/mandos/release : revision 12

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to server.py

Committer: Teddy Hogeborn
Date: 2008-07-19 18:43:24 UTC
Revision ID: teddy@fukt.bsnet.se-20080719184324-iwhoa5in75xa0u2u

* mandos-clients.conf ([foo]/dn, [foo]/password, [braxen_client]/dn,
                       [braxen_client]/password): Removed.
  ([foo]/fingerprint, [braxen_client]/fingerprint): New.
  ([foo]/checker): New.
  ([foo]/secfile): New.
  ([braxen_client]/secret): New.

* server.py: New "--debug" option to set debug flag.  Removed "cert",
             "key", "ca", "crl", and "cred" variables.  Added default
             value for "checker" config file setting.  Do not pass
             credentials to IPv6_TCPServer constructor.
  (debug): New global debug flag.  Used by most debugging output code.
  (Client.__init__): Keyword argument "dn" replaced by "fingerprint",
                     "password" renamed to "secret", and "passfile"
                     renamed to "secfile".  New keyword argument
                     "checker". All callers changed.
  (Client.dn): Removed.
  (Client.fingerprint): New.
  (Client.password): Renamed to "secret"; all users changed.
  (Client.passfile): Renamed to "secfile"; all users changed.
  (Client.timeout, Client.interval): Changed to be properties; now
                                     automatically updates the
                                     "_timeout_milliseconds" and
                                     "_interval_milliseconds" values.
  (Client.timeout_milliseconds): Renamed to "_timeout_milliseconds".
  (Client.interval_milliseconds): Renamed to "_interval_milliseconds".
  (Client.check_command): New.
  (Client.start_checker): Use the new "check_command" attribute.
  (peer_certificate, fingerprint): New functions.

  (tcp_handler.handle): Use ClientSession with empty credentials
                        object instead of ServerSession.  Set gnutls
                        priority string.  Do not verify peer.  Use
                        fingerprint instead of DN when searching for
                        clients.  Bug fix: Loop sending data so even large
                        secret data strings are sent.
  (IPv6_TCPServer.credentials): Removed.
  (if_nametoindex): Do not import ctypes since that is now imported
                    globally.

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

client.cpp

crl.pem

key.pem

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.config

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.README.Debian

debian/mandos.config

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/mandos.templates

debian/po

debian/po/POTFILES.in

debian/po/sv.po

debian/rules

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
clients.conf => mandos-clients.conf

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

server.py

#!/usr/bin/python

# -*- mode: python; coding: utf-8 -*-

# Mandos server - give out binary blobs to connecting clients.

# This program is partly derived from an example program for an Avahi

# service publisher, downloaded from

# <http://avahi.org/wiki/PythonPublishExample>. This includes the

# methods "add" and "remove" in the "AvahiService" class, the

# "server_state_changed" and "entry_group_state_changed" functions,

# and some lines in "main".

# Everything else is

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License

# along with this program. If not, see

# <http://www.gnu.org/licenses/>.

# Contact the authors at <mandos@fukt.bsnet.se>.

from __future__ import division, with_statement, absolute_import

from __future__ import division

import SocketServer

import socket

import select

from optparse import OptionParser

import datetime

import errno

import signal

from sets import Set

import subprocess

import atexit

import stat

import logging

import logging.handlers

import pwd

from contextlib import closing

import dbus

import gobject

import avahi

from dbus.mainloop.glib import DBusGMainLoop

import ctypes

import ctypes.util

version = "1.0.2"

logger = logging.Logger('mandos')

syslogger = logging.handlers.SysLogHandler\

(facility = logging.handlers.SysLogHandler.LOG_DAEMON,

address = "/dev/log")

syslogger.setFormatter(logging.Formatter\

('Mandos: %(levelname)s: %(message)s'))

logger.addHandler(syslogger)

console = logging.StreamHandler()

console.setFormatter(logging.Formatter('%(name)s: %(levelname)s:'

' %(message)s'))

logger.addHandler(console)

class AvahiError(Exception):

def __init__(self, value):

self.value = value

super(AvahiError, self).__init__()

def __str__(self):

return repr(self.value)

class AvahiServiceError(AvahiError):

pass

class AvahiGroupError(AvahiError):

pass

class AvahiService(object):

"""An Avahi (Zeroconf) service.

Attributes:

interface: integer; avahi.IF_UNSPEC or an interface index.

100

Used to optionally bind to the specified interface.

101

name: string; Example: 'Mandos'

102

type: string; Example: '_mandos._tcp'.

103

See <http://www.dns-sd.org/ServiceTypes.html>

104

port: integer; what port to announce

105

TXT: list of strings; TXT record for the service

106

domain: string; Domain to publish on, default to .local if empty.

107

host: string; Host to publish records for, default is localhost

108

max_renames: integer; maximum number of renames

109

rename_count: integer; counter so we only rename after collisions

110

a sensible number of times

111

"""

112

def __init__(self, interface = avahi.IF_UNSPEC, name = None,

113

servicetype = None, port = None, TXT = None, domain = "",

114

host = "", max_renames = 32768):

115

self.interface = interface

116

self.name = name

117

self.type = servicetype

118

self.port = port

119

if TXT is None:

120

self.TXT = []

121

else:

122

self.TXT = TXT

123

self.domain = domain

124

self.host = host

125

self.rename_count = 0

126

self.max_renames = max_renames

127

def rename(self):

128

"""Derived from the Avahi example code"""

129

if self.rename_count >= self.max_renames:

130

logger.critical(u"No suitable Zeroconf service name found"

131

u" after %i retries, exiting.",

132

self.rename_count)

133

raise AvahiServiceError("Too many renames")

134

self.name = server.GetAlternativeServiceName(self.name)

135

logger.info(u"Changing Zeroconf service name to %r ...",

136

str(self.name))

