def _response(self, msg, state):
''' Send UMCP response to client. If the status code is 250 the
module process is asking for exit. This method forfills the
request.'''
if msg.id not in state.requests and msg.id != -1:
CORE.info('The given response is invalid or not known (%s)' % (msg.id,))
return
state.reset_connection_timeout()
try:
data = str(msg)
# there is no data from another request in the send queue
if not state.resend_queue:
ret = state.socket.send(data)
else:
ret = 0
# not all data could be send; retry later
if ret < len(data):
if not state.resend_queue:
notifier.socket_add(state.socket, self._do_send, notifier.IO_WRITE)
state.resend_queue.append((msg.id, data[ret:]))
else:
if msg.id != -1:
del state.requests[msg.id]
except (SSL.WantReadError, SSL.WantWriteError, SSL.WantX509LookupError):
CRYPT.info('UMCP: SSL error need to re-send chunk')
notifier.socket_add(state.socket, self._do_send, notifier.IO_WRITE)
state.resend_queue.append(data)
except (SSL.SysCallError, SSL.Error, socket.error) as error:
CRYPT.warn('SSL error in _response: %s. Probably the socket was closed by the client.' % str(error))
self._cleanup(state.socket)
except: # close the connection to the client. we can't do anything else
CORE.error('FATAL ERROR: %s' % (traceback.format_exc(),))
self._cleanup(state.socket)
def request( self, msg ): """Sends an UMCP request to the UMC server :param Request msg: the UMCP request to send :raises: :class:`.NotAuthenticatedError` """ if not self.__authenticated and msg.command != 'AUTH': raise NotAuthenticatedError() PROTOCOL.info( 'Sending UMCP %s REQUEST %s' % ( msg.command, msg.id ) ) if self.__ssl and not self.__unix: sock = self.__socket else: sock = self.__realsocket data = str(msg) if sock in self.__resend_queue: self.__resend_queue[ sock ].append( data ) else: self.__resend_queue[ sock ] = [ data ] if self._resend( sock ): notifier.socket_add( sock, self._resend, notifier.IO_WRITE ) self.__unfinishedRequests.append( msg.id )
def response(self, msg):
"""Sends an UMCP response to the client"""
PROTOCOL.info('Sending UMCP RESPONSE %s' % msg.id)
self.__queue += bytes(msg)
if self._do_send(self.__comm):
notifier.socket_add(self.__comm, self._do_send, notifier.IO_WRITE)
def __init__(self, name, fp, callback, logger=None):
signals.Provider.__init__(self)
self.name = name
self.fp = fp
fcntl.fcntl(self.fp.fileno(), fcntl.F_SETFL, os.O_NONBLOCK)
self.callback = callback
self.saved = ''
notifier.socket_add(fp, self._handle_input)
self.signal_new('closed')
def __init__( self, name, fp, callback, logger = None ): signals.Provider.__init__( self ) self.name = name self.fp = fp fcntl.fcntl( self.fp.fileno(), fcntl.F_SETFL, os.O_NONBLOCK ) self.callback = callback self.saved = '' notifier.socket_add( fp, self._handle_input ) self.signal_new( 'closed' )
def new(self, client, socket):
"""Is called by the Server object to announce a new incoming
connection.
