11
11
# "AvahiService" class, and some lines in "main".
13
13
# Everything else is
14
# Copyright © 2008-2014 Teddy Hogeborn
15
# Copyright © 2008-2014 Björn Påhlsson
14
# Copyright © 2008-2012 Teddy Hogeborn
15
# Copyright © 2008-2012 Björn Påhlsson
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
114
117
def initlogger(debug, level=logging.WARNING):
115
118
"""init logger and add loglevel"""
118
syslogger = (logging.handlers.SysLogHandler
120
logging.handlers.SysLogHandler.LOG_DAEMON,
121
address = str("/dev/log")))
122
120
syslogger.setFormatter(logging.Formatter
123
121
('Mandos [%(process)d]: %(levelname)s:'
142
140
class PGPEngine(object):
143
141
"""A simple class for OpenPGP symmetric encryption & decryption"""
144
142
def __init__(self):
143
self.gnupg = GnuPGInterface.GnuPG()
145
144
self.tempdir = tempfile.mkdtemp(prefix="mandos-")
146
self.gnupgargs = ['--batch',
147
'--home', self.tempdir,
145
self.gnupg = GnuPGInterface.GnuPG()
146
self.gnupg.options.meta_interactive = False
147
self.gnupg.options.homedir = self.tempdir
148
self.gnupg.options.extra_args.extend(['--force-mdc',
152
152
def __enter__(self):
175
175
def password_encode(self, password):
176
176
# Passphrase can not be empty and can not contain newlines or
177
177
# NUL bytes. So we prefix it and hex encode it.
178
encoded = b"mandos" + binascii.hexlify(password)
179
if len(encoded) > 2048:
180
# GnuPG can't handle long passwords, so encode differently
181
encoded = (b"mandos" + password.replace(b"\\", b"\\\\")
182
.replace(b"\n", b"\\n")
183
.replace(b"\0", b"\\x00"))
178
return b"mandos" + binascii.hexlify(password)
186
180
def encrypt(self, data, password):
187
passphrase = self.password_encode(password)
188
with tempfile.NamedTemporaryFile(dir=self.tempdir
190
passfile.write(passphrase)
192
proc = subprocess.Popen(['gpg', '--symmetric',
196
stdin = subprocess.PIPE,
197
stdout = subprocess.PIPE,
198
stderr = subprocess.PIPE)
199
ciphertext, err = proc.communicate(input = data)
200
if proc.returncode != 0:
181
self.gnupg.passphrase = self.password_encode(password)
182
with open(os.devnull, "w") as devnull:
184
proc = self.gnupg.run(['--symmetric'],
185
create_fhs=['stdin', 'stdout'],
186
attach_fhs={'stderr': devnull})
187
with contextlib.closing(proc.handles['stdin']) as f:
189
with contextlib.closing(proc.handles['stdout']) as f:
190
ciphertext = f.read()
194
self.gnupg.passphrase = None
202
195
return ciphertext
204
197
def decrypt(self, data, password):
205
passphrase = self.password_encode(password)
206
with tempfile.NamedTemporaryFile(dir = self.tempdir
208
passfile.write(passphrase)
210
proc = subprocess.Popen(['gpg', '--decrypt',
214
stdin = subprocess.PIPE,
215
stdout = subprocess.PIPE,
216
stderr = subprocess.PIPE)
217
decrypted_plaintext, err = proc.communicate(input
219
if proc.returncode != 0:
198
self.gnupg.passphrase = self.password_encode(password)
199
with open(os.devnull, "w") as devnull:
201
proc = self.gnupg.run(['--decrypt'],
202
create_fhs=['stdin', 'stdout'],
203
attach_fhs={'stderr': devnull})
204
with contextlib.closing(proc.handles['stdin']) as f:
206
with contextlib.closing(proc.handles['stdout']) as f:
207
decrypted_plaintext = f.read()
211
self.gnupg.passphrase = None
221
212
return decrypted_plaintext
243
234
Used to optionally bind to the specified interface.
244
235
name: string; Example: 'Mandos'
245
236
type: string; Example: '_mandos._tcp'.
246
See <https://www.iana.org/assignments/service-names-port-numbers>
237
See <http://www.dns-sd.org/ServiceTypes.html>
247
238
port: integer; what port to announce
248
239
TXT: list of strings; TXT record for the service
249
240
domain: string; Domain to publish on, default to .local if empty.
