/mandos/release : revision 13

44

14

import gnutls.library.functions

45

15

import gnutls.library.constants

46

16

import gnutls.library.types

47

import ConfigParser as configparser

17

import ConfigParser

48

18

import sys

49

19

import re

50

20

import os

51

21

import signal

22

from sets import Set

52

23

import subprocess

53

import atexit

54

import stat

55

import logging

56

import logging.handlers

57

import pwd

58

import contextlib

59

import struct

60

import fcntl

61

import functools

62

import cPickle as pickle

63

import multiprocessing

64

24

65

25

import dbus

66

import dbus.service

67

26

import gobject

68

27

import avahi

69

28

from dbus.mainloop.glib import DBusGMainLoop

70

29

import ctypes

71

import ctypes.util

72

import xml.dom.minidom

73

import inspect

74

75

try:

76

SO_BINDTODEVICE = socket.SO_BINDTODEVICE

77

except AttributeError:

78

try:

79

from IN import SO_BINDTODEVICE

80

except ImportError:

81

SO_BINDTODEVICE = None

82

83

84

version = "1.0.14"

85

86

logger = logging.Logger(u'mandos')

87

syslogger = (logging.handlers.SysLogHandler

88

(facility = logging.handlers.SysLogHandler.LOG_DAEMON,

89

address = "/dev/log"))

90

syslogger.setFormatter(logging.Formatter

91

(u'Mandos [%(process)d]: %(levelname)s:'

92

u' %(message)s'))

93

logger.addHandler(syslogger)

94

95

console = logging.StreamHandler()

96

console.setFormatter(logging.Formatter(u'%(name)s [%(process)d]:'

97

u' %(levelname)s:'

98

u' %(message)s'))

99

logger.addHandler(console)

100

101

class AvahiError(Exception):

102

def __init__(self, value, *args, **kwargs):

103

self.value = value

104

super(AvahiError, self).__init__(value, *args, **kwargs)

105

def __unicode__(self):

106

return unicode(repr(self.value))

107

108

class AvahiServiceError(AvahiError):

109

pass

110

111

class AvahiGroupError(AvahiError):

112

pass

113

114

115

class AvahiService(object):

116

"""An Avahi (Zeroconf) service.

117

118

Attributes:

119

interface: integer; avahi.IF_UNSPEC or an interface index.

120

Used to optionally bind to the specified interface.

121

122

type: string; Example: u'_mandos._tcp'.

123

See <http://www.dns-sd.org/ServiceTypes.html>

124

port: integer; what port to announce

125

TXT: list of strings; TXT record for the service

126

domain: string; Domain to publish on, default to .local if empty.

127

host: string; Host to publish records for, default is localhost

128

max_renames: integer; maximum number of renames

129

rename_count: integer; counter so we only rename after collisions

130

a sensible number of times

131

group: D-Bus Entry Group

132

server: D-Bus Server

133

bus: dbus.SystemBus()

134

"""

135

def __init__(self, interface = avahi.IF_UNSPEC, name = None,

136

servicetype = None, port = None, TXT = None,

137

domain = u"", host = u"", max_renames = 32768,

138

protocol = avahi.PROTO_UNSPEC, bus = None):

139

self.interface = interface

140

self.name = name

141

self.type = servicetype

142

self.port = port

143

self.TXT = TXT if TXT is not None else []

144

self.domain = domain

145

self.host = host

146

self.rename_count = 0

147

self.max_renames = max_renames

148

self.protocol = protocol

149

self.group = None # our entry group

150

self.server = None

151

self.bus = bus

152

def rename(self):

153

"""Derived from the Avahi example code"""

154

if self.rename_count >= self.max_renames:

155

logger.critical(u"No suitable Zeroconf service name found"

156

u" after %i retries, exiting.",

157

self.rename_count)

158

raise AvahiServiceError(u"Too many renames")

159

self.name = self.server.GetAlternativeServiceName(self.name)

160

logger.info(u"Changing Zeroconf service name to %r ...",

161

unicode(self.name))

162

syslogger.setFormatter(logging.Formatter

163

(u'Mandos (%s) [%%(process)d]:'

164

u' %%(levelname)s: %%(message)s'

165

% self.name))

166

self.remove()

167

self.add()

168

self.rename_count += 1

169

def remove(self):

170

"""Derived from the Avahi example code"""

171

if self.group is not None:

172

self.group.Reset()

173

def add(self):

174

"""Derived from the Avahi example code"""

175

if self.group is None:

176

self.group = dbus.Interface(

177

self.bus.get_object(avahi.DBUS_NAME,

178

self.server.EntryGroupNew()),

179

avahi.DBUS_INTERFACE_ENTRY_GROUP)

180

self.group.connect_to_signal('StateChanged',

181

self

182

.entry_group_state_changed)

183

logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",

184

self.name, self.type)

185

self.group.AddService(

186

self.interface,

187

self.protocol,

188

dbus.UInt32(0), # flags

189

self.name, self.type,

190

self.domain, self.host,

191

dbus.UInt16(self.port),

192

avahi.string_array_to_txt_array(self.TXT))

193

self.group.Commit()

194

def entry_group_state_changed(self, state, error):

195

"""Derived from the Avahi example code"""

196

logger.debug(u"Avahi state change: %i", state)

197

198

if state == avahi.ENTRY_GROUP_ESTABLISHED:

199

logger.debug(u"Zeroconf service established.")

200

elif state == avahi.ENTRY_GROUP_COLLISION:

201

logger.warning(u"Zeroconf service name collision.")

202

self.rename()

203

elif state == avahi.ENTRY_GROUP_FAILURE:

204

logger.critical(u"Avahi: Error in group state changed %s",

205

unicode(error))

206

raise AvahiGroupError(u"State changed: %s"

207

% unicode(error))

208

def cleanup(self):

209

"""Derived from the Avahi example code"""

210

if self.group is not None:

211

self.group.Free()

212

self.group = None

213

def server_state_changed(self, state):

214

"""Derived from the Avahi example code"""

215

if state == avahi.SERVER_COLLISION:

216

logger.error(u"Zeroconf server name collision")

217

self.remove()

218

elif state == avahi.SERVER_RUNNING:

219

self.add()

220

def activate(self):

221

"""Derived from the Avahi example code"""

222

if self.server is None:

223

self.server = dbus.Interface(

224

self.bus.get_object(avahi.DBUS_NAME,

225

avahi.DBUS_PATH_SERVER),

226

avahi.DBUS_INTERFACE_SERVER)

227

self.server.connect_to_signal(u"StateChanged",

228

self.server_state_changed)

229

self.server_state_changed(self.server.GetState())

30

31

import logging

32

import logging.handlers

33

34

# logghandler.setFormatter(logging.Formatter('%(levelname)s %(message)s')

35

36

logger = logging.Logger('mandos')

37

logger.addHandler(logging.handlers.SysLogHandler(facility = logging.handlers.SysLogHandler.LOG_DAEMON))

38

39

# This variable is used to optionally bind to a specified interface.

40

# It is a global variable to fit in with the other variables from the

41

# Avahi server example code.

42

serviceInterface = avahi.IF_UNSPEC

43

# From the Avahi server example code:

44

serviceName = "Mandos"

45

serviceType = "_mandos._tcp" # http://www.dns-sd.org/ServiceTypes.html

46

servicePort = None # Not known at startup

47

serviceTXT = [] # TXT record for the service

48

domain = "" # Domain to publish on, default to .local

49

host = "" # Host to publish records for, default to localhost

50

group = None #our entry group

51

rename_count = 12 # Counter so we only rename after collisions a

52

# sensible number of times

53

# End of Avahi example code

230

54

231

55

232

56

class Client(object):

233

57

"""A representation of a client host served by this server.

234

235

58

Attributes:

236

237

D-Bus identifiers

59

238

60

fingerprint: string (40 or 32 hexadecimal digits); used to

239

61

uniquely identify the client

240

secret: bytestring; sent verbatim (over TLS) to client

241

host: string; available for use by the checker command

242

created: datetime.datetime(); (UTC) object creation

243

last_enabled: datetime.datetime(); (UTC)

244

enabled: bool()

245

last_checked_ok: datetime.datetime(); (UTC) or None

246

timeout: datetime.timedelta(); How long from last_checked_ok

247

until this client is disabled

248

interval: datetime.timedelta(); How often to start a new checker

249

disable_hook: If set, called by disable() as disable_hook(self)

250

checker: subprocess.Popen(); a running checker process used

251

to see if the client lives.

252

'None' if no process is running.

62

secret: bytestring; sent verbatim (over TLS) to client

63

fqdn: string (FQDN); available for use by the checker command

64

created: datetime.datetime()

65

last_seen: datetime.datetime() or None if not yet seen

66

timeout: datetime.timedelta(); How long from last_seen until

67

this client is invalid

68

interval: datetime.timedelta(); How often to start a new checker

69

stop_hook: If set, called by stop() as stop_hook(self)

70

checker: subprocess.Popen(); a running checker process used

71

to see if the client lives.

72

Is None if no process is running.

253

73

checker_initiator_tag: a gobject event source tag, or None

254

disable_initiator_tag: - '' -

74

stop_initiator_tag: - '' -

255

75

checker_callback_tag: - '' -

256

76

checker_command: string; External command which is run to check if

257

client lives. %() expansions are done at

77

client lives. %()s expansions are done at

258

78

runtime with vars(self) as dict, so that for

259

79

instance %(name)s can be used in the command.

260

current_checker_command: string; current running checker_command

261

approved_delay: datetime.timedelta(); Time to wait for approval

262

_approved: bool(); 'None' if not yet approved/disapproved

263

approved_duration: datetime.timedelta(); Duration of one approval

80

Private attibutes:

81

_timeout: Real variable for 'timeout'

82

_interval: Real variable for 'interval'

83

_timeout_milliseconds: Used by gobject.timeout_add()

84

_interval_milliseconds: - '' -

264

85

"""

265

266

@staticmethod

267

def _timedelta_to_milliseconds(td):

268

"Convert a datetime.timedelta() to milliseconds"

269

return ((td.days * 24 * 60 * 60 * 1000)

270

+ (td.seconds * 1000)

271

+ (td.microseconds // 1000))

272

273

def timeout_milliseconds(self):

274

"Return the 'timeout' attribute in milliseconds"

275

return self._timedelta_to_milliseconds(self.timeout)

276

277

def interval_milliseconds(self):

278

"Return the 'interval' attribute in milliseconds"

279

return self._timedelta_to_milliseconds(self.interval)

280

281

def approved_delay_milliseconds(self):

282

return self._timedelta_to_milliseconds(self.approved_delay)

283

284

def __init__(self, name = None, disable_hook=None, config=None):

285

"""Note: the 'checker' key in 'config' sets the

286

'checker_command' attribute and *not* the 'checker'

287

attribute."""