:param str client: IP address + port
:param fd socket: a file descriptor or socket object
"""
CORE.info('Established connection: %s' % client)
state = State(client, socket)
state.session.signal_connect('success', notifier.Callback(self._response, state))
self.__states[socket] = state
notifier.socket_add(socket, self._receive)
self._timeout_connection(state)
def new( self, client, socket ): """Is called by the Server object to annouce a new incoming connection. :param str client: IP address + port :param fd socket: a file descriptor or socket object """ CORE.info( 'Established connection: %s' % client ) state = State( client, socket ) state.signal_connect( 'authenticated', self._authenticated ) self.__states[ socket ] = state notifier.socket_add( socket , self._receive ) statistics.connections.new()
def _incoming_connection(self, socket):
socket, addr = socket.accept()
socket.setblocking(0)
if addr:
client = "%s:%d" % (addr[0], addr[1])
else:
client = ""
debug(LOGERROR, "incoming connection: %s" % client)
# create new state
state = {"clientaddr": client, "nextId": 1, "inbuffer": "", "outbuffer": "", "targetdir": "", "filelist": {}}
self._connectionstates[socket] = state
notifier.socket_add(socket, self._receive_data)
return True
def connect( self ): if not self._realsocket or not self._socket: self._init_socket() try: self._socket.connect( ( self._server, self._port ) ) self._socket.setblocking( 0 ) notifier.socket_add( self._socket, self._receive_data ) debug( LOGERROR, 'SSL connection established' ) self._send_setup() except: debug( LOGERROR, 'SSL connection failed' ) self._socket = None notifier.timer_add( 5000, notifier.Callback( self.reconnect ) ) return False return True
def request(self, msg):
"""Sends an UMCP request to the UMC server
:param Request msg: the UMCP request to send
"""
PROTOCOL.info('Sending UMCP %s REQUEST %s' % (msg.command, msg.id))
if self.__ssl and not self.__unix:
sock = self.__socket
else:
sock = self.__realsocket
self.__resend_queue.setdefault(sock, []).append(str(msg))
if self._resend(sock):
notifier.socket_add(sock, self._resend, notifier.IO_WRITE)
self.__unfinishedRequests[msg.id] = msg
def connect(self):
if not self._realsocket or not self._socket:
self._init_socket()
try:
self._socket.connect((self._server, self._port))
self._socket.setblocking(0)
notifier.socket_add(self._socket, self._receive_data)
debug(LOGERROR, 'SSL connection established')
self._send_setup()
except:
debug(LOGERROR, 'SSL connection failed')
self._socket = None
notifier.timer_add(5000, notifier.Callback(self.reconnect))
return False
return True
def _response( self, msg, state ): ''' Send UMCP response to client. If the status code is 250 the module process is asking for exit. This method forfills the request.''' # FIXME: error handling is missing!! if not msg.id in state.requests and msg.id != -1: CORE.info( 'The given response is invalid or not known (%s)' % msg.id ) return try: statistics.requests.inactive() data = str( msg ) # there is not data from another request in the send queue if not state.resend_queue: ret = state.socket.send( data ) else: ret = 0 # not all data could be send; retry later if ret < len( data ): if not state.resend_queue: notifier.socket_add( state.socket, self._do_send, notifier.IO_WRITE ) state.resend_queue.append( ( msg.id, data[ ret : ] ) ) except ( SSL.WantReadError, SSL.WantWriteError, SSL.WantX509LookupError ): CRYPT.info( 'UMCP: SSL error need to re-send chunk' ) notifier.socket_add( state.socket, self._do_send, notifier.IO_WRITE ) state.resend_queue.append( data ) except ( SSL.SysCallError, SSL.Error, socket.error ), error: statistics.connections.inactive() # clean up if not already done if state.socket in self.__states: if state.username in statistics.users: statistics.users.remove( state.username ) CRYPT.warn( 'SSL error: %s. Probably the socket was closed by the client.' % str( error ) ) if state.processor is not None: state.processor.shutdown() notifier.socket_remove( state.socket ) del self.__states[ state.socket ] try: state.socket.close() except: pass return
