shaba/openuds
1
0
Fork 1
mirror of https://github.com/dkmstr/openuds.git synced 2025-10-19 07:33:39 +03:00
Code Issues Releases Wiki Activity

Compare commits

base: shaba:v3.6
Branches Tags
shaba:master shaba:v4.0 shaba:dev/andres/v4.0 shaba:dev/andres/master shaba:dev/andres/v4.0-req shaba:dev/janier/v4.0 shaba:dev/janier/master shaba:v3.6 shaba:v3.5 shaba:v3.0 shaba:v2.2 shaba:gh-pages shaba:v2.1 shaba:v2.0 shaba:v1.9 shaba:v1.7 shaba:tags/1.5 shaba:tags/1.2u1 shaba:tags/1.2 shaba:tags/1.1u1 shaba:tags/1.1 shaba:tags/1.0
shaba:release-v4.0 shaba:release-v3.6 shaba:release-v3.5 shaba:v3.0 shaba:v3.5t shaba:v3.0t shaba:nonMultiClient shaba:tunnel3.0-compat shaba:oldSshTunnel shaba:2.2 shaba:2.1 shaba:2.0 shaba:1.9 shaba:oldLinuxActors
..
compare: shaba:v3.0
Branches Tags
shaba:master shaba:v4.0 shaba:dev/andres/v4.0 shaba:dev/andres/master shaba:dev/andres/v4.0-req shaba:dev/janier/v4.0 shaba:dev/janier/master shaba:v3.6 shaba:v3.5 shaba:v3.0 shaba:v2.2 shaba:gh-pages shaba:v2.1 shaba:v2.0 shaba:v1.9 shaba:v1.7 shaba:tags/1.5 shaba:tags/1.2u1 shaba:tags/1.2 shaba:tags/1.1u1 shaba:tags/1.1 shaba:tags/1.0
shaba:release-v4.0 shaba:release-v3.6 shaba:release-v3.5 shaba:v3.0 shaba:v3.5t shaba:v3.0t shaba:nonMultiClient shaba:tunnel3.0-compat shaba:oldSshTunnel shaba:2.2 shaba:2.1 shaba:2.0 shaba:1.9 shaba:oldLinuxActors

6 Commits
v3.6 ... v3.0

Author SHA1 Message Date
Adolfo Gómez García
e7216e8a24 updated user interface 2022-05-17 16:42:37 +02:00
Adolfo Gómez García
48557f96e4 Fixed assignement of new services if pool is at 100% usage 2021-11-30 12:18:15 +01:00
Adolfo Gómez García
263071750c Fixed logs removal 2021-09-02 13:23:04 +02:00
Adolfo Gómez García
4fed22d39d Merge branch 'v3.0' of github.com:dkmstr/openuds into v3.0 2021-08-25 12:49:08 +02:00
Adolfo Gómez García
24687fda2e Fixed configjs so disabled custom auths works in all cases 2021-08-25 12:48:54 +02:00
Adolfo Gómez García
51b0cec536 Upgraded git signatures outdated for RDP (thanks Dani por the report ;-) ) 2021-08-19 12:55:30 +02:00
857 changed files with 70774 additions and 89058 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -32,6 +32,9 @@
/client/administration/installer/UDSAdminInstaller/MSChart.exe
/client/administration/installer/UDSAdminInstaller/UDSAdminSetup.exe
# /guacamole-tunnel/
/guacamole-tunnel/target
# /linuxActor/
/linuxActor/udsactor_*

3
README.md
View File

@@ -12,4 +12,5 @@ This is an Open Source Source project, initiated by Spanish Company Virtualca
Any help provided will be welcome.
**Note: This is a previous release, being superseded by v4.0. Try to use actual Stable.**
**Note: Master version is always under heavy development and it is not recommended for use, it will probably have unfixed bugs.
For use, please use the latest stable branch.**

2
VERSION
View File

@@ -1 +1 @@
3.6.0
3.0.0

2
actor/.env
View File

@@ -1,2 +0,0 @@
PYTHONPATH=./src:${PYTHONPATH}

4
actor/deps.txt Normal file
View File

@@ -0,0 +1,4 @@
Linux:
python3-prctl (recommended, but not required in fact)
python3-pyqt5

5
actor/linux/build-packages.sh
View File

@@ -11,9 +11,6 @@ dpkg-buildpackage -b
cat udsactor-template.spec |
sed -e s/"version 0.0.0"/"version ${VERSION}"/g |
sed -e s/"release 1"/"release ${RELEASE}"/g > udsactor-$VERSION.spec
cat udsactor-unmanaged-template.spec |
sed -e s/"version 0.0.0"/"version ${VERSION}"/g |
sed -e s/"release 1"/"release ${RELEASE}"/g > udsactor-unmanaged-$VERSION.spec
# Now fix dependencies for opensuse
# Note that, although on opensuse the library is "libXss1" on newer,
@@ -25,7 +22,7 @@ cat udsactor-unmanaged-template.spec |
# sed -e s/"libXScrnSaver"/"libXss1"/g > udsactor-opensuse-$VERSION.spec
#for pkg in udsactor-$VERSION.spec udsactor-opensuse-$VERSION.spec; do
for pkg in udsactor-*$VERSION.spec; do
for pkg in udsactor-$VERSION.spec; do
rm -rf rpm
for folder in SOURCES BUILD RPMS SPECS SRPMS; do

12
actor/linux/debian/changelog
View File

@@ -1,15 +1,3 @@
udsactor (3.6.0) stable; urgency=medium
* Upgraded to 3.6.0 release
-- Adolfo Gómez García <agomez@virtualcable.es> Fri, 1 Jul 2022 14:00:00 +0200
udsactor (3.5.0) stable; urgency=medium
* Upgraded to 3.5.0 release
-- Adolfo Gómez García <agomez@virtualcable.es> Fri, 23 Oct 2020 8:00:00 +0200
udsactor (3.0.0) stable; urgency=medium
* Upgraded to 3.0.0 release

4
actor/linux/debian/control
View File

@@ -10,7 +10,7 @@ Package: udsactor
Section: admin
Priority: optional
Architecture: all
Depends: policykit-1(>=0.100), python3-requests (>=0.8.2), python3-pyqt5 (>=4.9), python3-six(>=1.1), python3 (>=3.6), libxss1, xscreensaver, ${misc:Depends}
Depends: policykit-1(>=0.100), python3-requests (>=0.8.2), python3-pyqt5 (>=4.9), python3-six(>=1.1), python3 (>=3.4), libxss1, xscreensaver, ${misc:Depends}
Recommends: python3-prctl(>=1.1.1)
Description: Actor for Universal Desktop Services (UDS) Broker
This package provides the required components to allow managed machines to work on an environment managed by UDS Broker.
@@ -19,7 +19,7 @@ Package: udsactor-unmanaged
Section: admin
Priority: optional
Architecture: all
Depends: policykit-1(>=0.100), python3-requests (>=0.8.2), python3-pyqt5 (>=4.9), python3-six(>=1.1), python3 (>=3.6), libxss1, xscreensaver, ${misc:Depends}
Depends: policykit-1(>=0.100), python3-requests (>=0.8.2), python3-pyqt5 (>=4.9), python3-six(>=1.1), python3 (>=3.4), libxss1, xscreensaver, ${misc:Depends}
Recommends: python3-prctl(>=1.1.1)
Description: Actor for Universal Desktop Services (UDS) Broker Static Unmanaged machines
This package provides the required components to allow unmanaged machines (static, independent machines) to work on an environment managed by UDS Broker.

6
actor/linux/debian/files
View File

@@ -1,3 +1,3 @@
udsactor-unmanaged_3.6.0_all.deb admin optional
udsactor_3.6.0_all.deb admin optional
udsactor_3.6.0_amd64.buildinfo admin optional
udsactor-unmanaged_3.0.0_all.deb admin optional
udsactor_3.0.0_all.deb admin optional
udsactor_3.0.0_amd64.buildinfo admin optional

2
actor/linux/scripts/UDSActorConfig
View File

@@ -3,4 +3,4 @@
FOLDER=/usr/share/UDSActor
cd $FOLDER
exec python3 actor_config.py -platform xcb $@
exec python3 actor_config.py $@

2
actor/linux/scripts/UDSActorConfig-unmanaged
View File

@@ -3,4 +3,4 @@
FOLDER=/usr/share/UDSActor
cd $FOLDER
exec python3 actor_config_unmanaged.py -platform xcb $@
exec python3 actor_config_unmanaged.py $@

2
actor/linux/scripts/UDSActorTool
View File

@@ -3,4 +3,4 @@
FOLDER=/usr/share/UDSActor
cd $FOLDER
exec python3 -s actor_client.py -platform xcb $@
exec python3 actor_client.py $@

2
actor/linux/udsactor-template.spec
View File

@@ -11,7 +11,7 @@ Release: %{release}
Summary: Actor for Universal Desktop Services (UDS) Broker
License: BSD3
Group: Admin
Requires: python3-six python3-requests python3-qt5 libXScrnSaver xset
Requires: python3-six python3-requests python3-qt5 libXScrnSaver
Vendor: Virtual Cable S.L.U.
URL: http://www.udsenterprise.com
Provides: udsactor

70
actor/linux/udsactor-unmanaged-template.spec
View File

@@ -1,70 +0,0 @@
%define _topdir %(echo $PWD)/rpm
%define name udsactor-unmanaged
%define version 0.0.0
%define release 1
%define buildroot %{_topdir}/%{name}-%{version}-%{release}-root
BuildRoot: %{buildroot}
Name: %{name}
Version: %{version}
Release: %{release}
Summary: Actor for Universal Desktop Services (UDS) Broker
License: BSD3
Group: Admin
Requires: python3-six python3-requests python3-qt5 libXScrnSaver
Vendor: Virtual Cable S.L.U.
URL: http://www.udsenterprise.com
Provides: udsactor
%define _rpmdir ../
%define _rpmfilename %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm
%install
curdir=`pwd`
cd ../..
make DESTDIR=$RPM_BUILD_ROOT DISTRO=rh install-udsactor-unmanaged
cd $curdir
%clean
rm -rf $RPM_BUILD_ROOT
curdir=`pwd`
cd ../..
make DESTDIR=$RPM_BUILD_ROOT DISTRO=rh clean
cd $curdir
%post
systemctl enable udsactor.service > /dev/null 2>&1
%preun
systemctl disable udsactor.service > /dev/null 2>&1
systemctl stop udsactor.service > /dev/null 2>&1
%postun
# $1 == 0 on uninstall, == 1 on upgrade for preun and postun (just a reminder for me... :) )
if [ $1 -eq 0 ]; then
rm -rf /etc/udsactor
rm /var/log/udsactor.log
fi
# And, posibly, the .pyc leaved behind on /usr/share/UDSActor
rm -rf /usr/share/UDSActor > /dev/null 2>&1
%description
This package provides the required components to allow this unmanaged machine to work on an environment managed by UDS Broker.
%files
%defattr(-,root,root)
/etc/udsactor
/etc/xdg/autostart/UDSActorTool.desktop
/etc/systemd/system/udsactor.service
/usr/bin/UDSActorTool-startup
/usr/bin/udsactor
/usr/bin/udsvapp
/usr/bin/UDSActorTool
/usr/sbin/UDSActorConfig
/usr/sbin/UDSActorConfig-pkexec
/usr/share/UDSActor/*
/usr/share/applications/UDS_Actor_Configuration.desktop
/usr/share/autostart/UDSActorTool.desktop
/usr/share/polkit-1/actions/org.openuds.pkexec.UDSActorConfig.policy

4
actor/src/actor_client.py
View File

@@ -67,9 +67,9 @@ if __name__ == "__main__":
# Note: Signals are only checked on python code execution, so we create a timer to force call back to python
timer = QTimer(qApp)
timer.start(1000)
timer.timeout.connect(lambda *a: None) # type: ignore # timeout can be connected to a callable
timer.timeout.connect(lambda *a: None)
qApp.exec()
qApp.exec_()
# On windows, if no window is created, this point will never be reached.
qApp.end()

4
actor/src/actor_config.py
View File

@@ -187,9 +187,9 @@ if __name__ == "__main__":
app = QApplication(sys.argv)
if udsactor.platform.operations.checkPermissions() is False:
QMessageBox.critical(None, 'UDS Actor', 'This Program must be executed as administrator', QMessageBox.Ok) # type: ignore
QMessageBox.critical(None, 'UDS Actor', 'This Program must be executed as administrator', QMessageBox.Ok)
sys.exit(1)
myapp = UDSConfigDialog()
myapp.show()
sys.exit(app.exec())
sys.exit(app.exec_())

68
actor/src/actor_config_unmanaged.py
View File

@@ -40,7 +40,6 @@ import PyQt5 # pylint: disable=unused-import
from PyQt5.QtWidgets import QApplication, QDialog, QMessageBox
import udsactor
import udsactor.tools
from ui.setup_dialog_unmanaged_ui import Ui_UdsActorSetupDialog
@@ -50,7 +49,6 @@ if typing.TYPE_CHECKING:
logger = logging.getLogger('actor')
class UDSConfigDialog(QDialog):
_host: str = ''
_config: udsactor.types.ActorConfigurationType
@@ -62,99 +60,65 @@ class UDSConfigDialog(QDialog):
self.ui = Ui_UdsActorSetupDialog()
self.ui.setupUi(self)
self.ui.host.setText(self._config.host)
self.ui.validateCertificate.setCurrentIndex(
1 if self._config.validateCertificate else 0
)
self.ui.validateCertificate.setCurrentIndex(1 if self._config.validateCertificate else 0)
self.ui.logLevelComboBox.setCurrentIndex(self._config.log_level)
self.ui.serviceToken.setText(self._config.master_token or '')
self.ui.restrictNet.setText(self._config.restrict_net or '')
self.ui.serviceToken.setText(self._config.master_token)
self.ui.testButton.setEnabled(
bool(self._config.master_token and self._config.host)
)
self.ui.testButton.setEnabled(bool(self._config.master_token and self._config.host))
@property
def api(self) -> udsactor.rest.UDSServerApi:
return udsactor.rest.UDSServerApi(
self.ui.host.text(), self.ui.validateCertificate.currentIndex() == 1
)
return udsactor.rest.UDSServerApi(self.ui.host.text(), self.ui.validateCertificate.currentIndex() == 1)
def finish(self) -> None:
self.close()
def configChanged(self, text: str) -> None:
self.ui.testButton.setEnabled(
self.ui.host.text() == self._config.host
and self.ui.serviceToken.text() == self._config.master_token
and self.ui.restrictNet.text() == self._config.restrict_net
)
self.ui.testButton.setEnabled(self.ui.host.text() == self._config.host and self.ui.serviceToken.text() == self._config.master_token)
def testUDSServer(self) -> None:
if not self._config.master_token or not self._config.host:
self.ui.testButton.setEnabled(False)
return
try:
api = udsactor.rest.UDSServerApi(
self._config.host, self._config.validateCertificate
)
api = udsactor.rest.UDSServerApi(self._config.host, self._config.validateCertificate)
if not api.test(self._config.master_token, udsactor.types.UNMANAGED):
QMessageBox.information(
self,
'UDS Test',
'Service token seems to be invalid . Please, check token validity.',
QMessageBox.Ok,
QMessageBox.Ok
)
else:
QMessageBox.information(
self,
'UDS Test',
'Configuration for {} seems to be correct.'.format(
self._config.host
),
QMessageBox.Ok,
'Configuration for {} seems to be correct.'.format(self._config.host),
QMessageBox.Ok
)
except Exception:
QMessageBox.information(
self,
'UDS Test',
'Configured host {} seems to be inaccesible.'.format(self._config.host),
QMessageBox.Ok,
QMessageBox.Ok
)
def saveConfig(self) -> None:
# Ensure restrict_net is empty or a valid subnet
restrictNet = self.ui.restrictNet.text().strip()
if restrictNet:
try:
subnet = udsactor.tools.strToNoIPV4Network(restrictNet)
if not subnet:
raise Exception('Invalid subnet')
except Exception:
QMessageBox.information(
self,
'Invalid subnet',
'Invalid subnet {}. Please, check it.'.format(restrictNet),
QMessageBox.Ok,
)
return
# Store parameters on register for later use, notify user of registration
self._config = udsactor.types.ActorConfigurationType(
actorType=udsactor.types.UNMANAGED,
host=self.ui.host.text(),
validateCertificate=self.ui.validateCertificate.currentIndex() == 1,
master_token=self.ui.serviceToken.text().strip(),
restrict_net=restrictNet,
log_level=self.ui.logLevelComboBox.currentIndex(),
master_token=self.ui.serviceToken.text(),
log_level=self.ui.logLevelComboBox.currentIndex()
)
udsactor.platform.store.writeConfig(self._config)
# Enables test button
self.ui.testButton.setEnabled(True)
# Informs the user
QMessageBox.information(
self, 'UDS Configuration', 'Configuration saved.', QMessageBox.Ok
)
QMessageBox.information(self, 'UDS Configuration', 'Configuration saved.', QMessageBox.Ok)
if __name__ == "__main__":
@@ -163,9 +127,9 @@ if __name__ == "__main__":
os.environ['QT_X11_NO_MITSHM'] = '1'
app = QApplication(sys.argv)
if udsactor.platform.operations.checkPermissions() is False:
QMessageBox.critical(None, 'UDS Actor', 'This Program must be executed as administrator', QMessageBox.Ok) # type: ignore
QMessageBox.critical(None, 'UDS Actor', 'This Program must be executed as administrator', QMessageBox.Ok)
sys.exit(1)
if len(sys.argv) > 2:
@@ -189,4 +153,4 @@ if __name__ == "__main__":
myapp = UDSConfigDialog()
myapp.show()
sys.exit(app.exec())
sys.exit(app.exec_())

55
actor/src/designer/setup-dialog-unmanaged.ui
View File

@@ -10,8 +10,8 @@
<rect>
<x>0</x>
<y>0</y>
<width>601</width>
<height>243</height>
<width>595</width>
<height>220</height>
</rect>
</property>
<property name="sizePolicy">
@@ -55,7 +55,7 @@
<property name="geometry">
<rect>
<x>10</x>
<y>210</y>
<y>180</y>
<width>181</width>
<height>23</height>
</rect>
@@ -83,7 +83,7 @@
<property name="geometry">
<rect>
<x>410</x>
<y>210</y>
<y>180</y>
<width>171</width>
<height>23</height>
</rect>
@@ -117,7 +117,7 @@
<property name="geometry">
<rect>
<x>210</x>
<y>210</y>
<y>180</y>
<width>181</width>
<height>23</height>
</rect>
@@ -144,7 +144,7 @@
<x>10</x>
<y>10</y>
<width>571</width>
<height>191</height>
<height>161</height>
</rect>
</property>
<layout class="QFormLayout" name="formLayout">
@@ -214,21 +214,21 @@
<item row="2" column="1">
<widget class="QLineEdit" name="serviceToken">
<property name="toolTip">
<string>UDS Service Token</string>
<string>UDS user with administration rights (Will not be stored on template)</string>
</property>
<property name="whatsThis">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Token of the service on UDS platform&lt;/p&gt;&lt;p&gt;This token can be obtainend from the service configuration on UDS.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Administrator user on UDS Server.&lt;/p&gt;&lt;p&gt;Note: This credential will not be stored on client. Will be used to obtain an unique token for this image.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
</widget>
</item>
<item row="4" column="0">
<item row="3" column="0">
<widget class="QLabel" name="label_loglevel">
<property name="text">
<string>Log Level</string>
</property>
</widget>
</item>
<item row="4" column="1">
<item row="3" column="1">
<widget class="QComboBox" name="logLevelComboBox">
<property name="currentIndex">
<number>1</number>
@@ -258,23 +258,6 @@
</item>
</widget>
</item>
<item row="3" column="0">
<widget class="QLabel" name="label_restrictNet">
<property name="text">
<string>Restrict Net</string>
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QLineEdit" name="restrictNet">
<property name="toolTip">
<string>Restrict valid detection of network interfaces to this network.</string>
</property>
<property name="whatsThis">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Restrics valid detection of network interfaces.&lt;/p&gt;&lt;p&gt;Note: Use this field only in case of several network interfaces, so UDS knows which one is the interface where the user will be connected..&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
</widget>
</item>
</layout>
<zorder>label_host</zorder>
<zorder>host</zorder>
@@ -284,8 +267,6 @@
<zorder>label_security</zorder>
<zorder>label_loglevel</zorder>
<zorder>logLevelComboBox</zorder>
<zorder>label_restrictNet</zorder>
<zorder>restrictNet</zorder>
</widget>
</widget>
<resources>
@@ -372,22 +353,6 @@
</hint>
</hints>
</connection>
<connection>
<sender>restrictNet</sender>
<signal>textChanged(QString)</signal>
<receiver>UdsActorSetupDialog</receiver>
<slot>configChanged()</slot>
<hints>
<hint type="sourcelabel">
<x>341</x>
<y>139</y>
</hint>
<hint type="destinationlabel">
<x>295</x>
<y>121</y>
</hint>
</hints>
</connection>
</connections>
<slots>
<slot>finish()</slot>

3
actor/src/designer/setup-dialog.ui
View File

@@ -224,9 +224,6 @@
<property name="whatsThis">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Select the security for communications with UDS Broker.&lt;/p&gt;&lt;p&gt;The recommended method of communication is &lt;span style=&quot; font-weight:600;&quot;&gt;Use SSL&lt;/span&gt;, but selection needs to be acording to your broker configuration.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="currentIndex">
<number>1</number>
</property>
<item>
<property name="text">
<string>Ignore certificate</string>

2
actor/src/udsactor/__init__.py
View File

@@ -35,4 +35,4 @@ from . import platform
__title__ = 'udsactor'
__author__ = 'Adolfo Gómez <dkmaster@dkmon.com>'
__license__ = "BSD 3-clause"
__copyright__ = "Copyright 2014-2022 VirtualCable S.L.U."
__copyright__ = "Copyright 2014-2020 VirtualCable S.L.U."

