def save_options(program, interface, argv, tmp=False): """Saves program options. Persistence options are stripped before saving to prevent rewriting identical options when they are loaded and run. Args: program: The program for which to save options. interface: The interface for which to save options. argv: The options to save. tmp: Whether to save options to /tmp or _CONFIG_DIR. """ to_save = { 'argv': [arg for arg in argv if arg not in ('-P', '--persist')], 'env': {}, } # Also save important environment variables. if program == 'hostapd' and 'WIFI_PSK' in os.environ: to_save['env']['WIFI_PSK'] = utils.validate_and_sanitize_psk( os.environ['WIFI_PSK']) if program == 'wpa_supplicant' and 'WIFI_CLIENT_PSK' in os.environ: to_save['env']['WIFI_CLIENT_PSK'] = utils.validate_and_sanitize_psk( os.environ['WIFI_CLIENT_PSK']) utils.atomic_write( utils.get_filename(program, utils.FILENAME_KIND.options, interface, tmp=tmp), repr(to_save))
def _maybe_restart_hostapd(interface, config, opt): """Starts or restarts hostapd unless doing so would be a no-op. The no-op case (i.e. hostapd is already running with an equivalent config) can be overridden with --force-restart. Args: interface: The interface on which to start hostapd. config: A hostapd configuration, as a string. opt: The OptDict parsed from command line options. Returns: Whether hostapd was started successfully. Raises: BinWifiException: On various errors. """ tmp_config_filename = utils.get_filename('hostapd', utils.FILENAME_KIND.config, interface, tmp=True) forced = False current_config = None try: with open(tmp_config_filename) as tmp_config_file: current_config = tmp_config_file.read() except IOError: pass if not _is_hostapd_running(interface): utils.log('hostapd not running yet, starting.') elif current_config != config: utils.log('hostapd config changed, restarting.') elif opt.force_restart: utils.log('Forced restart requested.') forced = True else: utils.log('hostapd-%s already configured and running', interface) return True if not _stop_hostapd(interface): raise utils.BinWifiException("Couldn't stop hostapd") # Set or unset 4-address mode. This has to be done while hostapd is down. utils.log('%s 4-address mode', 'Enabling' if opt.wds else 'Disabling') iw.set_4address_mode(interface, opt.wds) # We don't want to try to rewrite this file if this is just a forced restart. if not forced: utils.atomic_write(tmp_config_filename, config) if not _start_hostapd(interface, tmp_config_filename, opt.band, opt.ssid): utils.log( 'hostapd failed to start. Look at hostapd logs for details.') return False return True
def confirm_job(self, job_data, status='ok', status_message='', admin_message=''): status_data = {"status": status} if status_message: status_data["status_message"] = status_message if admin_message: status_data["admin_message"] = admin_message job_data.update(status_data) try: data = json.dumps(job_data, separators=(',', ':')) except (JSONDecodeError, ValueError) as err: self.logger.critical("Failed to create output json: {}".format( str(err))) else: confirm_file_name = join(self.job_folder, self.current_job + Ninja.CONFIRM_FILE_EXT) if atomic_write(data, confirm_file_name): self.logger.info( "Confirmation file successfully written: {}".format( confirm_file_name)) else: self.logger.critical( "Failed to create confirmation file: {}".format( confirm_file_name))
def atomic_save(): try: path = os.path.join(self.directory, '{0}.{1}'.format(filename, self.serializer.name or 'custom')) with atomic_write(path, 'wb') as handle: self.serializer.dump(data, handle) return True except (OSError, IOError): return False
def atomic_save(): try: path = os.path.join( self.directory, '{0}.{1}'.format(filename, self.serializer.name or 'custom')) with atomic_write(path, 'wb') as handle: self.serializer.dump(data, handle) return True except (OSError, IOError): return False
def atomic_save(): try: data = {} data.update(self) with lock(self._path): with atomic_write(self._path, 'wb') as handle: json.dump(data, handle, sort_keys=True, indent=2, encoding='utf-8') return True except (OSError, IOError): return False