137

syslogger.setFormatter(logging.Formatter\

138

('Mandos (%s): %%(levelname)s:'

139

' %%(message)s' % self.name))

140

self.remove()

141

self.add()

142

self.rename_count += 1

143

def remove(self):

144

"""Derived from the Avahi example code"""

145

if group is not None:

146

group.Reset()

147

def add(self):

148

"""Derived from the Avahi example code"""

149

global group

150

if group is None:

151

group = dbus.Interface\

152

(bus.get_object(avahi.DBUS_NAME,

153

server.EntryGroupNew()),

154

avahi.DBUS_INTERFACE_ENTRY_GROUP)

155

group.connect_to_signal('StateChanged',

156

entry_group_state_changed)

157

logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",

158

service.name, service.type)

159

group.AddService(

160

self.interface, # interface

161

avahi.PROTO_INET6, # protocol

162

dbus.UInt32(0), # flags

163

self.name, self.type,

164

self.domain, self.host,

165

dbus.UInt16(self.port),

166

avahi.string_array_to_txt_array(self.TXT))

167

group.Commit()

168

169

# From the Avahi example code:

170

group = None # our entry group

# This variable is used to optionally bind to a specified interface.

# It is a global variable to fit in with the other variables from the

# Avahi server example code.

serviceInterface = avahi.IF_UNSPEC

# From the Avahi server example code:

serviceName = "Mandos"

serviceType = "_mandos._tcp" # http://www.dns-sd.org/ServiceTypes.html

servicePort = None # Not known at startup

serviceTXT = [] # TXT record for the service

domain = "" # Domain to publish on, default to .local

host = "" # Host to publish records for, default to localhost

group = None #our entry group

rename_count = 12 # Counter so we only rename after collisions a

# sensible number of times

171

# End of Avahi example code

172

173

178

fingerprint: string (40 or 32 hexadecimal digits); used to

179

uniquely identify the client

180

secret: bytestring; sent verbatim (over TLS) to client

181

host: string; available for use by the checker command

182

created: datetime.datetime(); object creation, not client host

183

last_checked_ok: datetime.datetime() or None if not yet checked OK

184

timeout: datetime.timedelta(); How long from last_checked_ok

185

until this client is invalid

fqdn: string (FQDN); available for use by the checker command

created: datetime.datetime()

last_seen: datetime.datetime() or None if not yet seen

timeout: datetime.timedelta(); How long from last_seen until

this client is invalid

186

interval: datetime.timedelta(); How often to start a new checker

187

stop_hook: If set, called by stop() as stop_hook(self)

188

checker: subprocess.Popen(); a running checker process used

189

to see if the client lives.

190

'None' if no process is running.

Is None if no process is running.

191

checker_initiator_tag: a gobject event source tag, or None

192

stop_initiator_tag: - '' -

193

checker_callback_tag: - '' -

194

checker_command: string; External command which is run to check if

195

client lives. %() expansions are done at

client lives. %()s expansions are done at

196

runtime with vars(self) as dict, so that for

197

instance %(name)s can be used in the command.

198

Private attibutes:

199

_timeout: Real variable for 'timeout'

200

_interval: Real variable for 'interval'

201

_timeout_milliseconds: Used when calling gobject.timeout_add()

_timeout_milliseconds: Used by gobject.timeout_add()

202

_interval_milliseconds: - '' -

203

"""

204

def _set_timeout(self, timeout):

224

interval = property(lambda self: self._interval,

225

_set_interval)

226

100

del _set_interval

227

def __init__(self, name = None, stop_hook=None, config=None):

228

"""Note: the 'checker' key in 'config' sets the

229

'checker_command' attribute and *not* the 'checker'

230

attribute."""

231

if config is None:

232

config = {}

101

def __init__(self, name=None, options=None, stop_hook=None,

102

fingerprint=None, secret=None, secfile=None, fqdn=None,

103

timeout=None, interval=-1, checker=None):

233

104

self.name = name

234

logger.debug(u"Creating client %r", self.name)

235

# Uppercase and remove spaces from fingerprint for later

236

# comparison purposes with return value from the fingerprint()

237

# function

238

self.fingerprint = config["fingerprint"].upper()\

239

.replace(u" ", u"")

240

logger.debug(u" Fingerprint: %s", self.fingerprint)

241

if "secret" in config:

242

self.secret = config["secret"].decode(u"base64")

243

elif "secfile" in config:

244

with closing(open(os.path.expanduser

245

(os.path.expandvars

246

(config["secfile"])))) \

247

as secfile:

248

self.secret = secfile.read()

105

# Uppercase and remove spaces from fingerprint

106

# for later comparison purposes with return value of

107

# the fingerprint() function

108

self.fingerprint = fingerprint.upper().replace(u" ", u"")

109

if secret:

110

self.secret = secret.decode(u"base64")

111

elif secfile:

112

sf = open(secfile)

113

self.secret = sf.read()

114

sf.close()

249

115

else:

250

raise TypeError(u"No secret or secfile for client %s"

251

% self.name)

252

self.host = config.get("host", "")

116

raise RuntimeError(u"No secret or secfile for client %s"

117

% self.name)

118

self.fqdn = fqdn # string

253

119

self.created = datetime.datetime.now()

254

self.last_checked_ok = None

255

self.timeout = string_to_delta(config["timeout"])

256

self.interval = string_to_delta(config["interval"])

120

self.last_seen = None

121

if timeout is None:

122

timeout = options.timeout

123

self.timeout = timeout

124

if interval == -1:

125

interval = options.interval

126

else:

127

interval = string_to_delta(interval)

128

self.interval = interval

257

129

self.stop_hook = stop_hook

258

130

self.checker = None

259

131

self.checker_initiator_tag = None

260

132

self.stop_initiator_tag = None

261

133

self.checker_callback_tag = None

262

self.check_command = config["checker"]

134

self.check_command = checker

263

135

def start(self):

264

"""Start this client's checker and timeout hooks"""

136

"""Start this clients checker and timeout hooks"""

265

137

# Schedule a new checker to be started an 'interval' from now,

266

138

# and every interval from then on.

267

139

self.checker_initiator_tag = gobject.timeout_add\

275

147

self.stop)

276

148

def stop(self):

277

149

"""Stop this client.

