/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos

  • Committer: teddy at recompile
  • Date: 2020-02-07 20:53:34 UTC
  • mto: This revision was merged to the branch mainline in revision 396.
  • Revision ID: teddy@recompile.se-20200207205334-dp41p8c8vw0ytik5
Allow users to more easily alter mandos.service

The sysvinit script uses /etc/default/mandos as an environment file,
and supports adding additional server options to a DAEMON_ARGS
environment variable.  This should be supported by the systemd
service, too.

* mandos.service ([Service]/EnvironmentFile): New; set to
  "/etc/default/mandos ".
  ([Service]/ExecStart): Append "$DAEMON_ARGS".

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
#!/usr/bin/python3 -b
 
1
#!/usr/bin/python3 -bI
2
2
# -*- mode: python; after-save-hook: (lambda () (let ((command (if (fboundp 'file-local-name) (file-local-name (buffer-file-name)) (or (file-remote-p (buffer-file-name) 'localname) (buffer-file-name))))) (if (= (progn (if (get-buffer "*Test*") (kill-buffer "*Test*")) (process-file-shell-command (format "%s --check" (shell-quote-argument command)) nil "*Test*")) 0) (let ((w (get-buffer-window "*Test*"))) (if w (delete-window w))) (progn (with-current-buffer "*Test*" (compilation-mode)) (display-buffer "*Test*" '(display-buffer-in-side-window)))))); coding: utf-8 -*-
3
3
#
4
4
# Mandos server - give out binary blobs to connecting clients.
78
78
import collections
79
79
import codecs
80
80
import unittest
 
81
import random
81
82
 
82
83
import dbus
83
84
import dbus.service
91
92
 
92
93
if sys.version_info.major == 2:
93
94
    __metaclass__ = type
 
95
    str = unicode
 
96
 
 
97
# Add collections.abc.Callable if it does not exist
 
98
try:
 
99
    collections.abc.Callable
 
100
except AttributeError:
 
101
    class abc:
 
102
        Callable = collections.Callable
 
103
    collections.abc = abc
 
104
    del abc
94
105
 
95
106
# Show warnings by default
96
107
if not sys.warnoptions:
122
133
            # No value found
123
134
            SO_BINDTODEVICE = None
124
135
 
125
 
if sys.version_info.major == 2:
126
 
    str = unicode
127
 
 
128
136
if sys.version_info < (3, 2):
129
137
    configparser.Configparser = configparser.SafeConfigParser
130
138
 
131
 
version = "1.8.8"
 
139
version = "1.8.9"
132
140
stored_state_file = "clients.pickle"
133
141
 
134
142
logger = logging.getLogger()
203
211
            output = subprocess.check_output(["gpgconf"])
204
212
            for line in output.splitlines():
205
213
                name, text, path = line.split(b":")
206
 
                if name == "gpg":
 
214
                if name == b"gpg":
207
215
                    self.gpg = path
208
216
                    break
209
217
        except OSError as e:
214
222
                          '--force-mdc',
215
223
                          '--quiet']
216
224
        # Only GPG version 1 has the --no-use-agent option.
217
 
        if self.gpg == "gpg" or self.gpg.endswith("/gpg"):
 
225
        if self.gpg == b"gpg" or self.gpg.endswith(b"/gpg"):
218
226
            self.gnupgargs.append("--no-use-agent")
219
227
 
220
228
    def __enter__(self):
1037
1045
        if self.checker_initiator_tag is not None:
1038
1046
            GLib.source_remove(self.checker_initiator_tag)
1039
1047
        self.checker_initiator_tag = GLib.timeout_add(
1040
 
            int(self.interval.total_seconds() * 1000),
 
1048
            random.randrange(int(self.interval.total_seconds() * 1000
 
1049
                                 + 1)),
1041
1050
            self.start_checker)
1042
1051
        # Schedule a disable() when 'timeout' has passed
1043
1052
        if self.disable_initiator_tag is not None:
1053
1062
        # Read return code from connection (see call_pipe)
1054
1063
        returncode = connection.recv()
1055
1064
        connection.close()
1056
 
        self.checker.join()
 
1065
        if self.checker is not None:
 
1066
            self.checker.join()
1057
1067
        self.checker_callback_tag = None
1058
1068
        self.checker = None
1059
1069
 
1412
1422
                raise ValueError("Byte arrays not supported for non-"
1413
1423
                                 "'ay' signature {!r}"
1414
1424
                                 .format(prop._dbus_signature))
1415
 
            value = dbus.ByteArray(b''.join(chr(byte)
1416
 
                                            for byte in value))
 
1425
            value = dbus.ByteArray(bytes(value))
1417
1426
        prop(value)
1418
1427
 
1419
1428
    @dbus.service.method(dbus.PROPERTIES_IFACE,
2748
2757
        if command == 'getattr':
2749
2758
            attrname = request[1]
2750
2759
            if isinstance(client_object.__getattribute__(attrname),
2751
 
                          collections.Callable):
 
2760
                          collections.abc.Callable):
2752
2761
                parent_pipe.send(('function', ))
2753
2762
            else:
2754
2763
                parent_pipe.send((
3251
3260
                             if isinstance(s, bytes)
3252
3261
                             else s) for s in
3253
3262
                            value["client_structure"]]
3254
 
                        # .name & .host
3255
 
                        for k in ("name", "host"):
 
3263
                        # .name, .host, and .checker_command
 
3264
                        for k in ("name", "host", "checker_command"):
3256
3265
                            if isinstance(value[k], bytes):
3257
3266
                                value[k] = value[k].decode("utf-8")
3258
3267
                        if "key_id" not in value:
3268
3277
                        for key, value in
3269
3278
                        bytes_old_client_settings.items()}
3270
3279
                    del bytes_old_client_settings
3271
 
                    # .host
 
3280
                    # .host and .checker_command
3272
3281
                    for value in old_client_settings.values():
3273
 
                        if isinstance(value["host"], bytes):
3274
 
                            value["host"] = (value["host"]
3275
 
                                             .decode("utf-8"))
 
3282
                        for attribute in ("host", "checker_command"):
 
3283
                            if isinstance(value[attribute], bytes):
 
3284
                                value[attribute] = (value[attribute]
 
3285
                                                    .decode("utf-8"))
3276
3286
            os.remove(stored_state_path)
3277
3287
        except IOError as e:
3278
3288
            if e.errno == errno.ENOENT: