/mandos/release : revision 103

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos

Committer: Teddy Hogeborn
Date: 2008-08-25 01:16:38 UTC
Revision ID: teddy@fukt.bsnet.se-20080825011638-zgqej2cafhne05ay

* mandos-keygen: Strip 24-bit checksum of Radix-64 from output to make
output strictly base64.

files added:
mandos-keygen.xml

mandos-options.xml

overview.xml

files removed:
network-protocol.txt

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

mandos

mandos-clients.conf.xml

mandos-keygen

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/password-request.c

plugins.d/password-request.xml

Show diffs side-by-side

added added

removed removed

mandos

337

try:

338

logger.info(u"Starting checker %r for %s",

339

command, self.name)

340

# We don't need to redirect stdout and stderr, since

341

# in normal mode, that is already done by daemon(),

342

# and in debug mode we don't want to. (Stdin is

343

# always replaced by /dev/null.)

340

344

self.checker = subprocess.Popen(command,

341

345

close_fds=True,

342

346

shell=True, cwd="/")

343

347

self.checker_callback_tag = gobject.child_watch_add\

344

348

(self.checker.pid,

345

349

self.checker_callback)

346

except subprocess.OSError, error:

350

except OSError, error:

347

351

logger.error(u"Failed to start subprocess: %s",

348

352

error)

349

353

# Re-run this periodically if run by gobject.timeout_add

406

410

gnutls.library.functions.gnutls_openpgp_crt_import\

407

411

(crt, ctypes.byref(datum),

408

412

gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)

413

# Verify the self signature in the key

414

crtverify = ctypes.c_uint();

415

gnutls.library.functions.gnutls_openpgp_crt_verify_self\

416

(crt, ctypes.c_uint(0), ctypes.byref(crtverify))

417

if crtverify.value != 0:

418

gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)

419

raise gnutls.errors.CertificateSecurityError("Verify failed")

409

420

# New buffer for the fingerprint

410

421

buffer = ctypes.create_string_buffer(20)

411

422

buffer_length = ctypes.c_size_t()

563

574

datetime.timedelta(1)

564

575

>>> string_to_delta(u'1w')

565

576

datetime.timedelta(7)

577

>>> string_to_delta('5m 30s')

578

datetime.timedelta(0, 330)

566

579

"""

567

try:

568

suffix=unicode(interval[-1])

569

value=int(interval[:-1])

570

if suffix == u"d":

571

delta = datetime.timedelta(value)

572

elif suffix == u"s":

573

delta = datetime.timedelta(0, value)

574

elif suffix == u"m":

575

delta = datetime.timedelta(0, 0, 0, 0, value)

576

elif suffix == u"h":

577

delta = datetime.timedelta(0, 0, 0, 0, 0, value)

578

elif suffix == u"w":

579

delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)

580

else:

580

timevalue = datetime.timedelta(0)

581

for s in interval.split():

582

try:

583

suffix=unicode(s[-1])

584

value=int(s[:-1])

585

if suffix == u"d":

586

delta = datetime.timedelta(value)

587

elif suffix == u"s":

588

delta = datetime.timedelta(0, value)

589

elif suffix == u"m":

590

delta = datetime.timedelta(0, 0, 0, 0, value)

591

elif suffix == u"h":

592

delta = datetime.timedelta(0, 0, 0, 0, 0, value)

593

elif suffix == u"w":

594

delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)

595

else:

596

raise ValueError

597

except (ValueError, IndexError):

581

598

raise ValueError

582

except (ValueError, IndexError):

583

raise ValueError

584

return delta

599

timevalue += delta

600

return timevalue

585

601

586

602

587

603

def server_state_changed(state):

700

716

server_config = ConfigParser.SafeConfigParser(server_defaults)

701

717

del server_defaults

702

718

server_config.read(os.path.join(options.configdir, "mandos.conf"))

703

server_section = "server"

704

719

# Convert the SafeConfigParser object to a dict

705

server_settings = dict(server_config.items(server_section))

720

server_settings = server_config.defaults()

706

721

# Use getboolean on the boolean config option

707

722

server_settings["debug"] = server_config.getboolean\

708

(server_section, "debug")

723

("DEFAULT", "debug")

709

724

del server_config

710

725

711

726

# Override the settings from the config file with command line

733

748

# Parse config file with clients

734

749

client_defaults = { "timeout": "1h",

735

750

"interval": "5m",

736

"checker": "fping -q -- %%(host)s",

751

"checker": "fping -q -- %(host)s",

752

"host": "",

737

753

}

738

754

client_config = ConfigParser.SafeConfigParser(client_defaults)

739

755

client_config.read(os.path.join(server_settings["configdir"],

773

789

logger.critical(u"No clients defined")

774

790

sys.exit(1)

775

791

776

if not debug:

792

if debug:

793

# Redirect stdin so all checkers get /dev/null

794

null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)

795

os.dup2(null, sys.stdin.fileno())

796

if null > 2:

797

os.close(null)

798

else:

799

# No console logging

777

800

logger.removeHandler(console)

801

# Close all input and output, do double fork, etc.

778

802

daemon()

779

803

780

804

pidfilename = "/var/run/mandos/mandos.pid"

Older »