diff --git a/src/gam/__init__.py b/src/gam/__init__.py index d1d1fa37..cfe70cbd 100755 --- a/src/gam/__init__.py +++ b/src/gam/__init__.py @@ -120,6 +120,7 @@ import google.oauth2.service_account import google_auth_oauthlib.flow import google_auth_httplib2 import httplib2 +import urllib3.exceptions httplib2.RETRIES = 5 @@ -8921,11 +8922,17 @@ def getOSPlatform(): # gam checkconnection def doCheckConnection(): - hosts = ['api.github.com', 'raw.githubusercontent.com', - 'accounts.google.com', 'oauth2.googleapis.com', 'www.googleapis.com'] + hosts = ['api.github.com', + 'raw.githubusercontent.com', + 'accounts.google.com', + 'oauth2.googleapis.com', + 'www.googleapis.com'] fix_hosts = {'calendar-json.googleapis.com': 'www.googleapis.com', 'storage-api.googleapis.com': 'storage.googleapis.com'} - api_hosts = ['apps-apis.google.com', 'sites.google.com', 'versionhistory.googleapis.com', 'www.google.com'] + api_hosts = ['apps-apis.google.com', + 'sites.google.com', + 'versionhistory.googleapis.com', + 'www.google.com'] for host in API.PROJECT_APIS: host = fix_hosts.get(host, host) if host not in api_hosts and host not in hosts: @@ -8941,13 +8948,27 @@ def doCheckConnection(): success_count = 0 for host in hosts: try_count += 1 - ip = socket.getaddrinfo(host, None)[0][-1][0] # works with ipv6 + dns_err = None + ip = 'unknown' + try: + ip = socket.getaddrinfo(host, None)[0][-1][0] # works with ipv6 + except socket.gaierror as err: + dns_err = f'{not_okay}\n DNS failure: {err}\n' + except Exception as e: + dns_err = f'{not_okay}\n Unknown DNS failure: {err}\n' check_line = f'Checking {host} ({ip}) ({try_count}/{host_count})...' writeStdout(f'{check_line:<100}') flushStdout() + if dns_err: + writeStdout(dns_err) + continue gen_firewall = 'You probably have security software or a firewall on your machine or network that is preventing GAM from making Internet connections. Check your network configuration or try running GAM on a hotspot or home network to see if the problem exists only on your organization\'s network.' try: - httpObj.request(f'https://{host}/', 'HEAD', headers=headers) + if host.startswith('http'): + url = host + else: + url = f'https://{host}:443/' + httpObj.request(url, 'HEAD', headers=headers) success_count += 1 writeStdout(f'{okay}\n') except ConnectionRefusedError: @@ -8956,12 +8977,12 @@ def doCheckConnection(): writeStdout(f'{not_okay}\n Connection reset by peer. {gen_firewall}\n') except httplib2.error.ServerNotFoundError: writeStdout(f'{not_okay}\n Failed to find server. Your DNS is probably misconfigured.\n') - except ssl.SSLError as e: + except ssl.SSLError as e: if e.reason == 'SSLV3_ALERT_HANDSHAKE_FAILURE': writeStdout(f'{not_okay}\n GAM expects to connect with TLS 1.3 or newer and that failed. If your firewall / proxy server is not compatible with TLS 1.3 then you can tell GAM to allow TLS 1.2 by setting tls_min_version = TLSv1.2 in gam.cfg.\n') elif e.reason == 'CERTIFICATE_VERIFY_FAILED': writeStdout(f'{not_okay}\n Certificate verification failed. If you are behind a firewall / proxy server that does TLS / SSL inspection you may need to point GAM at your certificate authority file by setting cacerts_pem = /path/to/your/certauth.pem in gam.cfg.\n') - elif e.strerror.startswith('TLS/SSL connection has been closed\n'): + elif e.strerror and e.strerror.startswith('TLS/SSL connection has been closed\n'): writeStdout(f'{not_okay}\n TLS connection was closed. {gen_firewall}\n') else: writeStdout(f'{not_okay}\n {str(e)}\n') diff --git a/src/gam/gamlib/glverlibs.py b/src/gam/gamlib/glverlibs.py index f2620a98..d0c19562 100644 --- a/src/gam/gamlib/glverlibs.py +++ b/src/gam/gamlib/glverlibs.py @@ -29,5 +29,6 @@ GAM_VER_LIBS = ['cryptography', 'httplib2', 'passlib', 'python-dateutil', + 'urllib3', 'yubikey-manager', ]