30
actor/src/udsactor/client.py
View File

@@ -65,9 +65,9 @@ class UDSClientQApp(QApplication):
self._initialized = False
# This will be invoked on session close
self.commitDataRequest.connect(self.end) # type: ignore # Will be invoked on session close, to gracely close app
self.commitDataRequest.connect(self.end) # Will be invoked on session close, to gracely close app
# self.aboutToQuit.connect(self.end)
self.message.connect(self.showMessage) # type: ignore # there are problems with Pylance and connects on PyQt5... :)
self.message.connect(self.showMessage)
# Execute backgroup thread for actions
self._app = UDSActorClient(self)
@@ -94,7 +94,7 @@ class UDSClientQApp(QApplication):
self._app.join()
def showMessage(self, message: str) -> None:
QMessageBox.information(None, 'Message', message) # type: ignore
QMessageBox.information(None, 'Message', message)
def setMainWindow(self, mw: 'QMainWindow'):
self._mainWindow = mw
@@ -108,7 +108,6 @@ class UDSActorClient(threading.Thread): # pylint: disable=too-many-instance-att
_listener: client.HTTPServerThread
_loginInfo: typing.Optional['types.LoginResultInfoType']
_notified: bool
_notifiedDeadline: bool
_sessionStartTime: datetime.datetime
api: rest.UDSClientApi
@@ -116,14 +115,13 @@ class UDSActorClient(threading.Thread): # pylint: disable=too-many-instance-att
super().__init__()
self.api = rest.UDSClientApi() # Self initialized
self._qApp = typing.cast(UDSClientQApp, qApp)
self._qApp = qApp
self._running = False
self._forceLogoff = False
self._extraLogoff = ''
self._listener = client.HTTPServerThread(self)
self._loginInfo = None
self._notified = False
self._notifiedDeadline = False
# Capture stop signals..
logger.debug('Setting signals...')
@@ -141,8 +139,8 @@ class UDSActorClient(threading.Thread): # pylint: disable=too-many-instance-att
remainingTime = self._loginInfo.dead_line - (datetime.datetime.now() - self._sessionStartTime).total_seconds()
logger.debug('Remaining time: {}'.format(remainingTime))
if not self._notifiedDeadline and remainingTime < 300: # With five minutes, show a warning message
self._notifiedDeadline = True
if not self._notified and remainingTime < 300: # With five minutes, show a warning message
self._notified = True
self._showMessage('Your session will expire in less that 5 minutes. Please, save your work and disconnect.')
return
@@ -185,8 +183,7 @@ class UDSActorClient(threading.Thread): # pylint: disable=too-many-instance-att
try:
# Notify loging and mark it
user, sessionType = platform.operations.getCurrentUser(), platform.operations.getSessionType()
self._loginInfo = self.api.login(user, sessionType)
self._loginInfo = self.api.login(platform.operations.getCurrentUser(), platform.operations.getSessionType())
if self._loginInfo.max_idle:
platform.operations.initIdleDuration(self._loginInfo.max_idle)
@@ -198,11 +195,8 @@ class UDSActorClient(threading.Thread): # pylint: disable=too-many-instance-att
time.sleep(1.3) # Sleeps between loop iterations
self.api.logout(user + self._extraLogoff, sessionType)
logger.info('Notified logout for %s (%s)', user, sessionType) # Log logout
# Clean up login info
self._loginInfo = None
self.api.logout(platform.operations.getCurrentUser() + self._extraLogoff)
except Exception as e:
logger.error('Error on client loop: %s', e)
@@ -216,7 +210,7 @@ class UDSActorClient(threading.Thread): # pylint: disable=too-many-instance-att
platform.operations.loggoff()
def _showMessage(self, message: str) -> None:
self._qApp.message.emit(message) # type: ignore # there are problems with Pylance and connects on PyQt5... :)
self._qApp.message.emit(message)
def stop(self) -> None:
logger.debug('Stopping client Service')
@@ -236,13 +230,13 @@ class UDSActorClient(threading.Thread): # pylint: disable=too-many-instance-att
On windows, an RDP session with minimized screen will render "black screen"
So only when user is using RDP connection will return an "actual" screenshot
'''
pixmap: 'QPixmap' = self._qApp.primaryScreen().grabWindow(0) # type: ignore
pixmap: 'QPixmap' = self._qApp.primaryScreen().grabWindow(0)
ba = QByteArray()
buffer = QBuffer(ba)
buffer.open(QIODevice.OpenModeFlag.WriteOnly)
buffer.open(QIODevice.WriteOnly)
pixmap.save(buffer, 'PNG')
buffer.close()
scrBase64 = bytes(ba.toBase64()).decode() # type: ignore # there are problems with Pylance and connects on PyQt5... :)
scrBase64 = bytes(ba.toBase64()).decode()
logger.debug('Screenshot length: %s', len(scrBase64))
return scrBase64 # 'result' of JSON will contain base64 of screen

5
actor/src/udsactor/http/cert.py
View File

@@ -1,10 +1,7 @@
from .. import types
# Default certificate, will be overwritten by the first call to Broker, it's needed to wake up the server part of the actor
# at the beginning, but will be replaced by the real certificate.
defaultCertificate = types.CertificateInfoType(
private_key='-----BEGIN ENCRYPTED PRIVATE KEY-----\nMIIFHTBPBgkqhkiG9w0BBQ0wQjApBgkqhkiG9w0BBQwwHAQIfG2+iMYJBswCAggA\nMAwGCCqGSIb3DQIJBQAwFQYJKwYBBAGXVQECBAhCusU5R8ulZQSCBMgheyZ81Qkq\n+TcbPeBlUGCFllSUOo7xQ/OuwYSmzLx8LpN0hQNv4azF6MYH+I8eMSPd3A547yW3\nJE4GjIBfRvcq2X1UZ2FQfECU9UP0ShPuPrVhIh6ZZklmlRjbIF8hGfSzXAuafQb+\n4wXXsofahi/SPgqK1Gw65nRiMcoeRZchJkx8pBgKVWED6Cbh6aAkeqkVKPnsebiV\n6kE+0C7+hgNUbyRd46R+/5NXzPjg4ItfSak+PLzQ1KeRv4Cu6DdzRKJ4V9/MlNdU\nNNEkSVSEaRn4sv+eByU4uxBMaSmD1tLc/A7OmaAeRpIQvls3Zcf2+V0+anAtjbjd\n6eIb2nceey+dKFm4ewlR4mXuzj1QowRTHceOIkvKIrOODxdy9M5hNBZ7VLum29tY\nRhqtmEH2BZZJ8SpM2SsEZzPxqJFiVZbvpeOKjxlMyn1dFWn1rP8uMnfuMKqBaj5D\nd5clOPlwebYw5UpM6Vvawu4nGqxECTSWcfNlDYO5U/0Fsm9+JIrJ7Buukgv2+rhs\nD/6oUK9NB8AW9qnDr7UxbC/ujhkKQG3woaZlPbiMs5WQaS+DrTg4N49wPzS0h+ME\nF8ZzuPnd6+sMGQioCIrQAZ08rk54oCijBhFh8/EQhQKGsMFw2swi9t6+FVU5Bvil\nlhmBd3LA5EuQ5y1X0jRL/+GDiUiZw1gOJP8d/XzhUJL9AmamdqJ6/rAU7lUTNWkM\ndzmFonUO2Mh2zgEEudHsTOH8udZ2l64LIHc6fCkDmM8QzghjrEFyci6R8333DSSM\nwbM0MvyTLM7TTqZUD60EgD+Ihyr/wJcBZY7GVn7hTq7ee14zeI+dZFmTMYOnt0mA\ngof19t0naPPZU+zyl/ambNF5mmSkGOAl4IBHNvPt5ztEVbNpwW3DHbmdYW71Ax+z\nCDlr4iKZahv21o1PCesPV2IlaHZFD6aBRt0DxzMqtq9cpWsI1g7aEaAjRbSvqhMY\npUeqFXz/GfR9rjRkufr48//ll0/Q/Ogx7m1TjQ6mAEQrklI7pa2W0u3H0BpSZSis\nR6ST3ulE+wfsp8cau6q2er+BSsDhBjSn9FeCUjHzY56u9ud/kb6/jLEdgxNpj0na\n3WVqCCCL/dAFSWznBmdracZsRMXapXInHCiiOEkXXbXIXvRKiTPJXdN+w2/U2j2B\nwXZuazVSpmM+xAZTAS9dtBUQJo+5px9b6P09uagvTA32ezbpPXf+hSfmTdUwbmAY\nrmE9SW85tzX+cD17loygBBRrjOr4uQy/s/9FqLx8bM73jly05rdOmX28ECKwEA05\n8aCFkfqrl9J9doVapaUlywpJVPFtE6W6tCF+ULMfb16vEjT1du1+epEnbGGLRQxg\n3aFLyKlvFaNvR38fiQFUGtBgGOaBN3rhGpbMwjch3oReXv9X/4UCL6sVIiOH2H3c\nVSZdC3O5g6CMVe4zckUe1k9mLDb5524IHDFfptZ6Bw+uzrqIy3GHW8dJF2AK471b\nMUnCojTpdbFHaUs2u/rNKVUyY+vLf8hkyP+znBUoPxSJtty53EWNukxjjsxx0lx3\niZGqN72lXlXuSFZAIxi307+xxE21cbzDsMidyJkbKKGm/F4BOKvX9jWmAyYmBG6A\n1L3yNRouFWsYDwYAX2nZ1is=\n-----END ENCRYPTED PRIVATE KEY-----\n',
server_certificate='-----BEGIN CERTIFICATE-----\nMIIDcTCCAlkCBDfnXU8wDQYJKoZIhvcNAQELBQAwfTELMAkGA1UEBhMCRVMxDzAN\nBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFkcmlkMREwDwYDVQQKDAhVRFMgQ2Vy\ndDERMA8GA1UECwwIVURTIENlcnQxEjAQBgNVBAMMCTEyNy4wLjAuMTESMBAGA1Ud\nEQwJMTI3LjAuMC4xMB4XDTIwMDIxNzExNTkzMloXDTMwMDIxNDExNTkzMlowfTEL\nMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFkcmlkMREw\nDwYDVQQKDAhVRFMgQ2VydDERMA8GA1UECwwIVURTIENlcnQxEjAQBgNVBAMMCTEy\nNy4wLjAuMTESMBAGA1UdEQwJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOC\nAQ8AMIIBCgKCAQEA2e1cW7YtRpNLazR3f/LqLv8OB0rKh8cUPH4wuQhbBTkee8Wu\n5eMSadRCIyRbKj4b8dtVfI9QW0SrmhGuMx1KCh3CsYd9XsWiKbGkiRBHIDOn5pkF\n6PUayDJ8KjnGbfnZjp0AmxXP4r1OO8jUPqzKS9Ubf5PgwcwdFiUKVfVPwGwctwt5\nt9YpSRONw0rTsCjVHvO2dd9h6EopskLCWxpN8l9kNLwLM/6t0IqVKmn5/IYPKKN2\nCX8a7IXpxwoiUs4sBZYhUMBWikB1hKQRSYafp1Xvc5PeTFXTFqGANnqz0NoZ8tqL\n8qjQUN/PCdtzhfcP5RgT2g1qyS2RBCMYH7Zs0wIDAQABMA0GCSqGSIb3DQEBCwUA\nA4IBAQCUt+qlLA1N9VXMwDQAYG4Kt6/UlMHCXAajHQQGtjdyGJ4++m7EIjI96hMU\n3Cx2gp2ggR3JGnuSR+DdBvPl5iGku7J8KV0JiJg30gTY8JuUIy/PMLZWloYKrBHV\nlin2GujQ4OsIt3dbr4XtcKW1Wd7L6fBzHlq7Xyxh+gcTzTvTmq67Q9XKlBWsegMf\nv4FKy0lfcSFK3vTzswQtuTontG4TqLiT/4AnMt3D0cTQ6b6KoZwUUX/TDNhau06d\nQ4Ilz8X61ka+4HBkFSR5ahP9noCVhwO329h+6epO141E5Tep3OLc/GCF4oaKOlMR\nfqxf5f2bghU0fxmtEoNJTZkBsN1S\n-----END CERTIFICATE-----\n',
password='Pw7qbatz5u-y-Z5ora2D2ZuBCm95AHnKRcpze53k8tw',
ciphers=''
password='Pw7qbatz5u-y-Z5ora2D2ZuBCm95AHnKRcpze53k8tw'
)

6
actor/src/udsactor/http/clients_pool.py
View File

@@ -37,9 +37,9 @@ import requests
from ..log import logger
# For avoid proxy on localhost connections
NO_PROXY: typing.Dict[str, str] = {
'http': '',
'https': '',
NO_PROXY = {
'http': None,
'https': None,
}
class UDSActorClientPool:

2
actor/src/udsactor/http/local.py
View File

@@ -42,7 +42,7 @@ class LocalProvider(handler.Handler):
return result._asdict()
def post_logout(self) -> typing.Any:
self._service.logout(self._params['username'], self._params['session_type'])
self._service.logout(self._params['username'])
return 'ok'
def post_ping(self) -> typing.Any:

21
actor/src/udsactor/http/public.py
View File

@@ -38,7 +38,6 @@ from ..log import logger
if typing.TYPE_CHECKING:
from ..service import CommonService
class PublicProvider(handler.Handler):
def post_logout(self) -> typing.Any:
logger.debug('Sending LOGOFF to clients')
@@ -52,9 +51,7 @@ class PublicProvider(handler.Handler):
logger.debug('Sending MESSAGE to clients')
if 'message' not in self._params:
raise Exception('Invalid message parameters')
self._service._clientsPool.message(
self._params['message']
) # pylint: disable=protected-access
self._service._clientsPool.message(self._params['message']) # pylint: disable=protected-access
return 'ok'
def post_script(self) -> typing.Any:
@@ -63,9 +60,7 @@ class PublicProvider(handler.Handler):
raise Exception('Invalid script parameters')
if self._params.get('user', False):
logger.debug('Sending SCRIPT to client')
self._service._clientsPool.executeScript(
self._params['script']
) # pylint: disable=protected-access
self._service._clientsPool.executeScript(self._params['script']) # pylint: disable=protected-access
else:
# Execute script at server space, that is, here
# as a parallel thread
@@ -77,22 +72,14 @@ class PublicProvider(handler.Handler):
logger.debug('Received Pre connection')
if 'user' not in self._params or 'protocol' not in self._params:
raise Exception('Invalid preConnect parameters')
return self._service.preConnect(
self._params['user'],
self._params['protocol'],
self._params.get('ip', 'unknown'),
self._params.get('hostname', 'unknown'),
self._params.get('udsuser', 'unknown'),
)
return self._service.preConnect(self._params['user'], self._params['protocol'], self._params.get('ip', 'unknown'), self._params.get('hostname', 'unknown'))
def get_information(self) -> typing.Any:
# Return something useful? :)
return 'UDS Actor Secure Server'
def get_screenshot(self) -> typing.Any:
return (
self._service._clientsPool.screenshot()
) # pylint: disable=protected-access
return self._service._clientsPool.screenshot() # pylint: disable=protected-access
def get_uuid(self) -> typing.Any:
if self._service.isManaged():

55
actor/src/udsactor/http/server.py
View File

@@ -42,18 +42,11 @@ from .. import rest
from .public import PublicProvider
from .local import LocalProvider
# a couple of 1.2 ciphers + 1.3 ciphers (implicit)
DEFAULT_CIPHERS = (
'ECDHE-RSA-AES128-GCM-SHA256'
':ECDHE-RSA-AES256-GCM-SHA384'
)
# Not imported at runtime, just for type checking
if typing.TYPE_CHECKING:
from ..service import CommonService
from .handler import Handler
class HTTPServerHandler(http.server.BaseHTTPRequestHandler):
protocol_version = 'HTTP/1.0'
server_version = 'UDS Actor Server'
@@ -61,12 +54,7 @@ class HTTPServerHandler(http.server.BaseHTTPRequestHandler):
_service: typing.Optional['CommonService'] = None
def sendJsonResponse(
self,
result: typing.Optional[typing.Any] = None,
error: typing.Optional[str] = None,
code: int = 200,
) -> None:
def sendJsonResponse(self, result: typing.Optional[typing.Any] = None, error: typing.Optional[str] = None, code: int = 200) -> None:
data = json.dumps({'result': result, 'error': error})
self.send_response(code)
self.send_header('Content-type', 'application/json')
@@ -83,13 +71,11 @@ class HTTPServerHandler(http.server.BaseHTTPRequestHandler):
# Very simple path & params splitter
path = self.path.split('?')[0][1:].split('/')
logger.debug('Path: %s, ip: %s, params: %s', path, self.client_address, params)
logger.debug('Path: %s, params: %s', path, params)
handlerType: typing.Optional[typing.Type['Handler']] = None
if (
len(path) == 3 and path[0] == 'actor' and path[1] == self._service._secret
): # pylint: disable=protected-access
if len(path) == 3 and path[0] == 'actor' and path[1] == self._service._secret: # pylint: disable=protected-access
# public method
handlerType = PublicProvider
elif len(path) == 2 and path[0] == 'ui':
@@ -102,18 +88,12 @@ class HTTPServerHandler(http.server.BaseHTTPRequestHandler):
return
try:
result = getattr(
handlerType(self._service, method, params), method + '_' + path[-1]
)() # last part of path is method
result = getattr(handlerType(self._service, method, params), method + '_' + path[-1])() # last part of path is method
except AttributeError:
self.sendJsonResponse(error='Method not found', code=404)
return
except Exception as e:
logger.error(
'Got exception executing {} {}: {}'.format(
method, '/'.join(path), str(e)
)
)
logger.error('Got exception executing {} {}: {}'.format(method, '/'.join(path), str(e)))
self.sendJsonResponse(error=str(e), code=500)
return
@@ -121,10 +101,7 @@ class HTTPServerHandler(http.server.BaseHTTPRequestHandler):
def do_GET(self) -> None:
try:
params = {
v.split('=')[0]: v.split('=')[1]
for v in self.path.split('?')[1].split('&')
}
params = {v.split('=')[0]: v.split('=')[1] for v in self.path.split('?')[1].split('&')}
except Exception:
params = {}
@@ -136,9 +113,7 @@ class HTTPServerHandler(http.server.BaseHTTPRequestHandler):
content = self.rfile.read(length)
params: typing.MutableMapping[str, str] = json.loads(content)
except Exception as e:
logger.error(
'Got exception executing POST {}: {}'.format(self.path, str(e))
)
logger.error('Got exception executing POST {}: {}'.format(self.path, str(e)))
self.sendJsonResponse(error='Invalid parameters', code=400)
return
@@ -150,7 +125,6 @@ class HTTPServerHandler(http.server.BaseHTTPRequestHandler):
def log_message(self, format, *args): # pylint: disable=redefined-builtin
logger.debug(format, *args)
class HTTPServerThread(threading.Thread):
_server: typing.Optional[http.server.HTTPServer]
_service: 'CommonService'
@@ -179,22 +153,13 @@ class HTTPServerThread(threading.Thread):
def run(self):
HTTPServerHandler._service = self._service # pylint: disable=protected-access
self._certFile, password = certs.saveCertificate(
self._service._certificate
) # pylint: disable=protected-access
self._certFile, password = certs.saveCertificate(self._service._certificate) # pylint: disable=protected-access
self._server = http.server.HTTPServer(
('0.0.0.0', rest.LISTEN_PORT), HTTPServerHandler
)
self._server = http.server.HTTPServer(('0.0.0.0', rest.LISTEN_PORT), HTTPServerHandler)
# self._server.socket = ssl.wrap_socket(self._server.socket, certfile=self.certFile, server_side=True)
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
# Disable TLSv1.0 and TLSv1.1, use only TLSv1.3 or TLSv1.2 with allowed ciphers
context.minimum_version = ssl.TLSVersion.TLSv1_2
# If a configures ciphers are provided, use them, otherwise use the default ones
context.set_ciphers(self._service._certificate.ciphers or DEFAULT_CIPHERS)
context.options = ssl.CERT_NONE
context.load_cert_chain(certfile=self._certFile, password=password)
self._server.socket = context.wrap_socket(self._server.socket, server_side=True)

1
actor/src/udsactor/info.py Normal file
View File

@@ -0,0 +1 @@
VERSION = '3.0.0'

1
actor/src/udsactor/linux/log.py
View File

@@ -37,7 +37,6 @@ import typing
class LocalLogger: # pylint: disable=too-few-public-methods
linux = False
windows = True
serviceLogger = False
logger: typing.Optional[logging.Logger]

27
actor/src/udsactor/linux/operations.py
View File

@@ -41,11 +41,10 @@ import typing
from .. import types
from udsactor.log import logger
from .renamer import rename
from . import xss
def _getMacAddr(ifname: str) -> typing.Optional[str]:
'''
Returns the mac address of an interface
@@ -92,10 +91,10 @@ def _getInterfaces() -> typing.List[str]:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
names = array.array(str('B'), b'\0' * space)
outbytes = struct.unpack('iL', fcntl.ioctl(
outbytes = struct.unpack(str('iL'), fcntl.ioctl(
s.fileno(),
0x8912, # SIOCGIFCONF
struct.pack('iL', space, names.buffer_info()[0])
struct.pack(str('iL'), space, names.buffer_info()[0])
))[0]
namestr = names.tobytes()
# return namestr, outbytes
@@ -107,7 +106,6 @@ def _getIpAndMac(ifname: str) -> typing.Tuple[typing.Optional[str], typing.Optio
return (ip, mac)
def checkPermissions() -> bool:
return True
return os.getuid() == 0 # getuid only available on linux. Expect "complaioins" if edited from Windows
def getComputerName() -> str:
@@ -139,19 +137,14 @@ def reboot(flags: int = 0):
'''
Simple reboot using os command
'''
try:
subprocess.call(['/sbin/shutdown', 'now', '-r'])
except Exception as e:
logger.error('Error rebooting: %s', e)
subprocess.call(['/sbin/shutdown', 'now', '-r'])
def loggoff() -> None:
'''
Right now restarts the machine...
'''
try:
subprocess.call(['/usr/bin/pkill', '-u', os.environ['USER']])
except Exception as e:
logger.error('Error killing user processes: %s', e)
subprocess.call(['/usr/bin/pkill', '-u', os.environ['USER']])
# subprocess.call(['/sbin/shutdown', 'now', '-r'])
# subprocess.call(['/usr/bin/systemctl', 'reboot', '-i'])
@@ -162,7 +155,7 @@ def renameComputer(newName: str) -> bool:
Returns True if reboot needed
'''
rename(newName)
return True # Always reboot right now. Not much slower but much more convenient
return True # Always reboot right now. Not much slower but much more better
def joinDomain(domain: str, ou: str, account: str, password: str, executeInOneStep: bool = False):
@@ -193,9 +186,9 @@ def getCurrentUser() -> str:
def getSessionType() -> str:
'''
Known values:
* Unknown -> No XDG_SESSION_TYPE environment variable
* xrdp --> xrdp session
* other types
* Unknown -> No SESSIONNAME environment variable
* Console -> Local session
* RDP-Tcp#[0-9]+ -> RDP Session
'''
return 'xrdp' if 'XRDP_SESSION' in os.environ else os.environ.get('XDG_SESSION_TYPE', 'unknown')

7
actor/src/udsactor/linux/store.py
View File

@@ -53,10 +53,9 @@ def readConfig() -> types.ActorConfigurationType:
return types.ActorConfigurationType(
actorType=uds.get('type', types.MANAGED),
host=uds.get('host', ''),
validateCertificate=uds.getboolean('validate', fallback=True),
validateCertificate=uds.getboolean('validate', fallback=False),
master_token=uds.get('master_token', None),
own_token=uds.get('own_token', None),
restrict_net=uds.get('restrict_net', None),
pre_command=uds.get('pre_command', None),
runonce_command=uds.get('runonce_command', None),
post_command=uds.get('post_command', None),
@@ -79,7 +78,6 @@ def writeConfig(config: types.ActorConfigurationType) -> None:
writeIfValue(config.actorType, 'type')
writeIfValue(config.master_token, 'master_token')
writeIfValue(config.own_token, 'own_token')
writeIfValue(config.restrict_net, 'restrict_net')
writeIfValue(config.pre_command, 'pre_command')
writeIfValue(config.post_command, 'post_command')
writeIfValue(config.runonce_command, 'runonce_command')
@@ -102,6 +100,3 @@ def writeConfig(config: types.ActorConfigurationType) -> None:
def useOldJoinSystem() -> bool:
return False
def invokeScriptOnLogin() -> str:
return ''

13
actor/src/udsactor/linux/xss.py
View File

@@ -33,10 +33,6 @@ import ctypes
import ctypes.util
import subprocess
from udsactor.log import logger
xlib = None
xss = None
display = None
@@ -111,12 +107,9 @@ def _ensureInitialized():
def initIdleDuration(atLeastSeconds: int) -> None:
_ensureInitialized()
if atLeastSeconds:
try:
subprocess.call(['/usr/bin/xset', 's', '{}'.format(atLeastSeconds + 30)])
# And now reset it
subprocess.call(['/usr/bin/xset', 's', 'reset'])
except Exception as e:
logger.error('Error setting screensaver time: %s', e)
subprocess.call(['/usr/bin/xset', 's', '{}'.format(atLeastSeconds + 30)])
# And now reset it
subprocess.call(['/usr/bin/xset', 's', 'reset'])
def getIdleDuration() -> float:

271
actor/src/udsactor/rest.py
View File

@@ -31,72 +31,47 @@
# pylint: disable=invalid-name
import warnings
import json
import ssl
import logging
import typing
import requests
import requests.adapters
from . import types
from .version import VERSION
from .info import VERSION
# Default public listen port
LISTEN_PORT = 43910
SECURE_CIPHERS = (
'TLS_AES_256_GCM_SHA384'
':TLS_CHACHA20_POLY1305_SHA256'
':TLS_AES_128_GCM_SHA256'
':ECDHE-RSA-AES256-GCM-SHA384'
':ECDHE-RSA-AES128-GCM-SHA256'
':ECDHE-RSA-CHACHA20-POLY1305'
':ECDHE-ECDSA-AES128-GCM-SHA256'
':ECDHE-ECDSA-AES256-GCM-SHA384'
':ECDHE-ECDSA-CHACHA20-POLY1305'
)
# Default timeout
TIMEOUT = 5 # 5 seconds is more than enought
TIMEOUT = 5 # 5 seconds is more than enought
# Constants
UNKNOWN = 'unknown'
class RESTError(Exception):
ERRCODE = 0
class RESTConnectionError(RESTError):
ERRCODE = -1
# Errors ""raised"" from broker
class RESTInvalidKeyError(RESTError):
ERRCODE = 1
class RESTUnmanagedHostError(RESTError):
ERRCODE = 2
class RESTUserServiceNotFoundError(RESTError):
ERRCODE = 3
class RESTOsManagerError(RESTError):
ERRCODE = 4
# For avoid proxy on localhost connections
NO_PROXY = {
'http': None,
'https': None,
}
UDS_BASE_URL = 'https://{}/uds/rest/'
#
# Basic UDS Api
#
@@ -104,74 +79,48 @@ class UDSApi: # pylint: disable=too-few-public-methods
"""
Base for remote api accesses
"""
_host: str
_validateCert: bool
_url: str
_session: 'requests.Session'
def __init__(self, host: str, validateCert: bool) -> None:
self._host = host
self._validateCert = validateCert
self._url = UDS_BASE_URL.format(self._host)
self._url = "https://{}/uds/rest/".format(self._host)
# Disable logging requests messages except for errors, ...
logging.getLogger('request').setLevel(logging.CRITICAL)
logging.getLogger('urllib3').setLevel(logging.ERROR)
logging.getLogger("requests").setLevel(logging.CRITICAL)
logging.getLogger("urllib3").setLevel(logging.ERROR)
try:
warnings.simplefilter('ignore') # Disables all warnings
warnings.simplefilter("ignore") # Disables all warnings
except Exception:
pass
context = (
ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH)
if validateCert
else ssl._create_unverified_context(purpose=ssl.Purpose.SERVER_AUTH, check_hostname=False)
)
# Disable SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2
context.minimum_version = ssl.TLSVersion.TLSv1_2
context.set_ciphers(SECURE_CIPHERS)
# Configure session security
class UDSHTTPAdapter(requests.adapters.HTTPAdapter):
def init_poolmanager(self, *args, **kwargs) -> None:
kwargs["ssl_context"] = context
return super().init_poolmanager(*args, **kwargs)
def cert_verify(self, conn, url, verify, cert): # pylint: disable=unused-argument
# Overridden to do nothing
return super().cert_verify(conn, url, validateCert, cert)
self._session = requests.Session()
self._session.mount("https://", UDSHTTPAdapter())
@property
def _headers(self) -> typing.MutableMapping[str, str]:
return {
'Content-Type': 'application/json',
'User-Agent': 'UDS Actor v{}'.format(VERSION),
'User-Agent': 'UDS Actor v{}'.format(VERSION)
}
def _apiURL(self, method: str) -> str:
raise NotImplementedError
def _doPost(
self,
method: str, # i.e. 'initialize', 'ready', ....
payLoad: typing.MutableMapping[str, typing.Any],
headers: typing.Optional[typing.MutableMapping[str, str]] = None,
disableProxy: bool = False,
) -> typing.Any:
self,
method: str, # i.e. 'initialize', 'ready', ....
payLoad: typing.MutableMapping[str, typing.Any],
headers: typing.Optional[typing.MutableMapping[str, str]] = None,
disableProxy: bool = False
) -> typing.Any:
headers = headers or self._headers
try:
result = self._session.post(
result = requests.post(
self._apiURL(method),
data=json.dumps(payLoad),
headers=headers,
# verify=self._validateCert, Not needed, already in session
verify=self._validateCert,
timeout=TIMEOUT,
proxies=NO_PROXY if disableProxy else None, # type: ignore # if not proxies wanted, enforce it
proxies=NO_PROXY if disableProxy else None # if not proxies wanted, enforce it
)
if result.ok:
@@ -190,7 +139,6 @@ class UDSApi: # pylint: disable=too-few-public-methods
raise RESTError(data)
#
# UDS Broker API access
#
@@ -200,12 +148,7 @@ class UDSServerApi(UDSApi):
def enumerateAuthenticators(self) -> typing.Iterable[types.AuthenticatorType]:
try:
result = self._session.get(
self._url + 'auth/auths',
headers=self._headers,
# verify=self._validateCert,
timeout=4,
)
result = requests.get(self._url + 'auth/auths', headers=self._headers, verify=self._validateCert, timeout=4)
if result.ok:
for v in sorted(result.json(), key=lambda x: x['priority']):
yield types.AuthenticatorType(
@@ -214,24 +157,24 @@ class UDSServerApi(UDSApi):
auth=v['auth'],
type=v['type'],
priority=v['priority'],
isCustom=v['isCustom'],
isCustom=v['isCustom']
)
except Exception as e:
except Exception:
pass
def register( # pylint: disable=too-many-arguments, too-many-locals
self,
auth: str,
username: str,
password: str,
hostname: str,
ip: str,
mac: str,
preCommand: str,
runOnceCommand: str,
postCommand: str,
logLevel: int,
) -> str:
def register( #pylint: disable=too-many-arguments, too-many-locals
self,
auth: str,
username: str,
password: str,
hostname: str,
ip: str,
mac: str,
preCommand: str,
runOnceCommand: str,
postCommand: str,
logLevel: int
) -> str:
"""
Raises an exception if could not register, or registers and returns the "authorization token"
"""
@@ -243,7 +186,7 @@ class UDSServerApi(UDSApi):
'pre_command': preCommand,
'run_once_command': runOnceCommand,
'post_command': postCommand,
'log_level': logLevel,
'log_level': logLevel
}
# First, try to login to REST api
@@ -251,23 +194,13 @@ class UDSServerApi(UDSApi):
# First, try to login
authInfo = {'auth': auth, 'username': username, 'password': password}
headers = self._headers
result = self._session.post(
self._url + 'auth/login',
data=json.dumps(authInfo),
headers=headers,
# verify=self._validateCert,
)
result = requests.post(self._url + 'auth/login', data=json.dumps(authInfo), headers=headers, verify=self._validateCert)
if not result.ok or result.json()['result'] == 'error':
raise Exception() # Invalid credentials
headers['X-Auth-Token'] = result.json()['token']
result = self._session.post(
self._apiURL('register'),
data=json.dumps(data),
headers=headers,
# verify=self._validateCert,
)
result = requests.post(self._apiURL('register'), data=json.dumps(data), headers=headers, verify=self._validateCert)
if result.ok:
return result.json()['result']
except requests.ConnectionError as e:
@@ -279,18 +212,13 @@ class UDSServerApi(UDSApi):
raise RESTError(result.content.decode())
def initialize(
self,
token: str,
interfaces: typing.Iterable[types.InterfaceInfoType],
actor_type: typing.Optional[str],
) -> types.InitializationResultType:
def initialize(self, token: str, interfaces: typing.Iterable[types.InterfaceInfoType], actorType: typing.Optional[str]) -> types.InitializationResultType:
# Generate id list from netork cards
payload = {
'type': actor_type or types.MANAGED,
'type': actorType or types.MANAGED,
'token': token,
'version': VERSION,
'id': [{'mac': i.mac, 'ip': i.ip} for i in interfaces],
'id': [{'mac': i.mac, 'ip': i.ip} for i in interfaces]
}
r = self._doPost('initialize', payload)
os = r['os']
@@ -304,108 +232,95 @@ class UDSServerApi(UDSApi):
password=os.get('password'),
new_password=os.get('new_password'),
ad=os.get('ad'),
ou=os.get('ou'),
)
if r['os']
else None,
ou=os.get('ou')
) if r['os'] else None
)
def ready(self, own_token: str, secret: str, ip: str, port: int) -> types.CertificateInfoType:
payload = {'token': own_token, 'secret': secret, 'ip': ip, 'port': port}
payload = {
'token': own_token,
'secret': secret,
'ip': ip,
'port': port
}
result = self._doPost('ready', payload)
return types.CertificateInfoType(
private_key=result['private_key'],
server_certificate=result['server_certificate'],
password=result['password'],
ciphers=result.get('ciphers', ''),
password=result['password']
)
def notifyIpChange(self, own_token: str, secret: str, ip: str, port: int) -> types.CertificateInfoType:
payload = {'token': own_token, 'secret': secret, 'ip': ip, 'port': port}
payload = {
'token': own_token,
'secret': secret,
'ip': ip,
'port': port
}
result = self._doPost('ipchange', payload)
return types.CertificateInfoType(
private_key=result['private_key'],
server_certificate=result['server_certificate'],
password=result['password'],
ciphers=result.get('ciphers', ''),
password=result['password']
)
def notifyUnmanagedCallback(
self,
master_token: str,
secret: str,
interfaces: typing.Iterable[types.InterfaceInfoType],
port: int,
) -> types.CertificateInfoType:
def notifyUnmanagedCallback(self, master_token: str, secret: str, interfaces: typing.Iterable[types.InterfaceInfoType], port: int) -> types.CertificateInfoType:
payload = {
'id': [{'mac': i.mac, 'ip': i.ip} for i in interfaces],
'token': master_token,
'secret': secret,
'port': port,
'port': port
}
result = self._doPost('unmanaged', payload)
return types.CertificateInfoType(
private_key=result['private_key'],
server_certificate=result['server_certificate'],
password=result['password'],
ciphers=result.get('ciphers', ''),
password=result['password']
)
def login(
self,
actor_type: typing.Optional[str],
token: str,
username: str,
sessionType: str,
interfaces: typing.Iterable[types.InterfaceInfoType],
secret: typing.Optional[str],
) -> types.LoginResultInfoType:
if not token:
return types.LoginResultInfoType(ip='0.0.0.0', hostname=UNKNOWN, dead_line=None, max_idle=None)
def login(self, own_token: str, username: str, sessionType: typing.Optional[str] = None) -> types.LoginResultInfoType:
if not own_token:
return types.LoginResultInfoType(
ip='0.0.0.0',
hostname=UNKNOWN,
dead_line=None,
max_idle=None
)
payload = {
'type': actor_type or types.MANAGED,
'id': [{'mac': i.mac, 'ip': i.ip} for i in interfaces],
'token': token,
'token': own_token,
'username': username,
'session_type': sessionType,
'secret': secret or '',
'session_type': sessionType or UNKNOWN
}
result = self._doPost('login', payload)
return types.LoginResultInfoType(
ip=result['ip'],
hostname=result['hostname'],
dead_line=result['dead_line'],
max_idle=result['max_idle'],
max_idle=result['max_idle']
)
def logout(
self,
actor_type: typing.Optional[str],
token: str,
username: str,
sessionType: str,
interfaces: typing.Iterable[types.InterfaceInfoType],
secret: typing.Optional[str],
) -> typing.Optional[str]:
if not token:
return None
def logout(self, own_token: str, username: str) -> None:
if not own_token:
return
payload = {
'type': actor_type or types.MANAGED,
'id': [{'mac': i.mac, 'ip': i.ip} for i in interfaces],
'token': token,
'username': username,
'session_type': sessionType,
'secret': secret or '',
'token': own_token,
'username': username
}
return self._doPost('logout', payload) # Can be 'ok' or 'notified'
self._doPost('logout', payload)
def log(self, own_token: str, level: int, message: str) -> None:
if not own_token:
return
payLoad = {'token': own_token, 'level': level, 'message': message}
payLoad = {
'token': own_token,
'level': level,
'message': message
}
self._doPost('log', payLoad) # Ignores result...
def test(self, master_token: str, actorType: typing.Optional[str]) -> bool:
@@ -426,18 +341,22 @@ class UDSClientApi(UDSApi):
return self._url + method
def post(
self,
method: str, # i.e. 'initialize', 'ready', ....
payLoad: typing.MutableMapping[str, typing.Any],
) -> typing.Any:
self,
method: str, # i.e. 'initialize', 'ready', ....
payLoad: typing.MutableMapping[str, typing.Any]
) -> typing.Any:
return self._doPost(method=method, payLoad=payLoad, disableProxy=True)
def register(self, callbackUrl: str) -> None:
payLoad = {'callback_url': callbackUrl}
payLoad = {
'callback_url': callbackUrl
}
self.post('register', payLoad)
def unregister(self, callbackUrl: str) -> None:
payLoad = {'callback_url': callbackUrl}
payLoad = {
'callback_url': callbackUrl
}
self.post('unregister', payLoad)
def login(self, username: str, sessionType: typing.Optional[str] = None) -> types.LoginResultInfoType:
@@ -450,11 +369,13 @@ class UDSClientApi(UDSApi):
ip=result['ip'],
hostname=result['hostname'],
dead_line=result['dead_line'],
max_idle=result['max_idle'],
max_idle=result['max_idle']
)
def logout(self, username: str, sessionType: typing.Optional[str] = None) -> None:
payLoad = {'username': username, 'session_type': sessionType or UNKNOWN}
def logout(self, username: str) -> None:
payLoad = {
'username': username
}
self.post('logout', payLoad)
def ping(self) -> bool:

273
actor/src/udsactor/service.py
View File

@@ -39,7 +39,6 @@ import typing
from . import platform
from . import rest
from . import types
from . import tools
from .log import logger, DEBUG, INFO, ERROR, FATAL
from .http import clients_pool, server, cert
@@ -56,7 +55,6 @@ from .http import clients_pool, server, cert
# else:
# logger.setLevel(20000)
class CommonService: # pylint: disable=too-many-instance-attributes
_isAlive: bool = True
_rebootRequested: bool = False
@@ -77,9 +75,7 @@ class CommonService: # pylint: disable=too-many-instance-attributes
logger.debug('Executing command on {}: {}'.format(section, cmdLine))
res = subprocess.check_call(cmdLine, shell=True)
except Exception as e:
logger.error(
'Got exception executing: {} - {} - {}'.format(section, cmdLine, e)
)
logger.error('Got exception executing: {} - {} - {}'.format(section, cmdLine, e))
return False
logger.debug('Result of executing cmd for {} was {}'.format(section, res))
return True
@@ -90,9 +86,7 @@ class CommonService: # pylint: disable=too-many-instance-attributes
self._api = rest.UDSServerApi(self._cfg.host, self._cfg.validateCertificate)
self._secret = secrets.token_urlsafe(33)
self._clientsPool = clients_pool.UDSActorClientPool()
self._certificate = (
cert.defaultCertificate
) # For being used on "unmanaged" hosts only, and prior to first login
self._certificate = cert.defaultCertificate # For being used on "unmanaged" hosts only
self._http = None
# Initialzies loglevel and serviceLogger
@@ -118,24 +112,16 @@ class CommonService: # pylint: disable=too-many-instance-attributes
self._http.start()
def isManaged(self) -> bool:
return (
self._cfg.actorType != types.UNMANAGED
) # Only "unmanaged" hosts are unmanaged, the rest are "managed"
return self._cfg.actorType != types.UNMANAGED # Only "unmanaged" hosts are unmanaged, the rest are "managed"
def serviceInterfaceInfo(
self, interfaces: typing.Optional[typing.List[types.InterfaceInfoType]] = None
) -> typing.Optional[types.InterfaceInfoType]:
def serviceInterfaceInfo(self, interfaces: typing.Optional[typing.List[types.InterfaceInfoType]] = None) -> typing.Optional[types.InterfaceInfoType]:
"""
returns the inteface with unique_id mac or first interface or None if no interfaces...
"""
interfaces = (
interfaces or self._interfaces
) # Emty interfaces is like "no ip change" because cannot be notified
interfaces = interfaces or self._interfaces # Emty interfaces is like "no ip change" because cannot be notified
if self._cfg.config and interfaces:
try:
return next(
x for x in interfaces if x.mac.lower() == self._cfg.config.unique_id
)
return next(x for x in interfaces if x.mac.lower() == self._cfg.config.unique_id)
except StopIteration:
return interfaces[0]
@@ -166,12 +152,7 @@ class CommonService: # pylint: disable=too-many-instance-attributes
while self._isAlive:
counter -= 1
try:
self._certificate = self._api.ready(
self._cfg.own_token,
self._secret,
srvInterface.ip,
rest.LISTEN_PORT,
)
self._certificate = self._api.ready(self._cfg.own_token, self._secret, srvInterface.ip, rest.LISTEN_PORT)
except rest.RESTConnectionError as e:
if not logged: # Only log connection problems ONCE
logged = True
@@ -187,9 +168,7 @@ class CommonService: # pylint: disable=too-many-instance-attributes
# Success or any error that is not recoverable (retunerd by UDS). if Error, service will be cleaned in a while.
break
else:
logger.error(
'Could not locate IP address!!!. (Not registered with UDS)'
)
logger.error('Could not locate IP address!!!. (Not registered with UDS)')
# Do not continue if not alive...
if not self._isAlive:
@@ -197,9 +176,7 @@ class CommonService: # pylint: disable=too-many-instance-attributes
# Cleans sensible data
if self._cfg.config:
self._cfg = self._cfg._replace(
config=self._cfg.config._replace(os=None), data=None
)
self._cfg = self._cfg._replace(config=self._cfg.config._replace(os=None), data=None)
platform.store.writeConfig(self._cfg)
logger.info('Service ready')
@@ -218,10 +195,10 @@ class CommonService: # pylint: disable=too-many-instance-attributes
self._cfg = self._cfg._replace(runonce_command=None)
platform.store.writeConfig(self._cfg)
if self.execute(runOnce, "runOnce"):
# If runonce is present, will not do anythin more
# So we have to ensure that, when runonce command is finished, reboots the machine.
# That is, the COMMAND itself has to restart the machine!
return False # If the command fails, continue with the rest of the operations...
# If runonce is present, will not do anythin more
# So we have to ensure that, when runonce command is finished, reboots the machine.
# That is, the COMMAND itself has to restart the machine!
return False # If the command fails, continue with the rest of the operations...
# Retry configuration while not stop service, config in case of error 10 times, reboot vm
counter = 10
@@ -231,20 +208,9 @@ class CommonService: # pylint: disable=too-many-instance-attributes
if self._cfg.config and self._cfg.config.os:
osData = self._cfg.config.os
if osData.action == 'rename':
self.rename(
osData.name,
osData.username,
osData.password,
osData.new_password,
)
self.rename(osData.name, osData.username, osData.password, osData.new_password)
elif osData.action == 'rename_ad':
self.joinDomain(
osData.name,
osData.ad or '',
osData.ou or '',
osData.username or '',
osData.password or '',
)
self.joinDomain(osData.name, osData.ad or '', osData.ou or '', osData.username or '', osData.password or '')
if self._rebootRequested:
try:
@@ -268,12 +234,7 @@ class CommonService: # pylint: disable=too-many-instance-attributes
self.getInterfaces() # Ensure we have interfaces
if self._cfg.master_token:
try:
self._certificate = self._api.notifyUnmanagedCallback(
self._cfg.master_token,
self._secret,
self._interfaces,
rest.LISTEN_PORT,
)
self._certificate = self._api.notifyUnmanagedCallback(self._cfg.master_token, self._secret, self._interfaces, rest.LISTEN_PORT)
except Exception as e:
logger.error('Couuld not notify unmanaged callback: %s', e)
@@ -284,17 +245,13 @@ class CommonService: # pylint: disable=too-many-instance-attributes
return
while self._isAlive:
self._interfaces = tools.validNetworkCards(
self._cfg.restrict_net, platform.operations.getNetworkInfo()
)
self._interfaces = list(platform.operations.getNetworkInfo())
if self._interfaces:
break
self.doWait(5000)
def initialize(self) -> bool:
if (
self._initialized or not self._cfg.host or not self._isAlive
): # Not configured or not running
if self._initialized or not self._cfg.host or not self._isAlive: # Not configured or not running
return False
self._initialized = True
@@ -311,25 +268,20 @@ class CommonService: # pylint: disable=too-many-instance-attributes
try:
# If master token is present, initialize and get configuration data
if self._cfg.master_token:
initResult: types.InitializationResultType = self._api.initialize(
self._cfg.master_token, self._interfaces, self._cfg.actorType
)
initResult: types.InitializationResultType = self._api.initialize(self._cfg.master_token, self._interfaces, self._cfg.actorType)
if not initResult.own_token: # Not managed
logger.debug(
'This host is not managed by UDS Broker (ids: {})'.format(
self._interfaces
)
)
logger.debug('This host is not managed by UDS Broker (ids: {})'.format(self._interfaces))
return False
# Only removes master token for managed machines (will need it on next client execution)
# Only removes token for managed machines
master_token = None if self.isManaged() else self._cfg.master_token
self._cfg = self._cfg._replace(
master_token=master_token,
own_token=initResult.own_token,
config=types.ActorDataConfigurationType(
unique_id=initResult.unique_id, os=initResult.os
),
unique_id=initResult.unique_id,
os=initResult.os
)
)
# On first successfull initialization request, master token will dissapear for managed hosts so it will be no more available (not needed anyway)
@@ -342,28 +294,17 @@ class CommonService: # pylint: disable=too-many-instance-attributes
break # Initial configuration done..
except rest.RESTConnectionError as e:
logger.info(
'Trying to inititialize connection with broker (last error: {})'.format(
e
)
)
logger.info('Trying to inititialize connection with broker (last error: {})'.format(e))
self.doWait(5000) # Wait a bit and retry
except rest.RESTError as e: # Invalid key?
logger.error(
'Error validating with broker. (Invalid token?): {}'.format(e)
)
except rest.RESTError as e: # Invalid key?
logger.error('Error validating with broker. (Invalid token?): {}'.format(e))
return False
except Exception:
logger.exception()
self.doWait(5000) # Wait a bit and retry...
return self.configureMachine()
def uninitialize(self):
self._initialized = False
self._cfg = self._cfg._replace(
own_token=None
) # Ensures assigned token is cleared
self._cfg = self._cfg._replace(own_token=None) # Ensures assigned token is cleared
def finish(self) -> None:
if self._http:
@@ -373,14 +314,7 @@ class CommonService: # pylint: disable=too-many-instance-attributes
if self._loggedIn and self._cfg.own_token:
self._loggedIn = False
try:
self._api.logout(
self._cfg.actorType,
self._cfg.own_token,
'',
'',
self._interfaces,
self._secret,
)
self._api.logout(self._cfg.own_token, '')
except Exception as e:
logger.error('Error notifying final logout to UDS: %s', e)
@@ -391,33 +325,19 @@ class CommonService: # pylint: disable=too-many-instance-attributes
return # Unamanaged hosts does not changes ips. (The full initialize-login-logout process is done in a row, so at login the IP is correct)
try:
if (
not self._cfg.own_token
or not self._cfg.config
or not self._cfg.config.unique_id
):
if not self._cfg.own_token or not self._cfg.config or not self._cfg.config.unique_id:
# Not enouth data do check
return
currentInterfaces = tools.validNetworkCards(
self._cfg.restrict_net, platform.operations.getNetworkInfo()
)
currentInterfaces = list(platform.operations.getNetworkInfo())
old = self.serviceInterfaceInfo()
new = self.serviceInterfaceInfo(currentInterfaces)
if not new or not old:
raise Exception(
'No ip currently available for {}'.format(
self._cfg.config.unique_id
)
)
raise Exception('No ip currently available for {}'.format(self._cfg.config.unique_id))
if old.ip != new.ip:
self._certificate = self._api.notifyIpChange(
self._cfg.own_token, self._secret, new.ip, rest.LISTEN_PORT
)
self._certificate = self._api.notifyIpChange(self._cfg.own_token, self._secret, new.ip, rest.LISTEN_PORT)
# Now store new addresses & interfaces...
self._interfaces = currentInterfaces
logger.info(
'Ip changed from {} to {}. Notified to UDS'.format(old.ip, new.ip)
)
logger.info('Ip changed from {} to {}. Notified to UDS'.format(old.ip, new.ip))
# Stop the running HTTP Thread and start a new one, with new generated cert
self.startHttpServer()
except Exception as e:
@@ -425,34 +345,29 @@ class CommonService: # pylint: disable=too-many-instance-attributes
logger.warn('Checking ips failed: {}'.format(e))
def rename(
self,
name: str,
userName: typing.Optional[str] = None,
oldPassword: typing.Optional[str] = None,
newPassword: typing.Optional[str] = None,
) -> None:
self,
name: str,
userName: typing.Optional[str] = None,
oldPassword: typing.Optional[str] = None,
newPassword: typing.Optional[str] = None
) -> None:
'''
Invoked when broker requests a rename action
default does nothing
'''
hostName = platform.operations.getComputerName()
if hostName.lower() == name.lower():
logger.info('Computer name is already {}'.format(hostName))
return
# Check for password change request for an user
if userName and newPassword:
logger.info('Setting password for configured user')
try:
platform.operations.changeUserPassword(
userName, oldPassword or '', newPassword
)
platform.operations.changeUserPassword(userName, oldPassword or '', newPassword)
except Exception as e:
# Logs error, but continue renaming computer
logger.error(
'Could not change password for user {}: {}'.format(userName, e)
)
if hostName.lower() == name.lower():
logger.info('Computer name is already {}'.format(hostName))
return
raise Exception('Could not change password for user {} (maybe invalid current password is configured at broker): {} '.format(userName, str(e)))
if platform.operations.renameComputer(name):
self.reboot()
@@ -465,7 +380,7 @@ class CommonService: # pylint: disable=too-many-instance-attributes
# Now check if every registered client is already there (if logged in OFC)
if self._loggedIn and not self._clientsPool.ping():
self.logout('client_unavailable', '')
self.logout('client_unavailable')
except Exception as e:
logger.error('Exception on main service loop: %s', e)
@@ -473,8 +388,13 @@ class CommonService: # pylint: disable=too-many-instance-attributes
# Methods that can be overriden by linux & windows Actor
# ******************************************************
def joinDomain( # pylint: disable=unused-argument, too-many-arguments
self, name: str, domain: str, ou: str, account: str, password: str
) -> None:
self,
name: str,
domain: str,
ou: str,
account: str,
password: str
) -> None:
'''
Invoked when broker requests a "domain" action
default does nothing
@@ -482,71 +402,22 @@ class CommonService: # pylint: disable=too-many-instance-attributes
logger.debug('Base join invoked: {} on {}, {}'.format(name, domain, ou))
# Client notifications
def login(
self, username: str, sessionType: typing.Optional[str] = None
) -> types.LoginResultInfoType:
result = types.LoginResultInfoType(
ip='', hostname='', dead_line=None, max_idle=None
)
master_token = None
secret = None
# If unmanaged, do initialization now, because we don't know before this
# Also, even if not initialized, get a "login" notification token
def login(self, username: str, sessionType: typing.Optional[str] = None) -> types.LoginResultInfoType:
result = types.LoginResultInfoType(ip='', hostname='', dead_line=None, max_idle=None)
self._loggedIn = True
if not self.isManaged():
self._initialized = (
self.initialize()
) # Maybe it's a local login by an unmanaged host.... On real login, will execute initilize again
# Unamanaged, need the master token
master_token = self._cfg.master_token
secret = self._secret
self.initialize()
# Own token will not be set if UDS did not assigned the initialized VM to an user
# In that case, take master token (if machine is Unamanaged version)
token = self._cfg.own_token or master_token
if token:
result = self._api.login(
self._cfg.actorType,
token,
username,
sessionType or '',
self._interfaces,
secret,
)
if result.logged_in:
logger.debug('Login successful')
self._loggedIn = True
script = platform.store.invokeScriptOnLogin()
if script:
logger.info('Executing script on login: {}'.format(script))
script += f'{username} {sessionType or "unknown"} {self._cfg.actorType}'
self.execute(script, 'Logon')
if self._cfg.own_token:
result = self._api.login(self._cfg.own_token, username, sessionType)
return result
def logout(self, username: str, sessionType: typing.Optional[str]) -> None:
master_token = self._cfg.master_token
# Own token will not be set if UDS did not assigned the initialized VM to an user
# In that case, take master token (if machine is Unamanaged version)
token = self._cfg.own_token or master_token
if token:
# If logout is not processed (that is, not ok result), the logout has not been processed
if (
self._api.logout(
self._cfg.actorType,
token,
username,
sessionType or '',
self._interfaces,
self._secret,
)
!= 'ok'
):
logger.info('Logout from %s ignored as required by uds broker', username)
return
def logout(self, username: str) -> None:
self._loggedIn = False
if self._cfg.own_token:
self._api.logout(self._cfg.own_token, username)
self.onLogout(username)
if not self.isManaged():
@@ -573,25 +444,13 @@ class CommonService: # pylint: disable=too-many-instance-attributes
'''
logger.info('Service stopped')
def preConnect(
self, userName: str, protocol: str, ip: str, hostname: str, udsUserName: str
) -> str:
def preConnect(self, userName: str, protocol: str, ip: str, hostname: str) -> str: # pylint: disable=unused-argument
'''
Invoked when received a PRE Connection request via REST
Base preconnect executes the preconnect command
'''
if self._cfg.pre_command:
self.execute(
self._cfg.pre_command
+ ' {} {} {} {} {}'.format(
userName.replace('"', '%22'),
protocol,
ip,
hostname,
udsUserName.replace('"', '%22'),
),
'preConnect',
)
self.execute(self._cfg.pre_command + ' {} {} {} {}'.format(userName.replace('"', '%22'), protocol, ip, hostname), 'preConnect')
return 'ok'

