forked from omaha-consulting/omaha-server
-
Notifications
You must be signed in to change notification settings - Fork 0
/
server.tac
129 lines (106 loc) · 5.16 KB
/
server.tac
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# Copyright (C) 2011 Crystalnix <[email protected]>
# This file is part of omaha-server.
# omaha-server is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# omaha-server is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with omaha-server. If not, see <http://www.gnu.org/licenses/>.
import sys
sys.path.append('.')
from encodings import hex_codec, base64_codec
from twisted.application import service, internet
from twisted.web import server, resource
from twisted.internet import ssl
from twisted.web.static import File
from chained_ssl import ChainedOpenSSLContextFactory
from update import UpdateXMLProcessor
from config import Config
from twisted.web.script import ResourceScriptWrapper
from twisted.web.guard import HTTPAuthSessionWrapper, DigestCredentialFactory
from twisted.cred.portal import Portal
from twisted.cred.checkers import FilePasswordDB
from auth import PublicHTMLRealm
import os
from mac_feed import MacFeedResource
from uncensor_out import UncensorOutResource
from uncensorp_out import UncensorPOutResource
class NoListingDir(File):
def directoryListing(self):
return resource.ForbiddenResource()
class LatestMacResource(resource.Resource):
isLeaf = True
def render_GET(self, request):
try:
f = open(Config.macActiveVersionFile, "r")
vernum = f.readline().strip("\r\n\t ")
except IOError:
return resource.NoResource().render_GET(request)
pathToFile = Config.bitpopDirectory + '/mac/BitPop-' + vernum + '.dmg'
return File(pathToFile).render_GET(request)
if not os.path.exists(Config.bitpopDirectory):
os.mkdir(Config.bitpopDirectory, 0755)
if not os.path.isdir(Config.bitpopDirectory):
os.remove(Config.bitpopDirectory)
os.mkdir(Config.bitpopDirectory, 0755)
root = resource.ForbiddenResource()
err = resource.ForbiddenResource()
root.putChild("service", err)
upd = UpdateXMLProcessor()
err.putChild("update2", upd)
portal = Portal(PublicHTMLRealm(), [FilePasswordDB('httpd.password')])
credentialFactory = DigestCredentialFactory("md5", "House of Life Updates")
admin = HTTPAuthSessionWrapper(portal, [credentialFactory])
err.putChild('admin', admin)
root.putChild('css', NoListingDir('css'))
root.putChild('js', NoListingDir('js'))
root.putChild('img', NoListingDir('img'))
insecureDomainResource = resource.ForbiddenResource()
bitpopDir = NoListingDir(Config.bitpopDirectory)
bitpopDir.putChild('BitPop.dmg', LatestMacResource())
bitpopDir.putChild('HouseOfLifeInstaller.application', \
File('clickonce/HouseOfLifeInstaller.application', 'application/x-ms-application'))
bitpopDir.putChild('clickonce_bootstrap.exe.manifest', \
File('clickonce/clickonce_bootstrap.exe.manifest', 'application/x-ms-manifest'))
bitpopDir.putChild('HouseOfLifeUpdateSetup.exe', \
File('clickonce/bin/HouseOfLifeUpdateSetup.exe'))
bitpopDir.putChild('clickonce_bootstrap.exe',
File('clickonce/bin/clickonce_bootstrap.exe'))
insecureDomainResource.putChild(Config.bitpopDirectory, bitpopDir)
insecErr = resource.ForbiddenResource()
insecureDomainResource.putChild("ext", NoListingDir("./ext", 'application/octet-stream'))
insecureDomainResource.putChild("service", insecErr)
insecUpd = UpdateXMLProcessor()
insecErr.putChild("update2", insecUpd)
insecMacFeed = MacFeedResource()
insecErr.putChild('mac_feed', insecMacFeed)
uncen = UncensorOutResource()
insecErr.putChild("uncensor_domains", uncen)
uncenp = UncensorPOutResource()
insecErr.putChild("uncensorp_domains", uncenp)
httpSite = server.Site(insecureDomainResource)
httpsSite = server.Site(root)
if os.name == 'posix' and os.getuid() == 0:
# run under user 'nobody'
application = service.Application('House of Life Update Portal', uid=Config.uid, gid=Config.gid)
else:
application = service.Application('House of Life Update Portal')
httpService = internet.TCPServer(Config.httpPort, httpSite, interface=Config.domainName)
httpsService = internet.SSLServer(Config.httpsPort, httpsSite,
# Use custom factory for certificate chain
ChainedOpenSSLContextFactory(
privateKeyFileName=Config.privateKeyFile,
certificateChainFileName=Config.certificateChainFile,
certificateFileName=Config.certificateFile)
if Config.useCertificateChain else
# Use default factory for single certificate
ssl.DefaultOpenSSLContextFactory(
Config.privateKeyFile, Config.certificateFile),
interface=Config.domainName)
httpService.setServiceParent(application)
httpsService.setServiceParent(application)