From 5518564ef8e054dbf15cd022ca01ccc656c89e5b Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Tue, 6 Oct 2015 11:47:19 -0300 Subject: [bug] store zmq certs in the right path Change KEYS_DIR for a function, so the path does not get defined on import (and most likely) before the flags are defined. Move the flags_dict call before the generate_zmq_certificates call. Otherwise the standalone flag won't be set properly. - Resolves: #7512 --- src/leap/bitmask/backend/utils.py | 33 ++++++++++++++++++++++----------- src/leap/bitmask/backend_app.py | 6 +++--- 2 files changed, 25 insertions(+), 14 deletions(-) (limited to 'src/leap') diff --git a/src/leap/bitmask/backend/utils.py b/src/leap/bitmask/backend/utils.py index 3b5effc5..a5f54cd2 100644 --- a/src/leap/bitmask/backend/utils.py +++ b/src/leap/bitmask/backend/utils.py @@ -36,7 +36,14 @@ from leap.common.check import leap_assert logger = get_logger() -KEYS_DIR = os.path.join(get_path_prefix(), 'leap', 'zmq_certificates') + +def _get_keys_dir(): + """ + Return the path where the ZMQ certificates should be stored. + + :rtype: str + """ + return os.path.join(get_path_prefix(), 'leap', 'zmq_certificates') def _zmq_has_curve(): @@ -79,17 +86,18 @@ def generate_zmq_certificates(): """ leap_assert(flags.ZMQ_HAS_CURVE, "CurveZMQ not supported!") + keys_dir = _get_keys_dir() # Create directory for certificates, remove old content if necessary - if os.path.exists(KEYS_DIR): - shutil.rmtree(KEYS_DIR) - mkdir_p(KEYS_DIR) + if os.path.exists(keys_dir): + shutil.rmtree(keys_dir) + mkdir_p(keys_dir) # set permissions to: 0700 (U:rwx G:--- O:---) - os.chmod(KEYS_DIR, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR) + os.chmod(keys_dir, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR) # create new keys in certificates dir # public_file, secret_file = create_certificates(...) - zmq.auth.create_certificates(KEYS_DIR, "frontend") - zmq.auth.create_certificates(KEYS_DIR, "backend") + zmq.auth.create_certificates(keys_dir, "frontend") + zmq.auth.create_certificates(keys_dir, "backend") def get_frontend_certificates(): @@ -98,7 +106,8 @@ def get_frontend_certificates(): """ leap_assert(flags.ZMQ_HAS_CURVE, "CurveZMQ not supported!") - frontend_secret_file = os.path.join(KEYS_DIR, "frontend.key_secret") + keys_dir = _get_keys_dir() + frontend_secret_file = os.path.join(keys_dir, "frontend.key_secret") public, secret = zmq.auth.load_certificate(frontend_secret_file) return public, secret @@ -109,7 +118,8 @@ def get_backend_certificates(base_dir='.'): """ leap_assert(flags.ZMQ_HAS_CURVE, "CurveZMQ not supported!") - backend_secret_file = os.path.join(KEYS_DIR, "backend.key_secret") + keys_dir = _get_keys_dir() + backend_secret_file = os.path.join(keys_dir, "backend.key_secret") public, secret = zmq.auth.load_certificate(backend_secret_file) return public, secret @@ -120,8 +130,9 @@ def _certificates_exist(): :rtype: bool """ - frontend_secret_file = os.path.join(KEYS_DIR, "frontend.key_secret") - backend_secret_file = os.path.join(KEYS_DIR, "backend.key_secret") + keys_dir = _get_keys_dir() + frontend_secret_file = os.path.join(keys_dir, "frontend.key_secret") + backend_secret_file = os.path.join(keys_dir, "backend.key_secret") return os.path.isfile(frontend_secret_file) and \ os.path.isfile(backend_secret_file) diff --git a/src/leap/bitmask/backend_app.py b/src/leap/bitmask/backend_app.py index 1300ed05..1900c08f 100644 --- a/src/leap/bitmask/backend_app.py +++ b/src/leap/bitmask/backend_app.py @@ -72,6 +72,9 @@ def run_backend(bypass_checks=False, flags_dict=None, frontend_pid=None): # identification isn't working 100% logger = get_logger() # noqa + if flags_dict is not None: + dict_to_flags(flags_dict) + # The backend is the one who always creates the certificates. Either if it # is run separately or in a process in the same app as the frontend. if flags.ZMQ_HAS_CURVE: @@ -81,9 +84,6 @@ def run_backend(bypass_checks=False, flags_dict=None, frontend_pid=None): signal.signal(signal.SIGINT, signal.SIG_IGN) signal.signal(signal.SIGTERM, signal_handler) - if flags_dict is not None: - dict_to_flags(flags_dict) - reactor.callWhenRunning(start_events_and_updater, logger) backend = LeapBackend(bypass_checks=bypass_checks, -- cgit v1.2.3