Added a couple of tests on using certificates with ldap (due to gnu-tls or openssl possible usage)

Removed password of configuration being sent to Admin Interface when editing config (not a real problem, but it is not used anyway
Updated default settings

.gitignore

@@ -32,9 +32,6 @@
 /client/administration/installer/UDSAdminInstaller/MSChart.exe
 /client/administration/installer/UDSAdminInstaller/UDSAdminSetup.exe
 
-# /guacamole-tunnel/
-/guacamole-tunnel/target
-
 # /linuxActor/
 /linuxActor/udsactor_*
 

README.md

@@ -12,5 +12,4 @@ This is an Open Source Source project, initiated by Spanish Company ​Virtualca
 
 Any help provided will be welcome.
 
-**Note: Master version is always under heavy development and it is not recommended for use, it will probably have unfixed bugs.
-      For use, please use the latest stable branch.**
+**Note: Master version is always under heavy development and it is not recommended for use, it will probably have unfixed bugs.  Please use the latest stable branch.**

VERSION

@@ -1 +1 @@
-3.0.0
+3.6.0

actor/.env

@@ -0,0 +1,2 @@
+PYTHONPATH=./src:${PYTHONPATH}
+

actor/deps.txt

@@ -1,4 +0,0 @@
-Linux:
-python3-prctl (recommended, but not required in fact)
-python3-pyqt5
-

actor/linux/build-packages.sh

@@ -11,6 +11,9 @@ dpkg-buildpackage -b
 cat udsactor-template.spec | 
   sed -e s/"version 0.0.0"/"version ${VERSION}"/g |
   sed -e s/"release 1"/"release ${RELEASE}"/g > udsactor-$VERSION.spec
+cat udsactor-unmanaged-template.spec | 
+  sed -e s/"version 0.0.0"/"version ${VERSION}"/g |
+  sed -e s/"release 1"/"release ${RELEASE}"/g > udsactor-unmanaged-$VERSION.spec
   
 # Now fix dependencies for opensuse
 # Note that, although on opensuse the library is "libXss1" on newer,
@@ -22,7 +25,7 @@ cat udsactor-template.spec |
 #   sed -e s/"libXScrnSaver"/"libXss1"/g > udsactor-opensuse-$VERSION.spec
 
 #for pkg in udsactor-$VERSION.spec udsactor-opensuse-$VERSION.spec; do
-for pkg in udsactor-$VERSION.spec; do
+for pkg in udsactor-*$VERSION.spec; do
     
     rm -rf rpm
     for folder in SOURCES BUILD RPMS SPECS SRPMS; do

actor/linux/debian/changelog

@@ -1,3 +1,15 @@
+udsactor (3.6.0) stable; urgency=medium
+
+  * Upgraded to 3.6.0 release
+
+ -- Adolfo Gómez García <agomez@virtualcable.es>  Fri, 1 Jul 2022 14:00:00 +0200
+
+udsactor (3.5.0) stable; urgency=medium
+
+  * Upgraded to 3.5.0 release
+
+ -- Adolfo Gómez García <agomez@virtualcable.es>  Fri, 23 Oct 2020 8:00:00 +0200
+
 udsactor (3.0.0) stable; urgency=medium
 
   * Upgraded to 3.0.0 release

actor/linux/debian/control

@@ -10,7 +10,7 @@ Package: udsactor
 Section: admin
 Priority: optional
 Architecture: all
-Depends: policykit-1(>=0.100), python3-requests (>=0.8.2), python3-pyqt5 (>=4.9), python3-six(>=1.1), python3 (>=3.4), libxss1, xscreensaver, ${misc:Depends}
+Depends: policykit-1(>=0.100), python3-requests (>=0.8.2), python3-pyqt5 (>=4.9), python3-six(>=1.1), python3 (>=3.6), libxss1, xscreensaver, ${misc:Depends}
 Recommends: python3-prctl(>=1.1.1)
 Description: Actor for Universal Desktop Services (UDS) Broker
  This package provides the required components to allow managed machines to work on an environment managed by UDS Broker.
@@ -19,7 +19,7 @@ Package: udsactor-unmanaged
 Section: admin
 Priority: optional
 Architecture: all
-Depends: policykit-1(>=0.100), python3-requests (>=0.8.2), python3-pyqt5 (>=4.9), python3-six(>=1.1), python3 (>=3.4), libxss1, xscreensaver, ${misc:Depends}
+Depends: policykit-1(>=0.100), python3-requests (>=0.8.2), python3-pyqt5 (>=4.9), python3-six(>=1.1), python3 (>=3.6), libxss1, xscreensaver, ${misc:Depends}
 Recommends: python3-prctl(>=1.1.1)
 Description: Actor for Universal Desktop Services (UDS) Broker Static Unmanaged machines
  This package provides the required components to allow unmanaged machines (static, independent machines) to work on an environment managed by UDS Broker.

actor/linux/debian/files

@@ -1,3 +1,3 @@
-udsactor-unmanaged_3.0.0_all.deb admin optional
-udsactor_3.0.0_all.deb admin optional
-udsactor_3.0.0_amd64.buildinfo admin optional
+udsactor-unmanaged_3.6.0_all.deb admin optional
+udsactor_3.6.0_all.deb admin optional
+udsactor_3.6.0_amd64.buildinfo admin optional

actor/linux/scripts/UDSActorConfig

@@ -3,4 +3,4 @@
 FOLDER=/usr/share/UDSActor
 
 cd $FOLDER
-exec python3 actor_config.py $@
+exec python3 actor_config.py -platform xcb $@

actor/linux/scripts/UDSActorConfig-unmanaged

@@ -3,4 +3,4 @@
 FOLDER=/usr/share/UDSActor
 
 cd $FOLDER
-exec python3 actor_config_unmanaged.py $@
+exec python3 actor_config_unmanaged.py -platform xcb $@

actor/linux/scripts/UDSActorTool

@@ -3,4 +3,4 @@
 FOLDER=/usr/share/UDSActor
 
 cd $FOLDER
-exec python3 actor_client.py $@
+exec python3 -s actor_client.py -platform xcb $@

actor/linux/udsactor-template.spec

@@ -11,7 +11,7 @@ Release: %{release}
 Summary: Actor for Universal Desktop Services (UDS) Broker
 License: BSD3
 Group: Admin
-Requires: python3-six python3-requests python3-qt5 libXScrnSaver
+Requires: python3-six python3-requests python3-qt5 libXScrnSaver xset
 Vendor: Virtual Cable S.L.U.
 URL: http://www.udsenterprise.com
 Provides: udsactor

actor/linux/udsactor-unmanaged-template.spec

@@ -0,0 +1,70 @@
+%define _topdir %(echo $PWD)/rpm
+%define name udsactor-unmanaged
+%define version 0.0.0
+%define release 1
+%define buildroot %{_topdir}/%{name}-%{version}-%{release}-root
+
+BuildRoot: %{buildroot} 
+Name: %{name}
+Version: %{version}
+Release: %{release}
+Summary: Actor for Universal Desktop Services (UDS) Broker
+License: BSD3
+Group: Admin
+Requires: python3-six python3-requests python3-qt5 libXScrnSaver
+Vendor: Virtual Cable S.L.U.
+URL: http://www.udsenterprise.com
+Provides: udsactor
+
+%define _rpmdir ../
+%define _rpmfilename %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm
+
+
+%install
+curdir=`pwd`
+cd ../..
+make DESTDIR=$RPM_BUILD_ROOT DISTRO=rh install-udsactor-unmanaged
+cd $curdir
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+curdir=`pwd`
+cd ../..
+make DESTDIR=$RPM_BUILD_ROOT DISTRO=rh clean
+cd $curdir
+
+
+%post
+systemctl enable udsactor.service > /dev/null 2>&1
+
+%preun
+systemctl disable udsactor.service > /dev/null 2>&1
+systemctl stop udsactor.service > /dev/null 2>&1
+
+%postun
+# $1 == 0 on uninstall, == 1 on upgrade for preun and postun (just a reminder for me... :) )
+if [ $1 -eq 0 ]; then
+    rm -rf /etc/udsactor
+    rm /var/log/udsactor.log
+fi
+# And, posibly, the .pyc leaved behind on /usr/share/UDSActor
+rm -rf /usr/share/UDSActor > /dev/null 2>&1
+
+%description
+This package provides the required components to allow this unmanaged machine to work on an environment managed by UDS Broker.
+
+%files
+%defattr(-,root,root)
+/etc/udsactor
+/etc/xdg/autostart/UDSActorTool.desktop
+/etc/systemd/system/udsactor.service
+/usr/bin/UDSActorTool-startup
+/usr/bin/udsactor
+/usr/bin/udsvapp
+/usr/bin/UDSActorTool
+/usr/sbin/UDSActorConfig
+/usr/sbin/UDSActorConfig-pkexec
+/usr/share/UDSActor/*
+/usr/share/applications/UDS_Actor_Configuration.desktop
+/usr/share/autostart/UDSActorTool.desktop
+/usr/share/polkit-1/actions/org.openuds.pkexec.UDSActorConfig.policy

actor/src/actor_client.py

@@ -67,9 +67,9 @@ if __name__ == "__main__":
     # Note: Signals are only checked on python code execution, so we create a timer to force call back to python
     timer = QTimer(qApp)
     timer.start(1000)
-    timer.timeout.connect(lambda *a: None)
+    timer.timeout.connect(lambda *a: None)  # type: ignore  # timeout can be connected to a callable
 
-    qApp.exec_()
+    qApp.exec()
 
     # On windows, if no window is created, this point will never be reached.
     qApp.end()

actor/src/actor_config.py

@@ -187,9 +187,9 @@ if __name__ == "__main__":
     app = QApplication(sys.argv)
 
     if udsactor.platform.operations.checkPermissions() is False:
-        QMessageBox.critical(None, 'UDS Actor', 'This Program must be executed as administrator', QMessageBox.Ok)
+        QMessageBox.critical(None, 'UDS Actor', 'This Program must be executed as administrator', QMessageBox.Ok)  # type: ignore
         sys.exit(1)
 
     myapp = UDSConfigDialog()
     myapp.show()
-    sys.exit(app.exec_())
+    sys.exit(app.exec())

actor/src/actor_config_unmanaged.py

@@ -40,6 +40,7 @@ import PyQt5  # pylint: disable=unused-import
 from PyQt5.QtWidgets import QApplication, QDialog, QMessageBox
 
 import udsactor
+import udsactor.tools
 
 from ui.setup_dialog_unmanaged_ui import Ui_UdsActorSetupDialog
 
@@ -49,6 +50,7 @@ if typing.TYPE_CHECKING:
 
 logger = logging.getLogger('actor')
 
+
 class UDSConfigDialog(QDialog):
     _host: str = ''
     _config: udsactor.types.ActorConfigurationType
@@ -60,65 +62,99 @@ class UDSConfigDialog(QDialog):
         self.ui = Ui_UdsActorSetupDialog()
         self.ui.setupUi(self)
         self.ui.host.setText(self._config.host)
-        self.ui.validateCertificate.setCurrentIndex(1 if self._config.validateCertificate else 0)
+        self.ui.validateCertificate.setCurrentIndex(
+            1 if self._config.validateCertificate else 0
+        )
         self.ui.logLevelComboBox.setCurrentIndex(self._config.log_level)
-        self.ui.serviceToken.setText(self._config.master_token)
+        self.ui.serviceToken.setText(self._config.master_token or '')
+        self.ui.restrictNet.setText(self._config.restrict_net or '')
 
-        self.ui.testButton.setEnabled(bool(self._config.master_token and self._config.host))
+        self.ui.testButton.setEnabled(
+            bool(self._config.master_token and self._config.host)
+        )
 
     @property
     def api(self) -> udsactor.rest.UDSServerApi:
-        return udsactor.rest.UDSServerApi(self.ui.host.text(), self.ui.validateCertificate.currentIndex() == 1)
+        return udsactor.rest.UDSServerApi(
+            self.ui.host.text(), self.ui.validateCertificate.currentIndex() == 1
+        )
 
     def finish(self) -> None:
         self.close()
 
     def configChanged(self, text: str) -> None:
-        self.ui.testButton.setEnabled(self.ui.host.text() == self._config.host and self.ui.serviceToken.text() == self._config.master_token)
+        self.ui.testButton.setEnabled(
+            self.ui.host.text() == self._config.host
+            and self.ui.serviceToken.text() == self._config.master_token
+            and self.ui.restrictNet.text() == self._config.restrict_net
+        )
 
     def testUDSServer(self) -> None:
         if not self._config.master_token or not self._config.host:
             self.ui.testButton.setEnabled(False)
             return
         try:
-            api = udsactor.rest.UDSServerApi(self._config.host, self._config.validateCertificate)
+            api = udsactor.rest.UDSServerApi(
+                self._config.host, self._config.validateCertificate
+            )
             if not api.test(self._config.master_token, udsactor.types.UNMANAGED):
                 QMessageBox.information(
                     self,
                     'UDS Test',
                     'Service token seems to be invalid . Please, check token validity.',
-                    QMessageBox.Ok
+                    QMessageBox.Ok,
                 )
             else:
                 QMessageBox.information(
                     self,
                     'UDS Test',
-                    'Configuration for {} seems to be correct.'.format(self._config.host),
-                    QMessageBox.Ok
+                    'Configuration for {} seems to be correct.'.format(
+                        self._config.host
+                    ),
+                    QMessageBox.Ok,
                 )
         except Exception:
             QMessageBox.information(
                 self,
                 'UDS Test',
                 'Configured host {} seems to be inaccesible.'.format(self._config.host),
-                QMessageBox.Ok
+                QMessageBox.Ok,
             )
 
     def saveConfig(self) -> None:
+        # Ensure restrict_net is empty or a valid subnet
+        restrictNet = self.ui.restrictNet.text().strip()
+        if restrictNet:
+            try:
+                subnet = udsactor.tools.strToNoIPV4Network(restrictNet)
+                if not subnet:
+                    raise Exception('Invalid subnet')
+            except Exception:
+                QMessageBox.information(
+                    self,
+                    'Invalid subnet',
+                    'Invalid subnet {}. Please, check it.'.format(restrictNet),
+                    QMessageBox.Ok,
+                )
+                return
+
         # Store parameters on register for later use, notify user of registration
         self._config = udsactor.types.ActorConfigurationType(
             actorType=udsactor.types.UNMANAGED,
             host=self.ui.host.text(),
             validateCertificate=self.ui.validateCertificate.currentIndex() == 1,
-            master_token=self.ui.serviceToken.text(),
-            log_level=self.ui.logLevelComboBox.currentIndex()
+            master_token=self.ui.serviceToken.text().strip(),
+            restrict_net=restrictNet,
+            log_level=self.ui.logLevelComboBox.currentIndex(),
         )
 
         udsactor.platform.store.writeConfig(self._config)
         # Enables test button
         self.ui.testButton.setEnabled(True)
         # Informs the user
-        QMessageBox.information(self, 'UDS Configuration', 'Configuration saved.', QMessageBox.Ok)
+        QMessageBox.information(
+            self, 'UDS Configuration', 'Configuration saved.', QMessageBox.Ok
+        )
 
 
 if __name__ == "__main__":
@@ -127,9 +163,9 @@ if __name__ == "__main__":
         os.environ['QT_X11_NO_MITSHM'] = '1'
 
     app = QApplication(sys.argv)
-    
+
     if udsactor.platform.operations.checkPermissions() is False:
-        QMessageBox.critical(None, 'UDS Actor', 'This Program must be executed as administrator', QMessageBox.Ok)
+        QMessageBox.critical(None, 'UDS Actor', 'This Program must be executed as administrator', QMessageBox.Ok)  # type: ignore
         sys.exit(1)
 
     if len(sys.argv) > 2:
@@ -153,4 +189,4 @@ if __name__ == "__main__":
 
     myapp = UDSConfigDialog()
     myapp.show()
-    sys.exit(app.exec_())
+    sys.exit(app.exec())

actor/src/designer/setup-dialog-unmanaged.ui

@@ -10,8 +10,8 @@
    <rect>
     <x>0</x>
     <y>0</y>
-    <width>595</width>
-    <height>220</height>
+    <width>601</width>
+    <height>243</height>
    </rect>
   </property>
   <property name="sizePolicy">
@@ -55,7 +55,7 @@
    <property name="geometry">
     <rect>
      <x>10</x>
-     <y>180</y>
+     <y>210</y>
      <width>181</width>
      <height>23</height>
     </rect>
@@ -83,7 +83,7 @@
    <property name="geometry">
     <rect>
      <x>410</x>
-     <y>180</y>
+     <y>210</y>
      <width>171</width>
      <height>23</height>
     </rect>
@@ -117,7 +117,7 @@
    <property name="geometry">
     <rect>
      <x>210</x>
-     <y>180</y>
+     <y>210</y>
      <width>181</width>
      <height>23</height>
     </rect>
@@ -144,7 +144,7 @@
      <x>10</x>
      <y>10</y>
      <width>571</width>
-     <height>161</height>
+     <height>191</height>
     </rect>
    </property>
    <layout class="QFormLayout" name="formLayout">
@@ -214,21 +214,21 @@
     <item row="2" column="1">
      <widget class="QLineEdit" name="serviceToken">
       <property name="toolTip">
-       <string>UDS user with administration rights (Will not be stored on template)</string>
+       <string>UDS Service Token</string>
       </property>
       <property name="whatsThis">
-       <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Administrator user on UDS Server.&lt;/p&gt;&lt;p&gt;Note: This credential will not be stored on client. Will be used to obtain an unique token for this image.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
+       <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Token of the service on UDS platform&lt;/p&gt;&lt;p&gt;This token can be obtainend from the service configuration on UDS.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
       </property>
      </widget>
     </item>
-    <item row="3" column="0">
+    <item row="4" column="0">
      <widget class="QLabel" name="label_loglevel">
       <property name="text">
        <string>Log Level</string>
       </property>
      </widget>
     </item>
-    <item row="3" column="1">
+    <item row="4" column="1">
      <widget class="QComboBox" name="logLevelComboBox">
       <property name="currentIndex">
        <number>1</number>
@@ -258,6 +258,23 @@
       </item>
      </widget>
     </item>
+    <item row="3" column="0">
+     <widget class="QLabel" name="label_restrictNet">
+      <property name="text">
+       <string>Restrict Net</string>
+      </property>
+     </widget>
+    </item>
+    <item row="3" column="1">
+     <widget class="QLineEdit" name="restrictNet">
+      <property name="toolTip">
+       <string>Restrict valid detection of network interfaces to this network.</string>
+      </property>
+      <property name="whatsThis">
+       <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Restrics valid detection of network interfaces.&lt;/p&gt;&lt;p&gt;Note: Use this field only in case of several network interfaces, so UDS knows which one is the interface where the user will be connected..&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
+      </property>
+     </widget>
+    </item>
    </layout>
    <zorder>label_host</zorder>
    <zorder>host</zorder>
@@ -267,6 +284,8 @@
    <zorder>label_security</zorder>
    <zorder>label_loglevel</zorder>
    <zorder>logLevelComboBox</zorder>
+   <zorder>label_restrictNet</zorder>
+   <zorder>restrictNet</zorder>
   </widget>
  </widget>
  <resources>
@@ -353,6 +372,22 @@
     </hint>
    </hints>
   </connection>
+  <connection>
+   <sender>restrictNet</sender>
+   <signal>textChanged(QString)</signal>
+   <receiver>UdsActorSetupDialog</receiver>
+   <slot>configChanged()</slot>
+   <hints>
+    <hint type="sourcelabel">
+     <x>341</x>
+     <y>139</y>
+    </hint>
+    <hint type="destinationlabel">
+     <x>295</x>
+     <y>121</y>
+    </hint>
+   </hints>
+  </connection>
  </connections>
  <slots>
   <slot>finish()</slot>

actor/src/designer/setup-dialog.ui

@@ -224,6 +224,9 @@
         <property name="whatsThis">
          <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Select the security for communications with UDS Broker.&lt;/p&gt;&lt;p&gt;The recommended method of communication is &lt;span style=&quot; font-weight:600;&quot;&gt;Use SSL&lt;/span&gt;, but selection needs to be acording to your broker configuration.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
         </property>
+        <property name="currentIndex">
+         <number>1</number>
+        </property>
         <item>
          <property name="text">
           <string>Ignore certificate</string>

actor/src/udsactor/__init__.py

@@ -35,4 +35,4 @@ from . import platform
 __title__ = 'udsactor'
 __author__ = 'Adolfo Gómez <dkmaster@dkmon.com>'
 __license__ = "BSD 3-clause"
-__copyright__ = "Copyright 2014-2020 VirtualCable S.L.U."
+__copyright__ = "Copyright 2014-2022 VirtualCable S.L.U."

actor/src/udsactor/client.py

@@ -65,9 +65,9 @@ class UDSClientQApp(QApplication):
         self._initialized = False
 
         # This will be invoked on session close
-        self.commitDataRequest.connect(self.end)  # Will be invoked on session close, to gracely close app
+        self.commitDataRequest.connect(self.end)  # type: ignore  # Will be invoked on session close, to gracely close app
         # self.aboutToQuit.connect(self.end)
-        self.message.connect(self.showMessage)
+        self.message.connect(self.showMessage)  # type: ignore  # there are problems with Pylance and connects on PyQt5... :)
 
         # Execute backgroup thread for actions
         self._app = UDSActorClient(self)
@@ -94,7 +94,7 @@ class UDSClientQApp(QApplication):
         self._app.join()
 
     def showMessage(self, message: str) -> None:
-        QMessageBox.information(None, 'Message', message)
+        QMessageBox.information(None, 'Message', message)  # type: ignore
 
     def setMainWindow(self, mw: 'QMainWindow'):
         self._mainWindow = mw
@@ -108,6 +108,7 @@ class UDSActorClient(threading.Thread):  # pylint: disable=too-many-instance-att
     _listener: client.HTTPServerThread
     _loginInfo: typing.Optional['types.LoginResultInfoType']
     _notified: bool
+    _notifiedDeadline: bool
     _sessionStartTime: datetime.datetime
     api: rest.UDSClientApi
 
@@ -115,13 +116,14 @@ class UDSActorClient(threading.Thread):  # pylint: disable=too-many-instance-att
         super().__init__()
 
         self.api = rest.UDSClientApi()  # Self initialized
-        self._qApp = qApp
+        self._qApp = typing.cast(UDSClientQApp, qApp)
         self._running = False
         self._forceLogoff = False
         self._extraLogoff = ''
         self._listener = client.HTTPServerThread(self)
         self._loginInfo = None
         self._notified = False
+        self._notifiedDeadline = False
 
         # Capture stop signals..
         logger.debug('Setting signals...')
@@ -139,8 +141,8 @@ class UDSActorClient(threading.Thread):  # pylint: disable=too-many-instance-att
         remainingTime = self._loginInfo.dead_line - (datetime.datetime.now() - self._sessionStartTime).total_seconds()
         logger.debug('Remaining time: {}'.format(remainingTime))
 
-        if not self._notified and remainingTime < 300:  # With five minutes, show a warning message
-            self._notified = True
+        if not self._notifiedDeadline and remainingTime < 300:  # With five minutes, show a warning message
+            self._notifiedDeadline = True
             self._showMessage('Your session will expire in less that 5 minutes. Please, save your work and disconnect.')
             return
 
@@ -183,7 +185,8 @@ class UDSActorClient(threading.Thread):  # pylint: disable=too-many-instance-att
 
         try:
             # Notify loging and mark it
-            self._loginInfo = self.api.login(platform.operations.getCurrentUser(), platform.operations.getSessionType())
+            user, sessionType = platform.operations.getCurrentUser(), platform.operations.getSessionType()
+            self._loginInfo = self.api.login(user, sessionType)
 
             if self._loginInfo.max_idle:
                 platform.operations.initIdleDuration(self._loginInfo.max_idle)
@@ -195,8 +198,11 @@ class UDSActorClient(threading.Thread):  # pylint: disable=too-many-instance-att
 
                 time.sleep(1.3)  # Sleeps between loop iterations
 
+            self.api.logout(user + self._extraLogoff, sessionType)
+            logger.info('Notified logout for %s (%s)', user, sessionType)  # Log logout
+
+            # Clean up login info
             self._loginInfo = None
-            self.api.logout(platform.operations.getCurrentUser() + self._extraLogoff)
         except Exception as e:
             logger.error('Error on client loop: %s', e)
 
