/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos

* mandos (peer_certificate): Handle NULL pointer from
                             "gnutls_certificate_get_peers" slightly
                             better.
  (TCP_handler.handle): Added some extra debug output.

  (MandosServer.GetAllClients,
  MandosServer.GetAllClientsWithProperties,
  MandosServer.RemoveClient): Added doc string.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos
73
73
             (facility = logging.handlers.SysLogHandler.LOG_DAEMON,
74
74
              address = "/dev/log"))
75
75
syslogger.setFormatter(logging.Formatter
76
 
                       ('Mandos [%(process)d]: %(levelname)s:'
77
 
                        ' %(message)s'))
 
76
                       ('Mandos: %(levelname)s: %(message)s'))
78
77
logger.addHandler(syslogger)
79
78
 
80
79
console = logging.StreamHandler()
81
 
console.setFormatter(logging.Formatter('%(name)s [%(process)d]:'
82
 
                                       ' %(levelname)s: %(message)s'))
 
80
console.setFormatter(logging.Formatter('%(name)s: %(levelname)s:'
 
81
                                       ' %(message)s'))
83
82
logger.addHandler(console)
84
83
 
85
84
class AvahiError(Exception):
412
411
                                             (self.checker.pid,
413
412
                                              self.checker_callback,
414
413
                                              data=command))
415
 
                # The checker may have completed before the gobject
416
 
                # watch was added.  Check for this.
417
 
                pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
418
 
                if pid:
419
 
                    gobject.source_remove(self.checker_callback_tag)
420
 
                    self.checker_callback(pid, status, command)
421
414
            except OSError, error:
422
415
                logger.error(u"Failed to start subprocess: %s",
423
416
                             error)
683
676
        # using OpenPGP certificates.
684
677
        
685
678
        #priority = ':'.join(("NONE", "+VERS-TLS1.1", "+AES-256-CBC",
686
 
        #                     "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",
687
 
        #                     "+DHE-DSS"))
 
679
        #                "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",
 
680
        #                "+DHE-DSS"))
688
681
        # Use a fallback default, since this MUST be set.
689
682
        priority = self.server.settings.get("priority", "NORMAL")
690
683
        (gnutls.library.functions
706
699
            session.bye()
707
700
            return
708
701
        logger.debug(u"Fingerprint: %s", fpr)
709
 
        
710
702
        for c in self.server.clients:
711
703
            if c.fingerprint == fpr:
712
704
                client = c
771
763
                                 u" bind to interface %s",
772
764
                                 self.settings["interface"])
773
765
                else:
774
 
                    raise
 
766
                    raise error
775
767
        # Only bind(2) the socket if we really need to.
776
768
        if self.server_address[0] or self.server_address[1]:
777
769
            if not self.server_address[0]:
798
790
 
799
791
def string_to_delta(interval):
800
792
    """Parse a string and return a datetime.timedelta
801
 
    
 
793
 
802
794
    >>> string_to_delta('7d')
803
795
    datetime.timedelta(7)
804
796
    >>> string_to_delta('60s')
1007
999
    pidfilename = "/var/run/mandos.pid"
1008
1000
    try:
1009
1001
        pidfile = open(pidfilename, "w")
1010
 
    except IOError:
 
1002
    except IOError, error:
1011
1003
        logger.error("Could not open file %r", pidfilename)
1012
1004
    
1013
1005
    try:
1025
1017
                uid = 65534
1026
1018
                gid = 65534
1027
1019
    try:
 
1020
        os.setuid(uid)
1028
1021
        os.setgid(gid)
1029
 
        os.setuid(uid)
1030
1022
    except OSError, error:
1031
1023
        if error[0] != errno.EPERM:
1032
1024
            raise error
1033
1025
    
1034
 
    # Enable all possible GnuTLS debugging
1035
 
    if debug:
1036
 
        # "Use a log level over 10 to enable all debugging options."
1037
 
        # - GnuTLS manual
1038
 
        gnutls.library.functions.gnutls_global_set_log_level(11)
1039
 
        
1040
 
        @gnutls.library.types.gnutls_log_func
1041
 
        def debug_gnutls(level, string):
1042
 
            logger.debug("GnuTLS: %s", string[:-1])
1043
 
        
1044
 
        (gnutls.library.functions
1045
 
         .gnutls_global_set_log_function(debug_gnutls))
1046
 
    
1047
1026
    global service
1048
1027
    service = AvahiService(name = server_settings["servicename"],
1049
1028
                           servicetype = "_mandos._tcp", )
1206
1185
        sys.exit(1)
1207
1186
    except KeyboardInterrupt:
1208
1187
        if debug:
1209
 
            print >> sys.stderr
1210
 
        logger.debug("Server received KeyboardInterrupt")
1211
 
    logger.debug("Server exiting")
 
1188
            print
1212
1189
 
1213
1190
if __name__ == '__main__':
1214
1191
    main()