To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 237.7.335
- compare with another revision
- download diff
- download tarball
- view history from revision 237.7.335
- Committer: Teddy Hogeborn
- Date: 2015-08-10 16:19:28 UTC
- mto: (237.7.594 trunk)
- mto: This revision was merged to the branch mainline in revision 325.
- Revision ID: teddy@recompile.se-20150810161928-bnukog7l47j3pjix
Depend on Avahi and the network in the server's systemd service file.
* mandos.service ([Unit]/After): New; set to "network.target" and
"avahi-daemon.service".
([Unit]/RequisiteOverridable): New; set to "avahi-daemon.service".
* mandos.service ([Unit]/After): New; set to "network.target" and
"avahi-daemon.service".
([Unit]/RequisiteOverridable): New; set to "avahi-daemon.service".
- files added:
- debian/mandos-client.examples
- debian/upstream
- plugin-helpers
- files modified:
- .bzrignore
added
removed
mandos
1
#!/usr/bin/python
1
#!/usr/bin/python2.7
2
2
# -*- mode: python; coding: utf-8 -*-
3
3
#
4
4
# Mandos server - give out binary blobs to connecting clients.
11
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008-2012 Teddy Hogeborn
15
# Copyright © 2008-2012 Björn Påhlsson
14
# Copyright © 2008-2015 Teddy Hogeborn
15
# Copyright © 2008-2015 Björn Påhlsson
16
16
#
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
34
34
from __future__ import (division, absolute_import, print_function,
35
35
unicode_literals)
36
36
37
import SocketServer as socketserver
37
from future_builtins import *
38
39
try:
40
import SocketServer as socketserver
41
except ImportError:
42
import socketserver
38
43
import socket
39
44
import argparse
40
45
import datetime
45
50
import gnutls.library.functions
46
51
import gnutls.library.constants
47
52
import gnutls.library.types
48
import ConfigParser as configparser
53
try:
54
import ConfigParser as configparser
55
except ImportError:
56
import configparser
49
57
import sys
50
58
import re
51
59
import os
60
68
import struct
61
69
import fcntl
62
70
import functools
63
import cPickle as pickle
71
try:
72
import cPickle as pickle
73
except ImportError:
74
import pickle
64
75
import multiprocessing
65
76
import types
66
77
import binascii
67
78
import tempfile
68
79
import itertools
80
import collections
81
import codecs
69
82
70
83
import dbus
71
84
import dbus.service
72
import gobject
85
try:
86
import gobject
87
except ImportError:
88
from gi.repository import GObject as gobject
73
89
import avahi
74
90
from dbus.mainloop.glib import DBusGMainLoop
75
91
import ctypes
76
92
import ctypes.util
77
93
import xml.dom.minidom
78
94
import inspect
79
import GnuPGInterface
80
95
81
96
try:
82
97
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
86
101
except ImportError:
87
102
SO_BINDTODEVICE = None
88
103
89
version = "1.5.3"
104
if sys.version_info.major == 2:
105
str = unicode
106
107
version = "1.6.9"
90
108
stored_state_file = "clients.pickle"
91
109
92
110
logger = logging.getLogger()
93
syslogger = (logging.handlers.SysLogHandler
94
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
95
address = str("/dev/log")))
111
syslogger = None
96
112
97
113
try:
98
if_nametoindex = (ctypes.cdll.LoadLibrary
99
(ctypes.util.find_library("c"))
100
.if_nametoindex)
114
if_nametoindex = ctypes.cdll.LoadLibrary(
115
ctypes.util.find_library("c")).if_nametoindex
101
116
except (OSError, AttributeError):
117
102
118
def if_nametoindex(interface):
103
119
"Get an interface index the hard way, i.e. using fcntl()"
104
120
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
105
121
with contextlib.closing(socket.socket()) as s:
106
122
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
107
struct.pack(str("16s16x"),
108
interface))
109
interface_index = struct.unpack(str("I"),
110
ifreq[16:20])[0]
123
struct.pack(b"16s16x", interface))
124
interface_index = struct.unpack("I", ifreq[16:20])[0]
111
125
return interface_index
112
126
113
127
114
128
def initlogger(debug, level=logging.WARNING):
115
129
"""init logger and add loglevel"""
116
130
131
global syslogger
132
syslogger = (logging.handlers.SysLogHandler(
133
facility = logging.handlers.SysLogHandler.LOG_DAEMON,
134
address = "/dev/log"))
117
135
syslogger.setFormatter(logging.Formatter
118
136
('Mandos [%(process)d]: %(levelname)s:'
119
137
' %(message)s'))
136
154
137
155
class PGPEngine(object):
138
156
"""A simple class for OpenPGP symmetric encryption & decryption"""
157
139
158
def __init__(self):
140
self.gnupg = GnuPGInterface.GnuPG()
141
159
self.tempdir = tempfile.mkdtemp(prefix="mandos-")
142
self.gnupg = GnuPGInterface.GnuPG()
143
self.gnupg.options.meta_interactive = False
144
self.gnupg.options.homedir = self.tempdir
145
self.gnupg.options.extra_args.extend(['--force-mdc',
146
'--quiet',
147
'--no-use-agent'])
160
self.gnupgargs = ['--batch',
161
'--home', self.tempdir,
162
'--force-mdc',
163
'--quiet',
164
'--no-use-agent']
148
165
149
166
def __enter__(self):
150
167
return self
151
168
152
def __exit__ (self, exc_type, exc_value, traceback):
169
def __exit__(self, exc_type, exc_value, traceback):
153
170
self._cleanup()
154
171
return False
155
172
172
189
def password_encode(self, password):
173
190
# Passphrase can not be empty and can not contain newlines or
174
191
# NUL bytes. So we prefix it and hex encode it.
175
return b"mandos" + binascii.hexlify(password)
192
encoded = b"mandos" + binascii.hexlify(password)
193
if len(encoded) > 2048:
194
# GnuPG can't handle long passwords, so encode differently
195
encoded = (b"mandos" + password.replace(b"\\", b"\\\\")
196
.replace(b"\n", b"\\n")
197
.replace(b"\0", b"\\x00"))
198
return encoded
176
199
177
200
def encrypt(self, data, password):
178
self.gnupg.passphrase = self.password_encode(password)
179
with open(os.devnull, "w") as devnull:
180
try:
181
proc = self.gnupg.run(['--symmetric'],
182
create_fhs=['stdin', 'stdout'],
183
attach_fhs={'stderr': devnull})
184
with contextlib.closing(proc.handles['stdin']) as f:
185
f.write(data)
186
with contextlib.closing(proc.handles['stdout']) as f:
187
ciphertext = f.read()
188
proc.wait()
189
except IOError as e:
190
raise PGPError(e)
191
self.gnupg.passphrase = None
201
passphrase = self.password_encode(password)
202
with tempfile.NamedTemporaryFile(
203
dir=self.tempdir) as passfile:
204
passfile.write(passphrase)
205
passfile.flush()
206
proc = subprocess.Popen(['gpg', '--symmetric',
207
'--passphrase-file',
208
passfile.name]
209
+ self.gnupgargs,
210
stdin = subprocess.PIPE,
211
stdout = subprocess.PIPE,
212
stderr = subprocess.PIPE)
213
ciphertext, err = proc.communicate(input = data)
214
if proc.returncode != 0:
215
raise PGPError(err)
192
216
return ciphertext
193
217
194
218
def decrypt(self, data, password):
195
self.gnupg.passphrase = self.password_encode(password)
196
with open(os.devnull, "w") as devnull:
197
try:
198
proc = self.gnupg.run(['--decrypt'],
199
create_fhs=['stdin', 'stdout'],
200
attach_fhs={'stderr': devnull})
201
with contextlib.closing(proc.handles['stdin']) as f:
202
f.write(data)
203
with contextlib.closing(proc.handles['stdout']) as f:
204
decrypted_plaintext = f.read()
205
proc.wait()
206
except IOError as e:
207
raise PGPError(e)
208
self.gnupg.passphrase = None
219
passphrase = self.password_encode(password)
220
with tempfile.NamedTemporaryFile(
221
dir = self.tempdir) as passfile:
222
passfile.write(passphrase)
223
passfile.flush()
224
proc = subprocess.Popen(['gpg', '--decrypt',
225
'--passphrase-file',
226
passfile.name]
227
+ self.gnupgargs,
228
stdin = subprocess.PIPE,
229
stdout = subprocess.PIPE,
230
stderr = subprocess.PIPE)
231
decrypted_plaintext, err = proc.communicate(input = data)
232
if proc.returncode != 0:
233
raise PGPError(err)
209
234
return decrypted_plaintext
210
235
211
236
212
213
237
class AvahiError(Exception):
214
238
def __init__(self, value, *args, **kwargs):
215
239
self.value = value
216
super(AvahiError, self).__init__(value, *args, **kwargs)
217
def __unicode__(self):
218
return unicode(repr(self.value))
240
return super(AvahiError, self).__init__(value, *args,
241
**kwargs)
242
219
243
220
244
class AvahiServiceError(AvahiError):
221
245
pass
222
246
247
223
248
class AvahiGroupError(AvahiError):
224
249
pass
225
250
232
257
Used to optionally bind to the specified interface.
233
258
name: string; Example: 'Mandos'
234
259
type: string; Example: '_mandos._tcp'.
235
See <http://www.dns-sd.org/ServiceTypes.html>
260
See <https://www.iana.org/assignments/service-names-port-numbers>
236
261
port: integer; what port to announce
237
262
TXT: list of strings; TXT record for the service
238
263
domain: string; Domain to publish on, default to .local if empty.
244
269
server: D-Bus Server
245
270
bus: dbus.SystemBus()
246
271
"""
247
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
248
servicetype = None, port = None, TXT = None,
249
domain = "", host = "", max_renames = 32768,
250
protocol = avahi.PROTO_UNSPEC, bus = None):
272
273
def __init__(self,
274
interface = avahi.IF_UNSPEC,
275
name = None,
276
servicetype = None,
277
port = None,
278
TXT = None,
279
domain = "",
280
host = "",
281
max_renames = 32768,
282
protocol = avahi.PROTO_UNSPEC,
283
bus = None):
251
284
self.interface = interface
252
285
self.name = name
253
286
self.type = servicetype
262
295
self.server = None
263
296
self.bus = bus
264
297
self.entry_group_state_changed_match = None
265
def rename(self):
298
299
def rename(self, remove=True):
266
300
"""Derived from the Avahi example code"""
267
301
if self.rename_count >= self.max_renames:
268
302
logger.critical("No suitable Zeroconf service name found"
269
303
" after %i retries, exiting.",
270
304
self.rename_count)
271
305
raise AvahiServiceError("Too many renames")
272
self.name = unicode(self.server
273
.GetAlternativeServiceName(self.name))
306
self.name = str(
307
self.server.GetAlternativeServiceName(self.name))
308
self.rename_count += 1
274
309
logger.info("Changing Zeroconf service name to %r ...",
275
310
self.name)
276
self.remove()
311
if remove:
312
self.remove()
277
313
try:
278
314
self.add()
279
315
except dbus.exceptions.DBusException as error:
280
logger.critical("DBusException: %s", error)
281
self.cleanup()
282
os._exit(1)
283
self.rename_count += 1
316
if (error.get_dbus_name()
317
== "org.freedesktop.Avahi.CollisionError"):
318
logger.info("Local Zeroconf service name collision.")
319
return self.rename(remove=False)
320
else:
321
logger.critical("D-Bus Exception", exc_info=error)
322
self.cleanup()
323
os._exit(1)
324
284
325
def remove(self):
285
326
"""Derived from the Avahi example code"""
286
327
if self.entry_group_state_changed_match is not None:
288
329
self.entry_group_state_changed_match = None
289
330
if self.group is not None:
290
331
self.group.Reset()
332
291
333
def add(self):
292
334
"""Derived from the Avahi example code"""
293
335
self.remove()
310
352
dbus.UInt16(self.port),
311
353
avahi.string_array_to_txt_array(self.TXT))
312
354
self.group.Commit()
355
313
356
def entry_group_state_changed(self, state, error):
314
357
"""Derived from the Avahi example code"""
315
358
logger.debug("Avahi entry group state change: %i", state)
321
364
self.rename()
322
365
elif state == avahi.ENTRY_GROUP_FAILURE:
323
366
logger.critical("Avahi: Error in group state changed %s",
324
unicode(error))
325
raise AvahiGroupError("State changed: %s"
326
% unicode(error))
367
str(error))
368
raise AvahiGroupError("State changed: {!s}".format(error))
369
327
370
def cleanup(self):
328
371
"""Derived from the Avahi example code"""
329
372
if self.group is not None:
334
377
pass
335
378
self.group = None
336
379
self.remove()
380
337
381
def server_state_changed(self, state, error=None):
338
382
"""Derived from the Avahi example code"""
339
383
logger.debug("Avahi server state change: %i", state)
340
bad_states = { avahi.SERVER_INVALID:
341
"Zeroconf server invalid",
342
avahi.SERVER_REGISTERING: None,
343
avahi.SERVER_COLLISION:
344
"Zeroconf server name collision",
345
avahi.SERVER_FAILURE:
346
"Zeroconf server failure" }
384
bad_states = {
385
avahi.SERVER_INVALID: "Zeroconf server invalid",
386
avahi.SERVER_REGISTERING: None,
387
avahi.SERVER_COLLISION: "Zeroconf server name collision",
388
avahi.SERVER_FAILURE: "Zeroconf server failure",
389
}
347
390
if state in bad_states:
348
391
if bad_states[state] is not None:
349
392
if error is None:
352
395
logger.error(bad_states[state] + ": %r", error)
353
396
self.cleanup()
354
397
elif state == avahi.SERVER_RUNNING:
355
self.add()
398
try:
399
self.add()
400
except dbus.exceptions.DBusException as error:
401
if (error.get_dbus_name()
402
== "org.freedesktop.Avahi.CollisionError"):
403
logger.info("Local Zeroconf service name"
404
" collision.")
405
return self.rename(remove=False)
406
else:
407
logger.critical("D-Bus Exception", exc_info=error)
408
self.cleanup()
409
os._exit(1)
356
410
else:
357
411
if error is None:
358
412
logger.debug("Unknown state: %r", state)
359
413
else:
360
414
logger.debug("Unknown state: %r: %r", state, error)
415
361
416
def activate(self):
362
417
"""Derived from the Avahi example code"""
363
418
if self.server is None:
367
422
follow_name_owner_changes=True),
368
423
avahi.DBUS_INTERFACE_SERVER)
369
424
self.server.connect_to_signal("StateChanged",
370
self.server_state_changed)
425
self.server_state_changed)
371
426
self.server_state_changed(self.server.GetState())
372
427
428
373
429
class AvahiServiceToSyslog(AvahiService):
374
def rename(self):
430
def rename(self, *args, **kwargs):
375
431
"""Add the new name to the syslog messages"""
376
ret = AvahiService.rename(self)
377
syslogger.setFormatter(logging.Formatter
378
('Mandos (%s) [%%(process)d]:'
379
' %%(levelname)s: %%(message)s'
380
% self.name))
432
ret = AvahiService.rename(self, *args, **kwargs)
433
syslogger.setFormatter(logging.Formatter(
434
'Mandos ({}) [%(process)d]: %(levelname)s: %(message)s'
435
.format(self.name)))
381
436
return ret
382
437
383
def timedelta_to_milliseconds(td):
384
"Convert a datetime.timedelta() to milliseconds"
385
return ((td.days * 24 * 60 * 60 * 1000)
386
+ (td.seconds * 1000)
387
+ (td.microseconds // 1000))
388
438
def call_pipe(connection, # : multiprocessing.Connection
439
func, *args, **kwargs):
440
"""This function is meant to be called by multiprocessing.Process
441
442
This function runs func(*args, **kwargs), and writes the resulting
443
return value on the provided multiprocessing.Connection.