def _resend( self, sock ): if sock in self.__resend_queue: while len(self.__resend_queue[sock]) > 0: data = str(self.__resend_queue[sock][0]) try: bytessent = sock.send( data ) if bytessent < len(data): # only sent part of message self.__resend_queue[sock][0] = data[ bytessent : ] return True else: del self.__resend_queue[sock][0] except socket.error, e: if e.errno in ( errno.ECONNABORTED, errno.EISCONN, errno.ENOEXEC ): # Error may happen if module process died and server tries to send request at the same time # ECONNABORTED: connection reset by peer # EISCONN: socket not connected # ENOEXEC: bad file descriptor CORE.info( 'Client: _resend: socket is damaged: %s' % str( e ) ) self.signal_emit( 'closed' ) return False if e.errno in (errno.ENOTCONN, errno.EAGAIN): # EAGAIN: Resource temporarily unavailable # ENOTCONN: socket not connected return True raise except ( SSL.WantReadError, SSL.WantWriteError, SSL.WantX509LookupError ), e: return True except SSL.Error, e: CORE.process( 'Client: Setting up SSL configuration failed: %s' % str( e ) ) CORE.process( 'Client: Communication will not be encrypted!' ) save = self.__resend_queue[ self.__socket ] del self.__resend_queue[ self.__socket ] self.__realsocket.shutdown( socket.SHUT_RDWR ) self.__ssl = False self._init_socket() self.__realsocket.connect( ( self.__server, self.__port ) ) self.__realsocket.setblocking( 0 ) self.__resend_queue[ self.__realsocket ] = save notifier.socket_add( self.__realsocket, self._recv ) notifier.socket_add( self.__realsocket, self._resend, notifier.IO_WRITE ) return False
def _incoming_connection( self, socket ):
socket, addr = socket.accept()
socket.setblocking( 0 )
if addr:
client = '%s:%d' % ( addr[ 0 ], addr[ 1 ] )
else:
client = ''
debug( LOGERROR, 'incoming connection: %s' % client )
# create new state
state = { 'clientaddr': client,
'nextId': 1,
'inbuffer': '',
'outbuffer': '',
'targetdir': '',
'filelist': {} }
self._connectionstates[ socket ] = state
notifier.socket_add( socket , self._receive_data )
return True
def connect(self):
# type: () -> None
"""Connects to the UMC server"""
if not self.__realsocket and not self.__socket:
self._init_socket()
assert self.__realsocket
try:
if self.__ssl and not self.__unix:
assert self.__socket
self.__socket.connect((self.__server, self.__port))
self.__socket.setblocking(0)
try:
self.__socket.set_connect_state()
notifier.socket_add(self.__socket, self._recv)
CORE.info('Client.connect: SSL connection established')
except SSL.Error as exc:
CORE.process(
'Client: Setting up SSL configuration failed: %s' %
(exc, ))
self.__realsocket.shutdown(socket.SHUT_RDWR)
self.__realsocket.close()
self.__reconnect_without_ssl()
notifier.socket_add(self.__realsocket, self._recv)
else:
if self.__unix:
self.__realsocket.connect(self.__unix)
else:
self.__realsocket.connect((self.__server, self.__port))
self.__realsocket.setblocking(0)
notifier.socket_add(self.__realsocket, self._recv)
except socket.error as exc:
# ENOENT: file not found, ECONNREFUSED: connection refused
if exc.errno in (errno.ENOENT, errno.ECONNREFUSED):
raise NoSocketError()
raise
def connect( self ): """Connects to the UMC server""" if not self.__realsocket and not self.__socket: self._init_socket() try: if self.__ssl and not self.__unix: self.__socket.connect( ( self.__server, self.__port ) ) self.__socket.setblocking( 0 ) try: self.__socket.set_connect_state() notifier.socket_add( self.__socket, self._recv ) CORE.info( 'Client.connect: SSL connection established' ) except SSL.Error, e: CORE.process( 'Client: Setting up SSL configuration failed: %s' % str( e ) ) CORE.process( 'Client: Communication will not be encrypted!' ) self.__realsocket.shutdown( socket.SHUT_RDWR ) self.__ssl = False self._init_socket() self.__realsocket.connect( ( self.__server, self.__port ) ) self.__realsocket.setblocking( 0 ) notifier.socket_add( self.__realsocket, self._recv ) CORE.info( 'Client.connect: connection established' ) else:
def _client(self, client, socket):
self.__comm = socket
self.__client = client
notifier.socket_add(self.__comm, self._recv)
def __init__(self,
port=6670,
ssl=True,
unix=None,
magic=True,
magicClass=MagicBucket,
load_ressources=True):
'''Initializes the socket to listen for requests'''
signals.Provider.__init__(self)
# loading resources
if load_ressources:
CORE.info('Loading resources ...')
self.reload()
CORE.info('Initialising server process')
self.__port = port
self.__unix = unix
self.__ssl = ssl
if self.__unix:
CORE.info('Using a UNIX socket')
self.__realsocket = socket.socket(socket.AF_UNIX,
socket.SOCK_STREAM)
else:
CORE.info('Using a TCP socket')
try:
self.__realsocket = socket.socket(socket.AF_INET6,
socket.SOCK_STREAM)
except:
CORE.warn(
'Cannot open socket with AF_INET6 (Python reports socket.has_ipv6 is %s), trying AF_INET'
% socket.has_ipv6)
self.__realsocket = socket.socket(socket.AF_INET,
socket.SOCK_STREAM)
self.__realsocket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
self.__realsocket.setblocking(0)
fcntl.fcntl(self.__realsocket.fileno(), fcntl.F_SETFD, 1)
if self.__ssl and not self.__unix:
CORE.info('Setting up SSL configuration')
self.crypto_context = SSL.Context(SSL.TLSv1_METHOD)
self.crypto_context.set_cipher_list(
ucr.get('umc/server/ssl/ciphers', 'DEFAULT'))
self.crypto_context.set_options(SSL.OP_NO_SSLv2)
self.crypto_context.set_options(SSL.OP_NO_SSLv3)
self.crypto_context.set_verify(SSL.VERIFY_PEER,
self.__verify_cert_cb)
dir = '/etc/univention/ssl/%s.%s' % (ucr['hostname'],
ucr['domainname'])
try:
self.crypto_context.use_privatekey_file(
os.path.join(dir, 'private.key'))
self.crypto_context.use_certificate_file(
os.path.join(dir, 'cert.pem'))
self.crypto_context.load_verify_locations(
os.path.join(dir, '/etc/univention/ssl/ucsCA',
'CAcert.pem'))
except SSL.Error as exc:
# SSL is not possible
CRYPT.error('Setting up SSL configuration failed: %s' %
(exc, ))
CRYPT.warn('Communication will not be encrypted!')
self.__ssl = False
self.crypto_context = None
self.__realsocket.bind(('', self.__port))
CRYPT.info('Server listening to unencrypted connections')
self.__realsocket.listen(SERVER_MAX_CONNECTIONS)
if self.crypto_context:
self.connection = SSL.Connection(self.crypto_context,
self.__realsocket)
self.connection.setblocking(0)
self.connection.bind(('', self.__port))
self.connection.set_accept_state()
CRYPT.info('Server listening to SSL connections')
self.connection.listen(SERVER_MAX_CONNECTIONS)
else:
self.crypto_context = None
if self.__unix:
try:
# ensure that the UNIX socket is only accessable by root
old_umask = os.umask(0o077)
self.__realsocket.bind(self.__unix)
# restore old umask
os.umask(old_umask)
except EnvironmentError:
os.unlink(self.__unix)
else:
self.__realsocket.bind(('', self.__port))
CRYPT.info('Server listening to connections')
self.__realsocket.listen(SERVER_MAX_CONNECTIONS)
self.__magic = magic
self.__magicClass = magicClass
self.__bucket = None
if self.__magic:
self.__bucket = self.__magicClass()
else:
self.signal_new('session_new')
if self.__ssl and not self.__unix:
notifier.socket_add(self.connection, self._connection)
else:
notifier.socket_add(self.__realsocket, self._connection)
def _add_to_outbuffer(self, data):
self._outbuffer += data
if self._socket:
notifier.socket_add(self._socket,
self._send_outbuffer,
condition=notifier.IO_WRITE)
button = gtk.Button('Hello World')
button.connect('clicked', hello)
window.add(button)
button.show()
window.show()
# notifier-timer testfunction
def timer_test():
print "timer_test"
# notifier.dispatcher_add( notifier.Callback( dispatcher_test, 1, 2, 3 ) )
return True
def dispatcher_test(a, b, c):
# print 'dispatcher', a, b, c
return True
def _stdin(fd):
notifier.socket_remove(0)
return False
notifier.socket_add(0, _stdin)
notifier.timer_add(4000, notifier.Callback(timer_test))
notifier.dispatcher_add(notifier.Callback(dispatcher_test, 1, 2, 3))
notifier.loop()
def __init__(self, port=7450):
self._port = port
self._connectionstates = {}
self._ack_queue = []
self._targetdir = "/root/log/"
if baseconfig.has_key("logcollector/targetdir"):
self._targetdir = baseconfig["logcollector/targetdir"]
else:
debug(LOGERROR, 'WARNING: baseconfig variable "logcollector/targetdir" is not set')
debug(LOGERROR, 'WARNING: using "logcollector/targetdir=%s" as default' % self._targetdir)
self._logrot_keepcnt = 99