@@ -210,7 +216,7 @@ class UDSActorClient(threading.Thread):  # pylint: disable=too-many-instance-att
             platform.operations.loggoff()
 
     def _showMessage(self, message: str) -> None:
-        self._qApp.message.emit(message)
+        self._qApp.message.emit(message)   # type: ignore  # there are problems with Pylance and connects on PyQt5... :)
 
     def stop(self) -> None:
         logger.debug('Stopping client Service')
@@ -230,13 +236,13 @@ class UDSActorClient(threading.Thread):  # pylint: disable=too-many-instance-att
         On windows, an RDP session with minimized screen will render "black screen"
         So only when user is using RDP connection will return an "actual" screenshot
         '''
-        pixmap: 'QPixmap' = self._qApp.primaryScreen().grabWindow(0)
+        pixmap: 'QPixmap' = self._qApp.primaryScreen().grabWindow(0)  # type: ignore
         ba = QByteArray()
         buffer = QBuffer(ba)
-        buffer.open(QIODevice.WriteOnly)
+        buffer.open(QIODevice.OpenModeFlag.WriteOnly)
         pixmap.save(buffer, 'PNG')
         buffer.close()
-        scrBase64 = bytes(ba.toBase64()).decode()
+        scrBase64 = bytes(ba.toBase64()).decode()    # type: ignore  # there are problems with Pylance and connects on PyQt5... :)
         logger.debug('Screenshot length: %s', len(scrBase64))
         return scrBase64  # 'result' of JSON will contain base64 of screen
 

actor/src/udsactor/http/cert.py

@@ -1,7 +1,10 @@
 from .. import types
 
+# Default certificate, will be overwritten by the first call to Broker, it's needed to wake up the server part of the actor
+# at the beginning, but will be replaced by the real certificate.
 defaultCertificate = types.CertificateInfoType(
     private_key='-----BEGIN ENCRYPTED PRIVATE KEY-----\nMIIFHTBPBgkqhkiG9w0BBQ0wQjApBgkqhkiG9w0BBQwwHAQIfG2+iMYJBswCAggA\nMAwGCCqGSIb3DQIJBQAwFQYJKwYBBAGXVQECBAhCusU5R8ulZQSCBMgheyZ81Qkq\n+TcbPeBlUGCFllSUOo7xQ/OuwYSmzLx8LpN0hQNv4azF6MYH+I8eMSPd3A547yW3\nJE4GjIBfRvcq2X1UZ2FQfECU9UP0ShPuPrVhIh6ZZklmlRjbIF8hGfSzXAuafQb+\n4wXXsofahi/SPgqK1Gw65nRiMcoeRZchJkx8pBgKVWED6Cbh6aAkeqkVKPnsebiV\n6kE+0C7+hgNUbyRd46R+/5NXzPjg4ItfSak+PLzQ1KeRv4Cu6DdzRKJ4V9/MlNdU\nNNEkSVSEaRn4sv+eByU4uxBMaSmD1tLc/A7OmaAeRpIQvls3Zcf2+V0+anAtjbjd\n6eIb2nceey+dKFm4ewlR4mXuzj1QowRTHceOIkvKIrOODxdy9M5hNBZ7VLum29tY\nRhqtmEH2BZZJ8SpM2SsEZzPxqJFiVZbvpeOKjxlMyn1dFWn1rP8uMnfuMKqBaj5D\nd5clOPlwebYw5UpM6Vvawu4nGqxECTSWcfNlDYO5U/0Fsm9+JIrJ7Buukgv2+rhs\nD/6oUK9NB8AW9qnDr7UxbC/ujhkKQG3woaZlPbiMs5WQaS+DrTg4N49wPzS0h+ME\nF8ZzuPnd6+sMGQioCIrQAZ08rk54oCijBhFh8/EQhQKGsMFw2swi9t6+FVU5Bvil\nlhmBd3LA5EuQ5y1X0jRL/+GDiUiZw1gOJP8d/XzhUJL9AmamdqJ6/rAU7lUTNWkM\ndzmFonUO2Mh2zgEEudHsTOH8udZ2l64LIHc6fCkDmM8QzghjrEFyci6R8333DSSM\nwbM0MvyTLM7TTqZUD60EgD+Ihyr/wJcBZY7GVn7hTq7ee14zeI+dZFmTMYOnt0mA\ngof19t0naPPZU+zyl/ambNF5mmSkGOAl4IBHNvPt5ztEVbNpwW3DHbmdYW71Ax+z\nCDlr4iKZahv21o1PCesPV2IlaHZFD6aBRt0DxzMqtq9cpWsI1g7aEaAjRbSvqhMY\npUeqFXz/GfR9rjRkufr48//ll0/Q/Ogx7m1TjQ6mAEQrklI7pa2W0u3H0BpSZSis\nR6ST3ulE+wfsp8cau6q2er+BSsDhBjSn9FeCUjHzY56u9ud/kb6/jLEdgxNpj0na\n3WVqCCCL/dAFSWznBmdracZsRMXapXInHCiiOEkXXbXIXvRKiTPJXdN+w2/U2j2B\nwXZuazVSpmM+xAZTAS9dtBUQJo+5px9b6P09uagvTA32ezbpPXf+hSfmTdUwbmAY\nrmE9SW85tzX+cD17loygBBRrjOr4uQy/s/9FqLx8bM73jly05rdOmX28ECKwEA05\n8aCFkfqrl9J9doVapaUlywpJVPFtE6W6tCF+ULMfb16vEjT1du1+epEnbGGLRQxg\n3aFLyKlvFaNvR38fiQFUGtBgGOaBN3rhGpbMwjch3oReXv9X/4UCL6sVIiOH2H3c\nVSZdC3O5g6CMVe4zckUe1k9mLDb5524IHDFfptZ6Bw+uzrqIy3GHW8dJF2AK471b\nMUnCojTpdbFHaUs2u/rNKVUyY+vLf8hkyP+znBUoPxSJtty53EWNukxjjsxx0lx3\niZGqN72lXlXuSFZAIxi307+xxE21cbzDsMidyJkbKKGm/F4BOKvX9jWmAyYmBG6A\n1L3yNRouFWsYDwYAX2nZ1is=\n-----END ENCRYPTED PRIVATE KEY-----\n',
     server_certificate='-----BEGIN CERTIFICATE-----\nMIIDcTCCAlkCBDfnXU8wDQYJKoZIhvcNAQELBQAwfTELMAkGA1UEBhMCRVMxDzAN\nBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFkcmlkMREwDwYDVQQKDAhVRFMgQ2Vy\ndDERMA8GA1UECwwIVURTIENlcnQxEjAQBgNVBAMMCTEyNy4wLjAuMTESMBAGA1Ud\nEQwJMTI3LjAuMC4xMB4XDTIwMDIxNzExNTkzMloXDTMwMDIxNDExNTkzMlowfTEL\nMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFkcmlkMREw\nDwYDVQQKDAhVRFMgQ2VydDERMA8GA1UECwwIVURTIENlcnQxEjAQBgNVBAMMCTEy\nNy4wLjAuMTESMBAGA1UdEQwJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOC\nAQ8AMIIBCgKCAQEA2e1cW7YtRpNLazR3f/LqLv8OB0rKh8cUPH4wuQhbBTkee8Wu\n5eMSadRCIyRbKj4b8dtVfI9QW0SrmhGuMx1KCh3CsYd9XsWiKbGkiRBHIDOn5pkF\n6PUayDJ8KjnGbfnZjp0AmxXP4r1OO8jUPqzKS9Ubf5PgwcwdFiUKVfVPwGwctwt5\nt9YpSRONw0rTsCjVHvO2dd9h6EopskLCWxpN8l9kNLwLM/6t0IqVKmn5/IYPKKN2\nCX8a7IXpxwoiUs4sBZYhUMBWikB1hKQRSYafp1Xvc5PeTFXTFqGANnqz0NoZ8tqL\n8qjQUN/PCdtzhfcP5RgT2g1qyS2RBCMYH7Zs0wIDAQABMA0GCSqGSIb3DQEBCwUA\nA4IBAQCUt+qlLA1N9VXMwDQAYG4Kt6/UlMHCXAajHQQGtjdyGJ4++m7EIjI96hMU\n3Cx2gp2ggR3JGnuSR+DdBvPl5iGku7J8KV0JiJg30gTY8JuUIy/PMLZWloYKrBHV\nlin2GujQ4OsIt3dbr4XtcKW1Wd7L6fBzHlq7Xyxh+gcTzTvTmq67Q9XKlBWsegMf\nv4FKy0lfcSFK3vTzswQtuTontG4TqLiT/4AnMt3D0cTQ6b6KoZwUUX/TDNhau06d\nQ4Ilz8X61ka+4HBkFSR5ahP9noCVhwO329h+6epO141E5Tep3OLc/GCF4oaKOlMR\nfqxf5f2bghU0fxmtEoNJTZkBsN1S\n-----END CERTIFICATE-----\n',
-    password='Pw7qbatz5u-y-Z5ora2D2ZuBCm95AHnKRcpze53k8tw'
+    password='Pw7qbatz5u-y-Z5ora2D2ZuBCm95AHnKRcpze53k8tw',
+    ciphers=''
 )

actor/src/udsactor/http/clients_pool.py

@@ -37,9 +37,9 @@ import requests
 from ..log import logger
 
 # For avoid proxy on localhost connections
-NO_PROXY = {
-    'http': None,
-    'https': None,
+NO_PROXY: typing.Dict[str, str] = {
+    'http': '',
+    'https': '',
 }
 
 class UDSActorClientPool:

actor/src/udsactor/http/local.py

@@ -42,7 +42,7 @@ class LocalProvider(handler.Handler):
         return result._asdict()
 
     def post_logout(self) -> typing.Any:
-        self._service.logout(self._params['username'])
+        self._service.logout(self._params['username'], self._params['session_type'])
         return 'ok'
 
     def post_ping(self) -> typing.Any:

actor/src/udsactor/http/public.py

@@ -38,6 +38,7 @@ from ..log import logger
 if typing.TYPE_CHECKING:
     from ..service import CommonService
 
+
 class PublicProvider(handler.Handler):
     def post_logout(self) -> typing.Any:
         logger.debug('Sending LOGOFF to clients')
@@ -51,7 +52,9 @@ class PublicProvider(handler.Handler):
         logger.debug('Sending MESSAGE to clients')
         if 'message' not in self._params:
             raise Exception('Invalid message parameters')
-        self._service._clientsPool.message(self._params['message'])  # pylint: disable=protected-access
+        self._service._clientsPool.message(
+            self._params['message']
+        )  # pylint: disable=protected-access
         return 'ok'
 
     def post_script(self) -> typing.Any:
@@ -60,7 +63,9 @@ class PublicProvider(handler.Handler):
             raise Exception('Invalid script parameters')
         if self._params.get('user', False):
             logger.debug('Sending SCRIPT to client')
-            self._service._clientsPool.executeScript(self._params['script'])  # pylint: disable=protected-access
+            self._service._clientsPool.executeScript(
+                self._params['script']
+            )  # pylint: disable=protected-access
         else:
             # Execute script at server space, that is, here
             # as a parallel thread
@@ -72,14 +77,22 @@ class PublicProvider(handler.Handler):
         logger.debug('Received Pre connection')
         if 'user' not in self._params or 'protocol' not in self._params:
             raise Exception('Invalid preConnect parameters')
-        return self._service.preConnect(self._params['user'], self._params['protocol'], self._params.get('ip', 'unknown'), self._params.get('hostname', 'unknown'))
+        return self._service.preConnect(
+            self._params['user'],
+            self._params['protocol'],
+            self._params.get('ip', 'unknown'),
+            self._params.get('hostname', 'unknown'),
+            self._params.get('udsuser', 'unknown'),
+        )
 
     def get_information(self) -> typing.Any:
         # Return something useful? :)
         return 'UDS Actor Secure Server'
 
     def get_screenshot(self) -> typing.Any:
-        return self._service._clientsPool.screenshot()  # pylint: disable=protected-access
+        return (
+            self._service._clientsPool.screenshot()
+        )  # pylint: disable=protected-access
 
     def get_uuid(self) -> typing.Any:
         if self._service.isManaged():

actor/src/udsactor/http/server.py

@@ -42,11 +42,18 @@ from .. import rest
 from .public import PublicProvider
 from .local import LocalProvider
 
+# a couple of 1.2 ciphers + 1.3 ciphers (implicit)
+DEFAULT_CIPHERS = (
+    'ECDHE-RSA-AES128-GCM-SHA256'
+    ':ECDHE-RSA-AES256-GCM-SHA384'
+)
+
 # Not imported at runtime, just for type checking
 if typing.TYPE_CHECKING:
     from ..service import CommonService
     from .handler import Handler
 
+
 class HTTPServerHandler(http.server.BaseHTTPRequestHandler):
     protocol_version = 'HTTP/1.0'
     server_version = 'UDS Actor Server'
@@ -54,7 +61,12 @@ class HTTPServerHandler(http.server.BaseHTTPRequestHandler):
 
     _service: typing.Optional['CommonService'] = None
 
-    def sendJsonResponse(self, result: typing.Optional[typing.Any] = None, error: typing.Optional[str] = None, code: int = 200) -> None:
+    def sendJsonResponse(
+        self,
+        result: typing.Optional[typing.Any] = None,
+        error: typing.Optional[str] = None,
+        code: int = 200,
+    ) -> None:
         data = json.dumps({'result': result, 'error': error})
         self.send_response(code)
         self.send_header('Content-type', 'application/json')
@@ -71,11 +83,13 @@ class HTTPServerHandler(http.server.BaseHTTPRequestHandler):
         # Very simple path & params splitter
         path = self.path.split('?')[0][1:].split('/')
 
-        logger.debug('Path: %s, params: %s', path, params)
+        logger.debug('Path: %s, ip: %s, params: %s', path, self.client_address, params)
 
         handlerType: typing.Optional[typing.Type['Handler']] = None
 
-        if len(path) == 3 and path[0] == 'actor' and path[1] == self._service._secret:  # pylint: disable=protected-access
+        if (
+            len(path) == 3 and path[0] == 'actor' and path[1] == self._service._secret
+        ):  # pylint: disable=protected-access
             # public method
             handlerType = PublicProvider
         elif len(path) == 2 and path[0] == 'ui':
@@ -88,12 +102,18 @@ class HTTPServerHandler(http.server.BaseHTTPRequestHandler):
             return
 
         try:
-            result = getattr(handlerType(self._service, method, params), method + '_' + path[-1])()  # last part of path is method
+            result = getattr(
+                handlerType(self._service, method, params), method + '_' + path[-1]
+            )()  # last part of path is method
         except AttributeError:
             self.sendJsonResponse(error='Method not found', code=404)
             return
         except Exception as e:
-            logger.error('Got exception executing {} {}: {}'.format(method, '/'.join(path), str(e)))
+            logger.error(
+                'Got exception executing {} {}: {}'.format(
+                    method, '/'.join(path), str(e)
+                )
+            )
             self.sendJsonResponse(error=str(e), code=500)
             return
 
@@ -101,7 +121,10 @@ class HTTPServerHandler(http.server.BaseHTTPRequestHandler):
 
     def do_GET(self) -> None:
         try:
-            params = {v.split('=')[0]: v.split('=')[1] for v in self.path.split('?')[1].split('&')}
+            params = {
+                v.split('=')[0]: v.split('=')[1]
+                for v in self.path.split('?')[1].split('&')
+            }
         except Exception:
             params = {}
 
@@ -113,7 +136,9 @@ class HTTPServerHandler(http.server.BaseHTTPRequestHandler):
             content = self.rfile.read(length)
             params: typing.MutableMapping[str, str] = json.loads(content)
         except Exception as e:
-            logger.error('Got exception executing POST {}: {}'.format(self.path, str(e)))
+            logger.error(
+                'Got exception executing POST {}: {}'.format(self.path, str(e))
+            )
             self.sendJsonResponse(error='Invalid parameters', code=400)
             return
 
@@ -125,6 +150,7 @@ class HTTPServerHandler(http.server.BaseHTTPRequestHandler):
     def log_message(self, format, *args):  # pylint: disable=redefined-builtin
         logger.debug(format, *args)
 
+
 class HTTPServerThread(threading.Thread):
     _server: typing.Optional[http.server.HTTPServer]
     _service: 'CommonService'
@@ -153,13 +179,22 @@ class HTTPServerThread(threading.Thread):
     def run(self):
         HTTPServerHandler._service = self._service  # pylint: disable=protected-access
 
-        self._certFile, password = certs.saveCertificate(self._service._certificate)  # pylint: disable=protected-access
+        self._certFile, password = certs.saveCertificate(
+            self._service._certificate
+        )  # pylint: disable=protected-access
 
-        self._server = http.server.HTTPServer(('0.0.0.0', rest.LISTEN_PORT), HTTPServerHandler)
+        self._server = http.server.HTTPServer(
+            ('0.0.0.0', rest.LISTEN_PORT), HTTPServerHandler
+        )
         # self._server.socket = ssl.wrap_socket(self._server.socket, certfile=self.certFile, server_side=True)
 
         context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
-        context.options = ssl.CERT_NONE
+        # Disable TLSv1.0 and TLSv1.1, use only TLSv1.3 or TLSv1.2 with allowed ciphers
+        context.minimum_version = ssl.TLSVersion.TLSv1_2
+
+        # If a configures ciphers are provided, use them, otherwise use the default ones
+        context.set_ciphers(self._service._certificate.ciphers or DEFAULT_CIPHERS)
+
         context.load_cert_chain(certfile=self._certFile, password=password)
         self._server.socket = context.wrap_socket(self._server.socket, server_side=True)
 

actor/src/udsactor/info.py

@@ -1 +0,0 @@
-VERSION = '3.0.0'

actor/src/udsactor/linux/log.py

@@ -37,6 +37,7 @@ import typing
 class LocalLogger:  # pylint: disable=too-few-public-methods
     linux = False
     windows = True
+    serviceLogger = False
 
     logger: typing.Optional[logging.Logger]
 

actor/src/udsactor/linux/operations.py

@@ -41,10 +41,11 @@ import typing
 
 from .. import types
 
+
+from udsactor.log import logger
 from .renamer import rename
 from . import xss
 
-
 def _getMacAddr(ifname: str) -> typing.Optional[str]:
     '''
     Returns the mac address of an interface
@@ -91,10 +92,10 @@ def _getInterfaces() -> typing.List[str]:
 
     s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
     names = array.array(str('B'), b'\0' * space)
-    outbytes = struct.unpack(str('iL'), fcntl.ioctl(
+    outbytes = struct.unpack('iL', fcntl.ioctl(
         s.fileno(),
         0x8912,  # SIOCGIFCONF
-        struct.pack(str('iL'), space, names.buffer_info()[0])
+        struct.pack('iL', space, names.buffer_info()[0])
     ))[0]
     namestr = names.tobytes()
     # return namestr, outbytes
@@ -106,6 +107,7 @@ def _getIpAndMac(ifname: str) -> typing.Tuple[typing.Optional[str], typing.Optio
     return (ip, mac)
 
 def checkPermissions() -> bool:
+    return True
     return os.getuid() == 0  # getuid only available on linux. Expect "complaioins" if edited from Windows
 
 def getComputerName() -> str:
@@ -137,14 +139,19 @@ def reboot(flags: int = 0):
     '''
     Simple reboot using os command
     '''
-    subprocess.call(['/sbin/shutdown', 'now', '-r'])
-
+    try:
+        subprocess.call(['/sbin/shutdown', 'now', '-r'])
+    except Exception as e:
+        logger.error('Error rebooting: %s', e)
 
 def loggoff() -> None:
     '''
     Right now restarts the machine...
     '''
-    subprocess.call(['/usr/bin/pkill', '-u', os.environ['USER']])
+    try:
+        subprocess.call(['/usr/bin/pkill', '-u', os.environ['USER']])
+    except Exception as e:
+        logger.error('Error killing user processes: %s', e)
     # subprocess.call(['/sbin/shutdown', 'now', '-r'])
     # subprocess.call(['/usr/bin/systemctl', 'reboot', '-i'])
 
@@ -155,7 +162,7 @@ def renameComputer(newName: str) -> bool:
     Returns True if reboot needed
     '''
     rename(newName)
-    return True  # Always reboot right now. Not much slower but much more better
+    return True  # Always reboot right now. Not much slower but much more convenient
 
 
 def joinDomain(domain: str, ou: str, account: str, password: str, executeInOneStep: bool = False):
@@ -186,9 +193,9 @@ def getCurrentUser() -> str:
 def getSessionType() -> str:
     '''
       Known values:
-        * Unknown -> No SESSIONNAME environment variable
-        * Console -> Local session
-        *  RDP-Tcp#[0-9]+ -> RDP Session
+        * Unknown -> No XDG_SESSION_TYPE environment variable
+        * xrdp --> xrdp session
+        * other types
     '''
     return 'xrdp' if 'XRDP_SESSION' in os.environ else os.environ.get('XDG_SESSION_TYPE', 'unknown')
 

actor/src/udsactor/linux/store.py

@@ -53,9 +53,10 @@ def readConfig() -> types.ActorConfigurationType:
         return types.ActorConfigurationType(
             actorType=uds.get('type', types.MANAGED),
             host=uds.get('host', ''),
-            validateCertificate=uds.getboolean('validate', fallback=False),
+            validateCertificate=uds.getboolean('validate', fallback=True),
             master_token=uds.get('master_token', None),
             own_token=uds.get('own_token', None),
+            restrict_net=uds.get('restrict_net', None),
             pre_command=uds.get('pre_command', None),
             runonce_command=uds.get('runonce_command', None),
             post_command=uds.get('post_command', None),
@@ -78,6 +79,7 @@ def writeConfig(config: types.ActorConfigurationType) -> None:
     writeIfValue(config.actorType, 'type')
     writeIfValue(config.master_token, 'master_token')
     writeIfValue(config.own_token, 'own_token')
+    writeIfValue(config.restrict_net, 'restrict_net')
     writeIfValue(config.pre_command, 'pre_command')
     writeIfValue(config.post_command, 'post_command')
     writeIfValue(config.runonce_command, 'runonce_command')
@@ -100,3 +102,6 @@ def writeConfig(config: types.ActorConfigurationType) -> None:
 
 def useOldJoinSystem() -> bool:
     return False
+
+def invokeScriptOnLogin() -> str:
+    return ''

actor/src/udsactor/linux/xss.py

@@ -33,6 +33,10 @@ import ctypes
 import ctypes.util
 import subprocess
 
+
+from udsactor.log import logger
+
+
 xlib = None
 xss = None
 display = None
@@ -107,9 +111,12 @@ def _ensureInitialized():
 def initIdleDuration(atLeastSeconds: int) -> None:
     _ensureInitialized()
     if atLeastSeconds:
-        subprocess.call(['/usr/bin/xset', 's', '{}'.format(atLeastSeconds + 30)])
-        # And now reset it
-        subprocess.call(['/usr/bin/xset', 's', 'reset'])
+        try:
+            subprocess.call(['/usr/bin/xset', 's', '{}'.format(atLeastSeconds + 30)])
+            # And now reset it
+            subprocess.call(['/usr/bin/xset', 's', 'reset'])
+        except Exception as e:
+            logger.error('Error setting screensaver time: %s', e)
 
 
 def getIdleDuration() -> float:

actor/src/udsactor/rest.py

@@ -31,47 +31,60 @@
 # pylint: disable=invalid-name
 import warnings
 import json
+import ssl
 import logging
 import typing
 
 import requests
+import requests.adapters
 
 from . import types
-from .info import VERSION
+from .version import VERSION
 
 # Default public listen port
 LISTEN_PORT = 43910
 
 # Default timeout
-TIMEOUT = 5   # 5 seconds is more than enought
+TIMEOUT = 5  # 5 seconds is more than enought
 
 # Constants
 UNKNOWN = 'unknown'
 
+
 class RESTError(Exception):
     ERRCODE = 0
 
+
 class RESTConnectionError(RESTError):
     ERRCODE = -1
 
+
 # Errors ""raised"" from broker
 class RESTInvalidKeyError(RESTError):
     ERRCODE = 1
 
+
 class RESTUnmanagedHostError(RESTError):
     ERRCODE = 2
 
+
 class RESTUserServiceNotFoundError(RESTError):
     ERRCODE = 3
 
+
 class RESTOsManagerError(RESTError):
     ERRCODE = 4
 
+
 # For avoid proxy on localhost connections
 NO_PROXY = {
     'http': None,
     'https': None,
 }
+
+UDS_BASE_URL = 'https://{}/uds/rest/'
+
+
 #
 # Basic UDS Api
 #
@@ -79,48 +92,74 @@ class UDSApi:  # pylint: disable=too-few-public-methods
     """
     Base for remote api accesses
     """
+
     _host: str
     _validateCert: bool
     _url: str
+    _session: 'requests.Session'
 
     def __init__(self, host: str, validateCert: bool) -> None:
         self._host = host
         self._validateCert = validateCert
-        self._url = "https://{}/uds/rest/".format(self._host)
+        self._url = UDS_BASE_URL.format(self._host)
         # Disable logging requests messages except for errors, ...
-        logging.getLogger("requests").setLevel(logging.CRITICAL)
-        logging.getLogger("urllib3").setLevel(logging.ERROR)
+        logging.getLogger('request').setLevel(logging.CRITICAL)
+        logging.getLogger('urllib3').setLevel(logging.ERROR)
         try:
-            warnings.simplefilter("ignore")  # Disables all warnings
+            warnings.simplefilter('ignore')  # Disables all warnings
         except Exception:
             pass
 
+        context = (
+            ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH)
+            if validateCert
+            else ssl._create_unverified_context(purpose=ssl.Purpose.SERVER_AUTH, check_hostname=False)
+        )
+        # Disable SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2
+        context.minimum_version = ssl.TLSVersion.TLSv1_3
+
+        # Configure session security
+        class UDSHTTPAdapter(requests.adapters.HTTPAdapter):
+            def init_poolmanager(self, *args, **kwargs) -> None:
+                kwargs["ssl_context"] = context
+
+                return super().init_poolmanager(*args, **kwargs)
+            
+            def cert_verify(self, conn, url, verify, cert):  # pylint: disable=unused-argument
+                # Overridden to do nothing
+                return super().cert_verify(conn, url, validateCert, cert)
+
+        self._session = requests.Session()
+        self._session.mount("https://", UDSHTTPAdapter())
+
     @property
     def _headers(self) -> typing.MutableMapping[str, str]:
         return {
             'Content-Type': 'application/json',
-            'User-Agent': 'UDS Actor v{}'.format(VERSION)
+            'User-Agent': 'UDS Actor v{}'.format(VERSION),
         }
 
     def _apiURL(self, method: str) -> str:
         raise NotImplementedError
 
     def _doPost(
-            self,
-            method: str,  # i.e. 'initialize', 'ready', ....
-            payLoad: typing.MutableMapping[str, typing.Any],
-            headers: typing.Optional[typing.MutableMapping[str, str]] = None,
-            disableProxy: bool = False
-        ) -> typing.Any:
+        self,
+        method: str,  # i.e. 'initialize', 'ready', ....
+        payLoad: typing.MutableMapping[str, typing.Any],
+        headers: typing.Optional[typing.MutableMapping[str, str]] = None,
+        disableProxy: bool = False,
+    ) -> typing.Any:
         headers = headers or self._headers
         try:
-            result = requests.post(
+            result = self._session.post(
                 self._apiURL(method),
                 data=json.dumps(payLoad),
                 headers=headers,
-                verify=self._validateCert,
+                # verify=self._validateCert, Not needed, already in session
                 timeout=TIMEOUT,
-                proxies=NO_PROXY if disableProxy else None  # if not proxies wanted, enforce it
+                proxies=NO_PROXY  # type: ignore
+                if disableProxy
+                else None,  # if not proxies wanted, enforce it
             )
 
             if result.ok:
@@ -139,6 +178,7 @@ class UDSApi:  # pylint: disable=too-few-public-methods
 
         raise RESTError(data)
 
+
 #
 # UDS Broker API access
 #
@@ -148,7 +188,12 @@ class UDSServerApi(UDSApi):
 
     def enumerateAuthenticators(self) -> typing.Iterable[types.AuthenticatorType]:
         try:
-            result = requests.get(self._url + 'auth/auths', headers=self._headers, verify=self._validateCert, timeout=4)
+            result = self._session.get(
+                self._url + 'auth/auths',
+                headers=self._headers,
+                # verify=self._validateCert,
+                timeout=4,
+            )
             if result.ok:
                 for v in sorted(result.json(), key=lambda x: x['priority']):
                     yield types.AuthenticatorType(
@@ -157,24 +202,24 @@ class UDSServerApi(UDSApi):
                         auth=v['auth'],
                         type=v['type'],
                         priority=v['priority'],
-                        isCustom=v['isCustom']
+                        isCustom=v['isCustom'],
                     )
-        except Exception:
+        except Exception as e:
             pass
 
-    def register(  #pylint: disable=too-many-arguments, too-many-locals
-            self,
-            auth: str,
-            username: str,
-            password: str,
-            hostname: str,
-            ip: str,
-            mac: str,
-            preCommand: str,
-            runOnceCommand: str,
-            postCommand: str,
-            logLevel: int
-        ) -> str:
+    def register(  # pylint: disable=too-many-arguments, too-many-locals
+        self,
+        auth: str,
+        username: str,
+        password: str,
+        hostname: str,
+        ip: str,
+        mac: str,
+        preCommand: str,
+        runOnceCommand: str,
+        postCommand: str,
+        logLevel: int,
+    ) -> str:
         """
         Raises an exception if could not register, or registers and returns the "authorization token"
         """
@@ -186,7 +231,7 @@ class UDSServerApi(UDSApi):
             'pre_command': preCommand,
             'run_once_command': runOnceCommand,
             'post_command': postCommand,
-            'log_level': logLevel
+            'log_level': logLevel,
         }
 
         # First, try to login to REST api
@@ -194,13 +239,23 @@ class UDSServerApi(UDSApi):
             # First, try to login
             authInfo = {'auth': auth, 'username': username, 'password': password}
             headers = self._headers
-            result = requests.post(self._url + 'auth/login', data=json.dumps(authInfo), headers=headers, verify=self._validateCert)
+            result = self._session.post(
+                self._url + 'auth/login',
+                data=json.dumps(authInfo),
+                headers=headers,
+                # verify=self._validateCert,
+            )
             if not result.ok or result.json()['result'] == 'error':
                 raise Exception()  # Invalid credentials
 
             headers['X-Auth-Token'] = result.json()['token']
 
-            result = requests.post(self._apiURL('register'), data=json.dumps(data), headers=headers, verify=self._validateCert)
+            result = self._session.post(
+                self._apiURL('register'),
+                data=json.dumps(data),
+                headers=headers,
+                # verify=self._validateCert,
+            )
             if result.ok:
                 return result.json()['result']
         except requests.ConnectionError as e:
@@ -212,13 +267,18 @@ class UDSServerApi(UDSApi):
 
         raise RESTError(result.content.decode())
 