42
actor/src/udsactor/tools.py
View File

@@ -28,58 +28,20 @@
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=invalid-name
import threading
import ipaddress
import typing
if typing.TYPE_CHECKING:
from udsactor.types import InterfaceInfoType
from udsactor.log import logger
class ScriptExecutorThread(threading.Thread):
def __init__(self, script: str) -> None:
super(ScriptExecutorThread, self).__init__()
self.script = script
def run(self) -> None:
from udsactor.log import logger
try:
logger.debug('Executing script: {}'.format(self.script))
exec(self.script, globals(), None) # pylint: disable=exec-used
except Exception as e:
logger.error('Error executing script: {}'.format(e))
logger.exception()
# Convert "X.X.X.X/X" to ipaddress.IPv4Network
def strToNoIPV4Network(net: typing.Optional[str]) -> typing.Optional[ipaddress.IPv4Network]:
if not net: # Empty or None
return None
try:
return ipaddress.IPv4Interface(net).network
except Exception:
return None
def validNetworkCards(
net: typing.Optional[str], cards: typing.Iterable['InterfaceInfoType']
) -> typing.List['InterfaceInfoType']:
try:
subnet = strToNoIPV4Network(net)
except Exception as e:
subnet = None
if subnet is None:
return list(cards)
def isValid(ip: str, subnet: ipaddress.IPv4Network) -> bool:
if not ip:
return False
try:
return ipaddress.IPv4Address(ip) in subnet
except Exception:
return False
return [c for c in cards if isValid(c.ip, subnet)]

6
actor/src/udsactor/types.py
View File

@@ -35,7 +35,6 @@ class ActorConfigurationType(typing.NamedTuple):
actorType: typing.Optional[str] = None
master_token: typing.Optional[str] = None
own_token: typing.Optional[str] = None
restrict_net: typing.Optional[str] = None
pre_command: typing.Optional[str] = None
runonce_command: typing.Optional[str] = None
@@ -58,12 +57,7 @@ class LoginResultInfoType(typing.NamedTuple):
dead_line: typing.Optional[int]
max_idle: typing.Optional[int] # Not provided by broker
@property
def logged_in(self) -> bool:
return self.hostname != '' or self.ip != ''
class CertificateInfoType(typing.NamedTuple):
private_key: str
server_certificate: str
password: str
ciphers: str

1
actor/src/udsactor/version.py
View File

@@ -1 +0,0 @@
VERSION = '3.6.0'

3
actor/src/udsactor/windows/log.py
View File

@@ -34,7 +34,7 @@ import os
import tempfile
import typing
import servicemanager
import servicemanager # pylint: disable=import-error
# Valid logging levels, from UDS Broker (uds.core.utils.log).
from .. import loglevel
@@ -42,7 +42,6 @@ from .. import loglevel
class LocalLogger: # pylint: disable=too-few-public-methods
linux = False
windows = True
serviceLogger = False
logger: typing.Optional[logging.Logger]

8
actor/src/udsactor/windows/runner.py
View File

@@ -41,8 +41,6 @@ from .service import UDSActorSvc
def setupRecoverService():
svc_name = UDSActorSvc._svc_name_ # pylint: disable=protected-access
hs = None
hscm = None
try:
hscm = win32service.OpenSCManager(None, None, win32service.SC_MANAGER_ALL_ACCESS)
@@ -59,11 +57,9 @@ def setupRecoverService():
}
win32service.ChangeServiceConfig2(hs, win32service.SERVICE_CONFIG_FAILURE_ACTIONS, service_failure_actions)
finally:
if hs:
win32service.CloseServiceHandle(hs)
win32service.CloseServiceHandle(hs)
finally:
if hscm:
win32service.CloseServiceHandle(hscm)
win32service.CloseServiceHandle(hscm)
def run() -> None:

28
actor/src/udsactor/windows/service.py
View File

@@ -39,7 +39,6 @@ import win32net
import win32event
import pythoncom
import servicemanager
import winreg as wreg
from . import operations
from . import store
@@ -139,7 +138,7 @@ class UDSActorSvc(win32serviceutil.ServiceFramework, CommonService):
logger.info('Using multiple step join because configuration requests to do so')
self.multiStepJoin(name, domain, ou, account, password)
def preConnect(self, userName: str, protocol: str, ip: str, hostname: str, udsUserName: str) -> str:
def preConnect(self, userName: str, protocol: str, ip: str, hostname: str) -> str:
logger.debug('Pre connect invoked')
if protocol == 'rdp': # If connection is not using rdp, skip adding user
@@ -168,7 +167,7 @@ class UDSActorSvc(win32serviceutil.ServiceFramework, CommonService):
self._user = None
logger.debug('User {} already in group'.format(userName))
return super().preConnect(userName, protocol, ip, hostname, udsUserName)
return super().preConnect(userName, protocol, ip, hostname)
def ovLogon(self, username: str, password: str) -> str:
"""
@@ -198,18 +197,6 @@ class UDSActorSvc(win32serviceutil.ServiceFramework, CommonService):
except Exception as e:
logger.error('Exception removing user from Remote Desktop Users: {}'.format(e))
def isInstallationRunning(self):
'''
Detect if windows is installing anything, so we can delay the execution of Service
'''
try:
key = wreg.OpenKey(wreg.HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State')
data, _ = wreg.QueryValueEx(key, 'ImageState')
logger.debug('State: %s', data)
return data != 'IMAGE_STATE_COMPLETE' # If ImageState is different of ImageStateComplete, there is something running on installation
except Exception: # If not found, means that no installation is running
return False
def SvcDoRun(self) -> None: # pylint: disable=too-many-statements, too-many-branches
'''
Main service loop
@@ -222,17 +209,6 @@ class UDSActorSvc(win32serviceutil.ServiceFramework, CommonService):
pythoncom.CoInitialize() # pylint: disable=no-member
# Check if some install is running on windows before proceeding
while self._isAlive:
if self.isInstallationRunning():
win32event.WaitForSingleObject(self._hWaitStop, 1000) # Wait a bit, and check again
continue
break
if not self._isAlive: # Has been stopped while waiting windows installations
self.finish()
return
# Unmanaged services does not initializes "on start", but rather when user logs in (because userservice does not exists "as such" before that)
if self.isManaged():
if not self.initialize():

17
actor/src/udsactor/windows/store.py
View File

@@ -76,9 +76,9 @@ def writeConfig(config: types.ActorConfigurationType) -> None:
except Exception:
key = wreg.CreateKeyEx(BASEKEY, PATH, 0, wreg.KEY_ALL_ACCESS)
fixRegistryPermissions(key.handle) # type: ignore
fixRegistryPermissions(key.handle)
wreg.SetValueEx(key, "", 0, wreg.REG_BINARY, pickle.dumps(config)) # type: ignore
wreg.SetValueEx(key, "", 0, wreg.REG_BINARY, pickle.dumps(config))
wreg.CloseKey(key)
@@ -94,16 +94,3 @@ def useOldJoinSystem() -> bool:
data = ''
return data == 'old'
def invokeScriptOnLogin() -> str:
try:
key = wreg.OpenKey(BASEKEY, PATH, 0, wreg.KEY_QUERY_VALUE)
try:
data, _ = wreg.QueryValueEx(key, 'logonScript')
except Exception:
data = ''
wreg.CloseKey(key)
except Exception:
data = ''
return data

6
actor/src/ui/setup_dialog_ui.py
View File

@@ -2,10 +2,9 @@
# Form implementation generated from reading ui file 'setup-dialog.ui'
#
# Created by: PyQt5 UI code generator 5.15.2
# Created by: PyQt5 UI code generator 5.13.2
#
# WARNING: Any manual changes made to this file will be lost when pyuic5 is
# run again. Do not edit this file unless you know what you are doing.
# WARNING! All changes made in this file will be lost!
from PyQt5 import QtCore, QtGui, QtWidgets
@@ -192,7 +191,6 @@ class Ui_UdsActorSetupDialog(object):
self.retranslateUi(UdsActorSetupDialog)
self.tabWidget.setCurrentIndex(0)
self.validateCertificate.setCurrentIndex(1)
self.logLevelComboBox.setCurrentIndex(1)
self.closeButton.clicked.connect(UdsActorSetupDialog.finish)
self.registerButton.clicked.connect(UdsActorSetupDialog.registerWithUDS)

35
actor/src/ui/setup_dialog_unmanaged_ui.py
View File

@@ -2,10 +2,9 @@
# Form implementation generated from reading ui file 'setup-dialog-unmanaged.ui'
#
# Created by: PyQt5 UI code generator 5.15.2
# Created by: PyQt5 UI code generator 5.13.2
#
# WARNING: Any manual changes made to this file will be lost when pyuic5 is
# run again. Do not edit this file unless you know what you are doing.
# WARNING! All changes made in this file will be lost!
from PyQt5 import QtCore, QtGui, QtWidgets
@@ -15,7 +14,7 @@ class Ui_UdsActorSetupDialog(object):
def setupUi(self, UdsActorSetupDialog):
UdsActorSetupDialog.setObjectName("UdsActorSetupDialog")
UdsActorSetupDialog.setWindowModality(QtCore.Qt.WindowModal)
UdsActorSetupDialog.resize(601, 243)
UdsActorSetupDialog.resize(595, 220)
sizePolicy = QtWidgets.QSizePolicy(QtWidgets.QSizePolicy.Preferred, QtWidgets.QSizePolicy.Preferred)
sizePolicy.setHorizontalStretch(0)
sizePolicy.setVerticalStretch(0)
@@ -35,12 +34,12 @@ class Ui_UdsActorSetupDialog(object):
UdsActorSetupDialog.setModal(True)
self.saveButton = QtWidgets.QPushButton(UdsActorSetupDialog)
self.saveButton.setEnabled(True)
self.saveButton.setGeometry(QtCore.QRect(10, 210, 181, 23))
self.saveButton.setGeometry(QtCore.QRect(10, 180, 181, 23))
self.saveButton.setMinimumSize(QtCore.QSize(181, 0))
self.saveButton.setContextMenuPolicy(QtCore.Qt.DefaultContextMenu)
self.saveButton.setObjectName("saveButton")
self.closeButton = QtWidgets.QPushButton(UdsActorSetupDialog)
self.closeButton.setGeometry(QtCore.QRect(410, 210, 171, 23))
self.closeButton.setGeometry(QtCore.QRect(410, 180, 171, 23))
sizePolicy = QtWidgets.QSizePolicy(QtWidgets.QSizePolicy.Preferred, QtWidgets.QSizePolicy.Fixed)
sizePolicy.setHorizontalStretch(0)
sizePolicy.setVerticalStretch(0)
@@ -50,11 +49,11 @@ class Ui_UdsActorSetupDialog(object):
self.closeButton.setObjectName("closeButton")
self.testButton = QtWidgets.QPushButton(UdsActorSetupDialog)
self.testButton.setEnabled(False)
self.testButton.setGeometry(QtCore.QRect(210, 210, 181, 23))
self.testButton.setGeometry(QtCore.QRect(210, 180, 181, 23))
self.testButton.setMinimumSize(QtCore.QSize(181, 0))
self.testButton.setObjectName("testButton")
self.layoutWidget = QtWidgets.QWidget(UdsActorSetupDialog)
self.layoutWidget.setGeometry(QtCore.QRect(10, 10, 571, 191))
self.layoutWidget.setGeometry(QtCore.QRect(10, 10, 571, 161))
self.layoutWidget.setObjectName("layoutWidget")
self.formLayout = QtWidgets.QFormLayout(self.layoutWidget)
self.formLayout.setSizeConstraint(QtWidgets.QLayout.SetDefaultConstraint)
@@ -85,7 +84,7 @@ class Ui_UdsActorSetupDialog(object):
self.formLayout.setWidget(2, QtWidgets.QFormLayout.FieldRole, self.serviceToken)
self.label_loglevel = QtWidgets.QLabel(self.layoutWidget)
self.label_loglevel.setObjectName("label_loglevel")
self.formLayout.setWidget(4, QtWidgets.QFormLayout.LabelRole, self.label_loglevel)
self.formLayout.setWidget(3, QtWidgets.QFormLayout.LabelRole, self.label_loglevel)
self.logLevelComboBox = QtWidgets.QComboBox(self.layoutWidget)
self.logLevelComboBox.setFrame(True)
self.logLevelComboBox.setObjectName("logLevelComboBox")
@@ -97,13 +96,7 @@ class Ui_UdsActorSetupDialog(object):
self.logLevelComboBox.setItemText(2, "ERROR")
self.logLevelComboBox.addItem("")
self.logLevelComboBox.setItemText(3, "FATAL")
self.formLayout.setWidget(4, QtWidgets.QFormLayout.FieldRole, self.logLevelComboBox)
self.label_restrictNet = QtWidgets.QLabel(self.layoutWidget)
self.label_restrictNet.setObjectName("label_restrictNet")
self.formLayout.setWidget(3, QtWidgets.QFormLayout.LabelRole, self.label_restrictNet)
self.restrictNet = QtWidgets.QLineEdit(self.layoutWidget)
self.restrictNet.setObjectName("restrictNet")
self.formLayout.setWidget(3, QtWidgets.QFormLayout.FieldRole, self.restrictNet)
self.formLayout.setWidget(3, QtWidgets.QFormLayout.FieldRole, self.logLevelComboBox)
self.label_host.raise_()
self.host.raise_()
self.label_serviceToken.raise_()
@@ -112,8 +105,6 @@ class Ui_UdsActorSetupDialog(object):
self.label_security.raise_()
self.label_loglevel.raise_()
self.logLevelComboBox.raise_()
self.label_restrictNet.raise_()
self.restrictNet.raise_()
self.retranslateUi(UdsActorSetupDialog)
self.logLevelComboBox.setCurrentIndex(1)
@@ -122,7 +113,6 @@ class Ui_UdsActorSetupDialog(object):
self.saveButton.clicked.connect(UdsActorSetupDialog.saveConfig)
self.host.textChanged['QString'].connect(UdsActorSetupDialog.configChanged)
self.serviceToken.textChanged['QString'].connect(UdsActorSetupDialog.configChanged)
self.restrictNet.textChanged['QString'].connect(UdsActorSetupDialog.configChanged)
QtCore.QMetaObject.connectSlotsByName(UdsActorSetupDialog)
def retranslateUi(self, UdsActorSetupDialog):
@@ -146,10 +136,7 @@ class Ui_UdsActorSetupDialog(object):
self.host.setToolTip(_translate("UdsActorSetupDialog", "Uds Broker Server Addres. Use IP or FQDN"))
self.host.setWhatsThis(_translate("UdsActorSetupDialog", "Enter here the UDS Broker Addres using either its IP address or its FQDN address"))
self.label_serviceToken.setText(_translate("UdsActorSetupDialog", "Service Token"))
self.serviceToken.setToolTip(_translate("UdsActorSetupDialog", "UDS Service Token"))
self.serviceToken.setWhatsThis(_translate("UdsActorSetupDialog", "<html><head/><body><p>Token of the service on UDS platform</p><p>This token can be obtainend from the service configuration on UDS.</p></body></html>"))
self.serviceToken.setToolTip(_translate("UdsActorSetupDialog", "UDS user with administration rights (Will not be stored on template)"))
self.serviceToken.setWhatsThis(_translate("UdsActorSetupDialog", "<html><head/><body><p>Administrator user on UDS Server.</p><p>Note: This credential will not be stored on client. Will be used to obtain an unique token for this image.</p></body></html>"))
self.label_loglevel.setText(_translate("UdsActorSetupDialog", "Log Level"))
self.label_restrictNet.setText(_translate("UdsActorSetupDialog", "Restrict Net"))
self.restrictNet.setToolTip(_translate("UdsActorSetupDialog", "Restrict valid detection of network interfaces to this network."))
self.restrictNet.setWhatsThis(_translate("UdsActorSetupDialog", "<html><head/><body><p>Restrics valid detection of network interfaces.</p><p>Note: Use this field only in case of several network interfaces, so UDS knows which one is the interface where the user will be connected..</p></body></html>"))
from ui import uds_rc

4
actor/src/ui/uds_rc.py
View File

@@ -2,7 +2,7 @@
# Resource object code
#
# Created by: The Resource Compiler for PyQt5 (Qt v5.15.2)
# Created by: The Resource Compiler for PyQt5 (Qt v5.13.2)
#
# WARNING! All changes made in this file will be lost!
@@ -175,7 +175,7 @@ qt_resource_struct_v2 = b"\
\x00\x00\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x00\x03\
\x00\x00\x00\x00\x00\x00\x00\x00\
\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\
\x00\x00\x01\x81\xce\x8a\xac\xf2\
\x00\x00\x01\x6e\x86\x31\xef\xa3\
"
qt_version = [int(v) for v in QtCore.qVersion().split('.')]

2
client-py3/full/.env
View File

@@ -1,2 +0,0 @@
PYTHONPATH=./src:${PYTHONPATH}

5
client-py3/full/linux/.gitignore vendored
View File

@@ -2,8 +2,3 @@
/udsclient-[0-9]*.spec
/debian/udsclient
/targz
/UDSClientDir
/UDSClient*.AppImage
/appimage*
/UDSClient.desktop
*.zsync

58
client-py3/full/linux/Makefile
View File

@@ -14,8 +14,6 @@ APPSDIR := $(DESTDIR)/usr/share/applications
PYC := $(shell find $(SOURCEDIR) -name '*.py[co]')
CACHES := $(shell find $(SOURCEDIR) -name '__pycache__')
clean:
rm -rf $(PYC) $(CACHES) $(DESTDIR)
install:
@@ -48,62 +46,8 @@ endif
ifeq ($(DISTRO),rh)
endif
# chmod 0755 $(BINDIR)/udsclient
uninstall:
rm -rf $(LIBDIR)
# rm -f $(BINDIR)/udsclient
# rm -rf $(CFGDIR)
build-appimage:
ifeq ($(DISTRO),x86_64)
cat udsclient-appimage-x86_64.recipe | sed -e s/"version: 0.0.0"/"version: $(VERSION)"/g > appimage.recipe
endif
ifeq ($(DISTRO),armhf)
cat udsclient-appimage-x86_64.recipe | sed -e s/"version: 0.0.0"/"version: $(VERSION)"/g | sed -e s/amd64/armhf/g | sed -e s/x86_64/armhf/g > appimage.recipe
endif
ifeq ($(DISTRO),i686)
cat udsclient-appimage-x86_64.recipe | sed -e s/"version: 0.0.0"/"version: $(VERSION)"/g | sed -e s/amd64/i386/g | sed -e s/x86_64/i686/g > appimage.recipe
endif
# Ensure all working folders are "clean"
-rm -rf appimage appimage-builder-cache /tmp/UDSClientDir appimage-build AppDir
appimage-builder --recipe appimage.recipe --appdir /tmp/UDSClientDir
# Now create dist and move appimage
rm -rf $(DESTDIR)
mkdir -p $(DESTDIR)
cp UDSClient-$(VERSION)-$(DISTRO).AppImage $(DESTDIR)
# Generate the .desktop fixed for new path
cat desktop/UDSClient.desktop | sed -e s/".usr.lib.UDSClient.UDSClient.py"/"\/usr\/bin\/UDSClient-$(VERSION)-$(DISTRO).AppImage"/g > $(DESTDIR)/UDSClient.desktop
# And also, generater installer
cat installer-appimage-template.sh | sed -e s/"0.0.0"/"$(VERSION)"/g | sed -e s/x86_64/$(DISTRO)/g > $(DESTDIR)/installer.sh
chmod 755 $(DESTDIR)/installer.sh
tar czvf ../udsclient3-$(DISTRO)-$(VERSION).tar.gz -C $(DESTDIR) .
# cleanup
-rm -rf appimage appimage-builder-cache /tmp/UDSClientDir appimage-build AppDir
build-igel:
rm -rf $(DESTDIR)
mkdir -p $(DESTDIR)
# Calculate the size of the custom partition (15 megas more than the appimage size)
@$(eval APPIMAGE_SIZE=$(shell du -sm UDSClient-$(VERSION)-x86_64.AppImage | cut -f1))
@$(eval APPIMAGE_SIZE=$(shell expr $(APPIMAGE_SIZE) + 15))
cat igel/UDSClient-Profile-template.xml | sed -e s/"_SIZE_"/"$(APPIMAGE_SIZE)M"/g > $(DESTDIR)/UDSClient-Profile.xml
cat igel/UDSClient-template.inf | sed -e s/"_SIZE_"/"$(APPIMAGE_SIZE)M"/g > $(DESTDIR)/UDSClient.inf
cp UDSClient-$(VERSION)-x86_64.AppImage $(DESTDIR)/UDSClient
chmod 755 $(DESTDIR)/UDSClient
cp igel/UDSClient.desktop $(DESTDIR)/UDSClient.desktop
cp igel/init.sh $(DESTDIR)/init.sh
tar cjvf $(DESTDIR)/UDSClient.tar.bz2 -C $(DESTDIR) UDSClient UDSClient.desktop init.sh
zip -j ../udsclient3-$(VERSION)-igel.zip $(DESTDIR)/UDSClient-Profile.xml $(DESTDIR)/UDSClient.inf $(DESTDIR)/UDSClient.tar.bz2
cd ..
rm -rf $(DESTDIR)
build-thinpro:
rm -rf $(DESTDIR)
mkdir -p $(DESTDIR)
cp -r thinpro/* $(DESTDIR)
cp UDSClient-$(VERSION)-x86_64.AppImage $(DESTDIR)/UDSClient
chmod 755 $(DESTDIR)/UDSClient
tar czvf ../udsclient3-$(VERSION)-thinpro.tar.gz -C $(DESTDIR) .
rm -rf $(DESTDIR)

13
client-py3/full/linux/build-packages.sh
View File

@@ -32,19 +32,6 @@ done
#rm udsclient-$VERSION
# Make .tar.gz with source
make DESTDIR=targz DISTRO=targz VERSION=${VERSION} install
# And make FULL CLIENT .tar.gz for x86 and raspberry
make DESTDIR=appimage DISTRO=x86_64 VERSION=${VERSION} build-appimage
make DESTDIR=appimage DISTRO=armhf VERSION=${VERSION} build-appimage
make DESTDIR=appimage DISTRO=i686 VERSION=${VERSION} build-appimage
# Now create igel version
# we need first to create the Appimage for x86_64
make DESTDIR=igelimage DISTRO=x86_64 VERSION=${VERSION} build-igel
# Create the thinpro version
make DESTDIR=thinproimage DISTRO=x86_64 VERSION=${VERSION} build-thinpro
rpm --addsign ../*rpm

12
client-py3/full/linux/debian/changelog
View File

@@ -1,15 +1,3 @@
udsclient3 (3.6.0) stable; urgency=medium
* Upgraded to 3.6.0 release
-- Adolfo Gómez García <agomez@virtualcable.es> Fri, 1 Jul 2022 14:12:10 +0200
udsclient3 (3.5.0) stable; urgency=medium
* Upgraded to 3.5.0 release
-- Adolfo Gómez García <agomez@virtualcable.es> Fri, 23 Oct 2020 08:12:10 +0200
udsclient3 (3.0.0) stable; urgency=medium
* Upgraded to 3.0.0 release

2
client-py3/full/linux/debian/compat
View File

@@ -1 +1 @@
10
9

6
client-py3/full/linux/debian/control
View File

@@ -1,15 +1,15 @@
Source: udsclient3
Section: admin
Priority: optional
Maintainer: Adolfo Gómez García <agomez@virtualcable.net>
Maintainer: Adolfo Gómez García <agomez@virtualcable.es>
Build-Depends: debhelper (>= 7), po-debconf
Standards-Version: 3.9.2
Homepage: http://www.udsenterprise.com
Homepage: http://www.virtualcable.es
Package: udsclient3
Section: admin
Priority: optional
Architecture: all
Depends: python3-paramiko (>=2.0.0), python3-certifi, python3-cryptography, python3-psutil, python3-pyqt5 (>=5.0), python3 (>=3.6), freerdp2-x11 | freerdp-x11 | freerdp-nightly, desktop-file-utils, ${misc:Depends}
Depends: python3-paramiko (>=2.0.0), python3-crypto, python3-pyqt5 (>=5.0), python3-six(>=1.1), python3 (>=3.6), freerdp2-x11 | freerdp-x11, desktop-file-utils, ${misc:Depends}
Description: Client connector for Universal Desktop Services (UDS) Broker
This package provides the required components to allow this machine to connect to services provided by UDS Broker.