86

def _set_timeout(self, timeout):

87

"Setter function for 'timeout' attribute"

88

self._timeout = timeout

89

self._timeout_milliseconds = ((self.timeout.days

90

* 24 * 60 * 60 * 1000)

91

+ (self.timeout.seconds * 1000)

92

+ (self.timeout.microseconds

93

// 1000))

94

timeout = property(lambda self: self._timeout,

95

_set_timeout)

96

del _set_timeout

97

def _set_interval(self, interval):

98

"Setter function for 'interval' attribute"

99

self._interval = interval

100

self._interval_milliseconds = ((self.interval.days

101

* 24 * 60 * 60 * 1000)

102

+ (self.interval.seconds

103

* 1000)

104

+ (self.interval.microseconds

105

// 1000))

106

interval = property(lambda self: self._interval,

107

_set_interval)

108

del _set_interval

109

def __init__(self, name=None, options=None, stop_hook=None,

110

fingerprint=None, secret=None, secfile=None, fqdn=None,

111

timeout=None, interval=-1, checker=None):

288

112

self.name = name

289

if config is None:

290

config = {}

291

logger.debug(u"Creating client %r", self.name)

292

# Uppercase and remove spaces from fingerprint for later

293

# comparison purposes with return value from the fingerprint()

294

# function

295

self.fingerprint = (config[u"fingerprint"].upper()

296

.replace(u" ", u""))

297

logger.debug(u" Fingerprint: %s", self.fingerprint)

298

if u"secret" in config:

299

self.secret = config[u"secret"].decode(u"base64")

300

elif u"secfile" in config:

301

with open(os.path.expanduser(os.path.expandvars

302

(config[u"secfile"])),

303

"rb") as secfile:

304

self.secret = secfile.read()

305

else:

306

#XXX Need to allow secret on demand!

307

raise TypeError(u"No secret or secfile for client %s"

308

% self.name)

309

self.host = config.get(u"host", u"")

310

self.created = datetime.datetime.utcnow()

311

self.enabled = False

312

self.last_enabled = None

313

self.last_checked_ok = None

314

self.timeout = string_to_delta(config[u"timeout"])

315

self.interval = string_to_delta(config[u"interval"])

316

self.disable_hook = disable_hook

113

# Uppercase and remove spaces from fingerprint

114

# for later comparison purposes with return value of

115

# the fingerprint() function

116

self.fingerprint = fingerprint.upper().replace(u" ", u"")

117

if secret:

118

self.secret = secret.decode(u"base64")

119

elif secfile:

120

sf = open(secfile)

121

self.secret = sf.read()

122

sf.close()

123

else:

124

raise RuntimeError(u"No secret or secfile for client %s"

125

% self.name)

126

self.fqdn = fqdn # string

127

self.created = datetime.datetime.now()

128

self.last_seen = None

129

if timeout is None:

130

timeout = options.timeout

131

self.timeout = timeout

132

if interval == -1:

133

interval = options.interval

134

else:

135

interval = string_to_delta(interval)

136

self.interval = interval

137

self.stop_hook = stop_hook

317

138

self.checker = None

318

139

self.checker_initiator_tag = None

319

self.disable_initiator_tag = None

140

self.stop_initiator_tag = None

320

141

self.checker_callback_tag = None

321

self.checker_command = config[u"checker"]

322

self.current_checker_command = None

323

self.last_connect = None

324

self.approvals_pending = 0

325

self._approved = None

326

self.approved_by_default = config.get(u"approved_by_default",

327

False)

328

self.approved_delay = string_to_delta(

329

config[u"approved_delay"])

330

self.approved_duration = string_to_delta(

331

config[u"approved_duration"])

332

self.changedstate = multiprocessing_manager.Condition(multiprocessing_manager.Lock())

333

334

def send_changedstate(self):

335

self.changedstate.acquire()

336

self.changedstate.notify_all()

337

self.changedstate.release()

338

339

def enable(self):

340

"""Start this client's checker and timeout hooks"""

341

if getattr(self, u"enabled", False):

342

# Already enabled

343

return

344

self.send_changedstate()

345

self.last_enabled = datetime.datetime.utcnow()

142

self.check_command = checker

143

def start(self):

144

"""Start this clients checker and timeout hooks"""

346

145

# Schedule a new checker to be started an 'interval' from now,

347

146

# and every interval from then on.

348

self.checker_initiator_tag = (gobject.timeout_add

349

(self.interval_milliseconds(),

350

self.start_checker))

351

# Schedule a disable() when 'timeout' has passed

352

self.disable_initiator_tag = (gobject.timeout_add

353

(self.timeout_milliseconds(),

354

self.disable))

355

self.enabled = True

147

self.checker_initiator_tag = gobject.timeout_add\

148

(self._interval_milliseconds,

149

self.start_checker)

356

150

# Also start a new checker *right now*.

357

151

self.start_checker()

358

359

def disable(self, quiet=True):

360

"""Disable this client."""

361

if not getattr(self, "enabled", False):

362

return False

363

if not quiet:

364

self.send_changedstate()

365

if not quiet:

366

logger.info(u"Disabling client %s", self.name)

367

if getattr(self, u"disable_initiator_tag", False):

368

gobject.source_remove(self.disable_initiator_tag)

369

self.disable_initiator_tag = None

370

if getattr(self, u"checker_initiator_tag", False):

152

# Schedule a stop() when 'timeout' has passed

153

self.stop_initiator_tag = gobject.timeout_add\

154

(self._timeout_milliseconds,

155

self.stop)

156

def stop(self):

157

"""Stop this client.

158

The possibility that this client might be restarted is left

159

open, but not currently used."""

160

logger.debug(u"Stopping client %s", self.name)

161

self.secret = None

162

if self.stop_initiator_tag:

163

gobject.source_remove(self.stop_initiator_tag)

164

self.stop_initiator_tag = None

165

if self.checker_initiator_tag:

371

166

gobject.source_remove(self.checker_initiator_tag)

372

167

self.checker_initiator_tag = None

373

168

self.stop_checker()

374

if self.disable_hook:

375

self.disable_hook(self)

376

self.enabled = False

169

if self.stop_hook:

170

self.stop_hook(self)

377

171

# Do not run this again if called by a gobject.timeout_add

378

172

return False

379

380

173

def __del__(self):

381

self.disable_hook = None

382

self.disable()

383

384

def checker_callback(self, pid, condition, command):

174

# Some code duplication here and in stop()

175

if hasattr(self, "stop_initiator_tag") \

176

and self.stop_initiator_tag:

177

gobject.source_remove(self.stop_initiator_tag)

178

self.stop_initiator_tag = None

179

if hasattr(self, "checker_initiator_tag") \

180

and self.checker_initiator_tag:

181

gobject.source_remove(self.checker_initiator_tag)

182

self.checker_initiator_tag = None

183

self.stop_checker()

184

def checker_callback(self, pid, condition):

385

185

"""The checker has completed, so take appropriate actions."""

386

self.checker_callback_tag = None

387

self.checker = None

388

if os.WIFEXITED(condition):

389

exitstatus = os.WEXITSTATUS(condition)

390

if exitstatus == 0:

391

logger.info(u"Checker for %(name)s succeeded",

392

vars(self))

393

self.checked_ok()

394

else:

395

logger.info(u"Checker for %(name)s failed",

396

vars(self))

397

else:

186

now = datetime.datetime.now()

187

if os.WIFEXITED(condition) \

188

and (os.WEXITSTATUS(condition) == 0):

189

logger.debug(u"Checker for %(name)s succeeded",

190

vars(self))

191

self.last_seen = now

192

gobject.source_remove(self.stop_initiator_tag)

193

self.stop_initiator_tag = gobject.timeout_add\

194

(self._timeout_milliseconds,

195

self.stop)

196

if not os.WIFEXITED(condition):

398

197

logger.warning(u"Checker for %(name)s crashed?",

399

198

vars(self))

400

401

def checked_ok(self):

402

"""Bump up the timeout for this client.

403

404

This should only be called when the client has been seen,

405

alive and well.

406

"""

407

self.last_checked_ok = datetime.datetime.utcnow()

408

gobject.source_remove(self.disable_initiator_tag)

409

self.disable_initiator_tag = (gobject.timeout_add

410

(self.timeout_milliseconds(),

411

self.disable))

412

199

else:

200

logger.debug(u"Checker for %(name)s failed",

201

vars(self))

202

self.checker = None

203

self.checker_callback_tag = None

413

204

def start_checker(self):

414

205

"""Start a new checker subprocess if one is not running.

415

416

206

If a checker already exists, leave it running and do

417

207

nothing."""

418

# The reason for not killing a running checker is that if we

419

# did that, then if a checker (for some reason) started

420

# running slowly and taking more than 'interval' time, the

421

# client would inevitably timeout, since no checker would get

422

# a chance to run to completion. If we instead leave running

423

# checkers alone, the checker would have to take more time

424

# than 'timeout' for the client to be disabled, which is as it

425

# should be.

426

427

# If a checker exists, make sure it is not a zombie

428

try:

429

pid, status = os.waitpid(self.checker.pid, os.WNOHANG)

430

except (AttributeError, OSError), error:

431

if (isinstance(error, OSError)

432

and error.errno != errno.ECHILD):

433

raise error

434

else:

435

if pid:

436

logger.warning(u"Checker was a zombie")

437

gobject.source_remove(self.checker_callback_tag)

438

self.checker_callback(pid, status,

439

self.current_checker_command)

440

# Start a new checker if needed

441

208

if self.checker is None:

209

logger.debug(u"Starting checker for %s",

210

self.name)

442

211

try:

443

# In case checker_command has exactly one % operator

444

command = self.checker_command % self.host

212

command = self.check_command % self.fqdn

445

213

except TypeError:

446

# Escape attributes for the shell

447

escaped_attrs = dict((key,

448

re.escape(unicode(str(val),

449

errors=

450

u'replace')))

214

escaped_attrs = dict((key, re.escape(str(val)))

451

215

for key, val in

452

216

vars(self).iteritems())

453

217

try:

454

command = self.checker_command % escaped_attrs

218

command = self.check_command % escaped_attrs

455

219

except TypeError, error:

456

logger.error(u'Could not format string "%s":'

457

u' %s', self.checker_command, error)

220

logger.critical(u'Could not format string "%s": %s',

221

self.check_command, error)

458

222

return True # Try again later

459

self.current_checker_command = command

460

223

try:

461

logger.info(u"Starting checker %r for %s",

462

command, self.name)

463

# We don't need to redirect stdout and stderr, since

464

# in normal mode, that is already done by daemon(),

465

# and in debug mode we don't want to. (Stdin is

466

# always replaced by /dev/null.)

467

self.checker = subprocess.Popen(command,

468

close_fds=True,

469

shell=True, cwd=u"/")

470

self.checker_callback_tag = (gobject.child_watch_add

471

(self.checker.pid,

472

self.checker_callback,

473

data=command))

474

# The checker may have completed before the gobject

475

# watch was added. Check for this.

476

pid, status = os.waitpid(self.checker.pid, os.WNOHANG)

477

if pid:

478

gobject.source_remove(self.checker_callback_tag)

479

self.checker_callback(pid, status, command)

480

except OSError, error:

224

self.checker = subprocess.\

225

Popen(command,

226

stdout=subprocess.PIPE,

227

close_fds=True, shell=True,

228

cwd="/")

229

self.checker_callback_tag = gobject.\

230

child_watch_add(self.checker.pid,

231

self.\

232

checker_callback)

233

except subprocess.OSError, error:

481

234

logger.error(u"Failed to start subprocess: %s",

482

235

error)

483

236

# Re-run this periodically if run by gobject.timeout_add

484

237

return True

485

486

238

def stop_checker(self):

487

239

"""Force the checker process, if any, to stop."""

