connectors/PYRO/PSK_Adapter.py
author Andrey Skvortsov <andrej.skvortzov@gmail.com>
Wed, 13 Mar 2019 14:27:24 +0300
changeset 2542 a3ec35ee94e7
parent 2537 eb4a4cc41914
child 2543 2befed4d6ca8
permissions -rw-r--r--
Fix crash in runtime if PSK secret is missing

./Beremiz_service.py -s $PWD/psk2.txt -n beremiz /tmp/beremiz
Beremiz_service: 1.2-1378c18402c3+

Traceback (most recent call last):
File "./Beremiz_service.py", line 511, in <module>
ensurePSK(servicename, PSKpath)
File "/home/developer/WorkData/PLC/beremiz/beremiz/runtime/Stunnel.py", line 32, in ensurePSK
PSKgen(ID, PSKpath)
File "/home/developer/WorkData/PLC/beremiz/beremiz/runtime/Stunnel.py", line 23, in PSKgen
call(restart_stunnel_cmdline)
File "/home/developer/WorkData/PLC/beremiz/beremiz/runtime/spawn_subprocess.py", line 116, in call
pid = posix_spawn.posix_spawnp(cmd[0], cmd)
File "/home/developer/.local/lib/python2.7/site-packages/posix_spawn/_impl.py", line 120, in posix_spawnp
return _posix_spawn(lib.posix_spawnp, *args, **kwargs)
File "/home/developer/.local/lib/python2.7/site-packages/posix_spawn/_impl.py", line 111, in _posix_spawn
_check_error(res, path)
File "/home/developer/.local/lib/python2.7/site-packages/posix_spawn/_impl.py", line 10, in _check_error
raise OSError(errno, os.strerror(errno), path)
OSError: [Errno 2] No such file or directory: '/etc/init.d/S50stunnel'
2313
2eaf235270f8 PYRO/TLSPSK : fixed typos, used appropriate ciphers (https://github.com/drbild/sslpsk/issues/3), use PYROPSK instead of unresolvable PYROLOCPSK.
Edouard Tisserant
parents: 2312
diff changeset
     1
from __future__ import absolute_import
2eaf235270f8 PYRO/TLSPSK : fixed typos, used appropriate ciphers (https://github.com/drbild/sslpsk/issues/3), use PYROPSK instead of unresolvable PYROLOCPSK.
Edouard Tisserant
parents: 2312
diff changeset
     2
from __future__ import print_function
2312
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
     3
2313
2eaf235270f8 PYRO/TLSPSK : fixed typos, used appropriate ciphers (https://github.com/drbild/sslpsk/issues/3), use PYROPSK instead of unresolvable PYROLOCPSK.
Edouard Tisserant
parents: 2312
diff changeset
     4
import socket
2314
e927c101ce6d PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents: 2313
diff changeset
     5
import re
2537
eb4a4cc41914 Fix various pylint and pep8 errors
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2536
diff changeset
     6
import ssl
2312
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
     7
import sslpsk
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
     8
import Pyro
2314
e927c101ce6d PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents: 2313
diff changeset
     9
from Pyro.core import PyroURI
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    10
from Pyro.protocol import _connect_socket, TCPConnection, PYROAdapter
2312
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    11
from Pyro.errors import ConnectionDeniedError, ProtocolError
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    12
from Pyro.util import Log
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    13
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    14
2312
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    15
# The TLS-PSK adapter that handles SSL connections instead of regular sockets,
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    16
# but using Pre Shared Keys instead of Certificates
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    17
#
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    18
class PYROPSKAdapter(PYROAdapter):
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    19
    # This is essentialy the same as in Pyro/protocol.py
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    20
    # only raw_sock wrapping into sock through sslpsk.wrap_socket was added
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    21
    # Pyro unfortunately doesn't allow cleaner customization
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    22
    def bindToURI(self, URI):
2312
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    23
        with self.lock:   # only 1 thread at a time can bind the URI
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    24
            try:
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    25
                self.URI = URI
2312
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    26
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    27
                # This are the statements that differ from Pyro/protocol.py
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    28
                raw_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    29
                _connect_socket(raw_sock, URI.address, URI.port, self.timeout)
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    30
                sock = sslpsk.wrap_socket(
2313
2eaf235270f8 PYRO/TLSPSK : fixed typos, used appropriate ciphers (https://github.com/drbild/sslpsk/issues/3), use PYROPSK instead of unresolvable PYROLOCPSK.
