To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 237.2.64
- compare with another revision
- download diff
- download tarball
- view history from revision 237.2.64
- Committer: Teddy Hogeborn
- Date: 2009-02-07 03:38:17 UTC
- mto: (24.1.133 mandos) (237.4.2 mandos-pipe-ipc) (299.1.1 release) (300.1.1 release) (301.1.1 release)
- mto: This revision was merged to the branch mainline in revision 250.
- Revision ID: teddy@fukt.bsnet.se-20090207033817-aotdjeibhz3sa4lr
* plugin-runner.c (main): If debugging, print name of failed plugins.
- files added:
- debian/watch
- files removed:
- debian/mandos-client.config
- files modified:
- INSTALL
added
removed
mandos
11
11
# and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008 Teddy Hogeborn
15
# Copyright © 2008 Björn Påhlsson
14
# Copyright © 2008,2009 Teddy Hogeborn
15
# Copyright © 2008,2009 Björn Påhlsson
16
16
#
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
35
35
36
36
import SocketServer
37
37
import socket
38
from optparse import OptionParser
38
import optparse
39
39
import datetime
40
40
import errno
41
41
import gnutls.crypto
66
66
import ctypes
67
67
import ctypes.util
68
68
69
version = "1.0.2"
69
version = "1.0.5"
70
70
71
71
logger = logging.Logger('mandos')
72
72
syslogger = (logging.handlers.SysLogHandler
73
73
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
74
74
address = "/dev/log"))
75
75
syslogger.setFormatter(logging.Formatter
76
('Mandos: %(levelname)s: %(message)s'))
76
('Mandos [%(process)d]: %(levelname)s:'
77
' %(message)s'))
77
78
logger.addHandler(syslogger)
78
79
79
80
console = logging.StreamHandler()
80
console.setFormatter(logging.Formatter('%(name)s: %(levelname)s:'
81
' %(message)s'))
81
console.setFormatter(logging.Formatter('%(name)s [%(process)d]:'
82
' %(levelname)s: %(message)s'))
82
83
logger.addHandler(console)
83
84
84
85
class AvahiError(Exception):
85
def __init__(self, value):
86
def __init__(self, value, *args, **kwargs):
86
87
self.value = value
87
super(AvahiError, self).__init__()
88
def __str__(self):
89
return repr(self.value)
88
super(AvahiError, self).__init__(value, *args, **kwargs)
89
def __unicode__(self):
90
return unicode(repr(self.value))
90
91
91
92
class AvahiServiceError(AvahiError):
92
93
pass
129
130
logger.critical(u"No suitable Zeroconf service name found"
130
131
u" after %i retries, exiting.",
131
132
self.rename_count)
132
raise AvahiServiceError("Too many renames")
133
raise AvahiServiceError(u"Too many renames")
133
134
self.name = server.GetAlternativeServiceName(self.name)
134
135
logger.info(u"Changing Zeroconf service name to %r ...",
135
136
str(self.name))
170
171
# End of Avahi example code
171
172
172
173
173
def _datetime_to_dbus_struct(dt, variant_level=0):
174
"""Convert a UTC datetime.datetime() to a D-Bus struct.
175
The format is special to this application, since we could not find
176
any other standard way."""
177
return dbus.Struct((dbus.Int16(dt.year),
178
dbus.Byte(dt.month),
179
dbus.Byte(dt.day),
180
dbus.Byte(dt.hour),
181
dbus.Byte(dt.minute),
182
dbus.Byte(dt.second),
183
dbus.UInt32(dt.microsecond)),
184
signature="nyyyyyu",
185
variant_level=variant_level)
174
def _datetime_to_dbus(dt, variant_level=0):
175
"""Convert a UTC datetime.datetime() to a D-Bus type."""
176
return dbus.String(dt.isoformat(), variant_level=variant_level)
186
177
187
178
188
179
class Client(dbus.service.Object):
189
180
"""A representation of a client host served by this server.
190
181
Attributes:
191
name: string; from the config file, used in log messages
182
name: string; from the config file, used in log messages and
183
D-Bus identifiers
192
184
fingerprint: string (40 or 32 hexadecimal digits); used to
193
185
uniquely identify the client
194
186
secret: bytestring; sent verbatim (over TLS) to client
195
187
host: string; available for use by the checker command
196
188
created: datetime.datetime(); (UTC) object creation
197
last_started: datetime.datetime(); (UTC)
198
started: bool()
189
last_enabled: datetime.datetime(); (UTC)
190
enabled: bool()
199
191
last_checked_ok: datetime.datetime(); (UTC) or None
200
192
timeout: datetime.timedelta(); How long from last_checked_ok
201
193
until this client is invalid
202
194
interval: datetime.timedelta(); How often to start a new checker
203
stop_hook: If set, called by stop() as stop_hook(self)
195
disable_hook: If set, called by disable() as disable_hook(self)
204
196
checker: subprocess.Popen(); a running checker process used
205
197
to see if the client lives.
