To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 237.7.793
- compare with another revision
- download diff
- download tarball
- view history from revision 237.7.793
- Committer: Teddy Hogeborn
- Date: 2022-04-23 20:39:28 UTC
- mto: This revision was merged to the branch mainline in revision 406.
- Revision ID: teddy@recompile.se-20220423203928-q2ngppp3pt7cfv4x
Makefile: Add comment about phase out of -lpthread
* Makefile (dracut-module/password-agent): Add comment about -lpthread
being unnecessary in GNU C library 2.34 and later.
* Makefile (dracut-module/password-agent): Add comment about -lpthread
being unnecessary in GNU C library 2.34 and later.
- files removed:
- debian/mandos.maintscript
- files modified:
- .bzrignore
added
removed
mandos
1
1
#!/usr/bin/python3 -bI
2
# -*- coding: utf-8; lexical-binding: t -*-
2
# -*- mode: python; after-save-hook: (lambda () (let ((command (if (fboundp 'file-local-name) (file-local-name (buffer-file-name)) (or (file-remote-p (buffer-file-name) 'localname) (buffer-file-name))))) (if (= (progn (if (get-buffer "*Test*") (kill-buffer "*Test*")) (process-file-shell-command (format "%s --check" (shell-quote-argument command)) nil "*Test*")) 0) (let ((w (get-buffer-window "*Test*"))) (if w (delete-window w))) (progn (with-current-buffer "*Test*" (compilation-mode)) (display-buffer "*Test*" '(display-buffer-in-side-window)))))); coding: utf-8 -*-
3
3
#
4
4
# Mandos server - give out binary blobs to connecting clients.
5
5
#
11
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008-2022 Teddy Hogeborn
15
# Copyright © 2008-2022 Björn Påhlsson
14
# Copyright © 2008-2020 Teddy Hogeborn
15
# Copyright © 2008-2020 Björn Påhlsson
16
16
#
17
17
# This file is part of Mandos.
18
18
#
31
31
#
32
32
# Contact the authors at <mandos@recompile.se>.
33
33
#
34
34
35
from __future__ import (division, absolute_import, print_function,
35
36
unicode_literals)
36
37
39
40
except ImportError:
40
41
pass
41
42
42
import sys
43
import unittest
44
import argparse
45
import logging
46
import os
47
43
try:
48
44
import SocketServer as socketserver
49
45
except ImportError:
50
46
import socketserver
51
47
import socket
48
import argparse
52
49
import datetime
53
50
import errno
54
51
try:
55
52
import ConfigParser as configparser
56
53
except ImportError:
57
54
import configparser
55
import sys
58
56
import re
57
import os
59
58
import signal
60
59
import subprocess
61
60
import atexit
62
61
import stat
62
import logging
63
63
import logging.handlers
64
64
import pwd
65
65
import contextlib
77
77
import itertools
78
78
import collections
79
79
import codecs
80
import unittest
80
81
import random
81
82
import shlex
82
83
93
94
if sys.version_info.major == 2:
94
95
__metaclass__ = type
95
96
str = unicode
96
input = raw_input
97
97
98
98
# Add collections.abc.Callable if it does not exist
99
99
try:
110
110
except AttributeError:
111
111
shlex.quote = re.escape
112
112
113
# Add os.set_inheritable if it does not exist
114
try:
115
os.set_inheritable
116
except AttributeError:
117
def set_inheritable(fd, inheritable):
118
