From d1fe71111be678f6f50a8c2f47550b1b762111f8 Mon Sep 17 00:00:00 2001 From: Jonathan Warren Date: Fri, 22 Mar 2013 13:23:44 -0400 Subject: [PATCH 1/3] removed unnecessairly complex RPC code which causes an error to appear for windows users if they rename the EXE --- bitmessagemain.py | 105 ++++++---------------------------------------- 1 file changed, 12 insertions(+), 93 deletions(-) diff --git a/bitmessagemain.py b/bitmessagemain.py index 4ed6431f..65fa54d4 100755 --- a/bitmessagemain.py +++ b/bitmessagemain.py @@ -58,9 +58,7 @@ import highlevelcrypto from pyelliptic.openssl import OpenSSL import ctypes from pyelliptic import arithmetic -#The next 5 are used for the API -import uuid -import Cookie +#The next 3 are used for the API from SimpleXMLRPCServer import * import json from subprocess import call #used when the API must execute an outside program @@ -80,7 +78,7 @@ class outgoingSynSender(QThread): time.sleep(1) resetTime = int(time.time()) #used below to clear out the alreadyAttemptedConnectionsList periodically so that we will retry connecting to hosts to which we have already tried to connect. while True: - #time.sleep(999999)#I sometimes use this to prevent connections for testing. + time.sleep(999999)#I sometimes use this to prevent connections for testing. if len(self.selfInitiatedConnectionList) < 8: #maximum number of outgoing connections = 8 random.seed() HOST, = random.sample(knownNodes[self.streamNumber], 1) @@ -3152,74 +3150,9 @@ class addressGenerator(QThread): return mb.raw #This is one of several classes that constitute the API -#This class was written by Vaibhav Bhatia -#http://code.activestate.com/recipes/501148-xmlrpc-serverclient-which-does-cookie-handling-and/ -class APIUserManagement: - def __init__(self): - #self.d = shelve.open('machines.shv') - self.d = {} - - # register a list of valid machine names/email id's - validconfig = {config.get('bitmessagesettings', 'apiusername'):config.get('bitmessagesettings', 'apipassword')} - for k,v in validconfig.items(): - self.generateUuid(k,v) - - def generateUuid(self, email_id, machine_name): - """ return a uuid which uniquely identifies machinename and email id """ - uuidstr = None - - if machine_name not in self.d: - myNamespace = uuid.uuid3(uuid.NAMESPACE_URL, machine_name) - uuidstr = str(uuid.uuid3(myNamespace, email_id)) - - self.d[machine_name] = (machine_name, uuidstr, email_id) - self.d[uuidstr] = (machine_name, uuidstr ,email_id) - else: - (machine_name, uuidstr, email_id) = self.d[machine_name] - - return uuidstr - - def checkMe(self, id): - if id in self.d: - return self.d[id] - return (None,None,None) - - #def __del__(self): - # self.d.close() - -#This is used only for the API -def APIAuthenticate(id): - sk = APIUserManagement() - return sk.checkMe(id) - -#This is one of several classes that constitute the API -#This class was written by Vaibhav Bhatia +#This class was written by Vaibhav Bhatia. Modified by Jonathan Warren (Atheros). #http://code.activestate.com/recipes/501148-xmlrpc-serverclient-which-does-cookie-handling-and/ class MySimpleXMLRPCRequestHandler(SimpleXMLRPCRequestHandler): - def setCookie(self, key=None ,value=None): - if key : - c1 = Cookie.SimpleCookie() - c1[key] = value - cinfo = self.getDefaultCinfo() - for attr,val in cinfo.items(): - c1[key][attr] = val - - if c1 not in self.cookies: - self.cookies.append(c1) - - def getDefaultCinfo(self): - cinfo = {} - - cinfo['expires'] = 30*24*60*60 - cinfo['path'] = '/RPC2/' - cinfo['comment'] = 'comment!' - cinfo['domain'] = '.localhost.local' - cinfo['max-age'] = 30*24*60*60 - cinfo['secure'] = '' - cinfo['version']= 1 - - return cinfo - def do_POST(self): #Handles