|
|
|
|
@ -123,23 +123,23 @@ class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
|
|
|
|
|
cert = self.__get_certificate()
|
|
|
|
|
if cert is None:
|
|
|
|
|
## failed to create a certificate?
|
|
|
|
|
self.cbox.log.warn("Failed to import M2Crypto python module" \
|
|
|
|
|
+ " required for SSL certificate generation")
|
|
|
|
|
self.cbox.log.warn("Failed to import M2Crypto python module"
|
|
|
|
|
" required for SSL certificate generation")
|
|
|
|
|
return
|
|
|
|
|
try:
|
|
|
|
|
self.cbox.prefs.create_misc_config_file(CERT_FILENAME, cert)
|
|
|
|
|
self.cbox.log.info("Created new SSL certificate: %s" % \
|
|
|
|
|
cert_abs_name)
|
|
|
|
|
self.cbox.log.info("Created new SSL certificate: %s"
|
|
|
|
|
% cert_abs_name)
|
|
|
|
|
## make it non-readable for other users
|
|
|
|
|
try:
|
|
|
|
|
os.chmod(cert_abs_name, 0600)
|
|
|
|
|
except OSError, err_msg:
|
|
|
|
|
self.cbox.log.warn("Failed to change permissions of secret " \
|
|
|
|
|
+ "certificate file (%s): %s" % \
|
|
|
|
|
(cert_abs_name, err_msg))
|
|
|
|
|
self.cbox.log.warn("Failed to change permissions of secret"
|
|
|
|
|
" certificate file (%s): %s"
|
|
|
|
|
% (cert_abs_name, err_msg))
|
|
|
|
|
except IOError, err_msg:
|
|
|
|
|
## do not run stunnel without a certificate
|
|
|
|
|
self.cbox.log.warn("Failed to create new SSL certificate (%s): %s" \
|
|
|
|
|
self.cbox.log.warn("Failed to create new SSL certificate (%s): %s"
|
|
|
|
|
% (cert_abs_name, err_msg))
|
|
|
|
|
return
|
|
|
|
|
self.__run_stunnel(cert_abs_name)
|
|
|
|
|
@ -151,8 +151,8 @@ class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
|
|
|
|
|
"""try to kill a running stunnel daemon
|
|
|
|
|
"""
|
|
|
|
|
if not os.path.isfile(PID_FILE):
|
|
|
|
|
self.cbox.log.warn("Could not find the pid file of a running stunnel " \
|
|
|
|
|
+ "daemon: %s" % PID_FILE)
|
|
|
|
|
self.cbox.log.warn("Could not find the pid file of a running stunnel"
|
|
|
|
|
" daemon: %s" % PID_FILE)
|
|
|
|
|
return
|
|
|
|
|
try:
|
|
|
|
|
pfile = open(PID_FILE, "r")
|
|
|
|
|
@ -177,20 +177,20 @@ class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
|
|
|
|
|
try:
|
|
|
|
|
os.remove(PID_FILE)
|
|
|
|
|
except OSError, err_msg:
|
|
|
|
|
self.cbox.log.warn("Failed to remove the pid file (%s) of stunnel: %s" \
|
|
|
|
|
self.cbox.log.warn("Failed to remove the pid file (%s) of stunnel: %s"
|
|
|
|
|
% (PID_FILE, err_msg))
|
|
|
|
|
except OSError, err_msg:
|
|
|
|
|
self.cbox.log.warn("Failed to kill stunnel process (PID: %d): %s" % \
|
|
|
|
|
(pid, err_msg))
|
|
|
|
|
self.cbox.log.warn("Failed to kill stunnel process (PID: %d): %s"
|
|
|
|
|
% (pid, err_msg))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def __run_stunnel(self, cert_name, dest_port=443):
|
|
|
|
|
## retrieve currently requested port (not necessarily the port served
|
|
|
|
|
## by cherrypy - e.g. in a proxy setup)
|
|
|
|
|
request_port = cherrypy.config.get("server.socket_port", 80)
|
|
|
|
|
self.cbox.log.debug("[encrypted_webinterface] starting " \
|
|
|
|
|
+ "%s on port %s for %s" % \
|
|
|
|
|
(self.root_action.STUNNEL_BIN, dest_port, request_port))
|
|
|
|
|
self.cbox.log.debug("[encrypted_webinterface] starting"
|
|
|
|
|
" %s on port %s for %s"
|
|
|
|
|
% (self.root_action.STUNNEL_BIN, dest_port, request_port))
|
|
|
|
|
proc = subprocess.Popen(
|
|
|
|
|
shell = False,
|
|
|
|
|
stdout = subprocess.PIPE,
|
|
|
|
|
|
htgoebel
12 years ago