444
"""
445
connection.send(func(*args, **kwargs))
446
connection.close()
447
389
448
class Client(object):
390
449
"""A representation of a client host served by this server.
391
450
417
476
last_checker_status: integer between 0 and 255 reflecting exit
418
477
status of last checker. -1 reflects crashed
419
478
checker, -2 means no checker completed yet.
479
last_checker_signal: The signal which killed the last checker, if
480
last_checker_status is -1
420
481
last_enabled: datetime.datetime(); (UTC) or None
421
482
name: string; from the config file, used in log messages and
422
483
D-Bus identifiers
427
488
runtime_expansions: Allowed attributes for runtime expansion.
428
489
expires: datetime.datetime(); time (UTC) when a client will be
429
490
disabled, or None
491
server_settings: The server_settings dict from main()
430
492
"""
431
493
432
494
runtime_expansions = ("approval_delay", "approval_duration",
433
"created", "enabled", "fingerprint",
434
"host", "interval", "last_checked_ok",
495
"created", "enabled", "expires",
496
"fingerprint", "host", "interval",
497
"last_approval_request", "last_checked_ok",
435
498
"last_enabled", "name", "timeout")
436
client_defaults = { "timeout": "5m",
437
"extended_timeout": "15m",
438
"interval": "2m",
439
"checker": "fping -q -- %%(host)s",
440
"host": "",
441
"approval_delay": "0s",
442
"approval_duration": "1s",
443
"approved_by_default": "True",
444
"enabled": "True",
445
}
446
447
def timeout_milliseconds(self):
448
"Return the 'timeout' attribute in milliseconds"
449
return timedelta_to_milliseconds(self.timeout)
450
451
def extended_timeout_milliseconds(self):
452
"Return the 'extended_timeout' attribute in milliseconds"
453
return timedelta_to_milliseconds(self.extended_timeout)
454
455
def interval_milliseconds(self):
456
"Return the 'interval' attribute in milliseconds"
457
return timedelta_to_milliseconds(self.interval)
458
459
def approval_delay_milliseconds(self):
460
return timedelta_to_milliseconds(self.approval_delay)
461
499
client_defaults = {
500
"timeout": "PT5M",
501
"extended_timeout": "PT15M",
502
"interval": "PT2M",
503
"checker": "fping -q -- %%(host)s",
504
"host": "",
505
"approval_delay": "PT0S",
506
"approval_duration": "PT1S",
507
"approved_by_default": "True",
508
"enabled": "True",
509
}
510
462
511
@staticmethod
463
512
def config_parser(config):
464
513
"""Construct a new dict of client settings of this form:
479
528
client["enabled"] = config.getboolean(client_name,
480
529
"enabled")
481
530
531
# Uppercase and remove spaces from fingerprint for later
532
# comparison purposes with return value from the
533
# fingerprint() function
482
534
client["fingerprint"] = (section["fingerprint"].upper()
483
535
.replace(" ", ""))
484
536
if "secret" in section:
489
541
"rb") as secfile:
490
542
client["secret"] = secfile.read()
491
543
else:
492
raise TypeError("No secret or secfile for section %s"
493
% section)
544
raise TypeError("No secret or secfile for section {}"
545
.format(section))
494
546
client["timeout"] = string_to_delta(section["timeout"])
495
547
client["extended_timeout"] = string_to_delta(
496
548
section["extended_timeout"])
505
557
client["last_checker_status"] = -2
506
558
507
559
return settings
508
509
510
def __init__(self, settings, name = None):
511
"""Note: the 'checker' key in 'config' sets the
512
'checker_command' attribute and *not* the 'checker'
513
attribute."""
560
561
def __init__(self, settings, name = None, server_settings=None):
514
562
self.name = name
563
if server_settings is None:
564
server_settings = {}
565
self.server_settings = server_settings
515
566
# adding all client settings
516
for setting, value in settings.iteritems():
567
for setting, value in settings.items():
517
568
setattr(self, setting, value)
518
569
519
570
if self.enabled:
525
576
else:
526
577
self.last_enabled = None
527
578
self.expires = None
528
579
529
580
logger.debug("Creating client %r", self.name)
530
# Uppercase and remove spaces from fingerprint for later
531
# comparison purposes with return value from the fingerprint()
532
# function
533
581
logger.debug(" Fingerprint: %s", self.fingerprint)
534
582
self.created = settings.get("created",
535
583
datetime.datetime.utcnow())
536
584
537
585
# attributes specific for this server instance
538
586
self.checker = None
539
587
self.checker_initiator_tag = None
542
590
self.current_checker_command = None
543
591
self.approved = None
544
592
self.approvals_pending = 0
545
self.changedstate = (multiprocessing_manager
546
.Condition(multiprocessing_manager
547
.Lock()))
548
self.client_structure = [attr for attr in
549
self.__dict__.iterkeys()
593
self.changedstate = multiprocessing_manager.Condition(
594
multiprocessing_manager.Lock())
595
self.client_structure = [attr
596
for attr in self.__dict__.iterkeys()
550
597
if not attr.startswith("_")]
551
598
self.client_structure.append("client_structure")
552
599
553
for name, t in inspect.getmembers(type(self),
554
lambda obj:
555
isinstance(obj,
556
property)):
600
for name, t in inspect.getmembers(
601
type(self), lambda obj: isinstance(obj, property)):
557
602
if not name.startswith("_"):
558
603
self.client_structure.append(name)
559
604
567
612
if getattr(self, "enabled", False):
568
613
# Already enabled
569
614
return
570
self.send_changedstate()
571
615
self.expires = datetime.datetime.utcnow() + self.timeout
572
616
self.enabled = True
573
617
self.last_enabled = datetime.datetime.utcnow()
574
618
self.init_checker()
619
self.send_changedstate()
575
620
576
621
def disable(self, quiet=True):
577
622
"""Disable this client."""
578
623
if not getattr(self, "enabled", False):
579
624
return False
580
625
if not quiet:
581
self.send_changedstate()
582
if not quiet:
583
626
logger.info("Disabling client %s", self.name)
584
if getattr(self, "disable_initiator_tag", False):
627
if getattr(self, "disable_initiator_tag", None) is not None:
585
628
gobject.source_remove(self.disable_initiator_tag)
586
629
self.disable_initiator_tag = None
587
630
self.expires = None
588
if getattr(self, "checker_initiator_tag", False):
631
if getattr(self, "checker_initiator_tag", None) is not None:
589
632
gobject.source_remove(self.checker_initiator_tag)
590
633
self.checker_initiator_tag = None
591
634
self.stop_checker()
592
635
self.enabled = False
636
if not quiet:
637
self.send_changedstate()
593
638
# Do not run this again if called by a gobject.timeout_add
594
639
return False
595
640
599
644
def init_checker(self):
600
645
# Schedule a new checker to be started an 'interval' from now,
601
646
# and every interval from then on.
602
self.checker_initiator_tag = (gobject.timeout_add
603
(self.interval_milliseconds(),
604
self.start_checker))
647
if self.checker_initiator_tag is not None:
648
gobject.source_remove(self.checker_initiator_tag)
649
self.checker_initiator_tag = gobject.timeout_add(
650
int(self.interval.total_seconds() * 1000),
651
self.start_checker)
605
652
# Schedule a disable() when 'timeout' has passed
606
self.disable_initiator_tag = (gobject.timeout_add
607
(self.timeout_milliseconds(),
608
self.disable))
653
if self.disable_initiator_tag is not None:
654
gobject.source_remove(self.disable_initiator_tag)
655
self.disable_initiator_tag = gobject.timeout_add(
656
int(self.timeout.total_seconds() * 1000), self.disable)
609
657
# Also start a new checker *right now*.
610
658
self.start_checker()
611
659
612
def checker_callback(self, pid, condition, command):
660
def checker_callback(self, source, condition, connection,
661
command):
613
662
"""The checker has completed, so take appropriate actions."""
614
663
self.checker_callback_tag = None
615
664
self.checker = None
616
if os.WIFEXITED(condition):
617
self.last_checker_status = os.WEXITSTATUS(condition)
665
# Read return code from connection (see call_pipe)
666
returncode = connection.recv()
667
connection.close()
668
669
if returncode >= 0:
670
self.last_checker_status = returncode
671
self.last_checker_signal = None
618
672
if self.last_checker_status == 0:
619
673
logger.info("Checker for %(name)s succeeded",
620
674
vars(self))
621
675
self.checked_ok()
622
676
else:
623
logger.info("Checker for %(name)s failed",
624
vars(self))
677
logger.info("Checker for %(name)s failed", vars(self))
625
678
else:
626
679
self.last_checker_status = -1
680
self.last_checker_signal = -returncode
627
681
logger.warning("Checker for %(name)s crashed?",
628
682
vars(self))
683
return False
629
684
630
685
def checked_ok(self):
631
686
"""Assert that the client has been seen, alive and well."""
632
687
self.last_checked_ok = datetime.datetime.utcnow()
633
688
self.last_checker_status = 0
689
self.last_checker_signal = None
634
690
self.bump_timeout()
635
691
636
692
def bump_timeout(self, timeout=None):
639
695
timeout = self.timeout
640
696
if self.disable_initiator_tag is not None:
641
697
gobject.source_remove(self.disable_initiator_tag)
698
self.disable_initiator_tag = None
642
699
if getattr(self, "enabled", False):
643
self.disable_initiator_tag = (gobject.timeout_add
644
(timedelta_to_milliseconds
645
(timeout), self.disable))
700
self.disable_initiator_tag = gobject.timeout_add(
701
int(timeout.total_seconds() * 1000), self.disable)
646
702
self.expires = datetime.datetime.utcnow() + timeout
647
703
648
704
def need_approval(self):
654
710
If a checker already exists, leave it running and do
655
711
nothing."""
656
712
# The reason for not killing a running checker is that if we
657
# did that, then if a checker (for some reason) started
658
# running slowly and taking more than 'interval' time, the
659
# client would inevitably timeout, since no checker would get
660
# a chance to run to completion. If we instead leave running
713
# did that, and if a checker (for some reason) started running
714
# slowly and taking more than 'interval' time, then the client
715
# would inevitably timeout, since no checker would get a
716
# chance to run to completion. If we instead leave running
661
717
# checkers alone, the checker would have to take more time
662
718
# than 'timeout' for the client to be disabled, which is as it
663
719
# should be.
664
720
665
# If a checker exists, make sure it is not a zombie
666
try:
667
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
668
except (AttributeError, OSError) as error:
669
if (isinstance(error, OSError)
670
and error.errno != errno.ECHILD):
671
raise error
672
else:
673
if pid:
674
logger.warning("Checker was a zombie")
675
gobject.source_remove(self.checker_callback_tag)
676
self.checker_callback(pid, status,
677
self.current_checker_command)
721
if self.checker is not None and not self.checker.is_alive():
722
logger.warning("Checker was not alive; joining")
723
self.checker.join()
724
self.checker = None
678
725
# Start a new checker if needed
679
726
if self.checker is None:
727
# Escape attributes for the shell
728
escaped_attrs = {
729
attr: re.escape(str(getattr(self, attr)))
730
for attr in self.runtime_expansions }
680
731
try:
681
# In case checker_command has exactly one % operator
682
command = self.checker_command % self.host
683
except TypeError:
684
# Escape attributes for the shell
685
escaped_attrs = dict(
686
(attr,
687
re.escape(unicode(str(getattr(self, attr, "")),
688
errors=
689
'replace')))
690
for attr in
691
self.runtime_expansions)
692
693
try:
694
command = self.checker_command % escaped_attrs
695
except TypeError as error:
696
logger.error('Could not format string "%s":'
697
' %s', self.checker_command, error)
698
return True # Try again later
732
command = self.checker_command % escaped_attrs
733
except TypeError as error:
734
logger.error('Could not format string "%s"',
735
self.checker_command,
736
exc_info=error)
737
return True # Try again later
699
738
self.current_checker_command = command
700
try:
701
logger.info("Starting checker %r for %s",
702
command, self.name)
703
# We don't need to redirect stdout and stderr, since
704
# in normal mode, that is already done by daemon(),
705
# and in debug mode we don't want to. (Stdin is
706
# always replaced by /dev/null.)
707
self.checker = subprocess.Popen(command,
708
close_fds=True,
709
shell=True, cwd="/")
710
self.checker_callback_tag = (gobject.child_watch_add
711
(self.checker.pid,
712
self.checker_callback,
713
data=command))
714
# The checker may have completed before the gobject
715
# watch was added. Check for this.
716
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
717
if pid:
718
gobject.source_remove(self.checker_callback_tag)
719
self.checker_callback(pid, status, command)
720
except OSError as error:
721
logger.error("Failed to start subprocess: %s",
722
error)
739
logger.info("Starting checker %r for %s", command,
740
self.name)
741
# We don't need to redirect stdout and stderr, since
742
# in normal mode, that is already done by daemon(),
743
# and in debug mode we don't want to. (Stdin is
744
# always replaced by /dev/null.)
745
# The exception is when not debugging but nevertheless
746
# running in the foreground; use the previously
747
# created wnull.
748
popen_args = { "close_fds": True,
749
"shell": True,
750
"cwd": "/" }
751
if (not self.server_settings["debug"]
752
and self.server_settings["foreground"]):
753
popen_args.update({"stdout": wnull,
754
"stderr": wnull })
755
pipe = multiprocessing.Pipe(duplex = False)
756
self.checker = multiprocessing.Process(
757
target = call_pipe,
758
args = (pipe[1], subprocess.call, command),
759
kwargs = popen_args)
760
self.checker.start()
761
self.checker_callback_tag = gobject.io_add_watch(
762
pipe[0].fileno(), gobject.IO_IN,
763
self.checker_callback, pipe[0], command)
723
764
# Re-run this periodically if run by gobject.timeout_add
724
765
return True
725
766
731
772
if getattr(self, "checker", None) is None:
732
773
return
733
774
logger.debug("Stopping checker for %(name)s", vars(self))
734
try:
735
os.kill(self.checker.pid, signal.SIGTERM)
736
#time.sleep(0.5)
737
#if self.checker.poll() is None:
738
# os.kill(self.checker.pid, signal.SIGKILL)
739
except OSError as error:
740
if error.errno != errno.ESRCH: # No such process
741
raise
775
self.checker.terminate()
742
776
self.checker = None
743
777
744
778
745
def dbus_service_property(dbus_interface, signature="v",
746
access="readwrite", byte_arrays=False):
779
def dbus_service_property(dbus_interface,
780
signature="v",
781
access="readwrite",
782
byte_arrays=False):
747
783
"""Decorators for marking methods of a DBusObjectWithProperties to
748
784
become properties on the D-Bus.
749
785
758
794
# "Set" method, so we fail early here:
759
795
if byte_arrays and signature != "ay":
760
796
raise ValueError("Byte arrays not supported for non-'ay'"
761
" signature %r" % signature)
797
" signature {!r}".format(signature))
798
762
799
def decorator(func):
763
800
func._dbus_is_property = True
764
801
func._dbus_interface = dbus_interface
769
806
func._dbus_name = func._dbus_name[:-14]
770
807
func._dbus_get_args_options = {'byte_arrays': byte_arrays }
771
808
return func
809
772
810
return decorator
773
811
774
812
775
813
def dbus_interface_annotations(dbus_interface):
776
"""Decorator for marking functions returning interface annotations.
814
"""Decorator for marking functions returning interface annotations
777
815
778
816
Usage:
779
817
783
821
"org.freedesktop.DBus.Property.EmitsChangedSignal":
784
822
"false"}
785
823
"""
824
786
825
def decorator(func):
787
826
func._dbus_is_interface = True
788
827
func._dbus_interface = dbus_interface
789
828
func._dbus_name = dbus_interface
790
829
return func
830
791
831
return decorator
792
832
793
833
795
835
"""Decorator to annotate D-Bus methods, signals or properties
796
836
Usage:
797
837
838
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true",
839
"org.freedesktop.DBus.Property."
840
"EmitsChangedSignal": "false"})
798
841
@dbus_service_property("org.example.Interface", signature="b",
799
842
access="r")
800
@dbus_annotations({{"org.freedesktop.DBus.Deprecated": "true",
801
"org.freedesktop.DBus.Property."
802
"EmitsChangedSignal": "false"})
803
843
def Property_dbus_property(self):
804
844
return dbus.Boolean(False)
845
846
See also the DBusObjectWithAnnotations class.
805
847
"""
848
806
849
def decorator(func):
807
850
func._dbus_annotations = annotations
808
851
return func
852
809
853
return decorator
810
854
811
855
812
856
class DBusPropertyException(dbus.exceptions.DBusException):
813
857
"""A base class for D-Bus property-related exceptions
814
858
"""
815
def __unicode__(self):
816
return unicode(str(self))
859
pass
817
860
818
861
819
862
class DBusPropertyAccessException(DBusPropertyException):
828
871
pass
829
872
830
873
831
class DBusObjectWithProperties(dbus.service.Object):
832
"""A D-Bus object with properties.
874
class DBusObjectWithAnnotations(dbus.service.Object):
875
"""A D-Bus object with annotations.
833
876
834
Classes inheriting from this can use the dbus_service_property
835
decorator to expose methods as D-Bus properties. It exposes the
836
standard Get(), Set(), and GetAll() methods on the D-Bus.
877
Classes inheriting from this can use the dbus_annotations
878
decorator to add annotations to methods or signals.
837
879
"""
838
880
839
881
@staticmethod
843
885
If called like _is_dbus_thing("method") it returns a function
844
886
suitable for use as predicate to inspect.getmembers().
845
887
"""
846
return lambda obj: getattr(obj, "_dbus_is_{0}".format(thing),
888
return lambda obj: getattr(obj, "_dbus_is_{}".format(thing),
847
889
False)
848
890
849
891
def _get_all_dbus_things(self, thing):
850
892
"""Returns a generator of (name, attribute) pairs
851
893
"""
852
return ((getattr(athing.__get__(self), "_dbus_name",
853
name),
894
return ((getattr(athing.__get__(self), "_dbus_name", name),
854
895
athing.__get__(self))
855
896
for cls in self.__class__.__mro__
856
897
for name, athing in
857
inspect.getmembers(cls,
858
self._is_dbus_thing(thing)))
898
inspect.getmembers(cls, self._is_dbus_thing(thing)))
899
900
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
901
out_signature = "s",
902
path_keyword = 'object_path',
903
connection_keyword = 'connection')
904
def Introspect(self, object_path, connection):
905
"""Overloading of standard D-Bus method.
906
907
Inserts annotation tags on methods and signals.
908
"""
909
xmlstring = dbus.service.Object.Introspect(self, object_path,
910
connection)
911
try:
912
document = xml.dom.minidom.parseString(xmlstring)
913
914
for if_tag in document.getElementsByTagName("interface"):
915
# Add annotation tags
916
for typ in ("method", "signal"):
917
for tag in if_tag.getElementsByTagName(typ):
918
annots = dict()
919
for name, prop in (self.
920
_get_all_dbus_things(typ)):
921
if (name == tag.getAttribute("name")
922
and prop._dbus_interface
923
== if_tag.getAttribute("name")):
924
annots.update(getattr(
925
prop, "_dbus_annotations", {}))
926
for name, value in annots.items():
927
ann_tag = document.createElement(
928
"annotation")
929
ann_tag.setAttribute("name", name)
930
ann_tag.setAttribute("value", value)
931
tag.appendChild(ann_tag)
932
# Add interface annotation tags
933
for annotation, value in dict(
934
itertools.chain.from_iterable(
935
annotations().items()
936
for name, annotations
937
in self._get_all_dbus_things("interface")
938
if name == if_tag.getAttribute("name")
939
)).items():
940
ann_tag = document.createElement("annotation")
941
ann_tag.setAttribute("name", annotation)
942
ann_tag.setAttribute("value", value)
943
if_tag.appendChild(ann_tag)
944
# Fix argument name for the Introspect method itself
945
if (if_tag.getAttribute("name")
946
== dbus.INTROSPECTABLE_IFACE):
947
for cn in if_tag.getElementsByTagName("method"):
948
if cn.getAttribute("name") == "Introspect":
949
for arg in cn.getElementsByTagName("arg"):
950
if (arg.getAttribute("direction")
951
== "out"):
952
arg.setAttribute("name",
953
"xml_data")
954
xmlstring = document.toxml("utf-8")
955
document.unlink()
956
except (AttributeError, xml.dom.DOMException,
957
xml.parsers.expat.ExpatError) as error:
958
logger.error("Failed to override Introspection method",
959
exc_info=error)
960
return xmlstring
961
962
963
class DBusObjectWithProperties(DBusObjectWithAnnotations):
964
"""A D-Bus object with properties.
965
966
Classes inheriting from this can use the dbus_service_property
967
decorator to expose methods as D-Bus properties. It exposes the
968
standard Get(), Set(), and GetAll() methods on the D-Bus.
969
"""
859
970
860
971
def _get_dbus_property(self, interface_name, property_name):
861
972
"""Returns a bound method if one exists which is a D-Bus
862
973
property with the specified name and interface.
863
974
"""
864
for cls in self.__class__.__mro__:
865
for name, value in (inspect.getmembers
866
(cls,
867
self._is_dbus_thing("property"))):
975
for cls in self.__class__.__mro__:
976
for name, value in inspect.getmembers(
977
cls, self._is_dbus_thing("property")):
868
978
if (value._dbus_name == property_name
869
979
and value._dbus_interface == interface_name):
870
980
return value.__get__(self)
871
981
872
982
# No such property
873
raise DBusPropertyNotFound(self.dbus_object_path + ":"
874
+ interface_name + "."
875
+ property_name)
876
877
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
983
raise DBusPropertyNotFound("{}:{}.{}".format(
984
self.dbus_object_path, interface_name, property_name))
985
986
@classmethod
987
def _get_all_interface_names(cls):
988
"""Get a sequence of all interfaces supported by an object"""
989
return (name for name in set(getattr(getattr(x, attr),
990
"_dbus_interface", None)
991
for x in (inspect.getmro(cls))
992
for attr in dir(x))
993
if name is not None)
994
995
@dbus.service.method(dbus.PROPERTIES_IFACE,
996
in_signature="ss",
878
997
out_signature="v")
879
998
def Get(self, interface_name, property_name):
880
999
"""Standard D-Bus property Get() method, see D-Bus standard.
898
1017
# The byte_arrays option is not supported yet on
899
1018
# signatures other than "ay".
900
1019
if prop._dbus_signature != "ay":
901
raise ValueError
1020
raise ValueError("Byte arrays not supported for non-"
1021
"'ay' signature {!r}"
1022
.format(prop._dbus_signature))
902
1023
value = dbus.ByteArray(b''.join(chr(byte)
903
1024
for byte in value))
904
1025
prop(value)
905
1026
906
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
1027
@dbus.service.method(dbus.PROPERTIES_IFACE,
1028
in_signature="s",
907
1029
out_signature="a{sv}")
908
1030
def GetAll(self, interface_name):
909
1031
"""Standard D-Bus property GetAll() method, see D-Bus
924
1046
if not hasattr(value, "variant_level"):
925
1047
properties[name] = value
926
1048
continue
927
properties[name] = type(value)(value, variant_level=
928
value.variant_level+1)
1049
properties[name] = type(value)(
1050
value, variant_level = value.variant_level + 1)
929
1051
return dbus.Dictionary(properties, signature="sv")
930
1052
1053
@dbus.service.signal(dbus.PROPERTIES_IFACE, signature="sa{sv}as")
1054
def PropertiesChanged(self, interface_name, changed_properties,
1055
invalidated_properties):
1056
"""Standard D-Bus PropertiesChanged() signal, see D-Bus
1057
standard.
1058
"""
1059
pass
1060
931
1061
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
932
1062
out_signature="s",
933
1063
path_keyword='object_path',
937
1067
938
1068
Inserts property tags and interface annotation tags.
939
1069
"""
940
xmlstring = dbus.service.Object.Introspect(self, object_path,
941
connection)
1070
xmlstring = DBusObjectWithAnnotations.Introspect(self,
1071
object_path,
1072
connection)
942
1073
try:
943
1074
document = xml.dom.minidom.parseString(xmlstring)
1075
944
1076
def make_tag(document, name, prop):
945
1077
e = document.createElement("property")
946
1078
e.setAttribute("name", name)
947
1079
e.setAttribute("type", prop._dbus_signature)
948
1080
e.setAttribute("access", prop._dbus_access)
949
1081
return e
1082
950
1083
for if_tag in document.getElementsByTagName("interface"):
951
1084
# Add property tags
952
1085
for tag in (make_tag(document, name, prop)
955
1088
if prop._dbus_interface
956
1089
== if_tag.getAttribute("name")):
957
1090
if_tag.appendChild(tag)
958
# Add annotation tags
959
for typ in ("method", "signal", "property"):
960
for tag in if_tag.getElementsByTagName(typ):
961
annots = dict()
962
for name, prop in (self.
963
_get_all_dbus_things(typ)):
964
if (name == tag.getAttribute("name")
965
and prop._dbus_interface
966
== if_tag.getAttribute("name")):
967
annots.update(getattr
968
(prop,
969
"_dbus_annotations",
970
{}))
971
for name, value in annots.iteritems():
972
ann_tag = document.createElement(
973
"annotation")
974
ann_tag.setAttribute("name", name)
975
ann_tag.setAttribute("value", value)
976
tag.appendChild(ann_tag)
977
# Add interface annotation tags
978
for annotation, value in dict(
979
itertools.chain(
980
*(annotations().iteritems()
981
for name, annotations in
982
self._get_all_dbus_things("interface")
983
if name == if_tag.getAttribute("name")
984
))).iteritems():
985
ann_tag = document.createElement("annotation")
986
ann_tag.setAttribute("name", annotation)
987
ann_tag.setAttribute("value", value)
988
if_tag.appendChild(ann_tag)
1091
# Add annotation tags for properties
1092
for tag in if_tag.getElementsByTagName("property"):
1093
annots = dict()
1094
for name, prop in self._get_all_dbus_things(
1095
"property"):
1096
if (name == tag.getAttribute("name")
1097
and prop._dbus_interface
1098
== if_tag.getAttribute("name")):
1099
annots.update(getattr(
1100
prop, "_dbus_annotations", {}))
1101
for name, value in annots.items():
1102
ann_tag = document.createElement(
1103
"annotation")
1104
ann_tag.setAttribute("name", name)
1105
ann_tag.setAttribute("value", value)
1106
tag.appendChild(ann_tag)
989
1107
# Add the names to the return values for the
990
1108
# "org.freedesktop.DBus.Properties" methods
991
1109
if (if_tag.getAttribute("name")
1006
1124
except (AttributeError, xml.dom.DOMException,
1007
1125
xml.parsers.expat.ExpatError) as error:
1008
1126
logger.error("Failed to override Introspection method",
1009
error)
1010
return xmlstring
1011
1012
1013
def datetime_to_dbus (dt, variant_level=0):
1127
exc_info=error)
1128
return xmlstring
1129
1130
try:
1131
dbus.OBJECT_MANAGER_IFACE
1132
except AttributeError:
1133
dbus.OBJECT_MANAGER_IFACE = "org.freedesktop.DBus.ObjectManager"
1134
1135
class DBusObjectWithObjectManager(DBusObjectWithAnnotations):
1136
"""A D-Bus object with an ObjectManager.
1137
1138
Classes inheriting from this exposes the standard
1139
GetManagedObjects call and the InterfacesAdded and
1140
InterfacesRemoved signals on the standard
1141
"org.freedesktop.DBus.ObjectManager" interface.
1142
1143
Note: No signals are sent automatically; they must be sent
1144
manually.
1145
"""
1146
@dbus.service.method(dbus.OBJECT_MANAGER_IFACE,
1147
out_signature = "a{oa{sa{sv}}}")
1148
def GetManagedObjects(self):
1149
"""This function must be overridden"""
1150
raise NotImplementedError()
1151
1152
@dbus.service.signal(dbus.OBJECT_MANAGER_IFACE,
1153
signature = "oa{sa{sv}}")
1154
def InterfacesAdded(self, object_path, interfaces_and_properties):
1155
pass
1156
1157
@dbus.service.signal(dbus.OBJECT_MANAGER_IFACE, signature = "oas")
1158
def InterfacesRemoved(self, object_path, interfaces):
1159
pass
1160
1161
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
1162
out_signature = "s",
1163
path_keyword = 'object_path',
1164
connection_keyword = 'connection')
1165
def Introspect(self, object_path, connection):
1166
"""Overloading of standard D-Bus method.
1167
1168
Override return argument name of GetManagedObjects to be
1169
"objpath_interfaces_and_properties"
1170
"""
1171
xmlstring = DBusObjectWithAnnotations.Introspect(self,
1172
object_path,
1173
connection)
1174
try:
1175
document = xml.dom.minidom.parseString(xmlstring)
1176
1177
for if_tag in document.getElementsByTagName("interface"):
1178
# Fix argument name for the GetManagedObjects method
1179
if (if_tag.getAttribute("name")
1180
== dbus.OBJECT_MANAGER_IFACE):
1181
for cn in if_tag.getElementsByTagName("method"):
1182
if (cn.getAttribute("name")
1183
== "GetManagedObjects"):
1184
for arg in cn.getElementsByTagName("arg"):
1185
if (arg.getAttribute("direction")
1186
== "out"):
1187
arg.setAttribute(
1188
"name",
1189
"objpath_interfaces"
1190
"_and_properties")
1191
xmlstring = document.toxml("utf-8")
1192
document.unlink()
1193
except (AttributeError, xml.dom.DOMException,
1194
xml.parsers.expat.ExpatError) as error:
1195
logger.error("Failed to override Introspection method",
1196
exc_info = error)
1197
return xmlstring
1198
1199
def datetime_to_dbus(dt, variant_level=0):
1014
1200
"""Convert a UTC datetime.datetime() to a D-Bus type."""
1015
1201
if dt is None:
1016
1202
return dbus.String("", variant_level = variant_level)
1017
return dbus.String(dt.isoformat(),
1018
variant_level=variant_level)
1019
1020
1021
class AlternateDBusNamesMetaclass(DBusObjectWithProperties
1022
.__metaclass__):
1023
"""Applied to an empty subclass of a D-Bus object, this metaclass
1024
will add additional D-Bus attributes matching a certain pattern.
1203
return dbus.String(dt.isoformat(), variant_level=variant_level)
1204
1205
1206
def alternate_dbus_interfaces(alt_interface_names, deprecate=True):
1207
"""A class decorator; applied to a subclass of
1208
dbus.service.Object, it will add alternate D-Bus attributes with
1209
interface names according to the "alt_interface_names" mapping.
1210
Usage:
1211
1212
@alternate_dbus_interfaces({"org.example.Interface":
1213
"net.example.AlternateInterface"})
1214
class SampleDBusObject(dbus.service.Object):
1215
@dbus.service.method("org.example.Interface")
1216
def SampleDBusMethod():
1217
pass
1218
1219
The above "SampleDBusMethod" on "SampleDBusObject" will be
1220
reachable via two interfaces: "org.example.Interface" and
1221
"net.example.AlternateInterface", the latter of which will have
1222
its D-Bus annotation "org.freedesktop.DBus.Deprecated" set to
1223
"true", unless "deprecate" is passed with a False value.
1224
1225
This works for methods and signals, and also for D-Bus properties
1226
(from DBusObjectWithProperties) and interfaces (from the
1227
dbus_interface_annotations decorator).
1025
1228
"""
1026
def __new__(mcs, name, bases, attr):
1027
# Go through all the base classes which could have D-Bus
1028
# methods, signals, or properties in them
1029
old_interface_names = []
1030
for base in (b for b in bases
1031
if issubclass(b, dbus.service.Object)):
1032
# Go though all attributes of the base class
1033
for attrname, attribute in inspect.getmembers(base):
1229
1230
def wrapper(cls):
1231
for orig_interface_name, alt_interface_name in (
1232
alt_interface_names.items()):
1233
attr = {}
1234
interface_names = set()
1235
# Go though all attributes of the class
1236
for attrname, attribute in inspect.getmembers(cls):
1034
1237
# Ignore non-D-Bus attributes, and D-Bus attributes
1035
1238
# with the wrong interface name
1036
1239
if (not hasattr(attribute, "_dbus_interface")
1037
or not attribute._dbus_interface
1038
.startswith("se.recompile.Mandos")):
1240
or not attribute._dbus_interface.startswith(
1241
orig_interface_name)):
1039
1242
continue
1040
1243
# Create an alternate D-Bus interface name based on
1041
1244
# the current name
1042
alt_interface = (attribute._dbus_interface
1043
.replace("se.recompile.Mandos",
1044
"se.bsnet.fukt.Mandos"))
1045
if alt_interface != attribute._dbus_interface:
1046
old_interface_names.append(alt_interface)
1245
alt_interface = attribute._dbus_interface.replace(
1246
orig_interface_name, alt_interface_name)
1247
interface_names.add(alt_interface)
1047
1248
# Is this a D-Bus signal?
1048
1249
if getattr(attribute, "_dbus_is_signal", False):
1049
# Extract the original non-method function by
1050
# black magic
1051
nonmethod_func = (dict(
1250
if sys.version_info.major == 2:
1251
# Extract the original non-method undecorated
1252
# function by black magic
1253
nonmethod_func = (dict(
1052
1254
zip(attribute.func_code.co_freevars,
1053
attribute.__closure__))["func"]
1054
.cell_contents)
1255
attribute.__closure__))
1256
["func"].cell_contents)
1257
else:
1258
nonmethod_func = attribute
1055
1259
# Create a new, but exactly alike, function
1056
1260
# object, and decorate it to be a new D-Bus signal
1057
1261
# with the alternate D-Bus interface name
1058
new_function = (dbus.service.signal
1059
(alt_interface,
1060
attribute._dbus_signature)
1061
(types.FunctionType(
1062
nonmethod_func.func_code,
1063
nonmethod_func.func_globals,
1064
nonmethod_func.func_name,
1065
nonmethod_func.func_defaults,
1066
nonmethod_func.func_closure)))
1262
if sys.version_info.major == 2:
1263
new_function = types.FunctionType(
1264
nonmethod_func.func_code,
1265
nonmethod_func.func_globals,
1266
nonmethod_func.func_name,
1267
nonmethod_func.func_defaults,
1268
nonmethod_func.func_closure)
1269
else:
1270
new_function = types.FunctionType(
1271
nonmethod_func.__code__,
1272
nonmethod_func.__globals__,
1273
nonmethod_func.__name__,
1274
nonmethod_func.__defaults__,
1275
nonmethod_func.__closure__)
1276
new_function = (dbus.service.signal(
1277
alt_interface,
1278
attribute._dbus_signature)(new_function))
1067
1279
# Copy annotations, if any
1068
1280
try:
1069
new_function._dbus_annotations = (
1070
dict(attribute._dbus_annotations))
1281
new_function._dbus_annotations = dict(
1282
attribute._dbus_annotations)
1071
1283
except AttributeError:
1072
1284
pass
1073
1285
# Define a creator of a function to call both the
1074
# old and new functions, so both the old and new
1075
# signals gets sent when the function is called
1286
# original and alternate functions, so both the
1287
# original and alternate signals gets sent when
1288
# the function is called
1076
1289
def fixscope(func1, func2):
1077
1290
"""This function is a scope container to pass
1078
1291
func1 and func2 to the "call_both" function
1079
1292
outside of its arguments"""
1293
1294
@functools.wraps(func2)
1080
1295
def call_both(*args, **kwargs):
1081
1296
"""This function will emit two D-Bus
1082
1297
signals by calling func1 and func2"""
1083
1298
func1(*args, **kwargs)
1084
1299
func2(*args, **kwargs)
1300
# Make wrapper function look like a D-Bus signal
1301
for name, attr in inspect.getmembers(func2):
1302
if name.startswith("_dbus_"):
1303
setattr(call_both, name, attr)
1304
1085
1305
return call_both
1086
1306
# Create the "call_both" function and add it to
1087
1307
# the class
1088
attr[attrname] = fixscope(attribute,
1089
new_function)
1308
attr[attrname] = fixscope(attribute, new_function)
1090
1309
# Is this a D-Bus method?
1091
1310
elif getattr(attribute, "_dbus_is_method", False):
1092
1311
# Create a new, but exactly alike, function
1093
1312
# object. Decorate it to be a new D-Bus method
1094
1313
# with the alternate D-Bus interface name. Add it
1095
1314
# to the class.
1096
attr[attrname] = (dbus.service.method
1097
(alt_interface,
1098
attribute._dbus_in_signature,
1099
attribute._dbus_out_signature)
1100
(types.FunctionType
1101
(attribute.func_code,
1102
attribute.func_globals,
1103
attribute.func_name,
1104
attribute.func_defaults,
1105
attribute.func_closure)))
1315
attr[attrname] = (
1316
dbus.service.method(
1317
alt_interface,
1318
attribute._dbus_in_signature,
1319
attribute._dbus_out_signature)
1320
(types.FunctionType(attribute.func_code,
1321
attribute.func_globals,
1322
attribute.func_name,
1323
attribute.func_defaults,
1324
attribute.func_closure)))
1106
1325
# Copy annotations, if any
1107
1326
try:
1108
attr[attrname]._dbus_annotations = (
1109
dict(attribute._dbus_annotations))
1327
attr[attrname]._dbus_annotations = dict(
1328
attribute._dbus_annotations)
1110
1329
except AttributeError:
1111
1330
pass
1112
1331
# Is this a D-Bus property?
1115
1334
# object, and decorate it to be a new D-Bus
1116
1335
# property with the alternate D-Bus interface
1117
1336
# name. Add it to the class.
1118
attr[attrname] = (dbus_service_property
1119
(alt_interface,
1120
attribute._dbus_signature,
1121
attribute._dbus_access,
1122
attribute
1123
._dbus_get_args_options
1124
["byte_arrays"])
1125
(types.FunctionType
1126
(attribute.func_code,
1127
attribute.func_globals,
1128
attribute.func_name,
1129
attribute.func_defaults,
1130
attribute.func_closure)))
1337
attr[attrname] = (dbus_service_property(
1338
alt_interface, attribute._dbus_signature,
1339
attribute._dbus_access,
1340
attribute._dbus_get_args_options
1341
["byte_arrays"])
1342
(types.FunctionType(
1343
attribute.func_code,
1344
attribute.func_globals,
1345
attribute.func_name,
1346
attribute.func_defaults,
1347
attribute.func_closure)))
1131
1348
# Copy annotations, if any
1132
1349
try:
1133
attr[attrname]._dbus_annotations = (
1134
dict(attribute._dbus_annotations))
1350
attr[attrname]._dbus_annotations = dict(
1351
attribute._dbus_annotations)
1135
1352
except AttributeError:
1136
1353
pass
1137
1354
# Is this a D-Bus interface?
1140
1357
# object. Decorate it to be a new D-Bus interface
1141
1358
# with the alternate D-Bus interface name. Add it
1142
1359
# to the class.
1143
attr[attrname] = (dbus_interface_annotations
1144
(alt_interface)
1145
(types.FunctionType
1146
(attribute.func_code,
1147
attribute.func_globals,
1148
attribute.func_name,
1149
attribute.func_defaults,
1150
attribute.func_closure)))
1151
# Deprecate all old interfaces
1152
basename="_AlternateDBusNamesMetaclass_interface_annotation{0}"
1153
for old_interface_name in old_interface_names:
1154
@dbus_interface_annotations(old_interface_name)
1155
def func(self):
1156
return { "org.freedesktop.DBus.Deprecated": "true" }
1157
# Find an unused name
1158
for aname in (basename.format(i) for i in
1159
itertools.count()):
1160
if aname not in attr:
1161
attr[aname] = func
1162
break
1163
return type.__new__(mcs, name, bases, attr)
1164
1165
1360
attr[attrname] = (
1361
dbus_interface_annotations(alt_interface)
1362
(types.FunctionType(attribute.func_code,
1363
attribute.func_globals,
1364
attribute.func_name,
1365
attribute.func_defaults,
1366
attribute.func_closure)))
1367
if deprecate:
1368
# Deprecate all alternate interfaces
1369
iname="_AlternateDBusNames_interface_annotation{}"
1370
for interface_name in interface_names:
1371
1372
@dbus_interface_annotations(interface_name)
1373
def func(self):
1374
return { "org.freedesktop.DBus.Deprecated":
1375
"true" }
1376
# Find an unused name
1377
for aname in (iname.format(i)
1378
for i in itertools.count()):
1379
if aname not in attr:
1380
attr[aname] = func
1381
break
1382
if interface_names:
1383
# Replace the class with a new subclass of it with
1384
# methods, signals, etc. as created above.
1385
cls = type(b"{}Alternate".format(cls.__name__),
1386
(cls, ), attr)
1387
return cls
1388
1389
return wrapper
1390
1391
1392
@alternate_dbus_interfaces({"se.recompile.Mandos":
1393
"se.bsnet.fukt.Mandos"})
1166
1394
class ClientDBus(Client, DBusObjectWithProperties):
1167
1395
"""A Client class using D-Bus
1168
1396
1172
1400
"""
1173
1401
1174
1402
runtime_expansions = (Client.runtime_expansions
1175
+ ("dbus_object_path",))
1403
+ ("dbus_object_path", ))
1404
1405
_interface = "se.recompile.Mandos.Client"
1176
1406
1177
1407
# dbus.service.Object doesn't use super(), so we can't either.
1178
1408
1181
1411
Client.__init__(self, *args, **kwargs)
1182
1412
# Only now, when this client is initialized, can it show up on
1183
1413
# the D-Bus
1184
client_object_name = unicode(self.name).translate(
1414
client_object_name = str(self.name).translate(
1185
1415
{ord("."): ord("_"),
1186
1416
ord("-"): ord("_")})
1187
self.dbus_object_path = (dbus.ObjectPath
1188
("/clients/" + client_object_name))
1417
self.dbus_object_path = dbus.ObjectPath(
1418
"/clients/" + client_object_name)
1189
1419
DBusObjectWithProperties.__init__(self, self.bus,
1190
1420
self.dbus_object_path)
1191
1192
def notifychangeproperty(transform_func,
1193
dbus_name, type_func=lambda x: x,
1194
variant_level=1):
1421
1422
def notifychangeproperty(transform_func, dbus_name,
1423
type_func=lambda x: x,
1424
variant_level=1,
1425
invalidate_only=False,
1426
_interface=_interface):
1195
1427
""" Modify a variable so that it's a property which announces
1196
1428
its changes to DBus.
1197
1429
1202
1434
to the D-Bus. Default: no transform
1203
1435
variant_level: D-Bus variant level. Default: 1
1204
1436
"""
1205
attrname = "_{0}".format(dbus_name)
1437
attrname = "_{}".format(dbus_name)
1438
1206
1439
def setter(self, value):
1207
1440
if hasattr(self, "dbus_object_path"):
1208
1441
if (not hasattr(self, attrname) or
1209
1442
type_func(getattr(self, attrname, None))
1210
1443
!= type_func(value)):
1211
dbus_value = transform_func(type_func(value),
1212
variant_level
1213
=variant_level)
1214
self.PropertyChanged(dbus.String(dbus_name),
1215
dbus_value)
1444
if invalidate_only:
1445
self.PropertiesChanged(
1446
_interface, dbus.Dictionary(),
1447
dbus.Array((dbus_name, )))
1448
else:
1449
dbus_value = transform_func(
1450
type_func(value),
1451
variant_level = variant_level)
1452
self.PropertyChanged(dbus.String(dbus_name),
1453
dbus_value)
1454
self.PropertiesChanged(
1455
_interface,
1456
dbus.Dictionary({ dbus.String(dbus_name):
1457
dbus_value }),
1458
dbus.Array())
1216
1459
setattr(self, attrname, value)
1217
1460
1218
1461
return property(lambda self: getattr(self, attrname), setter)
1219
1462
1220
1221
1463
expires = notifychangeproperty(datetime_to_dbus, "Expires")
1222
1464
approvals_pending = notifychangeproperty(dbus.Boolean,
1223
1465
"ApprovalPending",
1225
1467
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
1226
1468
last_enabled = notifychangeproperty(datetime_to_dbus,
1227
1469
"LastEnabled")
1228
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
1229
type_func = lambda checker:
1230
checker is not None)
1470
checker = notifychangeproperty(
1471
dbus.Boolean, "CheckerRunning",
1472
type_func = lambda checker: checker is not None)
1231
1473
last_checked_ok = notifychangeproperty(datetime_to_dbus,
1232
1474
"LastCheckedOK")
1233
1475
last_checker_status = notifychangeproperty(dbus.Int16,
1236
1478
datetime_to_dbus, "LastApprovalRequest")
1237
1479
approved_by_default = notifychangeproperty(dbus.Boolean,
1238
1480
"ApprovedByDefault")
1239
approval_delay = notifychangeproperty(dbus.UInt64,
1240
"ApprovalDelay",
1241
type_func =
1242
timedelta_to_milliseconds)
1481
approval_delay = notifychangeproperty(
1482
dbus.UInt64, "ApprovalDelay",
1483
type_func = lambda td: td.total_seconds() * 1000)
1243
1484
approval_duration = notifychangeproperty(
1244
1485
dbus.UInt64, "ApprovalDuration",
1245
type_func = timedelta_to_milliseconds)
1486
type_func = lambda td: td.total_seconds() * 1000)
1246
1487
host = notifychangeproperty(dbus.String, "Host")
1247
timeout = notifychangeproperty(dbus.UInt64, "Timeout",
1248
type_func =
1249
timedelta_to_milliseconds)
1488
timeout = notifychangeproperty(
1489
dbus.UInt64, "Timeout",
1490
type_func = lambda td: td.total_seconds() * 1000)
1250
1491
extended_timeout = notifychangeproperty(
1251
1492
dbus.UInt64, "ExtendedTimeout",
1252
type_func = timedelta_to_milliseconds)
1253
interval = notifychangeproperty(dbus.UInt64,
1254
"Interval",
1255
type_func =
1256
timedelta_to_milliseconds)
1493
type_func = lambda td: td.total_seconds() * 1000)
1494
interval = notifychangeproperty(
1495
dbus.UInt64, "Interval",
1496
type_func = lambda td: td.total_seconds() * 1000)
1257
1497
checker_command = notifychangeproperty(dbus.String, "Checker")
1498
secret = notifychangeproperty(dbus.ByteArray, "Secret",
1499
invalidate_only=True)
1258
1500
1259
1501
del notifychangeproperty
1260
1502
1267
1509
DBusObjectWithProperties.__del__(self, *args, **kwargs)
1268
1510
Client.__del__(self, *args, **kwargs)
1269
1511
1270
def checker_callback(self, pid, condition, command,
1271
*args, **kwargs):
1272
self.checker_callback_tag = None
1273
self.checker = None
1274
if os.WIFEXITED(condition):
1275
exitstatus = os.WEXITSTATUS(condition)
1512
def checker_callback(self, source, condition,
1513
connection, command, *args, **kwargs):
1514
ret = Client.checker_callback(self, source, condition,
1515
connection, command, *args,
1516
**kwargs)
1517
exitstatus = self.last_checker_status
1518
if exitstatus >= 0:
1276
1519
# Emit D-Bus signal
1277
1520
self.CheckerCompleted(dbus.Int16(exitstatus),
1278
dbus.Int64(condition),
1521
# This is specific to GNU libC
1522
dbus.Int64(exitstatus << 8),
1279
1523
dbus.String(command))
1280
1524
else:
1281
1525
# Emit D-Bus signal
1282
1526
self.CheckerCompleted(dbus.Int16(-1),
1283
dbus.Int64(condition),
1527
dbus.Int64(
1528
# This is specific to GNU libC
1529
(exitstatus << 8)
1530
| self.last_checker_signal),
1284
1531
dbus.String(command))
1285
1286
return Client.checker_callback(self, pid, condition, command,
1287
*args, **kwargs)
1532
return ret
1288
1533
1289
1534
def start_checker(self, *args, **kwargs):
1290
old_checker = self.checker
1291
if self.checker is not None:
1292
old_checker_pid = self.checker.pid
1293
else:
1294
old_checker_pid = None
1535
old_checker_pid = getattr(self.checker, "pid", None)
1295
1536
r = Client.start_checker(self, *args, **kwargs)
1296
1537
# Only if new checker process was started
1297
1538
if (self.checker is not None
1305
1546
return False
1306
1547
1307
1548
def approve(self, value=True):
1308
self.send_changedstate()
1309
1549
self.approved = value
1310
gobject.timeout_add(timedelta_to_milliseconds
1311
(self.approval_duration),
1312
self._reset_approved)
1313
1550
gobject.timeout_add(int(self.approval_duration.total_seconds()
1551
* 1000), self._reset_approved)
1552
self.send_changedstate()
1314
1553
1315
1554
## D-Bus methods, signals & properties
1316
_interface = "se.recompile.Mandos.Client"
1317
1555
1318
1556
## Interfaces
1319
1557
1320
@dbus_interface_annotations(_interface)
1321
def _foo(self):
1322
return { "org.freedesktop.DBus.Property.EmitsChangedSignal":
1323
"false"}
1324
1325
1558
## Signals
1326
1559
1327
1560
# CheckerCompleted - signal
1337
1570
pass
1338
1571
1339
1572
# PropertyChanged - signal
1573
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1340
1574
@dbus.service.signal(_interface, signature="sv")
1341
1575
def PropertyChanged(self, property, value):
1342
1576
"D-Bus signal"
1376
1610
self.checked_ok()
1377
1611
1378
1612
# Enable - method
1613
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1379
1614
@dbus.service.method(_interface)
1380
1615
def Enable(self):
1381
1616
"D-Bus method"
1382
1617
self.enable()
1383
1618
1384
1619
# StartChecker - method
1620
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1385
1621
@dbus.service.method(_interface)
1386
1622
def StartChecker(self):
1387
1623
"D-Bus method"
1388
1624
self.start_checker()
1389
1625
1390
1626
# Disable - method
1627
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1391
1628
@dbus.service.method(_interface)
1392
1629
def Disable(self):
1393
1630
"D-Bus method"
1394
1631
self.disable()
1395
1632
1396
1633
# StopChecker - method
1634
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1397
1635
@dbus.service.method(_interface)
1398
1636
def StopChecker(self):
1399
1637
self.stop_checker()
1406
1644
return dbus.Boolean(bool(self.approvals_pending))
1407
1645
1408
1646
# ApprovedByDefault - property
1409
@dbus_service_property(_interface, signature="b",
1647
@dbus_service_property(_interface,
1648
signature="b",
1410
1649
access="readwrite")
1411
1650
def ApprovedByDefault_dbus_property(self, value=None):
1412
1651
if value is None: # get
1414
1653
self.approved_by_default = bool(value)
1415
1654
1416
1655
# ApprovalDelay - property
1417
@dbus_service_property(_interface, signature="t",
1656
@dbus_service_property(_interface,
1657
signature="t",
1418
1658
access="readwrite")
1419
1659
def ApprovalDelay_dbus_property(self, value=None):
1420
1660
if value is None: # get
1421
return dbus.UInt64(self.approval_delay_milliseconds())
1661
return dbus.UInt64(self.approval_delay.total_seconds()
1662
* 1000)
1422
1663
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1423
1664
1424
1665
# ApprovalDuration - property
1425
@dbus_service_property(_interface, signature="t",
1666
@dbus_service_property(_interface,
1667
signature="t",
1426
1668
access="readwrite")
1427
1669
def ApprovalDuration_dbus_property(self, value=None):
1428
1670
if value is None: # get
1429
return dbus.UInt64(timedelta_to_milliseconds(
1430
self.approval_duration))
1671
return dbus.UInt64(self.approval_duration.total_seconds()
1672
* 1000)
1431
1673
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1432
1674
1433
1675
# Name - property
1676
@dbus_annotations(
1677
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1434
1678
@dbus_service_property(_interface, signature="s", access="read")
1435
1679
def Name_dbus_property(self):
1436
1680
return dbus.String(self.name)
1437
1681
1438
1682
# Fingerprint - property
1683
@dbus_annotations(
1684
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1439
1685
@dbus_service_property(_interface, signature="s", access="read")
1440
1686
def Fingerprint_dbus_property(self):
1441
1687
return dbus.String(self.fingerprint)
1442
1688
1443
1689
# Host - property
1444
@dbus_service_property(_interface, signature="s",
1690
@dbus_service_property(_interface,
1691
signature="s",
1445
1692
access="readwrite")
1446
1693
def Host_dbus_property(self, value=None):
1447
1694
if value is None: # get
1448
1695
return dbus.String(self.host)
1449
self.host = unicode(value)
1696
self.host = str(value)
1450
1697
1451
1698
# Created - property
1699
@dbus_annotations(
1700
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1452
1701
@dbus_service_property(_interface, signature="s", access="read")
1453
1702
def Created_dbus_property(self):
1454
1703
return datetime_to_dbus(self.created)
1459
1708
return datetime_to_dbus(self.last_enabled)
1460
1709
1461
1710
# Enabled - property
1462
@dbus_service_property(_interface, signature="b",
1711
@dbus_service_property(_interface,
1712
signature="b",
1463
1713
access="readwrite")
1464
1714
def Enabled_dbus_property(self, value=None):
1465
1715
if value is None: # get
1470
1720
self.disable()
1471
1721
1472
1722
# LastCheckedOK - property
1473
@dbus_service_property(_interface, signature="s",
1723
@dbus_service_property(_interface,
1724
signature="s",
1474
1725
access="readwrite")
1475
1726
def LastCheckedOK_dbus_property(self, value=None):
1476
1727
if value is not None:
1479
1730
return datetime_to_dbus(self.last_checked_ok)
1480
1731
1481
1732
# LastCheckerStatus - property
1482
@dbus_service_property(_interface, signature="n",
1483
access="read")
1733
@dbus_service_property(_interface, signature="n", access="read")
1484
1734
def LastCheckerStatus_dbus_property(self):
1485
1735
return dbus.Int16(self.last_checker_status)
1486
1736
1495
1745
return datetime_to_dbus(self.last_approval_request)
1496
1746
1497
1747
# Timeout - property
1498
@dbus_service_property(_interface, signature="t",
1748
@dbus_service_property(_interface,
1749
signature="t",
1499
1750
access="readwrite")
1500
1751
def Timeout_dbus_property(self, value=None):
1501
1752
if value is None: # get
1502
return dbus.UInt64(self.timeout_milliseconds())
1753
return dbus.UInt64(self.timeout.total_seconds() * 1000)
1754
old_timeout = self.timeout
1503
1755
self.timeout = datetime.timedelta(0, 0, 0, value)
1504
# Reschedule timeout
1756
# Reschedule disabling
1505
1757
if self.enabled:
1506
1758
now = datetime.datetime.utcnow()
1507
time_to_die = timedelta_to_milliseconds(
1508
(self.last_checked_ok + self.timeout) - now)
1509
if time_to_die <= 0:
1759
self.expires += self.timeout - old_timeout
1760
if self.expires <= now:
1510
1761
# The timeout has passed
1511
1762
self.disable()
1512
1763
else:
1513
self.expires = (now +
1514
datetime.timedelta(milliseconds =
1515
time_to_die))
1516
1764
if (getattr(self, "disable_initiator_tag", None)
1517
1765
is None):
1518
1766
return
1519
1767
gobject.source_remove(self.disable_initiator_tag)
1520
self.disable_initiator_tag = (gobject.timeout_add
1521
(time_to_die,
1522
self.disable))
1768
self.disable_initiator_tag = gobject.timeout_add(
1769
int((self.expires - now).total_seconds() * 1000),
1770
self.disable)
1523
1771
1524
1772
# ExtendedTimeout - property
1525
@dbus_service_property(_interface, signature="t",
1773
@dbus_service_property(_interface,
1774
signature="t",
1526
1775
access="readwrite")
1527
1776
def ExtendedTimeout_dbus_property(self, value=None):
1528
1777
if value is None: # get
1529
return dbus.UInt64(self.extended_timeout_milliseconds())
1778
return dbus.UInt64(self.extended_timeout.total_seconds()
1779
* 1000)
1530
1780
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1531
1781
1532
1782
# Interval - property
1533
@dbus_service_property(_interface, signature="t",
1783
@dbus_service_property(_interface,
1784
signature="t",
1534
1785
access="readwrite")
1535
1786
def Interval_dbus_property(self, value=None):
1536
1787
if value is None: # get
1537
return dbus.UInt64(self.interval_milliseconds())
1788
return dbus.UInt64(self.interval.total_seconds() * 1000)
1538
1789
self.interval = datetime.timedelta(0, 0, 0, value)
1539
1790
if getattr(self, "checker_initiator_tag", None) is None:
1540
1791
return
1541
1792
if self.enabled:
1542
1793
# Reschedule checker run
1543
1794
gobject.source_remove(self.checker_initiator_tag)
1544
self.checker_initiator_tag = (gobject.timeout_add
1545
(value, self.start_checker))
1546
self.start_checker() # Start one now, too
1795
self.checker_initiator_tag = gobject.timeout_add(
1796
value, self.start_checker)
1797
self.start_checker() # Start one now, too
1547
1798
1548
1799
# Checker - property
1549
@dbus_service_property(_interface, signature="s",
1800
@dbus_service_property(_interface,
1801
signature="s",
1550
1802
access="readwrite")
1551
1803
def Checker_dbus_property(self, value=None):
1552
1804
if value is None: # get
1553
1805
return dbus.String(self.checker_command)
1554
self.checker_command = unicode(value)
1806
self.checker_command = str(value)
1555
1807
1556
1808
# CheckerRunning - property
1557
@dbus_service_property(_interface, signature="b",
1809
@dbus_service_property(_interface,
1810
signature="b",
1558
1811
access="readwrite")
1559
1812
def CheckerRunning_dbus_property(self, value=None):
1560
1813
if value is None: # get
1565
1818
self.stop_checker()
1566
1819
1567
1820
# ObjectPath - property
1821
@dbus_annotations(
1822
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const",
1823
"org.freedesktop.DBus.Deprecated": "true"})
1568
1824
@dbus_service_property(_interface, signature="o", access="read")
1569
1825
def ObjectPath_dbus_property(self):
1570
1826
return self.dbus_object_path # is already a dbus.ObjectPath
1571
1827
1572
1828
# Secret = property
1573
@dbus_service_property(_interface, signature="ay",
1574
access="write", byte_arrays=True)
1829
@dbus_annotations(
1830
{"org.freedesktop.DBus.Property.EmitsChangedSignal":
1831
"invalidates"})
1832
@dbus_service_property(_interface,
1833
signature="ay",
1834
access="write",
1835
byte_arrays=True)
1575
1836
def Secret_dbus_property(self, value):
1576
self.secret = str(value)
1837
self.secret = bytes(value)
1577
1838
1578
1839
del _interface
1579
1840
1583
1844
self._pipe = child_pipe
1584
1845
self._pipe.send(('init', fpr, address))
1585
1846
if not self._pipe.recv():
1586
raise KeyError()
1847
raise KeyError(fpr)
1587
1848
1588
1849
def __getattribute__(self, name):
1589
1850
if name == '_pipe':
1593
1854
if data[0] == 'data':
1594
1855
return data[1]
1595
1856
if data[0] == 'function':
1857
1596
1858
def func(*args, **kwargs):
1597
1859
self._pipe.send(('funcall', name, args, kwargs))
1598
1860
return self._pipe.recv()[1]
1861
1599
1862
return func
1600
1863
1601
1864
def __setattr__(self, name, value):
1604
1867
self._pipe.send(('setattr', name, value))
1605
1868
1606
1869
1607
class ClientDBusTransitional(ClientDBus):
1608
__metaclass__ = AlternateDBusNamesMetaclass
1609
1610
1611
1870
class ClientHandler(socketserver.BaseRequestHandler, object):
1612
1871
"""A class to handle client connections.
1613
1872
1617
1876
def handle(self):
1618
1877
with contextlib.closing(self.server.child_pipe) as child_pipe:
1619
1878
logger.info("TCP connection from: %s",
1620
unicode(self.client_address))
1879
str(self.client_address))
1621
1880
logger.debug("Pipe FD: %d",
1622
1881
self.server.child_pipe.fileno())
1623
1882
1624
session = (gnutls.connection
1625
.ClientSession(self.request,
1626
gnutls.connection
1627
.X509Credentials()))
1883
session = gnutls.connection.ClientSession(
1884
self.request, gnutls.connection .X509Credentials())
1628
1885
1629
1886
# Note: gnutls.connection.X509Credentials is really a
1630
1887
# generic GnuTLS certificate credentials object so long as
1639
1896
priority = self.server.gnutls_priority
1640
1897
if priority is None:
1641
1898
priority = "NORMAL"
1642
(gnutls.library.functions
1643
.gnutls_priority_set_direct(session._c_object,
1644
priority, None))
1899
gnutls.library.functions.gnutls_priority_set_direct(
1900
session._c_object, priority, None)
1645
1901
1646
1902
# Start communication using the Mandos protocol
1647
1903
# Get protocol number
1649
1905
logger.debug("Protocol version: %r", line)
1650
1906
try:
1651
1907
if int(line.strip().split()[0]) > 1:
1652
raise RuntimeError
1908
raise RuntimeError(line)
1653
1909
except (ValueError, IndexError, RuntimeError) as error:
1654
1910
logger.error("Unknown protocol version: %s", error)
1655
1911
return
1667
1923
approval_required = False
1668
1924
try:
1669
1925
try:
1670
fpr = self.fingerprint(self.peer_certificate
1671
(session))
1926
fpr = self.fingerprint(
1927
self.peer_certificate(session))
1672
1928
except (TypeError,
1673
1929
gnutls.errors.GNUTLSError) as error:
1674
1930
logger.warning("Bad certificate: %s", error)
1689
1945
while True:
1690
1946
if not client.enabled:
1691
1947
logger.info("Client %s is disabled",
1692
client.name)
1948
client.name)
1693
1949
if self.server.use_dbus:
1694
1950
# Emit D-Bus signal
1695
1951
client.Rejected("Disabled")
1704
1960
if self.server.use_dbus:
1705
1961
# Emit D-Bus signal
1706
1962
client.NeedApproval(
1707
client.approval_delay_milliseconds(),
1708
client.approved_by_default)
1963
client.approval_delay.total_seconds()
1964
* 1000, client.approved_by_default)
1709
1965
else:
1710
1966
logger.warning("Client %s was not approved",
1711
1967
client.name)
1717
1973
#wait until timeout or approved
1718
1974
time = datetime.datetime.now()
1719
1975
client.changedstate.acquire()
1720
(client.changedstate.wait
1721
(float(client.timedelta_to_milliseconds(delay)
1722
/ 1000)))
1976
client.changedstate.wait(delay.total_seconds())
1723
1977
client.changedstate.release()
1724
1978
time2 = datetime.datetime.now()
1725
1979
if (time2 - time) >= delay:
1741
1995
try:
1742
1996
sent = session.send(client.secret[sent_size:])
1743
1997
except gnutls.errors.GNUTLSError as error:
1744
logger.warning("gnutls send failed")
1998
logger.warning("gnutls send failed",
1999
exc_info=error)
1745
2000
return
1746
logger.debug("Sent: %d, remaining: %d",
1747
sent, len(client.secret)
1748
- (sent_size + sent))
2001
logger.debug("Sent: %d, remaining: %d", sent,
2002
len(client.secret) - (sent_size
2003
+ sent))
1749
2004
sent_size += sent
1750
2005
1751
2006
logger.info("Sending secret to %s", client.name)
1761
2016
try:
1762
2017
session.bye()
1763
2018
except gnutls.errors.GNUTLSError as error:
1764
logger.warning("GnuTLS bye failed")
2019
logger.warning("GnuTLS bye failed",
2020
exc_info=error)
1765
2021
1766
2022
@staticmethod
1767
2023
def peer_certificate(session):
1768
2024
"Return the peer's OpenPGP certificate as a bytestring"
