From 4a7f8953a87fa838b2006a0f8e1877cf8340d120 Mon Sep 17 00:00:00 2001 From: Jannik Schönartz Date: Wed, 13 Feb 2019 15:04:25 +0100 Subject: Thrift chang to default ssl context Instead of the filepath of the certs the default ssl context is used Instead of the three file paths you can give as 6th arguments true / false to enable / disable ssl --- bwlp.config | 10 +++++----- main.py | 19 +++++++++++-------- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/bwlp.config b/bwlp.config index af5a214..4dcf744 100644 --- a/bwlp.config +++ b/bwlp.config @@ -1,8 +1,7 @@ # ping name host # https name host # thrift name host port SAT/MASTER -# tftp name host port filename -# tftp name host port filename cafile certfile keyfile +# tftp name host port filename ssl(true/false) https Masterserver HTTPS Service https://bwlp-masterserver.ruf.uni-freiburg.de https Fail Test 5121236 https Fail Test https://www.amazony.de/ @@ -11,9 +10,10 @@ ping Fileserver Ping files.bwlp.ks.uni-freiburg.de ping Backup fileserver Ping bwlp-backup.ruf.uni-freiburg.de ping Ping Fail 0.0.0.1 thrift Thrift SAT 132.230.8.192 9090 SAT -thrift Thrift MASTER 132.230.4.16 9090 MASTER -# thrift Thrift Timeout 132.230.4.16 9092 MASTER -thrift Thrift SSL test 132.230.4.16 9091 MASTER ssl/CA.pem ssl/client.crt ssl/client.key +thrift Thrift MASTER 132.230.4.16 9090 MASTER false +# thrift Thrift Timeout 132.230.4.16 9092 MASTER false +thrift Thrift SAT SSL test 132.230.8.192 9091 SAT true +thrift Thrift MASTER SSL test 132.230.4.16 9091 MASTER true ping BAS Ping bas.intra.uni-freiburg.de ping yc 127.0.0.2 ping yx 127.0.0.3 diff --git a/main.py b/main.py index 4811db2..3008c39 100755 --- a/main.py +++ b/main.py @@ -3,6 +3,7 @@ import datetime import logging import os import shutil +import ssl import subprocess import tftpy import thriftpy @@ -117,20 +118,26 @@ def tftp(name, host, port, filename): logStatus(statusList[-1]) # Creates the thrift client and prwlp-pxe.ruf.uni-freiburg.de .ceeds the get Organisations call. Server can either be SAT or MASTER -def thrift(name, ip, port, server, cafile=None, certfile=None, keyfile=None): +def thrift(name, ip, port, server, SSL=False): host = ip + ':' + str(port) print('THRIFT request ' + host + ' ...', end='') bwlp_thrift = thriftpy.load('bwlp.thrift', module_name='bwlp_thrift') + + # SSL factory + ssl_factory = None + if SSL == 'true': + # ssl_factory = ssl.create_default_context() + ssl_factory = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) organisations = [] # Different clients for SAT / Master is needed. try: if server == 'SAT': - satserver = make_client(bwlp_thrift.SatelliteServer, host=ip, port=port, trans_factory=TFramedTransportFactory(), cafile=cafile, certfile=certfile, keyfile=keyfile) + satserver = make_client(bwlp_thrift.SatelliteServer, host=ip, port=port, trans_factory=TFramedTransportFactory(), ssl_context=ssl_factory) organisations = satserver.getAllOrganizations() elif server == 'MASTER': - masterserver = make_client(bwlp_thrift.MasterServer, host=ip, port=port, trans_factory=TFramedTransportFactory(), cafile=cafile, certfile=certfile, keyfile=keyfile) + masterserver = make_client(bwlp_thrift.MasterServer, host=ip, port=port, trans_factory=TFramedTransportFactory(), ssl_context=ssl_factory) organisations = masterserver.getOrganizations() organisationList = [] @@ -211,11 +218,7 @@ def check(entry): https(entry[1], entry[2]) elif entry[0] == 'thrift': if (len(entry) < 5): return - elif (len(entry) == 5): - thrift(entry[1], entry[2], int(entry[3]), entry[4]) - elif (len(entry) == 8): - # SSL attributes - thrift(entry[1], entry[2], int(entry[3]), entry[4], entry[5], entry[6], entry[7]) + thrift(entry[1], entry[2], int(entry[3]), entry[4], entry[5] if len(entry) == 6 else 'false') elif entry[0] == 'tftp': if (len(entry) < 5): return tftp(entry[1], entry[2], int(entry[3]), entry[4]) -- cgit v1.2.3-55-g7522