Don't use auth.json in me2me_virtual_host.

remoting/tools/me2me_virtual_host.py

 #!/usr/bin/env python
 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 # Virtual Me2Me implementation.  This script runs and manages the processes
 # required for a Virtual Me2Me desktop, which are: X server, X desktop
 # session, and Host process.
 # This script is intended to run continuously as a background daemon
 # process, running under an ordinary (non-root) user account.
@@ skipping 56 matching lines @@
 FIRST_X_DISPLAY_NUMBER = 20
 
 X_AUTH_FILE = os.path.expanduser("~/.Xauthority")
 os.environ["XAUTHORITY"] = X_AUTH_FILE
 
 
 # Globals needed by the atexit cleanup() handler.
 g_desktops = []
 g_pidfile = None
 
+class Config:
+  def __init__(self, path):
+    self.path = path
+    self.data = {}
+    self.changed = False
+
+  def load(self):
+    try:
+      settings_file = open(self.path, 'r')
+      self.data = json.load(settings_file)
+      self.changed = False
+      settings_file.close()
+    except:
+      return False
+    return True
+
+  def save(self):
+    if not self.changed:
+      return True
+    try:
+      old_umask = os.umask(0066)
+      settings_file = open(self.path, 'w')
+      settings_file.write(json.dumps(self.data, indent=2))
+      settings_file.close()
+      os.umask(old_umask)
+    except:
+      return False
+    self.changed = False
+    return True
+
+  def get(self, key):
+    return self.data.get(key)
+
+  def __getitem__(self, key):
+    return self.data[key]
+
+  def __setitem__(self, key, value):
+    self.data[key] = value
+    self.changed = True
+
+  def clear_auth(self):
+    del self.data["xmpp_login"]
+    del self.data["chromoting_auth_token"]
+    del self.data["xmpp_auth_token"]
+
+  def clear_host_info(self):
+    del self.data["host_id"]
+    del self.data["host_name"]
+    del self.data["host_secret_hash"]
+    del self.data["private_key"]
 
 class Authentication:
   """Manage authentication tokens for Chromoting/xmpp"""
 
-  def __init__(self, config_file):
-    self.config_file = config_file
+  def __init__(self):
+    pass
 
   def generate_tokens(self):
     """Prompt for username/password and use them to generate new authentication
     tokens.
 
     Raises:
       Exception: Failed to get new authentication tokens.
     """
     print "Email:",
     self.login = raw_input()
     password = getpass.getpass("App-specific password: ")
 
     chromoting_auth = gaia_auth.GaiaAuthenticator('chromoting')
     self.chromoting_auth_token = chromoting_auth.authenticate(self.login,
                                                               password)
 
     xmpp_authenticator = gaia_auth.GaiaAuthenticator('chromiumsync')
     self.xmpp_auth_token = xmpp_authenticator.authenticate(self.login,
                                                            password)
 
-  def load_config(self):
+  def load_config(self, config):
     try:
-      settings_file = open(self.config_file, 'r')
-      data = json.load(settings_file)
-      settings_file.close()
-      self.login = data["xmpp_login"]
-      self.chromoting_auth_token = data["chromoting_auth_token"]
-      self.xmpp_auth_token = data["xmpp_auth_token"]
-    except:
+      self.login = config["xmpp_login"]
+      self.chromoting_auth_token = config["chromoting_auth_token"]
+      self.xmpp_auth_token = config["xmpp_auth_token"]
+    except KeyError:
       return False
     return True
 
-  def save_config(self):
-    data = {
-        "xmpp_login": self.login,
-        "chromoting_auth_token": self.chromoting_auth_token,
-        "xmpp_auth_token": self.xmpp_auth_token,
-    }
-    # File will contain private keys, so deny read/write access to others.
-    old_umask = os.umask(0066)
-    settings_file = open(self.config_file, 'w')
-    settings_file.write(json.dumps(data, indent=2))
-    settings_file.close()
-    os.umask(old_umask)
-
+  def save_config(self, config):
+    config["xmpp_login"] = self.login
+    config["chromoting_auth_token"] = self.chromoting_auth_token
+    config["xmpp_auth_token"] = self.xmpp_auth_token
 
 class Host:
   """This manages the configuration for a host.
 
   Callers should instantiate a Host object (passing in a filename where the
   config will be kept), then should call either of the methods:
 
   * register(auth): Create a new Host configuration and register it
   with the Directory Service (the "auth" parameter is used to
   authenticate with the Service).
   * load_config(): Load a config from disk, with details of an existing Host
   registration.
 
   After calling register() (or making any config changes) the method
   save_config() should be called to save the details to disk.
   """
 
   server = 'www.googleapis.com'
   url = 'https://' + server + '/chromoting/v1/@me/hosts'
 
-  def __init__(self, config_file, auth):
+  def __init__(self, auth):
     """
     Args:
-      config_file: Host configuration file path
+      config: Host configuration object
       auth: Authentication object with credentials for authenticating with the
         Directory service.
     """
-    self.config_file = config_file
     self.auth = auth
     self.host_id = str(uuid.uuid1())
     self.host_name = socket.gethostname()
     self.host_secret_hash = None
     self.private_key = None
 
   def register(self):
     """Generates a private key for the stored |host_id|, and registers it with
     the Directory service.
 