206
198
'None' if no process is running.
207
199
checker_initiator_tag: a gobject event source tag, or None
208
stop_initiator_tag: - '' -
200
disable_initiator_tag: - '' -
209
201
checker_callback_tag: - '' -
210
202
checker_command: string; External command which is run to check if
211
203
client lives. %() expansions are done at
212
204
runtime with vars(self) as dict, so that for
213
205
instance %(name)s can be used in the command.
214
dbus_object_path: dbus.ObjectPath
215
Private attibutes:
216
_timeout: Real variable for 'timeout'
217
_interval: Real variable for 'interval'
218
_timeout_milliseconds: Used when calling gobject.timeout_add()
219
_interval_milliseconds: - '' -
206
use_dbus: bool(); Whether to provide D-Bus interface and signals
207
dbus_object_path: dbus.ObjectPath ; only set if self.use_dbus
220
208
"""
221
def _set_timeout(self, timeout):
222
"Setter function for the 'timeout' attribute"
223
self._timeout = timeout
224
self._timeout_milliseconds = ((self.timeout.days
225
* 24 * 60 * 60 * 1000)
226
+ (self.timeout.seconds * 1000)
227
+ (self.timeout.microseconds
228
// 1000))
229
# Emit D-Bus signal
230
self.PropertyChanged(dbus.String(u"timeout"),
231
(dbus.UInt64(self._timeout_milliseconds,
232
variant_level=1)))
233
timeout = property(lambda self: self._timeout, _set_timeout)
234
del _set_timeout
235
236
def _set_interval(self, interval):
237
"Setter function for the 'interval' attribute"
238
self._interval = interval
239
self._interval_milliseconds = ((self.interval.days
240
* 24 * 60 * 60 * 1000)
241
+ (self.interval.seconds
242
* 1000)
243
+ (self.interval.microseconds
244
// 1000))
245
# Emit D-Bus signal
246
self.PropertyChanged(dbus.String(u"interval"),
247
(dbus.UInt64(self._interval_milliseconds,
248
variant_level=1)))
249
interval = property(lambda self: self._interval, _set_interval)
250
del _set_interval
251
252
def __init__(self, name = None, stop_hook=None, config=None):
209
def timeout_milliseconds(self):
210
"Return the 'timeout' attribute in milliseconds"
211
return ((self.timeout.days * 24 * 60 * 60 * 1000)
212
+ (self.timeout.seconds * 1000)
213
+ (self.timeout.microseconds // 1000))
214
215
def interval_milliseconds(self):
216
"Return the 'interval' attribute in milliseconds"
217
return ((self.interval.days * 24 * 60 * 60 * 1000)
218
+ (self.interval.seconds * 1000)
219
+ (self.interval.microseconds // 1000))
220
221
def __init__(self, name = None, disable_hook=None, config=None,
222
use_dbus=True):
253
223
"""Note: the 'checker' key in 'config' sets the
254
224
'checker_command' attribute and *not* the 'checker'
255
225
attribute."""
256
self.dbus_object_path = (dbus.ObjectPath
257
("/Mandos/clients/"
258
+ name.replace(".", "_")))
259
dbus.service.Object.__init__(self, bus,
260
self.dbus_object_path)
226
self.name = name
261
227
if config is None:
262
228
config = {}
263
self.name = name
264
229
logger.debug(u"Creating client %r", self.name)
230
self.use_dbus = False # During __init__
265
231
# Uppercase and remove spaces from fingerprint for later
266
232
# comparison purposes with return value from the fingerprint()
267
233
# function
280
246
% self.name)
281
247
self.host = config.get("host", "")
282
248
self.created = datetime.datetime.utcnow()
283
self.started = False
284
self.last_started = None
249
self.enabled = False
250
self.last_enabled = None
285
251
self.last_checked_ok = None
286
252
self.timeout = string_to_delta(config["timeout"])
287
253
self.interval = string_to_delta(config["interval"])
288
self.stop_hook = stop_hook
254
self.disable_hook = disable_hook
289
255
self.checker = None
290
256
self.checker_initiator_tag = None
291
self.stop_initiator_tag = None
257
self.disable_initiator_tag = None
292
258
self.checker_callback_tag = None
293
259
self.checker_command = config["checker"]
260
self.last_connect = None
261
# Only now, when this client is initialized, can it show up on
262
# the D-Bus
263
self.use_dbus = use_dbus
264
if self.use_dbus:
265
self.dbus_object_path = (dbus.ObjectPath
266
("/clients/"
267
+ self.name.replace(".", "_")))
268
dbus.service.Object.__init__(self, bus,
269
self.dbus_object_path)
294
270
295
def start(self):
271
def enable(self):
296
272
"""Start this client's checker and timeout hooks"""
297
self.last_started = datetime.datetime.utcnow()
273
self.last_enabled = datetime.datetime.utcnow()
298
274
# Schedule a new checker to be started an 'interval' from now,
299
275
# and every interval from then on.
300
276
self.checker_initiator_tag = (gobject.timeout_add
301
(self._interval_milliseconds,
277
(self.interval_milliseconds(),
302
278
self.start_checker))
303
279
# Also start a new checker *right now*.
304
280
self.start_checker()
305
# Schedule a stop() when 'timeout' has passed
306
self.stop_initiator_tag = (gobject.timeout_add
307
(self._timeout_milliseconds,
308
self.stop))
309
self.started = True
310
# Emit D-Bus signal
311
self.PropertyChanged(dbus.String(u"started"),
312
dbus.Boolean(True, variant_level=1))
313
self.PropertyChanged(dbus.String(u"last_started"),
314
(_datetime_to_dbus_struct
315
(self.last_started, variant_level=1)))
281
# Schedule a disable() when 'timeout' has passed
282
self.disable_initiator_tag = (gobject.timeout_add
283
(self.timeout_milliseconds(),
284
self.disable))
285
self.enabled = True
286
if self.use_dbus:
287
# Emit D-Bus signals
288
self.PropertyChanged(dbus.String(u"enabled"),
289
dbus.Boolean(True, variant_level=1))
290
self.PropertyChanged(dbus.String(u"last_enabled"),
291
(_datetime_to_dbus(self.last_enabled,
292
variant_level=1)))
316
293
317
def stop(self):
318
"""Stop this client."""
319
if not getattr(self, "started", False):
294
def disable(self):
295
"""Disable this client."""
296
if not getattr(self, "enabled", False):
320
297
return False
321
logger.info(u"Stopping client %s", self.name)
322
if getattr(self, "stop_initiator_tag", False):
323
gobject.source_remove(self.stop_initiator_tag)
324
self.stop_initiator_tag = None
298
logger.info(u"Disabling client %s", self.name)
299
if getattr(self, "disable_initiator_tag", False):
300
gobject.source_remove(self.disable_initiator_tag)
301
self.disable_initiator_tag = None
325
302
if getattr(self, "checker_initiator_tag", False):
326
303
gobject.source_remove(self.checker_initiator_tag)
327
304
self.checker_initiator_tag = None
328
305
self.stop_checker()
329
if self.stop_hook:
330
self.stop_hook(self)
331
self.started = False
332
# Emit D-Bus signal
333
self.PropertyChanged(dbus.String(u"started"),
334
dbus.Boolean(False, variant_level=1))
306
if self.disable_hook:
307
self.disable_hook(self)
308
self.enabled = False
309
if self.use_dbus:
310
# Emit D-Bus signal
311
self.PropertyChanged(dbus.String(u"enabled"),
312
dbus.Boolean(False, variant_level=1))
335
313
# Do not run this again if called by a gobject.timeout_add
336
314
return False
337
315
338
316
def __del__(self):
339
self.stop_hook = None
340
self.stop()
317
self.disable_hook = None
318
self.disable()
341
319
342
320
def checker_callback(self, pid, condition, command):
343
321
"""The checker has completed, so take appropriate actions."""
