├── .gitignore
├── LICENSE
├── LICENSE.OpenSSL
├── README.md
├── an2linuxserver.py
├── init
├── README.md
├── systemd-system
│ ├── README.md
│ └── an2linux.service
└── systemd-user
│ ├── README.md
│ └── an2linux.service
└── requirements.txt
/.gitignore:
--------------------------------------------------------------------------------
1 | .idea/
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | AN2Linux is licensed under the GNU General Public License version 3 with the
2 | addition of the following special exception:
3 |
4 | In addition, as a special exception, the copyright holders give
5 | permission to link the code of portions of this program with the OpenSSL
6 | library.
7 | You must obey the GNU General Public License in all respects for all of
8 | the code used other than OpenSSL. If you modify file(s) with this
9 | exception, you may extend this exception to your version of the file(s),
10 | but you are not obligated to do so. If you do not wish to do so, delete
11 | this exception statement from your version. If you delete this exception
12 | statement from all source files in the program, then also delete it here.
13 |
14 | GNU GENERAL PUBLIC LICENSE
15 | Version 3, 29 June 2007
16 |
17 | Copyright (C) 2007 Free Software Foundation, Inc.
18 | Everyone is permitted to copy and distribute verbatim copies
19 | of this license document, but changing it is not allowed.
20 |
21 | Preamble
22 |
23 | The GNU General Public License is a free, copyleft license for
24 | software and other kinds of works.
25 |
26 | The licenses for most software and other practical works are designed
27 | to take away your freedom to share and change the works. By contrast,
28 | the GNU General Public License is intended to guarantee your freedom to
29 | share and change all versions of a program--to make sure it remains free
30 | software for all its users. We, the Free Software Foundation, use the
31 | GNU General Public License for most of our software; it applies also to
32 | any other work released this way by its authors. You can apply it to
33 | your programs, too.
34 |
35 | When we speak of free software, we are referring to freedom, not
36 | price. Our General Public Licenses are designed to make sure that you
37 | have the freedom to distribute copies of free software (and charge for
38 | them if you wish), that you receive source code or can get it if you
39 | want it, that you can change the software or use pieces of it in new
40 | free programs, and that you know you can do these things.
41 |
42 | To protect your rights, we need to prevent others from denying you
43 | these rights or asking you to surrender the rights. Therefore, you have
44 | certain responsibilities if you distribute copies of the software, or if
45 | you modify it: responsibilities to respect the freedom of others.
46 |
47 | For example, if you distribute copies of such a program, whether
48 | gratis or for a fee, you must pass on to the recipients the same
49 | freedoms that you received. You must make sure that they, too, receive
50 | or can get the source code. And you must show them these terms so they
51 | know their rights.
52 |
53 | Developers that use the GNU GPL protect your rights with two steps:
54 | (1) assert copyright on the software, and (2) offer you this License
55 | giving you legal permission to copy, distribute and/or modify it.
56 |
57 | For the developers' and authors' protection, the GPL clearly explains
58 | that there is no warranty for this free software. For both users' and
59 | authors' sake, the GPL requires that modified versions be marked as
60 | changed, so that their problems will not be attributed erroneously to
61 | authors of previous versions.
62 |
63 | Some devices are designed to deny users access to install or run
64 | modified versions of the software inside them, although the manufacturer
65 | can do so. This is fundamentally incompatible with the aim of
66 | protecting users' freedom to change the software. The systematic
67 | pattern of such abuse occurs in the area of products for individuals to
68 | use, which is precisely where it is most unacceptable. Therefore, we
69 | have designed this version of the GPL to prohibit the practice for those
70 | products. If such problems arise substantially in other domains, we
71 | stand ready to extend this provision to those domains in future versions
72 | of the GPL, as needed to protect the freedom of users.
73 |
74 | Finally, every program is threatened constantly by software patents.
75 | States should not allow patents to restrict development and use of
76 | software on general-purpose computers, but in those that do, we wish to
77 | avoid the special danger that patents applied to a free program could
78 | make it effectively proprietary. To prevent this, the GPL assures that
79 | patents cannot be used to render the program non-free.
80 |
81 | The precise terms and conditions for copying, distribution and
82 | modification follow.
83 |
84 | TERMS AND CONDITIONS
85 |
86 | 0. Definitions.
87 |
88 | "This License" refers to version 3 of the GNU General Public License.
89 |
90 | "Copyright" also means copyright-like laws that apply to other kinds of
91 | works, such as semiconductor masks.
92 |
93 | "The Program" refers to any copyrightable work licensed under this
94 | License. Each licensee is addressed as "you". "Licensees" and
95 | "recipients" may be individuals or organizations.
96 |
97 | To "modify" a work means to copy from or adapt all or part of the work
98 | in a fashion requiring copyright permission, other than the making of an
99 | exact copy. The resulting work is called a "modified version" of the
100 | earlier work or a work "based on" the earlier work.
101 |
102 | A "covered work" means either the unmodified Program or a work based
103 | on the Program.
104 |
105 | To "propagate" a work means to do anything with it that, without
106 | permission, would make you directly or secondarily liable for
107 | infringement under applicable copyright law, except executing it on a
108 | computer or modifying a private copy. Propagation includes copying,
109 | distribution (with or without modification), making available to the
110 | public, and in some countries other activities as well.
111 |
112 | To "convey" a work means any kind of propagation that enables other
113 | parties to make or receive copies. Mere interaction with a user through
114 | a computer network, with no transfer of a copy, is not conveying.
115 |
116 | An interactive user interface displays "Appropriate Legal Notices"
117 | to the extent that it includes a convenient and prominently visible
118 | feature that (1) displays an appropriate copyright notice, and (2)
119 | tells the user that there is no warranty for the work (except to the
120 | extent that warranties are provided), that licensees may convey the
121 | work under this License, and how to view a copy of this License. If
122 | the interface presents a list of user commands or options, such as a
123 | menu, a prominent item in the list meets this criterion.
124 |
125 | 1. Source Code.
126 |
127 | The "source code" for a work means the preferred form of the work
128 | for making modifications to it. "Object code" means any non-source
129 | form of a work.
130 |
131 | A "Standard Interface" means an interface that either is an official
132 | standard defined by a recognized standards body, or, in the case of
133 | interfaces specified for a particular programming language, one that
134 | is widely used among developers working in that language.
135 |
136 | The "System Libraries" of an executable work include anything, other
137 | than the work as a whole, that (a) is included in the normal form of
138 | packaging a Major Component, but which is not part of that Major
139 | Component, and (b) serves only to enable use of the work with that
140 | Major Component, or to implement a Standard Interface for which an
141 | implementation is available to the public in source code form. A
142 | "Major Component", in this context, means a major essential component
143 | (kernel, window system, and so on) of the specific operating system
144 | (if any) on which the executable work runs, or a compiler used to
145 | produce the work, or an object code interpreter used to run it.
146 |
147 | The "Corresponding Source" for a work in object code form means all
148 | the source code needed to generate, install, and (for an executable
149 | work) run the object code and to modify the work, including scripts to
150 | control those activities. However, it does not include the work's
151 | System Libraries, or general-purpose tools or generally available free
152 | programs which are used unmodified in performing those activities but
153 | which are not part of the work. For example, Corresponding Source
154 | includes interface definition files associated with source files for
155 | the work, and the source code for shared libraries and dynamically
156 | linked subprograms that the work is specifically designed to require,
157 | such as by intimate data communication or control flow between those
158 | subprograms and other parts of the work.
159 |
160 | The Corresponding Source need not include anything that users
161 | can regenerate automatically from other parts of the Corresponding
162 | Source.
163 |
164 | The Corresponding Source for a work in source code form is that
165 | same work.
166 |
167 | 2. Basic Permissions.
168 |
169 | All rights granted under this License are granted for the term of
170 | copyright on the Program, and are irrevocable provided the stated
171 | conditions are met. This License explicitly affirms your unlimited
172 | permission to run the unmodified Program. The output from running a
173 | covered work is covered by this License only if the output, given its
174 | content, constitutes a covered work. This License acknowledges your
175 | rights of fair use or other equivalent, as provided by copyright law.
176 |
177 | You may make, run and propagate covered works that you do not
178 | convey, without conditions so long as your license otherwise remains
179 | in force. You may convey covered works to others for the sole purpose
180 | of having them make modifications exclusively for you, or provide you
181 | with facilities for running those works, provided that you comply with
182 | the terms of this License in conveying all material for which you do
183 | not control copyright. Those thus making or running the covered works
184 | for you must do so exclusively on your behalf, under your direction
185 | and control, on terms that prohibit them from making any copies of
186 | your copyrighted material outside their relationship with you.
187 |
188 | Conveying under any other circumstances is permitted solely under
189 | the conditions stated below. Sublicensing is not allowed; section 10
190 | makes it unnecessary.
191 |
192 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
193 |
194 | No covered work shall be deemed part of an effective technological
195 | measure under any applicable law fulfilling obligations under article
196 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
197 | similar laws prohibiting or restricting circumvention of such
198 | measures.
199 |
200 | When you convey a covered work, you waive any legal power to forbid
201 | circumvention of technological measures to the extent such circumvention
202 | is effected by exercising rights under this License with respect to
203 | the covered work, and you disclaim any intention to limit operation or
204 | modification of the work as a means of enforcing, against the work's
205 | users, your or third parties' legal rights to forbid circumvention of
206 | technological measures.
207 |
208 | 4. Conveying Verbatim Copies.
209 |
210 | You may convey verbatim copies of the Program's source code as you
211 | receive it, in any medium, provided that you conspicuously and
212 | appropriately publish on each copy an appropriate copyright notice;
213 | keep intact all notices stating that this License and any
214 | non-permissive terms added in accord with section 7 apply to the code;
215 | keep intact all notices of the absence of any warranty; and give all
216 | recipients a copy of this License along with the Program.
217 |
218 | You may charge any price or no price for each copy that you convey,
219 | and you may offer support or warranty protection for a fee.
220 |
221 | 5. Conveying Modified Source Versions.
222 |
223 | You may convey a work based on the Program, or the modifications to
224 | produce it from the Program, in the form of source code under the
225 | terms of section 4, provided that you also meet all of these conditions:
226 |
227 | a) The work must carry prominent notices stating that you modified
228 | it, and giving a relevant date.
229 |
230 | b) The work must carry prominent notices stating that it is
231 | released under this License and any conditions added under section
232 | 7. This requirement modifies the requirement in section 4 to
233 | "keep intact all notices".
234 |
235 | c) You must license the entire work, as a whole, under this
236 | License to anyone who comes into possession of a copy. This
237 | License will therefore apply, along with any applicable section 7
238 | additional terms, to the whole of the work, and all its parts,
239 | regardless of how they are packaged. This License gives no
240 | permission to license the work in any other way, but it does not
241 | invalidate such permission if you have separately received it.
242 |
243 | d) If the work has interactive user interfaces, each must display
244 | Appropriate Legal Notices; however, if the Program has interactive
245 | interfaces that do not display Appropriate Legal Notices, your
246 | work need not make them do so.
