← Back to branch summary

~diegosarmentero/ubuntuone-client/syncdaemon-q

« back to all changes in this revision

Viewing changes to ubuntuone/proxy/tunnel_server.py

  • Committer: Tarmac
  • Author(s): Alejandro J. Cura
  • Date: 2012-03-18 20:59:03 UTC
  • mfrom: (1196.7.2 proxy-tunnel-cookies)
  • Revision ID: tarmac-20120318205903-qertwpfc68mrv8tn
- Only allow connections that provide the right cookie thru the tunnel (LP: #929207).

Show diffs side-by-side

added added

removed removed

Lines of Context:
ubuntuone/proxy/tunnel_server.py
30
30
"""
31
31
 
32
32
import sys
 
33
import uuid
33
34
 
34
35
from PyQt4.QtCore import QCoreApplication, QTimer
35
36
from PyQt4.QtNetwork import (
46
47
 
47
48
from ubuntu_sso.keyring import Keyring
48
49
from ubuntu_sso.utils.webclient import gsettings
49
 
from ubuntuone.proxy.common import BaseTunnelProtocol, CRLF, TUNNEL_PORT_LABEL
 
50
from ubuntuone.proxy.common import (
 
51
    BaseTunnelProtocol,
 
52
    CRLF,
 
53
    TUNNEL_COOKIE_HEADER,
 
54
    TUNNEL_COOKIE_LABEL,
 
55
    TUNNEL_PORT_LABEL,
 
56
)
50
57
from ubuntuone.proxy.logger import logger
51
58
 
52
59
DEFAULT_CODE = 500
219
226
        except ValueError:
220
227
            self.error_response(400, "Bad request")
221
228
 
 
229
    def verify_cookie(self):
 
230
        """Fail if the cookie is wrong or missing."""
 
231
        cookie_received = dict(self.received_headers).get(TUNNEL_COOKIE_HEADER)
 
232
        if cookie_received != self.transport.cookie:
 
233
            raise ConnectionError(418, "Please see RFC 2324")
 
234
 
222
235
    @defer.inlineCallbacks
223
236
    def headers_done(self):
224
237
        """An empty line was received, start connecting and switch mode."""
225
238
        try:
 
239
            self.verify_cookie()
226
240
            try:
227
241
                logger.info("Connecting once")
228
242
                self.client = self.client_class(self)
267
281
 
268
282
    implements(interfaces.ITransport)
269
283
 
270
 
    def __init__(self, local_socket):
 
284
    def __init__(self, local_socket, cookie):
271
285
        """Initialize this Tunnel instance."""
 
286
        self.cookie = cookie
272
287
        self.disconnecting = False
273
288
        self.local_socket = local_socket
274
289
        self.protocol = ServerTunnelProtocol(RemoteSocket)
300
315
class TunnelServer(object):
301
316
    """A server for tunnel instances."""
302
317
 
303
 
    def __init__(self):
 
318
    def __init__(self, cookie):
304
319
        """Initialize this tunnel instance."""
305
320
        self.tunnels = []
 
321
        self.cookie = cookie
306
322
        self.server = QTcpServer(QCoreApplication.instance())
307
323
        self.server.newConnection.connect(self.new_connection)
308
324
        self.server.listen(QHostAddress.LocalHost, 0)
312
328
        """On a new connection create a new tunnel instance."""
313
329
        logger.info("New connection made")
314
330
        local_socket = self.server.nextPendingConnection()
315
 
        tunnel = Tunnel(local_socket)
 
331
        tunnel = Tunnel(local_socket, self.cookie)
316
332
        self.tunnels.append(tunnel)
317
333
 
318
334
    def shutdown(self):
352
368
        from dbus.mainloop.qt import DBusQtMainLoop
353
369
        DBusQtMainLoop(set_as_default=True)
354
370
        app = QCoreApplication(argv)
355
 
        tunnel_server = TunnelServer()
356
 
        sys.stdout.write("%s: %d\n" % (TUNNEL_PORT_LABEL, tunnel_server.port))
 
371
        cookie = str(uuid.uuid4())
 
372
        tunnel_server = TunnelServer(cookie)
 
373
        sys.stdout.write("%s: %d\n" % (TUNNEL_PORT_LABEL, tunnel_server.port) +
 
374
                         "%s: %s\n" % (TUNNEL_COOKIE_LABEL, cookie))
357
375
        sys.stdout.flush()
358
376
        app.exec_()