488

if self.checker_callback_tag:

489

gobject.source_remove(self.checker_callback_tag)

490

self.checker_callback_tag = None

491

if getattr(self, u"checker", None) is None:

240

if not hasattr(self, "checker") or self.checker is None:

492

241

return

493

logger.debug(u"Stopping checker for %(name)s", vars(self))

494

try:

495

os.kill(self.checker.pid, signal.SIGTERM)

496

#time.sleep(0.5)

497

#if self.checker.poll() is None:

498

# os.kill(self.checker.pid, signal.SIGKILL)

499

except OSError, error:

500

if error.errno != errno.ESRCH: # No such process

501

raise

502

self.checker = None

503

504

def dbus_service_property(dbus_interface, signature=u"v",

505

access=u"readwrite", byte_arrays=False):

506

"""Decorators for marking methods of a DBusObjectWithProperties to

507

become properties on the D-Bus.

508

509

The decorated method will be called with no arguments by "Get"

510

and with one argument by "Set".

511

512

The parameters, where they are supported, are the same as

513

dbus.service.method, except there is only "signature", since the

514

type from Get() and the type sent to Set() is the same.

515

"""

516

# Encoding deeply encoded byte arrays is not supported yet by the

517

# "Set" method, so we fail early here:

518

if byte_arrays and signature != u"ay":

519

raise ValueError(u"Byte arrays not supported for non-'ay'"

520

u" signature %r" % signature)

521

def decorator(func):

522

func._dbus_is_property = True

523

func._dbus_interface = dbus_interface

524

func._dbus_signature = signature

525

func._dbus_access = access

526

func._dbus_name = func.__name__

527

if func._dbus_name.endswith(u"_dbus_property"):

528

func._dbus_name = func._dbus_name[:-14]

529

func._dbus_get_args_options = {u'byte_arrays': byte_arrays }

530

return func

531

return decorator

532

533

534

class DBusPropertyException(dbus.exceptions.DBusException):

535

"""A base class for D-Bus property-related exceptions

536

"""

537

def __unicode__(self):

538

return unicode(str(self))

539

540

541

class DBusPropertyAccessException(DBusPropertyException):

542

"""A property's access permissions disallows an operation.

543

"""

544

pass

545

546

547

class DBusPropertyNotFound(DBusPropertyException):

548

"""An attempt was made to access a non-existing property.

549

"""

550

pass

551

552

553

class DBusObjectWithProperties(dbus.service.Object):

554

"""A D-Bus object with properties.

555

556

Classes inheriting from this can use the dbus_service_property

557

decorator to expose methods as D-Bus properties. It exposes the

558

standard Get(), Set(), and GetAll() methods on the D-Bus.

559

"""

560

561

@staticmethod

562

def _is_dbus_property(obj):

563

return getattr(obj, u"_dbus_is_property", False)

564

565

def _get_all_dbus_properties(self):

566

"""Returns a generator of (name, attribute) pairs

567

"""

568

return ((prop._dbus_name, prop)

569

for name, prop in

570

inspect.getmembers(self, self._is_dbus_property))

571

572

def _get_dbus_property(self, interface_name, property_name):

573

"""Returns a bound method if one exists which is a D-Bus

574

property with the specified name and interface.

575

"""

576

for name in (property_name,

577

property_name + u"_dbus_property"):

578

prop = getattr(self, name, None)

579

if (prop is None

580

or not self._is_dbus_property(prop)

581

or prop._dbus_name != property_name

582

or (interface_name and prop._dbus_interface

583

and interface_name != prop._dbus_interface)):

584

continue

585

return prop

586

# No such property

587

raise DBusPropertyNotFound(self.dbus_object_path + u":"

588

+ interface_name + u"."

589

+ property_name)

590

591

@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"ss",

592

out_signature=u"v")

593

def Get(self, interface_name, property_name):

594

"""Standard D-Bus property Get() method, see D-Bus standard.

595

"""

596

prop = self._get_dbus_property(interface_name, property_name)

597

if prop._dbus_access == u"write":

598

raise DBusPropertyAccessException(property_name)

599

value = prop()

600

if not hasattr(value, u"variant_level"):

601

return value

602

return type(value)(value, variant_level=value.variant_level+1)

603

604

@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"ssv")

605

def Set(self, interface_name, property_name, value):

606

"""Standard D-Bus property Set() method, see D-Bus standard.

607

"""

608

prop = self._get_dbus_property(interface_name, property_name)

609

if prop._dbus_access == u"read":

610

raise DBusPropertyAccessException(property_name)

611

if prop._dbus_get_args_options[u"byte_arrays"]:

612

# The byte_arrays option is not supported yet on

613

# signatures other than "ay".

614

if prop._dbus_signature != u"ay":

615

raise ValueError

616

value = dbus.ByteArray(''.join(unichr(byte)

617

for byte in value))

618

prop(value)

619

620

@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"s",

621

out_signature=u"a{sv}")

622

def GetAll(self, interface_name):

623

"""Standard D-Bus property GetAll() method, see D-Bus

624

standard.

625

626

Note: Will not include properties with access="write".

627

"""

628

all = {}

629

for name, prop in self._get_all_dbus_properties():

630

if (interface_name

631

and interface_name != prop._dbus_interface):

632

# Interface non-empty but did not match

633

continue

634

# Ignore write-only properties

635

if prop._dbus_access == u"write":

636

continue

637

value = prop()

638

if not hasattr(value, u"variant_level"):

639

all[name] = value

640

continue

641

all[name] = type(value)(value, variant_level=

642

value.variant_level+1)

643

return dbus.Dictionary(all, signature=u"sv")

644

645

@dbus.service.method(dbus.INTROSPECTABLE_IFACE,

646

out_signature=u"s",

647

path_keyword='object_path',

648

connection_keyword='connection')

649

def Introspect(self, object_path, connection):

650

"""Standard D-Bus method, overloaded to insert property tags.

651

"""

652

xmlstring = dbus.service.Object.Introspect(self, object_path,

653

connection)

654

try:

655

document = xml.dom.minidom.parseString(xmlstring)

656

def make_tag(document, name, prop):

657

e = document.createElement(u"property")

658

e.setAttribute(u"name", name)

659

e.setAttribute(u"type", prop._dbus_signature)

660

e.setAttribute(u"access", prop._dbus_access)

661

return e

662

for if_tag in document.getElementsByTagName(u"interface"):

663

for tag in (make_tag(document, name, prop)

664

for name, prop

665

in self._get_all_dbus_properties()

666

if prop._dbus_interface

667

== if_tag.getAttribute(u"name")):

668

if_tag.appendChild(tag)

669

# Add the names to the return values for the

670

# "org.freedesktop.DBus.Properties" methods

671

if (if_tag.getAttribute(u"name")

672

== u"org.freedesktop.DBus.Properties"):

673

for cn in if_tag.getElementsByTagName(u"method"):

674

if cn.getAttribute(u"name") == u"Get":

675

for arg in cn.getElementsByTagName(u"arg"):

676

if (arg.getAttribute(u"direction")

677

== u"out"):

678

arg.setAttribute(u"name", u"value")

679

elif cn.getAttribute(u"name") == u"GetAll":

680

for arg in cn.getElementsByTagName(u"arg"):

681

if (arg.getAttribute(u"direction")

682

== u"out"):

683

arg.setAttribute(u"name", u"props")

684

xmlstring = document.toxml(u"utf-8")

685

document.unlink()

686

except (AttributeError, xml.dom.DOMException,

687

xml.parsers.expat.ExpatError), error:

688

logger.error(u"Failed to override Introspection method",

689

error)

690

return xmlstring

691

692

693

class ClientDBus(Client, DBusObjectWithProperties):

694

"""A Client class using D-Bus

695

696

Attributes:

697

dbus_object_path: dbus.ObjectPath

698

bus: dbus.SystemBus()

699

"""

700

# dbus.service.Object doesn't use super(), so we can't either.

701

702

def __init__(self, bus = None, *args, **kwargs):

703

self.bus = bus

704

Client.__init__(self, *args, **kwargs)

705

# Only now, when this client is initialized, can it show up on

706

# the D-Bus

707

self.dbus_object_path = (dbus.ObjectPath

708

(u"/clients/"

709

+ self.name.replace(u".", u"_")))

710

DBusObjectWithProperties.__init__(self, self.bus,

711

self.dbus_object_path)

712

713

@staticmethod

714

def _datetime_to_dbus(dt, variant_level=0):

715

"""Convert a UTC datetime.datetime() to a D-Bus type."""

716

return dbus.String(dt.isoformat(),

717

variant_level=variant_level)

718

719

def enable(self):

720

oldstate = getattr(self, u"enabled", False)

721

r = Client.enable(self)

722

if oldstate != self.enabled:

723

# Emit D-Bus signals

724

self.PropertyChanged(dbus.String(u"enabled"),

725

dbus.Boolean(True, variant_level=1))

726

self.PropertyChanged(

727

dbus.String(u"last_enabled"),

728

self._datetime_to_dbus(self.last_enabled,

729

variant_level=1))

730

return r

731

732

def disable(self, quiet = False):

733

oldstate = getattr(self, u"enabled", False)

734

r = Client.disable(self, quiet=quiet)

735

if not quiet and oldstate != self.enabled:

736

# Emit D-Bus signal

737

self.PropertyChanged(dbus.String(u"enabled"),

738

dbus.Boolean(False, variant_level=1))

739

return r

740

741

def __del__(self, *args, **kwargs):

742

try:

743

self.remove_from_connection()

744

except LookupError:

745

pass

746

if hasattr(DBusObjectWithProperties, u"__del__"):

747

DBusObjectWithProperties.__del__(self, *args, **kwargs)

748

Client.__del__(self, *args, **kwargs)

749

750

def checker_callback(self, pid, condition, command,

751

*args, **kwargs):

242

gobject.source_remove(self.checker_callback_tag)

752

243

self.checker_callback_tag = None

244

os.kill(self.checker.pid, signal.SIGTERM)

245

if self.checker.poll() is None:

246

os.kill(self.checker.pid, signal.SIGKILL)

753

247

self.checker = None

754

# Emit D-Bus signal

755

self.PropertyChanged(dbus.String(u"checker_running"),

756

dbus.Boolean(False, variant_level=1))

757

if os.WIFEXITED(condition):

758

exitstatus = os.WEXITSTATUS(condition)

759

# Emit D-Bus signal

760

self.CheckerCompleted(dbus.Int16(exitstatus),

761

dbus.Int64(condition),

762

dbus.String(command))

763

else:

764

# Emit D-Bus signal

765

self.CheckerCompleted(dbus.Int16(-1),

766

dbus.Int64(condition),

767

dbus.String(command))