344
322
self.checker_callback_tag = None
345
323
self.checker = None
346
# Emit D-Bus signal
347
self.PropertyChanged(dbus.String(u"checker_running"),
348
dbus.Boolean(False, variant_level=1))
349
if (os.WIFEXITED(condition)
350
and (os.WEXITSTATUS(condition) == 0)):
351
logger.info(u"Checker for %(name)s succeeded",
352
vars(self))
324
if self.use_dbus:
353
325
# Emit D-Bus signal
354
self.CheckerCompleted(dbus.Boolean(True),
355
dbus.UInt16(condition),
356
dbus.String(command))
357
self.bump_timeout()
358
elif not os.WIFEXITED(condition):
326
self.PropertyChanged(dbus.String(u"checker_running"),
327
dbus.Boolean(False, variant_level=1))
328
if os.WIFEXITED(condition):
329
exitstatus = os.WEXITSTATUS(condition)
330
if exitstatus == 0:
331
logger.info(u"Checker for %(name)s succeeded",
332
vars(self))
333
self.checked_ok()
334
else:
335
logger.info(u"Checker for %(name)s failed",
336
vars(self))
337
if self.use_dbus:
338
# Emit D-Bus signal
339
self.CheckerCompleted(dbus.Int16(exitstatus),
340
dbus.Int64(condition),
341
dbus.String(command))
342
else:
359
343
logger.warning(u"Checker for %(name)s crashed?",
360
344
vars(self))
361
# Emit D-Bus signal
362
self.CheckerCompleted(dbus.Boolean(False),
363
dbus.UInt16(condition),
364
dbus.String(command))
365
else:
366
logger.info(u"Checker for %(name)s failed",
367
vars(self))
368
# Emit D-Bus signal
369
self.CheckerCompleted(dbus.Boolean(False),
370
dbus.UInt16(condition),
371
dbus.String(command))
345
if self.use_dbus:
346
# Emit D-Bus signal
347
self.CheckerCompleted(dbus.Int16(-1),
348
dbus.Int64(condition),
349
dbus.String(command))
372
350
373
def bump_timeout(self):
351
def checked_ok(self):
374
352
"""Bump up the timeout for this client.
375
353
This should only be called when the client has been seen,
376
354
alive and well.
377
355
"""
378
356
self.last_checked_ok = datetime.datetime.utcnow()
379
gobject.source_remove(self.stop_initiator_tag)
380
self.stop_initiator_tag = (gobject.timeout_add
381
(self._timeout_milliseconds,
382
self.stop))
383
self.PropertyChanged(dbus.String(u"last_checked_ok"),
384
(_datetime_to_dbus_struct
385
(self.last_checked_ok,
386
variant_level=1)))
357
gobject.source_remove(self.disable_initiator_tag)
358
self.disable_initiator_tag = (gobject.timeout_add
359
(self.timeout_milliseconds(),
360
self.disable))
361
if self.use_dbus:
362
# Emit D-Bus signal
363
self.PropertyChanged(
364
dbus.String(u"last_checked_ok"),
365
(_datetime_to_dbus(self.last_checked_ok,
366
variant_level=1)))
387
367
388
368
def start_checker(self):
389
369
"""Start a new checker subprocess if one is not running.
422
402
self.checker = subprocess.Popen(command,
423
403
close_fds=True,
424
404
shell=True, cwd="/")
425
# Emit D-Bus signal
426
self.CheckerStarted(command)
427
self.PropertyChanged(dbus.String("checker_running"),
428
dbus.Boolean(True, variant_level=1))
405
if self.use_dbus:
406
# Emit D-Bus signal
407
self.CheckerStarted(command)
408
self.PropertyChanged(
409
dbus.String("checker_running"),
410
dbus.Boolean(True, variant_level=1))
429
411
self.checker_callback_tag = (gobject.child_watch_add
430
412
(self.checker.pid,
431
413
self.checker_callback,
453
435
if error.errno != errno.ESRCH: # No such process
454
436
raise
455
437
self.checker = None
456
self.PropertyChanged(dbus.String(u"checker_running"),
457
dbus.Boolean(False, variant_level=1))
438
if self.use_dbus:
439
self.PropertyChanged(dbus.String(u"checker_running"),
440
dbus.Boolean(False, variant_level=1))
458
441
459
442
def still_valid(self):
460
443
"""Has the timeout not yet passed for this client?"""
