=== modified file 'DBUS-API'
--- DBUS-API 2012-01-08 07:52:26 +0000
+++ DBUS-API 2012-01-15 20:27:28 +0000
@@ -93,10 +93,11 @@
| Interval (a) | t | Read/Write | interval |
| LastApprovalRequest (g) | s | Read | N/A |
| LastCheckedOK (h) | s | Read/Write | N/A |
- | LastEnabled (i) | s | Read | N/A |
+ | LastCheckerStatus (i) | n | Read | N/A |
+ | LastEnabled (j) | s | Read | N/A |
| Name | s | Read | (Section name) |
| ObjectPath | o | Read | N/A |
- | Secret (j) | ay | Write | secret (or secfile) |
+ | Secret (k) | ay | Write | secret (or secfile) |
| Timeout (a) | t | Read/Write | timeout |
a) Represented as milliseconds.
@@ -124,10 +125,13 @@
always use an empty string when setting this property, to allow
for possible future expansion.
- i) The date and time this client was last enabled, as an RFC 3339
+ i) The exit status of the last checker, -1 if it did not exit
+ cleanly, -2 if a checker has not yet returned.
+
+ j) The date and time this client was last enabled, as an RFC 3339
string, or an empty string if this has not happened.
- j) A raw byte array, not hexadecimal digits.
+ k) A raw byte array, not hexadecimal digits.
** Signals
*** CheckerCompleted(n: Exitcode, x: Waitstatus, s: Command)
=== modified file 'TODO'
--- TODO 2012-01-01 04:02:00 +0000
+++ TODO 2012-01-15 20:27:28 +0000
@@ -77,6 +77,7 @@
Deprecate methods GetAllClients(), GetAllClientsWithProperties()
and signals ClientAdded and ClientRemoved.
** TODO Save state periodically to recover better from hard shutdowns
+** TODO CheckerCompleted method, deprecate CheckedOK
* mandos.xml
** Add mandos contact info in manual pages
=== modified file 'mandos'
--- mandos 2012-01-08 10:19:33 +0000
+++ mandos 2012-01-15 20:27:28 +0000
@@ -415,7 +415,7 @@
last_checked_ok: datetime.datetime(); (UTC) or None
last_checker_status: integer between 0 and 255 reflecting exit
status of last checker. -1 reflects crashed
- checker, or None.
+ checker, -2 means no checker completed yet.
last_enabled: datetime.datetime(); (UTC) or None
name: string; from the config file, used in log messages and
D-Bus identifiers
@@ -501,7 +501,7 @@
client["checker_command"] = section["checker"]
client["last_approval_request"] = None
client["last_checked_ok"] = None
- client["last_checker_status"] = None
+ client["last_checker_status"] = -2
return settings
@@ -626,15 +626,16 @@
logger.warning("Checker for %(name)s crashed?",
vars(self))
- def checked_ok(self, timeout=None):
- """Bump up the timeout for this client.
-
- This should only be called when the client has been seen,
- alive and well.
- """
+ def checked_ok(self):
+ """Assert that the client has been seen, alive and well."""
+ self.last_checked_ok = datetime.datetime.utcnow()
+ self.last_checker_status = 0
+ self.bump_timeout()
+
+ def bump_timeout(self, timeout=None):
+ """Bump up the timeout for this client."""