-    def initialize(self, token: str, interfaces: typing.Iterable[types.InterfaceInfoType], actorType: typing.Optional[str]) -> types.InitializationResultType:
+    def initialize(
+        self,
+        token: str,
+        interfaces: typing.Iterable[types.InterfaceInfoType],
+        actor_type: typing.Optional[str],
+    ) -> types.InitializationResultType:
         # Generate id list from netork cards
         payload = {
-            'type': actorType or types.MANAGED,
+            'type': actor_type or types.MANAGED,
             'token': token,
             'version': VERSION,
-            'id': [{'mac': i.mac, 'ip': i.ip} for i in interfaces]
+            'id': [{'mac': i.mac, 'ip': i.ip} for i in interfaces],
         }
         r = self._doPost('initialize', payload)
         os = r['os']
@@ -232,95 +292,114 @@ class UDSServerApi(UDSApi):
                 password=os.get('password'),
                 new_password=os.get('new_password'),
                 ad=os.get('ad'),
-                ou=os.get('ou')
-            ) if r['os'] else None
+                ou=os.get('ou'),
+            )
+            if r['os']
+            else None,
         )
 
-    def ready(self, own_token: str, secret: str, ip: str, port: int) -> types.CertificateInfoType:
-        payload = {
-            'token': own_token,
-            'secret': secret,
-            'ip': ip,
-            'port': port
-        }
+    def ready(
+        self, own_token: str, secret: str, ip: str, port: int
+    ) -> types.CertificateInfoType:
+        payload = {'token': own_token, 'secret': secret, 'ip': ip, 'port': port}
         result = self._doPost('ready', payload)
 
         return types.CertificateInfoType(
             private_key=result['private_key'],
             server_certificate=result['server_certificate'],
-            password=result['password']
+            password=result['password'],
+            ciphers=result.get('ciphers', ''),
         )
 
-    def notifyIpChange(self, own_token: str, secret: str, ip: str, port: int) -> types.CertificateInfoType:
-        payload = {
-            'token': own_token,
-            'secret': secret,
-            'ip': ip,
-            'port': port
-        }
+    def notifyIpChange(
+        self, own_token: str, secret: str, ip: str, port: int
+    ) -> types.CertificateInfoType:
+        payload = {'token': own_token, 'secret': secret, 'ip': ip, 'port': port}
         result = self._doPost('ipchange', payload)
 
         return types.CertificateInfoType(
             private_key=result['private_key'],
             server_certificate=result['server_certificate'],
-            password=result['password']
+            password=result['password'],
+            ciphers=result.get('ciphers', ''),
         )
 
-    def notifyUnmanagedCallback(self, master_token: str, secret: str, interfaces: typing.Iterable[types.InterfaceInfoType], port: int) -> types.CertificateInfoType:
+    def notifyUnmanagedCallback(
+        self,
+        master_token: str,
+        secret: str,
+        interfaces: typing.Iterable[types.InterfaceInfoType],
+        port: int,
+    ) -> types.CertificateInfoType:
         payload = {
             'id': [{'mac': i.mac, 'ip': i.ip} for i in interfaces],
             'token': master_token,
             'secret': secret,
-            'port': port
+            'port': port,
         }
         result = self._doPost('unmanaged', payload)
 
         return types.CertificateInfoType(
             private_key=result['private_key'],
             server_certificate=result['server_certificate'],
-            password=result['password']
+            password=result['password'],
+            ciphers=result.get('ciphers', ''),
         )
 
-
-    def login(self, own_token: str, username: str, sessionType: typing.Optional[str] = None) -> types.LoginResultInfoType:
-        if not own_token:
+    def login(
+        self,
+        actor_type: typing.Optional[str],
+        token: str,
+        username: str,
+        sessionType: str,
+        interfaces: typing.Iterable[types.InterfaceInfoType],
+        secret: typing.Optional[str],
+    ) -> types.LoginResultInfoType:
+        if not token:
             return types.LoginResultInfoType(
-                ip='0.0.0.0',
-                hostname=UNKNOWN,
-                dead_line=None,
-                max_idle=None
+                ip='0.0.0.0', hostname=UNKNOWN, dead_line=None, max_idle=None
             )
         payload = {
-            'token': own_token,
+            'type': actor_type or types.MANAGED,
+            'id': [{'mac': i.mac, 'ip': i.ip} for i in interfaces],
+            'token': token,
             'username': username,
-            'session_type': sessionType or UNKNOWN
+            'session_type': sessionType,
+            'secret': secret or '',
         }
         result = self._doPost('login', payload)
         return types.LoginResultInfoType(
             ip=result['ip'],
             hostname=result['hostname'],
             dead_line=result['dead_line'],
-            max_idle=result['max_idle']
+            max_idle=result['max_idle'],
         )
 
-    def logout(self, own_token: str, username: str) -> None:
-        if not own_token:
-            return
+    def logout(
+        self,
+        actor_type: typing.Optional[str],
+        token: str,
+        username: str,
+        sessionType: str,
+        interfaces: typing.Iterable[types.InterfaceInfoType],
+        secret: typing.Optional[str],
+    ) -> typing.Optional[str]:
+        if not token:
+            return None
         payload = {
-            'token': own_token,
-            'username': username
+            'type': actor_type or types.MANAGED,
+            'id': [{'mac': i.mac, 'ip': i.ip} for i in interfaces],
+            'token': token,
+            'username': username,
+            'session_type': sessionType,
+            'secret': secret or '',
         }
-        self._doPost('logout', payload)
-
+        return self._doPost('logout', payload)  # Can be 'ok' or 'notified'
 
     def log(self, own_token: str, level: int, message: str) -> None:
         if not own_token:
             return
-        payLoad = {
-            'token': own_token,
-            'level': level,
-            'message': message
-        }
+        payLoad = {'token': own_token, 'level': level, 'message': message}
         self._doPost('log', payLoad)  # Ignores result...
 
     def test(self, master_token: str, actorType: typing.Optional[str]) -> bool:
@@ -341,25 +420,23 @@ class UDSClientApi(UDSApi):
         return self._url + method
 
     def post(
-            self,
-            method: str,  # i.e. 'initialize', 'ready', ....
-            payLoad: typing.MutableMapping[str, typing.Any]
-        ) -> typing.Any:
+        self,
+        method: str,  # i.e. 'initialize', 'ready', ....
+        payLoad: typing.MutableMapping[str, typing.Any],
+    ) -> typing.Any:
         return self._doPost(method=method, payLoad=payLoad, disableProxy=True)
 
     def register(self, callbackUrl: str) -> None:
-        payLoad = {
-            'callback_url': callbackUrl
-        }
+        payLoad = {'callback_url': callbackUrl}
         self.post('register', payLoad)
 
     def unregister(self, callbackUrl: str) -> None:
-        payLoad = {
-            'callback_url': callbackUrl
-        }
+        payLoad = {'callback_url': callbackUrl}
         self.post('unregister', payLoad)
 
-    def login(self, username: str, sessionType: typing.Optional[str] = None) -> types.LoginResultInfoType:
+    def login(
+        self, username: str, sessionType: typing.Optional[str] = None
+    ) -> types.LoginResultInfoType:
         payLoad = {
             'username': username,
             'session_type': sessionType or UNKNOWN,
@@ -369,13 +446,11 @@ class UDSClientApi(UDSApi):
             ip=result['ip'],
             hostname=result['hostname'],
             dead_line=result['dead_line'],
-            max_idle=result['max_idle']
+            max_idle=result['max_idle'],
         )
 
-    def logout(self, username: str) -> None:
-        payLoad = {
-            'username': username
-        }
+    def logout(self, username: str, sessionType: typing.Optional[str]) -> None:
+        payLoad = {'username': username, 'session_type': sessionType or UNKNOWN}
         self.post('logout', payLoad)
 
     def ping(self) -> bool:

actor/src/udsactor/service.py

@@ -39,6 +39,7 @@ import typing
 from . import platform
 from . import rest
 from . import types
+from . import tools
 
 from .log import logger, DEBUG, INFO, ERROR, FATAL
 from .http import clients_pool, server, cert
@@ -55,6 +56,7 @@ from .http import clients_pool, server, cert
 #     else:
 #         logger.setLevel(20000)
 
+
 class CommonService:  # pylint: disable=too-many-instance-attributes
     _isAlive: bool = True
     _rebootRequested: bool = False
@@ -75,7 +77,9 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
             logger.debug('Executing command on {}: {}'.format(section, cmdLine))
             res = subprocess.check_call(cmdLine, shell=True)
         except Exception as e:
-            logger.error('Got exception executing: {} - {} - {}'.format(section, cmdLine, e))
+            logger.error(
+                'Got exception executing: {} - {} - {}'.format(section, cmdLine, e)
+            )
             return False
         logger.debug('Result of executing cmd for {} was {}'.format(section, res))
         return True
@@ -86,7 +90,9 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
         self._api = rest.UDSServerApi(self._cfg.host, self._cfg.validateCertificate)
         self._secret = secrets.token_urlsafe(33)
         self._clientsPool = clients_pool.UDSActorClientPool()
-        self._certificate = cert.defaultCertificate  # For being used on "unmanaged" hosts only
+        self._certificate = (
+            cert.defaultCertificate
+        )  # For being used on "unmanaged" hosts only, and prior to first login
         self._http = None
 
         # Initialzies loglevel and serviceLogger
@@ -112,16 +118,24 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
         self._http.start()
 
     def isManaged(self) -> bool:
-        return self._cfg.actorType != types.UNMANAGED  # Only "unmanaged" hosts are unmanaged, the rest are "managed"
+        return (
+            self._cfg.actorType != types.UNMANAGED
+        )  # Only "unmanaged" hosts are unmanaged, the rest are "managed"
 
-    def serviceInterfaceInfo(self, interfaces: typing.Optional[typing.List[types.InterfaceInfoType]] = None) -> typing.Optional[types.InterfaceInfoType]:
+    def serviceInterfaceInfo(
+        self, interfaces: typing.Optional[typing.List[types.InterfaceInfoType]] = None
+    ) -> typing.Optional[types.InterfaceInfoType]:
         """
         returns the inteface with unique_id mac or first interface or None if no interfaces...
         """
-        interfaces = interfaces or self._interfaces  # Emty interfaces is like "no ip change" because cannot be notified
+        interfaces = (
+            interfaces or self._interfaces
+        )  # Emty interfaces is like "no ip change" because cannot be notified
         if self._cfg.config and interfaces:
             try:
-                return next(x for x in interfaces if x.mac.lower() == self._cfg.config.unique_id)
+                return next(
+                    x for x in interfaces if x.mac.lower() == self._cfg.config.unique_id
+                )
             except StopIteration:
                 return interfaces[0]
 
@@ -152,7 +166,12 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
                 while self._isAlive:
                     counter -= 1
                     try:
-                        self._certificate = self._api.ready(self._cfg.own_token, self._secret, srvInterface.ip, rest.LISTEN_PORT)
+                        self._certificate = self._api.ready(
+                            self._cfg.own_token,
+                            self._secret,
+                            srvInterface.ip,
+                            rest.LISTEN_PORT,
+                        )
                     except rest.RESTConnectionError as e:
                         if not logged:  # Only log connection problems ONCE
                             logged = True
@@ -168,7 +187,9 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
                     # Success or any error that is not recoverable (retunerd by UDS). if Error, service will be cleaned in a while.
                     break
             else:
-                logger.error('Could not locate IP address!!!. (Not registered with UDS)')
+                logger.error(
+                    'Could not locate IP address!!!. (Not registered with UDS)'
+                )
 
         # Do not continue if not alive...
         if not self._isAlive:
@@ -176,7 +197,9 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
 
         # Cleans sensible data
         if self._cfg.config:
-            self._cfg = self._cfg._replace(config=self._cfg.config._replace(os=None), data=None)
+            self._cfg = self._cfg._replace(
+                config=self._cfg.config._replace(os=None), data=None
+            )
             platform.store.writeConfig(self._cfg)
 
         logger.info('Service ready')
@@ -195,10 +218,10 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
             self._cfg = self._cfg._replace(runonce_command=None)
             platform.store.writeConfig(self._cfg)
             if self.execute(runOnce, "runOnce"):
-            # If runonce is present, will not do anythin more
-            # So we have to ensure that, when runonce command is finished, reboots the machine.
-            # That is, the COMMAND itself has to restart the machine!
-                return False   # If the command fails, continue with the rest of the operations...
+                # If runonce is present, will not do anythin more
+                # So we have to ensure that, when runonce command is finished, reboots the machine.
+                # That is, the COMMAND itself has to restart the machine!
+                return False  # If the command fails, continue with the rest of the operations...
 
         # Retry configuration while not stop service, config in case of error 10 times, reboot vm
         counter = 10
@@ -208,9 +231,20 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
                 if self._cfg.config and self._cfg.config.os:
                     osData = self._cfg.config.os
                     if osData.action == 'rename':
-                        self.rename(osData.name, osData.username, osData.password, osData.new_password)
+                        self.rename(
+                            osData.name,
+                            osData.username,
+                            osData.password,
+                            osData.new_password,
+                        )
                     elif osData.action == 'rename_ad':
-                        self.joinDomain(osData.name, osData.ad or '', osData.ou or '', osData.username or '', osData.password or '')
+                        self.joinDomain(
+                            osData.name,
+                            osData.ad or '',
+                            osData.ou or '',
+                            osData.username or '',
+                            osData.password or '',
+                        )
 
                     if self._rebootRequested:
                         try:
@@ -234,7 +268,12 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
         self.getInterfaces()  # Ensure we have interfaces
         if self._cfg.master_token:
             try:
-                self._certificate = self._api.notifyUnmanagedCallback(self._cfg.master_token, self._secret, self._interfaces, rest.LISTEN_PORT)
+                self._certificate = self._api.notifyUnmanagedCallback(
+                    self._cfg.master_token,
+                    self._secret,
+                    self._interfaces,
+                    rest.LISTEN_PORT,
+                )
             except Exception as e:
                 logger.error('Couuld not notify unmanaged callback: %s', e)
 
@@ -245,13 +284,17 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
             return
 
         while self._isAlive:
-            self._interfaces = list(platform.operations.getNetworkInfo())
+            self._interfaces = tools.validNetworkCards(
+                self._cfg.restrict_net, platform.operations.getNetworkInfo()
+            )
             if self._interfaces:
                 break
             self.doWait(5000)
 
     def initialize(self) -> bool:
-        if self._initialized or not self._cfg.host or not self._isAlive:  # Not configured or not running
+        if (
+            self._initialized or not self._cfg.host or not self._isAlive
+        ):  # Not configured or not running
             return False
 
         self._initialized = True
@@ -268,20 +311,25 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
             try:
                 # If master token is present, initialize and get configuration data
                 if self._cfg.master_token:
-                    initResult: types.InitializationResultType = self._api.initialize(self._cfg.master_token, self._interfaces, self._cfg.actorType)
+                    initResult: types.InitializationResultType = self._api.initialize(
+                        self._cfg.master_token, self._interfaces, self._cfg.actorType
+                    )
                     if not initResult.own_token:  # Not managed
-                        logger.debug('This host is not managed by UDS Broker (ids: {})'.format(self._interfaces))
+                        logger.debug(
+                            'This host is not managed by UDS Broker (ids: {})'.format(
+                                self._interfaces
+                            )
+                        )
                         return False
 
-                    # Only removes token for managed machines
+                    # Only removes master token for managed machines (will need it on next client execution)
                     master_token = None if self.isManaged() else self._cfg.master_token
                     self._cfg = self._cfg._replace(
                         master_token=master_token,
                         own_token=initResult.own_token,
                         config=types.ActorDataConfigurationType(
-                            unique_id=initResult.unique_id,
-                            os=initResult.os
-                        )
+                            unique_id=initResult.unique_id, os=initResult.os
+                        ),
                     )
 
                 # On first successfull initialization request, master token will dissapear for managed hosts so it will be no more available (not needed anyway)
@@ -294,17 +342,28 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
 
                 break  # Initial configuration done..
             except rest.RESTConnectionError as e:
-                logger.info('Trying to inititialize connection with broker (last error: {})'.format(e))
+                logger.info(
+                    'Trying to inititialize connection with broker (last error: {})'.format(
+                        e
+                    )
+                )
                 self.doWait(5000)  # Wait a bit and retry
-            except rest.RESTError as e: # Invalid key?
-                logger.error('Error validating with broker. (Invalid token?): {}'.format(e))
+            except rest.RESTError as e:  # Invalid key?
+                logger.error(
+                    'Error validating with broker. (Invalid token?): {}'.format(e)
+                )
                 return False
+            except Exception:
+                logger.exception()
+                self.doWait(5000)  # Wait a bit and retry...
 
         return self.configureMachine()
 
     def uninitialize(self):
         self._initialized = False
-        self._cfg = self._cfg._replace(own_token=None)  # Ensures assigned token is cleared
+        self._cfg = self._cfg._replace(
+            own_token=None
+        )  # Ensures assigned token is cleared
 
     def finish(self) -> None:
         if self._http:
@@ -314,7 +373,14 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
         if self._loggedIn and self._cfg.own_token:
             self._loggedIn = False
             try:
-                self._api.logout(self._cfg.own_token, '')
+                self._api.logout(
+                    self._cfg.actorType,
+                    self._cfg.own_token,
+                    '',
+                    '',
+                    self._interfaces,
+                    self._secret,
+                )
             except Exception as e:
                 logger.error('Error notifying final logout to UDS: %s', e)
 
@@ -325,19 +391,33 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
             return  # Unamanaged hosts does not changes ips. (The full initialize-login-logout process is done in a row, so at login the IP is correct)
 
         try:
-            if not self._cfg.own_token or not self._cfg.config or not self._cfg.config.unique_id:
+            if (
+                not self._cfg.own_token
+                or not self._cfg.config
+                or not self._cfg.config.unique_id
+            ):
                 # Not enouth data do check
                 return
-            currentInterfaces = list(platform.operations.getNetworkInfo())
+            currentInterfaces = tools.validNetworkCards(
+                self._cfg.restrict_net, platform.operations.getNetworkInfo()
+            )
             old = self.serviceInterfaceInfo()
             new = self.serviceInterfaceInfo(currentInterfaces)
             if not new or not old:
-                raise Exception('No ip currently available for {}'.format(self._cfg.config.unique_id))
+                raise Exception(
+                    'No ip currently available for {}'.format(
+                        self._cfg.config.unique_id
+                    )
+                )
             if old.ip != new.ip:
-                self._certificate = self._api.notifyIpChange(self._cfg.own_token, self._secret, new.ip, rest.LISTEN_PORT)
+                self._certificate = self._api.notifyIpChange(
+                    self._cfg.own_token, self._secret, new.ip, rest.LISTEN_PORT
+                )
                 # Now store new addresses & interfaces...
                 self._interfaces = currentInterfaces
-                logger.info('Ip changed from {} to {}. Notified to UDS'.format(old.ip, new.ip))
+                logger.info(
+                    'Ip changed from {} to {}. Notified to UDS'.format(old.ip, new.ip)
+                )
                 # Stop the running HTTP Thread and start a new one, with new generated cert
                 self.startHttpServer()
         except Exception as e:
@@ -345,29 +425,34 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
             logger.warn('Checking ips failed: {}'.format(e))
 
     def rename(
-            self,
-            name: str,
-            userName: typing.Optional[str] = None,
-            oldPassword: typing.Optional[str] = None,
-            newPassword: typing.Optional[str] = None
-        ) -> None:
+        self,
+        name: str,
+        userName: typing.Optional[str] = None,
+        oldPassword: typing.Optional[str] = None,
+        newPassword: typing.Optional[str] = None,
+    ) -> None:
         '''
         Invoked when broker requests a rename action
         default does nothing
         '''
         hostName = platform.operations.getComputerName()
 
-        if hostName.lower() == name.lower():
-            logger.info('Computer name is already {}'.format(hostName))
-            return
-
         # Check for password change request for an user
         if userName and newPassword:
             logger.info('Setting password for configured user')
             try:
-                platform.operations.changeUserPassword(userName, oldPassword or '', newPassword)
+                platform.operations.changeUserPassword(
+                    userName, oldPassword or '', newPassword
+                )
             except Exception as e:
-                raise Exception('Could not change password for user {} (maybe invalid current password is configured at broker): {} '.format(userName, str(e)))
+                # Logs error, but continue renaming computer
+                logger.error(
+                    'Could not change password for user {}: {}'.format(userName, e)
+                )
+
+        if hostName.lower() == name.lower():
+            logger.info('Computer name is already {}'.format(hostName))
+            return
 
         if platform.operations.renameComputer(name):
             self.reboot()
@@ -380,7 +465,7 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
 
             # Now check if every registered client is already there (if logged in OFC)
             if self._loggedIn and not self._clientsPool.ping():
-                self.logout('client_unavailable')
+                self.logout('client_unavailable', '')
         except Exception as e:
             logger.error('Exception on main service loop: %s', e)
 
@@ -388,13 +473,8 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
     # Methods that can be overriden by linux & windows Actor
     # ******************************************************
     def joinDomain(  # pylint: disable=unused-argument, too-many-arguments
-            self,
-            name: str,
-            domain: str,
-            ou: str,
-            account: str,
-            password: str
-        ) -> None:
+        self, name: str, domain: str, ou: str, account: str, password: str
+    ) -> None:
         '''
         Invoked when broker requests a "domain" action
         default does nothing
@@ -402,22 +482,71 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
         logger.debug('Base join invoked: {} on {}, {}'.format(name, domain, ou))
 
     # Client notifications
-    def login(self, username: str, sessionType: typing.Optional[str] = None) -> types.LoginResultInfoType:
-        result = types.LoginResultInfoType(ip='', hostname='', dead_line=None, max_idle=None)
-        self._loggedIn = True
+    def login(
+        self, username: str, sessionType: typing.Optional[str] = None
+    ) -> types.LoginResultInfoType:
+        result = types.LoginResultInfoType(
+            ip='', hostname='', dead_line=None, max_idle=None
+        )
+        master_token = None
+        secret = None
+        # If unmanaged, do initialization now, because we don't know before this
+        # Also, even if not initialized, get a "login" notification token
         if not self.isManaged():
-            self.initialize()
+            self._initialized = (
+                self.initialize()
+            )  # Maybe it's a local login by an unmanaged host.... On real login, will execute initilize again
+            # Unamanaged, need the master token
+            master_token = self._cfg.master_token
+            secret = self._secret
 
-        if self._cfg.own_token:
-            result = self._api.login(self._cfg.own_token, username, sessionType)
+        # Own token will not be set if UDS did not assigned the initialized VM to an user
+        # In that case, take master token (if machine is Unamanaged version)
+        token = self._cfg.own_token or master_token
+        if token:
+            result = self._api.login(
+                self._cfg.actorType,
+                token,
+                username,
+                sessionType or '',
+                self._interfaces,
+                secret,
+            )
+
+        if result.logged_in:
+            logger.debug('Login successful')
+            self._loggedIn = True
+            script = platform.store.invokeScriptOnLogin()
+            if script:
+                logger.info('Executing script on login: {}'.format(script))
+                script += f'{username} {sessionType or "unknown"} {self._cfg.actorType}'
+                self.execute(script, 'Logon')
 
         return result
 
-    def logout(self, username: str) -> None:
-        self._loggedIn = False
-        if self._cfg.own_token:
-            self._api.logout(self._cfg.own_token, username)
+    def logout(self, username: str, sessionType: typing.Optional[str]) -> None:
+        master_token = self._cfg.master_token
 
+        # Own token will not be set if UDS did not assigned the initialized VM to an user
+        # In that case, take master token (if machine is Unamanaged version)
+        token = self._cfg.own_token or master_token
+        if token:
+            # If logout is not processed (that is, not ok result), the logout has not been processed
+            if (
+                self._api.logout(
+                    self._cfg.actorType,
+                    token,
+                    username,
+                    sessionType or '',
+                    self._interfaces,
+                    self._secret,
+                )
+                != 'ok'
+            ):
+                logger.info('Logout from %s ignored as required by uds broker', username)
+                return
+
+        self._loggedIn = False
         self.onLogout(username)
 
         if not self.isManaged():
@@ -444,13 +573,25 @@ class CommonService:  # pylint: disable=too-many-instance-attributes
         '''
         logger.info('Service stopped')
 
-    def preConnect(self, userName: str, protocol: str, ip: str, hostname: str) -> str:  # pylint: disable=unused-argument
+    def preConnect(
+        self, userName: str, protocol: str, ip: str, hostname: str, udsUserName: str
+    ) -> str:
         '''
         Invoked when received a PRE Connection request via REST
         Base preconnect executes the preconnect command
         '''
         if self._cfg.pre_command:
-            self.execute(self._cfg.pre_command + ' {} {} {} {}'.format(userName.replace('"', '%22'), protocol, ip, hostname), 'preConnect')
+            self.execute(
+                self._cfg.pre_command
+                + ' {} {} {} {} {}'.format(
+                    userName.replace('"', '%22'),
+                    protocol,
+                    ip,
+                    hostname,
+                    udsUserName.replace('"', '%22'),
+                ),
+                'preConnect',
+            )
 
         return 'ok'
 

actor/src/udsactor/tools.py

@@ -28,20 +28,58 @@
 '''
 @author: Adolfo Gómez, dkmaster at dkmon dot com
 '''
-# pylint: disable=invalid-name
 import threading
+import ipaddress
+import typing
+
+if typing.TYPE_CHECKING:
+    from udsactor.types import InterfaceInfoType
 
-from udsactor.log import logger
 
 class ScriptExecutorThread(threading.Thread):
+   
     def __init__(self, script: str) -> None:
         super(ScriptExecutorThread, self).__init__()
         self.script = script
 
     def run(self) -> None:
+        from udsactor.log import logger
+
         try:
             logger.debug('Executing script: {}'.format(self.script))
             exec(self.script, globals(), None)  # pylint: disable=exec-used
         except Exception as e:
             logger.error('Error executing script: {}'.format(e))
             logger.exception()
+
+
+# Convert "X.X.X.X/X" to ipaddress.IPv4Network
+def strToNoIPV4Network(net: typing.Optional[str]) -> typing.Optional[ipaddress.IPv4Network]:
+    if not net:  # Empty or None
+        return None
+    try:
+        return ipaddress.IPv4Interface(net).network
+    except Exception:
+        return None
+
+
+def validNetworkCards(
+    net: typing.Optional[str], cards: typing.Iterable['InterfaceInfoType']
+) -> typing.List['InterfaceInfoType']:
+    try:
+        subnet = strToNoIPV4Network(net)
+    except Exception as e:
+        subnet = None
+
+    if subnet is None:
+        return list(cards)
+
+    def isValid(ip: str, subnet: ipaddress.IPv4Network) -> bool:
+        if not ip:
+            return False
+        try:
+            return ipaddress.IPv4Address(ip) in subnet
+        except Exception:
+            return False
+
+    return [c for c in cards if isValid(c.ip, subnet)]

actor/src/udsactor/types.py

@@ -35,6 +35,7 @@ class ActorConfigurationType(typing.NamedTuple):
     actorType: typing.Optional[str] = None
     master_token: typing.Optional[str] = None
     own_token: typing.Optional[str] = None
+    restrict_net: typing.Optional[str] = None
 
     pre_command: typing.Optional[str] = None
     runonce_command: typing.Optional[str] = None
@@ -57,7 +58,12 @@ class LoginResultInfoType(typing.NamedTuple):
     dead_line: typing.Optional[int]
     max_idle: typing.Optional[int]  # Not provided by broker
 
+    @property
+    def logged_in(self) -> bool:
+        return self.hostname != '' or self.ip != ''
+
 class CertificateInfoType(typing.NamedTuple):
     private_key: str
     server_certificate: str
     password: str
+    ciphers: str

actor/src/udsactor/version.py

@@ -0,0 +1 @@
+VERSION = '3.6.0'

actor/src/udsactor/windows/log.py

@@ -34,7 +34,7 @@ import os
 import tempfile
 import typing
 
-import servicemanager  # pylint: disable=import-error
+import servicemanager
 
 # Valid logging levels, from UDS Broker (uds.core.utils.log).
 from .. import loglevel
@@ -42,6 +42,7 @@ from .. import loglevel
 class LocalLogger:  # pylint: disable=too-few-public-methods
     linux = False
     windows = True
+    serviceLogger = False
 
     logger: typing.Optional[logging.Logger]
 

actor/src/udsactor/windows/runner.py

@@ -41,6 +41,8 @@ from .service import UDSActorSvc
 def setupRecoverService():
     svc_name = UDSActorSvc._svc_name_  # pylint: disable=protected-access
 
