shaba/openuds
1
0
Fork 1
mirror of https://github.com/dkmstr/openuds.git synced 2025-10-06 11:33:43 +03:00
Code Issues Releases Wiki Activity

Compare commits

base: shaba:master
Branches Tags
shaba:master shaba:v4.0 shaba:dev/andres/v4.0 shaba:dev/andres/v4.0-req shaba:dev/janier/v4.0 shaba:dev/andres/master shaba:dev/janier/master shaba:v3.6 shaba:v3.5 shaba:v3.0 shaba:v2.2 shaba:gh-pages shaba:v2.1 shaba:v2.0 shaba:v1.9 shaba:v1.7 shaba:tags/1.5 shaba:tags/1.2u1 shaba:tags/1.2 shaba:tags/1.1u1 shaba:tags/1.1 shaba:tags/1.0
shaba:release-v4.0 shaba:release-v3.6 shaba:release-v3.5 shaba:v3.0 shaba:v3.5t shaba:v3.0t shaba:nonMultiClient shaba:tunnel3.0-compat shaba:oldSshTunnel shaba:2.2 shaba:2.1 shaba:2.0 shaba:1.9 shaba:oldLinuxActors
..
compare: shaba:v3.5
Branches Tags
shaba:master shaba:v4.0 shaba:dev/andres/v4.0 shaba:dev/andres/v4.0-req shaba:dev/janier/v4.0 shaba:dev/andres/master shaba:dev/janier/master shaba:v3.6 shaba:v3.5 shaba:v3.0 shaba:v2.2 shaba:gh-pages shaba:v2.1 shaba:v2.0 shaba:v1.9 shaba:v1.7 shaba:tags/1.5 shaba:tags/1.2u1 shaba:tags/1.2 shaba:tags/1.1u1 shaba:tags/1.1 shaba:tags/1.0
shaba:release-v4.0 shaba:release-v3.6 shaba:release-v3.5 shaba:v3.0 shaba:v3.5t shaba:v3.0t shaba:nonMultiClient shaba:tunnel3.0-compat shaba:oldSshTunnel shaba:2.2 shaba:2.1 shaba:2.0 shaba:1.9 shaba:oldLinuxActors

9 Commits
master ... v3.5

Author SHA1 Message Date
Adolfo Gómez García
e7089d9d86 Reverted typo on macos script and updated signatures 2023-04-13 13:23:34 +02:00
Adolfo Gómez García
7a367d9011 Fixed Spice tunneled connections 2023-04-13 13:20:52 +02:00
Adolfo Gómez García
089b8c82dc Updated tunnel scripts for spice and signatures 2023-04-13 12:48:02 +02:00
Adolfo Gómez García
df82c3854c minor fixes for 3.5 2023-03-30 01:20:50 +02:00
Adolfo Gómez García
f158235f16 fixes to allow rgeneration of clients 2023-03-08 13:28:40 +01:00
Adolfo Gómez García
fe704c0ba6 fixed Version to 3.5.1 to force download of UDS client 2023-03-08 11:09:01 +01:00
Adolfo Gómez García
8d635b781b regenerated 2023-03-08 10:57:47 +01:00
Adolfo Gómez García
00c48dff69 security update for UDS client 2023-03-08 10:09:40 +01:00
Adolfo Gómez García
01269e6d3e Ip Detection fix 2023-02-07 17:02:18 +01:00
1426 changed files with 142778 additions and 178755 deletions
Expand all files Collapse all files

11
.github/dependabot.yml vendored
View File

@@ -1,11 +0,0 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: "pip" # See documentation for possible values
directory: "/server" # Location of package manifests
schedule:
interval: "weekly"

19
.github/workflows/auto-assign.yml vendored
View File

@@ -1,19 +0,0 @@
name: Auto Assign
on:
issues:
types: [opened]
pull_request:
types: [opened]
jobs:
run:
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
steps:
- name: 'Auto-assign issue'
uses: pozil/auto-assign-issue@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
assignees: dkmstr
numOfAssignee: 1

20
.github/workflows/dependency-review.yml vendored
View File

@@ -1,20 +0,0 @@
# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3

63
.github/workflows/test.yml vendored
View File

@@ -1,63 +0,0 @@
name: Test OpenUDS
on:
push:
branches:
- '**'
pull_request:
jobs:
test:
runs-on: ubuntu-latest
defaults:
run:
working-directory: server
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
libsasl2-dev \
python3-dev \
libldap2-dev \
libssl-dev \
libmemcached-dev \
zlib1g-dev \
gcc
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Set PYTHONPATH
run: echo "PYTHONPATH=$PWD/src" >> $GITHUB_ENV
- name: Copy Django settings
run: cp src/server/settings.py.sample src/server/settings.py
- name: Generate RSA key and set as environment variable
run: |
openssl genrsa 2048 > private.pem
RSA_KEY=$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' private.pem)
echo "RSA_KEY=$RSA_KEY" >> $GITHUB_ENV
- name: Patch settings.py with generated RSA key
run: |
sed -i "s|^RSA_KEY = .*|RSA_KEY = '''$RSA_KEY'''|" src/server/settings.py
- name: Create log directory
run: mkdir -p src/log
- name: Run tests with pytest
run: python3 -m pytest

92
.gitignore vendored
View File

@@ -13,10 +13,59 @@
*.debhelper*
*-stamp
*.substvars
.coverage*
# /client/administration/
/client/administration/*.suo
# /client/administration/UdsAdmin/
/client/administration/UdsAdmin/*.user
# /client/administration/UdsAdmin/bin/
/client/administration/UdsAdmin/bin/Debug
/client/administration/UdsAdmin/bin/Release
# /client/administration/UdsAdmin/obj/x86/
/client/administration/UdsAdmin/obj/x86/Debug
/client/administration/UdsAdmin/obj/x86/Release
# /client/administration/installer/UDSAdminInstaller/
/client/administration/installer/UDSAdminInstaller/MSChart.exe
/client/administration/installer/UDSAdminInstaller/UDSAdminSetup.exe
# /linuxActor/
/linuxActor/udsactor_*
# /linuxActor/src/debian/
/linuxActor/src/debian/udsactor
# /linuxActorNX/
/linuxActorNX/udsactor-nx_*
# /linuxActorNX/src/debian/
/linuxActorNX/src/debian/udsactor-nx
# /linuxActorXRDP/
/linuxActorXRDP/udsactor-xrdp_*
# /linuxActorXRDP/src/debian/
/linuxActorXRDP/src/debian/udsactor-xrdp
# /nxtransport/jar/
/nxtransport/jar/*.sh
/nxtransport/jar/*.jar
# /nxtuntransport/jar/
/nxtuntransport/jar/*.sh
/nxtuntransport/jar/*.jar
# /rdptransport/java/jar/
/rdptransport/java/jar/*.sh
/rdptransport/java/jar/*.jar
# /server/
*_enterprise
/server/openuds.sublime-project
/server/openuds.sublime-workspace
# /server/src/
/server/src/taskmanager.pid
@@ -39,6 +88,7 @@
# /server/src/uds/
/server/src/uds/*_enterprise.py
/server/src/uds/fixtures
/server/src/uds/tests
# /server/src/uds/auths/
/server/src/uds/auths/*-enterprise
@@ -78,10 +128,40 @@
# /server/src/uds/transports/
/server/src/uds/transports/*-enterprise
# /udsService/
/udsService/*.suo
# /udsService/installer/
/udsService/installer/UDSActorSetup.exe
# /udsService/rpc/bin/
/udsService/rpc/bin/Debug
/udsService/rpc/bin/Release
/udsService/rpc/bin/x86
# /udsService/rpc/obj/
/udsService/rpc/obj/Debug
/udsService/rpc/obj/Release
/udsService/rpc/obj/x86
# /udsService/udsService/bin/
/udsService/udsService/bin/Debug
/udsService/udsService/bin/Release
/udsService/udsService/bin/x64
# /udsService/udsService/obj/
/udsService/udsService/obj/x64
/udsService/udsService/obj/x86
# /udsService/udsgui/bin/
/udsService/udsgui/bin/Debug
/udsService/udsgui/bin/Release
/udsService/udsgui/bin/x86
# /udsService/udsgui/obj/
/udsService/udsgui/obj/Debug
/udsService/udsgui/obj/Release
/udsService/udsgui/obj/x86
.vscode
.mypy_cache
.pytest_cache
.python-version
target/
server/test-vars.ini

16
.gitmodules vendored
View File

@@ -1,16 +0,0 @@
[submodule "guacamole-auth-uds"]
path = guacamole-auth-uds
url = git@github.com:VirtualCable/guacamole-auth-uds.git
branch = master
[submodule "tunnel-server"]
path = tunnel-server
url = git@github.com:VirtualCable/uds-tunnel-server.git
branch = master
[submodule "actor"]
path = actor
url = git@github.com:VirtualCable/uds-actor.git
branch = master
[submodule "client-py3"]
path = client
url = git@github.com:VirtualCable/uds-client.git
branch = master

29
LICENSE
View File

@@ -1,29 +0,0 @@
BSD 3-Clause License
Copyright (c) 2022-2024, Virtualcable S.L.U.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

16
README.md
View File

@@ -1,19 +1,15 @@
OpenUDS
![UDS Logo](https://www.udsenterprise.com/static//img/logoUDSNav.png)
openuds
=======
OpenUDS (Universal Desktop Services) is a multiplatform connection broker for:
- VDI: Windows and Linux virtual desktops administration and deployment
- App virtualization
- Desktop services consolidation
- ...
This is an Open Source project, initiated by Spanish Company Virtual Cable and released Open Source with the help of several Spanish Universities.
This is an Open Source Source project, initiated by Spanish Company Virtualcable and released Open Source with the help of several Spanish Universities.
Please feel free to contribute to this project.
Notes
=====
* Master version is always under heavy development and it is not recommended for use, it will probably have unfixed bugs. Please use the latest stable branch (`v4.0` right now).
* From `v4.0` onwards (current master), OpenUDS has been splitted in several repositories and contains submodules. Remember to use "git clone --resursive ..." to fetch it ;-).
* `v4.0` version needs Python 3.11 (may work fine on newer versions). It uses new features only available on 3.10 or later, and is tested against 3.11. It will probably work on 3.10 too.
Any help provided will be welcome.
**Note: Master version is always under heavy development and it is not recommended for use, it will probably have unfixed bugs. Please use the latest stable branch.**

11
SECURITY.md
View File

@@ -1,11 +0,0 @@
# Security
Virtual Cable takes the security of our software products and services seriously.
If you find any vulnerability, please, report it to "agomez@virtualcable.net".
Please, do not use the issue tracker for security vulnerabilities.
[]: # Path: README.md
Thank you very much for your interest in OpenUDS.

1
TODO.txt Normal file
View File

@@ -0,0 +1 @@

2
VERSION
View File

@@ -1 +1 @@
5.0.0
3.5.0

1
actor

Submodule actor deleted from 1b723fc3b4

2
actor/.env Normal file
View File

@@ -0,0 +1,2 @@
PYTHONPATH=./src:${PYTHONPATH}

8
actor/.gitignore vendored Normal file
View File

@@ -0,0 +1,8 @@
# Debian source builds
udsactor_*.dsc
udsactor_*.tar.xz
udsactor_*.buildinfo
udsactor_*.changes
# And binaries
udsactor*.deb
udsactor*.rpm

4
actor/deps.txt Normal file
View File

@@ -0,0 +1,4 @@
Linux:
python3-prctl (recommended, but not required in fact)
python3-pyqt5

1
actor/linux/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
/udsactor-*[1-9].*.spec

91
actor/linux/Makefile Normal file
View File

@@ -0,0 +1,91 @@
#!/usr/bin/make -f
# -*- makefile -*-
.PHONY: install-udsactor install-udsactor-unmanaged
# Directories
SOURCEDIR := ../src
LIBDIR := $(DESTDIR)/usr/share/UDSActor
BINDIR := $(DESTDIR)/usr/bin
SBINDIR = $(DESTDIR)/usr/sbin
APPSDIR := $(DESTDIR)/usr/share/applications
CFGDIR := $(DESTDIR)/etc/udsactor
SYSTEMDIR := $(DESTDIR)/etc/systemd/system
POLKITDIR := $(DESTDIR)/usr/share/polkit-1/actions/
XDGAUTOSTARTDIR := $(DESTDIR)/etc/xdg/autostart
KDEAUTOSTARTDIR := $(DESTDIR)/usr/share/autostart
PYC := $(shell find $(SOURCEDIR) -name '*.py[co]')
CACHES := $(shell find $(SOURCEDIR) -name '__pycache__' -o -name '.mypy_cache')
clean:
rm -rf $(PYC) $(CACHES) $(DESTDIR)
install-udsactor: udsactor
install-udsactor-unmanaged: udsactor udsactor-unmanaged
udsactor-unmanaged:
# Overwrite udsactor config is what to be done
cp scripts/UDSActorConfig-unmanaged $(SBINDIR)/UDSActorConfig
udsactor:
rm -rf $(DESTDIR)
mkdir -p $(LIBDIR)
mkdir -p $(BINDIR)
mkdir -p $(SBINDIR)
mkdir -p $(APPSDIR)
mkdir -p $(CFGDIR)
mkdir -p $(POLKITDIR)
mkdir -p $(XDGAUTOSTARTDIR)
mkdir -p $(KDEAUTOSTARTDIR)
mkdir $(LIBDIR)/img
# Cleans up .pyc and cache folders
rm -f $(PYC) $(CACHES)
cp -r $(SOURCEDIR)/udsactor $(LIBDIR)/udsactor
cp $(SOURCEDIR)/img/uds-icon.png $(LIBDIR)/img
cp $(SOURCEDIR)/actor_*.py $(LIBDIR)
# QT Dialogs & resources
cp -r $(SOURCEDIR)/ui $(LIBDIR)/ui
# Menu GUI app
cp desktop/UDS_Actor_Configuration.desktop $(APPSDIR)
# Autostart elements for gnome/kde
cp desktop/UDSActorTool.desktop $(XDGAUTOSTARTDIR)
cp desktop/UDSActorTool.desktop $(KDEAUTOSTARTDIR)
# scripts
cp scripts/udsactor $(BINDIR)
cp scripts/UDSActorConfig $(SBINDIR)
cp scripts/UDSActorConfig-pkexec $(SBINDIR)
cp scripts/UDSActorTool $(BINDIR)
cp scripts/UDSActorTool-startup $(BINDIR)
cp scripts/udsvapp ${BINDIR}
# Policy to run as administrator
cp policy/org.openuds.pkexec.UDSActorConfig.policy $(POLKITDIR)
# Fix permissions
chmod 755 $(BINDIR)/udsactor
chmod 755 $(BINDIR)/udsvapp
chmod 755 $(BINDIR)/UDSActorTool-startup
chmod 755 $(SBINDIR)/UDSActor*
chmod 755 $(LIBDIR)/actor_*.py
chmod 644 $(POLKITDIR)/org.openuds.pkexec.UDSActorConfig.policy
# If for red hat based, copy init.d
ifeq ($(DISTRO),rh)
mkdir -p $(SYSTEMDIR)
cp debian/udsactor.service $(SYSTEMDIR)/
endif
# chmod 0755 $(BINDIR)/udsactor
uninstall:
rm -rf $(LIBDIR)
# rm -f $(BINDIR)/udsactor
rm -rf $(CFGDIR)

36
actor/linux/build-packages.sh Executable file
View File

@@ -0,0 +1,36 @@
#!/bin/bash
VERSION=`cat ../../VERSION`
RELEASE=1
top=`pwd`
# Debian based
dpkg-buildpackage -b
cat udsactor-template.spec |
sed -e s/"version 0.0.0"/"version ${VERSION}"/g |
sed -e s/"release 1"/"release ${RELEASE}"/g > udsactor-$VERSION.spec
# Now fix dependencies for opensuse
# Note that, although on opensuse the library is "libXss1" on newer,
# the LibXscrnSaver is a "capability" and gets libXss1 installed
# So right now, we only need 1 uds actor for both platforms.
# cat udsactor-template.spec |
# sed -e s/"version 0.0.0"/"version ${VERSION}"/g |
# sed -e s/"name udsactor"/"name udsactor-opensuse"/g |
# sed -e s/"libXScrnSaver"/"libXss1"/g > udsactor-opensuse-$VERSION.spec
#for pkg in udsactor-$VERSION.spec udsactor-opensuse-$VERSION.spec; do
for pkg in udsactor-$VERSION.spec; do
rm -rf rpm
for folder in SOURCES BUILD RPMS SPECS SRPMS; do
mkdir -p rpm/$folder
done
rpmbuild -v -bb --clean --buildroot=$top/rpm/BUILD/$pkg-root --target noarch $pkg 2>&1
done
rpm --addsign ../*rpm
#rm udsactor-$VERSION

2
actor/linux/debian/.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
/udsactor/
/udsactor-unmanaged/

59
actor/linux/debian/changelog Normal file
View File

@@ -0,0 +1,59 @@
udsactor (3.5.0) stable; urgency=medium
* Upgraded to 3.5.0 release
-- Adolfo Gómez García <agomez@virtualcable.es> Fri, 23 Oct 2020 8:00:00 +0200
udsactor (3.0.0) stable; urgency=medium
* Upgraded to 3.0.0 release
-- Adolfo Gómez García <agomez@virtualcable.es> Wed, 10 Jul 2019 9:24:10 +0200
udsactor (2.2.1) stable; urgency=medium
* Upgraded to 2.2.1 release
-- Adolfo Gómez García <agomez@virtualcable.es> Thu, 2 Oct 2018 12:44:12 +0200
udsactor (2.2.0) stable; urgency=medium
* Upgraded to 2.2.0 release
-- Adolfo Gómez García <agomez@virtualcable.es> Thu, 19 Oct 2017 16:44:12 +0200
udsactor (2.1.0) stable; urgency=medium
* Fixes for 2.1.0 release
-- Adolfo Gómez García <agomez@virtualcable.es> Tue, 19 Jan 2017 08:00:22 +0200
udsactor (2.0.0) stable; urgency=medium
* Upgrade for 2.0.0
-- Adolfo Gómez García <agomez@virtualcable.es> Tue, 01 Mar 2016 03:39:21 +0100
udsactor (1.9.1) stable; urgency=medium
* Upgrade for 1.9.1
-- Adolfo Gómez García <agomez@virtualcable.es> Tue, 01 Mar 2016 03:19:21 +0100
udsactor (1.9.0) stable; urgency=medium
* Upgrade for 1.9.0 (fixed package version)
-- Adolfo Gómez García <agomez@virtualcable.es> Tue, 05 May 2015 07:10:27 +0200
udsactor (1.7.5) stable; urgency=medium
* Upgrade for 1.7.5
-- Adolfo Gómez García <agomez@virtualcable.es> Thu, 23 Apr 2015 06:08:53 +0200
udsactor (1.7.0) stable; urgency=medium
* Initial release.
-- Adolfo Gómez García <agomez@virtualcable.es> Mon, 17 Nov 2014 05:32:41 +0100

1
actor/linux/debian/compat Normal file
View File

@@ -0,0 +1 @@
10

26
actor/linux/debian/control Normal file
View File

@@ -0,0 +1,26 @@
Source: udsactor
Section: admin
Priority: optional
Maintainer: Adolfo Gómez García <agomez@virtualcable.net>
Build-Depends: debhelper (>= 7), po-debconf, dh-systemd (>= 1.5)
Standards-Version: 4.1.4
Homepage: http://www.udsenterprise.com
Package: udsactor
Section: admin
Priority: optional
Architecture: all
Depends: policykit-1(>=0.100), python3-requests (>=0.8.2), python3-pyqt5 (>=4.9), python3-six(>=1.1), python3 (>=3.6), libxss1, xscreensaver, ${misc:Depends}
Recommends: python3-prctl(>=1.1.1)
Description: Actor for Universal Desktop Services (UDS) Broker
This package provides the required components to allow managed machines to work on an environment managed by UDS Broker.
Package: udsactor-unmanaged
Section: admin
Priority: optional
Architecture: all
Depends: policykit-1(>=0.100), python3-requests (>=0.8.2), python3-pyqt5 (>=4.9), python3-six(>=1.1), python3 (>=3.6), libxss1, xscreensaver, ${misc:Depends}
Recommends: python3-prctl(>=1.1.1)
Description: Actor for Universal Desktop Services (UDS) Broker Static Unmanaged machines
This package provides the required components to allow unmanaged machines (static, independent machines) to work on an environment managed by UDS Broker.

26
actor/linux/debian/copyright Normal file
View File

@@ -0,0 +1,26 @@
Format-Specification: http://svn.debian.org/wsvn/dep/web/deps/dep5.mdwn?op=file&rev=135
Name: udsactor
Maintainer: Adolfo Gómez García
Source: http://www.udsenterprise.com/
Copyright: 2014-2019 Virtual Cable S.L.U.
License: BSD-3-clause
License: GPL-2+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
.
On Debian systems, the full text of the GNU General Public
License version 2 can be found in the file
`/usr/share/common-licenses/GPL-2'.