flags = fcntl.fcntl(fd, fcntl.F_GETFD)
119
if inheritable and ((flags & fcntl.FD_CLOEXEC) != 0):
120
fcntl.fcntl(fd, fcntl.F_SETFL, flags & ~fcntl.FD_CLOEXEC)
121
elif (not inheritable) and ((flags & fcntl.FD_CLOEXEC) == 0):
122
fcntl.fcntl(fd, fcntl.F_SETFL, flags | fcntl.FD_CLOEXEC)
123
os.set_inheritable = set_inheritable
124
del set_inheritable
125
126
113
# Show warnings by default
127
114
if not sys.warnoptions:
128
115
import warnings
156
143
if sys.version_info < (3, 2):
157
144
configparser.Configparser = configparser.SafeConfigParser
158
145
159
version = "1.8.17"
146
version = "1.8.14"
160
147
stored_state_file = "clients.pickle"
161
148
162
log = logging.getLogger(os.path.basename(sys.argv[0]))
149
logger = logging.getLogger()
163
150
logging.captureWarnings(True) # Show warnings via the logging system
164
151
syslogger = None
165
152
202
189
facility=logging.handlers.SysLogHandler.LOG_DAEMON,
203
190
address="/dev/log"))
204
191
syslogger.setFormatter(logging.Formatter
205
("Mandos [%(process)d]: %(levelname)s:"
206
" %(message)s"))
207
log.addHandler(syslogger)
192
('Mandos [%(process)d]: %(levelname)s:'
193
' %(message)s'))
194
logger.addHandler(syslogger)
208
195
209
196
if debug:
210
197
console = logging.StreamHandler()
211
console.setFormatter(logging.Formatter("%(asctime)s %(name)s"
212
" [%(process)d]:"
213
" %(levelname)s:"
214
" %(message)s"))
215
log.addHandler(console)
216
log.setLevel(level)
198
console.setFormatter(logging.Formatter('%(asctime)s %(name)s'
199
' [%(process)d]:'
200
' %(levelname)s:'
201
' %(message)s'))
202
logger.addHandler(console)
203
logger.setLevel(level)
217
204
218
205
219
206
class PGPError(Exception):
237
224
except OSError as e:
238
225
if e.errno != errno.ENOENT:
239
226
raise
240
self.gnupgargs = ["--batch",
241
"--homedir", self.tempdir,
242
"--force-mdc",
243
"--quiet"]
227
self.gnupgargs = ['--batch',
228
'--homedir', self.tempdir,
229
'--force-mdc',
230
'--quiet']
244
231
# Only GPG version 1 has the --no-use-agent option.
245
232
if self.gpg == b"gpg" or self.gpg.endswith(b"/gpg"):
246
233
self.gnupgargs.append("--no-use-agent")
285
272
dir=self.tempdir) as passfile:
286
273
passfile.write(passphrase)
287
274
passfile.flush()
288
proc = subprocess.Popen([self.gpg, "--symmetric",
289
"--passphrase-file",
275
proc = subprocess.Popen([self.gpg, '--symmetric',
276
'--passphrase-file',
290
277
passfile.name]
291
278
+ self.gnupgargs,
292
279
stdin=subprocess.PIPE,
303
290
dir=self.tempdir) as passfile:
304
291
passfile.write(passphrase)
305
292
passfile.flush()
306
proc = subprocess.Popen([self.gpg, "--decrypt",
307
"--passphrase-file",
293
proc = subprocess.Popen([self.gpg, '--decrypt',
294
'--passphrase-file',
308
295
passfile.name]
309
296
+ self.gnupgargs,
310
297
stdin=subprocess.PIPE,
363
350
Attributes:
364
351
interface: integer; avahi.IF_UNSPEC or an interface index.
365
352
Used to optionally bind to the specified interface.
366
name: string; Example: "Mandos"
367
type: string; Example: "_mandos._tcp".
353
name: string; Example: 'Mandos'
354
type: string; Example: '_mandos._tcp'.