1769
2025
# If not an OpenPGP certificate...
1770
if (gnutls.library.functions
1771
.gnutls_certificate_type_get(session._c_object)
2026
if (gnutls.library.functions.gnutls_certificate_type_get(
2027
session._c_object)
1772
2028
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
1773
2029
# ...do the normal thing
1774
2030
return session.peer_certificate
1788
2044
def fingerprint(openpgp):
1789
2045
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
1790
2046
# New GnuTLS "datum" with the OpenPGP public key
1791
datum = (gnutls.library.types
1792
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
1793
ctypes.POINTER
1794
(ctypes.c_ubyte)),
1795
ctypes.c_uint(len(openpgp))))
2047
datum = gnutls.library.types.gnutls_datum_t(
2048
ctypes.cast(ctypes.c_char_p(openpgp),
2049
ctypes.POINTER(ctypes.c_ubyte)),
2050
ctypes.c_uint(len(openpgp)))
1796
2051
# New empty GnuTLS certificate
1797
2052
crt = gnutls.library.types.gnutls_openpgp_crt_t()
1798
(gnutls.library.functions
1799
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
2053
gnutls.library.functions.gnutls_openpgp_crt_init(
2054
ctypes.byref(crt))
1800
2055
# Import the OpenPGP public key into the certificate
1801
(gnutls.library.functions
1802
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
1803
gnutls.library.constants
1804
.GNUTLS_OPENPGP_FMT_RAW))
2056
gnutls.library.functions.gnutls_openpgp_crt_import(
2057
crt, ctypes.byref(datum),
2058
gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)
1805
2059
# Verify the self signature in the key
1806
2060
crtverify = ctypes.c_uint()
1807
(gnutls.library.functions
1808
.gnutls_openpgp_crt_verify_self(crt, 0,
1809
ctypes.byref(crtverify)))
2061
gnutls.library.functions.gnutls_openpgp_crt_verify_self(
2062
crt, 0, ctypes.byref(crtverify))
1810
2063
if crtverify.value != 0:
1811
2064
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1812
raise (gnutls.errors.CertificateSecurityError
1813
("Verify failed"))
2065
raise gnutls.errors.CertificateSecurityError(
2066
"Verify failed")
1814
2067
# New buffer for the fingerprint
1815
2068
buf = ctypes.create_string_buffer(20)
1816
2069
buf_len = ctypes.c_size_t()
1817
2070
# Get the fingerprint from the certificate into the buffer
1818
(gnutls.library.functions
1819
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
1820
ctypes.byref(buf_len)))
2071
gnutls.library.functions.gnutls_openpgp_crt_get_fingerprint(
2072
crt, ctypes.byref(buf), ctypes.byref(buf_len))
1821
2073
# Deinit the certificate
1822
2074
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1823
2075
# Convert the buffer to a Python bytestring
1829
2081
1830
2082
class MultiprocessingMixIn(object):
1831
2083
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
2084
1832
2085
def sub_process_main(self, request, address):
1833
2086
try:
1834
2087
self.finish_request(request, address)
1839
2092
def process_request(self, request, address):
1840
2093
"""Start a new process to process the request."""
1841
2094
proc = multiprocessing.Process(target = self.sub_process_main,
1842
args = (request,
1843
address))
2095
args = (request, address))
1844
2096
proc.start()
1845
2097
return proc
1846
2098
1847
2099
1848
2100
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
1849
2101
""" adds a pipe to the MixIn """
2102
1850
2103
def process_request(self, request, client_address):
1851
2104
"""Overrides and wraps the original process_request().
1852
2105
1861
2114
1862
2115
def add_pipe(self, parent_pipe, proc):
1863
2116
"""Dummy function; override as necessary"""
1864
raise NotImplementedError
2117
raise NotImplementedError()
1865
2118
1866
2119
1867
2120
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
1873
2126
interface: None or a network interface name (string)
1874
2127
use_ipv6: Boolean; to use IPv6 or not
1875
2128
"""
2129
1876
2130
def __init__(self, server_address, RequestHandlerClass,
1877
interface=None, use_ipv6=True):
2131
interface=None,
2132
use_ipv6=True,
2133
socketfd=None):
2134
"""If socketfd is set, use that file descriptor instead of
2135
creating a new one with socket.socket().
2136
"""
1878
2137
self.interface = interface
1879
2138
if use_ipv6:
1880
2139
self.address_family = socket.AF_INET6
2140
if socketfd is not None:
2141
# Save the file descriptor
2142
self.socketfd = socketfd
2143
# Save the original socket.socket() function
2144
self.socket_socket = socket.socket
2145
# To implement --socket, we monkey patch socket.socket.
2146
#
2147
# (When socketserver.TCPServer is a new-style class, we
2148
# could make self.socket into a property instead of monkey
2149
# patching socket.socket.)
2150
#
2151
# Create a one-time-only replacement for socket.socket()
2152
@functools.wraps(socket.socket)
2153
def socket_wrapper(*args, **kwargs):
2154
# Restore original function so subsequent calls are
2155
# not affected.
2156
socket.socket = self.socket_socket
2157
del self.socket_socket
2158
# This time only, return a new socket object from the
2159
# saved file descriptor.
2160
return socket.fromfd(self.socketfd, *args, **kwargs)
2161
# Replace socket.socket() function with wrapper
2162
socket.socket = socket_wrapper
2163
# The socketserver.TCPServer.__init__ will call
2164
# socket.socket(), which might be our replacement,
2165
# socket_wrapper(), if socketfd was set.
1881
2166
socketserver.TCPServer.__init__(self, server_address,
1882
2167
RequestHandlerClass)
2168
1883
2169
def server_bind(self):
1884
2170
"""This overrides the normal server_bind() function
1885
2171
to bind to an interface if one was specified, and also NOT to
1891
2177
self.interface)
1892
2178
else:
1893
2179
try:
1894
self.socket.setsockopt(socket.SOL_SOCKET,
1895
SO_BINDTODEVICE,
1896
str(self.interface
1897
+ '\0'))
2180
self.socket.setsockopt(
2181
socket.SOL_SOCKET, SO_BINDTODEVICE,
2182
(self.interface + "\0").encode("utf-8"))
1898
2183
except socket.error as error:
1899
if error[0] == errno.EPERM:
1900
logger.error("No permission to"
1901
" bind to interface %s",
1902
self.interface)
1903
elif error[0] == errno.ENOPROTOOPT:
2184
if error.errno == errno.EPERM:
2185
logger.error("No permission to bind to"
2186
" interface %s", self.interface)
2187
elif error.errno == errno.ENOPROTOOPT:
1904
2188
logger.error("SO_BINDTODEVICE not available;"
1905
2189
" cannot bind to interface %s",
1906
2190
self.interface)
2191
elif error.errno == errno.ENODEV:
2192
logger.error("Interface %s does not exist,"
2193
" cannot bind", self.interface)
1907
2194
else:
1908
2195
raise
1909
2196
# Only bind(2) the socket if we really need to.
1912
2199
if self.address_family == socket.AF_INET6:
1913
2200
any_address = "::" # in6addr_any
1914
2201
else:
1915
any_address = socket.INADDR_ANY
2202
any_address = "0.0.0.0" # INADDR_ANY
1916
2203
self.server_address = (any_address,
1917
2204
self.server_address[1])
1918
2205
elif not self.server_address[1]:
1919
self.server_address = (self.server_address[0],
1920
0)
2206
self.server_address = (self.server_address[0], 0)
1921
2207
# if self.interface:
1922
2208
# self.server_address = (self.server_address[0],
1923
2209
# 0, # port
1937
2223
1938
2224
Assumes a gobject.MainLoop event loop.
1939
2225
"""
2226
1940
2227
def __init__(self, server_address, RequestHandlerClass,
1941
interface=None, use_ipv6=True, clients=None,
1942
gnutls_priority=None, use_dbus=True):
2228
interface=None,
2229
use_ipv6=True,
2230
clients=None,
2231
gnutls_priority=None,
2232
use_dbus=True,
2233
socketfd=None):
1943
2234
self.enabled = False
1944
2235
self.clients = clients
1945
2236
if self.clients is None:
1949
2240
IPv6_TCPServer.__init__(self, server_address,
1950
2241
RequestHandlerClass,
1951
2242
interface = interface,
1952
use_ipv6 = use_ipv6)
2243
use_ipv6 = use_ipv6,
2244
socketfd = socketfd)
2245
1953
2246
def server_activate(self):
1954
2247
if self.enabled:
1955
2248
return socketserver.TCPServer.server_activate(self)
1959
2252
1960
2253
def add_pipe(self, parent_pipe, proc):
1961
2254
# Call "handle_ipc" for both data and EOF events
1962
gobject.io_add_watch(parent_pipe.fileno(),
1963
gobject.IO_IN | gobject.IO_HUP,
1964
functools.partial(self.handle_ipc,
1965
parent_pipe =
1966
parent_pipe,
1967
proc = proc))
2255
gobject.io_add_watch(
2256
parent_pipe.fileno(),
2257
gobject.IO_IN | gobject.IO_HUP,
2258
functools.partial(self.handle_ipc,
2259
parent_pipe = parent_pipe,
2260
proc = proc))
1968
2261
1969
def handle_ipc(self, source, condition, parent_pipe=None,
1970
proc = None, client_object=None):
1971
condition_names = {
1972
gobject.IO_IN: "IN", # There is data to read.
1973
gobject.IO_OUT: "OUT", # Data can be written (without
1974
# blocking).
1975
gobject.IO_PRI: "PRI", # There is urgent data to read.
1976
gobject.IO_ERR: "ERR", # Error condition.
1977
gobject.IO_HUP: "HUP" # Hung up (the connection has been
1978
# broken, usually for pipes and
1979
# sockets).
1980
}
1981
conditions_string = ' | '.join(name
1982
for cond, name in
1983
condition_names.iteritems()
1984
if cond & condition)
2262
def handle_ipc(self, source, condition,
2263
parent_pipe=None,
2264
proc = None,
2265
client_object=None):
1985
2266
# error, or the other end of multiprocessing.Pipe has closed
1986
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
2267
if condition & (gobject.IO_ERR | gobject.IO_HUP):
1987
2268
# Wait for other process to exit
1988
2269
proc.join()
1989
2270
return False
2010
2291
parent_pipe.send(False)
2011
2292
return False
2012
2293
2013
gobject.io_add_watch(parent_pipe.fileno(),
2014
gobject.IO_IN | gobject.IO_HUP,
2015
functools.partial(self.handle_ipc,
2016
parent_pipe =
2017
parent_pipe,
2018
proc = proc,
2019
client_object =
2020
client))
2294
gobject.io_add_watch(
2295
parent_pipe.fileno(),
2296
gobject.IO_IN | gobject.IO_HUP,
2297
functools.partial(self.handle_ipc,
2298
parent_pipe = parent_pipe,
2299
proc = proc,
2300
client_object = client))
2021
2301
parent_pipe.send(True)
2022
2302
# remove the old hook in favor of the new above hook on
2023
2303
# same fileno
2029
2309
2030
2310
parent_pipe.send(('data', getattr(client_object,
2031
2311
funcname)(*args,
2032
**kwargs)))
2312
**kwargs)))
2033
2313
2034
2314
if command == 'getattr':
2035
2315
attrname = request[1]
2036
if callable(client_object.__getattribute__(attrname)):
2037
parent_pipe.send(('function',))
2316
if isinstance(client_object.__getattribute__(attrname),
2317
collections.Callable):
2318
parent_pipe.send(('function', ))
2038
2319
else:
2039
parent_pipe.send(('data', client_object
2040
.__getattribute__(attrname)))
2320
parent_pipe.send((
2321
'data', client_object.__getattribute__(attrname)))
2041
2322
2042
2323
if command == 'setattr':
2043
2324
attrname = request[1]
2047
2328
return True
2048
2329
2049
2330
2331
def rfc3339_duration_to_delta(duration):
2332
"""Parse an RFC 3339 "duration" and return a datetime.timedelta
2333
2334
>>> rfc3339_duration_to_delta("P7D")
2335
datetime.timedelta(7)
2336
>>> rfc3339_duration_to_delta("PT60S")
2337
datetime.timedelta(0, 60)
2338
>>> rfc3339_duration_to_delta("PT60M")
2339
datetime.timedelta(0, 3600)
2340
>>> rfc3339_duration_to_delta("PT24H")
2341
datetime.timedelta(1)
2342
>>> rfc3339_duration_to_delta("P1W")
2343
datetime.timedelta(7)
2344
>>> rfc3339_duration_to_delta("PT5M30S")
2345
datetime.timedelta(0, 330)
2346
>>> rfc3339_duration_to_delta("P1DT3M20S")
2347
datetime.timedelta(1, 200)
2348
"""
2349
2350
# Parsing an RFC 3339 duration with regular expressions is not
2351
# possible - there would have to be multiple places for the same
2352
# values, like seconds. The current code, while more esoteric, is
2353
# cleaner without depending on a parsing library. If Python had a
2354
# built-in library for parsing we would use it, but we'd like to
2355
# avoid excessive use of external libraries.
2356
2357
# New type for defining tokens, syntax, and semantics all-in-one
2358
Token = collections.namedtuple("Token", (
2359
"regexp", # To match token; if "value" is not None, must have
2360
# a "group" containing digits
2361
"value", # datetime.timedelta or None
2362
"followers")) # Tokens valid after this token
2363
# RFC 3339 "duration" tokens, syntax, and semantics; taken from
2364
# the "duration" ABNF definition in RFC 3339, Appendix A.
2365
token_end = Token(re.compile(r"$"), None, frozenset())
2366
token_second = Token(re.compile(r"(\d+)S"),
2367
datetime.timedelta(seconds=1),
2368
frozenset((token_end, )))
2369
token_minute = Token(re.compile(r"(\d+)M"),
2370
datetime.timedelta(minutes=1),
2371
frozenset((token_second, token_end)))
2372
token_hour = Token(re.compile(r"(\d+)H"),
2373
datetime.timedelta(hours=1),
2374
frozenset((token_minute, token_end)))
2375
token_time = Token(re.compile(r"T"),
2376
None,
2377
frozenset((token_hour, token_minute,
2378
token_second)))
2379
token_day = Token(re.compile(r"(\d+)D"),
2380
datetime.timedelta(days=1),
2381
frozenset((token_time, token_end)))
2382
token_month = Token(re.compile(r"(\d+)M"),
2383
datetime.timedelta(weeks=4),
2384
frozenset((token_day, token_end)))
2385
token_year = Token(re.compile(r"(\d+)Y"),
2386
datetime.timedelta(weeks=52),
2387
frozenset((token_month, token_end)))
2388
token_week = Token(re.compile(r"(\d+)W"),
2389
datetime.timedelta(weeks=1),
2390
frozenset((token_end, )))
2391
token_duration = Token(re.compile(r"P"), None,
2392
frozenset((token_year, token_month,
2393
token_day, token_time,
2394
token_week)))
2395
# Define starting values
2396
value = datetime.timedelta() # Value so far
2397
found_token = None
2398
followers = frozenset((token_duration, )) # Following valid tokens
2399
s = duration # String left to parse
2400
# Loop until end token is found
2401
while found_token is not token_end:
2402
# Search for any currently valid tokens
2403
for token in followers:
2404
match = token.regexp.match(s)
2405
if match is not None:
2406
# Token found
2407
if token.value is not None:
2408
# Value found, parse digits
2409
factor = int(match.group(1), 10)
2410
# Add to value so far
2411
value += factor * token.value
2412
# Strip token from string
2413
s = token.regexp.sub("", s, 1)
2414
# Go to found token
2415
found_token = token
2416
# Set valid next tokens
2417
followers = found_token.followers
2418
break
2419
else:
2420
# No currently valid tokens were found
2421
raise ValueError("Invalid RFC 3339 duration: {!r}"
2422
.format(duration))
2423
# End token found
2424
return value
2425
2426
2050
2427
def string_to_delta(interval):
2051
2428
"""Parse a string and return a datetime.timedelta
2052
2429
2063
2440
>>> string_to_delta('5m 30s')
2064
2441
datetime.timedelta(0, 330)
2065
2442
"""
2443
2444
try:
2445
return rfc3339_duration_to_delta(interval)
2446
except ValueError:
2447
pass
2448
2066
2449
timevalue = datetime.timedelta(0)
2067
2450
for s in interval.split():
2068
2451
try:
2069
suffix = unicode(s[-1])
2452
suffix = s[-1]
2070
2453
value = int(s[:-1])
2071
2454
if suffix == "d":
2072
2455
delta = datetime.timedelta(value)
2079
2462
elif suffix == "w":
2080
2463
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
2081
2464
else:
2082
raise ValueError("Unknown suffix %r" % suffix)
2083
except (ValueError, IndexError) as e:
2465
raise ValueError("Unknown suffix {!r}".format(suffix))
2466
except IndexError as e:
2084
2467
raise ValueError(*(e.args))
2085
2468
timevalue += delta
2086
2469
return timevalue
2102
2485
null = os.open(os.devnull, os.O_NOCTTY | os.O_RDWR)
2103
2486
if not stat.S_ISCHR(os.fstat(null).st_mode):
2104
2487
raise OSError(errno.ENODEV,
2105
"%s not a character device"
2106
% os.devnull)
2488
"{} not a character device"
2489
.format(os.devnull))
2107
2490
os.dup2(null, sys.stdin.fileno())
2108
2491
os.dup2(null, sys.stdout.fileno())
2109
2492
os.dup2(null, sys.stderr.fileno())
2118
2501
2119
2502
parser = argparse.ArgumentParser()
2120
2503
parser.add_argument("-v", "--version", action="version",
2121
version = "%%(prog)s %s" % version,
2504
version = "%(prog)s {}".format(version),
2122
2505
help="show version number and exit")
2123
2506
parser.add_argument("-i", "--interface", metavar="IF",
2124
2507
help="Bind to interface IF")
2130
2513
help="Run self-test")
2131
2514
parser.add_argument("--debug", action="store_true",
2132
2515
help="Debug mode; run in foreground and log"
2133
" to terminal")
2516
" to terminal", default=None)
2134
2517
parser.add_argument("--debuglevel", metavar="LEVEL",
2135
2518
help="Debug level for stdout output")
2136
2519
parser.add_argument("--priority", help="GnuTLS"
2143
2526
" files")
2144
2527
parser.add_argument("--no-dbus", action="store_false",
2145
2528
dest="use_dbus", help="Do not provide D-Bus"
2146
" system bus interface")
2529
" system bus interface", default=None)
2147
2530
parser.add_argument("--no-ipv6", action="store_false",
2148
dest="use_ipv6", help="Do not use IPv6")
2531
dest="use_ipv6", help="Do not use IPv6",
2532
default=None)
2149
2533
parser.add_argument("--no-restore", action="store_false",
2150
2534
dest="restore", help="Do not restore stored"
2151
" state")
2535
" state", default=None)
2536
parser.add_argument("--socket", type=int,
2537
help="Specify a file descriptor to a network"
2538
" socket to use instead of creating one")
2152
2539
parser.add_argument("--statedir", metavar="DIR",
2153
2540
help="Directory to save/restore state in")
2541
parser.add_argument("--foreground", action="store_true",
2542
help="Run in foreground", default=None)
2543
parser.add_argument("--no-zeroconf", action="store_false",
2544
dest="zeroconf", help="Do not use Zeroconf",
2545
default=None)
2154
2546
2155
2547
options = parser.parse_args()
2156
2548
2157
2549
if options.check:
2158
2550
import doctest
2159
doctest.testmod()
2160
sys.exit()
2551
fail_count, test_count = doctest.testmod()
2552
sys.exit(os.EX_OK if fail_count == 0 else 1)
2161
2553
2162
2554
# Default values for config file for server-global settings
2163
2555
server_defaults = { "interface": "",
2165
2557
"port": "",
2166
2558
"debug": "False",
2167
2559
"priority":
2168
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
2560
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA"
2561
":+SIGN-DSA-SHA256",
2169
2562
"servicename": "Mandos",
2170
2563
"use_dbus": "True",
2171
2564
"use_ipv6": "True",
2172
2565
"debuglevel": "",
2173
2566
"restore": "True",
2174
"statedir": "/var/lib/mandos"
2175
}
2567
"socket": "",
2568
"statedir": "/var/lib/mandos",
2569
"foreground": "False",
2570
"zeroconf": "True",
2571
}
2176
2572
2177
2573
# Parse config file for server-global settings
2178
2574
server_config = configparser.SafeConfigParser(server_defaults)
2179
2575
del server_defaults
2180
server_config.read(os.path.join(options.configdir,
2181
"mandos.conf"))
2576
server_config.read(os.path.join(options.configdir, "mandos.conf"))
2182
2577
# Convert the SafeConfigParser object to a dict
2183
2578
server_settings = server_config.defaults()
2184
2579
# Use the appropriate methods on the non-string config options
2185
for option in ("debug", "use_dbus", "use_ipv6"):
2580
for option in ("debug", "use_dbus", "use_ipv6", "foreground"):
2186
2581
server_settings[option] = server_config.getboolean("DEFAULT",
2187
2582
option)
2188
2583
if server_settings["port"]:
2189
2584
server_settings["port"] = server_config.getint("DEFAULT",
2190
2585
"port")
2586
if server_settings["socket"]:
2587
server_settings["socket"] = server_config.getint("DEFAULT",
2588
"socket")
2589
# Later, stdin will, and stdout and stderr might, be dup'ed
2590
# over with an opened os.devnull. But we don't want this to
2591
# happen with a supplied network socket.
2592
if 0 <= server_settings["socket"] <= 2:
2593
server_settings["socket"] = os.dup(server_settings
2594
["socket"])
2191
2595
del server_config
2192
2596
2193
2597
# Override the settings from the config file with command line
2194
2598
# options, if set.
2195
2599
for option in ("interface", "address", "port", "debug",
2196
"priority", "servicename", "configdir",
2197
"use_dbus", "use_ipv6", "debuglevel", "restore",
2198
"statedir"):
2600
"priority", "servicename", "configdir", "use_dbus",
2601
"use_ipv6", "debuglevel", "restore", "statedir",
2602
"socket", "foreground", "zeroconf"):
2199
2603
value = getattr(options, option)
2200
2604
if value is not None:
2201
2605
server_settings[option] = value
2202
2606
del options
2203
2607
# Force all strings to be unicode
2204
2608
for option in server_settings.keys():
2205
if type(server_settings[option]) is str:
2206
server_settings[option] = unicode(server_settings[option])
2609
if isinstance(server_settings[option], bytes):
2610
server_settings[option] = (server_settings[option]
2611
.decode("utf-8"))
2612
# Force all boolean options to be boolean
2613
for option in ("debug", "use_dbus", "use_ipv6", "restore",
2614
"foreground", "zeroconf"):
2615
server_settings[option] = bool(server_settings[option])
2616
# Debug implies foreground
2617
if server_settings["debug"]:
2618
server_settings["foreground"] = True
2207
2619
# Now we have our good server settings in "server_settings"
2208
2620
2209
2621
##################################################################
2210
2622
2623
if (not server_settings["zeroconf"]
2624
and not (server_settings["port"]
2625
or server_settings["socket"] != "")):
2626
parser.error("Needs port or socket to work without Zeroconf")
2627
2211
2628
# For convenience
2212
2629
debug = server_settings["debug"]
2213
2630
debuglevel = server_settings["debuglevel"]
2215
2632
use_ipv6 = server_settings["use_ipv6"]
2216
2633
stored_state_path = os.path.join(server_settings["statedir"],
2217
2634
stored_state_file)
2635
foreground = server_settings["foreground"]
2636
zeroconf = server_settings["zeroconf"]
2218
2637
2219
2638
if debug:
2220
2639
initlogger(debug, logging.DEBUG)
2226
2645
initlogger(debug, level)
2227
2646
2228
2647
if server_settings["servicename"] != "Mandos":
2229
syslogger.setFormatter(logging.Formatter
2230
('Mandos (%s) [%%(process)d]:'
2231
' %%(levelname)s: %%(message)s'
2232
% server_settings["servicename"]))
2648
syslogger.setFormatter(
2649
logging.Formatter('Mandos ({}) [%(process)d]:'
2650
' %(levelname)s: %(message)s'.format(
2651
server_settings["servicename"])))
2233
2652
2234
2653
# Parse config file with clients
2235
2654
client_config = configparser.SafeConfigParser(Client
2240
2659
global mandos_dbus_service
2241
2660
mandos_dbus_service = None
2242
2661
2243
tcp_server = MandosServer((server_settings["address"],
2244
server_settings["port"]),
2245
ClientHandler,
2246
interface=(server_settings["interface"]
2247
or None),
2248
use_ipv6=use_ipv6,
2249
gnutls_priority=
2250
server_settings["priority"],
2251
use_dbus=use_dbus)
2252
if not debug:
2253
pidfilename = "/var/run/mandos.pid"
2662
socketfd = None
2663
if server_settings["socket"] != "":
2664
socketfd = server_settings["socket"]
2665
tcp_server = MandosServer(
2666
(server_settings["address"], server_settings["port"]),
2667
ClientHandler,
2668
interface=(server_settings["interface"] or None),
2669
use_ipv6=use_ipv6,
2670
gnutls_priority=server_settings["priority"],
2671
use_dbus=use_dbus,
2672
socketfd=socketfd)
2673
if not foreground:
2674
pidfilename = "/run/mandos.pid"
2675
if not os.path.isdir("/run/."):
2676
pidfilename = "/var/run/mandos.pid"
2677
pidfile = None
2254
2678
try:
2255
pidfile = open(pidfilename, "w")
2256
except IOError:
2257
logger.error("Could not open file %r", pidfilename)
2679
pidfile = codecs.open(pidfilename, "w", encoding="utf-8")
2680
except IOError as e:
2681
logger.error("Could not open file %r", pidfilename,
2682
exc_info=e)
2258
2683
2259
try:
2260
uid = pwd.getpwnam("_mandos").pw_uid
2261
gid = pwd.getpwnam("_mandos").pw_gid
2262
except KeyError:
2684
for name in ("_mandos", "mandos", "nobody"):
2263
2685
try:
2264
uid = pwd.getpwnam("mandos").pw_uid
2265
gid = pwd.getpwnam("mandos").pw_gid
2686
uid = pwd.getpwnam(name).pw_uid
2687
gid = pwd.getpwnam(name).pw_gid
2688
break
2266
2689
except KeyError:
2267
try:
2268
uid = pwd.getpwnam("nobody").pw_uid
2269
gid = pwd.getpwnam("nobody").pw_gid
2270
except KeyError:
2271
uid = 65534
2272
gid = 65534
2690
continue
2691
else:
2692
uid = 65534
2693
gid = 65534
2273
2694
try:
2274
2695
os.setgid(gid)
2275
2696
os.setuid(uid)
2276
2697
except OSError as error:
2277
if error[0] != errno.EPERM:
2278
raise error
2698
if error.errno != errno.EPERM:
2699
raise
2279
2700
2280
2701
if debug:
2281
2702
# Enable all possible GnuTLS debugging
2288
2709
def debug_gnutls(level, string):
2289
2710
logger.debug("GnuTLS: %s", string[:-1])
2290
2711
2291
(gnutls.library.functions
2292
.gnutls_global_set_log_function(debug_gnutls))
2712
gnutls.library.functions.gnutls_global_set_log_function(
2713
debug_gnutls)
2293
2714
2294
2715
# Redirect stdin so all checkers get /dev/null
2295
2716
null = os.open(os.devnull, os.O_NOCTTY | os.O_RDWR)
2298
2719
os.close(null)
2299
2720
2300
2721
# Need to fork before connecting to D-Bus
2301
if not debug:
2722
if not foreground:
2302
2723
# Close all input and output, do double fork, etc.
2303
2724
daemon()
2304
2725
2726
# multiprocessing will use threads, so before we use gobject we
2727
# need to inform gobject that threads will be used.
2305
2728
gobject.threads_init()
2306
2729
2307
2730
global main_loop
2313
2736
if use_dbus:
2314
2737
try:
2315
2738
bus_name = dbus.service.BusName("se.recompile.Mandos",
2316
bus, do_not_queue=True)
2317
old_bus_name = (dbus.service.BusName
2318
("se.bsnet.fukt.Mandos", bus,
2319
do_not_queue=True))
2320
except dbus.exceptions.NameExistsException as e:
2321
logger.error(unicode(e) + ", disabling D-Bus")
2739
bus,
2740
do_not_queue=True)
2741
old_bus_name = dbus.service.BusName(
2742
"se.bsnet.fukt.Mandos", bus,
2743
do_not_queue=True)
2744
except dbus.exceptions.DBusException as e:
2745
logger.error("Disabling D-Bus:", exc_info=e)
2322
2746
use_dbus = False
2323
2747
server_settings["use_dbus"] = False
2324
2748
tcp_server.use_dbus = False
2325
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2326
service = AvahiServiceToSyslog(name =
2327
server_settings["servicename"],
2328
servicetype = "_mandos._tcp",
2329
protocol = protocol, bus = bus)
2330
if server_settings["interface"]:
2331
service.interface = (if_nametoindex
2332
(str(server_settings["interface"])))
2749
if zeroconf:
2750
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2751
service = AvahiServiceToSyslog(
2752
name = server_settings["servicename"],
2753
servicetype = "_mandos._tcp",
2754
protocol = protocol,
2755
bus = bus)
2756
if server_settings["interface"]:
2757
service.interface = if_nametoindex(
2758
server_settings["interface"].encode("utf-8"))
2333
2759
2334
2760
global multiprocessing_manager
2335
2761
multiprocessing_manager = multiprocessing.Manager()
2336
2762
2337
2763
client_class = Client
2338
2764
if use_dbus:
2339
client_class = functools.partial(ClientDBusTransitional,
2340
bus = bus)
2765
client_class = functools.partial(ClientDBus, bus = bus)
2341
2766
2342
2767
client_settings = Client.config_parser(client_config)
2343
2768
old_client_settings = {}
2344
2769
clients_data = {}
2345
2770
2771
# This is used to redirect stdout and stderr for checker processes
2772
global wnull
2773
wnull = open(os.devnull, "w") # A writable /dev/null
2774
# Only used if server is running in foreground but not in debug
2775
# mode
2776
if debug or not foreground:
2777
wnull.close()
2778
2346
2779
# Get client data and settings from last running state.
2347
2780
if server_settings["restore"]:
2348
2781
try:
2349
2782
with open(stored_state_path, "rb") as stored_state:
2350
clients_data, old_client_settings = (pickle.load
2351
(stored_state))
2783
clients_data, old_client_settings = pickle.load(
2784
stored_state)
2352
2785
os.remove(stored_state_path)
2353
2786
except IOError as e:
2354
logger.warning("Could not load persistent state: {0}"
2355
.format(e))
2356
if e.errno != errno.ENOENT:
2787
if e.errno == errno.ENOENT:
2788
logger.warning("Could not load persistent state:"
2789
" {}".format(os.strerror(e.errno)))
2790
else:
2791
logger.critical("Could not load persistent state:",
2792
exc_info=e)
2357
2793
raise
2358
2794
except EOFError as e:
2359
2795
logger.warning("Could not load persistent state: "
2360
"EOFError: {0}".format(e))
2796
"EOFError:",
2797
exc_info=e)
2361
2798
2362
2799
with PGPEngine() as pgp:
2363
for client_name, client in clients_data.iteritems():
2800
for client_name, client in clients_data.items():
2801
# Skip removed clients
2802
if client_name not in client_settings:
2803
continue
2804
2364
2805
# Decide which value to use after restoring saved state.
2365
2806
# We have three different values: Old config file,
2366
2807
# new config file, and saved state.
2371
2812
# For each value in new config, check if it
2372
2813
# differs from the old config value (Except for
2373
2814
# the "secret" attribute)
2374
if (name != "secret" and
2375
value != old_client_settings[client_name]
2376
[name]):
2815
if (name != "secret"
2816
and (value !=
2817
old_client_settings[client_name][name])):
2377
2818
client[name] = value
2378
2819
except KeyError:
2379
2820
pass
2380
2821
2381
2822
# Clients who has passed its expire date can still be
2382
# enabled if its last checker was successful. Clients
2823
# enabled if its last checker was successful. A Client
2383
2824
# whose checker succeeded before we stored its state is
2384
2825
# assumed to have successfully run all checkers during
2385
2826
# downtime.
2387
2828
if datetime.datetime.utcnow() >= client["expires"]:
2388
2829
if not client["last_checked_ok"]:
2389
2830
logger.warning(
2390
"disabling client {0} - Client never "
2391
"performed a successful checker"
2392
.format(client_name))
2831
"disabling client {} - Client never "
2832
"performed a successful checker".format(
2833
client_name))
2393
2834
client["enabled"] = False
2394
2835
elif client["last_checker_status"] != 0:
2395
2836
logger.warning(
2396
"disabling client {0} - Client "
2397
"last checker failed with error code {1}"
2398
.format(client_name,
2399
client["last_checker_status"]))
2837
"disabling client {} - Client last"
2838
" checker failed with error code"
2839
" {}".format(
2840
client_name,
2841
client["last_checker_status"]))
2400
2842
client["enabled"] = False
2401
2843
else:
2402
client["expires"] = (datetime.datetime
2403
.utcnow()
2404
+ client["timeout"])
2844
client["expires"] = (
2845
datetime.datetime.utcnow()
2846
+ client["timeout"])
2405
2847
logger.debug("Last checker succeeded,"
2406
" keeping {0} enabled"
2407
.format(client_name))
2848
" keeping {} enabled".format(
2849
client_name))
2408
2850
try:
2409
client["secret"] = (
2410
pgp.decrypt(client["encrypted_secret"],
2411
client_settings[client_name]
2412
["secret"]))
2851
client["secret"] = pgp.decrypt(
2852
client["encrypted_secret"],
2853
client_settings[client_name]["secret"])
2413
2854
except PGPError:
2414
2855
# If decryption fails, we use secret from new settings
2415
logger.debug("Failed to decrypt {0} old secret"
2416
.format(client_name))
2417
client["secret"] = (
2418
client_settings[client_name]["secret"])
2419
2856
logger.debug("Failed to decrypt {} old secret".format(
2857
client_name))
2858
client["secret"] = (client_settings[client_name]
2859
["secret"])
2420
2860
2421
2861
# Add/remove clients based on new changes made to config
2422
2862
for client_name in (set(old_client_settings)
2425
2865
for client_name in (set(client_settings)
2426
2866
- set(old_client_settings)):
2427
2867
clients_data[client_name] = client_settings[client_name]
2428
2868
2429
2869
# Create all client objects
2430
for client_name, client in clients_data.iteritems():
2870
for client_name, client in clients_data.items():
2431
2871
tcp_server.clients[client_name] = client_class(
2432
name = client_name, settings = client)
2872
name = client_name,
2873
settings = client,
2874
server_settings = server_settings)
2433
2875
2434
2876
if not tcp_server.clients:
2435
2877
logger.warning("No clients defined")
2436
2437
if not debug:
2438
try:
2439
with pidfile:
2440
pid = os.getpid()
2441
pidfile.write(str(pid) + "\n".encode("utf-8"))
2442
del pidfile
2443
except IOError:
2444
logger.error("Could not write to file %r with PID %d",
2445
pidfilename, pid)
2446
except NameError:
2447
# "pidfile" was never created
2448
pass
2878
2879
if not foreground:
2880
if pidfile is not None:
2881
pid = os.getpid()
2882
try:
2883
with pidfile:
2884
print(pid, file=pidfile)
2885
except IOError:
2886
logger.error("Could not write to file %r with PID %d",
2887
pidfilename, pid)
2888
del pidfile
2449
2889
del pidfilename
2450
signal.signal(signal.SIGINT, signal.SIG_IGN)
2451
2890
2452
2891
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
2453
2892
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
2454
2893
2455
2894
if use_dbus:
2456
class MandosDBusService(DBusObjectWithProperties):
2895
2896
@alternate_dbus_interfaces(
2897
{ "se.recompile.Mandos": "se.bsnet.fukt.Mandos" })
2898
class MandosDBusService(DBusObjectWithObjectManager):
2457
2899
"""A D-Bus proxy object"""
2900
2458
2901
def __init__(self):
2459
2902
dbus.service.Object.__init__(self, bus, "/")
2903
2460
2904
_interface = "se.recompile.Mandos"
2461
2905
2462
@dbus_interface_annotations(_interface)
2463
def _foo(self):
2464
return { "org.freedesktop.DBus.Property"
2465
".EmitsChangedSignal":
2466
"false"}
2467
2468
2906
@dbus.service.signal(_interface, signature="o")
2469
2907
def ClientAdded(self, objpath):
2470
2908
"D-Bus signal"
2475
2913
"D-Bus signal"
2476
2914
pass
2477
2915
2916
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
2917
"true"})
2478
2918
@dbus.service.signal(_interface, signature="os")
2479
2919
def ClientRemoved(self, objpath, name):
2480
2920
"D-Bus signal"
2481
2921
pass
2482
2922
2923
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
2924
"true"})
2483
2925
@dbus.service.method(_interface, out_signature="ao")
2484
2926
def GetAllClients(self):
2485
2927
"D-Bus method"
2486
return dbus.Array(c.dbus_object_path
2487
for c in
2928
return dbus.Array(c.dbus_object_path for c in
2488
2929
tcp_server.clients.itervalues())
2489
2930
2931
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
2932
"true"})
2490
2933
@dbus.service.method(_interface,
2491
2934
out_signature="a{oa{sv}}")
2492
2935
def GetAllClientsWithProperties(self):
2493
2936
"D-Bus method"
2494
2937
return dbus.Dictionary(
2495
((c.dbus_object_path, c.GetAll(""))
2496
for c in tcp_server.clients.itervalues()),
2938
{ c.dbus_object_path: c.GetAll(
2939
"se.recompile.Mandos.Client")
2940
for c in tcp_server.clients.itervalues() },
2497
2941
signature="oa{sv}")
2498
2942
2499
2943
@dbus.service.method(_interface, in_signature="o")
2503
2947
if c.dbus_object_path == object_path:
2504
2948
del tcp_server.clients[c.name]
2505
2949
c.remove_from_connection()
2506
# Don't signal anything except ClientRemoved
2950
# Don't signal the disabling
2507
2951
c.disable(quiet=True)
2508
# Emit D-Bus signal
2509
self.ClientRemoved(object_path, c.name)
2952
# Emit D-Bus signal for removal
2953
self.client_removed_signal(c)
2510
2954
return
2511
2955
raise KeyError(object_path)
2512
2956
2513
2957
del _interface
2958
2959
@dbus.service.method(dbus.OBJECT_MANAGER_IFACE,
2960
out_signature = "a{oa{sa{sv}}}")
2961
def GetManagedObjects(self):
2962
"""D-Bus method"""
2963
return dbus.Dictionary(
2964
{ client.dbus_object_path:
2965
dbus.Dictionary(
2966
{ interface: client.GetAll(interface)
2967
for interface in
2968
client._get_all_interface_names()})
2969
for client in tcp_server.clients.values()})
2970
2971
def client_added_signal(self, client):
2972
"""Send the new standard signal and the old signal"""
2973
if use_dbus:
2974
# New standard signal
2975
self.InterfacesAdded(
2976
client.dbus_object_path,
2977
dbus.Dictionary(
2978
{ interface: client.GetAll(interface)
2979
for interface in
2980
client._get_all_interface_names()}))
2981
# Old signal
2982
self.ClientAdded(client.dbus_object_path)
2983
2984
def client_removed_signal(self, client):
2985
"""Send the new standard signal and the old signal"""
2986
if use_dbus:
2987
# New standard signal
2988
self.InterfacesRemoved(
2989
client.dbus_object_path,
2990
client._get_all_interface_names())
2991
# Old signal
2992
self.ClientRemoved(client.dbus_object_path,
2993
client.name)
2514
2994
2515
class MandosDBusServiceTransitional(MandosDBusService):
2516
__metaclass__ = AlternateDBusNamesMetaclass
2517
mandos_dbus_service = MandosDBusServiceTransitional()
2995
mandos_dbus_service = MandosDBusService()
2518
2996
2519
2997
def cleanup():
2520
2998
"Cleanup function; run on exit"
2521
service.cleanup()
2999
if zeroconf:
3000
service.cleanup()
2522
3001
2523
3002
multiprocessing.active_children()
3003
wnull.close()
2524
3004
if not (tcp_server.clients or client_settings):
2525
3005
return
2526
3006
2537
3017
2538
3018
# A list of attributes that can not be pickled
2539
3019
# + secret.
2540
exclude = set(("bus", "changedstate", "secret",
2541
"checker"))
2542
for name, typ in (inspect.getmembers
2543
(dbus.service.Object)):
3020
exclude = { "bus", "changedstate", "secret",
3021
"checker", "server_settings" }
3022
for name, typ in inspect.getmembers(dbus.service
3023
.Object):
2544
3024
exclude.add(name)
2545
3025
2546
3026
client_dict["encrypted_secret"] = (client
2553
3033
del client_settings[client.name]["secret"]
2554
3034
2555
3035
try:
2556
tempfd, tempname = tempfile.mkstemp(suffix=".pickle",
2557
prefix="clients-",
2558
dir=os.path.dirname
2559
(stored_state_path))
2560
with os.fdopen(tempfd, "wb") as stored_state:
3036
with tempfile.NamedTemporaryFile(
3037
mode='wb',
3038
suffix=".pickle",
3039
prefix='clients-',
3040
dir=os.path.dirname(stored_state_path),
3041
delete=False) as stored_state:
2561
3042
pickle.dump((clients, client_settings), stored_state)
3043
tempname = stored_state.name
2562
3044
os.rename(tempname, stored_state_path)
2563
3045
except (IOError, OSError) as e:
2564
logger.warning("Could not save persistent state: {0}"
2565
.format(e))
2566
3046
if not debug:
2567
3047
try:
2568
3048
os.remove(tempname)
2569
3049
except NameError:
2570
3050
pass
2571
if e.errno not in set((errno.ENOENT, errno.EACCES,
2572
errno.EEXIST)):
2573
raise e
3051
if e.errno in (errno.ENOENT, errno.EACCES, errno.EEXIST):
3052
logger.warning("Could not save persistent state: {}"
3053
.format(os.strerror(e.errno)))
3054
else:
3055
logger.warning("Could not save persistent state:",
3056
exc_info=e)
3057
raise
2574
3058
2575
3059
# Delete all clients, and settings from config
2576
3060
while tcp_server.clients:
2577
3061
name, client = tcp_server.clients.popitem()
2578
3062
if use_dbus:
2579
3063
client.remove_from_connection()
2580
# Don't signal anything except ClientRemoved
3064
# Don't signal the disabling
2581
3065
client.disable(quiet=True)
2582
if use_dbus:
2583
# Emit D-Bus signal
2584
mandos_dbus_service.ClientRemoved(client
2585
.dbus_object_path,
2586
client.name)
3066
# Emit D-Bus signal for removal
3067
mandos_dbus_service.client_removed_signal(client)
2587
3068
client_settings.clear()
2588
3069
2589
3070
atexit.register(cleanup)
2590
3071
2591
3072
for client in tcp_server.clients.itervalues():
2592
3073
if use_dbus:
2593
# Emit D-Bus signal
2594
mandos_dbus_service.ClientAdded(client.dbus_object_path)
3074
# Emit D-Bus signal for adding
3075
mandos_dbus_service.client_added_signal(client)
2595
3076
# Need to initiate checking of clients
2596
3077
if client.enabled:
2597
3078
client.init_checker()
2600
3081
tcp_server.server_activate()
2601
3082
2602
3083
# Find out what port we got
2603
service.port = tcp_server.socket.getsockname()[1]
3084
if zeroconf:
3085
service.port = tcp_server.socket.getsockname()[1]
2604
3086
if use_ipv6:
2605
3087
logger.info("Now listening on address %r, port %d,"
2606
" flowinfo %d, scope_id %d"
2607
% tcp_server.socket.getsockname())
3088
" flowinfo %d, scope_id %d",
3089
*tcp_server.socket.getsockname())
2608
3090
else: # IPv4
2609
logger.info("Now listening on address %r, port %d"
2610
% tcp_server.socket.getsockname())
3091
logger.info("Now listening on address %r, port %d",
3092
*tcp_server.socket.getsockname())
2611
3093
2612
3094
#service.interface = tcp_server.socket.getsockname()[3]
2613
3095
2614
3096
try:
2615
# From the Avahi example code
2616
try:
2617
service.activate()
2618
except dbus.exceptions.DBusException as error:
2619
logger.critical("DBusException: %s", error)
2620
cleanup()
2621
sys.exit(1)
2622
# End of Avahi example code
3097
if zeroconf:
3098
# From the Avahi example code
3099
try:
3100
service.activate()
3101
except dbus.exceptions.DBusException as error:
3102
logger.critical("D-Bus Exception", exc_info=error)
3103
cleanup()
3104
sys.exit(1)
3105
# End of Avahi example code
2623
3106
2624
3107
gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,
2625
3108
lambda *args, **kwargs:
2629
3112
logger.debug("Starting main loop")
2630
3113
main_loop.run()
2631
3114
except AvahiError as error:
2632
logger.critical("AvahiError: %s", error)
3115
logger.critical("Avahi Error", exc_info=error)
2633
3116
cleanup()
2634
3117
sys.exit(1)
2635
3118
except KeyboardInterrupt:
2640
3123
# Must run before the D-Bus bus name gets deregistered
2641
3124
cleanup()
2642
3125
3126
2643
3127
if __name__ == '__main__':
2644
3128
main()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0