1
actor/linux/debian/docs Normal file
View File

@@ -0,0 +1 @@
readme.txt

3
actor/linux/debian/files Normal file
View File

@@ -0,0 +1,3 @@
udsactor-unmanaged_3.5.0_all.deb admin optional
udsactor_3.5.0_all.deb admin optional
udsactor_3.5.0_amd64.buildinfo admin optional

47
actor/linux/debian/rules Executable file
View File

@@ -0,0 +1,47 @@
#!/usr/bin/make -f
# -*- makefile -*-
configure: configure-stamp
configure-stamp:
dh_testdir
touch configure-stamp
build: build-arch build-indep
build-arch: build-stamp
build-indep: build-stamp
build-stamp: configure-stamp
dh_testdir
$(MAKE)
touch $@
clean:
dh_testdir
dh_testroot
rm -f build-stamp configure-stamp
dh_clean
install: build
dh_testdir
dh_testroot
dh_prep
dh_installdirs
$(MAKE) DESTDIR=$(CURDIR)/debian/udsactor install-udsactor
$(MAKE) DESTDIR=$(CURDIR)/debian/udsactor-unmanaged install-udsactor-unmanaged
binary-arch: build install
# emptyness
binary-indep: build install
dh_testdir
dh_testroot
dh_installchangelogs
dh_installdocs
dh_installdebconf
dh_systemd_enable
dh_installinit --no-restart-on-upgrade --no-start --name=udsactor
dh_systemd_start
dh_python2=python
dh_compress
dh_link
dh_fixperms
dh_installdeb
dh_shlibdeps
dh_gencontrol
dh_md5sums
dh_builddeb
binary: binary-indep
.PHONY: build clean binary-indep binary install configure

1
actor/linux/debian/source/format Normal file
View File

@@ -0,0 +1 @@
3.0 (native)

1
actor/linux/debian/udsactor-unmanaged.config Symbolic link
View File

@@ -0,0 +1 @@
udsactor.postinst

1
actor/linux/debian/udsactor-unmanaged.service Symbolic link
View File

@@ -0,0 +1 @@
udsactor.service

3
actor/linux/debian/udsactor.config Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/sh -e
exit 0

28
actor/linux/debian/udsactor.postinst Executable file
View File

@@ -0,0 +1,28 @@
#!/bin/sh
. /usr/share/debconf/confmodule
set -e
case "$1" in
configure)
/usr/bin/python3 -m compileall /usr/share/UDSActor > /dev/nul 2>&1
# Fix perms so only root can access "masterKey"
chmod 0700 /etc/udsactor
# chmod 0600 /etc/udsactor/udsactor.cfg
chown root:root /etc/udsactor
# chown root:root /etc/udsactor/udsactor.cfg
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
#DEBHELPER#
exit 0

14
actor/linux/debian/udsactor.postrm Executable file
View File

@@ -0,0 +1,14 @@
#!/bin/sh -e
. /usr/share/debconf/confmodule
set -e
if [ "$1" = "purge" ] ; then
if [ -f /etc/udsactor/udsactor.cfg ]; then
mv /etc/udsactor/udsactor.cfg /etc/udsactor/udsactor.cfg.dpkg-backup
# Remove .pyc leaved behind
rm -rf /usr/share/UDSActor || true > /dev/null 2>&1
fi
fi

1
actor/linux/debian/udsactor.prerm Executable file
View File

@@ -0,0 +1 @@
#! /bin/bash -e

14
actor/linux/debian/udsactor.service Normal file
View File

@@ -0,0 +1,14 @@
[Unit]
Description=UDS Broker actor
After=network.target
[Service]
Type=simple
User=root
Group=root
WorkingDirectory=/usr/share/UDSActor
ExecStart=/usr/bin/python3 actor_service.py start-foreground
PrivateTmp=true
[Install]
WantedBy=multi-user.target

12
actor/linux/desktop/UDSActorTool.desktop Normal file
View File

@@ -0,0 +1,12 @@
[Desktop Entry]
Name=UDS Actor Tool
Comment=UDS Actor Userspace tools
Exec=/usr/bin/UDSActorTool-startup
Icon=/usr/share/UDSActor/img/uds-icon.png
Terminal=false
Type=Application
NoDisplay=true
X-KDE-autostart-after=panel
X-KDE-StartupNotify=false
X-DBUS-StartupType=None
X-KDE-UniqueApplet=false

11
actor/linux/desktop/UDS_Actor_Configuration.desktop Normal file
View File

@@ -0,0 +1,11 @@
[Desktop Entry]
Name=UDS Actor Configuration
Version=1.0
Exec=/usr/sbin/UDSActorConfig-pkexec
Comment=UDS Actor Configuration Application. (Must be executed as root)
Icon=/usr/share/UDSActor/img/uds-icon.png
Type=Application
Terminal=false
StartupNotify=true
Encoding=UTF-8
Categories=Settings;System;

20
actor/linux/policy/org.openuds.pkexec.UDSActorConfig.policy Normal file
View File

@@ -0,0 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
<action id="org.freedesktop.policykit.pkexec.run-UDSActorConfig">
<description>Run UDS Actor Configuration Program</description>
<message>Authentication is required to run UDS Actor Configuration</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/UDSActorConfig</annotate>
<annotate key="org.freedesktop.policykit.exec.allow_gui">TRUE</annotate>
</action>
</policyconfig>

3
actor/linux/readme.txt Normal file
View File

@@ -0,0 +1,3 @@
UDSActor is the client actor needed to get machines managed by UDS Broker.
Please, visit http://www.udsenterprise.com for more information

6
actor/linux/scripts/UDSActorConfig Executable file
View File

@@ -0,0 +1,6 @@
#!/bin/sh
FOLDER=/usr/share/UDSActor
cd $FOLDER
exec python3 actor_config.py -platform xcb $@

3
actor/linux/scripts/UDSActorConfig-pkexec Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/sh
# pkexec env DISPLAY=$DISPLAY QT_X11_NO_MITSHM=1 "/usr/sbin/UDSActorConfig" "$@"
pkexec "/usr/sbin/UDSActorConfig" "$@"

6
actor/linux/scripts/UDSActorConfig-unmanaged Executable file
View File

@@ -0,0 +1,6 @@
#!/bin/sh
FOLDER=/usr/share/UDSActor
cd $FOLDER
exec python3 actor_config_unmanaged.py -platform xcb $@

6
actor/linux/scripts/UDSActorTool Executable file
View File

@@ -0,0 +1,6 @@
#!/bin/sh
FOLDER=/usr/share/UDSActor
cd $FOLDER
exec python3 -s actor_client.py -platform xcb $@

3
actor/linux/scripts/UDSActorTool-startup Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/sh
exec /usr/bin/UDSActorTool

13
actor/linux/scripts/uds-sesman.sh Executable file
View File

@@ -0,0 +1,13 @@
#!/bin/sh
env > /tmp/env.txt
if [ "$PAM_TYPE" = "open_session" ]; then
nohup /usr/bin/udsactor login $PAM_USER &
# Wait in backgroud to TTY to close (close_session is not being invoked right now)
nohup /usr/bin/uds-wait-session &
elif [ "$PAM_TYPE" = "close_session" ]; then
nohup /usr/bin/udsactor logout $PAM_USER &
fi
return 0

12
actor/linux/scripts/uds-wait-session.sh Executable file
View File

@@ -0,0 +1,12 @@
#!/bin/sh
while :
do
sleep 5 # Wait 5 seconds between checks
found=`ps -f -u$PAM_USER | grep -v grep | grep -v uds-wait-session | grep "$PAM_TTY" | wc -l`
if [ "$found" = "0" ]; then
/usr/bin/udsactor logout $PAM_USER
exit 0
fi
done

6
actor/linux/scripts/udsactor Executable file
View File

@@ -0,0 +1,6 @@
#!/bin/sh
FOLDER=/usr/share/UDSActor
cd $FOLDER
exec python3 actor_service.py $@

3
actor/linux/scripts/udsnxstart.sh Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/sh
exec /usr/bin/udsactor login $2 &

3
actor/linux/scripts/udsnxstop.sh Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/sh
exec /usr/bin/udsactor logout $2 &

5
actor/linux/scripts/udsvapp Executable file
View File

@@ -0,0 +1,5 @@
#!/bin/sh
/usr/bin/udsactor login "$USER"
$@
/usr/bin/udsactor logout "$USER"

70
actor/linux/udsactor-template.spec Normal file
View File

@@ -0,0 +1,70 @@
%define _topdir %(echo $PWD)/rpm
%define name udsactor
%define version 0.0.0
%define release 1
%define buildroot %{_topdir}/%{name}-%{version}-%{release}-root
BuildRoot: %{buildroot}
Name: %{name}
Version: %{version}
Release: %{release}
Summary: Actor for Universal Desktop Services (UDS) Broker
License: BSD3
Group: Admin
Requires: python3-six python3-requests python3-qt5 libXScrnSaver
Vendor: Virtual Cable S.L.U.
URL: http://www.udsenterprise.com
Provides: udsactor
%define _rpmdir ../
%define _rpmfilename %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm
%install
curdir=`pwd`
cd ../..
make DESTDIR=$RPM_BUILD_ROOT DISTRO=rh install-udsactor
cd $curdir
%clean
rm -rf $RPM_BUILD_ROOT
curdir=`pwd`
cd ../..
make DESTDIR=$RPM_BUILD_ROOT DISTRO=rh clean
cd $curdir
%post
systemctl enable udsactor.service > /dev/null 2>&1
%preun
systemctl disable udsactor.service > /dev/null 2>&1
systemctl stop udsactor.service > /dev/null 2>&1
%postun
# $1 == 0 on uninstall, == 1 on upgrade for preun and postun (just a reminder for me... :) )
if [ $1 -eq 0 ]; then
rm -rf /etc/udsactor
rm /var/log/udsactor.log
fi
# And, posibly, the .pyc leaved behind on /usr/share/UDSActor
rm -rf /usr/share/UDSActor > /dev/null 2>&1
%description
This package provides the required components to allow this machine to work on an environment managed by UDS Broker.
%files
%defattr(-,root,root)
/etc/udsactor
/etc/xdg/autostart/UDSActorTool.desktop
/etc/systemd/system/udsactor.service
/usr/bin/UDSActorTool-startup
/usr/bin/udsactor
/usr/bin/udsvapp
/usr/bin/UDSActorTool
/usr/sbin/UDSActorConfig
/usr/sbin/UDSActorConfig-pkexec
/usr/share/UDSActor/*
/usr/share/applications/UDS_Actor_Configuration.desktop
/usr/share/autostart/UDSActorTool.desktop
/usr/share/polkit-1/actions/org.openuds.pkexec.UDSActorConfig.policy

3
actor/src/.gitignore vendored Normal file
View File

@@ -0,0 +1,3 @@
dist
build
*.spec

77
actor/src/actor_client.py Executable file
View File

@@ -0,0 +1,77 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# Copyright (c) 2020 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=invalid-name
import sys
import os
import PyQt5 # pylint: disable=unused-import
from PyQt5.QtCore import QTimer
from PyQt5.QtWidgets import QMainWindow
from udsactor.log import logger, INFO
from udsactor.client import UDSClientQApp
from udsactor.platform import operations
if __name__ == "__main__":
logger.setLevel(INFO)
# Ensure idle operations is initialized on start
operations.initIdleDuration(0)
if 'linux' in sys.platform:
os.environ['QT_X11_NO_MITSHM'] = '1'
UDSClientQApp.setQuitOnLastWindowClosed(False)
qApp = UDSClientQApp(sys.argv)
if 'linux' not in sys.platform:
# The "hidden window" is only needed to process events on Windows
# Not needed on Linux
mw = QMainWindow()
mw.showMinimized() # Start minimized, will be hidden (not destroyed) as soon as qApp.init is invoked
qApp.setMainWindow(mw)
qApp.init()
# Crate a timer to a "dummy" function, so python can check signals from time to time by executing the python interpreter
# Note: Signals are only checked on python code execution, so we create a timer to force call back to python
timer = QTimer(qApp)
timer.start(1000)
timer.timeout.connect(lambda *a: None) # type: ignore # timeout can be connected to a callable
qApp.exec()
# On windows, if no window is created, this point will never be reached.
qApp.end()
logger.debug('Exiting...')

195
actor/src/actor_config.py Executable file
View File

@@ -0,0 +1,195 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# Copyright (c) 2020 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=invalid-name
import sys
import os
import logging
import typing
import PyQt5 # pylint: disable=unused-import
from PyQt5.QtWidgets import QApplication, QDialog, QFileDialog, QMessageBox
import udsactor
from ui.setup_dialog_ui import Ui_UdsActorSetupDialog
# Not imported at runtime, just for type checking
if typing.TYPE_CHECKING:
from PyQt5.QtWidgets import QLineEdit # pylint: disable=ungrouped-imports
logger = logging.getLogger('actor')
class UDSConfigDialog(QDialog):
_host: str = ''
def __init__(self) -> None:
QDialog.__init__(self, None)
# Get local config config
config: udsactor.types.ActorConfigurationType = udsactor.platform.store.readConfig()
self.ui = Ui_UdsActorSetupDialog()
self.ui.setupUi(self)
self.ui.host.setText(config.host)
self.ui.validateCertificate.setCurrentIndex(1 if config.validateCertificate else 0)
self.ui.postConfigCommand.setText(config.post_command or '')
self.ui.preCommand.setText(config.pre_command or '')
self.ui.runonceCommand.setText(config.runonce_command or '')
self.ui.logLevelComboBox.setCurrentIndex(config.log_level)
if config.host:
self.updateAuthenticators()
self.ui.username.setText('')
self.ui.password.setText('')
self.ui.testButton.setEnabled(bool(config.master_token and config.host))
@property
def api(self) -> udsactor.rest.UDSServerApi:
return udsactor.rest.UDSServerApi(self.ui.host.text(), self.ui.validateCertificate.currentIndex() == 1)
def browse(self, lineEdit: 'QLineEdit', caption: str) -> None:
name = QFileDialog.getOpenFileName(parent=self, caption=caption, directory=os.path.dirname(lineEdit.text()))[0]
if name:
if ' ' in name:
name = '"' + name + '"'
lineEdit.setText(os.path.normpath(name))
def browsePreconnect(self) -> None:
self.browse(self.ui.preCommand, 'Select Preconnect command')
def browseRunOnce(self) -> None:
self.browse(self.ui.runonceCommand, 'Select Runonce command')
def browsePostConfig(self) -> None:
self.browse(self.ui.postConfigCommand, 'Select Postconfig command')
def updateAuthenticators(self) -> None:
if self.ui.host.text() != self._host:
self._host = self.ui.host.text()
self.ui.authenticators.clear()
auth: udsactor.types.AuthenticatorType
auths = list(self.api.enumerateAuthenticators())
if auths:
for auth in auths:
self.ui.authenticators.addItem(auth.auth, userData=auth)
# Last, add "admin" authenticator (for uds root user)
self.ui.authenticators.addItem('Administration', userData=udsactor.types.AuthenticatorType('admin', 'admin', 'admin', 'admin', 1, False))
def textChanged(self) -> None:
enableButtons = bool(self.ui.host.text() and self.ui.username.text() and self.ui.password.text() and self.ui.authenticators.currentText())
self.ui.registerButton.setEnabled(enableButtons)
self.ui.testButton.setEnabled(False) # Only registered information can be checked
def finish(self) -> None:
self.close()
def testUDSServer(self) -> None:
config: udsactor.types.ActorConfigurationType = udsactor.platform.store.readConfig()
if not config.master_token or not config.host:
self.ui.testButton.setEnabled(False)
return
try:
api = udsactor.rest.UDSServerApi(config.host, config.validateCertificate)
if not api.test(config.master_token, udsactor.types.MANAGED):
QMessageBox.information(
self,
'UDS Test',
'Current configured token seems to be invalid for {}. Please, request a new one.'.format(config.host),
QMessageBox.Ok
)
else:
QMessageBox.information(
self,
'UDS Test',
'Configuration for {} seems to be correct.'.format(config.host),
QMessageBox.Ok
)
except Exception:
QMessageBox.information(
self,
'UDS Test',
'Configured host {} seems to be inaccesible.'.format(config.host),
QMessageBox.Ok
)
def registerWithUDS(self) -> None:
# Get network card. Will fail if no network card is available, but don't mind (not contempled)
data: udsactor.types.InterfaceInfoType = next(udsactor.platform.operations.getNetworkInfo())
try:
token = self.api.register(
self.ui.authenticators.currentData().auth,
self.ui.username.text(),
self.ui.password.text(),
udsactor.platform.operations.getComputerName(),
data.ip or '', # IP
data.mac or '', # MAC
self.ui.preCommand.text(),
self.ui.runonceCommand.text(),
self.ui.postConfigCommand.text(),
self.ui.logLevelComboBox.currentIndex() # Loglevel
)
# Store parameters on register for later use, notify user of registration
udsactor.platform.store.writeConfig(
udsactor.types.ActorConfigurationType(
actorType=udsactor.types.MANAGED,
host=self.ui.host.text(),
validateCertificate=self.ui.validateCertificate.currentIndex() == 1,
master_token=token,
pre_command=self.ui.preCommand.text(),
post_command=self.ui.postConfigCommand.text(),
runonce_command=self.ui.runonceCommand.text(),
log_level=self.ui.logLevelComboBox.currentIndex()
)
)
# Enables test button
self.ui.testButton.setEnabled(True)
# Informs the user
QMessageBox.information(self, 'UDS Registration', 'Registration with UDS completed.', QMessageBox.Ok)
except udsactor.rest.RESTError as e:
self.ui.testButton.setEnabled(False)
QMessageBox.critical(self, 'UDS Registration', 'UDS Registration error: {}'.format(e), QMessageBox.Ok)
if __name__ == "__main__":
# If to be run as "sudo" on linux, we will need this to avoid problems
if 'linux' in sys.platform:
os.environ['QT_X11_NO_MITSHM'] = '1'
app = QApplication(sys.argv)
if udsactor.platform.operations.checkPermissions() is False:
QMessageBox.critical(None, 'UDS Actor', 'This Program must be executed as administrator', QMessageBox.Ok) # type: ignore
sys.exit(1)
myapp = UDSConfigDialog()
myapp.show()
sys.exit(app.exec())

192
actor/src/actor_config_unmanaged.py Executable file
View File

@@ -0,0 +1,192 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# Copyright (c) 2020 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=invalid-name
import sys
import os
import pickle
import logging
import typing
import PyQt5 # pylint: disable=unused-import
from PyQt5.QtWidgets import QApplication, QDialog, QMessageBox
import udsactor
import udsactor.tools
from ui.setup_dialog_unmanaged_ui import Ui_UdsActorSetupDialog
# Not imported at runtime, just for type checking
if typing.TYPE_CHECKING:
from PyQt5.QtWidgets import QLineEdit # pylint: disable=ungrouped-imports
logger = logging.getLogger('actor')
class UDSConfigDialog(QDialog):
_host: str = ''
_config: udsactor.types.ActorConfigurationType
def __init__(self) -> None:
QDialog.__init__(self, None)
# Get local config config
self._config = udsactor.platform.store.readConfig()
self.ui = Ui_UdsActorSetupDialog()
self.ui.setupUi(self)
self.ui.host.setText(self._config.host)
self.ui.validateCertificate.setCurrentIndex(
1 if self._config.validateCertificate else 0
)
self.ui.logLevelComboBox.setCurrentIndex(self._config.log_level)
self.ui.serviceToken.setText(self._config.master_token or '')
self.ui.restrictNet.setText(self._config.restrict_net or '')
self.ui.testButton.setEnabled(
bool(self._config.master_token and self._config.host)
)
@property
def api(self) -> udsactor.rest.UDSServerApi:
return udsactor.rest.UDSServerApi(
self.ui.host.text(), self.ui.validateCertificate.currentIndex() == 1
)
def finish(self) -> None:
self.close()
def configChanged(self, text: str) -> None:
self.ui.testButton.setEnabled(
self.ui.host.text() == self._config.host
and self.ui.serviceToken.text() == self._config.master_token
and self.ui.restrictNet.text() == self._config.restrict_net
)
def testUDSServer(self) -> None:
if not self._config.master_token or not self._config.host:
self.ui.testButton.setEnabled(False)
return
try:
api = udsactor.rest.UDSServerApi(
self._config.host, self._config.validateCertificate
)
if not api.test(self._config.master_token, udsactor.types.UNMANAGED):
QMessageBox.information(
self,
'UDS Test',
'Service token seems to be invalid . Please, check token validity.',
QMessageBox.Ok,
)
else:
QMessageBox.information(
self,
'UDS Test',
'Configuration for {} seems to be correct.'.format(
self._config.host
),
QMessageBox.Ok,
)
except Exception:
QMessageBox.information(
self,
'UDS Test',
'Configured host {} seems to be inaccesible.'.format(self._config.host),
QMessageBox.Ok,
)
def saveConfig(self) -> None:
# Ensure restrict_net is empty or a valid subnet
restrictNet = self.ui.restrictNet.text().strip()
if restrictNet:
try:
subnet = udsactor.tools.strToNoIPV4Network(restrictNet)
if not subnet:
raise Exception('Invalid subnet')
except Exception:
QMessageBox.information(
self,
'Invalid subnet',
'Invalid subnet {}. Please, check it.'.format(restrictNet),
QMessageBox.Ok,
)
return
# Store parameters on register for later use, notify user of registration
self._config = udsactor.types.ActorConfigurationType(
actorType=udsactor.types.UNMANAGED,
host=self.ui.host.text(),
validateCertificate=self.ui.validateCertificate.currentIndex() == 1,
master_token=self.ui.serviceToken.text().strip(),
restrict_net=restrictNet,
log_level=self.ui.logLevelComboBox.currentIndex(),
)
udsactor.platform.store.writeConfig(self._config)
# Enables test button
self.ui.testButton.setEnabled(True)
# Informs the user
QMessageBox.information(
self, 'UDS Configuration', 'Configuration saved.', QMessageBox.Ok
)
if __name__ == "__main__":
# If to be run as "sudo" on linux, we will need this to avoid problems
if 'linux' in sys.platform:
os.environ['QT_X11_NO_MITSHM'] = '1'
app = QApplication(sys.argv)
if udsactor.platform.operations.checkPermissions() is False:
QMessageBox.critical(None, 'UDS Actor', 'This Program must be executed as administrator', QMessageBox.Ok) # type: ignore
sys.exit(1)
if len(sys.argv) > 2:
if sys.argv[1] == 'export':
try:
with open(sys.argv[2], 'wb') as f:
pickle.dump(udsactor.platform.store.readConfig(), f, protocol=3)
except Exception as e:
print('Error exporting configuration file: {}'.format(e))
sys.exit(1)
sys.exit(0)
if sys.argv[1] == 'import':
try:
with open(sys.argv[2], 'rb') as f:
config = pickle.load(f)
udsactor.platform.store.writeConfig(config)
except Exception as e:
print('Error importing configuration file: {}'.format(e))
sys.exit(1)
sys.exit(0)
myapp = UDSConfigDialog()
myapp.show()
sys.exit(app.exec())

23
server/src/uds/core/consts/actor.py → actor/src/actor_service.py Normal file → Executable file
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# Copyright (c) 2023 Virtual Cable S.L.U.
# Copyright (c) 2020 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -12,7 +12,7 @@
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L.U. nor the names of its contributors
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
@@ -26,12 +26,15 @@
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import sys
"""
Author: Adolfo Gómez, dkmaster at dkmon dot com
"""
import typing
MANAGED: typing.Final[str] = 'managed'
UNMANAGED: typing.Final[str] = 'unmanaged' # matches the definition of UDS Actors OFC
if sys.platform == 'win32':
from udsactor.windows import runner
else:
from udsactor.linux import runner
if __name__ == "__main__":
runner.run()