+    hs = None
+    hscm = None
     try:
         hscm = win32service.OpenSCManager(None, None, win32service.SC_MANAGER_ALL_ACCESS)
 
@@ -57,9 +59,11 @@ def setupRecoverService():
             }
             win32service.ChangeServiceConfig2(hs, win32service.SERVICE_CONFIG_FAILURE_ACTIONS, service_failure_actions)
         finally:
-            win32service.CloseServiceHandle(hs)
+            if hs:
+                win32service.CloseServiceHandle(hs)
     finally:
-        win32service.CloseServiceHandle(hscm)
+        if hscm:
+            win32service.CloseServiceHandle(hscm)
 
 
 def run() -> None:

actor/src/udsactor/windows/service.py

@@ -39,6 +39,7 @@ import win32net
 import win32event
 import pythoncom
 import servicemanager
+import winreg as wreg
 
 from . import operations
 from . import store
@@ -138,7 +139,7 @@ class UDSActorSvc(win32serviceutil.ServiceFramework, CommonService):
             logger.info('Using multiple step join because configuration requests to do so')
             self.multiStepJoin(name, domain, ou, account, password)
 
-    def preConnect(self, userName: str, protocol: str, ip: str, hostname: str) -> str:
+    def preConnect(self, userName: str, protocol: str, ip: str, hostname: str, udsUserName: str) -> str:    
         logger.debug('Pre connect invoked')
 
         if protocol == 'rdp':  # If connection is not using rdp, skip adding user
@@ -167,7 +168,7 @@ class UDSActorSvc(win32serviceutil.ServiceFramework, CommonService):
                 self._user = None
                 logger.debug('User {} already in group'.format(userName))
 
-        return super().preConnect(userName, protocol, ip, hostname)
+        return super().preConnect(userName, protocol, ip, hostname, udsUserName)
 
     def ovLogon(self, username: str, password: str) -> str:
         """
@@ -197,6 +198,18 @@ class UDSActorSvc(win32serviceutil.ServiceFramework, CommonService):
             except Exception as e:
                 logger.error('Exception removing user from Remote Desktop Users: {}'.format(e))
 
+    def isInstallationRunning(self):
+        '''
+        Detect if windows is installing anything, so we can delay the execution of Service
+        '''
+        try:
+            key = wreg.OpenKey(wreg.HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State')
+            data, _ = wreg.QueryValueEx(key, 'ImageState')
+            logger.debug('State: %s', data)
+            return data != 'IMAGE_STATE_COMPLETE'  # If ImageState is different of ImageStateComplete, there is something running on installation
+        except Exception:  # If not found, means that no installation is running 
+            return False
+
     def SvcDoRun(self) -> None:  # pylint: disable=too-many-statements, too-many-branches
         '''
         Main service loop
@@ -209,6 +222,17 @@ class UDSActorSvc(win32serviceutil.ServiceFramework, CommonService):
 
         pythoncom.CoInitialize()  # pylint: disable=no-member
 
+        # Check if some install is running on windows before proceeding
+        while self._isAlive:
+            if self.isInstallationRunning():
+                win32event.WaitForSingleObject(self._hWaitStop, 1000)  # Wait a bit, and check again
+                continue
+            break
+
+        if not self._isAlive:  # Has been stopped while waiting windows installations
+            self.finish()
+            return
+
         # Unmanaged services does not initializes "on start", but rather when user logs in (because userservice does not exists "as such" before that)
         if self.isManaged():
             if not self.initialize():

actor/src/udsactor/windows/store.py

@@ -76,9 +76,9 @@ def writeConfig(config: types.ActorConfigurationType) -> None:
     except Exception:
         key = wreg.CreateKeyEx(BASEKEY, PATH, 0, wreg.KEY_ALL_ACCESS)
 
-    fixRegistryPermissions(key.handle)
+    fixRegistryPermissions(key.handle)  # type: ignore
 
-    wreg.SetValueEx(key, "", 0, wreg.REG_BINARY, pickle.dumps(config))
+    wreg.SetValueEx(key, "", 0, wreg.REG_BINARY, pickle.dumps(config)) # type: ignore
     wreg.CloseKey(key)
 
 
@@ -94,3 +94,16 @@ def useOldJoinSystem() -> bool:
         data = ''
 
     return data == 'old'
+
+def invokeScriptOnLogin() -> str:
+    try:
+        key = wreg.OpenKey(BASEKEY, PATH, 0, wreg.KEY_QUERY_VALUE)
+        try:
+            data, _ = wreg.QueryValueEx(key, 'logonScript')
+        except Exception:
+            data = ''
+        wreg.CloseKey(key)
+    except Exception:
+        data = ''
+
+    return data

actor/src/ui/setup_dialog_ui.py

@@ -2,9 +2,10 @@
 
 # Form implementation generated from reading ui file 'setup-dialog.ui'
 #
-# Created by: PyQt5 UI code generator 5.13.2
+# Created by: PyQt5 UI code generator 5.15.2
 #
-# WARNING! All changes made in this file will be lost!
+# WARNING: Any manual changes made to this file will be lost when pyuic5 is
+# run again.  Do not edit this file unless you know what you are doing.
 
 
 from PyQt5 import QtCore, QtGui, QtWidgets
@@ -191,6 +192,7 @@ class Ui_UdsActorSetupDialog(object):
 
         self.retranslateUi(UdsActorSetupDialog)
         self.tabWidget.setCurrentIndex(0)
+        self.validateCertificate.setCurrentIndex(1)
         self.logLevelComboBox.setCurrentIndex(1)
         self.closeButton.clicked.connect(UdsActorSetupDialog.finish)
         self.registerButton.clicked.connect(UdsActorSetupDialog.registerWithUDS)

actor/src/ui/setup_dialog_unmanaged_ui.py

@@ -2,9 +2,10 @@
 
 # Form implementation generated from reading ui file 'setup-dialog-unmanaged.ui'
 #
-# Created by: PyQt5 UI code generator 5.13.2
+# Created by: PyQt5 UI code generator 5.15.2
 #
-# WARNING! All changes made in this file will be lost!
+# WARNING: Any manual changes made to this file will be lost when pyuic5 is
+# run again.  Do not edit this file unless you know what you are doing.
 
 
 from PyQt5 import QtCore, QtGui, QtWidgets
@@ -14,7 +15,7 @@ class Ui_UdsActorSetupDialog(object):
     def setupUi(self, UdsActorSetupDialog):
         UdsActorSetupDialog.setObjectName("UdsActorSetupDialog")
         UdsActorSetupDialog.setWindowModality(QtCore.Qt.WindowModal)
-        UdsActorSetupDialog.resize(595, 220)
+        UdsActorSetupDialog.resize(601, 243)
         sizePolicy = QtWidgets.QSizePolicy(QtWidgets.QSizePolicy.Preferred, QtWidgets.QSizePolicy.Preferred)
         sizePolicy.setHorizontalStretch(0)
         sizePolicy.setVerticalStretch(0)
@@ -34,12 +35,12 @@ class Ui_UdsActorSetupDialog(object):
         UdsActorSetupDialog.setModal(True)
         self.saveButton = QtWidgets.QPushButton(UdsActorSetupDialog)
         self.saveButton.setEnabled(True)
-        self.saveButton.setGeometry(QtCore.QRect(10, 180, 181, 23))
+        self.saveButton.setGeometry(QtCore.QRect(10, 210, 181, 23))
         self.saveButton.setMinimumSize(QtCore.QSize(181, 0))
         self.saveButton.setContextMenuPolicy(QtCore.Qt.DefaultContextMenu)
         self.saveButton.setObjectName("saveButton")
         self.closeButton = QtWidgets.QPushButton(UdsActorSetupDialog)
-        self.closeButton.setGeometry(QtCore.QRect(410, 180, 171, 23))
+        self.closeButton.setGeometry(QtCore.QRect(410, 210, 171, 23))
         sizePolicy = QtWidgets.QSizePolicy(QtWidgets.QSizePolicy.Preferred, QtWidgets.QSizePolicy.Fixed)
         sizePolicy.setHorizontalStretch(0)
         sizePolicy.setVerticalStretch(0)
@@ -49,11 +50,11 @@ class Ui_UdsActorSetupDialog(object):
         self.closeButton.setObjectName("closeButton")
         self.testButton = QtWidgets.QPushButton(UdsActorSetupDialog)
         self.testButton.setEnabled(False)
-        self.testButton.setGeometry(QtCore.QRect(210, 180, 181, 23))
+        self.testButton.setGeometry(QtCore.QRect(210, 210, 181, 23))
         self.testButton.setMinimumSize(QtCore.QSize(181, 0))
         self.testButton.setObjectName("testButton")
         self.layoutWidget = QtWidgets.QWidget(UdsActorSetupDialog)
-        self.layoutWidget.setGeometry(QtCore.QRect(10, 10, 571, 161))
+        self.layoutWidget.setGeometry(QtCore.QRect(10, 10, 571, 191))
         self.layoutWidget.setObjectName("layoutWidget")
         self.formLayout = QtWidgets.QFormLayout(self.layoutWidget)
         self.formLayout.setSizeConstraint(QtWidgets.QLayout.SetDefaultConstraint)
@@ -84,7 +85,7 @@ class Ui_UdsActorSetupDialog(object):
         self.formLayout.setWidget(2, QtWidgets.QFormLayout.FieldRole, self.serviceToken)
         self.label_loglevel = QtWidgets.QLabel(self.layoutWidget)
         self.label_loglevel.setObjectName("label_loglevel")
-        self.formLayout.setWidget(3, QtWidgets.QFormLayout.LabelRole, self.label_loglevel)
+        self.formLayout.setWidget(4, QtWidgets.QFormLayout.LabelRole, self.label_loglevel)
         self.logLevelComboBox = QtWidgets.QComboBox(self.layoutWidget)
         self.logLevelComboBox.setFrame(True)
         self.logLevelComboBox.setObjectName("logLevelComboBox")
@@ -96,7 +97,13 @@ class Ui_UdsActorSetupDialog(object):
         self.logLevelComboBox.setItemText(2, "ERROR")
         self.logLevelComboBox.addItem("")
         self.logLevelComboBox.setItemText(3, "FATAL")
-        self.formLayout.setWidget(3, QtWidgets.QFormLayout.FieldRole, self.logLevelComboBox)
+        self.formLayout.setWidget(4, QtWidgets.QFormLayout.FieldRole, self.logLevelComboBox)
+        self.label_restrictNet = QtWidgets.QLabel(self.layoutWidget)
+        self.label_restrictNet.setObjectName("label_restrictNet")
+        self.formLayout.setWidget(3, QtWidgets.QFormLayout.LabelRole, self.label_restrictNet)
+        self.restrictNet = QtWidgets.QLineEdit(self.layoutWidget)
+        self.restrictNet.setObjectName("restrictNet")
+        self.formLayout.setWidget(3, QtWidgets.QFormLayout.FieldRole, self.restrictNet)
         self.label_host.raise_()
         self.host.raise_()
         self.label_serviceToken.raise_()
@@ -105,6 +112,8 @@ class Ui_UdsActorSetupDialog(object):
         self.label_security.raise_()
         self.label_loglevel.raise_()
         self.logLevelComboBox.raise_()
+        self.label_restrictNet.raise_()
+        self.restrictNet.raise_()
 
         self.retranslateUi(UdsActorSetupDialog)
         self.logLevelComboBox.setCurrentIndex(1)
@@ -113,6 +122,7 @@ class Ui_UdsActorSetupDialog(object):
         self.saveButton.clicked.connect(UdsActorSetupDialog.saveConfig)
         self.host.textChanged['QString'].connect(UdsActorSetupDialog.configChanged)
         self.serviceToken.textChanged['QString'].connect(UdsActorSetupDialog.configChanged)
+        self.restrictNet.textChanged['QString'].connect(UdsActorSetupDialog.configChanged)
         QtCore.QMetaObject.connectSlotsByName(UdsActorSetupDialog)
 
     def retranslateUi(self, UdsActorSetupDialog):
@@ -136,7 +146,10 @@ class Ui_UdsActorSetupDialog(object):
         self.host.setToolTip(_translate("UdsActorSetupDialog", "Uds Broker Server Addres. Use IP or FQDN"))
         self.host.setWhatsThis(_translate("UdsActorSetupDialog", "Enter here the UDS Broker Addres using either its IP address or its FQDN address"))
         self.label_serviceToken.setText(_translate("UdsActorSetupDialog", "Service Token"))
-        self.serviceToken.setToolTip(_translate("UdsActorSetupDialog", "UDS user with administration rights (Will not be stored on template)"))
-        self.serviceToken.setWhatsThis(_translate("UdsActorSetupDialog", "<html><head/><body><p>Administrator user on UDS Server.</p><p>Note: This credential will not be stored on client. Will be used to obtain an unique token for this image.</p></body></html>"))
+        self.serviceToken.setToolTip(_translate("UdsActorSetupDialog", "UDS Service Token"))
+        self.serviceToken.setWhatsThis(_translate("UdsActorSetupDialog", "<html><head/><body><p>Token of the service on UDS platform</p><p>This token can be obtainend from the service configuration on UDS.</p></body></html>"))
         self.label_loglevel.setText(_translate("UdsActorSetupDialog", "Log Level"))
+        self.label_restrictNet.setText(_translate("UdsActorSetupDialog", "Restrict Net"))
+        self.restrictNet.setToolTip(_translate("UdsActorSetupDialog", "Restrict valid detection of network interfaces to this network."))
+        self.restrictNet.setWhatsThis(_translate("UdsActorSetupDialog", "<html><head/><body><p>Restrics valid detection of network interfaces.</p><p>Note: Use this field only in case of several network interfaces, so UDS knows which one is the interface where the user will be connected..</p></body></html>"))
 from ui import uds_rc

actor/src/ui/uds_rc.py

@@ -2,7 +2,7 @@
 
 # Resource object code
 #
-# Created by: The Resource Compiler for PyQt5 (Qt v5.13.2)
+# Created by: The Resource Compiler for PyQt5 (Qt v5.15.2)
 #
 # WARNING! All changes made in this file will be lost!
 
@@ -175,7 +175,7 @@ qt_resource_struct_v2 = b"\
 \x00\x00\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x00\x03\
 \x00\x00\x00\x00\x00\x00\x00\x00\
 \x00\x00\x00\x0c\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\
-\x00\x00\x01\x6e\x86\x31\xef\xa3\
+\x00\x00\x01\x81\xce\x8a\xac\xf2\
 "
 
 qt_version = [int(v) for v in QtCore.qVersion().split('.')]

client-py3/full/.env

@@ -0,0 +1,2 @@
+PYTHONPATH=./src:${PYTHONPATH}
+

client-py3/full/linux/.gitignore

@@ -2,3 +2,8 @@
 /udsclient-[0-9]*.spec
 /debian/udsclient
 /targz
+/UDSClientDir
+/UDSClient*.AppImage
+/appimage*
+/UDSClient.desktop
+*.zsync

client-py3/full/linux/Makefile

@@ -14,6 +14,8 @@ APPSDIR := $(DESTDIR)/usr/share/applications
 PYC := $(shell find $(SOURCEDIR) -name '*.py[co]')
 CACHES := $(shell find $(SOURCEDIR) -name '__pycache__')
 
+
+
 clean:
 	rm -rf $(PYC) $(CACHES) $(DESTDIR)
 install:
@@ -46,8 +48,60 @@ endif
 ifeq ($(DISTRO),rh)
 endif
 
-	# chmod 0755 $(BINDIR)/udsclient
 uninstall:
 	rm -rf $(LIBDIR)
 	# rm -f $(BINDIR)/udsclient
 	#  rm -rf $(CFGDIR)
+
+build-appimage:
+ifeq ($(DISTRO),x86_64)
+	cat udsclient-appimage-x86_64.recipe | sed -e s/"version: 0.0.0"/"version: $(VERSION)"/g > appimage.recipe
+endif
+ifeq ($(DISTRO),armhf)
+	cat udsclient-appimage-x86_64.recipe | sed -e s/"version: 0.0.0"/"version: $(VERSION)"/g | sed -e s/amd64/armhf/g | sed -e s/x86_64/armhf/g > appimage.recipe
+endif
+ifeq ($(DISTRO),i686)
+	cat udsclient-appimage-x86_64.recipe | sed -e s/"version: 0.0.0"/"version: $(VERSION)"/g | sed -e s/amd64/i386/g | sed -e s/x86_64/i686/g > appimage.recipe
+endif
+# Ensure all working folders are "clean"
+	-rm -rf appimage appimage-builder-cache /tmp/UDSClientDir appimage-build AppDir
+
+	appimage-builder --recipe appimage.recipe --appdir /tmp/UDSClientDir
+# Now create dist and move appimage
+	rm -rf $(DESTDIR)
+	mkdir -p $(DESTDIR)
+	cp UDSClient-$(VERSION)-$(DISTRO).AppImage $(DESTDIR)
+# Generate the .desktop fixed for new path
+	cat desktop/UDSClient.desktop | sed -e s/".usr.lib.UDSClient.UDSClient.py"/"\/usr\/bin\/UDSClient-$(VERSION)-$(DISTRO).AppImage"/g > $(DESTDIR)/UDSClient.desktop
+# And also, generater installer
+	cat installer-appimage-template.sh | sed -e s/"0.0.0"/"$(VERSION)"/g | sed -e s/x86_64/$(DISTRO)/g > $(DESTDIR)/installer.sh
+	chmod 755 $(DESTDIR)/installer.sh
+	tar czvf ../udsclient3-$(DISTRO)-$(VERSION).tar.gz -C $(DESTDIR) .
+
+# cleanup
+	-rm -rf appimage appimage-builder-cache /tmp/UDSClientDir appimage-build AppDir
+
+build-igel:
+	rm -rf $(DESTDIR)
+	mkdir -p $(DESTDIR)
+# Calculate the size of the custom partition (15 megas more than the appimage size)
+	@$(eval APPIMAGE_SIZE=$(shell du -sm UDSClient-$(VERSION)-x86_64.AppImage | cut -f1))
+	@$(eval APPIMAGE_SIZE=$(shell expr $(APPIMAGE_SIZE) + 15))
+	cat igel/UDSClient-Profile-template.xml | sed -e s/"_SIZE_"/"$(APPIMAGE_SIZE)M"/g > $(DESTDIR)/UDSClient-Profile.xml
+	cat igel/UDSClient-template.inf | sed -e s/"_SIZE_"/"$(APPIMAGE_SIZE)M"/g > $(DESTDIR)/UDSClient.inf
+	cp UDSClient-$(VERSION)-x86_64.AppImage $(DESTDIR)/UDSClient
+	cp igel/UDSClient.desktop $(DESTDIR)/UDSClient.desktop
+	cp igel/init.sh $(DESTDIR)/init.sh
+	tar cjvf $(DESTDIR)/UDSClient.tar.bz2 -C $(DESTDIR) UDSClient UDSClient.desktop init.sh
+	zip -j ../udsclient3-$(VERSION)-igel.zip $(DESTDIR)/UDSClient-Profile.xml $(DESTDIR)/UDSClient.inf $(DESTDIR)/UDSClient.tar.bz2
+	cd ..
+	rm -rf $(DESTDIR)
+
+build-thinpro:
+	rm -rf $(DESTDIR)
+	mkdir -p $(DESTDIR)
+	cp -r thinpro/* $(DESTDIR)
+	cp UDSClient-$(VERSION)-x86_64.AppImage $(DESTDIR)/UDSClient
+	tar czvf ../udsclient3-$(VERSION)-thinpro.tar.gz -C $(DESTDIR) .
+	rm -rf $(DESTDIR)
+

client-py3/full/linux/build-packages.sh

@@ -32,6 +32,19 @@ done
 
 #rm udsclient-$VERSION
 
+# Make .tar.gz with source
 make DESTDIR=targz DISTRO=targz VERSION=${VERSION} install
 
+# And make FULL CLIENT .tar.gz for x86 and raspberry
+make DESTDIR=appimage DISTRO=x86_64 VERSION=${VERSION} build-appimage
+make DESTDIR=appimage DISTRO=armhf VERSION=${VERSION} build-appimage
+make DESTDIR=appimage DISTRO=i686 VERSION=${VERSION} build-appimage
+
+# Now create igel version
+# we need first to create the Appimage for x86_64
+make DESTDIR=igelimage DISTRO=x86_64 VERSION=${VERSION} build-igel
+
+# Create the thinpro version
+make DESTDIR=thinproimage DISTRO=x86_64 VERSION=${VERSION} build-thinpro
+
 rpm --addsign ../*rpm

client-py3/full/linux/debian/changelog

@@ -1,3 +1,15 @@
+udsclient3 (3.6.0) stable; urgency=medium
+
+  * Upgraded to 3.6.0 release
+
+ -- Adolfo Gómez García <agomez@virtualcable.es>  Fri, 1 Jul 2022 14:12:10 +0200
+
+udsclient3 (3.5.0) stable; urgency=medium
+
+  * Upgraded to 3.5.0 release
+
+ -- Adolfo Gómez García <agomez@virtualcable.es>  Fri, 23 Oct 2020 08:12:10 +0200
+
 udsclient3 (3.0.0) stable; urgency=medium
 
   * Upgraded to 3.0.0 release

client-py3/full/linux/debian/compat

@@ -1 +1 @@
-9
+10

client-py3/full/linux/debian/control

@@ -1,15 +1,15 @@
 Source: udsclient3
 Section: admin
 Priority: optional
-Maintainer: Adolfo Gómez García <agomez@virtualcable.es>
+Maintainer: Adolfo Gómez García <agomez@virtualcable.net>
 Build-Depends: debhelper (>= 7), po-debconf
 Standards-Version: 3.9.2
-Homepage: http://www.virtualcable.es
+Homepage: http://www.udsenterprise.com
 
 Package: udsclient3
 Section: admin
 Priority: optional
 Architecture: all
-Depends: python3-paramiko (>=2.0.0), python3-crypto, python3-pyqt5 (>=5.0), python3-six(>=1.1), python3 (>=3.6), freerdp2-x11 | freerdp-x11, desktop-file-utils, ${misc:Depends}
+Depends: python3-paramiko (>=2.0.0), python3-certifi, python3-cryptography, python3-psutil, python3-pyqt5 (>=5.0), python3 (>=3.6), freerdp2-x11 | freerdp-x11 | freerdp-nightly, desktop-file-utils, ${misc:Depends}
 Description: Client connector for Universal Desktop Services (UDS) Broker
  This package provides the required components to allow this machine to connect to services provided by UDS Broker.

client-py3/full/linux/debian/copyright

@@ -1,26 +1,38 @@
 Format-Specification: http://svn.debian.org/wsvn/dep/web/deps/dep5.mdwn?op=file&rev=135
 Name: udsclient3
 Maintainer: Adolfo Gómez García
-Source: http://www.udsenterprise.com/
+Source: http://github.com/dkmstr/openuds/client-py3
 
-Copyright: 2014 Virtual Cable S.L.U.
+Files: *
+Copyright: (c) 2014-2022, Virtual Cable S.L.U.
 License: BSD-3-clause
 
-License: GPL-2+
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or
-(at your option) any later version. 
-.
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-.
-You should have received a copy of the GNU General Public License along
-with this program; if not, write to the Free Software Foundation, Inc.,
-51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-.
-On Debian systems, the full text of the GNU General Public
-License version 2 can be found in the file
-`/usr/share/common-licenses/GPL-2'.
+License: BSD-3-clause
+ All rights reserved.
+ .
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+ .
+ * Redistributions of source code must retain the above copyright notice, this
+ list of conditions and the following disclaimer.
+ .
+ * Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ .
+ * Neither the name of pg_query nor the names of its contributors may be used
+ to endorse or promote products derived from this software without specific
+ prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ 

client-py3/full/linux/debian/files

@@ -1,2 +1,2 @@
-udsclient3_3.0.0_all.deb admin optional
-udsclient3_3.0.0_amd64.buildinfo admin optional
+udsclient3_3.6.0_all.deb admin optional
+udsclient3_3.6.0_amd64.buildinfo admin optional

client-py3/full/linux/desktop/UDSClient.desktop

@@ -2,7 +2,7 @@
 Name=UDSClient
 Comment=UDS Helper
 Keywords=uds;client;vdi;
-Exec=/usr/lib/UDSClient/UDSClient.py %u
+Exec=/usr/lib/UDSClient/UDSClient.py %u -platform xcb
 Icon=help-browser
 StartupNotify=true
 Terminal=false

