676
class TCP_handler(SocketServer.BaseRequestHandler, object):
677
"""A TCP request handler class.
678
Instantiated by IPv6_TCPServer for each request to handle it.
691
class ClientHandler(SocketServer.BaseRequestHandler, object):
692
"""A class to handle client connections.
694
Instantiated once for each connection to handle it.
679
695
Note: This will run in its own forked process."""
681
697
def handle(self):
708
724
# "+COMP-NULL", "+CTYPE-OPENPGP",
710
726
# Use a fallback default, since this MUST be set.
711
priority = self.server.settings.get("priority", "NORMAL")
727
priority = self.server.gnutls_priority
712
730
(gnutls.library.functions
713
731
.gnutls_priority_set_direct(session._c_object,
821
839
class ForkingMixInWithPipe(SocketServer.ForkingMixIn, object):
822
840
"""Like SocketServer.ForkingMixIn, but also pass a pipe.
823
842
Assumes a gobject.MainLoop event loop.
825
844
def process_request(self, request, client_address):
826
"""This overrides and wraps the original process_request().
845
"""Overrides and wraps the original process_request().
827
847
This function creates a new pipe in self.pipe
829
849
self.pipe = os.pipe()
843
863
class IPv6_TCPServer(ForkingMixInWithPipe,
844
864
SocketServer.TCPServer, object):
845
865
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
847
settings: Server settings
868
enabled: Boolean; whether this server is activated yet
869
interface: None or a network interface name (string)
870
use_ipv6: Boolean; to use IPv6 or not
848
872
clients: Set() of Client objects
849
enabled: Boolean; whether this server is activated yet
873
gnutls_priority GnuTLS priority string
874
use_dbus: Boolean; to emit D-Bus signals or not
851
address_family = socket.AF_INET6
852
def __init__(self, *args, **kwargs):
853
if "settings" in kwargs:
854
self.settings = kwargs["settings"]
855
del kwargs["settings"]
856
if "clients" in kwargs:
857
self.clients = kwargs["clients"]
858
del kwargs["clients"]
859
if "use_ipv6" in kwargs:
860
if not kwargs["use_ipv6"]:
861
self.address_family = socket.AF_INET
862
del kwargs["use_ipv6"]
876
def __init__(self, server_address, RequestHandlerClass,
877
interface=None, use_ipv6=True, clients=None,
878
gnutls_priority=None, use_dbus=True):
863
879
self.enabled = False
864
super(IPv6_TCPServer, self).__init__(*args, **kwargs)
880
self.interface = interface
882
self.address_family = socket.AF_INET6
883
self.clients = clients
884
self.use_dbus = use_dbus
885
self.gnutls_priority = gnutls_priority
886
SocketServer.TCPServer.__init__(self, server_address,
865
888
def server_bind(self):
866
889
"""This overrides the normal server_bind() function
867
890
to bind to an interface if one was specified, and also NOT to
868
891
bind to an address or port if they were not specified."""
869
if self.settings["interface"]:
870
# 25 is from /usr/include/asm-i486/socket.h
871
SO_BINDTODEVICE = getattr(socket, "SO_BINDTODEVICE", 25)
892
if self.interface is not None:
873
894
self.socket.setsockopt(socket.SOL_SOCKET,
875
self.settings["interface"])
896
self.interface + '\0')
876
897
except socket.error, error:
877
898
if error[0] == errno.EPERM:
878
899
logger.error(u"No permission to"
879
900
u" bind to interface %s",
880
self.settings["interface"])
883
904
# Only bind(2) the socket if we really need to.
892
913
elif not self.server_address[1]:
893
914
self.server_address = (self.server_address[0],
895
# if self.settings["interface"]:
896
917
# self.server_address = (self.server_address[0],
902
return super(IPv6_TCPServer, self).server_bind()
922
return SocketServer.TCPServer.server_bind(self)
903
923
def server_activate(self):
905
return super(IPv6_TCPServer, self).server_activate()
925
return SocketServer.TCPServer.server_activate(self)
906
926
def enable(self):
907
927
self.enabled = True
908
928
def handle_ipc(self, source, condition, file_objects={}):
945
965
if cmd == "NOTFOUND":
946
966
logger.warning(u"Client not found for fingerprint: %s",
948
if self.settings["use_dbus"]:
949
969
# Emit D-Bus signal
950
970
mandos_dbus_service.ClientNotFound(args)
951
971
elif cmd == "INVALID":
952
972
for client in self.clients:
953
973
if client.name == args:
954
974
logger.warning(u"Client %s is invalid", args)
955
if self.settings["use_dbus"]:
956
976
# Emit D-Bus signal
957
977
client.Rejected()
1197
1218
clients = Set()
1198
1219
tcp_server = IPv6_TCPServer((server_settings["address"],
1199
1220
server_settings["port"]),
1201
settings=server_settings,
1202
clients=clients, use_ipv6=use_ipv6)
1223
server_settings["interface"],
1227
server_settings["priority"],
1203
1229
pidfilename = "/var/run/mandos.pid"
1205
1231
pidfile = open(pidfilename, "w")