/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos

Miscellaneous fixes prompted by lintian:

* debian/control (Conflicts): Changed to "Breaks:".
* debian/copyright: Updated format.
* debian/mandos-client.postinst: Use "set -e" instead of "#!/bin/sh -e".
* debian/mandos-client.postrm: - '' -
* debian/mandos.postinst: - '' -
* debian/mandos.prerm: Consistent magic.
* mandos: Small comment change.
* mandos-clients.conf.xml (OPTIONS/extended_timeout): Fix spelling.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos
63
63
import cPickle as pickle
64
64
import multiprocessing
65
65
import types
66
 
import binascii
67
 
import tempfile
68
66
 
69
67
import dbus
70
68
import dbus.service
75
73
import ctypes.util
76
74
import xml.dom.minidom
77
75
import inspect
78
 
import GnuPGInterface
79
76
 
80
77
try:
81
78
    SO_BINDTODEVICE = socket.SO_BINDTODEVICE
85
82
    except ImportError:
86
83
        SO_BINDTODEVICE = None
87
84
 
88
 
version = "1.4.1"
89
 
stored_state_file = "clients.pickle"
90
 
 
91
 
logger = logging.getLogger()
 
85
 
 
86
version = "1.4.0"
 
87
 
 
88
#logger = logging.getLogger('mandos')
 
89
logger = logging.Logger('mandos')
92
90
syslogger = (logging.handlers.SysLogHandler
93
91
             (facility = logging.handlers.SysLogHandler.LOG_DAEMON,
94
92
              address = str("/dev/log")))
95
 
 
96
 
try:
97
 
    if_nametoindex = (ctypes.cdll.LoadLibrary
98
 
                      (ctypes.util.find_library("c"))
99
 
                      .if_nametoindex)
100
 
except (OSError, AttributeError):
101
 
    def if_nametoindex(interface):
102
 
        "Get an interface index the hard way, i.e. using fcntl()"
103
 
        SIOCGIFINDEX = 0x8933  # From /usr/include/linux/sockios.h
104
 
        with contextlib.closing(socket.socket()) as s:
105
 
            ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
106
 
                                struct.pack(str("16s16x"),
107
 
                                            interface))
108
 
        interface_index = struct.unpack(str("I"),
109
 
                                        ifreq[16:20])[0]
110
 
        return interface_index
111
 
 
112
 
 
113
 
def initlogger(level=logging.WARNING):
114
 
    """init logger and add loglevel"""
115
 
    
116
 
    syslogger.setFormatter(logging.Formatter
117
 
                           ('Mandos [%(process)d]: %(levelname)s:'
118
 
                            ' %(message)s'))
119
 
    logger.addHandler(syslogger)
120
 
    
121
 
    console = logging.StreamHandler()
122
 
    console.setFormatter(logging.Formatter('%(asctime)s %(name)s'
123
 
                                           ' [%(process)d]:'
124
 
                                           ' %(levelname)s:'
125
 
                                           ' %(message)s'))
126
 
    logger.addHandler(console)
127
 
    logger.setLevel(level)
128
 
 
129
 
 
130
 
class PGPError(Exception):
131
 
    """Exception if encryption/decryption fails"""
132
 
    pass
133
 
 
134
 
 
135
 
class PGPEngine(object):
136
 
    """A simple class for OpenPGP symmetric encryption & decryption"""
137
 
    def __init__(self):
138
 
        self.gnupg = GnuPGInterface.GnuPG()
139
 
        self.tempdir = tempfile.mkdtemp(prefix="mandos-")
140
 
        self.gnupg = GnuPGInterface.GnuPG()
141
 
        self.gnupg.options.meta_interactive = False
142
 
        self.gnupg.options.homedir = self.tempdir
143
 
        self.gnupg.options.extra_args.extend(['--force-mdc',
144
 
                                              '--quiet'])
145
 
    
146
 
    def __enter__(self):
147
 
        return self
148
 
    
149
 
    def __exit__ (self, exc_type, exc_value, traceback):
150
 
        self._cleanup()
151
 
        return False
152
 
    
153
 
    def __del__(self):
154
 
        self._cleanup()
155
 
    
156
 
    def _cleanup(self):
157
 
        if self.tempdir is not None:
158
 
            # Delete contents of tempdir
159
 
            for root, dirs, files in os.walk(self.tempdir,
160
 
                                             topdown = False):
161
 
                for filename in files:
162
 
                    os.remove(os.path.join(root, filename))
163
 
                for dirname in dirs:
164
 
                    os.rmdir(os.path.join(root, dirname))
165
 
            # Remove tempdir
166
 
            os.rmdir(self.tempdir)
167
 
            self.tempdir = None
168
 
    
169
 
    def password_encode(self, password):
170
 
        # Passphrase can not be empty and can not contain newlines or
171
 
        # NUL bytes.  So we prefix it and hex encode it.
172
 
        return b"mandos" + binascii.hexlify(password)
173
 
    
174
 
    def encrypt(self, data, password):
175
 
        self.gnupg.passphrase = self.password_encode(password)
176
 
        with open(os.devnull) as devnull:
177
 
            try:
178
 
                proc = self.gnupg.run(['--symmetric'],
179
 
                                      create_fhs=['stdin', 'stdout'],
180
 
                                      attach_fhs={'stderr': devnull})
181
 
                with contextlib.closing(proc.handles['stdin']) as f:
182
 
                    f.write(data)
183
 
                with contextlib.closing(proc.handles['stdout']) as f:
184
 
                    ciphertext = f.read()
185
 
                proc.wait()
186
 
            except IOError as e:
187
 
                raise PGPError(e)
188
 
        self.gnupg.passphrase = None
189
 
        return ciphertext
190
 
    
191
 
    def decrypt(self, data, password):
192
 
        self.gnupg.passphrase = self.password_encode(password)
193
 
        with open(os.devnull) as devnull:
194
 
            try:
195
 
                proc = self.gnupg.run(['--decrypt'],
196
 
                                      create_fhs=['stdin', 'stdout'],
197
 
                                      attach_fhs={'stderr': devnull})
198
 
                with contextlib.closing(proc.handles['stdin'] ) as f:
199
 
                    f.write(data)
200
 
                with contextlib.closing(proc.handles['stdout']) as f:
201
 
                    decrypted_plaintext = f.read()
202
 
                proc.wait()
203
 
            except IOError as e:
204
 
                raise PGPError(e)
205
 
        self.gnupg.passphrase = None
206
 
        return decrypted_plaintext
207
 
 
208
 
 
 
93
syslogger.setFormatter(logging.Formatter
 
94
                       ('Mandos [%(process)d]: %(levelname)s:'
 
95
                        ' %(message)s'))
 
96
logger.addHandler(syslogger)
 
97
 
 
98
console = logging.StreamHandler()
 
99
console.setFormatter(logging.Formatter('%(name)s [%(process)d]:'
 
100
                                       ' %(levelname)s:'
 
101
                                       ' %(message)s'))
 
102
logger.addHandler(console)
209
103
 
210
104
class AvahiError(Exception):
211
105
    def __init__(self, value, *args, **kwargs):
270
164
                            .GetAlternativeServiceName(self.name))
271
165
        logger.info("Changing Zeroconf service name to %r ...",
272
166
                    self.name)
 
167
        syslogger.setFormatter(logging.Formatter
 
168
                               ('Mandos (%s) [%%(process)d]:'
 
169
                                ' %%(levelname)s: %%(message)s'
 
170
                                % self.name))
273
171
        self.remove()
274
172
        try:
275
173
            self.add()
295
193
                avahi.DBUS_INTERFACE_ENTRY_GROUP)
296
194
        self.entry_group_state_changed_match = (
297
195
            self.group.connect_to_signal(
298
 
                'StateChanged', self.entry_group_state_changed))
 
196
                'StateChanged', self .entry_group_state_changed))
299
197
        logger.debug("Adding Zeroconf service '%s' of type '%s' ...",
300
198
                     self.name, self.type)
301
199
        self.group.AddService(
327
225
            try:
328
226
                self.group.Free()
329
227
            except (dbus.exceptions.UnknownMethodException,
330
 
                    dbus.exceptions.DBusException):
 
228
                    dbus.exceptions.DBusException) as e:
331
229
                pass
332
230
            self.group = None
333
231
        self.remove()
367
265
                                 self.server_state_changed)
368
266
        self.server_state_changed(self.server.GetState())
369
267
 
370
 
class AvahiServiceToSyslog(AvahiService):
371
 
    def rename(self):
372
 
        """Add the new name to the syslog messages"""
373
 
        ret = AvahiService.rename(self)
374
 
        syslogger.setFormatter(logging.Formatter
375
 
                               ('Mandos (%s) [%%(process)d]:'
376
 
                                ' %%(levelname)s: %%(message)s'
377
 
                                % self.name))
378
 
        return ret
379
268
 
380
 
def timedelta_to_milliseconds(td):
 
269
def _timedelta_to_milliseconds(td):
381
270
    "Convert a datetime.timedelta() to milliseconds"
382
271
    return ((td.days * 24 * 60 * 60 * 1000)
383
272
            + (td.seconds * 1000)
387
276
    """A representation of a client host served by this server.
388
277
    
389
278
    Attributes:
390
 
    approved:   bool(); 'None' if not yet approved/disapproved
 
279
    _approved:   bool(); 'None' if not yet approved/disapproved
391
280
    approval_delay: datetime.timedelta(); Time to wait for approval
392
281
    approval_duration: datetime.timedelta(); Duration of one approval
393
282
    checker:    subprocess.Popen(); a running checker process used
400
289
                     instance %(name)s can be used in the command.
401
290
    checker_initiator_tag: a gobject event source tag, or None
402
291
    created:    datetime.datetime(); (UTC) object creation
403
 
    client_structure: Object describing what attributes a client has
404
 
                      and is used for storing the client at exit
405
292
    current_checker_command: string; current running checker_command
 
293
    disable_hook:  If set, called by disable() as disable_hook(self)
406
294
    disable_initiator_tag: a gobject event source tag, or None
407
295
    enabled:    bool()
408
296
    fingerprint: string (40 or 32 hexadecimal digits); used to
411
299
    interval:   datetime.timedelta(); How often to start a new checker
412
300
    last_approval_request: datetime.datetime(); (UTC) or None
413
301
    last_checked_ok: datetime.datetime(); (UTC) or None
414
 
    last_checker_status: integer between 0 and 255 reflecting exit
415
 
                         status of last checker. -1 reflects crashed
416
 
                         checker, or None.
417
 
    last_enabled: datetime.datetime(); (UTC) or None
 
302
    last_enabled: datetime.datetime(); (UTC)
418
303
    name:       string; from the config file, used in log messages and
419
304
                        D-Bus identifiers
420
305
    secret:     bytestring; sent verbatim (over TLS) to client
430
315
                          "created", "enabled", "fingerprint",
431
316
                          "host", "interval", "last_checked_ok",
432
317
                          "last_enabled", "name", "timeout")
433
 
    client_defaults = { "timeout": "5m",
434
 
                        "extended_timeout": "15m",
435
 
                        "interval": "2m",
436
 
                        "checker": "fping -q -- %%(host)s",
437
 
                        "host": "",
438
 
                        "approval_delay": "0s",
439
 
                        "approval_duration": "1s",
440
 
                        "approved_by_default": "True",
441
 
                        "enabled": "True",
442
 
                        }
443
318
    
444
319
    def timeout_milliseconds(self):
445
320
        "Return the 'timeout' attribute in milliseconds"
446
 
        return timedelta_to_milliseconds(self.timeout)
 
321
        return _timedelta_to_milliseconds(self.timeout)
447
322
    
448
323
    def extended_timeout_milliseconds(self):
449
324
        "Return the 'extended_timeout' attribute in milliseconds"
450
 
        return timedelta_to_milliseconds(self.extended_timeout)
 
325
        return _timedelta_to_milliseconds(self.extended_timeout)
451
326
    
452
327
    def interval_milliseconds(self):
453
328
        "Return the 'interval' attribute in milliseconds"
454
 
        return timedelta_to_milliseconds(self.interval)
 