client-py3/full/linux/igel/UDSClient-Profile-template.xml

@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<profile>
+    <profile_id>1126</profile_id>
+    <profilename>UDSClient</profilename>
+    <firmware>
+        <model>IGEL OS 11</model>
+        <version>11.05.120.01</version>
+    </firmware>
+    <description></description>
+    <overwritesessions>false</overwritesessions>
+    <is_master_profile>false</is_master_profile>
+    <is_igel_os>true</is_igel_os>
+    <settings>
+        <pclass name="custom_partition.enabled">
+            <pvalue instancenr="-1" variableExpression="" variableSubstitutionActive="false">true</pvalue>
+            <variableSubstitutionActive>false</variableSubstitutionActive>
+        </pclass>
+        <pclass name="system.security.apparmor">
+            <pvalue instancenr="-1" variableExpression="" variableSubstitutionActive="false">false</pvalue>
+            <variableSubstitutionActive>false</variableSubstitutionActive>
+        </pclass>
+        <pclass name="custom_partition.mountpoint">
+            <pvalue instancenr="-1" variableExpression="" variableSubstitutionActive="false">/UDSClient</pvalue>
+            <variableSubstitutionActive>false</variableSubstitutionActive>
+        </pclass>
+        <pclass name="custom_partition.size">
+            <pvalue instancenr="-1" variableExpression="" variableSubstitutionActive="false">_SIZE_</pvalue>
+            <variableSubstitutionActive>false</variableSubstitutionActive>
+        </pclass>
+    </settings>
+    <instancesettings>
+        <instance classprefix="custom_partition.source%" serialnumber="-719cadfe:17ca470644a:-7fff127.0.1.1">
+            <ivalue classname="custom_partition.source%.autoupdate" variableExpression="" variableSubstitutionActive="false">false</ivalue>
+            <ivalue classname="custom_partition.source%.crypt_password" variableExpression="" variableSubstitutionActive="false">000d4317311f2c0031133c4d3e4c3d</ivalue>
+            <ivalue classname="custom_partition.source%.final_action" variableExpression="" variableSubstitutionActive="false"></ivalue>
+            <ivalue classname="custom_partition.source%.init_action" variableExpression="" variableSubstitutionActive="false">/UDSClient/init.sh</ivalue>
+            <ivalue classname="custom_partition.source%.password" variableExpression="" variableSubstitutionActive="false"></ivalue>
+            <ivalue classname="custom_partition.source%.url" variableExpression="" variableSubstitutionActive="false">https://[UMS_SERVER]:8443/ums_filetransfer/UDSClient-igel.inf</ivalue>
+            <ivalue classname="custom_partition.source%.username" variableExpression="" variableSubstitutionActive="false">[UMS_USERNAME]</ivalue>
+        </instance>
+        <instance classprefix="sessions.chromium%" serialnumber="-6b5264e9:17ca6f65505:-8000127.0.1.1">
+            <ivalue classname="sessions.chromium%.app.browser_startup_page" variableExpression="" variableSubstitutionActive="false">1</ivalue>
+            <ivalue classname="sessions.chromium%.app.homepage" variableExpression="" variableSubstitutionActive="false">https://demo.udsenterprise.com</ivalue>
+            <ivalue classname="sessions.chromium%.applaunch" variableExpression="" variableSubstitutionActive="false">true</ivalue>
+            <ivalue classname="sessions.chromium%.applaunch_path" variableExpression="" variableSubstitutionActive="false"></ivalue>
+            <ivalue classname="sessions.chromium%.applaunch_system" variableExpression="" variableSubstitutionActive="false">false</ivalue>
+            <ivalue classname="sessions.chromium%.autostart" variableExpression="" variableSubstitutionActive="false">false</ivalue>
+            <ivalue classname="sessions.chromium%.autostartnotify" variableExpression="" variableSubstitutionActive="false">false</ivalue>
+            <ivalue classname="sessions.chromium%.desktop" variableExpression="" variableSubstitutionActive="false">true</ivalue>
+            <ivalue classname="sessions.chromium%.desktop_path" variableExpression="" variableSubstitutionActive="false"></ivalue>
+            <ivalue classname="sessions.chromium%.hotkey" variableExpression="" variableSubstitutionActive="false"></ivalue>
+            <ivalue classname="sessions.chromium%.hotkeymodifier" variableExpression="" variableSubstitutionActive="false">None</ivalue>
+            <ivalue classname="sessions.chromium%.icon" variableExpression="" variableSubstitutionActive="false">chromium</ivalue>
+            <ivalue classname="sessions.chromium%.menu_path" variableExpression="" variableSubstitutionActive="false"></ivalue>
+            <ivalue classname="sessions.chromium%.name" variableExpression="UDS" variableSubstitutionActive="true">###LOC_DEFAULT###</ivalue>
+            <ivalue classname="sessions.chromium%.position" variableExpression="" variableSubstitutionActive="false">0</ivalue>
+            <ivalue classname="sessions.chromium%.pulldown" variableExpression="" variableSubstitutionActive="false">false</ivalue>
+            <ivalue classname="sessions.chromium%.pwprotected" variableExpression="" variableSubstitutionActive="false">none</ivalue>
+            <ivalue classname="sessions.chromium%.quick_start" variableExpression="" variableSubstitutionActive="false">false</ivalue>
+            <ivalue classname="sessions.chromium%.scardautostart" variableExpression="" variableSubstitutionActive="false">false</ivalue>
+            <ivalue classname="sessions.chromium%.snotify" variableExpression="" variableSubstitutionActive="false">true</ivalue>
+            <ivalue classname="sessions.chromium%.startmenu" variableExpression="" variableSubstitutionActive="false">true</ivalue>
+            <ivalue classname="sessions.chromium%.startmenu_system" variableExpression="" variableSubstitutionActive="false">false</ivalue>
+            <ivalue classname="sessions.chromium%.usehotkey" variableExpression="" variableSubstitutionActive="false">false</ivalue>
+            <ivalue classname="sessions.chromium%.waittime2autostart" variableExpression="" variableSubstitutionActive="false">0</ivalue>
+            <ivalue classname="sessions.chromium%.waittime2restart" variableExpression="" variableSubstitutionActive="false">0</ivalue>
+        </instance>
+    </instancesettings>
+</profile>

client-py3/full/linux/igel/UDSClient-template.inf

@@ -0,0 +1,7 @@
+[INFO]
+[PART]
+file="UDSClient.tar.bz2"
+version="1.1_igel1"
+size="_SIZE_"
+name="UDSClient"
+minfw="11.05.120"

client-py3/full/linux/igel/UDSClient.desktop

@@ -2,7 +2,7 @@
 Name=UDSClient
 Comment=UDS Helper
 Keywords=uds;client;vdi;
-Exec=/bin/udsclient %u
+Exec=/UDSClient/UDSClient %u
 Icon=help-browser
 StartupNotify=true
 Terminal=false

client-py3/full/linux/igel/init.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+cp /UDSClient/UDSClient.desktop /usr/share/applications.mime
+chmod 755 /UDSClient/UDSClient
+

client-py3/full/linux/installer-appimage-template.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# Check for root
+if ! [ $(id -u) = 0 ]; then
+   echo "This script must be run as root" 
+   exit 1
+fi
+
+echo "Installing UDSClient Portable..."
+
+cp UDSClient-0.0.0-x86_64.AppImage /usr/bin
+chmod 755 /usr/bin/UDSClient-0.0.0-x86_64.AppImage
+cp UDSClient.desktop /usr/share/applications
+update-desktop-database
+
+echo "Installation process done."

client-py3/full/linux/installer.sh

@@ -8,6 +8,8 @@ echo "Installation process done."
 echo "Remember that the following packages must be installed on system:"
 echo "* Python3 paramiko"
 echo "* Python3 PyQt5"
+echo "* Python3 six"
 echo "* Python3 requests"
+echo "* Python3 cryptography"
 echo "Theese packages (as their names), are dependent on your platform, so you must locate and install them"
 echo "Also, ensure that a /media folder exists on your machine, that will be redirected on RDP connections"

client-py3/full/linux/readme.txt

@@ -1,3 +1,5 @@
 UDSClient is the client connector needed to get acccess to services managed by UDS Broker.
 
+For raspberry Pi, AppImage does not works with 1.1.0 (works with 1.0.3)
+
 Please, visit http://www.udsenterprise.com for more information

client-py3/full/linux/thinpro/firefox/45-uds

@@ -0,0 +1,4 @@
+# UDS handlers.json
+cp "/lib/UDSClient/firefox/handlers.json" "$FIREFOX_PROFILE_HANDLERS"
+ffset "network.protocol-handler.external.uds" "true"
+ffset "network.protocol-handler.external.udss" "true"

client-py3/full/linux/thinpro/firefox/handlers.json

@@ -0,0 +1,98 @@
+{
+    "defaultHandlersVersion": {
+        "en-US": 4
+    },
+    "mimeTypes": {
+        "application/pdf": {
+            "action": 3,
+            "extensions": [
+                "pdf"
+            ]
+        },
+        "application/x-ica": {
+            "action": 2,
+            "extensions": [
+                "ica"
+            ],
+            "handlers": [
+                {
+                    "name": "wfica",
+                    "path": "/usr/share/hptc-firefox-mgr/handlers/citrix"
+                }
+            ]
+        },
+        "application/x-rdp": {
+            "action": 2,
+            "extensions": [
+                "rdp"
+            ],
+            "handlers": [
+                {
+                    "name": "HP xfreerdp",
+                    "path": "/usr/share/hptc-firefox-mgr/handlers/rdp"
+                }
+            ]
+        },
+        "text/lic": {
+            "action": 2,
+            "extensions": [
+                "lic"
+            ],
+            "handlers": [
+                {
+                    "name": "Copy license to ThinPro",
+                    "path": "/usr/share/hptc-firefox-mgr/handlers/copy_lic"
+                }
+            ]
+        },
+        "text/xml": {
+            "action": 3,
+            "extensions": [
+                "xml"
+            ]
+        },
+        "image/svg+xml": {
+            "action": 3,
+            "extensions": [
+                "svg"
+            ]
+        },
+        "image/webp": {
+            "action": 3,
+            "extensions": [
+                "webp"
+            ]
+        }
+    },
+    "schemes": {
+        "vmware-view": {
+            "action": 2,
+            "handlers": [
+                {
+                    "name": "VMWare Horizon View",
+                    "path": "/usr/share/hptc-firefox-mgr/handlers/vmware"
+                }
+            ]
+        },
+        "uds": {
+            "action": 2,
+            "handlers": [
+                {
+                    "name": "UDS Client for ThinPro (SSL)",
+                    "path": "/usr/share/hptc-firefox-mgr/handlers/uds"
+                }
+            ]
+        },
+        "udss": {
+            "action": 2,
+            "handlers": [
+                {
+                    "name": "UDS Client for ThinPro",
+                    "path": "/usr/share/hptc-firefox-mgr/handlers/uds"
+                }
+            ]
+        }
+
+
+    }
+}

client-py3/full/linux/thinpro/firefox/uds

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+export LD_PRELOAD=""
+/bin/udsclient $*
+exit 0

client-py3/full/linux/thinpro/firefox7.1/45-uds

@@ -0,0 +1,2 @@
+# UDS handlers.json
+restore "/lib/UDSClient/firefox/handlers.json" "$FIREFOX_PROFILE_HANDLERS"

client-py3/full/linux/thinpro/firefox7.1/handlers.json

@@ -0,0 +1,50 @@
+{
+  "defaultHandlersVersion":{
+    "en-US":4
+  },
+  "mimeTypes":{
+    "application/pdf":{
+      "action":3,
+      "extensions":["pdf"]
+    },
+    "application/x-ica":{
+      "action":2,
+      "handlers":[{
+        "name":"wfica",
+        "path":"/usr/bin/hptc-firefox-run-wfica.sh"
+      }],
+      "extensions":["ica"]
+    },
+    "application/x-rdp":{
+      "action":2,
+      "handlers":[{
+        "name":"HP xfreerdp",
+        "path":"/usr/bin/hptc-run-rdp-file-freerdp.sh"
+      }],
+      "extensions":["rdp"]
+    }
+  },
+  "schemes":{
+    "vmware-view":{
+      "action":2,
+      "handlers":[{
+        "name":"VMWare Horizon View",
+        "path":"/usr/bin/vmware-view"
+      }]
+    },
+    "udss":{
+      "action":2,
+      "handlers":[{
+          "name":"UDS Client",
+          "path":"/bin/udsclient"
+      }]
+    },
+    "uds":{
+      "action":2,
+      "handlers":[{
+          "name":"UDS Client",
+          "path":"/bin/udsclient"
+      }]
+    }
+  }
+}

client-py3/full/linux/thinpro/firefox7.1/syspref.js

@@ -0,0 +1,37 @@
+// This file can be used to configure global preferences for Firefox
+// Example: Homepage
+//pref("browser.startup.homepage", "http://www.weebls-stuff.com/wab/");
+pref("plugin.default.state", 2);
+pref("xpinstall.signatures.required", false, locked);
+pref("extensions.autoDisableScopes", 0, locked);
+pref("extensions.pocket.enabled", false, locked);
+pref("extensions.screenshots.disabled", true, locked);
+pref("datareporting.policy.dataSubmissionEnabled", false, locked);
+pref("datareporting.policy.dataSubmissionEnabled.v2", false, locked);
+
+pref("app.update.auto", false, locked);
+pref("app.update.enabled", false, locked);
+pref("browser.download.manager.closeWhenDone", true, locked);
+pref("browser.helperApps.neverAsk.openFile", "application/x-rdp, application/x-java-jnlp-file", locked);
+pref("browser.EULA.3.accepted", true, locked);
+pref("browser.rights.3.shown", true, locked);
+pref("browser.safebrowsing.enabled", false, locked);
+pref("browser.search.update", false, locked);
+pref("browser.sessionstore.enabled", false, locked);
+pref("browser.sessionhistory.cache_subframes", false, locked);
+pref("datareporting.healthreport.service.enabled", false, locked);
+pref("datareporting.healthreport.uploadEnabled", false, locked);
+pref("devtools.toolbox.host", "none", locked);
+pref("extensions.autoDisableScopes", 14, locked);
+pref("extensions.blocklist.enabled", false, locked);
+pref("extensions.update.enabled", false, locked);
+pref("intl.charsetmenu.browser.cache", "UTF-8", locked);
+
+pref("network.protocol-handler.external.mailto", false, locked);
+pref("network.protocol-handler.external.news", false, locked);
+pref("network.protocol-handler.external.snews", false, locked);
+pref("network.protocol-handler.external.nntp", false, locked);
+pref("network.protocol-handler.external-default", false, locked);
+pref("network.protocol-handler.external.vmware-view", true, locked);
+pref("network.protocol-handler.external.uds", true, locked);
+pref("network.protocol-handler.external.udss", true, locked);

client-py3/full/linux/thinpro/install-uds-client.sh

@@ -0,0 +1,38 @@
+#!/bin/sh
+
+# Common part
+
+# unlocks so we can write on TC
+fsunlock
+
+cp UDSClient /bin/udsclient
+chmod 755 /bin/udsclient
+# RDP Script for UDSClient. Launchs udsclient using the "Template_UDS" profile
+cp udsrdp /usr/bin
+
+INSTALLED=0
+# Installation for 7.1.x version
+grep -q "7.1" /etc/issue
+if [ $? -eq 0 ]; then
+    echo "Installing for thinpro version 7.1"
+    # Allow UDS apps without asking
+    cp firefox7.1/syspref.js /etc/firefox
+    # Copy handlers.json for firefox
+    mkdir -p /lib/UDSClient/firefox/ > /dev/null 2>&1
+    cp firefox7.1/handlers.json /lib/UDSClient/firefox/
+    # and runner
+    cp firefox7.1/45-uds /etc/hptc-firefox-mgr/prestart
+else
+    echo "Installing for thinpro version 7.2 or later"
+    # Copy handlers for firefox
+    mkdir -p /lib/UDSClient/firefox/ > /dev/null 2>&1
+    # Copy handlers.json for firefox
+    cp firefox/handlers.json /lib/UDSClient/firefox/
+    cp firefox/45-uds /etc/hptc-firefox-mgr/prestart
+    # copy uds handler for firefox
+    cp firefox/uds /usr/share/hptc-firefox-mgr/handlers/uds
+    chmod 755 /usr/share/hptc-firefox-mgr/handlers/uds
+fi
+
+# Common part
+fslock

client-py3/full/linux/thinpro/udsrdp

@@ -0,0 +1,390 @@
+#!/bin/bash
+
+function clearParams {
+  mclient set $REGKEY/address ""
+  mclient set $REGKEY/username ""
+  mclient set $REGKEY/password ""
+  mclient set $REGKEY/domain ""
+
+  mclient set $REGKEY/authorizations/user/execution 0
+
+  mclient commit
+}
+
+function getRegKey {
+  # Get Template_UDS
+  for key in `mclient get root/ConnectionType/freerdp/connections | sed "s/dir //g"`; do
+    val=`mclient get $key/label | sed "s/value //g"`
+    if [ "$val" == "Template_UDS" ]; then
+      REGKEY=$key
+    fi
+  done
+}
+
+function createUDSConnectionTemplate {
+  TMPFILE=$(mktemp /tmp/udsexport.XXXXXX)
+  cat > $TMPFILE << EOF
+<Profile>
+ <ProfileSettings>
+  <Name>UDS Template Profile</Name>
+  <RegistryRoot>root/ConnectionType/freerdp/connections/{ff064bd9-047a-45ec-b70f-04ab218186ff}</RegistryRoot>
+  <Target>
+   <Hardware>t420</Hardware>
+   <ImageId>T7X62022</ImageId>
+   <Version>6.2.0</Version>
+   <Config>standard</Config>
+  </Target>
+ </ProfileSettings>
+ <ProfileRegistry>
+  <NodeDir name="{ff064bd9-047a-45ec-b70f-04ab218186ff}">
+   <NodeDir name="rdWebFeed">
+    <NodeKey name="keepResourcesWindowOpened">
+     <NodeParam name="value">0</NodeParam>
+     <NodeParam name="type">bool</NodeParam>
+    </NodeKey>
+    <NodeKey name="autoStartSingleResource">
+     <NodeParam name="value">0</NodeParam>
+     <NodeParam name="type">bool</NodeParam>
+    </NodeKey>
+    <NodeKey name="autoDisconnectTimeout">
+     <NodeParam name="value">0</NodeParam>
+     <NodeParam name="type">number</NodeParam>
+    </NodeKey>
+   </NodeDir>
+   <NodeDir name="loginfields">
+    <NodeKey name="username">
+     <NodeParam name="value">3</NodeParam>
+     <NodeParam name="type">number</NodeParam>
+    </NodeKey>
+    <NodeKey name="rememberme">
+     <NodeParam name="value">2</NodeParam>
+     <NodeParam name="type">number</NodeParam>
+    </NodeKey>
+    <NodeKey name="password">
+     <NodeParam name="value">3</NodeParam>
+     <NodeParam name="type">number</NodeParam>
+    </NodeKey>
+    <NodeKey name="domain">
+     <NodeParam name="value">3</NodeParam>
+     <NodeParam name="type">number</NodeParam>
+    </NodeKey>
+   </NodeDir>
+   <NodeDir name="authorizations">
+    <NodeDir name="user">
+     <NodeKey name="execution">
+      <NodeParam name="value">0</NodeParam>
+      <NodeParam name="type">string</NodeParam>
+     </NodeKey>
+     <NodeKey name="edit">
+      <NodeParam name="value">0</NodeParam>
+      <NodeParam name="type">string</NodeParam>
+     </NodeKey>
+    </NodeDir>
+   </NodeDir>
+   <NodeKey name="address">
+    <NodeParam name="value"/>
+    <NodeParam name="type">string</NodeParam>
+   </NodeKey>
+   <NodeKey name="username">
+    <NodeParam name="value"/>
+    <NodeParam name="type">string</NodeParam>
+   </NodeKey>
+   <NodeKey name="password">
+    <NodeParam name="value">NLCR.1</NodeParam>
+    <NodeParam name="type">rc4</NodeParam>
+   </NodeKey>
+   <NodeKey name="domain">
+    <NodeParam name="value"/>
+    <NodeParam name="type">string</NodeParam>
+   </NodeKey>
+   <NodeKey name="label">
+    <NodeParam name="value">Template_UDS</NodeParam>
+    <NodeParam name="type">string</NodeParam>
+   </NodeKey>
+   <NodeKey name="credentialsType">
+    <NodeParam name="value">password</NodeParam>
+    <NodeParam name="type">string</NodeParam>
+   </NodeKey>
+   <NodeKey name="gatewayEnabled">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="gatewayPort">
+    <NodeParam name="value">443</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="gatewayUsesSameCredentials">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="gatewayCredentialsType">
+    <NodeParam name="value">password</NodeParam>
+    <NodeParam name="type">string</NodeParam>
+   </NodeKey>
+   <NodeKey name="remoteDesktopService">
+    <NodeParam name="value">Remote Computer</NodeParam>
+    <NodeParam name="type">string</NodeParam>
+   </NodeKey>
+   <NodeKey name="windowMode">
+    <NodeParam name="value">Remote Application</NodeParam>
+    <NodeParam name="type">string</NodeParam>
+   </NodeKey>
+   <NodeKey name="seamlessWindow">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="windowType">
+    <NodeParam name="value">full</NodeParam>
+    <NodeParam name="type">string</NodeParam>
+   </NodeKey>
+   <NodeKey name="windowSizePercentage">
+    <NodeParam name="value">70</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="windowSizeWidth">
+    <NodeParam name="value">1024</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="windowSizeHeight">
+    <NodeParam name="value">768</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="mouseMotionEvents">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="compression">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="rdpEncryption">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="offScreenBitmaps">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="attachToConsole">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="clipboardExtension">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="rdp6Buffering">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="rdpProgressiveCodec">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="securityLevel">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="tlsVersion">
+    <NodeParam name="value">auto</NodeParam>
+    <NodeParam name="type">string</NodeParam>
+   </NodeKey>
+   <NodeKey name="sound">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="printerMapping">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="portMapping">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="usbStorageRedirection">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="localPartitionRedirection">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="scRedirection">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="usbMiscRedirection">
+    <NodeParam name="value">2</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="perfFlagNoWallpaper">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="perfFlagFontSmoothing">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="perfFlagDesktopComposition">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="perfFlagNoWindowDrag">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="perfFlagNoMenuAnimations">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="perfFlagNoTheming">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="timeoutsEnabled">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="timeoutWarning">
+    <NodeParam name="value">6000</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="timeoutWarningDialog">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="timeoutRecovery">
+    <NodeParam name="value">30000</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="timeoutError">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="showRDPDashboard">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="showConnectionGraph">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="x11Synchronous">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="x11Logging">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="x11LogAutoflush">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="x11Capture">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="SingleSignOn">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="autostart">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">number</NodeParam>
+   </NodeKey>
+   <NodeKey name="waitForNetwork">
+    <NodeParam name="value">1</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="hasDesktopIcon">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+   <NodeKey name="autoReconnect">
+    <NodeParam name="value">0</NodeParam>
+    <NodeParam name="type">bool</NodeParam>
+   </NodeKey>
+  </NodeDir>
+ </ProfileRegistry>
+ <ProfileFiles/>
+</Profile>
+EOF
+  mclient import $TMPFILE
+  rm $TMPFILE
+}
+
+ADDRESS=
+USERNAME=
+PASSWORD=
+DOMAIN=
+REGKEY=
+CLEAR=0
+
+# Try to locate registry key for UDS Template
+getRegKey
+
+if [ "$REGKEY" == "" ]; then
+  # Not found, create on based on our template
+  createUDSConnectionTemplate
+  getRegKey
+fi
+
+for param in $@; do
+  if [ "/u:" == "${param:0:3}" ]; then
+    USERNAME=${param:3}
+    CLEAR=1
+  fi
+
+  if [ "/p:" == "${param:0:3}" ]; then
+    PASSWORD=${param:3}
+    CLEAR=1
+  fi
+  
+  if [ "/d:" == "${param:0:3}" ]; then
+    DOMAIN=${param:3}
+    CLEAR=1
+  fi
+  
+  if [ "/v:" == "${param:0:3}" ]; then
+    ADDRESS=${param:3}
+    CLEAR=1
+  fi
+done
+
+if [ "$CLEAR" -eq 1 ]; then
+  clearParams
+fi
+
+ID=`basename $REGKEY`
+RESPAWN=0
+
+if [ "" != "$ADDRESS" ]; then
+  mclient set $REGKEY/address "${ADDRESS}"
+  RESPAWN=1
+fi
+
+if [ "" != "$USERNAME" ]; then
+  mclient set $REGKEY/username "${USERNAME}"
+  RESPAWN=1
+fi
+
+if [ "" != "$PASSWORD" ]; then  
+  mclient set $REGKEY/password "${PASSWORD}"
+  RESPAWN=1
+fi
+
+if [ "" != "$DOMAIN" ]; then
+  mclient set $REGKEY/domain "${DOMAIN}"
+  RESPAWN=1
+fi
+
+if [ "$RESPAWN" -eq 1 ]; then
+  mclient set $REGKEY/authorizations/user/execution 1 
+  mclient commit
+  exec $0 # Restart without command line
+fi
+
+process-connection $ID
+
+clearParams

client-py3/full/linux/udsclient-appimage-x86_64.recipe

@@ -0,0 +1,61 @@
+version: 1
+script:
+  # Remove any previous build
+  - rm -rf $TARGET_APPDIR | true
+  # Make usr and icons dirs
+  - mkdir -p $TARGET_APPDIR/usr/src
+  # Copy the python application code into the UDSClientDir
+  - cp ../src/UDS*.py $TARGET_APPDIR/usr/src
+  - cp -r ../src/uds $TARGET_APPDIR/usr/src
+  # Remove __pycache__ and .mypy if exists
+  - rm $TARGET_APPDIR/usr/src/.mypy_cache -rf 2>&1 > /dev/null
+  - rm $TARGET_APPDIR/usr/src/uds/.mypy_cache -rf 2>&1 > /dev/null
+  - rm $TARGET_APPDIR/usr/src/__pycache__ -rf 2>&1 > /dev/null
+  - rm $TARGET_APPDIR/usr/src/uds/__pycache__ -rf 2>&1 > /dev/null
+AppDir:
+  # On /tmp, that is an ext4 filesystem. On btrfs squashfs complains with "Unrecognised xattr prefix btrfs.compression"
+  path: /tmp/UDSClientDir
+
+  app_info:
+    id: com.udsenterprise.UDSClient3
+    name: UDSClient
+    icon: utilities-terminal
+    version: 0.0.0
+    # Set the python executable as entry point
+    exec: usr/bin/python3
+    # Set the application main script path as argument. Use '$@' to forward CLI parameters
+    exec_args: "$APPDIR/usr/src/UDSClient.py $@"
+
+  apt:
+    arch: amd64
+    sources:
+      - sourceline: 'deb [arch=amd64] http://ftp.de.debian.org/debian/ bullseye main contrib non-free'
+        key_url: 'http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x648ACFD622F3D138'
+
+    include:
+      - python3
+      - python3-pkg-resources
+      - python3-pyqt5
+      - python3-paramiko
+      - python3-cryptography
+      - python3-certifi
+      - python3-psutil
+      - freerdp2-x11
+      - freerdp2-wayland
+      - x2goclient
+      - openssh-sftp-server
+    exclude: []
+
+  runtime:
+    env:
+      # Set python home
+      # See https://docs.python.org/3/using/cmdline.html#envvar-PYTHONHOME
+      PYTHONHOME: '${APPDIR}/usr'
+      # Path to the site-packages dir or other modules dirs
+      # See https://docs.python.org/3/using/cmdline.html#envvar-PYTHONPATH
+      PYTHONPATH: '${APPDIR}/usr/lib/python3.9/site-packages'
+
+AppImage:
+  # update-information: None
+  sign-key: 592AF43A64B8559137FA2458AA4ECFEE784E6BA7
+  arch: x86_64

client-py3/full/linux/udsclient-template.spec

@@ -11,7 +11,7 @@ Release: %{release}
 Summary: Client for Universal Desktop Services (UDS) Broker
 License: BSD3
 Group: Applications/Productivity
-Requires: python3-six python3-requests python3-paramiko python3-qt5 (python3-crypto or python3-pycrypto)
+Requires: python3-paramiko python3-qt5 python3-cryptography python3-certifi python3-psutil
 Vendor: Virtual Cable S.L.U.
 URL: http://www.udsenterprise.com
 Provides: udsclient

client-py3/full/src/.gitignore

@@ -1,4 +1,6 @@
 /build
 /dist
-UDSClient.dmg
-UDSClient.pkg
+/UDSClient*.pkg
+/UDSClient*.dist
+/UDSClient*.build
+/.eggs

client-py3/full/src/UDSClient.py

@@ -1,7 +1,7 @@
-#!/usr/bin/env python3
+#!/usr/bin/env -S python3 -s
 # -*- coding: utf-8 -*-
 #
-# Copyright (c) 2014-2017 Virtual Cable S.L.
+# Copyright (c) 2014-2021 Virtual Cable S.L.U.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without modification,
@@ -12,7 +12,7 @@
 #    * Redistributions in binary form must reproduce the above copyright notice,
 #      this list of conditions and the following disclaimer in the documentation
 #      and/or other materials provided with the distribution.
-#    * Neither the name of Virtual Cable S.L. nor the names of its contributors
+#    * Neither the name of Virtual Cable S.L.U. nor the names of its contributors
 #      may be used to endorse or promote products derived from this software
 #      without specific prior written permission.
 #
@@ -31,41 +31,44 @@
 @author: Adolfo Gómez, dkmaster at dkmon dot com
 '''
 import sys
+import os
+import platform
+import time
 import webbrowser
-import json
-import base64, bz2
+import threading
+import typing
 
-from PyQt5 import QtCore, QtGui, QtWidgets  # @UnresolvedImport
-import six
+from PyQt5 import QtCore, QtWidgets
+from PyQt5.QtCore import QSettings
+
+from uds.rest import RestApi, RetryException, InvalidVersion
+
+# Just to ensure there are available on runtime
+from uds.forward import forward as ssh_forward  # type: ignore  # pylint: disable=unused-import
+from uds.tunnel import forward as tunnel_forwards  # type: ignore  # pylint: disable=unused-import
 
-from uds.rest import RestRequest
-from uds.forward import forward  # pylint: disable=unused-import
 from uds.log import logger
 from uds import tools
 from uds import VERSION
 
 from UDSWindow import Ui_MainWindow
 
-# Server before this version uses "unsigned" scripts
-OLD_METHOD_VERSION = '2.4.0'
-
-class RetryException(Exception):
-    pass
 
 class UDSClient(QtWidgets.QMainWindow):
-
-    ticket = None
-    scrambler = None
+    ticket: str = ''
+    scrambler: str = ''
     withError = False
-    animTimer = None
-    anim = 0
-    animInverted = False
-    serverVersion = 'X.Y.Z'  # Will be overwriten on getVersion
-    req = None
+    animTimer: typing.Optional[QtCore.QTimer] = None
+    anim: int = 0
+    animInverted: bool = False
+    api: RestApi
 