768

769

return Client.checker_callback(self, pid, condition, command,

770

*args, **kwargs)

771

772

def checked_ok(self, *args, **kwargs):

773

r = Client.checked_ok(self, *args, **kwargs)

774

# Emit D-Bus signal

775

self.PropertyChanged(

776

dbus.String(u"last_checked_ok"),

777

(self._datetime_to_dbus(self.last_checked_ok,

778

variant_level=1)))

779

return r

780

781

def start_checker(self, *args, **kwargs):

782

old_checker = self.checker

783

if self.checker is not None:

784

old_checker_pid = self.checker.pid

785

else:

786

old_checker_pid = None

787

r = Client.start_checker(self, *args, **kwargs)

788

# Only if new checker process was started

789

if (self.checker is not None

790

and old_checker_pid != self.checker.pid):

791

# Emit D-Bus signal

792

self.CheckerStarted(self.current_checker_command)

793

self.PropertyChanged(

794

dbus.String(u"checker_running"),

795

dbus.Boolean(True, variant_level=1))

796

return r

797

798

def stop_checker(self, *args, **kwargs):

799

old_checker = getattr(self, u"checker", None)

800

r = Client.stop_checker(self, *args, **kwargs)

801

if (old_checker is not None

802

and getattr(self, u"checker", None) is None):

803

self.PropertyChanged(dbus.String(u"checker_running"),

804

dbus.Boolean(False, variant_level=1))

805

return r

806

807

def _reset_approved(self):

808

self._approved = None

809

return False

810

811

def approve(self, value=True):

812

self._approved = value

813

gobject.timeout_add(self._timedelta_to_milliseconds(self.approved_duration, self._reset_approved))

814

815

def approved_pending(self):

816

return self.approvals_pending > 0

817

818

819

## D-Bus methods, signals & properties

820

_interface = u"se.bsnet.fukt.Mandos.Client"

821

822

## Signals

823

824

# CheckerCompleted - signal

825

@dbus.service.signal(_interface, signature=u"nxs")

826

def CheckerCompleted(self, exitcode, waitstatus, command):

827

"D-Bus signal"

828

pass

829

830

# CheckerStarted - signal

831

@dbus.service.signal(_interface, signature=u"s")

832

def CheckerStarted(self, command):

833

"D-Bus signal"

834

pass

835

836

# PropertyChanged - signal

837

@dbus.service.signal(_interface, signature=u"sv")

838

def PropertyChanged(self, property, value):

839

"D-Bus signal"

840

pass

841

842

# GotSecret - signal

843

@dbus.service.signal(_interface)

844

def GotSecret(self):

845

"D-Bus signal"

846

pass

847

848

# Rejected - signal

849

@dbus.service.signal(_interface, signature=u"s")

850

def Rejected(self, reason):

851

"D-Bus signal"

852

pass

853

854

# NeedApproval - signal

855

@dbus.service.signal(_interface, signature=u"db")

856

def NeedApproval(self, timeout, default):

857

"D-Bus signal"

858

pass

859

860

## Methods

861

862

# Approve - method

863

@dbus.service.method(_interface, in_signature=u"b")

864

def Approve(self, value):

865

self.approve(value)

866

867

# CheckedOK - method

868

@dbus.service.method(_interface)

869

def CheckedOK(self):

870

return self.checked_ok()

871

872

# Enable - method

873

@dbus.service.method(_interface)

874

def Enable(self):

875

"D-Bus method"

876

self.enable()

877

878

# StartChecker - method

879

@dbus.service.method(_interface)

880

def StartChecker(self):

881

"D-Bus method"

882

self.start_checker()

883

884

# Disable - method

885

@dbus.service.method(_interface)

886

def Disable(self):

887

"D-Bus method"

888

self.disable()

889

890

# StopChecker - method

891

@dbus.service.method(_interface)

892

def StopChecker(self):

893

self.stop_checker()

894

895

## Properties

896

897

# approved_pending - property

898

@dbus_service_property(_interface, signature=u"b", access=u"read")

899

def approved_pending_dbus_property(self):

900

return dbus.Boolean(self.approved_pending())

901

902

# approved_by_default - property

903

@dbus_service_property(_interface, signature=u"b",

904

access=u"readwrite")

905

def approved_by_default_dbus_property(self):

906

return dbus.Boolean(self.approved_by_default)

907

908

# approved_delay - property

909

@dbus_service_property(_interface, signature=u"t",

910

access=u"readwrite")

911

def approved_delay_dbus_property(self):

912

return dbus.UInt64(self.approved_delay_milliseconds())

913

914

# approved_duration - property

915

@dbus_service_property(_interface, signature=u"t",

916

access=u"readwrite")

917

def approved_duration_dbus_property(self):

918

return dbus.UInt64(self._timedelta_to_milliseconds(

919

self.approved_duration))

920

921

# name - property

922

@dbus_service_property(_interface, signature=u"s", access=u"read")

923

def name_dbus_property(self):

924

return dbus.String(self.name)

925

926

# fingerprint - property

927

@dbus_service_property(_interface, signature=u"s", access=u"read")

928

def fingerprint_dbus_property(self):

929

return dbus.String(self.fingerprint)

930

931

# host - property

932

@dbus_service_property(_interface, signature=u"s",

933

access=u"readwrite")

934

def host_dbus_property(self, value=None):

935

if value is None: # get

936

return dbus.String(self.host)

937

self.host = value

938

# Emit D-Bus signal

939

self.PropertyChanged(dbus.String(u"host"),

940

dbus.String(value, variant_level=1))

941

942

# created - property

943

@dbus_service_property(_interface, signature=u"s", access=u"read")

944

def created_dbus_property(self):

945

return dbus.String(self._datetime_to_dbus(self.created))

946

947

# last_enabled - property

948

@dbus_service_property(_interface, signature=u"s", access=u"read")

949

def last_enabled_dbus_property(self):

950

if self.last_enabled is None:

951

return dbus.String(u"")

952

return dbus.String(self._datetime_to_dbus(self.last_enabled))

953

954

# enabled - property

955

@dbus_service_property(_interface, signature=u"b",

956

access=u"readwrite")

957

def enabled_dbus_property(self, value=None):

958

if value is None: # get

959

return dbus.Boolean(self.enabled)

960

if value:

961

self.enable()

962

else:

963

self.disable()

964

965

# last_checked_ok - property

966

@dbus_service_property(_interface, signature=u"s",

967

access=u"readwrite")

968

def last_checked_ok_dbus_property(self, value=None):

969

if value is not None:

970

self.checked_ok()

971

return

972

if self.last_checked_ok is None:

973

return dbus.String(u"")

974

return dbus.String(self._datetime_to_dbus(self

975

.last_checked_ok))

976

977

# timeout - property

978

@dbus_service_property(_interface, signature=u"t",

979

access=u"readwrite")

980

def timeout_dbus_property(self, value=None):

981

if value is None: # get

982

return dbus.UInt64(self.timeout_milliseconds())

983

self.timeout = datetime.timedelta(0, 0, 0, value)

984

# Emit D-Bus signal

985

self.PropertyChanged(dbus.String(u"timeout"),

986

dbus.UInt64(value, variant_level=1))

987

if getattr(self, u"disable_initiator_tag", None) is None:

988

return

989

# Reschedule timeout

990

gobject.source_remove(self.disable_initiator_tag)

991

self.disable_initiator_tag = None

992

time_to_die = (self.

993

_timedelta_to_milliseconds((self

994

.last_checked_ok

995

+ self.timeout)

996

- datetime.datetime

997

.utcnow()))

998

if time_to_die <= 0:

999

# The timeout has passed

1000

self.disable()

1001

else:

1002

self.disable_initiator_tag = (gobject.timeout_add

1003

(time_to_die, self.disable))

1004

1005

# interval - property

1006

@dbus_service_property(_interface, signature=u"t",

1007

access=u"readwrite")

1008

def interval_dbus_property(self, value=None):

1009

if value is None: # get

1010

return dbus.UInt64(self.interval_milliseconds())

1011

self.interval = datetime.timedelta(0, 0, 0, value)

1012

# Emit D-Bus signal

1013

self.PropertyChanged(dbus.String(u"interval"),

1014

dbus.UInt64(value, variant_level=1))

1015

if getattr(self, u"checker_initiator_tag", None) is None:

1016

return

1017

# Reschedule checker run

1018

gobject.source_remove(self.checker_initiator_tag)

1019

self.checker_initiator_tag = (gobject.timeout_add

1020

(value, self.start_checker))

1021

self.start_checker() # Start one now, too

1022

1023

# checker - property

1024

@dbus_service_property(_interface, signature=u"s",

1025

access=u"readwrite")

1026

def checker_dbus_property(self, value=None):

1027

if value is None: # get

1028

return dbus.String(self.checker_command)

1029

self.checker_command = value

1030

# Emit D-Bus signal

1031

self.PropertyChanged(dbus.String(u"checker"),

1032

dbus.String(self.checker_command,

1033

variant_level=1))

1034

1035

# checker_running - property

1036

@dbus_service_property(_interface, signature=u"b",

1037

access=u"readwrite")

1038

def checker_running_dbus_property(self, value=None):

1039

if value is None: # get

1040

return dbus.Boolean(self.checker is not None)

1041

if value:

1042

self.start_checker()

1043

else:

1044

self.stop_checker()

1045

1046

# object_path - property

1047

@dbus_service_property(_interface, signature=u"o", access=u"read")

1048

def object_path_dbus_property(self):

1049

return self.dbus_object_path # is already a dbus.ObjectPath

1050

1051

# secret = property

1052

@dbus_service_property(_interface, signature=u"ay",

1053

access=u"write", byte_arrays=True)

1054

def secret_dbus_property(self, value):

1055

self.secret = str(value)

1056

1057

del _interface

1058

1059

1060

class ProxyClient(object):

1061

def __init__(self, child_pipe, fpr, address):

1062

self._pipe = child_pipe

1063

self._pipe.send(('init', fpr, address))

1064

if not self._pipe.recv():

1065

raise KeyError()

1066

1067

def __getattribute__(self, name):

1068

if(name == '_pipe'):

1069

return super(ProxyClient, self).__getattribute__(name)

1070

self._pipe.send(('getattr', name))

1071

data = self._pipe.recv()

1072

if data[0] == 'data':

1073

return data[1]

1074

if data[0] == 'function':

1075

def func(*args, **kwargs):

1076

self._pipe.send(('funcall', name, args, kwargs))

1077

return self._pipe.recv()[1]

1078

return func

1079

1080

def __setattr__(self, name, value):

1081

if(name == '_pipe'):

1082

return super(ProxyClient, self).__setattr__(name, value)

1083

self._pipe.send(('setattr', name, value))

1084

1085

1086

class ClientHandler(socketserver.BaseRequestHandler, object):

1087

"""A class to handle client connections.

1088

1089

Instantiated once for each connection to handle it.

248

def still_valid(self, now=None):

249

"""Has the timeout not yet passed for this client?"""