398
actor/src/designer/setup-dialog-unmanaged.ui Normal file
View File

@@ -0,0 +1,398 @@
<?xml version="1.0" encoding="UTF-8"?>
<ui version="4.0">
<author>Adolfo Gómez</author>
<class>UdsActorSetupDialog</class>
<widget class="QDialog" name="UdsActorSetupDialog">
<property name="windowModality">
<enum>Qt::WindowModal</enum>
</property>
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>601</width>
<height>243</height>
</rect>
</property>
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Preferred">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="font">
<font>
<family>Verdana</family>
<pointsize>9</pointsize>
</font>
</property>
<property name="contextMenuPolicy">
<enum>Qt::DefaultContextMenu</enum>
</property>
<property name="windowTitle">
<string>UDS Actor Configuration Tool</string>
</property>
<property name="windowIcon">
<iconset resource="uds.qrc">
<normaloff>:/img/img/uds-icon.png</normaloff>:/img/img/uds-icon.png</iconset>
</property>
<property name="autoFillBackground">
<bool>false</bool>
</property>
<property name="locale">
<locale language="English" country="UnitedStates"/>
</property>
<property name="sizeGripEnabled">
<bool>false</bool>
</property>
<property name="modal">
<bool>true</bool>
</property>
<widget class="QPushButton" name="saveButton">
<property name="enabled">
<bool>true</bool>
</property>
<property name="geometry">
<rect>
<x>10</x>
<y>210</y>
<width>181</width>
<height>23</height>
</rect>
</property>
<property name="minimumSize">
<size>
<width>181</width>
<height>0</height>
</size>
</property>
<property name="contextMenuPolicy">
<enum>Qt::DefaultContextMenu</enum>
</property>
<property name="toolTip">
<string>Click to register Actor with UDS Broker</string>
</property>
<property name="whatsThis">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Click on this button to register Actor with UDS Broker.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="text">
<string>Save Configuration</string>
</property>
</widget>
<widget class="QPushButton" name="closeButton">
<property name="geometry">
<rect>
<x>410</x>
<y>210</y>
<width>171</width>
<height>23</height>
</rect>
</property>
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="minimumSize">
<size>
<width>171</width>
<height>0</height>
</size>
</property>
<property name="toolTip">
<string>Closes UDS Actor Configuration (discard pending changes if any)</string>
</property>
<property name="whatsThis">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Exits the UDS Actor Configuration Tool&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="text">
<string>Close</string>
</property>
</widget>
<widget class="QPushButton" name="testButton">
<property name="enabled">
<bool>false</bool>
</property>
<property name="geometry">
<rect>
<x>210</x>
<y>210</y>
<width>181</width>
<height>23</height>
</rect>
</property>
<property name="minimumSize">
<size>
<width>181</width>
<height>0</height>
</size>
</property>
<property name="toolTip">
<string>Click to test existing configuration (disabled if no config found)</string>
</property>
<property name="whatsThis">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Click on this button to test the server host and assigned toen.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="text">
<string>Test configuration</string>
</property>
</widget>
<widget class="QWidget" name="layoutWidget">
<property name="geometry">
<rect>
<x>10</x>
<y>10</y>
<width>571</width>
<height>191</height>
</rect>
</property>
<layout class="QFormLayout" name="formLayout">
<property name="sizeConstraint">
<enum>QLayout::SetDefaultConstraint</enum>
</property>
<property name="fieldGrowthPolicy">
<enum>QFormLayout::AllNonFixedFieldsGrow</enum>
</property>
<property name="verticalSpacing">
<number>16</number>
</property>
<item row="0" column="0">
<widget class="QLabel" name="label_security">
<property name="text">
<string>SSL Validation</string>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QComboBox" name="validateCertificate">
<property name="toolTip">
<string>Select communication security with broker</string>
</property>
<property name="whatsThis">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Select the security for communications with UDS Broker.&lt;/p&gt;&lt;p&gt;The recommended method of communication is &lt;span style=&quot; font-weight:600;&quot;&gt;Use SSL&lt;/span&gt;, but selection needs to be acording to your broker configuration.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<item>
<property name="text">
<string>Ignore certificate</string>
</property>
</item>
<item>
<property name="text">
<string>Verify certificate</string>
</property>
</item>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="label_host">
<property name="text">
<string>UDS Server</string>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QLineEdit" name="host">
<property name="acceptDrops">
<bool>false</bool>
</property>
<property name="toolTip">
<string>Uds Broker Server Addres. Use IP or FQDN</string>
</property>
<property name="whatsThis">
<string>Enter here the UDS Broker Addres using either its IP address or its FQDN address</string>
</property>
</widget>
</item>
<item row="2" column="0">
<widget class="QLabel" name="label_serviceToken">
<property name="text">
<string>Service Token</string>
</property>
</widget>
</item>
<item row="2" column="1">
<widget class="QLineEdit" name="serviceToken">
<property name="toolTip">
<string>UDS user with administration rights (Will not be stored on template)</string>
</property>
<property name="whatsThis">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Administrator user on UDS Server.&lt;/p&gt;&lt;p&gt;Note: This credential will not be stored on client. Will be used to obtain an unique token for this image.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
</widget>
</item>
<item row="4" column="0">
<widget class="QLabel" name="label_loglevel">
<property name="text">
<string>Log Level</string>
</property>
</widget>
</item>
<item row="4" column="1">
<widget class="QComboBox" name="logLevelComboBox">
<property name="currentIndex">
<number>1</number>
</property>
<property name="frame">
<bool>true</bool>
</property>
<item>
<property name="text">
<string notr="true">DEBUG</string>
</property>
</item>
<item>
<property name="text">
<string notr="true">INFO</string>
</property>
</item>
<item>
<property name="text">
<string notr="true">ERROR</string>
</property>
</item>
<item>
<property name="text">
<string notr="true">FATAL</string>
</property>
</item>
</widget>
</item>
<item row="3" column="0">
<widget class="QLabel" name="label_restrictNet">
<property name="text">
<string>Restrict Net</string>
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QLineEdit" name="restrictNet">
<property name="toolTip">
<string>UDS user with administration rights (Will not be stored on template)</string>
</property>
<property name="whatsThis">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Administrator user on UDS Server.&lt;/p&gt;&lt;p&gt;Note: This credential will not be stored on client. Will be used to obtain an unique token for this image.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
</widget>
</item>
</layout>
<zorder>label_host</zorder>
<zorder>host</zorder>
<zorder>label_serviceToken</zorder>
<zorder>serviceToken</zorder>
<zorder>validateCertificate</zorder>
<zorder>label_security</zorder>
<zorder>label_loglevel</zorder>
<zorder>logLevelComboBox</zorder>
<zorder>label_restrictNet</zorder>
<zorder>restrictNet</zorder>
</widget>
</widget>
<resources>
<include location="uds.qrc"/>
</resources>
<connections>
<connection>
<sender>closeButton</sender>
<signal>clicked()</signal>
<receiver>UdsActorSetupDialog</receiver>
<slot>finish()</slot>
<hints>
<hint type="sourcelabel">
<x>315</x>
<y>165</y>
</hint>
<hint type="destinationlabel">
<x>231</x>
<y>161</y>
</hint>
</hints>
</connection>
<connection>
<sender>testButton</sender>
<signal>clicked()</signal>
<receiver>UdsActorSetupDialog</receiver>
<slot>testUDSServer()</slot>
<hints>
<hint type="sourcelabel">
<x>300</x>
<y>281</y>
</hint>
<hint type="destinationlabel">
<x>294</x>
<y>153</y>
</hint>
</hints>
</connection>
<connection>
<sender>saveButton</sender>
<signal>clicked()</signal>
<receiver>UdsActorSetupDialog</receiver>
<slot>saveConfig()</slot>
<hints>
<hint type="sourcelabel">
<x>100</x>
<y>191</y>
</hint>
<hint type="destinationlabel">
<x>297</x>
<y>109</y>
</hint>
</hints>
</connection>
<connection>
<sender>host</sender>
<signal>textChanged(QString)</signal>
<receiver>UdsActorSetupDialog</receiver>
<slot>configChanged()</slot>
<hints>
<hint type="sourcelabel">
<x>341</x>
<y>61</y>
</hint>
<hint type="destinationlabel">
<x>297</x>
<y>109</y>
</hint>
</hints>
</connection>
<connection>
<sender>serviceToken</sender>
<signal>textChanged(QString)</signal>
<receiver>UdsActorSetupDialog</receiver>
<slot>configChanged()</slot>
<hints>
<hint type="sourcelabel">
<x>341</x>
<y>100</y>
</hint>
<hint type="destinationlabel">
<x>297</x>
<y>109</y>
</hint>
</hints>
</connection>
<connection>
<sender>restrictNet</sender>
<signal>textChanged(QString)</signal>
<receiver>UdsActorSetupDialog</receiver>
<slot>configChanged()</slot>
<hints>
<hint type="sourcelabel">
<x>341</x>
<y>139</y>
</hint>
<hint type="destinationlabel">
<x>295</x>
<y>121</y>
</hint>
</hints>
</connection>
</connections>
<slots>
<slot>finish()</slot>
<slot>saveConfig()</slot>
<slot>testUDSServer()</slot>
<slot>configChanged()</slot>
</slots>
</ui>

660
actor/src/designer/setup-dialog.ui Normal file
View File

@@ -0,0 +1,660 @@
<?xml version="1.0" encoding="UTF-8"?>
<ui version="4.0">
<author>Adolfo Gómez</author>
<class>UdsActorSetupDialog</class>
<widget class="QDialog" name="UdsActorSetupDialog">
<property name="windowModality">
<enum>Qt::WindowModal</enum>
</property>
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>590</width>
<height>307</height>
</rect>
</property>
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Preferred">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="font">
<font>
<family>Verdana</family>
<pointsize>9</pointsize>
</font>
</property>
<property name="contextMenuPolicy">
<enum>Qt::DefaultContextMenu</enum>
</property>
<property name="windowTitle">
<string>UDS Actor Configuration Tool</string>
</property>
<property name="windowIcon">
<iconset resource="uds.qrc">
<normaloff>:/img/img/uds-icon.png</normaloff>:/img/img/uds-icon.png</iconset>
</property>
<property name="autoFillBackground">
<bool>false</bool>
</property>
<property name="locale">
<locale language="English" country="UnitedStates"/>
</property>
<property name="sizeGripEnabled">
<bool>false</bool>
</property>
<property name="modal">
<bool>true</bool>
</property>
<widget class="QPushButton" name="registerButton">
<property name="enabled">
<bool>false</bool>
</property>
<property name="geometry">
<rect>
<x>10</x>
<y>270</y>
<width>181</width>
<height>23</height>
</rect>
</property>
<property name="minimumSize">
<size>
<width>181</width>
<height>0</height>
</size>
</property>
<property name="contextMenuPolicy">
<enum>Qt::DefaultContextMenu</enum>
</property>
<property name="toolTip">
<string>Click to register Actor with UDS Broker</string>
</property>
<property name="whatsThis">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Click on this button to register Actor with UDS Broker.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="text">
<string>Register with UDS</string>
</property>
</widget>
<widget class="QPushButton" name="closeButton">
<property name="geometry">
<rect>
<x>410</x>
<y>270</y>
<width>171</width>
<height>23</height>
</rect>
</property>
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="minimumSize">
<size>
<width>171</width>
<height>0</height>
</size>
</property>
<property name="toolTip">
<string>Closes UDS Actor Configuration (discard pending changes if any)</string>
</property>
<property name="whatsThis">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Exits the UDS Actor Configuration Tool&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="text">
<string>Close</string>
</property>
</widget>
<widget class="QTabWidget" name="tabWidget">
<property name="geometry">
<rect>
<x>10</x>
<y>10</y>
<width>571</width>
<height>241</height>
</rect>
</property>
<property name="currentIndex">
<number>0</number>
</property>
<widget class="QWidget" name="tab_uds">
<attribute name="title">
<string>UDS Server</string>
</attribute>
<widget class="QWidget" name="layoutWidget">
<property name="geometry">
<rect>
<x>10</x>
<y>10</y>
<width>551</width>
<height>191</height>
</rect>
</property>
<layout class="QFormLayout" name="formLayout">
<property name="sizeConstraint">
<enum>QLayout::SetDefaultConstraint</enum>
</property>
<property name="fieldGrowthPolicy">
<enum>QFormLayout::AllNonFixedFieldsGrow</enum>
</property>
<property name="verticalSpacing">
<number>16</number>
</property>
<item row="1" column="0">
<widget class="QLabel" name="label_host">
<property name="text">
<string>UDS Server</string>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QLineEdit" name="host">
<property name="acceptDrops">
<bool>false</bool>
</property>
<property name="toolTip">
<string>Uds Broker Server Addres. Use IP or FQDN</string>
</property>
<property name="whatsThis">
<string>Enter here the UDS Broker Addres using either its IP address or its FQDN address</string>
</property>
</widget>
</item>
<item row="2" column="0">
<widget class="QLabel" name="label_auth">
<property name="text">
<string>Authenticator</string>
</property>
</widget>
</item>
<item row="2" column="1">
<widget class="QComboBox" name="authenticators">
<property name="whatsThis">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Select the UDS Broker authenticator for credentials validation&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
</widget>
</item>
<item row="3" column="0">
<widget class="QLabel" name="label_username">
<property name="text">
<string>Username</string>
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QLineEdit" name="username">
<property name="toolTip">
<string>UDS user with administration rights (Will not be stored on template)</string>
</property>
<property name="whatsThis">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Administrator user on UDS Server.&lt;/p&gt;&lt;p&gt;Note: This credential will not be stored on client. Will be used to obtain an unique token for this image.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
</widget>
</item>
<item row="4" column="0">
<widget class="QLabel" name="label_password">
<property name="text">
<string>Password</string>
</property>
</widget>
</item>
<item row="4" column="1">
<widget class="QLineEdit" name="password">
<property name="toolTip">
<string>Password for user (Will not be stored on template)</string>
</property>
<property name="whatsThis">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Administrator password for the user on UDS Server.&lt;/p&gt;&lt;p&gt;Note: This credential will not be stored on client. Will be used to obtain an unique key for this image.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="echoMode">
<enum>QLineEdit::Password</enum>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QComboBox" name="validateCertificate">
<property name="toolTip">
<string>Select communication security with broker</string>
</property>
<property name="whatsThis">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Select the security for communications with UDS Broker.&lt;/p&gt;&lt;p&gt;The recommended method of communication is &lt;span style=&quot; font-weight:600;&quot;&gt;Use SSL&lt;/span&gt;, but selection needs to be acording to your broker configuration.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<item>
<property name="text">
<string>Ignore certificate</string>
</property>
</item>
<item>
<property name="text">
<string>Verify certificate</string>
</property>
</item>
</widget>
</item>
<item row="0" column="0">
<widget class="QLabel" name="label_security">
<property name="text">
<string>SSL Validation</string>
</property>
</widget>
</item>
</layout>
<zorder>label_host</zorder>
<zorder>host</zorder>
<zorder>label_auth</zorder>
<zorder>label_username</zorder>
<zorder>username</zorder>
<zorder>label_password</zorder>
<zorder>password</zorder>
<zorder>validateCertificate</zorder>
<zorder>label_security</zorder>
<zorder>authenticators</zorder>
</widget>
</widget>
<widget class="QWidget" name="tab_advanced">
<attribute name="title">
<string>Advanced</string>
</attribute>
<widget class="QWidget" name="layoutWidget_2">
<property name="geometry">
<rect>
<x>10</x>
<y>10</y>
<width>551</width>
<height>161</height>
</rect>
</property>
<layout class="QFormLayout" name="formLayout_2">
<property name="fieldGrowthPolicy">
<enum>QFormLayout::AllNonFixedFieldsGrow</enum>
</property>
<property name="verticalSpacing">
<number>16</number>
</property>
<item row="0" column="0">
<widget class="QLabel" name="label_host_2">
<property name="text">
<string>Preconnect</string>
</property>
</widget>
</item>
<item row="0" column="1">
<layout class="QHBoxLayout" name="horizontalLayout">
<property name="spacing">
<number>4</number>
</property>
<property name="topMargin">
<number>0</number>
</property>
<item>
<widget class="QLineEdit" name="preCommand">
<property name="acceptDrops">
<bool>false</bool>
</property>
<property name="toolTip">
<string>Pre connection command. Executed just before the user is connected to machine.</string>
</property>
<property name="whatsThis">
<string/>
</property>
</widget>
</item>
<item>
<widget class="QPushButton" name="browsePreconnectButton">
<property name="text">
<string>Browse</string>
</property>
<property name="autoDefault">
<bool>false</bool>
</property>
<property name="flat">
<bool>false</bool>
</property>
</widget>
</item>
</layout>
</item>
<item row="1" column="0">
<widget class="QLabel" name="label_username_2">
<property name="text">
<string>Runonce</string>
</property>
</widget>
</item>
<item row="1" column="1">
<layout class="QHBoxLayout" name="horizontalLayout_2">
<property name="spacing">
<number>4</number>
</property>
<property name="topMargin">
<number>0</number>
</property>
<item>
<widget class="QLineEdit" name="runonceCommand">
<property name="toolTip">
<string>Run once command. Executed on first boot, just before UDS does anything.</string>
</property>
<property name="whatsThis">
<string/>
</property>
</widget>
</item>
<item>
<widget class="QPushButton" name="browseRunOnceButton">
<property name="text">
<string>Browse</string>
</property>
<property name="autoDefault">
<bool>false</bool>
</property>
</widget>
</item>
</layout>
</item>
<item row="2" column="0">
<widget class="QLabel" name="label_password_2">
<property name="text">
<string>Postconfig</string>
</property>
</widget>
</item>
<item row="2" column="1">
<layout class="QHBoxLayout" name="horizontalLayout_3">
<property name="spacing">
<number>4</number>
</property>
<property name="topMargin">
<number>0</number>
</property>
<item>
<widget class="QLineEdit" name="postConfigCommand">
<property name="toolTip">
<string>Command to execute after UDS finalizes the VM configuration.</string>
</property>
<property name="whatsThis">
<string/>
</property>
<property name="echoMode">
<enum>QLineEdit::Normal</enum>
</property>
</widget>
</item>
<item>
<widget class="QPushButton" name="browsePostConfigButton">
<property name="text">
<string>Browse</string>
</property>
<property name="autoDefault">
<bool>false</bool>
</property>
</widget>
</item>
</layout>
</item>
<item row="3" column="0">
<widget class="QLabel" name="label_loglevel">
<property name="text">
<string>Log Level</string>
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QComboBox" name="logLevelComboBox">
<property name="currentIndex">
<number>1</number>
</property>
<property name="frame">
<bool>true</bool>
</property>
<item>
<property name="text">
<string notr="true">DEBUG</string>
</property>
</item>
<item>
<property name="text">
<string notr="true">INFO</string>
</property>
</item>
<item>
<property name="text">
<string notr="true">ERROR</string>
</property>
</item>
<item>
<property name="text">
<string notr="true">FATAL</string>
</property>
</item>
</widget>
</item>
</layout>
</widget>
</widget>
</widget>
<widget class="QPushButton" name="testButton">
<property name="enabled">
<bool>false</bool>
</property>
<property name="geometry">
<rect>
<x>210</x>
<y>270</y>
<width>181</width>
<height>23</height>
</rect>
</property>
<property name="minimumSize">
<size>
<width>181</width>
<height>0</height>
</size>
</property>
<property name="toolTip">
<string>Click to test existing configuration (disabled if no config found)</string>
</property>
<property name="whatsThis">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Click on this button to test the server host and assigned toen.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="text">
<string>Test configuration</string>
</property>
</widget>
</widget>
<resources>
<include location="uds.qrc"/>
</resources>
<connections>
<connection>
<sender>closeButton</sender>
<signal>clicked()</signal>
<receiver>UdsActorSetupDialog</receiver>
<slot>finish()</slot>
<hints>
<hint type="sourcelabel">
<x>315</x>
<y>165</y>
</hint>
<hint type="destinationlabel">
<x>231</x>
<y>161</y>
</hint>
</hints>
</connection>
<connection>
<sender>registerButton</sender>
<signal>clicked()</signal>
<receiver>UdsActorSetupDialog</receiver>
<slot>registerWithUDS()</slot>
<hints>
<hint type="sourcelabel">
<x>239</x>
<y>132</y>
</hint>
<hint type="destinationlabel">
<x>285</x>
<y>185</y>
</hint>
</hints>
</connection>
<connection>
<sender>host</sender>
<signal>textChanged(QString)</signal>
<receiver>UdsActorSetupDialog</receiver>
<slot>textChanged()</slot>
<hints>
<hint type="sourcelabel">
<x>239</x>
<y>59</y>
</hint>
<hint type="destinationlabel">
<x>199</x>
<y>150</y>
</hint>
</hints>
</connection>
<connection>
<sender>username</sender>
<signal>textChanged(QString)</signal>
<receiver>UdsActorSetupDialog</receiver>
<slot>textChanged()</slot>
<hints>
<hint type="sourcelabel">
<x>239</x>
<y>98</y>
</hint>
<hint type="destinationlabel">
<x>199</x>
<y>150</y>
</hint>
</hints>
</connection>
<connection>
<sender>password</sender>
<signal>textChanged(QString)</signal>
<receiver>UdsActorSetupDialog</receiver>
<slot>textChanged()</slot>
<hints>
<hint type="sourcelabel">
<x>239</x>
<y>137</y>
</hint>
<hint type="destinationlabel">
<x>199</x>
<y>150</y>
</hint>
</hints>
</connection>
<connection>
<sender>browsePreconnectButton</sender>
<signal>clicked()</signal>
<receiver>UdsActorSetupDialog</receiver>
<slot>browsePreconnect()</slot>
<hints>
<hint type="sourcelabel">
<x>430</x>
<y>60</y>
</hint>
<hint type="destinationlabel">
<x>243</x>
<y>150</y>
</hint>
</hints>
</connection>
<connection>
<sender>browsePostConfigButton</sender>
<signal>clicked()</signal>
<receiver>UdsActorSetupDialog</receiver>
<slot>browsePostConfig()</slot>
<hints>
<hint type="sourcelabel">
<x>430</x>
<y>142</y>
</hint>
<hint type="destinationlabel">
<x>243</x>
<y>150</y>
</hint>
</hints>
</connection>
<connection>
<sender>browseRunOnceButton</sender>
<signal>clicked()</signal>
<receiver>UdsActorSetupDialog</receiver>
<slot>browseRunOnce()</slot>
<hints>
<hint type="sourcelabel">
<x>430</x>
<y>101</y>
</hint>
<hint type="destinationlabel">
<x>243</x>
<y>150</y>
</hint>
</hints>
</connection>
<connection>
<sender>host</sender>
<signal>editingFinished()</signal>
<receiver>UdsActorSetupDialog</receiver>
<slot>updateAuthenticators()</slot>
<hints>
<hint type="sourcelabel">
<x>343</x>
<y>98</y>
</hint>
<hint type="destinationlabel">
<x>294</x>
<y>153</y>
</hint>
</hints>
</connection>
<connection>
<sender>authenticators</sender>
<signal>currentTextChanged(QString)</signal>
<receiver>UdsActorSetupDialog</receiver>
<slot>textChanged()</slot>
<hints>
<hint type="sourcelabel">
<x>343</x>
<y>137</y>
</hint>
<hint type="destinationlabel">
<x>294</x>
<y>153</y>
</hint>
</hints>
</connection>
<connection>
<sender>testButton</sender>
<signal>clicked()</signal>
<receiver>UdsActorSetupDialog</receiver>
<slot>testUDSServer()</slot>
<hints>
<hint type="sourcelabel">
<x>300</x>
<y>281</y>
</hint>
<hint type="destinationlabel">
<x>294</x>
<y>153</y>
</hint>
</hints>
</connection>
</connections>
<slots>
<slot>textChanged()</slot>
<slot>finish()</slot>
<slot>registerWithUDS()</slot>
<slot>browsePreconnect()</slot>
<slot>browseRunOnce()</slot>
<slot>browsePostConfig()</slot>
<slot>updateAuthenticators()</slot>
<slot>testUDSServer()</slot>
</slots>
</ui>

5
actor/src/designer/uds.qrc Normal file
View File

@@ -0,0 +1,5 @@
<RCC>
<qresource prefix="img">
<file>../img/uds-icon.png</file>
</qresource>
</RCC>

16
actor/src/designer/update.sh Executable file
View File

@@ -0,0 +1,16 @@
#!/bin/bash
function process {
# pyuic4 about-dialog.ui -o about_dialog_ui.py -x
# pyuic4 message-dialog.ui -o message_dialog_ui.py
pyuic5 setup-dialog.ui -o ../ui/setup_dialog_ui.py --import-from=ui
pyuic5 setup-dialog-unmanaged.ui -o ../ui/setup_dialog_unmanaged_ui.py --import-from=ui
}
pyrcc5 uds.qrc -o ../ui/uds_rc.py
# process current directory ui's
process

BIN
actor/src/img/uds-icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.1 KiB

BIN
actor/src/img/uds.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.4 KiB

26
server/src/uds/core/exceptions/__init__.py → actor/src/udsactor/__init__.py
View File

@@ -1,7 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2023 Virtual Cable S.L.U.
# Copyright (c) 2014 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -12,7 +11,7 @@
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L.U. nor the names of its contributors
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
@@ -26,17 +25,14 @@
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
"""
Author: Adolfo Gómez, dkmaster at dkmon dot com
"""
# pyright: reportUnusedImport=false
from . import actor
from . import auth
from . import transport
from . import services
from . import ui
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
from . import types
from . import rest
from . import platform
# Common exceptions inserted here
from .common import UDSException
__title__ = 'udsactor'
__author__ = 'Adolfo Gómez <dkmaster@dkmon.com>'
__license__ = "BSD 3-clause"
__copyright__ = "Copyright 2014-2020 VirtualCable S.L.U."