247 |
248 | A compilation of a covered work with other separate and independent
249 | works, which are not by their nature extensions of the covered work,
250 | and which are not combined with it such as to form a larger program,
251 | in or on a volume of a storage or distribution medium, is called an
252 | "aggregate" if the compilation and its resulting copyright are not
253 | used to limit the access or legal rights of the compilation's users
254 | beyond what the individual works permit. Inclusion of a covered work
255 | in an aggregate does not cause this License to apply to the other
256 | parts of the aggregate.
257 |
258 | 6. Conveying Non-Source Forms.
259 |
260 | You may convey a covered work in object code form under the terms
261 | of sections 4 and 5, provided that you also convey the
262 | machine-readable Corresponding Source under the terms of this License,
263 | in one of these ways:
264 |
265 | a) Convey the object code in, or embodied in, a physical product
266 | (including a physical distribution medium), accompanied by the
267 | Corresponding Source fixed on a durable physical medium
268 | customarily used for software interchange.
269 |
270 | b) Convey the object code in, or embodied in, a physical product
271 | (including a physical distribution medium), accompanied by a
272 | written offer, valid for at least three years and valid for as
273 | long as you offer spare parts or customer support for that product
274 | model, to give anyone who possesses the object code either (1) a
275 | copy of the Corresponding Source for all the software in the
276 | product that is covered by this License, on a durable physical
277 | medium customarily used for software interchange, for a price no
278 | more than your reasonable cost of physically performing this
279 | conveying of source, or (2) access to copy the
280 | Corresponding Source from a network server at no charge.
281 |
282 | c) Convey individual copies of the object code with a copy of the
283 | written offer to provide the Corresponding Source. This
284 | alternative is allowed only occasionally and noncommercially, and
285 | only if you received the object code with such an offer, in accord
286 | with subsection 6b.
287 |
288 | d) Convey the object code by offering access from a designated
289 | place (gratis or for a charge), and offer equivalent access to the
290 | Corresponding Source in the same way through the same place at no
291 | further charge. You need not require recipients to copy the
292 | Corresponding Source along with the object code. If the place to
293 | copy the object code is a network server, the Corresponding Source
294 | may be on a different server (operated by you or a third party)
295 | that supports equivalent copying facilities, provided you maintain
296 | clear directions next to the object code saying where to find the
297 | Corresponding Source. Regardless of what server hosts the
298 | Corresponding Source, you remain obligated to ensure that it is
299 | available for as long as needed to satisfy these requirements.
300 |
301 | e) Convey the object code using peer-to-peer transmission, provided
302 | you inform other peers where the object code and Corresponding
303 | Source of the work are being offered to the general public at no
304 | charge under subsection 6d.
305 |
306 | A separable portion of the object code, whose source code is excluded
307 | from the Corresponding Source as a System Library, need not be
308 | included in conveying the object code work.
309 |
310 | A "User Product" is either (1) a "consumer product", which means any
311 | tangible personal property which is normally used for personal, family,
312 | or household purposes, or (2) anything designed or sold for incorporation
313 | into a dwelling. In determining whether a product is a consumer product,
314 | doubtful cases shall be resolved in favor of coverage. For a particular
315 | product received by a particular user, "normally used" refers to a
316 | typical or common use of that class of product, regardless of the status
317 | of the particular user or of the way in which the particular user
318 | actually uses, or expects or is expected to use, the product. A product
319 | is a consumer product regardless of whether the product has substantial
320 | commercial, industrial or non-consumer uses, unless such uses represent
321 | the only significant mode of use of the product.
322 |
323 | "Installation Information" for a User Product means any methods,
324 | procedures, authorization keys, or other information required to install
325 | and execute modified versions of a covered work in that User Product from
326 | a modified version of its Corresponding Source. The information must
327 | suffice to ensure that the continued functioning of the modified object
328 | code is in no case prevented or interfered with solely because
329 | modification has been made.
330 |
331 | If you convey an object code work under this section in, or with, or
332 | specifically for use in, a User Product, and the conveying occurs as
333 | part of a transaction in which the right of possession and use of the
334 | User Product is transferred to the recipient in perpetuity or for a
335 | fixed term (regardless of how the transaction is characterized), the
336 | Corresponding Source conveyed under this section must be accompanied
337 | by the Installation Information. But this requirement does not apply
338 | if neither you nor any third party retains the ability to install
339 | modified object code on the User Product (for example, the work has
340 | been installed in ROM).
341 |
342 | The requirement to provide Installation Information does not include a
343 | requirement to continue to provide support service, warranty, or updates
344 | for a work that has been modified or installed by the recipient, or for
345 | the User Product in which it has been modified or installed. Access to a
346 | network may be denied when the modification itself materially and
347 | adversely affects the operation of the network or violates the rules and
348 | protocols for communication across the network.
349 |
350 | Corresponding Source conveyed, and Installation Information provided,
351 | in accord with this section must be in a format that is publicly
352 | documented (and with an implementation available to the public in
353 | source code form), and must require no special password or key for
354 | unpacking, reading or copying.
355 |
356 | 7. Additional Terms.
357 |
358 | "Additional permissions" are terms that supplement the terms of this
359 | License by making exceptions from one or more of its conditions.
360 | Additional permissions that are applicable to the entire Program shall
361 | be treated as though they were included in this License, to the extent
362 | that they are valid under applicable law. If additional permissions
363 | apply only to part of the Program, that part may be used separately
364 | under those permissions, but the entire Program remains governed by
365 | this License without regard to the additional permissions.
366 |
367 | When you convey a copy of a covered work, you may at your option
368 | remove any additional permissions from that copy, or from any part of
369 | it. (Additional permissions may be written to require their own
370 | removal in certain cases when you modify the work.) You may place
371 | additional permissions on material, added by you to a covered work,
372 | for which you have or can give appropriate copyright permission.
373 |
374 | Notwithstanding any other provision of this License, for material you
375 | add to a covered work, you may (if authorized by the copyright holders of
376 | that material) supplement the terms of this License with terms:
377 |
378 | a) Disclaiming warranty or limiting liability differently from the
379 | terms of sections 15 and 16 of this License; or
380 |
381 | b) Requiring preservation of specified reasonable legal notices or
382 | author attributions in that material or in the Appropriate Legal
383 | Notices displayed by works containing it; or
384 |
385 | c) Prohibiting misrepresentation of the origin of that material, or
386 | requiring that modified versions of such material be marked in
387 | reasonable ways as different from the original version; or
388 |
389 | d) Limiting the use for publicity purposes of names of licensors or
390 | authors of the material; or
391 |
392 | e) Declining to grant rights under trademark law for use of some
393 | trade names, trademarks, or service marks; or
394 |
395 | f) Requiring indemnification of licensors and authors of that
396 | material by anyone who conveys the material (or modified versions of
397 | it) with contractual assumptions of liability to the recipient, for
398 | any liability that these contractual assumptions directly impose on
399 | those licensors and authors.
400 |
401 | All other non-permissive additional terms are considered "further
402 | restrictions" within the meaning of section 10. If the Program as you
403 | received it, or any part of it, contains a notice stating that it is
404 | governed by this License along with a term that is a further
405 | restriction, you may remove that term. If a license document contains
406 | a further restriction but permits relicensing or conveying under this
407 | License, you may add to a covered work material governed by the terms
408 | of that license document, provided that the further restriction does
409 | not survive such relicensing or conveying.
410 |
411 | If you add terms to a covered work in accord with this section, you
412 | must place, in the relevant source files, a statement of the
413 | additional terms that apply to those files, or a notice indicating
414 | where to find the applicable terms.
415 |
416 | Additional terms, permissive or non-permissive, may be stated in the
417 | form of a separately written license, or stated as exceptions;
418 | the above requirements apply either way.
419 |
420 | 8. Termination.
421 |
422 | You may not propagate or modify a covered work except as expressly
423 | provided under this License. Any attempt otherwise to propagate or
424 | modify it is void, and will automatically terminate your rights under
425 | this License (including any patent licenses granted under the third
426 | paragraph of section 11).
427 |
428 | However, if you cease all violation of this License, then your
429 | license from a particular copyright holder is reinstated (a)
430 | provisionally, unless and until the copyright holder explicitly and
431 | finally terminates your license, and (b) permanently, if the copyright
432 | holder fails to notify you of the violation by some reasonable means
433 | prior to 60 days after the cessation.
434 |
435 | Moreover, your license from a particular copyright holder is
436 | reinstated permanently if the copyright holder notifies you of the
437 | violation by some reasonable means, this is the first time you have
438 | received notice of violation of this License (for any work) from that
439 | copyright holder, and you cure the violation prior to 30 days after
440 | your receipt of the notice.
441 |
442 | Termination of your rights under this section does not terminate the
443 | licenses of parties who have received copies or rights from you under
444 | this License. If your rights have been terminated and not permanently
445 | reinstated, you do not qualify to receive new licenses for the same
446 | material under section 10.
447 |
448 | 9. Acceptance Not Required for Having Copies.
449 |
450 | You are not required to accept this License in order to receive or
451 | run a copy of the Program. Ancillary propagation of a covered work
452 | occurring solely as a consequence of using peer-to-peer transmission
453 | to receive a copy likewise does not require acceptance. However,
454 | nothing other than this License grants you permission to propagate or
455 | modify any covered work. These actions infringe copyright if you do
456 | not accept this License. Therefore, by modifying or propagating a
457 | covered work, you indicate your acceptance of this License to do so.
458 |
459 | 10. Automatic Licensing of Downstream Recipients.
460 |
461 | Each time you convey a covered work, the recipient automatically
462 | receives a license from the original licensors, to run, modify and
463 | propagate that work, subject to this License. You are not responsible
464 | for enforcing compliance by third parties with this License.
465 |
466 | An "entity transaction" is a transaction transferring control of an
467 | organization, or substantially all assets of one, or subdividing an
468 | organization, or merging organizations. If propagation of a covered
469 | work results from an entity transaction, each party to that
470 | transaction who receives a copy of the work also receives whatever
471 | licenses to the work the party's predecessor in interest had or could
472 | give under the previous paragraph, plus a right to possession of the
473 | Corresponding Source of the work from the predecessor in interest, if
474 | the predecessor has it or can get it with reasonable efforts.
475 |
476 | You may not impose any further restrictions on the exercise of the
477 | rights granted or affirmed under this License. For example, you may
478 | not impose a license fee, royalty, or other charge for exercise of
479 | rights granted under this License, and you may not initiate litigation
480 | (including a cross-claim or counterclaim in a lawsuit) alleging that
481 | any patent claim is infringed by making, using, selling, offering for
482 | sale, or importing the Program or any portion of it.
483 |
484 | 11. Patents.
485 |
486 | A "contributor" is a copyright holder who authorizes use under this
487 | License of the Program or a work on which the Program is based. The
488 | work thus licensed is called the contributor's "contributor version".
489 |
490 | A contributor's "essential patent claims" are all patent claims
491 | owned or controlled by the contributor, whether already acquired or
492 | hereafter acquired, that would be infringed by some manner, permitted
493 | by this License, of making, using, or selling its contributor version,
494 | but do not include claims that would be infringed only as a
495 | consequence of further modification of the contributor version. For
496 | purposes of this definition, "control" includes the right to grant
497 | patent sublicenses in a manner consistent with the requirements of
498 | this License.
499 |
500 | Each contributor grants you a non-exclusive, worldwide, royalty-free
501 | patent license under the contributor's essential patent claims, to
502 | make, use, sell, offer for sale, import and otherwise run, modify and
503 | propagate the contents of its contributor version.
504 |
505 | In the following three paragraphs, a "patent license" is any express
506 | agreement or commitment, however denominated, not to enforce a patent
507 | (such as an express permission to practice a patent or covenant not to
508 | sue for patent infringement). To "grant" such a patent license to a
509 | party means to make such an agreement or commitment not to enforce a
510 | patent against the party.
511 |
512 | If you convey a covered work, knowingly relying on a patent license,
513 | and the Corresponding Source of the work is not available for anyone
514 | to copy, free of charge and under the terms of this License, through a
515 | publicly available network server or other readily accessible means,
516 | then you must either (1) cause the Corresponding Source to be so
517 | available, or (2) arrange to deprive yourself of the benefit of the
518 | patent license for this particular work, or (3) arrange, in a manner
519 | consistent with the requirements of this License, to extend the patent
520 | license to downstream recipients. "Knowingly relying" means you have
521 | actual knowledge that, but for the patent license, your conveying the
522 | covered work in a country, or your recipient's use of the covered work
523 | in a country, would infringe one or more identifiable patents in that
524 | country that you have reason to believe are valid.
525 |
526 | If, pursuant to or in connection with a single transaction or
527 | arrangement, you convey, or propagate by procuring conveyance of, a
528 | covered work, and grant a patent license to some of the parties
529 | receiving the covered work authorizing them to use, propagate, modify
530 | or convey a specific copy of the covered work, then the patent license
531 | you grant is automatically extended to all recipients of the covered
532 | work and works based on it.
533 |
534 | A patent license is "discriminatory" if it does not include within
535 | the scope of its coverage, prohibits the exercise of, or is
536 | conditioned on the non-exercise of one or more of the rights that are
537 | specifically granted under this License. You may not convey a covered
538 | work if you are a party to an arrangement with a third party that is
539 | in the business of distributing software, under which you make payment
540 | to the third party based on the extent of your activity of conveying
541 | the work, and under which the third party grants, to any of the
542 | parties who would receive the covered work from you, a discriminatory
543 | patent license (a) in connection with copies of the covered work
544 | conveyed by you (or copies made from those copies), or (b) primarily
545 | for and in connection with specific products or compilations that
546 | contain the covered work, unless you entered into that arrangement,
547 | or that patent license was granted, prior to 28 March 2007.
548 |
549 | Nothing in this License shall be construed as excluding or limiting
550 | any implied license or other defenses to infringement that may
551 | otherwise be available to you under applicable patent law.
552 |
553 | 12. No Surrender of Others' Freedom.
554 |
555 | If conditions are imposed on you (whether by court order, agreement or
556 | otherwise) that contradict the conditions of this License, they do not
557 | excuse you from the conditions of this License. If you cannot convey a
558 | covered work so as to satisfy simultaneously your obligations under this
559 | License and any other pertinent obligations, then as a consequence you may
560 | not convey it at all. For example, if you agree to terms that obligate you
561 | to collect a royalty for further conveying from those to whom you convey
562 | the Program, the only way you could satisfy both those terms and this
563 | License would be to refrain entirely from conveying the Program.
564 |
565 | 13. Use with the GNU Affero General Public License.
566 |
567 | Notwithstanding any other provision of this License, you have
568 | permission to link or combine any covered work with a work licensed
569 | under version 3 of the GNU Affero General Public License into a single
570 | combined work, and to convey the resulting work. The terms of this
571 | License will continue to apply to the part which is the covered work,
572 | but the special requirements of the GNU Affero General Public License,
573 | section 13, concerning interaction through a network will apply to the
574 | combination as such.
575 |
576 | 14. Revised Versions of this License.
577 |
578 | The Free Software Foundation may publish revised and/or new versions of
579 | the GNU General Public License from time to time. Such new versions will
580 | be similar in spirit to the present version, but may differ in detail to
581 | address new problems or concerns.
582 |
583 | Each version is given a distinguishing version number. If the
584 | Program specifies that a certain numbered version of the GNU General
585 | Public License "or any later version" applies to it, you have the
586 | option of following the terms and conditions either of that numbered
587 | version or of any later version published by the Free Software
588 | Foundation. If the Program does not specify a version number of the
589 | GNU General Public License, you may choose any version ever published
590 | by the Free Software Foundation.
591 |
592 | If the Program specifies that a proxy can decide which future
593 | versions of the GNU General Public License can be used, that proxy's
594 | public statement of acceptance of a version permanently authorizes you
595 | to choose that version for the Program.
596 |
597 | Later license versions may give you additional or different
598 | permissions. However, no additional obligations are imposed on any
599 | author or copyright holder as a result of your choosing to follow a
600 | later version.
601 |
602 | 15. Disclaimer of Warranty.
603 |
604 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
605 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
606 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
607 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
608 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
609 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
610 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
611 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
612 |
613 | 16. Limitation of Liability.
614 |
615 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
616 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
617 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
618 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
619 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
620 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
621 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
622 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
623 | SUCH DAMAGES.
624 |
625 | 17. Interpretation of Sections 15 and 16.
626 |
627 | If the disclaimer of warranty and limitation of liability provided
628 | above cannot be given local legal effect according to their terms,
629 | reviewing courts shall apply local law that most closely approximates
630 | an absolute waiver of all civil liability in connection with the
631 | Program, unless a warranty or assumption of liability accompanies a
632 | copy of the Program in return for a fee.
633 |
634 | END OF TERMS AND CONDITIONS
635 |
636 | How to Apply These Terms to Your New Programs
637 |
638 | If you develop a new program, and you want it to be of the greatest
639 | possible use to the public, the best way to achieve this is to make it
640 | free software which everyone can redistribute and change under these terms.
641 |
642 | To do so, attach the following notices to the program. It is safest
643 | to attach them to the start of each source file to most effectively
644 | state the exclusion of warranty; and each file should have at least
645 | the "copyright" line and a pointer to where the full notice is found.
646 |
647 |
648 | Copyright (C)
649 |
650 | This program is free software: you can redistribute it and/or modify
651 | it under the terms of the GNU General Public License as published by
652 | the Free Software Foundation, either version 3 of the License, or
653 | (at your option) any later version.
654 |
655 | This program is distributed in the hope that it will be useful,
656 | but WITHOUT ANY WARRANTY; without even the implied warranty of
657 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
658 | GNU General Public License for more details.
659 |
660 | You should have received a copy of the GNU General Public License
661 | along with this program. If not, see .
662 |
663 | Also add information on how to contact you by electronic and paper mail.
664 |
665 | If the program does terminal interaction, make it output a short
666 | notice like this when it starts in an interactive mode:
667 |
668 | Copyright (C)
669 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
670 | This is free software, and you are welcome to redistribute it
671 | under certain conditions; type `show c' for details.
672 |
673 | The hypothetical commands `show w' and `show c' should show the appropriate
674 | parts of the General Public License. Of course, your program's commands
675 | might be different; for a GUI interface, you would use an "about box".
676 |
677 | You should also get your employer (if you work as a programmer) or school,
678 | if any, to sign a "copyright disclaimer" for the program, if necessary.
679 | For more information on this, and how to apply and follow the GNU GPL, see
680 | .
681 |
682 | The GNU General Public License does not permit incorporating your program
683 | into proprietary programs. If your program is a subroutine library, you
684 | may consider it more useful to permit linking proprietary applications with
685 | the library. If this is what you want to do, use the GNU Lesser General
686 | Public License instead of this License. But first, please read
687 | .
688 |
--------------------------------------------------------------------------------
/LICENSE.OpenSSL:
--------------------------------------------------------------------------------
1 |
2 | LICENSE ISSUES
3 | ==============
4 |
5 | The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
6 | the OpenSSL License and the original SSLeay license apply to the toolkit.
7 | See below for the actual license texts.
8 |
9 | OpenSSL License
10 | ---------------
11 |
12 | /* ====================================================================
13 | * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
14 | *
15 | * Redistribution and use in source and binary forms, with or without
16 | * modification, are permitted provided that the following conditions
17 | * are met:
18 | *
19 | * 1. Redistributions of source code must retain the above copyright
20 | * notice, this list of conditions and the following disclaimer.
21 | *
22 | * 2. Redistributions in binary form must reproduce the above copyright
23 | * notice, this list of conditions and the following disclaimer in
24 | * the documentation and/or other materials provided with the
25 | * distribution.
26 | *
27 | * 3. All advertising materials mentioning features or use of this
28 | * software must display the following acknowledgment:
29 | * "This product includes software developed by the OpenSSL Project
30 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
31 | *
32 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
33 | * endorse or promote products derived from this software without
34 | * prior written permission. For written permission, please contact
35 | * openssl-core@openssl.org.
36 | *
37 | * 5. Products derived from this software may not be called "OpenSSL"
38 | * nor may "OpenSSL" appear in their names without prior written
39 | * permission of the OpenSSL Project.
40 | *
41 | * 6. Redistributions of any form whatsoever must retain the following
42 | * acknowledgment:
43 | * "This product includes software developed by the OpenSSL Project
44 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
45 | *
46 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
47 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
48 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
49 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
50 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
51 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
52 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
53 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
54 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
55 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
56 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
57 | * OF THE POSSIBILITY OF SUCH DAMAGE.
58 | * ====================================================================
59 | *
60 | * This product includes cryptographic software written by Eric Young
61 | * (eay@cryptsoft.com). This product includes software written by Tim
62 | * Hudson (tjh@cryptsoft.com).
63 | *
64 | */
65 |
66 | Original SSLeay License
67 | -----------------------
68 |
69 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
70 | * All rights reserved.
71 | *
72 | * This package is an SSL implementation written
73 | * by Eric Young (eay@cryptsoft.com).
74 | * The implementation was written so as to conform with Netscapes SSL.
75 | *
76 | * This library is free for commercial and non-commercial use as long as
77 | * the following conditions are aheared to. The following conditions
78 | * apply to all code found in this distribution, be it the RC4, RSA,
79 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation
80 | * included with this distribution is covered by the same copyright terms
81 | * except that the holder is Tim Hudson (tjh@cryptsoft.com).
82 | *
83 | * Copyright remains Eric Young's, and as such any Copyright notices in
84 | * the code are not to be removed.
85 | * If this package is used in a product, Eric Young should be given attribution
86 | * as the author of the parts of the library used.
87 | * This can be in the form of a textual message at program startup or
88 | * in documentation (online or textual) provided with the package.
89 | *
90 | * Redistribution and use in source and binary forms, with or without
91 | * modification, are permitted provided that the following conditions
92 | * are met:
93 | * 1. Redistributions of source code must retain the copyright
94 | * notice, this list of conditions and the following disclaimer.
95 | * 2. Redistributions in binary form must reproduce the above copyright
96 | * notice, this list of conditions and the following disclaimer in the
97 | * documentation and/or other materials provided with the distribution.
98 | * 3. All advertising materials mentioning features or use of this software
99 | * must display the following acknowledgement:
100 | * "This product includes cryptographic software written by
101 | * Eric Young (eay@cryptsoft.com)"
102 | * The word 'cryptographic' can be left out if the rouines from the library
103 | * being used are not cryptographic related :-).
104 | * 4. If you include any Windows specific code (or a derivative thereof) from
105 | * the apps directory (application code) you must include an acknowledgement:
106 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
107 | *
108 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
109 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
110 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
111 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
112 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
113 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
114 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
115 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
116 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
117 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
118 | * SUCH DAMAGE.
119 | *
120 | * The licence and distribution terms for any publically available version or
121 | * derivative of this code cannot be changed. i.e. this code cannot simply be
122 | * copied and put under another distribution licence
123 | * [including the GNU Public Licence.]
124 | */
125 |
126 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # AN2Linux - server
2 | Sync Android notifications encrypted using TLS to a Linux desktop over WiFi, Mobile data or Bluetooth.
3 |
4 | This is the server part of AN2Linux which will run on your computer.
5 |
6 | The Android app can be found here: [https://github.com/rootkiwi/an2linuxclient/](https://github.com/rootkiwi/an2linuxclient/)
7 |
8 | ## Dependencies
9 | I'm using archlinux but I've added here what I think to be the package
10 | names for debian/ubuntu as well.
11 |
12 | * **python (3.4+)**
13 | ```
14 | Arch: python
15 | Debian / Ubuntu: python3
16 | ```
17 |
18 | * **libnotify**
19 | ```
20 | Arch: libnotify
21 | Debian / Ubuntu: libnotify4 gir1.2-notify-0.7 gir1.2-gdkpixbuf-2.0
22 | ```
23 |
24 | * **python-gobject**
25 | ```
26 | Arch: python-gobject
27 | Debian / Ubuntu: python3-gi
28 | ```
29 |
30 | * **openssl (1.0.1+)**
31 |
32 |
33 | ## Dependencies for bluetooth
34 |
35 | * **BlueZ dev files**
36 | ```
37 | Arch: bluez-libs
38 | Debian / Ubuntu: libbluetooth-dev
39 | ```
40 |
41 | * **PyBluez** with normal package manager
42 | ```
43 | Arch: python-pybluez
44 | Debian / Ubuntu: python3-bluez
45 | ```
46 |
47 |
48 | * **PyBluez** or with pip
49 | ```
50 | Arch: python-pip
51 | Debian / Ubuntu: python3-pip
52 |
53 | pip3 install pybluez
54 | ```
55 |
56 | ## How to use
57 | First time just run `an2linuxserver.py` and follow the instructions.
58 |
59 | AN2Linux uses TLS for encryption with both client and server authentication.
60 | That means that the client (android) and the server (your computer)
61 | need to exchange certificates first.
62 |
63 | To initiate pairing you must have `an2linuxserver.py` running and then in the
64 | android app press initiate pairing when in the process of adding a new server.
65 |
66 | ### For bluetooth
67 | First you need to pair your phone and computer with each other (the normal
68 | bluetooth pairing), and then do the certificate exchange as explained above.
69 |
70 | Why use TLS over bluetooth when bluetooth is already encrypted?
71 |
72 | Well, firstly, because I wanted to try :)
73 |
74 | And secondly, from the little I've read about bluetooth it seems that the
75 | encryption key size negotiated can be very small.
76 |
77 | #### PyBluez not working?
78 | I'm using archlinux so I'm going to tell you how it works for me, I have no
79 | idea how it works on other distros. It may work out of the box or it may not, just try it.
80 |
81 | This is the error I get without the fixes below:
82 | `bluetooth.btcommon.BluetoothError: (13, 'Permission denied')`
83 |
84 | So, if you're not using archlinux but still are using systemd and get an error like
85 | that maybe you should try something similar.
86 |
87 | #### Edit bluetooth.service in an override file
88 | ```
89 | systemctl edit bluetooth.service
90 | ```
91 |
92 | #### Add the following lines
93 | ```
94 | [Service]
95 | ExecStart=
96 | ExecStart=/usr/lib/bluetooth/bluetoothd -C
97 | ExecStartPost=/bin/chmod 662 /var/run/sdp
98 | ```
99 |
100 | #### then apply changes
101 | ```
102 | systemctl daemon-reload
103 | systemctl restart bluetooth.service
104 | ```
105 |
106 | More info about this problem:
107 | https://bbs.archlinux.org/viewtopic.php?id=201672.
108 |
109 | ## Config directory
110 | First time when running `an2linuxserver.py` it will create the directory:
111 | `$XDG_CONFIG_HOME/an2linux/`.
112 |
113 | If `$XDG_CONFIG_HOME` is not set it defaults to: `$HOME/.config/an2linux/`.
114 |
115 | In this config directory a few files will be created.
116 |
117 | #### Config file
118 | A default config file named `config` will be created with the settings:
119 | - `tcp_server` **[on/off]** *default:* **on**
120 | - `tcp_port` **[0-65535]** *default:* **46352**
121 | - `bluetooth_server` **[on/off]** *default:* **off**
122 | - `bluetooth_support_kitkat` **[on/off]** *default:* **off**
123 | - `notification_timeout` **[integer]** *default:* **5**
124 | - `list_size_duplicates` **[0-50]** *default:* **0**
125 | - `ignore_duplicates_list_for_titles` **[comma-separated list]** *default:* **AN2Linux, title**
126 | - `keywords_to_ignore` **[comma-separated list]** *default:* **''**
127 |
128 | Open that config file for more detailed info about every setting.
129 |
130 | #### Server RSA key and certificate
131 | AN2Linux will generate a 4096 bit RSA key `rsakey.pem` and a self-signed certificate `certificate.pem`.
132 |
133 | Just delete those and restart AN2Linux if you want to generate a new key and certificate.
134 |
135 | #### Trusted certificates
136 | After a successful certificate exchange AN2linux will create a file named
137 | `authorized_certs`.
138 |
139 | Every line in that file will represent a trused certificate.
140 |
141 | It will be in the format `SHA256: `.
142 |
143 | That first part `SHA256...` is not used by AN2linux at all, it's just
144 | added as a convenience to the user to help distinguish between multiple certificates.
145 |
146 | #### Diffie–Hellman ephemeral
147 | If the setting `bluetooth_support_kitkat` is turned `on` AN2linux will also generate a file named `dhparam.pem`.
148 |
149 | That is because [SSLEngine](https://developer.android.com/reference/javax/net/ssl/SSLEngine.html) does not support any
150 | [ECDHE](https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman) cipher suites
151 | until from API 20+ (Android 5.0+).
152 |
153 | ## Run AN2Linux as a service
154 | [Init/Service scripts](https://github.com/rootkiwi/an2linuxserver/tree/master/init)
155 |
156 | ## Security with a firewall
157 | a popular easy-to-use firewall for Linux is Uncomplicated Firewall (ufw)
158 |
159 | 1. install it:
160 | - on Arch: $ `sudo pacman -S ufw`
161 | - on Debian/Ubuntu: $ `sudo apt-get install ufw`
162 | 2. start and enable ufw’s systemd unit:
163 | - $ `sudo systemctl start ufw; sudo systemctl enable ufw`
164 | 3. set your mobile device's LAN ip to a static ip
165 | - in the WiFi settings, long press the network you're connected to and tap "modify network"
166 | - if authentication is required (it should) and you're authenticated already leave the password feild empty
167 | - (Google it for the rest of steps, which depend on your region/router for the Gateway address)
168 | 4. allow traffic limited to one port, from your mobile device's LAN static ip
169 | - $ `sudo ufw allow from to any port `
170 |
171 | ## License
172 | [GNU General Public License 3](https://www.gnu.org/licenses/gpl-3.0.html),
173 | with the additional special exception to link portions of this program with the OpenSSL library.
174 |
175 | See [LICENSE](LICENSE) for more details.
176 |
--------------------------------------------------------------------------------
/an2linuxserver.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | #
3 | # Copyright 2017 rootkiwi
4 | #
5 | # AN2Linux-server is licensed under GNU General Public License 3, with the additional
6 | # special exception to link portions of this program with the OpenSSL library.
7 | #
8 | # See LICENSE for more details.
9 |
10 | import logging
11 | import sys
12 | try:
13 | import ssl
14 | except ImportError as e:
15 | print('Dependency missing: openssl')
16 | print(e)
17 | sys.exit(1)
18 | try:
19 | import gi
20 | from gi.repository import GLib
21 | except ImportError as e:
22 | print('Dependency missing: python-gobject')
23 | print(e)
24 | sys.exit(1)
25 | try:
26 | gi.require_version('Notify', '0.7')
27 | from gi.repository import Notify
28 | except (ImportError, ValueError) as e:
29 | print('Dependency missing: libnotify')
30 | print(e)
31 | sys.exit(1)
32 | try:
33 | gi.require_version('GdkPixbuf', '2.0')
34 | from gi.repository import GdkPixbuf
35 | except (ImportError, ValueError) as e:
36 | print('Dependency missing: GdkPixbuf')
37 | print(e)
38 | sys.exit(1)
39 | import threading
40 | import datetime
41 | import os
42 | import configparser
43 | import struct
44 | import socketserver
45 | import socket
46 | import signal
47 | import time
48 | import subprocess
49 | import hashlib
50 | import termios
51 | import base64
52 | import select
53 | import re
54 | from collections import deque
55 |
56 |
57 | class Notification:
58 |
59 | # this is a deque of the latest notifications hash to be able to skip duplicates
60 | latest_notifications = None
61 |
62 | # this is a list of notification titles that ignore the latest_notifications list
63 | titles_that_ignore_latest = None
64 |
65 | # list of keywords that trigger notifcation to be ignored
66 | keywords_to_ignore = None
67 |
68 | #regexes of title and contents of notifications to be ignored
69 | regexes_to_ignore_in_title = None
70 | regexes_to_ignore_in_content = None
71 |
72 | def __init__(self, title, message, icon_bytes=None):
73 | self.title = title
74 | self.message = message
75 | self.icon_bytes = icon_bytes
76 | self.notif_hash = hashlib.sha256(title.encode() + message.encode()
77 | + icon_bytes if icon_bytes is not None else b'').digest()
78 |
79 | def show(self):
80 | if (self.notif_hash not in Notification.latest_notifications
81 | or self.title in Notification.titles_that_ignore_latest) \
82 | and not any(kw in self.title for kw in Notification.keywords_to_ignore if kw != '') \
83 | and not any(regex.match(self.title) for regex in Notification.regexes_to_ignore_in_title) \
84 | and not any(regex.match(self.message) for regex in Notification.regexes_to_ignore_in_content):
85 | Notification.latest_notifications.append(self.notif_hash)
86 | self.notif = Notify.Notification.new(self.title, self.message, '')
87 | self.notif.set_timeout(notification_timeout_milliseconds)
88 | self.notif.set_hint('desktop-entry', GLib.Variant('s', 'an2linux'))
89 | if self.icon_bytes is not None:
90 | pixbuf_loader = GdkPixbuf.PixbufLoader.new()
91 | pixbuf_loader.write(self.icon_bytes)
92 | pixbuf_loader.close()
93 | self.notif.set_image_from_pixbuf(pixbuf_loader.get_pixbuf())
94 | try:
95 | self.notif.show()
96 | except Exception as e:
97 | logging.error('(Notification) Error showing notification:' \
98 | ' {}'.format(e));
99 | logging.error('Please make sure you have a notification' \
100 | ' server installed on your system')
101 |
102 |
103 | class TCPHandler(socketserver.BaseRequestHandler):
104 |
105 | active_pairing_connection = False
106 | cancel_pairing = False
107 |
108 | def handle(self):
109 | try:
110 | conn_type = self.request.recv(1)
111 | if conn_type == PAIR_REQUEST and not TCPHandler.active_pairing_connection:
112 | TCPHandler.active_pairing_connection = True
113 | TCPHandler.cancel_pairing = False
114 | try:
115 | self.handle_pair_request()
116 | except Exception as e:
117 | logging.error('(TCP) Error pair_request: {}'.format(e))
118 | TCPHandler.active_pairing_connection = False
119 | elif conn_type == NOTIF_CONN:
120 | try:
121 | self.handle_notification_connection()
122 | except Exception as e:
123 | logging.error('(TCP) Error notif_conn: {}'.format(e))
124 | except Exception as e:
125 | logging.error('(TCP) Error handle: {}'.format(e))
126 |
127 | def handle_pair_request(self):
128 | pair_tls_ctx = ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1_2)
129 | pair_tls_ctx.load_cert_chain(CERTIFICATE_PATH, RSA_PRIVATE_KEY_PATH)
130 | pair_tls_ctx.set_ciphers('ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA')
131 | pair_tls_ctx.set_ecdh_curve('prime256v1')
132 | pair_tls_ctx.options |= ssl.OP_SINGLE_ECDH_USE
133 |
134 | try:
135 | tls_socket = pair_tls_ctx.wrap_socket(self.request, server_side=True)
136 | except ssl.SSLError as ssle:
137 | logging.error('(TCP) Failed TLS handshake pair_request: {}'.format(ssle))
138 | return
139 |
140 | ip = self.client_address[0]
141 | # remove first ::ffff: if ipv4 mapped ipv6 address
142 | if len(ip) > 7 and ip[:7] == '::ffff:':
143 | ip = ip[7:]
144 | logging.info('(TCP) Pair request from: {}\n'.format(ip))
145 |
146 | client_cert_size = struct.unpack('>I', recvall(tls_socket, 4))[0]
147 | client_cert = recvall(tls_socket, client_cert_size)
148 |
149 | sha256 = hashlib.sha256(client_cert + SERVER_CERT_DER).hexdigest().upper()
150 | sha256_format = [sha256[x:x + 2] for x in range(0, len(sha256), 2)]
151 |
152 | print('It is very important that you verify that the following hash matches what is viewed on your phone\n'
153 | 'It is a sha256 hash like so: sha256(client_cert + server_cert)\n\n'
154 | 'If the hash don\'t match there could be a man-in-the-middle attack\n'
155 | 'Or something else is not right, you should abort if they don\'t match!\n')
156 | print(' '.join(sha256_format[:8]))
157 | print(' '.join(sha256_format[8:16]))
158 | print(' '.join(sha256_format[16:24]))
159 | print(' '.join(sha256_format[24:]))
160 |
161 | self.server_allow_pair = False
162 | self.client_allow_pair = False
163 |
164 | try:
165 | termios.tcflush(sys.stdin, termios.TCIFLUSH)
166 | except Exception:
167 | pass
168 | self.user_input_prompt = 'Enter "yes" to accept pairing or "no" to deny: '
169 | print('\n{}'.format(self.user_input_prompt), end='')
170 |
171 | threading.Thread(target=self.pair_response_thread, args=(tls_socket,)).start()
172 | while not TCPHandler.cancel_pairing:
173 | ready = select.select([sys.stdin], [], [], 1)[0]
174 | if ready:
175 | user_input = sys.stdin.readline().strip()
176 | if user_input.casefold() == 'yes'.casefold():
177 | tls_socket.sendall(ACCEPT_PAIRING)
178 | self.server_allow_pair = True
179 | if not self.client_allow_pair:
180 | print('Waiting for client response')
181 | while not TCPHandler.cancel_pairing:
182 | if self.client_allow_pair:
183 | add_to_authorized_certs(client_cert)
184 | break
185 | else:
186 | time.sleep(1)
187 | break
188 | elif user_input.casefold() == 'no'.casefold():
189 | tls_socket.sendall(DENY_PAIRING)
190 | print('Pairing canceled')
191 | TCPHandler.cancel_pairing = True
192 | else:
193 | print(self.user_input_prompt, end='', flush=True)
194 |
195 | def pair_response_thread(self, tls_socket):
196 | while not TCPHandler.cancel_pairing:
197 | ready = select.select([tls_socket], [], [], 1)[0]
198 | if ready:
199 | client_response = tls_socket.recv(1)
200 | if client_response == ACCEPT_PAIRING:
201 | self.client_allow_pair = True
202 | if self.server_allow_pair:
203 | print('Client accepted pairing')
204 | break
205 | else:
206 | print('\r{} (Client accepted pairing): '.format(self.user_input_prompt[:-2]), end='')
207 | # to notice if socket closed
208 | while TCPHandler.active_pairing_connection:
209 | ready = select.select([tls_socket], [], [], 1)[0]
210 | if ready and tls_socket.recv(1) == b'':
211 | if not self.server_allow_pair and not TCPHandler.cancel_pairing:
212 | print('\nSocket closed')
213 | break
214 | TCPHandler.cancel_pairing = True
215 | elif client_response == DENY_PAIRING:
216 | if self.server_allow_pair:
217 | print('Client denied pairing')
218 | else:
219 | print('\nClient denied pairing')
220 | TCPHandler.cancel_pairing = True
221 | else:
222 | if not TCPHandler.cancel_pairing:
223 | print('\nSocket closed or recieved something strange')
224 | TCPHandler.cancel_pairing = True
225 |
226 | def handle_notification_connection(self):
227 | try:
228 | notif_tls_ctx.load_verify_locations(cadata=parse_authorized_certs())
229 | tls_socket = notif_tls_ctx.wrap_socket(self.request, server_side=True)
230 | except Exception as e:
231 | logging.error('(TCP) Failed TLS handshake notif_conn: {}'.format(e))
232 | return
233 |
234 | # one recv should not take longer than 10 sec
235 | tls_socket.settimeout(10)
236 |
237 | notification_flags = struct.unpack('>B', tls_socket.recv(1))[0]
238 |
239 | include_title = chkflags(notification_flags, FLAG_INCLUDE_TITLE)
240 | include_message = chkflags(notification_flags, FLAG_INCLUDE_MESSAGE)
241 | include_icon = chkflags(notification_flags, FLAG_INCLUDE_ICON)
242 |
243 | title = ''
244 | message = ''
245 |
246 | if include_title or include_message:
247 | title_and_or_message_size = struct.unpack('>I', recvall(tls_socket, 4))[0]
248 | title_and_or_message = recvall(tls_socket, title_and_or_message_size).decode()
249 | if include_title:
250 | title = title_and_or_message.split('|||')[0]
251 | if include_message:
252 | message = title_and_or_message.split('|||')[1]
253 |
254 | if include_icon:
255 | icon_size = struct.unpack('>I', recvall(tls_socket, 4))[0]
256 | icon_bytes = recvall(tls_socket, icon_size)
257 | try:
258 | Notification(title, message, icon_bytes).show()
259 | except Exception:
260 | Notification(title, message).show()
261 | else:
262 | Notification(title, message).show()
263 |
264 |
265 | class ThreadingDualStackServer(socketserver.ThreadingTCPServer):
266 | address_family = socket.AF_INET6
267 |
268 | def server_bind(self):
269 | self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, 0)
270 | super().server_bind()
271 |
272 |
273 | class ThreadingBluetoothServer:
274 |
275 | def __init__(self):
276 | self.bluetooth_server_sock = BluetoothSocket(RFCOMM)
277 | self.bluetooth_server_sock.bind(("", PORT_ANY))
278 | self.bluetooth_server_sock.listen(1)
279 | self.port = self.bluetooth_server_sock.getsockname()[1]
280 |
281 | # hardcoded uuid generated from https://www.uuidgenerator.net/
282 | self.uuid = "a97fbf21-2ef3-4daf-adfb-2a53ffa87b8e"
283 |
284 | advertise_service(self.bluetooth_server_sock, "AN2Linux_bluetooth_server",
285 | service_id=self.uuid,
286 | service_classes=[self.uuid, SERIAL_PORT_CLASS],
287 | profiles=[SERIAL_PORT_PROFILE])
288 |
289 | self.shutdown_request = False
290 |
291 | def serve_forever(self):
292 | while not self.shutdown_request:
293 | ready = select.select([self.bluetooth_server_sock], [], [], 1)[0]
294 | if ready:
295 | client_sock, client_info = self.bluetooth_server_sock.accept()
296 | threading.Thread(target=BluetoothHandler, args=(client_sock, client_info[0])).start()
297 |
298 | self.bluetooth_server_sock.close()
299 |
300 | def shutdown(self):
301 | self.shutdown_request = True
302 |
303 |
304 | class BluetoothHandler:
305 |
306 | active_pairing_connection = False
307 | cancel_pairing = False
308 |
309 | def __init__(self, socket, address):
310 | self.socket = socket
311 | self.address = address
312 | self.tls_bio = None
313 | self.incoming = None
314 | self.outgoing = None
315 | self.handle()
316 |
317 | def handle(self):
318 | try:
319 | conn_type = self.socket.recv(1)
320 | if conn_type == PAIR_REQUEST and not BluetoothHandler.active_pairing_connection:
321 | BluetoothHandler.active_pairing_connection = True
322 | BluetoothHandler.cancel_pairing = False
323 | try:
324 | self.handle_pair_request()
325 | except Exception as e:
326 | logging.error('(Bluetooth) Error pair_request: {}'.format(e))
327 | BluetoothHandler.active_pairing_connection = False
328 | elif conn_type == NOTIF_CONN:
329 | try:
330 | self.handle_notification_connection()
331 | except Exception as e:
332 | logging.error('(Bluetooth) Error notif_conn: {}'.format(e))
333 | except Exception as e:
334 | logging.error('(Bluetooth) Error handle: {}'.format(e))
335 | finally:
336 | self.socket.close()
337 |
338 | def do_handshake(self):
339 | # incoming <- ClientHello
340 | client_hello_size = struct.unpack('>I', recvall(self.socket, 4))[0]
341 | client_hello = recvall(self.socket, client_hello_size)
342 | self.incoming.write(client_hello)
343 |
344 | # ServerHello..ServerHelloDone -> outgoing
345 | try:
346 | self.tls_bio.do_handshake()
347 | except ssl.SSLWantReadError:
348 | server_hello = self.outgoing.read()
349 | server_hello_size = struct.pack('>I', len(server_hello))
350 | self.socket.sendall(server_hello_size)
351 | self.socket.sendall(server_hello)
352 |
353 | # incoming <- [client]Certificate*..ClientKeyExchange..Finished
354 | client_keyexchange_size = struct.unpack('>I', recvall(self.socket, 4))[0]
355 | client_keyexchange = recvall(self.socket, client_keyexchange_size)
356 | self.incoming.write(client_keyexchange)
357 |
358 | # ChangeCipherSpec..Finished -> outgoing
359 | self.tls_bio.do_handshake()
360 | server_change_cipher_spec = self.outgoing.read()
361 | server_change_cipher_spec_size = struct.pack('>I', len(server_change_cipher_spec))
362 | self.socket.sendall(server_change_cipher_spec_size)
363 | self.socket.sendall(server_change_cipher_spec)
364 |
365 | def tls_read_full_record(self):
366 | pending = 1
367 | record = bytearray()
368 | while pending > 0:
369 | record.extend(self.tls_bio.read(4096))
370 | pending = self.tls_bio.pending()
371 | return record
372 |
373 | def tls_encrypt(self, app_data):
374 | self.tls_bio.write(app_data)
375 | return self.outgoing.read()
376 |
377 | def tls_decrypt(self, net_data):
378 | self.incoming.write(net_data)
379 | return self.tls_read_full_record()
380 |
381 | def handle_pair_request(self):
382 | if bluetooth_support_kitkat:
383 | pair_tls_ctx = ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1)
384 | pair_tls_ctx.set_ciphers('DHE-RSA-AES256-SHA')
385 | pair_tls_ctx.load_dh_params(DHPARAM_PATH)
386 | else:
387 | pair_tls_ctx = ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1_2)
388 | pair_tls_ctx.set_ciphers('ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA')
389 | pair_tls_ctx.set_ecdh_curve('prime256v1')
390 |
391 | pair_tls_ctx.load_cert_chain(CERTIFICATE_PATH, RSA_PRIVATE_KEY_PATH)
392 |
393 | self.incoming = ssl.MemoryBIO()
394 | self.outgoing = ssl.MemoryBIO()
395 | self.tls_bio = pair_tls_ctx.wrap_bio(incoming=self.incoming, outgoing=self.outgoing, server_side=True)
396 |
397 | try:
398 | self.do_handshake()
399 | except ssl.SSLError as ssle:
400 | logging.error('(Bluetooth) Failed TLS handshake pair_request: {}'.format(ssle))
401 | return
402 |
403 | logging.info('(Bluetooth) Pair request from: {}\n'.format(self.address))
404 |
405 | '''I don't know how else to do this when using SSLEngine/SSL_BIO, I don't see any security
406 | issue with sending the length of the encrypted data in cleartext, using something like wireshark
407 | it's possible to see the length anyway'''
408 | client_cert_size = struct.unpack('>I', recvall(self.socket, 4))[0]
409 | client_cert_encrypted = recvall(self.socket, client_cert_size)
410 | client_cert = self.tls_decrypt(client_cert_encrypted)
411 |
412 | sha256 = hashlib.sha256(client_cert + SERVER_CERT_DER).hexdigest().upper()
413 | sha256_format = [sha256[x:x + 2] for x in range(0, len(sha256), 2)]
414 |
415 | print('It is very important that you verify that the following hash matches what is viewed on your phone\n'
416 | 'It is a sha256 hash like so: sha256(client_cert + server_cert)\n\n'
417 | 'If the hash don\'t match there could be a man-in-the-middle attack\n'
418 | 'Or something else is not right, you should abort if they don\'t match!\n')
419 | print(' '.join(sha256_format[:8]))
420 | print(' '.join(sha256_format[8:16]))
421 | print(' '.join(sha256_format[16:24]))
422 | print(' '.join(sha256_format[24:]))
423 |
424 | self.server_allow_pair = False
425 | self.client_allow_pair = False
426 |
427 | try:
428 | termios.tcflush(sys.stdin, termios.TCIFLUSH)
429 | except Exception:
430 | pass
431 | self.user_input_prompt = 'Enter "yes" to accept pairing or "no" to deny: '
432 | print('\n{}'.format(self.user_input_prompt), end='')
433 |
434 | threading.Thread(target=self.pair_response_thread).start()
435 | while not BluetoothHandler.cancel_pairing:
436 | ready = select.select([sys.stdin], [], [], 1)[0]
437 | if ready:
438 | user_input = sys.stdin.readline().strip()
439 | if user_input.casefold() == 'yes'.casefold():
440 | encrypted = self.tls_encrypt(ACCEPT_PAIRING)
441 | encrypted_size = struct.pack('>I', len(encrypted))
442 | self.socket.sendall(encrypted_size)
443 | self.socket.sendall(encrypted)
444 | self.server_allow_pair = True
445 | if not self.client_allow_pair:
446 | print('Waiting for client response')
447 | while not BluetoothHandler.cancel_pairing:
448 | if self.client_allow_pair:
449 | add_to_authorized_certs(client_cert)
450 | break
451 | else:
452 | time.sleep(1)
453 | break
454 | elif user_input.casefold() == 'no'.casefold():
455 | encrypted = self.tls_encrypt(DENY_PAIRING)
456 | encrypted_size = struct.pack('>I', len(encrypted))
457 | self.socket.sendall(encrypted_size)
458 | self.socket.sendall(encrypted)
459 | print('Pairing canceled')
460 | BluetoothHandler.cancel_pairing = True
461 | else:
462 | print(self.user_input_prompt, end='', flush=True)
463 |
464 | def pair_response_thread(self):
465 | while not BluetoothHandler.cancel_pairing:
466 | ready = select.select([self.socket], [], [], 1)[0]
467 | if ready:
468 | try:
469 | client_response_size = struct.unpack('>I', recvall(self.socket, 4))[0]
470 | client_response_encrypted = recvall(self.socket, client_response_size)
471 | client_response = self.tls_decrypt(client_response_encrypted)
472 | except Exception:
473 | print('\nSocket closed or recieved something strange')
474 | BluetoothHandler.cancel_pairing = True
475 | break
476 | if client_response == ACCEPT_PAIRING:
477 | self.client_allow_pair = True
478 | if self.server_allow_pair:
479 | print('Client accepted pairing')
480 | break
481 | else:
482 | print('\r{} (Client accepted pairing): '.format(self.user_input_prompt[:-2]), end='')
483 | # to notice if socket closed
484 | while BluetoothHandler.active_pairing_connection:
485 | ready = select.select([self.socket], [], [], 1)[0]
486 | if ready:
487 | try:
488 | self.socket.recv(1)
489 | except BluetoothError:
490 | if not self.server_allow_pair and not BluetoothHandler.cancel_pairing:
491 | print('\nSocket closed')
492 | break
493 | BluetoothHandler.cancel_pairing = True
494 | elif client_response == DENY_PAIRING:
495 | if self.server_allow_pair:
496 | print('Client denied pairing')
497 | else:
498 | print('\nClient denied pairing')
499 | BluetoothHandler.cancel_pairing = True
500 | else:
501 | if not BluetoothHandler.cancel_pairing:
502 | print('\nSocket closed or recieved something strange2')
503 | BluetoothHandler.cancel_pairing = True
504 |
505 | def handle_notification_connection(self):
506 | self.incoming = ssl.MemoryBIO()
507 | self.outgoing = ssl.MemoryBIO()
508 | try:
509 | if bluetooth_support_kitkat:
510 | notif_tls_ctx_kitkat_bt.load_verify_locations(cadata=parse_authorized_certs())
511 | self.tls_bio = notif_tls_ctx_kitkat_bt.wrap_bio(incoming=self.incoming, outgoing=self.outgoing,
512 | server_side=True)
513 | else:
514 | notif_tls_ctx.load_verify_locations(cadata=parse_authorized_certs())
515 | self.tls_bio = notif_tls_ctx.wrap_bio(incoming=self.incoming, outgoing=self.outgoing, server_side=True)
516 | self.do_handshake()
517 | except Exception as e:
518 | logging.error('(Bluetooth) Failed TLS handshake notif_conn: {}'.format(e))
519 | return
520 |
521 | # one recv should not take longer than 10 sec
522 | self.socket.settimeout(10)
523 |
524 | notification_flags_size = struct.unpack('>I', recvall(self.socket, 4))[0]
525 | notification_flags_encrypted = recvall(self.socket, notification_flags_size)
526 | notification_flags = struct.unpack('>B', self.tls_decrypt(notification_flags_encrypted))[0]
527 |
528 | include_title = chkflags(notification_flags, FLAG_INCLUDE_TITLE)
529 | include_message = chkflags(notification_flags, FLAG_INCLUDE_MESSAGE)
530 | include_icon = chkflags(notification_flags, FLAG_INCLUDE_ICON)
531 |
532 | title = ''
533 | message = ''
534 |
535 | if include_title or include_message:
536 | title_and_or_message_size = struct.unpack('>I', recvall(self.socket, 4))[0]
537 | title_and_or_message_encrypted = recvall(self.socket, title_and_or_message_size)
538 | title_and_or_message = self.tls_decrypt(title_and_or_message_encrypted).decode()
539 | if include_title:
540 | title = title_and_or_message.split('|||')[0]
541 | if include_message:
542 | message = title_and_or_message.split('|||')[1]
543 |
544 | if include_icon:
545 | icon_size = struct.unpack('>I', recvall(self.socket, 4))[0]
546 | icon_encrypted = recvall(self.socket, icon_size)
547 | icon_bytes = self.tls_decrypt(icon_encrypted)
548 | try:
549 | Notification(title, message, icon_bytes).show()
550 | except Exception:
551 | Notification(title, message).show()
552 | else:
553 | Notification(title, message).show()
554 |
555 |
556 | def chkflags(flags, flag):
557 | return flags & flag == flag
558 |
559 |
560 | def recvall(sock, size):
561 | buf = bytearray()
562 | while len(buf) < size:
563 | tmp = sock.recv(size - len(buf))
564 | if tmp == b'':
565 | raise ConnectionResetError('connection reset by peer')
566 | buf.extend(tmp)
567 | return buf
568 |
569 |
570 | def generate_dhparam():
571 | logging.info('Since you have enabled bluetooth support for android 4.4 kitkat I will now need to')
572 | logging.info('Generate DH parameters, which is going to take a while')
573 | logging.info('On my laptop (Intel i5) it took ~16 minutes')
574 | dhparam_process = subprocess.Popen(['openssl', 'dhparam', '-out', DHPARAM_PATH, '4096'],
575 | stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True)
576 | stderr = dhparam_process.communicate()[1]
577 | if dhparam_process.returncode == 0:
578 | logging.info('Generated DH parameters 4096 bit')
579 | logging.info('Saved to: ' + DHPARAM_PATH)
580 | else:
581 | logging.error('Error generating DH parameters, exiting..')
582 | logging.error(stderr)
583 | sys.exit(1)
584 |
585 |
586 | def generate_server_private_key_and_certificate(CERTIFICATE_PATH, RSA_PRIVATE_KEY_PATH):
587 | openssl_process = subprocess.Popen(['openssl', 'req', '-x509', '-newkey', 'rsa:4096', '-nodes', '-sha256',
588 | '-keyout', RSA_PRIVATE_KEY_PATH, '-out', CERTIFICATE_PATH,
589 | '-days', '3650', '-subj', '/CN=an2linuxserver'],
590 | stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True)
591 | stderr = openssl_process.communicate()[1]
592 | if openssl_process.returncode == 0:
593 | logging.info('Generated a 4096 bit RSA private key')
594 | logging.info('Key saved to: ' + RSA_PRIVATE_KEY_PATH)
595 | logging.info('Certificate saved to: ' + CERTIFICATE_PATH)
596 | else:
597 | logging.error('Error generating private key, exiting..')
598 | logging.error(stderr)
599 | sys.exit(1)
600 |
601 |
602 | def parse_authorized_certs():
603 | if os.path.isfile(AUTHORIZED_CERTS_PATH):
604 | with open(AUTHORIZED_CERTS_PATH, 'r') as f:
605 | try:
606 | authorized_certs = b''.join([base64.b64decode(line.split(' ')[1])
607 | for line in f.readlines() if len(line.split(' ')) == 2])
608 | # testing if valid certificates
609 | ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1_2).load_verify_locations(cadata=authorized_certs)
610 | return authorized_certs
611 | except Exception as e:
612 | logging.error('Corrupted authorized_certs file: {}'.format(e))
613 | logging.error('Please look at authorized_certs and '
614 | 'search for obvious errors located at {}'.format(AUTHORIZED_CERTS_PATH))
615 | logging.error('Or delete the file altogether, '
616 | 'but then you would have to pair your phone(s) again')
617 | return b''
618 | else:
619 | return b''
620 |
621 |
622 | def add_to_authorized_certs(cert_der):
623 | sha256 = hashlib.sha256(cert_der).hexdigest().upper()
624 | sha256_format = [sha256[x:x + 2] for x in range(0, len(sha256), 2)]
625 | if not cert_der in parse_authorized_certs():
626 | with open(AUTHORIZED_CERTS_PATH, 'a+') as f:
627 | f.seek(0)
628 | lines = f.readlines()
629 | first_char_to_write = ''
630 | if lines:
631 | lastchar = lines[-1][-1]
632 | if lastchar != '\n':
633 | first_char_to_write = '\n'
634 |
635 | f.write(''.join([first_char_to_write, 'SHA256:', ':'.join(sha256_format),
636 | ' ', base64.b64encode(cert_der).decode(), '\n']))
637 |
638 | logging.info('Certificate with fingerprint: {} saved successfully'.format(' '.join(sha256_format)))
639 | else:
640 | logging.info('Certificate with fingerprint: {} is already in authorized_certs'.format(' '.join(sha256_format)))
641 |
642 |
643 | def create_default_config_file_and_exit():
644 | config_parser = configparser.ConfigParser(allow_no_value=True)
645 | config_parser['tcp'] = {'tcp_server': 'on',
646 | 'tcp_port': '46352'}
647 | config_parser.add_section('bluetooth')
648 | config_parser.set('bluetooth', 'bluetooth_server', 'off')
649 | config_parser.set('bluetooth', '\n# bluetooth_support_kitkat: enable bluetooth support for android 4.4 kitkat')
650 | config_parser.set('bluetooth', '# this setting is important for everyone using bluetooth')
651 | config_parser.set('bluetooth', '# you need to set this setting correctly otherwise it will not work')
652 | config_parser.set('bluetooth', '# if you are using android 4.4 kitkat this needs to be turned on')
653 | config_parser.set('bluetooth', '# because some cipher versions are not supported until after kitkat')
654 | config_parser.set('bluetooth', '# if you are using android 5.0+ you need to keep this setting off')
655 | config_parser.set('bluetooth', 'bluetooth_support_kitkat', 'off')
656 | config_parser.add_section('notification')
657 | config_parser.set('notification', '# notification_timeout: display notification for this many seconds')
658 | config_parser.set('notification', '# set 0 to never expire')
659 | config_parser.set('notification', '# this setting might be completely ignored by your notification server')
660 | config_parser.set('notification', 'notification_timeout', '5')
661 | config_parser.set('notification', '\n# list_size_duplicates: number of latest notifications to keep')
662 | config_parser.set('notification', '# integer 0-50, if a notification is in this list it will not be shown')
663 | config_parser.set('notification', '# set to 0 to disable')
664 | config_parser.set('notification', 'list_size_duplicates', '0')
665 | config_parser.set('notification', '\n# ignore_duplicates_list_for_titles: notification titles that ignore duplicates list')
666 | config_parser.set('notification', '# comma-separated, case-sensitive')
667 | config_parser.set('notification', 'ignore_duplicates_list_for_titles', 'AN2Linux, title')
668 | config_parser.set('notification', '\n# keywords_to_ignore: do not show notifications that include these keywords in the notification titles')
669 | config_parser.set('notification', '# comma-separated, case-sensitive. leading and trailing whitespace will be stripped.')
670 | config_parser.set('notification', 'keywords_to_ignore', '')
671 | config_parser.set('notification', '\n# regexes_to_ignore: do not show notifications who\'s contents or title match the following regexes')
672 | config_parser.set('notification', 'regexes_to_ignore_in_title', '')
673 | config_parser.set('notification', 'regexes_to_ignore_in_content', '')
674 | with open(CONF_FILE_PATH, 'w') as configfile:
675 | config_parser.write(configfile)
676 | logging.info('Created new default configuration file at "{}"'.format(CONF_FILE_PATH))
677 | logging.info('Exiting... (why?) so you can look at and edit the configuration file, '
678 | 'after that run this program again')
679 | sys.exit()
680 |
681 |
682 | def parse_config_or_create_new():
683 | if not os.path.isfile(CONF_FILE_PATH):
684 | create_default_config_file_and_exit()
685 | else:
686 | try:
687 | config_parser = configparser.ConfigParser(allow_no_value=True)
688 | config_parser.read(CONF_FILE_PATH)
689 | tcp_server_enabled = config_parser.getboolean('tcp', 'tcp_server')
690 | tcp_port_number = config_parser.getint('tcp', 'tcp_port')
691 | if tcp_port_number < 0 or tcp_port_number > 65535:
692 | logging.error('Invalid port, port must be 0-65535')
693 | sys.exit(1)
694 | bluetooth_server_enabled = config_parser.getboolean('bluetooth', 'bluetooth_server')
695 | notification_timeout_milliseconds = config_parser.getint('notification', 'notification_timeout') * 1000
696 | if notification_timeout_milliseconds < 0:
697 | notification_timeout_milliseconds = 0
698 | list_size_duplicates = config_parser.getint('notification', 'list_size_duplicates')
699 | if list_size_duplicates < 0:
700 | list_size_duplicates = 0
701 | elif list_size_duplicates > 50:
702 | list_size_duplicates = 50
703 | Notification.latest_notifications = deque(maxlen=list_size_duplicates)
704 | ignore_duplicates_list_for_titles = config_parser.get('notification', 'ignore_duplicates_list_for_titles')
705 | Notification.titles_that_ignore_latest = [title.strip() for title in ignore_duplicates_list_for_titles.split(',')]
706 |
707 | keywords_to_ignore = config_parser.get('notification', 'keywords_to_ignore')
708 | Notification.keywords_to_ignore = [kw.strip() for kw in keywords_to_ignore.split(',')]
709 |
710 | regexes_to_ignore_in_title = config_parser.get('notification', 'regexes_to_ignore_in_title')
711 | Notification.regexes_to_ignore_in_title = [re.compile(kw.strip()) for kw in regexes_to_ignore_in_title.split(',')] if regexes_to_ignore_in_title else []
712 |
713 | regexes_to_ignore_in_content = config_parser.get('notification', 'regexes_to_ignore_in_content')
714 | Notification.regexes_to_ignore_in_content = [re.compile(kw.strip()) for kw in regexes_to_ignore_in_content.split(',')] if regexes_to_ignore_in_content else []
715 |
716 |
717 | try:
718 | bluetooth_support_kitkat = config_parser.getboolean('bluetooth', 'bluetooth_support_kitkat')
719 | except (configparser.Error, ValueError):
720 | bluetooth_support_kitkat = False
721 | logging.info('Cound not find setting "bluetooth_support_kitkat" in your config file')
722 | logging.info('This is a new setting that has been added')
723 | logging.info('For now I will keep an2linux running and set this setting to off')
724 | logging.info('If you do not wan\'t to see these messages or you want to enable this setting')
725 | logging.info('Then turn off an2linux and rename or delete your current config file')
726 | logging.info('Located at: "{}"'.format(CONF_FILE_PATH))
727 | logging.info('Then start an2linux again to generate a new config file including this setting')
728 | return tcp_server_enabled, tcp_port_number,\
729 | bluetooth_server_enabled, bluetooth_support_kitkat, notification_timeout_milliseconds
730 | except (configparser.Error, ValueError) as e:
731 | logging.error('Corrupted configuration file: {}'.format(e))
732 | try:
733 | os.rename(CONF_FILE_PATH, CONF_FILE_PATH + ".corrupted")
734 | logging.error('Your corrupted configuration file has been saved to "{}"'
735 | .format(CONF_FILE_PATH + '.corrupted'))
736 | except Exception:
737 | pass
738 | create_default_config_file_and_exit()
739 |
740 |
741 | def cleanup(signum, frame):
742 | Notify.uninit()
743 | if tcp_server_enabled:
744 | tcp_server.shutdown()
745 | if TCPHandler.active_pairing_connection:
746 | TCPHandler.cancel_pairing = True
747 |
748 | if bluetooth_server_enabled:
749 | bluetooth_server.shutdown()
750 | if BluetoothHandler.active_pairing_connection:
751 | BluetoothHandler.cancel_pairing = True
752 |
753 | sys.exit()
754 |
755 |
756 | def init():
757 | if os.environ.get('XDG_CONFIG_HOME') is None or os.environ.get('XDG_CONFIG_HOME') == '':
758 | XDG_CONFIG_HOME = os.path.join(os.path.expanduser('~'), '.config')
759 | else:
760 | XDG_CONFIG_HOME = os.environ.get('XDG_CONFIG_HOME')
761 |
762 | CONF_DIR_PATH = os.path.join(XDG_CONFIG_HOME, 'an2linux')
763 | CONF_FILE_PATH = os.path.join(CONF_DIR_PATH, 'config')
764 |
765 | CERTIFICATE_PATH = os.path.join(CONF_DIR_PATH, 'certificate.pem')
766 | RSA_PRIVATE_KEY_PATH = os.path.join(CONF_DIR_PATH, 'rsakey.pem')
767 | AUTHORIZED_CERTS_PATH = os.path.join(CONF_DIR_PATH, 'authorized_certs')
768 | DHPARAM_PATH = os.path.join(CONF_DIR_PATH, 'dhparam.pem')
769 |
770 | if not os.path.exists(CONF_DIR_PATH):
771 | os.makedirs(CONF_DIR_PATH)
772 |
773 | if not os.path.isfile(CERTIFICATE_PATH) or not os.path.isfile(RSA_PRIVATE_KEY_PATH):
774 | generate_server_private_key_and_certificate(CERTIFICATE_PATH, RSA_PRIVATE_KEY_PATH)
775 | else:
776 | # test if valid private key / certificate
777 | try:
778 | ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1_2).load_cert_chain(CERTIFICATE_PATH,
779 | RSA_PRIVATE_KEY_PATH)
780 | ssl.PEM_cert_to_DER_cert(open(CERTIFICATE_PATH, 'r').read())
781 | except (ssl.SSLError, ValueError) as e:
782 | logging.error('Something went wrong trying to load your private key and certificate: {}'.format(e))
783 | logging.error('Will generate new key overwriting old key and certificate')
784 | generate_server_private_key_and_certificate(CERTIFICATE_PATH, RSA_PRIVATE_KEY_PATH)
785 |
786 | return CONF_FILE_PATH, CERTIFICATE_PATH, RSA_PRIVATE_KEY_PATH, AUTHORIZED_CERTS_PATH, DHPARAM_PATH
787 |
788 |
789 | def configure_logging():
790 | log_folder = os.path.join(os.environ.get('XDG_CACHE_HOME', os.path.expanduser('~/.cache')), 'an2linux')
791 | if not os.path.exists(log_folder):
792 | os.makedirs(log_folder, exist_ok=True)
793 | log_filename = 'an2linux_{0}.log'.format(datetime.datetime.now().strftime('%Y%m%d_%Hh%Mm%Ss'))
794 | log_filepath = os.path.join(log_folder, log_filename)
795 |
796 | # an2linux currently prints to stdout - we will keep this behaviour for now
797 | logging.basicConfig(
798 | level=logging.INFO,
799 | format='%(asctime)s.%(msecs).03d %(name)-12s %(levelname)-8s %(message)s (%(filename)s:%(lineno)d)',
800 | datefmt='%Y-%m-%d %H:%M:%S',
801 | handlers=[
802 | logging.FileHandler(log_filepath),
803 | logging.StreamHandler(sys.stdout),
804 | ]
805 | )
806 |
807 |
808 | if __name__ == '__main__':
809 | configure_logging()
810 |
811 | CONF_FILE_PATH, CERTIFICATE_PATH, RSA_PRIVATE_KEY_PATH, AUTHORIZED_CERTS_PATH, DHPARAM_PATH = init()
812 |
813 | tcp_server_enabled, tcp_port_number, bluetooth_server_enabled, bluetooth_support_kitkat,\
814 | notification_timeout_milliseconds = parse_config_or_create_new()
815 |
816 | if not tcp_server_enabled and not bluetooth_server_enabled:
817 | logging.error('Neither TCP nor Bluetooth is enabled in your config file at {}'.format(CONF_FILE_PATH))
818 | sys.exit()
819 |
820 | # initialize libnotify
821 | Notify.init('AN2Linux')
822 |
823 | SERVER_CERT_DER = ssl.PEM_cert_to_DER_cert(open(CERTIFICATE_PATH, 'r').read())
824 | sha256 = hashlib.sha256(SERVER_CERT_DER).hexdigest().upper()
825 | sha256_format = [sha256[x:x + 2] for x in range(0, len(sha256), 2)]
826 | logging.info('Server certificate fingerprint: {}'.format(' '.join(sha256_format)))
827 |
828 | PAIR_REQUEST = b'\x00'
829 | NOTIF_CONN = b'\x01'
830 | DENY_PAIRING = b'\x02'
831 | ACCEPT_PAIRING = b'\x03'
832 | FLAG_INCLUDE_TITLE = 1
833 | FLAG_INCLUDE_MESSAGE = 2
834 | FLAG_INCLUDE_ICON = 4
835 |
836 | notif_tls_ctx = ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1_2)
837 | notif_tls_ctx.load_cert_chain(CERTIFICATE_PATH, RSA_PRIVATE_KEY_PATH)
838 | notif_tls_ctx.set_ciphers('ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA')
839 | notif_tls_ctx.set_ecdh_curve('prime256v1')
840 | notif_tls_ctx.options |= ssl.OP_SINGLE_ECDH_USE
841 | notif_tls_ctx.verify_mode = ssl.CERT_REQUIRED
842 |
843 | if tcp_server_enabled:
844 | try:
845 | # test if ipv4/ipv6 dual stacking is supported, otherwise use ipv4
846 | tcp_server = ThreadingDualStackServer(('', tcp_port_number), TCPHandler)
847 | except Exception:
848 | logging.error('(TCP) Failed to use IPv4/IPv6 dual stacking, fallbacks to IPv4 only')
849 | tcp_server = socketserver.ThreadingTCPServer(('', tcp_port_number), TCPHandler)
850 | logging.info('(TCP) Waiting for connections on port {}'.format(tcp_port_number))
851 | threading.Thread(target=tcp_server.serve_forever).start()
852 |
853 | if bluetooth_server_enabled:
854 | try:
855 | from bluetooth import *
856 | if bluetooth_support_kitkat:
857 | if not os.path.isfile(DHPARAM_PATH):
858 | generate_dhparam()
859 | else:
860 | try:
861 | # try if valid dh parameters
862 | ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1_2).load_dh_params(DHPARAM_PATH)
863 | except Exception as e:
864 | logging.error('Something went wrong trying to load your DH parameters: {}'.format(e))
865 | logging.error('Will generate new parameters overwriting old parameters')
866 | generate_dhparam()
867 | notif_tls_ctx_kitkat_bt = ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1)
868 | notif_tls_ctx_kitkat_bt.load_cert_chain(CERTIFICATE_PATH, RSA_PRIVATE_KEY_PATH)
869 | notif_tls_ctx_kitkat_bt.set_ciphers('DHE-RSA-AES256-SHA')
870 | notif_tls_ctx_kitkat_bt.load_dh_params(DHPARAM_PATH)
871 | notif_tls_ctx_kitkat_bt.options |= ssl.OP_SINGLE_DH_USE
872 | notif_tls_ctx_kitkat_bt.verify_mode = ssl.CERT_REQUIRED
873 |
874 | bluetooth_server = ThreadingBluetoothServer()
875 | logging.info('(Bluetooth) Waiting for connections on RFCOMM channel {}'
876 | .format(bluetooth_server.port))
877 | threading.Thread(target=bluetooth_server.serve_forever).start()
878 | except ImportError as e:
879 | bluetooth_server_enabled = False
880 | logging.error('Dependency missing: python-bluez')
881 |
882 | signal.signal(signal.SIGHUP, cleanup)
883 | signal.signal(signal.SIGINT, cleanup)
884 | signal.signal(signal.SIGQUIT, cleanup)
885 | signal.signal(signal.SIGTERM, cleanup)
886 |
887 | signal.pause()
888 |
--------------------------------------------------------------------------------
/init/README.md:
--------------------------------------------------------------------------------
1 | # Init/Service scripts
2 | This folder contains init/service scripts for AN2Linux.
3 |
--------------------------------------------------------------------------------
/init/systemd-system/README.md:
--------------------------------------------------------------------------------
1 | # Systemd system unit
2 | ### I use archlinux and this service unit works for me
3 |
4 | #### Tips if it does not work for you
5 | - `ReadWritePaths` may be named `ReadWriteDirectories` in systemd < 231
6 |
7 | - The `DBUS_SESSION_BUS_ADDRESS` environment variable may be different for you,
8 | and maybe even different every reboot
9 |
10 | ##### For bluetooth I've tried
11 |
12 | ```
13 | Wants=bluetooth.service
14 | After=bluetooth.service
15 |
16 | Also with Requires= instead of Wants= and with bluetooth.target instead
17 | of .service
18 | ```
19 |
20 | That worked 50% of the time, the other 50% it resulted in:
21 | `bluetooth.btcommon.BluetoothError: (2, 'No such file or directory')`
22 |
23 | With `systemctl status an2linux.service bluetooth.service`
24 | I could see that even with `After=` etc an2linux.service still started one
25 | second before bluetooth.service.
26 |
27 | Some systemd expert may know what I'm doing wrong.
28 |
29 | A workaround that worked for me was `ExecStartPre=/usr/bin/sleep 3`.
30 |
31 | So this problem is only with this system-wide systemd unit if using bluetooth.
32 |
33 | ## Instructions:
34 | 1. Change `User=` and `Group=`
35 |
36 | 2. Change `ExecStart=`
37 |
38 | 3. Uncomment `Wants=`, `After=` and `ExecStartPre=` if you want to use workaround for bluetoth
39 |
40 | 4. Put *an2linux.service* here:
41 | `/etc/systemd/system/an2linux.service`
42 |
43 | 5. Run `systemctl daemon-reload`
44 |
45 | #### Start:
46 | `systemctl start an2linux.service`
47 |
48 | #### Stop:
49 | `systemctl stop an2linux.service`
50 |
51 | #### Autostart:
52 | `systemctl enable an2linux.service`
53 |
54 | #### Status:
55 | `systemctl status an2linux.service`
56 |
--------------------------------------------------------------------------------
/init/systemd-system/an2linux.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=AN2Linux
3 | #Wants=bluetooth.service
4 | #After=bluetooth.service
5 |
6 | [Service]
7 | Type=simple
8 | User=
9 | Group=
10 | StandardOutput=null
11 | Restart=on-failure
12 | #ExecStartPre=/usr/bin/sleep 3
13 | ExecStart=
14 | Environment=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
15 | PrivateDevices=true
16 | ProtectHome=read-only
17 | ProtectSystem=strict
18 | ReadWritePaths=/tmp
19 |
20 | [Install]
21 | WantedBy=default.target
22 |
--------------------------------------------------------------------------------
/init/systemd-user/README.md:
--------------------------------------------------------------------------------
1 | # Systemd user unit
2 | ### I use archlinux and this service unit works for me
3 |
4 | #### Tips if it does not work for you
5 | - You may need to:
6 | `loginctl enable-linger `
7 |
8 | - Info about systemd/user: https://wiki.archlinux.org/index.php/Systemd/User
9 |
10 |
11 | #### Instructions:
12 | 1. Change `ExecStart=`
13 |
14 | 2. Put *an2linux.service* here:
15 | `~/.config/systemd/user/an2linux.service`
16 |
17 | 2. Run `systemctl --user daemon-reload`
18 |
19 | #### Start:
20 | `systemctl --user start an2linux.service`
21 |
22 | #### Stop:
23 | `systemctl --user stop an2linux.service`
24 |
25 | #### Autostart:
26 | `systemctl --user enable an2linux.service`
27 |
28 | #### Status:
29 | `systemctl --user status an2linux.service`
30 |
--------------------------------------------------------------------------------
/init/systemd-user/an2linux.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=AN2Linux
3 |
4 | [Service]
5 | Type=simple
6 | StandardOutput=null
7 | Restart=on-failure
8 | ExecStart=
9 |
10 | [Install]
11 | WantedBy=default.target
12 |
--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | pygobject
2 |
3 |
--------------------------------------------------------------------------------