52
client-py3/full/linux/debian/copyright
View File

@@ -1,38 +1,26 @@
Format-Specification: http://svn.debian.org/wsvn/dep/web/deps/dep5.mdwn?op=file&rev=135
Name: udsclient3
Maintainer: Adolfo Gómez García
Source: http://github.com/dkmstr/openuds/client-py3
Source: http://www.udsenterprise.com/
Files: *
Copyright: (c) 2014-2022, Virtual Cable S.L.U.
Copyright: 2014 Virtual Cable S.L.U.
License: BSD-3-clause
License: BSD-3-clause
All rights reserved.
.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
.
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
.
* Neither the name of pg_query nor the names of its contributors may be used
to endorse or promote products derived from this software without specific
prior written permission.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
License: GPL-2+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
.
On Debian systems, the full text of the GNU General Public
License version 2 can be found in the file
`/usr/share/common-licenses/GPL-2'.

4
client-py3/full/linux/debian/files
View File

@@ -1,2 +1,2 @@
udsclient3_3.6.0_all.deb admin optional
udsclient3_3.6.0_amd64.buildinfo admin optional
udsclient3_3.0.0_all.deb admin optional
udsclient3_3.0.0_amd64.buildinfo admin optional

2
client-py3/full/linux/desktop/UDSClient.desktop
View File

@@ -2,7 +2,7 @@
Name=UDSClient
Comment=UDS Helper
Keywords=uds;client;vdi;
Exec=/usr/lib/UDSClient/UDSClient.py %u -platform xcb
Exec=/usr/lib/UDSClient/UDSClient.py %u
Icon=help-browser
StartupNotify=true
Terminal=false

69
client-py3/full/linux/igel/UDSClient-Profile-template.xml
View File

@@ -1,69 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<profile>
<profile_id>1126</profile_id>
<profilename>UDSClient</profilename>
<firmware>
<model>IGEL OS 11</model>
<version>11.05.120.01</version>
</firmware>
<description></description>
<overwritesessions>false</overwritesessions>
<is_master_profile>false</is_master_profile>
<is_igel_os>true</is_igel_os>
<settings>
<pclass name="custom_partition.enabled">
<pvalue instancenr="-1" variableExpression="" variableSubstitutionActive="false">true</pvalue>
<variableSubstitutionActive>false</variableSubstitutionActive>
</pclass>
<pclass name="system.security.apparmor">
<pvalue instancenr="-1" variableExpression="" variableSubstitutionActive="false">false</pvalue>
<variableSubstitutionActive>false</variableSubstitutionActive>
</pclass>
<pclass name="custom_partition.mountpoint">
<pvalue instancenr="-1" variableExpression="" variableSubstitutionActive="false">/UDSClient</pvalue>
<variableSubstitutionActive>false</variableSubstitutionActive>
</pclass>
<pclass name="custom_partition.size">
<pvalue instancenr="-1" variableExpression="" variableSubstitutionActive="false">_SIZE_</pvalue>
<variableSubstitutionActive>false</variableSubstitutionActive>
</pclass>
</settings>
<instancesettings>
<instance classprefix="custom_partition.source%" serialnumber="-719cadfe:17ca470644a:-7fff127.0.1.1">
<ivalue classname="custom_partition.source%.autoupdate" variableExpression="" variableSubstitutionActive="false">false</ivalue>
<ivalue classname="custom_partition.source%.crypt_password" variableExpression="" variableSubstitutionActive="false">000d4317311f2c0031133c4d3e4c3d</ivalue>
<ivalue classname="custom_partition.source%.final_action" variableExpression="" variableSubstitutionActive="false"></ivalue>
<ivalue classname="custom_partition.source%.init_action" variableExpression="" variableSubstitutionActive="false">/UDSClient/init.sh</ivalue>
<ivalue classname="custom_partition.source%.password" variableExpression="" variableSubstitutionActive="false"></ivalue>
<ivalue classname="custom_partition.source%.url" variableExpression="" variableSubstitutionActive="false">https://[UMS_SERVER]:8443/ums_filetransfer/UDSClient.inf</ivalue>
<ivalue classname="custom_partition.source%.username" variableExpression="" variableSubstitutionActive="false">[UMS_USERNAME]</ivalue>
</instance>
<instance classprefix="sessions.chromium%" serialnumber="-6b5264e9:17ca6f65505:-8000127.0.1.1">
<ivalue classname="sessions.chromium%.app.browser_startup_page" variableExpression="" variableSubstitutionActive="false">1</ivalue>
<ivalue classname="sessions.chromium%.app.homepage" variableExpression="" variableSubstitutionActive="false">https://demo.udsenterprise.com</ivalue>
<ivalue classname="sessions.chromium%.applaunch" variableExpression="" variableSubstitutionActive="false">true</ivalue>
<ivalue classname="sessions.chromium%.applaunch_path" variableExpression="" variableSubstitutionActive="false"></ivalue>
<ivalue classname="sessions.chromium%.applaunch_system" variableExpression="" variableSubstitutionActive="false">false</ivalue>
<ivalue classname="sessions.chromium%.autostart" variableExpression="" variableSubstitutionActive="false">false</ivalue>
<ivalue classname="sessions.chromium%.autostartnotify" variableExpression="" variableSubstitutionActive="false">false</ivalue>
<ivalue classname="sessions.chromium%.desktop" variableExpression="" variableSubstitutionActive="false">true</ivalue>
<ivalue classname="sessions.chromium%.desktop_path" variableExpression="" variableSubstitutionActive="false"></ivalue>
<ivalue classname="sessions.chromium%.hotkey" variableExpression="" variableSubstitutionActive="false"></ivalue>
<ivalue classname="sessions.chromium%.hotkeymodifier" variableExpression="" variableSubstitutionActive="false">None</ivalue>
<ivalue classname="sessions.chromium%.icon" variableExpression="" variableSubstitutionActive="false">chromium</ivalue>
<ivalue classname="sessions.chromium%.menu_path" variableExpression="" variableSubstitutionActive="false"></ivalue>
<ivalue classname="sessions.chromium%.name" variableExpression="UDS" variableSubstitutionActive="true">###LOC_DEFAULT###</ivalue>
<ivalue classname="sessions.chromium%.position" variableExpression="" variableSubstitutionActive="false">0</ivalue>
<ivalue classname="sessions.chromium%.pulldown" variableExpression="" variableSubstitutionActive="false">false</ivalue>
<ivalue classname="sessions.chromium%.pwprotected" variableExpression="" variableSubstitutionActive="false">none</ivalue>
<ivalue classname="sessions.chromium%.quick_start" variableExpression="" variableSubstitutionActive="false">false</ivalue>
<ivalue classname="sessions.chromium%.scardautostart" variableExpression="" variableSubstitutionActive="false">false</ivalue>
<ivalue classname="sessions.chromium%.snotify" variableExpression="" variableSubstitutionActive="false">true</ivalue>
<ivalue classname="sessions.chromium%.startmenu" variableExpression="" variableSubstitutionActive="false">true</ivalue>
<ivalue classname="sessions.chromium%.startmenu_system" variableExpression="" variableSubstitutionActive="false">false</ivalue>
<ivalue classname="sessions.chromium%.usehotkey" variableExpression="" variableSubstitutionActive="false">false</ivalue>
<ivalue classname="sessions.chromium%.waittime2autostart" variableExpression="" variableSubstitutionActive="false">0</ivalue>
<ivalue classname="sessions.chromium%.waittime2restart" variableExpression="" variableSubstitutionActive="false">0</ivalue>
</instance>
</instancesettings>
</profile>

7
client-py3/full/linux/igel/UDSClient-template.inf
View File

@@ -1,7 +0,0 @@
[INFO]
[PART]
file="UDSClient.tar.bz2"
version="1.1_igel1"
size="_SIZE_"
name="UDSClient"
minfw="11.05.120"

4
client-py3/full/linux/igel/init.sh
View File

@@ -1,4 +0,0 @@
#!/bin/sh
cp /UDSClient/UDSClient.desktop /usr/share/applications.mime
chmod 755 /UDSClient/UDSClient

16
client-py3/full/linux/installer-appimage-template.sh
View File

@@ -1,16 +0,0 @@
#!/bin/sh
# Check for root
if ! [ $(id -u) = 0 ]; then
echo "This script must be run as root"
exit 1
fi
echo "Installing UDSClient Portable..."
cp UDSClient-0.0.0-x86_64.AppImage /usr/bin
chmod 755 /usr/bin/UDSClient-0.0.0-x86_64.AppImage
cp UDSClient.desktop /usr/share/applications
update-desktop-database
echo "Installation process done."

2
client-py3/full/linux/installer.sh
View File

@@ -8,8 +8,6 @@ echo "Installation process done."
echo "Remember that the following packages must be installed on system:"
echo "* Python3 paramiko"
echo "* Python3 PyQt5"
echo "* Python3 six"
echo "* Python3 requests"
echo "* Python3 cryptography"
echo "Theese packages (as their names), are dependent on your platform, so you must locate and install them"
echo "Also, ensure that a /media folder exists on your machine, that will be redirected on RDP connections"

2
client-py3/full/linux/readme.txt
View File

@@ -1,5 +1,3 @@
UDSClient is the client connector needed to get acccess to services managed by UDS Broker.
For raspberry Pi, AppImage does not works with 1.1.0 (works with 1.0.3)
Please, visit http://www.udsenterprise.com for more information

4
client-py3/full/linux/thinpro/firefox/45-uds
View File

@@ -1,4 +0,0 @@
# UDS handlers.json
cp "/lib/UDSClient/firefox/handlers.json" "$FIREFOX_PROFILE_HANDLERS"
ffset "network.protocol-handler.external.uds" "true"
ffset "network.protocol-handler.external.udss" "true"

98
client-py3/full/linux/thinpro/firefox/handlers.json
View File

@@ -1,98 +0,0 @@
{
"defaultHandlersVersion": {
"en-US": 4
},
"mimeTypes": {
"application/pdf": {
"action": 3,
"extensions": [
"pdf"
]
},
"application/x-ica": {
"action": 2,
"extensions": [
"ica"
],
"handlers": [
{
"name": "wfica",
"path": "/usr/share/hptc-firefox-mgr/handlers/citrix"
}
]
},
"application/x-rdp": {
"action": 2,
"extensions": [
"rdp"
],
"handlers": [
{
"name": "HP xfreerdp",
"path": "/usr/share/hptc-firefox-mgr/handlers/rdp"
}
]
},
"text/lic": {
"action": 2,
"extensions": [
"lic"
],
"handlers": [
{
"name": "Copy license to ThinPro",
"path": "/usr/share/hptc-firefox-mgr/handlers/copy_lic"
}
]
},
"text/xml": {
"action": 3,
"extensions": [
"xml"
]
},
"image/svg+xml": {
"action": 3,
"extensions": [
"svg"
]
},
"image/webp": {
"action": 3,
"extensions": [
"webp"
]
}
},
"schemes": {
"vmware-view": {
"action": 2,
"handlers": [
{
"name": "VMWare Horizon View",
"path": "/usr/share/hptc-firefox-mgr/handlers/vmware"
}
]
},
"uds": {
"action": 2,
"handlers": [
{
"name": "UDS Client for ThinPro (SSL)",
"path": "/usr/share/hptc-firefox-mgr/handlers/uds"
}
]
},
"udss": {
"action": 2,
"handlers": [
{
"name": "UDS Client for ThinPro",
"path": "/usr/share/hptc-firefox-mgr/handlers/uds"
}
]
}
}
}

5
client-py3/full/linux/thinpro/firefox/uds
View File

@@ -1,5 +0,0 @@
#!/bin/sh
export LD_PRELOAD=""
/bin/udsclient $*
exit 0

2
client-py3/full/linux/thinpro/firefox7.1/45-uds
View File

@@ -1,2 +0,0 @@
# UDS handlers.json
restore "/lib/UDSClient/firefox/handlers.json" "$FIREFOX_PROFILE_HANDLERS"

50
client-py3/full/linux/thinpro/firefox7.1/handlers.json
View File

@@ -1,50 +0,0 @@
{
"defaultHandlersVersion":{
"en-US":4
},
"mimeTypes":{
"application/pdf":{
"action":3,
"extensions":["pdf"]
},
"application/x-ica":{
"action":2,
"handlers":[{
"name":"wfica",
"path":"/usr/bin/hptc-firefox-run-wfica.sh"
}],
"extensions":["ica"]
},
"application/x-rdp":{
"action":2,
"handlers":[{
"name":"HP xfreerdp",
"path":"/usr/bin/hptc-run-rdp-file-freerdp.sh"
}],
"extensions":["rdp"]
}
},
"schemes":{
"vmware-view":{
"action":2,
"handlers":[{
"name":"VMWare Horizon View",
"path":"/usr/bin/vmware-view"
}]
},
"udss":{
"action":2,
"handlers":[{
"name":"UDS Client",
"path":"/bin/udsclient"
}]
},
"uds":{
"action":2,
"handlers":[{
"name":"UDS Client",
"path":"/bin/udsclient"
}]
}
}
}

37
client-py3/full/linux/thinpro/firefox7.1/syspref.js
View File

@@ -1,37 +0,0 @@
// This file can be used to configure global preferences for Firefox
// Example: Homepage
//pref("browser.startup.homepage", "http://www.weebls-stuff.com/wab/");
pref("plugin.default.state", 2);
pref("xpinstall.signatures.required", false, locked);
pref("extensions.autoDisableScopes", 0, locked);
pref("extensions.pocket.enabled", false, locked);
pref("extensions.screenshots.disabled", true, locked);
pref("datareporting.policy.dataSubmissionEnabled", false, locked);
pref("datareporting.policy.dataSubmissionEnabled.v2", false, locked);
pref("app.update.auto", false, locked);
pref("app.update.enabled", false, locked);
pref("browser.download.manager.closeWhenDone", true, locked);
pref("browser.helperApps.neverAsk.openFile", "application/x-rdp, application/x-java-jnlp-file", locked);
pref("browser.EULA.3.accepted", true, locked);
pref("browser.rights.3.shown", true, locked);
pref("browser.safebrowsing.enabled", false, locked);
pref("browser.search.update", false, locked);
pref("browser.sessionstore.enabled", false, locked);
pref("browser.sessionhistory.cache_subframes", false, locked);
pref("datareporting.healthreport.service.enabled", false, locked);
pref("datareporting.healthreport.uploadEnabled", false, locked);
pref("devtools.toolbox.host", "none", locked);
pref("extensions.autoDisableScopes", 14, locked);
pref("extensions.blocklist.enabled", false, locked);
pref("extensions.update.enabled", false, locked);
pref("intl.charsetmenu.browser.cache", "UTF-8", locked);
pref("network.protocol-handler.external.mailto", false, locked);
pref("network.protocol-handler.external.news", false, locked);
pref("network.protocol-handler.external.snews", false, locked);
pref("network.protocol-handler.external.nntp", false, locked);
pref("network.protocol-handler.external-default", false, locked);
pref("network.protocol-handler.external.vmware-view", true, locked);
pref("network.protocol-handler.external.uds", true, locked);
pref("network.protocol-handler.external.udss", true, locked);

38
client-py3/full/linux/thinpro/install-uds-client.sh
View File

@@ -1,38 +0,0 @@
#!/bin/sh
# Common part
# unlocks so we can write on TC
fsunlock
cp UDSClient /bin/udsclient
chmod 755 /bin/udsclient
# RDP Script for UDSClient. Launchs udsclient using the "Template_UDS" profile
cp udsrdp /usr/bin
INSTALLED=0
# Installation for 7.1.x version
grep -q "7.1" /etc/issue
if [ $? -eq 0 ]; then
echo "Installing for thinpro version 7.1"
# Allow UDS apps without asking
cp firefox7.1/syspref.js /etc/firefox
# Copy handlers.json for firefox
mkdir -p /lib/UDSClient/firefox/ > /dev/null 2>&1
cp firefox7.1/handlers.json /lib/UDSClient/firefox/
# and runner
cp firefox7.1/45-uds /etc/hptc-firefox-mgr/prestart
else
echo "Installing for thinpro version 7.2 or later"
# Copy handlers for firefox
mkdir -p /lib/UDSClient/firefox/ > /dev/null 2>&1
# Copy handlers.json for firefox
cp firefox/handlers.json /lib/UDSClient/firefox/
cp firefox/45-uds /etc/hptc-firefox-mgr/prestart
# copy uds handler for firefox
cp firefox/uds /usr/share/hptc-firefox-mgr/handlers/uds
chmod 755 /usr/share/hptc-firefox-mgr/handlers/uds
fi
# Common part
fslock

390
client-py3/full/linux/thinpro/udsrdp
View File

@@ -1,390 +0,0 @@
#!/bin/bash
function clearParams {
mclient set $REGKEY/address ""
mclient set $REGKEY/username ""
mclient set $REGKEY/password ""
mclient set $REGKEY/domain ""
mclient set $REGKEY/authorizations/user/execution 0
mclient commit
}
function getRegKey {
# Get Template_UDS
for key in `mclient get root/ConnectionType/freerdp/connections | sed "s/dir //g"`; do
val=`mclient get $key/label | sed "s/value //g"`
if [ "$val" == "Template_UDS" ]; then
REGKEY=$key
fi
done
}
function createUDSConnectionTemplate {
TMPFILE=$(mktemp /tmp/udsexport.XXXXXX)
cat > $TMPFILE << EOF
<Profile>
<ProfileSettings>
<Name>UDS Template Profile</Name>
<RegistryRoot>root/ConnectionType/freerdp/connections/{ff064bd9-047a-45ec-b70f-04ab218186ff}</RegistryRoot>
<Target>
<Hardware>t420</Hardware>
<ImageId>T7X62022</ImageId>
<Version>6.2.0</Version>
<Config>standard</Config>
</Target>
</ProfileSettings>
<ProfileRegistry>
<NodeDir name="{ff064bd9-047a-45ec-b70f-04ab218186ff}">
<NodeDir name="rdWebFeed">
<NodeKey name="keepResourcesWindowOpened">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="autoStartSingleResource">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="autoDisconnectTimeout">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
</NodeDir>
<NodeDir name="loginfields">
<NodeKey name="username">
<NodeParam name="value">3</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="rememberme">
<NodeParam name="value">2</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="password">
<NodeParam name="value">3</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="domain">
<NodeParam name="value">3</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
</NodeDir>
<NodeDir name="authorizations">
<NodeDir name="user">
<NodeKey name="execution">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">string</NodeParam>
</NodeKey>
<NodeKey name="edit">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">string</NodeParam>
</NodeKey>
</NodeDir>
</NodeDir>
<NodeKey name="address">
<NodeParam name="value"/>
<NodeParam name="type">string</NodeParam>
</NodeKey>
<NodeKey name="username">
<NodeParam name="value"/>
<NodeParam name="type">string</NodeParam>
</NodeKey>
<NodeKey name="password">
<NodeParam name="value">NLCR.1</NodeParam>
<NodeParam name="type">rc4</NodeParam>
</NodeKey>
<NodeKey name="domain">
<NodeParam name="value"/>
<NodeParam name="type">string</NodeParam>
</NodeKey>
<NodeKey name="label">
<NodeParam name="value">Template_UDS</NodeParam>
<NodeParam name="type">string</NodeParam>
</NodeKey>
<NodeKey name="credentialsType">
<NodeParam name="value">password</NodeParam>
<NodeParam name="type">string</NodeParam>
</NodeKey>
<NodeKey name="gatewayEnabled">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="gatewayPort">
<NodeParam name="value">443</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="gatewayUsesSameCredentials">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="gatewayCredentialsType">
<NodeParam name="value">password</NodeParam>
<NodeParam name="type">string</NodeParam>
</NodeKey>
<NodeKey name="remoteDesktopService">
<NodeParam name="value">Remote Computer</NodeParam>
<NodeParam name="type">string</NodeParam>
</NodeKey>
<NodeKey name="windowMode">
<NodeParam name="value">Remote Application</NodeParam>
<NodeParam name="type">string</NodeParam>
</NodeKey>
<NodeKey name="seamlessWindow">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="windowType">
<NodeParam name="value">full</NodeParam>
<NodeParam name="type">string</NodeParam>
</NodeKey>
<NodeKey name="windowSizePercentage">
<NodeParam name="value">70</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="windowSizeWidth">
<NodeParam name="value">1024</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="windowSizeHeight">
<NodeParam name="value">768</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="mouseMotionEvents">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="compression">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="rdpEncryption">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="offScreenBitmaps">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="attachToConsole">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="clipboardExtension">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="rdp6Buffering">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="rdpProgressiveCodec">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="securityLevel">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="tlsVersion">
<NodeParam name="value">auto</NodeParam>
<NodeParam name="type">string</NodeParam>
</NodeKey>
<NodeKey name="sound">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="printerMapping">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="portMapping">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="usbStorageRedirection">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="localPartitionRedirection">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="scRedirection">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="usbMiscRedirection">
<NodeParam name="value">2</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="perfFlagNoWallpaper">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="perfFlagFontSmoothing">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="perfFlagDesktopComposition">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="perfFlagNoWindowDrag">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="perfFlagNoMenuAnimations">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="perfFlagNoTheming">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="timeoutsEnabled">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="timeoutWarning">
<NodeParam name="value">6000</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="timeoutWarningDialog">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="timeoutRecovery">
<NodeParam name="value">30000</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="timeoutError">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="showRDPDashboard">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="showConnectionGraph">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="x11Synchronous">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="x11Logging">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="x11LogAutoflush">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="x11Capture">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="SingleSignOn">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="autostart">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">number</NodeParam>
</NodeKey>
<NodeKey name="waitForNetwork">
<NodeParam name="value">1</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="hasDesktopIcon">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
<NodeKey name="autoReconnect">
<NodeParam name="value">0</NodeParam>
<NodeParam name="type">bool</NodeParam>
</NodeKey>
</NodeDir>
</ProfileRegistry>
<ProfileFiles/>
</Profile>
EOF
mclient import $TMPFILE
rm $TMPFILE
}
ADDRESS=
USERNAME=
PASSWORD=
DOMAIN=
REGKEY=
CLEAR=0
# Try to locate registry key for UDS Template
getRegKey
if [ "$REGKEY" == "" ]; then
# Not found, create on based on our template
createUDSConnectionTemplate
getRegKey
fi
for param in $@; do
if [ "/u:" == "${param:0:3}" ]; then
USERNAME=${param:3}
CLEAR=1
fi
if [ "/p:" == "${param:0:3}" ]; then
PASSWORD=${param:3}
CLEAR=1
fi
if [ "/d:" == "${param:0:3}" ]; then
DOMAIN=${param:3}
CLEAR=1
fi
if [ "/v:" == "${param:0:3}" ]; then
ADDRESS=${param:3}
CLEAR=1
fi
done
if [ "$CLEAR" -eq 1 ]; then
clearParams
fi
ID=`basename $REGKEY`
RESPAWN=0
if [ "" != "$ADDRESS" ]; then
mclient set $REGKEY/address "${ADDRESS}"
RESPAWN=1
fi
if [ "" != "$USERNAME" ]; then
mclient set $REGKEY/username "${USERNAME}"
RESPAWN=1
fi
if [ "" != "$PASSWORD" ]; then
mclient set $REGKEY/password "${PASSWORD}"
RESPAWN=1
fi
if [ "" != "$DOMAIN" ]; then
mclient set $REGKEY/domain "${DOMAIN}"
RESPAWN=1
fi
if [ "$RESPAWN" -eq 1 ]; then
mclient set $REGKEY/authorizations/user/execution 1
mclient commit
exec $0 # Restart without command line
fi
process-connection $ID
clearParams