if baseconfig.has_key("logcollector/logrotation/keepcount"):
try:
self._logrot_keepcnt = int(baseconfig["logcollector/logrotation/keepcount"])
except:
debug(
LOGERROR, 'WARNING: baseconfig variable "logcollector/logrotation/keepcount" contains invalid value'
)
sys.exit(1)
else:
debug(LOGERROR, 'WARNING: baseconfig variable "logcollector/logrotation/keepcount" is not set')
debug(LOGERROR, 'WARNING: using "logcollector/logrotation/keepcount=%s" as default' % self._logrot_keepcnt)
self._logrot_maxsize = ""
if baseconfig.has_key("logcollector/logrotation/maxsize"):
try:
self._logrot_maxsize = baseconfig["logcollector/logrotation/maxsize"]
except:
pass
if not self._logrot_maxsize:
self._logrot_maxsize = "10M"
debug(LOGERROR, 'WARNING: baseconfig variable "logcollector/logrotation/maxsize" is not set')
debug(LOGERROR, 'WARNING: using "logcollector/logrotation/maxsize=%s" as default' % self._logrot_maxsize)
multi = ""
if self._logrot_maxsize[-1].upper() in "KMG":
multi = self._logrot_maxsize[-1].upper()
self._logrot_maxsize = self._logrot_maxsize[:-1]
try:
val = int(self._logrot_maxsize[:-1])
except:
val = 10
multi = "M"
if multi == "K":
val *= 1024
elif multi == "M":
val *= 1024 * 1024
elif multi == "G":
val *= 1024 * 1024 * 1024
self._logrot_maxsize = val
self._realsocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self._realsocket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
self._realsocket.setblocking(0)
fcntl.fcntl(self._realsocket.fileno(), fcntl.F_SETFD, 1)
self.crypto_context = SSL.Context(SSL.SSLv23_METHOD)
self.crypto_context.set_cipher_list("DEFAULT")
self.crypto_context.set_options(SSL.OP_NO_SSLv2)
self.crypto_context.set_verify(SSL.VERIFY_PEER, self._verify_cert_cb)
dir = "/etc/univention/ssl/%s" % baseconfig["hostname"]
self.crypto_context.use_privatekey_file(os.path.join(dir, "private.key"))
self.crypto_context.use_certificate_file(os.path.join(dir, "cert.pem"))
self.crypto_context.load_verify_locations(os.path.join(dir, "/etc/univention/ssl/ucsCA", "CAcert.pem"))
self.connection = SSL.Connection(self.crypto_context, self._realsocket)
self.connection.setblocking(0)
self.connection.bind(("", self._port))
debug(LOGDEBUG, "Server listening to SSL connects")
self.connection.listen(20)
notifier.socket_add(self.connection, self._incoming_connection)
def __enter__(self):
CORE.info('Initialising server process')
if self.__unix:
CORE.info('Using a UNIX socket')
self.__realunixsocket = socket.socket(socket.AF_UNIX,
socket.SOCK_STREAM)
if self.__port:
CORE.info('Using a TCP socket')
try:
self.__realtcpsocket = socket.socket(socket.AF_INET6,
socket.SOCK_STREAM)
except Exception:
CORE.warn(
'Cannot open socket with AF_INET6 (Python reports socket.has_ipv6 is %s), trying AF_INET'
% socket.has_ipv6)
self.__realtcpsocket = socket.socket(socket.AF_INET,
socket.SOCK_STREAM)
for sock in (self.__realtcpsocket, self.__realunixsocket):
if sock is None:
continue
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.setblocking(0)
fd = sock.fileno()
flags = fcntl.fcntl(fd, fcntl.F_GETFD)
fcntl.fcntl(fd, fcntl.F_SETFD, flags | fcntl.FD_CLOEXEC)
if self.__ssl and self.__port:
CORE.info('Setting up SSL configuration')
self.crypto_context = SSL.Context(SSL.TLSv1_METHOD)
self.crypto_context.set_cipher_list(
ucr.get('umc/server/ssl/ciphers', 'DEFAULT'))
self.crypto_context.set_options(SSL.OP_NO_SSLv2)
self.crypto_context.set_options(SSL.OP_NO_SSLv3)
self.crypto_context.set_verify(SSL.VERIFY_PEER,
self.__verify_cert_cb)
dir = '/etc/univention/ssl/%s.%s' % (ucr['hostname'],
ucr['domainname'])
try:
self.crypto_context.use_privatekey_file(
os.path.join(dir, 'private.key'))
self.crypto_context.use_certificate_file(
os.path.join(dir, 'cert.pem'))
self.crypto_context.load_verify_locations(
'/etc/univention/ssl/ucsCA/CAcert.pem')
except SSL.Error as exc:
# SSL is not possible
CRYPT.error('Setting up SSL configuration failed: %s' %
(exc, ))
CRYPT.warn('Communication will not be encrypted!')