278

The possibility that a client might be restarted is left open,

279

but not currently used."""

280

# If this client doesn't have a secret, it is already stopped.

281

if hasattr(self, "secret") and self.secret:

282

logger.info(u"Stopping client %s", self.name)

283

self.secret = None

284

else:

285

return False

286

if getattr(self, "stop_initiator_tag", False):

150

The possibility that this client might be restarted is left

151

open, but not currently used."""

152

if debug:

153

sys.stderr.write(u"Stopping client %s\n" % self.name)

154

self.secret = None

155

if self.stop_initiator_tag:

287

156

gobject.source_remove(self.stop_initiator_tag)

288

157

self.stop_initiator_tag = None

289

if getattr(self, "checker_initiator_tag", False):

158

if self.checker_initiator_tag:

290

159

gobject.source_remove(self.checker_initiator_tag)

291

160

self.checker_initiator_tag = None

292

161

self.stop_checker()

295

164

# Do not run this again if called by a gobject.timeout_add

296

165

return False

297

166

def __del__(self):

298

self.stop_hook = None

299

self.stop()

167

# Some code duplication here and in stop()

168

if hasattr(self, "stop_initiator_tag") \

169

and self.stop_initiator_tag:

170

gobject.source_remove(self.stop_initiator_tag)

171

self.stop_initiator_tag = None

172

if hasattr(self, "checker_initiator_tag") \

173

and self.checker_initiator_tag:

174

gobject.source_remove(self.checker_initiator_tag)

175

self.checker_initiator_tag = None

176

self.stop_checker()

300

177

def checker_callback(self, pid, condition):

301

178

"""The checker has completed, so take appropriate actions."""

302

self.checker_callback_tag = None

303

self.checker = None

179

now = datetime.datetime.now()

304

180

if os.WIFEXITED(condition) \

305

181

and (os.WEXITSTATUS(condition) == 0):

306

logger.info(u"Checker for %(name)s succeeded",

307

vars(self))

308

self.bump_timeout()

309

elif not os.WIFEXITED(condition):

310

logger.warning(u"Checker for %(name)s crashed?",

311

vars(self))

312

else:

313

logger.info(u"Checker for %(name)s failed",

314

vars(self))

315

def bump_timeout(self):

316

"""Bump up the timeout for this client.

317

This should only be called when the client has been seen,

318

alive and well.

319

"""

320

self.last_checked_ok = datetime.datetime.now()

321

gobject.source_remove(self.stop_initiator_tag)

322

self.stop_initiator_tag = gobject.timeout_add\

323

(self._timeout_milliseconds, self.stop)

182

if debug:

183

sys.stderr.write(u"Checker for %(name)s succeeded\n"

184

% vars(self))

185

self.last_seen = now

186

gobject.source_remove(self.stop_initiator_tag)

187

self.stop_initiator_tag = gobject.timeout_add\

188

(self._timeout_milliseconds,

189

self.stop)

190

elif debug:

191

if not os.WIFEXITED(condition):

192

sys.stderr.write(u"Checker for %(name)s crashed?\n"

193

% vars(self))

194

else:

195

sys.stderr.write(u"Checker for %(name)s failed\n"

196

% vars(self))

197

self.checker = None

198

self.checker_callback_tag = None

324

199

def start_checker(self):

325

200

"""Start a new checker subprocess if one is not running.

326

201

If a checker already exists, leave it running and do

327

202

nothing."""

328

# The reason for not killing a running checker is that if we

329

# did that, then if a checker (for some reason) started

330

# running slowly and taking more than 'interval' time, the

331

# client would inevitably timeout, since no checker would get

332

# a chance to run to completion. If we instead leave running

333

# checkers alone, the checker would have to take more time

334

# than 'timeout' for the client to be declared invalid, which

335

# is as it should be.

336

203

if self.checker is None:

204

if debug:

205

sys.stderr.write(u"Starting checker for %s\n"

206

% self.name)

337

207

try:

338

# In case check_command has exactly one % operator

339

command = self.check_command % self.host

208

command = self.check_command % self.fqdn

340

209

except TypeError:

341

# Escape attributes for the shell

342

210

escaped_attrs = dict((key, re.escape(str(val)))

343

211

for key, val in

344

212

vars(self).iteritems())

345

try:

346

command = self.check_command % escaped_attrs

347

except TypeError, error:

348

logger.error(u'Could not format string "%s":'

349

u' %s', self.check_command, error)

350

return True # Try again later

213

command = self.check_command % escaped_attrs

351

214

try:

352

logger.info(u"Starting checker %r for %s",

353

command, self.name)

354

# We don't need to redirect stdout and stderr, since

355

# in normal mode, that is already done by daemon(),

356

# and in debug mode we don't want to. (Stdin is

357

# always replaced by /dev/null.)

358

self.checker = subprocess.Popen(command,

359

close_fds=True,

360

shell=True, cwd="/")

361

self.checker_callback_tag = gobject.child_watch_add\

362

(self.checker.pid,

363

self.checker_callback)

364

except OSError, error:

365

logger.error(u"Failed to start subprocess: %s",

366

error)

215

self.checker = subprocess.\

216

Popen(command,

217

stdout=subprocess.PIPE,

218

close_fds=True, shell=True,

219

cwd="/")

220

self.checker_callback_tag = gobject.\

221

child_watch_add(self.checker.pid,

222

self.\

223

checker_callback)

224

except subprocess.OSError, error:

225

sys.stderr.write(u"Failed to start subprocess: %s\n"

226

% error)

367

227

# Re-run this periodically if run by gobject.timeout_add

368

228

return True

369

229

def stop_checker(self):

370

230

"""Force the checker process, if any, to stop."""

