/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos

  • Committer: Teddy Hogeborn
  • Date: 2012-05-26 22:21:17 UTC
  • mto: (237.7.139 trunk)
  • mto: This revision was merged to the branch mainline in revision 301.
  • Revision ID: teddy@recompile.se-20120526222117-2n4oeb3hqyq4rjdh
* mandos: Implement "--socket" option.
  (IPv6_TCPServer.__init__): Take new "socketfd" parameter; use it.
  (MandosServer.__init__): Take new "socketfd" parameter.  Pass it on
                           to IPv6_TCPServer constructor.
  (main): Take new "--socket" option.  Also take "socket" parameter in
          "mandos.conf" configuration file.  If set, pass the value to
          MandosServer constructor.
* mandos-options.xml (socket): Document new "socket" option.
* mandos-conf.xml (OPTIONS): - '' -
* mandos.xml (SYNOPSIS, OPTIONS): Document new "--socket" option.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos
88
88
    except ImportError:
89
89
        SO_BINDTODEVICE = None
90
90
 
91
 
version = "1.6.0"
 
91
version = "1.5.4"
92
92
stored_state_file = "clients.pickle"
93
93
 
94
94
logger = logging.getLogger()
1948
1948
                try:
1949
1949
                    self.socket.setsockopt(socket.SOL_SOCKET,
1950
1950
                                           SO_BINDTODEVICE,
1951
 
                                           str(self.interface + '\0'))
 
1951
                                           str(self.interface
 
1952
                                               + '\0'))
1952
1953
                except socket.error as error:
1953
1954
                    if error.errno == errno.EPERM:
1954
 
                        logger.error("No permission to bind to"
1955
 
                                     " interface %s", self.interface)
 
1955
                        logger.error("No permission to"
 
1956
                                     " bind to interface %s",
 
1957
                                     self.interface)
1956
1958
                    elif error.errno == errno.ENOPROTOOPT:
1957
1959
                        logger.error("SO_BINDTODEVICE not available;"
1958
1960
                                     " cannot bind to interface %s",
1959
1961
                                     self.interface)
1960
1962
                    elif error.errno == errno.ENODEV:
1961
 
                        logger.error("Interface %s does not exist,"
1962
 
                                     " cannot bind", self.interface)
 
1963
                        logger.error("Interface %s does not"
 
1964
                                     " exist, cannot bind",
 
1965
                                     self.interface)
1963
1966
                    else:
1964
1967
                        raise
1965
1968
        # Only bind(2) the socket if we really need to.
2198
2201
                        " socket to use instead of creating one")
2199
2202
    parser.add_argument("--statedir", metavar="DIR",
2200
2203
                        help="Directory to save/restore state in")
2201
 
    parser.add_argument("--foreground", action="store_true",
2202
 
                        help="Run in foreground")
2203
2204
    
2204
2205
    options = parser.parse_args()
2205
2206
    
2221
2222
                        "debuglevel": "",
2222
2223
                        "restore": "True",
2223
2224
                        "socket": "",
2224
 
                        "statedir": "/var/lib/mandos",
2225
 
                        "foreground": "False",
 
2225
                        "statedir": "/var/lib/mandos"
2226
2226
                        }
2227
2227
    
2228
2228
    # Parse config file for server-global settings
2233
2233
    # Convert the SafeConfigParser object to a dict
2234
2234
    server_settings = server_config.defaults()
2235
2235
    # Use the appropriate methods on the non-string config options
2236
 
    for option in ("debug", "use_dbus", "use_ipv6", "foreground"):
 
2236
    for option in ("debug", "use_dbus", "use_ipv6"):
2237
2237
        server_settings[option] = server_config.getboolean("DEFAULT",
2238
2238
                                                           option)
2239
2239
    if server_settings["port"]:
2242
2242
    if server_settings["socket"]:
2243
2243
        server_settings["socket"] = server_config.getint("DEFAULT",
2244
2244
                                                         "socket")
2245
 
        # Later, stdin will, and stdout and stderr might, be dup'ed
 
2245
        # Later, stdin will, and stdout, and stderr might, be dup'ed
2246
2246
        # over with an opened os.devnull.  But we don't want this to
2247
2247
        # happen with a supplied network socket.
2248
2248
        if 0 <= server_settings["socket"] <= 2:
2255
2255
    for option in ("interface", "address", "port", "debug",
2256
2256
                   "priority", "servicename", "configdir",
2257
2257
                   "use_dbus", "use_ipv6", "debuglevel", "restore",
2258
 
                   "statedir", "socket", "foreground"):
 
2258
                   "statedir", "socket"):
2259
2259
        value = getattr(options, option)
2260
2260
        if value is not None:
2261
2261
            server_settings[option] = value
2264
2264
    for option in server_settings.keys():
2265
2265
        if type(server_settings[option]) is str:
2266
2266
            server_settings[option] = unicode(server_settings[option])
2267
 
    # Debug implies foreground
2268
 
    if server_settings["debug"]:
2269
 
        server_settings["foreground"] = True
2270
2267
    # Now we have our good server settings in "server_settings"
2271
2268
    
2272
2269
    ##################################################################
2278
2275
    use_ipv6 = server_settings["use_ipv6"]
2279
2276
    stored_state_path = os.path.join(server_settings["statedir"],
2280
2277
                                     stored_state_file)
2281
 
    foreground = server_settings["foreground"]
2282
2278
    
2283
2279
    if debug:
2284
2280
        initlogger(debug, logging.DEBUG)
2316
2312
                              use_dbus=use_dbus,
2317
2313
                              socketfd=(server_settings["socket"]
2318
2314
                                        or None))
2319
 
    if not foreground:
 
2315
    if not debug:
2320
2316
        pidfilename = "/var/run/mandos.pid"
2321
 
        pidfile = None
2322
2317
        try:
2323
2318
            pidfile = open(pidfilename, "w")
2324
2319
        except IOError as e:
2363
2358
            os.close(null)
2364
2359
    
2365
2360
    # Need to fork before connecting to D-Bus
2366
 
    if not foreground:
 
2361
    if not debug:
2367
2362
        # Close all input and output, do double fork, etc.
2368
2363
        daemon()
2369
2364
    
2370
 
    # multiprocessing will use threads, so before we use gobject we
2371
 
    # need to inform gobject that threads will be used.
2372
2365
    gobject.threads_init()
2373
2366
    
2374
2367
    global main_loop
2502
2495
    if not tcp_server.clients:
2503
2496
        logger.warning("No clients defined")
2504
2497
    
2505
 
    if not foreground:
2506
 
        if pidfile is not None:
2507
 
            try:
2508
 
                with pidfile:
2509
 
                    pid = os.getpid()
2510
 
                    pidfile.write(str(pid) + "\n".encode("utf-8"))
2511
 
            except IOError:
2512
 
                logger.error("Could not write to file %r with PID %d",
2513
 
                             pidfilename, pid)
2514
 
        del pidfile
 
2498
    if not debug:
 
2499
        try:
 
2500
            with pidfile:
 
2501
                pid = os.getpid()
 
2502
                pidfile.write(str(pid) + "\n".encode("utf-8"))
 
2503
            del pidfile
 
2504
        except IOError:
 
2505
            logger.error("Could not write to file %r with PID %d",
 
2506
                         pidfilename, pid)
 
2507
        except NameError:
 
2508
            # "pidfile" was never created
 
2509
            pass
2515
2510
        del pidfilename
2516
2511
    
2517
2512
    signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())