533
def __init__(self, settings, name = None, server_settings=None):
523
def __init__(self, settings, name = None):
535
if server_settings is None:
537
self.server_settings = server_settings
538
525
# adding all client settings
539
526
for setting, value in settings.iteritems():
540
527
setattr(self, setting, value)
693
680
# If a checker exists, make sure it is not a zombie
695
682
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
696
except AttributeError:
698
except OSError as error:
699
if error.errno != errno.ECHILD:
683
except (AttributeError, OSError) as error:
684
if (isinstance(error, OSError)
685
and error.errno != errno.ECHILD):
703
689
logger.warning("Checker was a zombie")
725
711
# in normal mode, that is already done by daemon(),
726
712
# and in debug mode we don't want to. (Stdin is
727
713
# always replaced by /dev/null.)
728
# The exception is when not debugging but nevertheless
729
# running in the foreground; use the previously
732
if (not self.server_settings["debug"]
733
and self.server_settings["foreground"]):
734
popen_args.update({"stdout": wnull,
736
714
self.checker = subprocess.Popen(command,
740
717
except OSError as error:
741
718
logger.error("Failed to start subprocess",
1103
1076
interface_names.add(alt_interface)
1104
1077
# Is this a D-Bus signal?
1105
1078
if getattr(attribute, "_dbus_is_signal", False):
1106
# Extract the original non-method undecorated
1107
# function by black magic
1079
# Extract the original non-method function by
1108
1081
nonmethod_func = (dict(
1109
1082
zip(attribute.func_code.co_freevars,
1110
1083
attribute.__closure__))["func"]
1353
1326
*args, **kwargs)
1355
1328
def start_checker(self, *args, **kwargs):
1356
old_checker_pid = getattr(self.checker, "pid", None)
1329
old_checker = self.checker
1330
if self.checker is not None:
1331
old_checker_pid = self.checker.pid
1333
old_checker_pid = None
1357
1334
r = Client.start_checker(self, *args, **kwargs)
1358
1335
# Only if new checker process was started
1359
1336
if (self.checker is not None
2310
2287
help="Run self-test")
2311
2288
parser.add_argument("--debug", action="store_true",
2312
2289
help="Debug mode; run in foreground and log"
2313
" to terminal", default=None)
2314
2291
parser.add_argument("--debuglevel", metavar="LEVEL",
2315
2292
help="Debug level for stdout output")
2316
2293
parser.add_argument("--priority", help="GnuTLS"
2324
2301
parser.add_argument("--no-dbus", action="store_false",
2325
2302
dest="use_dbus", help="Do not provide D-Bus"
2326
" system bus interface", default=None)
2303
" system bus interface")
2327
2304
parser.add_argument("--no-ipv6", action="store_false",
2328
dest="use_ipv6", help="Do not use IPv6",
2305
dest="use_ipv6", help="Do not use IPv6")
2330
2306
parser.add_argument("--no-restore", action="store_false",
2331
2307
dest="restore", help="Do not restore stored"
2332
" state", default=None)
2333
2309
parser.add_argument("--socket", type=int,
2334
2310
help="Specify a file descriptor to a network"
2335
2311
" socket to use instead of creating one")
2336
2312
parser.add_argument("--statedir", metavar="DIR",
2337
2313
help="Directory to save/restore state in")
2338
2314
parser.add_argument("--foreground", action="store_true",
2339
help="Run in foreground", default=None)
2315
help="Run in foreground")
2341
2317
options = parser.parse_args()
2343
2319
if options.check:
2345
fail_count, test_count = doctest.testmod()
2346
sys.exit(os.EX_OK if fail_count == 0 else 1)
2348
2324
# Default values for config file for server-global settings
2349
2325
server_defaults = { "interface": "",
2401
2377
for option in server_settings.keys():
2402
2378
if type(server_settings[option]) is str:
2403
2379
server_settings[option] = unicode(server_settings[option])
2404
# Force all boolean options to be boolean
2405
for option in ("debug", "use_dbus", "use_ipv6", "restore",
2407
server_settings[option] = bool(server_settings[option])
2408
2380
# Debug implies foreground
2409
2381
if server_settings["debug"]:
2410
2382
server_settings["foreground"] = True
2652
2610
# Create all client objects
2653
2611
for client_name, client in clients_data.iteritems():
2654
2612
tcp_server.clients[client_name] = client_class(
2655
name = client_name, settings = client,
2656
server_settings = server_settings)
2613
name = client_name, settings = client)
2658
2615
if not tcp_server.clients:
2659
2616
logger.warning("No clients defined")