329
        return _timedelta_to_milliseconds(self.interval)
455
330
    
456
331
    def approval_delay_milliseconds(self):
457
 
        return timedelta_to_milliseconds(self.approval_delay)
458
 
 
459
 
    @staticmethod
460
 
    def config_parser(config):
461
 
        """ Construct a new dict of client settings of this form:
462
 
        { client_name: {setting_name: value, ...}, ...}
463
 
        with exceptions for any special settings as defined above"""
464
 
        settings = {}
465
 
        for client_name in config.sections():
466
 
            section = dict(config.items(client_name))
467
 
            client = settings[client_name] = {}
468
 
            
469
 
            client["host"] = section["host"]
470
 
            # Reformat values from string types to Python types
471
 
            client["approved_by_default"] = config.getboolean(
472
 
                client_name, "approved_by_default")
473
 
            client["enabled"] = config.getboolean(client_name, "enabled")
474
 
            
475
 
            client["fingerprint"] = (section["fingerprint"].upper()
476
 
                                     .replace(" ", ""))
477
 
            if "secret" in section:
478
 
                client["secret"] = section["secret"].decode("base64")
479
 
            elif "secfile" in section:
480
 
                with open(os.path.expanduser(os.path.expandvars
481
 
                                             (section["secfile"])),
482
 
                          "rb") as secfile:
483
 
                    client["secret"] = secfile.read()
484
 
            else:
485
 
                raise TypeError("No secret or secfile for section %s"
486
 
                                % section)
487
 
            client["timeout"] = string_to_delta(section["timeout"])
488
 
            client["extended_timeout"] = string_to_delta(
489
 
                section["extended_timeout"])
490
 
            client["interval"] = string_to_delta(section["interval"])
491
 
            client["approval_delay"] = string_to_delta(
492
 
                section["approval_delay"])
493
 
            client["approval_duration"] = string_to_delta(
494
 
                section["approval_duration"])
495
 
            client["checker_command"] = section["checker"]
496
 
            client["last_approval_request"] = None
497
 
            client["last_checked_ok"] = None
498
 
            client["last_checker_status"] = None
499
 
            if client["enabled"]:
500
 
                client["last_enabled"] = datetime.datetime.utcnow()
501
 
                client["expires"] = (datetime.datetime.utcnow()
502
 
                                     + client["timeout"])
503
 
            else:
504
 
                client["last_enabled"] = None
505
 
                client["expires"] = None
506
 
 
507
 
        return settings
508
 
        
509
 
        
510
 
    def __init__(self, settings, name = None):
 
332
        return _timedelta_to_milliseconds(self.approval_delay)
 
333
    
 
334
    def __init__(self, name = None, disable_hook=None, config=None):
511
335
        """Note: the 'checker' key in 'config' sets the
512
336
        'checker_command' attribute and *not* the 'checker'
513
337
        attribute."""
514
338
        self.name = name
515
 
        # adding all client settings
516
 
        for setting, value in settings.iteritems():
517
 
            setattr(self, setting, value)
518
 
        
 
339
        if config is None:
 
340
            config = {}
519
341
        logger.debug("Creating client %r", self.name)
520
342
        # Uppercase and remove spaces from fingerprint for later
521
343
        # comparison purposes with return value from the fingerprint()
522
344
        # function
 
345
        self.fingerprint = (config["fingerprint"].upper()
 
346
                            .replace(" ", ""))
523
347
        logger.debug("  Fingerprint: %s", self.fingerprint)
524
 
        self.created = settings.get("created", datetime.datetime.utcnow())
525
 
 
526
 
        # attributes specific for this server instance
 
348
        if "secret" in config:
 
349
            self.secret = config["secret"].decode("base64")
 
350
        elif "secfile" in config:
 
351
            with open(os.path.expanduser(os.path.expandvars
 
352
                                         (config["secfile"])),
 
353
                      "rb") as secfile:
 
354
                self.secret = secfile.read()
 
355
        else:
 
356
            raise TypeError("No secret or secfile for client %s"
 
357
                            % self.name)
 
358
        self.host = config.get("host", "")
 
359
        self.created = datetime.datetime.utcnow()
 
360
        self.enabled = False
 
361
        self.last_approval_request = None
 
362
        self.last_enabled = None
 
363
        self.last_checked_ok = None
 
364
        self.timeout = string_to_delta(config["timeout"])
 
365
        self.extended_timeout = string_to_delta(config
 
366
                                                ["extended_timeout"])
 
367
        self.interval = string_to_delta(config["interval"])
 
368
        self.disable_hook = disable_hook
527
369
        self.checker = None
528
370
        self.checker_initiator_tag = None
529
371
        self.disable_initiator_tag = None
 
372
        self.expires = None
530
373
        self.checker_callback_tag = None
 
374
        self.checker_command = config["checker"]
531
375
        self.current_checker_command = None
532
 
        self.approved = None
 
376
        self.last_connect = None
 
377
        self._approved = None
 
378
        self.approved_by_default = config.get("approved_by_default",
 
379
                                              True)
533
380
        self.approvals_pending = 0
 
381
        self.approval_delay = string_to_delta(
 
382
            config["approval_delay"])
 
383
        self.approval_duration = string_to_delta(
 
384
            config["approval_duration"])
534
385
        self.changedstate = (multiprocessing_manager
535
386
                             .Condition(multiprocessing_manager
536
387
                                        .Lock()))
537
 
        self.client_structure = [attr for attr in
538
 
                                 self.__dict__.iterkeys()
539
 
                                 if not attr.startswith("_")]
540
 
        self.client_structure.append("client_structure")
541
 
        
542
 
        for name, t in inspect.getmembers(type(self),
543
 
                                          lambda obj:
544
 
                                              isinstance(obj,
545
 
                                                         property)):
546
 
            if not name.startswith("_"):
547
 
                self.client_structure.append(name)
548
388
    
549
 
    # Send notice to process children that client state has changed
550
389
    def send_changedstate(self):
551
 
        with self.changedstate:
552
 
            self.changedstate.notify_all()
 
390
        self.changedstate.acquire()
 
391
        self.changedstate.notify_all()
 
392
        self.changedstate.release()
553
393
    
554
394
    def enable(self):
555
395
        """Start this client's checker and timeout hooks"""
557
397
            # Already enabled
558
398
            return
559
399
        self.send_changedstate()
 
400
        # Schedule a new checker to be started an 'interval' from now,
 
401
        # and every interval from then on.
 
402
        self.checker_initiator_tag = (gobject.timeout_add
 
403
                                      (self.interval_milliseconds(),
 
404
                                       self.start_checker))
 
405
        # Schedule a disable() when 'timeout' has passed
560
406
        self.expires = datetime.datetime.utcnow() + self.timeout
 
407
        self.disable_initiator_tag = (gobject.timeout_add
 
408
                                   (self.timeout_milliseconds(),
 
409
                                    self.disable))
561
410
        self.enabled = True
562
411
        self.last_enabled = datetime.datetime.utcnow()
563
 
        self.init_checker()
 
412
        # Also start a new checker *right now*.
 
