.org/zone/python-with-statement.htm
"""
ReactorThread().start_reactor()
return self
def terminate():
ReactorThread().stop_reactor()
def _missing(*args):
from twisted.internet import defer
d = defer.Deferred()
def proxy_success_cb(result):
#SFAManageToken().put_token(self.interface)
diff = time.time() - self.started
Log.debug('SFA CALL SUCCESS %s(%s) - interface = %s - execution time = %s sec.' % (self.arg0, self.arg1, self.interface, round(diff,2)))
d.callback(result)
def proxy_error_cb(error):
#SFAManageToken().put_token(self.interface)
diff = time.time() - self.started
Log.debug('SFA CALL ERROR %s(%s) - interface = %s - execution time = %s sec.' % (self.arg0, self.arg1, self.interface, round(diff,2)))
d.errback(ValueError("Error in SFA Proxy %s" % error))
#success_cb = lambda result: d.callback(result)
#error_cb = lambda error : d.errback(ValueError("Error in SFA Proxy %s" % error))
def is_credential(cred):
is_v2 = isinstance(cred, StringTypes) and cred.startswith(ARG_SNIFF_CRED)
is_v3 = isinstance(cred, dict) and 'geni_type' in cred
return is_v2 or is_v3
def is_rspec(cred):
return isinstance(cred, StringTypes) and cred.startswith(ARG_SNIFF_RSPEC)
def is_credential_list(cred):
return isinstance(cred, list) and reduce(lambda x, y: x and is_credential(y), cred, True)
def is_user_list(arg):
is_user_list_1 = isinstance(arg, dict) and 'geni_users' in arg
# For CreateSliver nitosb
is_user_list_2 = isinstance(arg, list) and arg and isinstance(arg[0], dict) and 'keys' in arg[0]
return is_user_list_1 or is_user_list_2
#@defer.inlineCallbacks
def wrap(source, args):
#token = yield SFAManageToken().get_token(self.interface)
args = (name,) + args
printable_args = []
for arg in args:
if is_rspec(arg):
printable_args.append('<rspec>')
elif is_credential(arg):
printable_args.append('<credential>')
elif is_credential_list(arg):
printable_args.append('<credentials>')
elif is_user_list(arg):
printable_args.append('<user list>')
else:
printable_args.append(str(arg))
self.started = time.time()
self.arg0 = printable_args[0]
self.arg1 = printable_args[1:]
Log.debug("SFA CALL %s(%s) - interface = %s" % (printable_args[0], printable_args[1:], self.interface))
print("SFA CALL %s(%s) - interface = %s" % (printable_args[0], printable_args[1:], self.interface))
self.proxy.callRemote(*args).addCallbacks(proxy_success_cb, proxy_error_cb)
ReactorThread().callInReactor(wrap, self, args)
return d
self._count -= 1
if count ==0:
self._callback()
def __call__(self, result):
#print len(result), "results"
self.dec()
cb = Callback(terminate)
#
# cb.inc()
cb.inc()
d1 = execute(proxy, command, parameters, sfa_options, account_config)
d1.callback = cb
# # XXX It seems different errors are triggered depending on the timing
# # time.sleep(0.1)
# d2 = execute(proxy, command, parameters, sfa_options, account_config)
# d2.callback = cb
except Exception, e:
print "Exception:", e
import traceback
traceback.print_exc()
finally:
pass
ReactorThread().start_reactor()
main()
def main(self):
"""
\brief Runs a XMLRPC server
"""
Log.info("XMLRPC server daemon (%s) started." % sys.argv[0])
# NOTE it is important to import those files only after daemonization,
# since they open files we cannot easily preserve
from twisted.web import xmlrpc, server
# SSL support
from OpenSSL import SSL
from twisted.internet import ssl #, reactor
#from twisted.internet.protocol import Factory, Protocol
#from twisted.internet import reactor
# This also imports manifold.util.reactor_thread that uses reactor
from manifold.core.router import Router
assert not (Options().platform and Options().gateway), "Both gateway and platform cannot be specified at commandline"
# This imports twisted code so we need to import it locally
from manifold.core.xmlrpc_api import XMLRPCAPI
# This should be configurable
allowed_capabilities = Capabilities()
allowed_capabilities.selection = True
allowed_capabilities.projection = True
# XXX We should harmonize interfaces between Router and Forwarder
if Options().platform:
platforms = Storage.execute(Query().get('platform'), format='object')
# We pass a single platform to Forwarder
platform = [p for p in platforms if p.name == Options().platform][0]
self.interface = Forwarder(platform, allowed_capabilities)
elif Options().gateway:
# XXX user
# XXX Change Forwarded initializer
#DEPRECATED| platform = Platform(u'dummy', Options().gateway, self.get_gateway_config(Options().gateway), 'user')
platform = Platform(
platform = u'dummy',
gateway_type = Options().gateway,
config = self.get_gateway_config(Options().gateway),
auth_type = 'user'
)
self.interface = Forwarder(platform, allowed_capabilities)
else:
self.interface = Router()
try:
def verifyCallback(connection, x509, errnum, errdepth, ok):
if not ok:
print 'invalid cert from subject:', x509.get_subject()
print errnum, errdepth
return False
else:
print "Certs are fine", x509, x509.get_subject()
return True
ssl_path = Options().ssl_path
if not ssl_path or not os.path.exists(ssl_path):
print ""
print "You need to generate SSL keys and certificate in '%s' to be able to run manifold" % ssl_path
print ""
print "mkdir -p /etc/manifold/keys"
print "openssl genrsa 1024 > /etc/manifold/keys/server.key"
print "chmod 400 /etc/manifold/keys/server.key"
print "openssl req -new -x509 -nodes -sha1 -days 365 -key /etc/manifold/keys/server.key > /etc/manifold/keys/server.cert"
print ""
sys.exit(0)
server_key_file = "%s/server.key" % ssl_path
server_crt_file = "%s/server.cert" % ssl_path
Log.tmp("key, cert=", server_key_file, server_crt_file)
myContextFactory = ssl.DefaultOpenSSLContextFactory(server_key_file, server_crt_file)
ctx = myContextFactory.getContext()
ctx.set_verify(
SSL.VERIFY_PEER, # | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
verifyCallback
)
# Since we have self-signed certs we have to explicitly
# tell the server to trust them.
#ctx.load_verify_locations("keys/ca.pem")
trusted_roots_path = Options().trusted_roots_path
if not trusted_roots_path or not os.path.exists(trusted_roots_path):
Log.warning("No trusted root found in %s. You won't be able to login using SSL client certificates" % trusted_roots_path)
ctx.load_verify_locations(None, ssl_path)
#ReactorThread().listenTCP(Options().xmlrpc_port, server.Site(XMLRPCAPI(self.interface, allowNone=True)))
ReactorThread().listenSSL(Options().xmlrpc_port, server.Site(XMLRPCAPI(self.interface, allowNone=True)), myContextFactory)
ReactorThread().start_reactor()
except Exception, e:
# TODO If database gets disconnected, we can sleep/attempt reconnection
Log.error("Error in XMLRPC API: %s" % str(e))
def __exit__(self, type=None, value=None, traceback=None):
"""
Function called back while leaving a "with" statement.
See http://effbot.org/zone/python-with-statement.htm
"""
ReactorThread().stop_reactor()