368
355
See <https://www.iana.org/assignments/service-names-port-numbers>
369
356
port: integer; what port to announce
370
357
TXT: list of strings; TXT record for the service
407
394
def rename(self, remove=True):
408
395
"""Derived from the Avahi example code"""
409
396
if self.rename_count >= self.max_renames:
410
log.critical("No suitable Zeroconf service name found"
411
" after %i retries, exiting.",
412
self.rename_count)
397
logger.critical("No suitable Zeroconf service name found"
398
" after %i retries, exiting.",
399
self.rename_count)
413
400
raise AvahiServiceError("Too many renames")
414
401
self.name = str(
415
402
self.server.GetAlternativeServiceName(self.name))
416
403
self.rename_count += 1
417
log.info("Changing Zeroconf service name to %r ...",
418
self.name)
404
logger.info("Changing Zeroconf service name to %r ...",
405
self.name)
419
406
if remove:
420
407
self.remove()
421
408
try:
423
410
except dbus.exceptions.DBusException as error:
424
411
if (error.get_dbus_name()
425
412
== "org.freedesktop.Avahi.CollisionError"):
426
log.info("Local Zeroconf service name collision.")
413
logger.info("Local Zeroconf service name collision.")
427
414
return self.rename(remove=False)
428
415
else:
429
log.critical("D-Bus Exception", exc_info=error)
416
logger.critical("D-Bus Exception", exc_info=error)
430
417
self.cleanup()
431
418
os._exit(1)
432
419
448
435
avahi.DBUS_INTERFACE_ENTRY_GROUP)
449
436
self.entry_group_state_changed_match = (
450
437
self.group.connect_to_signal(
451
"StateChanged", self.entry_group_state_changed))
452
log.debug("Adding Zeroconf service '%s' of type '%s' ...",
453
self.name, self.type)
438
'StateChanged', self.entry_group_state_changed))
439
logger.debug("Adding Zeroconf service '%s' of type '%s' ...",
440
self.name, self.type)
454
441
self.group.AddService(
455
442
self.interface,
456
443
self.protocol,
463
450
464
451
def entry_group_state_changed(self, state, error):
465
452
"""Derived from the Avahi example code"""
466
log.debug("Avahi entry group state change: %i", state)
453
logger.debug("Avahi entry group state change: %i", state)
467
454
468
455
if state == avahi.ENTRY_GROUP_ESTABLISHED:
469
log.debug("Zeroconf service established.")
456
logger.debug("Zeroconf service established.")
470
457
elif state == avahi.ENTRY_GROUP_COLLISION:
471
log.info("Zeroconf service name collision.")
458
logger.info("Zeroconf service name collision.")
472
459
self.rename()
473
460
elif state == avahi.ENTRY_GROUP_FAILURE:
474
log.critical("Avahi: Error in group state changed %s",
475
str(error))
461
logger.critical("Avahi: Error in group state changed %s",
462
str(error))
476
463
raise AvahiGroupError("State changed: {!s}".format(error))
477
464
478
465
def cleanup(self):
488
475
489
476
def server_state_changed(self, state, error=None):
490
477
"""Derived from the Avahi example code"""
491
log.debug("Avahi server state change: %i", state)
478
logger.debug("Avahi server state change: %i", state)
492
479
bad_states = {
493
480
avahi.SERVER_INVALID: "Zeroconf server invalid",
494
481
avahi.SERVER_REGISTERING: None,
498
485
if state in bad_states:
499
486
if bad_states[state] is not None:
500
487
if error is None:
501
log.error(bad_states[state])
488
logger.error(bad_states[state])
502
489
else:
503
log.error(bad_states[state] + ": %r", error)
490
logger.error(bad_states[state] + ": %r", error)
504
491
self.cleanup()
505
492
elif state == avahi.SERVER_RUNNING:
506
493
try:
508
495
except dbus.exceptions.DBusException as error:
509
496
if (error.get_dbus_name()
510
497
== "org.freedesktop.Avahi.CollisionError"):
511
log.info("Local Zeroconf service name collision.")
498
logger.info("Local Zeroconf service name"
499
" collision.")
