From 68b1be8ef443b088cf5c1f7f964e1bd7ad42408e Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Mon, 21 Jul 2014 17:03:47 -0300 Subject: Add heartbeat to check if backend is alive. Send a 'ping' request every 2 secs to ensure that the backend is running. Use polling instead of recv on the backend_proxy. This was already implemented for the signaler. --- src/leap/bitmask/backend/api.py | 2 + src/leap/bitmask/backend/backend.py | 6 ++- src/leap/bitmask/backend/backend_proxy.py | 64 ++++++++++++++++++++++++++----- 3 files changed, 61 insertions(+), 11 deletions(-) (limited to 'src/leap/bitmask/backend') diff --git a/src/leap/bitmask/backend/api.py b/src/leap/bitmask/backend/api.py index b8533f36..4f52e470 100644 --- a/src/leap/bitmask/backend/api.py +++ b/src/leap/bitmask/backend/api.py @@ -18,10 +18,12 @@ Backend available API and SIGNALS definition. """ STOP_REQUEST = "stop" +PING_REQUEST = "PING" API = ( STOP_REQUEST, # this method needs to be defined in order to support the # backend stop action + PING_REQUEST, "eip_can_start", "eip_cancel_setup", diff --git a/src/leap/bitmask/backend/backend.py b/src/leap/bitmask/backend/backend.py index 833f4368..c895f8f5 100644 --- a/src/leap/bitmask/backend/backend.py +++ b/src/leap/bitmask/backend/backend.py @@ -23,7 +23,7 @@ from twisted.internet import defer, reactor, threads import zmq from zmq.auth.thread import ThreadAuthenticator -from leap.bitmask.backend.api import API +from leap.bitmask.backend.api import API, PING_REQUEST from leap.bitmask.backend.utils import get_backend_certificates from leap.bitmask.backend.signaler import Signaler @@ -146,6 +146,10 @@ class Backend(object): :param request_json: a json specification of a request. :type request_json: str """ + if request_json == PING_REQUEST: + # do not process request if it's just a ping + return + try: # request = zmq.utils.jsonapi.loads(request_json) # We use stdlib's json to ensure that we get unicode strings diff --git a/src/leap/bitmask/backend/backend_proxy.py b/src/leap/bitmask/backend/backend_proxy.py index f683e465..dc30d2cb 100644 --- a/src/leap/bitmask/backend/backend_proxy.py +++ b/src/leap/bitmask/backend/backend_proxy.py @@ -25,7 +25,7 @@ import time import zmq -from leap.bitmask.backend.api import API, STOP_REQUEST +from leap.bitmask.backend.api import API, STOP_REQUEST, PING_REQUEST from leap.bitmask.backend.utils import get_backend_certificates import logging @@ -40,6 +40,11 @@ class BackendProxy(object): PORT = '5556' SERVER = "tcp://localhost:%s" % PORT + POLL_TIMEOUT = 4000 # ms + POLL_TRIES = 3 + + PING_INTERVAL = 2 # secs + def __init__(self): self._socket = None @@ -62,6 +67,9 @@ class BackendProxy(object): socket.connect(self.SERVER) self._socket = socket + self._ping_at = 0 + self.online = False + self._call_queue = Queue.Queue() self._worker_caller = threading.Thread(target=self._worker) self._worker_caller.start() @@ -82,9 +90,26 @@ class BackendProxy(object): except Queue.Empty: pass time.sleep(0.01) + self._ping() logger.debug("BackendProxy worker stopped.") + def _reset_ping(self): + """ + Reset the ping timeout counter. + This is called for every ping and request. + """ + self._ping_at = time.time() + self.PING_INTERVAL + + def _ping(self): + """ + Heartbeat helper. + Sends a PING request just to know that the server is alive. + """ + if time.time() > self._ping_at: + self._send_request(PING_REQUEST) + self._reset_ping() + def _api_call(self, *args, **kwargs): """ Call the `api_method` method in backend (through zmq). @@ -134,16 +159,35 @@ class BackendProxy(object): # logger.debug("Sending request to backend: {0}".format(request)) self._socket.send(request) - try: - # Get the reply. - self._socket.recv() - # response = self._socket.recv() - # msg = "Received reply for '{0}' -> '{1}'" - # msg = msg.format(request, response) - # logger.debug(msg) - except zmq.error.Again as e: - msg = "Timeout error contacting backend. {0!r}".format(e) + poll = zmq.Poller() + poll.register(self._socket, zmq.POLLIN) + + reply = None + tries = 0 + + while True: + socks = dict(poll.poll(self.POLL_TIMEOUT)) + if socks.get(self._socket) == zmq.POLLIN: + reply = self._socket.recv() + break + + tries += 1 + if tries < self.POLL_TRIES: + logger.warning('Retrying receive... {0}/{1}'.format( + tries, self.POLL_TRIES)) + else: + break + + if reply is None: + msg = "Timeout error contacting backend." logger.critical(msg) + self.online = False + else: + # msg = "Received reply for '{0}' -> '{1}'".format(request, reply) + # logger.debug(msg) + self.online = True + # request received, no ping needed for other interval. + self._reset_ping() def __getattribute__(self, name): """ -- cgit v1.2.3 From 227a31d8892c67c64beebe5135cc850dfa71c3c6 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Wed, 23 Jul 2014 12:03:44 -0300 Subject: Restrict access to the zmq certificates folder. --- src/leap/bitmask/backend/utils.py | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/leap/bitmask/backend') diff --git a/src/leap/bitmask/backend/utils.py b/src/leap/bitmask/backend/utils.py index 54a16fd7..65bf6753 100644 --- a/src/leap/bitmask/backend/utils.py +++ b/src/leap/bitmask/backend/utils.py @@ -19,6 +19,7 @@ Backend utilities to handle ZMQ certificates. """ import os import shutil +import stat import zmq.auth @@ -36,6 +37,8 @@ def generate_certificates(): if os.path.exists(KEYS_DIR): shutil.rmtree(KEYS_DIR) mkdir_p(KEYS_DIR) + # set permissions to: 0700 (U:rwx G:--- O:---) + os.chmod(KEYS_DIR, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR) # create new keys in certificates dir # public_file, secret_file = create_certificates(...) -- cgit v1.2.3 From ce88b52295881a3dd1bc0efec8e72b1d3a235e87 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Tue, 22 Jul 2014 11:33:09 -0300 Subject: Add frontend alive check to the backend. Stop the backend if the frontend process does not exist any more and backend is not a daemon. --- src/leap/bitmask/backend/backend.py | 24 +++++++++++++++++++++++- src/leap/bitmask/backend/leapbackend.py | 4 ++-- 2 files changed, 25 insertions(+), 3 deletions(-) (limited to 'src/leap/bitmask/backend') diff --git a/src/leap/bitmask/backend/backend.py b/src/leap/bitmask/backend/backend.py index c895f8f5..67ffe35a 100644 --- a/src/leap/bitmask/backend/backend.py +++ b/src/leap/bitmask/backend/backend.py @@ -18,6 +18,8 @@ import json import threading import time +import psutil + from twisted.internet import defer, reactor, threads import zmq @@ -39,12 +41,16 @@ class Backend(object): PORT = '5556' BIND_ADDR = "tcp://127.0.0.1:%s" % PORT - def __init__(self): + PING_INTERVAL = 2 # secs + + def __init__(self, frontend_pid=None): """ Backend constructor, create needed instances. """ self._signaler = Signaler() + self._frontend_pid = frontend_pid + self._do_work = threading.Event() # used to stop the worker thread. self._zmq_socket = None @@ -81,6 +87,8 @@ class Backend(object): Note: we use a simple while since is less resource consuming than a Twisted's LoopingCall. """ + pid = self._frontend_pid + check_wait = 0 while self._do_work.is_set(): # Wait for next request from client try: @@ -93,6 +101,20 @@ class Backend(object): raise time.sleep(0.01) + check_wait += 0.01 + if pid is not None and check_wait > self.PING_INTERVAL: + check_wait = 0 + self._check_frontend_alive() + + def _check_frontend_alive(self): + """ + Check if the frontend is alive and stop the backend if it is not. + """ + pid = self._frontend_pid + if pid is not None and not psutil.pid_exists(pid): + logger.critical("The frontend is down!") + self.stop() + def _stop_reactor(self): """ Stop the Twisted reactor, but first wait a little for some threads to diff --git a/src/leap/bitmask/backend/leapbackend.py b/src/leap/bitmask/backend/leapbackend.py index d3c4fcda..6b0328ca 100644 --- a/src/leap/bitmask/backend/leapbackend.py +++ b/src/leap/bitmask/backend/leapbackend.py @@ -36,11 +36,11 @@ class LeapBackend(Backend): """ Backend server subclass, used to implement the API methods. """ - def __init__(self, bypass_checks=False): + def __init__(self, bypass_checks=False, frontend_pid=None): """ Constructor for the backend. """ - Backend.__init__(self) + Backend.__init__(self, frontend_pid) self._settings = Settings() -- cgit v1.2.3 From 3b469a2c006381ba9e56c1de92be4e87ad67e51b Mon Sep 17 00:00:00 2001 From: kali Date: Sun, 27 Jul 2014 19:00:37 -0500 Subject: Add cancel button for EIP connection. Closes: #4035 This falls in the "quick" workaround category. A proper state machine that extends the four basic connection states is hence needed. We have to accomodate design to have a connection-oriented state machine in the backend (I would favor a twisted protocol for this), and a more lightweight one that conducts the gui-level changes (ie, change the actions / buttons / labels accordingly). Since this "cancel" functionality has been long postponed, I chose to do one more ugly hack here, that is, show and hide dance with a button that just calls the bitmask-root to kill the vpn process. It should work well enough until we get to the reorganization needed for a clean process control for eip. --- src/leap/bitmask/backend/api.py | 4 ++++ src/leap/bitmask/backend/backend_proxy.py | 3 +++ src/leap/bitmask/backend/components.py | 7 ++++++- src/leap/bitmask/backend/leapbackend.py | 6 ++++++ src/leap/bitmask/backend/leapsignaler.py | 1 + 5 files changed, 20 insertions(+), 1 deletion(-) (limited to 'src/leap/bitmask/backend') diff --git a/src/leap/bitmask/backend/api.py b/src/leap/bitmask/backend/api.py index 4f52e470..3f6c0ad1 100644 --- a/src/leap/bitmask/backend/api.py +++ b/src/leap/bitmask/backend/api.py @@ -20,6 +20,8 @@ Backend available API and SIGNALS definition. STOP_REQUEST = "stop" PING_REQUEST = "PING" +# XXX this needs documentation. What is it used for? + API = ( STOP_REQUEST, # this method needs to be defined in order to support the # backend stop action @@ -56,6 +58,7 @@ API = ( "soledad_close", "soledad_load_offline", "tear_fw_down", + "bitmask_root_vpn_down", "user_cancel_login", "user_change_password", "user_get_logged_in_status", @@ -97,6 +100,7 @@ SIGNALS = ( "eip_status_changed", "eip_stopped", "eip_tear_fw_down", + "eip_bitmask_root_vpn_down", "eip_uninitialized_provider", "eip_vpn_launcher_exception", "imap_stopped", diff --git a/src/leap/bitmask/backend/backend_proxy.py b/src/leap/bitmask/backend/backend_proxy.py index dc30d2cb..e2611251 100644 --- a/src/leap/bitmask/backend/backend_proxy.py +++ b/src/leap/bitmask/backend/backend_proxy.py @@ -18,6 +18,8 @@ The BackendProxy handles calls from the GUI and forwards (through ZMQ) to