def atomic_save(): try: path = os.path.join( self.directory, '{0}.{1}'.format(filename, self.serializer.name or 'custom')) settings = os.path.join(self.workflow.directory, 'settings.json') if path == settings: raise SerializationException( 'Settings file is maintained automatically') with atomic_write(path, 'wb') as handle: self.serializer.dump(data, handle) return True except (OSError, IOError): return False
def _set_wpa_supplicant_config(interface, config, opt): """Starts or restarts wpa_supplicant unless doing so would be a no-op. The no-op case (i.e. wpa_supplicant is already running with an equivalent config) can be overridden with --force-restart. Args: interface: The interface on which to start wpa_supplicant. config: A wpa_supplicant configuration, as a string. opt: The OptDict parsed from command line options. Returns: Whether wpa_supplicant was started successfully. Raises: BinWifiException: On various errors. """ tmp_config_filename = utils.get_filename('wpa_supplicant', utils.FILENAME_KIND.config, interface, tmp=True) forced = False current_config = None band = opt.band try: with open(tmp_config_filename) as tmp_config_file: current_config = tmp_config_file.read() except IOError: pass already_running = _is_wpa_supplicant_running(interface) if not already_running: utils.log('wpa_supplicant not running yet, starting.') elif current_config != config: # TODO(rofrankel): Consider using wpa_cli reconfigure here. utils.log('wpa_supplicant config changed, reconfiguring.') elif opt.force_restart: utils.log('Forced restart requested.') forced = True else: utils.log('wpa_supplicant-%s already configured and running', interface) return True if not forced: utils.atomic_write(tmp_config_filename, config) # TODO(rofrankel): Consider removing all the restart hostapd stuff when # b/30140131 is resolved. hostapd seems to keep working without being # restarted, at least on Camaro. restart_hostapd = False ap_interface = iw.find_interface_from_band(band, iw.INTERFACE_TYPE.ap, opt.interface_suffix) if _is_hostapd_running(ap_interface): restart_hostapd = True opt_without_persist = options.OptDict({}) opt_without_persist.persist = False opt_without_persist.band = opt.band opt_without_persist.interface_suffix = opt.interface_suffix if not stop_ap_wifi(opt_without_persist): raise utils.BinWifiException( "Couldn't stop hostapd to start wpa_supplicant.") if already_running: subprocess.check_call(['ifdown', interface]) subprocess.check_call( ['/etc/ifplugd/ifplugd.action', interface, 'down']) if not _reconfigure_wpa_supplicant(interface): raise utils.BinWifiException( 'Failed to reconfigure wpa_supplicant.') subprocess.check_call(['ifup', interface]) subprocess.check_call(['/etc/ifplugd/ifplugd.action', interface, 'up']) elif not _start_wpa_supplicant(interface, tmp_config_filename): raise utils.BinWifiException( 'wpa_supplicant failed to start. Look at wpa_supplicant logs for ' 'details.') if restart_hostapd: _restart_hostapd(ap_interface) return True
def set_wifi(opt): """Set up an access point in response to the 'set' command. Args: opt: The OptDict parsed from command line options. Returns: Whether setting up the AP succeeded. Raises: BinWifiException: On various errors. """ band = opt.band width = opt.width channel = opt.channel autotype = opt.autotype protocols = set(opt.protocols.split('/')) utils.validate_set_wifi_options(opt) psk = None if opt.encryption == 'WEP' or '_PSK_' in opt.encryption: psk = os.environ['WIFI_PSK'] if band == '5' and quantenna.set_wifi(opt): return True if iw.RUNNABLE_WL() and not iw.RUNNABLE_IW(): _set_wifi_broadcom(opt) return True if not iw.RUNNABLE_IW(): raise utils.BinWifiException("Can't proceed without iw") # If this phy is running client mode, we need to use its width/channel. phy = iw.find_phy(band, channel) if phy is None: raise utils.BinWifiException('no wifi phy for band=%s channel=%s', band, channel) # Check for calibration errors on ath10k. qca9880_cal.qca8990_calibration() mwifiex.set_recovery(experiment.enabled('MwifiexFirmwareRecovery')) client_interface = iw.find_interface_from_phy(phy, iw.INTERFACE_TYPE.client, opt.interface_suffix) if (client_interface is not None and _is_wpa_supplicant_running(client_interface)): # Wait