beremiz: runtime/Stunnel.py@6bfc8a9bf0e7 (annotated)

2492 7dd551ac2fa0 check_sources.sh makes me become even less productive Edouard Tisserant <edouard.tisserant@gmail.com> parents: 2339 diff changeset	1	from __future__ import absolute_import
2321 0a3103cd825d Small cosmetic change to enhance readability and avoid confusion. Edouard Tisserant parents: diff changeset	2	import os
2328 7eb6cb70bf5b PSK : Stunnel and/or OpenSSL (undocumented) handles PSK better without special chars, apparently Edouard Tisserant parents: 2325 diff changeset	3	from binascii import b2a_hqx
2339 48b4eba13064 IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented. Edouard Tisserant parents: 2328 diff changeset	4	try:
48b4eba13064 IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented. Edouard Tisserant parents: 2328 diff changeset	5	from runtime.spawn_subprocess import call
48b4eba13064 IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented. Edouard Tisserant parents: 2328 diff changeset	6	except ImportError:
48b4eba13064 IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented. Edouard Tisserant parents: 2328 diff changeset	7	from subprocess import call
2321 0a3103cd825d Small cosmetic change to enhance readability and avoid confusion. Edouard Tisserant parents: diff changeset	8
2492 7dd551ac2fa0 check_sources.sh makes me become even less productive Edouard Tisserant <edouard.tisserant@gmail.com> parents: 2339 diff changeset	9	restart_stunnel_cmdline = ["/etc/init.d/S50stunnel", "restart"]
2321 0a3103cd825d Small cosmetic change to enhance readability and avoid confusion. Edouard Tisserant parents: diff changeset	10
2324 1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for PSK. Edouard Tisserant* parents: 2323 diff changeset	11	_PSKpath = None
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for PSK. Edouard Tisserant* parents: 2323 diff changeset	12
2492 7dd551ac2fa0 check_sources.sh makes me become even less productive Edouard Tisserant <edouard.tisserant@gmail.com> parents: 2339 diff changeset	13
2324 1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for PSK. Edouard Tisserant* parents: 2323 diff changeset	14	def PSKgen(ID, PSKpath):
2323 33a0dbabccd3 Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter. Edouard Tisserant parents: 2321 diff changeset	15
2328 7eb6cb70bf5b PSK : Stunnel and/or OpenSSL (undocumented) handles PSK better without special chars, apparently Edouard Tisserant parents: 2325 diff changeset	16	# b2a_hqx output len is 4/3 input len
2492 7dd551ac2fa0 check_sources.sh makes me become even less productive Edouard Tisserant <edouard.tisserant@gmail.com> parents: 2339 diff changeset	17	secret = os.urandom(192) # int(256/1.3333)
2328 7eb6cb70bf5b PSK : Stunnel and/or OpenSSL (undocumented) handles PSK better without special chars, apparently Edouard Tisserant parents: 2325 diff changeset	18	secretstring = b2a_hqx(secret)
2323 33a0dbabccd3 Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter. Edouard Tisserant parents: 2321 diff changeset	19
2324 1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for PSK. Edouard Tisserant* parents: 2323 diff changeset	20	PSKstring = ID+":"+secretstring
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for PSK. Edouard Tisserant* parents: 2323 diff changeset	21	with open(PSKpath, 'w') as f:
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for PSK. Edouard Tisserant* parents: 2323 diff changeset	22	f.write(PSKstring)
2321 0a3103cd825d Small cosmetic change to enhance readability and avoid confusion. Edouard Tisserant parents: diff changeset	23	call(restart_stunnel_cmdline)
0a3103cd825d Small cosmetic change to enhance readability and avoid confusion. Edouard Tisserant parents: diff changeset	24
2492 7dd551ac2fa0 check_sources.sh makes me become even less productive Edouard Tisserant <edouard.tisserant@gmail.com> parents: 2339 diff changeset	25
2324 1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for PSK. Edouard Tisserant* parents: 2323 diff changeset	26	def ensurePSK(ID, PSKpath):
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for PSK. Edouard Tisserant* parents: 2323 diff changeset	27	global _PSKpath
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for PSK. Edouard Tisserant* parents: 2323 diff changeset	28	_PSKpath = PSKpath
2321 0a3103cd825d Small cosmetic change to enhance readability and avoid confusion. Edouard Tisserant parents: diff changeset	29	# check if already there
2324 1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for PSK. Edouard Tisserant* parents: 2323 diff changeset	30	if not os.path.exists(PSKpath):
2321 0a3103cd825d Small cosmetic change to enhance readability and avoid confusion. Edouard Tisserant parents: diff changeset	31	# create if needed
2324 1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for PSK. Edouard Tisserant* parents: 2323 diff changeset	32	PSKgen(ID, PSKpath)
2321 0a3103cd825d Small cosmetic change to enhance readability and avoid confusion. Edouard Tisserant parents: diff changeset	33
2492 7dd551ac2fa0 check_sources.sh makes me become even less productive Edouard Tisserant <edouard.tisserant@gmail.com> parents: 2339 diff changeset	34
7dd551ac2fa0 check_sources.sh makes me become even less productive Edouard Tisserant <edouard.tisserant@gmail.com> parents: 2339 diff changeset	35	def getPSKID(errorlog):
7dd551ac2fa0 check_sources.sh makes me become even less productive Edouard Tisserant <edouard.tisserant@gmail.com> parents: 2339 diff changeset	36	if _PSKpath is not None:
2324 1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for PSK. Edouard Tisserant* parents: 2323 diff changeset	37	if not os.path.exists(_PSKpath):
2492 7dd551ac2fa0 check_sources.sh makes me become even less productive Edouard Tisserant <edouard.tisserant@gmail.com> parents: 2339 diff changeset	38	errorlog(
2324 1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for PSK. Edouard Tisserant* parents: 2323 diff changeset	39	'Error: Pre-Shared-Key Secret in %s is missing!\n' % _PSKpath)
1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for PSK. Edouard Tisserant* parents: 2323 diff changeset	40	return None
2492 7dd551ac2fa0 check_sources.sh makes me become even less productive Edouard Tisserant <edouard.tisserant@gmail.com> parents: 2339 diff changeset	41	ID, _sep, PSK = open(_PSKpath).read().partition(':')
2324 1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for PSK. Edouard Tisserant* parents: 2323 diff changeset	42	PSK = PSK.rstrip('\n\r')
2492 7dd551ac2fa0 check_sources.sh makes me become even less productive Edouard Tisserant <edouard.tisserant@gmail.com> parents: 2339 diff changeset	43	return (ID, PSK)
2324 1cf3768ebf85 Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for PSK. Edouard Tisserant* parents: 2323 diff changeset	44	return None

author	Edouard Tisserant
	Fri, 22 Mar 2019 10:57:04 +0100
branch	search_in_CTN
changeset 2528	6bfc8a9bf0e7
parent 2492	7dd551ac2fa0
child 2542	a3ec35ee94e7
permissions	-rw-r--r--