461
if not getattr(self, "started", False):
444
if not getattr(self, "enabled", False):
462
445
return False
463
446
now = datetime.datetime.utcnow()
464
447
if self.last_checked_ok is None:
467
450
return now < (self.last_checked_ok + self.timeout)
468
451
469
452
## D-Bus methods & signals
470
_interface = u"org.mandos_system.Mandos.Client"
453
_interface = u"se.bsnet.fukt.Mandos.Client"
471
454
472
# BumpTimeout - method
473
BumpTimeout = dbus.service.method(_interface)(bump_timeout)
474
BumpTimeout.__name__ = "BumpTimeout"
455
# CheckedOK - method
456
CheckedOK = dbus.service.method(_interface)(checked_ok)
457
CheckedOK.__name__ = "CheckedOK"
475
458
476
459
# CheckerCompleted - signal
477
@dbus.service.signal(_interface, signature="bqs")
478
def CheckerCompleted(self, success, condition, command):
460
@dbus.service.signal(_interface, signature="nxs")
461
def CheckerCompleted(self, exitcode, waitstatus, command):
479
462
"D-Bus signal"
480
463
pass
481
464
497
480
dbus.String("host"):
498
481
dbus.String(self.host, variant_level=1),
499
482
dbus.String("created"):
500
_datetime_to_dbus_struct(self.created,
501
variant_level=1),
502
dbus.String("last_started"):
503
(_datetime_to_dbus_struct(self.last_started,
504
variant_level=1)
505
if self.last_started is not None
483
_datetime_to_dbus(self.created, variant_level=1),
484
dbus.String("last_enabled"):
485
(_datetime_to_dbus(self.last_enabled,
486
variant_level=1)
487
if self.last_enabled is not None
506
488
else dbus.Boolean(False, variant_level=1)),
507
dbus.String("started"):
508
dbus.Boolean(self.started, variant_level=1),
489
dbus.String("enabled"):
490
dbus.Boolean(self.enabled, variant_level=1),
509
491
dbus.String("last_checked_ok"):
510
(_datetime_to_dbus_struct(self.last_checked_ok,
511
variant_level=1)
492
(_datetime_to_dbus(self.last_checked_ok,
493
variant_level=1)
512
494
if self.last_checked_ok is not None
513
495
else dbus.Boolean (False, variant_level=1)),
514
496
dbus.String("timeout"):
515
dbus.UInt64(self._timeout_milliseconds,
497
dbus.UInt64(self.timeout_milliseconds(),
516
498
variant_level=1),
517
499
dbus.String("interval"):
518
dbus.UInt64(self._interval_milliseconds,
500
dbus.UInt64(self.interval_milliseconds(),
519
501
variant_level=1),
520
502
dbus.String("checker"):
521
503
dbus.String(self.checker_command,
523
505
dbus.String("checker_running"):
524
506
dbus.Boolean(self.checker is not None,
525
507
variant_level=1),
508
dbus.String("object_path"):
509
dbus.ObjectPath(self.dbus_object_path,
510
variant_level=1)
526
511
}, signature="sv")
527
512
528
513
# IsStillValid - method
541
526
def SetChecker(self, checker):
542
527
"D-Bus setter method"
543
528
self.checker_command = checker
529
# Emit D-Bus signal
530
self.PropertyChanged(dbus.String(u"checker"),
531
dbus.String(self.checker_command,
532
variant_level=1))
544
533
545
534
# SetHost - method
546
535
@dbus.service.method(_interface, in_signature="s")
547
536
def SetHost(self, host):
548
537
"D-Bus setter method"
549
538
self.host = host
539
# Emit D-Bus signal
540
self.PropertyChanged(dbus.String(u"host"),
541
dbus.String(self.host, variant_level=1))
550
542
551
543
# SetInterval - method
552
544
@dbus.service.method(_interface, in_signature="t")
553
545
def SetInterval(self, milliseconds):
554
self.interval = datetime.timdeelta(0, 0, 0, milliseconds)
546
self.interval = datetime.timedelta(0, 0, 0, milliseconds)
547
# Emit D-Bus signal
548
self.PropertyChanged(dbus.String(u"interval"),
549
(dbus.UInt64(self.interval_milliseconds(),
550
variant_level=1)))
555
551
556
552
# SetSecret - method
557
553
@dbus.service.method(_interface, in_signature="ay",
564
560
@dbus.service.method(_interface, in_signature="t")
565
561
def SetTimeout(self, milliseconds):
566
562
self.timeout = datetime.timedelta(0, 0, 0, milliseconds)
563
# Emit D-Bus signal
564
self.PropertyChanged(dbus.String(u"timeout"),
565
(dbus.UInt64(self.timeout_milliseconds(),
566
variant_level=1)))
567
567
568
# Start - method
569
Start = dbus.service.method(_interface)(start)
570
Start.__name__ = "Start"
568
# Enable - method
569
Enable = dbus.service.method(_interface)(enable)
570
Enable.__name__ = "Enable"
571
571
572
572
# StartChecker - method
573
573
@dbus.service.method(_interface)
575
575
"D-Bus method"
576
576
self.start_checker()
577
577
578
# Stop - method
578
# Disable - method
579
579
@dbus.service.method(_interface)
580
def Stop(self):
580
def Disable(self):
581
581
"D-Bus method"
582
self.stop()
582
self.disable()
583
583
584
584
# StopChecker - method
585
585
StopChecker = dbus.service.method(_interface)(stop_checker)
596
596
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
597
597
# ...do the normal thing
598
598
return session.peer_certificate
599
list_size = ctypes.c_uint()
599
list_size = ctypes.c_uint(1)
600
600
cert_list = (gnutls.library.functions
601
601
.gnutls_certificate_get_peers
602
602
(session._c_object, ctypes.byref(list_size)))
603
if not bool(cert_list) and list_size.value != 0:
604
raise gnutls.errors.GNUTLSError("error getting peer"
605
" certificate")
603
606
if list_size.value == 0:
604
607
return None
605
608
cert = cert_list[0]
674
677
# using OpenPGP certificates.
675
678
676
679
#priority = ':'.join(("NONE", "+VERS-TLS1.1", "+AES-256-CBC",
677
# "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",
678
# "+DHE-DSS"))
680
# "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",
681
# "+DHE-DSS"))
679
682
# Use a fallback default, since this MUST be set.
680
683
priority = self.server.settings.get("priority", "NORMAL")
681
684
(gnutls.library.functions
689
692
# Do not run session.bye() here: the session is not
690
693
# established. Just abandon the request.
691
694
return
695
logger.debug(u"Handshake succeeded")
692
696
try:
693
697
fpr = fingerprint(peer_certificate(session))
694
698
except (TypeError, gnutls.errors.GNUTLSError), error:
696
700
session.bye()
697
701
return
698
702
logger.debug(u"Fingerprint: %s", fpr)
703
699
704
for c in self.server.clients:
700
705
if c.fingerprint == fpr:
701
706
client = c
714
719
session.bye()
715
720
return
716
721
## This won't work here, since we're in a fork.
717
# client.bump_timeout()
722
# client.checked_ok()
718
723
sent_size = 0
719
724
while sent_size < len(client.secret):
720
725
sent = session.send(client.secret[sent_size:])
760
765
u" bind to interface %s",
761
766
self.settings["interface"])
762
767
else:
763
raise error
768
raise
764
769
# Only bind(2) the socket if we really need to.
765
770
if self.server_address[0] or self.server_address[1]:
766
771
if not self.server_address[0]:
787
792
788
793
def string_to_delta(interval):
789
794
"""Parse a string and return a datetime.timedelta
790
795
791
796
>>> string_to_delta('7d')
792
797
datetime.timedelta(7)
793
798
>>> string_to_delta('60s')
845
850
elif state == avahi.ENTRY_GROUP_FAILURE:
846
851
logger.critical(u"Avahi: Error in group state changed %s",
847
852
unicode(error))
848
raise AvahiGroupError("State changed: %s", str(error))
853
raise AvahiGroupError(u"State changed: %s" % unicode(error))
849
854
850
855
def if_nametoindex(interface):
851
856
"""Call the C function if_nametoindex(), or equivalent"""
894
899
895
900
896
901
def main():
897
parser = OptionParser(version = "%%prog %s" % version)
902
parser = optparse.OptionParser(version = "%%prog %s" % version)
898
903
parser.add_option("-i", "--interface", type="string",
899
904
metavar="IF", help="Bind to interface IF")
900
905
parser.add_option("-a", "--address", type="string",
901
906
help="Address to listen for requests on")
902
907
parser.add_option("-p", "--port", type="int",
903
908
help="Port number to receive requests on")
904
parser.add_option("--check", action="store_true", default=False,
909
parser.add_option("--check", action="store_true",
905
910
help="Run self-test")
906
911
parser.add_option("--debug", action="store_true",
907
912
help="Debug mode; run in foreground and log to"
914
919
default="/etc/mandos", metavar="DIR",
915
920
help="Directory to search for configuration"
916
921
" files")
922
parser.add_option("--no-dbus", action="store_false",
923
dest="use_dbus",
924
help="Do not provide D-Bus system bus"
925
" interface")
917
926
options = parser.parse_args()[0]
918
927
919
928
if options.check:
929
938
"priority":
930
939
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
931
940
"servicename": "Mandos",
941
"use_dbus": "True",
932
942
}
933
943
934
944
# Parse config file for server-global settings
937
947
server_config.read(os.path.join(options.configdir, "mandos.conf"))
938
948
# Convert the SafeConfigParser object to a dict
939
949
server_settings = server_config.defaults()
940
# Use getboolean on the boolean config option
941
server_settings["debug"] = (server_config.getboolean
942
("DEFAULT", "debug"))
950
# Use the appropriate methods on the non-string config options
951
server_settings["debug"] = server_config.getboolean("DEFAULT",
952
"debug")
953
server_settings["use_dbus"] = server_config.getboolean("DEFAULT",
954
"use_dbus")
955
if server_settings["port"]:
956
server_settings["port"] = server_config.getint("DEFAULT",
957
"port")