371

if self.checker_callback_tag:

372

gobject.source_remove(self.checker_callback_tag)

373

self.checker_callback_tag = None

374

if getattr(self, "checker", None) is None:

231

if not hasattr(self, "checker") or self.checker is None:

375

232

return

376

logger.debug(u"Stopping checker for %(name)s", vars(self))

377

try:

378

os.kill(self.checker.pid, signal.SIGTERM)

379

#os.sleep(0.5)

380

#if self.checker.poll() is None:

381

# os.kill(self.checker.pid, signal.SIGKILL)

382

except OSError, error:

383

if error.errno != errno.ESRCH: # No such process

384

raise

233

gobject.source_remove(self.checker_callback_tag)

234

self.checker_callback_tag = None

235

os.kill(self.checker.pid, signal.SIGTERM)

236

if self.checker.poll() is None:

237

os.kill(self.checker.pid, signal.SIGKILL)

385

238

self.checker = None

386

def still_valid(self):

239

def still_valid(self, now=None):

387

240

"""Has the timeout not yet passed for this client?"""

388

now = datetime.datetime.now()

389

if self.last_checked_ok is None:

241

if now is None:

242

now = datetime.datetime.now()

243

if self.last_seen is None:

390

244

return now < (self.created + self.timeout)

391

245

else:

392

return now < (self.last_checked_ok + self.timeout)

246

return now < (self.last_seen + self.timeout)

393

247

394

248

395

249

def peer_certificate(session):

396

"Return the peer's OpenPGP certificate as a bytestring"

397

250

# If not an OpenPGP certificate...

398

251

if gnutls.library.functions.gnutls_certificate_type_get\

399

252

(session._c_object) \

410

263

411

264

412

265

def fingerprint(openpgp):

413

"Convert an OpenPGP bytestring to a hexdigit fingerprint string"

266

# New empty GnuTLS certificate

267

crt = gnutls.library.types.gnutls_openpgp_crt_t()

268

gnutls.library.functions.gnutls_openpgp_crt_init\

269

(ctypes.byref(crt))

414

270

# New GnuTLS "datum" with the OpenPGP public key

415

271

datum = gnutls.library.types.gnutls_datum_t\

416

272

(ctypes.cast(ctypes.c_char_p(openpgp),

417

273

ctypes.POINTER(ctypes.c_ubyte)),

418

274

ctypes.c_uint(len(openpgp)))

419

# New empty GnuTLS certificate

420

crt = gnutls.library.types.gnutls_openpgp_crt_t()

421

gnutls.library.functions.gnutls_openpgp_crt_init\

422

(ctypes.byref(crt))

423

275

# Import the OpenPGP public key into the certificate

424

gnutls.library.functions.gnutls_openpgp_crt_import\

425

(crt, ctypes.byref(datum),

426

gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)

427

# Verify the self signature in the key

428

crtverify = ctypes.c_uint()

429

gnutls.library.functions.gnutls_openpgp_crt_verify_self\

430

(crt, 0, ctypes.byref(crtverify))

431

if crtverify.value != 0:

432

gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)

433

raise gnutls.errors.CertificateSecurityError("Verify failed")

276

ret = gnutls.library.functions.gnutls_openpgp_crt_import\

277

(crt,

278

ctypes.byref(datum),

279

gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)

434

280

# New buffer for the fingerprint

435

buf = ctypes.create_string_buffer(20)

436

buf_len = ctypes.c_size_t()

281

buffer = ctypes.create_string_buffer(20)

282

buffer_length = ctypes.c_size_t()

437

283

# Get the fingerprint from the certificate into the buffer

438

284

gnutls.library.functions.gnutls_openpgp_crt_get_fingerprint\

439

(crt, ctypes.byref(buf), ctypes.byref(buf_len))

285

(crt, ctypes.byref(buffer), ctypes.byref(buffer_length))

440

286

# Deinit the certificate

441

287

gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)

442

288

# Convert the buffer to a Python bytestring

443

fpr = ctypes.string_at(buf, buf_len.value)

289

fpr = ctypes.string_at(buffer, buffer_length.value)

444

290

# Convert the bytestring to hexadecimal notation

445

291

hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)

446

292

return hex_fpr

447

293

448

294

449

class TCP_handler(SocketServer.BaseRequestHandler, object):

295

class tcp_handler(SocketServer.BaseRequestHandler, object):

450

296

"""A TCP request handler class.

451

297

Instantiated by IPv6_TCPServer for each request to handle it.

452

298

Note: This will run in its own forked process."""

453

299

454

300

def handle(self):

455

logger.info(u"TCP connection from: %s",

456

unicode(self.client_address))

457

session = gnutls.connection.ClientSession\

458

(self.request, gnutls.connection.X509Credentials())

459

460

line = self.request.makefile().readline()

461

logger.debug(u"Protocol version: %r", line)

462

try:

463

if int(line.strip().split()[0]) > 1:

464

raise RuntimeError

465

except (ValueError, IndexError, RuntimeError), error:

466

logger.error(u"Unknown protocol version: %s", error)

467

return

468

469

# Note: gnutls.connection.X509Credentials is really a generic

470

# GnuTLS certificate credentials object so long as no X.509

471

# keys are added to it. Therefore, we can use it here despite

472

# using OpenPGP certificates.

301

if debug:

302

sys.stderr.write(u"TCP request came\n")

303

sys.stderr.write(u"Request: %s\n" % self.request)

304

sys.stderr.write(u"Client Address: %s\n"

305

% unicode(self.client_address))

306

sys.stderr.write(u"Server: %s\n" % self.server)

