author | Edouard Tisserant |
Wed, 19 Dec 2018 10:48:53 +0100 | |
changeset 2473 | 1d64d283d0bd |
parent 2339 | 48b4eba13064 |
child 2492 | 7dd551ac2fa0 |
permissions | -rw-r--r-- |
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
1 |
import os |
2328
7eb6cb70bf5b
PSK : Stunnel and/or OpenSSL (undocumented) handles PSK better without special chars, apparently
Edouard Tisserant
parents:
2325
diff
changeset
|
2 |
from binascii import b2a_hqx |
2339
48b4eba13064
IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented.
Edouard Tisserant
parents:
2328
diff
changeset
|
3 |
try: |
48b4eba13064
IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented.
Edouard Tisserant
parents:
2328
diff
changeset
|
4 |
from runtime.spawn_subprocess import call |
48b4eba13064
IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented.
Edouard Tisserant
parents:
2328
diff
changeset
|
5 |
except ImportError: |
48b4eba13064
IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented.
Edouard Tisserant
parents:
2328
diff
changeset
|
6 |
from subprocess import call |
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
7 |
|
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
8 |
restart_stunnel_cmdline = ["/etc/init.d/S50stunnel","restart"] |
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
9 |
|
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
10 |
_PSKpath = None |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
11 |
|
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
12 |
def PSKgen(ID, PSKpath): |
2323
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
13 |
|
2328
7eb6cb70bf5b
PSK : Stunnel and/or OpenSSL (undocumented) handles PSK better without special chars, apparently
Edouard Tisserant
parents:
2325
diff
changeset
|
14 |
# b2a_hqx output len is 4/3 input len |
7eb6cb70bf5b
PSK : Stunnel and/or OpenSSL (undocumented) handles PSK better without special chars, apparently
Edouard Tisserant
parents:
2325
diff
changeset
|
15 |
secret = os.urandom(192) # int(256/1.3333) |
7eb6cb70bf5b
PSK : Stunnel and/or OpenSSL (undocumented) handles PSK better without special chars, apparently
Edouard Tisserant
parents:
2325
diff
changeset
|
16 |
secretstring = b2a_hqx(secret) |
2323
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
17 |
|
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
18 |
PSKstring = ID+":"+secretstring |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
19 |
with open(PSKpath, 'w') as f: |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
20 |
f.write(PSKstring) |
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
21 |
call(restart_stunnel_cmdline) |
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
22 |
|
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
23 |
def ensurePSK(ID, PSKpath): |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
24 |
global _PSKpath |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
25 |
_PSKpath = PSKpath |
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
26 |
# check if already there |
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
27 |
if not os.path.exists(PSKpath): |
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
28 |
# create if needed |
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
29 |
PSKgen(ID, PSKpath) |
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
30 |
|
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
31 |
def getPSKID(): |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
32 |
if _PSKpath is not None : |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
33 |
if not os.path.exists(_PSKpath): |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
34 |
confnodesroot.logger.write_error( |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
35 |
'Error: Pre-Shared-Key Secret in %s is missing!\n' % _PSKpath) |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
36 |
return None |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
37 |
ID,_sep,PSK = open(_PSKpath).read().partition(':') |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
38 |
PSK = PSK.rstrip('\n\r') |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
39 |
return (ID,PSK) |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
40 |
return None |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
41 |