the HTTP POST request. #Attempts to interpret all HTTP POST requests as XML-RPC calls, @@ -3280,34 +3213,20 @@ class MySimpleXMLRPCRequestHandler(SimpleXMLRPCRequestHandler): def APIAuthenticateClient(self): - validuser = False - if self.headers.has_key('Authorization'): # handle Basic authentication (enctype, encstr) = self.headers.get('Authorization').split() - (emailid, machine_name) = encstr.decode('base64').split(':') - (auth_machine, auth_uuidstr, auth_email) = APIAuthenticate(machine_name) - - if emailid == auth_email: - print "Authenticated" - # set authentication cookies on client machines - validuser = True - if auth_uuidstr: - self.setCookie('UUID',auth_uuidstr) - - elif self.headers.has_key('UUID'): - # handle cookie based authentication - id = self.headers.get('UUID') - (auth_machine, auth_uuidstr, auth_email) = APIAuthenticate(id) - - if auth_uuidstr : - print "Authenticated" - validuser = True + (emailid, password) = encstr.decode('base64').split(':') + if emailid == config.get('bitmessagesettings', 'apiusername') and password == config.get('bitmessagesettings', 'apipassword'): + return True + else: + return False else: - print 'Authentication failed' + print 'Authentication failed because header lacks Authentication field' time.sleep(2) + return False - return validuser + return False def _dispatch(self, method, params): self.cookies = [] @@ -3315,7 +3234,7 @@ class MySimpleXMLRPCRequestHandler(SimpleXMLRPCRequestHandler): validuser = self.APIAuthenticateClient() if not validuser: time.sleep(2) - return "RPC Username or password incorrect." + return "RPC Username or password incorrect or HTTP header lacks authentication at all." # handle request if method == 'helloWorld': (a,b) = params -- 2.45.1 From 4924ed56b17a354b8810b39e2f974dc9bcee2933 Mon Sep 17 00:00:00 2001 From: Jonathan Warren Date: Fri, 22 Mar 2013 13:26:07 -0400 Subject: [PATCH 2/3] removed unnecessairly complex RPC code which causes an error to appear for windows users if they rename the EXE --- bitmessagemain.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bitmessagemain.py b/bitmessagemain.py index 65fa54d4..8c552a08 100755 --- a/bitmessagemain.py +++ b/bitmessagemain.py @@ -48,7 +48,7 @@ import pickle import random import sqlite3 import threading #used for the locks, not for the threads -import cStringIO +#import cStringIO from time import strftime, localtime import os import shutil #used for moving the messages.dat file -- 2.45.1 From 3e6c8a045370adfef2ebd87cc2b546424e81eb73 Mon Sep 17 00:00:00 2001 From: Jonathan Warren Date: Fri, 22 Mar 2013 13:29:06 -0400 Subject: [PATCH 3/3] comment out line used for testing --- bitmessagemain.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/bitmessagemain.py b/bitmessagemain.py index 8c552a08..9c7ac39b 100755 --- a/bitmessagemain.py +++ b/bitmessagemain.py @@ -48,7 +48,6 @@ import pickle import random import sqlite3 import threading #used for the locks, not for the threads -#import cStringIO from time import strftime, localtime import os import shutil #used for moving the messages.dat file @@ -78,7 +77,7 @@ class outgoingSynSender(QThread): time.sleep(1) resetTime = int(time.time()) #used below to clear out the alreadyAttemptedConnectionsList periodically so that we will retry connecting to hosts to which we have already tried to connect. while True: - time.sleep(999999)#I sometimes use this to prevent connections for testing. + #time.sleep(999999)#I sometimes use this to prevent connections for testing. if len(self.selfInitiatedConnectionList) < 8: #maximum number of outgoing connections = 8 random.seed() HOST, = random.sample(knownNodes[self.streamNumber], 1) -- 2.45.1