if timeout is None:
timeout = self.timeout
- self.last_checked_ok = datetime.datetime.utcnow()
if self.disable_initiator_tag is not None:
gobject.source_remove(self.disable_initiator_tag)
if getattr(self, "enabled", False):
@@ -1100,6 +1101,8 @@
checker is not None)
last_checked_ok = notifychangeproperty(datetime_to_dbus,
"LastCheckedOK")
+ last_checker_status = notifychangeproperty(dbus.Int16,
+ "LastCheckerStatus")
last_approval_request = notifychangeproperty(
datetime_to_dbus, "LastApprovalRequest")
approved_by_default = notifychangeproperty(dbus.Boolean,
@@ -1339,6 +1342,12 @@
return
return datetime_to_dbus(self.last_checked_ok)
+ # LastCheckerStatus - property
+ @dbus_service_property(_interface, signature="n",
+ access="read")
+ def LastCheckerStatus_dbus_property(self):
+ return dbus.Int16(self.last_checker_status)
+
# Expires - property
@dbus_service_property(_interface, signature="s", access="read")
def Expires_dbus_property(self):
@@ -1605,7 +1614,7 @@
logger.info("Sending secret to %s", client.name)
# bump the timeout using extended_timeout
- client.checked_ok(client.extended_timeout)
+ client.bump_timeout(client.extended_timeout)
if self.server.use_dbus:
# Emit D-Bus signal
client.GotSecret()
=== modified file 'mandos-monitor'
--- mandos-monitor 2012-01-08 10:19:33 +0000
+++ mandos-monitor 2012-01-15 20:55:50 +0000
@@ -131,7 +131,6 @@
self._update_timer_callback_tag = None
self._update_timer_callback_lock = 0
- self.last_checker_failed = False
# The widget shown normally
self._text_widget = urwid.Text("")
@@ -145,17 +144,8 @@
last_checked_ok = isoformat_to_datetime(self.properties
["LastCheckedOK"])
- if last_checked_ok is None:
- self.last_checker_failed = True
- else:
- self.last_checker_failed = ((datetime.datetime.utcnow()
- - last_checked_ok)
- > datetime.timedelta
- (milliseconds=
- self.properties
- ["Interval"]))
- if self.last_checker_failed:
+ if self.properties ["LastCheckerStatus"] != 0:
self.using_timer(True)
if self.need_approval:
@@ -189,7 +179,12 @@
value)
if property == "ApprovalPending":
using_timer(bool(value))
-
+ if property == "LastCheckerStatus":
+ using_timer(value != 0)
+ #self.logger('Checker for client %s (command "%s")'
+ # ' was successful'
+ # % (self.properties["Name"], command))
+
def using_timer(self, flag):
"""Call this method with True or False when timer should be
activated or deactivated.
@@ -210,18 +205,9 @@
def checker_completed(self, exitstatus, condition, command):
if exitstatus == 0:
- if self.last_checker_failed:
- self.last_checker_failed = False
- self.using_timer(False)
- #self.logger('Checker for client %s (command "%s")'
- # ' was successful'
- # % (self.properties["Name"], command))
self.update()
return
# Checker failed
- if not self.last_checker_failed:
- self.last_checker_failed = True
- self.using_timer(True)
if os.WIFEXITED(condition):
self.logger('Checker for client %s (command "%s")'
' failed with exit code %s'
@@ -249,7 +235,6 @@
pass
def got_secret(self):
- self.last_checker_failed = False
self.logger('Client %s received its secret'
% self.properties["Name"])
@@ -316,7 +301,7 @@
else:
message = "Denial in %s. (a)pprove?"
message = message % unicode(timer).rsplit(".", 1)[0]
- elif self.last_checker_failed:
+ elif self.properties["LastCheckerStatus"] != 0:
# When checker has failed, print a timer until client expires
expires = self.properties["Expires"]
if expires == "":
=== modified file 'mandos.xml'
--- mandos.xml 2012-01-01 04:02:00 +0000
+++ mandos.xml 2012-01-15 21:01:13 +0000
@@ -2,7 +2,7 @@
-
+
%common;
]>
@@ -381,9 +381,7 @@
extended timeout, checker program, and interval between checks
can be configured both globally and per client; see
mandos-clients.conf
- 5. A client successfully
- receiving its password will also be treated as a successful
- checker run.
+ 5.
=== modified file 'network-hooks.d/bridge'
--- network-hooks.d/bridge 2012-01-01 17:38:33 +0000
+++ network-hooks.d/bridge 2012-01-15 16:10:09 +0000
@@ -20,7 +20,7 @@
addrtoif(){
grep -liFe "$1" /sys/class/net/*/address \
- | sed -e 's,.*/\([^/]*\)/[^/]*,\1,'
+ | sed -e 's,.*/\([^/]*\)/[^/]*,\1,' -e "/^${BRIDGE}\$/d"
}
# Read config file, which must set "BRIDGE", "PORT_ADDRESSES", and
@@ -37,7 +37,8 @@
exit
fi
-for b in /sbin/brctl /usr/sbin/brctl; do
+brctl="/sbin/brctl"
+for b in "$brctl" /usr/sbin/brctl; do
if [ -e "$b" ]; then
brctl="$b"
break
@@ -53,7 +54,7 @@
ip link set dev "$interface" up
done
ip link set dev "$BRIDGE" up
- sleep "$DELAY"
+ sleep "${DELAY%%.*}"
if [ -n "$IPADDRS" ]; then
for ipaddr in $IPADDRS; do
ip addr add "$ipaddr" dev "$BRIDGE"