self.__ssl = False
self.crypto_context = None
self.__realtcpsocket.bind(('', self.__port))
CRYPT.info('Server listening to unencrypted connections')
self.__realtcpsocket.listen(SERVER_MAX_CONNECTIONS)
if self.crypto_context:
self.connection = SSL.Connection(self.crypto_context,
self.__realtcpsocket)
self.connection.setblocking(0)
self.connection.bind(('', self.__port))
self.connection.set_accept_state()
CRYPT.info('Server listening to SSL connections')
self.connection.listen(SERVER_MAX_CONNECTIONS)
elif not self.__ssl and self.__port:
self.crypto_context = None
self.__realtcpsocket.bind(('', self.__port))
CRYPT.info('Server listening to TCP connections')
self.__realtcpsocket.listen(SERVER_MAX_CONNECTIONS)
if self.__unix:
# ensure that the UNIX socket is only accessible by root
old_umask = os.umask(0o077)
try:
self.__realunixsocket.bind(self.__unix)
except EnvironmentError:
if os.path.exists(self.__unix):
os.unlink(self.__unix)
finally:
# restore old umask
os.umask(old_umask)
CRYPT.info('Server listening to UNIX connections')
self.__realunixsocket.listen(SERVER_MAX_CONNECTIONS)
if self.__processes != 1:
self._children = multiprocessing.Manager().dict()
try:
self._child_number = process.fork_processes(
self.__processes, 0)
except RuntimeError as exc:
CORE.warn('Child process died: %s' % (exc, ))
os.kill(os.getpid(), signal.SIGTERM)
raise SystemExit(str(exc))
if self._child_number is not None:
self._children[self._child_number] = os.getpid()
if self.__magic:
self.__bucket = self.__magicClass()
else:
self.signal_new('session_new')
if self.__ssl:
notifier.socket_add(self.connection, self._connection)
if (not self.__ssl and self.__port):
notifier.socket_add(self.__realtcpsocket, self._connection)
if self.__unix:
notifier.socket_add(self.__realunixsocket, self._connection)
return self
def _add_to_outbuffer( self, sock, data ): self._connectionstates[ sock ][ 'outbuffer' ] += data notifier.socket_add( sock, self._send_outbuffer, condition = notifier.IO_WRITE )
def _resend(self, sock):
# type: (socket.socket) -> bool
while self.__resend_queue.get(sock):
data = bytes(self.__resend_queue[sock][0])
try:
bytessent = sock.send(data)
if bytessent < len(data):
# only sent part of message
self.__resend_queue[sock][0] = data[bytessent:]
return True
else:
del self.__resend_queue[sock][0]
except socket.error as exc:
if exc.errno in (errno.ECONNABORTED, errno.EISCONN,
errno.ENOEXEC, errno.EBADF, errno.EPIPE,
errno.ECONNRESET):