307

session = gnutls.connection.ClientSession(self.request,

308

gnutls.connection.\

309

X509Credentials())

473

310

474

311

#priority = ':'.join(("NONE", "+VERS-TLS1.1", "+AES-256-CBC",

475

312

# "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",

476

313

# "+DHE-DSS"))

477

# Use a fallback default, since this MUST be set.

478

priority = self.server.settings.get("priority", "NORMAL")

314

priority = "SECURE256"

315

479

316

gnutls.library.functions.gnutls_priority_set_direct\

480

(session._c_object, priority, None)

317

(session._c_object, priority, None);

481

318

482

319

try:

483

320

session.handshake()

484

321

except gnutls.errors.GNUTLSError, error:

485

logger.warning(u"Handshake failed: %s", error)

322

if debug:

323

sys.stderr.write(u"Handshake failed: %s\n" % error)

486

324

# Do not run session.bye() here: the session is not

487

325

# established. Just abandon the request.

488

326

return

489

327

try:

490

328

fpr = fingerprint(peer_certificate(session))

491

329

except (TypeError, gnutls.errors.GNUTLSError), error:

492

logger.warning(u"Bad certificate: %s", error)

330

if debug:

331

sys.stderr.write(u"Bad certificate: %s\n" % error)

493

332

session.bye()

494

333

return

495

logger.debug(u"Fingerprint: %s", fpr)

334

if debug:

335

sys.stderr.write(u"Fingerprint: %s\n" % fpr)

496

336

client = None

497

for c in self.server.clients:

337

for c in clients:

498

338

if c.fingerprint == fpr:

499

339

client = c

500

340

break

501

if not client:

502

logger.warning(u"Client not found for fingerprint: %s",

503

fpr)

504

session.bye()

505

return

506

341

# Have to check if client.still_valid(), since it is possible

507

342

# that the client timed out while establishing the GnuTLS

508

343

# session.

509

if not client.still_valid():

510

logger.warning(u"Client %(name)s is invalid",

511

vars(client))

344

if (not client) or (not client.still_valid()):

345

if debug:

346

if client:

347

sys.stderr.write(u"Client %(name)s is invalid\n"

348

% vars(client))

349

else:

350

sys.stderr.write(u"Client not found for "

351

u"fingerprint: %s\n" % fpr)

512

352

session.bye()

513

353

return

514

## This won't work here, since we're in a fork.

515

# client.bump_timeout()

516

354

sent_size = 0

517

355

while sent_size < len(client.secret):

518

356

sent = session.send(client.secret[sent_size:])

519

logger.debug(u"Sent: %d, remaining: %d",

520

sent, len(client.secret)

521

- (sent_size + sent))

357

if debug:

358

sys.stderr.write(u"Sent: %d, remaining: %d\n"

359

% (sent, len(client.secret)

360

- (sent_size + sent)))

522

361

sent_size += sent

523

362

session.bye()

524

363

525

364

526

class IPv6_TCPServer(SocketServer.ForkingMixIn,

527

SocketServer.TCPServer, object):

365

class IPv6_TCPServer(SocketServer.ForkingTCPServer, object):

528

366

"""IPv6 TCP server. Accepts 'None' as address and/or port.

529

367

Attributes:

530

settings: Server settings

368

options: Command line options

531

369

clients: Set() of Client objects

532

enabled: Boolean; whether this server is activated yet

533

370

"""

534

371

address_family = socket.AF_INET6

535

372

def __init__(self, *args, **kwargs):

536

if "settings" in kwargs:

537

self.settings = kwargs["settings"]

538

del kwargs["settings"]

373

if "options" in kwargs:

374

self.options = kwargs["options"]

375

del kwargs["options"]

539

376

if "clients" in kwargs:

540

377

self.clients = kwargs["clients"]

541

378

del kwargs["clients"]

542

self.enabled = False

543

super(IPv6_TCPServer, self).__init__(*args, **kwargs)

379

return super(type(self), self).__init__(*args, **kwargs)

544

380

def server_bind(self):

545

381

"""This overrides the normal server_bind() function

546

382

to bind to an interface if one was specified, and also NOT to

547

383

bind to an address or port if they were not specified."""

548

if self.settings["interface"]:

549

# 25 is from /usr/include/asm-i486/socket.h

550

SO_BINDTODEVICE = getattr(socket, "SO_BINDTODEVICE", 25)

384

if self.options.interface:

385

if not hasattr(socket, "SO_BINDTODEVICE"):

386

# From /usr/include/asm-i486/socket.h

387

socket.SO_BINDTODEVICE = 25

551

388

try:

552

389

self.socket.setsockopt(socket.SOL_SOCKET,

553

SO_BINDTODEVICE,

554

self.settings["interface"])

390

socket.SO_BINDTODEVICE,

391

self.options.interface)

555

392

except socket.error, error:

556

393

if error[0] == errno.EPERM:

557

logger.error(u"No permission to"

558

u" bind to interface %s",

559

self.settings["interface"])

394

sys.stderr.write(u"Warning: No permission to" \

395

u" bind to interface %s\n"

396

% self.options.interface)

560

397

else:

561

398

raise error

562

399

# Only bind(2) the socket if we really need to.

565

402

in6addr_any = "::"

566

403

self.server_address = (in6addr_any,

567

404

self.server_address[1])

568

elif not self.server_address[1]:

405

elif self.server_address[1] is None:

569

406

self.server_address = (self.server_address[0],

570

407

571

# if self.settings["interface"]:

572

# self.server_address = (self.server_address[0],

573

# 0, # port

574

# 0, # flowinfo

575

# if_nametoindex

576

# (self.settings

577

# ["interface"]))

578

return super(IPv6_TCPServer, self).server_bind()

579

def server_activate(self):

580

if self.enabled:

581

return super(IPv6_TCPServer, self).server_activate()

582

def enable(self):