512
500
return self.rename(remove=False)
513
501
else:
514
log.critical("D-Bus Exception", exc_info=error)
502
logger.critical("D-Bus Exception", exc_info=error)
515
503
self.cleanup()
516
504
os._exit(1)
517
505
else:
518
506
if error is None:
519
log.debug("Unknown state: %r", state)
507
logger.debug("Unknown state: %r", state)
520
508
else:
521
log.debug("Unknown state: %r: %r", state, error)
509
logger.debug("Unknown state: %r: %r", state, error)
522
510
523
511
def activate(self):
524
512
"""Derived from the Avahi example code"""
539
527
ret = super(AvahiServiceToSyslog, self).rename(*args,
540
528
**kwargs)
541
529
syslogger.setFormatter(logging.Formatter(
542
"Mandos ({}) [%(process)d]: %(levelname)s: %(message)s"
530
'Mandos ({}) [%(process)d]: %(levelname)s: %(message)s'
543
531
.format(self.name)))
544
532
return ret
545
533
586
574
certificate_type_t = ctypes.c_int
587
575
588
576
class datum_t(ctypes.Structure):
589
_fields_ = [("data", ctypes.POINTER(ctypes.c_ubyte)),
590
("size", ctypes.c_uint)]
577
_fields_ = [('data', ctypes.POINTER(ctypes.c_ubyte)),
578
('size', ctypes.c_uint)]
591
579
592
580
class _openpgp_crt_int(ctypes.Structure):
593
581
_fields_ = []
688
676
# Error handling functions
689
677
def _error_code(result):
690
678
"""A function to raise exceptions on errors, suitable
691
for the "restype" attribute on ctypes functions"""
679
for the 'restype' attribute on ctypes functions"""
692
680
if result >= gnutls.E_SUCCESS:
693
681
return result
694
682
if result == gnutls.E_NO_CERTIFICATE_FOUND:
698
686
def _retry_on_error(result, func, arguments,
699
687
_error_code=_error_code):
700
688
"""A function to retry on some errors, suitable
701
for the "errcheck" attribute on ctypes functions"""
689
for the 'errcheck' attribute on ctypes functions"""
702
690
while result < gnutls.E_SUCCESS:
703
691
if result not in (gnutls.E_INTERRUPTED, gnutls.E_AGAIN):
704
692
return _error_code(result)
888
876
"""A representation of a client host served by this server.
889
877
890
878
Attributes:
891
approved: bool(); None if not yet approved/disapproved
879
approved: bool(); 'None' if not yet approved/disapproved
892
880
approval_delay: datetime.timedelta(); Time to wait for approval
893
881
approval_duration: datetime.timedelta(); Duration of one approval
894
882
checker: multiprocessing.Process(); a running checker process used
895
to see if the client lives. None if no process is
883
to see if the client lives. 'None' if no process is
896
884
running.
897
885
checker_callback_tag: a GLib event source tag, or None
898
886
checker_command: string; External command which is run to check
974
962
# key_id() and fingerprint() functions
975
963
client["key_id"] = (section.get("key_id", "").upper()
976
964
.replace(" ", ""))
977
client["fingerprint"] = (section.get("fingerprint",
978
"").upper()
965
client["fingerprint"] = (section["fingerprint"].upper()
979
966
.replace(" ", ""))
980
if not (client["key_id"] or client["fingerprint"]):
981
log.error("Skipping client %s without key_id or"
982
" fingerprint", client_name)
983
del settings[client_name]
984
continue
985
967
if "secret" in section:
986
968
client["secret"] = codecs.decode(section["secret"]
987
969
.encode("utf-8"),
1028
1010
self.last_enabled = None
1029
1011
self.expires = None
1030
1012
1031
log.debug("Creating client %r", self.name)
1032
log.debug(" Key ID: %s", self.key_id)
1033
log.debug(" Fingerprint: %s", self.fingerprint)
1013
logger.debug("Creating client %r", self.name)
1014
logger.debug(" Key ID: %s", self.key_id)
1015
logger.debug(" Fingerprint: %s", self.fingerprint)
1034
1016
self.created = settings.get("created",
1035
1017
datetime.datetime.utcnow())
1036
1018
1064
1046
if getattr(self, "enabled", False):
1065
1047
# Already enabled
1066
1048
return
1049
self.expires = datetime.datetime.utcnow() + self.timeout
1067
1050
self.enabled = True
1068
1051
self.last_enabled = datetime.datetime.utcnow()
1069
1052
self.init_checker()
1074
1057
if not getattr(self, "enabled", False):
1075
1058
return False
1076
1059
if not quiet:
1077
log.info("Disabling client %s", self.name)
1060
logger.info("Disabling client %s", self.name)
1078
1061
if getattr(self, "disable_initiator_tag", None) is not None:
1079
1062
GLib.source_remove(self.disable_initiator_tag)
1080
1063
self.disable_initiator_tag = None
1092
1075
def __del__(self):
1093
1076
self.disable()
1094
1077
1095
def init_checker(self, randomize_start=False):
1096
# Schedule a new checker to be started a randomly selected
1097
# time (a fraction of 'interval') from now. This spreads out
1098
# the startup of checkers over time when the server is
1099
# started.
1078
def init_checker(self):
1079
# Schedule a new checker to be started an 'interval' from now,
1080
# and every interval from then on.
1100
1081
if self.checker_initiator_tag is not None:
1101
1082
GLib.source_remove(self.checker_initiator_tag)
1102
interval_milliseconds = int(self.interval.total_seconds()
1103
* 1000)
1104
if randomize_start:
1105
delay_milliseconds = random.randrange(
1106
interval_milliseconds + 1)
1107
else:
1108
delay_milliseconds = interval_milliseconds
1109
1083
self.checker_initiator_tag = GLib.timeout_add(
1110
delay_milliseconds, self.start_checker, randomize_start)
1111
delay = datetime.timedelta(0, 0, 0, delay_milliseconds)
1112
# A checker might take up to an 'interval' of time, so we can
1113
# expire at the soonest one interval after a checker was
1114
# started. Since the initial checker is delayed, the expire
1115
# time might have to be extended.
1116
now = datetime.datetime.utcnow()
1117
self.expires = now + delay + self.interval
1118
# Schedule a disable() at expire time
1084
random.randrange(int(self.interval.total_seconds() * 1000
1085
+ 1)),
1086
self.start_checker)
1087
# Schedule a disable() when 'timeout' has passed
1119
1088
if self.disable_initiator_tag is not None:
1120
1089
GLib.source_remove(self.disable_initiator_tag)
1121
1090
self.disable_initiator_tag = GLib.timeout_add(
1122
int((self.expires - now).total_seconds() * 1000),
1123
self.disable)
1091
int(self.timeout.total_seconds() * 1000), self.disable)
1092
# Also start a new checker *right now*.
1093
self.start_checker()
1124
1094
1125
1095
def checker_callback(self, source, condition, connection,
1126
1096
command):
1137
1107
self.last_checker_status = returncode
1138
1108
self.last_checker_signal = None
1139
1109
if self.last_checker_status == 0:
1140
log.info("Checker for %(name)s succeeded", vars(self))
1110
logger.info("Checker for %(name)s succeeded",
1111
vars(self))
1141
1112
self.checked_ok()
1142
1113
else:
1143
log.info("Checker for %(name)s failed", vars(self))
1114
logger.info("Checker for %(name)s failed", vars(self))
1144
1115
else:
1145
1116
self.last_checker_status = -1
1146
1117
self.last_checker_signal = -returncode
1147
log.warning("Checker for %(name)s crashed?", vars(self))
1118
logger.warning("Checker for %(name)s crashed?",
1119
vars(self))
1148
1120
return False
1149
1121
1150
1122
def checked_ok(self):
1169
1141
def need_approval(self):
1170
1142
self.last_approval_request = datetime.datetime.utcnow()
1171
1143
1172
def start_checker(self, start_was_randomized=False):
1144
def start_checker(self):
1173
1145
"""Start a new checker subprocess if one is not running.
