Attachment #10537 for bug #52274

View | Details | Raw Unified | Return to bug 52274
Collapse All | Expand All

Lines 67-72 class UMC_Daemon(DaemonRunner): Link Here

(-)management/univention-management-console/scripts/univention-management-console-server (-1 / +5 lines)
67	'-p', '--port', action='store', type=int,	67	'-p', '--port', action='store', type=int,
68	dest='port', default=6670,	68	dest='port', default=6670,
69	help='defines an alternative port number [default %(default)s]')	69	help='defines an alternative port number [default %(default)s]')
		70	self.parser.add_argument(
		71	'-u', '--unix-socket', action='store',
		72	default='/var/run/univention-management-console/server.socket',
		73	help='defines an alternative UNIX socket [default %(default)s]')
70	self.parser.add_argument(	74	self.parser.add_argument(
71	'-l', '--language', action='store',	75	'-l', '--language', action='store',
72	dest='language', default=default_locale,	76	dest='language', default=default_locale,
Lines 211-217 class UMC_Daemon(DaemonRunner): Link Here
211	notifier.init(notifier.GENERIC)	215	notifier.init(notifier.GENERIC)
212	notifier.dispatch.MIN_TIMER = get_int('umc/server/dispatch-interval', notifier.dispatch.MIN_TIMER)	216	notifier.dispatch.MIN_TIMER = get_int('umc/server/dispatch-interval', notifier.dispatch.MIN_TIMER)
213		217
214	with Server(port=self.options.port) as self.server:	218	with Server(port=self.options.port, unix=self.options.unix_socket) as self.server:
215	CORE.process('Server started')	219	CORE.process('Server started')
216	notifier.loop()	220	notifier.loop()
217		221

Lines 95-101 class ModuleServer(Server): Link Here

(-)management/univention-management-console/src/univention/management/console/protocol/modserver.py (-1 / +1 lines)
95	self.__init_etraceback = None	95	self.__init_etraceback = None
96	self.__handler = None	96	self.__handler = None
97	self._load_module()	97	self._load_module()
98	Server.__init__(self, ssl=False, unix=socket, magic=False, load_ressources=False)	98	Server.__init__(self, port=None, ssl=False, unix=socket, magic=False, load_ressources=False)
99	MODULE.process('Module socket initialized.')	99	MODULE.process('Module socket initialized.')
100	self.signal_connect('session_new', self._client)	100	self.signal_connect('session_new', self._client)
101		101




		CORE.info('Initialising server process')
		self.__port = port
		self.__unix = unix
		self.__realtcpsocket = None
		self.__realunixsocket = None
		self.__ssl = ssl
		if self.__unix:
			CORE.info('Using a UNIX socket')
			self.__realunixsocket = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
		if self.__port:
			CORE.info('Using a TCP socket')
			try:
				self.__realtcpsocket = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
			except:
				CORE.warn('Cannot open socket with AF_INET6 (Python reports socket.has_ipv6 is %s), trying AF_INET' % socket.has_ipv6)
				self.__realtcpsocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

		for sock in (self.__realtcpsocket, self.__realunixsocket):
			if sock is None:
				continue
			sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
			sock.setblocking(0)
			fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, 1)

		if self.__ssl and self.__port:
			CORE.info('Setting up SSL configuration')
			self.crypto_context = SSL.Context(SSL.TLSv1_METHOD)
			self.crypto_context.set_cipher_list(ucr.get('umc/server/ssl/ciphers', 'DEFAULT'))

				CRYPT.warn('Communication will not be encrypted!')
				self.__ssl = False
				self.crypto_context = None
				self.__realtcpsocket.bind(('', self.__port))
				CRYPT.info('Server listening to unencrypted connections')
				self.__realtcpsocket.listen(SERVER_MAX_CONNECTIONS)

			if self.crypto_context:
				self.connection = SSL.Connection(self.crypto_context, self.__realtcpsocket)
				self.connection.setblocking(0)
				self.connection.bind(('', self.__port))
				self.connection.set_accept_state()
				CRYPT.info('Server listening to SSL connections')
				self.connection.listen(SERVER_MAX_CONNECTIONS)
		elif not self.__ssl and self.__port:
			self.crypto_context = None
			self.__realtcpsocket.bind(('', self.__port))
			CRYPT.info('Server listening to connections')
			self.__realtcpsocket.listen(SERVER_MAX_CONNECTIONS)

		if self.__unix:
			try:
				# ensure that the UNIX socket is only accessible by root
				old_umask = os.umask(0o077)
				self.__realunixsocket.bind(self.__unix)
				# restore old umask
				os.umask(old_umask)
			except EnvironmentError:
				os.unlink(self.__unix)
			CRYPT.info('Server listening to connections')
			self.__realunixsocket.listen(SERVER_MAX_CONNECTIONS)