up to ten seconds for interface width and channel to be available # (only relevant if wpa_supplicant was started recently). # TODO(rofrankel): Consider shortcutting this loop if wpa_cli shows status # is SCANNING (and other values)? utils.log( 'Client running on same band; finding its width and channel.') for _ in xrange(50): client_band = _get_wpa_band(client_interface) client_width, client_channel = iw.find_width_and_channel( client_interface) sys.stderr.write('.') sys.stderr.flush() if None not in (client_band, client_width, client_channel): band, width, channel = client_band, client_width, client_channel utils.log( 'Using band=%s, channel=%s, width=%s MHz from client', band, channel, width) break time.sleep(0.2) else: utils.log("Couldn't find band, width, and channel used by client " "(it may not be connected)") interface = iw.find_interface_from_phy(phy, iw.INTERFACE_TYPE.ap, opt.interface_suffix) if interface is None: raise utils.BinWifiException( 'no wifi interface found for band=%s channel=%s suffix=%s', band, channel, opt.interface_suffix) for ap_interface in iw.find_all_interfaces_from_phy( phy, iw.INTERFACE_TYPE.ap): if not _is_hostapd_running(ap_interface): continue if ap_interface == interface: continue # TODO(rofrankel): Figure out what to do about width. Unlike channel, # there's no 'auto' default; we don't know if 20 was requested or just # defaulted to. So it's not clear whether to override the other AP's # choice. _, other_ap_channel = iw.find_width_and_channel(ap_interface) if channel == 'auto': channel = other_ap_channel else: _restart_hostapd(ap_interface, '-c', channel) utils.log('interface: %s', interface) utils.log('Configuring cfg80211 wifi.') pid_filename = utils.get_filename('hostapd', utils.FILENAME_KIND.pid, interface, tmp=True) utils.log('pidfile: %s', pid_filename) autotype_filename = '/tmp/autotype.%s' % interface band_filename = '/tmp/band.%s' % interface width_filename = '/tmp/width.%s' % interface autochan_filename = '/tmp/autochan.%s' % interface old_autotype = utils.read_or_empty(autotype_filename) old_band = utils.read_or_empty(band_filename) old_width = utils.read_or_empty(width_filename) # Special case: if autochannel enabled and we've done it before, just use the # old autochannel. The main reason for this is we may not be able to run the # autochannel algorithm without stopping hostapd first, which defeats the code # that tries not to restart hostapd unnecessarily. if (channel == 'auto' and (autotype, band, width) == (old_autotype, old_band, old_width)): # ...but only if not forced mode. If it's forced, don't use the old # value, but don't wipe it either. if not opt.force_restart: autochan = utils.read_or_empty(autochan_filename) if autochan and int(autochan) > 0: utils.log('Reusing old autochannel=%s', autochan) channel = autochan else: # forget old autochannel setting if os.path.exists(autochan_filename): try: os.remove(autochan_filename) except OSError: utils.log('Failed to remove autochan file.') if channel == 'auto': utils.atomic_write(autochan_filename, '') try: channel = autochannel.scan(interface, band, autotype, width) except ValueError as e: raise utils.BinWifiException('Autochannel scan failed: %s', e) utils.atomic_write(autochan_filename, channel) utils.atomic_write(autotype_filename, autotype) utils.atomic_write(band_filename, band) utils.atomic_write(width_filename, width) utils.log('using channel=%s', channel) try: utils.log('getting phy info...') with open(os.devnull, 'w') as devnull: try: phy_info = subprocess.check_output(('iw', 'phy', phy, 'info'), stderr=devnull) except subprocess.CalledProcessError as e: raise utils.BinWifiException( 'Failed to get phy info for phy %s: %s', phy, e) hostapd_config = configs.generate_hostapd_config( phy_info, interface, band, channel, width, protocols, psk, opt) except ValueError as e: raise utils.BinWifiException('Invalid option: %s', e) return _maybe_restart_hostapd(interface, hostapd_config, opt)