-    def __init__(self):
+    def __init__(self, api: RestApi, ticket: str, scrambler: str):
         QtWidgets.QMainWindow.__init__(self)
-        self.setWindowFlags(QtCore.Qt.FramelessWindowHint | QtCore.Qt.WindowStaysOnTopHint)
+        self.api = api
+        self.ticket = ticket
+        self.scrambler = scrambler
+        self.setWindowFlags(QtCore.Qt.FramelessWindowHint | QtCore.Qt.WindowStaysOnTopHint)  # type: ignore
 
         self.ui = Ui_MainWindow()
         self.ui.setupUi(self)
@@ -82,34 +85,29 @@ class UDSClient(QtWidgets.QMainWindow):
         self.move(hpos, vpos)
 
         self.animTimer = QtCore.QTimer()
-        self.animTimer.timeout.connect(self.updateAnim)
+        self.animTimer.timeout.connect(self.updateAnim)  # type: ignore
         # QtCore.QObject.connect(self.animTimer, QtCore.SIGNAL('timeout()'), self.updateAnim)
 
         self.activateWindow()
 
         self.startAnim()
 
-
     def closeWindow(self):
         self.close()
 
-    def processError(self, data):
-        if 'error' in data:
-            # QtWidgets.QMessageBox.critical(self, 'Request error {}'.format(data.get('retryable', '0')), data['error'], QtWidgets.QMessageBox.Ok)
-            if data.get('retryable', '0') == '1':
-                raise RetryException(data['error'])
-
-            raise Exception(data['error'])
-            # QtWidgets.QMessageBox.critical(self, 'Request error', rest.data['error'], QtWidgets.QMessageBox.Ok)
-            # self.closeWindow()
-            # return
-
     def showError(self, error):
         logger.error('got error: %s', error)
         self.stopAnim()
-        self.ui.info.setText('UDS Plugin Error')  # In fact, main window is hidden, so this is not visible... :)
+        self.ui.info.setText(
+            'UDS Plugin Error'
+        )  # In fact, main window is hidden, so this is not visible... :)
         self.closeWindow()
-        QtWidgets.QMessageBox.critical(None, 'UDS Plugin Error', '{}'.format(error), QtWidgets.QMessageBox.Ok)
+        QtWidgets.QMessageBox.critical(
+            None,  # type: ignore
+            'UDS Plugin Error',
+            '{}'.format(error),
+            QtWidgets.QMessageBox.Ok,
+        )
         self.withError = True
 
     def cancelPushed(self):
@@ -125,185 +123,270 @@ class UDSClient(QtWidgets.QMainWindow):
         self.ui.progressBar.setValue(self.anim)
 
     def startAnim(self):
-        self.ui.progressBar.invertedAppearance = False
+        self.ui.progressBar.invertedAppearance = False  # type: ignore
         self.anim = 0
         self.animInverted = False
         self.ui.progressBar.setInvertedAppearance(self.animInverted)
-        self.animTimer.start(40)
+        if self.animTimer:
+            self.animTimer.start(40)
 
     def stopAnim(self):
-        self.ui.progressBar.invertedAppearance = False
-        self.animTimer.stop()
+        self.ui.progressBar.invertedAppearance = False  # type: ignore
+        if self.animTimer:
+            self.animTimer.stop()
 
     def getVersion(self):
-        self.req = RestRequest('', self, self.version)
-        self.req.get()
-
-    def version(self, data):
         try:
-            self.processError(data)
-            self.ui.info.setText('Processing...')
-
-            if data['result']['requiredVersion'] > VERSION:
-                QtWidgets.QMessageBox.critical(self, 'Upgrade required', 'A newer connector version is required.\nA browser will be opened to download it.', QtWidgets.QMessageBox.Ok)
-                webbrowser.open(data['result']['downloadUrl'])
-                self.closeWindow()
-                return
-
-            self.serverVersion = data['result']['requiredVersion']
-            self.getTransportData()
-
-        except RetryException as e:
-            self.ui.info.setText(str(e))
-            QtCore.QTimer.singleShot(1000, self.getVersion)
-
-        except Exception as e:
+            self.api.getVersion()
+        except InvalidVersion as e:
+            QtWidgets.QMessageBox.critical(
+                self,
+                'Upgrade required',
+                'A newer connector version is required.\nA browser will be opened to download it.',
+                QtWidgets.QMessageBox.Ok,
+            )
+            webbrowser.open(e.downloadUrl)
+            self.closeWindow()
+            return
+        except Exception as e:  # pylint: disable=broad-exception-caught
             self.showError(e)
+            self.closeWindow()
+            return
+
+        self.getTransportData()
 
     def getTransportData(self):
         try:
-            self.req = RestRequest('/{}/{}'.format(self.ticket, self.scrambler), self, self.transportDataReceived, params={'hostname': tools.getHostName(), 'version': VERSION})
-            self.req.get()
-        except Exception as e:
-            logger.exception('Got exception on getTransportData')
-            raise e
-
-    def transportDataReceived(self, data):
-        logger.debug('Transport data received')
-        try:
-            self.processError(data)
-
-            params = None
-
-            if self.serverVersion <= OLD_METHOD_VERSION:
-                script = bz2.decompress(base64.b64decode(data['result']))
-                # This fixes uds 2.2 "write" string on binary streams on some transport 
-                script = script.replace(b'stdin.write("', b'stdin.write(b"')
-                script = script.replace(b'version)', b'version.decode("utf-8"))')
-            else:
-                res = data['result']
-                # We have three elements on result:
-                # * Script
-                # * Signature
-                # * Script data
-                # We test that the Script has correct signature, and them execute it with the parameters
-                #script, signature, params = res['script'].decode('base64').decode('bz2'), res['signature'], json.loads(res['params'].decode('base64').decode('bz2'))
-                script, signature, params = bz2.decompress(base64.b64decode(res['script'])), res['signature'], json.loads(bz2.decompress(base64.b64decode(res['params'])))
-                if tools.verifySignature(script, signature) is False:
-                    logger.error('Signature is invalid')
-
-                    raise Exception('Invalid UDS code signature. Please, report to administrator')
-
+            script, params = self.api.getScriptAndParams(self.ticket, self.scrambler)
             self.stopAnim()
 
             if 'darwin' in sys.platform:
                 self.showMinimized()
 
-            QtCore.QTimer.singleShot(3000, self.endScript)
-            self.hide()
+            # QtCore.QTimer.singleShot(3000, self.endScript)
+            # self.hide()
+            self.closeWindow()
 
-            six.exec_(script.decode("utf-8"), globals(), {'parent': self, 'sp':  params})
+            exec(
+                script, globals(), {'parent': self, 'sp': params}
+            )  # pylint: disable=exec-used
+
+            # Execute the waiting tasks...
+            threading.Thread(target=endScript).start()
 
         except RetryException as e:
-            self.ui.info.setText(six.text_type(e) + ', retrying access...')
+            self.ui.info.setText(str(e) + ', retrying access...')
             # Retry operation in ten seconds
             QtCore.QTimer.singleShot(10000, self.getTransportData)
-
-        except Exception as e:
-            #logger.exception('Got exception executing script:')
+        except Exception as e:  # pylint: disable=broad-exception-caught
+            logger.exception('Error getting transport data')
             self.showError(e)
 
-    def endScript(self):
-        # After running script, wait for stuff
-        try:
-            tools.waitForTasks()
-        except Exception:
-            pass
-
-        try:
-            tools.unlinkFiles()
-        except Exception:
-            pass
-
-        try:
-            tools.execBeforeExit()
-        except Exception:
-            pass
-
-        self.closeWindow()
-
     def start(self):
-        '''
+        """
         Starts proccess by requesting version info
-        '''
+        """
         self.ui.info.setText('Initializing...')
         QtCore.QTimer.singleShot(100, self.getVersion)
 
 
-def done(data):
-    QtWidgets.QMessageBox.critical(None, 'Notice', six.text_type(data.data), QtWidgets.QMessageBox.Ok)
-    sys.exit(0)
+def endScript():
+    # Wait a bit before start processing ending sequence
+    time.sleep(3)
+    try:
+        # Remove early stage files...
+        tools.unlinkFiles(early=True)
+    except Exception as e:  # pylint: disable=broad-exception-caught
+        logger.debug('Unlinking files on early stage: %s', e)
+
+    # After running script, wait for stuff
+    try:
+        logger.debug('Wating for tasks to finish...')
+        tools.waitForTasks()
+    except Exception as e:  # pylint: disable=broad-exception-caught
+        logger.debug('Watiting for tasks to finish: %s', e)
+
+    try:
+        logger.debug('Unlinking files')
+        tools.unlinkFiles(early=False)
+    except Exception as e:  # pylint: disable=broad-exception-caught
+        logger.debug('Unlinking files on later stage: %s', e)
+
+    # Removing
+    try:
+        logger.debug('Executing threads before exit')
+        tools.execBeforeExit()
+    except Exception as e:  # pylint: disable=broad-exception-caught
+        logger.debug('execBeforeExit: %s', e)
+
+    logger.debug('endScript done')
+
 
 # Ask user to approve endpoint
-def approveHost(hostName, parentWindow=None):
+def approveHost(hostName: str):
     settings = QtCore.QSettings()
     settings.beginGroup('endpoints')
 
-    #approved = settings.value(hostName, False).toBool()
+    # approved = settings.value(hostName, False).toBool()
     approved = bool(settings.value(hostName, False))
 
     errorString = '<p>The server <b>{}</b> must be approved:</p>'.format(hostName)
-    errorString += '<p>Only approve UDS servers that you trust to avoid security issues.</p>'
+    errorString += (
+        '<p>Only approve UDS servers that you trust to avoid security issues.</p>'
+    )
 
-    if approved or QtWidgets.QMessageBox.warning(parentWindow, 'ACCESS Warning', errorString, QtWidgets.QMessageBox.Yes | QtWidgets.QMessageBox.No) == QtWidgets.QMessageBox.Yes:
-        settings.setValue(hostName, True)
-        approved = True
+    if not approved:
+        if (
+            QtWidgets.QMessageBox.warning(
+                None,  # type: ignore
+                'ACCESS Warning',
+                errorString,
+                QtWidgets.QMessageBox.Yes | QtWidgets.QMessageBox.No,  # type: ignore
+            )
+            == QtWidgets.QMessageBox.Yes
+        ):
+            settings.setValue(hostName, True)
+            approved = True
 
     settings.endGroup()
     return approved
 
-if __name__ == "__main__":
-    logger.debug('Initializing connector')
-    
-    # Initialize app
-    app = QtWidgets.QApplication(sys.argv)
 
+def sslError(hostname: str, serial):
+    settings = QSettings()
+    settings.beginGroup('ssl')
+
+    approved = settings.value(serial, False)
+
+    if (
+        approved
+        or QtWidgets.QMessageBox.warning(
+            None,  # type: ignore
+            'SSL Warning',
+            f'Could not check SSL certificate for {hostname}.\nDo you trust this host?',
+            QtWidgets.QMessageBox.Yes | QtWidgets.QMessageBox.No,  # type: ignore
+        )
+        == QtWidgets.QMessageBox.Yes
+    ):
+        approved = True
+        settings.setValue(serial, True)
+
+    settings.endGroup()
+    return approved
+
+
+# Used only if command line says so
+def minimal(api: RestApi, ticket: str, scrambler: str):
+    try:
+        logger.info('Minimal Execution')
+        logger.debug('Getting version')
+        try:
+            api.getVersion()
+        except InvalidVersion as e:
+            QtWidgets.QMessageBox.critical(
+                None,  # type: ignore
+                'Upgrade required',
+                'A newer connector version is required.\nA browser will be opened to download it.',
+                QtWidgets.QMessageBox.Ok,
+            )
+            webbrowser.open(e.downloadUrl)
+            return 0
+        logger.debug('Transport data')
+        script, params = api.getScriptAndParams(ticket, scrambler)
+
+        # Execute UDS transport script
+        exec(script, globals(), {'parent': None, 'sp': params})
+        # Execute the waiting task...
+        threading.Thread(target=endScript).start()
+
+    except RetryException as e:
+        QtWidgets.QMessageBox.warning(
+            None,  # type: ignore
+            'Service not ready',
+            '{}'.format('.\n'.join(str(e).split('.')))
+            + '\n\nPlease, retry again in a while.',
+            QtWidgets.QMessageBox.Ok,
+        )
+    except Exception as e:  # pylint: disable=broad-exception-caught
+        # logger.exception('Got exception on getTransportData')
+        QtWidgets.QMessageBox.critical(
+            None,  # type: ignore
+            'Error',
+            '{}'.format(str(e)) + '\n\nPlease, retry again in a while.',
+            QtWidgets.QMessageBox.Ok,
+        )
+    return 0
+
+
+def main(args: typing.List[str]):
+    app = QtWidgets.QApplication(sys.argv)
+    logger.debug('Initializing connector for %s(%s)', sys.platform, platform.machine())
+
+    logger.debug('Arguments: %s', args)
     # Set several info for settings
     QtCore.QCoreApplication.setOrganizationName('Virtual Cable S.L.U.')
     QtCore.QCoreApplication.setApplicationName('UDS Connector')
 
     if 'darwin' not in sys.platform:
         logger.debug('Mac OS *NOT* Detected')
-        app.setStyle('plastique')
-
-    if six.PY3 is False:
-        logger.debug('Fixing threaded execution of commands')
-        import threading
-        threading._DummyThread._Thread__stop = lambda x: 42  # type: ignore # pylint: disable=protected-access
+        app.setStyle('plastique')  # type: ignore
+    else:
+        logger.debug('Platform is Mac OS, adding homebrew possible paths')
+        os.environ['PATH'] += ''.join(
+            os.pathsep + i
+            for i in (
+                '/usr/local/bin',
+                '/opt/homebrew/bin',
+            )
+        )
+        logger.debug('Now path is %s', os.environ['PATH'])
 
     # First parameter must be url
+    useMinimal = False
     try:
-        uri = sys.argv[1]
+        uri = args[1]
+
+        if uri == '--minimal':
+            useMinimal = True
+            uri = args[2]  # And get URI
 
         if uri == '--test':
             sys.exit(0)
 
         logger.debug('URI: %s', uri)
-        if uri[:6] != 'uds://' and uri[:7] != 'udss://':
-            raise Exception()
+        # Shows error if using http (uds:// ) version, not supported anymore
+        if uri[:6] == 'uds://':
+            QtWidgets.QMessageBox.critical(
+                None,  # type: ignore
+                'Notice',
+                f'UDS Client Version {VERSION} does not support HTTP protocol Anymore.',
+                QtWidgets.QMessageBox.Ok,
+            )
+            sys.exit(1)
+        if uri[:7] != 'udss://':
+            raise Exception('Not supported protocol')  # Just shows "about" dialog
 
-        ssl = uri[3] == 's'
-        host, UDSClient.ticket, UDSClient.scrambler = uri.split('//')[1].split('/')  # type: ignore
-        logger.debug('ssl:%s, host:%s, ticket:%s, scrambler:%s', ssl, host, UDSClient.ticket, UDSClient.scrambler)
-    except Exception:
+        host, ticket, scrambler = uri.split('//')[1].split('/')  # type: ignore
+        logger.debug(
+            'host:%s, ticket:%s, scrambler:%s',
+            host,
+            ticket,
+            scrambler,
+        )
+    except Exception:  # pylint: disable=broad-except
         logger.debug('Detected execution without valid URI, exiting')
-        QtWidgets.QMessageBox.critical(None, 'Notice', 'UDS Client Version {}'.format(VERSION), QtWidgets.QMessageBox.Ok)
+        QtWidgets.QMessageBox.critical(
+            None,  # type: ignore
+            'Notice',
+            f'UDS Client Version {VERSION}',
+            QtWidgets.QMessageBox.Ok,
+        )
         sys.exit(1)
 
     # Setup REST api endpoint
-    RestRequest.restApiUrl = '{}://{}/rest/client'.format(['http', 'https'][ssl], host)
-    logger.debug('Setting request URL to %s', RestRequest.restApiUrl)
-    # RestRequest.restApiUrl = 'https://172.27.0.1/rest/client'
+    api = RestApi(
+        f'https://{host}/uds/rest/client', sslError
+    )
 
     try:
         logger.debug('Starting execution')
@@ -312,18 +395,24 @@ if __name__ == "__main__":
         if approveHost(host) is False:
             raise Exception('Host {} was not approved'.format(host))
 
-        win = UDSClient()
+        win = UDSClient(api, ticket, scrambler)
         win.show()
 
         win.start()
 
-        exitVal = app.exec_()
+        exitVal = app.exec()
         logger.debug('Execution finished correctly')
 
-    except Exception as e:
+    except Exception as e:  # pylint: disable=broad-exception-caught
         logger.exception('Got an exception executing client:')
         exitVal = 128
-        QtWidgets.QMessageBox.critical(None, 'Error', six.text_type(e), QtWidgets.QMessageBox.Ok)
+        QtWidgets.QMessageBox.critical(
+            None, 'Error', str(e), QtWidgets.QMessageBox.Ok  # type: ignore
+        )
 
     logger.debug('Exiting')
     sys.exit(exitVal)
+
+
+if __name__ == "__main__":
+    main(sys.argv)

client-py3/full/src/UDSClientLauncher.py

@@ -0,0 +1,80 @@
+import sys
+import os.path
+import subprocess
+import typing
+
+from uds.log import logger
+import UDSClient
+from UDSLauncherMac import Ui_MacLauncher
+
+from PyQt5 import QtCore, QtWidgets, QtGui
+
+SCRIPT_NAME = 'UDSClientLauncher'
+
+
+class UdsApplication(QtWidgets.QApplication):
+    path: str
+    tunnels: typing.List[subprocess.Popen]
+
+    def __init__(self, argv: typing.List[str]) -> None:
+        super().__init__(argv)
+        self.path = os.path.join(os.path.dirname(sys.argv[0]).replace('Resources', 'MacOS'), SCRIPT_NAME)
+        self.tunnels = []
+        self.lastWindowClosed.connect(self.closeTunnels)  # type: ignore
+
+    def cleanTunnels(self) -> None:
+        '''
+        Removes all finished tunnels from the list
+        '''
+
+        def isRunning(p: subprocess.Popen):
+            try:
+                if p.poll() is None:
+                    return True
+            except Exception as e:
+                logger.debug('Got error polling subprocess: %s', e)
+            return False
+
+        # Remove references to finished tunnels, they will be garbage collected
+        self.tunnels = [tunnel for tunnel in self.tunnels if isRunning(tunnel)]
+
+    def closeTunnels(self) -> None:
+        '''
+        Finishes all running tunnels
+        '''
+        logger.debug('Closing remaining tunnels')
+        for tunnel in self.tunnels:
+            logger.debug('Checking %s - "%s"', tunnel, tunnel.poll())
+            if tunnel.poll() is None:  # Running
+                logger.info('Found running tunnel %s, closing it', tunnel.pid)
+                tunnel.kill()
+
+    def event(self, evnt: QtCore.QEvent) -> bool:
+        if evnt.type() == QtCore.QEvent.Type.FileOpen:
+            fe = typing.cast(QtGui.QFileOpenEvent, evnt)
+            logger.debug('Got url: %s', fe.url().url())
+            fe.accept()
+            logger.debug('Spawning %s', self.path)
+            # First, remove all finished tunnel processed from check queue
+            self.cleanTunnels()
+            # And now add a new one
+            self.tunnels.append(subprocess.Popen([self.path, fe.url().url()]))
+
+        return super().event(evnt)
+
+
+def main(args: typing.List[str]):
+    if len(args) > 1:
+        UDSClient.main(args)
+    else:
+        app = UdsApplication(sys.argv)
+        window = QtWidgets.QMainWindow()
+        Ui_MacLauncher().setupUi(window)
+
+        window.showMinimized()
+
+        sys.exit(app.exec())
+
+
+if __name__ == "__main__":
+    main(args=sys.argv)

client-py3/full/src/UDSLauncherMac.py

@@ -0,0 +1,75 @@
+# -*- coding: utf-8 -*-
+
+# Form implementation generated from reading ui file 'UDSLauncherMac.ui'
+#
+# Created by: PyQt5 UI code generator 5.15.2
+#
+# WARNING: Any manual changes made to this file will be lost when pyuic5 is
+# run again.  Do not edit this file unless you know what you are doing.
+
+
+from PyQt5 import QtCore, QtGui, QtWidgets
+
+
+class Ui_MacLauncher(object):
+    def setupUi(self, MacLauncher):
+        MacLauncher.setObjectName("MacLauncher")
+        MacLauncher.setWindowModality(QtCore.Qt.NonModal)
+        MacLauncher.resize(235, 120)
+        MacLauncher.setCursor(QtGui.QCursor(QtCore.Qt.ArrowCursor))
+        icon = QtGui.QIcon()
+        icon.addPixmap(QtGui.QPixmap(":/images/logo-uds-small"), QtGui.QIcon.Normal, QtGui.QIcon.Off)
+        MacLauncher.setWindowIcon(icon)
+        MacLauncher.setWindowOpacity(1.0)
+        self.centralwidget = QtWidgets.QWidget(MacLauncher)
+        self.centralwidget.setAutoFillBackground(True)
+        self.centralwidget.setObjectName("centralwidget")
+        self.verticalLayout_2 = QtWidgets.QVBoxLayout(self.centralwidget)
+        self.verticalLayout_2.setContentsMargins(4, 4, 4, 4)
+        self.verticalLayout_2.setSpacing(4)
+        self.verticalLayout_2.setObjectName("verticalLayout_2")
+        self.frame = QtWidgets.QFrame(self.centralwidget)
+        self.frame.setFrameShape(QtWidgets.QFrame.StyledPanel)
+        self.frame.setFrameShadow(QtWidgets.QFrame.Raised)
+        self.frame.setObjectName("frame")
+        self.verticalLayout = QtWidgets.QVBoxLayout(self.frame)
+        self.verticalLayout.setObjectName("verticalLayout")
+        self.topLabel = QtWidgets.QLabel(self.frame)
+        self.topLabel.setTextFormat(QtCore.Qt.RichText)
+        self.topLabel.setObjectName("topLabel")
+        self.verticalLayout.addWidget(self.topLabel)
+        self.image = QtWidgets.QLabel(self.frame)
+        self.image.setMinimumSize(QtCore.QSize(0, 32))
+        self.image.setAutoFillBackground(True)
+        self.image.setText("")
+        self.image.setPixmap(QtGui.QPixmap(":/images/logo-uds-small"))
+        self.image.setScaledContents(False)
+        self.image.setAlignment(QtCore.Qt.AlignCenter)
+        self.image.setObjectName("image")
+        self.verticalLayout.addWidget(self.image)
+        self.label_2 = QtWidgets.QLabel(self.frame)
+        self.label_2.setTextFormat(QtCore.Qt.RichText)
+        self.label_2.setObjectName("label_2")
+        self.verticalLayout.addWidget(self.label_2)
+        self.verticalLayout_2.addWidget(self.frame)
+        MacLauncher.setCentralWidget(self.centralwidget)
+
+        self.retranslateUi(MacLauncher)
+        QtCore.QMetaObject.connectSlotsByName(MacLauncher)
+
+    def retranslateUi(self, MacLauncher):
+        _translate = QtCore.QCoreApplication.translate
+        MacLauncher.setWindowTitle(_translate("MacLauncher", "UDS Launcher"))
+        self.topLabel.setText(_translate("MacLauncher", "<html><head/><body><p align=\"center\"><span style=\" font-size:12pt; font-weight:600;\">UDS Launcher</span></p></body></html>"))
+        self.label_2.setText(_translate("MacLauncher", "<html><head/><body><p align=\"center\"><span style=\" font-size:6pt;\">Closing this window will end all UDS tunnels</span></p></body></html>"))
+import UDSResources_rc
+
+
+if __name__ == "__main__":
+    import sys
+    app = QtWidgets.QApplication(sys.argv)
+    MacLauncher = QtWidgets.QMainWindow()
+    ui = Ui_MacLauncher()
+    ui.setupUi(MacLauncher)
+    MacLauncher.show()
+    sys.exit(app.exec_())

client-py3/full/src/UDSLauncherMac.ui

@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ui version="4.0">
+ <class>MacLauncher</class>
+ <widget class="QMainWindow" name="MacLauncher">
+  <property name="windowModality">
+   <enum>Qt::NonModal</enum>
+  </property>
+  <property name="geometry">
+   <rect>
+    <x>0</x>
+    <y>0</y>
+    <width>235</width>
+    <height>120</height>
+   </rect>
+  </property>
+  <property name="cursor">
+   <cursorShape>ArrowCursor</cursorShape>
+  </property>
+  <property name="windowTitle">
+   <string>UDS Launcher</string>
+  </property>
+  <property name="windowIcon">
+   <iconset resource="UDSResources.qrc">
+    <normaloff>:/images/logo-uds-small</normaloff>:/images/logo-uds-small</iconset>
+  </property>
+  <property name="windowOpacity">
+   <double>1.000000000000000</double>
+  </property>
+  <widget class="QWidget" name="centralwidget">
+   <property name="autoFillBackground">
+    <bool>true</bool>
+   </property>
+   <layout class="QVBoxLayout" name="verticalLayout_2">
+    <property name="spacing">
+     <number>4</number>
+    </property>
+    <property name="leftMargin">
+     <number>4</number>
+    </property>
+    <property name="topMargin">
+     <number>4</number>
+    </property>
+    <property name="rightMargin">
+     <number>4</number>
+    </property>
+    <property name="bottomMargin">
+     <number>4</number>
+    </property>
+    <item>
+     <widget class="QFrame" name="frame">
+      <property name="frameShape">
+       <enum>QFrame::StyledPanel</enum>
+      </property>
+      <property name="frameShadow">
+       <enum>QFrame::Raised</enum>
+      </property>
+      <layout class="QVBoxLayout" name="verticalLayout">
+       <item>
+        <widget class="QLabel" name="topLabel">
+         <property name="text">
+          <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p align=&quot;center&quot;&gt;&lt;span style=&quot; font-size:12pt; font-weight:600;&quot;&gt;UDS Launcher&lt;/span&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
+         </property>
+         <property name="textFormat">
+          <enum>Qt::RichText</enum>
+         </property>
+        </widget>
+       </item>
+       <item>
+        <widget class="QLabel" name="image">
+         <property name="minimumSize">
+          <size>
+           <width>0</width>
+           <height>32</height>
+          </size>
+         </property>
+         <property name="autoFillBackground">
+          <bool>true</bool>
+         </property>
+         <property name="text">
+          <string notr="true"/>
+         </property>
+         <property name="pixmap">
+          <pixmap resource="UDSResources.qrc">:/images/logo-uds-small</pixmap>
+         </property>
+         <property name="scaledContents">
+          <bool>false</bool>
+         </property>
+         <property name="alignment">
+          <set>Qt::AlignCenter</set>
+         </property>
+        </widget>
+       </item>
+       <item>
+        <widget class="QLabel" name="label_2">
+         <property name="text">
+          <string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p align=&quot;center&quot;&gt;&lt;span style=&quot; font-size:6pt;&quot;&gt;Closing this window will end all UDS tunnels&lt;/span&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
+         </property>
+         <property name="textFormat">
+          <enum>Qt::RichText</enum>
+         </property>
+        </widget>
+       </item>
+      </layout>
+     </widget>
+    </item>
+   </layout>
+  </widget>
+ </widget>
+ <resources>
+  <include location="UDSResources.qrc"/>
+ </resources>
+ <connections/>
+</ui>

client-py3/full/src/UDSResources_rc.py

@@ -2,7 +2,7 @@
 
 # Resource object code
 #
-# Created by: The Resource Compiler for PyQt5 (Qt v5.13.2)
+# Created by: The Resource Compiler for PyQt5 (Qt v5.15.2)
 #
 # WARNING! All changes made in this file will be lost!
 