31
server/src/uds/core/mfas/mfafactory.py → actor/src/udsactor/certs.py
View File

@@ -1,7 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2022 Virtual Cable S.L.U.
# Copyright (c) 2014-2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -12,7 +11,7 @@
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L.U. nor the names of its contributors
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
@@ -27,16 +26,26 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
"""
Author: Adolfo Gómez, dkmaster at dkmon dot com
"""
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import tempfile
import os.path
import secrets
import typing
from uds.core.util import factory
# Not imported at runtime, just for type checking
if typing.TYPE_CHECKING:
from .mfa import MFA
from . import types
class MFAsFactory(factory.ModuleFactory['MFA']):
pass
def saveCertificate(certInfo: 'types.CertificateInfoType') -> typing.Tuple[str, str]:
"""
Returns CertificateFile, Password tuple generated from certInfo
"""
certFile = os.path.join(tempfile.gettempdir(), secrets.token_hex(16))
with open(certFile, "w") as f:
f.write(certInfo.private_key+certInfo.server_certificate)
return certFile, certInfo.password

251
actor/src/udsactor/client.py Normal file
View File

@@ -0,0 +1,251 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import threading
import time
import datetime
import signal
import typing
from PyQt5.QtWidgets import QApplication, QMessageBox
from PyQt5.QtCore import QByteArray, QBuffer, QIODevice, pyqtSignal
from . import rest
from . import tools
from . import platform
from .log import logger
from .http import client
# Not imported at runtime, just for type checking
if typing.TYPE_CHECKING:
from . import types
from PyQt5.QtGui import QPixmap
from PyQt5.QtWidgets import QMainWindow
class UDSClientQApp(QApplication):
_app: 'UDSActorClient'
_initialized: bool
_mainWindow: typing.Optional['QMainWindow']
message = pyqtSignal(str, name='message')
def __init__(self, args) -> None:
super().__init__(args)
self._mainWindow = None
self._initialized = False
# This will be invoked on session close
self.commitDataRequest.connect(self.end) # type: ignore # Will be invoked on session close, to gracely close app
# self.aboutToQuit.connect(self.end)
self.message.connect(self.showMessage) # type: ignore # there are problems with Pylance and connects on PyQt5... :)
# Execute backgroup thread for actions
self._app = UDSActorClient(self)
def init(self) -> None:
# Notify loging and mark it
logger.debug('Starting APP')
if self._mainWindow:
self._mainWindow.hide()
self._app.start()
self._initialized = True
def end(self, sessionManager=None) -> None: # pylint: disable=unused-argument
if not self._initialized:
return
self._initialized = False
logger.debug('Stopping app thread')
self._app.stop()
self._app.join()
def showMessage(self, message: str) -> None:
QMessageBox.information(None, 'Message', message) # type: ignore
def setMainWindow(self, mw: 'QMainWindow'):
self._mainWindow = mw
class UDSActorClient(threading.Thread): # pylint: disable=too-many-instance-attributes
_running: bool
_forceLogoff: bool
_extraLogoff: str
_qApp: UDSClientQApp
_listener: client.HTTPServerThread
_loginInfo: typing.Optional['types.LoginResultInfoType']
_notified: bool
_notifiedDeadline: bool
_sessionStartTime: datetime.datetime
api: rest.UDSClientApi
def __init__(self, qApp: QApplication):
super().__init__()
self.api = rest.UDSClientApi() # Self initialized
self._qApp = typing.cast(UDSClientQApp, qApp)
self._running = False
self._forceLogoff = False
self._extraLogoff = ''
self._listener = client.HTTPServerThread(self)
self._loginInfo = None
self._notified = False
self._notifiedDeadline = False
# Capture stop signals..
logger.debug('Setting signals...')
signal.signal(signal.SIGINT, self.stopSignal)
signal.signal(signal.SIGTERM, self.stopSignal)
def stopSignal(self, signum, frame) -> None: # pylint: disable=unused-argument
logger.info('Stop signal received')
self.stop()
def checkDeadLine(self):
if self._loginInfo is None or not self._loginInfo.dead_line: # No deadline check
return
remainingTime = self._loginInfo.dead_line - (datetime.datetime.now() - self._sessionStartTime).total_seconds()
logger.debug('Remaining time: {}'.format(remainingTime))
if not self._notifiedDeadline and remainingTime < 300: # With five minutes, show a warning message
self._notifiedDeadline = True
self._showMessage('Your session will expire in less that 5 minutes. Please, save your work and disconnect.')
return
if remainingTime <= 0:
logger.debug('Session dead line reached. Logging out')
self._running = False
self._forceLogoff = True
def checkIdle(self) -> None:
if self._loginInfo is None or not self._loginInfo.max_idle: # No idle check
return
idleTime = platform.operations.getIdleDuration()
remainingTime = self._loginInfo.max_idle - idleTime
logger.debug('Idle: %s Remaining: %s', idleTime, remainingTime)
if remainingTime > 120: # Reset show Warning dialog if we have more than 5 minutes left
self._notified = False
return
if not self._notified and remainingTime < 120: # With two minutes, show a warning message
self._notified = True
self._showMessage('You have been idle for too long. The session will end if you don\'t resume operations.')
if remainingTime <= 0:
logger.info('User has been idle for too long, exiting from session')
self._extraLogoff = ' (idle: {} vs {})'.format(int(idleTime), self._loginInfo.max_idle)
self._running = False
self._forceLogoff = True
def run(self) -> None:
logger.debug('UDS Actor thread')
self._listener.start() # async listener for service
self._running = True
self._sessionStartTime = datetime.datetime.now()
time.sleep(0.4) # Wait a bit before sending login
try:
# Notify loging and mark it
user, sessionType = platform.operations.getCurrentUser(), platform.operations.getSessionType()
self._loginInfo = self.api.login(user, sessionType)
if self._loginInfo.max_idle:
platform.operations.initIdleDuration(self._loginInfo.max_idle)
while self._running:
# Check Idle & dead line
self.checkIdle()
self.checkDeadLine()
time.sleep(1.3) # Sleeps between loop iterations
self.api.logout(user + self._extraLogoff, sessionType)
logger.info('Notified logout for %s (%s)', user, sessionType) # Log logout
# Clean up login info
self._loginInfo = None
except Exception as e:
logger.error('Error on client loop: %s', e)
self._listener.stop() # async listener for service
# Notify exit to qt
QApplication.quit()
if self._forceLogoff:
time.sleep(1.3) # Wait a bit before forcing logoff
platform.operations.loggoff()
def _showMessage(self, message: str) -> None:
self._qApp.message.emit(message) # type: ignore # there are problems with Pylance and connects on PyQt5... :)
def stop(self) -> None:
logger.debug('Stopping client Service')
self._running = False
def logout(self) -> typing.Any:
self._forceLogoff = True
self._running = False
return 'ok'
def message(self, msg: str) -> typing.Any:
threading.Thread(target=self._showMessage, args=(msg,)).start()
return 'ok'
def screenshot(self) -> typing.Any:
'''
On windows, an RDP session with minimized screen will render "black screen"
So only when user is using RDP connection will return an "actual" screenshot
'''
pixmap: 'QPixmap' = self._qApp.primaryScreen().grabWindow(0) # type: ignore
ba = QByteArray()
buffer = QBuffer(ba)
buffer.open(QIODevice.WriteOnly)
pixmap.save(buffer, 'PNG')
buffer.close()
scrBase64 = bytes(ba.toBase64()).decode() # type: ignore # there are problems with Pylance and connects on PyQt5... :)
logger.debug('Screenshot length: %s', len(scrBase64))
return scrBase64 # 'result' of JSON will contain base64 of screen
def script(self, script: str) -> typing.Any:
tools.ScriptExecutorThread(script).start()
return 'ok'

0
server/src/uds/core/managers/servers_api/__init__.py → actor/src/udsactor/http/__init__.py
View File

7
actor/src/udsactor/http/cert.py Normal file
View File

@@ -0,0 +1,7 @@
from .. import types
defaultCertificate = types.CertificateInfoType(
private_key='-----BEGIN ENCRYPTED PRIVATE KEY-----\nMIIFHTBPBgkqhkiG9w0BBQ0wQjApBgkqhkiG9w0BBQwwHAQIfG2+iMYJBswCAggA\nMAwGCCqGSIb3DQIJBQAwFQYJKwYBBAGXVQECBAhCusU5R8ulZQSCBMgheyZ81Qkq\n+TcbPeBlUGCFllSUOo7xQ/OuwYSmzLx8LpN0hQNv4azF6MYH+I8eMSPd3A547yW3\nJE4GjIBfRvcq2X1UZ2FQfECU9UP0ShPuPrVhIh6ZZklmlRjbIF8hGfSzXAuafQb+\n4wXXsofahi/SPgqK1Gw65nRiMcoeRZchJkx8pBgKVWED6Cbh6aAkeqkVKPnsebiV\n6kE+0C7+hgNUbyRd46R+/5NXzPjg4ItfSak+PLzQ1KeRv4Cu6DdzRKJ4V9/MlNdU\nNNEkSVSEaRn4sv+eByU4uxBMaSmD1tLc/A7OmaAeRpIQvls3Zcf2+V0+anAtjbjd\n6eIb2nceey+dKFm4ewlR4mXuzj1QowRTHceOIkvKIrOODxdy9M5hNBZ7VLum29tY\nRhqtmEH2BZZJ8SpM2SsEZzPxqJFiVZbvpeOKjxlMyn1dFWn1rP8uMnfuMKqBaj5D\nd5clOPlwebYw5UpM6Vvawu4nGqxECTSWcfNlDYO5U/0Fsm9+JIrJ7Buukgv2+rhs\nD/6oUK9NB8AW9qnDr7UxbC/ujhkKQG3woaZlPbiMs5WQaS+DrTg4N49wPzS0h+ME\nF8ZzuPnd6+sMGQioCIrQAZ08rk54oCijBhFh8/EQhQKGsMFw2swi9t6+FVU5Bvil\nlhmBd3LA5EuQ5y1X0jRL/+GDiUiZw1gOJP8d/XzhUJL9AmamdqJ6/rAU7lUTNWkM\ndzmFonUO2Mh2zgEEudHsTOH8udZ2l64LIHc6fCkDmM8QzghjrEFyci6R8333DSSM\nwbM0MvyTLM7TTqZUD60EgD+Ihyr/wJcBZY7GVn7hTq7ee14zeI+dZFmTMYOnt0mA\ngof19t0naPPZU+zyl/ambNF5mmSkGOAl4IBHNvPt5ztEVbNpwW3DHbmdYW71Ax+z\nCDlr4iKZahv21o1PCesPV2IlaHZFD6aBRt0DxzMqtq9cpWsI1g7aEaAjRbSvqhMY\npUeqFXz/GfR9rjRkufr48//ll0/Q/Ogx7m1TjQ6mAEQrklI7pa2W0u3H0BpSZSis\nR6ST3ulE+wfsp8cau6q2er+BSsDhBjSn9FeCUjHzY56u9ud/kb6/jLEdgxNpj0na\n3WVqCCCL/dAFSWznBmdracZsRMXapXInHCiiOEkXXbXIXvRKiTPJXdN+w2/U2j2B\nwXZuazVSpmM+xAZTAS9dtBUQJo+5px9b6P09uagvTA32ezbpPXf+hSfmTdUwbmAY\nrmE9SW85tzX+cD17loygBBRrjOr4uQy/s/9FqLx8bM73jly05rdOmX28ECKwEA05\n8aCFkfqrl9J9doVapaUlywpJVPFtE6W6tCF+ULMfb16vEjT1du1+epEnbGGLRQxg\n3aFLyKlvFaNvR38fiQFUGtBgGOaBN3rhGpbMwjch3oReXv9X/4UCL6sVIiOH2H3c\nVSZdC3O5g6CMVe4zckUe1k9mLDb5524IHDFfptZ6Bw+uzrqIy3GHW8dJF2AK471b\nMUnCojTpdbFHaUs2u/rNKVUyY+vLf8hkyP+znBUoPxSJtty53EWNukxjjsxx0lx3\niZGqN72lXlXuSFZAIxi307+xxE21cbzDsMidyJkbKKGm/F4BOKvX9jWmAyYmBG6A\n1L3yNRouFWsYDwYAX2nZ1is=\n-----END ENCRYPTED PRIVATE KEY-----\n',
server_certificate='-----BEGIN CERTIFICATE-----\nMIIDcTCCAlkCBDfnXU8wDQYJKoZIhvcNAQELBQAwfTELMAkGA1UEBhMCRVMxDzAN\nBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFkcmlkMREwDwYDVQQKDAhVRFMgQ2Vy\ndDERMA8GA1UECwwIVURTIENlcnQxEjAQBgNVBAMMCTEyNy4wLjAuMTESMBAGA1Ud\nEQwJMTI3LjAuMC4xMB4XDTIwMDIxNzExNTkzMloXDTMwMDIxNDExNTkzMlowfTEL\nMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFkcmlkMREw\nDwYDVQQKDAhVRFMgQ2VydDERMA8GA1UECwwIVURTIENlcnQxEjAQBgNVBAMMCTEy\nNy4wLjAuMTESMBAGA1UdEQwJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOC\nAQ8AMIIBCgKCAQEA2e1cW7YtRpNLazR3f/LqLv8OB0rKh8cUPH4wuQhbBTkee8Wu\n5eMSadRCIyRbKj4b8dtVfI9QW0SrmhGuMx1KCh3CsYd9XsWiKbGkiRBHIDOn5pkF\n6PUayDJ8KjnGbfnZjp0AmxXP4r1OO8jUPqzKS9Ubf5PgwcwdFiUKVfVPwGwctwt5\nt9YpSRONw0rTsCjVHvO2dd9h6EopskLCWxpN8l9kNLwLM/6t0IqVKmn5/IYPKKN2\nCX8a7IXpxwoiUs4sBZYhUMBWikB1hKQRSYafp1Xvc5PeTFXTFqGANnqz0NoZ8tqL\n8qjQUN/PCdtzhfcP5RgT2g1qyS2RBCMYH7Zs0wIDAQABMA0GCSqGSIb3DQEBCwUA\nA4IBAQCUt+qlLA1N9VXMwDQAYG4Kt6/UlMHCXAajHQQGtjdyGJ4++m7EIjI96hMU\n3Cx2gp2ggR3JGnuSR+DdBvPl5iGku7J8KV0JiJg30gTY8JuUIy/PMLZWloYKrBHV\nlin2GujQ4OsIt3dbr4XtcKW1Wd7L6fBzHlq7Xyxh+gcTzTvTmq67Q9XKlBWsegMf\nv4FKy0lfcSFK3vTzswQtuTontG4TqLiT/4AnMt3D0cTQ6b6KoZwUUX/TDNhau06d\nQ4Ilz8X61ka+4HBkFSR5ahP9noCVhwO329h+6epO141E5Tep3OLc/GCF4oaKOlMR\nfqxf5f2bghU0fxmtEoNJTZkBsN1S\n-----END CERTIFICATE-----\n',
password='Pw7qbatz5u-y-Z5ora2D2ZuBCm95AHnKRcpze53k8tw'
)

166
actor/src/udsactor/http/client.py Normal file
View File

@@ -0,0 +1,166 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=invalid-name
import threading
import http.server
import secrets
import json
import typing
from ..log import logger
# Not imported at runtime, just for type checking
if typing.TYPE_CHECKING:
from ..client import UDSActorClient
class HTTPServerHandler(http.server.BaseHTTPRequestHandler):
protocol_version = 'HTTP/1.0'
server_version = 'UDS Actor Server'
sys_version = ''
_id: typing.ClassVar[str] # Random id for server
_app: typing.ClassVar['UDSActorClient']
def sendJsonResponse(self, result: typing.Optional[typing.Any] = None, error: typing.Optional[str] = None, code: int = 200) -> None:
data = json.dumps({'result': result, 'error': error})
self.send_response(code)
self.send_header('Content-type', 'application/json')
self.send_header('Content-Length', str(len(data)))
self.send_header('Server: ', self.server_version)
self.end_headers()
try:
self.wfile.write(data.encode())
except Exception:
pass # Evict "broken pipe" when sending errors
def do_POST(self) -> None:
# Only allows requests from localhost
if self.client_address[0][:3] != '127':
self.sendJsonResponse(error='Forbidden', code=403)
# Very simple path & params splitter
path = self.path.split('?')[0][1:].split('/')
if len(path) != 2 or path[0] != HTTPServerHandler._id:
self.sendJsonResponse(error='Forbidden', code=403)
try:
length = int(str(self.headers.get('content-length', '0')))
content = self.rfile.read(length)
params: typing.MutableMapping[str, str] = json.loads(content or '{}')
except Exception as e:
logger.error('Got exception executing POST {}: {}'.format(self.path, str(e)))
self.sendJsonResponse(error='Invalid request', code=400)
return
try:
result = getattr(self, 'method_' + path[1])(params) # last part of path is method
except AttributeError as e:
logger.error('Invoked invalid method: %s: %s', path[1], e)
self.sendJsonResponse(error='Invalid request', code=400)
return
except Exception as e:
logger.error('Got exception executing {}: {}'.format('/'.join(path), str(e)))
self.sendJsonResponse(error='Internal error', code=500)
return
self.sendJsonResponse(result)
# Internal methods
def method_ping(self, params: typing.MutableMapping[str, str]) -> typing.Any:
return 'pong'
def method_logout(self, params: typing.MutableMapping[str, str]) -> typing.Any:
return self._app.logout()
def method_message(self, params: typing.MutableMapping[str, str]) -> typing.Any:
return self._app.message(params['message'])
def method_screenshot(self, params: typing.MutableMapping[str, str]) -> typing.Any:
return self._app.screenshot()
def method_script(self, params: typing.MutableMapping[str, str]) -> typing.Any:
return self._app.script(params['script'])
def do_GET(self) -> None:
self.sendJsonResponse(error='Forbidden', code=403)
def log_error(self, format: str, *args): # pylint: disable=redefined-builtin
logger.error(format, *args)
def log_message(self, format: str, *args): # pylint: disable=redefined-builtin
logger.debug(format, *args)
class HTTPServerThread(threading.Thread):
_server: typing.Optional[http.server.HTTPServer]
_app: 'UDSActorClient'
port: int
id: str
def __init__(self, app: 'UDSActorClient'):
super().__init__()
self._server = None
self._app = app
self.port = -1
self.id = secrets.token_urlsafe(16)
@property
def url(self) -> str:
return 'http://127.0.0.1:{}/{}'.format(self.port, self.id)
def stop(self) -> None:
if self._server:
logger.debug('Stopping Http-client Service')
try:
self._app.api.unregister(self.url)
except Exception as e:
logger.error('Error unregistering on actor service: %s', e)
self._server.shutdown()
self._server = None
def run(self):
HTTPServerHandler._app = self._app # pylint: disable=protected-access
HTTPServerHandler._id = self.id # pylint: disable=protected-access
self._server = http.server.HTTPServer(('127.0.0.1', 0), HTTPServerHandler)
self.port = self._server.socket.getsockname()[1]
# Register using app api
logger.debug('Registered %s', self.url)
try:
self._app.api.register(self.url)
except Exception as e:
logger.error('Error registering on actor service: %s', e)
self._server.serve_forever()

98
actor/src/udsactor/http/clients_pool.py Normal file
View File

@@ -0,0 +1,98 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=invalid-name
import json
import typing
import requests
from ..log import logger
# For avoid proxy on localhost connections
NO_PROXY = {
'http': None,
'https': None,
}
class UDSActorClientPool:
_clientUrl: typing.List[str]
def __init__(self) -> None:
self._clientUrl = []
def _post(self, method: str, data: typing.MutableMapping[str, str], timeout=2) -> typing.List[requests.Response]:
removables: typing.List[str] = []
result: typing.List[typing.Any] = []
for clientUrl in self._clientUrl:
try:
result.append(requests.post(clientUrl + '/' + method, data=json.dumps(data), verify=False, timeout=timeout, proxies=NO_PROXY))
except Exception as e:
# If cannot request to a clientUrl, remove it from list
logger.info('Could not connect with client %s: %s. Removed from registry.', e, clientUrl)
removables.append(clientUrl)
# Remove failed connections
for clientUrl in removables:
self.unregister(clientUrl)
return result
def register(self, clientUrl: str) -> None:
# Remove first if exists, to avoid duplicates
self.unregister(clientUrl)
# And add it again
self._clientUrl.append(clientUrl)
def unregister(self, clientUrl: str) -> None:
self._clientUrl = list((i for i in self._clientUrl if i != clientUrl))
def executeScript(self, script: str) -> None:
self._post('script', {'script': script}, timeout=30)
def logout(self) -> None:
self._post('logout', {})
def message(self, message: str) -> None:
self._post('message', {'message': message})
def ping(self) -> bool:
if not self._clientUrl:
return True # No clients, ping ok
self._post('ping', {}, timeout=1)
return bool(self._clientUrl) # There was clients, but they are now lost!!!
def screenshot(self) -> typing.Optional[str]: # Screenshot are returned as base64
for r in self._post('screenshot', {}, timeout=3):
try:
return r.json()['result']
except Exception:
pass
return None

29
server/src/uds/core/messaging/msgfactory.py → actor/src/udsactor/http/handler.py
View File

@@ -1,7 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2022 Virtual Cable S.L.U.
# Copyright (c) 2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -12,7 +11,7 @@
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L.U. nor the names of its contributors
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
@@ -26,20 +25,20 @@
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
"""
Author: Adolfo Gómez, dkmaster at dkmon dot com
"""
import logging
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import typing
from uds.core.util import factory
if typing.TYPE_CHECKING:
from .provider import Notifier
from ..service import CommonService
logger = logging.getLogger(__name__)
class Handler:
_service: 'CommonService'
_method: str
_params: typing.MutableMapping[str, str]
class NotifierFactory(factory.ModuleFactory['Notifier']):
pass
def __init__(self, service: 'CommonService', method: str, params: typing.MutableMapping[str, str]):
self._service = service
self._method = method
self._params = params