413
        self.start_checker()
564
414
    
565
415
    def disable(self, quiet=True):
566
416
        """Disable this client."""
578
428
            gobject.source_remove(self.checker_initiator_tag)
579
429
            self.checker_initiator_tag = None
580
430
        self.stop_checker()
 
431
        if self.disable_hook:
 
432
            self.disable_hook(self)
581
433
        self.enabled = False
582
434
        # Do not run this again if called by a gobject.timeout_add
583
435
        return False
584
436
    
585
437
    def __del__(self):
 
438
        self.disable_hook = None
586
439
        self.disable()
587
440
    
588
 
    def init_checker(self):
589
 
        # Schedule a new checker to be started an 'interval' from now,
590
 
        # and every interval from then on.
591
 
        self.checker_initiator_tag = (gobject.timeout_add
592
 
                                      (self.interval_milliseconds(),
593
 
                                       self.start_checker))
594
 
        # Schedule a disable() when 'timeout' has passed
595
 
        self.disable_initiator_tag = (gobject.timeout_add
596
 
                                   (self.timeout_milliseconds(),
597
 
                                    self.disable))
598
 
        # Also start a new checker *right now*.
599
 
        self.start_checker()
600
 
    
601
441
    def checker_callback(self, pid, condition, command):
602
442
        """The checker has completed, so take appropriate actions."""
603
443
        self.checker_callback_tag = None
604
444
        self.checker = None
605
445
        if os.WIFEXITED(condition):
606
 
            self.last_checker_status = os.WEXITSTATUS(condition)
607
 
            if self.last_checker_status == 0:
 
446
            exitstatus = os.WEXITSTATUS(condition)
 
447
            if exitstatus == 0:
608
448
                logger.info("Checker for %(name)s succeeded",
609
449
                            vars(self))
610
450
                self.checked_ok()
612
452
                logger.info("Checker for %(name)s failed",
613
453
                            vars(self))
614
454
        else:
615
 
            self.last_checker_status = -1
616
455
            logger.warning("Checker for %(name)s crashed?",
617
456
                           vars(self))
618
457
    
625
464
        if timeout is None:
626
465
            timeout = self.timeout
627
466
        self.last_checked_ok = datetime.datetime.utcnow()
628
 
        if self.disable_initiator_tag is not None:
629
 
            gobject.source_remove(self.disable_initiator_tag)
630
 
        if getattr(self, "enabled", False):
631
 
            self.disable_initiator_tag = (gobject.timeout_add
632
 
                                          (timedelta_to_milliseconds
633
 
                                           (timeout), self.disable))
634
 
            self.expires = datetime.datetime.utcnow() + timeout
 
467
        gobject.source_remove(self.disable_initiator_tag)
 
468
        self.disable_initiator_tag = (gobject.timeout_add
 
469
                                      (_timedelta_to_milliseconds
 
470
                                       (timeout), self.disable))
 
471
        self.expires = datetime.datetime.utcnow() + timeout
635
472
    
636
473
    def need_approval(self):
637
474
        self.last_approval_request = datetime.datetime.utcnow()
852
689
        
853
690
        Note: Will not include properties with access="write".
854
691
        """
855
 
        properties = {}
 
692
        all = {}
856
693
        for name, prop in self._get_all_dbus_properties():
857
694
            if (interface_name
858
695
                and interface_name != prop._dbus_interface):
863
700
                continue
864
701
            value = prop()
865
702
            if not hasattr(value, "variant_level"):
866
 
                properties[name] = value
 
703
                all[name] = value
867
704
                continue
868
 
            properties[name] = type(value)(value, variant_level=
869
 
                                           value.variant_level+1)
870
 
        return dbus.Dictionary(properties, signature="sv")
 
705
            all[name] = type(value)(value, variant_level=
 
706
                                    value.variant_level+1)
 
707
        return dbus.Dictionary(all, signature="sv")
871
708
    
872
709
    @dbus.service.method(dbus.INTROSPECTABLE_IFACE,
873
710
                         out_signature="s",
924
761
    return dbus.String(dt.isoformat(),
925
762
                       variant_level=variant_level)
926
763
 
927
 
 
928
764
class AlternateDBusNamesMetaclass(DBusObjectWithProperties
929
765
                                  .__metaclass__):
930
766
    """Applied to an empty subclass of a D-Bus object, this metaclass
1022
858
                                        attribute.func_closure)))
1023
859
        return type.__new__(mcs, name, bases, attr)
1024
860
 
1025
 
 
1026
861
class ClientDBus(Client, DBusObjectWithProperties):
1027
862
    """A Client class using D-Bus
1028
863
    
1037
872
    # dbus.service.Object doesn't use super(), so we can't either.
1038
873
    
1039
874
    def __init__(self, bus = None, *args, **kwargs):
 
875
        self._approvals_pending = 0
1040
876
        self.bus = bus
1041
877
        Client.__init__(self, *args, **kwargs)
1042
 
        self._approvals_pending = 0
1043
 
        
1044
 
        self._approvals_pending = 0
1045
878
        # Only now, when this client is initialized, can it show up on
1046
879
        # the D-Bus
1047
880
        client_object_name = unicode(self.name).translate(
1057
890
                             variant_level=1):
1058
891
        """ Modify a variable so that it's a property which announces
1059
892
        its changes to DBus.
1060
 
        
1061
 
        transform_fun: Function that takes a value and a variant_level
1062
 
                       and transforms it to a D-Bus type.
 
893
 
 
894
        transform_fun: Function that takes a value and transforms it
 
895
                       to a D-Bus type.
1063
896
        dbus_name: D-Bus name of the variable
1064
897
        type_func: Function that transform the value before sending it
1065
898
                   to the D-Bus.  Default: no transform
1072
905
                    type_func(getattr(self, attrname, None))
1073
906
                    != type_func(value)):
1074
907
                    dbus_value = transform_func(type_func(value),
1075
 
                                                variant_level
1076
 
                                                =variant_level)
 
908
                                                variant_level)
1077
909
                    self.PropertyChanged(dbus.String(dbus_name),
1078
910
                                         dbus_value)
1079
911
            setattr(self, attrname, value)
1097
929
        datetime_to_dbus, "LastApprovalRequest")
1098
930
    approved_by_default = notifychangeproperty(dbus.Boolean,
1099
931
                                               "ApprovedByDefault")
1100
 
    approval_delay = notifychangeproperty(dbus.UInt64,
 
932
    approval_delay = notifychangeproperty(dbus.UInt16,
1101
933
                                          "ApprovalDelay",
1102
934
                                          type_func =
1103
 
                                          timedelta_to_milliseconds)
 
935
                                          _timedelta_to_milliseconds)
1104
936
    approval_duration = notifychangeproperty(
1105
 
        dbus.UInt64, "ApprovalDuration",
1106
 
        type_func = timedelta_to_milliseconds)
 
937
        dbus.UInt16, "ApprovalDuration",
 
938
        type_func = _timedelta_to_milliseconds)
1107
939
    host = notifychangeproperty(dbus.String, "Host")
1108
 
    timeout = notifychangeproperty(dbus.UInt64, "Timeout",
 
940
    timeout = notifychangeproperty(dbus.UInt16, "Timeout",
1109
941
                                   type_func =
1110
 
                                   timedelta_to_milliseconds)
 
942
                                   _timedelta_to_milliseconds)
1111
943
    extended_timeout = notifychangeproperty(
1112
 
        dbus.UInt64, "ExtendedTimeout",
1113
 
        type_func = timedelta_to_milliseconds)
1114
 
    interval = notifychangeproperty(dbus.UInt64,
 
944
        dbus.UInt16, "ExtendedTimeout",
 
945
        type_func = _timedelta_to_milliseconds)
 
946
    interval = notifychangeproperty(dbus.UInt16,
1115
947
                                    "Interval",
1116
948
                                    type_func =
1117
 
                                    timedelta_to_milliseconds)
 
949
                                    _timedelta_to_milliseconds)
1118
950
    checker_command = notifychangeproperty(dbus.String, "Checker")
1119
951
    
1120
952
    del notifychangeproperty
1162
994
        return r
1163
995
    
1164
996
    def _reset_approved(self):
1165
 
        self.approved = None
 
997
        self._approved = None
1166
998
        return False
1167
999
    
1168
1000
    def approve(self, value=True):
1169
1001
        self.send_changedstate()
1170
 
        self.approved = value
1171
 
        gobject.timeout_add(timedelta_to_milliseconds
 
1002
        self._approved = value
 
1003
        gobject.timeout_add(_timedelta_to_milliseconds
1172
1004
                            (self.approval_duration),
1173
1005
                            self._reset_approved)
1174
1006
    
1217
1049
        "D-Bus signal"
1218
1050
        return self.need_approval()
1219
1051
    
1220
 
    # NeRwequest - signal
1221
 
    @dbus.service.signal(_interface, signature="s")
1222
 
    def NewRequest(self, ip):
1223
 
        """D-Bus signal
1224
 
        Is sent after a client request a password.
1225
 
        """
1226
 
        pass
1227
 
    
1228
1052
    ## Methods
1229
1053
    
1230
1054
    # Approve - method
1288
1112
                           access="readwrite")
1289
1113
    def ApprovalDuration_dbus_property(self, value=None):
1290
1114
        if value is None:       # get
1291
 
            return dbus.UInt64(timedelta_to_milliseconds(
 
1115
            return dbus.UInt64(_timedelta_to_milliseconds(
1292
1116
                    self.approval_duration))
1293
1117
        self.approval_duration = datetime.timedelta(0, 0, 0, value)
1294
1118
    
1308
1132
    def Host_dbus_property(self, value=None):
1309
1133
        if value is None:       # get
1310
1134
            return dbus.String(self.host)
1311
 
        self.host = unicode(value)
 
1135
        self.host = value
1312
1136
    
1313
1137
    # Created - property
1314
1138
    @dbus_service_property(_interface, signature="s", access="read")
1315
1139
    def Created_dbus_property(self):
1316
 
        return datetime_to_dbus(self.created)
 
1140
        return dbus.String(datetime_to_dbus(self.created))
1317
1141
    
1318
1142
    # LastEnabled - property
1319
1143
    @dbus_service_property(_interface, signature="s", access="read")
1363
1187
        gobject.source_remove(self.disable_initiator_tag)
1364
1188
        self.disable_initiator_tag = None
1365
1189
        self.expires = None
1366
 
        time_to_die = timedelta_to_milliseconds((self
1367
 
                                                 .last_checked_ok
1368
 
                                                 + self.timeout)
1369
 
                                                - datetime.datetime
1370
 
                                                .utcnow())
 
1190
        time_to_die = (self.
 
1191
                       _timedelta_to_milliseconds((self
 
1192
                                                   .last_checked_ok
 
1193
                                                   + self.timeout)
 
1194
                                                  - datetime.datetime
 
1195
                                                  .utcnow()))
1371
1196
        if time_to_die <= 0:
1372
1197
            # The timeout has passed
1373
1198
            self.disable()
1395
1220
        self.interval = datetime.timedelta(0, 0, 0, value)
1396
1221
        if getattr(self, "checker_initiator_tag", None) is None:
1397
1222
            return
1398
 
        if self.enabled:
1399
 
            # Reschedule checker run
1400
 
            gobject.source_remove(self.checker_initiator_tag)
1401
 
            self.checker_initiator_tag = (gobject.timeout_add
1402
 
                                          (value, self.start_checker))
1403
 
            self.start_checker()    # Start one now, too
 
1223
        # Reschedule checker run
 
1224
        gobject.source_remove(self.checker_initiator_tag)
 
1225
        self.checker_initiator_tag = (gobject.timeout_add
 
1226
                                      (value, self.start_checker))
 
1227
        self.start_checker()    # Start one now, too
1404
1228
    
1405
1229
    # Checker - property
1406
1230
    @dbus_service_property(_interface, signature="s",
1408
1232
    def Checker_dbus_property(self, value=None):
1409
1233
        if value is None:       # get
1410
1234
            return dbus.String(self.checker_command)
1411
 
        self.checker_command = unicode(value)
 
1235
        self.checker_command = value
1412
1236
    
1413
1237
    # CheckerRunning - property
1414
1238
    @dbus_service_property(_interface, signature="b",
1443
1267
            raise KeyError()
1444
1268
    
1445
1269
    def __getattribute__(self, name):
1446
 
        if name == '_pipe':
 
1270
        if(name == '_pipe'):
1447
1271
            return super(ProxyClient, self).__getattribute__(name)
1448
1272
        self._pipe.send(('getattr', name))
1449
1273
        data = self._pipe.recv()
1456
1280
            return func
1457
1281
    
1458
1282
    def __setattr__(self, name, value):
1459
 
        if name == '_pipe':
 
1283
        if(name == '_pipe'):
1460
1284
            return super(ProxyClient, self).__setattr__(name, value)
1461
1285
        self._pipe.send(('setattr', name, value))
1462
1286
 
1463
 
 
1464
1287
class ClientDBusTransitional(ClientDBus):
1465
1288
    __metaclass__ = AlternateDBusNamesMetaclass
1466
1289
 
1467
 
 
1468
1290
class ClientHandler(socketserver.BaseRequestHandler, object):
1469
1291
    """A class to handle client connections.
1470
1292
    
1538
1360
                except KeyError:
1539
1361
                    return
1540
1362
                
1541
 
                if self.server.use_dbus:
1542
 
                    # Emit D-Bus signal
1543
 
                    client.NewRequest(str(self.client_address))
1544
 
                
1545
1363
                if client.approval_delay:
1546
1364
                    delay = client.approval_delay
1547
1365
                    client.approvals_pending += 1
1556
1374
                            client.Rejected("Disabled")
1557
1375
                        return
1558
1376
                    
1559
 
                    if client.approved or not client.approval_delay:
 
1377
                    if client._approved or not client.approval_delay:
1560
1378
                        #We are approved or approval is disabled
1561
1379
                        break
1562
 
                    elif client.approved is None:
 
1380
                    elif client._approved is None:
1563
1381
                        logger.info("Client %s needs approval",
1564
1382
                                    client.name)
1565
1383
                        if self.server.use_dbus:
1579
1397
                    time = datetime.datetime.now()
1580
1398
                    client.changedstate.acquire()
1581
1399
                    (client.changedstate.wait
1582
 
                     (float(client.timedelta_to_milliseconds(delay)
 
1400
                     (float(client._timedelta_to_milliseconds(delay)
1583
1401
                            / 1000)))
1584
1402
                    client.changedstate.release()
1585
1403
                    time2 = datetime.datetime.now()
1684
1502
        # Convert the buffer to a Python bytestring
1685
1503
        fpr = ctypes.string_at(buf, buf_len.value)
1686
1504
        # Convert the bytestring to hexadecimal notation
1687
 
        hex_fpr = binascii.hexlify(fpr).upper()
 
1505
        hex_fpr = ''.join("%02X" % ord(char) for char in fpr)
1688
1506
        return hex_fpr
1689
1507
 
1690
1508
 
1693
1511
    def sub_process_main(self, request, address):
1694
1512
        try:
1695
1513
            self.finish_request(request, address)
1696
 
        except Exception:
 
1514
        except:
1697
1515
            self.handle_error(request, address)
1698
1516
        self.close_request(request)
1699
1517
    
1804
1622
        self.enabled = False
1805
1623
        self.clients = clients
1806
1624
        if self.clients is None:
1807
 
            self.clients = {}
 
1625
            self.clients = set()
1808
1626
        self.use_dbus = use_dbus
1809
1627
        self.gnutls_priority = gnutls_priority
1810
1628
        IPv6_TCPServer.__init__(self, server_address,
1857
1675
            fpr = request[1]
1858
1676
            address = request[2]
1859
1677
            
1860
 
            for c in self.clients.itervalues():
 
1678
            for c in self.clients:
1861
1679
                if c.fingerprint == fpr:
1862
1680
                    client = c
1863
1681
                    break
1947
1765
    return timevalue
1948
1766
 
1949
1767
 
 
1768
def if_nametoindex(interface):
 
1769
    """Call the C function if_nametoindex(), or equivalent
 
1770
    
 
1771
    Note: This function cannot accept a unicode string."""
 
1772
    global if_nametoindex
 
1773
    try:
 
1774
        if_nametoindex = (ctypes.cdll.LoadLibrary
 
1775
                          (ctypes.util.find_library("c"))
 
1776
                          .if_nametoindex)
 
1777
    except (OSError, AttributeError):
 
1778
        logger.warning("Doing if_nametoindex the hard way")
 
1779
        def if_nametoindex(interface):
 
1780
            "Get an interface index the hard way, i.e. using fcntl()"
 
1781
            SIOCGIFINDEX = 0x8933  # From /usr/include/linux/sockios.h
 
1782
            with contextlib.closing(socket.socket()) as s:
 
1783
                ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
 
1784
                                    struct.pack(str("16s16x"),
 
1785
                                                interface))
 
1786
            interface_index = struct.unpack(str("I"),
 
1787
                                            ifreq[16:20])[0]
 
1788
            return interface_index
 
1789
    return if_nametoindex(interface)
 
1790
 
 
1791
 
1950
1792
def daemon(nochdir = False, noclose = False):
1951
1793
    """See daemon(3).  Standard BSD Unix function.
1952
1794
    
2007
1849
                        " system bus interface")
2008
1850
    parser.add_argument("--no-ipv6", action="store_false",
2009
1851
                        dest="use_ipv6", help="Do not use IPv6")
2010
 
    parser.add_argument("--no-restore", action="store_false",
2011
 
                        dest="restore", help="Do not restore stored"
2012
 
                        " state")
2013
 
    parser.add_argument("--statedir", metavar="DIR",
2014
 
                        help="Directory to save/restore state in")
2015
 
    
2016
1852
    options = parser.parse_args()
2017
1853
    
2018
1854
    if options.check:
2031
1867
                        "use_dbus": "True",
2032
1868
                        "use_ipv6": "True",
2033
1869
                        "debuglevel": "",
2034
 
                        "restore": "True",
2035
 
                        "statedir": "/var/lib/mandos"
2036
1870
                        }
2037
1871
    
2038
1872
    # Parse config file for server-global settings
2055
1889
    # options, if set.
2056
1890
    for option in ("interface", "address", "port", "debug",
2057
1891
                   "priority", "servicename", "configdir",
2058
 
                   "use_dbus", "use_ipv6", "debuglevel", "restore",
2059
 
                   "statedir"):
 