250

if now is None:

251

now = datetime.datetime.now()

252

if self.last_seen is None:

253

return now < (self.created + self.timeout)

254

else:

255

return now < (self.last_seen + self.timeout)

256

257

258

def peer_certificate(session):

259

# If not an OpenPGP certificate...

260

if gnutls.library.functions.gnutls_certificate_type_get\

261

(session._c_object) \

262

!= gnutls.library.constants.GNUTLS_CRT_OPENPGP:

263

# ...do the normal thing

264

return session.peer_certificate

265

list_size = ctypes.c_uint()

266

cert_list = gnutls.library.functions.gnutls_certificate_get_peers\

267

(session._c_object, ctypes.byref(list_size))

268

if list_size.value == 0:

269

return None

270

cert = cert_list[0]

271

return ctypes.string_at(cert.data, cert.size)

272

273

274

def fingerprint(openpgp):

275

# New empty GnuTLS certificate

276

crt = gnutls.library.types.gnutls_openpgp_crt_t()

277

gnutls.library.functions.gnutls_openpgp_crt_init\

278

(ctypes.byref(crt))

279

# New GnuTLS "datum" with the OpenPGP public key

280

datum = gnutls.library.types.gnutls_datum_t\

281

(ctypes.cast(ctypes.c_char_p(openpgp),

282

ctypes.POINTER(ctypes.c_ubyte)),

283

ctypes.c_uint(len(openpgp)))

284

# Import the OpenPGP public key into the certificate

285

ret = gnutls.library.functions.gnutls_openpgp_crt_import\

286

(crt,

287

ctypes.byref(datum),

288

gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)

289

# New buffer for the fingerprint

290

buffer = ctypes.create_string_buffer(20)

291

buffer_length = ctypes.c_size_t()

292

# Get the fingerprint from the certificate into the buffer

293

gnutls.library.functions.gnutls_openpgp_crt_get_fingerprint\

294

(crt, ctypes.byref(buffer), ctypes.byref(buffer_length))

295

# Deinit the certificate

296

gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)

297

# Convert the buffer to a Python bytestring

298

fpr = ctypes.string_at(buffer, buffer_length.value)

299

# Convert the bytestring to hexadecimal notation

300

hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)

301

return hex_fpr

302

303

304

class tcp_handler(SocketServer.BaseRequestHandler, object):

305

"""A TCP request handler class.

306

Instantiated by IPv6_TCPServer for each request to handle it.

1090

307

Note: This will run in its own forked process."""

1091

308

1092

309

def handle(self):

1093

with contextlib.closing(self.server.child_pipe) as child_pipe:

1094

logger.info(u"TCP connection from: %s",

1095

unicode(self.client_address))

1096

logger.debug(u"Pipe FD: %d",

1097

self.server.child_pipe.fileno())

1098

1099

session = (gnutls.connection

1100

.ClientSession(self.request,

1101

gnutls.connection

1102

.X509Credentials()))

1103

1104

# Note: gnutls.connection.X509Credentials is really a

1105

# generic GnuTLS certificate credentials object so long as

1106

# no X.509 keys are added to it. Therefore, we can use it

1107

# here despite using OpenPGP certificates.

1108

1109

#priority = u':'.join((u"NONE", u"+VERS-TLS1.1",

1110

# u"+AES-256-CBC", u"+SHA1",

1111

# u"+COMP-NULL", u"+CTYPE-OPENPGP",

1112

# u"+DHE-DSS"))

1113

# Use a fallback default, since this MUST be set.

1114

priority = self.server.gnutls_priority

1115

if priority is None:

1116

priority = u"NORMAL"

1117

(gnutls.library.functions

1118

.gnutls_priority_set_direct(session._c_object,

1119

priority, None))

1120

1121

# Start communication using the Mandos protocol

1122

# Get protocol number

1123

line = self.request.makefile().readline()

1124

logger.debug(u"Protocol version: %r", line)

1125

try:

1126

if int(line.strip().split()[0]) > 1:

1127

raise RuntimeError

1128

except (ValueError, IndexError, RuntimeError), error:

1129

logger.error(u"Unknown protocol version: %s", error)

1130

return

1131

1132

# Start GnuTLS connection

1133

try:

1134

session.handshake()

1135

except gnutls.errors.GNUTLSError, error:

1136

logger.warning(u"Handshake failed: %s", error)

1137

# Do not run session.bye() here: the session is not

1138

# established. Just abandon the request.

1139

return

1140

logger.debug(u"Handshake succeeded")

1141

1142

approval_required = False

1143

try:

1144

try:

1145

fpr = self.fingerprint(self.peer_certificate

1146

(session))

1147

except (TypeError, gnutls.errors.GNUTLSError), error:

1148

logger.warning(u"Bad certificate: %s", error)

1149

return

1150

logger.debug(u"Fingerprint: %s", fpr)

1151

1152

try:

1153

client = ProxyClient(child_pipe, fpr,

1154

self.client_address)

1155

except KeyError:

1156

return

1157

1158

if client.approved_delay:

1159

delay = client.approved_delay

1160

client.approvals_pending += 1

1161

approval_required = True

1162

1163

while True:

1164

if not client.enabled:

1165

logger.warning(u"Client %s is disabled",

1166

client.name)

1167

if self.server.use_dbus:

1168

# Emit D-Bus signal

1169

client.Rejected("Disabled")

1170

return

1171

1172

if client._approved or not client.approved_delay:

1173

#We are approved or approval is disabled

1174

break

1175

elif client._approved is None:

1176

logger.info(u"Client %s need approval",

1177

client.name)

1178

if self.server.use_dbus:

1179

# Emit D-Bus signal

1180

client.NeedApproval(

1181

client.approved_delay_milliseconds(),

1182

client.approved_by_default)

1183

else:

1184

logger.warning(u"Client %s was not approved",

1185

client.name)

1186

if self.server.use_dbus:

1187

# Emit D-Bus signal

1188

client.Rejected("Disapproved")

1189

return

1190

1191

#wait until timeout or approved

1192

#x = float(client._timedelta_to_milliseconds(delay))

1193

time = datetime.datetime.now()

1194

client.changedstate.acquire()

1195

client.changedstate.wait(float(client._timedelta_to_milliseconds(delay) / 1000))

1196

client.changedstate.release()

1197

time2 = datetime.datetime.now()

1198

if (time2 - time) >= delay:

1199

if not client.approved_by_default:

1200

logger.warning("Client %s timed out while"

1201

" waiting for approval",

1202

client.name)

1203

if self.server.use_dbus:

1204

# Emit D-Bus signal

1205

client.Rejected("Time out")

1206

return

1207

else:

1208

break

1209

else:

1210

delay -= time2 - time

1211

1212

sent_size = 0

1213

while sent_size < len(client.secret):

1214

# XXX handle session exception

1215

sent = session.send(client.secret[sent_size:])

1216

logger.debug(u"Sent: %d, remaining: %d",

1217

sent, len(client.secret)

1218

- (sent_size + sent))

1219

sent_size += sent

1220

1221

logger.info(u"Sending secret to %s", client.name)

1222

# bump the timeout as if seen

1223

client.checked_ok()

1224

if self.server.use_dbus:

1225

# Emit D-Bus signal

1226

client.GotSecret()

1227

1228

finally:

1229

if approval_required:

1230

client.approvals_pending -= 1

1231

session.bye()

1232

1233

@staticmethod

1234

def peer_certificate(session):

1235

"Return the peer's OpenPGP certificate as a bytestring"

1236

# If not an OpenPGP certificate...

1237

if (gnutls.library.functions

1238

.gnutls_certificate_type_get(session._c_object)

1239

!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):

1240

# ...do the normal thing

1241

return session.peer_certificate

1242

list_size = ctypes.c_uint(1)

1243

cert_list = (gnutls.library.functions

1244

.gnutls_certificate_get_peers

1245

(session._c_object, ctypes.byref(list_size)))

1246

if not bool(cert_list) and list_size.value != 0:

1247

raise gnutls.errors.GNUTLSError(u"error getting peer"

1248

u" certificate")

1249

if list_size.value == 0:

1250

return None

1251

cert = cert_list[0]

1252

return ctypes.string_at(cert.data, cert.size)

1253

1254

@staticmethod

1255

def fingerprint(openpgp):

1256

"Convert an OpenPGP bytestring to a hexdigit fingerprint"

1257

# New GnuTLS "datum" with the OpenPGP public key

1258

datum = (gnutls.library.types

1259

.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),

1260

ctypes.POINTER

1261

(ctypes.c_ubyte)),

1262

ctypes.c_uint(len(openpgp))))

1263

# New empty GnuTLS certificate

1264

crt = gnutls.library.types.gnutls_openpgp_crt_t()

1265

(gnutls.library.functions

1266

.gnutls_openpgp_crt_init(ctypes.byref(crt)))

1267

# Import the OpenPGP public key into the certificate

1268

(gnutls.library.functions

1269

.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),

1270

gnutls.library.constants

1271

.GNUTLS_OPENPGP_FMT_RAW))

1272

# Verify the self signature in the key

1273

crtverify = ctypes.c_uint()

1274

(gnutls.library.functions

1275

.gnutls_openpgp_crt_verify_self(crt, 0,

1276

ctypes.byref(crtverify)))

1277

if crtverify.value != 0:

1278

gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)

1279

raise (gnutls.errors.CertificateSecurityError

1280

(u"Verify failed"))

1281

# New buffer for the fingerprint

1282

buf = ctypes.create_string_buffer(20)

1283

buf_len = ctypes.c_size_t()

1284

# Get the fingerprint from the certificate into the buffer

1285

(gnutls.library.functions

1286

.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),

1287

ctypes.byref(buf_len)))

1288

# Deinit the certificate

1289

gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)

1290

# Convert the buffer to a Python bytestring

1291

fpr = ctypes.string_at(buf, buf_len.value)

1292

# Convert the bytestring to hexadecimal notation

1293

hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)

1294

return hex_fpr

1295

1296

1297

class MultiprocessingMixIn(object):

1298

"""Like socketserver.ThreadingMixIn, but with multiprocessing"""

1299

def sub_process_main(self, request, address):

1300

try:

1301

self.finish_request(request, address)

1302

except:

1303

self.handle_error(request, address)

1304

self.close_request(request)

1305

1306

def process_request(self, request, address):

1307

"""Start a new process to process the request."""

1308

multiprocessing.Process(target = self.sub_process_main,

1309

args = (request, address)).start()

1310

1311

class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):

1312

""" adds a pipe to the MixIn """

1313

def process_request(self, request, client_address):

1314

"""Overrides and wraps the original process_request().