		self.__magic = magic
		self.__magicClass = magicClass

		else:
			self.signal_new('session_new')

		if self.__ssl:
			notifier.socket_add(self.connection, self._connection)
		if (not self.__ssl and self.__port):
			notifier.socket_add(self.__realtcpsocket, self._connection)
		if self.__unix:
			notifier.socket_add(self.__realunixsocket, self._connection)

	def __verify_cert_cb(self, conn, cert, errnum, depth, ok):
		CORE.info('__verify_cert_cb: Got certificate: %s' % cert.get_subject())

		if self.__bucket:
			self.__bucket.exit()

		if self.__ssl and self.__port:
			notifier.socket_remove(self.connection)
			self.connection.close()
		elif not self.__ssl and self.__port and self.__realtcpsocket:
			notifier.socket_remove(self.__realtcpsocket)
			self.__realtcpsocket.close()
			self.__realtcpsocket = None
		if self.__unix:
			notifier.socket_remove(self.__realunixsocket)
			self.__realunixsocket.close()
			self.__realunixsocket = None
			os.unlink(self.__unix)
			self.__unix = None


Lines 140-146 class SessionClient(object): Link Here

(-)management/univention-management-console/univention-management-console-web-server (-1 / +1 lines)
140	def __init__(self, ip=None):	140	def __init__(self, ip=None):
141	CORE.info('SessionClient(0x%x): creating new session' % (id(self),))	141	CORE.info('SessionClient(0x%x): creating new session' % (id(self),))
142	self.authenticated = False	142	self.authenticated = False
143	self.client = Client()	143	self.client = Client(servername=None, port=None, unix='/var/run/univention-management-console/server.socket', ssl=False)
144	self.client.signal_connect('authenticated', self._authenticated)	144	self.client.signal_connect('authenticated', self._authenticated)
145	self.client.signal_connect('response', self._response)	145	self.client.signal_connect('response', self._response)
146	self.client.signal_connect('closed', self._closed)	146	self.client.signal_connect('closed', self._closed)