943
958
del server_config
944
959
945
960
# Override the settings from the config file with command line
946
961
# options, if set.
947
962
for option in ("interface", "address", "port", "debug",
948
"priority", "servicename", "configdir"):
963
"priority", "servicename", "configdir",
964
"use_dbus"):
949
965
value = getattr(options, option)
950
966
if value is not None:
951
967
server_settings[option] = value
952
968
del options
953
969
# Now we have our good server settings in "server_settings"
954
970
971
# For convenience
955
972
debug = server_settings["debug"]
973
use_dbus = server_settings["use_dbus"]
956
974
957
975
if not debug:
958
976
syslogger.setLevel(logging.WARNING)
967
985
# Parse config file with clients
968
986
client_defaults = { "timeout": "1h",
969
987
"interval": "5m",
970
"checker": "fping -q -- %(host)s",
988
"checker": "fping -q -- %%(host)s",
971
989
"host": "",
972
990
}
973
991
client_config = ConfigParser.SafeConfigParser(client_defaults)
983
1001
pidfilename = "/var/run/mandos.pid"
984
1002
try:
985
1003
pidfile = open(pidfilename, "w")
986
except IOError, error:
1004
except IOError:
987
1005
logger.error("Could not open file %r", pidfilename)
988
1006
989
1007
try:
990
1008
uid = pwd.getpwnam("_mandos").pw_uid
1009
gid = pwd.getpwnam("_mandos").pw_gid
991
1010
except KeyError:
992
1011
try:
993
1012
uid = pwd.getpwnam("mandos").pw_uid
1013
gid = pwd.getpwnam("mandos").pw_gid
994
1014
except KeyError:
995
1015
try:
996
1016
uid = pwd.getpwnam("nobody").pw_uid
1017
gid = pwd.getpwnam("nogroup").pw_gid
997
1018
except KeyError:
998
1019
uid = 65534
999
try:
1000
gid = pwd.getpwnam("_mandos").pw_gid
1001
except KeyError:
1002
try:
1003
gid = pwd.getpwnam("mandos").pw_gid
1004
except KeyError:
1005
try:
1006
gid = pwd.getpwnam("nogroup").pw_gid
1007
except KeyError:
1008
1020
gid = 65534
1009
1021
try:
1022
os.setgid(gid)
1010
1023
os.setuid(uid)
1011
os.setgid(gid)
1012
1024
except OSError, error:
1013
1025
if error[0] != errno.EPERM:
1014
1026
raise error
1015
1027
1028
# Enable all possible GnuTLS debugging
1029
if debug:
1030
# "Use a log level over 10 to enable all debugging options."
1031
# - GnuTLS manual
1032
gnutls.library.functions.gnutls_global_set_log_level(11)
1033
1034
@gnutls.library.types.gnutls_log_func
1035
def debug_gnutls(level, string):
1036
logger.debug("GnuTLS: %s", string[:-1])
1037
1038
(gnutls.library.functions
1039
.gnutls_global_set_log_function(debug_gnutls))
1040
1016
1041
global service
1017
1042
service = AvahiService(name = server_settings["servicename"],
1018
1043
servicetype = "_mandos._tcp", )
1031
1056
avahi.DBUS_PATH_SERVER),
1032
1057
avahi.DBUS_INTERFACE_SERVER)
1033
1058
# End of Avahi example code
1034
bus_name = dbus.service.BusName(u"org.mandos-system.Mandos", bus)
1059
if use_dbus:
1060
bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos", bus)
1035
1061
1036
1062
clients.update(Set(Client(name = section,
1037
1063
config
1038
= dict(client_config.items(section)))
1064
= dict(client_config.items(section)),
1065
use_dbus = use_dbus)
1039
1066
for section in client_config.sections()))
1040
1067
if not clients:
1041
logger.critical(u"No clients defined")
1042
sys.exit(1)
1068
logger.warning(u"No clients defined")
1043
1069
1044
1070
if debug:
1045
1071
# Redirect stdin so all checkers get /dev/null
1077
1103
1078
1104
while clients:
1079
1105
client = clients.pop()
1080
client.stop_hook = None
1081
client.stop()
1106
client.disable_hook = None
1107
client.disable()
1082
1108
1083
1109
atexit.register(cleanup)
1084
1110
1087
1113
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
1088
1114
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
1089
1115
1090
class MandosServer(dbus.service.Object):
1091
"""A D-Bus proxy object"""
1092
def __init__(self):
1093
dbus.service.Object.__init__(self, bus,
1094
"/Mandos")
1095
_interface = u"org.mandos_system.Mandos"
1096
1097
@dbus.service.signal(_interface, signature="oa{sv}")
1098
def ClientAdded(self, objpath, properties):
1099
"D-Bus signal"
1100
pass
1101
1102
@dbus.service.signal(_interface, signature="o")
1103
def ClientRemoved(self, objpath):
1104
"D-Bus signal"
1105
pass
1106
1107
@dbus.service.method(_interface, out_signature="ao")
1108
def GetAllClients(self):
1109
return dbus.Array(c.dbus_object_path for c in clients)
1110
1111
@dbus.service.method(_interface, out_signature="a{oa{sv}}")
1112
def GetAllClientsWithProperties(self):
1113
return dbus.Dictionary(
1114
((c.dbus_object_path, c.GetAllProperties())
1115
for c in clients),
1116
signature="oa{sv}")
1117
1118
@dbus.service.method(_interface, in_signature="o")
1119
def RemoveClient(self, object_path):
1120
for c in clients:
1121
if c.dbus_object_path == object_path:
1122
c.stop()
1123
clients.remove(c)
1124
return
1125
raise KeyError
1126
1127
del _interface
1128
1129
mandos_server = MandosServer()
1116
if use_dbus:
1117
class MandosServer(dbus.service.Object):
1118
"""A D-Bus proxy object"""
1119
def __init__(self):
1120
dbus.service.Object.__init__(self, bus, "/")
1121
_interface = u"se.bsnet.fukt.Mandos"
1122
1123
@dbus.service.signal(_interface, signature="oa{sv}")
1124
def ClientAdded(self, objpath, properties):
1125
"D-Bus signal"
1126
pass
1127
1128
@dbus.service.signal(_interface, signature="os")
1129
def ClientRemoved(self, objpath, name):
1130
"D-Bus signal"
1131
pass
1132
1133
@dbus.service.method(_interface, out_signature="ao")
1134
def GetAllClients(self):
1135
"D-Bus method"
1136
return dbus.Array(c.dbus_object_path for c in clients)
1137
1138
@dbus.service.method(_interface, out_signature="a{oa{sv}}")
1139
def GetAllClientsWithProperties(self):
1140
"D-Bus method"
1141
return dbus.Dictionary(
1142
((c.dbus_object_path, c.GetAllProperties())
1143
for c in clients),
1144
signature="oa{sv}")
1145
1146
@dbus.service.method(_interface, in_signature="o")
1147
def RemoveClient(self, object_path):
1148
"D-Bus method"
1149
for c in clients:
1150
if c.dbus_object_path == object_path:
1151
clients.remove(c)
1152
# Don't signal anything except ClientRemoved
1153
c.use_dbus = False
1154
c.disable()
1155
# Emit D-Bus signal
1156
self.ClientRemoved(object_path, c.name)
1157
return
1158
raise KeyError
1159
1160
del _interface
1161
1162
mandos_server = MandosServer()
1130
1163
1131
1164
for client in clients:
1132
# Emit D-Bus signal
1133
mandos_server.ClientAdded(client.dbus_object_path,
1134
client.GetAllProperties())
1135
client.start()
1165
if use_dbus:
1166
# Emit D-Bus signal
1167
mandos_server.ClientAdded(client.dbus_object_path,
1168
client.GetAllProperties())
1169
client.enable()
1136
1170
1137
1171
tcp_server.enable()
1138
1172
tcp_server.server_activate()
1162
1196
logger.debug(u"Starting main loop")
1163
1197
main_loop.run()
1164
1198
except AvahiError, error:
1165
logger.critical(u"AvahiError: %s" + unicode(error))
1199
logger.critical(u"AvahiError: %s", error)
1166
1200
sys.exit(1)
1167
1201
except KeyboardInterrupt:
1168
1202
if debug:
1169
print
1203
print >> sys.stderr
1204
logger.debug("Server received KeyboardInterrupt")
1205
logger.debug("Server exiting")
1170
1206
1171
1207
if __name__ == '__main__':
1172
1208
main()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0