summaryrefslogtreecommitdiff
path: root/src/leap/bitmask
diff options
context:
space:
mode:
authorKali Kaneko <kali@leap.se>2015-02-23 11:54:16 -0400
committerIvan Alejandro <ivanalejandro0@gmail.com>2015-02-23 15:34:36 -0300
commite3ddc783ca9fb21105845d275a4b38ad6b2cd3e2 (patch)
treee65c35d3c065459e38f1b89d3a3cdb804a78bb37 /src/leap/bitmask
parent00b8cbaa31d48326b36928228269ac14276fd5ee (diff)
Use unix sockets for the fallback, and set permissions
... on them, to user-writeable only. I think we could consider ipc for the curve-case too, at least for the platforms that support them.
Diffstat (limited to 'src/leap/bitmask')
-rw-r--r--src/leap/bitmask/backend/backend.py14
-rw-r--r--src/leap/bitmask/backend/backend_proxy.py7
-rw-r--r--src/leap/bitmask/backend/signaler.py7
-rw-r--r--src/leap/bitmask/backend/signaler_qt.py12
4 files changed, 30 insertions, 10 deletions
diff --git a/src/leap/bitmask/backend/backend.py b/src/leap/bitmask/backend/backend.py
index 32f5c953..cff731ba 100644
--- a/src/leap/bitmask/backend/backend.py
+++ b/src/leap/bitmask/backend/backend.py
@@ -20,6 +20,7 @@
# TODO use txzmq bindings instead.
import json
+import os
import threading
import time
@@ -47,12 +48,15 @@ class Backend(object):
Backend server.
Receives signals from backend_proxy and emit signals if needed.
"""
- # XXX this should not be hardcoded. Make it configurable.
- PORT = '5556'
-
# XXX we might want to make this configurable per-platform,
# and use the most performant socket type on each one.
- BIND_ADDR = "tcp://127.0.0.1:%s" % PORT
+ if flags.ZMQ_HAS_CURVE:
+ # XXX this should not be hardcoded. Make it configurable.
+ PORT = '5556'
+ BIND_ADDR = "tcp://127.0.0.1:%s" % PORT
+ else:
+ SOCKET_FILE = "/tmp/bitmask.socket.0"
+ BIND_ADDR = "ipc://%s" % SOCKET_FILE
PING_INTERVAL = 2 # secs
@@ -92,6 +96,8 @@ class Backend(object):
socket.curve_server = True # must come before bind
socket.bind(self.BIND_ADDR)
+ if not flags.ZMQ_HAS_CURVE:
+ os.chmod(self.SOCKET_FILE, 0600)
self._zmq_socket = socket
diff --git a/src/leap/bitmask/backend/backend_proxy.py b/src/leap/bitmask/backend/backend_proxy.py
index 06e6d840..b2f79a70 100644
--- a/src/leap/bitmask/backend/backend_proxy.py
+++ b/src/leap/bitmask/backend/backend_proxy.py
@@ -42,8 +42,11 @@ class BackendProxy(object):
to the backend.
"""
- PORT = '5556'
- SERVER = "tcp://localhost:%s" % PORT
+ if flags.ZMQ_HAS_CURVE:
+ PORT = '5556'
+ SERVER = "tcp://localhost:%s" % PORT
+ else:
+ SERVER = "ipc:///tmp/bitmask.socket.0"
POLL_TIMEOUT = 4000 # ms
POLL_TRIES = 3
diff --git a/src/leap/bitmask/backend/signaler.py b/src/leap/bitmask/backend/signaler.py
index a8498d11..aec2f606 100644
--- a/src/leap/bitmask/backend/signaler.py
+++ b/src/leap/bitmask/backend/signaler.py
@@ -37,8 +37,11 @@ class Signaler(object):
Signaler client.
Receives signals from the backend and sends to the signaling server.
"""
- PORT = "5667"
- SERVER = "tcp://localhost:%s" % PORT
+ if flags.ZMQ_HAS_CURVE:
+ PORT = "5667"
+ SERVER = "tcp://localhost:%s" % PORT
+ else:
+ SERVER = "ipc:///tmp/bitmask.socket.1"
POLL_TIMEOUT = 2000 # ms
POLL_TRIES = 500
diff --git a/src/leap/bitmask/backend/signaler_qt.py b/src/leap/bitmask/backend/signaler_qt.py
index 94c24648..b7f48d21 100644
--- a/src/leap/bitmask/backend/signaler_qt.py
+++ b/src/leap/bitmask/backend/signaler_qt.py
@@ -18,6 +18,7 @@
Signaling server.
Receives signals from the signaling client and emit Qt signals for the GUI.
"""
+import os
import threading
import time
@@ -42,8 +43,12 @@ class SignalerQt(QtCore.QObject):
Signaling server.
Receives signals from the signaling client and emit Qt signals for the GUI.
"""
- PORT = "5667"
- BIND_ADDR = "tcp://127.0.0.1:%s" % PORT
+ if flags.ZMQ_HAS_CURVE:
+ PORT = "5667"
+ BIND_ADDR = "tcp://127.0.0.1:%s" % PORT
+ else:
+ SOCKET_FILE = "/tmp/bitmask.socket.1"
+ BIND_ADDR = "ipc://%s" % SOCKET_FILE
def __init__(self):
QtCore.QObject.__init__(self)
@@ -86,6 +91,9 @@ class SignalerQt(QtCore.QObject):
socket.bind(self.BIND_ADDR)
+ if not flags.ZMQ_HAS_CURVE:
+ os.chmod(self.SOCKET_FILE, 0600)
+
while self._do_work.is_set():
# Wait for next request from client
try: