/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos

  • Committer: Teddy Hogeborn
  • Date: 2008-09-24 23:12:49 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080924231249-0xhjl5ydrbcjvce7
* debian/mandos-client.lintian-overrides: Ignore setuid
                                          "plugins.d/usplash".

Show diffs side-by-side

added added

removed removed

Lines of Context:
11
11
# and some lines in "main".
12
12
13
13
# Everything else is
14
 
# Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
 
14
# Copyright © 2008 Teddy Hogeborn & Björn Påhlsson
15
15
16
16
# This program is free software: you can redistribute it and/or modify
17
17
# it under the terms of the GNU General Public License as published by
55
55
import stat
56
56
import logging
57
57
import logging.handlers
 
58
import pwd
58
59
 
59
60
import dbus
60
61
import gobject
517
518
    Attributes:
518
519
        settings:       Server settings
519
520
        clients:        Set() of Client objects
 
521
        enabled:        Boolean; whether this server is activated yet
520
522
    """
521
523
    address_family = socket.AF_INET6
522
524
    def __init__(self, *args, **kwargs):
526
528
        if "clients" in kwargs:
527
529
            self.clients = kwargs["clients"]
528
530
            del kwargs["clients"]
 
531
        self.enabled = False
529
532
        return super(type(self), self).__init__(*args, **kwargs)
530
533
    def server_bind(self):
531
534
        """This overrides the normal server_bind() function
562
565
#                                            (self.settings
563
566
#                                             ["interface"]))
564
567
            return super(type(self), self).server_bind()
 
568
    def server_activate(self):
 
569
        if self.enabled:
 
570
            return super(type(self), self).server_activate()
 
571
    def enable(self):
 
572
        self.enabled = True
565
573
 
566
574
 
567
575
def string_to_delta(interval):
758
766
    client_config.read(os.path.join(server_settings["configdir"],
759
767
                                    "clients.conf"))
760
768
    
 
769
    clients = Set()
 
770
    tcp_server = IPv6_TCPServer((server_settings["address"],
 
771
                                 server_settings["port"]),
 
772
                                tcp_handler,
 
773
                                settings=server_settings,
 
774
                                clients=clients)
 
775
    pidfilename = "/var/run/mandos.pid"
 
776
    try:
 
777
        pidfile = open(pidfilename, "w")
 
778
    except IOError, error:
 
779
        logger.error("Could not open file %r", pidfilename)
 
780
    
 
781
    uid = 65534
 
782
    gid = 65534
 
783
    try:
 
784
        uid = pwd.getpwnam("mandos").pw_uid
 
785
    except KeyError:
 
786
        try:
 
787
            uid = pwd.getpwnam("nobody").pw_uid
 
788
        except KeyError:
 
789
            pass
 
790
    try:
 
791
        gid = pwd.getpwnam("mandos").pw_gid
 
792
    except KeyError:
 
793
        try:
 
794
            gid = pwd.getpwnam("nogroup").pw_gid
 
795
        except KeyError:
 
796
            pass
 
797
    try:
 
798
        os.setuid(uid)
 
799
        os.setgid(gid)
 
800
    except OSError, error:
 
801
        if error[0] != errno.EPERM:
 
802
            raise error
 
803
    
761
804
    global service
762
805
    service = AvahiService(name = server_settings["servicename"],
763
806
                           type = "_mandos._tcp", );
777
820
                            avahi.DBUS_INTERFACE_SERVER)
778
821
    # End of Avahi example code
779
822
    
780
 
    clients = Set()
781
823
    def remove_from_clients(client):
782
824
        clients.remove(client)
783
825
        if not clients:
805
847
        # Close all input and output, do double fork, etc.
806
848
        daemon()
807
849
    
808
 
    pidfilename = "/var/run/mandos/mandos.pid"
809
 
    pid = os.getpid()
810
850
    try:
811
 
        pidfile = open(pidfilename, "w")
 
851
        pid = os.getpid()
812
852
        pidfile.write(str(pid) + "\n")
813
853
        pidfile.close()
814
854
        del pidfile
815
855
    except IOError, err:
816
 
        logger.error(u"Could not write %s file with PID %d",
817
 
                     pidfilename, os.getpid())
 
856
        logger.error(u"Could not write to file %r with PID %d",
 
857
                     pidfilename, pid)
 
858
    except NameError:
 
859
        # "pidfile" was never created
 
860
        pass
 
861
    del pidfilename
818
862
    
819
863
    def cleanup():
820
864
        "Cleanup function; run on exit"
840
884
    for client in clients:
841
885
        client.start()
842
886
    
843
 
    tcp_server = IPv6_TCPServer((server_settings["address"],
844
 
                                 server_settings["port"]),
845
 
                                tcp_handler,
846
 
                                settings=server_settings,
847
 
                                clients=clients)
 
887
    tcp_server.enable()
 
888
    tcp_server.server_activate()
 
889
    
848
890
    # Find out what port we got
849
891
    service.port = tcp_server.socket.getsockname()[1]
850
892
    logger.info(u"Now listening on address %r, port %d, flowinfo %d,"