43
server/src/uds/middleware/xua.py → actor/src/udsactor/http/local.py
View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2013-2021 Virtual Cable S.L.U.
# Copyright (c) 2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -11,7 +11,7 @@
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L.U. nor the names of its contributors
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
@@ -25,31 +25,32 @@
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
"""
Author: Adolfo Gómez, dkmaster at dkmon dot com
"""
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import typing
import logging
from . import builder
from . import handler
if typing.TYPE_CHECKING:
from django.http import HttpResponse
from uds.core.types.requests import ExtendedHttpRequest
from ..service import CommonService
logger = logging.getLogger(__name__)
class LocalProvider(handler.Handler):
def post_login(self) -> typing.Any:
result = self._service.login(self._params['username'], self._params['session_type'])
return result._asdict()
def _process_response(
request: 'ExtendedHttpRequest', # pylint: disable=unused-argument
response: 'HttpResponse',
) -> 'HttpResponse':
if response.get('content-type', '').startswith('text/html'):
response['X-UA-Compatible'] = 'IE=edge'
return response
def post_logout(self) -> typing.Any:
self._service.logout(self._params['username'], self._params['session_type'])
return 'ok'
def post_ping(self) -> typing.Any:
return 'pong'
# Add a X-UA-Compatible header to the response
# This header tells to Internet Explorer to render page with latest
# possible version or to use chrome frame if it is installed. TO BE REMOVED SOON (last version with this will be 4.0.0) (edge does not need it)
XUACompatibleMiddleware = builder.build_middleware(lambda x: None, _process_response)
def post_register(self) -> typing.Any:
self._service._clientsPool.register(self._params['callback_url']) # pylint: disable=protected-access
return 'ok'
def post_unregister(self) -> typing.Any:
self._service._clientsPool.unregister(self._params['callback_url']) # pylint: disable=protected-access

100
actor/src/udsactor/http/public.py Normal file
View File

@@ -0,0 +1,100 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import typing
from .. import tools
from . import handler
from ..log import logger
if typing.TYPE_CHECKING:
from ..service import CommonService
class PublicProvider(handler.Handler):
def post_logout(self) -> typing.Any:
logger.debug('Sending LOGOFF to clients')
self._service._clientsPool.logout() # pylint: disable=protected-access
return 'ok'
# Alias
post_logoff = post_logout
def post_message(self) -> typing.Any:
logger.debug('Sending MESSAGE to clients')
if 'message' not in self._params:
raise Exception('Invalid message parameters')
self._service._clientsPool.message(
self._params['message']
) # pylint: disable=protected-access
return 'ok'
def post_script(self) -> typing.Any:
logger.debug('Received script: {}'.format(self._params))
if 'script' not in self._params:
raise Exception('Invalid script parameters')
if self._params.get('user', False):
logger.debug('Sending SCRIPT to client')
self._service._clientsPool.executeScript(
self._params['script']
) # pylint: disable=protected-access
else:
# Execute script at server space, that is, here
# as a parallel thread
th = tools.ScriptExecutorThread(self._params['script'])
th.start()
return 'ok'
def post_preConnect(self) -> typing.Any:
logger.debug('Received Pre connection')
if 'user' not in self._params or 'protocol' not in self._params:
raise Exception('Invalid preConnect parameters')
return self._service.preConnect(
self._params['user'],
self._params['protocol'],
self._params.get('ip', 'unknown'),
self._params.get('hostname', 'unknown'),
self._params.get('udsuser', 'unknown'),
)
def get_information(self) -> typing.Any:
# Return something useful? :)
return 'UDS Actor Secure Server'
def get_screenshot(self) -> typing.Any:
return (
self._service._clientsPool.screenshot()
) # pylint: disable=protected-access
def get_uuid(self) -> typing.Any:
if self._service.isManaged():
return self._service._cfg.own_token # pylint: disable=protected-access
return ''

166
actor/src/udsactor/http/server.py Normal file
View File

@@ -0,0 +1,166 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import os
import threading
import http.server
import json
import ssl
import typing
from ..log import logger
from .. import certs
from .. import rest
from .public import PublicProvider
from .local import LocalProvider
# Not imported at runtime, just for type checking
if typing.TYPE_CHECKING:
from ..service import CommonService
from .handler import Handler
class HTTPServerHandler(http.server.BaseHTTPRequestHandler):
protocol_version = 'HTTP/1.0'
server_version = 'UDS Actor Server'
sys_version = ''
_service: typing.Optional['CommonService'] = None
def sendJsonResponse(self, result: typing.Optional[typing.Any] = None, error: typing.Optional[str] = None, code: int = 200) -> None:
data = json.dumps({'result': result, 'error': error})
self.send_response(code)
self.send_header('Content-type', 'application/json')
self.send_header('Content-Length', str(len(data)))
self.send_header('Server: ', self.server_version)
self.end_headers()
self.wfile.write(data.encode())
def process(self, method: str, params: typing.MutableMapping[str, str]) -> None:
if not self._service:
self.sendJsonResponse(error='Not initialized', code=500)
return
# Very simple path & params splitter
path = self.path.split('?')[0][1:].split('/')
logger.debug('Path: %s, params: %s', path, params)
handlerType: typing.Optional[typing.Type['Handler']] = None
if len(path) == 3 and path[0] == 'actor' and path[1] == self._service._secret: # pylint: disable=protected-access
# public method
handlerType = PublicProvider
elif len(path) == 2 and path[0] == 'ui':
# private method, only from localhost
if self.client_address[0][:3] == '127':
handlerType = LocalProvider
if not handlerType:
self.sendJsonResponse(error='Forbidden', code=403)
return
try:
result = getattr(handlerType(self._service, method, params), method + '_' + path[-1])() # last part of path is method
except AttributeError:
self.sendJsonResponse(error='Method not found', code=404)
return
except Exception as e:
logger.error('Got exception executing {} {}: {}'.format(method, '/'.join(path), str(e)))
self.sendJsonResponse(error=str(e), code=500)
return
self.sendJsonResponse(result)
def do_GET(self) -> None:
try:
params = {v.split('=')[0]: v.split('=')[1] for v in self.path.split('?')[1].split('&')}
except Exception:
params = {}
self.process('get', params)
def do_POST(self) -> None:
try:
length = int(str(self.headers.get('content-length', '0')))
content = self.rfile.read(length)
params: typing.MutableMapping[str, str] = json.loads(content)
except Exception as e:
logger.error('Got exception executing POST {}: {}'.format(self.path, str(e)))
self.sendJsonResponse(error='Invalid parameters', code=400)
return
self.process('post', params)
def log_error(self, format, *args): # pylint: disable=redefined-builtin
logger.error(format, *args)
def log_message(self, format, *args): # pylint: disable=redefined-builtin
logger.debug(format, *args)
class HTTPServerThread(threading.Thread):
_server: typing.Optional[http.server.HTTPServer]
_service: 'CommonService'
_certFile: typing.Optional[str]
def __init__(self, service: 'CommonService'):
super().__init__()
self._server = None
self._service = service
self._certFile = None
def stop(self) -> None:
logger.debug('Stopping Http-server Service')
if self._server:
self._server.shutdown()
self._server = None
if self._certFile:
try:
os.unlink(self._certFile)
except Exception as e:
logger.error('Error removing certificate file: %s', e)
logger.debug('Http-server stopped')
def run(self):
HTTPServerHandler._service = self._service # pylint: disable=protected-access
self._certFile, password = certs.saveCertificate(self._service._certificate) # pylint: disable=protected-access
self._server = http.server.HTTPServer(('0.0.0.0', rest.LISTEN_PORT), HTTPServerHandler)
# self._server.socket = ssl.wrap_socket(self._server.socket, certfile=self.certFile, server_side=True)
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
# context.options = ssl.CERT_NONE
context.load_cert_chain(certfile=self._certFile, password=password)
self._server.socket = context.wrap_socket(self._server.socket, server_side=True)
self._server.serve_forever()

9
server/src/uds/mfas/Email/__init__.py → actor/src/udsactor/linux/__init__.py
View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2022 Virtual Cable S.L.U.
# Copyright (c) 2014-2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -11,7 +11,7 @@
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L.U. nor the names of its contributors
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
@@ -26,5 +26,6 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# pyright: reportUnusedImport=false
from . import mfa
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''

173
actor/src/udsactor/linux/daemon.py Normal file
View File

@@ -0,0 +1,173 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2014-2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import sys
import os
import time
import atexit
from signal import SIGTERM, SIGKILL
from udsactor.log import logger
class Daemon:
"""
A generic daemon class.
Usage: subclass the Daemon class and override the run() method
"""
def __init__(self, pidfile: str, stdin: str = '/dev/null', stdout: str = '/dev/null', stderr: str = '/dev/null'):
self.stdin = stdin
self.stdout = stdout
self.stderr = stderr
self.pidfile = pidfile
def daemonize(self) -> None:
"""
do the UNIX double-fork magic, see Stevens' "Advanced
Programming in the UNIX Environment" for details (ISBN 0201563177)
http://www.erlenstar.demon.co.uk/unix/faq_2.html#SEC16
"""
try:
pid = os.fork()
if pid > 0:
# exit first parent
sys.exit(0)
except OSError as e:
logger.error("fork #1 error: {}".format(e))
sys.stderr.write("fork #1 failed: {}\n".format(e))
sys.exit(1)
# decouple from parent environment
os.chdir("/")
os.setsid()
os.umask(0)
# do second fork
try:
pid = os.fork()
if pid > 0:
# exit from second parent
sys.exit(0)
except OSError as e:
logger.error("fork #2 error: {}".format(e))
sys.stderr.write("fork #2 failed: {}\n".format(e))
sys.exit(1)
# redirect standard file descriptors
sys.stdout.flush()
sys.stderr.flush()
si = open(self.stdin, 'r')
so = open(self.stdout, 'ab+')
se = open(self.stderr, 'ab+', 0)
os.dup2(si.fileno(), sys.stdin.fileno())
os.dup2(so.fileno(), sys.stdout.fileno())
os.dup2(se.fileno(), sys.stderr.fileno())
# write pidfile
atexit.register(self.removePidFile)
pidStr = str(os.getpid())
with open(self.pidfile, 'w+') as f:
f.write("{}\n".format(pidStr))
def removePidFile(self) -> None:
try:
os.remove(self.pidfile)
except Exception:
# Not found/not permissions or whatever, ignore it
pass
def start(self) -> None:
"""
Start the daemon
"""
logger.debug('Starting daemon')
# Check for a pidfile to see if the daemon already runs
if os.path.exists(self.pidfile):
message = "pidfile {} already exist. Daemon already running?\n".format(self.pidfile)
logger.error(message)
sys.stderr.write(message)
sys.exit(1)
# Start the daemon
self.daemonize()
try:
self.run()
except Exception as e:
logger.error('Exception running process: {}'.format(e))
self.removePidFile()
def stop(self) -> None:
"""
Stop the daemon
"""
# Get the pid from the pidfile
try:
pf = open(self.pidfile, 'r')
pid = int(pf.read().strip())
pf.close()
except IOError:
message = "pidfile {} does not exist. Daemon not running?\n".format(self.pidfile)
logger.error(message)
# sys.stderr.write(message)
return # not an error in a restart
# Try killing the daemon process
try:
cnt = 10
while cnt:
cnt -= 1
os.kill(pid, SIGTERM)
time.sleep(1)
if not cnt:
os.kill(pid, SIGKILL)
except OSError as err:
if err.errno == 3: # No such process
if os.path.exists(self.pidfile):
os.remove(self.pidfile)
else:
sys.stderr.write('Error: {}'.format(err))
sys.exit(1)
def restart(self) -> None:
"""
Restart the daemon
"""
self.stop()
self.start()
# Overridables
def run(self) -> None:
"""
override this to provide your own daemon
"""

74
actor/src/udsactor/linux/log.py Normal file
View File

@@ -0,0 +1,74 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2014-2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=invalid-name
import os
import tempfile
import logging
import typing
class LocalLogger: # pylint: disable=too-few-public-methods
linux = False
windows = True
serviceLogger = False
logger: typing.Optional[logging.Logger]
def __init__(self) -> None:
# tempdir is different for "user application" and "service"
# service wil get c:\windows\temp, while user will get c:\users\XXX\temp
# Try to open logger at /var/log path
# If it fails (access denied normally), will try to open one at user's home folder, and if
# agaim it fails, open it at the tmpPath
for logDir in ('/var/log', os.path.expanduser('~'), tempfile.gettempdir()):
try:
fname = os.path.join(logDir, 'udsactor.log')
logging.basicConfig(
filename=fname,
filemode='a',
format='%(levelname)s %(asctime)s %(message)s',
level=logging.DEBUG
)
self.logger = logging.getLogger('udsactor')
os.chmod(fname, 0o0600)
return
except Exception:
pass
# Logger can't be set
self.logger = None
def log(self, level: int, message: str) -> None:
# Debug messages are logged to a file
# our loglevels are 0 (other), 10000 (debug), ....
# logging levels are 10 (debug), 20 (info)
# OTHER = logging.NOTSET
if self.logger:
self.logger.log(int(level / 1000), message)

196
actor/src/udsactor/linux/operations.py Normal file
View File

@@ -0,0 +1,196 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2014-2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=invalid-name
import configparser
import platform
import socket
import fcntl # Only available on Linux. Expect complains if edited from windows
import os
import subprocess
import struct
import array
import typing
from .. import types
from .renamer import rename
from . import xss
def _getMacAddr(ifname: str) -> typing.Optional[str]:
'''
Returns the mac address of an interface
Mac is returned as unicode utf-8 encoded
'''
ifnameBytes = ifname.encode('utf-8')
try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
info = bytearray(fcntl.ioctl(s.fileno(), 0x8927, struct.pack(str('256s'), ifnameBytes[:15])))
return str(''.join(['%02x:' % char for char in info[18:24]])[:-1]).upper()
except Exception:
return None
def _getIpAddr(ifname: str) -> typing.Optional[str]:
'''
Returns the ip address of an interface
Ip is returned as unicode utf-8 encoded
'''
ifnameBytes = ifname.encode('utf-8')
try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
return str(socket.inet_ntoa(fcntl.ioctl(
s.fileno(),
0x8915, # SIOCGIFADDR
struct.pack(str('256s'), ifnameBytes[:15])
)[20:24]))
except Exception:
return None
def _getInterfaces() -> typing.List[str]:
'''
Returns a list of interfaces names coded in utf-8
'''
max_possible = 128 # arbitrary. raise if needed.
space = max_possible * 16
if platform.architecture()[0] == '32bit':
offset, length = 32, 32
elif platform.architecture()[0] == '64bit':
offset, length = 16, 40
else:
raise OSError('Unknown arquitecture {0}'.format(platform.architecture()[0]))
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
names = array.array(str('B'), b'\0' * space)
outbytes = struct.unpack('iL', fcntl.ioctl(
s.fileno(),
0x8912, # SIOCGIFCONF
struct.pack('iL', space, names.buffer_info()[0])
))[0]
namestr = names.tobytes()
# return namestr, outbytes
return [namestr[i:i + offset].split(b'\0', 1)[0].decode('utf-8') for i in range(0, outbytes, length)]
def _getIpAndMac(ifname: str) -> typing.Tuple[typing.Optional[str], typing.Optional[str]]:
ip, mac = _getIpAddr(ifname), _getMacAddr(ifname)
return (ip, mac)
def checkPermissions() -> bool:
return os.getuid() == 0 # getuid only available on linux. Expect "complaioins" if edited from Windows
def getComputerName() -> str:
'''
Returns computer name, with no domain
'''
return socket.gethostname().split('.')[0]
def getNetworkInfo() -> typing.Iterator[types.InterfaceInfoType]:
for ifname in _getInterfaces():
ip, mac = _getIpAndMac(ifname)
if mac != '00:00:00:00:00:00' and mac and ip and ip.startswith('169.254') is False: # Skips local interfaces & interfaces with no dhcp IPs
yield types.InterfaceInfoType(name=ifname, mac=mac, ip=ip)
def getDomainName() -> str:
return ''
def getLinuxOs() -> str:
try:
with open('/etc/os-release', 'r') as f:
data = f.read()
cfg = configparser.ConfigParser()
cfg.read_string('[os]\n' + data)
return cfg['os'].get('id', 'unknown').replace('"', '')
except Exception:
return 'unknown'
def reboot(flags: int = 0):
'''
Simple reboot using os command
'''
subprocess.call(['/sbin/shutdown', 'now', '-r'])
def loggoff() -> None:
'''
Right now restarts the machine...
'''
subprocess.call(['/usr/bin/pkill', '-u', os.environ['USER']])
# subprocess.call(['/sbin/shutdown', 'now', '-r'])
# subprocess.call(['/usr/bin/systemctl', 'reboot', '-i'])
def renameComputer(newName: str) -> bool:
'''
Changes the computer name
Returns True if reboot needed
'''
rename(newName)
return True # Always reboot right now. Not much slower but much more convenient
def joinDomain(domain: str, ou: str, account: str, password: str, executeInOneStep: bool = False):
pass
def changeUserPassword(user: str, oldPassword: str, newPassword: str) -> None:
'''
Simple password change for user using command line
'''
os.system('echo "{1}\n{1}" | /usr/bin/passwd {0} 2> /dev/null'.format(user, newPassword))
def initIdleDuration(atLeastSeconds: int) -> None:
xss.initIdleDuration(atLeastSeconds)
def getIdleDuration() -> float:
return xss.getIdleDuration()
def getCurrentUser() -> str:
'''
Returns current logged in user
'''
return os.environ['USER']
def getSessionType() -> str:
'''
Known values:
* Unknown -> No XDG_SESSION_TYPE environment variable
* xrdp --> xrdp session
* other types
'''
return 'xrdp' if 'XRDP_SESSION' in os.environ else os.environ.get('XDG_SESSION_TYPE', 'unknown')
def forceTimeSync() -> None:
return

17
server/src/uds/transports/HTML5SSH/__init__.py → actor/src/udsactor/linux/renamer/__init__.py
View File

@@ -1,7 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2023 Virtual Cable S.L.U.
# Copyright (c) 2014-2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -12,7 +11,7 @@
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L.U. nor the names of its contributors
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
@@ -27,8 +26,10 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
"""
Author: Adolfo Gómez, dkmaster at dkmon dot com
"""
# pyright: reportUnusedImport=false
from .html5ssh import HTML5SSHTransport
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
from .common import rename
# Import packages
from . import debian, opensuse, redhat, alt

73
server/src/uds/REST/utils.py → actor/src/udsactor/linux/renamer/alt.py
View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2024 Virtual Cable S.L.U.
# Copyright (c) 2014-2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -26,50 +26,49 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
Author: Adolfo Gómez, dkmaster at dkmon dot com
@author: Alexey Shabalin, shaba at altlinux dot org
'''
import json
import typing
import re
import collections.abc
import os
from uds.core import consts
from uds.core.util.model import sql_stamp_seconds
from .common import renamers
from ...log import logger
def rest_result(result: typing.Any, **kwargs: typing.Any) -> dict[str, typing.Any]:
def rename(newName: str) -> bool:
'''
Returns a REST result
ALT, ALTLinux, BaseALT Renamer
Expects new host name on newName
Host does not needs to be rebooted after renaming
'''
# A common possible value in kwargs is "error"
return {'result': result, 'stamp': sql_stamp_seconds(), 'version': consts.system.VERSION, 'build': consts.system.VERSION_STAMP,**kwargs}
logger.debug('using ALT renamer')
with open('/etc/hostname', 'w') as hostname:
hostname.write(newName)
def camel_and_snake_case_from(text: str) -> tuple[str, str]:
'''
Returns a tuple with the camel case and snake case of a text
first value is camel case, second is snake case
'''
snake_case_name = re.sub(r'(?<!^)(?=[A-Z])', '_', text).lower()
# And snake case to camel case (first letter lower case, rest upper case)
camel_case_name = ''.join(x.capitalize() for x in snake_case_name.split('_'))
camel_case_name = camel_case_name[0].lower() + camel_case_name[1:]
# Force system new name
os.system('/bin/hostname {}'.format(newName))
os.system('/usr/bin/hostnamectl set-hostname {}'.format(newName))
return camel_case_name, snake_case_name
# add name to "hosts"
with open('/etc/hosts', 'r') as hosts:
lines = hosts.readlines()
with open('/etc/hosts', 'w') as hosts:
hosts.write("127.0.1.1\t{}\n".format(newName))
for l in lines:
if l[:9] != '127.0.1.1': # Skips existing 127.0.1.1. if it already exists
hosts.write(l)
with open('/etc/sysconfig/network', 'r') as net:
lines = net.readlines()
with open('/etc/sysconfig/network', 'w') as net:
net.write('HOSTNAME={}\n'.format(newName))
for l in lines:
if l[:8] != 'HOSTNAME':
net.write(l)
def to_incremental_json(
source: collections.abc.Generator[typing.Any, None, None]
) -> typing.Generator[str, None, None]:
'''
Converts a generator to a json incremental string
'''
yield '['
first = True
for item in source:
if first:
first = False
else:
yield ','
yield json.dumps(item)
yield ']'
return True
# All names in lower case
renamers['altlinux'] = rename
renamers['alt'] = rename
renamers['basealt'] = rename

38
server/src/uds/core/messaging/config.py → actor/src/udsactor/linux/renamer/common.py
View File

@@ -1,7 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2022 Virtual Cable S.L.U.
# Copyright (c) 2014-2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -12,7 +11,7 @@
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L.U. nor the names of its contributors
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
@@ -27,22 +26,27 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
"""
Author: Adolfo Gómez, dkmaster at dkmon dot com
"""
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import os
import sys
import pkgutil
import typing
from django.utils.translation import gettext_lazy as _
from .. import operations
from ...log import logger
from uds.core.util import config as cfg
renamers: typing.MutableMapping[str, typing.Callable[[str], bool]] = {}
# Globals for messagging
DO_NOT_REPEAT: typing.Final[cfg.Config.Value] = cfg.Config.section(cfg.Config.SectionType.GLOBAL).value(
'Uniqueness',
'10',
help=_('Number of seconds to ignore repeated messages'),
type=cfg.Config.FieldType.NUMERIC,
)
# Renamers now are for IPv4 only addresses
def rename(newName: str) -> bool:
distribution = operations.getLinuxOs().lower().strip()
if distribution in renamers:
logger.info('Renaming to {}'.format(newName))
return renamers[distribution](newName)
# Try Debian renamer, simplest one
logger.info('Renamer for platform "{0}" not found, trying debian renamer'.format(distribution))
return renamers['debian'](newName)
# Ensure that we have a default value for this on startup
DO_NOT_REPEAT.as_int()

52
server/src/uds/core/consts/rest.py → actor/src/udsactor/linux/renamer/debian.py
View File