@@ -2467,9 +2467,9 @@ qt_resource_struct_v2 = b"\
 \x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x02\
 \x00\x00\x00\x00\x00\x00\x00\x00\
 \x00\x00\x00\x12\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\
-\x00\x00\x01\x70\xc4\x82\x24\xd0\
+\x00\x00\x01\x81\xce\x8a\xaf\xd2\
 \x00\x00\x00\x34\x00\x00\x00\x00\x00\x01\x00\x00\x08\xf1\
-\x00\x00\x01\x70\xc4\x82\x24\xd0\
+\x00\x00\x01\x81\xce\x8a\xaf\xd2\
 "
 
 qt_version = [int(v) for v in QtCore.qVersion().split('.')]

client-py3/full/src/UDSWindow.py

@@ -2,9 +2,10 @@
 
 # Form implementation generated from reading ui file 'UDSWindow.ui'
 #
-# Created by: PyQt5 UI code generator 5.13.2
+# Created by: PyQt5 UI code generator 5.15.2
 #
-# WARNING! All changes made in this file will be lost!
+# WARNING: Any manual changes made to this file will be lost when pyuic5 is
+# run again.  Do not edit this file unless you know what you are doing.
 
 
 from PyQt5 import QtCore, QtGui, QtWidgets

client-py3/full/src/uds/__init__.py

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright (c) 2014-2017 Virtual Cable S.L.
+# Copyright (c) 2014-2021 Virtual Cable S.L.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without modification,
@@ -29,13 +29,11 @@
 '''
 @author: Adolfo Gómez, dkmaster at dkmon dot com
 '''
-from __future__ import unicode_literals
-
-VERSION = '3.0.0'
+VERSION = '3.6.0'
 
 __title__ = 'udclient'
 __version__ = VERSION
-__build__ = 0x010760
-__author__ = 'Adolfo Gómez'
+__build__ = 0x010712
+__author__ = 'Adolfo Gómez <dkmaster@dkmon.com>'
 __license__ = "BSD 3-clause"
-__copyright__ = "Copyright 2014-2017 VirtualCable S.L.U."
+__copyright__ = "Copyright 2014-2022 VirtualCable S.L.U."

client-py3/full/src/uds/forward.py

@@ -9,6 +9,7 @@ import random
 import time
 import select
 import socketserver
+import typing
 
 import paramiko
 
@@ -24,7 +25,11 @@ class CheckfingerPrints(paramiko.MissingHostKeyPolicy):
         if self.fingerPrints:
             remotefingerPrints = hexlify(key.get_fingerprint()).decode().lower()
             if remotefingerPrints not in self.fingerPrints.split(','):
-                logger.error("Server {!r} has invalid fingerPrints. ({} vs {})".format(hostname, remotefingerPrints, self.fingerPrints))
+                logger.error(
+                    "Server {!r} has invalid fingerPrints. ({} vs {})".format(
+                        hostname, remotefingerPrints, self.fingerPrints
+                    )
+                )
                 raise paramiko.SSHException(
                     "Server {!r} has invalid fingerPrints".format(hostname)
                 )
@@ -36,26 +41,49 @@ class ForwardServer(socketserver.ThreadingTCPServer):
 
 
 class Handler(socketserver.BaseRequestHandler):
+    event: threading.Event
+    thread: 'ForwardThread'
+    ssh_transport: paramiko.Transport
+    chain_host: str
+    chain_port: int
 
     def handle(self):
         self.thread.currentConnections += 1
 
         try:
-            chan = self.ssh_transport.open_channel('direct-tcpip',
-                                                   (self.chain_host, self.chain_port),
-                                                   self.request.getpeername())
+            chan = self.ssh_transport.open_channel(
+                'direct-tcpip',
+                (self.chain_host, self.chain_port),
+                self.request.getpeername(),
+            )
         except Exception as e:
-            logger.exception('Incoming request to %s:%d failed: %s', self.chain_host, self.chain_port, repr(e))
+            logger.exception(
+                'Incoming request to %s:%d failed: %s',
+                self.chain_host,
+                self.chain_port,
+                repr(e),
+            )
             return
         if chan is None:
-            logger.error('Incoming request to %s:%d was rejected by the SSH server.', self.chain_host, self.chain_port)
+            logger.error(
+                'Incoming request to %s:%d was rejected by the SSH server.',
+                self.chain_host,
+                self.chain_port,
+            )
             return
 
-        logger.debug('Connected!  Tunnel open %r -> %r -> %r', self.request.getpeername(), chan.getpeername(), (self.chain_host, self.chain_port))
+        logger.debug(
+            'Connected!  Tunnel open %r -> %r -> %r',
+            self.request.getpeername(),
+            chan.getpeername(),
+            (self.chain_host, self.chain_port),
+        )
         # self.ssh_transport.set_keepalive(10)  # Keep alive every 10 seconds...
         try:
             while self.event.is_set() is False:
-                r, _w, _x = select.select([self.request, chan], [], [], 1)  # pylint: disable=unused-variable
+                r, _w, _x = select.select(
+                    [self.request, chan], [], [], 1
+                )  # pylint: disable=unused-variable
 
                 if self.request in r:
                     data = self.request.recv(1024)
@@ -74,7 +102,10 @@ class Handler(socketserver.BaseRequestHandler):
             peername = self.request.getpeername()
             chan.close()
             self.request.close()
-            logger.debug('Tunnel closed from %r', peername,)
+            logger.debug(
+                'Tunnel closed from %r',
+                peername,
+            )
         except Exception:
             pass
 
@@ -86,8 +117,21 @@ class Handler(socketserver.BaseRequestHandler):
 
 class ForwardThread(threading.Thread):
     status = 0  # Connecting
+    client: typing.Optional[paramiko.SSHClient]
+    fs: typing.Optional[ForwardServer]
 
-    def __init__(self, server, port, username, password, localPort, redirectHost, redirectPort, waitTime, fingerPrints):
+    def __init__(
+        self,
+        server,
+        port,
+        username,
+        password,
+        localPort,
+        redirectHost,
+        redirectPort,
+        waitTime,
+        fingerPrints,
+    ):
         threading.Thread.__init__(self)
         self.client = None
         self.fs = None
@@ -102,7 +146,7 @@ class ForwardThread(threading.Thread):
         self.redirectPort = redirectPort
 
         self.waitTime = waitTime
-        
+
         self.fingerPrints = fingerPrints
 
         self.stopEvent = threading.Event()
@@ -116,9 +160,19 @@ class ForwardThread(threading.Thread):
         if localPort is None:
             localPort = random.randrange(33000, 53000)
 
-        ft = ForwardThread(self.server, self.port, self.username, self.password, localPort, redirectHost, redirectPort, self.waitTime, self.fingerPrints)
+        ft = ForwardThread(
+            self.server,
+            self.port,
+            self.username,
+            self.password,
+            localPort,
+            redirectHost,
+            redirectPort,
+            self.waitTime,
+            self.fingerPrints,
+        )
         ft.client = self.client
-        self.client.useCount += 1  # One more using this client
+        self.client.useCount += 1  # type: ignore
         ft.start()
 
         while ft.status == 0:
@@ -126,7 +180,6 @@ class ForwardThread(threading.Thread):
 
         return (ft, localPort)
 
-
     def _timerFnc(self):
         self.timer = None
         logger.debug('Timer fnc: %s', self.currentConnections)
@@ -138,14 +191,23 @@ class ForwardThread(threading.Thread):
         if self.client is None:
             try:
                 self.client = paramiko.SSHClient()
-                self.client.useCount = 1  # Custom added variable, to keep track on when to close tunnel
+                self.client.useCount = 1  # type: ignore
                 self.client.load_system_host_keys()
-                self.client.set_missing_host_key_policy(CheckfingerPrints(self.fingerPrints))
+                self.client.set_missing_host_key_policy(
+                    CheckfingerPrints(self.fingerPrints)
+                )
 
                 logger.debug('Connecting to ssh host %s:%d ...', self.server, self.port)
 
                 # To disable ssh-ageng asking for passwords: allow_agent=False
-                self.client.connect(self.server, self.port, username=self.username, password=self.password, timeout=5, allow_agent=False)
+                self.client.connect(
+                    self.server,
+                    self.port,
+                    username=self.username,
+                    password=self.password,
+                    timeout=5,
+                    allow_agent=False,
+                )
             except Exception:
                 logger.exception('Exception connecting: ')
                 self.status = 2  # Error
@@ -154,7 +216,7 @@ class ForwardThread(threading.Thread):
         class SubHandler(Handler):
             chain_host = self.redirectHost
             chain_port = self.redirectPort
-            ssh_transport = self.client.get_transport()
+            ssh_transport = self.client.get_transport()  # type: ignore
             event = self.stopEvent
             thread = self
 
@@ -173,18 +235,30 @@ class ForwardThread(threading.Thread):
                 self.timer.cancel()
 
             self.stopEvent.set()
-            self.fs.shutdown()
+
+            if self.fs:
+                self.fs.shutdown()
 
             if self.client is not None:
-                self.client.useCount -= 1
-                if self.client.useCount == 0:
+                self.client.useCount -= 1  # type: ignore
+                if self.client.useCount == 0:  # type: ignore
                     self.client.close()
                 self.client = None  # Clean up
         except Exception:
             logger.exception('Exception stopping')
 
 
-def forward(server, port, username, password, redirectHost, redirectPort, localPort=None, waitTime=10, fingerPrints=None):
+def forward(
+    server,
+    port,
+    username,
+    password,
+    redirectHost,
+    redirectPort,
+    localPort=None,
+    waitTime=10,
+    fingerPrints=None,
+):
     '''
     Instantiates an ssh connection to server:port
     Returns the Thread created and the local redirected port as a list: (thread, port)
@@ -194,10 +268,28 @@ def forward(server, port, username, password, redirectHost, redirectPort, localP
     if localPort is None:
         localPort = random.randrange(40000, 50000)
 
-    logger.debug('Connecting to %s:%s using %s/%s redirecting to %s:%s, listening on 127.0.0.1:%s',
-                 server, port, username, password, redirectHost, redirectPort, localPort)
+    logger.debug(
+        'Connecting to %s:%s using %s/%s redirecting to %s:%s, listening on 127.0.0.1:%s',
+        server,
+        port,
+        username,
+        password,
+        redirectHost,
+        redirectPort,
+        localPort,
+    )
 
-    ft = ForwardThread(server, port, username, password, localPort, redirectHost, redirectPort, waitTime, fingerPrints)
+    ft = ForwardThread(
+        server,
+        port,
+        username,
+        password,
+        localPort,
+        redirectHost,
+        redirectPort,
+        waitTime,
+        fingerPrints,
+    )
 
     ft.start()
 

client-py3/full/src/uds/log.py

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 #
-# Copyright (c) 2014 Virtual Cable S.L.
+# Copyright (c) 2014-2021 Virtual Cable S.L.U.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without modification,
@@ -29,27 +29,71 @@
 '''
 @author: Adolfo Gómez, dkmaster at dkmon dot com
 '''
-from __future__ import unicode_literals
-
 import logging
 import os
+import os.path
+import platform
 import sys
 import tempfile
 
-if sys.platform.startswith('linux'):
-    from os.path import expanduser  # pylint: disable=ungrouped-imports
-    logFile = expanduser('~/udsclient.log')
+LOGLEVEL = logging.INFO
+DEBUG = False
+
+# Update debug level if uds-debug-on exists
+if 'linux' in sys.platform or 'darwin' in sys.platform:
+    logFile = os.path.expanduser('~/udsclient.log')
+    if os.path.isfile(os.path.expanduser('~/uds-debug-on')):
+        LOGLEVEL = logging.DEBUG
+        DEBUG = True
 else:
-    logFile = os.path.join(tempfile.gettempdir(), b'udsclient.log')
+    logFile = os.path.join(tempfile.gettempdir(), 'udsclient.log')
+    if os.path.isfile(os.path.join(tempfile.gettempdir(), 'uds-debug-on')):
+        LOGLEVEL = logging.DEBUG
+        DEBUG = True
 
 try:
     logging.basicConfig(
         filename=logFile,
         filemode='a',
         format='%(levelname)s %(asctime)s %(message)s',
-        level=logging.INFO
+        level=LOGLEVEL,
     )
 except Exception:
-    logging.basicConfig(format='%(levelname)s %(asctime)s %(message)s', level=logging.INFO)
+    logging.basicConfig(format='%(levelname)s %(asctime)s %(message)s', level=LOGLEVEL)
 
 logger = logging.getLogger('udsclient')
+
+if DEBUG:
+    # Include as much as platform info as possible
+    logger.debug('Platform info:')
+    logger.debug('  Platform: %s', platform.platform())
+    logger.debug('  Node: %s', platform.node())
+    logger.debug('  System: %s', platform.system())
+    logger.debug('  Release: %s', platform.release())
+    logger.debug('  Version: %s', platform.version())
+    logger.debug('  Machine: %s', platform.machine())
+    logger.debug('  Processor: %s', platform.processor())
+    logger.debug('  Architecture: %s', platform.architecture())
+    logger.debug('  Python version: %s', platform.python_version())
+    logger.debug('  Python implementation: %s', platform.python_implementation())
+    logger.debug('  Python compiler: %s', platform.python_compiler())
+    logger.debug('  Python build: %s', platform.python_build())
+    # Also environment variables and any useful info
+    logger.debug('Log level set to DEBUG')
+    logger.debug('Environment variables:')
+    for k, v in os.environ.items():
+        logger.debug('  %s=%s', k, v)
+
+    # usefull info for debugging
+    logger.debug('Python path: %s', sys.path)
+    logger.debug('Python executable: %s', sys.executable)
+    logger.debug('Python version: %s', sys.version)
+    logger.debug('Python version info: %s', sys.version_info)
+    logger.debug('Python prefix: %s', sys.prefix)
+    logger.debug('Python base prefix: %s', sys.base_prefix)
+    logger.debug('Python executable: %s', sys.executable)
+    logger.debug('Python argv: %s', sys.argv)
+    logger.debug('Python modules path: %s', sys.path)
+    logger.debug('Python modules path (site): %s', sys.path_importer_cache)
+    logger.debug('Python modules path (site): %s', sys.path_hooks)
+    

client-py3/full/src/uds/os_detector.py

@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 
 #
-# Copyright (c) 2017 Virtual Cable S.L.
+# Copyright (c) 2017-2021 Virtual Cable S.L.U.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without modification,
@@ -30,14 +30,13 @@
 '''
 @author: Adolfo Gómez, dkmaster at dkmon dot com
 '''
-from __future__ import unicode_literals
-
 import sys
 
 LINUX = 'Linux'
 WINDOWS = 'Windows'
 MAC_OS_X = 'Mac os x'
 
+
 def getOs():
     if sys.platform.startswith('linux'):
         return LINUX

client-py3/full/src/uds/rest.py

@@ -1,7 +1,6 @@
 # -*- coding: utf-8 -*-
-
 #
-# Copyright (c) 2017 Virtual Cable S.L.
+# Copyright (c) 2017-2021 Virtual Cable S.L.U.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without modification,
@@ -30,95 +29,239 @@
 '''
 @author: Adolfo Gómez, dkmaster at dkmon dot com
 '''
-# pylint: disable=c-extension-no-member,no-name-in-module
-
 import json
+import bz2
+import base64
 import urllib
 import urllib.parse
+import urllib.request
+import urllib.error
+import ssl
+import socket
+import typing
 
-from PyQt5.QtCore import pyqtSignal, pyqtSlot
-from PyQt5.QtCore import QObject, QUrl, QSettings
-from PyQt5.QtCore import Qt
-from PyQt5.QtNetwork import QNetworkAccessManager, QNetworkRequest, QNetworkReply, QSslCertificate
-from PyQt5.QtWidgets import QMessageBox
-
-from . import osDetector
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
 
+from . import os_detector
+from . import tools
 from . import VERSION
+from .log import logger
+
+# Server before this version uses "unsigned" scripts
+OLD_METHOD_VERSION = '2.4.0'
+
+SECURE_CIPHERS = (
+    'TLS_AES_256_GCM_SHA384'
+    ':TLS_CHACHA20_POLY1305_SHA256'
+    ':TLS_AES_128_GCM_SHA256'
+    ':ECDHE-RSA-AES256-GCM-SHA384'
+    ':ECDHE-RSA-AES128-GCM-SHA256'
+    ':ECDHE-RSA-CHACHA20-POLY1305'
+    ':ECDHE-ECDSA-AES128-GCM-SHA256'
+    ':ECDHE-ECDSA-AES256-GCM-SHA384'
+    ':ECDHE-ECDSA-AES128-SHA256'
+    ':ECDHE-ECDSA-CHACHA20-POLY1305'
+)
+
+# Callback for error on cert
+# parameters are hostname, serial
+# If returns True, ignores error
+CertCallbackType = typing.Callable[[str, str], bool]
+
+# Exceptions
+class UDSException(Exception):
+    pass
 
 
+class RetryException(UDSException):
+    pass
 
-class RestRequest(QObject):
 
-    restApiUrl = ''  #
+class InvalidVersion(UDSException):
+    downloadUrl: str
 
-    done = pyqtSignal(dict, name='done')
+    def __init__(self, downloadUrl: str) -> None:
+        super().__init__(downloadUrl)
+        self.downloadUrl = downloadUrl
+
+class RestApi:
+
+    _restApiUrl: str  # base Rest API URL
+    _callbackInvalidCert: typing.Optional[CertCallbackType]
+    _serverVersion: str
+
+    def __init__(
+        self,
+        restApiUrl,
+        callbackInvalidCert: typing.Optional[CertCallbackType] = None,
+    ) -> None:  # parent not used
+        logger.debug('Setting request URL to %s', restApiUrl)
+
+        self._restApiUrl = restApiUrl
+        self._callbackInvalidCert = callbackInvalidCert
+        self._serverVersion = ''
+
+    def get(
+        self, url: str, params: typing.Optional[typing.Mapping[str, str]] = None
+    ) -> typing.Any:
+        if params:
+            url += '?' + '&'.join(
+                '{}={}'.format(k, urllib.parse.quote(str(v).encode('utf8')))
+                for k, v in params.items()
+            )
+
+        return json.loads(
+            RestApi.getUrl(self._restApiUrl + url, self._callbackInvalidCert)
+        )
+
+    def processError(self, data: typing.Any) -> None:
+        if 'error' in data:
+            if data.get('retryable', '0') == '1':
+                raise RetryException(data['error'])
+
+            raise UDSException(data['error'])
+
+    def getVersion(self) -> str:
+        '''Gets and stores the serverVersion.
+        Also checks that the version is valid for us. If not,
+        will raise an "InvalidVersion' exception'''
+
+        downloadUrl = ''
+        if not self._serverVersion:
+            data = self.get('')
+            self.processError(data)
+            self._serverVersion = data['result']['requiredVersion']
+            downloadUrl = data['result']['downloadUrl']
 
-    def __init__(self, url, parentWindow, done, params=None):  # parent not used
-        super(RestRequest, self).__init__()
-        # private
-        self._manager = QNetworkAccessManager()
         try:
-            if os.path.exists('/etc/ssl/certs/ca-certificates.crt'):
-                pass
-                # os.environ['REQUESTS_CA_BUNDLE'] = '/etc/ssl/certs/ca-certificates.crt'
-        except Exception:
-            pass
+            if self._serverVersion > VERSION:
+                raise InvalidVersion(downloadUrl)
 
-
-        if params is not None:
-            url += '?' + '&'.join('{}={}'.format(k, urllib.parse.quote(str(v).encode('utf8'))) for k, v in params.items())
-
-        self.url = QUrl(RestRequest.restApiUrl + url)
-
-        # connect asynchronous result, when a request finishes
-        self._manager.finished.connect(self._finished)
-        self._manager.sslErrors.connect(self._sslError)
-        self._parentWindow = parentWindow
-
-        self.done.connect(done, Qt.QueuedConnection)
-
-    def _finished(self, reply):
-        '''
-        Handle signal 'finished'.  A network request has finished.
-        '''
-        try:
-            if reply.error() != QNetworkReply.NoError:
-                raise Exception(reply.errorString())
-            data = bytes(reply.readAll())
-            data = json.loads(data)
+            return self._serverVersion
+        except InvalidVersion:
+            raise
         except Exception as e:
-            data = {
-                'result': None,
-                'error': str(e)
-            }
+            raise UDSException(e)
 
-        self.done.emit(data)
+    def getScriptAndParams(
+        self, ticket: str, scrambler: str
+    ) -> typing.Tuple[str, typing.Any]:
+        '''Gets the transport script, validates it if necesary
+        and returns it'''
+        try:
+            data = self.get(
+                '/{}/{}'.format(ticket, scrambler),
+                params={'hostname': tools.getHostName(), 'version': VERSION},
+            )
+        except Exception as e:
+            logger.exception('Got exception on getTransportData')
+            raise e
 
-        reply.deleteLater()  # schedule for delete from main event loop
+        logger.debug('Transport data received')
+        self.processError(data)
 
-    def _sslError(self, reply, errors):
-        settings = QSettings()
-        settings.beginGroup('ssl')
-        cert = errors[0].certificate()
-        digest = str(cert.digest().toHex())
+        params = None
 
-        approved = settings.value(digest, False)
+        if self._serverVersion <= OLD_METHOD_VERSION:
+            raise Exception('Server version is too old. Please, update it')
+        else:
+            res = data['result']
+            # We have three elements on result:
+            # * Script
+            # * Signature
+            # * Script data
+            # We test that the Script has correct signature, and them execute it with the parameters
+            # script, signature, params = res['script'].decode('base64').decode('bz2'), res['signature'], json.loads(res['params'].decode('base64').decode('bz2'))
+            script, signature, params = (
+                bz2.decompress(base64.b64decode(res['script'])),
+                res['signature'],
+                json.loads(bz2.decompress(base64.b64decode(res['params']))),
+            )
+            if tools.verifySignature(script, signature) is False:
+                logger.error('Signature is invalid')
 
-        errorString = '<p>The certificate for <b>{}</b> has the following errors:</p><ul>'.format(cert.subjectInfo(QSslCertificate.CommonName))
+                raise Exception(
+                    'Invalid UDS code signature. Please, report to administrator'
+                )
 
-        for err in errors:
-            errorString += '<li>' + err.errorString() + '</li>'
+        return script.decode(), params
 
-        errorString += '</ul>'
+        # exec(script.decode("utf-8"), globals(), {'parent': self, 'sp': params})
 
-        if approved or QMessageBox.warning(self._parentWindow, 'SSL Warning', errorString, QMessageBox.Yes | QMessageBox.No) == QMessageBox.Yes:
-            settings.setValue(digest, True)
-            reply.ignoreSslErrors()
+    @staticmethod
+    def _open(
+        url: str, certErrorCallback: typing.Optional[CertCallbackType] = None
+    ) -> typing.Any:
+        ctx = ssl.create_default_context()
+        ctx.check_hostname = False
+        ctx.verify_mode = ssl.CERT_NONE
+        # Disable SSLv2, SSLv3, TLSv1, TLSv1.1
+        ctx.minimum_version = ssl.TLSVersion.TLSv1_2
+        ctx.set_ciphers(SECURE_CIPHERS)
 
-        settings.endGroup()
+        # If we have the certificates file, we use it
+        if tools.getCaCertsFile() is not None:
+            ctx.load_verify_locations(tools.getCaCertsFile())
+        hostname = urllib.parse.urlparse(url)[1]
+        serial = ''
 
-    def get(self):
-        request = QNetworkRequest(self.url)
-        request.setRawHeader(b'User-Agent', osDetector.getOs().encode('utf-8') + b" - UDS Connector " + VERSION.encode('utf-8'))
-        self._manager.get(request)
+        port = ''
+        if ':' in hostname:
+            hostname, port = hostname.split(':')
+
+        if url.startswith('https'):
+            port = port or '443'
+            with ctx.wrap_socket(
+                socket.socket(socket.AF_INET, socket.SOCK_STREAM),
+                server_hostname=hostname,
+            ) as s:
+                s.connect((hostname, int(port)))
+                # Get binary certificate
+                binCert = s.getpeercert(True)
+                if binCert:
+                    cert = x509.load_der_x509_certificate(binCert, default_backend())
+                else:
+                    raise Exception('Certificate not found!')
+
+            serial = hex(cert.serial_number)[2:]
+
+        response = None
+        ctx.verify_mode = ssl.CERT_REQUIRED
+        ctx.check_hostname = True
+
+        def urlopen(url: str):
+            # Generate the request with the headers
+            req = urllib.request.Request(
+                url,
+                headers={
+                    'User-Agent': os_detector.getOs() + " - UDS Connector " + VERSION
+                },
+            )
+            return urllib.request.urlopen(req, context=ctx)
+
+        try:
+            response = urlopen(url)
+        except urllib.error.URLError as e:
+            if isinstance(e.reason, ssl.SSLCertVerificationError):
+                # Ask about invalid certificate
+                if certErrorCallback:
+                    if certErrorCallback(hostname, serial):
+                        ctx.check_hostname = False
+                        ctx.verify_mode = ssl.CERT_NONE
+                        response = urlopen(url)
+                else:
+                    raise
+            else:
+                raise
+
+        return response
+
+    @staticmethod
+    def getUrl(
+        url: str, certErrorCallback: typing.Optional[CertCallbackType] = None
+    ) -> bytes:
+        with RestApi._open(url, certErrorCallback) as response:
+            resp = response.read()
+
+        return resp

client-py3/full/src/uds/tools.py

@@ -1,7 +1,6 @@
 # -*- coding: utf-8 -*-
-
 #
-# Copyright (c) 2015 Virtual Cable S.L.
+# Copyright (c) 2015-2021 Virtual Cable S.L.U.
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without modification,
@@ -30,31 +29,42 @@
 '''
 @author: Adolfo Gómez, dkmaster at dkmon dot com
 '''
-from __future__ import unicode_literals
-
-from base64 import b64decode
-
 import tempfile
 import string
 import random
 import os
+import os.path
+import sys
 import socket
 import stat
 import sys
 import time
+import base64
+import typing
+
+import certifi
+
+# For signature checking
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import serialization, hashes
+from cryptography.hazmat.primitives.asymmetric import utils, padding
+
+try:
+    import psutil
+except ImportError:
+    psutil = None
 
-import six
 
 from .log import logger
 
-_unlinkFiles = []
-_tasksToWait = []
-_execBeforeExit = []
+_unlinkFiles: typing.List[typing.Tuple[str, bool]] = []
+_tasksToWait: typing.List[typing.Tuple[typing.Any, bool]] = []
+_execBeforeExit: typing.List[typing.Callable[[], None]] = []
 
 sys_fs_enc = sys.getfilesystemencoding() or 'mbcs'
 
 # Public key for scripts
-PUBLIC_KEY = '''-----BEGIN PUBLIC KEY-----
+PUBLIC_KEY = b'''-----BEGIN PUBLIC KEY-----
 MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuNURlGjBpqbglkTTg2lh
 dU5qPbg9Q+RofoDDucGfrbY0pjB9ULgWXUetUWDZhFG241tNeKw+aYFTEorK5P+g
 ud7h9KfyJ6huhzln9eyDu3k+kjKUIB1PLtA3lZLZnBx7nmrHRody1u5lRaLVplsb
@@ -70,15 +80,11 @@ nVgtClKcDDlSaBsO875WDR0CAwEAAQ==
 -----END PUBLIC KEY-----'''
 
 
-def saveTempFile(content, filename=None):
+def saveTempFile(content: str, filename: typing.Optional[str] = None) -> str:
     if filename is None:
         filename = ''.join(random.choice(string.ascii_lowercase + string.digits) for _ in range(16))
         filename = filename + '.uds'
 
