From: Sven Velt Date: Tue, 9 Feb 2010 14:03:05 +0000 (+0100) Subject: conf2http can now use SSL! X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=3ce04dca4f92dc1486d31fdd4676a5cb4e05a810;p=nagixsc.git conf2http can now use SSL! Have a look at the conf2http.cfg! It *needs* two more options, "ssl" and "sslcert". To be sure use a *FULL* pathname to key/cert file. Create a key and self-signed certificate with: % openssl req -x509 -nodes -days 365 -newkey rsa:1024 \ -keyout server.pem -out server.pem --- diff --git a/init.d/nagixsc_conf2http b/init.d/nagixsc_conf2http new file mode 100755 index 0000000..0a05158 --- /dev/null +++ b/init.d/nagixsc_conf2http @@ -0,0 +1,104 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: nagixsc_conf2http +# Required-Start: $local_fs $remote_fs +# Required-Stop: $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: S 0 1 6 +# Short-Description: Nag(IX)SC HTTP Pull +# Description: Nag(IX)SC HTTP Pull +### END INIT INFO + +# Author: Sven Velt + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/usr/sbin:/usr/bin:/sbin:/bin +DESC="Nag(IX)SC Conf2HTTP" +NAME=nagixsc_conf2http +DAEMONPATH=/etc/nagios/nagixsc +DAEMON=$DAEMONPATH/$NAME.py +DAEMON_ARGS="-c $DAEMONPATH/etc/conf2http.cfg" +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +# [ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +[ -f /etc/default/rcS ] && . /etc/default/rcS + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +is_running() +{ + [ -f "$PIDFILE" ] || return 1 + ps ax | grep "`cat $PIDFILE`" | grep $NAME | grep -qv grep + return $? +} + +do_start() +{ + is_running && return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --make-pidfile --background --exec $DAEMON -- $DAEMON_ARGS || return 2 +} + +do_stop() +{ + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + rm -f $PIDFILE + return "$RETVAL" +} + + + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + restart|force-reload) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 + exit 3 + ;; +esac + diff --git a/nagixsc.py b/nagixsc.py index be3613d..21d2b0c 100644 --- a/nagixsc.py +++ b/nagixsc.py @@ -1,8 +1,11 @@ +import BaseHTTPServer import ConfigParser +import SocketServer import base64 import datetime import libxml2 import shlex +import socket import subprocess import sys @@ -297,3 +300,36 @@ def reset_future_timestamp(timestamp, now): else: return now +############################################################################## + +class MyHTTPServer(BaseHTTPServer.HTTPServer): + def __init__(self, server_address, HandlerClass, ssl=False, sslpemfile=None): + if ssl: + # FIXME: SSL is in Py2.6 + try: + from OpenSSL import SSL + except: + print 'No Python OpenSSL wrapper/bindings found!' + sys.exit(127) + + SocketServer.BaseServer.__init__(self, server_address, HandlerClass) + context = SSL.Context(SSL.SSLv23_METHOD) + context.use_privatekey_file (sslpemfile) + context.use_certificate_file(sslpemfile) + self.socket = SSL.Connection(context, socket.socket(self.address_family, self.socket_type)) + else: + SocketServer.BaseServer.__init__(self, server_address, HandlerClass) + self.socket = socket.socket(self.address_family, self.socket_type) + + self.server_bind() + self.server_activate() + + +class MyHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler): + def setup(self): + self.connection = self.request + self.rfile = socket._fileobject(self.request, "rb", self.rbufsize) + self.wfile = socket._fileobject(self.request, "wb", self.wbufsize) + +############################################################################## + diff --git a/nagixsc_conf2http.py b/nagixsc_conf2http.py index 640539f..d296bff 100755 --- a/nagixsc_conf2http.py +++ b/nagixsc_conf2http.py @@ -1,6 +1,5 @@ #!/usr/bin/python -import BaseHTTPServer import ConfigParser import base64 import optparse @@ -40,9 +39,10 @@ config = {} try: config['ip'] = cfgread.get('server', 'ip') config['port'] = cfgread.getint('server', 'port') + config['ssl'] = cfgread.getboolean('server', 'ssl') + config['cert'] = cfgread.get('server', 'sslcert') config['conf_dir'] = cfgread.get('server', 'conf_dir') - config['conf2xml_cmdline'] = cfgread.get('server', 'conf2xml_cmdline') except ConfigParser.NoOptionError, e: print 'Config file error: %s ' % e @@ -54,7 +54,7 @@ for u in cfgread.options('users'): ############################################################################## -class Conf2HTTPHandler(BaseHTTPServer.BaseHTTPRequestHandler): +class Conf2HTTPHandler(MyHTTPRequestHandler): def http_error(self, code, output): self.send_response(code) @@ -65,8 +65,6 @@ class Conf2HTTPHandler(BaseHTTPServer.BaseHTTPRequestHandler): def do_GET(self): - cmdline = config['conf2xml_cmdline'] - path = self.path.split('/') # Check Basic Auth @@ -126,8 +124,12 @@ class Conf2HTTPHandler(BaseHTTPServer.BaseHTTPRequestHandler): def main(): + if config['ssl'] and not os.path.isfile(config['cert']): + print 'SSL certificate "%s" not found!' % config['cert'] + sys.exit(127) + + server = MyHTTPServer((config['ip'], config['port']), Conf2HTTPHandler, ssl=config['ssl'], sslpemfile=config['cert']) try: - server = BaseHTTPServer.HTTPServer((config['ip'], config['port']), Conf2HTTPHandler) server.serve_forever() except: server.socket.close() diff --git a/sample-configs/conf2http.cfg b/sample-configs/conf2http.cfg index 41458cd..9dbb3ac 100644 --- a/sample-configs/conf2http.cfg +++ b/sample-configs/conf2http.cfg @@ -1,8 +1,9 @@ [server] ip: 0.0.0.0 port: 15666 +ssl: true +sslcert: server.pem -conf2xml_cmdline: ./nagixsc_conf2xml.py conf_dir: ./sample-configs/conf [users]