To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 237.7.238
- compare with another revision
- download diff
- download tarball
- view history from revision 237.7.238
- Committer: Teddy Hogeborn
- Date: 2014-06-07 20:29:36 UTC
- mto: (237.7.272 trunk)
- mto: This revision was merged to the branch mainline in revision 317.
- Revision ID: teddy@recompile.se-20140607202936-crh5fxrdd804oora
Fix typo in code comment.
* debian/mandos.postinst: Fix typo in comment.
* debian/mandos.postinst: Fix typo in comment.
- files removed:
- plugin-helpers
- files modified:
- DBUS-API
added
removed
mandos
1
#!/usr/bin/python2.7
1
#!/usr/bin/python
2
2
# -*- mode: python; coding: utf-8 -*-
3
3
#
4
4
# Mandos server - give out binary blobs to connecting clients.
11
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008-2015 Teddy Hogeborn
15
# Copyright © 2008-2015 Björn Påhlsson
14
# Copyright © 2008-2014 Teddy Hogeborn
15
# Copyright © 2008-2014 Björn Påhlsson
16
16
#
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
36
36
37
37
from future_builtins import *
38
38
39
try:
40
import SocketServer as socketserver
41
except ImportError:
42
import socketserver
39
import SocketServer as socketserver
43
40
import socket
44
41
import argparse
45
42
import datetime
46
43
import errno
44
import gnutls.crypto
47
45
import gnutls.connection
48
46
import gnutls.errors
49
47
import gnutls.library.functions
50
48
import gnutls.library.constants
51
49
import gnutls.library.types
52
try:
53
import ConfigParser as configparser
54
except ImportError:
55
import configparser
50
import ConfigParser as configparser
56
51
import sys
57
52
import re
58
53
import os
67
62
import struct
68
63
import fcntl
69
64
import functools
70
try:
71
import cPickle as pickle
72
except ImportError:
73
import pickle
65
import cPickle as pickle
74
66
import multiprocessing
75
67
import types
76
68
import binascii
77
69
import tempfile
78
70
import itertools
79
71
import collections
80
import codecs
81
72
82
73
import dbus
83
74
import dbus.service
84
try:
85
import gobject
86
except ImportError:
87
from gi.repository import GObject as gobject
75
import gobject
88
76
import avahi
89
77
from dbus.mainloop.glib import DBusGMainLoop
90
78
import ctypes
100
88
except ImportError:
101
89
SO_BINDTODEVICE = None
102
90
103
if sys.version_info.major == 2:
104
str = unicode
105
106
version = "1.7.1"
91
version = "1.6.5"
107
92
stored_state_file = "clients.pickle"
108
93
109
94
logger = logging.getLogger()
110
95
syslogger = None
111
96
112
97
try:
113
if_nametoindex = ctypes.cdll.LoadLibrary(
114
ctypes.util.find_library("c")).if_nametoindex
98
if_nametoindex = (ctypes.cdll.LoadLibrary
99
(ctypes.util.find_library("c"))
100
.if_nametoindex)
115
101
except (OSError, AttributeError):
116
117
102
def if_nametoindex(interface):
118
103
"Get an interface index the hard way, i.e. using fcntl()"
119
104
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
120
105
with contextlib.closing(socket.socket()) as s:
121
106
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
122
struct.pack(b"16s16x", interface))
123
interface_index = struct.unpack("I", ifreq[16:20])[0]
107
struct.pack(str("16s16x"),
108
interface))
109
interface_index = struct.unpack(str("I"),
110
ifreq[16:20])[0]
124
111
return interface_index
125
112
126
113
127
114
def initlogger(debug, level=logging.WARNING):
128
115
"""init logger and add loglevel"""
129
116
130
global syslogger
131
syslogger = (logging.handlers.SysLogHandler(
132
facility = logging.handlers.SysLogHandler.LOG_DAEMON,
133
address = "/dev/log"))
117
syslogger = (logging.handlers.SysLogHandler
118
(facility =
119
logging.handlers.SysLogHandler.LOG_DAEMON,
120
address = str("/dev/log")))
134
121
syslogger.setFormatter(logging.Formatter
135
122
('Mandos [%(process)d]: %(levelname)s:'
136
123
' %(message)s'))
153
140
154
141
class PGPEngine(object):
155
142
"""A simple class for OpenPGP symmetric encryption & decryption"""
156
157
143
def __init__(self):
158
144
self.tempdir = tempfile.mkdtemp(prefix="mandos-")
159
145
self.gnupgargs = ['--batch',
198
184
199
185
def encrypt(self, data, password):
200
186
passphrase = self.password_encode(password)
201
with tempfile.NamedTemporaryFile(
202
dir=self.tempdir) as passfile:
187
with tempfile.NamedTemporaryFile(dir=self.tempdir
188
) as passfile:
203
189
passfile.write(passphrase)
204
190
passfile.flush()
205
191
proc = subprocess.Popen(['gpg', '--symmetric',
216
202
217
203
def decrypt(self, data, password):
218
204
passphrase = self.password_encode(password)
219
with tempfile.NamedTemporaryFile(
220
dir = self.tempdir) as passfile:
205
with tempfile.NamedTemporaryFile(dir = self.tempdir
206
) as passfile:
221
207
passfile.write(passphrase)
222
208
passfile.flush()
223
209
proc = subprocess.Popen(['gpg', '--decrypt',
227
213
stdin = subprocess.PIPE,
228
214
stdout = subprocess.PIPE,
229
215
stderr = subprocess.PIPE)
230
decrypted_plaintext, err = proc.communicate(input = data)
216
decrypted_plaintext, err = proc.communicate(input
217
= data)
231
218
if proc.returncode != 0:
232
219
raise PGPError(err)
233
220
return decrypted_plaintext
236
223
class AvahiError(Exception):
237
224
def __init__(self, value, *args, **kwargs):
238
225
self.value = value
239
return super(AvahiError, self).__init__(value, *args,
240
**kwargs)
241
226
super(AvahiError, self).__init__(value, *args, **kwargs)
227
def __unicode__(self):
228
return unicode(repr(self.value))
242
229
243
230
class AvahiServiceError(AvahiError):
244
231
pass
245
232
246
247
233
class AvahiGroupError(AvahiError):
248
234
pass
249
235
269
255
bus: dbus.SystemBus()
270
256
"""
271
257
272
def __init__(self,
273
interface = avahi.IF_UNSPEC,
274
name = None,
275
servicetype = None,
276
port = None,
277
TXT = None,
278
domain = "",
279
host = "",
280
max_renames = 32768,
281
protocol = avahi.PROTO_UNSPEC,
282
bus = None):
258
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
259
servicetype = None, port = None, TXT = None,
260
domain = "", host = "", max_renames = 32768,
261
protocol = avahi.PROTO_UNSPEC, bus = None):
283
262
self.interface = interface
284
263
self.name = name
285
264
self.type = servicetype
295
274
self.bus = bus
296
275
self.entry_group_state_changed_match = None
297
276
298
def rename(self, remove=True):
277
def rename(self):
299
278
"""Derived from the Avahi example code"""
300
279
if self.rename_count >= self.max_renames:
301
280
logger.critical("No suitable Zeroconf service name found"
302
281
" after %i retries, exiting.",
303
282
self.rename_count)
304
283
raise AvahiServiceError("Too many renames")
305
self.name = str(
306
self.server.GetAlternativeServiceName(self.name))
307
self.rename_count += 1
284
self.name = unicode(self.server
285
.GetAlternativeServiceName(self.name))
308
286
logger.info("Changing Zeroconf service name to %r ...",
309
287
self.name)
310
if remove:
311
self.remove()
288
self.remove()
312
289
try:
313
290
self.add()
314
291
except dbus.exceptions.DBusException as error:
315
if (error.get_dbus_name()
316
== "org.freedesktop.Avahi.CollisionError"):
317
logger.info("Local Zeroconf service name collision.")
318
return self.rename(remove=False)
319
else:
320
logger.critical("D-Bus Exception", exc_info=error)
321
self.cleanup()
322
os._exit(1)
292
logger.critical("D-Bus Exception", exc_info=error)
293
self.cleanup()
294
os._exit(1)
295
self.rename_count += 1
323
296
324
297
def remove(self):
325
298
"""Derived from the Avahi example code"""
363
336
self.rename()
364
337
elif state == avahi.ENTRY_GROUP_FAILURE:
365
338
logger.critical("Avahi: Error in group state changed %s",
366
str(error))
367
raise AvahiGroupError("State changed: {!s}".format(error))
339
unicode(error))
340
raise AvahiGroupError("State changed: {0!s}"
341
.format(error))
368
342
369
343
def cleanup(self):
370
344
"""Derived from the Avahi example code"""
380
354
def server_state_changed(self, state, error=None):
381
355
"""Derived from the Avahi example code"""
382
356
logger.debug("Avahi server state change: %i", state)
383
bad_states = {
384
avahi.SERVER_INVALID: "Zeroconf server invalid",
385
avahi.SERVER_REGISTERING: None,
386
avahi.SERVER_COLLISION: "Zeroconf server name collision",
387
avahi.SERVER_FAILURE: "Zeroconf server failure",
388
}
357
bad_states = { avahi.SERVER_INVALID:
358
"Zeroconf server invalid",
359
avahi.SERVER_REGISTERING: None,
360
avahi.SERVER_COLLISION:
361
"Zeroconf server name collision",
362
avahi.SERVER_FAILURE:
363
"Zeroconf server failure" }
389
364
if state in bad_states:
390
365
if bad_states[state] is not None:
391
366
if error is None:
394
369
logger.error(bad_states[state] + ": %r", error)
395
370
self.cleanup()
396
371
elif state == avahi.SERVER_RUNNING:
397
try:
398
self.add()
399
except dbus.exceptions.DBusException as error:
400
if (error.get_dbus_name()
401
== "org.freedesktop.Avahi.CollisionError"):
402
logger.info("Local Zeroconf service name"
403
" collision.")
404
return self.rename(remove=False)
405
else:
406
logger.critical("D-Bus Exception", exc_info=error)
407
self.cleanup()
408
os._exit(1)
372
self.add()
409
373
else:
410
374
if error is None:
411
375
logger.debug("Unknown state: %r", state)
421
385
follow_name_owner_changes=True),
422
386
avahi.DBUS_INTERFACE_SERVER)
423
387
self.server.connect_to_signal("StateChanged",
424
self.server_state_changed)
388
self.server_state_changed)
425
389
self.server_state_changed(self.server.GetState())
426
390
427
391
428
392
class AvahiServiceToSyslog(AvahiService):
429
def rename(self, *args, **kwargs):
393
def rename(self):
430
394
"""Add the new name to the syslog messages"""
431
ret = AvahiService.rename(self, *args, **kwargs)
432
syslogger.setFormatter(logging.Formatter(
433
'Mandos ({}) [%(process)d]: %(levelname)s: %(message)s'
434
.format(self.name)))
395
ret = AvahiService.rename(self)
396
syslogger.setFormatter(logging.Formatter
397
('Mandos ({0}) [%(process)d]:'
398
' %(levelname)s: %(message)s'
399
.format(self.name)))
435
400
return ret
436
401
437
def call_pipe(connection, # : multiprocessing.Connection
438
func, *args, **kwargs):
439
"""This function is meant to be called by multiprocessing.Process
440
441
This function runs func(*args, **kwargs), and writes the resulting
442
return value on the provided multiprocessing.Connection.
443
"""
444
connection.send(func(*args, **kwargs))
445
connection.close()
402
403
def timedelta_to_milliseconds(td):
404
"Convert a datetime.timedelta() to milliseconds"
405
return ((td.days * 24 * 60 * 60 * 1000)
406
+ (td.seconds * 1000)
407
+ (td.microseconds // 1000))
408
446
409
447
410
class Client(object):
448
411
"""A representation of a client host served by this server.
475
438
last_checker_status: integer between 0 and 255 reflecting exit
476
439
status of last checker. -1 reflects crashed
477
440
checker, -2 means no checker completed yet.