1315

1316

This function creates a new pipe in self.pipe

1317

"""

1318

parent_pipe, self.child_pipe = multiprocessing.Pipe()

1319

1320

super(MultiprocessingMixInWithPipe,

1321

self).process_request(request, client_address)

1322

self.child_pipe.close()

1323

self.add_pipe(parent_pipe)

1324

1325

def add_pipe(self, parent_pipe):

1326

"""Dummy function; override as necessary"""

1327

pass

1328

1329

class IPv6_TCPServer(MultiprocessingMixInWithPipe,

1330

socketserver.TCPServer, object):

1331

"""IPv6-capable TCP server. Accepts 'None' as address and/or port

1332

310

logger.debug(u"TCP connection from: %s",

311

unicode(self.client_address))

312

session = gnutls.connection.ClientSession(self.request,

313

gnutls.connection.\

314

X509Credentials())

315

316

#priority = ':'.join(("NONE", "+VERS-TLS1.1", "+AES-256-CBC",

317

# "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",

318

# "+DHE-DSS"))

319

priority = "SECURE256"

320

321

gnutls.library.functions.gnutls_priority_set_direct\

322

(session._c_object, priority, None);

323

324

try:

325

session.handshake()

326

except gnutls.errors.GNUTLSError, error:

327

logger.debug(u"Handshake failed: %s", error)

328

# Do not run session.bye() here: the session is not

329

# established. Just abandon the request.

330

return

331

try:

332

fpr = fingerprint(peer_certificate(session))

333

except (TypeError, gnutls.errors.GNUTLSError), error:

334

logger.debug(u"Bad certificate: %s", error)

335

session.bye()

336

return

337

logger.debug(u"Fingerprint: %s", fpr)

338

client = None

339

for c in clients:

340

if c.fingerprint == fpr:

341

client = c

342

break

343

# Have to check if client.still_valid(), since it is possible

344

# that the client timed out while establishing the GnuTLS

345

# session.

346

if (not client) or (not client.still_valid()):

347

if client:

348

logger.debug(u"Client %(name)s is invalid",

349

vars(client))

350

else:

351

logger.debug(u"Client not found for fingerprint: %s",

352

fpr)

353

session.bye()

354

return

355

sent_size = 0

356

while sent_size < len(client.secret):

357

sent = session.send(client.secret[sent_size:])

358

logger.debug(u"Sent: %d, remaining: %d",

359

sent, len(client.secret)

360

- (sent_size + sent))

361

sent_size += sent

362

session.bye()

363

364

365

class IPv6_TCPServer(SocketServer.ForkingTCPServer, object):

366

"""IPv6 TCP server. Accepts 'None' as address and/or port.

1333

367

Attributes:

1334

enabled: Boolean; whether this server is activated yet

1335

interface: None or a network interface name (string)

1336

use_ipv6: Boolean; to use IPv6 or not

368

options: Command line options

369

clients: Set() of Client objects

1337

370

"""

1338

def __init__(self, server_address, RequestHandlerClass,

1339

interface=None, use_ipv6=True):

1340

self.interface = interface

1341

if use_ipv6:

1342

self.address_family = socket.AF_INET6

1343

socketserver.TCPServer.__init__(self, server_address,

1344

RequestHandlerClass)

371

address_family = socket.AF_INET6

372

def __init__(self, *args, **kwargs):

373

if "options" in kwargs:

374

self.options = kwargs["options"]

375

del kwargs["options"]

376

if "clients" in kwargs:

377

self.clients = kwargs["clients"]

378

del kwargs["clients"]

379

return super(type(self), self).__init__(*args, **kwargs)

1345

380

def server_bind(self):

1346

381

"""This overrides the normal server_bind() function

1347

382

to bind to an interface if one was specified, and also NOT to

1348

383

bind to an address or port if they were not specified."""

1349

if self.interface is not None:

1350

if SO_BINDTODEVICE is None:

1351

logger.error(u"SO_BINDTODEVICE does not exist;"

1352

u" cannot bind to interface %s",

1353

self.interface)

1354

else:

1355

try:

1356

self.socket.setsockopt(socket.SOL_SOCKET,

1357

SO_BINDTODEVICE,

1358

str(self.interface

1359

+ u'\0'))

1360

except socket.error, error:

1361

if error[0] == errno.EPERM:

1362

logger.error(u"No permission to"

1363

u" bind to interface %s",

1364

self.interface)

1365

elif error[0] == errno.ENOPROTOOPT:

1366

logger.error(u"SO_BINDTODEVICE not available;"

1367

u" cannot bind to interface %s",

1368

self.interface)

1369

else:

1370

raise

384

if self.options.interface:

385

if not hasattr(socket, "SO_BINDTODEVICE"):

386

# From /usr/include/asm-i486/socket.h

387

socket.SO_BINDTODEVICE = 25

388

try:

389

self.socket.setsockopt(socket.SOL_SOCKET,

390

socket.SO_BINDTODEVICE,

391

self.options.interface)

392

except socket.error, error:

393

if error[0] == errno.EPERM:

394

logger.warning(u"No permission to"

395

u" bind to interface %s",

396

self.options.interface)

397

else:

398

raise error

1371

399

# Only bind(2) the socket if we really need to.

1372

400

if self.server_address[0] or self.server_address[1]:

1373

401

if not self.server_address[0]:

1374

if self.address_family == socket.AF_INET6:

1375

any_address = u"::" # in6addr_any

1376

else:

1377

any_address = socket.INADDR_ANY

1378

self.server_address = (any_address,

402

in6addr_any = "::"

403

self.server_address = (in6addr_any,

1379

404

self.server_address[1])

1380

elif not self.server_address[1]:

405

elif self.server_address[1] is None:

1381

406

self.server_address = (self.server_address[0],

1382

407

0)

1383

# if self.interface:

1384

# self.server_address = (self.server_address[0],

1385

# 0, # port

1386

# 0, # flowinfo

1387

# if_nametoindex

1388

# (self.interface))

1389

return socketserver.TCPServer.server_bind(self)

1390

1391

1392

class MandosServer(IPv6_TCPServer):

1393

"""Mandos server.

1394

1395

Attributes:

1396

clients: set of Client objects

1397

gnutls_priority GnuTLS priority string

1398

use_dbus: Boolean; to emit D-Bus signals or not

1399

1400

Assumes a gobject.MainLoop event loop.

1401

"""

1402

def __init__(self, server_address, RequestHandlerClass,

1403

interface=None, use_ipv6=True, clients=None,

1404

gnutls_priority=None, use_dbus=True):

1405

self.enabled = False

1406

self.clients = clients

1407

if self.clients is None:

1408

self.clients = set()

1409

self.use_dbus = use_dbus

1410

self.gnutls_priority = gnutls_priority

1411

IPv6_TCPServer.__init__(self, server_address,

1412

RequestHandlerClass,

1413

interface = interface,

1414

use_ipv6 = use_ipv6)

1415

def server_activate(self):

1416

if self.enabled:

1417

return socketserver.TCPServer.server_activate(self)

1418

def enable(self):

1419

self.enabled = True

1420

def add_pipe(self, parent_pipe):

1421

# Call "handle_ipc" for both data and EOF events

1422

gobject.io_add_watch(parent_pipe.fileno(),

1423

gobject.IO_IN | gobject.IO_HUP,

1424

functools.partial(self.handle_ipc,

1425

parent_pipe = parent_pipe))

1426

1427

def handle_ipc(self, source, condition, parent_pipe=None,

1428

client_object=None):

1429

condition_names = {

1430

gobject.IO_IN: u"IN", # There is data to read.

1431

gobject.IO_OUT: u"OUT", # Data can be written (without

1432

# blocking).

1433

gobject.IO_PRI: u"PRI", # There is urgent data to read.

1434

gobject.IO_ERR: u"ERR", # Error condition.

1435

gobject.IO_HUP: u"HUP" # Hung up (the connection has been

1436

# broken, usually for pipes and

1437

# sockets).

1438

}

1439

conditions_string = ' | '.join(name

1440

for cond, name in

1441

condition_names.iteritems()

1442

if cond & condition)

1443

logger.debug(u"Handling IPC: FD = %d, condition = %s", source,

1444

conditions_string)

1445

1446

# error or the other end of multiprocessing.Pipe has closed

1447

if condition & gobject.IO_HUP or condition & gobject.IO_ERR:

1448

return False

1449

1450

# Read a request from the child

1451

request = parent_pipe.recv()

1452

logger.debug(u"IPC request: %s", repr(request))

1453

command = request[0]

1454

1455

if command == 'init':

1456

fpr = request[1]

1457

address = request[2]

1458

1459

for c in self.clients:

1460

if c.fingerprint == fpr:

1461

client = c

1462

break

1463

else:

1464

logger.warning(u"Client not found for fingerprint: %s, ad"

1465

u"dress: %s", fpr, address)

1466

if self.use_dbus:

1467

# Emit D-Bus signal

1468

mandos_dbus_service.ClientNotFound(fpr, address)

1469

parent_pipe.send(False)

1470

return False

1471

1472

gobject.io_add_watch(parent_pipe.fileno(),

1473

gobject.IO_IN | gobject.IO_HUP,

1474

functools.partial(self.handle_ipc,

1475

parent_pipe = parent_pipe,

1476

client_object = client))

1477

parent_pipe.send(True)

1478

# remove the old hook in favor of the new above hook on same fileno

1479

return False

1480

if command == 'funcall':

1481

funcname = request[1]

1482

args = request[2]

1483

kwargs = request[3]

1484

1485

parent_pipe.send(('data', getattr(client_object, funcname)(*args, **kwargs)))

1486

1487

if command == 'getattr':

1488

attrname = request[1]

1489

if callable(client_object.__getattribute__(attrname)):

1490

parent_pipe.send(('function',))

1491

else:

1492

parent_pipe.send(('data', client_object.__getattribute__(attrname)))

1493

1494

if command == 'setattr':

1495

attrname = request[1]

1496

value = request[2]

1497

setattr(client_object, attrname, value)

1498

1499

return True

408

return super(type(self), self).server_bind()

1500

409

1501

410

1502

411

def string_to_delta(interval):

1503

412

"""Parse a string and return a datetime.timedelta

1504

1505

>>> string_to_delta(u'7d')

413

414

>>> string_to_delta('7d')

1506

415

datetime.timedelta(7)

1507

>>> string_to_delta(u'60s')

416

>>> string_to_delta('60s')

1508

417

datetime.timedelta(0, 60)

1509

>>> string_to_delta(u'60m')

418

>>> string_to_delta('60m')

1510

419

datetime.timedelta(0, 3600)

1511

>>> string_to_delta(u'24h')

420

>>> string_to_delta('24h')

1512

421

datetime.timedelta(1)

1513

422

>>> string_to_delta(u'1w')

1514

423

datetime.timedelta(7)

1515

>>> string_to_delta(u'5m 30s')

1516

datetime.timedelta(0, 330)

1517

424

"""

1518

timevalue = datetime.timedelta(0)

1519

for s in interval.split():

1520

try:

1521

suffix = unicode(s[-1])

1522

value = int(s[:-1])

1523

if suffix == u"d":

1524

delta = datetime.timedelta(value)

1525

elif suffix == u"s":

1526

delta = datetime.timedelta(0, value)

1527

elif suffix == u"m":

1528

delta = datetime.timedelta(0, 0, 0, 0, value)

1529

elif suffix == u"h":

1530

delta = datetime.timedelta(0, 0, 0, 0, 0, value)

1531

elif suffix == u"w":

1532

delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)

1533

else:

1534

raise ValueError(u"Unknown suffix %r" % suffix)