61
client-py3/full/linux/udsclient-appimage-x86_64.recipe
View File

@@ -1,61 +0,0 @@
version: 1
script:
# Remove any previous build
- rm -rf $TARGET_APPDIR | true
# Make usr and icons dirs
- mkdir -p $TARGET_APPDIR/usr/src
# Copy the python application code into the UDSClientDir
- cp ../src/UDS*.py $TARGET_APPDIR/usr/src
- cp -r ../src/uds $TARGET_APPDIR/usr/src
# Remove __pycache__ and .mypy if exists
- rm $TARGET_APPDIR/usr/src/.mypy_cache -rf 2>&1 > /dev/null
- rm $TARGET_APPDIR/usr/src/uds/.mypy_cache -rf 2>&1 > /dev/null
- rm $TARGET_APPDIR/usr/src/__pycache__ -rf 2>&1 > /dev/null
- rm $TARGET_APPDIR/usr/src/uds/__pycache__ -rf 2>&1 > /dev/null
AppDir:
# On /tmp, that is an ext4 filesystem. On btrfs squashfs complains with "Unrecognised xattr prefix btrfs.compression"
path: /tmp/UDSClientDir
app_info:
id: com.udsenterprise.UDSClient3
name: UDSClient
icon: utilities-terminal
version: 0.0.0
# Set the python executable as entry point
exec: usr/bin/python3
# Set the application main script path as argument. Use '$@' to forward CLI parameters
exec_args: "$APPDIR/usr/src/UDSClient.py $@"
apt:
arch: amd64
sources:
- sourceline: 'deb [arch=amd64] http://ftp.de.debian.org/debian/ bullseye main contrib non-free'
key_url: 'https://ftp-master.debian.org/keys/archive-key-11.asc'
include:
- python3
- python3-pkg-resources
- python3-pyqt5
- python3-paramiko
- python3-cryptography
- python3-certifi
- python3-psutil
- freerdp2-x11
- freerdp2-wayland
- x2goclient
- openssh-sftp-server
exclude: []
runtime:
env:
# Set python home
# See https://docs.python.org/3/using/cmdline.html#envvar-PYTHONHOME
PYTHONHOME: '${APPDIR}/usr'
# Path to the site-packages dir or other modules dirs
# See https://docs.python.org/3/using/cmdline.html#envvar-PYTHONPATH
PYTHONPATH: '${APPDIR}/usr/lib/python3.9/site-packages'
AppImage:
# update-information: None
sign-key: 592AF43A64B8559137FA2458AA4ECFEE784E6BA7
arch: x86_64

2
client-py3/full/linux/udsclient-template.spec
View File

@@ -11,7 +11,7 @@ Release: %{release}
Summary: Client for Universal Desktop Services (UDS) Broker
License: BSD3
Group: Applications/Productivity
Requires: python3-paramiko python3-qt5 python3-cryptography python3-certifi python3-psutil
Requires: python3-six python3-requests python3-paramiko python3-qt5 (python3-crypto or python3-pycrypto)
Vendor: Virtual Cable S.L.U.
URL: http://www.udsenterprise.com
Provides: udsclient

6
client-py3/full/src/.gitignore vendored
View File

@@ -1,6 +1,4 @@
/build
/dist
/UDSClient*.pkg
/UDSClient*.dist
/UDSClient*.build
/.eggs
UDSClient.dmg
UDSClient.pkg

407
client-py3/full/src/UDSClient.py
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env -S python3 -s
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# Copyright (c) 2014-2021 Virtual Cable S.L.U.
# Copyright (c) 2014-2017 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -12,7 +12,7 @@
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L.U. nor the names of its contributors
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
@@ -31,44 +31,41 @@
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import sys
import os
import platform
import time
import webbrowser
import threading
import typing
import json
import base64, bz2
from PyQt5 import QtCore, QtWidgets
from PyQt5.QtCore import QSettings
from uds.rest import RestApi, RetryException, InvalidVersion
# Just to ensure there are available on runtime
from uds.forward import forward as ssh_forward # type: ignore # pylint: disable=unused-import
from uds.tunnel import forward as tunnel_forwards # type: ignore # pylint: disable=unused-import
from PyQt5 import QtCore, QtGui, QtWidgets # @UnresolvedImport
import six
from uds.rest import RestRequest
from uds.forward import forward # pylint: disable=unused-import
from uds.log import logger
from uds import tools
from uds import VERSION
from UDSWindow import Ui_MainWindow
# Server before this version uses "unsigned" scripts
OLD_METHOD_VERSION = '2.4.0'
class RetryException(Exception):
pass
class UDSClient(QtWidgets.QMainWindow):
ticket: str = ''
scrambler: str = ''
withError = False
animTimer: typing.Optional[QtCore.QTimer] = None
anim: int = 0
animInverted: bool = False
api: RestApi
def __init__(self, api: RestApi, ticket: str, scrambler: str):
ticket = None
scrambler = None
withError = False
animTimer = None
anim = 0
animInverted = False
serverVersion = 'X.Y.Z' # Will be overwriten on getVersion
req = None
def __init__(self):
QtWidgets.QMainWindow.__init__(self)
self.api = api
self.ticket = ticket
self.scrambler = scrambler
self.setWindowFlags(QtCore.Qt.FramelessWindowHint | QtCore.Qt.WindowStaysOnTopHint) # type: ignore
self.setWindowFlags(QtCore.Qt.FramelessWindowHint | QtCore.Qt.WindowStaysOnTopHint)
self.ui = Ui_MainWindow()
self.ui.setupUi(self)
@@ -85,29 +82,34 @@ class UDSClient(QtWidgets.QMainWindow):
self.move(hpos, vpos)
self.animTimer = QtCore.QTimer()
self.animTimer.timeout.connect(self.updateAnim) # type: ignore
self.animTimer.timeout.connect(self.updateAnim)
# QtCore.QObject.connect(self.animTimer, QtCore.SIGNAL('timeout()'), self.updateAnim)
self.activateWindow()
self.startAnim()
def closeWindow(self):
self.close()
def processError(self, data):
if 'error' in data:
# QtWidgets.QMessageBox.critical(self, 'Request error {}'.format(data.get('retryable', '0')), data['error'], QtWidgets.QMessageBox.Ok)
if data.get('retryable', '0') == '1':
raise RetryException(data['error'])
raise Exception(data['error'])
# QtWidgets.QMessageBox.critical(self, 'Request error', rest.data['error'], QtWidgets.QMessageBox.Ok)
# self.closeWindow()
# return
def showError(self, error):
logger.error('got error: %s', error)
self.stopAnim()
self.ui.info.setText(
'UDS Plugin Error'
) # In fact, main window is hidden, so this is not visible... :)
self.ui.info.setText('UDS Plugin Error') # In fact, main window is hidden, so this is not visible... :)
self.closeWindow()
QtWidgets.QMessageBox.critical(
None, # type: ignore
'UDS Plugin Error',
'{}'.format(error),
QtWidgets.QMessageBox.Ok,
)
QtWidgets.QMessageBox.critical(None, 'UDS Plugin Error', '{}'.format(error), QtWidgets.QMessageBox.Ok)
self.withError = True
def cancelPushed(self):
@@ -123,270 +125,185 @@ class UDSClient(QtWidgets.QMainWindow):
self.ui.progressBar.setValue(self.anim)
def startAnim(self):
self.ui.progressBar.invertedAppearance = False # type: ignore
self.ui.progressBar.invertedAppearance = False
self.anim = 0
self.animInverted = False
self.ui.progressBar.setInvertedAppearance(self.animInverted)
if self.animTimer:
self.animTimer.start(40)
self.animTimer.start(40)
def stopAnim(self):
self.ui.progressBar.invertedAppearance = False # type: ignore
if self.animTimer:
self.animTimer.stop()
self.ui.progressBar.invertedAppearance = False
self.animTimer.stop()
def getVersion(self):
try:
self.api.getVersion()
except InvalidVersion as e:
QtWidgets.QMessageBox.critical(
self,
'Upgrade required',
'A newer connector version is required.\nA browser will be opened to download it.',
QtWidgets.QMessageBox.Ok,
)
webbrowser.open(e.downloadUrl)
self.closeWindow()
return
except Exception as e: # pylint: disable=broad-exception-caught
self.showError(e)
self.closeWindow()
return
self.req = RestRequest('', self, self.version)
self.req.get()
self.getTransportData()
def version(self, data):
try:
self.processError(data)
self.ui.info.setText('Processing...')
if data['result']['requiredVersion'] > VERSION:
QtWidgets.QMessageBox.critical(self, 'Upgrade required', 'A newer connector version is required.\nA browser will be opened to download it.', QtWidgets.QMessageBox.Ok)
webbrowser.open(data['result']['downloadUrl'])
self.closeWindow()
return
self.serverVersion = data['result']['requiredVersion']
self.getTransportData()
except RetryException as e:
self.ui.info.setText(str(e))
QtCore.QTimer.singleShot(1000, self.getVersion)
except Exception as e:
self.showError(e)
def getTransportData(self):
try:
script, params = self.api.getScriptAndParams(self.ticket, self.scrambler)
self.req = RestRequest('/{}/{}'.format(self.ticket, self.scrambler), self, self.transportDataReceived, params={'hostname': tools.getHostName(), 'version': VERSION})
self.req.get()
except Exception as e:
logger.exception('Got exception on getTransportData')
raise e
def transportDataReceived(self, data):
logger.debug('Transport data received')
try:
self.processError(data)
params = None
if self.serverVersion <= OLD_METHOD_VERSION:
script = bz2.decompress(base64.b64decode(data['result']))
# This fixes uds 2.2 "write" string on binary streams on some transport
script = script.replace(b'stdin.write("', b'stdin.write(b"')
script = script.replace(b'version)', b'version.decode("utf-8"))')
else:
res = data['result']
# We have three elements on result:
# * Script
# * Signature
# * Script data
# We test that the Script has correct signature, and them execute it with the parameters
#script, signature, params = res['script'].decode('base64').decode('bz2'), res['signature'], json.loads(res['params'].decode('base64').decode('bz2'))
script, signature, params = bz2.decompress(base64.b64decode(res['script'])), res['signature'], json.loads(bz2.decompress(base64.b64decode(res['params'])))
if tools.verifySignature(script, signature) is False:
logger.error('Signature is invalid')
raise Exception('Invalid UDS code signature. Please, report to administrator')
self.stopAnim()
if 'darwin' in sys.platform:
self.showMinimized()
# QtCore.QTimer.singleShot(3000, self.endScript)
# self.hide()
self.closeWindow()
QtCore.QTimer.singleShot(3000, self.endScript)
self.hide()
exec(
script, globals(), {'parent': self, 'sp': params}
) # pylint: disable=exec-used
# Execute the waiting tasks...
threading.Thread(target=endScript).start()
six.exec_(script.decode("utf-8"), globals(), {'parent': self, 'sp': params})
except RetryException as e:
self.ui.info.setText(str(e) + ', retrying access...')
self.ui.info.setText(six.text_type(e) + ', retrying access...')
# Retry operation in ten seconds
QtCore.QTimer.singleShot(10000, self.getTransportData)
except Exception as e: # pylint: disable=broad-exception-caught
logger.exception('Error getting transport data')
except Exception as e:
#logger.exception('Got exception executing script:')
self.showError(e)
def endScript(self):
# After running script, wait for stuff
try:
tools.waitForTasks()
except Exception:
pass
try:
tools.unlinkFiles()
except Exception:
pass
try:
tools.execBeforeExit()
except Exception:
pass
self.closeWindow()
def start(self):
"""
'''
Starts proccess by requesting version info
"""
'''
self.ui.info.setText('Initializing...')
QtCore.QTimer.singleShot(100, self.getVersion)
def endScript():
# Wait a bit before start processing ending sequence
time.sleep(3)
try:
# Remove early stage files...
tools.unlinkFiles(early=True)
except Exception as e: # pylint: disable=broad-exception-caught
logger.debug('Unlinking files on early stage: %s', e)
# After running script, wait for stuff
try:
logger.debug('Wating for tasks to finish...')
tools.waitForTasks()
except Exception as e: # pylint: disable=broad-exception-caught
logger.debug('Watiting for tasks to finish: %s', e)
try:
logger.debug('Unlinking files')
tools.unlinkFiles(early=False)
except Exception as e: # pylint: disable=broad-exception-caught
logger.debug('Unlinking files on later stage: %s', e)
# Removing
try:
logger.debug('Executing threads before exit')
tools.execBeforeExit()
except Exception as e: # pylint: disable=broad-exception-caught
logger.debug('execBeforeExit: %s', e)
logger.debug('endScript done')
def done(data):
QtWidgets.QMessageBox.critical(None, 'Notice', six.text_type(data.data), QtWidgets.QMessageBox.Ok)
sys.exit(0)
# Ask user to approve endpoint
def approveHost(hostName: str):
def approveHost(hostName, parentWindow=None):
settings = QtCore.QSettings()
settings.beginGroup('endpoints')
# approved = settings.value(hostName, False).toBool()
#approved = settings.value(hostName, False).toBool()
approved = bool(settings.value(hostName, False))
errorString = '<p>The server <b>{}</b> must be approved:</p>'.format(hostName)
errorString += (
'<p>Only approve UDS servers that you trust to avoid security issues.</p>'
)
errorString += '<p>Only approve UDS servers that you trust to avoid security issues.</p>'
if not approved:
if (
QtWidgets.QMessageBox.warning(
None, # type: ignore
'ACCESS Warning',
errorString,
QtWidgets.QMessageBox.Yes | QtWidgets.QMessageBox.No, # type: ignore
)
== QtWidgets.QMessageBox.Yes
):
settings.setValue(hostName, True)
approved = True
settings.endGroup()
return approved
def sslError(hostname: str, serial):
settings = QSettings()
settings.beginGroup('ssl')
approved = settings.value(serial, False)
if (
approved
or QtWidgets.QMessageBox.warning(
None, # type: ignore
'SSL Warning',
f'Could not check SSL certificate for {hostname}.\nDo you trust this host?',
QtWidgets.QMessageBox.Yes | QtWidgets.QMessageBox.No, # type: ignore
)
== QtWidgets.QMessageBox.Yes
):
if approved or QtWidgets.QMessageBox.warning(parentWindow, 'ACCESS Warning', errorString, QtWidgets.QMessageBox.Yes | QtWidgets.QMessageBox.No) == QtWidgets.QMessageBox.Yes:
settings.setValue(hostName, True)
approved = True
settings.setValue(serial, True)
settings.endGroup()
return approved
# Used only if command line says so
def minimal(api: RestApi, ticket: str, scrambler: str):
try:
logger.info('Minimal Execution')
logger.debug('Getting version')
try:
api.getVersion()
except InvalidVersion as e:
QtWidgets.QMessageBox.critical(
None, # type: ignore
'Upgrade required',
'A newer connector version is required.\nA browser will be opened to download it.',
QtWidgets.QMessageBox.Ok,
)
webbrowser.open(e.downloadUrl)
return 0
logger.debug('Transport data')
script, params = api.getScriptAndParams(ticket, scrambler)
# Execute UDS transport script
exec(script, globals(), {'parent': None, 'sp': params})
# Execute the waiting task...
threading.Thread(target=endScript).start()
except RetryException as e:
QtWidgets.QMessageBox.warning(
None, # type: ignore
'Service not ready',
'{}'.format('.\n'.join(str(e).split('.')))
+ '\n\nPlease, retry again in a while.',
QtWidgets.QMessageBox.Ok,
)
except Exception as e: # pylint: disable=broad-exception-caught
# logger.exception('Got exception on getTransportData')
QtWidgets.QMessageBox.critical(
None, # type: ignore
'Error',
'{}'.format(str(e)) + '\n\nPlease, retry again in a while.',
QtWidgets.QMessageBox.Ok,
)
return 0
def main(args: typing.List[str]):
if __name__ == "__main__":
logger.debug('Initializing connector')
# Initialize app
app = QtWidgets.QApplication(sys.argv)
logger.debug('Initializing connector for %s(%s)', sys.platform, platform.machine())
logger.debug('Arguments: %s', args)
# Set several info for settings
QtCore.QCoreApplication.setOrganizationName('Virtual Cable S.L.U.')
QtCore.QCoreApplication.setApplicationName('UDS Connector')
if 'darwin' not in sys.platform:
logger.debug('Mac OS *NOT* Detected')
app.setStyle('plastique') # type: ignore
else:
logger.debug('Platform is Mac OS, adding homebrew possible paths')
os.environ['PATH'] += ''.join(
os.pathsep + i
for i in (
'/usr/local/bin',
'/opt/homebrew/bin',
)
)
logger.debug('Now path is %s', os.environ['PATH'])
app.setStyle('plastique')
if six.PY3 is False:
logger.debug('Fixing threaded execution of commands')
import threading
threading._DummyThread._Thread__stop = lambda x: 42 # type: ignore # pylint: disable=protected-access
# First parameter must be url
useMinimal = False
try:
uri = args[1]
if uri == '--minimal':
useMinimal = True
uri = args[2] # And get URI
uri = sys.argv[1]
if uri == '--test':
sys.exit(0)
logger.debug('URI: %s', uri)
# Shows error if using http (uds:// ) version, not supported anymore
if uri[:6] == 'uds://':
QtWidgets.QMessageBox.critical(
None, # type: ignore
'Notice',
f'UDS Client Version {VERSION} does not support HTTP protocol Anymore.',
QtWidgets.QMessageBox.Ok,
)
sys.exit(1)
if uri[:7] != 'udss://':
raise Exception('Not supported protocol') # Just shows "about" dialog
if uri[:6] != 'uds://' and uri[:7] != 'udss://':
raise Exception()
host, ticket, scrambler = uri.split('//')[1].split('/') # type: ignore
logger.debug(
'host:%s, ticket:%s, scrambler:%s',
host,
ticket,
scrambler,
)
except Exception: # pylint: disable=broad-except
ssl = uri[3] == 's'
host, UDSClient.ticket, UDSClient.scrambler = uri.split('//')[1].split('/') # type: ignore
logger.debug('ssl:%s, host:%s, ticket:%s, scrambler:%s', ssl, host, UDSClient.ticket, UDSClient.scrambler)
except Exception:
logger.debug('Detected execution without valid URI, exiting')
QtWidgets.QMessageBox.critical(
None, # type: ignore
'Notice',
f'UDS Client Version {VERSION}',
QtWidgets.QMessageBox.Ok,
)
QtWidgets.QMessageBox.critical(None, 'Notice', 'UDS Client Version {}'.format(VERSION), QtWidgets.QMessageBox.Ok)
sys.exit(1)
# Setup REST api endpoint
api = RestApi(
f'https://{host}/uds/rest/client', sslError
)
RestRequest.restApiUrl = '{}://{}/rest/client'.format(['http', 'https'][ssl], host)
logger.debug('Setting request URL to %s', RestRequest.restApiUrl)
# RestRequest.restApiUrl = 'https://172.27.0.1/rest/client'
try:
logger.debug('Starting execution')
@@ -395,24 +312,18 @@ def main(args: typing.List[str]):
if approveHost(host) is False:
raise Exception('Host {} was not approved'.format(host))
win = UDSClient(api, ticket, scrambler)
win = UDSClient()
win.show()
win.start()
exitVal = app.exec()
exitVal = app.exec_()
logger.debug('Execution finished correctly')
except Exception as e: # pylint: disable=broad-exception-caught
except Exception as e:
logger.exception('Got an exception executing client:')
exitVal = 128
QtWidgets.QMessageBox.critical(
None, 'Error', str(e), QtWidgets.QMessageBox.Ok # type: ignore
)
QtWidgets.QMessageBox.critical(None, 'Error', six.text_type(e), QtWidgets.QMessageBox.Ok)
logger.debug('Exiting')
sys.exit(exitVal)
if __name__ == "__main__":
main(sys.argv)

80
client-py3/full/src/UDSClientLauncher.py
View File

@@ -1,80 +0,0 @@
import sys
import os.path
import subprocess
import typing
from uds.log import logger
import UDSClient
from UDSLauncherMac import Ui_MacLauncher
from PyQt5 import QtCore, QtWidgets, QtGui
SCRIPT_NAME = 'UDSClientLauncher'
class UdsApplication(QtWidgets.QApplication):
path: str
tunnels: typing.List[subprocess.Popen]
def __init__(self, argv: typing.List[str]) -> None:
super().__init__(argv)
self.path = os.path.join(os.path.dirname(sys.argv[0]).replace('Resources', 'MacOS'), SCRIPT_NAME)
self.tunnels = []
self.lastWindowClosed.connect(self.closeTunnels) # type: ignore
def cleanTunnels(self) -> None:
'''
Removes all finished tunnels from the list
'''
def isRunning(p: subprocess.Popen):
try:
if p.poll() is None:
return True
except Exception as e:
logger.debug('Got error polling subprocess: %s', e)
return False
# Remove references to finished tunnels, they will be garbage collected
self.tunnels = [tunnel for tunnel in self.tunnels if isRunning(tunnel)]
def closeTunnels(self) -> None:
'''
Finishes all running tunnels
'''
logger.debug('Closing remaining tunnels')
for tunnel in self.tunnels:
logger.debug('Checking %s - "%s"', tunnel, tunnel.poll())
if tunnel.poll() is None: # Running
logger.info('Found running tunnel %s, closing it', tunnel.pid)
tunnel.kill()
def event(self, evnt: QtCore.QEvent) -> bool:
if evnt.type() == QtCore.QEvent.Type.FileOpen:
fe = typing.cast(QtGui.QFileOpenEvent, evnt)
logger.debug('Got url: %s', fe.url().url())
fe.accept()
logger.debug('Spawning %s', self.path)
# First, remove all finished tunnel processed from check queue
self.cleanTunnels()
# And now add a new one
self.tunnels.append(subprocess.Popen([self.path, fe.url().url()]))
return super().event(evnt)
def main(args: typing.List[str]):
if len(args) > 1:
UDSClient.main(args)
else:
app = UdsApplication(sys.argv)
window = QtWidgets.QMainWindow()
Ui_MacLauncher().setupUi(window)
window.showMinimized()
sys.exit(app.exec())
if __name__ == "__main__":
main(args=sys.argv)

75
client-py3/full/src/UDSLauncherMac.py
View File

@@ -1,75 +0,0 @@
# -*- coding: utf-8 -*-
# Form implementation generated from reading ui file 'UDSLauncherMac.ui'
#
# Created by: PyQt5 UI code generator 5.15.2
#
# WARNING: Any manual changes made to this file will be lost when pyuic5 is
# run again. Do not edit this file unless you know what you are doing.
from PyQt5 import QtCore, QtGui, QtWidgets
class Ui_MacLauncher(object):
def setupUi(self, MacLauncher):
MacLauncher.setObjectName("MacLauncher")
MacLauncher.setWindowModality(QtCore.Qt.NonModal)
MacLauncher.resize(235, 120)
MacLauncher.setCursor(QtGui.QCursor(QtCore.Qt.ArrowCursor))
icon = QtGui.QIcon()
icon.addPixmap(QtGui.QPixmap(":/images/logo-uds-small"), QtGui.QIcon.Normal, QtGui.QIcon.Off)
MacLauncher.setWindowIcon(icon)
MacLauncher.setWindowOpacity(1.0)
self.centralwidget = QtWidgets.QWidget(MacLauncher)
self.centralwidget.setAutoFillBackground(True)
self.centralwidget.setObjectName("centralwidget")
self.verticalLayout_2 = QtWidgets.QVBoxLayout(self.centralwidget)
self.verticalLayout_2.setContentsMargins(4, 4, 4, 4)
self.verticalLayout_2.setSpacing(4)
self.verticalLayout_2.setObjectName("verticalLayout_2")
self.frame = QtWidgets.QFrame(self.centralwidget)
self.frame.setFrameShape(QtWidgets.QFrame.StyledPanel)
self.frame.setFrameShadow(QtWidgets.QFrame.Raised)
self.frame.setObjectName("frame")
self.verticalLayout = QtWidgets.QVBoxLayout(self.frame)
self.verticalLayout.setObjectName("verticalLayout")
self.topLabel = QtWidgets.QLabel(self.frame)
self.topLabel.setTextFormat(QtCore.Qt.RichText)
self.topLabel.setObjectName("topLabel")
self.verticalLayout.addWidget(self.topLabel)
self.image = QtWidgets.QLabel(self.frame)
self.image.setMinimumSize(QtCore.QSize(0, 32))
self.image.setAutoFillBackground(True)
self.image.setText("")
self.image.setPixmap(QtGui.QPixmap(":/images/logo-uds-small"))
self.image.setScaledContents(False)
self.image.setAlignment(QtCore.Qt.AlignCenter)
self.image.setObjectName("image")
self.verticalLayout.addWidget(self.image)
self.label_2 = QtWidgets.QLabel(self.frame)
self.label_2.setTextFormat(QtCore.Qt.RichText)
self.label_2.setObjectName("label_2")
self.verticalLayout.addWidget(self.label_2)
self.verticalLayout_2.addWidget(self.frame)
MacLauncher.setCentralWidget(self.centralwidget)
self.retranslateUi(MacLauncher)
QtCore.QMetaObject.connectSlotsByName(MacLauncher)
def retranslateUi(self, MacLauncher):
_translate = QtCore.QCoreApplication.translate
MacLauncher.setWindowTitle(_translate("MacLauncher", "UDS Launcher"))
self.topLabel.setText(_translate("MacLauncher", "<html><head/><body><p align=\"center\"><span style=\" font-size:12pt; font-weight:600;\">UDS Launcher</span></p></body></html>"))
self.label_2.setText(_translate("MacLauncher", "<html><head/><body><p align=\"center\"><span style=\" font-size:6pt;\">Closing this window will end all UDS tunnels</span></p></body></html>"))
import UDSResources_rc
if __name__ == "__main__":
import sys
app = QtWidgets.QApplication(sys.argv)
MacLauncher = QtWidgets.QMainWindow()
ui = Ui_MacLauncher()
ui.setupUi(MacLauncher)
MacLauncher.show()
sys.exit(app.exec_())

