From 00b8cbaa31d48326b36928228269ac14276fd5ee Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Thu, 19 Feb 2015 14:12:15 -0300 Subject: Fall back to plain ZMQ if Curve is not available. Use global flag for ZMQ_HAS_CURVE. Closes #6646 --- src/leap/bitmask/backend/signaler_qt.py | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) (limited to 'src/leap/bitmask/backend/signaler_qt.py') diff --git a/src/leap/bitmask/backend/signaler_qt.py b/src/leap/bitmask/backend/signaler_qt.py index 433f18ed..94c24648 100644 --- a/src/leap/bitmask/backend/signaler_qt.py +++ b/src/leap/bitmask/backend/signaler_qt.py @@ -24,10 +24,14 @@ import time from PySide import QtCore import zmq -from zmq.auth.thread import ThreadAuthenticator +try: + from zmq.auth.thread import ThreadAuthenticator +except ImportError: + pass from leap.bitmask.backend.api import SIGNALS from leap.bitmask.backend.utils import get_frontend_certificates +from leap.bitmask.config import flags import logging logger = logging.getLogger(__name__) @@ -67,17 +71,18 @@ class SignalerQt(QtCore.QObject): context = zmq.Context() socket = context.socket(zmq.REP) - # Start an authenticator for this context. - auth = ThreadAuthenticator(context) - auth.start() - auth.allow('127.0.0.1') - - # Tell authenticator to use the certificate in a directory - auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY) - public, secret = get_frontend_certificates() - socket.curve_publickey = public - socket.curve_secretkey = secret - socket.curve_server = True # must come before bind + if flags.ZMQ_HAS_CURVE: + # Start an authenticator for this context. + auth = ThreadAuthenticator(context) + auth.start() + auth.allow('127.0.0.1') + + # Tell authenticator to use the certificate in a directory + auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY) + public, secret = get_frontend_certificates() + socket.curve_publickey = public + socket.curve_secretkey = secret + socket.curve_server = True # must come before bind socket.bind(self.BIND_ADDR) -- cgit v1.2.3 From e3ddc783ca9fb21105845d275a4b38ad6b2cd3e2 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Mon, 23 Feb 2015 11:54:16 -0400 Subject: Use unix sockets for the fallback, and set permissions ... on them, to user-writeable only. I think we could consider ipc for the curve-case too, at least for the platforms that support them. --- src/leap/bitmask/backend/signaler_qt.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'src/leap/bitmask/backend/signaler_qt.py') diff --git a/src/leap/bitmask/backend/signaler_qt.py b/src/leap/bitmask/backend/signaler_qt.py index 94c24648..b7f48d21 100644 --- a/src/leap/bitmask/backend/signaler_qt.py +++ b/src/leap/bitmask/backend/signaler_qt.py @@ -18,6 +18,7 @@ Signaling server. Receives signals from the signaling client and emit Qt signals for the GUI. """ +import os import threading import time @@ -42,8 +43,12 @@ class SignalerQt(QtCore.QObject): Signaling server. Receives signals from the signaling client and emit Qt signals for the GUI. """ - PORT = "5667" - BIND_ADDR = "tcp://127.0.0.1:%s" % PORT + if flags.ZMQ_HAS_CURVE: + PORT = "5667" + BIND_ADDR = "tcp://127.0.0.1:%s" % PORT + else: + SOCKET_FILE = "/tmp/bitmask.socket.1" + BIND_ADDR = "ipc://%s" % SOCKET_FILE def __init__(self): QtCore.QObject.__init__(self) @@ -86,6 +91,9 @@ class SignalerQt(QtCore.QObject): socket.bind(self.BIND_ADDR) + if not flags.ZMQ_HAS_CURVE: + os.chmod(self.SOCKET_FILE, 0600) + while self._do_work.is_set(): # Wait for next request from client try: -- cgit v1.2.3