To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 237.7.154
- compare with another revision
- download diff
- download tarball
- view history from revision 237.7.154
- Committer: Teddy Hogeborn
- Date: 2012-06-17 14:55:31 UTC
- mto: (301.1.1 release) (237.7.272 trunk)
- mto: This revision was merged to the branch mainline in revision 302.
- Revision ID: teddy@recompile.se-20120617145531-o24z982oerm6xb6s
* mandos: New "--foreground" option.
- files added:
- debian/mandos-client.examples
- debian/source
- network-hooks.d
- files modified:
- .bzrignore
added
removed
mandos
11
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008,2009 Teddy Hogeborn
15
# Copyright © 2008,2009 Björn Påhlsson
14
# Copyright © 2008-2012 Teddy Hogeborn
15
# Copyright © 2008-2012 Björn Påhlsson
16
16
#
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
28
28
# along with this program. If not, see
29
29
# <http://www.gnu.org/licenses/>.
30
30
#
31
# Contact the authors at <mandos@fukt.bsnet.se>.
31
# Contact the authors at <mandos@recompile.se>.
32
32
#
33
33
34
from __future__ import division, with_statement, absolute_import
34
from __future__ import (division, absolute_import, print_function,
35
unicode_literals)
36
37
from future_builtins import *
35
38
36
39
import SocketServer as socketserver
37
40
import socket
38
import optparse
41
import argparse
39
42
import datetime
40
43
import errno
41
44
import gnutls.crypto
61
64
import functools
62
65
import cPickle as pickle
63
66
import multiprocessing
67
import types
68
import binascii
69
import tempfile
70
import itertools
64
71
65
72
import dbus
66
73
import dbus.service
71
78
import ctypes.util
72
79
import xml.dom.minidom
73
80
import inspect
81
import GnuPGInterface
74
82
75
83
try:
76
84
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
80
88
except ImportError:
81
89
SO_BINDTODEVICE = None
82
90
83
84
version = "1.0.14"
85
86
#logger = logging.getLogger(u'mandos')
87
logger = logging.Logger(u'mandos')
91
version = "1.5.5"
92
stored_state_file = "clients.pickle"
93
94
logger = logging.getLogger()
88
95
syslogger = (logging.handlers.SysLogHandler
89
96
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
90
address = "/dev/log"))
91
syslogger.setFormatter(logging.Formatter
92
(u'Mandos [%(process)d]: %(levelname)s:'
93
u' %(message)s'))
94
logger.addHandler(syslogger)
95
96
console = logging.StreamHandler()
97
console.setFormatter(logging.Formatter(u'%(name)s [%(process)d]:'
98
u' %(levelname)s:'
99
u' %(message)s'))
100
logger.addHandler(console)
97
address = str("/dev/log")))
98
99
try:
100
if_nametoindex = (ctypes.cdll.LoadLibrary
101
(ctypes.util.find_library("c"))
102
.if_nametoindex)
103
except (OSError, AttributeError):
104
def if_nametoindex(interface):
105
"Get an interface index the hard way, i.e. using fcntl()"
106
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
107
with contextlib.closing(socket.socket()) as s:
108
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
109
struct.pack(str("16s16x"),
110
interface))
111
interface_index = struct.unpack(str("I"),
112
ifreq[16:20])[0]
113
return interface_index
114
115
116
def initlogger(debug, level=logging.WARNING):
117
"""init logger and add loglevel"""
118
119
syslogger.setFormatter(logging.Formatter
120
('Mandos [%(process)d]: %(levelname)s:'
121
' %(message)s'))
122
logger.addHandler(syslogger)
123
124
if debug:
125
console = logging.StreamHandler()
126
console.setFormatter(logging.Formatter('%(asctime)s %(name)s'
127
' [%(process)d]:'
128
' %(levelname)s:'
129
' %(message)s'))
130
logger.addHandler(console)
131
logger.setLevel(level)
132
133
134
class PGPError(Exception):
135
"""Exception if encryption/decryption fails"""
136
pass
137
138
139
class PGPEngine(object):
140
"""A simple class for OpenPGP symmetric encryption & decryption"""
141
def __init__(self):
142
self.gnupg = GnuPGInterface.GnuPG()
143
self.tempdir = tempfile.mkdtemp(prefix="mandos-")
144
self.gnupg = GnuPGInterface.GnuPG()
145
self.gnupg.options.meta_interactive = False
146
self.gnupg.options.homedir = self.tempdir
147
self.gnupg.options.extra_args.extend(['--force-mdc',
148
'--quiet',
149
'--no-use-agent'])
150
151
def __enter__(self):
152
return self
153
154
def __exit__(self, exc_type, exc_value, traceback):
155
self._cleanup()
156
return False
157
158
def __del__(self):
159
self._cleanup()
160
161
def _cleanup(self):
162
if self.tempdir is not None:
163
# Delete contents of tempdir
164
for root, dirs, files in os.walk(self.tempdir,
165
topdown = False):
166
for filename in files:
167
os.remove(os.path.join(root, filename))
168
for dirname in dirs:
169
os.rmdir(os.path.join(root, dirname))
170
# Remove tempdir
171
os.rmdir(self.tempdir)
172
self.tempdir = None
173
174
def password_encode(self, password):
175
# Passphrase can not be empty and can not contain newlines or
176
# NUL bytes. So we prefix it and hex encode it.
177
return b"mandos" + binascii.hexlify(password)
178
179
def encrypt(self, data, password):
180
self.gnupg.passphrase = self.password_encode(password)
181
with open(os.devnull, "w") as devnull:
182
try:
183
proc = self.gnupg.run(['--symmetric'],
184
create_fhs=['stdin', 'stdout'],
185
attach_fhs={'stderr': devnull})
186
with contextlib.closing(proc.handles['stdin']) as f:
187
f.write(data)
188
with contextlib.closing(proc.handles['stdout']) as f:
189
ciphertext = f.read()
190
proc.wait()
191
except IOError as e:
192
raise PGPError(e)
193
self.gnupg.passphrase = None
194
return ciphertext
195
196
def decrypt(self, data, password):
197
self.gnupg.passphrase = self.password_encode(password)
198
with open(os.devnull, "w") as devnull:
199
try:
200
proc = self.gnupg.run(['--decrypt'],
201
create_fhs=['stdin', 'stdout'],
202
attach_fhs={'stderr': devnull})
203
with contextlib.closing(proc.handles['stdin']) as f:
204
f.write(data)
205
with contextlib.closing(proc.handles['stdout']) as f:
206
decrypted_plaintext = f.read()
207
proc.wait()
208
except IOError as e:
209
raise PGPError(e)
210
self.gnupg.passphrase = None
211
return decrypted_plaintext
212
101
213
102
214
class AvahiError(Exception):
103
215
def __init__(self, value, *args, **kwargs):
119
231
Attributes:
120
232
interface: integer; avahi.IF_UNSPEC or an interface index.
121
233
Used to optionally bind to the specified interface.
122
name: string; Example: u'Mandos'
123
type: string; Example: u'_mandos._tcp'.
234
name: string; Example: 'Mandos'
235
type: string; Example: '_mandos._tcp'.
124
236
See <http://www.dns-sd.org/ServiceTypes.html>
125
237
port: integer; what port to announce
126
238
TXT: list of strings; TXT record for the service
133
245
server: D-Bus Server
134
246
bus: dbus.SystemBus()
135
247
"""
248
136
249
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
137
250
servicetype = None, port = None, TXT = None,
138
domain = u"", host = u"", max_renames = 32768,
251
domain = "", host = "", max_renames = 32768,
139
252
protocol = avahi.PROTO_UNSPEC, bus = None):
140
253
self.interface = interface
141
254
self.name = name
150
263
self.group = None # our entry group
151
264
self.server = None
152
265
self.bus = bus
266
self.entry_group_state_changed_match = None
267
153
268
def rename(self):
154
269
"""Derived from the Avahi example code"""
155
270
if self.rename_count >= self.max_renames:
156
logger.critical(u"No suitable Zeroconf service name found"
157
u" after %i retries, exiting.",
271
logger.critical("No suitable Zeroconf service name found"
272
" after %i retries, exiting.",
158
273
self.rename_count)
159
raise AvahiServiceError(u"Too many renames")
160
self.name = unicode(self.server.GetAlternativeServiceName(self.name))
161
logger.info(u"Changing Zeroconf service name to %r ...",
274
raise AvahiServiceError("Too many renames")
275
self.name = unicode(self.server
276
.GetAlternativeServiceName(self.name))
277
logger.info("Changing Zeroconf service name to %r ...",
162
278
self.name)
163
syslogger.setFormatter(logging.Formatter
164
(u'Mandos (%s) [%%(process)d]:'
165
u' %%(levelname)s: %%(message)s'
166
% self.name))
167
279
self.remove()
168
280
try:
169
281
self.add()
170
except dbus.exceptions.DBusException, error:
171
logger.critical(u"DBusException: %s", error)
282
except dbus.exceptions.DBusException as error:
283
logger.critical("D-Bus Exception", exc_info=error)
172
284
self.cleanup()
173
285
os._exit(1)
174
286
self.rename_count += 1
287
175
288
def remove(self):
176
289
"""Derived from the Avahi example code"""
290
if self.entry_group_state_changed_match is not None:
291
self.entry_group_state_changed_match.remove()
292
self.entry_group_state_changed_match = None
177
293
if self.group is not None:
178
294
self.group.Reset()
295
179
296
def add(self):
180
297
"""Derived from the Avahi example code"""
298
self.remove()
181
299
if self.group is None:
182
300
self.group = dbus.Interface(
183
301
self.bus.get_object(avahi.DBUS_NAME,
184
302
self.server.EntryGroupNew()),
185
303
avahi.DBUS_INTERFACE_ENTRY_GROUP)
186
self.group.connect_to_signal('StateChanged',
187
self
188
.entry_group_state_changed)
189
logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",
304
self.entry_group_state_changed_match = (
305
self.group.connect_to_signal(
306
'StateChanged', self.entry_group_state_changed))
307
logger.debug("Adding Zeroconf service '%s' of type '%s' ...",
190
308
self.name, self.type)
191
309
self.group.AddService(
192
310
self.interface,
197
315
dbus.UInt16(self.port),
198
316
avahi.string_array_to_txt_array(self.TXT))
199
317
self.group.Commit()
318
200
319
def entry_group_state_changed(self, state, error):
201
320
"""Derived from the Avahi example code"""
202
logger.debug(u"Avahi entry group state change: %i", state)
321
logger.debug("Avahi entry group state change: %i", state)
203
322
204
323
if state == avahi.ENTRY_GROUP_ESTABLISHED:
205
logger.debug(u"Zeroconf service established.")
324
logger.debug("Zeroconf service established.")
206
325
elif state == avahi.ENTRY_GROUP_COLLISION:
207
logger.warning(u"Zeroconf service name collision.")
326
logger.info("Zeroconf service name collision.")
208
327
self.rename()
209
328
elif state == avahi.ENTRY_GROUP_FAILURE:
210
logger.critical(u"Avahi: Error in group state changed %s",
329
logger.critical("Avahi: Error in group state changed %s",
211
330
unicode(error))
212
raise AvahiGroupError(u"State changed: %s"
213
% unicode(error))
331
raise AvahiGroupError("State changed: {0!s}"
332
.format(error))
333
214
334
def cleanup(self):
215
335
"""Derived from the Avahi example code"""
216
336
if self.group is not None:
217
self.group.Free()
337
try:
338
self.group.Free()
339
except (dbus.exceptions.UnknownMethodException,
340
dbus.exceptions.DBusException):
341
pass
218
342
self.group = None
219
def server_state_changed(self, state):
343
self.remove()
344
345
def server_state_changed(self, state, error=None):
220
346
"""Derived from the Avahi example code"""
221
logger.debug(u"Avahi server state change: %i", state)
222
if state == avahi.SERVER_COLLISION:
223
logger.error(u"Zeroconf server name collision")
224
self.remove()
347
logger.debug("Avahi server state change: %i", state)
348
bad_states = { avahi.SERVER_INVALID:
349
"Zeroconf server invalid",
350
avahi.SERVER_REGISTERING: None,
351
avahi.SERVER_COLLISION:
352
"Zeroconf server name collision",
353
avahi.SERVER_FAILURE:
354
"Zeroconf server failure" }
355
if state in bad_states:
356
if bad_states[state] is not None:
357
if error is None:
358
logger.error(bad_states[state])
359
else:
360
logger.error(bad_states[state] + ": %r", error)
361
self.cleanup()
225
362
elif state == avahi.SERVER_RUNNING:
226
363
self.add()
364
else:
365
if error is None:
366
logger.debug("Unknown state: %r", state)
367
else:
368
logger.debug("Unknown state: %r: %r", state, error)
369
227
370
def activate(self):
228
371
"""Derived from the Avahi example code"""
229
372
if self.server is None:
230
373
self.server = dbus.Interface(
231
374
self.bus.get_object(avahi.DBUS_NAME,
232
avahi.DBUS_PATH_SERVER),
375
avahi.DBUS_PATH_SERVER,
376
follow_name_owner_changes=True),
233
377
avahi.DBUS_INTERFACE_SERVER)
234
self.server.connect_to_signal(u"StateChanged",
378
self.server.connect_to_signal("StateChanged",
235
379
self.server_state_changed)
236
380
self.server_state_changed(self.server.GetState())
237
381
238
382
383
class AvahiServiceToSyslog(AvahiService):
384
def rename(self):
385
"""Add the new name to the syslog messages"""
386
ret = AvahiService.rename(self)
387
syslogger.setFormatter(logging.Formatter
388
('Mandos ({0}) [%(process)d]:'
389
' %(levelname)s: %(message)s'
390
.format(self.name)))
391
return ret
392
393
394
def timedelta_to_milliseconds(td):
395
"Convert a datetime.timedelta() to milliseconds"
396
return ((td.days * 24 * 60 * 60 * 1000)
397
+ (td.seconds * 1000)
398
+ (td.microseconds // 1000))
399
400
239
401
class Client(object):
240
402
"""A representation of a client host served by this server.
241
403
242
404
Attributes:
243
_approved: bool(); 'None' if not yet approved/disapproved
405
approved: bool(); 'None' if not yet approved/disapproved
244
406
approval_delay: datetime.timedelta(); Time to wait for approval
245
407
approval_duration: datetime.timedelta(); Duration of one approval
246
408
checker: subprocess.Popen(); a running checker process used
247
409
to see if the client lives.
248
410
'None' if no process is running.
249
checker_callback_tag: - '' -
411
checker_callback_tag: a gobject event source tag, or None
250
412
checker_command: string; External command which is run to check
251
413
if client lives. %() expansions are done at
252
414
runtime with vars(self) as dict, so that for
253
415
instance %(name)s can be used in the command.
254
416
checker_initiator_tag: a gobject event source tag, or None
255
417
created: datetime.datetime(); (UTC) object creation
418
client_structure: Object describing what attributes a client has
419
and is used for storing the client at exit
256
420
current_checker_command: string; current running checker_command
257
disable_hook: If set, called by disable() as disable_hook(self)
258
disable_initiator_tag: - '' -
421
disable_initiator_tag: a gobject event source tag, or None
259
422
enabled: bool()
260
423
fingerprint: string (40 or 32 hexadecimal digits); used to
261
424
uniquely identify the client
262
425
host: string; available for use by the checker command
263
426
interval: datetime.timedelta(); How often to start a new checker
427
last_approval_request: datetime.datetime(); (UTC) or None
264
428
last_checked_ok: datetime.datetime(); (UTC) or None
265
last_enabled: datetime.datetime(); (UTC)
429
last_checker_status: integer between 0 and 255 reflecting exit
430
status of last checker. -1 reflects crashed
431
checker, -2 means no checker completed yet.
432
last_enabled: datetime.datetime(); (UTC) or None
266
433
name: string; from the config file, used in log messages and
267
434
D-Bus identifiers
268
435
secret: bytestring; sent verbatim (over TLS) to client
269
436
timeout: datetime.timedelta(); How long from last_checked_ok
270
437
until this client is disabled
438
extended_timeout: extra long timeout when secret has been sent
271
439
runtime_expansions: Allowed attributes for runtime expansion.
440
expires: datetime.datetime(); time (UTC) when a client will be
441
disabled, or None
272
442
"""
273
443
274
runtime_expansions = (u"approval_delay", u"approval_duration",
275
u"created", u"enabled", u"fingerprint",
276
u"host", u"interval", u"last_checked_ok",
277
u"last_enabled", u"name", u"timeout")
278
279
@staticmethod
280
def _timedelta_to_milliseconds(td):
281
"Convert a datetime.timedelta() to milliseconds"
282
return ((td.days * 24 * 60 * 60 * 1000)
283
+ (td.seconds * 1000)
284
+ (td.microseconds // 1000))
444
runtime_expansions = ("approval_delay", "approval_duration",
445
"created", "enabled", "expires",
446
"fingerprint", "host", "interval",
447
"last_approval_request", "last_checked_ok",
448
"last_enabled", "name", "timeout")
449
client_defaults = { "timeout": "5m",
450
"extended_timeout": "15m",
451
"interval": "2m",
452
"checker": "fping -q -- %%(host)s",
453
"host": "",
454
"approval_delay": "0s",
455
"approval_duration": "1s",
456
"approved_by_default": "True",
457
"enabled": "True",
458
}
285
459
286
460
def timeout_milliseconds(self):
287
461
"Return the 'timeout' attribute in milliseconds"
288
return self._timedelta_to_milliseconds(self.timeout)
462
return timedelta_to_milliseconds(self.timeout)
463
464
def extended_timeout_milliseconds(self):
465
"Return the 'extended_timeout' attribute in milliseconds"
466
return timedelta_to_milliseconds(self.extended_timeout)
289
467
290
468
def interval_milliseconds(self):
291
469
"Return the 'interval' attribute in milliseconds"
292
return self._timedelta_to_milliseconds(self.interval)
293
470
return timedelta_to_milliseconds(self.interval)
471
294
472
def approval_delay_milliseconds(self):
295
return self._timedelta_to_milliseconds(self.approval_delay)
296
297
def __init__(self, name = None, disable_hook=None, config=None):
298
"""Note: the 'checker' key in 'config' sets the
299
'checker_command' attribute and *not* the 'checker'
300
attribute."""
473
return timedelta_to_milliseconds(self.approval_delay)
474
475
@staticmethod
476
def config_parser(config):
477
"""Construct a new dict of client settings of this form:
478
{ client_name: {setting_name: value, ...}, ...}
479
with exceptions for any special settings as defined above.
480
NOTE: Must be a pure function. Must return the same result
481
value given the same arguments.
482
"""
483
settings = {}
484
for client_name in config.sections():
485
section = dict(config.items(client_name))
486
client = settings[client_name] = {}
487
488
client["host"] = section["host"]
489
# Reformat values from string types to Python types
490
client["approved_by_default"] = config.getboolean(
491
client_name, "approved_by_default")
492
client["enabled"] = config.getboolean(client_name,
493
"enabled")
494
495
client["fingerprint"] = (section["fingerprint"].upper()
496
.replace(" ", ""))
497
if "secret" in section:
498
client["secret"] = section["secret"].decode("base64")
499
elif "secfile" in section:
500
with open(os.path.expanduser(os.path.expandvars
501
(section["secfile"])),
502
"rb") as secfile:
503
client["secret"] = secfile.read()
504
else:
505
raise TypeError("No secret or secfile for section {0}"
506
.format(section))
507
client["timeout"] = string_to_delta(section["timeout"])
508
client["extended_timeout"] = string_to_delta(
509
section["extended_timeout"])
510
client["interval"] = string_to_delta(section["interval"])
511
client["approval_delay"] = string_to_delta(
512
section["approval_delay"])
513
client["approval_duration"] = string_to_delta(
514
section["approval_duration"])
515
client["checker_command"] = section["checker"]
516
client["last_approval_request"] = None
517
client["last_checked_ok"] = None
518
client["last_checker_status"] = -2
519
520
return settings
521
522
def __init__(self, settings, name = None):
301
523
self.name = name
302
if config is None:
303
config = {}
304
logger.debug(u"Creating client %r", self.name)
524
# adding all client settings
525
for setting, value in settings.iteritems():
526
setattr(self, setting, value)
527
528
if self.enabled:
529
if not hasattr(self, "last_enabled"):
530
self.last_enabled = datetime.datetime.utcnow()
531
if not hasattr(self, "expires"):
532
self.expires = (datetime.datetime.utcnow()
533
+ self.timeout)
534
else:
535
self.last_enabled = None
536
self.expires = None
537
538
logger.debug("Creating client %r", self.name)
305
539
# Uppercase and remove spaces from fingerprint for later
306
540
# comparison purposes with return value from the fingerprint()
307
541
# function
308
self.fingerprint = (config[u"fingerprint"].upper()
309
.replace(u" ", u""))
310
logger.debug(u" Fingerprint: %s", self.fingerprint)
311
if u"secret" in config:
312
self.secret = config[u"secret"].decode(u"base64")
313
elif u"secfile" in config:
314
with open(os.path.expanduser(os.path.expandvars
315
(config[u"secfile"])),
316
"rb") as secfile:
317
self.secret = secfile.read()
318
else:
319
raise TypeError(u"No secret or secfile for client %s"
320
% self.name)
321
self.host = config.get(u"host", u"")
322
self.created = datetime.datetime.utcnow()
323
self.enabled = False
324
self.last_enabled = None
325
self.last_checked_ok = None
326
self.timeout = string_to_delta(config[u"timeout"])
327
self.interval = string_to_delta(config[u"interval"])
328
self.disable_hook = disable_hook
542
logger.debug(" Fingerprint: %s", self.fingerprint)
543
self.created = settings.get("created",
544
datetime.datetime.utcnow())
545
546
# attributes specific for this server instance
329
547
self.checker = None
330
548
self.checker_initiator_tag = None
331
549
self.disable_initiator_tag = None
332
550
self.checker_callback_tag = None
333
self.checker_command = config[u"checker"]
334
551
self.current_checker_command = None
335
self.last_connect = None
336
self._approved = None
337
self.approved_by_default = config.get(u"approved_by_default",
338
True)
552
self.approved = None
339
553
self.approvals_pending = 0
340
self.approval_delay = string_to_delta(
341
config[u"approval_delay"])
342
self.approval_duration = string_to_delta(
343
config[u"approval_duration"])
344
self.changedstate = multiprocessing_manager.Condition(multiprocessing_manager.Lock())
554
self.changedstate = (multiprocessing_manager
555
.Condition(multiprocessing_manager
556
.Lock()))
557
self.client_structure = [attr for attr in
558
self.__dict__.iterkeys()
559
if not attr.startswith("_")]
560
self.client_structure.append("client_structure")
561
562
for name, t in inspect.getmembers(type(self),
563
lambda obj:
564
isinstance(obj,
565
property)):
566
if not name.startswith("_"):
567
self.client_structure.append(name)
345
568
569
# Send notice to process children that client state has changed
346
570
def send_changedstate(self):
347
self.changedstate.acquire()
348
self.changedstate.notify_all()
349
self.changedstate.release()
350
571
with self.changedstate:
572
self.changedstate.notify_all()
573
351
574
def enable(self):
352
575
"""Start this client's checker and timeout hooks"""
353
if getattr(self, u"enabled", False):
576
if getattr(self, "enabled", False):
354
577
# Already enabled
355
578
return
356
self.send_changedstate()
579
self.expires = datetime.datetime.utcnow() + self.timeout
580
self.enabled = True
357
581
self.last_enabled = datetime.datetime.utcnow()
582
self.init_checker()
583
self.send_changedstate()
584
585
def disable(self, quiet=True):
586
"""Disable this client."""
587
if not getattr(self, "enabled", False):
588
return False
589
if not quiet:
590
logger.info("Disabling client %s", self.name)
591
if getattr(self, "disable_initiator_tag", None) is not None:
592
gobject.source_remove(self.disable_initiator_tag)
593
self.disable_initiator_tag = None
594
self.expires = None
595
if getattr(self, "checker_initiator_tag", None) is not None:
596
gobject.source_remove(self.checker_initiator_tag)
597
self.checker_initiator_tag = None
598
self.stop_checker()
599
self.enabled = False
600
if not quiet:
601
self.send_changedstate()
602
# Do not run this again if called by a gobject.timeout_add
603
return False
604
605
def __del__(self):
606
self.disable()
607
608
def init_checker(self):
358
609
# Schedule a new checker to be started an 'interval' from now,
359
610
# and every interval from then on.
611
if self.checker_initiator_tag is not None:
612
gobject.source_remove(self.checker_initiator_tag)
360
613
self.checker_initiator_tag = (gobject.timeout_add
361
614
(self.interval_milliseconds(),
362
615
self.start_checker))
363
616
# Schedule a disable() when 'timeout' has passed
617
if self.disable_initiator_tag is not None:
618
gobject.source_remove(self.disable_initiator_tag)
364
619
self.disable_initiator_tag = (gobject.timeout_add
365
620
(self.timeout_milliseconds(),
366
621
self.disable))
367
self.enabled = True
368
622
# Also start a new checker *right now*.
369
623
self.start_checker()
370
624
371
def disable(self, quiet=True):
372
"""Disable this client."""
373
if not getattr(self, "enabled", False):
374
return False
375
if not quiet:
376
self.send_changedstate()
377
if not quiet:
378
logger.info(u"Disabling client %s", self.name)
379
if getattr(self, u"disable_initiator_tag", False):
380
gobject.source_remove(self.disable_initiator_tag)
381
self.disable_initiator_tag = None
382
if getattr(self, u"checker_initiator_tag", False):
383
gobject.source_remove(self.checker_initiator_tag)
384
self.checker_initiator_tag = None
385
self.stop_checker()
386
if self.disable_hook:
387
self.disable_hook(self)
388
self.enabled = False
389
# Do not run this again if called by a gobject.timeout_add
390
return False
391
392
def __del__(self):
393
self.disable_hook = None
394
self.disable()
395
396
625
def checker_callback(self, pid, condition, command):
397
626
"""The checker has completed, so take appropriate actions."""
398
627
self.checker_callback_tag = None
399
628
self.checker = None
400
629
if os.WIFEXITED(condition):
401
exitstatus = os.WEXITSTATUS(condition)
402
if exitstatus == 0:
403
logger.info(u"Checker for %(name)s succeeded",
630
self.last_checker_status = os.WEXITSTATUS(condition)
631
if self.last_checker_status == 0:
632
logger.info("Checker for %(name)s succeeded",
404
633
vars(self))
405
634
self.checked_ok()
406
635
else:
407
logger.info(u"Checker for %(name)s failed",
636
logger.info("Checker for %(name)s failed",
408
637
vars(self))
409
638
else:
410
logger.warning(u"Checker for %(name)s crashed?",
639
self.last_checker_status = -1
640
logger.warning("Checker for %(name)s crashed?",
411
641
vars(self))
412
642
413
643
def checked_ok(self):
414
"""Bump up the timeout for this client.
415
416
This should only be called when the client has been seen,
417
alive and well.
418
"""
644
"""Assert that the client has been seen, alive and well."""
419
645
self.last_checked_ok = datetime.datetime.utcnow()
420
gobject.source_remove(self.disable_initiator_tag)
421
self.disable_initiator_tag = (gobject.timeout_add
422
(self.timeout_milliseconds(),
423
self.disable))
646
self.last_checker_status = 0
647
self.bump_timeout()
648
649
def bump_timeout(self, timeout=None):
650
"""Bump up the timeout for this client."""
651
if timeout is None:
652
timeout = self.timeout
653
if self.disable_initiator_tag is not None:
654
gobject.source_remove(self.disable_initiator_tag)
655
self.disable_initiator_tag = None
656
if getattr(self, "enabled", False):
657
self.disable_initiator_tag = (gobject.timeout_add
658
(timedelta_to_milliseconds
659
(timeout), self.disable))
660
self.expires = datetime.datetime.utcnow() + timeout
661
662
def need_approval(self):
663
self.last_approval_request = datetime.datetime.utcnow()
424
664
425
665
def start_checker(self):
426
666
"""Start a new checker subprocess if one is not running.
428
668
If a checker already exists, leave it running and do
429
669
nothing."""
430
670
# The reason for not killing a running checker is that if we
431
# did that, then if a checker (for some reason) started
432
# running slowly and taking more than 'interval' time, the
433
# client would inevitably timeout, since no checker would get
434
# a chance to run to completion. If we instead leave running
671
# did that, and if a checker (for some reason) started running
672
# slowly and taking more than 'interval' time, then the client
673
# would inevitably timeout, since no checker would get a
674
# chance to run to completion. If we instead leave running
435
675
# checkers alone, the checker would have to take more time
436
676
# than 'timeout' for the client to be disabled, which is as it
437
677
# should be.
439
679
# If a checker exists, make sure it is not a zombie
440
680
try:
441
681
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
442
except (AttributeError, OSError), error:
682
except (AttributeError, OSError) as error:
443
683
if (isinstance(error, OSError)
444
684
and error.errno != errno.ECHILD):
445
685
raise error
446
686
else:
447
687
if pid:
448
logger.warning(u"Checker was a zombie")
688
logger.warning("Checker was a zombie")
449
689
gobject.source_remove(self.checker_callback_tag)
450
690
self.checker_callback(pid, status,
451
691
self.current_checker_command)
452
692
# Start a new checker if needed
453
693
if self.checker is None:
694
# Escape attributes for the shell
695
escaped_attrs = dict(
696
(attr, re.escape(unicode(getattr(self, attr))))
697
for attr in
698
self.runtime_expansions)
454
699
try:
455
# In case checker_command has exactly one % operator
456
command = self.checker_command % self.host
457
except TypeError:
458
# Escape attributes for the shell
459
escaped_attrs = dict(
460
(attr,
461
re.escape(unicode(str(getattr(self, attr, u"")),
462
errors=
463
u'replace')))
464
for attr in
465
self.runtime_expansions)
466
467
try:
468
command = self.checker_command % escaped_attrs
469
except TypeError, error:
470
logger.error(u'Could not format string "%s":'
471
u' %s', self.checker_command, error)
472
return True # Try again later
700
command = self.checker_command % escaped_attrs
701
except TypeError as error:
702
logger.error('Could not format string "%s"',
703
self.checker_command, exc_info=error)
704
return True # Try again later
473
705
self.current_checker_command = command
474
706
try:
475
logger.info(u"Starting checker %r for %s",
707
logger.info("Starting checker %r for %s",
476
708
command, self.name)
477
709
# We don't need to redirect stdout and stderr, since
478
710
# in normal mode, that is already done by daemon(),
480
712
# always replaced by /dev/null.)
481
713
self.checker = subprocess.Popen(command,
482
714
close_fds=True,
483
shell=True, cwd=u"/")
484
self.checker_callback_tag = (gobject.child_watch_add
485
(self.checker.pid,
486
self.checker_callback,
487
data=command))
488
# The checker may have completed before the gobject
489
# watch was added. Check for this.
490
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
491
if pid:
492
gobject.source_remove(self.checker_callback_tag)
493
self.checker_callback(pid, status, command)
494
except OSError, error:
495
logger.error(u"Failed to start subprocess: %s",
496
error)
715
shell=True, cwd="/")
716
except OSError as error:
717
logger.error("Failed to start subprocess",
718
exc_info=error)
719
self.checker_callback_tag = (gobject.child_watch_add
720
(self.checker.pid,
721
self.checker_callback,
722
data=command))
723
# The checker may have completed before the gobject
724
# watch was added. Check for this.
725
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
726
if pid:
727
gobject.source_remove(self.checker_callback_tag)
728
self.checker_callback(pid, status, command)
497
729
# Re-run this periodically if run by gobject.timeout_add
498
730
return True
499
731
502
734
if self.checker_callback_tag:
503
735
gobject.source_remove(self.checker_callback_tag)
504
736
self.checker_callback_tag = None
505
if getattr(self, u"checker", None) is None:
737
if getattr(self, "checker", None) is None:
506
738
return
507
logger.debug(u"Stopping checker for %(name)s", vars(self))
739
logger.debug("Stopping checker for %(name)s", vars(self))
508
740
try:
509
os.kill(self.checker.pid, signal.SIGTERM)
741
self.checker.terminate()
510
742
#time.sleep(0.5)
511
743
#if self.checker.poll() is None:
512
# os.kill(self.checker.pid, signal.SIGKILL)
513
except OSError, error:
744
# self.checker.kill()
745
except OSError as error:
514
746
if error.errno != errno.ESRCH: # No such process
515
747
raise
516
748
self.checker = None
517
749
518
def dbus_service_property(dbus_interface, signature=u"v",
519
access=u"readwrite", byte_arrays=False):
750
751
def dbus_service_property(dbus_interface, signature="v",
752
access="readwrite", byte_arrays=False):
520
753
"""Decorators for marking methods of a DBusObjectWithProperties to
521
754
become properties on the D-Bus.
522
755
529
762
"""
530
763
# Encoding deeply encoded byte arrays is not supported yet by the
531
764
# "Set" method, so we fail early here:
532
if byte_arrays and signature != u"ay":
533
raise ValueError(u"Byte arrays not supported for non-'ay'"
534
u" signature %r" % signature)
765
if byte_arrays and signature != "ay":
766
raise ValueError("Byte arrays not supported for non-'ay'"
767
" signature {0!r}".format(signature))
535
768
def decorator(func):
536
769
func._dbus_is_property = True
537
770
func._dbus_interface = dbus_interface
538
771
func._dbus_signature = signature
539
772
func._dbus_access = access
540
773
func._dbus_name = func.__name__
541
if func._dbus_name.endswith(u"_dbus_property"):
774
if func._dbus_name.endswith("_dbus_property"):
542
775
func._dbus_name = func._dbus_name[:-14]
543
func._dbus_get_args_options = {u'byte_arrays': byte_arrays }
776
func._dbus_get_args_options = {'byte_arrays': byte_arrays }
777
return func
778
return decorator
779
780
781
def dbus_interface_annotations(dbus_interface):
782
"""Decorator for marking functions returning interface annotations
783
784
Usage:
785
786
@dbus_interface_annotations("org.example.Interface")
787
def _foo(self): # Function name does not matter
788
return {"org.freedesktop.DBus.Deprecated": "true",
789
"org.freedesktop.DBus.Property.EmitsChangedSignal":
790
"false"}
791
"""
792
def decorator(func):
793
func._dbus_is_interface = True
794
func._dbus_interface = dbus_interface
795
func._dbus_name = dbus_interface
796
return func
797
return decorator
798
799
800
def dbus_annotations(annotations):
801
"""Decorator to annotate D-Bus methods, signals or properties
802
Usage:
803
804
@dbus_service_property("org.example.Interface", signature="b",
805
access="r")
806
@dbus_annotations({{"org.freedesktop.DBus.Deprecated": "true",
807
"org.freedesktop.DBus.Property."
808
"EmitsChangedSignal": "false"})
809
def Property_dbus_property(self):
810
return dbus.Boolean(False)
811
"""
812
def decorator(func):
813
func._dbus_annotations = annotations
544
814
return func
545
815
return decorator
546
816
566
836
567
837
class DBusObjectWithProperties(dbus.service.Object):
568
838
"""A D-Bus object with properties.
569
839
570
840
Classes inheriting from this can use the dbus_service_property
571
841
decorator to expose methods as D-Bus properties. It exposes the
572
842
standard Get(), Set(), and GetAll() methods on the D-Bus.
573
843
"""
574
844
575
845
@staticmethod
576
def _is_dbus_property(obj):
577
return getattr(obj, u"_dbus_is_property", False)
846
def _is_dbus_thing(thing):
847
"""Returns a function testing if an attribute is a D-Bus thing
848
849
If called like _is_dbus_thing("method") it returns a function
850
suitable for use as predicate to inspect.getmembers().
851
"""
852
return lambda obj: getattr(obj, "_dbus_is_{0}".format(thing),
853
False)
578
854
579
def _get_all_dbus_properties(self):
855
def _get_all_dbus_things(self, thing):
580
856
"""Returns a generator of (name, attribute) pairs
581
857
"""
582
return ((prop._dbus_name, prop)
583
for name, prop in
584
inspect.getmembers(self, self._is_dbus_property))
858
return ((getattr(athing.__get__(self), "_dbus_name",
859
name),
860
athing.__get__(self))
861
for cls in self.__class__.__mro__
862
for name, athing in
863
inspect.getmembers(cls,
864
self._is_dbus_thing(thing)))
585
865
586
866
def _get_dbus_property(self, interface_name, property_name):
587
867
"""Returns a bound method if one exists which is a D-Bus
588
868
property with the specified name and interface.
589
869
"""
590
for name in (property_name,
591
property_name + u"_dbus_property"):
592
prop = getattr(self, name, None)
593
if (prop is None
594
or not self._is_dbus_property(prop)
595
or prop._dbus_name != property_name
596
or (interface_name and prop._dbus_interface
597
and interface_name != prop._dbus_interface)):
598
continue
599
return prop
870
for cls in self.__class__.__mro__:
871
for name, value in (inspect.getmembers
872
(cls,
873
self._is_dbus_thing("property"))):
874
if (value._dbus_name == property_name
875
and value._dbus_interface == interface_name):
876
return value.__get__(self)
877
600
878
# No such property
601
raise DBusPropertyNotFound(self.dbus_object_path + u":"
602
+ interface_name + u"."
879
raise DBusPropertyNotFound(self.dbus_object_path + ":"
880
+ interface_name + "."
603
881
+ property_name)
604
882
605
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"ss",
606
out_signature=u"v")
883
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
884
out_signature="v")
607
885
def Get(self, interface_name, property_name):
608
886
"""Standard D-Bus property Get() method, see D-Bus standard.
609
887
"""
610
888
prop = self._get_dbus_property(interface_name, property_name)
611
if prop._dbus_access == u"write":
889
if prop._dbus_access == "write":
612
890
raise DBusPropertyAccessException(property_name)
613
891
value = prop()
614
if not hasattr(value, u"variant_level"):
892
if not hasattr(value, "variant_level"):
615
893
return value
616
894
return type(value)(value, variant_level=value.variant_level+1)
617
895
618
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"ssv")
896
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ssv")
619
897
def Set(self, interface_name, property_name, value):
620
898
"""Standard D-Bus property Set() method, see D-Bus standard.
621
899
"""
622
900
prop = self._get_dbus_property(interface_name, property_name)
623
if prop._dbus_access == u"read":
901
if prop._dbus_access == "read":
624
902
raise DBusPropertyAccessException(property_name)
625
if prop._dbus_get_args_options[u"byte_arrays"]:
903
if prop._dbus_get_args_options["byte_arrays"]:
626
904
# The byte_arrays option is not supported yet on
627
905
# signatures other than "ay".
628
if prop._dbus_signature != u"ay":
906
if prop._dbus_signature != "ay":
629
907
raise ValueError
630
value = dbus.ByteArray(''.join(unichr(byte)
631
for byte in value))
908
value = dbus.ByteArray(b''.join(chr(byte)
909
for byte in value))
632
910
prop(value)
633
911
634
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"s",
635
out_signature=u"a{sv}")
912
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
913
out_signature="a{sv}")
636
914
def GetAll(self, interface_name):
637
915
"""Standard D-Bus property GetAll() method, see D-Bus
638
916
standard.
639
917
640
918
Note: Will not include properties with access="write".
641
919
"""
642
all = {}
643
for name, prop in self._get_all_dbus_properties():
920
properties = {}
921
for name, prop in self._get_all_dbus_things("property"):
644
922
if (interface_name
645
923
and interface_name != prop._dbus_interface):
646
924
# Interface non-empty but did not match
647
925
continue
648
926
# Ignore write-only properties
649
if prop._dbus_access == u"write":
927
if prop._dbus_access == "write":
650
928
continue
651
929
value = prop()
652
if not hasattr(value, u"variant_level"):
653
all[name] = value
930
if not hasattr(value, "variant_level"):
931
properties[name] = value
654
932
continue
655
all[name] = type(value)(value, variant_level=
656
value.variant_level+1)
657
return dbus.Dictionary(all, signature=u"sv")
933
properties[name] = type(value)(value, variant_level=
934
value.variant_level+1)
935
return dbus.Dictionary(properties, signature="sv")
658
936
659
937
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
660
out_signature=u"s",
938
out_signature="s",
661
939
path_keyword='object_path',
662
940
connection_keyword='connection')
663
941
def Introspect(self, object_path, connection):
664
"""Standard D-Bus method, overloaded to insert property tags.
942
"""Overloading of standard D-Bus method.
943
944
Inserts property tags and interface annotation tags.
665
945
"""
666
946
xmlstring = dbus.service.Object.Introspect(self, object_path,
667
947
connection)
668
948
try:
669
949
document = xml.dom.minidom.parseString(xmlstring)
670
950
def make_tag(document, name, prop):
671
e = document.createElement(u"property")
672
e.setAttribute(u"name", name)
673
e.setAttribute(u"type", prop._dbus_signature)
674
e.setAttribute(u"access", prop._dbus_access)
951
e = document.createElement("property")
952
e.setAttribute("name", name)
953
e.setAttribute("type", prop._dbus_signature)
954
e.setAttribute("access", prop._dbus_access)
675
955
return e
676
for if_tag in document.getElementsByTagName(u"interface"):
956
for if_tag in document.getElementsByTagName("interface"):
957
# Add property tags
677
958
for tag in (make_tag(document, name, prop)
678
959
for name, prop
679
in self._get_all_dbus_properties()
960
in self._get_all_dbus_things("property")
680
961
if prop._dbus_interface
681
== if_tag.getAttribute(u"name")):
962
== if_tag.getAttribute("name")):
682
963
if_tag.appendChild(tag)
964
# Add annotation tags
965
for typ in ("method", "signal", "property"):
966
for tag in if_tag.getElementsByTagName(typ):
967
annots = dict()
968
for name, prop in (self.
969
_get_all_dbus_things(typ)):
970
if (name == tag.getAttribute("name")
971
and prop._dbus_interface
972
== if_tag.getAttribute("name")):
973
annots.update(getattr
974
(prop,
975
"_dbus_annotations",
976
{}))
977
for name, value in annots.iteritems():
978
ann_tag = document.createElement(
979
"annotation")
980
ann_tag.setAttribute("name", name)
981
ann_tag.setAttribute("value", value)
982
tag.appendChild(ann_tag)
983
# Add interface annotation tags
984
for annotation, value in dict(
985
itertools.chain.from_iterable(
986
annotations().iteritems()
987
for name, annotations in
988
self._get_all_dbus_things("interface")
989
if name == if_tag.getAttribute("name")
990
)).iteritems():
991
ann_tag = document.createElement("annotation")
992
ann_tag.setAttribute("name", annotation)
993
ann_tag.setAttribute("value", value)
994
if_tag.appendChild(ann_tag)
683
995
# Add the names to the return values for the
684
996
# "org.freedesktop.DBus.Properties" methods
685
if (if_tag.getAttribute(u"name")
686
== u"org.freedesktop.DBus.Properties"):
687
for cn in if_tag.getElementsByTagName(u"method"):
688
if cn.getAttribute(u"name") == u"Get":
689
for arg in cn.getElementsByTagName(u"arg"):
690
if (arg.getAttribute(u"direction")
691
== u"out"):
692
arg.setAttribute(u"name", u"value")
693
elif cn.getAttribute(u"name") == u"GetAll":
694
for arg in cn.getElementsByTagName(u"arg"):
695
if (arg.getAttribute(u"direction")
696
== u"out"):
697
arg.setAttribute(u"name", u"props")
698
xmlstring = document.toxml(u"utf-8")
997
if (if_tag.getAttribute("name")
998
== "org.freedesktop.DBus.Properties"):
999
for cn in if_tag.getElementsByTagName("method"):
1000
if cn.getAttribute("name") == "Get":
1001
for arg in cn.getElementsByTagName("arg"):
1002
if (arg.getAttribute("direction")
1003
== "out"):
1004
arg.setAttribute("name", "value")
1005
elif cn.getAttribute("name") == "GetAll":
1006
for arg in cn.getElementsByTagName("arg"):
1007
if (arg.getAttribute("direction")
1008
== "out"):
1009
arg.setAttribute("name", "props")
1010
xmlstring = document.toxml("utf-8")
699
1011
document.unlink()
700
1012
except (AttributeError, xml.dom.DOMException,
701
xml.parsers.expat.ExpatError), error:
702
logger.error(u"Failed to override Introspection method",
703
error)
1013
xml.parsers.expat.ExpatError) as error:
1014
logger.error("Failed to override Introspection method",
1015
exc_info=error)
704
1016
return xmlstring
705
1017
706
1018
1019
def datetime_to_dbus(dt, variant_level=0):
1020
"""Convert a UTC datetime.datetime() to a D-Bus type."""
1021
if dt is None:
1022
return dbus.String("", variant_level = variant_level)
1023
return dbus.String(dt.isoformat(),
1024
variant_level=variant_level)
1025
1026
1027
def alternate_dbus_interfaces(alt_interface_names, deprecate=True):
1028
"""A class decorator; applied to a subclass of
1029
dbus.service.Object, it will add alternate D-Bus attributes with
1030
interface names according to the "alt_interface_names" mapping.
1031
Usage:
1032
1033
@alternate_dbus_interfaces({"org.example.Interface":
1034
"net.example.AlternateInterface"})
1035
class SampleDBusObject(dbus.service.Object):
1036
@dbus.service.method("org.example.Interface")
1037
def SampleDBusMethod():
1038
pass
1039
1040
The above "SampleDBusMethod" on "SampleDBusObject" will be
1041
reachable via two interfaces: "org.example.Interface" and
1042
"net.example.AlternateInterface", the latter of which will have
1043
its D-Bus annotation "org.freedesktop.DBus.Deprecated" set to
1044
"true", unless "deprecate" is passed with a False value.
1045
1046
This works for methods and signals, and also for D-Bus properties
1047
(from DBusObjectWithProperties) and interfaces (from the
1048
dbus_interface_annotations decorator).
1049
"""
1050
def wrapper(cls):
1051
for orig_interface_name, alt_interface_name in (
1052
alt_interface_names.iteritems()):
1053
attr = {}
1054
interface_names = set()
1055
# Go though all attributes of the class
1056
for attrname, attribute in inspect.getmembers(cls):
1057
# Ignore non-D-Bus attributes, and D-Bus attributes
1058
# with the wrong interface name
1059
if (not hasattr(attribute, "_dbus_interface")
1060
or not attribute._dbus_interface
1061
.startswith(orig_interface_name)):
1062
continue
1063
# Create an alternate D-Bus interface name based on
1064
# the current name
1065
alt_interface = (attribute._dbus_interface
1066
.replace(orig_interface_name,
1067
alt_interface_name))
1068
interface_names.add(alt_interface)
1069
# Is this a D-Bus signal?
1070
if getattr(attribute, "_dbus_is_signal", False):
1071
# Extract the original non-method function by
1072
# black magic
1073
nonmethod_func = (dict(
1074
zip(attribute.func_code.co_freevars,
1075
attribute.__closure__))["func"]
1076
.cell_contents)
1077
# Create a new, but exactly alike, function
1078
# object, and decorate it to be a new D-Bus signal
1079
# with the alternate D-Bus interface name
1080
new_function = (dbus.service.signal
1081
(alt_interface,
1082
attribute._dbus_signature)
1083
(types.FunctionType(
1084
nonmethod_func.func_code,
1085
nonmethod_func.func_globals,
1086
nonmethod_func.func_name,
1087
nonmethod_func.func_defaults,
1088
nonmethod_func.func_closure)))
1089
# Copy annotations, if any
1090
try:
1091
new_function._dbus_annotations = (
1092
dict(attribute._dbus_annotations))
1093
except AttributeError:
1094
pass
1095
# Define a creator of a function to call both the
1096
# original and alternate functions, so both the
1097
# original and alternate signals gets sent when
1098
# the function is called
1099
def fixscope(func1, func2):
1100
"""This function is a scope container to pass
1101
func1 and func2 to the "call_both" function
1102
outside of its arguments"""
1103
def call_both(*args, **kwargs):
1104
"""This function will emit two D-Bus
1105
signals by calling func1 and func2"""
1106
func1(*args, **kwargs)
1107
func2(*args, **kwargs)
1108
return call_both
1109
# Create the "call_both" function and add it to
1110
# the class
1111
attr[attrname] = fixscope(attribute, new_function)
1112
# Is this a D-Bus method?
1113
elif getattr(attribute, "_dbus_is_method", False):
1114
# Create a new, but exactly alike, function
1115
# object. Decorate it to be a new D-Bus method
1116
# with the alternate D-Bus interface name. Add it
1117
# to the class.
1118
attr[attrname] = (dbus.service.method
1119
(alt_interface,
1120
attribute._dbus_in_signature,
1121
attribute._dbus_out_signature)
1122
(types.FunctionType
1123
(attribute.func_code,
1124
attribute.func_globals,
1125
attribute.func_name,
1126
attribute.func_defaults,
1127
attribute.func_closure)))
1128
# Copy annotations, if any
1129
try:
1130
attr[attrname]._dbus_annotations = (
1131
dict(attribute._dbus_annotations))
1132
except AttributeError:
1133
pass
1134
# Is this a D-Bus property?
1135
elif getattr(attribute, "_dbus_is_property", False):
1136
# Create a new, but exactly alike, function
1137
# object, and decorate it to be a new D-Bus
1138
# property with the alternate D-Bus interface
1139
# name. Add it to the class.
1140
attr[attrname] = (dbus_service_property
1141
(alt_interface,
1142
attribute._dbus_signature,
1143
attribute._dbus_access,
1144
attribute
1145
._dbus_get_args_options
1146
["byte_arrays"])
1147
(types.FunctionType
1148
(attribute.func_code,
1149
attribute.func_globals,
1150
attribute.func_name,
1151
attribute.func_defaults,
1152
attribute.func_closure)))
1153
# Copy annotations, if any
1154
try:
1155
attr[attrname]._dbus_annotations = (
1156
dict(attribute._dbus_annotations))
1157
except AttributeError:
1158
pass
1159
# Is this a D-Bus interface?
1160
elif getattr(attribute, "_dbus_is_interface", False):
1161
# Create a new, but exactly alike, function
1162
# object. Decorate it to be a new D-Bus interface
1163
# with the alternate D-Bus interface name. Add it
1164
# to the class.
1165
attr[attrname] = (dbus_interface_annotations
1166
(alt_interface)
1167
(types.FunctionType
1168
(attribute.func_code,
1169
attribute.func_globals,
1170
attribute.func_name,
1171
attribute.func_defaults,
1172
attribute.func_closure)))
1173
if deprecate:
1174
# Deprecate all alternate interfaces
1175
iname="_AlternateDBusNames_interface_annotation{0}"
1176
for interface_name in interface_names:
1177
@dbus_interface_annotations(interface_name)
1178
def func(self):
1179
return { "org.freedesktop.DBus.Deprecated":
1180
"true" }
1181
# Find an unused name
1182
for aname in (iname.format(i)
1183
for i in itertools.count()):
1184
if aname not in attr:
1185
attr[aname] = func
1186
break
1187
if interface_names:
1188
# Replace the class with a new subclass of it with
1189
# methods, signals, etc. as created above.
1190
cls = type(b"{0}Alternate".format(cls.__name__),
1191
(cls,), attr)
1192
return cls
1193
return wrapper
1194
1195
1196
@alternate_dbus_interfaces({"se.recompile.Mandos":
1197
"se.bsnet.fukt.Mandos"})
707
1198
class ClientDBus(Client, DBusObjectWithProperties):
708
1199
"""A Client class using D-Bus
709
1200
713
1204
"""
714
1205
715
1206
runtime_expansions = (Client.runtime_expansions
716
+ (u"dbus_object_path",))
1207
+ ("dbus_object_path",))
717
1208
718
1209
# dbus.service.Object doesn't use super(), so we can't either.
719
1210
720
1211
def __init__(self, bus = None, *args, **kwargs):
721
self._approvals_pending = 0
722
1212
self.bus = bus
723
1213
Client.__init__(self, *args, **kwargs)
724
1214
# Only now, when this client is initialized, can it show up on
725
1215
# the D-Bus
1216
client_object_name = unicode(self.name).translate(
1217
{ord("."): ord("_"),
1218
ord("-"): ord("_")})
726
1219
self.dbus_object_path = (dbus.ObjectPath
727
(u"/clients/"
728
+ self.name.replace(u".", u"_")))
1220
("/clients/" + client_object_name))
729
1221
DBusObjectWithProperties.__init__(self, self.bus,
730
1222
self.dbus_object_path)
731
732
def _get_approvals_pending(self):
733
return self._approvals_pending
734
def _set_approvals_pending(self, value):
735
old_value = self._approvals_pending
736
self._approvals_pending = value
737
bval = bool(value)
738
if (hasattr(self, "dbus_object_path")
739
and bval is not bool(old_value)):
740
dbus_bool = dbus.Boolean(bval, variant_level=1)
741
self.PropertyChanged(dbus.String(u"ApprovalPending"),
742
dbus_bool)
743
744
approvals_pending = property(_get_approvals_pending,
745
_set_approvals_pending)
746
del _get_approvals_pending, _set_approvals_pending
747
748
@staticmethod
749
def _datetime_to_dbus(dt, variant_level=0):
750
"""Convert a UTC datetime.datetime() to a D-Bus type."""
751
return dbus.String(dt.isoformat(),
752
variant_level=variant_level)
753
754
def enable(self):
755
oldstate = getattr(self, u"enabled", False)
756
r = Client.enable(self)
757
if oldstate != self.enabled:
758
# Emit D-Bus signals
759
self.PropertyChanged(dbus.String(u"Enabled"),
760
dbus.Boolean(True, variant_level=1))
761
self.PropertyChanged(
762
dbus.String(u"LastEnabled"),
763
self._datetime_to_dbus(self.last_enabled,
764
variant_level=1))
765
return r
766
767
def disable(self, quiet = False):
768
oldstate = getattr(self, u"enabled", False)
769
r = Client.disable(self, quiet=quiet)
770
if not quiet and oldstate != self.enabled:
771
# Emit D-Bus signal
772
self.PropertyChanged(dbus.String(u"Enabled"),
773
dbus.Boolean(False, variant_level=1))
774
return r
1223
1224
def notifychangeproperty(transform_func,
1225
dbus_name, type_func=lambda x: x,
1226
variant_level=1):
1227
""" Modify a variable so that it's a property which announces
1228
its changes to DBus.
1229
1230
transform_fun: Function that takes a value and a variant_level
1231
and transforms it to a D-Bus type.
1232
dbus_name: D-Bus name of the variable
1233
type_func: Function that transform the value before sending it
1234
to the D-Bus. Default: no transform
1235
variant_level: D-Bus variant level. Default: 1
1236
"""
1237
attrname = "_{0}".format(dbus_name)
1238
def setter(self, value):
1239
if hasattr(self, "dbus_object_path"):
1240
if (not hasattr(self, attrname) or
1241
type_func(getattr(self, attrname, None))
1242
!= type_func(value)):
1243
dbus_value = transform_func(type_func(value),
1244
variant_level
1245
=variant_level)
1246
self.PropertyChanged(dbus.String(dbus_name),
1247
dbus_value)
1248
setattr(self, attrname, value)
1249
1250
return property(lambda self: getattr(self, attrname), setter)
1251
1252
expires = notifychangeproperty(datetime_to_dbus, "Expires")
1253
approvals_pending = notifychangeproperty(dbus.Boolean,
1254
"ApprovalPending",
1255
type_func = bool)
1256
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
1257
last_enabled = notifychangeproperty(datetime_to_dbus,
1258
"LastEnabled")
1259
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
1260
type_func = lambda checker:
1261
checker is not None)
1262
last_checked_ok = notifychangeproperty(datetime_to_dbus,
1263
"LastCheckedOK")
1264
last_checker_status = notifychangeproperty(dbus.Int16,
1265
"LastCheckerStatus")
1266
last_approval_request = notifychangeproperty(
1267
datetime_to_dbus, "LastApprovalRequest")
1268
approved_by_default = notifychangeproperty(dbus.Boolean,
1269
"ApprovedByDefault")
1270
approval_delay = notifychangeproperty(dbus.UInt64,
1271
"ApprovalDelay",
1272
type_func =
1273
timedelta_to_milliseconds)
1274
approval_duration = notifychangeproperty(
1275
dbus.UInt64, "ApprovalDuration",
1276
type_func = timedelta_to_milliseconds)
1277
host = notifychangeproperty(dbus.String, "Host")
1278
timeout = notifychangeproperty(dbus.UInt64, "Timeout",
1279
type_func =
1280
timedelta_to_milliseconds)
1281
extended_timeout = notifychangeproperty(
1282
dbus.UInt64, "ExtendedTimeout",
1283
type_func = timedelta_to_milliseconds)
1284
interval = notifychangeproperty(dbus.UInt64,
1285
"Interval",
1286
type_func =
1287
timedelta_to_milliseconds)
1288
checker_command = notifychangeproperty(dbus.String, "Checker")
1289
1290
del notifychangeproperty
775
1291
776
1292
def __del__(self, *args, **kwargs):
777
1293
try:
778
1294
self.remove_from_connection()
779
1295
except LookupError:
780
1296
pass
781
if hasattr(DBusObjectWithProperties, u"__del__"):
1297
if hasattr(DBusObjectWithProperties, "__del__"):
782
1298
DBusObjectWithProperties.__del__(self, *args, **kwargs)
783
1299
Client.__del__(self, *args, **kwargs)
784
1300
786
1302
*args, **kwargs):
787
1303
self.checker_callback_tag = None
788
1304
self.checker = None
789
# Emit D-Bus signal
790
self.PropertyChanged(dbus.String(u"CheckerRunning"),
791
dbus.Boolean(False, variant_level=1))
792
1305
if os.WIFEXITED(condition):
793
1306
exitstatus = os.WEXITSTATUS(condition)
794
1307
# Emit D-Bus signal
804
1317
return Client.checker_callback(self, pid, condition, command,
805
1318
*args, **kwargs)
806
1319
807
def checked_ok(self, *args, **kwargs):
808
r = Client.checked_ok(self, *args, **kwargs)
809
# Emit D-Bus signal
810
self.PropertyChanged(
811
dbus.String(u"LastCheckedOK"),
812
(self._datetime_to_dbus(self.last_checked_ok,
813
variant_level=1)))
814
return r
815
816
1320
def start_checker(self, *args, **kwargs):
817
1321
old_checker = self.checker
818
1322
if self.checker is not None:
825
1329
and old_checker_pid != self.checker.pid):
826
1330
# Emit D-Bus signal
827
1331
self.CheckerStarted(self.current_checker_command)
828
self.PropertyChanged(
829
dbus.String(u"CheckerRunning"),
830
dbus.Boolean(True, variant_level=1))
831
1332
return r
832
1333
833
def stop_checker(self, *args, **kwargs):
834
old_checker = getattr(self, u"checker", None)
835
r = Client.stop_checker(self, *args, **kwargs)
836
if (old_checker is not None
837
and getattr(self, u"checker", None) is None):
838
self.PropertyChanged(dbus.String(u"CheckerRunning"),
839
dbus.Boolean(False, variant_level=1))
840
return r
841
842
1334
def _reset_approved(self):
843
self._approved = None
1335
self.approved = None
844
1336
return False
845
1337
846
1338
def approve(self, value=True):
847
self.send_changedstate()
848
self._approved = value
849
gobject.timeout_add(self._timedelta_to_milliseconds
1339
self.approved = value
1340
gobject.timeout_add(timedelta_to_milliseconds
850
1341
(self.approval_duration),
851
1342
self._reset_approved)
852
1343
self.send_changedstate()
853
1344
854
1345
## D-Bus methods, signals & properties
855
_interface = u"se.bsnet.fukt.Mandos.Client"
1346
_interface = "se.recompile.Mandos.Client"
1347
1348
## Interfaces
1349
1350
@dbus_interface_annotations(_interface)
1351
def _foo(self):
1352
return { "org.freedesktop.DBus.Property.EmitsChangedSignal":
1353
"false"}
856
1354
857
1355
## Signals
858
1356
859
1357
# CheckerCompleted - signal
860
@dbus.service.signal(_interface, signature=u"nxs")
1358
@dbus.service.signal(_interface, signature="nxs")
861
1359
def CheckerCompleted(self, exitcode, waitstatus, command):
862
1360
"D-Bus signal"
863
1361
pass
864
1362
865
1363
# CheckerStarted - signal
866
@dbus.service.signal(_interface, signature=u"s")
1364
@dbus.service.signal(_interface, signature="s")
867
1365
def CheckerStarted(self, command):
868
1366
"D-Bus signal"
869
1367
pass
870
1368
871
1369
# PropertyChanged - signal
872
@dbus.service.signal(_interface, signature=u"sv")
1370
@dbus.service.signal(_interface, signature="sv")
873
1371
def PropertyChanged(self, property, value):
874
1372
"D-Bus signal"
875
1373
pass
884
1382
pass
885
1383
886
1384
# Rejected - signal
887
@dbus.service.signal(_interface, signature=u"s")
1385
@dbus.service.signal(_interface, signature="s")
888
1386
def Rejected(self, reason):
889
1387
"D-Bus signal"
890
1388
pass
891
1389
892
1390
# NeedApproval - signal
893
@dbus.service.signal(_interface, signature=u"tb")
1391
@dbus.service.signal(_interface, signature="tb")
894
1392
def NeedApproval(self, timeout, default):
895
1393
"D-Bus signal"
896
pass
1394
return self.need_approval()
897
1395
898
1396
## Methods
899
1397
900
1398
# Approve - method
901
@dbus.service.method(_interface, in_signature=u"b")
1399
@dbus.service.method(_interface, in_signature="b")
902
1400
def Approve(self, value):
903
1401
self.approve(value)
904
1402
905
1403
# CheckedOK - method
906
1404
@dbus.service.method(_interface)
907
1405
def CheckedOK(self):
908
return self.checked_ok()
1406
self.checked_ok()
909
1407
910
1408
# Enable - method
911
1409
@dbus.service.method(_interface)
933
1431
## Properties
934
1432
935
1433
# ApprovalPending - property
936
@dbus_service_property(_interface, signature=u"b", access=u"read")
1434
@dbus_service_property(_interface, signature="b", access="read")
937
1435
def ApprovalPending_dbus_property(self):
938
1436
return dbus.Boolean(bool(self.approvals_pending))
939
1437
940
1438
# ApprovedByDefault - property
941
@dbus_service_property(_interface, signature=u"b",
942
access=u"readwrite")
1439
@dbus_service_property(_interface, signature="b",
1440
access="readwrite")
943
1441
def ApprovedByDefault_dbus_property(self, value=None):
944
1442
if value is None: # get
945
1443
return dbus.Boolean(self.approved_by_default)
946
1444
self.approved_by_default = bool(value)
947
# Emit D-Bus signal
948
self.PropertyChanged(dbus.String(u"ApprovedByDefault"),
949
dbus.Boolean(value, variant_level=1))
950
1445
951
1446
# ApprovalDelay - property
952
@dbus_service_property(_interface, signature=u"t",
953
access=u"readwrite")
1447
@dbus_service_property(_interface, signature="t",
1448
access="readwrite")
954
1449
def ApprovalDelay_dbus_property(self, value=None):
955
1450
if value is None: # get
956
1451
return dbus.UInt64(self.approval_delay_milliseconds())
957
1452
self.approval_delay = datetime.timedelta(0, 0, 0, value)
958
# Emit D-Bus signal
959
self.PropertyChanged(dbus.String(u"ApprovalDelay"),
960
dbus.UInt64(value, variant_level=1))
961
1453
962
1454
# ApprovalDuration - property
963
@dbus_service_property(_interface, signature=u"t",
964
access=u"readwrite")
1455
@dbus_service_property(_interface, signature="t",
1456
access="readwrite")
965
1457
def ApprovalDuration_dbus_property(self, value=None):
966
1458
if value is None: # get
967
return dbus.UInt64(self._timedelta_to_milliseconds(
1459
return dbus.UInt64(timedelta_to_milliseconds(
968
1460
self.approval_duration))
969
1461
self.approval_duration = datetime.timedelta(0, 0, 0, value)
970
# Emit D-Bus signal
971
self.PropertyChanged(dbus.String(u"ApprovalDuration"),
972
dbus.UInt64(value, variant_level=1))
973
1462
974
1463
# Name - property
975
@dbus_service_property(_interface, signature=u"s", access=u"read")
1464
@dbus_service_property(_interface, signature="s", access="read")
976
1465
def Name_dbus_property(self):
977
1466
return dbus.String(self.name)
978
1467
979
1468
# Fingerprint - property
980
@dbus_service_property(_interface, signature=u"s", access=u"read")
1469
@dbus_service_property(_interface, signature="s", access="read")
981
1470
def Fingerprint_dbus_property(self):
982
1471
return dbus.String(self.fingerprint)
983
1472
984
1473
# Host - property
985
@dbus_service_property(_interface, signature=u"s",
986
access=u"readwrite")
1474
@dbus_service_property(_interface, signature="s",
1475
access="readwrite")
987
1476
def Host_dbus_property(self, value=None):
988
1477
if value is None: # get
989
1478
return dbus.String(self.host)
990
self.host = value
991
# Emit D-Bus signal
992
self.PropertyChanged(dbus.String(u"Host"),
993
dbus.String(value, variant_level=1))
1479
self.host = unicode(value)
994
1480
995
1481
# Created - property
996
@dbus_service_property(_interface, signature=u"s", access=u"read")
1482
@dbus_service_property(_interface, signature="s", access="read")
997
1483
def Created_dbus_property(self):
998
return dbus.String(self._datetime_to_dbus(self.created))
1484
return datetime_to_dbus(self.created)
999
1485
1000
1486
# LastEnabled - property
1001
@dbus_service_property(_interface, signature=u"s", access=u"read")
1487
@dbus_service_property(_interface, signature="s", access="read")
1002
1488
def LastEnabled_dbus_property(self):
1003
if self.last_enabled is None:
1004
return dbus.String(u"")
1005
return dbus.String(self._datetime_to_dbus(self.last_enabled))
1489
return datetime_to_dbus(self.last_enabled)
1006
1490
1007
1491
# Enabled - property
1008
@dbus_service_property(_interface, signature=u"b",
1009
access=u"readwrite")
1492
@dbus_service_property(_interface, signature="b",
1493
access="readwrite")
1010
1494
def Enabled_dbus_property(self, value=None):
1011
1495
if value is None: # get
1012
1496
return dbus.Boolean(self.enabled)
1016
1500
self.disable()
1017
1501
1018
1502
# LastCheckedOK - property
1019
@dbus_service_property(_interface, signature=u"s",
1020
access=u"readwrite")
1503
@dbus_service_property(_interface, signature="s",
1504
access="readwrite")
1021
1505
def LastCheckedOK_dbus_property(self, value=None):
1022
1506
if value is not None:
1023
1507
self.checked_ok()
1024
1508
return
1025
if self.last_checked_ok is None:
1026
return dbus.String(u"")
1027
return dbus.String(self._datetime_to_dbus(self
1028
.last_checked_ok))
1509
return datetime_to_dbus(self.last_checked_ok)
1510
1511
# LastCheckerStatus - property
1512
@dbus_service_property(_interface, signature="n",
1513
access="read")
1514
def LastCheckerStatus_dbus_property(self):
1515
return dbus.Int16(self.last_checker_status)
1516
1517
# Expires - property
1518
@dbus_service_property(_interface, signature="s", access="read")
1519
def Expires_dbus_property(self):
1520
return datetime_to_dbus(self.expires)
1521
1522
# LastApprovalRequest - property
1523
@dbus_service_property(_interface, signature="s", access="read")
1524
def LastApprovalRequest_dbus_property(self):
1525
return datetime_to_dbus(self.last_approval_request)
1029
1526
1030
1527
# Timeout - property
1031
@dbus_service_property(_interface, signature=u"t",
1032
access=u"readwrite")
1528
@dbus_service_property(_interface, signature="t",
1529
access="readwrite")
1033
1530
def Timeout_dbus_property(self, value=None):
1034
1531
if value is None: # get
1035
1532
return dbus.UInt64(self.timeout_milliseconds())
1533
old_timeout = self.timeout
1036
1534
self.timeout = datetime.timedelta(0, 0, 0, value)
1037
# Emit D-Bus signal
1038
self.PropertyChanged(dbus.String(u"Timeout"),
1039
dbus.UInt64(value, variant_level=1))
1040
if getattr(self, u"disable_initiator_tag", None) is None:
1041
return
1042
# Reschedule timeout
1043
gobject.source_remove(self.disable_initiator_tag)
1044
self.disable_initiator_tag = None
1045
time_to_die = (self.
1046
_timedelta_to_milliseconds((self
1047
.last_checked_ok
1048
+ self.timeout)
1049
- datetime.datetime
1050
.utcnow()))
1051
if time_to_die <= 0:
1052
# The timeout has passed
1053
self.disable()
1054
else:
1055
self.disable_initiator_tag = (gobject.timeout_add
1056
(time_to_die, self.disable))
1535
# Reschedule disabling
1536
if self.enabled:
1537
now = datetime.datetime.utcnow()
1538
self.expires += self.timeout - old_timeout
1539
if self.expires <= now:
1540
# The timeout has passed
1541
self.disable()
1542
else:
1543
if (getattr(self, "disable_initiator_tag", None)
1544
is None):
1545
return
1546
gobject.source_remove(self.disable_initiator_tag)
1547
self.disable_initiator_tag = (
1548
gobject.timeout_add(
1549
timedelta_to_milliseconds(self.expires - now),
1550
self.disable))
1551
1552
# ExtendedTimeout - property
1553
@dbus_service_property(_interface, signature="t",
1554
access="readwrite")
1555
def ExtendedTimeout_dbus_property(self, value=None):
1556
if value is None: # get
1557
return dbus.UInt64(self.extended_timeout_milliseconds())
1558
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1057
1559
1058
1560
# Interval - property
1059
@dbus_service_property(_interface, signature=u"t",
1060
access=u"readwrite")
1561
@dbus_service_property(_interface, signature="t",
1562
access="readwrite")
1061
1563
def Interval_dbus_property(self, value=None):
1062
1564
if value is None: # get
1063
1565
return dbus.UInt64(self.interval_milliseconds())
1064
1566
self.interval = datetime.timedelta(0, 0, 0, value)
1065
# Emit D-Bus signal
1066
self.PropertyChanged(dbus.String(u"Interval"),
1067
dbus.UInt64(value, variant_level=1))
1068
if getattr(self, u"checker_initiator_tag", None) is None:
1567
if getattr(self, "checker_initiator_tag", None) is None:
1069
1568
return
1070
# Reschedule checker run
1071
gobject.source_remove(self.checker_initiator_tag)
1072
self.checker_initiator_tag = (gobject.timeout_add
1073
(value, self.start_checker))
1074
self.start_checker() # Start one now, too
1075
1569
if self.enabled:
1570
# Reschedule checker run
1571
gobject.source_remove(self.checker_initiator_tag)
1572
self.checker_initiator_tag = (gobject.timeout_add
1573
(value, self.start_checker))
1574
self.start_checker() # Start one now, too
1575
1076
1576
# Checker - property
1077
@dbus_service_property(_interface, signature=u"s",
1078
access=u"readwrite")
1577
@dbus_service_property(_interface, signature="s",
1578
access="readwrite")
1079
1579
def Checker_dbus_property(self, value=None):
1080
1580
if value is None: # get
1081
1581
return dbus.String(self.checker_command)
1082
self.checker_command = value
1083
# Emit D-Bus signal
1084
self.PropertyChanged(dbus.String(u"Checker"),
1085
dbus.String(self.checker_command,
1086
variant_level=1))
1582
self.checker_command = unicode(value)
1087
1583
1088
1584
# CheckerRunning - property
1089
@dbus_service_property(_interface, signature=u"b",
1090
access=u"readwrite")
1585
@dbus_service_property(_interface, signature="b",
1586
access="readwrite")
1091
1587
def CheckerRunning_dbus_property(self, value=None):
1092
1588
if value is None: # get
1093
1589
return dbus.Boolean(self.checker is not None)
1097
1593
self.stop_checker()
1098
1594
1099
1595
# ObjectPath - property
1100
@dbus_service_property(_interface, signature=u"o", access=u"read")
1596
@dbus_service_property(_interface, signature="o", access="read")
1101
1597
def ObjectPath_dbus_property(self):
1102
1598
return self.dbus_object_path # is already a dbus.ObjectPath
1103
1599
1104
1600
# Secret = property
1105
@dbus_service_property(_interface, signature=u"ay",
1106
access=u"write", byte_arrays=True)
1601
@dbus_service_property(_interface, signature="ay",
1602
access="write", byte_arrays=True)
1107
1603
def Secret_dbus_property(self, value):
1108
1604
self.secret = str(value)
1109
1605
1116
1612
self._pipe.send(('init', fpr, address))
1117
1613
if not self._pipe.recv():
1118
1614
raise KeyError()
1119
1615
1120
1616
def __getattribute__(self, name):
1121
if(name == '_pipe'):
1617
if name == '_pipe':
1122
1618
return super(ProxyClient, self).__getattribute__(name)
1123
1619
self._pipe.send(('getattr', name))
1124
1620
data = self._pipe.recv()
1129
1625
self._pipe.send(('funcall', name, args, kwargs))
1130
1626
return self._pipe.recv()[1]
1131
1627
return func
1132
1628
1133
1629
def __setattr__(self, name, value):
1134
if(name == '_pipe'):
1630
if name == '_pipe':
1135
1631
return super(ProxyClient, self).__setattr__(name, value)
1136
1632
self._pipe.send(('setattr', name, value))
1137
1633
1144
1640
1145
1641
def handle(self):
1146
1642
with contextlib.closing(self.server.child_pipe) as child_pipe:
1147
logger.info(u"TCP connection from: %s",
1643
logger.info("TCP connection from: %s",
1148
1644
unicode(self.client_address))
1149
logger.debug(u"Pipe FD: %d",
1645
logger.debug("Pipe FD: %d",
1150
1646
self.server.child_pipe.fileno())
1151
1647
1152
1648
session = (gnutls.connection
1153
1649
.ClientSession(self.request,
1154
1650
gnutls.connection
1155
1651
.X509Credentials()))
1156
1652
1157
1653
# Note: gnutls.connection.X509Credentials is really a
1158
1654
# generic GnuTLS certificate credentials object so long as
1159
1655
# no X.509 keys are added to it. Therefore, we can use it
1160
1656
# here despite using OpenPGP certificates.
1161
1162
#priority = u':'.join((u"NONE", u"+VERS-TLS1.1",
1163
# u"+AES-256-CBC", u"+SHA1",
1164
# u"+COMP-NULL", u"+CTYPE-OPENPGP",
1165
# u"+DHE-DSS"))
1657
1658
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
1659
# "+AES-256-CBC", "+SHA1",
1660
# "+COMP-NULL", "+CTYPE-OPENPGP",
1661
# "+DHE-DSS"))
1166
1662
# Use a fallback default, since this MUST be set.
1167
1663
priority = self.server.gnutls_priority
1168
1664
if priority is None:
1169
priority = u"NORMAL"
1665
priority = "NORMAL"
1170
1666
(gnutls.library.functions
1171
1667
.gnutls_priority_set_direct(session._c_object,
1172
1668
priority, None))
1173
1669
1174
1670
# Start communication using the Mandos protocol
1175
1671
# Get protocol number
1176
1672
line = self.request.makefile().readline()
1177
logger.debug(u"Protocol version: %r", line)
1673
logger.debug("Protocol version: %r", line)
1178
1674
try:
1179
1675
if int(line.strip().split()[0]) > 1:
1180
1676
raise RuntimeError
1181
except (ValueError, IndexError, RuntimeError), error:
1182
logger.error(u"Unknown protocol version: %s", error)
1677
except (ValueError, IndexError, RuntimeError) as error:
1678
logger.error("Unknown protocol version: %s", error)
1183
1679
return
1184
1680
1185
1681
# Start GnuTLS connection
1186
1682
try:
1187
1683
session.handshake()
1188
except gnutls.errors.GNUTLSError, error:
1189
logger.warning(u"Handshake failed: %s", error)
1684
except gnutls.errors.GNUTLSError as error:
1685
logger.warning("Handshake failed: %s", error)
1190
1686
# Do not run session.bye() here: the session is not
1191
1687
# established. Just abandon the request.
1192
1688
return
1193
logger.debug(u"Handshake succeeded")
1194
1689
logger.debug("Handshake succeeded")
1690
1195
1691
approval_required = False
1196
1692
try:
1197
1693
try:
1198
1694
fpr = self.fingerprint(self.peer_certificate
1199
1695
(session))
1200
except (TypeError, gnutls.errors.GNUTLSError), error:
1201
logger.warning(u"Bad certificate: %s", error)
1696
except (TypeError,
1697
gnutls.errors.GNUTLSError) as error:
1698
logger.warning("Bad certificate: %s", error)
1202
1699
return
1203
logger.debug(u"Fingerprint: %s", fpr)
1204
1700
logger.debug("Fingerprint: %s", fpr)
1701
1205
1702
try:
1206
1703
client = ProxyClient(child_pipe, fpr,
1207
1704
self.client_address)
1215
1712
1216
1713
while True:
1217
1714
if not client.enabled:
1218
logger.warning(u"Client %s is disabled",
1715
logger.info("Client %s is disabled",
1219
1716
client.name)
1220
1717
if self.server.use_dbus:
1221
1718
# Emit D-Bus signal
1222
client.Rejected("Disabled")
1719
client.Rejected("Disabled")
1223
1720
return
1224
1721
1225
if client._approved or not client.approval_delay:
1722
if client.approved or not client.approval_delay:
1226
1723
#We are approved or approval is disabled
1227
1724
break
1228
elif client._approved is None:
1229
logger.info(u"Client %s needs approval",
1725
elif client.approved is None:
1726
logger.info("Client %s needs approval",
1230
1727
client.name)
1231
1728
if self.server.use_dbus:
1232
1729
# Emit D-Bus signal
1234
1731
client.approval_delay_milliseconds(),
1235
1732
client.approved_by_default)
1236
1733
else:
1237
logger.warning(u"Client %s was not approved",
1734
logger.warning("Client %s was not approved",
1238
1735
client.name)
1239
1736
if self.server.use_dbus:
1240
1737
# Emit D-Bus signal
1242
1739
return
1243
1740
1244
1741
#wait until timeout or approved
1245
#x = float(client._timedelta_to_milliseconds(delay))
1246
1742
time = datetime.datetime.now()
1247
1743
client.changedstate.acquire()
1248
client.changedstate.wait(float(client._timedelta_to_milliseconds(delay) / 1000))
1744
client.changedstate.wait(
1745
float(timedelta_to_milliseconds(delay)
1746
/ 1000))
1249
1747
client.changedstate.release()
1250
1748
time2 = datetime.datetime.now()
1251
1749
if (time2 - time) >= delay:
1266
1764
while sent_size < len(client.secret):
1267
1765
try:
1268
1766
sent = session.send(client.secret[sent_size:])
1269
except (gnutls.errors.GNUTLSError), error:
1270
logger.warning("gnutls send failed")
1767
except gnutls.errors.GNUTLSError as error:
1768
logger.warning("gnutls send failed",
1769
exc_info=error)
1271
1770
return
1272
logger.debug(u"Sent: %d, remaining: %d",
1771
logger.debug("Sent: %d, remaining: %d",
1273
1772
sent, len(client.secret)
1274
1773
- (sent_size + sent))
1275
1774
sent_size += sent
1276
1277
logger.info(u"Sending secret to %s", client.name)
1278
# bump the timeout as if seen
1279
client.checked_ok()
1775
1776
logger.info("Sending secret to %s", client.name)
1777
# bump the timeout using extended_timeout
1778
client.bump_timeout(client.extended_timeout)
1280
1779
if self.server.use_dbus:
1281
1780
# Emit D-Bus signal
1282
1781
client.GotSecret()
1286
1785
client.approvals_pending -= 1
1287
1786
try:
1288
1787
session.bye()
1289
except (gnutls.errors.GNUTLSError), error:
1290
logger.warning("GnuTLS bye failed")
1788
except gnutls.errors.GNUTLSError as error:
1789
logger.warning("GnuTLS bye failed",
1790
exc_info=error)
1291
1791
1292
1792
@staticmethod
1293
1793
def peer_certificate(session):
1303
1803
.gnutls_certificate_get_peers
1304
1804
(session._c_object, ctypes.byref(list_size)))
1305
1805
if not bool(cert_list) and list_size.value != 0:
1306
raise gnutls.errors.GNUTLSError(u"error getting peer"
1307
u" certificate")
1806
raise gnutls.errors.GNUTLSError("error getting peer"
1807
" certificate")
1308
1808
if list_size.value == 0:
1309
1809
return None
1310
1810
cert = cert_list[0]
1336
1836
if crtverify.value != 0:
1337
1837
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1338
1838
raise (gnutls.errors.CertificateSecurityError
1339
(u"Verify failed"))
1839
("Verify failed"))
1340
1840
# New buffer for the fingerprint
1341
1841
buf = ctypes.create_string_buffer(20)
1342
1842
buf_len = ctypes.c_size_t()
1349
1849
# Convert the buffer to a Python bytestring
1350
1850
fpr = ctypes.string_at(buf, buf_len.value)
1351
1851
# Convert the bytestring to hexadecimal notation
1352
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
1852
hex_fpr = binascii.hexlify(fpr).upper()
1353
1853
return hex_fpr
1354
1854
1355
1855
1358
1858
def sub_process_main(self, request, address):
1359
1859
try:
1360
1860
self.finish_request(request, address)
1361
except:
1861
except Exception:
1362
1862
self.handle_error(request, address)
1363
1863
self.close_request(request)
1364
1864
1365
1865
def process_request(self, request, address):
1366
1866
"""Start a new process to process the request."""
1367
multiprocessing.Process(target = self.sub_process_main,
1368
args = (request, address)).start()
1867
proc = multiprocessing.Process(target = self.sub_process_main,
1868
args = (request, address))
1869
proc.start()
1870
return proc
1871
1369
1872
1370
1873
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
1371
1874
""" adds a pipe to the MixIn """
1375
1878
This function creates a new pipe in self.pipe
1376
1879
"""
1377
1880
parent_pipe, self.child_pipe = multiprocessing.Pipe()
1378
1379
super(MultiprocessingMixInWithPipe,
1380
self).process_request(request, client_address)
1881
1882
proc = MultiprocessingMixIn.process_request(self, request,
1883
client_address)
1381
1884
self.child_pipe.close()
1382
self.add_pipe(parent_pipe)
1383
1384
def add_pipe(self, parent_pipe):
1885
self.add_pipe(parent_pipe, proc)
1886
1887
def add_pipe(self, parent_pipe, proc):
1385
1888
"""Dummy function; override as necessary"""
1386
pass
1889
raise NotImplementedError
1890
1387
1891
1388
1892
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
1389
1893
socketserver.TCPServer, object):
1395
1899
use_ipv6: Boolean; to use IPv6 or not
1396
1900
"""
1397
1901
def __init__(self, server_address, RequestHandlerClass,
1398
interface=None, use_ipv6=True):
1902
interface=None, use_ipv6=True, socketfd=None):
1903
"""If socketfd is set, use that file descriptor instead of
1904
creating a new one with socket.socket().
1905
"""
1399
1906
self.interface = interface
1400
1907
if use_ipv6:
1401
1908
self.address_family = socket.AF_INET6
1909
if socketfd is not None:
1910
# Save the file descriptor
1911
self.socketfd = socketfd
1912
# Save the original socket.socket() function
1913
self.socket_socket = socket.socket
1914
# To implement --socket, we monkey patch socket.socket.
1915
#
1916
# (When socketserver.TCPServer is a new-style class, we
1917
# could make self.socket into a property instead of monkey
1918
# patching socket.socket.)
1919
#
1920
# Create a one-time-only replacement for socket.socket()
1921
@functools.wraps(socket.socket)
1922
def socket_wrapper(*args, **kwargs):
1923
# Restore original function so subsequent calls are
1924
# not affected.
1925
socket.socket = self.socket_socket
1926
del self.socket_socket
1927
# This time only, return a new socket object from the
1928
# saved file descriptor.
1929
return socket.fromfd(self.socketfd, *args, **kwargs)
1930
# Replace socket.socket() function with wrapper
1931
socket.socket = socket_wrapper
1932
# The socketserver.TCPServer.__init__ will call
1933
# socket.socket(), which might be our replacement,
1934
# socket_wrapper(), if socketfd was set.
1402
1935
socketserver.TCPServer.__init__(self, server_address,
1403
1936
RequestHandlerClass)
1937
1404
1938
def server_bind(self):
1405
1939
"""This overrides the normal server_bind() function
1406
1940
to bind to an interface if one was specified, and also NOT to
1407
1941
bind to an address or port if they were not specified."""
1408
1942
if self.interface is not None:
1409
1943
if SO_BINDTODEVICE is None:
1410
logger.error(u"SO_BINDTODEVICE does not exist;"
1411
u" cannot bind to interface %s",
1944
logger.error("SO_BINDTODEVICE does not exist;"
1945
" cannot bind to interface %s",
1412
1946
self.interface)
1413
1947
else:
1414
1948
try:
1415
1949
self.socket.setsockopt(socket.SOL_SOCKET,
1416
1950
SO_BINDTODEVICE,
1417
str(self.interface
1418
+ u'\0'))
1419
except socket.error, error:
1420
if error[0] == errno.EPERM:
1421
logger.error(u"No permission to"
1422
u" bind to interface %s",
1423
self.interface)
1424
elif error[0] == errno.ENOPROTOOPT:
1425
logger.error(u"SO_BINDTODEVICE not available;"
1426
u" cannot bind to interface %s",
1427
self.interface)
1951
str(self.interface + '\0'))
1952
except socket.error as error:
1953
if error.errno == errno.EPERM:
1954
logger.error("No permission to bind to"
1955
" interface %s", self.interface)
1956
elif error.errno == errno.ENOPROTOOPT:
1957
logger.error("SO_BINDTODEVICE not available;"
1958
" cannot bind to interface %s",
1959
self.interface)
1960
elif error.errno == errno.ENODEV:
1961
logger.error("Interface %s does not exist,"
1962
" cannot bind", self.interface)
1428
1963
else:
1429
1964
raise
1430
1965
# Only bind(2) the socket if we really need to.
1431
1966
if self.server_address[0] or self.server_address[1]:
1432
1967
if not self.server_address[0]:
1433
1968
if self.address_family == socket.AF_INET6:
1434
any_address = u"::" # in6addr_any
1969
any_address = "::" # in6addr_any
1435
1970
else:
1436
1971
any_address = socket.INADDR_ANY
1437
1972
self.server_address = (any_address,
1460
1995
"""
1461
1996
def __init__(self, server_address, RequestHandlerClass,
1462
1997
interface=None, use_ipv6=True, clients=None,
1463
gnutls_priority=None, use_dbus=True):
1998
gnutls_priority=None, use_dbus=True, socketfd=None):
1464
1999
self.enabled = False
1465
2000
self.clients = clients
1466
2001
if self.clients is None:
1467
self.clients = set()
2002
self.clients = {}
1468
2003
self.use_dbus = use_dbus
1469
2004
self.gnutls_priority = gnutls_priority
1470
2005
IPv6_TCPServer.__init__(self, server_address,
1471
2006
RequestHandlerClass,
1472
2007
interface = interface,
1473
use_ipv6 = use_ipv6)
2008
use_ipv6 = use_ipv6,
2009
socketfd = socketfd)
1474
2010
def server_activate(self):
1475
2011
if self.enabled:
1476
2012
return socketserver.TCPServer.server_activate(self)
2013
1477
2014
def enable(self):
1478
2015
self.enabled = True
1479
def add_pipe(self, parent_pipe):
2016
2017
def add_pipe(self, parent_pipe, proc):
1480
2018
# Call "handle_ipc" for both data and EOF events
1481
2019
gobject.io_add_watch(parent_pipe.fileno(),
1482
2020
gobject.IO_IN | gobject.IO_HUP,
1483
2021
functools.partial(self.handle_ipc,
1484
parent_pipe = parent_pipe))
1485
2022
parent_pipe =
2023
parent_pipe,
2024
proc = proc))
2025
1486
2026
def handle_ipc(self, source, condition, parent_pipe=None,
1487
client_object=None):
1488
condition_names = {
1489
gobject.IO_IN: u"IN", # There is data to read.
1490
gobject.IO_OUT: u"OUT", # Data can be written (without
1491
# blocking).
1492
gobject.IO_PRI: u"PRI", # There is urgent data to read.
1493
gobject.IO_ERR: u"ERR", # Error condition.
1494
gobject.IO_HUP: u"HUP" # Hung up (the connection has been
1495
# broken, usually for pipes and
1496
# sockets).
1497
}
1498
conditions_string = ' | '.join(name
1499
for cond, name in
1500
condition_names.iteritems()
1501
if cond & condition)
1502
# error or the other end of multiprocessing.Pipe has closed
1503
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
2027
proc = None, client_object=None):
2028
# error, or the other end of multiprocessing.Pipe has closed
2029
if condition & (gobject.IO_ERR | gobject.IO_HUP):
2030
# Wait for other process to exit
2031
proc.join()
1504
2032
return False
1505
2033
1506
2034
# Read a request from the child
1511
2039
fpr = request[1]
1512
2040
address = request[2]
1513
2041
1514
for c in self.clients:
2042
for c in self.clients.itervalues():
1515
2043
if c.fingerprint == fpr:
1516
2044
client = c
1517
2045
break
1518
2046
else:
1519
logger.warning(u"Client not found for fingerprint: %s, ad"
1520
u"dress: %s", fpr, address)
2047
logger.info("Client not found for fingerprint: %s, ad"
2048
"dress: %s", fpr, address)
1521
2049
if self.use_dbus:
1522
2050
# Emit D-Bus signal
1523
mandos_dbus_service.ClientNotFound(fpr, address)
2051
mandos_dbus_service.ClientNotFound(fpr,
2052
address[0])
1524
2053
parent_pipe.send(False)
1525
2054
return False
1526
2055
1527
2056
gobject.io_add_watch(parent_pipe.fileno(),
1528
2057
gobject.IO_IN | gobject.IO_HUP,
1529
2058
functools.partial(self.handle_ipc,
1530
parent_pipe = parent_pipe,
1531
client_object = client))
2059
parent_pipe =
2060
parent_pipe,
2061
proc = proc,
2062
client_object =
2063
client))
1532
2064
parent_pipe.send(True)
1533
# remove the old hook in favor of the new above hook on same fileno
2065
# remove the old hook in favor of the new above hook on
2066
# same fileno
1534
2067
return False
1535
2068
if command == 'funcall':
1536
2069
funcname = request[1]
1537
2070
args = request[2]
1538
2071
kwargs = request[3]
1539
2072
1540
parent_pipe.send(('data', getattr(client_object, funcname)(*args, **kwargs)))
1541
2073
parent_pipe.send(('data', getattr(client_object,
2074
funcname)(*args,
2075
**kwargs)))
2076
1542
2077
if command == 'getattr':
1543
2078
attrname = request[1]
1544
2079
if callable(client_object.__getattribute__(attrname)):
1545
2080
parent_pipe.send(('function',))
1546
2081
else:
1547
parent_pipe.send(('data', client_object.__getattribute__(attrname)))
2082
parent_pipe.send(('data', client_object
2083
.__getattribute__(attrname)))
1548
2084
1549
2085
if command == 'setattr':
1550
2086
attrname = request[1]
1551
2087
value = request[2]
1552
2088
setattr(client_object, attrname, value)
1553
2089
1554
2090
return True
1555
2091
1556
2092
1557
2093
def string_to_delta(interval):
1558
2094
"""Parse a string and return a datetime.timedelta
1559
2095
1560
>>> string_to_delta(u'7d')
2096
>>> string_to_delta('7d')
1561
2097
datetime.timedelta(7)
1562
>>> string_to_delta(u'60s')
2098
>>> string_to_delta('60s')
1563
2099
datetime.timedelta(0, 60)
1564
>>> string_to_delta(u'60m')
2100
>>> string_to_delta('60m')
1565
2101
datetime.timedelta(0, 3600)
1566
>>> string_to_delta(u'24h')
2102
>>> string_to_delta('24h')
1567
2103
datetime.timedelta(1)
1568
>>> string_to_delta(u'1w')
2104
>>> string_to_delta('1w')
1569
2105
datetime.timedelta(7)
1570
>>> string_to_delta(u'5m 30s')
2106
>>> string_to_delta('5m 30s')
1571
2107
datetime.timedelta(0, 330)
1572
2108
"""
1573
2109
timevalue = datetime.timedelta(0)
1575
2111
try:
1576
2112
suffix = unicode(s[-1])
1577
2113
value = int(s[:-1])
1578
if suffix == u"d":
2114
if suffix == "d":
1579
2115
delta = datetime.timedelta(value)
1580
elif suffix == u"s":
2116
elif suffix == "s":
1581
2117
delta = datetime.timedelta(0, value)
1582
elif suffix == u"m":
2118
elif suffix == "m":
1583
2119
delta = datetime.timedelta(0, 0, 0, 0, value)
1584
elif suffix == u"h":
2120
elif suffix == "h":
1585
2121
delta = datetime.timedelta(0, 0, 0, 0, 0, value)
1586
elif suffix == u"w":
2122
elif suffix == "w":
1587
2123
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
1588
2124
else:
1589
raise ValueError(u"Unknown suffix %r" % suffix)
1590
except (ValueError, IndexError), e:
1591
raise ValueError(e.message)
2125
raise ValueError("Unknown suffix {0!r}"
2126
.format(suffix))
2127
except (ValueError, IndexError) as e:
2128
raise ValueError(*(e.args))
1592
2129
timevalue += delta
1593
2130
return timevalue
1594
2131
1595
2132
1596
def if_nametoindex(interface):
1597
"""Call the C function if_nametoindex(), or equivalent
1598
1599
Note: This function cannot accept a unicode string."""
1600
global if_nametoindex
1601
try:
1602
if_nametoindex = (ctypes.cdll.LoadLibrary
1603
(ctypes.util.find_library(u"c"))
1604
.if_nametoindex)
1605
except (OSError, AttributeError):
1606
logger.warning(u"Doing if_nametoindex the hard way")
1607
def if_nametoindex(interface):
1608
"Get an interface index the hard way, i.e. using fcntl()"
1609
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
1610
with contextlib.closing(socket.socket()) as s:
1611
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
1612
struct.pack(str(u"16s16x"),
1613
interface))
1614
interface_index = struct.unpack(str(u"I"),
1615
ifreq[16:20])[0]
1616
return interface_index
1617
return if_nametoindex(interface)
1618
1619
1620
2133
def daemon(nochdir = False, noclose = False):
1621
2134
"""See daemon(3). Standard BSD Unix function.
1622
2135
1625
2138
sys.exit()
1626
2139
os.setsid()
1627
2140
if not nochdir:
1628
os.chdir(u"/")
2141
os.chdir("/")
1629
2142
if os.fork():
1630
2143
sys.exit()
1631
2144
if not noclose:
1632
2145
# Close all standard open file descriptors
1633
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
2146
null = os.open(os.devnull, os.O_NOCTTY | os.O_RDWR)
1634
2147
if not stat.S_ISCHR(os.fstat(null).st_mode):
1635
2148
raise OSError(errno.ENODEV,
1636
u"%s not a character device"
1637
% os.path.devnull)
2149
"{0} not a character device"
2150
.format(os.devnull))
1638
2151
os.dup2(null, sys.stdin.fileno())
1639
2152
os.dup2(null, sys.stdout.fileno())
1640
2153
os.dup2(null, sys.stderr.fileno())
1647
2160
##################################################################
1648
2161
# Parsing of options, both command line and config file
1649
2162
1650
parser = optparse.OptionParser(version = "%%prog %s" % version)
1651
parser.add_option("-i", u"--interface", type=u"string",
1652
metavar="IF", help=u"Bind to interface IF")
1653
parser.add_option("-a", u"--address", type=u"string",
1654
help=u"Address to listen for requests on")
1655
parser.add_option("-p", u"--port", type=u"int",
1656
help=u"Port number to receive requests on")
1657
parser.add_option("--check", action=u"store_true",
1658
help=u"Run self-test")
1659
parser.add_option("--debug", action=u"store_true",
1660
help=u"Debug mode; run in foreground and log to"
1661
u" terminal")
1662
parser.add_option("--debuglevel", type=u"string", metavar="Level",
1663
help=u"Debug level for stdout output")
1664
parser.add_option("--priority", type=u"string", help=u"GnuTLS"
1665
u" priority string (see GnuTLS documentation)")
1666
parser.add_option("--servicename", type=u"string",
1667
metavar=u"NAME", help=u"Zeroconf service name")
1668
parser.add_option("--configdir", type=u"string",
1669
default=u"/etc/mandos", metavar=u"DIR",
1670
help=u"Directory to search for configuration"
1671
u" files")
1672
parser.add_option("--no-dbus", action=u"store_false",
1673
dest=u"use_dbus", help=u"Do not provide D-Bus"
1674
u" system bus interface")
1675
parser.add_option("--no-ipv6", action=u"store_false",
1676
dest=u"use_ipv6", help=u"Do not use IPv6")
1677
options = parser.parse_args()[0]
2163
parser = argparse.ArgumentParser()
2164
parser.add_argument("-v", "--version", action="version",
2165
version = "%(prog)s {0}".format(version),
2166
help="show version number and exit")
2167
parser.add_argument("-i", "--interface", metavar="IF",
2168
help="Bind to interface IF")
2169
parser.add_argument("-a", "--address",
2170
help="Address to listen for requests on")
2171
parser.add_argument("-p", "--port", type=int,
2172
help="Port number to receive requests on")
2173
parser.add_argument("--check", action="store_true",
2174
help="Run self-test")
2175
parser.add_argument("--debug", action="store_true",
2176
help="Debug mode; run in foreground and log"
2177
" to terminal")
2178
parser.add_argument("--debuglevel", metavar="LEVEL",
2179
help="Debug level for stdout output")
2180
parser.add_argument("--priority", help="GnuTLS"
2181
" priority string (see GnuTLS documentation)")
2182
parser.add_argument("--servicename",
2183
metavar="NAME", help="Zeroconf service name")
2184
parser.add_argument("--configdir",
2185
default="/etc/mandos", metavar="DIR",
2186
help="Directory to search for configuration"
2187
" files")
2188
parser.add_argument("--no-dbus", action="store_false",
2189
dest="use_dbus", help="Do not provide D-Bus"
2190
" system bus interface")
2191
parser.add_argument("--no-ipv6", action="store_false",
2192
dest="use_ipv6", help="Do not use IPv6")
2193
parser.add_argument("--no-restore", action="store_false",
2194
dest="restore", help="Do not restore stored"
2195
" state")
2196
parser.add_argument("--socket", type=int,
2197
help="Specify a file descriptor to a network"
2198
" socket to use instead of creating one")
2199
parser.add_argument("--statedir", metavar="DIR",
2200
help="Directory to save/restore state in")
2201
parser.add_argument("--foreground", action="store_true",
2202
help="Run in foreground")
2203
2204
options = parser.parse_args()
1678
2205
1679
2206
if options.check:
1680
2207
import doctest
1682
2209
sys.exit()
1683
2210
1684
2211
# Default values for config file for server-global settings
1685
server_defaults = { u"interface": u"",
1686
u"address": u"",
1687
u"port": u"",
1688
u"debug": u"False",
1689
u"priority":
1690
u"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1691
u"servicename": u"Mandos",
1692
u"use_dbus": u"True",
1693
u"use_ipv6": u"True",
1694
u"debuglevel": u"",
2212
server_defaults = { "interface": "",
2213
"address": "",
2214
"port": "",
2215
"debug": "False",
2216
"priority":
2217
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
2218
"servicename": "Mandos",
2219
"use_dbus": "True",
2220
"use_ipv6": "True",
2221
"debuglevel": "",
2222
"restore": "True",
2223
"socket": "",
2224
"statedir": "/var/lib/mandos",
2225
"foreground": "False",
1695
2226
}
1696
2227
1697
2228
# Parse config file for server-global settings
1698
2229
server_config = configparser.SafeConfigParser(server_defaults)
1699
2230
del server_defaults
1700
2231
server_config.read(os.path.join(options.configdir,
1701
u"mandos.conf"))
2232
"mandos.conf"))
1702
2233
# Convert the SafeConfigParser object to a dict
1703
2234
server_settings = server_config.defaults()
1704
2235
# Use the appropriate methods on the non-string config options
1705
for option in (u"debug", u"use_dbus", u"use_ipv6"):
1706
server_settings[option] = server_config.getboolean(u"DEFAULT",
2236
for option in ("debug", "use_dbus", "use_ipv6", "foreground"):
2237
server_settings[option] = server_config.getboolean("DEFAULT",
1707
2238
option)
1708
2239
if server_settings["port"]:
1709
server_settings["port"] = server_config.getint(u"DEFAULT",
1710
u"port")
2240
server_settings["port"] = server_config.getint("DEFAULT",
2241
"port")
2242
if server_settings["socket"]:
2243
server_settings["socket"] = server_config.getint("DEFAULT",
2244
"socket")
2245
# Later, stdin will, and stdout and stderr might, be dup'ed
2246
# over with an opened os.devnull. But we don't want this to
2247
# happen with a supplied network socket.
2248
if 0 <= server_settings["socket"] <= 2:
2249
server_settings["socket"] = os.dup(server_settings
2250
["socket"])
1711
2251
del server_config
1712
2252
1713
2253
# Override the settings from the config file with command line
1714
2254
# options, if set.
1715
for option in (u"interface", u"address", u"port", u"debug",
1716
u"priority", u"servicename", u"configdir",
1717
u"use_dbus", u"use_ipv6", u"debuglevel"):
2255
for option in ("interface", "address", "port", "debug",
2256
"priority", "servicename", "configdir",
2257
"use_dbus", "use_ipv6", "debuglevel", "restore",
2258
"statedir", "socket", "foreground"):
1718
2259
value = getattr(options, option)
1719
2260
if value is not None:
1720
2261
server_settings[option] = value
1723
2264
for option in server_settings.keys():
1724
2265
if type(server_settings[option]) is str:
1725
2266
server_settings[option] = unicode(server_settings[option])
2267
# Debug implies foreground
2268
if server_settings["debug"]:
2269
server_settings["foreground"] = True
1726
2270
# Now we have our good server settings in "server_settings"
1727
2271
1728
2272
##################################################################
1729
2273
1730
2274
# For convenience
1731
debug = server_settings[u"debug"]
1732
debuglevel = server_settings[u"debuglevel"]
1733
use_dbus = server_settings[u"use_dbus"]
1734
use_ipv6 = server_settings[u"use_ipv6"]
1735
1736
if server_settings[u"servicename"] != u"Mandos":
2275
debug = server_settings["debug"]
2276
debuglevel = server_settings["debuglevel"]
2277
use_dbus = server_settings["use_dbus"]
2278
use_ipv6 = server_settings["use_ipv6"]
2279
stored_state_path = os.path.join(server_settings["statedir"],
2280
stored_state_file)
2281
foreground = server_settings["foreground"]
2282
2283
if debug:
2284
initlogger(debug, logging.DEBUG)
2285
else:
2286
if not debuglevel:
2287
initlogger(debug)
2288
else:
2289
level = getattr(logging, debuglevel.upper())
2290
initlogger(debug, level)
2291
2292
if server_settings["servicename"] != "Mandos":
1737
2293
syslogger.setFormatter(logging.Formatter
1738
(u'Mandos (%s) [%%(process)d]:'
1739
u' %%(levelname)s: %%(message)s'
1740
% server_settings[u"servicename"]))
2294
('Mandos ({0}) [%(process)d]:'
2295
' %(levelname)s: %(message)s'
2296
.format(server_settings
2297
["servicename"])))
1741
2298
1742
2299
# Parse config file with clients
1743
client_defaults = { u"timeout": u"1h",
1744
u"interval": u"5m",
1745
u"checker": u"fping -q -- %%(host)s",
1746
u"host": u"",
1747
u"approval_delay": u"0s",
1748
u"approval_duration": u"1s",
1749
}
1750
client_config = configparser.SafeConfigParser(client_defaults)
1751
client_config.read(os.path.join(server_settings[u"configdir"],
1752
u"clients.conf"))
2300
client_config = configparser.SafeConfigParser(Client
2301
.client_defaults)
2302
client_config.read(os.path.join(server_settings["configdir"],
2303
"clients.conf"))
1753
2304
1754
2305
global mandos_dbus_service
1755
2306
mandos_dbus_service = None
1756
2307
1757
tcp_server = MandosServer((server_settings[u"address"],
1758
server_settings[u"port"]),
2308
tcp_server = MandosServer((server_settings["address"],
2309
server_settings["port"]),
1759
2310
ClientHandler,
1760
interface=(server_settings[u"interface"]
2311
interface=(server_settings["interface"]
1761
2312
or None),
1762
2313
use_ipv6=use_ipv6,
1763
2314
gnutls_priority=
1764
server_settings[u"priority"],
1765
use_dbus=use_dbus)
1766
pidfilename = u"/var/run/mandos.pid"
1767
try:
1768
pidfile = open(pidfilename, u"w")
1769
except IOError:
1770
logger.error(u"Could not open file %r", pidfilename)
2315
server_settings["priority"],
2316
use_dbus=use_dbus,
2317
socketfd=(server_settings["socket"]
2318
or None))
2319
if not foreground:
2320
pidfilename = "/var/run/mandos.pid"
2321
pidfile = None
2322
try:
2323
pidfile = open(pidfilename, "w")
2324
except IOError as e:
2325
logger.error("Could not open file %r", pidfilename,
2326
exc_info=e)
1771
2327
1772
try:
1773
uid = pwd.getpwnam(u"_mandos").pw_uid
1774
gid = pwd.getpwnam(u"_mandos").pw_gid
1775
except KeyError:
2328
for name in ("_mandos", "mandos", "nobody"):
1776
2329
try:
1777
uid = pwd.getpwnam(u"mandos").pw_uid
1778
gid = pwd.getpwnam(u"mandos").pw_gid
2330
uid = pwd.getpwnam(name).pw_uid
2331
gid = pwd.getpwnam(name).pw_gid
2332
break
1779
2333
except KeyError:
1780
try:
1781
uid = pwd.getpwnam(u"nobody").pw_uid
1782
gid = pwd.getpwnam(u"nobody").pw_gid
1783
except KeyError:
1784
uid = 65534
1785
gid = 65534
2334
continue
2335
else:
2336
uid = 65534
2337
gid = 65534
1786
2338
try:
1787
2339
os.setgid(gid)
1788
2340
os.setuid(uid)
1789
except OSError, error:
1790
if error[0] != errno.EPERM:
2341
except OSError as error:
2342
if error.errno != errno.EPERM:
1791
2343
raise error
1792
2344
1793
if not debug and not debuglevel:
1794
syslogger.setLevel(logging.WARNING)
1795
console.setLevel(logging.WARNING)
1796
if debuglevel:
1797
level = getattr(logging, debuglevel.upper())
1798
syslogger.setLevel(level)
1799
console.setLevel(level)
1800
1801
2345
if debug:
1802
2346
# Enable all possible GnuTLS debugging
1803
2347
1807
2351
1808
2352
@gnutls.library.types.gnutls_log_func
1809
2353
def debug_gnutls(level, string):
1810
logger.debug(u"GnuTLS: %s", string[:-1])
2354
logger.debug("GnuTLS: %s", string[:-1])
1811
2355
1812
2356
(gnutls.library.functions
1813
2357
.gnutls_global_set_log_function(debug_gnutls))
1814
2358
1815
2359
# Redirect stdin so all checkers get /dev/null
1816
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
2360
null = os.open(os.devnull, os.O_NOCTTY | os.O_RDWR)
1817
2361
os.dup2(null, sys.stdin.fileno())
1818
2362
if null > 2:
1819
2363
os.close(null)
1820
else:
1821
# No console logging
1822
logger.removeHandler(console)
1823
2364
2365
# Need to fork before connecting to D-Bus
2366
if not foreground:
2367
# Close all input and output, do double fork, etc.
2368
daemon()
2369
2370
# multiprocessing will use threads, so before we use gobject we
2371
# need to inform gobject that threads will be used.
2372
gobject.threads_init()
1824
2373
1825
2374
global main_loop
1826
2375
# From the Avahi example code
1827
DBusGMainLoop(set_as_default=True )
2376
DBusGMainLoop(set_as_default=True)
1828
2377
main_loop = gobject.MainLoop()
1829
2378
bus = dbus.SystemBus()
1830
2379
# End of Avahi example code
1831
2380
if use_dbus:
1832
2381
try:
1833
bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos",
2382
bus_name = dbus.service.BusName("se.recompile.Mandos",
1834
2383
bus, do_not_queue=True)
1835
except dbus.exceptions.NameExistsException, e:
1836
logger.error(unicode(e) + u", disabling D-Bus")
2384
old_bus_name = (dbus.service.BusName
2385
("se.bsnet.fukt.Mandos", bus,
2386
do_not_queue=True))
2387
except dbus.exceptions.NameExistsException as e:
2388
logger.error("Disabling D-Bus:", exc_info=e)
1837
2389
use_dbus = False
1838
server_settings[u"use_dbus"] = False
2390
server_settings["use_dbus"] = False
1839
2391
tcp_server.use_dbus = False
1840
2392
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
1841
service = AvahiService(name = server_settings[u"servicename"],
1842
servicetype = u"_mandos._tcp",
1843
protocol = protocol, bus = bus)
2393
service = AvahiServiceToSyslog(name =
2394
server_settings["servicename"],
2395
servicetype = "_mandos._tcp",
2396
protocol = protocol, bus = bus)
1844
2397
if server_settings["interface"]:
1845
2398
service.interface = (if_nametoindex
1846
(str(server_settings[u"interface"])))
1847
1848
if not debug:
1849
# Close all input and output, do double fork, etc.
1850
daemon()
1851
2399
(str(server_settings["interface"])))
2400
1852
2401
global multiprocessing_manager
1853
2402
multiprocessing_manager = multiprocessing.Manager()
1854
2403
1855
2404
client_class = Client
1856
2405
if use_dbus:
1857
2406
client_class = functools.partial(ClientDBus, bus = bus)
1858
def client_config_items(config, section):
1859
special_settings = {
1860
"approved_by_default":
1861
lambda: config.getboolean(section,
1862
"approved_by_default"),
1863
}
1864
for name, value in config.items(section):
2407
2408
client_settings = Client.config_parser(client_config)
2409
old_client_settings = {}
2410
clients_data = {}
2411
2412
# Get client data and settings from last running state.
2413
if server_settings["restore"]:
2414
try:
2415
with open(stored_state_path, "rb") as stored_state:
2416
clients_data, old_client_settings = (pickle.load
2417
(stored_state))
2418
os.remove(stored_state_path)
2419
except IOError as e:
2420
if e.errno == errno.ENOENT:
2421
logger.warning("Could not load persistent state: {0}"
2422
.format(os.strerror(e.errno)))
2423
else:
2424
logger.critical("Could not load persistent state:",
2425
exc_info=e)
2426
raise
2427
except EOFError as e:
2428
logger.warning("Could not load persistent state: "
2429
"EOFError:", exc_info=e)
2430
2431
with PGPEngine() as pgp:
2432
for client_name, client in clients_data.iteritems():
2433
# Decide which value to use after restoring saved state.
2434
# We have three different values: Old config file,
2435
# new config file, and saved state.
2436
# New config value takes precedence if it differs from old
2437
# config value, otherwise use saved state.
2438
for name, value in client_settings[client_name].items():
2439
try:
2440
# For each value in new config, check if it
2441
# differs from the old config value (Except for
2442
# the "secret" attribute)
2443
if (name != "secret" and
2444
value != old_client_settings[client_name]
2445
[name]):
2446
client[name] = value
2447
except KeyError:
2448
pass
2449
2450
# Clients who has passed its expire date can still be
2451
# enabled if its last checker was successful. Clients
2452
# whose checker succeeded before we stored its state is
2453
# assumed to have successfully run all checkers during
2454
# downtime.
2455
if client["enabled"]:
2456
if datetime.datetime.utcnow() >= client["expires"]:
2457
if not client["last_checked_ok"]:
2458
logger.warning(
2459
"disabling client {0} - Client never "
2460
"performed a successful checker"
2461
.format(client_name))
2462
client["enabled"] = False
2463
elif client["last_checker_status"] != 0:
2464
logger.warning(
2465
"disabling client {0} - Client "
2466
"last checker failed with error code {1}"
2467
.format(client_name,
2468
client["last_checker_status"]))
2469
client["enabled"] = False
2470
else:
2471
client["expires"] = (datetime.datetime
2472
.utcnow()
2473
+ client["timeout"])
2474
logger.debug("Last checker succeeded,"
2475
" keeping {0} enabled"
2476
.format(client_name))
1865
2477
try:
1866
yield (name, special_settings[name]())
1867
except KeyError:
1868
yield (name, value)
1869
1870
tcp_server.clients.update(set(
1871
client_class(name = section,
1872
config= dict(client_config_items(
1873
client_config, section)))
1874
for section in client_config.sections()))
2478
client["secret"] = (
2479
pgp.decrypt(client["encrypted_secret"],
2480
client_settings[client_name]
2481
["secret"]))
2482
except PGPError:
2483
# If decryption fails, we use secret from new settings
2484
logger.debug("Failed to decrypt {0} old secret"
2485
.format(client_name))
2486
client["secret"] = (
2487
client_settings[client_name]["secret"])
2488
2489
# Add/remove clients based on new changes made to config
2490
for client_name in (set(old_client_settings)
2491
- set(client_settings)):
2492
del clients_data[client_name]
2493
for client_name in (set(client_settings)
2494
- set(old_client_settings)):
2495
clients_data[client_name] = client_settings[client_name]
2496
2497
# Create all client objects
2498
for client_name, client in clients_data.iteritems():
2499
tcp_server.clients[client_name] = client_class(
2500
name = client_name, settings = client)
2501
1875
2502
if not tcp_server.clients:
1876
logger.warning(u"No clients defined")
1877
1878
try:
1879
with pidfile:
1880
pid = os.getpid()
1881
pidfile.write(str(pid) + "\n")
2503
logger.warning("No clients defined")
2504
2505
if not foreground:
2506
if pidfile is not None:
2507
try:
2508
with pidfile:
2509
pid = os.getpid()
2510
pidfile.write(str(pid) + "\n".encode("utf-8"))
2511
except IOError:
2512
logger.error("Could not write to file %r with PID %d",
2513
pidfilename, pid)
1882
2514
del pidfile
1883
except IOError:
1884
logger.error(u"Could not write to file %r with PID %d",
1885
pidfilename, pid)
1886
except NameError:
1887
# "pidfile" was never created
1888
pass
1889
del pidfilename
2515
del pidfilename
1890
2516
1891
if not debug:
1892
signal.signal(signal.SIGINT, signal.SIG_IGN)
1893
2517
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
1894
2518
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
1895
2519
1896
2520
if use_dbus:
1897
class MandosDBusService(dbus.service.Object):
2521
@alternate_dbus_interfaces({"se.recompile.Mandos":
2522
"se.bsnet.fukt.Mandos"})
2523
class MandosDBusService(DBusObjectWithProperties):
1898
2524
"""A D-Bus proxy object"""
1899
2525
def __init__(self):
1900
dbus.service.Object.__init__(self, bus, u"/")
1901
_interface = u"se.bsnet.fukt.Mandos"
1902
1903
@dbus.service.signal(_interface, signature=u"o")
2526
dbus.service.Object.__init__(self, bus, "/")
2527
_interface = "se.recompile.Mandos"
2528
2529
@dbus_interface_annotations(_interface)
2530
def _foo(self):
2531
return { "org.freedesktop.DBus.Property"
2532
".EmitsChangedSignal":
2533
"false"}
2534
2535
@dbus.service.signal(_interface, signature="o")
1904
2536
def ClientAdded(self, objpath):
1905
2537
"D-Bus signal"
1906
2538
pass
1907
2539
1908
@dbus.service.signal(_interface, signature=u"ss")
2540
@dbus.service.signal(_interface, signature="ss")
1909
2541
def ClientNotFound(self, fingerprint, address):
1910
2542
"D-Bus signal"
1911
2543
pass
1912
2544
1913
@dbus.service.signal(_interface, signature=u"os")
2545
@dbus.service.signal(_interface, signature="os")
1914
2546
def ClientRemoved(self, objpath, name):
1915
2547
"D-Bus signal"
1916
2548
pass
1917
2549
1918
@dbus.service.method(_interface, out_signature=u"ao")
2550
@dbus.service.method(_interface, out_signature="ao")
1919
2551
def GetAllClients(self):
1920
2552
"D-Bus method"
1921
2553
return dbus.Array(c.dbus_object_path
1922
for c in tcp_server.clients)
2554
for c in
2555
tcp_server.clients.itervalues())
1923
2556
1924
2557
@dbus.service.method(_interface,
1925
out_signature=u"a{oa{sv}}")
2558
out_signature="a{oa{sv}}")
1926
2559
def GetAllClientsWithProperties(self):
1927
2560
"D-Bus method"
1928
2561
return dbus.Dictionary(
1929
((c.dbus_object_path, c.GetAll(u""))
1930
for c in tcp_server.clients),
1931
signature=u"oa{sv}")
2562
((c.dbus_object_path, c.GetAll(""))
2563
for c in tcp_server.clients.itervalues()),
2564
signature="oa{sv}")
1932
2565
1933
@dbus.service.method(_interface, in_signature=u"o")
2566
@dbus.service.method(_interface, in_signature="o")
1934
2567
def RemoveClient(self, object_path):
1935
2568
"D-Bus method"
1936
for c in tcp_server.clients:
2569
for c in tcp_server.clients.itervalues():
1937
2570
if c.dbus_object_path == object_path:
1938
tcp_server.clients.remove(c)
2571
del tcp_server.clients[c.name]
1939
2572
c.remove_from_connection()
1940
2573
# Don't signal anything except ClientRemoved
1941
2574
c.disable(quiet=True)
1952
2585
"Cleanup function; run on exit"
1953
2586
service.cleanup()
1954
2587
2588
multiprocessing.active_children()
2589
if not (tcp_server.clients or client_settings):
2590
return
2591
2592
# Store client before exiting. Secrets are encrypted with key
2593
# based on what config file has. If config file is
2594
# removed/edited, old secret will thus be unrecovable.
2595
clients = {}
2596
with PGPEngine() as pgp:
2597
for client in tcp_server.clients.itervalues():
2598
key = client_settings[client.name]["secret"]
2599
client.encrypted_secret = pgp.encrypt(client.secret,
2600
key)
2601
client_dict = {}
2602
2603
# A list of attributes that can not be pickled
2604
# + secret.
2605
exclude = set(("bus", "changedstate", "secret",
2606
"checker"))
2607
for name, typ in (inspect.getmembers
2608
(dbus.service.Object)):
2609
exclude.add(name)
2610
2611
client_dict["encrypted_secret"] = (client
2612
.encrypted_secret)
2613
for attr in client.client_structure:
2614
if attr not in exclude:
2615
client_dict[attr] = getattr(client, attr)
2616
2617
clients[client.name] = client_dict
2618
del client_settings[client.name]["secret"]
2619
2620
try:
2621
with (tempfile.NamedTemporaryFile
2622
(mode='wb', suffix=".pickle", prefix='clients-',
2623
dir=os.path.dirname(stored_state_path),
2624
delete=False)) as stored_state:
2625
pickle.dump((clients, client_settings), stored_state)
2626
tempname=stored_state.name
2627
os.rename(tempname, stored_state_path)
2628
except (IOError, OSError) as e:
2629
if not debug:
2630
try:
2631
os.remove(tempname)
2632
except NameError:
2633
pass
2634
if e.errno in (errno.ENOENT, errno.EACCES, errno.EEXIST):
2635
logger.warning("Could not save persistent state: {0}"
2636
.format(os.strerror(e.errno)))
2637
else:
2638
logger.warning("Could not save persistent state:",
2639
exc_info=e)
2640
raise e
2641
2642
# Delete all clients, and settings from config
1955
2643
while tcp_server.clients:
1956
client = tcp_server.clients.pop()
2644
name, client = tcp_server.clients.popitem()
1957
2645
if use_dbus:
1958
2646
client.remove_from_connection()
1959
client.disable_hook = None
1960
2647
# Don't signal anything except ClientRemoved
1961
2648
client.disable(quiet=True)
1962
2649
if use_dbus:
1963
2650
# Emit D-Bus signal
1964
mandos_dbus_service.ClientRemoved(client.dbus_object_path,
2651
mandos_dbus_service.ClientRemoved(client
2652
.dbus_object_path,
1965
2653
client.name)
2654
client_settings.clear()
1966
2655
1967
2656
atexit.register(cleanup)
1968
2657
1969
for client in tcp_server.clients:
2658
for client in tcp_server.clients.itervalues():
1970
2659
if use_dbus:
1971
2660
# Emit D-Bus signal
1972
2661
mandos_dbus_service.ClientAdded(client.dbus_object_path)
1973
client.enable()
2662
# Need to initiate checking of clients
2663
if client.enabled:
2664
client.init_checker()
1974
2665
1975
2666
tcp_server.enable()
1976
2667
tcp_server.server_activate()
1978
2669
# Find out what port we got
1979
2670
service.port = tcp_server.socket.getsockname()[1]
1980
2671
if use_ipv6:
1981
logger.info(u"Now listening on address %r, port %d,"
1982
" flowinfo %d, scope_id %d"
1983
% tcp_server.socket.getsockname())
2672
logger.info("Now listening on address %r, port %d,"
2673
" flowinfo %d, scope_id %d",
2674
*tcp_server.socket.getsockname())
1984
2675
else: # IPv4
1985
logger.info(u"Now listening on address %r, port %d"
1986
% tcp_server.socket.getsockname())
2676
logger.info("Now listening on address %r, port %d",
2677
*tcp_server.socket.getsockname())
1987
2678
1988
2679
#service.interface = tcp_server.socket.getsockname()[3]
1989
2680
1991
2682
# From the Avahi example code
1992
2683
try:
1993
2684
service.activate()
1994
except dbus.exceptions.DBusException, error:
1995
logger.critical(u"DBusException: %s", error)
2685
except dbus.exceptions.DBusException as error:
2686
logger.critical("D-Bus Exception", exc_info=error)
1996
2687
cleanup()
1997
2688
sys.exit(1)
1998
2689
# End of Avahi example code
2002
2693
(tcp_server.handle_request
2003
2694
(*args[2:], **kwargs) or True))
2004
2695
2005
logger.debug(u"Starting main loop")
2696
logger.debug("Starting main loop")
2006
2697
main_loop.run()
2007
except AvahiError, error:
2008
logger.critical(u"AvahiError: %s", error)
2698
except AvahiError as error:
2699
logger.critical("Avahi Error", exc_info=error)
2009
2700
cleanup()
2010
2701
sys.exit(1)
2011
2702
except KeyboardInterrupt:
2012
2703
if debug:
2013
print >> sys.stderr
2014
logger.debug(u"Server received KeyboardInterrupt")
2015
logger.debug(u"Server exiting")
2704
print("", file=sys.stderr)
2705
logger.debug("Server received KeyboardInterrupt")
2706
logger.debug("Server exiting")
2016
2707
# Must run before the D-Bus bus name gets deregistered
2017
2708
cleanup()
2018
2709
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0