113
client-py3/full/src/UDSLauncherMac.ui
View File

@@ -1,113 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<ui version="4.0">
<class>MacLauncher</class>
<widget class="QMainWindow" name="MacLauncher">
<property name="windowModality">
<enum>Qt::NonModal</enum>
</property>
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>235</width>
<height>120</height>
</rect>
</property>
<property name="cursor">
<cursorShape>ArrowCursor</cursorShape>
</property>
<property name="windowTitle">
<string>UDS Launcher</string>
</property>
<property name="windowIcon">
<iconset resource="UDSResources.qrc">
<normaloff>:/images/logo-uds-small</normaloff>:/images/logo-uds-small</iconset>
</property>
<property name="windowOpacity">
<double>1.000000000000000</double>
</property>
<widget class="QWidget" name="centralwidget">
<property name="autoFillBackground">
<bool>true</bool>
</property>
<layout class="QVBoxLayout" name="verticalLayout_2">
<property name="spacing">
<number>4</number>
</property>
<property name="leftMargin">
<number>4</number>
</property>
<property name="topMargin">
<number>4</number>
</property>
<property name="rightMargin">
<number>4</number>
</property>
<property name="bottomMargin">
<number>4</number>
</property>
<item>
<widget class="QFrame" name="frame">
<property name="frameShape">
<enum>QFrame::StyledPanel</enum>
</property>
<property name="frameShadow">
<enum>QFrame::Raised</enum>
</property>
<layout class="QVBoxLayout" name="verticalLayout">
<item>
<widget class="QLabel" name="topLabel">
<property name="text">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p align=&quot;center&quot;&gt;&lt;span style=&quot; font-size:12pt; font-weight:600;&quot;&gt;UDS Launcher&lt;/span&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="textFormat">
<enum>Qt::RichText</enum>
</property>
</widget>
</item>
<item>
<widget class="QLabel" name="image">
<property name="minimumSize">
<size>
<width>0</width>
<height>32</height>
</size>
</property>
<property name="autoFillBackground">
<bool>true</bool>
</property>
<property name="text">
<string notr="true"/>
</property>
<property name="pixmap">
<pixmap resource="UDSResources.qrc">:/images/logo-uds-small</pixmap>
</property>
<property name="scaledContents">
<bool>false</bool>
</property>
<property name="alignment">
<set>Qt::AlignCenter</set>
</property>
</widget>
</item>
<item>
<widget class="QLabel" name="label_2">
<property name="text">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p align=&quot;center&quot;&gt;&lt;span style=&quot; font-size:6pt;&quot;&gt;Closing this window will end all UDS tunnels&lt;/span&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="textFormat">
<enum>Qt::RichText</enum>
</property>
</widget>
</item>
</layout>
</widget>
</item>
</layout>
</widget>
</widget>
<resources>
<include location="UDSResources.qrc"/>
</resources>
<connections/>
</ui>

6
client-py3/full/src/UDSResources_rc.py
View File

@@ -2,7 +2,7 @@
# Resource object code
#
# Created by: The Resource Compiler for PyQt5 (Qt v5.15.8)
# Created by: The Resource Compiler for PyQt5 (Qt v5.13.2)
#
# WARNING! All changes made in this file will be lost!
@@ -2467,9 +2467,9 @@ qt_resource_struct_v2 = b"\
\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x02\
\x00\x00\x00\x00\x00\x00\x00\x00\
\x00\x00\x00\x12\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\
\x00\x00\x01\x87\x81\xc5\x5e\x03\
\x00\x00\x01\x70\xc4\x82\x24\xd0\
\x00\x00\x00\x34\x00\x00\x00\x00\x00\x01\x00\x00\x08\xf1\
\x00\x00\x01\x87\x81\xc5\x5e\x03\
\x00\x00\x01\x70\xc4\x82\x24\xd0\
"
qt_version = [int(v) for v in QtCore.qVersion().split('.')]

5
client-py3/full/src/UDSWindow.py
View File

@@ -2,10 +2,9 @@
# Form implementation generated from reading ui file 'UDSWindow.ui'
#
# Created by: PyQt5 UI code generator 5.15.2
# Created by: PyQt5 UI code generator 5.13.2
#
# WARNING: Any manual changes made to this file will be lost when pyuic5 is
# run again. Do not edit this file unless you know what you are doing.
# WARNING! All changes made in this file will be lost!
from PyQt5 import QtCore, QtGui, QtWidgets

12
client-py3/full/src/uds/__init__.py
View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2014-2021 Virtual Cable S.L.
# Copyright (c) 2014-2017 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -29,11 +29,13 @@
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
VERSION = '3.6.0'
from __future__ import unicode_literals
VERSION = '3.0.0'
__title__ = 'udclient'
__version__ = VERSION
__build__ = 0x010712
__author__ = 'Adolfo Gómez <dkmaster@dkmon.com>'
__build__ = 0x010760
__author__ = 'Adolfo Gómez'
__license__ = "BSD 3-clause"
__copyright__ = "Copyright 2014-2022 VirtualCable S.L.U."
__copyright__ = "Copyright 2014-2017 VirtualCable S.L.U."

142
client-py3/full/src/uds/forward.py
View File

@@ -9,7 +9,6 @@ import random
import time
import select
import socketserver
import typing
import paramiko
@@ -25,11 +24,7 @@ class CheckfingerPrints(paramiko.MissingHostKeyPolicy):
if self.fingerPrints:
remotefingerPrints = hexlify(key.get_fingerprint()).decode().lower()
if remotefingerPrints not in self.fingerPrints.split(','):
logger.error(
"Server {!r} has invalid fingerPrints. ({} vs {})".format(
hostname, remotefingerPrints, self.fingerPrints
)
)
logger.error("Server {!r} has invalid fingerPrints. ({} vs {})".format(hostname, remotefingerPrints, self.fingerPrints))
raise paramiko.SSHException(
"Server {!r} has invalid fingerPrints".format(hostname)
)
@@ -41,49 +36,26 @@ class ForwardServer(socketserver.ThreadingTCPServer):
class Handler(socketserver.BaseRequestHandler):
event: threading.Event
thread: 'ForwardThread'
ssh_transport: paramiko.Transport
chain_host: str
chain_port: int
def handle(self):
self.thread.currentConnections += 1
try:
chan = self.ssh_transport.open_channel(
'direct-tcpip',
(self.chain_host, self.chain_port),
self.request.getpeername(),
)
chan = self.ssh_transport.open_channel('direct-tcpip',
(self.chain_host, self.chain_port),
self.request.getpeername())
except Exception as e:
logger.exception(
'Incoming request to %s:%d failed: %s',
self.chain_host,
self.chain_port,
repr(e),
)
logger.exception('Incoming request to %s:%d failed: %s', self.chain_host, self.chain_port, repr(e))
return
if chan is None:
logger.error(
'Incoming request to %s:%d was rejected by the SSH server.',
self.chain_host,
self.chain_port,
)
logger.error('Incoming request to %s:%d was rejected by the SSH server.', self.chain_host, self.chain_port)
return
logger.debug(
'Connected! Tunnel open %r -> %r -> %r',
self.request.getpeername(),
chan.getpeername(),
(self.chain_host, self.chain_port),
)
logger.debug('Connected! Tunnel open %r -> %r -> %r', self.request.getpeername(), chan.getpeername(), (self.chain_host, self.chain_port))
# self.ssh_transport.set_keepalive(10) # Keep alive every 10 seconds...
try:
while self.event.is_set() is False:
r, _w, _x = select.select(
[self.request, chan], [], [], 1
) # pylint: disable=unused-variable
r, _w, _x = select.select([self.request, chan], [], [], 1) # pylint: disable=unused-variable
if self.request in r:
data = self.request.recv(1024)
@@ -102,10 +74,7 @@ class Handler(socketserver.BaseRequestHandler):
peername = self.request.getpeername()
chan.close()
self.request.close()
logger.debug(
'Tunnel closed from %r',
peername,
)
logger.debug('Tunnel closed from %r', peername,)
except Exception:
pass
@@ -117,21 +86,8 @@ class Handler(socketserver.BaseRequestHandler):
class ForwardThread(threading.Thread):
status = 0 # Connecting
client: typing.Optional[paramiko.SSHClient]
fs: typing.Optional[ForwardServer]
def __init__(
self,
server,
port,
username,
password,
localPort,
redirectHost,
redirectPort,
waitTime,
fingerPrints,
):
def __init__(self, server, port, username, password, localPort, redirectHost, redirectPort, waitTime, fingerPrints):
threading.Thread.__init__(self)
self.client = None
self.fs = None
@@ -146,7 +102,7 @@ class ForwardThread(threading.Thread):
self.redirectPort = redirectPort
self.waitTime = waitTime
self.fingerPrints = fingerPrints
self.stopEvent = threading.Event()
@@ -160,19 +116,9 @@ class ForwardThread(threading.Thread):
if localPort is None:
localPort = random.randrange(33000, 53000)
ft = ForwardThread(
self.server,
self.port,
self.username,
self.password,
localPort,
redirectHost,
redirectPort,
self.waitTime,
self.fingerPrints,
)
ft = ForwardThread(self.server, self.port, self.username, self.password, localPort, redirectHost, redirectPort, self.waitTime, self.fingerPrints)
ft.client = self.client
self.client.useCount += 1 # type: ignore
self.client.useCount += 1 # One more using this client
ft.start()
while ft.status == 0:
@@ -180,6 +126,7 @@ class ForwardThread(threading.Thread):
return (ft, localPort)
def _timerFnc(self):
self.timer = None
logger.debug('Timer fnc: %s', self.currentConnections)
@@ -191,23 +138,14 @@ class ForwardThread(threading.Thread):
if self.client is None:
try:
self.client = paramiko.SSHClient()
self.client.useCount = 1 # type: ignore
self.client.useCount = 1 # Custom added variable, to keep track on when to close tunnel
self.client.load_system_host_keys()
self.client.set_missing_host_key_policy(
CheckfingerPrints(self.fingerPrints)
)
self.client.set_missing_host_key_policy(CheckfingerPrints(self.fingerPrints))
logger.debug('Connecting to ssh host %s:%d ...', self.server, self.port)
# To disable ssh-ageng asking for passwords: allow_agent=False
self.client.connect(
self.server,
self.port,
username=self.username,
password=self.password,
timeout=5,
allow_agent=False,
)
self.client.connect(self.server, self.port, username=self.username, password=self.password, timeout=5, allow_agent=False)
except Exception:
logger.exception('Exception connecting: ')
self.status = 2 # Error
@@ -216,7 +154,7 @@ class ForwardThread(threading.Thread):
class SubHandler(Handler):
chain_host = self.redirectHost
chain_port = self.redirectPort
ssh_transport = self.client.get_transport() # type: ignore
ssh_transport = self.client.get_transport()
event = self.stopEvent
thread = self
@@ -235,30 +173,18 @@ class ForwardThread(threading.Thread):
self.timer.cancel()
self.stopEvent.set()
if self.fs:
self.fs.shutdown()
self.fs.shutdown()
if self.client is not None:
self.client.useCount -= 1 # type: ignore
if self.client.useCount == 0: # type: ignore
self.client.useCount -= 1
if self.client.useCount == 0:
self.client.close()
self.client = None # Clean up
except Exception:
logger.exception('Exception stopping')
def forward(
server,
port,
username,
password,
redirectHost,
redirectPort,
localPort=None,
waitTime=10,
fingerPrints=None,
):
def forward(server, port, username, password, redirectHost, redirectPort, localPort=None, waitTime=10, fingerPrints=None):
'''
Instantiates an ssh connection to server:port
Returns the Thread created and the local redirected port as a list: (thread, port)
@@ -268,28 +194,10 @@ def forward(
if localPort is None:
localPort = random.randrange(40000, 50000)
logger.debug(
'Connecting to %s:%s using %s/%s redirecting to %s:%s, listening on 127.0.0.1:%s',
server,
port,
username,
password,
redirectHost,
redirectPort,
localPort,
)
logger.debug('Connecting to %s:%s using %s/%s redirecting to %s:%s, listening on 127.0.0.1:%s',
server, port, username, password, redirectHost, redirectPort, localPort)
ft = ForwardThread(
server,
port,
username,
password,
localPort,
redirectHost,
redirectPort,
waitTime,
fingerPrints,
)
ft = ForwardThread(server, port, username, password, localPort, redirectHost, redirectPort, waitTime, fingerPrints)
ft.start()

62
client-py3/full/src/uds/log.py
View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2014-2021 Virtual Cable S.L.U.
# Copyright (c) 2014 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -29,71 +29,27 @@
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
from __future__ import unicode_literals
import logging
import os
import os.path
import platform
import sys
import tempfile
LOGLEVEL = logging.INFO
DEBUG = False
# Update debug level if uds-debug-on exists
if 'linux' in sys.platform or 'darwin' in sys.platform:
logFile = os.path.expanduser('~/udsclient.log')
if os.path.isfile(os.path.expanduser('~/uds-debug-on')):
LOGLEVEL = logging.DEBUG
DEBUG = True
if sys.platform.startswith('linux'):
from os.path import expanduser # pylint: disable=ungrouped-imports
logFile = expanduser('~/udsclient.log')
else:
logFile = os.path.join(tempfile.gettempdir(), 'udsclient.log')
if os.path.isfile(os.path.join(tempfile.gettempdir(), 'uds-debug-on')):
LOGLEVEL = logging.DEBUG
DEBUG = True
logFile = os.path.join(tempfile.gettempdir(), b'udsclient.log')
try:
logging.basicConfig(
filename=logFile,
filemode='a',
format='%(levelname)s %(asctime)s %(message)s',
level=LOGLEVEL,
level=logging.INFO
)
except Exception:
logging.basicConfig(format='%(levelname)s %(asctime)s %(message)s', level=LOGLEVEL)
logging.basicConfig(format='%(levelname)s %(asctime)s %(message)s', level=logging.INFO)
logger = logging.getLogger('udsclient')
if DEBUG:
# Include as much as platform info as possible
logger.debug('Platform info:')
logger.debug(' Platform: %s', platform.platform())
logger.debug(' Node: %s', platform.node())
logger.debug(' System: %s', platform.system())
logger.debug(' Release: %s', platform.release())
logger.debug(' Version: %s', platform.version())
logger.debug(' Machine: %s', platform.machine())
logger.debug(' Processor: %s', platform.processor())
logger.debug(' Architecture: %s', platform.architecture())
logger.debug(' Python version: %s', platform.python_version())
logger.debug(' Python implementation: %s', platform.python_implementation())
logger.debug(' Python compiler: %s', platform.python_compiler())
logger.debug(' Python build: %s', platform.python_build())
# Also environment variables and any useful info
logger.debug('Log level set to DEBUG')
logger.debug('Environment variables:')
for k, v in os.environ.items():
logger.debug(' %s=%s', k, v)
# usefull info for debugging
logger.debug('Python path: %s', sys.path)
logger.debug('Python executable: %s', sys.executable)
logger.debug('Python version: %s', sys.version)
logger.debug('Python version info: %s', sys.version_info)
logger.debug('Python prefix: %s', sys.prefix)
logger.debug('Python base prefix: %s', sys.base_prefix)
logger.debug('Python executable: %s', sys.executable)
logger.debug('Python argv: %s', sys.argv)
logger.debug('Python modules path: %s', sys.path)
logger.debug('Python modules path (site): %s', sys.path_importer_cache)
logger.debug('Python modules path (site): %s', sys.path_hooks)

5
client-py3/full/src/uds/os_detector.py → client-py3/full/src/uds/osDetector.py
View File

@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2017-2021 Virtual Cable S.L.U.
# Copyright (c) 2017 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -30,13 +30,14 @@
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
from __future__ import unicode_literals
import sys
LINUX = 'Linux'
WINDOWS = 'Windows'
MAC_OS_X = 'Mac os x'
def getOs():
if sys.platform.startswith('linux'):
return LINUX

280
client-py3/full/src/uds/rest.py
View File

@@ -1,6 +1,7 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2017-2021 Virtual Cable S.L.U.
# Copyright (c) 2017 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -29,238 +30,95 @@
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
# pylint: disable=c-extension-no-member,no-name-in-module
import json
import bz2
import base64
import urllib
import urllib.parse
import urllib.request
import urllib.error
import ssl
import socket
import typing
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from PyQt5.QtCore import pyqtSignal, pyqtSlot
from PyQt5.QtCore import QObject, QUrl, QSettings
from PyQt5.QtCore import Qt
from PyQt5.QtNetwork import QNetworkAccessManager, QNetworkRequest, QNetworkReply, QSslCertificate
from PyQt5.QtWidgets import QMessageBox
from . import osDetector
from . import os_detector
from . import tools
from . import VERSION
from .log import logger
# Server before this version uses "unsigned" scripts
OLD_METHOD_VERSION = '2.4.0'
SECURE_CIPHERS = (
'TLS_AES_256_GCM_SHA384'
':TLS_CHACHA20_POLY1305_SHA256'
':TLS_AES_128_GCM_SHA256'
':ECDHE-RSA-AES256-GCM-SHA384'
':ECDHE-RSA-AES128-GCM-SHA256'
':ECDHE-RSA-CHACHA20-POLY1305'
':ECDHE-ECDSA-AES128-GCM-SHA256'
':ECDHE-ECDSA-AES256-GCM-SHA384'
':ECDHE-ECDSA-CHACHA20-POLY1305'
)
# Callback for error on cert
# parameters are hostname, serial
# If returns True, ignores error
CertCallbackType = typing.Callable[[str, str], bool]
# Exceptions
class UDSException(Exception):
pass
class RetryException(UDSException):
pass
class RestRequest(QObject):
class InvalidVersion(UDSException):
downloadUrl: str
restApiUrl = '' #
def __init__(self, downloadUrl: str) -> None:
super().__init__(downloadUrl)
self.downloadUrl = downloadUrl
class RestApi:
_restApiUrl: str # base Rest API URL
_callbackInvalidCert: typing.Optional[CertCallbackType]
_serverVersion: str
def __init__(
self,
restApiUrl,
callbackInvalidCert: typing.Optional[CertCallbackType] = None,
) -> None: # parent not used
logger.debug('Setting request URL to %s', restApiUrl)
self._restApiUrl = restApiUrl
self._callbackInvalidCert = callbackInvalidCert
self._serverVersion = ''
def get(
self, url: str, params: typing.Optional[typing.Mapping[str, str]] = None
) -> typing.Any:
if params:
url += '?' + '&'.join(
'{}={}'.format(k, urllib.parse.quote(str(v).encode('utf8')))
for k, v in params.items()
)
return json.loads(
RestApi.getUrl(self._restApiUrl + url, self._callbackInvalidCert)
)
def processError(self, data: typing.Any) -> None:
if 'error' in data:
if data.get('retryable', '0') == '1':
raise RetryException(data['error'])
raise UDSException(data['error'])
def getVersion(self) -> str:
'''Gets and stores the serverVersion.
Also checks that the version is valid for us. If not,
will raise an "InvalidVersion' exception'''
downloadUrl = ''
if not self._serverVersion:
data = self.get('')
self.processError(data)
self._serverVersion = data['result']['requiredVersion']
downloadUrl = data['result']['downloadUrl']
done = pyqtSignal(dict, name='done')
def __init__(self, url, parentWindow, done, params=None): # parent not used
super(RestRequest, self).__init__()
# private
self._manager = QNetworkAccessManager()
try:
if self._serverVersion > VERSION:
raise InvalidVersion(downloadUrl)
if os.path.exists('/etc/ssl/certs/ca-certificates.crt'):
pass
# os.environ['REQUESTS_CA_BUNDLE'] = '/etc/ssl/certs/ca-certificates.crt'
except Exception:
pass
return self._serverVersion
except InvalidVersion:
raise
if params is not None:
url += '?' + '&'.join('{}={}'.format(k, urllib.parse.quote(str(v).encode('utf8'))) for k, v in params.items())
self.url = QUrl(RestRequest.restApiUrl + url)
# connect asynchronous result, when a request finishes
self._manager.finished.connect(self._finished)
self._manager.sslErrors.connect(self._sslError)
self._parentWindow = parentWindow
self.done.connect(done, Qt.QueuedConnection)
def _finished(self, reply):
'''
Handle signal 'finished'. A network request has finished.
'''
try:
if reply.error() != QNetworkReply.NoError:
raise Exception(reply.errorString())
data = bytes(reply.readAll())
data = json.loads(data)
except Exception as e:
raise UDSException(e)
data = {
'result': None,
'error': str(e)
}
def getScriptAndParams(
self, ticket: str, scrambler: str
) -> typing.Tuple[str, typing.Any]:
'''Gets the transport script, validates it if necesary
and returns it'''
try:
data = self.get(
'/{}/{}'.format(ticket, scrambler),
params={'hostname': tools.getHostName(), 'version': VERSION},
)
except Exception as e:
logger.exception('Got exception on getTransportData')
raise e
self.done.emit(data)
logger.debug('Transport data received')
self.processError(data)
reply.deleteLater() # schedule for delete from main event loop
params = None
def _sslError(self, reply, errors):
settings = QSettings()
settings.beginGroup('ssl')
cert = errors[0].certificate()
digest = str(cert.digest().toHex())
if self._serverVersion <= OLD_METHOD_VERSION:
raise Exception('Server version is too old. Please, update it')
else:
res = data['result']
# We have three elements on result:
# * Script
# * Signature
# * Script data
# We test that the Script has correct signature, and them execute it with the parameters
# script, signature, params = res['script'].decode('base64').decode('bz2'), res['signature'], json.loads(res['params'].decode('base64').decode('bz2'))
script, signature, params = (
bz2.decompress(base64.b64decode(res['script'])),
res['signature'],
json.loads(bz2.decompress(base64.b64decode(res['params']))),
)
if tools.verifySignature(script, signature) is False:
logger.error('Signature is invalid')
approved = settings.value(digest, False)
raise Exception(
'Invalid UDS code signature. Please, report to administrator'
)
errorString = '<p>The certificate for <b>{}</b> has the following errors:</p><ul>'.format(cert.subjectInfo(QSslCertificate.CommonName))
return script.decode(), params
for err in errors:
errorString += '<li>' + err.errorString() + '</li>'
# exec(script.decode("utf-8"), globals(), {'parent': self, 'sp': params})
errorString += '</ul>'
@staticmethod
def _open(
url: str, certErrorCallback: typing.Optional[CertCallbackType] = None
) -> typing.Any:
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
# Disable SSLv2, SSLv3, TLSv1, TLSv1.1
ctx.minimum_version = ssl.TLSVersion.TLSv1_2
ctx.set_ciphers(SECURE_CIPHERS)
if approved or QMessageBox.warning(self._parentWindow, 'SSL Warning', errorString, QMessageBox.Yes | QMessageBox.No) == QMessageBox.Yes:
settings.setValue(digest, True)
reply.ignoreSslErrors()
# If we have the certificates file, we use it
if tools.getCaCertsFile() is not None:
ctx.load_verify_locations(tools.getCaCertsFile())
hostname = urllib.parse.urlparse(url)[1]
serial = ''
settings.endGroup()
port = ''
if ':' in hostname:
hostname, port = hostname.split(':')
if url.startswith('https'):
port = port or '443'
with ctx.wrap_socket(
socket.socket(socket.AF_INET, socket.SOCK_STREAM),
server_hostname=hostname,
) as s:
s.connect((hostname, int(port)))
# Get binary certificate
binCert = s.getpeercert(True)
if binCert:
cert = x509.load_der_x509_certificate(binCert, default_backend())
else:
raise Exception('Certificate not found!')
serial = hex(cert.serial_number)[2:]
response = None
ctx.verify_mode = ssl.CERT_REQUIRED
ctx.check_hostname = True
def urlopen(url: str):
# Generate the request with the headers
req = urllib.request.Request(
url,
headers={
'User-Agent': os_detector.getOs() + " - UDS Connector " + VERSION
},
)
return urllib.request.urlopen(req, context=ctx)
try:
response = urlopen(url)
except urllib.error.URLError as e:
if isinstance(e.reason, ssl.SSLCertVerificationError):
# Ask about invalid certificate
if certErrorCallback:
if certErrorCallback(hostname, serial):
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
response = urlopen(url)
else:
raise
else:
raise
return response
@staticmethod
def getUrl(
url: str, certErrorCallback: typing.Optional[CertCallbackType] = None
) -> bytes:
with RestApi._open(url, certErrorCallback) as response:
resp = response.read()
return resp
def get(self):
request = QNetworkRequest(self.url)
request.setRawHeader(b'User-Agent', osDetector.getOs().encode('utf-8') + b" - UDS Connector " + VERSION.encode('utf-8'))
self._manager.get(request)