1535

except (ValueError, IndexError), e:

1536

raise ValueError(e.message)

1537

timevalue += delta

1538

return timevalue

425

try:

426

suffix=unicode(interval[-1])

427

value=int(interval[:-1])

428

if suffix == u"d":

429

delta = datetime.timedelta(value)

430

elif suffix == u"s":

431

delta = datetime.timedelta(0, value)

432

elif suffix == u"m":

433

delta = datetime.timedelta(0, 0, 0, 0, value)

434

elif suffix == u"h":

435

delta = datetime.timedelta(0, 0, 0, 0, 0, value)

436

elif suffix == u"w":

437

delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)

438

else:

439

raise ValueError

440

except (ValueError, IndexError):

441

raise ValueError

442

return delta

443

444

445

def add_service():

446

"""From the Avahi server example code"""

447

global group, serviceName, serviceType, servicePort, serviceTXT, \

448

domain, host

449

if group is None:

450

group = dbus.Interface(

451

bus.get_object( avahi.DBUS_NAME,

452

server.EntryGroupNew()),

453

avahi.DBUS_INTERFACE_ENTRY_GROUP)

454

group.connect_to_signal('StateChanged',

455

entry_group_state_changed)

456

logger.debug(u"Adding service '%s' of type '%s' ...",

457

serviceName, serviceType)

458

459

group.AddService(

460

serviceInterface, # interface

461

avahi.PROTO_INET6, # protocol

462

dbus.UInt32(0), # flags

463

serviceName, serviceType,

464

domain, host,

465

dbus.UInt16(servicePort),

466

avahi.string_array_to_txt_array(serviceTXT))

467

group.Commit()

468

469

470

def remove_service():

471

"""From the Avahi server example code"""

472

global group

473

474

if not group is None:

475

group.Reset()

476

477

478

def server_state_changed(state):

479

"""From the Avahi server example code"""

480

if state == avahi.SERVER_COLLISION:

481

logger.warning(u"Server name collision")

482

remove_service()

483

elif state == avahi.SERVER_RUNNING:

484

add_service()

485

486

487

def entry_group_state_changed(state, error):

488

"""From the Avahi server example code"""

489

global serviceName, server, rename_count

490

491

logger.debug(u"state change: %i", state)

492

493

if state == avahi.ENTRY_GROUP_ESTABLISHED:

494

logger.debug(u"Service established.")

495

elif state == avahi.ENTRY_GROUP_COLLISION:

496

497

rename_count = rename_count - 1

498

if rename_count > 0:

499

name = server.GetAlternativeServiceName(name)

500

logger.warning(u"Service name collision, "

501

u"changing name to '%s' ...", name)

502

remove_service()

503

add_service()

504

505

else:

506

logger.error(u"No suitable service name found "

507

u"after %i retries, exiting.",

508

n_rename)

509

main_loop.quit()

510

elif state == avahi.ENTRY_GROUP_FAILURE:

511

logger.error(u"Error in group state changed %s",

512

unicode(error))

513

main_loop.quit()

514

return

1539

515

1540

516

1541

517

def if_nametoindex(interface):

1542

"""Call the C function if_nametoindex(), or equivalent

1543

1544

Note: This function cannot accept a unicode string."""

1545

global if_nametoindex

518

"""Call the C function if_nametoindex()"""

1546

519

try:

1547

if_nametoindex = (ctypes.cdll.LoadLibrary

1548

(ctypes.util.find_library(u"c"))

1549

.if_nametoindex)

520

libc = ctypes.cdll.LoadLibrary("libc.so.6")

521

return libc.if_nametoindex(interface)

1550

522

except (OSError, AttributeError):

1551

logger.warning(u"Doing if_nametoindex the hard way")

1552

def if_nametoindex(interface):

1553

"Get an interface index the hard way, i.e. using fcntl()"

1554

SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h

1555

with contextlib.closing(socket.socket()) as s:

1556

ifreq = fcntl.ioctl(s, SIOCGIFINDEX,

1557

struct.pack(str(u"16s16x"),

1558

interface))

1559

interface_index = struct.unpack(str(u"I"),

1560

ifreq[16:20])[0]

1561

return interface_index

1562

return if_nametoindex(interface)

1563

1564

1565

def daemon(nochdir = False, noclose = False):

1566

"""See daemon(3). Standard BSD Unix function.

1567

1568

This should really exist as os.daemon, but it doesn't (yet)."""

1569

if os.fork():

1570

sys.exit()

1571

os.setsid()

1572

if not nochdir:

1573

os.chdir(u"/")

1574

if os.fork():

1575

sys.exit()

1576

if not noclose:

1577

# Close all standard open file descriptors

1578

null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)

1579

if not stat.S_ISCHR(os.fstat(null).st_mode):

1580

raise OSError(errno.ENODEV,

1581

u"%s not a character device"

1582

% os.path.devnull)

1583

os.dup2(null, sys.stdin.fileno())

1584

os.dup2(null, sys.stdout.fileno())

1585

os.dup2(null, sys.stderr.fileno())

1586

if null > 2:

1587

os.close(null)

1588

1589

1590

def main():

1591

1592

##################################################################

1593

# Parsing of options, both command line and config file

1594

1595

parser = optparse.OptionParser(version = "%%prog %s" % version)

1596

parser.add_option("-i", u"--interface", type=u"string",

1597

metavar="IF", help=u"Bind to interface IF")

1598

parser.add_option("-a", u"--address", type=u"string",

1599

help=u"Address to listen for requests on")

1600

parser.add_option("-p", u"--port", type=u"int",

1601

help=u"Port number to receive requests on")

1602

parser.add_option("--check", action=u"store_true",

1603

help=u"Run self-test")

1604

parser.add_option("--debug", action=u"store_true",

1605

help=u"Debug mode; run in foreground and log to"

1606

u" terminal")

1607

parser.add_option("--priority", type=u"string", help=u"GnuTLS"

1608

u" priority string (see GnuTLS documentation)")

1609

parser.add_option("--servicename", type=u"string",

1610

metavar=u"NAME", help=u"Zeroconf service name")

1611

parser.add_option("--configdir", type=u"string",

1612

default=u"/etc/mandos", metavar=u"DIR",

1613

help=u"Directory to search for configuration"

1614

u" files")

1615

parser.add_option("--no-dbus", action=u"store_false",

1616

dest=u"use_dbus", help=u"Do not provide D-Bus"

1617

u" system bus interface")

1618

parser.add_option("--no-ipv6", action=u"store_false",

1619

dest=u"use_ipv6", help=u"Do not use IPv6")

1620

options = parser.parse_args()[0]

523

if "struct" not in sys.modules:

524

import struct

525

if "fcntl" not in sys.modules:

526

import fcntl

527

SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h

528

s = socket.socket()

529

ifreq = fcntl.ioctl(s, SIOCGIFINDEX,

530

struct.pack("16s16x", interface))

531

s.close()

532

interface_index = struct.unpack("I", ifreq[16:20])[0]

533

return interface_index

534

535

536

if __name__ == '__main__':

537

parser = OptionParser()

538

parser.add_option("-i", "--interface", type="string",

539

default=None, metavar="IF",

540

help="Bind to interface IF")

541

parser.add_option("--cert", type="string", default="cert.pem",

542

metavar="FILE",

543

help="Public key certificate PEM file to use")

544

parser.add_option("--key", type="string", default="key.pem",

545

metavar="FILE",

546

help="Private key PEM file to use")

547

parser.add_option("--ca", type="string", default="ca.pem",

548

metavar="FILE",

549

help="Certificate Authority certificate PEM file to use")

550

parser.add_option("--crl", type="string", default="crl.pem",

551

metavar="FILE",

552

help="Certificate Revokation List PEM file to use")

553

parser.add_option("-p", "--port", type="int", default=None,

554

help="Port number to receive requests on")

555

parser.add_option("--timeout", type="string", # Parsed later

556

default="1h",

557

help="Amount of downtime allowed for clients")

558

parser.add_option("--interval", type="string", # Parsed later

559

default="5m",

560

help="How often to check that a client is up")

561

parser.add_option("--check", action="store_true", default=False,

562

help="Run self-test")

563

parser.add_option("--debug", action="store_true", default=False,

564

help="Debug mode")

565

(options, args) = parser.parse_args()

1621

566

1622

567

if options.check:

1623

568

import doctest

1624

569

doctest.testmod()

1625

570

sys.exit()

1626

571

1627

# Default values for config file for server-global settings

1628

server_defaults = { u"interface": u"",

1629

u"address": u"",

1630

u"port": u"",

1631

u"debug": u"False",

1632

u"priority":

1633

u"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",

1634

u"servicename": u"Mandos",

1635

u"use_dbus": u"True",

1636

u"use_ipv6": u"True",

1637

}

1638

1639

# Parse config file for server-global settings

1640

server_config = configparser.SafeConfigParser(server_defaults)

1641

del server_defaults

1642

server_config.read(os.path.join(options.configdir,

1643

u"mandos.conf"))

1644

# Convert the SafeConfigParser object to a dict

1645

server_settings = server_config.defaults()

1646

# Use the appropriate methods on the non-string config options

1647

for option in (u"debug", u"use_dbus", u"use_ipv6"):

1648

server_settings[option] = server_config.getboolean(u"DEFAULT",

1649

option)

1650

if server_settings["port"]:

1651

server_settings["port"] = server_config.getint(u"DEFAULT",

1652

u"port")

1653

del server_config

1654

1655

# Override the settings from the config file with command line

1656

# options, if set.

1657

for option in (u"interface", u"address", u"port", u"debug",

1658

u"priority", u"servicename", u"configdir",

1659

u"use_dbus", u"use_ipv6"):

1660

value = getattr(options, option)

1661

if value is not None:

1662

server_settings[option] = value

1663

del options

1664

# Force all strings to be unicode

1665

for option in server_settings.keys():

1666

if type(server_settings[option]) is str:

1667

server_settings[option] = unicode(server_settings[option])

1668

# Now we have our good server settings in "server_settings"

1669

1670

##################################################################

1671

1672

# For convenience

1673

debug = server_settings[u"debug"]

1674

use_dbus = server_settings[u"use_dbus"]

1675

use_ipv6 = server_settings[u"use_ipv6"]

1676

1677

if not debug:

1678

syslogger.setLevel(logging.WARNING)

1679

console.setLevel(logging.WARNING)

1680

1681

if server_settings[u"servicename"] != u"Mandos":

1682

syslogger.setFormatter(logging.Formatter

1683

(u'Mandos (%s) [%%(process)d]:'

1684

u' %%(levelname)s: %%(message)s'

1685

% server_settings[u"servicename"]))

1686

1687

# Parse config file with clients

1688

client_defaults = { u"timeout": u"1h",

1689

u"interval": u"5m",

1690

u"checker": u"fping -q -- %%(host)s",

1691

u"host": u"",

1692

u"approved_delay": u"5m",

1693

u"approved_duration": u"1s",

1694

}

1695

client_config = configparser.SafeConfigParser(client_defaults)

1696

client_config.read(os.path.join(server_settings[u"configdir"],

1697

u"clients.conf"))

1698

1699

global mandos_dbus_service

1700

mandos_dbus_service = None

1701

1702

tcp_server = MandosServer((server_settings[u"address"],

1703

server_settings[u"port"]),

1704

ClientHandler,

1705

interface=server_settings[u"interface"],

1706

use_ipv6=use_ipv6,

1707

gnutls_priority=

1708

server_settings[u"priority"],

1709

use_dbus=use_dbus)

1710

pidfilename = u"/var/run/mandos.pid"

1711

try:

1712

pidfile = open(pidfilename, u"w")

1713

except IOError:

1714

logger.error(u"Could not open file %r", pidfilename)

1715

1716

try:

1717

uid = pwd.getpwnam(u"_mandos").pw_uid

1718

gid = pwd.getpwnam(u"_mandos").pw_gid

1719

except KeyError:

1720

try:

1721

uid = pwd.getpwnam(u"mandos").pw_uid

1722

gid = pwd.getpwnam(u"mandos").pw_gid

1723

except KeyError:

1724

try:

1725

uid = pwd.getpwnam(u"nobody").pw_uid

1726

gid = pwd.getpwnam(u"nobody").pw_gid

1727

except KeyError:

1728

uid = 65534

1729

gid = 65534

1730

try:

1731

os.setgid(gid)

1732

os.setuid(uid)

1733

except OSError, error:

1734

if error[0] != errno.EPERM:

1735

raise error

1736

1737

# Enable all possible GnuTLS debugging

1738

if debug:

1739

# "Use a log level over 10 to enable all debugging options."

1740

# - GnuTLS manual

1741

gnutls.library.functions.gnutls_global_set_log_level(11)

1742

1743

@gnutls.library.types.gnutls_log_func

1744

def debug_gnutls(level, string):

1745

logger.debug(u"GnuTLS: %s", string[:-1])

1746

1747

(gnutls.library.functions

1748

.gnutls_global_set_log_function(debug_gnutls))

1749

1750

global main_loop

1751

# From the Avahi example code

572

# Parse the time arguments

573

try:

574

options.timeout = string_to_delta(options.timeout)

575

except ValueError:

576

parser.error("option --timeout: Unparseable time")

577

try:

578

options.interval = string_to_delta(options.interval)

579

except ValueError:

580

parser.error("option --interval: Unparseable time")

581

582

# Parse config file

583

defaults = { "checker": "sleep 1; fping -q -- %%(fqdn)s" }

584

client_config = ConfigParser.SafeConfigParser(defaults)

585

#client_config.readfp(open("secrets.conf"), "secrets.conf")

586

client_config.read("mandos-clients.conf")

587

588

# From the Avahi server example code

1752

589

DBusGMainLoop(set_as_default=True )

1753

590

main_loop = gobject.MainLoop()

1754

591

bus = dbus.SystemBus()

1755

# End of Avahi example code

1756

if use_dbus:

1757

try:

1758

bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos",

1759

bus, do_not_queue=True)

1760

except dbus.exceptions.NameExistsException, e:

1761

logger.error(unicode(e) + u", disabling D-Bus")

1762

use_dbus = False

1763

server_settings[u"use_dbus"] = False

1764

tcp_server.use_dbus = False

1765

protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET

1766

service = AvahiService(name = server_settings[u"servicename"],

1767

servicetype = u"_mandos._tcp",

1768

protocol = protocol, bus = bus)

1769

if server_settings["interface"]:

1770

service.interface = (if_nametoindex

1771

(str(server_settings[u"interface"])))

1772

1773

global multiprocessing_manager

1774

multiprocessing_manager = multiprocessing.Manager()

1775

1776

client_class = Client

1777

if use_dbus:

1778

client_class = functools.partial(ClientDBus, bus = bus)

1779

def client_config_items(config, section):

1780

special_settings = {

1781

"approved_by_default":

1782

lambda: config.getboolean(section,

1783

"approved_by_default"),

1784

}

1785

for name, value in config.items(section):

1786

try:

1787

yield (name, special_settings[name]())

1788

except KeyError:

1789

yield (name, value)

1790

1791

tcp_server.clients.update(set(

1792

client_class(name = section,

1793

config= dict(client_config_items(

1794

client_config, section)))

1795

for section in client_config.sections()))

1796

if not tcp_server.clients:

1797

logger.warning(u"No clients defined")

1798

1799

if debug:

1800

# Redirect stdin so all checkers get /dev/null

1801

null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)

1802

os.dup2(null, sys.stdin.fileno())

1803

if null > 2:

1804

os.close(null)

1805

else:

1806

# No console logging

1807

logger.removeHandler(console)

1808

# Close all input and output, do double fork, etc.

1809

daemon()

1810

1811

try:

1812

with pidfile:

1813

pid = os.getpid()

1814

pidfile.write(str(pid) + "\n")

1815

del pidfile

1816

except IOError:

1817

logger.error(u"Could not write to file %r with PID %d",

1818

pidfilename, pid)

1819

except NameError:

1820

# "pidfile" was never created

1821

pass

1822

del pidfilename

1823

1824

if not debug:

1825

signal.signal(signal.SIGINT, signal.SIG_IGN)

1826

signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())

1827

signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())

1828

1829

if use_dbus:

1830

class MandosDBusService(dbus.service.Object):

1831

"""A D-Bus proxy object"""

1832

def __init__(self):

1833

dbus.service.Object.__init__(self, bus, u"/")

1834

_interface = u"se.bsnet.fukt.Mandos"

1835

1836

@dbus.service.signal(_interface, signature=u"o")

1837

def ClientAdded(self, objpath):

1838

"D-Bus signal"

1839

pass

1840

1841

@dbus.service.signal(_interface, signature=u"ss")

1842

def ClientNotFound(self, fingerprint, address):

1843

"D-Bus signal"

1844

pass

1845

1846

@dbus.service.signal(_interface, signature=u"os")

1847

def ClientRemoved(self, objpath, name):

1848

"D-Bus signal"

1849

pass

1850

1851

@dbus.service.method(_interface, out_signature=u"ao")

1852

def GetAllClients(self):

1853

"D-Bus method"

1854

return dbus.Array(c.dbus_object_path

1855

for c in tcp_server.clients)

1856

1857

@dbus.service.method(_interface,

1858

out_signature=u"a{oa{sv}}")

1859

def GetAllClientsWithProperties(self):

1860

"D-Bus method"

1861

return dbus.Dictionary(

1862

((c.dbus_object_path, c.GetAll(u""))

1863

for c in tcp_server.clients),

1864

signature=u"oa{sv}")

1865

1866

@dbus.service.method(_interface, in_signature=u"o")

1867

def RemoveClient(self, object_path):

1868

"D-Bus method"

1869

for c in tcp_server.clients:

1870

if c.dbus_object_path == object_path:

1871

tcp_server.clients.remove(c)

1872

c.remove_from_connection()

1873

# Don't signal anything except ClientRemoved

1874

c.disable(quiet=True)

1875

# Emit D-Bus signal

1876

self.ClientRemoved(object_path, c.name)

1877

return

1878

raise KeyError(object_path)

1879

1880

del _interface

1881

1882

mandos_dbus_service = MandosDBusService()

1883

1884

def cleanup():

1885

"Cleanup function; run on exit"

1886

service.cleanup()

1887

1888

while tcp_server.clients:

1889

client = tcp_server.clients.pop()

1890

if use_dbus:

1891

client.remove_from_connection()

1892

client.disable_hook = None

1893

# Don't signal anything except ClientRemoved

1894

client.disable(quiet=True)

1895

if use_dbus:

1896

# Emit D-Bus signal

1897

mandos_dbus_service.ClientRemoved(client.dbus_object_path,

1898

client.name)

1899

1900

atexit.register(cleanup)

1901

1902

for client in tcp_server.clients:

1903

if use_dbus:

1904

# Emit D-Bus signal

1905

mandos_dbus_service.ClientAdded(client.dbus_object_path)

1906

client.enable()

1907

1908

tcp_server.enable()

1909

tcp_server.server_activate()

1910

1911

# Find out what port we got

1912

service.port = tcp_server.socket.getsockname()[1]

1913

if use_ipv6:

1914

logger.info(u"Now listening on address %r, port %d,"

1915

" flowinfo %d, scope_id %d"

1916

% tcp_server.socket.getsockname())

1917

else: # IPv4

1918

logger.info(u"Now listening on address %r, port %d"

1919

% tcp_server.socket.getsockname())

1920

1921

#service.interface = tcp_server.socket.getsockname()[3]

1922

1923

try:

1924

# From the Avahi example code

1925

try:

1926

service.activate()

1927

except dbus.exceptions.DBusException, error:

1928

logger.critical(u"DBusException: %s", error)

1929

cleanup()

1930

sys.exit(1)

1931

# End of Avahi example code

1932

1933

gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,

1934

lambda *args, **kwargs:

1935

(tcp_server.handle_request

1936

(*args[2:], **kwargs) or True))

1937

1938

logger.debug(u"Starting main loop")

592

server = dbus.Interface(

593

bus.get_object( avahi.DBUS_NAME, avahi.DBUS_PATH_SERVER ),

594

avahi.DBUS_INTERFACE_SERVER )

595

# End of Avahi example code

596

597

debug = options.debug

598

599

clients = Set()

600

def remove_from_clients(client):

601

clients.remove(client)

602

if not clients:

603

logger.debug(u"No clients left, exiting")

604

main_loop.quit()

605

606

clients.update(Set(Client(name=section, options=options,

607

stop_hook = remove_from_clients,

608

**(dict(client_config\

609

.items(section))))

610

for section in client_config.sections()))

611

for client in clients:

612

client.start()

613

614

tcp_server = IPv6_TCPServer((None, options.port),

615

tcp_handler,

616

options=options,

617

clients=clients)

618

# Find out what random port we got

619

servicePort = tcp_server.socket.getsockname()[1]

620

logger.debug(u"Now listening on port %d", servicePort)

621

622

if options.interface is not None:

623

serviceInterface = if_nametoindex(options.interface)

624

625

# From the Avahi server example code

626

server.connect_to_signal("StateChanged", server_state_changed)

627

server_state_changed(server.GetState())

628

# End of Avahi example code

629

630

gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,

631

lambda *args, **kwargs:

632

tcp_server.handle_request(*args[2:],

633

**kwargs) or True)

634

try:

1939

635

main_loop.run()

1940

except AvahiError, error:

1941

logger.critical(u"AvahiError: %s", error)

1942

cleanup()

1943

sys.exit(1)

1944

636

except KeyboardInterrupt:

1945

if debug:

1946

print >> sys.stderr

1947

logger.debug(u"Server received KeyboardInterrupt")

1948

logger.debug(u"Server exiting")

1949

# Must run before the D-Bus bus name gets deregistered

1950

cleanup()

637

print

638

639

# Cleanup here

1951

640

1952

if __name__ == '__main__':

1953

main()

641

# From the Avahi server example code

642

if not group is None:

643

group.Free()

644

# End of Avahi example code

645

646

for client in clients:

647

client.stop_hook = None

648

client.stop()