Merge pull request #46 from chrisjbillington/security-default-on

chrisjbillington · web-flow · commit 6bb2067f95c3 · 2020-05-24T13:19:24.000-04:00
Make secure communication default
diff --git a/labscript_profile/create.py b/labscript_profile/create.py
@@ -3,12 +3,21 @@
 import shutil
 import configparser
 from pathlib import Path
+from subprocess import check_output
 from labscript_profile import LABSCRIPT_SUITE_PROFILE, default_labconfig_path
 
 _here = os.path.dirname(os.path.abspath(__file__))
 DEFAULT_PROFILE_CONTENTS = os.path.join(_here, 'default_profile')
 
 
+def make_shared_secret(directory):
+    """Create a new zprocess shared secret file in the given directory and return its
+    filepath"""
+    cmd = [sys.executable, '-m', 'zprocess.makesecret']
+    path = check_output(cmd, cwd=directory).decode('utf8').splitlines()[-1].strip()
+    return Path(path)
+
+
 def make_labconfig_file():
     source_path = os.path.join(LABSCRIPT_SUITE_PROFILE, 'labconfig', 'example.ini')
     target_path = default_labconfig_path()
@@ -22,14 +31,19 @@ def make_labconfig_file():
     # Now change some things about it:
     config = configparser.ConfigParser(interpolation=None)
     config.read(target_path)
-    if sys.platform in ['linux', 'linux2']:
+    if sys.platform == 'linux':
         config.set('programs', 'text_editor', 'gedit')
     elif sys.platform == 'darwin':
         config.set('programs', 'text_editor', 'open')
         config.set('programs', 'text_editor_arguments', '-a TextEdit {file}')
     if sys.platform != 'win32':
         config.set('programs', 'hdf5_viewer', 'hdfview')
-        config.set('DEFAULT', 'shared_drive', str(Path.home() / ' labscript_shared'))
+        config.set('DEFAULT', 'shared_drive', '$HOME/labscript_shared')
+    shared_secret = make_shared_secret(target_path.parent)
+    shared_secret_entry = Path(
+        '%(labscript_suite)s', shared_secret.relative_to(LABSCRIPT_SUITE_PROFILE)
+    )
+    config.set('security', 'shared_secret', str(shared_secret_entry))
 
     with open(target_path, 'w') as f:
         config.write(f)
diff --git a/labscript_profile/default_profile/labconfig/example.ini b/labscript_profile/default_profile/labconfig/example.ini
@@ -52,3 +52,6 @@ integer_indexing = False
 autoload_config_file = %(app_saved_configs)s\runmanager\runmanager.ini
 output_folder_format = %%Y\%%m\%%d\{sequence_index:04d}
 filename_prefix_format = %%Y-%%m-%%d_{sequence_index:04d}_{script_basename}
+
+[security]
+shared_secret = %(labscript_suite)s\labconfig\zpsecret-b810f83f.key
diff --git a/labscript_utils/ls_zprocess.py b/labscript_utils/ls_zprocess.py
@@ -11,6 +11,7 @@
 #                                                                   #
 #####################################################################
 import sys
+import os
 from socket import gethostbyname
 from distutils.version import LooseVersion
 import zmq
@@ -40,6 +41,32 @@
 
 _cached_config = None
 
+_ERR_NO_SHARED_SECRET = """
+
+--------
+
+Security has not been configured. To create a new shared secret, run:
+
+python -m zprocess.makesecret
+
+move the resulting file somewhere (for example the labconfig directory)
+and then add it to labconfig like:
+
+[security]
+shared_secret = %(labscript_suite)s/labconfig/zpsecret-09f6dfa0.key
+
+You will need to copy the same shared secret to all computers running
+the labscript suite that need to communicate with each other. Treat this
+file like a password: it allows anyone on the same network acess to
+labscript suite programs, most of of which are capable of remote code
+execution. If you are on a trusted network and don't want to use encrypted
+communication, you may instead set:
+
+[security]
+allow_insecure = True
+
+in your configuration, but this is not advised."""
+
 def get_config():
     """Get relevant options from LabConfig, substituting defaults where appropriate and
     return as a dict"""
@@ -78,8 +105,9 @@ def get_config():
     try:
         config['allow_insecure'] = labconfig.getboolean('security', 'allow_insecure')
     except (labconfig.NoOptionError, labconfig.NoSectionError):
-        # Default will be set to False once the security rollout is complete:
-        config['allow_insecure'] = True
+        config['allow_insecure'] = False
+        if config['shared_secret'] is None and not config['allow_insecure']:
+            raise ValueError(_ERR_NO_SHARED_SECRET.replace('', os.sep))
     try:
         config['logging_maxBytes'] = labconfig.getint('logging', 'maxBytes')
     except (labconfig.NoOptionError, labconfig.NoSectionError):