# Error may happen if module process died and server tries to send request at the same time
# ECONNABORTED: connection reset by peer
# EISCONN: socket not connected
# ENOEXEC: bad file descriptor (?)
# EBADF: bad file descriptor
# EPIPE: broken pipe
# ECONNRESET: Connection reset by peer
CORE.info('Client: _resend: socket is damaged: %s' %
str(exc))
self.signal_emit('closed')
return False
if exc.errno in (errno.ENOTCONN, errno.EAGAIN):
# EAGAIN: Resource temporarily unavailable
# ENOTCONN: socket not connected
return True
raise
except (SSL.WantReadError, SSL.WantWriteError,
SSL.WantX509LookupError):
return True
except SSL.Error as sslexc:
CORE.process('Client: Sending via SSL connection failed: %s' %
(sslexc, ))
save = self.__resend_queue.pop(self.__socket, None)
try:
if self.__realsocket:
self.__realsocket.shutdown(socket.SHUT_RDWR)
self.__realsocket.close()
except socket.error as exc:
CORE.process(
'Client: could not shutdown socket (not yet connected): %s'
% (exc, ))
try:
self.__reconnect_without_ssl()
except socket.error as exc:
CORE.info('Client: reconnecting failed: %s' %
(exc, )) # [Errno 111] Connection refused
if exc.errno in (errno.ENOENT, errno.ECONNREFUSED):
self.signal_emit('closed')
return False
raise
if save is not None:
self.__resend_queue[self.__realsocket] = save
notifier.socket_add(self.__realsocket, self._recv)
notifier.socket_add(self.__realsocket, self._resend,
notifier.IO_WRITE)
return False
if sock in self.__resend_queue and not self.__resend_queue[sock]:
del self.__resend_queue[sock]
return False
def __init__( self, port = 7450 ):
self._port = port
self._connectionstates = {}
self._ack_queue = []
self._targetdir = '/root/log/'
if baseconfig.has_key('logcollector/targetdir'):
self._targetdir = baseconfig[ 'logcollector/targetdir' ]
else:
debug( LOGERROR, 'WARNING: baseconfig variable "logcollector/targetdir" is not set' )
debug( LOGERROR, 'WARNING: using "logcollector/targetdir=%s" as default' % self._targetdir )
self._logrot_keepcnt = 99
if baseconfig.has_key('logcollector/logrotation/keepcount'):
try:
self._logrot_keepcnt = int(baseconfig[ 'logcollector/logrotation/keepcount' ])
except:
debug( LOGERROR, 'WARNING: baseconfig variable "logcollector/logrotation/keepcount" contains invalid value' )
sys.exit(1)
else:
debug( LOGERROR, 'WARNING: baseconfig variable "logcollector/logrotation/keepcount" is not set' )
debug( LOGERROR, 'WARNING: using "logcollector/logrotation/keepcount=%s" as default' % self._logrot_keepcnt )
self._logrot_maxsize = ''
if baseconfig.has_key('logcollector/logrotation/maxsize'):
try:
self._logrot_maxsize = baseconfig[ 'logcollector/logrotation/maxsize' ]
except:
pass
if not self._logrot_maxsize:
self._logrot_maxsize = '10M'
debug( LOGERROR, 'WARNING: baseconfig variable "logcollector/logrotation/maxsize" is not set' )
debug( LOGERROR, 'WARNING: using "logcollector/logrotation/maxsize=%s" as default' % self._logrot_maxsize )
multi = ''
if self._logrot_maxsize[-1].upper() in 'KMG':
multi = self._logrot_maxsize[-1].upper()
self._logrot_maxsize = self._logrot_maxsize[:-1]
try:
val = int(self._logrot_maxsize[:-1])
except:
val = 10
multi = 'M'
if multi == 'K':
val *= 1024
elif multi == 'M':
val *= 1024 * 1024
elif multi == 'G':
val *= 1024 * 1024 * 1024
self._logrot_maxsize = val
self._realsocket = socket.socket( socket.AF_INET, socket.SOCK_STREAM )
self._realsocket.setsockopt( socket.SOL_SOCKET, socket.SO_REUSEADDR, 1 )
self._realsocket.setblocking( 0 )
fcntl.fcntl(self._realsocket.fileno(), fcntl.F_SETFD, 1)
self.crypto_context = SSL.Context( SSL.SSLv23_METHOD )
self.crypto_context.set_cipher_list('DEFAULT')
self.crypto_context.set_options( SSL.OP_NO_SSLv2 )