@@ -1,7 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2024 Virtual Cable S.L.U.
# Copyright (c) 2014-2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -12,7 +11,7 @@
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L.U. nor the names of its contributors
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
@@ -27,25 +26,40 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
"""
Author: Adolfo Gómez, dkmaster at dkmon dot com
"""
import typing
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import os
# REST API requests (..../REST/.../overview, ..../REST/.../types, etc)
OVERVIEW: typing.Final[str] = 'overview'
TYPES: typing.Final[str] = 'types'
TABLEINFO: typing.Final[str] = 'tableinfo'
GUI: typing.Final[str] = 'gui'
LOG: typing.Final[str] = 'log'
SYSTEM: typing.Final[str] = 'system' # Defined on system class, here for reference
from .common import renamers
from ...log import logger
class _NotFound:
pass
def rename(newName: str) -> bool:
'''
Debian renamer
Expects new host name on newName
Host does not needs to be rebooted after renaming
'''
with open('/etc/hostname', 'w') as hostname:
hostname.write(newName)
# Force system new name
os.system('/bin/hostname {}'.format(newName))
os.system('/usr/bin/hostnamectl set-hostname {}'.format(newName))
NOT_FOUND: typing.Final[_NotFound] = _NotFound()
# add name to "hosts"
with open('/etc/hosts', 'r') as hosts:
lines = hosts.readlines()
with open('/etc/hosts', 'w') as hosts:
hosts.write("127.0.1.1\t%s\n" % newName)
for l in lines:
if l[:9] == '127.0.1.1': # Skips existing 127.0.1.1. if it already exists
continue
hosts.write(l)
ITEMS_LIMIT: typing.Final[int] = 4400
return True
# All names in lower case
renamers['debian'] = rename
renamers['ubuntu'] = rename

54
server/src/uds/core/exceptions/actor.py → actor/src/udsactor/linux/renamer/opensuse.py
View File

@@ -1,7 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2012-2019 Virtual Cable S.L.
# Copyright (c) 2014-2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -12,7 +11,7 @@
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L.U. nor the names of its contributors
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
@@ -26,29 +25,42 @@
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import os
"""
Author: Adolfo Gómez, dkmaster at dkmon dot com
"""
from . import common
from .common import renamers
from ...log import logger
class ActorException(common.UDSException):
"""
Base class for all Actor exceptions
"""
def rename(newName: str) -> bool:
'''
RH, Centos, Fedora Renamer
Expects new host name on newName
Host does not needs to be rebooted after renaming
'''
logger.debug('using SUSE renamer')
with open('/etc/hostname', 'w') as hostname:
hostname.write(newName)
# Actor related exceptions
class NoActorComms(ActorException):
"""
Exception used to signal that the actor user service does not have comms url
"""
# Force system new name
os.system('/bin/hostname {}'.format(newName))
os.system('/usr/bin/hostnamectl set-hostname {}'.format(newName))
pass
# add name to "hosts"
with open('/etc/hosts', 'r') as hosts:
lines = hosts.readlines()
with open('/etc/hosts', 'w') as hosts:
hosts.write("127.0.1.1\t{}\n".format(newName))
for l in lines:
if l[:9] != '127.0.1.1': # Skips existing 127.0.1.1. if it already exists
hosts.write(l)
return True
class OldActorVersion(ActorException):
"""
Exception used to signal that the actor user service version is too old
"""
# All names in lower case
renamers['opensuse'] = rename
renamers['suse'] = rename
renamers['opensuse-leap'] = rename

70
server/src/uds/services/Proxmox/proxmox/exceptions.py → actor/src/udsactor/linux/renamer/redhat.py
View File

@@ -1,5 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2012-2023 Virtual Cable S.L.U.
# Copyright (c) 2014-2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -10,7 +11,7 @@
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L.U. nor the names of its contributors
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
@@ -23,36 +24,51 @@
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE."""
"""
Author: Adolfo Gómez, dkmaster at dkmon dot com
"""
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import os
from .common import renamers
from ...log import logger
from uds.core import exceptions
def rename(newName: str) -> bool:
'''
RH, Centos, Fedora Renamer
Expects new host name on newName
Host does not needs to be rebooted after renaming
'''
logger.debug('using RH renamer')
with open('/etc/hostname', 'w') as hostname:
hostname.write(newName)
class ProxmoxError(exceptions.services.generics.Error):
pass
# Force system new name
os.system('/bin/hostname {}'.format(newName))
os.system('/usr/bin/hostnamectl set-hostname {}'.format(newName))
# add name to "hosts"
with open('/etc/hosts', 'r') as hosts:
lines = hosts.readlines()
with open('/etc/hosts', 'w') as hosts:
hosts.write("127.0.1.1\t{}\n".format(newName))
for l in lines:
if l[:9] != '127.0.1.1': # Skips existing 127.0.1.1. if it already exists
hosts.write(l)
class ProxmoxConnectionError(ProxmoxError, exceptions.services.generics.RetryableError):
pass
with open('/etc/sysconfig/network', 'r') as net:
lines = net.readlines()
with open('/etc/sysconfig/network', 'w') as net:
net.write('HOSTNAME={}\n'.format(newName))
for l in lines:
if l[:8] != 'HOSTNAME':
net.write(l)
return True
class ProxmoxAuthError(ProxmoxError, exceptions.services.generics.FatalError):
pass
class ProxmoxDoesNotExists(ProxmoxError):
pass
class ProxmoxNotFound(ProxmoxDoesNotExists, exceptions.services.generics.NotFoundError):
pass
class ProxmoxNodeUnavailableError(ProxmoxConnectionError):
pass
class ProxmoxNoGPUError(ProxmoxDoesNotExists):
pass
# All names in lower case
renamers['centos linux'] = rename
renamers['centos'] = rename
renamers['fedora'] = rename

76
actor/src/udsactor/linux/runner.py Normal file
View File

@@ -0,0 +1,76 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2014-2020 Virtual Cable S.L.U.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import sys
from .. import rest
from .. import platform
from ..log import logger
from .service import UDSActorSvc
def usage():
sys.stderr.write('usage: udsactor start|stop|restart|login "username"|logout "username"\n')
sys.exit(2)
def run() -> None:
logger.setLevel(20000)
if len(sys.argv) == 3 and sys.argv[1] in ('login', 'logout'):
logger.debug('Running client udsactor')
try:
client: rest.UDSClientApi = rest.UDSClientApi()
if sys.argv[1] == 'login':
r = client.login(sys.argv[2], platform.operations.getSessionType())
print('{},{},{},{}\n'.format(r.ip, r.hostname, r.max_idle, r.dead_line or ''))
elif sys.argv[1] == 'logout':
client.logout(sys.argv[2])
except Exception as e:
logger.exception()
logger.error('Got exception while processing command: %s', e)
sys.exit(0)
elif len(sys.argv) != 2:
usage()
daemonSvr = UDSActorSvc()
if len(sys.argv) == 2:
# Daemon mode...
if sys.argv[1] == 'start':
daemonSvr.start()
elif sys.argv[1] == 'stop':
daemonSvr.stop()
elif sys.argv[1] == 'restart':
daemonSvr.restart()
elif sys.argv[1] == 'start-foreground':
daemonSvr.run() # Execute in foreground
else:
usage()
sys.exit(0)
else:
usage()

106
actor/src/udsactor/linux/service.py Normal file
View File

@@ -0,0 +1,106 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2014-2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import signal
from . import daemon
from ..log import logger
from ..service import CommonService
try:
from prctl import set_proctitle # @UnresolvedImport
except ImportError: # Platform may not include prctl, so in case it's not available, we let the "name" as is
def set_proctitle(_):
pass
class UDSActorSvc(daemon.Daemon, CommonService):
def __init__(self) -> None:
daemon.Daemon.__init__(self, '/run/udsactor.pid')
CommonService.__init__(self)
# Captures signals so we can stop gracefully
signal.signal(signal.SIGINT, self.markForExit)
signal.signal(signal.SIGTERM, self.markForExit)
def markForExit(self, signum, frame) -> None: # pylint: disable=unused-argument
self._isAlive = False
def joinDomain( # pylint: disable=unused-argument, too-many-arguments
self,
name: str,
domain: str,
ou: str,
account: str,
password: str
) -> None:
logger.info('Join domain is not supported on linux platforms right now. Just renaming.')
self.rename(name)
def run(self) -> None:
logger.debug('Running Daemon: {}'.format(self._isAlive))
set_proctitle('UDSActorDaemon')
# Linux daemon will continue running unless something is requested to
# Unmanaged services does not initializes "on start", but rather when user logs in (because userservice does not exists "as such" before that)
if self.isManaged():
if not self.initialize():
self.finish()
return # Stop daemon if initializes told to do so
# logger.debug('Initialized, setting ready')
# Initialization is done, set machine to ready for UDS, communicate urls, etc...
self.setReady()
else:
if not self.initializeUnmanaged():
self.finish()
return
# Start listening for petitions
self.startHttpServer()
# *********************
# * Main Service loop *
# *********************
# Counter used to check ip changes only once every 10 seconds, for
# example
counter = 0
while self._isAlive:
counter += 1
try:
if counter % 5 == 0:
self.loop()
except Exception as e:
logger.error('Got exception on main loop: %s', e)
# In milliseconds, will break
self.doWait(1000)
self.finish()

107
actor/src/udsactor/linux/store.py Normal file
View File

@@ -0,0 +1,107 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2014-2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=invalid-name
import os
import configparser
import base64
import pickle
from .. import types
CONFIGFILE = '/etc/udsactor/udsactor.cfg'
def readConfig() -> types.ActorConfigurationType:
try:
cfg = configparser.ConfigParser()
cfg.read(CONFIGFILE)
uds: configparser.SectionProxy = cfg['uds']
# Extract data:
base64Config = uds.get('config', None)
config = pickle.loads(base64.b64decode(base64Config.encode())) if base64Config else None
base64Data = uds.get('data', None)
data = pickle.loads(base64.b64decode(base64Data.encode())) if base64Data else None
return types.ActorConfigurationType(
actorType=uds.get('type', types.MANAGED),
host=uds.get('host', ''),
validateCertificate=uds.getboolean('validate', fallback=False),
master_token=uds.get('master_token', None),
own_token=uds.get('own_token', None),
restrict_net=uds.get('restrict_net', None),
pre_command=uds.get('pre_command', None),
runonce_command=uds.get('runonce_command', None),
post_command=uds.get('post_command', None),
log_level=int(uds.get('log_level', '2')),
config=config,
data=data
)
except Exception:
return types.ActorConfigurationType('', False)
def writeConfig(config: types.ActorConfigurationType) -> None:
cfg = configparser.ConfigParser()
cfg.add_section('uds')
uds: configparser.SectionProxy = cfg['uds']
uds['host'] = config.host
uds['validate'] = 'yes' if config.validateCertificate else 'no'
def writeIfValue(val, name):
if val:
uds[name] = val
writeIfValue(config.actorType, 'type')
writeIfValue(config.master_token, 'master_token')
writeIfValue(config.own_token, 'own_token')
writeIfValue(config.restrict_net, 'restrict_net')
writeIfValue(config.pre_command, 'pre_command')
writeIfValue(config.post_command, 'post_command')
writeIfValue(config.runonce_command, 'runonce_command')
uds['log_level'] = str(config.log_level)
if config.config: # Special case, encoded & dumped
uds['config'] = base64.b64encode(pickle.dumps(config.config)).decode()
if config.data: # Special case, encoded & dumped
uds['data'] = base64.b64encode(pickle.dumps(config.data)).decode()
# Ensures exists destination folder
dirname = os.path.dirname(CONFIGFILE)
if not os.path.exists(dirname):
os.mkdir(dirname, mode=0o700) # Will create only if route to path already exists, for example, /etc (that must... :-))
with open(CONFIGFILE, 'w') as f:
cfg.write(f)
os.chmod(CONFIGFILE, 0o0600) # Ensure only readable by root
def useOldJoinSystem() -> bool:
return False
def invokeScriptOnLogin() -> str:
return ''

128
actor/src/udsactor/linux/xss.py Normal file
View File

@@ -0,0 +1,128 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2014-2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=invalid-name
import ctypes
import ctypes.util
import subprocess
xlib = None
xss = None
display = None
xssInfo = None
initialized = False
class XScreenSaverInfo(ctypes.Structure): # pylint: disable=too-few-public-methods
_fields_ = [('window', ctypes.c_long),
('state', ctypes.c_int),
('kind', ctypes.c_int),
('til_or_since', ctypes.c_ulong),
('idle', ctypes.c_ulong),
('eventMask', ctypes.c_ulong)]
class c_ptr(ctypes.c_void_p):
pass
def _ensureInitialized():
global xlib, xss, xssInfo, display, initialized # pylint: disable=global-statement
if initialized:
return
initialized = True
try:
xlibPath = ctypes.util.find_library('X11')
xssPath = ctypes.util.find_library('Xss')
xlib = xss = None
if not xlibPath or not xssPath:
raise Exception('Library Not found!!')
xlib = ctypes.cdll.LoadLibrary(xlibPath)
xss = ctypes.cdll.LoadLibrary(xssPath)
# Fix result type to XScreenSaverInfo Structure
xss.XScreenSaverQueryExtension.restype = ctypes.c_int
xss.XScreenSaverQueryExtension.argtypes = [
ctypes.c_void_p,
ctypes.POINTER(ctypes.c_int),
ctypes.POINTER(ctypes.c_int)
]
xss.XScreenSaverAllocInfo.restype = ctypes.POINTER(XScreenSaverInfo) # Result in a XScreenSaverInfo structure
xss.XScreenSaverQueryInfo.argtypes = [
ctypes.c_void_p,
ctypes.c_void_p,
ctypes.POINTER(XScreenSaverInfo)
]
xlib.XOpenDisplay.argtypes = [ctypes.c_char_p]
xlib.XOpenDisplay.restype = c_ptr
display = xlib.XOpenDisplay(None)
if not display.value:
raise Exception('Display not found!') # Invalid display, not accesible
xssInfo = xss.XScreenSaverAllocInfo()
# Ensures screen saver extension is available
event_base = ctypes.c_int()
error_base = ctypes.c_int()
available = xss.XScreenSaverQueryExtension(display, ctypes.byref(event_base), ctypes.byref(error_base))
if available != 1:
raise Exception('ScreenSaver not available')
except Exception: # Libraries not accesible, not found or whatever..
xlib = xss = display = xssInfo = None
def initIdleDuration(atLeastSeconds: int) -> None:
_ensureInitialized()
if atLeastSeconds:
subprocess.call(['/usr/bin/xset', 's', '{}'.format(atLeastSeconds + 30)])
# And now reset it
subprocess.call(['/usr/bin/xset', 's', 'reset'])
def getIdleDuration() -> float:
'''
Returns idle duration, in seconds
'''
if not initialized or not xlib or not xss or not xssInfo:
return 0 # Libraries not available
xss.XScreenSaverQueryInfo(display, xlib.XDefaultRootWindow(display), xssInfo)
# States: 0 = off, 1 = On, 2 = Cycle, 3 = Disabled, ...?
if xssInfo.contents.state == 1: # state = 1 means "active", so idle is not a valid state
return 3600 * 100 * 1000 # If screen saver is active, return a high enough value
return xssInfo.contents.idle / 1000.0

117
actor/src/udsactor/log.py Normal file
View File

@@ -0,0 +1,117 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2014-2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=invalid-name
import traceback
import sys
import typing
if sys.platform == 'win32':
from .windows.log import LocalLogger
else:
from .linux.log import LocalLogger
# Not imported at runtime, just for type checking
if typing.TYPE_CHECKING:
from . import rest
# Valid logging levels, from UDS Broker (uds.core.utils.log)
from .loglevel import OTHER, DEBUG, INFO, WARN, ERROR, FATAL
class Logger:
remoteLogger: typing.Optional['rest.UDSServerApi']
own_token: str
logLevel: int
localLogger: LocalLogger
def __init__(self) -> None:
self.logLevel = INFO
self.localLogger = LocalLogger()
self.remoteLogger = None
self.own_token = ''
def setLevel(self, level: typing.Union[str, int]) -> None:
'''
Sets log level filter (minimum level required for a log message to be processed)
:param level: Any message with a level below this will be filtered out
'''
self.logLevel = int(level) # Ensures level is an integer or fails
def setRemoteLogger(self, remoteLogger: 'rest.UDSServerApi', own_token: str) -> None:
self.remoteLogger = remoteLogger
self.own_token = own_token
def enableServiceLogger(self):
if self.localLogger.windows:
self.localLogger.serviceLogger = True
def log(self, level: typing.Union[str, int], message: str, *args) -> None:
level = int(level)
if level < self.logLevel: # Skip not wanted messages
return
msg = message % args
# If remote logger is available, notify message to it (except DEBUG messages OFC)
try:
if self.remoteLogger and level >= DEBUG:
self.remoteLogger.log(self.own_token, level, msg)
except Exception as e:
self.localLogger.log(DEBUG, 'Log to broker: {}'.format(e))
self.localLogger.log(level, msg)
def debug(self, message: str, *args) -> None:
self.log(DEBUG, message, *args)
def warn(self, message: str, *args) -> None:
self.log(WARN, message, *args)
def info(self, message: str, *args) -> None:
self.log(INFO, message, *args)
def error(self, message: str, *args) -> None:
self.log(ERROR, message, *args)
def fatal(self, message: str, *args) -> None:
self.log(FATAL, message, *args)
def exception(self) -> None:
try:
tb = traceback.format_exc()
except Exception:
tb = '(could not get traceback!)'
self.log(DEBUG, tb)
def flush(self) -> None:
pass
logger = Logger()

13
server/src/uds/core/types/rest/stock/__init__.py → actor/src/udsactor/loglevel.py
View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2025 Virtual Cable S.L.U.
# Copyright (c) 2020 Virtual Cable S.L.U.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -11,7 +11,7 @@
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L.U. nor the names of its contributors
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
@@ -25,9 +25,8 @@
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
"""
Author: Adolfo Gómez, dkmaster at dkmon dot com
"""
# pyright: reportUnusedImport=false
from .fields import StockField
OTHER, DEBUG, INFO, WARN, ERROR, FATAL = (10000 * x for x in range(6))

23
server/src/uds/auths/OAuth2/__init__.py → actor/src/udsactor/platform.py
View File

@@ -1,7 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2023 Virtual Cable S.L.U.
# Copyright (c) 2014 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -12,7 +11,7 @@
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L.U. nor the names of its contributors
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
@@ -26,13 +25,13 @@
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import sys
"""
Sample authenticator. We import here the module, and uds.auths module will
take care of registering it as provider
Author: Adolfo Gómez, dkmaster at dkmon dot com
"""
# pyright: reportUnusedImport=false
from .authenticator import OAuth2Authenticator
name = sys.platform
if sys.platform == 'win32':
from .windows import operations, store # pylint: disable=unused-import
else:
from .linux import operations, store # pylint: disable=unused-import

431
actor/src/udsactor/rest.py Normal file
View File

@@ -0,0 +1,431 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2019-2021 Virtual Cable S.L.U.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L.U. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=invalid-name
import warnings
import json
import logging
import typing
import requests
from . import types
from .version import VERSION
# Default public listen port
LISTEN_PORT = 43910
# Default timeout
TIMEOUT = 5 # 5 seconds is more than enought
# Constants
UNKNOWN = 'unknown'
class RESTError(Exception):
ERRCODE = 0
class RESTConnectionError(RESTError):
ERRCODE = -1
# Errors ""raised"" from broker
class RESTInvalidKeyError(RESTError):
ERRCODE = 1
class RESTUnmanagedHostError(RESTError):
ERRCODE = 2
class RESTUserServiceNotFoundError(RESTError):
ERRCODE = 3
class RESTOsManagerError(RESTError):
ERRCODE = 4
# For avoid proxy on localhost connections
NO_PROXY = {
'http': None,
'https': None,
}
UDS_BASE_URL = 'https://{}/uds/rest/'
#
# Basic UDS Api
#
class UDSApi: # pylint: disable=too-few-public-methods
"""
Base for remote api accesses
"""
_host: str
_validateCert: bool
_url: str
def __init__(self, host: str, validateCert: bool) -> None:
self._host = host
self._validateCert = validateCert
self._url = UDS_BASE_URL.format(self._host)
# Disable logging requests messages except for errors, ...
logging.getLogger('request').setLevel(logging.CRITICAL)
logging.getLogger('urllib3').setLevel(logging.ERROR)
try:
warnings.simplefilter('ignore') # Disables all warnings
except Exception:
pass
@property
def _headers(self) -> typing.MutableMapping[str, str]:
return {
'Content-Type': 'application/json',
'User-Agent': 'UDS Actor v{}'.format(VERSION),
}
def _apiURL(self, method: str) -> str:
raise NotImplementedError
def _doPost(
self,
method: str, # i.e. 'initialize', 'ready', ....
payLoad: typing.MutableMapping[str, typing.Any],
headers: typing.Optional[typing.MutableMapping[str, str]] = None,
disableProxy: bool = False,
) -> typing.Any:
headers = headers or self._headers
try:
result = requests.post(
self._apiURL(method),
data=json.dumps(payLoad),
headers=headers,
verify=self._validateCert,
timeout=TIMEOUT,
proxies=NO_PROXY # type: ignore
if disableProxy
else None, # if not proxies wanted, enforce it
)
if result.ok:
j = result.json()
if not j.get('error', None):
return j['result']
except requests.ConnectionError as e:
raise RESTConnectionError(str(e))
except Exception as e:
raise RESTError(str(e))
try:
data = result.json()
except Exception:
data = result.content.decode()
raise RESTError(data)
#
# UDS Broker API access
#
class UDSServerApi(UDSApi):
def _apiURL(self, method: str) -> str:
return self._url + 'actor/v3/' + method
def enumerateAuthenticators(self) -> typing.Iterable[types.AuthenticatorType]:
try:
result = requests.get(
self._url + 'auth/auths',
headers=self._headers,
verify=self._validateCert,
timeout=4,
)
if result.ok:
for v in sorted(result.json(), key=lambda x: x['priority']):
yield types.AuthenticatorType(
authId=v['authId'],
authSmallName=v['authSmallName'],
auth=v['auth'],
type=v['type'],
priority=v['priority'],
isCustom=v['isCustom'],
)
except Exception:
pass
def register( # pylint: disable=too-many-arguments, too-many-locals
self,
auth: str,
username: str,
password: str,
hostname: str,
ip: str,
mac: str,
preCommand: str,
runOnceCommand: str,
postCommand: str,
logLevel: int,
) -> str:
"""
Raises an exception if could not register, or registers and returns the "authorization token"
"""
data = {
'username': username + '@' + auth,
'hostname': hostname,
'ip': ip,
'mac': mac,
'pre_command': preCommand,
'run_once_command': runOnceCommand,
'post_command': postCommand,
'log_level': logLevel,
}
# First, try to login to REST api
try:
# First, try to login
authInfo = {'auth': auth, 'username': username, 'password': password}
headers = self._headers
result = requests.post(
self._url + 'auth/login',
data=json.dumps(authInfo),
headers=headers,
verify=self._validateCert,
)
if not result.ok or result.json()['result'] == 'error':
raise Exception() # Invalid credentials
headers['X-Auth-Token'] = result.json()['token']
result = requests.post(
self._apiURL('register'),
data=json.dumps(data),
headers=headers,
verify=self._validateCert,
)
if result.ok:
return result.json()['result']
except requests.ConnectionError as e:
raise RESTConnectionError(e)
except RESTError:
raise
except Exception as e:
raise RESTError('Invalid credentials')
raise RESTError(result.content.decode())
def initialize(
self,
token: str,
interfaces: typing.Iterable[types.InterfaceInfoType],
actor_type: typing.Optional[str],
) -> types.InitializationResultType:
# Generate id list from netork cards
payload = {
'type': actor_type or types.MANAGED,
'token': token,
'version': VERSION,
'id': [{'mac': i.mac, 'ip': i.ip} for i in interfaces],
}
r = self._doPost('initialize', payload)
os = r['os']
return types.InitializationResultType(
own_token=r['own_token'],
unique_id=r['unique_id'].lower() if r['unique_id'] else None,
os=types.ActorOsConfigurationType(
action=os['action'],
name=os['name'],
username=os.get('username'),
password=os.get('password'),
new_password=os.get('new_password'),
ad=os.get('ad'),
ou=os.get('ou'),
)
if r['os']
else None,
)
def ready(
self, own_token: str, secret: str, ip: str, port: int
) -> types.CertificateInfoType:
payload = {'token': own_token, 'secret': secret, 'ip': ip, 'port': port}
result = self._doPost('ready', payload)
return types.CertificateInfoType(
private_key=result['private_key'],
server_certificate=result['server_certificate'],
password=result['password'],
)
def notifyIpChange(
self, own_token: str, secret: str, ip: str, port: int
) -> types.CertificateInfoType:
payload = {'token': own_token, 'secret': secret, 'ip': ip, 'port': port}
result = self._doPost('ipchange', payload)
return types.CertificateInfoType(
private_key=result['private_key'],
server_certificate=result['server_certificate'],
password=result['password'],
)
def notifyUnmanagedCallback(
self,
master_token: str,
secret: str,
interfaces: typing.Iterable[types.InterfaceInfoType],
port: int,
) -> types.CertificateInfoType:
payload = {
'id': [{'mac': i.mac, 'ip': i.ip} for i in interfaces],
'token': master_token,
'secret': secret,
'port': port,
}
result = self._doPost('unmanaged', payload)
return types.CertificateInfoType(
private_key=result['private_key'],
server_certificate=result['server_certificate'],
password=result['password'],
)
def login(
self,
actor_type: typing.Optional[str],
token: str,
username: str,
sessionType: str,
interfaces: typing.Iterable[types.InterfaceInfoType],
secret: typing.Optional[str],
) -> types.LoginResultInfoType:
if not token:
return types.LoginResultInfoType(
ip='0.0.0.0', hostname=UNKNOWN, dead_line=None, max_idle=None
)
payload = {
'type': actor_type or types.MANAGED,
'id': [{'mac': i.mac, 'ip': i.ip} for i in interfaces],
'token': token,
'username': username,
'session_type': sessionType,
'secret': secret or '',
}
result = self._doPost('login', payload)
return types.LoginResultInfoType(
ip=result['ip'],
hostname=result['hostname'],
dead_line=result['dead_line'],
max_idle=result['max_idle'],
)
def logout(
self,
actor_type: typing.Optional[str],
token: str,
username: str,
sessionType: str,
interfaces: typing.Iterable[types.InterfaceInfoType],
secret: typing.Optional[str],
) -> typing.Optional[str]:
if not token:
return None
payload = {
'type': actor_type or types.MANAGED,
'id': [{'mac': i.mac, 'ip': i.ip} for i in interfaces],
'token': token,
'username': username,
'session_type': sessionType,
'secret': secret or '',
}
return self._doPost('logout', payload) # Can be 'ok' or 'notified'
def log(self, own_token: str, level: int, message: str) -> None:
if not own_token:
return
payLoad = {'token': own_token, 'level': level, 'message': message}
self._doPost('log', payLoad) # Ignores result...
def test(self, master_token: str, actorType: typing.Optional[str]) -> bool:
payLoad = {
'type': actorType or types.MANAGED,
'token': master_token,
}
return self._doPost('test', payLoad) == 'ok'
class UDSClientApi(UDSApi):
def __init__(self) -> None:
super().__init__('127.0.0.1:{}'.format(LISTEN_PORT), False)
# Override base url
self._url = "https://{}/ui/".format(self._host)
def _apiURL(self, method: str) -> str:
return self._url + method
def post(
self,
method: str, # i.e. 'initialize', 'ready', ....
payLoad: typing.MutableMapping[str, typing.Any],
) -> typing.Any:
return self._doPost(method=method, payLoad=payLoad, disableProxy=True)
def register(self, callbackUrl: str) -> None:
payLoad = {'callback_url': callbackUrl}
self.post('register', payLoad)
def unregister(self, callbackUrl: str) -> None:
payLoad = {'callback_url': callbackUrl}
self.post('unregister', payLoad)
def login(
self, username: str, sessionType: typing.Optional[str] = None
) -> types.LoginResultInfoType:
payLoad = {
'username': username,
'session_type': sessionType or UNKNOWN,
}
result = self.post('login', payLoad)
return types.LoginResultInfoType(
ip=result['ip'],
hostname=result['hostname'],
dead_line=result['dead_line'],
max_idle=result['max_idle'],
)
def logout(self, username: str, sessionType: typing.Optional[str]) -> None:
payLoad = {
'username': username,
'session_type': sessionType or UNKNOWN
}
self.post('logout', payLoad)
def ping(self) -> bool:
return self.post('ping', {}) == 'pong'

