From 00b8cbaa31d48326b36928228269ac14276fd5ee Mon Sep 17 00:00:00 2001
From: Ivan Alejandro <ivanalejandro0@gmail.com>
Date: Thu, 19 Feb 2015 14:12:15 -0300
Subject: Fall back to plain ZMQ if Curve is not available.

Use global flag for ZMQ_HAS_CURVE.
Closes #6646
---
 src/leap/bitmask/backend/backend.py | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

(limited to 'src/leap/bitmask/backend/backend.py')

diff --git a/src/leap/bitmask/backend/backend.py b/src/leap/bitmask/backend/backend.py
index 75eff8a9..32f5c953 100644
--- a/src/leap/bitmask/backend/backend.py
+++ b/src/leap/bitmask/backend/backend.py
@@ -28,10 +28,14 @@ import psutil
 from twisted.internet import defer, reactor, threads
 
 import zmq
-from zmq.auth.thread import ThreadAuthenticator
+try:
+    from zmq.auth.thread import ThreadAuthenticator
+except ImportError:
+    pass
 
 from leap.bitmask.backend.api import API, PING_REQUEST
 from leap.bitmask.backend.utils import get_backend_certificates
+from leap.bitmask.config import flags
 from leap.bitmask.backend.signaler import Signaler
 
 import logging
@@ -73,18 +77,19 @@ class Backend(object):
         context = zmq.Context()
         socket = context.socket(zmq.REP)
 
-        # Start an authenticator for this context.
-        auth = ThreadAuthenticator(context)
-        auth.start()
-        # XXX do not hardcode this here.
-        auth.allow('127.0.0.1')
-
-        # Tell authenticator to use the certificate in a directory
-        auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY)
-        public, secret = get_backend_certificates()
-        socket.curve_publickey = public
-        socket.curve_secretkey = secret
-        socket.curve_server = True  # must come before bind
+        if flags.ZMQ_HAS_CURVE:
+            # Start an authenticator for this context.
+            auth = ThreadAuthenticator(context)
+            auth.start()
+            # XXX do not hardcode this here.
+            auth.allow('127.0.0.1')
+
+            # Tell authenticator to use the certificate in a directory
+            auth.configure_curve(domain='*', location=zmq.auth.CURVE_ALLOW_ANY)
+            public, secret = get_backend_certificates()
+            socket.curve_publickey = public
+            socket.curve_secretkey = secret
+            socket.curve_server = True  # must come before bind
 
         socket.bind(self.BIND_ADDR)
 
-- 
cgit v1.2.3


From e3ddc783ca9fb21105845d275a4b38ad6b2cd3e2 Mon Sep 17 00:00:00 2001
From: Kali Kaneko <kali@leap.se>
Date: Mon, 23 Feb 2015 11:54:16 -0400
Subject: Use unix sockets for the fallback, and set permissions

... on them, to user-writeable only.

I think we could consider ipc for the curve-case too, at least for the
platforms that support them.
---
 src/leap/bitmask/backend/backend.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'src/leap/bitmask/backend/backend.py')

diff --git a/src/leap/bitmask/backend/backend.py b/src/leap/bitmask/backend/backend.py
index 32f5c953..cff731ba 100644
--- a/src/leap/bitmask/backend/backend.py
+++ b/src/leap/bitmask/backend/backend.py
@@ -20,6 +20,7 @@
 # TODO use txzmq bindings instead.
 
 import json
+import os
 import threading
 import time
 
@@ -47,12 +48,15 @@ class Backend(object):
     Backend server.
     Receives signals from backend_proxy and emit signals if needed.
     """
-    # XXX this should not be hardcoded. Make it configurable.
-    PORT = '5556'
-
     # XXX we might want to make this configurable per-platform,
     # and use the most performant socket type on each one.
-    BIND_ADDR = "tcp://127.0.0.1:%s" % PORT
+    if flags.ZMQ_HAS_CURVE:
+        # XXX this should not be hardcoded. Make it configurable.
+        PORT = '5556'
+        BIND_ADDR = "tcp://127.0.0.1:%s" % PORT
+    else:
+        SOCKET_FILE = "/tmp/bitmask.socket.0"
+        BIND_ADDR = "ipc://%s" % SOCKET_FILE
 
     PING_INTERVAL = 2  # secs
 
@@ -92,6 +96,8 @@ class Backend(object):
             socket.curve_server = True  # must come before bind
 
         socket.bind(self.BIND_ADDR)
+        if not flags.ZMQ_HAS_CURVE:
+            os.chmod(self.SOCKET_FILE, 0600)
 
         self._zmq_socket = socket
 
-- 
cgit v1.2.3