1892
                   "use_dbus", "use_ipv6", "debuglevel"):
2060
1893
        value = getattr(options, option)
2061
1894
        if value is not None:
2062
1895
            server_settings[option] = value
2074
1907
    debuglevel = server_settings["debuglevel"]
2075
1908
    use_dbus = server_settings["use_dbus"]
2076
1909
    use_ipv6 = server_settings["use_ipv6"]
2077
 
    stored_state_path = os.path.join(server_settings["statedir"],
2078
 
                                     stored_state_file)
2079
 
    
2080
 
    if debug:
2081
 
        initlogger(logging.DEBUG)
2082
 
    else:
2083
 
        if not debuglevel:
2084
 
            initlogger()
2085
 
        else:
2086
 
            level = getattr(logging, debuglevel.upper())
2087
 
            initlogger(level)
2088
1910
    
2089
1911
    if server_settings["servicename"] != "Mandos":
2090
1912
        syslogger.setFormatter(logging.Formatter
2093
1915
                                % server_settings["servicename"]))
2094
1916
    
2095
1917
    # Parse config file with clients
2096
 
    client_config = configparser.SafeConfigParser(Client.client_defaults)
 
1918
    client_defaults = { "timeout": "5m",
 
1919
                        "extended_timeout": "15m",
 
1920
                        "interval": "2m",
 
1921
                        "checker": "fping -q -- %%(host)s",
 
1922
                        "host": "",
 
1923
                        "approval_delay": "0s",
 
1924
                        "approval_duration": "1s",
 
1925
                        }
 
1926
    client_config = configparser.SafeConfigParser(client_defaults)
2097
1927
    client_config.read(os.path.join(server_settings["configdir"],
2098
1928
                                    "clients.conf"))
2099
1929
    
2137
1967
        if error[0] != errno.EPERM:
2138
1968
            raise error
2139
1969
    
 
1970
    if not debug and not debuglevel:
 
1971
        syslogger.setLevel(logging.WARNING)
 
1972
        console.setLevel(logging.WARNING)
 
1973
    if debuglevel:
 
1974
        level = getattr(logging, debuglevel.upper())
 
1975
        syslogger.setLevel(level)
 
1976
        console.setLevel(level)
 
1977
    
2140
1978
    if debug:
2141
1979
        # Enable all possible GnuTLS debugging
2142
1980
        
2184
2022
            server_settings["use_dbus"] = False
2185
2023
            tcp_server.use_dbus = False
2186
2024
    protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2187
 
    service = AvahiServiceToSyslog(name =
2188
 
                                   server_settings["servicename"],
2189
 
                                   servicetype = "_mandos._tcp",
2190
 
                                   protocol = protocol, bus = bus)
 
2025
    service = AvahiService(name = server_settings["servicename"],
 
2026
                           servicetype = "_mandos._tcp",
 
2027
                           protocol = protocol, bus = bus)
2191
2028
    if server_settings["interface"]:
2192
2029
        service.interface = (if_nametoindex
2193
2030
                             (str(server_settings["interface"])))
2199
2036
    if use_dbus:
2200
2037
        client_class = functools.partial(ClientDBusTransitional,
2201
2038
                                         bus = bus)
2202
 
    
2203
 
    client_settings = Client.config_parser(client_config)
2204
 
    old_client_settings = {}
2205
 
    clients_data = {}
2206
 
    
2207
 
    # Get client data and settings from last running state.
2208
 
    if server_settings["restore"]:
2209
 
        try:
2210
 
            with open(stored_state_path, "rb") as stored_state:
2211
 
                clients_data, old_client_settings = (pickle.load
2212
 
                                                     (stored_state))
2213
 
            os.remove(stored_state_path)
2214
 
        except IOError as e:
2215
 
            logger.warning("Could not load persistent state: {0}"
2216
 
                           .format(e))
2217
 
            if e.errno != errno.ENOENT:
2218
 
                raise
2219
 
    
2220
 
    with PGPEngine() as pgp:
2221
 
        for client_name, client in clients_data.iteritems():
2222
 
            # Decide which value to use after restoring saved state.
2223
 
            # We have three different values: Old config file,
2224
 
            # new config file, and saved state.
2225
 
            # New config value takes precedence if it differs from old
2226
 
            # config value, otherwise use saved state.
2227
 
            for name, value in client_settings[client_name].items():
2228
 
                try:
2229
 
                    # For each value in new config, check if it
2230
 
                    # differs from the old config value (Except for
2231
 
                    # the "secret" attribute)
2232
 
                    if (name != "secret" and
2233
 
                        value != old_client_settings[client_name]
2234
 
                        [name]):
2235
 
                        client[name] = value
2236
 
                except KeyError:
2237
 
                    pass
2238
 
            
2239
 
            # Clients who has passed its expire date can still be
2240
 
            # enabled if its last checker was successful.  Clients
2241
 
            # whose checker failed before we stored its state is
2242
 
            # assumed to have failed all checkers during downtime.
2243
 
            if client["enabled"]:
2244
 
                if datetime.datetime.utcnow() >= client["expires"]:
2245
 
                    if not client["last_checked_ok"]:
2246
 
                        logger.warning(
2247
 
                            "disabling client {0} - Client never "
2248
 
                            "performed a successfull checker"
2249
 
                            .format(client["name"]))
2250
 
                        client["enabled"] = False
2251
 
                    elif client["last_checker_status"] != 0:
2252
 
                        logger.warning(
2253
 
                            "disabling client {0} - Client "
2254
 
                            "last checker failed with error code {1}"
2255
 
                            .format(client["name"],
2256
 
                                    client["last_checker_status"]))
2257
 
                        client["enabled"] = False
2258
 
                    else:
2259
 
                        client["expires"] = (datetime.datetime
2260
 
                                             .utcnow()
2261
 
                                             + client["timeout"])
2262
 
                    
 
2039
    def client_config_items(config, section):
 
2040
        special_settings = {
 
2041
            "approved_by_default":
 