478
last_checker_signal: The signal which killed the last checker, if
479
last_checker_status is -1
480
441
last_enabled: datetime.datetime(); (UTC) or None
481
442
name: string; from the config file, used in log messages and
482
443
D-Bus identifiers
495
456
"fingerprint", "host", "interval",
496
457
"last_approval_request", "last_checked_ok",
497
458
"last_enabled", "name", "timeout")
498
client_defaults = {
499
"timeout": "PT5M",
500
"extended_timeout": "PT15M",
501
"interval": "PT2M",
502
"checker": "fping -q -- %%(host)s",
503
"host": "",
504
"approval_delay": "PT0S",
505
"approval_duration": "PT1S",
506
"approved_by_default": "True",
507
"enabled": "True",
508
}
459
client_defaults = { "timeout": "PT5M",
460
"extended_timeout": "PT15M",
461
"interval": "PT2M",
462
"checker": "fping -q -- %%(host)s",
463
"host": "",
464
"approval_delay": "PT0S",
465
"approval_duration": "PT1S",
466
"approved_by_default": "True",
467
"enabled": "True",
468
}
469
470
def timeout_milliseconds(self):
471
"Return the 'timeout' attribute in milliseconds"
472
return timedelta_to_milliseconds(self.timeout)
473
474
def extended_timeout_milliseconds(self):
475
"Return the 'extended_timeout' attribute in milliseconds"
476
return timedelta_to_milliseconds(self.extended_timeout)
477
478
def interval_milliseconds(self):
479
"Return the 'interval' attribute in milliseconds"
480
return timedelta_to_milliseconds(self.interval)
481
482
def approval_delay_milliseconds(self):
483
return timedelta_to_milliseconds(self.approval_delay)
509
484
510
485
@staticmethod
511
486
def config_parser(config):
527
502
client["enabled"] = config.getboolean(client_name,
528
503
"enabled")
529
504
530
# Uppercase and remove spaces from fingerprint for later
531
# comparison purposes with return value from the
532
# fingerprint() function
533
505
client["fingerprint"] = (section["fingerprint"].upper()
534
506
.replace(" ", ""))
535
507
if "secret" in section:
540
512
"rb") as secfile:
541
513
client["secret"] = secfile.read()
542
514
else:
543
raise TypeError("No secret or secfile for section {}"
515
raise TypeError("No secret or secfile for section {0}"
544
516
.format(section))
545
517
client["timeout"] = string_to_delta(section["timeout"])
546
518
client["extended_timeout"] = string_to_delta(
563
535
server_settings = {}
564
536
self.server_settings = server_settings
565
537
# adding all client settings
566
for setting, value in settings.items():
538
for setting, value in settings.iteritems():
567
539
setattr(self, setting, value)
568
540
569
541
if self.enabled:
577
549
self.expires = None
578
550
579
551
logger.debug("Creating client %r", self.name)
552
# Uppercase and remove spaces from fingerprint for later
553
# comparison purposes with return value from the fingerprint()
554
# function
580
555
logger.debug(" Fingerprint: %s", self.fingerprint)
581
556
self.created = settings.get("created",
582
557
datetime.datetime.utcnow())
589
564
self.current_checker_command = None
590
565
self.approved = None
591
566
self.approvals_pending = 0
592
self.changedstate = multiprocessing_manager.Condition(
593
multiprocessing_manager.Lock())
594
self.client_structure = [attr
595
for attr in self.__dict__.iterkeys()
567
self.changedstate = (multiprocessing_manager
568
.Condition(multiprocessing_manager
569
.Lock()))
570
self.client_structure = [attr for attr in
571
self.__dict__.iterkeys()
596
572
if not attr.startswith("_")]
597
573
self.client_structure.append("client_structure")
598
574
599
for name, t in inspect.getmembers(
600
type(self), lambda obj: isinstance(obj, property)):
575
for name, t in inspect.getmembers(type(self),
576
lambda obj:
577
isinstance(obj,
578
property)):
601
579
if not name.startswith("_"):
602
580
self.client_structure.append(name)
603
581
645
623
# and every interval from then on.
646
624
if self.checker_initiator_tag is not None:
647
625
gobject.source_remove(self.checker_initiator_tag)
648
self.checker_initiator_tag = gobject.timeout_add(
649
int(self.interval.total_seconds() * 1000),
650
self.start_checker)
626
self.checker_initiator_tag = (gobject.timeout_add
627
(self.interval_milliseconds(),
628
self.start_checker))
651
629
# Schedule a disable() when 'timeout' has passed
652
630
if self.disable_initiator_tag is not None:
653
631
gobject.source_remove(self.disable_initiator_tag)
654
self.disable_initiator_tag = gobject.timeout_add(
655
int(self.timeout.total_seconds() * 1000), self.disable)
632
self.disable_initiator_tag = (gobject.timeout_add
633
(self.timeout_milliseconds(),
634
self.disable))
656
635
# Also start a new checker *right now*.
657
636
self.start_checker()
658
637
659
def checker_callback(self, source, condition, connection,
660
command):
638
def checker_callback(self, pid, condition, command):
661
639
"""The checker has completed, so take appropriate actions."""
662
640
self.checker_callback_tag = None
663
641
self.checker = None
664
# Read return code from connection (see call_pipe)
665
returncode = connection.recv()
666
connection.close()
667
668
if returncode >= 0:
669
self.last_checker_status = returncode
670
self.last_checker_signal = None
642
if os.WIFEXITED(condition):
643
self.last_checker_status = os.WEXITSTATUS(condition)
671
644
if self.last_checker_status == 0:
672
645
logger.info("Checker for %(name)s succeeded",
673
646
vars(self))
674
647
self.checked_ok()
675
648
else:
676
logger.info("Checker for %(name)s failed", vars(self))
649
logger.info("Checker for %(name)s failed",
650
vars(self))
677
651
else:
678
652
self.last_checker_status = -1
679
self.last_checker_signal = -returncode
680
653
logger.warning("Checker for %(name)s crashed?",
681
654
vars(self))
682
return False
683
655
684
656
def checked_ok(self):
685
657
"""Assert that the client has been seen, alive and well."""
686
658
self.last_checked_ok = datetime.datetime.utcnow()
687
659
self.last_checker_status = 0
688
self.last_checker_signal = None
689
660
self.bump_timeout()
690
661
691
662
def bump_timeout(self, timeout=None):
696
667
gobject.source_remove(self.disable_initiator_tag)
697
668
self.disable_initiator_tag = None
698
669
if getattr(self, "enabled", False):
699
self.disable_initiator_tag = gobject.timeout_add(
700
int(timeout.total_seconds() * 1000), self.disable)
670
self.disable_initiator_tag = (gobject.timeout_add
671
(timedelta_to_milliseconds
672
(timeout), self.disable))
701
673
self.expires = datetime.datetime.utcnow() + timeout
702
674
703
675
def need_approval(self):
717
689
# than 'timeout' for the client to be disabled, which is as it
718
690
# should be.
719
691
720
if self.checker is not None and not self.checker.is_alive():
721
logger.warning("Checker was not alive; joining")
722
self.checker.join()
723
self.checker = None
692
# If a checker exists, make sure it is not a zombie
693
try:
694
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
695
except AttributeError:
696
pass
697
except OSError as error:
698
if error.errno != errno.ECHILD:
699
raise
700
else:
701
if pid:
702
logger.warning("Checker was a zombie")
703
gobject.source_remove(self.checker_callback_tag)
704
self.checker_callback(pid, status,
705
self.current_checker_command)
724
706
# Start a new checker if needed
725
707
if self.checker is None:
726
708
# Escape attributes for the shell
727
escaped_attrs = {
728
attr: re.escape(str(getattr(self, attr)))
729
for attr in self.runtime_expansions }
709
escaped_attrs = dict(
710
(attr, re.escape(unicode(getattr(self, attr))))
711
for attr in
712
self.runtime_expansions)
730
713
try:
731
714
command = self.checker_command % escaped_attrs
732
715
except TypeError as error:
733
716
logger.error('Could not format string "%s"',
734
self.checker_command,
717
self.checker_command, exc_info=error)
718
return True # Try again later
719
self.current_checker_command = command
720
try:
721
logger.info("Starting checker %r for %s",
722
command, self.name)
723
# We don't need to redirect stdout and stderr, since
724
# in normal mode, that is already done by daemon(),
725
# and in debug mode we don't want to. (Stdin is
726
# always replaced by /dev/null.)
727
# The exception is when not debugging but nevertheless
728
# running in the foreground; use the previously
729
# created wnull.
730
popen_args = {}
731
if (not self.server_settings["debug"]
732
and self.server_settings["foreground"]):
733
popen_args.update({"stdout": wnull,
734
"stderr": wnull })
735
self.checker = subprocess.Popen(command,
736
close_fds=True,
737
shell=True, cwd="/",
738
**popen_args)
739
except OSError as error:
740
logger.error("Failed to start subprocess",
735
741
exc_info=error)
736
return True # Try again later
737
self.current_checker_command = command
738
logger.info("Starting checker %r for %s", command,
739
self.name)
740
# We don't need to redirect stdout and stderr, since
741
# in normal mode, that is already done by daemon(),
742
# and in debug mode we don't want to. (Stdin is
743
# always replaced by /dev/null.)
744
# The exception is when not debugging but nevertheless
745
# running in the foreground; use the previously
746
# created wnull.
747
popen_args = { "close_fds": True,
748
"shell": True,
749
"cwd": "/" }
750
if (not self.server_settings["debug"]
751
and self.server_settings["foreground"]):
752
popen_args.update({"stdout": wnull,
753
"stderr": wnull })
754
pipe = multiprocessing.Pipe(duplex = False)
755
self.checker = multiprocessing.Process(
756
target = call_pipe,
757
args = (pipe[1], subprocess.call, command),
758
kwargs = popen_args)
759
self.checker.start()
760
self.checker_callback_tag = gobject.io_add_watch(
761
pipe[0].fileno(), gobject.IO_IN,
762
self.checker_callback, pipe[0], command)
742
return True
743
self.checker_callback_tag = (gobject.child_watch_add
744
(self.checker.pid,
745
self.checker_callback,
746
data=command))
747
# The checker may have completed before the gobject
748
# watch was added. Check for this.
749
try:
750
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
751
except OSError as error:
752
if error.errno == errno.ECHILD:
753
# This should never happen
754
logger.error("Child process vanished",
755
exc_info=error)
756
return True
757
raise
758
if pid:
759
gobject.source_remove(self.checker_callback_tag)
760
self.checker_callback(pid, status, command)
763
761
# Re-run this periodically if run by gobject.timeout_add
764
762
return True
765
763
771
769
if getattr(self, "checker", None) is None:
772
770
return
773
771
logger.debug("Stopping checker for %(name)s", vars(self))
774
self.checker.terminate()
772
try:
773
self.checker.terminate()
774
#time.sleep(0.5)
775
#if self.checker.poll() is None:
776
# self.checker.kill()
777
except OSError as error:
778
if error.errno != errno.ESRCH: # No such process
779
raise
775
780
self.checker = None
776
781
777
782
778
def dbus_service_property(dbus_interface,
779
signature="v",
780
access="readwrite",
781
byte_arrays=False):
783
def dbus_service_property(dbus_interface, signature="v",
784
access="readwrite", byte_arrays=False):
782
785
"""Decorators for marking methods of a DBusObjectWithProperties to
783
786
become properties on the D-Bus.
784
787
793
796
# "Set" method, so we fail early here:
794
797
if byte_arrays and signature != "ay":
795
798
raise ValueError("Byte arrays not supported for non-'ay'"
796
" signature {!r}".format(signature))
797
799
" signature {0!r}".format(signature))
798
800
def decorator(func):
799
801
func._dbus_is_property = True
800
802
func._dbus_interface = dbus_interface
805
807
func._dbus_name = func._dbus_name[:-14]
806
808
func._dbus_get_args_options = {'byte_arrays': byte_arrays }
807
809
return func
808
809
810
return decorator
810
811
811
812
820
821
"org.freedesktop.DBus.Property.EmitsChangedSignal":
821
822
"false"}
822
823
"""
823
824
824
def decorator(func):
825
825
func._dbus_is_interface = True
826
826
func._dbus_interface = dbus_interface
827
827
func._dbus_name = dbus_interface
828
828
return func
829
830
829
return decorator
831
830
832
831
834
833
"""Decorator to annotate D-Bus methods, signals or properties
835
834
Usage:
836
835
837
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true",
838
"org.freedesktop.DBus.Property."
839
"EmitsChangedSignal": "false"})
840
836
@dbus_service_property("org.example.Interface", signature="b",
841
837
access="r")
838
@dbus_annotations({{"org.freedesktop.DBus.Deprecated": "true",
839
"org.freedesktop.DBus.Property."
840
"EmitsChangedSignal": "false"})
842
841
def Property_dbus_property(self):
843
842
return dbus.Boolean(False)
844
845
See also the DBusObjectWithAnnotations class.
846
843
"""
847
848
844
def decorator(func):
849
845
func._dbus_annotations = annotations
850
846
return func
851
852
847
return decorator
853
848
854
849
855
850
class DBusPropertyException(dbus.exceptions.DBusException):
856
851
"""A base class for D-Bus property-related exceptions
857
852
"""
858
pass
853
def __unicode__(self):
854
return unicode(str(self))
859
855
860
856
861
857
class DBusPropertyAccessException(DBusPropertyException):
870
866
pass
871
867
872
868
873
class DBusObjectWithAnnotations(dbus.service.Object):
874
"""A D-Bus object with annotations.
869
class DBusObjectWithProperties(dbus.service.Object):
870
"""A D-Bus object with properties.
875
871
876
Classes inheriting from this can use the dbus_annotations
877
decorator to add annotations to methods or signals.
872
Classes inheriting from this can use the dbus_service_property
873
decorator to expose methods as D-Bus properties. It exposes the
874
standard Get(), Set(), and GetAll() methods on the D-Bus.
878
875
"""
879
876
880
877
@staticmethod
884
881
If called like _is_dbus_thing("method") it returns a function
885
882
suitable for use as predicate to inspect.getmembers().
886
883
"""
887
return lambda obj: getattr(obj, "_dbus_is_{}".format(thing),
884
return lambda obj: getattr(obj, "_dbus_is_{0}".format(thing),
888
885
False)
889
886
890
887
def _get_all_dbus_things(self, thing):
891
888
"""Returns a generator of (name, attribute) pairs
892
889
"""
893
return ((getattr(athing.__get__(self), "_dbus_name", name),
890
return ((getattr(athing.__get__(self), "_dbus_name",
891
name),
894
892
athing.__get__(self))
895
893
for cls in self.__class__.__mro__
896
894
for name, athing in
897
inspect.getmembers(cls, self._is_dbus_thing(thing)))
898
899
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
900
out_signature = "s",
901
path_keyword = 'object_path',
902
connection_keyword = 'connection')
903
def Introspect(self, object_path, connection):
904
"""Overloading of standard D-Bus method.
905
906
Inserts annotation tags on methods and signals.
907
"""
908
xmlstring = dbus.service.Object.Introspect(self, object_path,
909
connection)
910
try:
911
document = xml.dom.minidom.parseString(xmlstring)
912
913
for if_tag in document.getElementsByTagName("interface"):
914
# Add annotation tags
915
for typ in ("method", "signal"):
916
for tag in if_tag.getElementsByTagName(typ):
917
annots = dict()
918
for name, prop in (self.
919
_get_all_dbus_things(typ)):
920
if (name == tag.getAttribute("name")
921
and prop._dbus_interface
922
== if_tag.getAttribute("name")):
923
annots.update(getattr(
924
prop, "_dbus_annotations", {}))
925
for name, value in annots.items():
926
ann_tag = document.createElement(
927
"annotation")
928
ann_tag.setAttribute("name", name)
929
ann_tag.setAttribute("value", value)
930
tag.appendChild(ann_tag)
931
# Add interface annotation tags
932
for annotation, value in dict(
933
itertools.chain.from_iterable(
934
annotations().items()
935
for name, annotations
936
in self._get_all_dbus_things("interface")
937
if name == if_tag.getAttribute("name")
938
)).items():
939
ann_tag = document.createElement("annotation")
940
ann_tag.setAttribute("name", annotation)
941
ann_tag.setAttribute("value", value)
942
if_tag.appendChild(ann_tag)
943
# Fix argument name for the Introspect method itself
944
if (if_tag.getAttribute("name")
945
== dbus.INTROSPECTABLE_IFACE):
946
for cn in if_tag.getElementsByTagName("method"):
947
if cn.getAttribute("name") == "Introspect":
948
for arg in cn.getElementsByTagName("arg"):
949
if (arg.getAttribute("direction")
950
== "out"):
951
arg.setAttribute("name",
952
"xml_data")
953
xmlstring = document.toxml("utf-8")
954
document.unlink()
955
except (AttributeError, xml.dom.DOMException,
956
xml.parsers.expat.ExpatError) as error:
957
logger.error("Failed to override Introspection method",
958
exc_info=error)
959
return xmlstring
960
961
962
class DBusObjectWithProperties(DBusObjectWithAnnotations):
963
"""A D-Bus object with properties.
964
965
Classes inheriting from this can use the dbus_service_property
966
decorator to expose methods as D-Bus properties. It exposes the
967
standard Get(), Set(), and GetAll() methods on the D-Bus.
968
"""
895
inspect.getmembers(cls,
896
self._is_dbus_thing(thing)))
969
897
970
898
def _get_dbus_property(self, interface_name, property_name):
971
899
"""Returns a bound method if one exists which is a D-Bus
972
900
property with the specified name and interface.
973
901
"""
974
for cls in self.__class__.__mro__:
975
for name, value in inspect.getmembers(
976
cls, self._is_dbus_thing("property")):
902
for cls in self.__class__.__mro__:
903
for name, value in (inspect.getmembers
904
(cls,
905
self._is_dbus_thing("property"))):
977
906
if (value._dbus_name == property_name
978
907
and value._dbus_interface == interface_name):
979
908
return value.__get__(self)
980
909
981
910
# No such property
982
raise DBusPropertyNotFound("{}:{}.{}".format(
983
self.dbus_object_path, interface_name, property_name))
984
985
@classmethod
986
def _get_all_interface_names(cls):
987
"""Get a sequence of all interfaces supported by an object"""
988
return (name for name in set(getattr(getattr(x, attr),
989
"_dbus_interface", None)
990
for x in (inspect.getmro(cls))
991
for attr in dir(x))
992
if name is not None)
993
994
@dbus.service.method(dbus.PROPERTIES_IFACE,
995
in_signature="ss",
911
raise DBusPropertyNotFound(self.dbus_object_path + ":"
912
+ interface_name + "."
913
+ property_name)
914
915
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
996
916
out_signature="v")
997
917
def Get(self, interface_name, property_name):
998
918
"""Standard D-Bus property Get() method, see D-Bus standard.
1017
937
# signatures other than "ay".
1018
938
if prop._dbus_signature != "ay":
1019
939
raise ValueError("Byte arrays not supported for non-"
1020
"'ay' signature {!r}"
940
"'ay' signature {0!r}"
1021
941
.format(prop._dbus_signature))
1022
942
value = dbus.ByteArray(b''.join(chr(byte)
1023
943
for byte in value))
1024
944
prop(value)
1025
945
1026
@dbus.service.method(dbus.PROPERTIES_IFACE,
1027
in_signature="s",
946
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
1028
947
out_signature="a{sv}")
1029
948
def GetAll(self, interface_name):
1030
949
"""Standard D-Bus property GetAll() method, see D-Bus
1045
964
if not hasattr(value, "variant_level"):
1046
965
properties[name] = value
1047
966
continue
1048
properties[name] = type(value)(
1049
value, variant_level = value.variant_level + 1)
967
properties[name] = type(value)(value, variant_level=
968
value.variant_level+1)
1050
969
return dbus.Dictionary(properties, signature="sv")
1051
970
1052
@dbus.service.signal(dbus.PROPERTIES_IFACE, signature="sa{sv}as")
1053
def PropertiesChanged(self, interface_name, changed_properties,
1054
invalidated_properties):
1055
"""Standard D-Bus PropertiesChanged() signal, see D-Bus
1056
standard.
1057
"""
1058
pass
1059
1060
971
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
1061
972
out_signature="s",
1062
973
path_keyword='object_path',
1066
977
1067
978
Inserts property tags and interface annotation tags.
1068
979
"""
1069
xmlstring = DBusObjectWithAnnotations.Introspect(self,
1070
object_path,
1071
connection)
980
xmlstring = dbus.service.Object.Introspect(self, object_path,
981
connection)
1072
982
try:
1073
983
document = xml.dom.minidom.parseString(xmlstring)
1074
1075
984
def make_tag(document, name, prop):
1076
985
e = document.createElement("property")
1077
986
e.setAttribute("name", name)
1078
987
e.setAttribute("type", prop._dbus_signature)
1079
988
e.setAttribute("access", prop._dbus_access)
1080
989
return e
1081
1082
990
for if_tag in document.getElementsByTagName("interface"):
1083
991
# Add property tags
1084
992
for tag in (make_tag(document, name, prop)
1087
995
if prop._dbus_interface
1088
996
== if_tag.getAttribute("name")):
1089
997
if_tag.appendChild(tag)
1090
# Add annotation tags for properties
1091
for tag in if_tag.getElementsByTagName("property"):
1092
annots = dict()
1093
for name, prop in self._get_all_dbus_things(
1094
"property"):
1095
if (name == tag.getAttribute("name")
1096
and prop._dbus_interface
1097
== if_tag.getAttribute("name")):
1098
annots.update(getattr(
1099
prop, "_dbus_annotations", {}))
1100
for name, value in annots.items():
1101
ann_tag = document.createElement(
1102
"annotation")
1103
ann_tag.setAttribute("name", name)
1104
ann_tag.setAttribute("value", value)
1105
tag.appendChild(ann_tag)
998
# Add annotation tags
999
for typ in ("method", "signal", "property"):
1000
for tag in if_tag.getElementsByTagName(typ):
1001
annots = dict()
1002
for name, prop in (self.
1003
_get_all_dbus_things(typ)):
1004
if (name == tag.getAttribute("name")
1005
and prop._dbus_interface
1006
== if_tag.getAttribute("name")):
1007
annots.update(getattr
1008
(prop,
1009
"_dbus_annotations",
1010
{}))
1011
for name, value in annots.iteritems():
1012
ann_tag = document.createElement(
1013
"annotation")
1014
ann_tag.setAttribute("name", name)
1015
ann_tag.setAttribute("value", value)
1016
tag.appendChild(ann_tag)
1017
# Add interface annotation tags
1018
for annotation, value in dict(
1019
itertools.chain.from_iterable(
1020
annotations().iteritems()
1021
for name, annotations in
1022
self._get_all_dbus_things("interface")
1023
if name == if_tag.getAttribute("name")
1024
)).iteritems():
1025
ann_tag = document.createElement("annotation")
1026
ann_tag.setAttribute("name", annotation)
1027
ann_tag.setAttribute("value", value)
1028
if_tag.appendChild(ann_tag)
1106
1029
# Add the names to the return values for the
1107
1030
# "org.freedesktop.DBus.Properties" methods
1108
1031
if (if_tag.getAttribute("name")
1126
1049
exc_info=error)
1127
1050
return xmlstring
1128
1051
1129
try:
1130
dbus.OBJECT_MANAGER_IFACE
1131
except AttributeError:
1132
dbus.OBJECT_MANAGER_IFACE = "org.freedesktop.DBus.ObjectManager"
1133
1134
class DBusObjectWithObjectManager(DBusObjectWithAnnotations):
1135
"""A D-Bus object with an ObjectManager.
1136
1137
Classes inheriting from this exposes the standard
1138
GetManagedObjects call and the InterfacesAdded and
1139
InterfacesRemoved signals on the standard
1140
"org.freedesktop.DBus.ObjectManager" interface.
1141
1142
Note: No signals are sent automatically; they must be sent
1143
manually.
1144
"""
1145
@dbus.service.method(dbus.OBJECT_MANAGER_IFACE,
1146
out_signature = "a{oa{sa{sv}}}")
1147
def GetManagedObjects(self):
1148
"""This function must be overridden"""
1149
raise NotImplementedError()
1150
1151
@dbus.service.signal(dbus.OBJECT_MANAGER_IFACE,
1152
signature = "oa{sa{sv}}")
1153
def InterfacesAdded(self, object_path, interfaces_and_properties):
1154
pass
1155
1156
@dbus.service.signal(dbus.OBJECT_MANAGER_IFACE, signature = "oas")
1157
def InterfacesRemoved(self, object_path, interfaces):
1158
pass
1159
1160
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
1161
out_signature = "s",
1162
path_keyword = 'object_path',
1163
connection_keyword = 'connection')
1164
def Introspect(self, object_path, connection):
1165
"""Overloading of standard D-Bus method.
1166
1167
Override return argument name of GetManagedObjects to be
1168
"objpath_interfaces_and_properties"
1169
"""
1170
xmlstring = DBusObjectWithAnnotations.Introspect(self,
1171
object_path,
1172
connection)
1173
try:
1174
document = xml.dom.minidom.parseString(xmlstring)
1175
1176
for if_tag in document.getElementsByTagName("interface"):
1177
# Fix argument name for the GetManagedObjects method
1178
if (if_tag.getAttribute("name")
1179
== dbus.OBJECT_MANAGER_IFACE):
1180
for cn in if_tag.getElementsByTagName("method"):
1181
if (cn.getAttribute("name")
1182
== "GetManagedObjects"):
1183
for arg in cn.getElementsByTagName("arg"):
1184
if (arg.getAttribute("direction")
1185
== "out"):
1186
arg.setAttribute(
1187
"name",
1188
"objpath_interfaces"
1189
"_and_properties")
1190
xmlstring = document.toxml("utf-8")
1191
document.unlink()
1192
except (AttributeError, xml.dom.DOMException,
1193
xml.parsers.expat.ExpatError) as error:
1194
logger.error("Failed to override Introspection method",
1195
exc_info = error)
1196
return xmlstring
1197
1052
1198
1053
def datetime_to_dbus(dt, variant_level=0):
1199
1054
"""Convert a UTC datetime.datetime() to a D-Bus type."""
1200
1055
if dt is None:
1201
1056
return dbus.String("", variant_level = variant_level)
1202
return dbus.String(dt.isoformat(), variant_level=variant_level)
1057
return dbus.String(dt.isoformat(),
1058
variant_level=variant_level)
1203
1059
1204
1060
1205
1061
def alternate_dbus_interfaces(alt_interface_names, deprecate=True):
1225
1081
(from DBusObjectWithProperties) and interfaces (from the
1226
1082
dbus_interface_annotations decorator).
1227
1083
"""
1228
1229
1084
def wrapper(cls):
1230
1085
for orig_interface_name, alt_interface_name in (
1231
alt_interface_names.items()):
1086
alt_interface_names.iteritems()):
1232
1087
attr = {}
1233
1088
interface_names = set()
1234
1089
# Go though all attributes of the class
1236
1091
# Ignore non-D-Bus attributes, and D-Bus attributes
1237
1092
# with the wrong interface name
1238
1093
if (not hasattr(attribute, "_dbus_interface")
1239
or not attribute._dbus_interface.startswith(
1240
orig_interface_name)):
1094
or not attribute._dbus_interface
1095
.startswith(orig_interface_name)):
1241
1096
continue
1242
1097
# Create an alternate D-Bus interface name based on
1243
1098
# the current name
1244
alt_interface = attribute._dbus_interface.replace(
1245
orig_interface_name, alt_interface_name)
1099
alt_interface = (attribute._dbus_interface
1100
.replace(orig_interface_name,
1101
alt_interface_name))
1246
1102
interface_names.add(alt_interface)
1247
1103
# Is this a D-Bus signal?
1248
1104
if getattr(attribute, "_dbus_is_signal", False):
1249
if sys.version_info.major == 2:
1250
# Extract the original non-method undecorated
1251
# function by black magic
1252
nonmethod_func = (dict(
1105
# Extract the original non-method undecorated
1106
# function by black magic
1107
nonmethod_func = (dict(
1253
1108
zip(attribute.func_code.co_freevars,
1254
attribute.__closure__))
1255
["func"].cell_contents)
1256
else:
1257
nonmethod_func = attribute
1109
attribute.__closure__))["func"]
1110
.cell_contents)
1258
1111
# Create a new, but exactly alike, function
1259
1112
# object, and decorate it to be a new D-Bus signal
1260
1113
# with the alternate D-Bus interface name
1261
if sys.version_info.major == 2:
1262
new_function = types.FunctionType(
1263
nonmethod_func.func_code,
1264
nonmethod_func.func_globals,
1265
nonmethod_func.func_name,
1266
nonmethod_func.func_defaults,
1267
nonmethod_func.func_closure)
1268
else:
1269
new_function = types.FunctionType(
1270
nonmethod_func.__code__,
1271
nonmethod_func.__globals__,
1272
nonmethod_func.__name__,
1273
nonmethod_func.__defaults__,
1274
nonmethod_func.__closure__)
1275
new_function = (dbus.service.signal(
1276
alt_interface,
1277
attribute._dbus_signature)(new_function))
1114
new_function = (dbus.service.signal
1115
(alt_interface,
1116
attribute._dbus_signature)
1117
(types.FunctionType(
1118
nonmethod_func.func_code,
1119
nonmethod_func.func_globals,
1120
nonmethod_func.func_name,
1121
nonmethod_func.func_defaults,
1122
nonmethod_func.func_closure)))
1278
1123
# Copy annotations, if any
1279
1124
try:
1280
new_function._dbus_annotations = dict(
1281
attribute._dbus_annotations)
1125
new_function._dbus_annotations = (
1126
dict(attribute._dbus_annotations))
1282
1127
except AttributeError:
1283
1128
pass
1284
1129
# Define a creator of a function to call both the
1289
1134
"""This function is a scope container to pass
1290
1135
func1 and func2 to the "call_both" function
1291
1136
outside of its arguments"""
1292
1293
@functools.wraps(func2)
1294
1137
def call_both(*args, **kwargs):
1295
1138
"""This function will emit two D-Bus
1296
1139
signals by calling func1 and func2"""
1297
1140
func1(*args, **kwargs)
1298
1141
func2(*args, **kwargs)
1299
# Make wrapper function look like a D-Bus signal
1300
for name, attr in inspect.getmembers(func2):
1301
if name.startswith("_dbus_"):
1302
setattr(call_both, name, attr)
1303
1304
1142
return call_both
1305
1143
# Create the "call_both" function and add it to
1306
1144
# the class
1311
1149
# object. Decorate it to be a new D-Bus method
1312
1150
# with the alternate D-Bus interface name. Add it
1313
1151
# to the class.
1314
attr[attrname] = (
1315
dbus.service.method(
1316
alt_interface,
1317
attribute._dbus_in_signature,
1318
attribute._dbus_out_signature)
1319
(types.FunctionType(attribute.func_code,
1320
attribute.func_globals,
1321
attribute.func_name,
1322
attribute.func_defaults,
1323
attribute.func_closure)))
1152
attr[attrname] = (dbus.service.method
1153
(alt_interface,
1154
attribute._dbus_in_signature,
1155
attribute._dbus_out_signature)
1156
(types.FunctionType
1157
(attribute.func_code,
1158
attribute.func_globals,
1159
attribute.func_name,
1160
attribute.func_defaults,
1161
attribute.func_closure)))
1324
1162
# Copy annotations, if any
1325
1163
try:
1326
attr[attrname]._dbus_annotations = dict(
1327
attribute._dbus_annotations)
1164
attr[attrname]._dbus_annotations = (
1165
dict(attribute._dbus_annotations))
1328
1166
except AttributeError:
1329
1167
pass
1330
1168
# Is this a D-Bus property?
1333
1171
# object, and decorate it to be a new D-Bus
1334
1172
# property with the alternate D-Bus interface
1335
1173
# name. Add it to the class.
1336
attr[attrname] = (dbus_service_property(
1337
alt_interface, attribute._dbus_signature,
1338
attribute._dbus_access,
1339
attribute._dbus_get_args_options
1340
["byte_arrays"])
1341
(types.FunctionType(
1342
attribute.func_code,
1343
attribute.func_globals,
1344
attribute.func_name,
1345
attribute.func_defaults,
1346
attribute.func_closure)))
1174
attr[attrname] = (dbus_service_property
1175
(alt_interface,
1176
attribute._dbus_signature,
1177
attribute._dbus_access,
1178
attribute
1179
._dbus_get_args_options
1180
["byte_arrays"])
1181
(types.FunctionType
1182
(attribute.func_code,
1183
attribute.func_globals,
1184
attribute.func_name,
1185
attribute.func_defaults,
1186
attribute.func_closure)))
1347
1187
# Copy annotations, if any
1348
1188
try:
1349
attr[attrname]._dbus_annotations = dict(
1350
attribute._dbus_annotations)
1189
attr[attrname]._dbus_annotations = (
1190
dict(attribute._dbus_annotations))
1351
1191
except AttributeError:
1352
1192
pass
1353
1193
# Is this a D-Bus interface?
1356
1196
# object. Decorate it to be a new D-Bus interface
1357
1197
# with the alternate D-Bus interface name. Add it
1358
1198
# to the class.
1359
attr[attrname] = (
1360
dbus_interface_annotations(alt_interface)
1361
(types.FunctionType(attribute.func_code,
1362
attribute.func_globals,
1363
attribute.func_name,
1364
attribute.func_defaults,
1365
attribute.func_closure)))
1199
attr[attrname] = (dbus_interface_annotations
1200
(alt_interface)
1201
(types.FunctionType
1202
(attribute.func_code,
1203
attribute.func_globals,
1204
attribute.func_name,
1205
attribute.func_defaults,
1206
attribute.func_closure)))
1366
1207
if deprecate:
1367
1208
# Deprecate all alternate interfaces
1368
iname="_AlternateDBusNames_interface_annotation{}"
1209
iname="_AlternateDBusNames_interface_annotation{0}"
1369
1210
for interface_name in interface_names:
1370
1371
1211
@dbus_interface_annotations(interface_name)
1372
1212
def func(self):
1373
1213
return { "org.freedesktop.DBus.Deprecated":
1374
"true" }
1214
"true" }
1375
1215
# Find an unused name
1376
1216
for aname in (iname.format(i)
1377
1217
for i in itertools.count()):
1381
1221
if interface_names:
1382
1222
# Replace the class with a new subclass of it with
1383
1223
# methods, signals, etc. as created above.
1384
cls = type(b"{}Alternate".format(cls.__name__),
1385
(cls, ), attr)
1224
cls = type(b"{0}Alternate".format(cls.__name__),
1225
(cls,), attr)
1386
1226
return cls
1387
1388
1227
return wrapper
1389
1228
1390
1229
1391
1230
@alternate_dbus_interfaces({"se.recompile.Mandos":
1392
"se.bsnet.fukt.Mandos"})
1231
"se.bsnet.fukt.Mandos"})
1393
1232
class ClientDBus(Client, DBusObjectWithProperties):
1394
1233
"""A Client class using D-Bus
1395
1234
1399
1238
"""
1400
1239
1401
1240
runtime_expansions = (Client.runtime_expansions
1402
+ ("dbus_object_path", ))
1403
1404
_interface = "se.recompile.Mandos.Client"
1241
+ ("dbus_object_path",))
1405
1242
1406
1243
# dbus.service.Object doesn't use super(), so we can't either.
1407
1244
1410
1247
Client.__init__(self, *args, **kwargs)
1411
1248
# Only now, when this client is initialized, can it show up on
1412
1249
# the D-Bus
1413
client_object_name = str(self.name).translate(
1250
client_object_name = unicode(self.name).translate(
1414
1251
{ord("."): ord("_"),
1415
1252
ord("-"): ord("_")})
1416
self.dbus_object_path = dbus.ObjectPath(
1417
"/clients/" + client_object_name)
1253
self.dbus_object_path = (dbus.ObjectPath
1254
("/clients/" + client_object_name))
1418
1255
DBusObjectWithProperties.__init__(self, self.bus,
1419
1256
self.dbus_object_path)
1420
1257
1421
def notifychangeproperty(transform_func, dbus_name,
1422
type_func=lambda x: x,
1423
variant_level=1,
1424
invalidate_only=False,
1425
_interface=_interface):
1258
def notifychangeproperty(transform_func,
1259
dbus_name, type_func=lambda x: x,
1260
variant_level=1):
1426
1261
""" Modify a variable so that it's a property which announces
1427
1262
its changes to DBus.
1428
1263
1433
1268
to the D-Bus. Default: no transform
1434
1269
variant_level: D-Bus variant level. Default: 1
1435
1270
"""
1436
attrname = "_{}".format(dbus_name)
1437
1271
attrname = "_{0}".format(dbus_name)
1438
1272
def setter(self, value):
1439
1273
if hasattr(self, "dbus_object_path"):
1440
1274
if (not hasattr(self, attrname) or
1441
1275
type_func(getattr(self, attrname, None))
1442
1276
!= type_func(value)):
1443
if invalidate_only:
1444
self.PropertiesChanged(
1445
_interface, dbus.Dictionary(),
1446
dbus.Array((dbus_name, )))
1447
else:
1448
dbus_value = transform_func(
1449
type_func(value),
1450
variant_level = variant_level)
1451
self.PropertyChanged(dbus.String(dbus_name),
1452
dbus_value)
1453
self.PropertiesChanged(
1454
_interface,
1455
dbus.Dictionary({ dbus.String(dbus_name):
1456
dbus_value }),
1457
dbus.Array())
1277
dbus_value = transform_func(type_func(value),
1278
variant_level
1279
=variant_level)
1280
self.PropertyChanged(dbus.String(dbus_name),
1281
dbus_value)
1458
1282
setattr(self, attrname, value)
1459
1283
1460
1284
return property(lambda self: getattr(self, attrname), setter)
1466
1290
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
1467
1291
last_enabled = notifychangeproperty(datetime_to_dbus,
1468
1292
"LastEnabled")
1469
checker = notifychangeproperty(
1470
dbus.Boolean, "CheckerRunning",
1471
type_func = lambda checker: checker is not None)
1293
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
1294
type_func = lambda checker:
1295
checker is not None)
1472
1296
last_checked_ok = notifychangeproperty(datetime_to_dbus,
1473
1297
"LastCheckedOK")
1474
1298
last_checker_status = notifychangeproperty(dbus.Int16,
1477
1301
datetime_to_dbus, "LastApprovalRequest")
1478
1302
approved_by_default = notifychangeproperty(dbus.Boolean,
1479
1303
"ApprovedByDefault")
1480
approval_delay = notifychangeproperty(
1481
dbus.UInt64, "ApprovalDelay",
1482
type_func = lambda td: td.total_seconds() * 1000)
1304
approval_delay = notifychangeproperty(dbus.UInt64,
1305
"ApprovalDelay",
1306
type_func =
1307
timedelta_to_milliseconds)
1483
1308
approval_duration = notifychangeproperty(
1484
1309
dbus.UInt64, "ApprovalDuration",
1485
type_func = lambda td: td.total_seconds() * 1000)
1310
type_func = timedelta_to_milliseconds)
1486
1311
host = notifychangeproperty(dbus.String, "Host")
1487
timeout = notifychangeproperty(
1488
dbus.UInt64, "Timeout",
1489
type_func = lambda td: td.total_seconds() * 1000)
1312
timeout = notifychangeproperty(dbus.UInt64, "Timeout",
1313
type_func =
1314
timedelta_to_milliseconds)
1490
1315
extended_timeout = notifychangeproperty(
1491
1316
dbus.UInt64, "ExtendedTimeout",
1492
type_func = lambda td: td.total_seconds() * 1000)
1493
interval = notifychangeproperty(
1494
dbus.UInt64, "Interval",
1495
type_func = lambda td: td.total_seconds() * 1000)
1317
type_func = timedelta_to_milliseconds)
1318
interval = notifychangeproperty(dbus.UInt64,
1319
"Interval",
1320
type_func =
1321
timedelta_to_milliseconds)
1496
1322
checker_command = notifychangeproperty(dbus.String, "Checker")
1497
secret = notifychangeproperty(dbus.ByteArray, "Secret",
1498
invalidate_only=True)
1499
1323
1500
1324
del notifychangeproperty
1501
1325
1508
1332
DBusObjectWithProperties.__del__(self, *args, **kwargs)
1509
1333
Client.__del__(self, *args, **kwargs)
1510
1334
1511
def checker_callback(self, source, condition,
1512
connection, command, *args, **kwargs):
1513
ret = Client.checker_callback(self, source, condition,
1514
connection, command, *args,
1515
**kwargs)
1516
exitstatus = self.last_checker_status
1517
if exitstatus >= 0:
1335
def checker_callback(self, pid, condition, command,
1336
*args, **kwargs):
1337
self.checker_callback_tag = None
1338
self.checker = None
1339
if os.WIFEXITED(condition):
1340
exitstatus = os.WEXITSTATUS(condition)
1518
1341
# Emit D-Bus signal
1519
1342
self.CheckerCompleted(dbus.Int16(exitstatus),
1520
# This is specific to GNU libC
1521
dbus.Int64(exitstatus << 8),
1343
dbus.Int64(condition),
1522
1344
dbus.String(command))
1523
1345
else:
1524
1346
# Emit D-Bus signal
1525
1347
self.CheckerCompleted(dbus.Int16(-1),
1526
dbus.Int64(
1527
# This is specific to GNU libC
1528
(exitstatus << 8)
1529
| self.last_checker_signal),
1348
dbus.Int64(condition),
1530
1349
dbus.String(command))
1531
return ret
1350
1351
return Client.checker_callback(self, pid, condition, command,
1352
*args, **kwargs)
1532
1353
1533
1354
def start_checker(self, *args, **kwargs):
1534
1355
old_checker_pid = getattr(self.checker, "pid", None)
1546
1367
1547
1368
def approve(self, value=True):
1548
1369
self.approved = value
1549
gobject.timeout_add(int(self.approval_duration.total_seconds()
1550
* 1000), self._reset_approved)
1370
gobject.timeout_add(timedelta_to_milliseconds
1371
(self.approval_duration),
1372
self._reset_approved)
1551
1373
self.send_changedstate()
1552
1374
1553
1375
## D-Bus methods, signals & properties
1376
_interface = "se.recompile.Mandos.Client"
1554
1377
1555
1378
## Interfaces
1556
1379
1380
@dbus_interface_annotations(_interface)
1381
def _foo(self):
1382
return { "org.freedesktop.DBus.Property.EmitsChangedSignal":
1383
"false"}
1384
1557
1385
## Signals
1558
1386
1559
1387
# CheckerCompleted - signal
1569
1397
pass
1570
1398
1571
1399
# PropertyChanged - signal
1572
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1573
1400
@dbus.service.signal(_interface, signature="sv")
1574
1401
def PropertyChanged(self, property, value):
1575
1402
"D-Bus signal"
1609
1436
self.checked_ok()
1610
1437
1611
1438
# Enable - method
1612
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1613
1439
@dbus.service.method(_interface)
1614
1440
def Enable(self):
1615
1441
"D-Bus method"
1616
1442
self.enable()
1617
1443
1618
1444
# StartChecker - method
1619
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1620
1445
@dbus.service.method(_interface)
1621
1446
def StartChecker(self):
1622
1447
"D-Bus method"
1623
1448
self.start_checker()
1624
1449
1625
1450
# Disable - method
1626
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1627
1451
@dbus.service.method(_interface)
1628
1452
def Disable(self):
1629
1453
"D-Bus method"
1630
1454
self.disable()
1631
1455
1632
1456
# StopChecker - method
1633
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1634
1457
@dbus.service.method(_interface)
1635
1458
def StopChecker(self):
1636
1459
self.stop_checker()
1643
1466
return dbus.Boolean(bool(self.approvals_pending))
1644
1467
1645
1468
# ApprovedByDefault - property
1646
@dbus_service_property(_interface,
1647
signature="b",
1469
@dbus_service_property(_interface, signature="b",
1648
1470
access="readwrite")
1649
1471
def ApprovedByDefault_dbus_property(self, value=None):
1650
1472
if value is None: # get
1652
1474
self.approved_by_default = bool(value)
1653
1475
1654
1476
# ApprovalDelay - property
1655
@dbus_service_property(_interface,
1656
signature="t",
1477
@dbus_service_property(_interface, signature="t",
1657
1478
access="readwrite")
1658
1479
def ApprovalDelay_dbus_property(self, value=None):
1659
1480
if value is None: # get
1660
return dbus.UInt64(self.approval_delay.total_seconds()
1661
* 1000)
1481
return dbus.UInt64(self.approval_delay_milliseconds())
1662
1482
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1663
1483
1664
1484
# ApprovalDuration - property
1665
@dbus_service_property(_interface,
1666
signature="t",
1485
@dbus_service_property(_interface, signature="t",
1667
1486
access="readwrite")
1668
1487
def ApprovalDuration_dbus_property(self, value=None):
1669
1488
if value is None: # get
1670
return dbus.UInt64(self.approval_duration.total_seconds()
1671
* 1000)
1489
return dbus.UInt64(timedelta_to_milliseconds(
1490
self.approval_duration))
1672
1491
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1673
1492
1674
1493
# Name - property
1675
@dbus_annotations(
1676
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1677
1494
@dbus_service_property(_interface, signature="s", access="read")
1678
1495
def Name_dbus_property(self):
1679
1496
return dbus.String(self.name)
1680
1497
1681
1498
# Fingerprint - property
1682
@dbus_annotations(
1683
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1684
1499
@dbus_service_property(_interface, signature="s", access="read")
1685
1500
def Fingerprint_dbus_property(self):
1686
1501
return dbus.String(self.fingerprint)
1687
1502
1688
1503
# Host - property
1689
@dbus_service_property(_interface,
1690
signature="s",
1504
@dbus_service_property(_interface, signature="s",
1691
1505
access="readwrite")
1692
1506
def Host_dbus_property(self, value=None):
1693
1507
if value is None: # get
1694
1508
return dbus.String(self.host)
1695
self.host = str(value)
1509
self.host = unicode(value)
1696
1510
1697
1511
# Created - property
1698
@dbus_annotations(
1699
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1700
1512
@dbus_service_property(_interface, signature="s", access="read")
1701
1513
def Created_dbus_property(self):
1702
1514
return datetime_to_dbus(self.created)
1707
1519
return datetime_to_dbus(self.last_enabled)
1708
1520
1709
1521
# Enabled - property
1710
@dbus_service_property(_interface,
1711
signature="b",
1522
@dbus_service_property(_interface, signature="b",
1712
1523
access="readwrite")
1713
1524
def Enabled_dbus_property(self, value=None):
1714
1525
if value is None: # get
1719
1530
self.disable()
1720
1531
1721
1532
# LastCheckedOK - property
1722
@dbus_service_property(_interface,
1723
signature="s",
1533
@dbus_service_property(_interface, signature="s",
1724
1534
access="readwrite")
1725
1535
def LastCheckedOK_dbus_property(self, value=None):
1726
1536
if value is not None:
1729
1539
return datetime_to_dbus(self.last_checked_ok)
1730
1540
1731
1541
# LastCheckerStatus - property
1732
@dbus_service_property(_interface, signature="n", access="read")
1542
@dbus_service_property(_interface, signature="n",
1543
access="read")
1733
1544
def LastCheckerStatus_dbus_property(self):
1734
1545
return dbus.Int16(self.last_checker_status)
1735
1546
1744
1555
return datetime_to_dbus(self.last_approval_request)
1745
1556
1746
1557
# Timeout - property
1747
@dbus_service_property(_interface,
1748
signature="t",
1558
@dbus_service_property(_interface, signature="t",
1749
1559
access="readwrite")
1750
1560
def Timeout_dbus_property(self, value=None):
1751
1561
if value is None: # get
1752
return dbus.UInt64(self.timeout.total_seconds() * 1000)
1562
return dbus.UInt64(self.timeout_milliseconds())
1753
1563
old_timeout = self.timeout
1754
1564
self.timeout = datetime.timedelta(0, 0, 0, value)
1755
1565
# Reschedule disabling
1764
1574
is None):
1765
1575
return
1766
1576
gobject.source_remove(self.disable_initiator_tag)
1767
self.disable_initiator_tag = gobject.timeout_add(
1768
int((self.expires - now).total_seconds() * 1000),
1769
self.disable)
1577
self.disable_initiator_tag = (
1578
gobject.timeout_add(
1579
timedelta_to_milliseconds(self.expires - now),
1580
self.disable))
1770
1581
1771
1582
# ExtendedTimeout - property
1772
@dbus_service_property(_interface,
1773
signature="t",
1583
@dbus_service_property(_interface, signature="t",
1774
1584
access="readwrite")
1775
1585
def ExtendedTimeout_dbus_property(self, value=None):
1776
1586
if value is None: # get
1777
return dbus.UInt64(self.extended_timeout.total_seconds()
1778
* 1000)
1587
return dbus.UInt64(self.extended_timeout_milliseconds())
1779
1588
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1780
1589
1781
1590
# Interval - property
1782
@dbus_service_property(_interface,
1783
signature="t",
1591
@dbus_service_property(_interface, signature="t",
1784
1592
access="readwrite")
1785
1593
def Interval_dbus_property(self, value=None):
1786
1594
if value is None: # get
1787
return dbus.UInt64(self.interval.total_seconds() * 1000)
1595
return dbus.UInt64(self.interval_milliseconds())
1788
1596
self.interval = datetime.timedelta(0, 0, 0, value)
1789
1597
if getattr(self, "checker_initiator_tag", None) is None:
1790
1598
return
1791
1599
if self.enabled:
1792
1600
# Reschedule checker run
1793
1601
gobject.source_remove(self.checker_initiator_tag)
1794
self.checker_initiator_tag = gobject.timeout_add(
1795
value, self.start_checker)
1796
self.start_checker() # Start one now, too
1602
self.checker_initiator_tag = (gobject.timeout_add
1603
(value, self.start_checker))
1604
self.start_checker() # Start one now, too
1797
1605
1798
1606
# Checker - property
1799
@dbus_service_property(_interface,
1800
signature="s",
1607
@dbus_service_property(_interface, signature="s",
1801
1608
access="readwrite")
1802
1609
def Checker_dbus_property(self, value=None):
1803
1610
if value is None: # get
1804
1611
return dbus.String(self.checker_command)
1805
self.checker_command = str(value)
1612
self.checker_command = unicode(value)
1806
1613
1807
1614
# CheckerRunning - property
1808
@dbus_service_property(_interface,
1809
signature="b",
1615
@dbus_service_property(_interface, signature="b",
1810
1616
access="readwrite")
1811
1617
def CheckerRunning_dbus_property(self, value=None):
1812
1618
if value is None: # get
1817
1623
self.stop_checker()
1818
1624
1819
1625
# ObjectPath - property
1820
@dbus_annotations(
1821
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const",
1822
"org.freedesktop.DBus.Deprecated": "true"})
1823
1626
@dbus_service_property(_interface, signature="o", access="read")
1824
1627
def ObjectPath_dbus_property(self):
1825
1628
return self.dbus_object_path # is already a dbus.ObjectPath
1826
1629
1827
1630
# Secret = property
1828
@dbus_annotations(
1829
{"org.freedesktop.DBus.Property.EmitsChangedSignal":
1830
"invalidates"})
1831
@dbus_service_property(_interface,
1832
signature="ay",
1833
access="write",
1834
byte_arrays=True)
1631
@dbus_service_property(_interface, signature="ay",
1632
access="write", byte_arrays=True)
1835
1633
def Secret_dbus_property(self, value):
1836
self.secret = bytes(value)
1634
self.secret = str(value)
1837
1635
1838
1636
del _interface
1839
1637
1843
1641
self._pipe = child_pipe
1844
1642
self._pipe.send(('init', fpr, address))
1845
1643
if not self._pipe.recv():
1846
raise KeyError(fpr)
1644
raise KeyError()
1847
1645
1848
1646
def __getattribute__(self, name):
1849
1647
if name == '_pipe':
1853
1651
if data[0] == 'data':
1854
1652
return data[1]
1855
1653
if data[0] == 'function':
1856
1857
1654
def func(*args, **kwargs):
1858
1655
self._pipe.send(('funcall', name, args, kwargs))
1859
1656
return self._pipe.recv()[1]
1860
1861
1657
return func
1862
1658
1863
1659
def __setattr__(self, name, value):
1875
1671
def handle(self):
1876
1672
with contextlib.closing(self.server.child_pipe) as child_pipe:
1877
1673
logger.info("TCP connection from: %s",
1878
str(self.client_address))
1674
unicode(self.client_address))
1879
1675
logger.debug("Pipe FD: %d",
1880
1676
self.server.child_pipe.fileno())
1881
1677
1882
session = gnutls.connection.ClientSession(
1883
self.request, gnutls.connection.X509Credentials())
1678
session = (gnutls.connection
1679
.ClientSession(self.request,
1680
gnutls.connection
1681
.X509Credentials()))
1884
1682
1885
1683
# Note: gnutls.connection.X509Credentials is really a
1886
1684
# generic GnuTLS certificate credentials object so long as
1895
1693
priority = self.server.gnutls_priority
1896
1694
if priority is None:
1897
1695
priority = "NORMAL"
1898
gnutls.library.functions.gnutls_priority_set_direct(
1899
session._c_object, priority, None)
1696
(gnutls.library.functions
1697
.gnutls_priority_set_direct(session._c_object,
1698
priority, None))
1900
1699
1901
1700
# Start communication using the Mandos protocol
1902
1701
# Get protocol number
1922
1721
approval_required = False
1923
1722
try:
1924
1723
try:
1925
fpr = self.fingerprint(
1926
self.peer_certificate(session))
1724
fpr = self.fingerprint(self.peer_certificate
1725
(session))
1927
1726
except (TypeError,
1928
1727
gnutls.errors.GNUTLSError) as error:
1929
1728
logger.warning("Bad certificate: %s", error)
1944
1743
while True:
1945
1744
if not client.enabled:
1946
1745
logger.info("Client %s is disabled",
1947
client.name)
1746
client.name)
1948
1747
if self.server.use_dbus:
1949
1748
# Emit D-Bus signal
1950
1749
client.Rejected("Disabled")
1959
1758
if self.server.use_dbus:
1960
1759
# Emit D-Bus signal
1961
1760
client.NeedApproval(
1962
client.approval_delay.total_seconds()
1963
* 1000, client.approved_by_default)
1761
client.approval_delay_milliseconds(),
1762
client.approved_by_default)
1964
1763
else:
1965
1764
logger.warning("Client %s was not approved",
1966
1765
client.name)
1972
1771
#wait until timeout or approved
1973
1772
time = datetime.datetime.now()
1974
1773
client.changedstate.acquire()
1975
client.changedstate.wait(delay.total_seconds())
1774
client.changedstate.wait(
1775
float(timedelta_to_milliseconds(delay)
1776
/ 1000))
1976
1777
client.changedstate.release()
1977
1778
time2 = datetime.datetime.now()
1978
1779
if (time2 - time) >= delay:
1997
1798
logger.warning("gnutls send failed",
1998
1799
exc_info=error)
1999
1800
return
2000
logger.debug("Sent: %d, remaining: %d", sent,
2001
len(client.secret) - (sent_size
2002
+ sent))
1801
logger.debug("Sent: %d, remaining: %d",
1802
sent, len(client.secret)
1803
- (sent_size + sent))
2003
1804
sent_size += sent
2004
1805
2005
1806
logger.info("Sending secret to %s", client.name)
2022
1823
def peer_certificate(session):
2023
1824
"Return the peer's OpenPGP certificate as a bytestring"
2024
1825
# If not an OpenPGP certificate...
2025
if (gnutls.library.functions.gnutls_certificate_type_get(
2026
session._c_object)
1826
if (gnutls.library.functions
1827
.gnutls_certificate_type_get(session._c_object)
2027
1828
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
2028
1829
# ...do the normal thing
2029
1830
return session.peer_certificate
2043
1844
def fingerprint(openpgp):
2044
1845
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
2045
1846
# New GnuTLS "datum" with the OpenPGP public key
2046
datum = gnutls.library.types.gnutls_datum_t(
2047
ctypes.cast(ctypes.c_char_p(openpgp),
2048
ctypes.POINTER(ctypes.c_ubyte)),
2049
ctypes.c_uint(len(openpgp)))
1847
datum = (gnutls.library.types
1848
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
1849
ctypes.POINTER
1850
(ctypes.c_ubyte)),
1851
ctypes.c_uint(len(openpgp))))
2050
1852
# New empty GnuTLS certificate
2051
1853
crt = gnutls.library.types.gnutls_openpgp_crt_t()
2052
gnutls.library.functions.gnutls_openpgp_crt_init(
2053
ctypes.byref(crt))
1854
(gnutls.library.functions
1855
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
2054
1856
# Import the OpenPGP public key into the certificate
2055
gnutls.library.functions.gnutls_openpgp_crt_import(
2056
crt, ctypes.byref(datum),
2057
gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)
1857
(gnutls.library.functions
1858
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
1859
gnutls.library.constants
1860
.GNUTLS_OPENPGP_FMT_RAW))
2058
1861
# Verify the self signature in the key
2059
1862
crtverify = ctypes.c_uint()
2060
gnutls.library.functions.gnutls_openpgp_crt_verify_self(
2061
crt, 0, ctypes.byref(crtverify))
1863
(gnutls.library.functions
1864
.gnutls_openpgp_crt_verify_self(crt, 0,
1865
ctypes.byref(crtverify)))
2062
1866
if crtverify.value != 0:
2063
1867
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
2064
raise gnutls.errors.CertificateSecurityError(
2065
"Verify failed")
1868
raise (gnutls.errors.CertificateSecurityError
1869
("Verify failed"))
2066
1870
# New buffer for the fingerprint
2067
1871
buf = ctypes.create_string_buffer(20)
2068
1872
buf_len = ctypes.c_size_t()
2069
1873
# Get the fingerprint from the certificate into the buffer
2070
gnutls.library.functions.gnutls_openpgp_crt_get_fingerprint(
2071
crt, ctypes.byref(buf), ctypes.byref(buf_len))
1874
(gnutls.library.functions
1875
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
1876
ctypes.byref(buf_len)))
2072
1877
# Deinit the certificate
2073
1878
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
2074
1879
# Convert the buffer to a Python bytestring
2080
1885
2081
1886
class MultiprocessingMixIn(object):
2082
1887
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
2083
2084
1888
def sub_process_main(self, request, address):
2085
1889
try:
2086
1890
self.finish_request(request, address)
2098
1902
2099
1903
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
2100
1904
""" adds a pipe to the MixIn """
2101
2102
1905
def process_request(self, request, client_address):
2103
1906
"""Overrides and wraps the original process_request().
2104
1907
2125
1928
interface: None or a network interface name (string)
2126
1929
use_ipv6: Boolean; to use IPv6 or not
2127
1930
"""
2128
2129
1931
def __init__(self, server_address, RequestHandlerClass,
2130
interface=None,
2131
use_ipv6=True,
2132
socketfd=None):
1932
interface=None, use_ipv6=True, socketfd=None):
2133
1933
"""If socketfd is set, use that file descriptor instead of
2134
1934
creating a new one with socket.socket().
2135
1935
"""
2176
1976
self.interface)
2177
1977
else:
2178
1978
try:
2179
self.socket.setsockopt(
2180
socket.SOL_SOCKET, SO_BINDTODEVICE,
2181
(self.interface + "\0").encode("utf-8"))
1979
self.socket.setsockopt(socket.SOL_SOCKET,
1980
SO_BINDTODEVICE,
1981
str(self.interface + '\0'))
2182
1982
except socket.error as error:
2183
1983
if error.errno == errno.EPERM:
2184
1984
logger.error("No permission to bind to"
2202
2002
self.server_address = (any_address,
2203
2003
self.server_address[1])
2204
2004
elif not self.server_address[1]:
2205
self.server_address = (self.server_address[0], 0)
2005
self.server_address = (self.server_address[0],
2006
0)
2206
2007
# if self.interface:
2207
2008
# self.server_address = (self.server_address[0],
2208
2009
# 0, # port
2222
2023
2223
2024
Assumes a gobject.MainLoop event loop.
2224
2025
"""
2225
2226
2026
def __init__(self, server_address, RequestHandlerClass,
2227
interface=None,
2228
use_ipv6=True,
2229
clients=None,
2230
gnutls_priority=None,
2231
use_dbus=True,
2232
socketfd=None):
2027
interface=None, use_ipv6=True, clients=None,
2028
gnutls_priority=None, use_dbus=True, socketfd=None):
2233
2029
self.enabled = False
2234
2030
self.clients = clients
2235
2031
if self.clients is None:
2241
2037
interface = interface,
2242
2038
use_ipv6 = use_ipv6,
2243
2039
socketfd = socketfd)
2244
2245
2040
def server_activate(self):
2246
2041
if self.enabled:
2247
2042
return socketserver.TCPServer.server_activate(self)
2251
2046
2252
2047
def add_pipe(self, parent_pipe, proc):
2253
2048
# Call "handle_ipc" for both data and EOF events
2254
gobject.io_add_watch(
2255
parent_pipe.fileno(),
2256
gobject.IO_IN | gobject.IO_HUP,
2257
functools.partial(self.handle_ipc,
2258
parent_pipe = parent_pipe,
2259
proc = proc))
2049
gobject.io_add_watch(parent_pipe.fileno(),
2050
gobject.IO_IN | gobject.IO_HUP,
2051
functools.partial(self.handle_ipc,
2052
parent_pipe =
2053
parent_pipe,
2054
proc = proc))
2260
2055
2261
def handle_ipc(self, source, condition,
2262
parent_pipe=None,
2263
proc = None,
2264
client_object=None):
2056
def handle_ipc(self, source, condition, parent_pipe=None,
2057
proc = None, client_object=None):
2265
2058
# error, or the other end of multiprocessing.Pipe has closed
2266
2059
if condition & (gobject.IO_ERR | gobject.IO_HUP):
2267
2060
# Wait for other process to exit
2290
2083
parent_pipe.send(False)
2291
2084
return False
2292
2085
2293
gobject.io_add_watch(
2294
parent_pipe.fileno(),
2295
gobject.IO_IN | gobject.IO_HUP,
2296
functools.partial(self.handle_ipc,
2297
parent_pipe = parent_pipe,
2298
proc = proc,
2299
client_object = client))
2086
gobject.io_add_watch(parent_pipe.fileno(),
2087
gobject.IO_IN | gobject.IO_HUP,
2088
functools.partial(self.handle_ipc,
2089
parent_pipe =
2090
parent_pipe,
2091
proc = proc,
2092
client_object =
2093
client))
2300
2094
parent_pipe.send(True)
2301
2095
# remove the old hook in favor of the new above hook on
2302
2096
# same fileno
2308
2102
2309
2103
parent_pipe.send(('data', getattr(client_object,
2310
2104
funcname)(*args,
2311
**kwargs)))
2105
**kwargs)))
2312
2106
2313
2107
if command == 'getattr':
2314
2108
attrname = request[1]
2315
if isinstance(client_object.__getattribute__(attrname),
2316
collections.Callable):
2317
parent_pipe.send(('function', ))
2109
if callable(client_object.__getattribute__(attrname)):
2110
parent_pipe.send(('function',))
2318
2111
else:
2319
parent_pipe.send((
2320
'data', client_object.__getattribute__(attrname)))
2112
parent_pipe.send(('data', client_object
2113
.__getattribute__(attrname)))
2321
2114
2322
2115
if command == 'setattr':
2323
2116
attrname = request[1]