def main(): """The entrypoint for osg-incommon-cert-request """ global args try: args = parse_cli() config_parser = ConfigParser.ConfigParser() config_parser.readfp(StringIO(CONFIG_TEXT)) CONFIG = dict(config_parser.items('InCommon')) if args.orgcode: codes = [code.strip() for code in args.orgcode.split(',')] CONFIG['organization'] = codes[0] CONFIG['department'] = codes[1] print("Using organization code of %s and department code of %s" % (CONFIG['organization'], CONFIG['department'])) utils.check_permissions(args.write_directory) if args.test: print("Beginning testing mode: ignoring optional parameters.") print("=" * 60) # Creating SSLContext with cert and key provided # usercert and userprivkey are already validated by utils.findusercred ssl_context = cert_utils.get_ssl_context(usercert=args.usercert, userkey=args.userprivkey) restclient = InCommonApiClient(CONFIG['apiurl'], ssl_context) if args.test: test_incommon_connection(CONFIG, restclient) restclient.close_connection() sys.exit(0) print("Beginning certificate request") print("=" * 60) #Create tuple(s) either with a single hostname and altnames or with a set of hostnames and altnames from the hostfile if args.hostname: hosts = [tuple([args.hostname.strip()] + args.altnames)] else: with open(args.hostfile, 'rb') as hosts_file: host_lines = hosts_file.readlines() hosts = [ tuple(line.split()) for line in host_lines if line.strip() ] requests = list() csrs = list() print( "The following Common Name (CN) and Subject Alternative Names (SANS) have been specified: " ) # Building the lists with certificates --> utils.Csr(object) for host in set(hosts): common_name = host[0] sans = host[1:] print("CN: %s, SANS: %s" % (common_name, sans)) csr_obj = cert_utils.Csr(common_name, output_dir=args.write_directory, altnames=sans) logger.debug(csr_obj.x509request.as_text()) csrs.append(csr_obj) print("=" * 60) for csr in csrs: subj = str(csr.x509request.get_subject()) print("Requesting certificate for %s: " % subj) response_request = submit_request(CONFIG, restclient, subj, csr.base64_csr(), sans=csr.altnames) # response_request stores the sslId for the certificate request if response_request: requests.append(tuple([response_request, subj])) print("Request successful. Writing key file at: %s" % csr.keypath) csr.write_pkey() else: print("Request failed for %s" % subj) print("-" * 60) # Closing the restclient connection before going idle waiting for approval restclient.close_connection() print("%s certificate(s) was(were) requested successfully." % len(requests)) print("Waiting %s seconds for requests approval..." % WAIT_APPROVAL) time.sleep(WAIT_APPROVAL) print("\nStarting certificate retrieval") print("=" * 60) # Certificate retrieval has to retry until it gets the certificate # A restclient (InCommonApiClient) needs to be created for each retrieval attempt for request in requests: subj = request[1] print("Retrieving certificate for %s: " % subj) response_retrieve = retrieve_cert(CONFIG, ssl_context, request[0]) if response_retrieve is not None: cert_path = os.path.join(args.write_directory, subj.split("=")[1] + '-cert.pem') print("Retrieval successful. Writing certificate file at: %s" % cert_path) utils.safe_rename(cert_path) utils.atomic_write(cert_path, response_retrieve) os.chmod(cert_path, 0644) else: print("Retrieval failure for %s" % subj) print( "The certificate can be retrieved directly from the InCommon Cert Manager interface." ) print("CN %s, Self-enrollment Certificate ID (sslId): %s" % (subj, request[0])) print("-" * 60) except SystemExit: raise except ValueError as exc: sys.exit(exc) except KeyboardInterrupt as exc: print(str(exc)) sys.exit('''Interrupted by user\n''') except KeyError as exc: print(prog + ": error: " + "Key %s not found in dictionary" % exc) sys.exit(1) except FileNotFoundException as exc: print(prog + ": error: " + str(exc) + ':' + exc.filename) sys.exit(1) except SSLError as exc: print(prog + ": " + str(exc)) sys.exit('Please check for valid certificate.\n') except (IOError, FileWriteException, BadPassphraseException, AttributeError, EnvironmentError, ValueError, EOFError, SSLError, AuthenticationFailureException) as exc: print(prog + ": error: " + str(exc)) sys.exit(1) except httplib.HTTPException as exc: print(str(exc)) sys.exit(1) except Exception: traceback.print_exc() sys.exit(1) sys.exit(0)