2042
                lambda: config.getboolean(section,
 
2043
                                          "approved_by_default"),
 
2044
            }
 
2045
        for name, value in config.items(section):
2263
2046
            try:
2264
 
                client["secret"] = (
2265
 
                    pgp.decrypt(client["encrypted_secret"],
2266
 
                                client_settings[client_name]
2267
 
                                ["secret"]))
2268
 
            except PGPError:
2269
 
                # If decryption fails, we use secret from new settings
2270
 
                logger.debug("Failed to decrypt {0} old secret"
2271
 
                             .format(client_name))
2272
 
                client["secret"] = (
2273
 
                    client_settings[client_name]["secret"])
2274
 
 
2275
 
    
2276
 
    # Add/remove clients based on new changes made to config
2277
 
    for client_name in set(old_client_settings) - set(client_settings):
2278
 
        del clients_data[client_name]
2279
 
    for client_name in set(client_settings) - set(old_client_settings):
2280
 
        clients_data[client_name] = client_settings[client_name]
2281
 
 
2282
 
    # Create clients all clients
2283
 
    for client_name, client in clients_data.iteritems():
2284
 
        tcp_server.clients[client_name] = client_class(
2285
 
            name = client_name, settings = client)
2286
 
    
 
2047
                yield (name, special_settings[name]())
 
2048
            except KeyError:
 
2049
                yield (name, value)
 
2050
    
 
2051
    tcp_server.clients.update(set(
 
2052
            client_class(name = section,
 
2053
                         config= dict(client_config_items(
 
2054
                        client_config, section)))
 
2055
            for section in client_config.sections()))
2287
2056
    if not tcp_server.clients:
2288
2057
        logger.warning("No clients defined")
2289
2058
        
2300
2069
            # "pidfile" was never created
2301
2070
            pass
2302
2071
        del pidfilename
 
2072
        
2303
2073
        signal.signal(signal.SIGINT, signal.SIG_IGN)
2304
2074
    
2305
2075
    signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
2331
2101
            def GetAllClients(self):
2332
2102
                "D-Bus method"
2333
2103
                return dbus.Array(c.dbus_object_path
2334
 
                                  for c in
2335
 
                                  tcp_server.clients.itervalues())
 
2104
                                  for c in tcp_server.clients)
2336
2105
            
2337
2106
            @dbus.service.method(_interface,
2338
2107
                                 out_signature="a{oa{sv}}")
2340
2109
                "D-Bus method"
2341
2110
                return dbus.Dictionary(
2342
2111
                    ((c.dbus_object_path, c.GetAll(""))
2343
 
                     for c in tcp_server.clients.itervalues()),
 
2112
                     for c in tcp_server.clients),
2344
2113
                    signature="oa{sv}")
2345
2114
            
2346
2115
            @dbus.service.method(_interface, in_signature="o")
2347
2116
            def RemoveClient(self, object_path):
2348
2117
                "D-Bus method"
2349
 
                for c in tcp_server.clients.itervalues():
 
2118
                for c in tcp_server.clients:
2350
2119
                    if c.dbus_object_path == object_path:
2351
 
                        del tcp_server.clients[c.name]
 
2120
                        tcp_server.clients.remove(c)
2352
2121
                        c.remove_from_connection()
2353
2122
                        # Don't signal anything except ClientRemoved
2354
2123
                        c.disable(quiet=True)
2368
2137
        service.cleanup()
2369
2138
        
2370
2139
        multiprocessing.active_children()
2371
 
        if not (tcp_server.clients or client_settings):
2372
 
            return
2373
 
        
2374
 
        # Store client before exiting. Secrets are encrypted with key
2375
 
        # based on what config file has. If config file is
2376
 
        # removed/edited, old secret will thus be unrecovable.
2377
 
        clients = {}
2378
 
        with PGPEngine() as pgp:
2379
 
            for client in tcp_server.clients.itervalues():
2380
 
                key = client_settings[client.name]["secret"]
2381
 
                client.encrypted_secret = pgp.encrypt(client.secret,
2382
 
                                                      key)
2383
 
                client_dict = {}
2384
 
                
2385
 
                # A list of attributes that can not be pickled
2386
 
                # + secret.
2387
 
                exclude = set(("bus", "changedstate", "secret",
2388
 
                               "checker"))
2389
 
                for name, typ in (inspect.getmembers
2390
 
                                  (dbus.service.Object)):
2391
 
                    exclude.add(name)
2392
 
                
2393
 
                client_dict["encrypted_secret"] = (client
2394
 
                                                   .encrypted_secret)
2395
 
                for attr in client.client_structure:
2396
 
                    if attr not in exclude:
2397
 
                        client_dict[attr] = getattr(client, attr)
2398
 
                
2399
 
                clients[client.name] = client_dict
2400
 
                del client_settings[client.name]["secret"]
2401
 
        
2402
 
        try:
2403
 
            with os.fdopen(os.open(stored_state_path,
2404
 
                                   os.O_CREAT|os.O_WRONLY|os.O_TRUNC,
2405
 
                                   0600), "wb") as stored_state:
2406
 
                pickle.dump((clients, client_settings), stored_state)
2407
 
        except (IOError, OSError) as e:
2408
 
            logger.warning("Could not save persistent state: {0}"
2409
 
                           .format(e))
2410
 
            if e.errno not in (errno.ENOENT, errno.EACCES):
2411
 
                raise
2412
 
        
2413
 
        # Delete all clients, and settings from config
2414
2140
        while tcp_server.clients:
2415
 
            name, client = tcp_server.clients.popitem()
 
2141
            client = tcp_server.clients.pop()
2416
2142
            if use_dbus:
2417
2143
                client.remove_from_connection()
 
2144
            client.disable_hook = None
2418
2145
            # Don't signal anything except ClientRemoved
2419
2146
            client.disable(quiet=True)
2420
2147
            if use_dbus:
2422
2149
                mandos_dbus_service.ClientRemoved(client
2423
2150
                                                  .dbus_object_path,
2424
2151
                                                  client.name)
2425
 
        client_settings.clear()
2426
2152
    
2427
2153
    atexit.register(cleanup)
2428
2154
    
2429
 
    for client in tcp_server.clients.itervalues():
 
2155
    for client in tcp_server.clients:
2430
2156
        if use_dbus:
2431
2157
            # Emit D-Bus signal
2432
2158
            mandos_dbus_service.ClientAdded(client.dbus_object_path)
2433
 
        # Need to initiate checking of clients
2434
 
        if client.enabled:
2435
 
            client.init_checker()
 
2159
        client.enable()
2436
2160
    
2437
2161
    tcp_server.enable()
2438
2162
    tcp_server.server_activate()
2478
2202
    # Must run before the D-Bus bus name gets deregistered
2479
2203
    cleanup()
2480
2204
 
 
2205
 
2481
2206
if __name__ == '__main__':
2482
2207
    main()