author | Edouard Tisserant <edouard.tisserant@gmail.com> |
Mon, 18 Oct 2021 12:40:53 +0200 | |
changeset 3364 | fa2365fa6154 |
parent 2542 | a3ec35ee94e7 |
child 3750 | f62625418bff |
permissions | -rw-r--r-- |
2492
7dd551ac2fa0
check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents:
2339
diff
changeset
|
1 |
from __future__ import absolute_import |
2542
a3ec35ee94e7
Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents:
2492
diff
changeset
|
2 |
from __future__ import print_function |
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
3 |
import os |
2328
7eb6cb70bf5b
PSK : Stunnel and/or OpenSSL (undocumented) handles PSK better without special chars, apparently
Edouard Tisserant
parents:
2325
diff
changeset
|
4 |
from binascii import b2a_hqx |
2339
48b4eba13064
IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented.
Edouard Tisserant
parents:
2328
diff
changeset
|
5 |
try: |
48b4eba13064
IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented.
Edouard Tisserant
parents:
2328
diff
changeset
|
6 |
from runtime.spawn_subprocess import call |
48b4eba13064
IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented.
Edouard Tisserant
parents:
2328
diff
changeset
|
7 |
except ImportError: |
48b4eba13064
IDManager : refactored a bit, moved some code into PSKManagement.py. Now captures URI and PSK on new PYRO(S) and propose them when editing URI. Import/export still to be implemented.
Edouard Tisserant
parents:
2328
diff
changeset
|
8 |
from subprocess import call |
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
9 |
|
2492
7dd551ac2fa0
check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents:
2339
diff
changeset
|
10 |
restart_stunnel_cmdline = ["/etc/init.d/S50stunnel", "restart"] |
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
11 |
|
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
12 |
_PSKpath = None |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
13 |
|
2492
7dd551ac2fa0
check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents:
2339
diff
changeset
|
14 |
|
2542
a3ec35ee94e7
Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents:
2492
diff
changeset
|
15 |
def restartStunnel(): |
a3ec35ee94e7
Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents:
2492
diff
changeset
|
16 |
""" |
a3ec35ee94e7
Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents:
2492
diff
changeset
|
17 |
Restart stunnel service using SysV init stript |
a3ec35ee94e7
Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents:
2492
diff
changeset
|
18 |
to apply new generated credentials |
a3ec35ee94e7
Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents:
2492
diff
changeset
|
19 |
""" |
a3ec35ee94e7
Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents:
2492
diff
changeset
|
20 |
try: |
a3ec35ee94e7
Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents:
2492
diff
changeset
|
21 |
call(restart_stunnel_cmdline) |
a3ec35ee94e7
Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents:
2492
diff
changeset
|
22 |
except OSError: |
a3ec35ee94e7
Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents:
2492
diff
changeset
|
23 |
print(_("Couldn't restart stunnel service")) |
a3ec35ee94e7
Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents:
2492
diff
changeset
|
24 |
|
a3ec35ee94e7
Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents:
2492
diff
changeset
|
25 |
|
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
26 |
def PSKgen(ID, PSKpath): |
2323
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
27 |
|
2328
7eb6cb70bf5b
PSK : Stunnel and/or OpenSSL (undocumented) handles PSK better without special chars, apparently
Edouard Tisserant
parents:
2325
diff
changeset
|
28 |
# b2a_hqx output len is 4/3 input len |
2492
7dd551ac2fa0
check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents:
2339
diff
changeset
|
29 |
secret = os.urandom(192) # int(256/1.3333) |
2328
7eb6cb70bf5b
PSK : Stunnel and/or OpenSSL (undocumented) handles PSK better without special chars, apparently
Edouard Tisserant
parents:
2325
diff
changeset
|
30 |
secretstring = b2a_hqx(secret) |
2323
33a0dbabccd3
Runtime : Ensure that a random PSK secret compatible with stunnel is generated if -s commandline switch is used. Stunnel service is restarted after generation, using spawn_subprocess. TODO : give stunnel restart command as a commandline parameter.
Edouard Tisserant
parents:
2321
diff
changeset
|
31 |
|
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
32 |
PSKstring = ID+":"+secretstring |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
33 |
with open(PSKpath, 'w') as f: |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
34 |
f.write(PSKstring) |
2542
a3ec35ee94e7
Fix crash in runtime if PSK secret is missing
Andrey Skvortsov <andrej.skvortzov@gmail.com>
parents:
2492
diff
changeset
|
35 |
restartStunnel() |
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
36 |
|
2492
7dd551ac2fa0
check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents:
2339
diff
changeset
|
37 |
|
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
38 |
def ensurePSK(ID, PSKpath): |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
39 |
global _PSKpath |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
40 |
_PSKpath = PSKpath |
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
41 |
# check if already there |
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
42 |
if not os.path.exists(PSKpath): |
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
43 |
# create if needed |
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
44 |
PSKgen(ID, PSKpath) |
2321
0a3103cd825d
Small cosmetic change to enhance readability and avoid confusion.
Edouard Tisserant
parents:
diff
changeset
|
45 |
|
2492
7dd551ac2fa0
check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents:
2339
diff
changeset
|
46 |
|
7dd551ac2fa0
check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents:
2339
diff
changeset
|
47 |
def getPSKID(errorlog): |
7dd551ac2fa0
check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents:
2339
diff
changeset
|
48 |
if _PSKpath is not None: |
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
49 |
if not os.path.exists(_PSKpath): |
2492
7dd551ac2fa0
check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents:
2339
diff
changeset
|
50 |
errorlog( |
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
51 |
'Error: Pre-Shared-Key Secret in %s is missing!\n' % _PSKpath) |
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
52 |
return None |
2492
7dd551ac2fa0
check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents:
2339
diff
changeset
|
53 |
ID, _sep, PSK = open(_PSKpath).read().partition(':') |
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
54 |
PSK = PSK.rstrip('\n\r') |
2492
7dd551ac2fa0
check_sources.sh makes me become even less productive
Edouard Tisserant <edouard.tisserant@gmail.com>
parents:
2339
diff
changeset
|
55 |
return (ID, PSK) |
2324
1cf3768ebf85
Automatically get PSK and ID when connecting to PYRO[S], so that future connection through PYROS can use that same key. Also fixed case to UPPER for *PSK.
Edouard Tisserant
parents:
2323
diff
changeset
|
56 |
return None |