@@ skipping 49 matching lines @@
   def set_pin(self, pin):
     if pin == "":
       self.host_secret_hash = "plain:"
     else:
       self.host_secret_hash = "hmac:" + base64.b64encode(
           hmac.new(str(self.host_id), pin, hashlib.sha256).digest())
 
   def is_pin_set(self):
     return self.host_secret_hash
 
-  def load_config(self):
+  def load_config(self, config):
     try:
-      settings_file = open(self.config_file, 'r')
-      data = json.load(settings_file)
-      settings_file.close()
-    except:
-      logging.info("Failed to load: " + self.config_file)
+      self.host_id = config["host_id"]
+      self.host_name = config["host_name"]
+      self.host_secret_hash = config.get("host_secret_hash")
+      self.private_key = config["private_key"]
+    except KeyError:
       return False
-    self.host_id = data["host_id"]
-    self.host_name = data["host_name"]
-    self.host_secret_hash = data.get("host_secret_hash")
-    self.private_key = data["private_key"]
     return True
 
-  def save_config(self):
-    data = {
-        "host_id": self.host_id,
-        "host_name": self.host_name,
-        "host_secret_hash": self.host_secret_hash,
-        "private_key": self.private_key,
-    }
-    if self.host_secret_hash:
-      data["host_secret_hash"] = self.host_secret_hash
-
-    old_umask = os.umask(0066)
-    settings_file = open(self.config_file, 'w')
-    settings_file.write(json.dumps(data, indent=2))
-    settings_file.close()
-    os.umask(old_umask)
-
+  def save_config(self, config):
+    config["host_id"] = self.host_id
+    config["host_name"] = self.host_name
+    config["host_secret_hash"] = self.host_secret_hash
+    config["private_key"] = self.private_key
 
 class Desktop:
   """Manage a single virtual desktop"""
 
   def __init__(self, sizes):
     self.x_proc = None
     self.session_proc = None
     self.host_proc = None
     self.sizes = sizes
     g_desktops.append(self)
@@ skipping 108 matching lines @@
     # Daemonization would solve this problem by separating the process from the
     # controlling terminal.
     logging.info("Launching X session: %s" % XSESSION_COMMAND)
     self.session_proc = subprocess.Popen(XSESSION_COMMAND,
                                          stdin=open(os.devnull, "r"),
                                          cwd=HOME_DIR,
                                          env=self.child_env)
     if not self.session_proc.pid:
       raise Exception("Could not start X session")
 
-  def launch_host(self, host):
+  def launch_host(self, host_config):
     # Start remoting host
     args = [locate_executable(REMOTING_COMMAND),
-            "--host-config=%s" % (host.config_file)]
-    if host.auth.config_file != host.config_file:
-      args.append("--auth-config=%s" % (host.auth.config_file))
+            "--host-config=%s" % (host_config.path)]
     self.host_proc = subprocess.Popen(args, env=self.child_env)
     logging.info(args)
     if not self.host_proc.pid:
       raise Exception("Could not start remoting host")
 
 
 class PidFile:
   """Class to allow creating and deleting a file which holds the PID of the
   running process.  This is used to detect if a process is already running, and
   inform the user of the PID.  On process termination, the PID file is
@@ skipping 296 matching lines @@
 
   atexit.register(cleanup)
 
   for s in [signal.SIGHUP, signal.SIGINT, signal.SIGTERM, signal.SIGUSR1]:
     signal.signal(s, signal_handler)
 
   # Ensure full path to config directory exists.
   if not os.path.exists(CONFIG_DIR):
     os.makedirs(CONFIG_DIR, mode=0700)
 
-  host_config_file = os.path.join(CONFIG_DIR, "host#%s.json" % host_hash)
+  host_config = Config(os.path.join(CONFIG_DIR, "host#%s.json" % host_hash))
+  host_config.load()
 
-  # --silent option is specified when we are started from WebApp UI. Don't use
-  # separate auth file in that case.
-  # TODO(sergeyu): Always use host config for auth parameters.
-  if options.silent:
-    auth_config_file = host_config_file
-  else:
-    auth_config_file = os.path.join(CONFIG_DIR, "auth.json")
+  auth = Authentication()
+  auth_config_loaded = auth.load_config(host_config)
+  if not auth_config_loaded and not options.silent:
+    # If we failed to load authentication parameters from the host config
+    # then try loading them from the legacy auth.json file.
+    auth_config = Config(os.path.join(CONFIG_DIR, "auth.json"))
+    if auth_config.load():
+      auth_config_loaded = auth.load_config(auth_config)
+      # If we were able to read auth.json then copy its content to the host
+      # config.
+      if auth_config_loaded:
+        auth.save_config(host_config)
+        host_config.save()
 