the backend. """ +# XXX should document the relationship to the API here. + import functools import Queue import threading @@ -37,6 +39,7 @@ class BackendProxy(object): The BackendProxy handles calls from the GUI and forwards (through ZMQ) to the backend. """ + PORT = '5556' SERVER = "tcp://localhost:%s" % PORT diff --git a/src/leap/bitmask/backend/components.py b/src/leap/bitmask/backend/components.py index b372db89..f721086b 100644 --- a/src/leap/bitmask/backend/components.py +++ b/src/leap/bitmask/backend/components.py @@ -69,7 +69,6 @@ class ILEAPComponent(zope.interface.Interface): """ Interface that every component for the backend should comply to """ - key = zope.interface.Attribute("Key id for this component") @@ -552,6 +551,12 @@ class EIP(object): """ self._vpn.tear_down_firewall() + def bitmask_root_vpn_down(self): + """ + Bring openvpn down, using bitmask-root helper. + """ + self._vpn.bitmask_root_vpn_down() + def get_gateways_list(self, domain): """ Signal a list of gateways for the given provider. diff --git a/src/leap/bitmask/backend/leapbackend.py b/src/leap/bitmask/backend/leapbackend.py index 6b0328ca..3b023563 100644 --- a/src/leap/bitmask/backend/leapbackend.py +++ b/src/leap/bitmask/backend/leapbackend.py @@ -317,6 +317,12 @@ class LeapBackend(Backend): """ self._eip.tear_fw_down() + def bitmask_root_vpn_down(self): + """ + Signal the need to bring vpn down. + """ + self._eip.bitmask_root_vpn_down() + def user_login(self, provider, username, password): """ Execute the whole authentication process for a user diff --git a/src/leap/bitmask/backend/leapsignaler.py b/src/leap/bitmask/backend/leapsignaler.py index a36e6fdc..c0fdffdc 100644 --- a/src/leap/bitmask/backend/leapsignaler.py +++ b/src/leap/bitmask/backend/leapsignaler.py @@ -58,6 +58,7 @@ class LeapSignaler(SignalerQt): eip_status_changed = QtCore.Signal(dict) eip_stopped = QtCore.Signal() eip_tear_fw_down = QtCore.Signal(object) + eip_bitmask_root_vpn_down = QtCore.Signal(object) eip_uninitialized_provider = QtCore.Signal() eip_vpn_launcher_exception = QtCore.Signal() -- cgit v1.2.3 From 9a7485bcaf5460d68b7f601927500299bb2ca9f0 Mon Sep 17 00:00:00 2001 From: kali Date: Tue, 5 Aug 2014 12:43:25 -0500 Subject: fix uncatched error with missing polkit. Closes: #5955 --- src/leap/bitmask/backend/backend.py | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'src/leap/bitmask/backend') diff --git a/src/leap/bitmask/backend/backend.py b/src/leap/bitmask/backend/backend.py index 67ffe35a..37535f37 100644 --- a/src/leap/bitmask/backend/backend.py +++ b/src/leap/bitmask/backend/backend.py @@ -14,6 +14,11 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see . + +# FIXME this is missing module documentation. It would be fine to say a couple +# of lines about the whole backend architecture. +# TODO use txzmq bindings instead. + import json import threading import time @@ -38,7 +43,11 @@ class Backend(object): Backend server. Receives signals from backend_proxy and emit signals if needed. """ + # XXX this should not be hardcoded. Make it configurable. PORT = '5556' + + # XXX we might want to make this configurable per-platform, + # and use the most performant socket type on each one. BIND_ADDR = "tcp://127.0.0.1:%s" % PORT PING_INTERVAL = 2 # secs @@ -67,6 +76,7 @@ class Backend(object): # Start an authenticator for this context. auth = ThreadAuthenticator(context) auth.start() + # XXX do not hardcode this here. auth.allow('127.0.0.1') # Tell authenticator to use the certificate in a directory -- cgit v1.2.3