The Cloudeebus server must be run either with credentials and a whitelist to
restrict access to DBus services, or in opendoor mode.
- usage: cloudeebus.py [-h] [-v] [-d] [-o] [-p PORT] [-c CREDENTIALS] [-w WHITELIST]
+ usage: cloudeebus.py [-h] [-v] [-d] [-o] [-p PORT] [-c CREDENTIALS] [-w WHITELIST] [-n NETMASK,IP ADDRESS]
Javascript DBus bridge.
path to credentials file
-w WHITELIST, --whitelist WHITELIST
path to whitelist file
+ -n NETMASK, --netmask NETMASK
+ netmask,IP filter (comma separated.) eg. :
+ -n 127.0.0.1,192.168.2.0/24,10.12.16.0/255.255.255.0
Examples
#
# Luc Yriarte <luc.yriarte@intel.com>
# Christophe Guiraud <christophe.guiraud@intel.com>
+# Frederic Paut <frederic.paut@intel.com>
#
###############################################################################
-VERSION = "0.3.0"
+VERSION = "0.3.1"
OPENDOOR = False
CREDENTIALS = {}
WHITELIST = []
+NETMASK = []
+
+###############################################################################
+def ipV4ToHex(mask):
+ ## Convert an ip or an IP mask (such as ip/24 or ip/255.255.255.0) in hex value (32bits)
+ maskHex = 0
+ byte = 0
+ if mask.rfind(".") == -1:
+ if (int(mask) < 32):
+ maskHex = (2**(int(mask))-1)
+ maskHex = maskHex << (32-int(mask))
+ else:
+ raise Exception("Illegal mask (larger than 32 bits) " + mask)
+ else:
+ maskField = mask.split(".")
+ # Check if mask has four fields (byte)
+ if len(maskField) != 4:
+ raise Exception("Illegal ip address / mask (should be 4 bytes) " + mask)
+ for maskQuartet in maskField:
+ byte = int(maskQuartet)
+ # Check if each field is really a byte
+ if byte > 255:
+ raise Exception("Illegal ip address / mask (digit larger than a byte) " + mask)
+ maskHex += byte
+ maskHex = maskHex << 8
+ maskHex = maskHex >> 8
+ return maskHex
###############################################################################
class DbusCache:
def onAuthenticated(self, key, permissions):
if not OPENDOOR:
+ # check net filter
+ if NETMASK != []:
+ ipAllowed = False
+ for netfilter in NETMASK:
+ ipHex=ipV4ToHex(self.peer.host)
+ ipAllowed = (ipHex & netfilter['mask']) == netfilter['ipAllowed'] & netfilter['mask']
+ if ipAllowed:
+ break
+ if not ipAllowed:
+ raise Exception("host " + self.peer.host + " is not allowed!")
# check authentication key
if key is None:
raise Exception("Authentication failed")
help='path to credentials file')
parser.add_argument('-w', '--whitelist',
help='path to whitelist file')
+ parser.add_argument('-n', '--netmask',
+ help='netmask,IP filter (comma separated.) eg. : -n 127.0.0.1,192.168.2.0/24,10.12.16.0/255.255.255.0')
args = parser.parse_args(sys.argv[1:])
jfile = open(args.whitelist)
WHITELIST = json.load(jfile)
jfile.close()
+
+ if args.netmask:
+ iplist = args.netmask.split(",")
+ for ip in iplist:
+ if ip.rfind("/") != -1:
+ ip=ip.split("/")
+ ipAllowed = ip[0]
+ mask = ip[1]
+ else:
+ ipAllowed = ip
+ mask = "255.255.255.255"
+ NETMASK.append( {'ipAllowed': ipV4ToHex(ipAllowed), 'mask' : ipV4ToHex(mask)} )
uri = "ws://localhost:" + args.port
from setuptools import setup
setup(name = "cloudeebus",
- version = "0.3.0",
+ version = "0.3.1",
description = "Javascript-DBus bridge",
author = "Luc Yriarte, Christophe Guiraud, Frederic PAUT",
author_email = "luc.yriarte@intel.com, christophe.guiraud@intel.com, frederic.paut@intel.com",
projects / contrib / cloudeebus.git / commitdiff