Return to bug 52274

Lines 266-288 class Server(signals.Provider): Link Here

(-)management/univention-management-console/src/univention/management/console/protocol/server.py (-32 / +44 lines)
266	CORE.info('Initialising server process')	266	CORE.info('Initialising server process')
267	self.__port = port	267	self.__port = port
268	self.__unix = unix	268	self.__unix = unix
		269	self.__realtcpsocket = None
		270	self.__realunixsocket = None
269	self.__ssl = ssl	271	self.__ssl = ssl
270	if self.__unix:	272	if self.__unix:
271	CORE.info('Using a UNIX socket')	273	CORE.info('Using a UNIX socket')
272	self.__realsocket = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)	274	self.__realunixsocket = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
273	else:	275	if self.__port:
274	CORE.info('Using a TCP socket')	276	CORE.info('Using a TCP socket')
275	try:	277	try:
276	self.__realsocket = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)	278	self.__realtcpsocket = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
277	except:	279	except:
278	CORE.warn('Cannot open socket with AF_INET6 (Python reports socket.has_ipv6 is %s), trying AF_INET' % socket.has_ipv6)	280	CORE.warn('Cannot open socket with AF_INET6 (Python reports socket.has_ipv6 is %s), trying AF_INET' % socket.has_ipv6)
279	self.__realsocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)	281	self.__realtcpsocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
280		282
281	self.__realsocket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)	283	for sock in (self.__realtcpsocket, self.__realunixsocket):
282	self.__realsocket.setblocking(0)	284	if sock is None:
283	fcntl.fcntl(self.__realsocket.fileno(), fcntl.F_SETFD, 1)	285	continue
		286	sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
		287	sock.setblocking(0)
		288	fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, 1)
284		289
285	if self.__ssl and not self.__unix:	290	if self.__ssl and self.__port:
286	CORE.info('Setting up SSL configuration')	291	CORE.info('Setting up SSL configuration')
287	self.crypto_context = SSL.Context(SSL.TLSv1_METHOD)	292	self.crypto_context = SSL.Context(SSL.TLSv1_METHOD)
288	self.crypto_context.set_cipher_list(ucr.get('umc/server/ssl/ciphers', 'DEFAULT'))	293	self.crypto_context.set_cipher_list(ucr.get('umc/server/ssl/ciphers', 'DEFAULT'))
Lines 300-331 class Server(signals.Provider): Link Here
300	CRYPT.warn('Communication will not be encrypted!')	305	CRYPT.warn('Communication will not be encrypted!')
301	self.__ssl = False	306	self.__ssl = False
302	self.crypto_context = None	307	self.crypto_context = None
303	self.__realsocket.bind(('', self.__port))	308	self.__realtcpsocket.bind(('', self.__port))
304	CRYPT.info('Server listening to unencrypted connections')	309	CRYPT.info('Server listening to unencrypted connections')
305	self.__realsocket.listen(SERVER_MAX_CONNECTIONS)	310	self.__realtcpsocket.listen(SERVER_MAX_CONNECTIONS)
306		311
307	if self.crypto_context:	312	if self.crypto_context:
308	self.connection = SSL.Connection(self.crypto_context, self.__realsocket)	313	self.connection = SSL.Connection(self.crypto_context, self.__realtcpsocket)
309	self.connection.setblocking(0)	314	self.connection.setblocking(0)
310	self.connection.bind(('', self.__port))	315	self.connection.bind(('', self.__port))
311	self.connection.set_accept_state()	316	self.connection.set_accept_state()
312	CRYPT.info('Server listening to SSL connections')	317	CRYPT.info('Server listening to SSL connections')
313	self.connection.listen(SERVER_MAX_CONNECTIONS)	318	self.connection.listen(SERVER_MAX_CONNECTIONS)
314	else:	319	elif not self.__ssl and self.__port:
315	self.crypto_context = None	320	self.crypto_context = None
316	if self.__unix:	321	self.__realtcpsocket.bind(('', self.__port))
317	try:	322	CRYPT.info('Server listening to connections')
318	# ensure that the UNIX socket is only accessible by root	323	self.__realtcpsocket.listen(SERVER_MAX_CONNECTIONS)
319	old_umask = os.umask(0o077)	324
320	self.__realsocket.bind(self.__unix)	325	if self.__unix:
321	# restore old umask	326	try:
322	os.umask(old_umask)	327	# ensure that the UNIX socket is only accessible by root
323	except EnvironmentError:	328	old_umask = os.umask(0o077)
324	os.unlink(self.__unix)	329	self.__realunixsocket.bind(self.__unix)
325	else:	330	# restore old umask
326	self.__realsocket.bind(('', self.__port))	331	os.umask(old_umask)
		332	except EnvironmentError:
		333	os.unlink(self.__unix)
327	CRYPT.info('Server listening to connections')	334	CRYPT.info('Server listening to connections')
328	self.__realsocket.listen(SERVER_MAX_CONNECTIONS)	335	self.__realunixsocket.listen(SERVER_MAX_CONNECTIONS)
329		336
330	self.__magic = magic	337	self.__magic = magic
331	self.__magicClass = magicClass	338	self.__magicClass = magicClass
Lines 335-344 class Server(signals.Provider): Link Here
335	else:	342	else:
336	self.signal_new('session_new')	343	self.signal_new('session_new')
337		344
338	if self.__ssl and not self.__unix:	345	if self.__ssl:
339	notifier.socket_add(self.connection, self._connection)	346	notifier.socket_add(self.connection, self._connection)
340	else:	347	if (not self.__ssl and self.__port):
341	notifier.socket_add(self.__realsocket, self._connection)	348	notifier.socket_add(self.__realtcpsocket, self._connection)
		349	if self.__unix:
		350	notifier.socket_add(self.__realunixsocket, self._connection)
342		351
343	def __verify_cert_cb(self, conn, cert, errnum, depth, ok):	352	def __verify_cert_cb(self, conn, cert, errnum, depth, ok):
344	CORE.info('__verify_cert_cb: Got certificate: %s' % cert.get_subject())	353	CORE.info('__verify_cert_cb: Got certificate: %s' % cert.get_subject())
Lines 381-394 class Server(signals.Provider): Link Here
381	if self.__bucket:	390	if self.__bucket:
382	self.__bucket.exit()	391	self.__bucket.exit()
383		392
384	if self.__ssl and not self.__unix:	393	if self.__ssl and self.__port:
385	notifier.socket_remove(self.connection)	394	notifier.socket_remove(self.connection)
386	self.connection.close()	395	self.connection.close()
387	elif self.__realsocket:	396	elif not self.__ssl and self.__port and self.__realtcpsocket:
388	notifier.socket_remove(self.__realsocket)	397	notifier.socket_remove(self.__realtcpsocket)
389	self.__realsocket.close()	398	self.__realtcpsocket.close()
390	self.__realsocket = None	399	self.__realtcpsocket = None
391	if self.__unix:	400	if self.__unix:
		401	notifier.socket_remove(self.__realunixsocket)
		402	self.__realunixsocket.close()
		403	self.__realunixsocket = None
392	os.unlink(self.__unix)	404	os.unlink(self.__unix)
393	self.__unix = None	405	self.__unix = None
394		406