599
actor/src/udsactor/service.py Normal file
View File

@@ -0,0 +1,599 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2014-2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=invalid-name
import socket
import time
import secrets
import subprocess
import typing
from . import platform
from . import rest
from . import types
from . import tools
from .log import logger, DEBUG, INFO, ERROR, FATAL
from .http import clients_pool, server, cert
# def setup() -> None:
# cfg = platform.store.readConfig()
# if logger.logger.windows:
# # Logs will also go to windows event log for services
# logger.logger.serviceLogger = True
# if cfg.x:
# logger.setLevel(cfg.get('logLevel', 20000))
# else:
# logger.setLevel(20000)
class CommonService: # pylint: disable=too-many-instance-attributes
_isAlive: bool = True
_rebootRequested: bool = False
_loggedIn: bool = False
_initialized: bool = False
_cfg: types.ActorConfigurationType
_api: rest.UDSServerApi
_interfaces: typing.List[types.InterfaceInfoType]
_secret: str
_certificate: types.CertificateInfoType
_clientsPool: clients_pool.UDSActorClientPool
_http: typing.Optional[server.HTTPServerThread]
@staticmethod
def execute(cmdLine: str, section: str) -> bool:
try:
logger.debug('Executing command on {}: {}'.format(section, cmdLine))
res = subprocess.check_call(cmdLine, shell=True)
except Exception as e:
logger.error(
'Got exception executing: {} - {} - {}'.format(section, cmdLine, e)
)
return False
logger.debug('Result of executing cmd for {} was {}'.format(section, res))
return True
def __init__(self) -> None:
self._cfg = platform.store.readConfig()
self._interfaces = []
self._api = rest.UDSServerApi(self._cfg.host, self._cfg.validateCertificate)
self._secret = secrets.token_urlsafe(33)
self._clientsPool = clients_pool.UDSActorClientPool()
self._certificate = (
cert.defaultCertificate
) # For being used on "unmanaged" hosts only
self._http = None
# Initialzies loglevel and serviceLogger
# 0 = DEBUG, 1 = INFO, 2 = ERROR, 3 = FATAL in combobox
# BUT!!!:
# 0 = OTHER, 10000 = DEBUG, 20000 = WARN, 30000 = INFO, 40000 = ERROR, 50000 = FATAL
# So this comes:
logger.setLevel([DEBUG, INFO, ERROR, FATAL][self._cfg.log_level])
# If windows, enable service logger
logger.enableServiceLogger()
socket.setdefaulttimeout(20)
def startHttpServer(self):
# Starts the http thread
if self._http:
try:
self._http.stop()
except Exception:
pass
self._http = server.HTTPServerThread(self)
self._http.start()
def isManaged(self) -> bool:
return (
self._cfg.actorType != types.UNMANAGED
) # Only "unmanaged" hosts are unmanaged, the rest are "managed"
def serviceInterfaceInfo(
self, interfaces: typing.Optional[typing.List[types.InterfaceInfoType]] = None
) -> typing.Optional[types.InterfaceInfoType]:
"""
returns the inteface with unique_id mac or first interface or None if no interfaces...
"""
interfaces = (
interfaces or self._interfaces
) # Emty interfaces is like "no ip change" because cannot be notified
if self._cfg.config and interfaces:
try:
return next(
x for x in interfaces if x.mac.lower() == self._cfg.config.unique_id
)
except StopIteration:
return interfaces[0]
return None
def reboot(self) -> None:
# Reboot just after renaming
logger.info('Rebooting...')
self._rebootRequested = True
def setReady(self) -> None:
if not self._isAlive or not self.isManaged():
return
# Unamanged actor types does not set ready never (has no osmanagers, no needing for this)
# First, if postconfig is available, execute it and disable it
if self._cfg.post_command:
self.execute(self._cfg.post_command, 'postConfig')
self._cfg = self._cfg._replace(post_command=None)
platform.store.writeConfig(self._cfg)
if self._cfg.own_token and self._interfaces:
srvInterface = self.serviceInterfaceInfo()
if srvInterface:
# Rery while RESTConnectionError (that is, cannot connect)
counter = 60
logged = False
while self._isAlive:
counter -= 1
try:
self._certificate = self._api.ready(
self._cfg.own_token,
self._secret,
srvInterface.ip,
rest.LISTEN_PORT,
)
except rest.RESTConnectionError as e:
if not logged: # Only log connection problems ONCE
logged = True
logger.error('Error connecting with UDS Broker')
self.doWait(5000)
continue
except Exception as e:
logger.error('Unhandled exception while setting ready: %s', e)
if counter > 0:
self.doWait(10000) # A long wait on other error...
continue
platform.operations.reboot() # On too many errors, simply reboot
# Success or any error that is not recoverable (retunerd by UDS). if Error, service will be cleaned in a while.
break
else:
logger.error(
'Could not locate IP address!!!. (Not registered with UDS)'
)
# Do not continue if not alive...
if not self._isAlive:
return
# Cleans sensible data
if self._cfg.config:
self._cfg = self._cfg._replace(
config=self._cfg.config._replace(os=None), data=None
)
platform.store.writeConfig(self._cfg)
logger.info('Service ready')
def configureMachine(self) -> bool:
if not self._isAlive:
return False
if not self.isManaged():
return True
# First, if runonce is present, honor it and remove it from config
# Return values is "True" for keep service (or daemon) running, False if Stop it.
if self._cfg.runonce_command:
runOnce = self._cfg.runonce_command
self._cfg = self._cfg._replace(runonce_command=None)
platform.store.writeConfig(self._cfg)
if self.execute(runOnce, "runOnce"):
# If runonce is present, will not do anythin more
# So we have to ensure that, when runonce command is finished, reboots the machine.
# That is, the COMMAND itself has to restart the machine!
return False # If the command fails, continue with the rest of the operations...
# Retry configuration while not stop service, config in case of error 10 times, reboot vm
counter = 10
while self._isAlive:
counter -= 1
try:
if self._cfg.config and self._cfg.config.os:
osData = self._cfg.config.os
if osData.action == 'rename':
self.rename(
osData.name,
osData.username,
osData.password,
osData.new_password,
)
elif osData.action == 'rename_ad':
self.joinDomain(
osData.name,
osData.ad or '',
osData.ou or '',
osData.username or '',
osData.password or '',
)
if self._rebootRequested:
try:
platform.operations.reboot()
except Exception as e:
logger.error('Exception on reboot: {}'.format(e))
return False # Stops service if reboot was requested ofc
break
except Exception as e:
logger.error('Got exception operating machine: {}'.format(e))
if counter > 0:
self.doWait(5000)
else:
platform.operations.reboot()
return False
return True
def initializeUnmanaged(self) -> bool:
# Notify UDS about my callback
self.getInterfaces() # Ensure we have interfaces
if self._cfg.master_token:
try:
self._certificate = self._api.notifyUnmanagedCallback(
self._cfg.master_token,
self._secret,
self._interfaces,
rest.LISTEN_PORT,
)
except Exception as e:
logger.error('Couuld not notify unmanaged callback: %s', e)
return True
def getInterfaces(self) -> None:
if self._interfaces:
return
while self._isAlive:
self._interfaces = tools.validNetworkCards(
self._cfg.restrict_net, platform.operations.getNetworkInfo()
)
if self._interfaces:
break
self.doWait(5000)
def initialize(self) -> bool:
if (
self._initialized or not self._cfg.host or not self._isAlive
): # Not configured or not running
return False
self._initialized = True
# Force time sync, just in case...
if self.isManaged():
platform.operations.forceTimeSync()
# Wait for Broker to be ready
# Ensure we have intefaces...
self.getInterfaces()
while self._isAlive:
try:
# If master token is present, initialize and get configuration data
if self._cfg.master_token:
initResult: types.InitializationResultType = self._api.initialize(
self._cfg.master_token, self._interfaces, self._cfg.actorType
)
if not initResult.own_token: # Not managed
logger.debug(
'This host is not managed by UDS Broker (ids: {})'.format(
self._interfaces
)
)
return False
# Only removes master token for managed machines (will need it on next client execution)
master_token = None if self.isManaged() else self._cfg.master_token
self._cfg = self._cfg._replace(
master_token=master_token,
own_token=initResult.own_token,
config=types.ActorDataConfigurationType(
unique_id=initResult.unique_id, os=initResult.os
),
)
# On first successfull initialization request, master token will dissapear for managed hosts so it will be no more available (not needed anyway)
if self.isManaged():
platform.store.writeConfig(self._cfg)
# Setup logger now
if self._cfg.own_token:
logger.setRemoteLogger(self._api, self._cfg.own_token)
break # Initial configuration done..
except rest.RESTConnectionError as e:
logger.info(
'Trying to inititialize connection with broker (last error: {})'.format(
e
)
)
self.doWait(5000) # Wait a bit and retry
except rest.RESTError as e: # Invalid key?
logger.error(
'Error validating with broker. (Invalid token?): {}'.format(e)
)
return False
except Exception:
logger.exception()
self.doWait(5000) # Wait a bit and retry...
return self.configureMachine()
def uninitialize(self):
self._initialized = False
self._cfg = self._cfg._replace(
own_token=None
) # Ensures assigned token is cleared
def finish(self) -> None:
if self._http:
self._http.stop()
# If logged in, notify UDS of logout (daemon stoped = no control = logout)
if self._loggedIn and self._cfg.own_token:
self._loggedIn = False
try:
self._api.logout(
self._cfg.actorType,
self._cfg.own_token,
'',
'',
self._interfaces,
self._secret,
)
except Exception as e:
logger.error('Error notifying final logout to UDS: %s', e)
self.notifyStop()
def checkIpsChanged(self) -> None:
if not self.isManaged():
return # Unamanaged hosts does not changes ips. (The full initialize-login-logout process is done in a row, so at login the IP is correct)
try:
if (
not self._cfg.own_token
or not self._cfg.config
or not self._cfg.config.unique_id
):
# Not enouth data do check
return
currentInterfaces = tools.validNetworkCards(
self._cfg.restrict_net, platform.operations.getNetworkInfo()
)
old = self.serviceInterfaceInfo()
new = self.serviceInterfaceInfo(currentInterfaces)
if not new or not old:
raise Exception(
'No ip currently available for {}'.format(
self._cfg.config.unique_id
)
)
if old.ip != new.ip:
self._certificate = self._api.notifyIpChange(
self._cfg.own_token, self._secret, new.ip, rest.LISTEN_PORT
)
# Now store new addresses & interfaces...
self._interfaces = currentInterfaces
logger.info(
'Ip changed from {} to {}. Notified to UDS'.format(old.ip, new.ip)
)
# Stop the running HTTP Thread and start a new one, with new generated cert
self.startHttpServer()
except Exception as e:
# No ip changed, log exception for info
logger.warn('Checking ips failed: {}'.format(e))
def rename(
self,
name: str,
userName: typing.Optional[str] = None,
oldPassword: typing.Optional[str] = None,
newPassword: typing.Optional[str] = None,
) -> None:
'''
Invoked when broker requests a rename action
default does nothing
'''
hostName = platform.operations.getComputerName()
# Check for password change request for an user
if userName and newPassword:
logger.info('Setting password for configured user')
try:
platform.operations.changeUserPassword(
userName, oldPassword or '', newPassword
)
except Exception as e:
# Logs error, but continue renaming computer
logger.error(
'Could not change password for user {}: {}'.format(userName, e)
)
if hostName.lower() == name.lower():
logger.info('Computer name is already {}'.format(hostName))
return
if platform.operations.renameComputer(name):
self.reboot()
def loop(self):
# Main common loop
try:
# Checks if ips has changed
self.checkIpsChanged()
# Now check if every registered client is already there (if logged in OFC)
if self._loggedIn and not self._clientsPool.ping():
self.logout('client_unavailable', '')
except Exception as e:
logger.error('Exception on main service loop: %s', e)
# ******************************************************
# Methods that can be overriden by linux & windows Actor
# ******************************************************
def joinDomain( # pylint: disable=unused-argument, too-many-arguments
self, name: str, domain: str, ou: str, account: str, password: str
) -> None:
'''
Invoked when broker requests a "domain" action
default does nothing
'''
logger.debug('Base join invoked: {} on {}, {}'.format(name, domain, ou))
# Client notifications
def login(
self, username: str, sessionType: typing.Optional[str] = None
) -> types.LoginResultInfoType:
result = types.LoginResultInfoType(
ip='', hostname='', dead_line=None, max_idle=None
)
master_token = None
secret = None
# If unmanaged, do initialization now, because we don't know before this
# Also, even if not initialized, get a "login" notification token
if not self.isManaged():
self._initialized = (
self.initialize()
) # Maybe it's a local login by an unmanaged host.... On real login, will execute initilize again
# Unamanaged, need the master token
master_token = self._cfg.master_token
secret = self._secret
# Own token will not be set if UDS did not assigned the initialized VM to an user
# In that case, take master token (if machine is Unamanaged version)
token = self._cfg.own_token or master_token
if token:
result = self._api.login(
self._cfg.actorType,
token,
username,
sessionType or '',
self._interfaces,
secret,
)
if result.logged_in:
logger.debug('Login successful')
self._loggedIn = True
script = platform.store.invokeScriptOnLogin()
if script:
logger.info('Executing script on login: {}'.format(script))
script += f'{username} {sessionType or "unknown"} {self._cfg.actorType}'
self.execute(script, 'Logon')
return result
def logout(self, username: str, sessionType: typing.Optional[str]) -> None:
master_token = self._cfg.master_token
# Own token will not be set if UDS did not assigned the initialized VM to an user
# In that case, take master token (if machine is Unamanaged version)
token = self._cfg.own_token or master_token
if token:
# If logout is not processed (that is, not ok result), the logout has not been processed
if (
self._api.logout(
self._cfg.actorType,
token,
username,
sessionType or '',
self._interfaces,
self._secret,
)
!= 'ok'
):
logger.info('Logout from %s ignored as required by uds broker', username)
return
self._loggedIn = False
self.onLogout(username)
if not self.isManaged():
self.uninitialize()
# ****************************************
# Methods that CAN BE overriden by actors
# ****************************************
def doWait(self, miliseconds: int) -> None:
'''
Invoked to wait a bit
CAN be OVERRIDEN
'''
seconds = miliseconds / 1000.0
# So it can be broken by "stop"
while self._isAlive and seconds > 1:
time.sleep(1)
seconds -= 1
time.sleep(seconds)
def notifyStop(self) -> None:
'''
Overriden to log stop (on windows, notify to service manager)
'''
logger.info('Service stopped')
def preConnect(
self, userName: str, protocol: str, ip: str, hostname: str, udsUserName: str
) -> str:
'''
Invoked when received a PRE Connection request via REST
Base preconnect executes the preconnect command
'''
if self._cfg.pre_command:
self.execute(
self._cfg.pre_command
+ ' {} {} {} {} {}'.format(
userName.replace('"', '%22'),
protocol,
ip,
hostname,
udsUserName.replace('"', '%22'),
),
'preConnect',
)
return 'ok'
def onLogout(self, userName: str) -> None:
logger.debug('On logout invoked for {}'.format(userName))

85
actor/src/udsactor/tools.py Normal file
View File

@@ -0,0 +1,85 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import threading
import ipaddress
import typing
if typing.TYPE_CHECKING:
from udsactor.types import InterfaceInfoType
class ScriptExecutorThread(threading.Thread):
def __init__(self, script: str) -> None:
super(ScriptExecutorThread, self).__init__()
self.script = script
def run(self) -> None:
from udsactor.log import logger
try:
logger.debug('Executing script: {}'.format(self.script))
exec(self.script, globals(), None) # pylint: disable=exec-used
except Exception as e:
logger.error('Error executing script: {}'.format(e))
logger.exception()
# Convert "X.X.X.X/X" to ipaddress.IPv4Network
def strToNoIPV4Network(net: typing.Optional[str]) -> typing.Optional[ipaddress.IPv4Network]:
if not net: # Empty or None
return None
try:
return ipaddress.IPv4Interface(net).network
except Exception:
return None
def validNetworkCards(
net: typing.Optional[str], cards: typing.Iterable['InterfaceInfoType']
) -> typing.List['InterfaceInfoType']:
try:
subnet = strToNoIPV4Network(net)
except Exception as e:
subnet = None
if subnet is None:
return list(cards)
def isValid(ip: str, subnet: ipaddress.IPv4Network) -> bool:
if not ip:
return False
try:
return ipaddress.IPv4Address(ip) in subnet
except Exception:
return False
return [c for c in cards if isValid(c.ip, subnet)]

68
actor/src/udsactor/types.py Normal file
View File

@@ -0,0 +1,68 @@
import typing
MANAGED = 'managed'
UNMANAGED = 'unmanaged'
class InterfaceInfoType(typing.NamedTuple):
name: str
mac: str
ip: str
class AuthenticatorType(typing.NamedTuple):
authId: str
authSmallName: str
auth: str
type: str
priority: int
isCustom: bool
class ActorOsConfigurationType(typing.NamedTuple):
action: str
name: str
username: typing.Optional[str] = None
password: typing.Optional[str] = None
new_password: typing.Optional[str] = None
ad: typing.Optional[str] = None
ou: typing.Optional[str] = None
class ActorDataConfigurationType(typing.NamedTuple):
unique_id: typing.Optional[str] = None
os: typing.Optional[ActorOsConfigurationType] = None
class ActorConfigurationType(typing.NamedTuple):
host: str
validateCertificate: bool
actorType: typing.Optional[str] = None
master_token: typing.Optional[str] = None
own_token: typing.Optional[str] = None
restrict_net: typing.Optional[str] = None
pre_command: typing.Optional[str] = None
runonce_command: typing.Optional[str] = None
post_command: typing.Optional[str] = None
log_level: int = 2
config: typing.Optional[ActorDataConfigurationType] = None
data: typing.Optional[typing.Dict[str, typing.Any]] = None
class InitializationResultType(typing.NamedTuple):
own_token: typing.Optional[str] = None
unique_id: typing.Optional[str] = None
os: typing.Optional[ActorOsConfigurationType] = None
class LoginResultInfoType(typing.NamedTuple):
ip: str
hostname: str
dead_line: typing.Optional[int]
max_idle: typing.Optional[int] # Not provided by broker
@property
def logged_in(self) -> bool:
return self.hostname != '' or self.ip != ''
class CertificateInfoType(typing.NamedTuple):
private_key: str
server_certificate: str
password: str

1
actor/src/udsactor/version.py Normal file
View File

@@ -0,0 +1 @@
VERSION = '3.5.0'

12
server/tests/REST/actor/__init__.py → actor/src/udsactor/windows/__init__.py
View File