Edouard Tisserant
parents: 2312
diff changeset
    31
                    raw_sock, psk=Pyro.config.PYROPSK, server_side=False,
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    32
                    ciphers="PSK-AES256-CBC-SHA",  # available in openssl 1.0.2
2316
5416c76df9e2 Fix PYROPSK protocol configuration. After a few iteration of trial and error it appears that TSLv1 and PSK ciphers needs to be specified
Edouard Tisserant
parents: 2314
diff changeset
    33
                    ssl_version=ssl.PROTOCOL_TLSv1)
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    34
                # all the rest is the same as in Pyro/protocol.py
2312
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    35
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    36
                conn = TCPConnection(sock, sock.getpeername())
2312
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    37
                # receive the authentication challenge string, and use that to build the actual identification string.
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    38
                try:
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    39
                    authChallenge = self.recvAuthChallenge(conn)
2536
2747d6e72eb8 Fix invalid python3 syntax
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents: 2492
diff changeset
    40
                except ProtocolError as x:
2312
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    41
                    # check if we were denied
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    42
                    if hasattr(x, "partialMsg") and x.partialMsg[:len(self.denyMSG)] == self.denyMSG:
2312
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    43
                        raise ConnectionDeniedError(Pyro.constants.deniedReasons[int(x.partialMsg[-1])])
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    44
                    else:
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    45
                        raise
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    46
                # reply with our ident token, generated from the ident passphrase and the challenge
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    47
                msg = self._sendConnect(sock, self.newConnValidator.createAuthToken(self.ident, authChallenge, conn.addr, self.URI, None))
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    48
                if msg == self.acceptMSG:
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    49
                    self.conn = conn
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    50
                    self.conn.connected = 1
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    51
                    Log.msg('PYROAdapter', 'connected to', str(URI))
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    52
                    if URI.protocol == 'PYROLOCPSK':
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    53
                        self.resolvePYROLOC_URI("PYROPSK")  # updates self.URI
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    54
                elif msg[:len(self.denyMSG)] == self.denyMSG:
2312
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    55
                    try:
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    56
                        raise ConnectionDeniedError(Pyro.constants.deniedReasons[int(msg[-1])])
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    57
                    except (KeyError, ValueError):
2312
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    58
                        raise ConnectionDeniedError('invalid response')
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    59
            except socket.error:
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    60
                Log.msg('PYROAdapter', 'connection failed to URI', str(URI))
2312
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    61
                raise ProtocolError('connection failed')
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    62
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    63
2312
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    64
_getProtocolAdapter = Pyro.protocol.getProtocolAdapter
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    65
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    66
2312
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    67
def getProtocolAdapter(protocol):
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    68
    if protocol in ('PYROPSK', 'PYROLOCPSK'):
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    69
        return PYROPSKAdapter()
2318
8925d487605a Fixed PYRO's PSK_Adapter : monkey patching was breaking non-PSK protocol, and import ssl was missing.
Edouard Tisserant
parents: 2316
diff changeset
    70
    return _getProtocolAdapter(protocol)
2312
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    71
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    72
2312
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    73
Pyro.protocol.getProtocolAdapter = getProtocolAdapter
84b3cc18893b Replaced PYROSSL with PYROPSK.
Edouard Tisserant
parents:
diff changeset
    74
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    75
2314
e927c101ce6d PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents: 2313
diff changeset
    76
_processStringURI = Pyro.core.processStringURI
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    77
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    78
2314
e927c101ce6d PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents: 2313
diff changeset
    79
def processStringURI(URI):
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    80
    x = re.match(r'(?P<protocol>PYROLOCPSK)://(?P<hostname>[^\s:]+):?(?P<port>\d+)?/(?P<name>\S*)', URI)
2314
e927c101ce6d PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents: 2313
diff changeset
    81
    if x:
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    82
        protocol = x.group('protocol')
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    83
        hostname = x.group('hostname')
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    84
        port = x.group('port')
2314
e927c101ce6d PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents: 2313
diff changeset
    85
        if port:
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    86
            port = int(port)
2314
e927c101ce6d PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents: 2313
diff changeset
    87
        else:
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    88
            port = 0
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    89
        name = x.group('name')
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    90
        return PyroURI(hostname, name, port, protocol)
2314
e927c101ce6d PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents: 2313
diff changeset
    91
    return _processStringURI(URI)
2492
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    92
7dd551ac2fa0 check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents: 2325
diff changeset
    93
2314
e927c101ce6d PYRO/TLSPSK : must use PYROLOC* protocol scheme in pyro URI, otherwise object ID is missing. Had to use more persuasive pyro3 monkey patching to have PYROLOCPSK resolved properly
Edouard Tisserant
parents: 2313
diff changeset
    94
Pyro.core.processStringURI = processStringURI