-  auth = Authentication(auth_config_file)
-  auth_config_loaded = auth.load_config()
-
-  host = Host(host_config_file, auth)
-  host_config_loaded = host.load_config()
+  host = Host(auth)
+  host_config_loaded = host.load_config(host_config)
 
   if options.silent:
     if not host_config_loaded or not auth_config_loaded:
       logging.error("Failed to load host configuration.")
       return 1
   else:
     need_auth_tokens = not auth_config_loaded
     need_register_host = not host_config_loaded
     # Outside the loop so user doesn't get asked twice.
     if need_register_host:
       host.ask_pin()
     elif options.new_pin or not host.is_pin_set():
       host.ask_pin()
-      host.save_config()
+      host.save_config(host_config)
       running, pid = PidFile(pid_filename).check()
       if running and pid != 0:
         os.kill(pid, signal.SIGUSR1)
         print "The running instance has been updated with the new PIN."
         return 0
 
     # The loop is to deal with the case of registering a new Host with
     # previously-saved auth tokens (from a previous run of this script), which
     # may require re-prompting for username & password.
     while True:
-      try:
-        if need_auth_tokens:
+      if need_auth_tokens:
+        try:
           auth.generate_tokens()
-          auth.save_config()
           need_auth_tokens = False
-      except Exception:
-        logging.error("Authentication failed")
-        return 1
+        except Exception:
+          logging.error("Authentication failed")
+          return 1
+        # Save the new auth tokens.
+        auth.save_config(host_config)
+        if not host_config.save():
+          logging.error("Faled to save host configuration.")

[Lambros, 2012/08/09 01:20:27]

s/Faled/Failed

[Sergey Ulanov, 2012/08/09 02:13:10]

Done.

+          return 1
 
-      try:
-        if need_register_host:
+      if need_register_host:
+        try:
           host.register()
-          host.save_config()
-      except urllib2.HTTPError, err:
-        if err.getcode() == 401:
-          # Authentication failed - re-prompt for username & password.
-          need_auth_tokens = True
-          continue
-        else:
-          # Not an authentication error.
-          logging.error("Directory returned error: " + str(err))
-          logging.error(err.read())
-          return 1
+          host.save_config(host_config)
+        except urllib2.HTTPError, err:
+          if err.getcode() == 401:
+            # Authentication failed - re-prompt for username & password.
+            need_auth_tokens = True
+            continue
+          else:
+            # Not an authentication error.
+            logging.error("Directory returned error: " + str(err))
+            logging.error(err.read())
+            return 1
 
       # |auth| and |host| are both set up, so break out of the loop.
       break
 
+    if not host_config.save():
+      logging.error("Faled to save host configuration.")

[Lambros, 2012/08/09 01:20:27]

s/Faled/Failed

[Sergey Ulanov, 2012/08/09 02:13:10]

Done.

+      return 1
+
   global g_pidfile
   g_pidfile = PidFile(pid_filename)
   running, pid = g_pidfile.check()
 
   if running:
     print "An instance of this script is already running."
     print "Use the -k flag to terminate the running instance."
     print "If this isn't the case, delete '%s' and try again." % pid_filename
     return 1
 
@@ skipping 41 matching lines @@
                         "before starting new session.")
           time.sleep(60 - elapsed)
 
         logging.info("Launching X server and X session")
         last_launch_time = time.time()
         desktop.launch_x_server(args)
         desktop.launch_x_session()
 
     if desktop.host_proc is None:
       logging.info("Launching host process")
-      desktop.launch_host(host)
+      desktop.launch_host(host_config)
 
     try:
       pid, status = os.wait()
     except OSError, e:
       if e.errno == errno.EINTR:
         # Retry on EINTR, which can happen if a signal such as SIGUSR1 is
         # received.
         continue
       else:
         # Anything else is an unexpected error.
@@ skipping 16 matching lines @@
       logging.info("Host process terminated")
       desktop.host_proc = None
 
       # These exit-codes must match the ones used by the host.
       # See remoting/host/constants.h.
       # Delete the host or auth configuration depending on the returned error
       # code, so the next time this script is run, a new configuration
       # will be created and registered.
       if os.WEXITSTATUS(status) == 2:
         logging.info("Host configuration is invalid - exiting.")
-        try:
-          os.remove(host.config_file)
-          os.remove(auth.config_file)
-        except:
-          pass
+        host_config.clear_auth()
+        host_config.clear_host_info()
+        host_config.save()
         return 0
       elif os.WEXITSTATUS(status) == 3:
         logging.info("Host ID has been deleted - exiting.")
-        try:
-          os.remove(host.config_file)
-        except:
-          pass
+        host_config.clear_host_info()
+        host_config.save()
         return 0
       elif os.WEXITSTATUS(status) == 4:
         logging.info("OAuth credentials are invalid - exiting.")
-        try:
-          os.remove(auth.config_file)
-        except:
-          pass
+        host_config.clear_auth()
+        host_config.save()
         return 0
       elif os.WEXITSTATUS(status) == 5:
         logging.info("Host domain is blocked by policy - exiting.")
         os.remove(host.config_file)
         return 0
 
 if __name__ == "__main__":
   logging.basicConfig(level=logging.DEBUG)
   sys.exit(main())