/mandos/release : revision 237.7.47

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos

Committer: Teddy Hogeborn
Date: 2011-09-19 09:25:06 UTC
mto: (24.1.183 mandos) (237.12.2 mandos-persistent) (299.1.1 release) (300.1.1 release) (301.1.1 release)
mto: This revision was merged to the branch mainline in revision 286.
Revision ID: teddy@fukt.bsnet.se-20110919092506-klwkjwizzdnza2il

* clients.conf ([DEFAULT]/timeout): Changed default value to "5m".
  ([DEFAULT]/interval): Changed default value to "2m".
  ([DEFAULT]/extenden_timeout): New.
  ([bar]/interval): Changed to "1m".

files added:
intro.xml

files modified:
DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.postrm

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos

# "AvahiService" class, and some lines in "main".

# Everything else is

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

import SocketServer as socketserver

import socket

import optparse

import argparse

import datetime

import errno

import gnutls.crypto

SO_BINDTODEVICE = None

version = "1.2.3"

version = "1.3.1"

#logger = logging.getLogger('mandos')

logger = logging.Logger('mandos')

151

self.group = None # our entry group

152

self.server = None

153

self.bus = bus

154

self.entry_group_state_changed_match = None

154

155

def rename(self):

155

156

"""Derived from the Avahi example code"""

156

157

if self.rename_count >= self.max_renames:

168

169

self.remove()

169

170

try:

170

171

self.add()

171

except dbus.exceptions.DBusException, error:

172

except dbus.exceptions.DBusException as error:

172

173

logger.critical("DBusException: %s", error)

173

174

self.cleanup()

174

175

os._exit(1)

175

176

self.rename_count += 1

176

177

def remove(self):

177

178

"""Derived from the Avahi example code"""

179

if self.entry_group_state_changed_match is not None:

180

self.entry_group_state_changed_match.remove()

181

self.entry_group_state_changed_match = None

178

182

if self.group is not None:

179

183

self.group.Reset()

180

184

def add(self):

181

185

"""Derived from the Avahi example code"""

186

self.remove()

182

187

if self.group is None:

183

188

self.group = dbus.Interface(

184

189

self.bus.get_object(avahi.DBUS_NAME,

185

190

self.server.EntryGroupNew()),

186

191

avahi.DBUS_INTERFACE_ENTRY_GROUP)

187

self.group.connect_to_signal('StateChanged',

188

self

189

.entry_group_state_changed)

192

self.entry_group_state_changed_match = (

193

self.group.connect_to_signal(

194

'StateChanged', self .entry_group_state_changed))

190

195

logger.debug("Adding Zeroconf service '%s' of type '%s' ...",

191

196

self.name, self.type)

192

197

self.group.AddService(

215

220

def cleanup(self):

216

221

"""Derived from the Avahi example code"""

217

222

if self.group is not None:

218

self.group.Free()

223

try:

224

self.group.Free()

225

except (dbus.exceptions.UnknownMethodException,

226

dbus.exceptions.DBusException) as e:

227

pass

219

228

self.group = None

220

def server_state_changed(self, state):

229

self.remove()

230

def server_state_changed(self, state, error=None):

221

231

"""Derived from the Avahi example code"""

222

232

logger.debug("Avahi server state change: %i", state)

223

if state == avahi.SERVER_COLLISION:

224

logger.error("Zeroconf server name collision")

225

self.remove()

233

bad_states = { avahi.SERVER_INVALID:

234

"Zeroconf server invalid",

235

avahi.SERVER_REGISTERING: None,

236

avahi.SERVER_COLLISION:

237

"Zeroconf server name collision",

238

avahi.SERVER_FAILURE:

239

"Zeroconf server failure" }

240

if state in bad_states:

241

if bad_states[state] is not None:

242

if error is None:

243

logger.error(bad_states[state])

244

else:

245

logger.error(bad_states[state] + ": %r", error)

246

self.cleanup()

226

247

elif state == avahi.SERVER_RUNNING:

227

248

self.add()

249

else:

