| author | Edouard Tisserant |
| Fri, 19 Oct 2018 13:29:52 +0200 | |
| changeset 2316 | 5416c76df9e2 |
| parent 2314 | e927c101ce6d |
| child 2318 | 8925d487605a |
| permissions | -rw-r--r-- |
|
2313
2eaf235270f8
PYRO/TLSPSK : fixed typos, used appropriate ciphers (https://github.com/drbild/sslpsk/issues/3), use PYROPSK instead of unresolvable PYROLOCPSK.
Edouard Tisserant
parents:
2312
diff
changeset
|
1 |
from __future__ import absolute_import |
|
2eaf235270f8
PYRO/TLSPSK : fixed typos, used appropriate ciphers (https://github.com/drbild/sslpsk/issues/3), use PYROPSK instead of unresolvable PYROLOCPSK.
Edouard Tisserant
parents:
2312
diff
changeset
|
2 |
from __future__ import print_function |
| 2312 | 3 |
|
|
2313
2eaf235270f8
PYRO/TLSPSK : fixed typos, used appropriate ciphers (https://github.com/drbild/sslpsk/issues/3), use PYROPSK instead of unresolvable PYROLOCPSK.
Edouard Tisserant
parents:
2312
diff
changeset
|
4 |
import socket |
|
2314
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
5 |
import re |
| 2312 | 6 |
import sslpsk |
7 |
import Pyro |
|
|
2314
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
8 |
from Pyro.core import PyroURI |
| 2312 | 9 |
from Pyro.protocol import _connect_socket,TCPConnection,PYROAdapter |
10 |
from Pyro.errors import ConnectionDeniedError, ProtocolError |
|
11 |
from Pyro.util import Log |
|
12 |
||
13 |
# |
|
14 |
# The TLS-PSK adapter that handles SSL connections instead of regular sockets, |
|
15 |
# but using Pre Shared Keys instead of Certificates |
|
16 |
# |
|
17 |
class PYROPSKAdapter(PYROAdapter): |
|
18 |
# This is essentialy the same as in Pyro/protocol.py |
|
19 |
# only raw_sock wrapping into sock through sslpsk.wrap_socket was added |
|
20 |
# Pyro unfortunately doesn't allow cleaner customization |
|
21 |
def bindToURI(self,URI): |
|
22 |
with self.lock: # only 1 thread at a time can bind the URI |
|
23 |
try: |
|
24 |
self.URI=URI |
|
25 |
||
26 |
# This are the statements that differ from Pyro/protocol.py |
|
27 |
raw_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
|
28 |
_connect_socket(raw_sock, URI.address, URI.port, self.timeout) |
|
29 |
sock = sslpsk.wrap_socket( |
|
|
2313
2eaf235270f8
PYRO/TLSPSK : fixed typos, used appropriate ciphers (https://github.com/drbild/sslpsk/issues/3), use PYROPSK instead of unresolvable PYROLOCPSK.
Edouard Tisserant
parents:
2312
diff
changeset
|
30 |
raw_sock, psk=Pyro.config.PYROPSK, server_side=False, |
|
2316
5416c76df9e2
Fix PYROPSK protocol configuration. After a few iteration of trial and error it appears that TSLv1 and PSK ciphers needs to be specified
Edouard Tisserant
parents:
2314
diff
changeset
|
31 |
ciphers="PSK-AES256-GCM-SHA384:PSK-AES256-CBC-SHA", |
|
5416c76df9e2
Fix PYROPSK protocol configuration. After a few iteration of trial and error it appears that TSLv1 and PSK ciphers needs to be specified
Edouard Tisserant
parents:
2314
diff
changeset
|
32 |
ssl_version=ssl.PROTOCOL_TLSv1) |
| 2312 | 33 |
# all the rest is the same as in Pyro/protocol.py |
34 |
||
35 |
conn=TCPConnection(sock, sock.getpeername()) |
|
36 |
# receive the authentication challenge string, and use that to build the actual identification string. |
|
37 |
try: |
|
38 |
authChallenge=self.recvAuthChallenge(conn) |
|
39 |
except ProtocolError,x: |
|
40 |
# check if we were denied |
|
41 |
if hasattr(x,"partialMsg") and x.partialMsg[:len(self.denyMSG)]==self.denyMSG: |
|
42 |
raise ConnectionDeniedError(Pyro.constants.deniedReasons[int(x.partialMsg[-1])]) |
|
43 |
else: |
|
44 |
raise |
|
45 |
# reply with our ident token, generated from the ident passphrase and the challenge |
|
46 |
msg = self._sendConnect(sock,self.newConnValidator.createAuthToken(self.ident, authChallenge, conn.addr, self.URI, None) ) |
|
47 |
if msg==self.acceptMSG: |
|
48 |
self.conn=conn |
|
49 |
self.conn.connected=1 |
|
50 |
Log.msg('PYROAdapter','connected to',str(URI))
|
|
|
2314
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
51 |
if URI.protocol=='PYROLOCPSK': |
|
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
52 |
self.resolvePYROLOC_URI("PYROPSK") # updates self.URI
|
| 2312 | 53 |
elif msg[:len(self.denyMSG)]==self.denyMSG: |
54 |
try: |
|
55 |
raise ConnectionDeniedError(Pyro.constants.deniedReasons[int(msg[-1])]) |
|
56 |
except (KeyError,ValueError): |
|
57 |
raise ConnectionDeniedError('invalid response')
|
|
58 |
except socket.error: |
|
59 |
Log.msg('PYROAdapter','connection failed to URI',str(URI))
|
|
60 |
raise ProtocolError('connection failed')
|
|
61 |
||
62 |
_getProtocolAdapter = Pyro.protocol.getProtocolAdapter |
|
63 |
def getProtocolAdapter(protocol): |
|
64 |
if protocol in ('PYROPSK', 'PYROLOCPSK'):
|
|
65 |
return PYROPSKAdapter() |
|
66 |
_getProtocolAdapter(protocol) |
|
67 |
||
68 |
Pyro.protocol.getProtocolAdapter = getProtocolAdapter |
|
69 |
||
|
2314
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
70 |
_processStringURI = Pyro.core.processStringURI |
|
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
71 |
def processStringURI(URI): |
|
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
72 |
x=re.match(r'(?P<protocol>PYROLOCPSK)://(?P<hostname>[^\s:]+):?(?P<port>\d+)?/(?P<name>\S*)',URI) |
|
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
73 |
if x: |
|
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
74 |
protocol=x.group('protocol')
|
|
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
75 |
hostname=x.group('hostname')
|
|
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
76 |
port=x.group('port')
|
|
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
77 |
if port: |
|
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
78 |
port=int(port) |
|
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
79 |
else: |
|
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
80 |
port=0 |
|
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
81 |
name=x.group('name')
|
|
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
82 |
return PyroURI(hostname,name,port,protocol) |
|
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
83 |
return _processStringURI(URI) |
|
e927c101ce6d
PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents:
2313
diff
changeset
|
84 |
Pyro.core.processStringURI = processStringURI |