-    if 'win32' in sys.platform:
-        logger.info('Fixing for win32')
-        filename = filename.encode(sys_fs_enc)
-
     filename = os.path.join(tempfile.gettempdir(), filename)
 
     with open(filename, 'w') as f:
@@ -88,10 +94,7 @@ def saveTempFile(content, filename=None):
     return filename
 
 
-def readTempFile(filename):
-    if 'win32' in sys.platform:
-        filename = filename.encode('utf-8')
-
+def readTempFile(filename: str) -> typing.Optional[str]:
     filename = os.path.join(tempfile.gettempdir(), filename)
     try:
         with open(filename, 'r') as f:
@@ -100,7 +103,7 @@ def readTempFile(filename):
         return None
 
 
-def testServer(host, port, timeOut=4):
+def testServer(host: str, port: typing.Union[str, int], timeOut: int = 4) -> bool:
     try:
         sock = socket.create_connection((host, int(port)), timeOut)
         sock.close()
@@ -109,11 +112,9 @@ def testServer(host, port, timeOut=4):
     return True
 
 
-def findApp(appName, extraPath=None):
-    if 'win32' in sys.platform and isinstance(appName, six.text_type):
-        appName = appName.encode(sys_fs_enc)
+def findApp(appName: str, extraPath: typing.Optional[str] = None) -> typing.Optional[str]:
     searchPath = os.environ['PATH'].split(os.pathsep)
-    if extraPath is not None:
+    if extraPath:
         searchPath += list(extraPath)
 
     for path in searchPath:
@@ -123,68 +124,97 @@ def findApp(appName, extraPath=None):
     return None
 
 
-def getHostName():
+def getHostName() -> str:
     '''
     Returns current host name
     In fact, it's a wrapper for socket.gethostname()
     '''
     hostname = socket.gethostname()
-    if 'win32' in sys.platform:
-        hostname = hostname.decode(sys_fs_enc)
-
-    hostname = six.text_type(hostname)
     logger.info('Hostname: %s', hostname)
     return hostname
 
+
 # Queing operations (to be executed before exit)
 
 
-def addFileToUnlink(filename):
+def addFileToUnlink(filename: str, early: bool = False) -> None:
     '''
     Adds a file to the wait-and-unlink list
     '''
-    _unlinkFiles.append(filename)
+    logger.debug('Added file %s to unlink on %s stage', filename, 'early' if early else 'later')
+    _unlinkFiles.append((filename, early))
 
 
-def unlinkFiles():
+def unlinkFiles(early: bool = False) -> None:
     '''
     Removes all wait-and-unlink files
     '''
-    if _unlinkFiles:
-        time.sleep(5)  # Wait 5 seconds before deleting anything
+    logger.debug('Unlinking files on %s stage', 'early' if early else 'later')
+    filesToUnlink = list(filter(lambda x: x[1] == early, _unlinkFiles))
+    if filesToUnlink:
+        logger.debug('Files to unlink: %s', filesToUnlink)
+        # Wait 2 seconds before deleting anything on early and 5 on later stages
+        time.sleep(1 + 2 * (1 + int(early)))
 
-        for f in _unlinkFiles:
+        for f in filesToUnlink:
             try:
-                os.unlink(f)
-            except Exception:
-                pass
+                os.unlink(f[0])
+            except Exception as e:
+                logger.debug('File %s not deleted: %s', f[0], e)
 
 
-def addTaskToWait(taks):
-    _tasksToWait.append(taks)
+def addTaskToWait(task: typing.Any, includeSubprocess: bool = False) -> None:
+    logger.debug(
+        'Added task %s to wait %s',
+        task,
+        'with subprocesses' if includeSubprocess else '',
+    )
+    _tasksToWait.append((task, includeSubprocess))
 
 
-def waitForTasks():
-    for t in _tasksToWait:
+def waitForTasks() -> None:
+    logger.debug('Started to wait %s', _tasksToWait)
+    for task, waitForSubp in _tasksToWait:
+        logger.debug('Waiting for task %s, subprocess wait: %s', task, waitForSubp)
         try:
-            if hasattr(t, 'join'):
-                t.join()
-            elif hasattr(t, 'wait'):
-                t.wait()
-        except Exception:
-            pass
+            if hasattr(task, 'join'):
+                task.join()
+            elif hasattr(task, 'wait'):
+                task.wait()
+            # If wait for spanwed process (look for process with task pid) and we can look for them...
+            logger.debug(
+                'Psutil: %s, waitForSubp: %s, hasattr: %s',
+                psutil,
+                waitForSubp,
+                hasattr(task, 'pid'),
+            )
+            if psutil and waitForSubp and hasattr(task, 'pid'):
+                subProcesses = list(
+                    filter(
+                        lambda x: x.ppid() == task.pid,  # type: ignore
+                        psutil.process_iter(attrs=('ppid',)),
+                    )
+                )
+                logger.debug('Waiting for subprocesses... %s, %s', task.pid, subProcesses)
+                for i in subProcesses:
+                    logger.debug('Found %s', i)
+                    i.wait()
+        except Exception as e:
+            logger.error('Waiting for tasks to finish error: %s', e)
 
 
-def addExecBeforeExit(fnc):
+def addExecBeforeExit(fnc: typing.Callable[[], None]) -> None:
+    logger.debug('Added exec before exit: %s', fnc)
     _execBeforeExit.append(fnc)
 
 
-def execBeforeExit():
+def execBeforeExit() -> None:
+    logger.debug('Esecuting exec before exit: %s', _execBeforeExit)
     for fnc in _execBeforeExit:
-        fnc.__call__()
+        fnc()
 
 
-def verifySignature(script, signature):
+def verifySignature(script: bytes, signature: bytes) -> bool:
     '''
     Verifies with a public key from whom the data came that it was indeed
     signed by their private key
@@ -192,14 +222,47 @@ def verifySignature(script, signature):
     param: signature String signature to be verified
     return: Boolean. True if the signature is valid; False otherwise.
     '''
-    # For signature checking
-    from Crypto.PublicKey import RSA
-    from Crypto.Signature import PKCS1_v1_5
-    from Crypto.Hash import SHA256
+    public_key = serialization.load_pem_public_key(data=PUBLIC_KEY, backend=default_backend())
 
-    rsakey = RSA.importKey(PUBLIC_KEY)
-    signer = PKCS1_v1_5.new(rsakey)
-    digest = SHA256.new(script)  # Script is "binary string" here
-    if signer.verify(digest, b64decode(signature)):
-        return True
-    return False
+    try:
+        public_key.verify(  # type: ignore
+            base64.b64decode(signature), script, padding.PKCS1v15(), hashes.SHA256()  # type: ignore
+        )
+    except Exception:  # InvalidSignature
+        return False
+
+    # If no exception, the script was fine...
+    return True
+
+
+def getCaCertsFile() -> typing.Optional[str]:
+    # First, try certifi...
+
+    # If environment contains CERTIFICATE_BUNDLE_PATH, use it
+    if 'CERTIFICATE_BUNDLE_PATH' in os.environ:
+        return os.environ['CERTIFICATE_BUNDLE_PATH']
+
+    try:
+        if os.path.exists(certifi.where()):
+            return certifi.where()
+    except Exception:
+        pass
+
+    logger.info('Certifi file does not exists: %s', certifi.where())
+
+    # Check if "standard" paths are valid for linux systems
+    if 'linux' in sys.platform:
+        for path in (
+            '/etc/pki/tls/certs/ca-bundle.crt',
+            '/etc/ssl/certs/ca-certificates.crt',
+            '/etc/ssl/ca-bundle.pem',
+        ):
+            if os.path.exists(path):
+                logger.info('Found certifi path: %s', path)
+                return path
+
+    return None
+
+
+def isMac() -> bool:
+    return 'darwin' in sys.platform

client-py3/full/src/uds/tunnel.py

@@ -0,0 +1,300 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (c) 2022 Virtual Cable S.L.U.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+#    * Redistributions of source code must retain the above copyright notice,
+#      this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above copyright notice,
+#      this list of conditions and the following disclaimer in the documentation
+#      and/or other materials provided with the distribution.
+#    * Neither the name of Virtual Cable S.L. nor the names of its contributors
+#      may be used to endorse or promote products derived from this software
+#      without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+'''
+@author: Adolfo Gómez, dkmaster at dkmon dot com
+'''
+import socket
+import socketserver
+import ssl
+import threading
+import threading
+import select
+import typing
+import logging
+
+from . import tools
+
+HANDSHAKE_V1 = b'\x5AMGB\xA5\x01\x00'
+BUFFER_SIZE = 1024 * 16  # Max buffer length
+DEBUG = True
+LISTEN_ADDRESS = '0.0.0.0' if DEBUG else '127.0.0.1'
+
+# ForwarServer states
+TUNNEL_LISTENING, TUNNEL_OPENING, TUNNEL_PROCESSING, TUNNEL_ERROR = 0, 1, 2, 3
+
+
+logger = logging.getLogger(__name__)
+
+PayLoadType = typing.Optional[typing.Tuple[typing.Optional[bytes], typing.Optional[bytes]]]
+
+class ForwardServer(socketserver.ThreadingTCPServer):
+    daemon_threads = True
+    allow_reuse_address = True
+
+    remote: typing.Tuple[str, int]
+    ticket: str
+    stop_flag: threading.Event
+    can_stop: bool
+    timer: typing.Optional[threading.Timer]
+    check_certificate: bool
+    keep_listening: bool
+    current_connections: int
+    status: int
+
+    def __init__(
+        self,
+        remote: typing.Tuple[str, int],
+        ticket: str,
+        timeout: int = 0,
+        local_port: int = 0,
+        check_certificate: bool = True,
+        keep_listening: bool = False,
+    ) -> None:
+        # Negative values for timeout, means "accept always connections"
+        # "but if no connection is stablished on timeout (positive)"
+        # "stop the listener"
+        # Note that this is for backwards compatibility, better use "keep_listening"
+        if timeout < 0:
+            keep_listening = True
+            timeout = abs(timeout)
+
+        super().__init__(server_address=(LISTEN_ADDRESS, local_port), RequestHandlerClass=Handler)
+        self.remote = remote
+        self.ticket = ticket
+        self.check_certificate = check_certificate
+        self.keep_listening = keep_listening
+        self.stop_flag = threading.Event()  # False initial
+        self.current_connections = 0
+
+        self.status = TUNNEL_LISTENING
+        self.can_stop = False
+
+        timeout = timeout or 60
+        self.timer = threading.Timer(abs(timeout), ForwardServer.__checkStarted, args=(self,))
+        self.timer.start()
+
+    def stop(self) -> None:
+        if not self.stop_flag.is_set():
+            logger.debug('Stopping servers')
+            self.stop_flag.set()
+            if self.timer:
+                self.timer.cancel()
+                self.timer = None
+            self.shutdown()
+
+    def connect(self) -> ssl.SSLSocket:
+        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as rsocket:
+            logger.info('CONNECT to %s', self.remote)
+
+            rsocket.connect(self.remote)
+
+            rsocket.sendall(HANDSHAKE_V1)  # No response expected, just the handshake
+
+            context = ssl.create_default_context()
+
+            # Do not "recompress" data, use only "base protocol" compression
+            context.options |= ssl.OP_NO_COMPRESSION
+            # Macs with default installed python, does not support mininum tls version set to TLSv1.3
+            # USe "brew" version instead, or uncomment next line and comment the next one
+            # context.minimum_version = ssl.TLSVersion.TLSv1_2 if tools.isMac() else ssl.TLSVersion.TLSv1_3
+            context.minimum_version = ssl.TLSVersion.TLSv1_3
+
+            if tools.getCaCertsFile() is not None:
+                context.load_verify_locations(tools.getCaCertsFile())  # Load certifi certificates
+
+            # If ignore remote certificate
+            if self.check_certificate is False:
+                context.check_hostname = False
+                context.verify_mode = ssl.CERT_NONE
+                logger.warning('Certificate checking is disabled!')
+
+            return context.wrap_socket(rsocket, server_hostname=self.remote[0])
+
+    def check(self) -> bool:
+        if self.status == TUNNEL_ERROR:
+            return False
+
+        logger.debug('Checking tunnel availability')
+
+        try:
+            with self.connect() as ssl_socket:
+                ssl_socket.sendall(b'TEST')
+                resp = ssl_socket.recv(2)
+                if resp != b'OK':
+                    raise Exception({'Invalid  tunnelresponse: {resp}'})
+                logger.debug('Tunnel is available!')
+                return True
+        except Exception as e:
+            logger.error('Error connecting to tunnel server %s: %s', self.server_address, e)
+        return False
+
+    @property
+    def stoppable(self) -> bool:
+        logger.debug('Is stoppable: %s', self.can_stop)
+        return self.can_stop
+
+    @staticmethod
+    def __checkStarted(fs: 'ForwardServer') -> None:
+        # As soon as the timer is fired, the server can be stopped
+        # This means that:
+        #  * If not connections are stablished, the server will be stopped
+        #  * If no "keep_listening" is set, the server will not allow any new connections
+        logger.debug('New connection limit reached')
+        fs.timer = None
+        fs.can_stop = True
+        if fs.current_connections <= 0:
+            fs.stop()
+
+
+class Handler(socketserver.BaseRequestHandler):
+    # Override Base type
+    server: ForwardServer
+
+    # server: ForwardServer
+    def handle(self) -> None:
+        self.server.status = TUNNEL_OPENING
+
+        # If server processing is over time, and don't allow more connections
+        if self.server.stoppable and not self.server.keep_listening:
+            self.server.status = TUNNEL_ERROR
+            logger.info('Rejected timedout connection')
+            self.request.close()  # End connection without processing it
+            return
+
+        self.server.current_connections += 1
+
+        # Open remote connection
+        try:
+            logger.debug('Ticket %s', self.server.ticket)
+            with self.server.connect() as ssl_socket:
+                # Send handhshake + command + ticket
+                ssl_socket.sendall(b'OPEN' + self.server.ticket.encode())
+                # Check response is OK
+                data = ssl_socket.recv(2)
+                if data != b'OK':
+                    data += ssl_socket.recv(128)
+                    raise Exception(f'Error received: {data.decode(errors="ignore")}')  # Notify error
+
+                # All is fine, now we can tunnel data
+
+                self.process(remote=ssl_socket)
+        except Exception as e:
+            logger.error(f'Error connecting to {self.server.remote!s}: {e!s}')
+            self.server.status = TUNNEL_ERROR
+            self.server.stop()
+        finally:
+            self.server.current_connections -= 1
+
+        if self.server.current_connections <= 0 and self.server.stoppable:
+            self.server.stop()
+
+    # Processes data forwarding
+    def process(self, remote: ssl.SSLSocket):
+        self.server.status = TUNNEL_PROCESSING
+        logger.debug('Processing tunnel with ticket %s', self.server.ticket)
+        # Process data until stop requested or connection closed
+        try:
+            while not self.server.stop_flag.is_set():
+                r, _w, _x = select.select([self.request, remote], [], [], 1.0)
+                if self.request in r:
+                    data = self.request.recv(BUFFER_SIZE)
+                    if not data:
+                        break
+                    remote.sendall(data)
+                if remote in r:
+                    data = remote.recv(BUFFER_SIZE)
+                    if not data:
+                        break
+                    self.request.sendall(data)
+            logger.debug('Finished tunnel with ticket %s', self.server.ticket)
+        except Exception as e:
+            pass
+
+
+def _run(server: ForwardServer) -> None:
+    logger.debug(
+        'Starting forwarder: %s -> %s',
+        server.server_address,
+        server.remote,
+    )
+    server.serve_forever()
+    logger.debug('Stoped forwarder %s -> %s', server.server_address, server.remote)
+
+
+def forward(
+    remote: typing.Tuple[str, int],
+    ticket: str,
+    timeout: int = 0,
+    local_port: int = 0,
+    check_certificate=True,
+    keep_listening=True,
+) -> ForwardServer:
+    fs = ForwardServer(
+        remote=remote,
+        ticket=ticket,
+        timeout=timeout,
+        local_port=local_port,
+        check_certificate=check_certificate,
+        keep_listening=keep_listening,
+    )
+    # Starts a new thread
+    threading.Thread(target=_run, args=(fs,)).start()
+
+    return fs
+
+
+if __name__ == "__main__":
+    import sys
+
+    log = logging.getLogger()
+    log.setLevel(logging.DEBUG)
+    handler = logging.StreamHandler(sys.stdout)
+    handler.setLevel(logging.DEBUG)
+    formatter = logging.Formatter('%(levelname)s - %(message)s')  # Basic log format, nice for syslog
+    handler.setFormatter(formatter)
+    log.addHandler(handler)
+
+    ticket = 'mffqg7q4s61fvx0ck2pe0zke6k0c5ipb34clhbkbs4dasb4g'
+
+    fs = forward(
+        ('demoaslan.udsenterprise.com', 11443),
+        ticket,
+        local_port=0,
+        timeout=-20,
+        check_certificate=False,
+    )
+    print('Listening on port', fs.server_address)
+    import socket
+    # Open a socket to local fs.server_address and send some random data
+    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+        s.connect(fs.server_address)
+        s.sendall(b'Hello world!')
+        data = s.recv(1024)
+        print('Received', repr(data))
+    fs.stop()
+    

client/full/.gitignore

@@ -1,4 +0,0 @@
-/bin
-/udsclient_*
-/udsclient-*.tar.gz
-/*.rpm

client/full/.project

@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<projectDescription>
-	<name>UDSclient</name>
-	<comment></comment>
-	<projects>
-	</projects>
-	<buildSpec>
-		<buildCommand>
-			<name>org.python.pydev.PyDevBuilder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-	</buildSpec>
-	<natures>
-		<nature>org.python.pydev.pythonNature</nature>
-	</natures>
-</projectDescription>

client/full/.pydevproject

@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<?eclipse-pydev version="1.0"?><pydev_project>
-    
-    <pydev_pathproperty name="org.python.pydev.PROJECT_SOURCE_PATH">
-        
-        <path>/${PROJECT_DIR_NAME}/src</path>
-        
-    </pydev_pathproperty>
-    
-    <pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.7</pydev_property>
-    
-    <pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">system-2.7</pydev_property>
-    
-</pydev_project>

client/full/linux/.gitignore

@@ -1,4 +0,0 @@
-/udsclient-opensuse-[0-9]*.spec
-/udsclient-[0-9]*.spec
-/debian/udsclient
-/targz

client/full/linux/Makefile

@@ -1,51 +0,0 @@
-#!/usr/bin/make -f
-# -*- makefile -*-
-
-# Version
-# VERSION := 1.7.5
-
-# Directories
-SOURCEDIR := ../src
-LIBDIR := $(DESTDIR)/usr/lib/UDSClient
-BINDIR := $(DESTDIR)/usr/bin
-SBINDIR = $(DESTDIR)/usr/sbin
-APPSDIR := $(DESTDIR)/usr/share/applications
-
-PYC := $(shell find $(SOURCEDIR) -name '*.py[co]')
-CACHES := $(shell find $(SOURCEDIR) -name '__pycache__')
-
-clean:
-	rm -rf $(PYC) $(CACHES) $(DESTDIR)
-install:
-	rm -rf $(DESTDIR)
-	mkdir -p $(LIBDIR)
-	#mkdir -p $(BINDIR)
-	#mkdir -p $(SBINDIR)
-	mkdir -p $(APPSDIR)
-	
-	mkdir $(LIBDIR)/uds
-	
-	# Cleans up .pyc and cache folders
-	rm -f $(PYC) $(CACHES)
-	
-	cp $(SOURCEDIR)/uds/*.py $(LIBDIR)/uds
-
-	cp $(SOURCEDIR)/UDS*.py $(LIBDIR)
-	
-	
-	# URL Catchers elements for gnome/kde
-	cp desktop/UDSClient.desktop $(APPSDIR)
-	
-	chmod 755 $(LIBDIR)/UDSClient.py
-
-ifeq ($(DISTRO),targz)
-	cp installer.sh $(DESTDIR)/install.sh
-	tar czvf ../udsclient-$(VERSION).tar.gz -C $(DESTDIR) .
-endif
-
-	
-	# chmod 0755 $(BINDIR)/udsclient
-uninstall:
-	rm -rf $(LIBDIR)
-	# rm -f $(BINDIR)/udsclient
-	#  rm -rf $(CFGDIR)

client/full/linux/build-packages.sh

@@ -1,36 +0,0 @@
-#!/bin/bash
-
-VERSION=`cat ../../../VERSION`
-RELEASE=1
-# Debian based
-dpkg-buildpackage -b
-
-# Now rpm based
-top=`pwd`
-
-cat udsclient-template.spec | 
-  sed -e s/"version 0.0.0"/"version ${VERSION}"/g |
-  sed -e s/"release 1"/"release ${RELEASE}"/g > udsclient-$VERSION.spec
-  
-# Now fix dependencies for opensuse
-cat udsclient-template.spec | 
-  sed -e s/"version 0.0.0"/"version ${VERSION}"/g |
-  sed -e s/"name udsclient"/"name udsclient-opensuse"/g |
-  sed -e s/"PyQt4"/"python-qt4"/g |
-  sed -e s/"libXScrnSaver"/"libXss1"/g > udsclient-opensuse-$VERSION.spec
-
-
-# Right now, udsactor-xrdp-.spec is not needed
-for pkg in udsclient-$VERSION.spec udsclient-opensuse-$VERSION.spec; do
-    
-    rm -rf rpm
-    for folder in SOURCES BUILD RPMS SPECS SRPMS; do
-        mkdir -p rpm/$folder
-    done
-    
-    rpmbuild -v -bb --clean --buildroot=$top/rpm/BUILD/$pkg-root --target noarch $pkg 2>&1
-done
-
-#rm udsclient-$VERSION
-
-make DESTDIR=targz DISTRO=targz VERSION=${VERSION} install

client/full/linux/debian/.gitignore

@@ -1,3 +0,0 @@
-/udsactor/
-/udsactor-xrdp/
-/udsactor-nx/

client/full/linux/debian/changelog

@@ -1,47 +0,0 @@
-udsclient (3.0.0) stable; urgency=medium
-
-  * Upgraded to 3.0.0 release
-
- -- Adolfo Gómez García <agomez@virtualcable.es>  Wed, 10 Jul 2019 9:24:10 +0200
-
-udsclient (2.2.1) stable; urgency=medium
-
-  * Upgraded to 2.2.1 release
-
- -- Adolfo Gómez García <agomez@virtualcable.es>  Thu, 2 Oct 2018 12:44:12 +0200
-
-udsclient (2.2.0) stable; urgency=medium
-
-  * Updated release
-
- -- Adolfo Gómez García <agomez@virtualcable.es>  Thu, 27 Aug 2017 14:18:18 +0200
-
-udsclient (2.1.0) stable; urgency=medium
-
-  * Updated release
-
- -- Adolfo Gómez García <agomez@virtualcable.es>  Sun, 23 Oct 2016 21:12:23 +0200
-
-udsclient (2.0.0) stable; urgency=medium
-
-  * Release upgrade
-
- -- Adolfo Gómez García <agomez@virtualcable.es>  Tue, 01 Mar 2016 09:33:18 +0100
-
-udsclient (1.9.1) stable; urgency=medium
-
-  * Minor fixes & making version match UDS version
-
- -- Adolfo Gómez García <agomez@virtualcable.es>  Tue, 01 Mar 2016 03:02:37 +0100
-
-udsclient (1.9.0) stable; urgency=medium
-
-  * Minor fixes & making version match UDS version
-
- -- Adolfo Gómez García <agomez@virtualcable.es>  Tue, 05 May 2015 07:03:47 +0200
-
-udsclient (1.7.5) stable; urgency=medium
-
-  * Initial release.
-
- -- Adolfo Gómez García <agomez@virtualcable.es>  Fri, 10 Apr 2015 05:32:41 +0100

client/full/linux/debian/compat

@@ -1 +0,0 @@
-9

client/full/linux/debian/control

@@ -1,15 +0,0 @@
-Source: udsclient
-Section: admin
-Priority: optional
-Maintainer: Adolfo Gómez García <agomez@virtualcable.es>
-Build-Depends: debhelper (>= 7), po-debconf
-Standards-Version: 3.9.2
-Homepage: http://www.virtualcable.es
-
-Package: udsclient
-Section: admin
-Priority: optional
-Architecture: all
-Depends: python-paramiko (>=0.8.2), python-crypto, python-qt4 (>=4.9), python-six(>=1.1), python (>=2.7), freerdp2-x11 | freerdp-x11, desktop-file-utils, ${misc:Depends}
-Description: Client connector for Universal Desktop Services (UDS) Broker
- This package provides the required components to allow this machine to connect to services provided by UDS Broker.

client/full/linux/debian/copyright

@@ -1,26 +0,0 @@
-Format-Specification: http://svn.debian.org/wsvn/dep/web/deps/dep5.mdwn?op=file&rev=135
-Name: udsclient
-Maintainer: Adolfo Gómez García
-Source: http://www.udsenterprise.com/
-
-Copyright: 2014 Virtual Cable S.L.U.
-License: BSD-3-clause
-
-License: GPL-2+
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or
-(at your option) any later version. 
-.
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-.
-You should have received a copy of the GNU General Public License along
-with this program; if not, write to the Free Software Foundation, Inc.,
-51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-.
-On Debian systems, the full text of the GNU General Public
-License version 2 can be found in the file
-`/usr/share/common-licenses/GPL-2'.

client/full/linux/debian/docs

@@ -1 +0,0 @@
-readme.txt

client/full/linux/debian/files

@@ -1,2 +0,0 @@
-udsclient_3.0.0_all.deb admin optional
-udsclient_3.0.0_amd64.buildinfo admin optional

client/full/linux/debian/rules

@@ -1,44 +0,0 @@
-#!/usr/bin/make -f
-# -*- makefile -*-
-configure: configure-stamp
-configure-stamp:
-	dh_testdir
-	touch configure-stamp
-build: build-arch build-indep
-build-arch: build-stamp
-build-indep: build-stamp
-build-stamp: configure-stamp
-	dh_testdir
-	$(MAKE)
-	touch $@
-clean:
-	dh_testdir
-	dh_testroot
-	rm -f build-stamp configure-stamp
-	dh_clean
-install: build
-	dh_testdir
-	dh_testroot
-	dh_prep
-	dh_installdirs
-	$(MAKE) DESTDIR=$(CURDIR)/debian/udsclient install
-binary-arch: build install
-	# emptyness
-binary-indep: build install
-	dh_testdir
-	dh_testroot
-	dh_installchangelogs
-	dh_installdocs
-	dh_installdebconf
-	dh_installinit --no-start
-	dh_python2=python
-	dh_compress
-	dh_link
-	dh_fixperms
-	dh_installdeb
-	dh_shlibdeps
-	dh_gencontrol
-	dh_md5sums
-	dh_builddeb
-binary: binary-indep
-.PHONY: build clean binary-indep binary install configure

client/full/linux/debian/udsclient.log

@@ -1,17 +0,0 @@
-dh_prep
-dh_installdirs
-dh_installchangelogs
-dh_installdocs
-dh_installdebconf
-dh_installinit
-dh_compress
-dh_link
-dh_fixperms
-dh_installdeb
-dh_shlibdeps
-dh_gencontrol
-dh_md5sums
-dh_builddeb
-dh_builddeb
-dh_builddeb
-dh_builddeb

client/full/linux/debian/udsclient.postinst

@@ -1,21 +0,0 @@
-#!/bin/sh
-
-. /usr/share/debconf/confmodule
-
-set -e
-case "$1" in
-	configure)
-    ;;
-
-    abort-upgrade|abort-remove|abort-deconfigure)
-    ;;
-
-    *)
-        echo "postinst called with unknown argument \`$1'" >&2
-        exit 1
-    ;;
-esac
-
-#DEBHELPER#
-
-exit 0