2354
2147
# avoid excessive use of external libraries.
2355
2148
2356
2149
# New type for defining tokens, syntax, and semantics all-in-one
2357
Token = collections.namedtuple("Token", (
2358
"regexp", # To match token; if "value" is not None, must have
2359
# a "group" containing digits
2360
"value", # datetime.timedelta or None
2361
"followers")) # Tokens valid after this token
2150
Token = collections.namedtuple("Token",
2151
("regexp", # To match token; if
2152
# "value" is not None,
2153
# must have a "group"
2154
# containing digits
2155
"value", # datetime.timedelta or
2156
# None
2157
"followers")) # Tokens valid after
2158
# this token
2362
2159
# RFC 3339 "duration" tokens, syntax, and semantics; taken from
2363
2160
# the "duration" ABNF definition in RFC 3339, Appendix A.
2364
2161
token_end = Token(re.compile(r"$"), None, frozenset())
2365
2162
token_second = Token(re.compile(r"(\d+)S"),
2366
2163
datetime.timedelta(seconds=1),
2367
frozenset((token_end, )))
2164
frozenset((token_end,)))
2368
2165
token_minute = Token(re.compile(r"(\d+)M"),
2369
2166
datetime.timedelta(minutes=1),
2370
2167
frozenset((token_second, token_end)))
2386
2183
frozenset((token_month, token_end)))
2387
2184
token_week = Token(re.compile(r"(\d+)W"),
2388
2185
datetime.timedelta(weeks=1),
2389
frozenset((token_end, )))
2186
frozenset((token_end,)))
2390
2187
token_duration = Token(re.compile(r"P"), None,
2391
2188
frozenset((token_year, token_month,
2392
2189
token_day, token_time,
2393
token_week)))
2190
token_week))),
2394
2191
# Define starting values
2395
2192
value = datetime.timedelta() # Value so far
2396
2193
found_token = None
2397
followers = frozenset((token_duration, )) # Following valid tokens
2194
followers = frozenset(token_duration,) # Following valid tokens
2398
2195
s = duration # String left to parse
2399
2196
# Loop until end token is found
2400
2197
while found_token is not token_end:
2417
2214
break
2418
2215
else:
2419
2216
# No currently valid tokens were found
2420
raise ValueError("Invalid RFC 3339 duration: {!r}"
2421
.format(duration))
2217
raise ValueError("Invalid RFC 3339 duration")
2422
2218
# End token found
2423
2219
return value
2424
2220
2448
2244
timevalue = datetime.timedelta(0)
2449
2245
for s in interval.split():
2450
2246
try:
2451
suffix = s[-1]
2247
suffix = unicode(s[-1])
2452
2248
value = int(s[:-1])
2453
2249
if suffix == "d":
2454
2250
delta = datetime.timedelta(value)
2461
2257
elif suffix == "w":
2462
2258
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
2463
2259
else:
2464
raise ValueError("Unknown suffix {!r}".format(suffix))
2260
raise ValueError("Unknown suffix {0!r}"
2261
.format(suffix))
2465
2262
except IndexError as e:
2466
2263
raise ValueError(*(e.args))
2467
2264
timevalue += delta
2484
2281
null = os.open(os.devnull, os.O_NOCTTY | os.O_RDWR)
2485
2282
if not stat.S_ISCHR(os.fstat(null).st_mode):
2486
2283
raise OSError(errno.ENODEV,
2487
"{} not a character device"
2284
"{0} not a character device"
2488
2285
.format(os.devnull))
2489
2286
os.dup2(null, sys.stdin.fileno())
2490
2287
os.dup2(null, sys.stdout.fileno())
2500
2297
2501
2298
parser = argparse.ArgumentParser()
2502
2299
parser.add_argument("-v", "--version", action="version",
2503
version = "%(prog)s {}".format(version),
2300
version = "%(prog)s {0}".format(version),
2504
2301
help="show version number and exit")
2505
2302
parser.add_argument("-i", "--interface", metavar="IF",
2506
2303
help="Bind to interface IF")
2539
2336
help="Directory to save/restore state in")
2540
2337
parser.add_argument("--foreground", action="store_true",
2541
2338
help="Run in foreground", default=None)
2542
parser.add_argument("--no-zeroconf", action="store_false",
2543
dest="zeroconf", help="Do not use Zeroconf",
2544
default=None)
2545
2339
2546
2340
options = parser.parse_args()
2547
2341
2556
2350
"port": "",
2557
2351
"debug": "False",
2558
2352
"priority":
2559
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA"
2560
":+SIGN-DSA-SHA256",
2353
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:+SIGN-RSA-SHA224:+SIGN-RSA-RMD160",
2561
2354
"servicename": "Mandos",
2562
2355
"use_dbus": "True",
2563
2356
"use_ipv6": "True",
2566
2359
"socket": "",
2567
2360
"statedir": "/var/lib/mandos",
2568
2361
"foreground": "False",
2569
"zeroconf": "True",
2570
}
2362
}
2571
2363
2572
2364
# Parse config file for server-global settings
2573
2365
server_config = configparser.SafeConfigParser(server_defaults)
2574
2366
del server_defaults
2575
server_config.read(os.path.join(options.configdir, "mandos.conf"))
2367
server_config.read(os.path.join(options.configdir,
2368
"mandos.conf"))
2576
2369
# Convert the SafeConfigParser object to a dict
2577
2370
server_settings = server_config.defaults()
2578
2371
# Use the appropriate methods on the non-string config options
2596
2389
# Override the settings from the config file with command line
2597
2390
# options, if set.
2598
2391
for option in ("interface", "address", "port", "debug",
2599
"priority", "servicename", "configdir", "use_dbus",
2600
"use_ipv6", "debuglevel", "restore", "statedir",
2601
"socket", "foreground", "zeroconf"):
2392
"priority", "servicename", "configdir",
2393
"use_dbus", "use_ipv6", "debuglevel", "restore",
2394
"statedir", "socket", "foreground"):
2602
2395
value = getattr(options, option)
2603
2396
if value is not None:
2604
2397
server_settings[option] = value
2605
2398
del options
2606
2399
# Force all strings to be unicode
2607
2400
for option in server_settings.keys():
2608
if isinstance(server_settings[option], bytes):
2609
server_settings[option] = (server_settings[option]
2610
.decode("utf-8"))
2401
if type(server_settings[option]) is str:
2402
server_settings[option] = unicode(server_settings[option])
2611
2403
# Force all boolean options to be boolean
2612
2404
for option in ("debug", "use_dbus", "use_ipv6", "restore",
2613
"foreground", "zeroconf"):
2405
"foreground"):
2614
2406
server_settings[option] = bool(server_settings[option])
2615
2407
# Debug implies foreground
2616
2408
if server_settings["debug"]:
2619
2411
2620
2412
##################################################################
2621
2413
2622
if (not server_settings["zeroconf"]
2623
and not (server_settings["port"]
2624
or server_settings["socket"] != "")):
2625
parser.error("Needs port or socket to work without Zeroconf")
2626
2627
2414
# For convenience
2628
2415
debug = server_settings["debug"]
2629
2416
debuglevel = server_settings["debuglevel"]
2632
2419
stored_state_path = os.path.join(server_settings["statedir"],
2633
2420
stored_state_file)
2634
2421
foreground = server_settings["foreground"]
2635
zeroconf = server_settings["zeroconf"]
2636
2422
2637
2423
if debug:
2638
2424
initlogger(debug, logging.DEBUG)
2644
2430
initlogger(debug, level)
2645
2431
2646
2432
if server_settings["servicename"] != "Mandos":
2647
syslogger.setFormatter(
2648
logging.Formatter('Mandos ({}) [%(process)d]:'
2649
' %(levelname)s: %(message)s'.format(
2650
server_settings["servicename"])))
2433
syslogger.setFormatter(logging.Formatter
2434
('Mandos ({0}) [%(process)d]:'
2435
' %(levelname)s: %(message)s'
2436
.format(server_settings
2437
["servicename"])))
2651
2438
2652
2439
# Parse config file with clients
2653
2440
client_config = configparser.SafeConfigParser(Client
2658
2445
global mandos_dbus_service
2659
2446
mandos_dbus_service = None
2660
2447
2661
socketfd = None
2662
if server_settings["socket"] != "":
2663
socketfd = server_settings["socket"]
2664
tcp_server = MandosServer(
2665
(server_settings["address"], server_settings["port"]),
2666
ClientHandler,
2667
interface=(server_settings["interface"] or None),
2668
use_ipv6=use_ipv6,
2669
gnutls_priority=server_settings["priority"],
2670
use_dbus=use_dbus,
2671
socketfd=socketfd)
2448
tcp_server = MandosServer((server_settings["address"],
2449
server_settings["port"]),
2450
ClientHandler,
2451
interface=(server_settings["interface"]
2452
or None),
2453
use_ipv6=use_ipv6,
2454
gnutls_priority=
2455
server_settings["priority"],
2456
use_dbus=use_dbus,
2457
socketfd=(server_settings["socket"]
2458
or None))
2672
2459
if not foreground:
2673
2460
pidfilename = "/run/mandos.pid"
2674
2461
if not os.path.isdir("/run/."):
2675
2462
pidfilename = "/var/run/mandos.pid"
2676
2463
pidfile = None
2677
2464
try:
2678
pidfile = codecs.open(pidfilename, "w", encoding="utf-8")
2465
pidfile = open(pidfilename, "w")
2679
2466
except IOError as e:
2680
2467
logger.error("Could not open file %r", pidfilename,
2681
2468
exc_info=e)
2708
2495
def debug_gnutls(level, string):
2709
2496
logger.debug("GnuTLS: %s", string[:-1])
2710
2497
2711
gnutls.library.functions.gnutls_global_set_log_function(
2712
debug_gnutls)
2498
(gnutls.library.functions
2499
.gnutls_global_set_log_function(debug_gnutls))
2713
2500
2714
2501
# Redirect stdin so all checkers get /dev/null
2715
2502
null = os.open(os.devnull, os.O_NOCTTY | os.O_RDWR)
2735
2522
if use_dbus:
2736
2523
try:
2737
2524
bus_name = dbus.service.BusName("se.recompile.Mandos",
2738
bus,
2739
do_not_queue=True)
2740
old_bus_name = dbus.service.BusName(
2741
"se.bsnet.fukt.Mandos", bus,
2742
do_not_queue=True)
2743
except dbus.exceptions.DBusException as e:
2525
bus, do_not_queue=True)
2526
old_bus_name = (dbus.service.BusName
2527
("se.bsnet.fukt.Mandos", bus,
2528
do_not_queue=True))
2529
except dbus.exceptions.NameExistsException as e:
2744
2530
logger.error("Disabling D-Bus:", exc_info=e)
2745
2531
use_dbus = False
2746
2532
server_settings["use_dbus"] = False
2747
2533
tcp_server.use_dbus = False
2748
if zeroconf:
2749
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2750
service = AvahiServiceToSyslog(
2751
name = server_settings["servicename"],
2752
servicetype = "_mandos._tcp",
2753
protocol = protocol,
2754
bus = bus)
2755
if server_settings["interface"]:
2756
service.interface = if_nametoindex(
2757
server_settings["interface"].encode("utf-8"))
2534
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2535
service = AvahiServiceToSyslog(name =
2536
server_settings["servicename"],
2537
servicetype = "_mandos._tcp",
2538
protocol = protocol, bus = bus)
2539
if server_settings["interface"]:
2540
service.interface = (if_nametoindex
2541
(str(server_settings["interface"])))
2758
2542
2759
2543
global multiprocessing_manager
2760
2544
multiprocessing_manager = multiprocessing.Manager()
2779
2563
if server_settings["restore"]:
2780
2564
try:
2781
2565
with open(stored_state_path, "rb") as stored_state:
2782
clients_data, old_client_settings = pickle.load(
2783
stored_state)
2566
clients_data, old_client_settings = (pickle.load
2567
(stored_state))
2784
2568
os.remove(stored_state_path)
2785
2569
except IOError as e:
2786
2570
if e.errno == errno.ENOENT:
2787
logger.warning("Could not load persistent state:"
2788
" {}".format(os.strerror(e.errno)))
2571
logger.warning("Could not load persistent state: {0}"
2572
.format(os.strerror(e.errno)))
2789
2573
else:
2790
2574
logger.critical("Could not load persistent state:",
2791
2575
exc_info=e)
2792
2576
raise
2793
2577
except EOFError as e:
2794
2578
logger.warning("Could not load persistent state: "
2795
"EOFError:",
2796
exc_info=e)
2579
"EOFError:", exc_info=e)
2797
2580
2798
2581
with PGPEngine() as pgp:
2799
for client_name, client in clients_data.items():
2582
for client_name, client in clients_data.iteritems():
2800
2583
# Skip removed clients
2801
2584
if client_name not in client_settings:
2802
2585
continue
2811
2594
# For each value in new config, check if it
2812
2595
# differs from the old config value (Except for
2813
2596
# the "secret" attribute)
2814
if (name != "secret"
2815
and (value !=
2816
old_client_settings[client_name][name])):
2597
if (name != "secret" and
2598
value != old_client_settings[client_name]
2599
[name]):
2817
2600
client[name] = value
2818
2601
except KeyError:
2819
2602
pass
2820
2603
2821
2604
# Clients who has passed its expire date can still be
2822
# enabled if its last checker was successful. A Client
2605
# enabled if its last checker was successful. Clients
2823
2606
# whose checker succeeded before we stored its state is
2824
2607
# assumed to have successfully run all checkers during
2825
2608
# downtime.
2827
2610
if datetime.datetime.utcnow() >= client["expires"]:
2828
2611
if not client["last_checked_ok"]:
2829
2612
logger.warning(
2830
"disabling client {} - Client never "
2831
"performed a successful checker".format(
2832
client_name))
2613
"disabling client {0} - Client never "
2614
"performed a successful checker"
2615
.format(client_name))
2833
2616
client["enabled"] = False
2834
2617
elif client["last_checker_status"] != 0:
2835
2618
logger.warning(
2836
"disabling client {} - Client last"
2837
" checker failed with error code"
2838
" {}".format(
2839
client_name,
2840
client["last_checker_status"]))
2619
"disabling client {0} - Client "
2620
"last checker failed with error code {1}"
2621
.format(client_name,
2622
client["last_checker_status"]))
2841
2623
client["enabled"] = False
2842
2624
else:
2843
client["expires"] = (
2844
datetime.datetime.utcnow()
2845
+ client["timeout"])
2625
client["expires"] = (datetime.datetime
2626
.utcnow()
2627
+ client["timeout"])
2846
2628
logger.debug("Last checker succeeded,"
2847
" keeping {} enabled".format(
2848
client_name))
2629
" keeping {0} enabled"
2630
.format(client_name))
2849
2631
try:
2850
client["secret"] = pgp.decrypt(
2851
client["encrypted_secret"],
2852
client_settings[client_name]["secret"])
2632
client["secret"] = (
2633
pgp.decrypt(client["encrypted_secret"],
2634
client_settings[client_name]
2635
["secret"]))
2853
2636
except PGPError:
2854
2637
# If decryption fails, we use secret from new settings
2855
logger.debug("Failed to decrypt {} old secret".format(
2856
client_name))
2857
client["secret"] = (client_settings[client_name]
2858
["secret"])
2638
logger.debug("Failed to decrypt {0} old secret"
2639
.format(client_name))
2640
client["secret"] = (
2641
client_settings[client_name]["secret"])
2859
2642
2860
2643
# Add/remove clients based on new changes made to config
2861
2644
for client_name in (set(old_client_settings)
2866
2649
clients_data[client_name] = client_settings[client_name]
2867
2650
2868
2651
# Create all client objects
2869
for client_name, client in clients_data.items():
2652
for client_name, client in clients_data.iteritems():
2870
2653
tcp_server.clients[client_name] = client_class(
2871
name = client_name,
2872
settings = client,
2654
name = client_name, settings = client,
2873
2655
server_settings = server_settings)
2874
2656
2875
2657
if not tcp_server.clients:
2877
2659
2878
2660
if not foreground:
2879
2661
if pidfile is not None:
2880
pid = os.getpid()
2881
2662
try:
2882
2663
with pidfile:
2883
print(pid, file=pidfile)
2664
pid = os.getpid()
2665
pidfile.write(str(pid) + "\n".encode("utf-8"))
2884
2666
except IOError:
2885
2667
logger.error("Could not write to file %r with PID %d",
2886
2668
pidfilename, pid)
2891
2673
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
2892
2674
2893
2675
if use_dbus:
2894
2895
@alternate_dbus_interfaces(
2896
{ "se.recompile.Mandos": "se.bsnet.fukt.Mandos" })
2897
class MandosDBusService(DBusObjectWithObjectManager):
2676
@alternate_dbus_interfaces({"se.recompile.Mandos":
2677
"se.bsnet.fukt.Mandos"})
2678
class MandosDBusService(DBusObjectWithProperties):
2898
2679
"""A D-Bus proxy object"""
2899
2900
2680
def __init__(self):
2901
2681
dbus.service.Object.__init__(self, bus, "/")
2902
2903
2682
_interface = "se.recompile.Mandos"
2904
2683
2684
@dbus_interface_annotations(_interface)
2685
def _foo(self):
2686
return { "org.freedesktop.DBus.Property"
2687
".EmitsChangedSignal":
2688
"false"}
2689
2905
2690
@dbus.service.signal(_interface, signature="o")
2906
2691
def ClientAdded(self, objpath):
2907
2692
"D-Bus signal"
2912
2697
"D-Bus signal"
2913
2698
pass
2914
2699
2915
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
2916
"true"})
2917
2700
@dbus.service.signal(_interface, signature="os")
2918
2701
def ClientRemoved(self, objpath, name):
2919
2702
"D-Bus signal"
2920
2703
pass
2921
2704
2922
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
2923
"true"})
2924
2705
@dbus.service.method(_interface, out_signature="ao")
2925
2706
def GetAllClients(self):
2926
2707
"D-Bus method"
2927
return dbus.Array(c.dbus_object_path for c in
2708
return dbus.Array(c.dbus_object_path
2709
for c in
2928
2710
tcp_server.clients.itervalues())
2929
2711
2930
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
2931
"true"})
2932
2712
@dbus.service.method(_interface,
2933
2713
out_signature="a{oa{sv}}")
2934
2714
def GetAllClientsWithProperties(self):
2935
2715
"D-Bus method"
2936
2716
return dbus.Dictionary(
2937
{ c.dbus_object_path: c.GetAll(
2938
"se.recompile.Mandos.Client")
2939
for c in tcp_server.clients.itervalues() },
2717
((c.dbus_object_path, c.GetAll(""))
2718
for c in tcp_server.clients.itervalues()),
2940
2719
signature="oa{sv}")
2941
2720
2942
2721
@dbus.service.method(_interface, in_signature="o")
2946
2725
if c.dbus_object_path == object_path:
2947
2726
del tcp_server.clients[c.name]
2948
2727
c.remove_from_connection()
2949
# Don't signal the disabling
2728
# Don't signal anything except ClientRemoved
2950
2729
c.disable(quiet=True)
2951
# Emit D-Bus signal for removal
2952
self.client_removed_signal(c)
2730
# Emit D-Bus signal
2731
self.ClientRemoved(object_path, c.name)
2953
2732
return
2954
2733
raise KeyError(object_path)
2955
2734
2956
2735
del _interface
2957
2958
@dbus.service.method(dbus.OBJECT_MANAGER_IFACE,
2959
out_signature = "a{oa{sa{sv}}}")
2960
def GetManagedObjects(self):
2961
"""D-Bus method"""
2962
return dbus.Dictionary(
2963
{ client.dbus_object_path:
2964
dbus.Dictionary(
2965
{ interface: client.GetAll(interface)
2966
for interface in
2967
client._get_all_interface_names()})
2968
for client in tcp_server.clients.values()})
2969
2970
def client_added_signal(self, client):
2971
"""Send the new standard signal and the old signal"""
2972
if use_dbus:
2973
# New standard signal
2974
self.InterfacesAdded(
2975
client.dbus_object_path,
2976
dbus.Dictionary(
2977
{ interface: client.GetAll(interface)
2978
for interface in
2979
client._get_all_interface_names()}))
2980
# Old signal
2981
self.ClientAdded(client.dbus_object_path)
2982
2983
def client_removed_signal(self, client):
2984
"""Send the new standard signal and the old signal"""
2985
if use_dbus:
2986
# New standard signal
2987
self.InterfacesRemoved(
2988
client.dbus_object_path,
2989
client._get_all_interface_names())
2990
# Old signal
2991
self.ClientRemoved(client.dbus_object_path,
2992
client.name)
2993
2736
2994
2737
mandos_dbus_service = MandosDBusService()
2995
2738
2996
2739
def cleanup():
2997
2740
"Cleanup function; run on exit"
2998
if zeroconf:
2999
service.cleanup()
2741
service.cleanup()
3000
2742
3001
2743
multiprocessing.active_children()
3002
2744
wnull.close()
3016
2758
3017
2759
# A list of attributes that can not be pickled
3018
2760
# + secret.
3019
exclude = { "bus", "changedstate", "secret",
3020
"checker", "server_settings" }
3021
for name, typ in inspect.getmembers(dbus.service
3022
.Object):
2761
exclude = set(("bus", "changedstate", "secret",
2762
"checker", "server_settings"))
2763
for name, typ in (inspect.getmembers
2764
(dbus.service.Object)):
3023
2765
exclude.add(name)
3024
2766
3025
2767
client_dict["encrypted_secret"] = (client
3032
2774
del client_settings[client.name]["secret"]
3033
2775
3034
2776
try:
3035
with tempfile.NamedTemporaryFile(
3036
mode='wb',
3037
suffix=".pickle",
3038
prefix='clients-',
3039
dir=os.path.dirname(stored_state_path),
3040
delete=False) as stored_state:
2777
with (tempfile.NamedTemporaryFile
2778
(mode='wb', suffix=".pickle", prefix='clients-',
2779
dir=os.path.dirname(stored_state_path),
2780
delete=False)) as stored_state:
3041
2781
pickle.dump((clients, client_settings), stored_state)
3042
tempname = stored_state.name
2782
tempname=stored_state.name
3043
2783
os.rename(tempname, stored_state_path)
3044
2784
except (IOError, OSError) as e:
3045
2785
if not debug:
3048
2788
except NameError:
3049
2789
pass
3050
2790
if e.errno in (errno.ENOENT, errno.EACCES, errno.EEXIST):
3051
logger.warning("Could not save persistent state: {}"
2791
logger.warning("Could not save persistent state: {0}"
3052
2792
.format(os.strerror(e.errno)))
3053
2793
else:
3054
2794
logger.warning("Could not save persistent state:",
3060
2800
name, client = tcp_server.clients.popitem()
3061
2801
if use_dbus:
3062
2802
client.remove_from_connection()
3063
# Don't signal the disabling
2803
# Don't signal anything except ClientRemoved
3064
2804
client.disable(quiet=True)
3065
# Emit D-Bus signal for removal
3066
2805
if use_dbus:
3067
mandos_dbus_service.client_removed_signal(client)
2806
# Emit D-Bus signal
2807
mandos_dbus_service.ClientRemoved(client
2808
.dbus_object_path,
2809
client.name)
3068
2810
client_settings.clear()
3069
2811
3070
2812
atexit.register(cleanup)
3071
2813
3072
2814
for client in tcp_server.clients.itervalues():
3073
2815
if use_dbus:
3074
# Emit D-Bus signal for adding
3075
mandos_dbus_service.client_added_signal(client)
2816
# Emit D-Bus signal
2817
mandos_dbus_service.ClientAdded(client.dbus_object_path)
3076
2818
# Need to initiate checking of clients
3077
2819
if client.enabled:
3078
2820
client.init_checker()
3081
2823
tcp_server.server_activate()
3082
2824
3083
2825
# Find out what port we got
3084
if zeroconf:
3085
service.port = tcp_server.socket.getsockname()[1]
2826
service.port = tcp_server.socket.getsockname()[1]
3086
2827
if use_ipv6:
3087
2828
logger.info("Now listening on address %r, port %d,"
3088
2829
" flowinfo %d, scope_id %d",
3094
2835
#service.interface = tcp_server.socket.getsockname()[3]
3095
2836
3096
2837
try:
3097
if zeroconf:
3098
# From the Avahi example code
3099
try:
3100
service.activate()
3101
except dbus.exceptions.DBusException as error:
3102
logger.critical("D-Bus Exception", exc_info=error)
3103
cleanup()
3104
sys.exit(1)
3105
# End of Avahi example code
2838
# From the Avahi example code
2839
try:
2840
service.activate()
2841
except dbus.exceptions.DBusException as error:
2842
logger.critical("D-Bus Exception", exc_info=error)
2843
cleanup()
2844
sys.exit(1)
2845
# End of Avahi example code
3106
2846
3107
2847
gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,
3108
2848
lambda *args, **kwargs:
3123
2863
# Must run before the D-Bus bus name gets deregistered
3124
2864
cleanup()
3125
2865
3126
3127
2866
if __name__ == '__main__':
3128
2867
main()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0