Class: ProcessWanker::NetServer

Inherits:
Object
  • Object
show all
Includes:
Log
Defined in:
lib/net/net_server.rb

Constant Summary collapse

@@instance = 
nil

Constants included from Log

Log::DEBUG, Log::ERROR, Log::INFO, Log::WARN

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Log

debug, error, info, log, set_level, warn

Constructor Details

#initialize(cfg) ⇒ NetServer

Returns a new instance of NetServer.



78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
# File 'lib/net/net_server.rb', line 78

def initialize(cfg)
	
	@@instance=self
	@mutex=Mutex.new
	@clients=[]
	
	daemon=cfg.daemon
	auth=daemon.get_auth
	@auth=auth

	# check that we're not using default certs and listening anything other than
	# localhost.
	if(@auth.is_default)
		if(daemon.listen_hostname != ConfigDaemon::DEFAULT_LISTEN_HOSTNAME)
			
			error "***"
			error "*** For security reasons, I will only listen on #{ConfigDaemon::DEFAULT_LISTEN_HOSTNAME} while using"
			error "*** the default built-in SSL certificates. You must generate real"
			error "*** certificates if you wish to control this daemon remotely."
			error "***"
			
			daemon.listen_hostname=ConfigDaemon::DEFAULT_LISTEN_HOSTNAME
			
		end
	end
	
	@ca_cert=auth.ca_cert
	@context=OpenSSL::SSL::SSLContext.new
	@context.cert=auth.my_cert
	@context.key=auth.my_key
	@context.verify_mode=OpenSSL::SSL::VERIFY_PEER
	@context.verify_callback=proc do |preverify_ok,ssl_context|
		verify_peer(preverify_ok,ssl_context)
	end

#			@tcp_server=TCPServer.new(daemon.listen_hostname,daemon.listen_port)
	@tcp_server=TCPFilteredServer.new(daemon.listen_hostname,daemon.listen_port,auth)
	@ssl_server=OpenSSL::SSL::SSLServer.new(@tcp_server,@context)
	
	@server_thread=Thread.new { server_proc }
	
end

Class Method Details

.instanceObject 



226
227
228
 
# File 'lib/net/net_server.rb', line 226

def self.instance
	@@instance
end

Instance Method Details

#client_closed(client) ⇒ Object 



195
196
197
198
199
 
# File 'lib/net/net_server.rb', line 195

def client_closed(client)
	@mutex.synchronize do
		@clients.delete(client)
	end
end

#post_forkObject 



207
208
209
210
211
212
213
214
215
216
217
218
 
# File 'lib/net/net_server.rb', line 207

def post_fork()
	c=nil
	@mutex.synchronize do
		c=@clients.clone
	end
	c.each do |client|
		client.close_rudely()
	end
	ProcessWanker::with_logged_rescue("post_fork - stop_server") do
		stop_server()
	end
end

#server_procObject 



168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
 
# File 'lib/net/net_server.rb', line 168

def server_proc
	
	while(true)
		begin
			ssl_connection=@ssl_server.accept
		rescue OpenSSL::SSL::SSLError => e
			next
		rescue Errno::EBADF
			break
		end
		
		@mutex.synchronize do
			nc=NetServerClient.new(ssl_connection,self)
			info("new connection from #{nc.user}")
			@clients << nc
		end
	end
	info("server stopped")
	
end

#stop_serverObject 



127
128
129
130
131
132
133
134
 
# File 'lib/net/net_server.rb', line 127

def stop_server()
	@ssl_server.close
	@server_thread.join
	c=@clients.clone
	c.each do |c|
		c.disconnect()
	end
end

#verify_peer(preverify_ok, ssl_context) ⇒ Object 



142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
 
# File 'lib/net/net_server.rb', line 142

def verify_peer(preverify_ok,ssl_context)
	if(!ssl_context.current_cert.verify(@ca_cert.public_key))
		info("client certificate rejected")
		return(false)
	end
	peer_name=ssl_context.current_cert.subject.to_a.select { |x| x[0]=="CN" }.map { |x| x[1] }[0]
	info("verified identity of #{peer_name}")

	if(@auth.accept_peers && !@auth.accept_peers[peer_name])
		info("failed to accept peer #{peer_name}")
		return(false)
	end
	if(@auth.reject_peers && @auth.reject_peers[peer_name])
		info("rejected peer #{peer_name}")
		return(false)
	end
	
	true
end