583

self.enabled = True

408

return super(type(self), self).server_bind()

584

409

585

410

586

411

def string_to_delta(interval):

596

421

datetime.timedelta(1)

597

422

>>> string_to_delta(u'1w')

598

423

datetime.timedelta(7)

599

>>> string_to_delta('5m 30s')

600

datetime.timedelta(0, 330)

601

424

"""

602

timevalue = datetime.timedelta(0)

603

for s in interval.split():

604

try:

605

suffix = unicode(s[-1])

606

value = int(s[:-1])

607

if suffix == u"d":

608

delta = datetime.timedelta(value)

609

elif suffix == u"s":

610

delta = datetime.timedelta(0, value)

611

elif suffix == u"m":

612

delta = datetime.timedelta(0, 0, 0, 0, value)

613

elif suffix == u"h":

614

delta = datetime.timedelta(0, 0, 0, 0, 0, value)

615

elif suffix == u"w":

616

delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)

617

else:

618

raise ValueError

619

except (ValueError, IndexError):

425

try:

426

suffix=unicode(interval[-1])

427

value=int(interval[:-1])

428

if suffix == u"d":

429

delta = datetime.timedelta(value)

430

elif suffix == u"s":

431

delta = datetime.timedelta(0, value)

432

elif suffix == u"m":

433

delta = datetime.timedelta(0, 0, 0, 0, value)

434

elif suffix == u"h":

435

delta = datetime.timedelta(0, 0, 0, 0, 0, value)

436

elif suffix == u"w":

437

delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)

438

else:

620

439

raise ValueError

621

timevalue += delta

622

return timevalue

440

except (ValueError, IndexError):

441

raise ValueError

442

return delta

443

444

445

def add_service():

446

"""From the Avahi server example code"""

447

global group, serviceName, serviceType, servicePort, serviceTXT, \

448

domain, host

449

if group is None:

450

group = dbus.Interface(

451

bus.get_object( avahi.DBUS_NAME,

452

server.EntryGroupNew()),

453

avahi.DBUS_INTERFACE_ENTRY_GROUP)

454

group.connect_to_signal('StateChanged',

455

entry_group_state_changed)

456

if debug:

457

sys.stderr.write(u"Adding service '%s' of type '%s' ...\n"

458

% (serviceName, serviceType))

459

460

group.AddService(

461

serviceInterface, # interface

462

avahi.PROTO_INET6, # protocol

463

dbus.UInt32(0), # flags

464

serviceName, serviceType,

465

domain, host,

466

dbus.UInt16(servicePort),

467

avahi.string_array_to_txt_array(serviceTXT))

468

group.Commit()

469

470

471

def remove_service():

472

"""From the Avahi server example code"""

473

global group

474

475

if not group is None:

476

group.Reset()

623

477

624

478

625

479

def server_state_changed(state):

626

"""Derived from the Avahi example code"""

480

"""From the Avahi server example code"""

627

481

if state == avahi.SERVER_COLLISION:

628

logger.error(u"Zeroconf server name collision")

629

service.remove()

482

sys.stderr.write(u"WARNING: Server name collision\n")

483

remove_service()

630

484

elif state == avahi.SERVER_RUNNING:

631

service.add()

485

add_service()

632

486

633

487

634

488

def entry_group_state_changed(state, error):

635

"""Derived from the Avahi example code"""

636

logger.debug(u"Avahi state change: %i", state)

489

"""From the Avahi server example code"""

490

global serviceName, server, rename_count

491

492

if debug:

493

sys.stderr.write(u"state change: %i\n" % state)

637

494

638

495

if state == avahi.ENTRY_GROUP_ESTABLISHED:

639

logger.debug(u"Zeroconf service established.")

496

if debug:

497

sys.stderr.write(u"Service established.\n")

640

498

elif state == avahi.ENTRY_GROUP_COLLISION:

641

logger.warning(u"Zeroconf service name collision.")

642

service.rename()

499

500

rename_count = rename_count - 1

501

if rename_count > 0:

502

name = server.GetAlternativeServiceName(name)

503

sys.stderr.write(u"WARNING: Service name collision, "

504

u"changing name to '%s' ...\n" % name)

505

remove_service()

506

add_service()

507

508

else:

509

sys.stderr.write(u"ERROR: No suitable service name found "

510

u"after %i retries, exiting.\n"

511

% n_rename)

512

main_loop.quit()

643

513

elif state == avahi.ENTRY_GROUP_FAILURE:

644

logger.critical(u"Avahi: Error in group state changed %s",

645

unicode(error))

646

raise AvahiGroupError("State changed: %s", str(error))

514

sys.stderr.write(u"Error in group state changed %s\n"

515

% unicode(error))

516

main_loop.quit()

517

return

518

647

519

648

520

def if_nametoindex(interface):

649

"""Call the C function if_nametoindex(), or equivalent"""

650

global if_nametoindex

521

"""Call the C function if_nametoindex()"""

651

522

try:

652

if_nametoindex = ctypes.cdll.LoadLibrary\

653

(ctypes.util.find_library("c")).if_nametoindex

523

libc = ctypes.cdll.LoadLibrary("libc.so.6")

524

return libc.if_nametoindex(interface)

654

525

except (OSError, AttributeError):

655

526

if "struct" not in sys.modules:

656

527

import struct

657

528

if "fcntl" not in sys.modules:

658

529

import fcntl

659

def if_nametoindex(interface):

660

"Get an interface index the hard way, i.e. using fcntl()"

661

SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h

662

with closing(socket.socket()) as s:

663

ifreq = fcntl.ioctl(s, SIOCGIFINDEX,

664

struct.pack("16s16x", interface))

665

interface_index = struct.unpack("I", ifreq[16:20])[0]

666

return interface_index

667

return if_nametoindex(interface)

668

669

670

def daemon(nochdir = False, noclose = False):

671

"""See daemon(3). Standard BSD Unix function.

672

This should really exist as os.daemon, but it doesn't (yet)."""

673

if os.fork():

674

sys.exit()

675

os.setsid()

676

if not nochdir:

677

os.chdir("/")

678

if os.fork():

679

sys.exit()

680

if not noclose:

681

# Close all standard open file descriptors

682

null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)

683

if not stat.S_ISCHR(os.fstat(null).st_mode):

684

raise OSError(errno.ENODEV,

685

"/dev/null not a character device")

686

os.dup2(null, sys.stdin.fileno())

687

os.dup2(null, sys.stdout.fileno())

688

os.dup2(null, sys.stderr.fileno())

689

if null > 2:

690

os.close(null)

691

692

693

def main():

694

parser = OptionParser(version = "%%prog %s" % version)

530

SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h

531

s = socket.socket()

532

ifreq = fcntl.ioctl(s, SIOCGIFINDEX,

533

struct.pack("16s16x", interface))

534

s.close()

535

interface_index = struct.unpack("I", ifreq[16:20])[0]

536

return interface_index

537

538

539

if __name__ == '__main__':

540

parser = OptionParser()

695

541

parser.add_option("-i", "--interface", type="string",

696

metavar="IF", help="Bind to interface IF")

697

parser.add_option("-a", "--address", type="string",

698

help="Address to listen for requests on")

699

parser.add_option("-p", "--port", type="int",

542

default=None, metavar="IF",

543

help="Bind to interface IF")

544

parser.add_option("--cert", type="string", default="cert.pem",

545

metavar="FILE",

546

help="Public key certificate PEM file to use")

547

parser.add_option("--key", type="string", default="key.pem",

548

metavar="FILE",

549

help="Private key PEM file to use")

550

parser.add_option("--ca", type="string", default="ca.pem",

551

metavar="FILE",

552

help="Certificate Authority certificate PEM file to use")

553

parser.add_option("--crl", type="string", default="crl.pem",

554

metavar="FILE",

555

help="Certificate Revokation List PEM file to use")

556

parser.add_option("-p", "--port", type="int", default=None,

700

557

help="Port number to receive requests on")

558

parser.add_option("--timeout", type="string", # Parsed later

559

default="1h",

560

help="Amount of downtime allowed for clients")

561

parser.add_option("--interval", type="string", # Parsed later

562

default="5m",

563

help="How often to check that a client is up")

701

564

parser.add_option("--check", action="store_true", default=False,

702

565

help="Run self-test")

703

parser.add_option("--debug", action="store_true",

704

help="Debug mode; run in foreground and log to"

705

" terminal")

706

parser.add_option("--priority", type="string", help="GnuTLS"

707

" priority string (see GnuTLS documentation)")

708

parser.add_option("--servicename", type="string", metavar="NAME",

709

help="Zeroconf service name")

710

parser.add_option("--configdir", type="string",

711

default="/etc/mandos", metavar="DIR",

712

help="Directory to search for configuration"

713

" files")

714

options = parser.parse_args()[0]

566

parser.add_option("--debug", action="store_true", default=False,

567

help="Debug mode")

568

(options, args) = parser.parse_args()

715

569

716

570

if options.check:

717

571

import doctest

718

572

doctest.testmod()

719

573

sys.exit()

720

574

721

# Default values for config file for server-global settings

722

server_defaults = { "interface": "",

723

"address": "",

724

"port": "",

725

"debug": "False",

726

"priority":

727

"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",

728

"servicename": "Mandos",

729

}

730

731

# Parse config file for server-global settings

732

server_config = ConfigParser.SafeConfigParser(server_defaults)

733

del server_defaults

734

server_config.read(os.path.join(options.configdir, "mandos.conf"))

735

# Convert the SafeConfigParser object to a dict

736

server_settings = server_config.defaults()

737

# Use getboolean on the boolean config option

738

server_settings["debug"] = server_config.getboolean\

739

("DEFAULT", "debug")

740

del server_config

741

742

# Override the settings from the config file with command line

743

# options, if set.

744

for option in ("interface", "address", "port", "debug",

745

"priority", "servicename", "configdir"):

746

value = getattr(options, option)

747

if value is not None:

748

server_settings[option] = value

749

del options

750

# Now we have our good server settings in "server_settings"

751

752

debug = server_settings["debug"]

753

754

if not debug:

755

syslogger.setLevel(logging.WARNING)

756

console.setLevel(logging.WARNING)

757

758

if server_settings["servicename"] != "Mandos":

759

syslogger.setFormatter(logging.Formatter\

760

('Mandos (%s): %%(levelname)s:'

761

' %%(message)s'

762

% server_settings["servicename"]))

763

764

# Parse config file with clients

765

client_defaults = { "timeout": "1h",

766

"interval": "5m",

767

"checker": "fping -q -- %(host)s",

768

"host": "",

769

}

770

client_config = ConfigParser.SafeConfigParser(client_defaults)

771

client_config.read(os.path.join(server_settings["configdir"],

772

"clients.conf"))

773

774

clients = Set()

775

tcp_server = IPv6_TCPServer((server_settings["address"],

776

server_settings["port"]),

777

TCP_handler,

778

settings=server_settings,

779

clients=clients)

780

pidfilename = "/var/run/mandos.pid"

781

try:

782

pidfile = open(pidfilename, "w")

783

except IOError, error:

784

logger.error("Could not open file %r", pidfilename)

785

786

uid = 65534

787

gid = 65534

788

try:

789

uid = pwd.getpwnam("mandos").pw_uid

790

except KeyError:

791

try:

792

uid = pwd.getpwnam("nobody").pw_uid

793

except KeyError:

794

pass

795

try:

796

gid = pwd.getpwnam("mandos").pw_gid

797

except KeyError:

798

try:

799

gid = pwd.getpwnam("nogroup").pw_gid

800

except KeyError:

801

pass

802

try:

803

os.setuid(uid)

804

os.setgid(gid)

805

except OSError, error:

806

if error[0] != errno.EPERM:

807

raise error

808

809

global service

810

service = AvahiService(name = server_settings["servicename"],

811

servicetype = "_mandos._tcp", )

812

if server_settings["interface"]:

813

service.interface = if_nametoindex\

814

(server_settings["interface"])

815

816

global main_loop

817

global bus

818

global server

819

# From the Avahi example code

575

# Parse the time arguments

576

try:

577

options.timeout = string_to_delta(options.timeout)

578

except ValueError:

579

parser.error("option --timeout: Unparseable time")

580

try:

581

options.interval = string_to_delta(options.interval)

582

except ValueError:

583

parser.error("option --interval: Unparseable time")

584

585

# Parse config file

586

defaults = { "checker": "sleep 1; fping -q -- %%(fqdn)s" }

587

client_config = ConfigParser.SafeConfigParser(defaults)

588

#client_config.readfp(open("secrets.conf"), "secrets.conf")

589

client_config.read("mandos-clients.conf")

590

591

# From the Avahi server example code

820

592

DBusGMainLoop(set_as_default=True )

821

593

main_loop = gobject.MainLoop()

822

594

bus = dbus.SystemBus()

823

server = dbus.Interface(bus.get_object(avahi.DBUS_NAME,

824

avahi.DBUS_PATH_SERVER),

825

avahi.DBUS_INTERFACE_SERVER)

595

server = dbus.Interface(

596

bus.get_object( avahi.DBUS_NAME, avahi.DBUS_PATH_SERVER ),

597

avahi.DBUS_INTERFACE_SERVER )

826

598

# End of Avahi example code

827

599

600

debug = options.debug

601

602

clients = Set()

828

603

def remove_from_clients(client):

829

604

clients.remove(client)

830

605

if not clients:

831

logger.critical(u"No clients left, exiting")

832

sys.exit()

606

if debug:

607

sys.stderr.write(u"No clients left, exiting\n")

608

main_loop.quit()

833

609

834

clients.update(Set(Client(name = section,

610

clients.update(Set(Client(name=section, options=options,

835

611

stop_hook = remove_from_clients,

836

config

837

= dict(client_config.items(section)))

612

**(dict(client_config\

613

.items(section))))

838

614

for section in client_config.sections()))

839

if not clients:

840

logger.critical(u"No clients defined")

841

sys.exit(1)

842

843

if debug:

844

# Redirect stdin so all checkers get /dev/null

845

null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)

846

os.dup2(null, sys.stdin.fileno())

847

if null > 2:

848

os.close(null)

849

else:

850

# No console logging

851

logger.removeHandler(console)

852

# Close all input and output, do double fork, etc.

853

daemon()

854

855

try:

856

pid = os.getpid()

857

pidfile.write(str(pid) + "\n")

858

pidfile.close()

859

del pidfile

860

except IOError:

861

logger.error(u"Could not write to file %r with PID %d",

862

pidfilename, pid)

863

except NameError:

864

# "pidfile" was never created

865

pass

866

del pidfilename

867

868

def cleanup():

869

"Cleanup function; run on exit"

870

global group

871

# From the Avahi example code

872

if not group is None:

873

group.Free()

874

group = None

875

# End of Avahi example code

876

877

while clients:

878

client = clients.pop()

879

client.stop_hook = None

880

client.stop()

881

882

atexit.register(cleanup)

883

884

if not debug:

885

signal.signal(signal.SIGINT, signal.SIG_IGN)

886

signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())

887

signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())

888

889

615

for client in clients:

890

616

client.start()

891

617

892

tcp_server.enable()

893

tcp_server.server_activate()

894

895

# Find out what port we got

896

service.port = tcp_server.socket.getsockname()[1]

897

logger.info(u"Now listening on address %r, port %d, flowinfo %d,"

898

u" scope_id %d" % tcp_server.socket.getsockname())

899

900

#service.interface = tcp_server.socket.getsockname()[3]

901

618

tcp_server = IPv6_TCPServer((None, options.port),

619

tcp_handler,

620

options=options,

621

clients=clients)

622

# Find out what random port we got

623

servicePort = tcp_server.socket.getsockname()[1]

624

if debug:

625

sys.stderr.write(u"Now listening on port %d\n" % servicePort)

626

627

if options.interface is not None:

628

serviceInterface = if_nametoindex(options.interface)

629

630

# From the Avahi server example code

631

server.connect_to_signal("StateChanged", server_state_changed)

632

server_state_changed(server.GetState())

633

# End of Avahi example code

634

635

gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,

636

lambda *args, **kwargs:

637

tcp_server.handle_request(*args[2:],

638

**kwargs) or True)

902

639

try:

903

# From the Avahi example code

904

server.connect_to_signal("StateChanged", server_state_changed)

905

try:

906

server_state_changed(server.GetState())

907

except dbus.exceptions.DBusException, error:

908

logger.critical(u"DBusException: %s", error)

909

sys.exit(1)

910

# End of Avahi example code

911

912

gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,

913

lambda *args, **kwargs:

914

tcp_server.handle_request\

915

(*args[2:], **kwargs) or True)

916

917

logger.debug(u"Starting main loop")

918

640

main_loop.run()

919

except AvahiError, error:

920

logger.critical(u"AvahiError: %s" + unicode(error))

921

sys.exit(1)

922

641

except KeyboardInterrupt:

923

if debug:

924

642

643

644

# Cleanup here

925

645

926

if __name__ == '__main__':

927

main()

646

# From the Avahi server example code

647

if not group is None:

648

group.Free()

649

# End of Avahi example code

650

651

for client in clients:

652

client.stop_hook = None

653

client.stop()

Older »