250

if error is None:

251

logger.debug("Unknown state: %r", state)

252

else:

253

logger.debug("Unknown state: %r: %r", state, error)

228

254

def activate(self):

229

255

"""Derived from the Avahi example code"""

230

256

if self.server is None:

231

257

self.server = dbus.Interface(

232

258

self.bus.get_object(avahi.DBUS_NAME,

233

avahi.DBUS_PATH_SERVER),

259

avahi.DBUS_PATH_SERVER,

260

follow_name_owner_changes=True),

234

261

avahi.DBUS_INTERFACE_SERVER)

235

262

self.server.connect_to_signal("StateChanged",

236

263

self.server_state_changed)

270

297

secret: bytestring; sent verbatim (over TLS) to client

271

298

timeout: datetime.timedelta(); How long from last_checked_ok

272

299

until this client is disabled

300

extended_timeout: extra long timeout when password has been sent

273

301

runtime_expansions: Allowed attributes for runtime expansion.

302

expires: datetime.datetime(); time (UTC) when a client will be

303

disabled, or None

274

304

"""

275

305

276

306

runtime_expansions = ("approval_delay", "approval_duration",

288

318

def timeout_milliseconds(self):

289

319

"Return the 'timeout' attribute in milliseconds"

290

320

return self._timedelta_to_milliseconds(self.timeout)

321

322

def extended_timeout_milliseconds(self):

323

"Return the 'extended_timeout' attribute in milliseconds"

324

return self._timedelta_to_milliseconds(self.extended_timeout)

291

325

292

326

def interval_milliseconds(self):

293

327

"Return the 'interval' attribute in milliseconds"

327

361

self.last_enabled = None

328

362

self.last_checked_ok = None

329

363

self.timeout = string_to_delta(config["timeout"])

364

self.extended_timeout = string_to_delta(config["extended_timeout"])

330

365

self.interval = string_to_delta(config["interval"])

331

366

self.disable_hook = disable_hook

332

367

self.checker = None

333

368

self.checker_initiator_tag = None

334

369

self.disable_initiator_tag = None

370

self.expires = None

335

371

self.checker_callback_tag = None

336

372

self.checker_command = config["checker"]

337

373

self.current_checker_command = None

364

400

(self.interval_milliseconds(),

365

401

self.start_checker))

366

402

# Schedule a disable() when 'timeout' has passed

403

self.expires = datetime.datetime.utcnow() + self.timeout

367

404

self.disable_initiator_tag = (gobject.timeout_add

368

405

(self.timeout_milliseconds(),

369

406

self.disable))

382

419

if getattr(self, "disable_initiator_tag", False):

383

420

gobject.source_remove(self.disable_initiator_tag)

384

421

self.disable_initiator_tag = None

422

self.expires = None

385

423

if getattr(self, "checker_initiator_tag", False):

386

424

gobject.source_remove(self.checker_initiator_tag)

387

425

self.checker_initiator_tag = None

413

451

logger.warning("Checker for %(name)s crashed?",

414

452

vars(self))

415

453

416

def checked_ok(self):

454

def checked_ok(self, timeout=None):

417

455

"""Bump up the timeout for this client.

418

456

419

457

This should only be called when the client has been seen,

420

458

alive and well.

421

459

"""

460

if timeout is None:

461

timeout = self.timeout

422

462

self.last_checked_ok = datetime.datetime.utcnow()

423

463

gobject.source_remove(self.disable_initiator_tag)

464

self.expires = datetime.datetime.utcnow() + timeout

424

465

self.disable_initiator_tag = (gobject.timeout_add

425

(self.timeout_milliseconds(),

466

(self._timedelta_to_milliseconds(timeout),

426

467

self.disable))

427

468

428

469

def need_approval(self):

445

486

# If a checker exists, make sure it is not a zombie

446

487

try:

447

488

pid, status = os.waitpid(self.checker.pid, os.WNOHANG)

448

except (AttributeError, OSError), error:

489

except (AttributeError, OSError) as error:

449

490

if (isinstance(error, OSError)

450

491

and error.errno != errno.ECHILD):

451

492

raise error

472

513

473

514

try:

474

515

command = self.checker_command % escaped_attrs

475

except TypeError, error:

516

except TypeError as error:

476

517

logger.error('Could not format string "%s":'

477

518

' %s', self.checker_command, error)

478

519

return True # Try again later

497

538

if pid:

498

539

gobject.source_remove(self.checker_callback_tag)

499

540

self.checker_callback(pid, status, command)

500

except OSError, error:

541

except OSError as error:

501

542

logger.error("Failed to start subprocess: %s",

502

543

error)

503

544

# Re-run this periodically if run by gobject.timeout_add

516

557

#time.sleep(0.5)

517

558

#if self.checker.poll() is None:

518

559

# os.kill(self.checker.pid, signal.SIGKILL)

519

except OSError, error:

560

except OSError as error:

520

561

if error.errno != errno.ESRCH: # No such process

521

562

raise

522

563

self.checker = None

704

745

xmlstring = document.toxml("utf-8")

705

746

document.unlink()

706

747

except (AttributeError, xml.dom.DOMException,

707

xml.parsers.expat.ExpatError), error:

748

xml.parsers.expat.ExpatError) as error:

708

749

logger.error("Failed to override Introspection method",

709

750

error)

710

751

return xmlstring

736

777

("/clients/" + client_object_name))

737

778

DBusObjectWithProperties.__init__(self, self.bus,

738

779

self.dbus_object_path)

780

def _set_expires(self, value):

781

old_value = getattr(self, "_expires", None)

782

self._expires = value

783

if hasattr(self, "dbus_object_path") and old_value != value:

784

dbus_time = (self._datetime_to_dbus(self._expires,

785

variant_level=1))

786

self.PropertyChanged(dbus.String("Expires"),

787

dbus_time)

788

expires = property(lambda self: self._expires, _set_expires)

789

del _set_expires

739

790

740

791

def _get_approvals_pending(self):

741

792

return self._approvals_pending

756

807

@staticmethod

757

808

def _datetime_to_dbus(dt, variant_level=0):

758

809

"""Convert a UTC datetime.datetime() to a D-Bus type."""

810

if dt is None:

811

return dbus.String("", variant_level = variant_level)

759

812

return dbus.String(dt.isoformat(),

760

813

variant_level=variant_level)

761

814

813

866

*args, **kwargs)

814

867

815

868

def checked_ok(self, *args, **kwargs):

816

r = Client.checked_ok(self, *args, **kwargs)

869

Client.checked_ok(self, *args, **kwargs)

817

870

# Emit D-Bus signal

818

871

self.PropertyChanged(

819

872

dbus.String("LastCheckedOK"),

820

873

(self._datetime_to_dbus(self.last_checked_ok,

821

874

variant_level=1)))

822

return r

823

875

824

876

def need_approval(self, *args, **kwargs):

825

877

r = Client.need_approval(self, *args, **kwargs)

922

974

# CheckedOK - method

923

975

@dbus.service.method(_interface)

924

976

def CheckedOK(self):

925

return self.checked_ok()

977

self.checked_ok()

926

978

927

979

# Enable - method

928

980

@dbus.service.method(_interface)

960

1012

def ApprovedByDefault_dbus_property(self, value=None):

961

1013

if value is None: # get

962

1014

return dbus.Boolean(self.approved_by_default)

1015

old_value = self.approved_by_default

963

1016

self.approved_by_default = bool(value)

964

1017

# Emit D-Bus signal

965

self.PropertyChanged(dbus.String("ApprovedByDefault"),

966

dbus.Boolean(value, variant_level=1))

1018

if old_value != self.approved_by_default:

1019

self.PropertyChanged(dbus.String("ApprovedByDefault"),

1020

dbus.Boolean(value, variant_level=1))

967

1021

968

1022

# ApprovalDelay - property

969

1023

@dbus_service_property(_interface, signature="t",

971

1025

def ApprovalDelay_dbus_property(self, value=None):

972

1026

if value is None: # get

973

1027

return dbus.UInt64(self.approval_delay_milliseconds())

1028

old_value = self.approval_delay

974

1029

self.approval_delay = datetime.timedelta(0, 0, 0, value)

975

1030

# Emit D-Bus signal

976

self.PropertyChanged(dbus.String("ApprovalDelay"),

977

dbus.UInt64(value, variant_level=1))

1031

if old_value != self.approval_delay:

1032

self.PropertyChanged(dbus.String("ApprovalDelay"),

1033

dbus.UInt64(value, variant_level=1))

978

1034

979

1035

# ApprovalDuration - property

980

1036

@dbus_service_property(_interface, signature="t",

983

1039

if value is None: # get

984

1040

return dbus.UInt64(self._timedelta_to_milliseconds(

985

1041

self.approval_duration))

1042

old_value = self.approval_duration

986

1043

self.approval_duration = datetime.timedelta(0, 0, 0, value)

987

1044

# Emit D-Bus signal

988

self.PropertyChanged(dbus.String("ApprovalDuration"),

989

dbus.UInt64(value, variant_level=1))

1045

if old_value != self.approval_duration:

1046

self.PropertyChanged(dbus.String("ApprovalDuration"),

1047

dbus.UInt64(value, variant_level=1))

990

1048

991

1049

# Name - property

992

1050

@dbus_service_property(_interface, signature="s", access="read")

1004

1062

def Host_dbus_property(self, value=None):

1005

1063

if value is None: # get

1006

1064

return dbus.String(self.host)

1065

old_value = self.host

1007

1066

self.host = value

1008

1067

# Emit D-Bus signal

1009

self.PropertyChanged(dbus.String("Host"),

1010

dbus.String(value, variant_level=1))

1068

if old_value != self.host:

1069

self.PropertyChanged(dbus.String("Host"),

1070

dbus.String(value, variant_level=1))

1011

1071

1012

1072

# Created - property

1013

1073

@dbus_service_property(_interface, signature="s", access="read")

1017

1077

# LastEnabled - property

1018

1078

@dbus_service_property(_interface, signature="s", access="read")

1019

1079

def LastEnabled_dbus_property(self):

1020

if self.last_enabled is None:

1021

return dbus.String("")

1022

return dbus.String(self._datetime_to_dbus(self.last_enabled))

1080

return self._datetime_to_dbus(self.last_enabled)

1023

1081

1024

1082

# Enabled - property

1025

1083

@dbus_service_property(_interface, signature="b",

1039

1097

if value is not None:

1040

1098

self.checked_ok()

1041

1099

return

1042

if self.last_checked_ok is None:

1043

return dbus.String("")

1044

return dbus.String(self._datetime_to_dbus(self

1045

.last_checked_ok))

1100

return self._datetime_to_dbus(self.last_checked_ok)

1101

1102

# Expires - property

1103

@dbus_service_property(_interface, signature="s", access="read")

1104

def Expires_dbus_property(self):

1105

return self._datetime_to_dbus(self.expires)

1046

1106

1047

1107

# LastApprovalRequest - property

1048

1108

@dbus_service_property(_interface, signature="s", access="read")

1049

1109

def LastApprovalRequest_dbus_property(self):

1050

if self.last_approval_request is None:

1051

return dbus.String("")

1052

return dbus.String(self.

1053

_datetime_to_dbus(self

1054

.last_approval_request))

1110

return self._datetime_to_dbus(self.last_approval_request)

1055

1111

1056

1112

# Timeout - property

1057

1113

@dbus_service_property(_interface, signature="t",

1059

1115

def Timeout_dbus_property(self, value=None):

1060

1116

if value is None: # get

1061

1117

return dbus.UInt64(self.timeout_milliseconds())

1118

old_value = self.timeout

1062

1119

self.timeout = datetime.timedelta(0, 0, 0, value)

1063

1120

# Emit D-Bus signal

1064

self.PropertyChanged(dbus.String("Timeout"),

1065

dbus.UInt64(value, variant_level=1))

1121

if old_value != self.timeout:

1122

self.PropertyChanged(dbus.String("Timeout"),

1123

dbus.UInt64(value, variant_level=1))

1066

1124

if getattr(self, "disable_initiator_tag", None) is None:

1067

1125

return

1068

1126

# Reschedule timeout

1069

1127

gobject.source_remove(self.disable_initiator_tag)

1070

1128

self.disable_initiator_tag = None

1129

self.expires = None

1071

1130

time_to_die = (self.

1072

1131

_timedelta_to_milliseconds((self

1073

1132

.last_checked_ok

1078

1137

# The timeout has passed

1079

1138

self.disable()

1080

1139

else:

1140

self.expires = (datetime.datetime.utcnow()

1141

+ datetime.timedelta(milliseconds = time_to_die))

1081

1142

self.disable_initiator_tag = (gobject.timeout_add

1082

1143

(time_to_die, self.disable))

1083

1144

1145

# ExtendedTimeout - property

1146

@dbus_service_property(_interface, signature="t",

1147

access="readwrite")

1148

def ExtendedTimeout_dbus_property(self, value=None):

1149

if value is None: # get

1150

return dbus.UInt64(self.extended_timeout_milliseconds())

1151

old_value = self.extended_timeout

1152

self.extended_timeout = datetime.timedelta(0, 0, 0, value)

1153

# Emit D-Bus signal

1154

if old_value != self.extended_timeout:

1155

self.PropertyChanged(dbus.String("ExtendedTimeout"),

1156

dbus.UInt64(value, variant_level=1))

1157

1084

1158

# Interval - property

1085

1159

@dbus_service_property(_interface, signature="t",

1086

1160

access="readwrite")

1087

1161

def Interval_dbus_property(self, value=None):

1088

1162

if value is None: # get

1089

1163

return dbus.UInt64(self.interval_milliseconds())

1164

old_value = self.interval

1090

1165

self.interval = datetime.timedelta(0, 0, 0, value)

1091

1166

# Emit D-Bus signal

1092

self.PropertyChanged(dbus.String("Interval"),

1093

dbus.UInt64(value, variant_level=1))

1167

if old_value != self.interval:

1168

self.PropertyChanged(dbus.String("Interval"),

1169

dbus.UInt64(value, variant_level=1))

1094

1170

if getattr(self, "checker_initiator_tag", None) is None:

1095

1171

return

1096

1172

# Reschedule checker run

1105

1181

def Checker_dbus_property(self, value=None):

1106

1182

if value is None: # get

1107

1183

return dbus.String(self.checker_command)

1184

old_value = self.checker_command

1108

1185

self.checker_command = value

1109

1186

# Emit D-Bus signal

1110

self.PropertyChanged(dbus.String("Checker"),

1111

dbus.String(self.checker_command,

1112

variant_level=1))

1187

if old_value != self.checker_command:

1188

self.PropertyChanged(dbus.String("Checker"),

1189

dbus.String(self.checker_command,

1190

variant_level=1))

1113

1191

1114

1192

# CheckerRunning - property

1115

1193

@dbus_service_property(_interface, signature="b",

1204

1282

try:

1205

1283

if int(line.strip().split()[0]) > 1:

1206

1284

raise RuntimeError

1207

except (ValueError, IndexError, RuntimeError), error:

1285

except (ValueError, IndexError, RuntimeError) as error:

1208

1286

logger.error("Unknown protocol version: %s", error)

1209

1287

return

1210

1288

1211

1289

# Start GnuTLS connection

1212

1290

try:

1213

1291

session.handshake()

1214

except gnutls.errors.GNUTLSError, error:

1292

except gnutls.errors.GNUTLSError as error:

1215

1293

logger.warning("Handshake failed: %s", error)

1216

1294

# Do not run session.bye() here: the session is not

1217

1295

# established. Just abandon the request.

1223

1301

try:

1224

1302

fpr = self.fingerprint(self.peer_certificate

1225

1303

(session))

1226

except (TypeError, gnutls.errors.GNUTLSError), error:

1304

except (TypeError,

1305

gnutls.errors.GNUTLSError) as error:

1227

1306

logger.warning("Bad certificate: %s", error)

1228

1307

return

1229

1308

logger.debug("Fingerprint: %s", fpr)

1241

1320

1242

1321

while True:

1243

1322

if not client.enabled:

1244

logger.warning("Client %s is disabled",

1323

logger.info("Client %s is disabled",

1245

1324

client.name)

1246

1325

if self.server.use_dbus:

1247

1326

# Emit D-Bus signal

1292

1371

while sent_size < len(client.secret):

1293

1372

try:

1294

1373

sent = session.send(client.secret[sent_size:])

1295

except (gnutls.errors.GNUTLSError), error:

1374

except gnutls.errors.GNUTLSError as error:

1296

1375

logger.warning("gnutls send failed")

1297

1376

return

1298

1377

logger.debug("Sent: %d, remaining: %d",

1302

1381

1303

1382

logger.info("Sending secret to %s", client.name)

1304

1383

# bump the timeout as if seen

1305

client.checked_ok()

1384

client.checked_ok(client.extended_timeout)

1306

1385

if self.server.use_dbus:

1307

1386

# Emit D-Bus signal

1308

1387

client.GotSecret()

1312

1391

client.approvals_pending -= 1

1313

1392

try:

1314

1393

session.bye()

1315

except (gnutls.errors.GNUTLSError), error:

1394

except gnutls.errors.GNUTLSError as error:

1316

1395

logger.warning("GnuTLS bye failed")

1317

1396

1318

1397

@staticmethod

1409

1488

1410

1489

def add_pipe(self, parent_pipe):

1411

1490

"""Dummy function; override as necessary"""

1412

pass

1491

raise NotImplementedError

1413

1492

1414

1493

class IPv6_TCPServer(MultiprocessingMixInWithPipe,

1415

1494

socketserver.TCPServer, object):

1442

1521

SO_BINDTODEVICE,

1443

1522

str(self.interface

1444

1523

+ '\0'))

1445

except socket.error, error:

1524

except socket.error as error:

1446

1525

if error[0] == errno.EPERM:

1447

1526

logger.error("No permission to"

1448

1527

" bind to interface %s",

1542

1621

client = c

1543

1622

break

1544

1623

else:

1545

logger.warning("Client not found for fingerprint: %s, ad"

1546

"dress: %s", fpr, address)

1624

logger.info("Client not found for fingerprint: %s, ad"

1625

"dress: %s", fpr, address)

1547

1626

if self.use_dbus:

1548

1627

# Emit D-Bus signal

1549

1628

mandos_dbus_service.ClientNotFound(fpr, address[0])

1613

1692

delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)

1614

1693

else:

1615

1694

raise ValueError("Unknown suffix %r" % suffix)

1616

except (ValueError, IndexError), e:

1617

raise ValueError(e.message)

1695

except (ValueError, IndexError) as e:

1696

raise ValueError(*(e.args))

1618

1697

timevalue += delta

1619

1698

return timevalue

1620

1699

1673

1752

##################################################################

1674

1753

# Parsing of options, both command line and config file

1675

1754

1676

parser = optparse.OptionParser(version = "%%prog %s" % version)

1677

parser.add_option("-i", "--interface", type="string",

1678

metavar="IF", help="Bind to interface IF")

1679

parser.add_option("-a", "--address", type="string",

1680

help="Address to listen for requests on")

1681

parser.add_option("-p", "--port", type="int",

1682

help="Port number to receive requests on")

1683

parser.add_option("--check", action="store_true",

1684

help="Run self-test")

1685

parser.add_option("--debug", action="store_true",

1686

help="Debug mode; run in foreground and log to"

1687

" terminal")

1688

parser.add_option("--debuglevel", type="string", metavar="LEVEL",

1689

help="Debug level for stdout output")

1690

parser.add_option("--priority", type="string", help="GnuTLS"

1691

" priority string (see GnuTLS documentation)")

1692

parser.add_option("--servicename", type="string",

1693

metavar="NAME", help="Zeroconf service name")

1694

parser.add_option("--configdir", type="string",

1695

default="/etc/mandos", metavar="DIR",

1696

help="Directory to search for configuration"

1697

" files")

1698

parser.add_option("--no-dbus", action="store_false",

1699

dest="use_dbus", help="Do not provide D-Bus"

1700

" system bus interface")

1701

parser.add_option("--no-ipv6", action="store_false",

1702

dest="use_ipv6", help="Do not use IPv6")

1703

options = parser.parse_args()[0]

1755

parser = argparse.ArgumentParser()

1756

parser.add_argument("-v", "--version", action="version",

1757

version = "%%(prog)s %s" % version,

1758

help="show version number and exit")

1759

parser.add_argument("-i", "--interface", metavar="IF",

1760

help="Bind to interface IF")

1761

parser.add_argument("-a", "--address",

1762

help="Address to listen for requests on")

1763

parser.add_argument("-p", "--port", type=int,

1764

help="Port number to receive requests on")

1765

parser.add_argument("--check", action="store_true",

1766

help="Run self-test")

1767

parser.add_argument("--debug", action="store_true",

1768

help="Debug mode; run in foreground and log"

1769

" to terminal")

1770

parser.add_argument("--debuglevel", metavar="LEVEL",

1771

help="Debug level for stdout output")

1772

parser.add_argument("--priority", help="GnuTLS"

1773

" priority string (see GnuTLS documentation)")

1774

parser.add_argument("--servicename",

1775

metavar="NAME", help="Zeroconf service name")

1776

parser.add_argument("--configdir",

1777

default="/etc/mandos", metavar="DIR",

1778

help="Directory to search for configuration"

1779

" files")

1780

parser.add_argument("--no-dbus", action="store_false",

1781

dest="use_dbus", help="Do not provide D-Bus"

1782

" system bus interface")

1783

parser.add_argument("--no-ipv6", action="store_false",

1784

dest="use_ipv6", help="Do not use IPv6")

1785

options = parser.parse_args()

1704

1786

1705

1787

if options.check:

1706

1788

import doctest

1766

1848

% server_settings["servicename"]))

1767

1849

1768

1850

# Parse config file with clients

1769

client_defaults = { "timeout": "1h",

1770

"interval": "5m",

1851

client_defaults = { "timeout": "5m",

1852

"extended_timeout": "15m",

1853

"interval": "2m",

1771

1854

"checker": "fping -q -- %%(host)s",

1772

1855

"host": "",

1773

1856

"approval_delay": "0s",

1813

1896

try:

1814

1897

os.setgid(gid)

1815

1898

os.setuid(uid)

1816

except OSError, error:

1899

except OSError as error:

1817

1900

if error[0] != errno.EPERM:

1818

1901

raise error

1819

1902

1863

1946

try:

1864

1947

bus_name = dbus.service.BusName("se.bsnet.fukt.Mandos",

1865

1948

bus, do_not_queue=True)

1866

except dbus.exceptions.NameExistsException, e:

1949

except dbus.exceptions.NameExistsException as e:

1867

1950

logger.error(unicode(e) + ", disabling D-Bus")

1868

1951

use_dbus = False

1869

1952

server_settings["use_dbus"] = False

2019

2102

# From the Avahi example code

2020

2103

try:

2021

2104

service.activate()

2022

except dbus.exceptions.DBusException, error:

2105

except dbus.exceptions.DBusException as error:

2023

2106

logger.critical("DBusException: %s", error)

2024

2107

cleanup()

2025

2108

sys.exit(1)

2032

2115

2033

2116

logger.debug("Starting main loop")

2034

2117

main_loop.run()

2035

except AvahiError, error:

2118

except AvahiError as error:

2036

2119

logger.critical("AvahiError: %s", error)

2037

2120

cleanup()

2038

2121

sys.exit(1)

Older »