189
client-py3/full/src/uds/tools.py
View File

@@ -1,6 +1,7 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2015-2021 Virtual Cable S.L.U.
# Copyright (c) 2015 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
@@ -29,42 +30,31 @@
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
from __future__ import unicode_literals
from base64 import b64decode
import tempfile
import string
import random
import os
import os.path
import sys
import socket
import stat
import sys
import time
import base64
import typing
import certifi
# For signature checking
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import utils, padding
try:
import psutil
except ImportError:
psutil = None
import six
from .log import logger
_unlinkFiles: typing.List[typing.Tuple[str, bool]] = []
_tasksToWait: typing.List[typing.Tuple[typing.Any, bool]] = []
_execBeforeExit: typing.List[typing.Callable[[], None]] = []
_unlinkFiles = []
_tasksToWait = []
_execBeforeExit = []
sys_fs_enc = sys.getfilesystemencoding() or 'mbcs'
# Public key for scripts
PUBLIC_KEY = b'''-----BEGIN PUBLIC KEY-----
PUBLIC_KEY = '''-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuNURlGjBpqbglkTTg2lh
dU5qPbg9Q+RofoDDucGfrbY0pjB9ULgWXUetUWDZhFG241tNeKw+aYFTEorK5P+g
ud7h9KfyJ6huhzln9eyDu3k+kjKUIB1PLtA3lZLZnBx7nmrHRody1u5lRaLVplsb
@@ -80,11 +70,15 @@ nVgtClKcDDlSaBsO875WDR0CAwEAAQ==
-----END PUBLIC KEY-----'''
def saveTempFile(content: str, filename: typing.Optional[str] = None) -> str:
def saveTempFile(content, filename=None):
if filename is None:
filename = ''.join(random.choice(string.ascii_lowercase + string.digits) for _ in range(16))
filename = filename + '.uds'
if 'win32' in sys.platform:
logger.info('Fixing for win32')
filename = filename.encode(sys_fs_enc)
filename = os.path.join(tempfile.gettempdir(), filename)
with open(filename, 'w') as f:
@@ -94,7 +88,10 @@ def saveTempFile(content: str, filename: typing.Optional[str] = None) -> str:
return filename
def readTempFile(filename: str) -> typing.Optional[str]:
def readTempFile(filename):
if 'win32' in sys.platform:
filename = filename.encode('utf-8')
filename = os.path.join(tempfile.gettempdir(), filename)
try:
with open(filename, 'r') as f:
@@ -103,7 +100,7 @@ def readTempFile(filename: str) -> typing.Optional[str]:
return None
def testServer(host: str, port: typing.Union[str, int], timeOut: int = 4) -> bool:
def testServer(host, port, timeOut=4):
try:
sock = socket.create_connection((host, int(port)), timeOut)
sock.close()
@@ -112,9 +109,11 @@ def testServer(host: str, port: typing.Union[str, int], timeOut: int = 4) -> boo
return True
def findApp(appName: str, extraPath: typing.Optional[str] = None) -> typing.Optional[str]:
def findApp(appName, extraPath=None):
if 'win32' in sys.platform and isinstance(appName, six.text_type):
appName = appName.encode(sys_fs_enc)
searchPath = os.environ['PATH'].split(os.pathsep)
if extraPath:
if extraPath is not None:
searchPath += list(extraPath)
for path in searchPath:
@@ -124,97 +123,68 @@ def findApp(appName: str, extraPath: typing.Optional[str] = None) -> typing.Opti
return None
def getHostName() -> str:
def getHostName():
'''
Returns current host name
In fact, it's a wrapper for socket.gethostname()
'''
hostname = socket.gethostname()
if 'win32' in sys.platform:
hostname = hostname.decode(sys_fs_enc)
hostname = six.text_type(hostname)
logger.info('Hostname: %s', hostname)
return hostname
# Queing operations (to be executed before exit)
def addFileToUnlink(filename: str, early: bool = False) -> None:
def addFileToUnlink(filename):
'''
Adds a file to the wait-and-unlink list
'''
logger.debug('Added file %s to unlink on %s stage', filename, 'early' if early else 'later')
_unlinkFiles.append((filename, early))
_unlinkFiles.append(filename)
def unlinkFiles(early: bool = False) -> None:
def unlinkFiles():
'''
Removes all wait-and-unlink files
'''
logger.debug('Unlinking files on %s stage', 'early' if early else 'later')
filesToUnlink = list(filter(lambda x: x[1] == early, _unlinkFiles))
if filesToUnlink:
logger.debug('Files to unlink: %s', filesToUnlink)
# Wait 2 seconds before deleting anything on early and 5 on later stages
time.sleep(1 + 2 * (1 + int(early)))
if _unlinkFiles:
time.sleep(5) # Wait 5 seconds before deleting anything
for f in filesToUnlink:
for f in _unlinkFiles:
try:
os.unlink(f[0])
except Exception as e:
logger.debug('File %s not deleted: %s', f[0], e)
os.unlink(f)
except Exception:
pass
def addTaskToWait(task: typing.Any, includeSubprocess: bool = False) -> None:
logger.debug(
'Added task %s to wait %s',
task,
'with subprocesses' if includeSubprocess else '',
)
_tasksToWait.append((task, includeSubprocess))
def addTaskToWait(taks):
_tasksToWait.append(taks)
def waitForTasks() -> None:
logger.debug('Started to wait %s', _tasksToWait)
for task, waitForSubp in _tasksToWait:
logger.debug('Waiting for task %s, subprocess wait: %s', task, waitForSubp)
def waitForTasks():
for t in _tasksToWait:
try:
if hasattr(task, 'join'):
task.join()
elif hasattr(task, 'wait'):
task.wait()
# If wait for spanwed process (look for process with task pid) and we can look for them...
logger.debug(
'Psutil: %s, waitForSubp: %s, hasattr: %s',
psutil,
waitForSubp,
hasattr(task, 'pid'),
)
if psutil and waitForSubp and hasattr(task, 'pid'):
subProcesses = list(
filter(
lambda x: x.ppid() == task.pid, # type: ignore
psutil.process_iter(attrs=('ppid',)),
)
)
logger.debug('Waiting for subprocesses... %s, %s', task.pid, subProcesses)
for i in subProcesses:
logger.debug('Found %s', i)
i.wait()
except Exception as e:
logger.error('Waiting for tasks to finish error: %s', e)
if hasattr(t, 'join'):
t.join()
elif hasattr(t, 'wait'):
t.wait()
except Exception:
pass
def addExecBeforeExit(fnc: typing.Callable[[], None]) -> None:
logger.debug('Added exec before exit: %s', fnc)
def addExecBeforeExit(fnc):
_execBeforeExit.append(fnc)
def execBeforeExit() -> None:
logger.debug('Esecuting exec before exit: %s', _execBeforeExit)
def execBeforeExit():
for fnc in _execBeforeExit:
fnc()
fnc.__call__()
def verifySignature(script: bytes, signature: bytes) -> bool:
def verifySignature(script, signature):
'''
Verifies with a public key from whom the data came that it was indeed
signed by their private key
@@ -222,47 +192,14 @@ def verifySignature(script: bytes, signature: bytes) -> bool:
param: signature String signature to be verified
return: Boolean. True if the signature is valid; False otherwise.
'''
public_key = serialization.load_pem_public_key(data=PUBLIC_KEY, backend=default_backend())
# For signature checking
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA256
try:
public_key.verify( # type: ignore
base64.b64decode(signature), script, padding.PKCS1v15(), hashes.SHA256() # type: ignore
)
except Exception: # InvalidSignature
return False
# If no exception, the script was fine...
return True
def getCaCertsFile() -> typing.Optional[str]:
# First, try certifi...
# If environment contains CERTIFICATE_BUNDLE_PATH, use it
if 'CERTIFICATE_BUNDLE_PATH' in os.environ:
return os.environ['CERTIFICATE_BUNDLE_PATH']
try:
if os.path.exists(certifi.where()):
return certifi.where()
except Exception:
pass
logger.info('Certifi file does not exists: %s', certifi.where())
# Check if "standard" paths are valid for linux systems
if 'linux' in sys.platform:
for path in (
'/etc/pki/tls/certs/ca-bundle.crt',
'/etc/ssl/certs/ca-certificates.crt',
'/etc/ssl/ca-bundle.pem',
):
if os.path.exists(path):
logger.info('Found certifi path: %s', path)
return path
return None
def isMac() -> bool:
return 'darwin' in sys.platform
rsakey = RSA.importKey(PUBLIC_KEY)
signer = PKCS1_v1_5.new(rsakey)
digest = SHA256.new(script) # Script is "binary string" here
if signer.verify(digest, b64decode(signature)):
return True
return False

268
client-py3/full/src/uds/tunnel.py
View File

@@ -1,268 +0,0 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2022 Virtual Cable S.L.U.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import socket
import socketserver
import ssl
import threading
import threading
import select
import typing
import logging
from . import tools
HANDSHAKE_V1 = b'\x5AMGB\xA5\x01\x00'
BUFFER_SIZE = 1024 * 16 # Max buffer length
LISTEN_ADDRESS = '127.0.0.1'
# ForwarServer states
TUNNEL_LISTENING, TUNNEL_OPENING, TUNNEL_PROCESSING, TUNNEL_ERROR = 0, 1, 2, 3
logger = logging.getLogger(__name__)
PayLoadType = typing.Optional[typing.Tuple[typing.Optional[bytes], typing.Optional[bytes]]]
class ForwardServer(socketserver.ThreadingTCPServer):
daemon_threads = True
allow_reuse_address = True
remote: typing.Tuple[str, int]
ticket: str
stop_flag: threading.Event
can_stop: bool
timer: typing.Optional[threading.Timer]
check_certificate: bool
keep_listening: bool
current_connections: int
status: int
def __init__(
self,
remote: typing.Tuple[str, int],
ticket: str,
timeout: int = 0,
local_port: int = 0,
check_certificate: bool = True,
keep_listening: bool = False,
) -> None:
# Negative values for timeout, means "accept always connections"
# "but if no connection is stablished on timeout (positive)"
# "stop the listener"
# Note that this is for backwards compatibility, better use "keep_listening"
if timeout < 0:
keep_listening = True
timeout = abs(timeout)
super().__init__(server_address=(LISTEN_ADDRESS, local_port), RequestHandlerClass=Handler)
self.remote = remote
self.ticket = ticket
self.check_certificate = check_certificate
self.keep_listening = keep_listening
self.stop_flag = threading.Event() # False initial
self.current_connections = 0
self.status = TUNNEL_LISTENING
self.can_stop = False
timeout = timeout or 60
self.timer = threading.Timer(abs(timeout), ForwardServer.__checkStarted, args=(self,))
self.timer.start()
def stop(self) -> None:
if not self.stop_flag.is_set():
logger.debug('Stopping servers')
self.stop_flag.set()
if self.timer:
self.timer.cancel()
self.timer = None
self.shutdown()
def connect(self) -> ssl.SSLSocket:
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as rsocket:
logger.info('CONNECT to %s', self.remote)
rsocket.connect(self.remote)
rsocket.sendall(HANDSHAKE_V1) # No response expected, just the handshake
context = ssl.create_default_context()
# Do not "recompress" data, use only "base protocol" compression
context.options |= ssl.OP_NO_COMPRESSION
# Macs with default installed python, does not support mininum tls version set to TLSv1.3
# USe "brew" version instead, or uncomment next line and comment the next one
# context.minimum_version = ssl.TLSVersion.TLSv1_2 if tools.isMac() else ssl.TLSVersion.TLSv1_3
context.minimum_version = ssl.TLSVersion.TLSv1_3
if tools.getCaCertsFile() is not None:
context.load_verify_locations(tools.getCaCertsFile()) # Load certifi certificates
# If ignore remote certificate
if self.check_certificate is False:
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
logger.warning('Certificate checking is disabled!')
return context.wrap_socket(rsocket, server_hostname=self.remote[0])
def check(self) -> bool:
if self.status == TUNNEL_ERROR:
return False
logger.debug('Checking tunnel availability')
try:
with self.connect() as ssl_socket:
ssl_socket.sendall(b'TEST')
resp = ssl_socket.recv(2)
if resp != b'OK':
raise Exception({'Invalid tunnelresponse: {resp}'})
logger.debug('Tunnel is available!')
return True
except Exception as e:
logger.error('Error connecting to tunnel server %s: %s', self.server_address, e)
return False
@property
def stoppable(self) -> bool:
logger.debug('Is stoppable: %s', self.can_stop)
return self.can_stop
@staticmethod
def __checkStarted(fs: 'ForwardServer') -> None:
# As soon as the timer is fired, the server can be stopped
# This means that:
# * If not connections are stablished, the server will be stopped
# * If no "keep_listening" is set, the server will not allow any new connections
logger.debug('New connection limit reached')
fs.timer = None
fs.can_stop = True
if fs.current_connections <= 0:
fs.stop()
class Handler(socketserver.BaseRequestHandler):
# Override Base type
server: ForwardServer
# server: ForwardServer
def handle(self) -> None:
self.server.status = TUNNEL_OPENING
# If server processing is over time, and don't allow more connections
if self.server.stoppable and not self.server.keep_listening:
self.server.status = TUNNEL_ERROR
logger.info('Rejected timedout connection')
self.request.close() # End connection without processing it
return
self.server.current_connections += 1
# Open remote connection
try:
logger.debug('Ticket %s', self.server.ticket)
with self.server.connect() as ssl_socket:
# Send handhshake + command + ticket
ssl_socket.sendall(b'OPEN' + self.server.ticket.encode())
# Check response is OK
data = ssl_socket.recv(2)
if data != b'OK':
data += ssl_socket.recv(128)
raise Exception(f'Error received: {data.decode(errors="ignore")}') # Notify error
# All is fine, now we can tunnel data
self.process(remote=ssl_socket)
except Exception as e:
logger.error(f'Error connecting to {self.server.remote!s}: {e!s}')
self.server.status = TUNNEL_ERROR
self.server.stop()
finally:
self.server.current_connections -= 1
if self.server.current_connections <= 0 and self.server.stoppable:
self.server.stop()
# Processes data forwarding
def process(self, remote: ssl.SSLSocket):
self.server.status = TUNNEL_PROCESSING
logger.debug('Processing tunnel with ticket %s', self.server.ticket)
# Process data until stop requested or connection closed
try:
while not self.server.stop_flag.is_set():
r, _w, _x = select.select([self.request, remote], [], [], 1.0)
if self.request in r:
data = self.request.recv(BUFFER_SIZE)
if not data:
break
remote.sendall(data)
if remote in r:
data = remote.recv(BUFFER_SIZE)
if not data:
break
self.request.sendall(data)
logger.debug('Finished tunnel with ticket %s', self.server.ticket)
except Exception as e:
pass
def _run(server: ForwardServer) -> None:
logger.debug(
'Starting forwarder: %s -> %s',
server.server_address,
server.remote,
)
server.serve_forever()
logger.debug('Stoped forwarder %s -> %s', server.server_address, server.remote)
def forward(
remote: typing.Tuple[str, int],
ticket: str,
timeout: int = 0,
local_port: int = 0,
check_certificate=True,
keep_listening=True,
) -> ForwardServer:
fs = ForwardServer(
remote=remote,
ticket=ticket,
timeout=timeout,
local_port=local_port,
check_certificate=check_certificate,
keep_listening=keep_listening,
)
# Starts a new thread
threading.Thread(target=_run, args=(fs,)).start()
return fs

4
client/full/.gitignore vendored Normal file
View File

@@ -0,0 +1,4 @@
/bin
/udsclient_*
/udsclient-*.tar.gz
/*.rpm

17
client/full/.project Normal file
View File

@@ -0,0 +1,17 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>UDSclient</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.python.pydev.PyDevBuilder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.python.pydev.pythonNature</nature>
</natures>
</projectDescription>

14
client/full/.pydevproject Normal file
View File

@@ -0,0 +1,14 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?eclipse-pydev version="1.0"?><pydev_project>
<pydev_pathproperty name="org.python.pydev.PROJECT_SOURCE_PATH">
<path>/${PROJECT_DIR_NAME}/src</path>
</pydev_pathproperty>
<pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.7</pydev_property>
<pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">system-2.7</pydev_property>
</pydev_project>

4
client/full/linux/.gitignore vendored Normal file
View File

@@ -0,0 +1,4 @@
/udsclient-opensuse-[0-9]*.spec
/udsclient-[0-9]*.spec
/debian/udsclient
/targz

51
client/full/linux/Makefile Normal file
View File

@@ -0,0 +1,51 @@
#!/usr/bin/make -f
# -*- makefile -*-
# Version
# VERSION := 1.7.5
# Directories
SOURCEDIR := ../src
LIBDIR := $(DESTDIR)/usr/lib/UDSClient
BINDIR := $(DESTDIR)/usr/bin
SBINDIR = $(DESTDIR)/usr/sbin
APPSDIR := $(DESTDIR)/usr/share/applications
PYC := $(shell find $(SOURCEDIR) -name '*.py[co]')
CACHES := $(shell find $(SOURCEDIR) -name '__pycache__')
clean:
rm -rf $(PYC) $(CACHES) $(DESTDIR)
install:
rm -rf $(DESTDIR)
mkdir -p $(LIBDIR)
#mkdir -p $(BINDIR)
#mkdir -p $(SBINDIR)
mkdir -p $(APPSDIR)
mkdir $(LIBDIR)/uds
# Cleans up .pyc and cache folders
rm -f $(PYC) $(CACHES)
cp $(SOURCEDIR)/uds/*.py $(LIBDIR)/uds
cp $(SOURCEDIR)/UDS*.py $(LIBDIR)
# URL Catchers elements for gnome/kde
cp desktop/UDSClient.desktop $(APPSDIR)
chmod 755 $(LIBDIR)/UDSClient.py
ifeq ($(DISTRO),targz)
cp installer.sh $(DESTDIR)/install.sh
tar czvf ../udsclient-$(VERSION).tar.gz -C $(DESTDIR) .
endif
# chmod 0755 $(BINDIR)/udsclient
uninstall:
rm -rf $(LIBDIR)
# rm -f $(BINDIR)/udsclient
# rm -rf $(CFGDIR)

36
client/full/linux/build-packages.sh Executable file
View File

@@ -0,0 +1,36 @@
#!/bin/bash
VERSION=`cat ../../../VERSION`
RELEASE=1
# Debian based
dpkg-buildpackage -b
# Now rpm based
top=`pwd`
cat udsclient-template.spec |
sed -e s/"version 0.0.0"/"version ${VERSION}"/g |
sed -e s/"release 1"/"release ${RELEASE}"/g > udsclient-$VERSION.spec
# Now fix dependencies for opensuse
cat udsclient-template.spec |
sed -e s/"version 0.0.0"/"version ${VERSION}"/g |
sed -e s/"name udsclient"/"name udsclient-opensuse"/g |
sed -e s/"PyQt4"/"python-qt4"/g |
sed -e s/"libXScrnSaver"/"libXss1"/g > udsclient-opensuse-$VERSION.spec
# Right now, udsactor-xrdp-.spec is not needed
for pkg in udsclient-$VERSION.spec udsclient-opensuse-$VERSION.spec; do
rm -rf rpm
for folder in SOURCES BUILD RPMS SPECS SRPMS; do
mkdir -p rpm/$folder
done
rpmbuild -v -bb --clean --buildroot=$top/rpm/BUILD/$pkg-root --target noarch $pkg 2>&1
done
#rm udsclient-$VERSION
make DESTDIR=targz DISTRO=targz VERSION=${VERSION} install

3
client/full/linux/debian/.gitignore vendored Normal file
View File

@@ -0,0 +1,3 @@
/udsactor/
/udsactor-xrdp/
/udsactor-nx/

47
client/full/linux/debian/changelog Normal file
View File

@@ -0,0 +1,47 @@
udsclient (3.0.0) stable; urgency=medium
* Upgraded to 3.0.0 release
-- Adolfo Gómez García <agomez@virtualcable.es> Wed, 10 Jul 2019 9:24:10 +0200
udsclient (2.2.1) stable; urgency=medium
* Upgraded to 2.2.1 release
-- Adolfo Gómez García <agomez@virtualcable.es> Thu, 2 Oct 2018 12:44:12 +0200
udsclient (2.2.0) stable; urgency=medium
* Updated release
-- Adolfo Gómez García <agomez@virtualcable.es> Thu, 27 Aug 2017 14:18:18 +0200
udsclient (2.1.0) stable; urgency=medium
* Updated release
-- Adolfo Gómez García <agomez@virtualcable.es> Sun, 23 Oct 2016 21:12:23 +0200
udsclient (2.0.0) stable; urgency=medium
* Release upgrade
-- Adolfo Gómez García <agomez@virtualcable.es> Tue, 01 Mar 2016 09:33:18 +0100
udsclient (1.9.1) stable; urgency=medium
* Minor fixes & making version match UDS version
-- Adolfo Gómez García <agomez@virtualcable.es> Tue, 01 Mar 2016 03:02:37 +0100
udsclient (1.9.0) stable; urgency=medium
* Minor fixes & making version match UDS version
-- Adolfo Gómez García <agomez@virtualcable.es> Tue, 05 May 2015 07:03:47 +0200
udsclient (1.7.5) stable; urgency=medium
* Initial release.
-- Adolfo Gómez García <agomez@virtualcable.es> Fri, 10 Apr 2015 05:32:41 +0100

1
client/full/linux/debian/compat Normal file
View File

@@ -0,0 +1 @@
9

15
client/full/linux/debian/control Normal file
View File

@@ -0,0 +1,15 @@
Source: udsclient
Section: admin
Priority: optional
Maintainer: Adolfo Gómez García <agomez@virtualcable.es>
Build-Depends: debhelper (>= 7), po-debconf
Standards-Version: 3.9.2
Homepage: http://www.virtualcable.es
Package: udsclient
Section: admin
Priority: optional
Architecture: all
Depends: python-paramiko (>=0.8.2), python-crypto, python-qt4 (>=4.9), python-six(>=1.1), python (>=2.7), freerdp2-x11 | freerdp-x11, desktop-file-utils, ${misc:Depends}
Description: Client connector for Universal Desktop Services (UDS) Broker
This package provides the required components to allow this machine to connect to services provided by UDS Broker.

26
client/full/linux/debian/copyright Normal file
View File

@@ -0,0 +1,26 @@
Format-Specification: http://svn.debian.org/wsvn/dep/web/deps/dep5.mdwn?op=file&rev=135
Name: udsclient
Maintainer: Adolfo Gómez García
Source: http://www.udsenterprise.com/
Copyright: 2014 Virtual Cable S.L.U.
License: BSD-3-clause
License: GPL-2+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
.
On Debian systems, the full text of the GNU General Public
License version 2 can be found in the file
`/usr/share/common-licenses/GPL-2'.

1
client/full/linux/debian/docs Normal file
View File

@@ -0,0 +1 @@
readme.txt

2
client/full/linux/debian/files Normal file
View File

@@ -0,0 +1,2 @@
udsclient_3.0.0_all.deb admin optional
udsclient_3.0.0_amd64.buildinfo admin optional

44
client/full/linux/debian/rules Executable file
View File

@@ -0,0 +1,44 @@
#!/usr/bin/make -f
# -*- makefile -*-
configure: configure-stamp
configure-stamp:
dh_testdir
touch configure-stamp
build: build-arch build-indep
build-arch: build-stamp
build-indep: build-stamp
build-stamp: configure-stamp
dh_testdir
$(MAKE)
touch $@
clean:
dh_testdir
dh_testroot
rm -f build-stamp configure-stamp
dh_clean
install: build
dh_testdir
dh_testroot
dh_prep
dh_installdirs
$(MAKE) DESTDIR=$(CURDIR)/debian/udsclient install
binary-arch: build install
# emptyness
binary-indep: build install
dh_testdir
dh_testroot
dh_installchangelogs
dh_installdocs
dh_installdebconf
dh_installinit --no-start
dh_python2=python
dh_compress
dh_link
dh_fixperms
dh_installdeb
dh_shlibdeps
dh_gencontrol
dh_md5sums
dh_builddeb
binary: binary-indep
.PHONY: build clean binary-indep binary install configure

17
client/full/linux/debian/udsclient.log Normal file
View File

@@ -0,0 +1,17 @@
dh_prep
dh_installdirs
dh_installchangelogs
dh_installdocs
dh_installdebconf
dh_installinit
dh_compress
dh_link
dh_fixperms
dh_installdeb
dh_shlibdeps
dh_gencontrol
dh_md5sums
dh_builddeb
dh_builddeb
dh_builddeb
dh_builddeb

21
client/full/linux/debian/udsclient.postinst Executable file
View File

@@ -0,0 +1,21 @@
#!/bin/sh
. /usr/share/debconf/confmodule
set -e
case "$1" in
configure)
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
#DEBHELPER#
exit 0

6
client/full/linux/debian/udsclient.postrm Executable file
View File

@@ -0,0 +1,6 @@
#!/bin/sh -e
. /usr/share/debconf/confmodule
set -e

Some files were not shown because too many files have changed in this diff Show More