self.crypto_context.set_verify( SSL.VERIFY_PEER, self._verify_cert_cb )
dir = '/etc/univention/ssl/%s' % baseconfig[ 'hostname' ]
self.crypto_context.use_privatekey_file( os.path.join( dir, 'private.key' ) )
self.crypto_context.use_certificate_file( os.path.join( dir, 'cert.pem' ) )
self.crypto_context.load_verify_locations( os.path.join( dir, '/etc/univention/ssl/ucsCA', 'CAcert.pem' ) )
self.connection = SSL.Connection( self.crypto_context , self._realsocket )
self.connection.setblocking(0)
self.connection.bind( ( '', self._port ) )
debug( LOGDEBUG, 'Server listening to SSL connects' )
self.connection.listen( 20 )
notifier.socket_add( self.connection, self._incoming_connection )
def _add_to_outbuffer( self, data ): self._outbuffer += data if self._socket: notifier.socket_add( self._socket, self._send_outbuffer, condition = notifier.IO_WRITE )
def _add_to_outbuffer(self, sock, data):
self._connectionstates[sock]["outbuffer"] += data
notifier.socket_add(sock, self._send_outbuffer, condition=notifier.IO_WRITE)
CORE.process( 'Client: Setting up SSL configuration failed: %s' % str( e ) ) CORE.process( 'Client: Communication will not be encrypted!' ) self.__realsocket.shutdown( socket.SHUT_RDWR ) self.__ssl = False self._init_socket() self.__realsocket.connect( ( self.__server, self.__port ) ) self.__realsocket.setblocking( 0 ) notifier.socket_add( self.__realsocket, self._recv ) CORE.info( 'Client.connect: connection established' ) else: if self.__unix: self.__realsocket.connect( self.__unix ) else: self.__realsocket.connect( ( self.__server, self.__port ) ) self.__realsocket.setblocking( 0 ) notifier.socket_add( self.__realsocket, self._recv ) except socket.error, e: # ENOENT: file not found, ECONNREFUSED: connection refused if e.errno in ( errno.ENOENT, errno.ECONNREFUSED ): raise NoSocketError() raise e def _resend( self, sock ): if sock in self.__resend_queue: while len(self.__resend_queue[sock]) > 0: data = str(self.__resend_queue[sock][0]) try: bytessent = sock.send( data ) if bytessent < len(data): # only sent part of message self.__resend_queue[sock][0] = data[ bytessent : ]
import os, sys #import twisted import notifier notifier.init( notifier.TWISTED ) def hello( *args ): print 'Hello World' # notifier-timer testfunction def timer_test(): print "timer_test" # notifier.dispatcher_add( notifier.Callback( dispatcher_test, 1, 2, 3 ) ) return True def dispatcher_test( a, b, c ): print 'dispatcher', a, b, c return True def _stdin( fd ): print 'read: ' + os.read( fd, 512 ) notifier.socket_remove( 0 ) return False notifier.socket_add( 0, _stdin ) notifier.timer_add( 4000, notifier.Callback( timer_test ) ) notifier.dispatcher_add( notifier.Callback( dispatcher_test, 1, 2, 3 ) ) notifier.loop()
os.unlink( self.__unix ) else: self.__realsocket.bind( ( '', self.__port ) ) CRYPT.info( 'Server listening to connections' ) self.__realsocket.listen( SERVER_MAX_CONNECTIONS ) self.__magic = magic self.__magicClass = magicClass self.__bucket = None if self.__magic: self.__bucket = self.__magicClass() else: self.signal_new( 'session_new' ) if self.__ssl and not self.__unix: notifier.socket_add( self.connection, self._connection ) else: notifier.socket_add( self.__realsocket, self._connection ) def __del__( self ): if self.__bucket: del self.__bucket def __verify_cert_cb( self, conn, cert, errnum, depth, ok ): CORE.info( '__verify_cert_cb: Got certificate: %s' % cert.get_subject() ) CORE.info( '__verify_cert_cb: Got certificate issuer: %s' % cert.get_issuer() ) CORE.info( '__verify_cert_cb: errnum=%d depth=%d ok=%d' % (errnum, depth, ok) ) return ok def _get_ucr_inotify_callback(self): ''' returns a function which calls an event to reload UCR Variables if they have changed '''