@@ -1,7 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2022 Virtual Cable S.L.U.
# Copyright (c) 2014-2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -12,7 +11,7 @@
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L.U. nor the names of its contributors
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
@@ -26,6 +25,7 @@
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
"""
Author: Adolfo Gómez, dkmaster at dkmon dot com
"""
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''

83
actor/src/udsactor/windows/log.py Normal file
View File

@@ -0,0 +1,83 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2014 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=invalid-name
import logging
import os
import tempfile
import typing
import servicemanager
# Valid logging levels, from UDS Broker (uds.core.utils.log).
from .. import loglevel
class LocalLogger: # pylint: disable=too-few-public-methods
linux = False
windows = True
serviceLogger = False
logger: typing.Optional[logging.Logger]
def __init__(self):
# tempdir is different for "user application" and "service"
# service wil get c:\windows\temp, while user will get c:\users\XXX\temp
try:
logging.basicConfig(
filename=os.path.join(tempfile.gettempdir(), 'udsactor.log'),
filemode='a',
format='%(levelname)s %(asctime)s %(message)s',
level=logging.DEBUG
)
except Exception:
logging.basicConfig() # basic init
self.logger = logging.getLogger('udsactor')
self.serviceLogger = False
def log(self, level: int, message: str) -> None:
# Debug messages are logged to a file
# our loglevels are 0 (other), 10000 (debug), ....
# logging levels are 10 (debug), 20 (info)
# OTHER = logging.NOTSET
if self.logger:
self.logger.log(int(level / 1000), message)
if level < loglevel.ERROR or self.serviceLogger is False: # Only information and above will be on event log
return
# In fact, we have restricted level in windows event log to ERROR or FATAL
# but left the code for just a case in the future...
if level < loglevel.WARN: # Info
servicemanager.LogInfoMsg(message)
elif level < loglevel.ERROR: # WARN
servicemanager.LogWarningMsg(message)
else: # Error & Fatal
servicemanager.LogErrorMsg(message)

251
actor/src/udsactor/windows/operations.py Normal file
View File

@@ -0,0 +1,251 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2014-2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=invalid-name
import os
import subprocess
import ctypes
from ctypes.wintypes import DWORD, LPCWSTR
import typing
import win32com.client
from win32com.shell import shell # pylint: disable=no-name-in-module,import-error
import win32net
import win32security
import win32api
import win32con
from .. import types
from ..log import logger
def checkPermissions() -> bool:
return shell.IsUserAnAdmin()
def getErrorMessage(resultCode: int = 0) -> str:
# sys_fs_enc = sys.getfilesystemencoding() or 'mbcs'
msg = win32api.FormatMessage(resultCode)
return msg
def getComputerName() -> str:
return win32api.GetComputerNameEx(win32con.ComputerNamePhysicalDnsHostname)
def getNetworkInfo() -> typing.Iterator[types.InterfaceInfoType]:
obj = win32com.client.Dispatch("WbemScripting.SWbemLocator")
wmobj = obj.ConnectServer("localhost", "root\\cimv2")
adapters = wmobj.ExecQuery("Select * from Win32_NetworkAdapterConfiguration where IpEnabled=True")
try:
for obj in adapters:
for ip in obj.IPAddress:
if ':' in ip: # Is IPV6, skip this
continue
if ip is None or ip == '' or ip.startswith('169.254') or ip.startswith('0.'): # If single link ip, or no ip
continue
yield types.InterfaceInfoType(name=obj.Caption, mac=obj.MACAddress, ip=ip)
except Exception:
return
def getDomainName() -> str:
'''
Will return the domain name if we belong a domain, else None
(if part of a network group, will also return None)
'''
# Status:
# 0 = Unknown
# 1 = Unjoined
# 2 = Workgroup
# 3 = Domain
domain, status = win32net.NetGetJoinInformation()
if status != 3:
domain = None
return domain
def getWindowsVersion() -> typing.Tuple[int, int, int, int, str]:
return win32api.GetVersionEx()
EWX_LOGOFF = 0x00000000
EWX_SHUTDOWN = 0x00000001
EWX_REBOOT = 0x00000002
EWX_FORCE = 0x00000004
EWX_POWEROFF = 0x00000008
EWX_FORCEIFHUNG = 0x00000010
def reboot(flags: int = EWX_FORCEIFHUNG | EWX_REBOOT) -> None:
hproc = win32api.GetCurrentProcess()
htok = win32security.OpenProcessToken(hproc, win32security.TOKEN_ADJUST_PRIVILEGES | win32security.TOKEN_QUERY)
privs = ((win32security.LookupPrivilegeValue(None, win32security.SE_SHUTDOWN_NAME), win32security.SE_PRIVILEGE_ENABLED),)
win32security.AdjustTokenPrivileges(htok, 0, privs)
win32api.ExitWindowsEx(flags, 0)
def loggoff() -> None:
win32api.ExitWindowsEx(EWX_LOGOFF)
def renameComputer(newName: str) -> bool:
'''
Changes the computer name
Returns True if reboot needed
'''
# Needs admin privileges to work
if ctypes.windll.kernel32.SetComputerNameExW(DWORD(win32con.ComputerNamePhysicalDnsHostname), LPCWSTR(newName)) == 0: # @UndefinedVariable
# win32api.FormatMessage -> returns error string
# win32api.GetLastError -> returns error code
# (just put this comment here to remember to log this when logger is available)
error = getErrorMessage()
computerName = win32api.GetComputerNameEx(win32con.ComputerNamePhysicalDnsHostname)
raise Exception('Error renaming computer from {} to {}: {}'.format(computerName, newName, error))
return True
NETSETUP_JOIN_DOMAIN = 0x00000001
NETSETUP_ACCT_CREATE = 0x00000002
NETSETUP_ACCT_DELETE = 0x00000004
NETSETUP_WIN9X_UPGRADE = 0x00000010
NETSETUP_DOMAIN_JOIN_IF_JOINED = 0x00000020
NETSETUP_JOIN_UNSECURE = 0x00000040
NETSETUP_MACHINE_PWD_PASSED = 0x00000080
NETSETUP_JOIN_WITH_NEW_NAME = 0x00000400
NETSETUP_DEFER_SPN_SET = 0x1000000
def joinDomain(domain: str, ou: str, account: str, password: str, executeInOneStep: bool = False) -> None:
'''
Joins machine to a windows domain
:param domain: Domain to join to
:param ou: Ou that will hold machine
:param account: Account used to join domain
:param password: Password of account used to join domain
:param executeInOneStep: If true, means that this machine has been renamed and wants to add NETSETUP_JOIN_WITH_NEW_NAME to request so we can do rename/join in one step.
'''
# If account do not have domain, include it
if '@' not in account and '\\' not in account:
if '.' in domain:
account = account + '@' + domain
else:
account = domain + '\\' + account
# Do log
flags: typing.Any = NETSETUP_ACCT_CREATE | NETSETUP_DOMAIN_JOIN_IF_JOINED | NETSETUP_JOIN_DOMAIN
if executeInOneStep:
flags |= NETSETUP_JOIN_WITH_NEW_NAME
flags = DWORD(flags)
lpDomain = LPCWSTR(domain)
# Must be in format "ou=.., ..., dc=...,"
lpOu = LPCWSTR(ou) if ou is not None and ou != '' else None
lpAccount = LPCWSTR(account)
lpPassword = LPCWSTR(password)
res = ctypes.windll.netapi32.NetJoinDomain(None, lpDomain, lpOu, lpAccount, lpPassword, flags)
# Machine found in another ou, use it and warn this on log
if res == 2224:
flags = DWORD(NETSETUP_DOMAIN_JOIN_IF_JOINED | NETSETUP_JOIN_DOMAIN)
res = ctypes.windll.netapi32.NetJoinDomain(None, lpDomain, None, lpAccount, lpPassword, flags)
if res:
# Log the error
error = getErrorMessage(res)
if res == 1355:
error = "DC Is not reachable"
logger.error('Error joining domain: {}, {}'.format(error, res))
raise Exception('Error joining domain {}, with credentials {}/*****{}: {}, {}'.format(domain, account, ', under OU {}'.format(ou) if ou is not None else '', res, error))
def changeUserPassword(user: str, oldPassword: str, newPassword: str) -> None:
# lpUser = LPCWSTR(user)
# lpOldPassword = LPCWSTR(oldPassword)
# lpNewPassword = LPCWSTR(newPassword)
# res = ctypes.windll.netapi32.NetUserChangePassword(None, lpUser, lpOldPassword, lpNewPassword)
# Try to set new password "a las bravas", ignoring old one. This will not work with domain users
res = win32net.NetUserSetInfo(None, user, 1003, {'password': newPassword})
if res:
# Log the error, and raise exception to parent
error = getErrorMessage(res)
raise Exception('Error changing password for user {}: {} {}'.format(user, res, error))
class LASTINPUTINFO(ctypes.Structure): # pylint: disable=too-few-public-methods
_fields_ = [
('cbSize', ctypes.c_uint),
('dwTime', ctypes.c_uint),
]
def initIdleDuration(atLeastSeconds: int): # pylint: disable=unused-argument
'''
In windows, there is no need to set screensaver
'''
return
def getIdleDuration() -> float:
try:
lastInputInfo = LASTINPUTINFO()
lastInputInfo.cbSize = ctypes.sizeof(lastInputInfo) # pylint: disable=attribute-defined-outside-init
if ctypes.windll.user32.GetLastInputInfo(ctypes.byref(lastInputInfo)) == 0:
return 0
current = ctypes.c_uint(ctypes.windll.kernel32.GetTickCount()).value
if current < lastInputInfo.dwTime:
current += 4294967296 # If current has "rolled" to zero, adjust it so it is greater than lastInputInfo
millis = current - lastInputInfo.dwTime # @UndefinedVariable
return millis / 1000.0
except Exception as e:
logger.error('Getting idle duration: {}'.format(e))
return 0
def getCurrentUser() -> str:
'''
Returns current logged in username
'''
return os.environ['USERNAME']
def getSessionType() -> str:
'''
Known values:
* Unknown -> No SESSIONNAME environment variable
* Console -> Local session
* RDP-Tcp#[0-9]+ -> RDP Session
'''
return os.environ.get('SESSIONNAME', 'unknown')
def writeToPipe(pipeName: str, bytesPayload: bytes, waitForResponse: bool) -> typing.Optional[bytes]:
# (str, bytes, bool) -> Optional[bytes]
try:
with open(pipeName, 'r+b', 0) as f:
f.write(bytesPayload)
# f.seek(0) # As recommended on intenet, but seems to work fin without thos
if waitForResponse:
return f.read()
return b'ok'
except Exception:
return None
def forceTimeSync() -> None:
try:
subprocess.call([r'c:\WINDOWS\System32\w32tm.exe', ' /resync']) # , '/rediscover'])
except Exception as e:
logger.error('Error invoking time sync command: %s', e)

77
actor/src/udsactor/windows/runner.py Normal file
View File

@@ -0,0 +1,77 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2019 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=invalid-name
import sys
import win32service
import win32serviceutil
import servicemanager
import win32timezone # pylint: disable=unused-import
from .service import UDSActorSvc
def setupRecoverService():
svc_name = UDSActorSvc._svc_name_ # pylint: disable=protected-access
hs = None
hscm = None
try:
hscm = win32service.OpenSCManager(None, None, win32service.SC_MANAGER_ALL_ACCESS)
try:
hs = win32serviceutil.SmartOpenService(hscm, svc_name, win32service.SERVICE_ALL_ACCESS)
service_failure_actions = {
'ResetPeriod': 864000, # Time in ms after which to reset the failure count to zero.
'RebootMsg': u'', # Not using reboot option
'Command': u'', # Not using run-command option
'Actions': [
(win32service.SC_ACTION_RESTART, 5000), # action, delay in ms
(win32service.SC_ACTION_RESTART, 5000)
]
}
win32service.ChangeServiceConfig2(hs, win32service.SERVICE_CONFIG_FAILURE_ACTIONS, service_failure_actions)
finally:
if hs:
win32service.CloseServiceHandle(hs)
finally:
if hscm:
win32service.CloseServiceHandle(hscm)
def run() -> None:
if len(sys.argv) == 1:
servicemanager.Initialize()
servicemanager.PrepareToHostSingle(UDSActorSvc)
servicemanager.StartServiceCtrlDispatcher()
elif sys.argv[1] == '--setup-recovery':
setupRecoverService()
else:
win32serviceutil.HandleCommandLine(UDSActorSvc)

276
actor/src/udsactor/windows/service.py Normal file
View File

@@ -0,0 +1,276 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2014 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=invalid-name
import struct
import typing
import win32serviceutil
import win32service
import win32security
import win32net
import win32event
import pythoncom
import servicemanager
import winreg as wreg
from . import operations
from . import store
from ..service import CommonService
from ..log import logger
REMOTE_USERS_SID = 'S-1-5-32-555' # Well nown sid for remote desktop users
class UDSActorSvc(win32serviceutil.ServiceFramework, CommonService):
'''
This class represents a Windows Service for managing actor interactions
with UDS Broker and Machine
'''
# ServiceeFramework related
_svc_name_ = "UDSActorNG"
_svc_display_name_ = "UDS Actor Service"
_svc_description_ = "UDS Actor Management Service"
_svc_deps_ = ['EventLog']
_user: typing.Optional[str]
_hWaitStop: typing.Any
def __init__(self, args):
win32serviceutil.ServiceFramework.__init__(self, args)
CommonService.__init__(self)
self._hWaitStop = win32event.CreateEvent(None, 1, 0, None)
self._user = None
def SvcStop(self) -> None:
self.ReportServiceStatus(win32service.SERVICE_STOP_PENDING)
self._isAlive = False
win32event.SetEvent(self._hWaitStop)
SvcShutdown = SvcStop
def notifyStop(self) -> None:
servicemanager.LogMsg(servicemanager.EVENTLOG_INFORMATION_TYPE, servicemanager.PYS_SERVICE_STOPPED, (self._svc_name_, ''))
super().notifyStop()
def doWait(self, miliseconds: int) -> None:
win32event.WaitForSingleObject(self._hWaitStop, miliseconds)
# On windows, and while on tasks, ensure that our app processes waiting messages on "wait times"
pythoncom.PumpWaitingMessages() # pylint: disable=no-member
def oneStepJoin(self, name: str, domain: str, ou: str, account: str, password: str) -> None: # pylint: disable=too-many-arguments
'''
Ejecutes the join domain in exactly one step
'''
currName = operations.getComputerName()
# If name is desired, simply execute multiStepJoin, because computer
# name will not change
if currName.lower() == name.lower():
self.multiStepJoin(name, domain, ou, account, password)
return
operations.renameComputer(name)
logger.debug('Computer renamed to {} without reboot'.format(name))
operations.joinDomain(domain, ou, account, password, executeInOneStep=True)
logger.debug('Requested join domain {} without errors'.format(domain))
self.reboot()
def multiStepJoin(self, name: str, domain: str, ou: str, account: str, password: str) -> None: # pylint: disable=too-many-arguments
currName = operations.getComputerName()
if currName.lower() == name.lower():
currDomain = operations.getDomainName()
if currDomain:
# logger.debug('Name: "{}" vs "{}", Domain: "{}" vs "{}"'.format(currName.lower(), name.lower(), currDomain.lower(), domain.lower()))
logger.debug('Machine {} is part of domain {}'.format(name, domain))
self.setReady()
else:
operations.joinDomain(domain, ou, account, password, executeInOneStep=False)
self.reboot()
else:
operations.renameComputer(name)
logger.info('Rebooting computer for activating new name {}'.format(name))
self.reboot()
def joinDomain( # pylint: disable=unused-argument, too-many-arguments
self,
name: str,
domain: str,
ou: str,
account: str,
password: str
) -> None:
versionData = operations.getWindowsVersion()
versionInt = versionData[0] * 10 + versionData[1]
logger.debug('Starting joining domain {} with name {} (detected operating version: {})'.format(domain, name, versionData))
# Accepts one step joinDomain, also remember XP is no more supported by
# microsoft, but this also must works with it because will do a "multi
# step" join
if versionInt >= 60 and not store.useOldJoinSystem():
self.oneStepJoin(name, domain, ou, account, password)
else:
logger.info('Using multiple step join because configuration requests to do so')
self.multiStepJoin(name, domain, ou, account, password)
def preConnect(self, userName: str, protocol: str, ip: str, hostname: str, udsUserName: str) -> str:
logger.debug('Pre connect invoked')
if protocol == 'rdp': # If connection is not using rdp, skip adding user
# Well known SSID for Remote Desktop Users
groupName = win32security.LookupAccountSid(None, win32security.GetBinarySid(REMOTE_USERS_SID))[0]
useraAlreadyInGroup = False
resumeHandle = 0
while True:
users, _, resumeHandle = win32net.NetLocalGroupGetMembers(None, groupName, 1, resumeHandle, 32768)
if userName.lower() in [u['name'].lower() for u in users]:
useraAlreadyInGroup = True
break
if resumeHandle == 0:
break
if not useraAlreadyInGroup:
logger.debug('User not in group, adding it')
self._user = userName
try:
userSSID = win32security.LookupAccountName(None, userName)[0]
win32net.NetLocalGroupAddMembers(None, groupName, 0, [{'sid': userSSID}])
except Exception as e:
logger.error('Exception adding user to Remote Desktop Users: {}'.format(e))
else:
self._user = None
logger.debug('User {} already in group'.format(userName))
return super().preConnect(userName, protocol, ip, hostname, udsUserName)
def ovLogon(self, username: str, password: str) -> str:
"""
Logon on oVirt agent
currently not used.
"""
# Compose packet for ov
usernameBytes = username.encode()
passwordBytes = password.encode()
packet = struct.pack('!I', len(usernameBytes)) + usernameBytes + struct.pack('!I', len(passwordBytes)) + passwordBytes
# Send packet with username/password to ov pipe
operations.writeToPipe("\\\\.\\pipe\\VDSMDPipe", packet, True)
return 'done'
def onLogout(self, userName) -> None:
logger.debug('Windows onLogout invoked: {}, {}'.format(userName, self._user))
try:
p = win32security.GetBinarySid(REMOTE_USERS_SID)
groupName = win32security.LookupAccountSid(None, p)[0]
except Exception:
logger.error('Exception getting Windows Group')
return
if self._user:
try:
win32net.NetLocalGroupDelMembers(None, groupName, [self._user])
except Exception as e:
logger.error('Exception removing user from Remote Desktop Users: {}'.format(e))
def isInstallationRunning(self):
'''
Detect if windows is installing anything, so we can delay the execution of Service
'''
try:
key = wreg.OpenKey(wreg.HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State')
data, _ = wreg.QueryValueEx(key, 'ImageState')
logger.debug('State: %s', data)
return data != 'IMAGE_STATE_COMPLETE' # If ImageState is different of ImageStateComplete, there is something running on installation
except Exception: # If not found, means that no installation is running
return False
def SvcDoRun(self) -> None: # pylint: disable=too-many-statements, too-many-branches
'''
Main service loop
'''
servicemanager.LogMsg(servicemanager.EVENTLOG_INFORMATION_TYPE, servicemanager.PYS_SERVICE_STARTED, (self._svc_name_, ''))
# call the CoInitialize to allow the registration to run in an other
# thread
logger.debug('Initializing coms')
pythoncom.CoInitialize() # pylint: disable=no-member
# Check if some install is running on windows before proceeding
while self._isAlive:
if self.isInstallationRunning():
win32event.WaitForSingleObject(self._hWaitStop, 1000) # Wait a bit, and check again
continue
break
if not self._isAlive: # Has been stopped while waiting windows installations
self.finish()
return
# Unmanaged services does not initializes "on start", but rather when user logs in (because userservice does not exists "as such" before that)
if self.isManaged():
if not self.initialize():
logger.info('Service stopped due to init')
self.finish()
win32event.WaitForSingleObject(self._hWaitStop, 5000)
return # Stop daemon if initializes told to do so
# Initialization is done, set machine to ready for UDS, communicate urls, etc...
self.setReady()
else:
if not self.initializeUnmanaged():
self.finish()
return
# Start listening for petitions
self.startHttpServer()
# *********************
# * Main Service loop *
# *********************
# Counter used to check ip changes only once every 10 seconds
counter = 0
while self._isAlive:
counter += 1
try:
pythoncom.PumpWaitingMessages() # pylint: disable=no-member
if counter % 5 == 0: # Once every 5 seconds
self.loop()
except Exception as e:
logger.error('Got exception on main loop: %s', e)
# Continue after a while...
# In milliseconds, will break if event hWaitStop is set
win32event.WaitForSingleObject(self._hWaitStop, 1000)
logger.debug('Exited main loop')
self.finish()

109
actor/src/udsactor/windows/store.py Normal file
View File

@@ -0,0 +1,109 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2014 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=invalid-name
import pickle
import winreg as wreg
import win32security
from .. import types
PATH = 'Software\\UDSActor'
BASEKEY = wreg.HKEY_LOCAL_MACHINE
def fixRegistryPermissions(handle) -> None:
# Fix permissions so users can't read this key
v = win32security.GetSecurityInfo(handle, win32security.SE_REGISTRY_KEY, win32security.DACL_SECURITY_INFORMATION)
dacl = v.GetSecurityDescriptorDacl()
n = 0
# Remove all normal users access permissions to the registry key
while n < dacl.GetAceCount():
if str(dacl.GetAce(n)[2]) == 'PySID:S-1-5-32-545': # Whell known Users SID
dacl.DeleteAce(n)
else:
n += 1
win32security.SetSecurityInfo(
handle,
win32security.SE_REGISTRY_KEY,
win32security.DACL_SECURITY_INFORMATION | win32security.PROTECTED_DACL_SECURITY_INFORMATION,
None,
None,
dacl,
None
)
def readConfig() -> types.ActorConfigurationType:
try:
key = wreg.OpenKey(BASEKEY, PATH, 0, wreg.KEY_QUERY_VALUE)
data, _ = wreg.QueryValueEx(key, '')
wreg.CloseKey(key)
return pickle.loads(data)
except Exception:
return types.ActorConfigurationType('', False)
def writeConfig(config: types.ActorConfigurationType) -> None:
try:
key = wreg.OpenKey(BASEKEY, PATH, 0, wreg.KEY_ALL_ACCESS)
except Exception:
key = wreg.CreateKeyEx(BASEKEY, PATH, 0, wreg.KEY_ALL_ACCESS)
fixRegistryPermissions(key.handle) # type: ignore
wreg.SetValueEx(key, "", 0, wreg.REG_BINARY, pickle.dumps(config)) # type: ignore
wreg.CloseKey(key)
def useOldJoinSystem() -> bool:
try:
key = wreg.OpenKey(BASEKEY, PATH, 0, wreg.KEY_QUERY_VALUE)
try:
data, _ = wreg.QueryValueEx(key, 'join')
except Exception:
data = ''
wreg.CloseKey(key)
except Exception:
data = ''
return data == 'old'
def invokeScriptOnLogin() -> str:
try:
key = wreg.OpenKey(BASEKEY, PATH, 0, wreg.KEY_QUERY_VALUE)
try:
data, _ = wreg.QueryValueEx(key, 'logonScript')
except Exception:
data = ''
wreg.CloseKey(key)
except Exception:
data = ''
return data

Some files were not shown because too many files have changed in this diff Show More