1174
1146
1175
1147
If a checker already exists, leave it running and do
1184
1156
# should be.
1185
1157
1186
1158
if self.checker is not None and not self.checker.is_alive():
1187
log.warning("Checker was not alive; joining")
1159
logger.warning("Checker was not alive; joining")
1188
1160
self.checker.join()
1189
1161
self.checker = None
1190
1162
# Start a new checker if needed
1196
1168
try:
1197
1169
command = self.checker_command % escaped_attrs
1198
1170
except TypeError as error:
1199
log.error('Could not format string "%s"',
1200
self.checker_command, exc_info=error)
1171
logger.error('Could not format string "%s"',
1172
self.checker_command,
1173
exc_info=error)
1201
1174
return True # Try again later
1202
1175
self.current_checker_command = command
1203
log.info("Starting checker %r for %s", command, self.name)
1176
logger.info("Starting checker %r for %s", command,
1177
self.name)
1204
1178
# We don't need to redirect stdout and stderr, since
1205
1179
# in normal mode, that is already done by daemon(),
1206
1180
# and in debug mode we don't want to. (Stdin is
1225
1199
GLib.IOChannel.unix_new(pipe[0].fileno()),
1226
1200
GLib.PRIORITY_DEFAULT, GLib.IO_IN,
1227
1201
self.checker_callback, pipe[0], command)
1228
if start_was_randomized:
1229
# We were started after a random delay; Schedule a new
1230
# checker to be started an 'interval' from now, and every
1231
# interval from then on.
1232
now = datetime.datetime.utcnow()
1233
self.checker_initiator_tag = GLib.timeout_add(
1234
int(self.interval.total_seconds() * 1000),
1235
self.start_checker)
1236
self.expires = max(self.expires, now + self.interval)
1237
# Don't start a new checker again after same random delay
1238
return False
1239
1202
# Re-run this periodically if run by GLib.timeout_add
1240
1203
return True
1241
1204
1246
1209
self.checker_callback_tag = None
1247
1210
if getattr(self, "checker", None) is None:
1248
1211
return
1249
log.debug("Stopping checker for %(name)s", vars(self))
1212
logger.debug("Stopping checker for %(name)s", vars(self))
1250
1213
self.checker.terminate()
1251
1214
self.checker = None
1252
1215
1279
1242
func._dbus_name = func.__name__
1280
1243
if func._dbus_name.endswith("_dbus_property"):
1281
1244
func._dbus_name = func._dbus_name[:-14]
1282
func._dbus_get_args_options = {"byte_arrays": byte_arrays}
1245
func._dbus_get_args_options = {'byte_arrays': byte_arrays}
1283
1246
return func
1284
1247
1285
1248
return decorator
1374
1337
1375
1338
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
1376
1339
out_signature="s",
1377
path_keyword="object_path",
1378
connection_keyword="connection")
1340
path_keyword='object_path',
1341
connection_keyword='connection')
1379
1342
def Introspect(self, object_path, connection):
1380
1343
"""Overloading of standard D-Bus method.
1381
1344
1430
1393
document.unlink()
1431
1394
except (AttributeError, xml.dom.DOMException,
1432
1395
xml.parsers.expat.ExpatError) as error:
1433
log.error("Failed to override Introspection method",
1434
exc_info=error)
1396
logger.error("Failed to override Introspection method",
1397
exc_info=error)
1435
1398
return xmlstring
1436
1399
1437
1400
1534
1497
1535
1498
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
1536
1499
out_signature="s",
1537
path_keyword="object_path",
1538
connection_keyword="connection")
1500
path_keyword='object_path',
1501
connection_keyword='connection')
1539
1502
def Introspect(self, object_path, connection):
1540
1503
"""Overloading of standard D-Bus method.
1541
1504
1597
1560
document.unlink()
1598
1561
except (AttributeError, xml.dom.DOMException,
1599
1562
xml.parsers.expat.ExpatError) as error:
1600
log.error("Failed to override Introspection method",
1601
exc_info=error)
1563
logger.error("Failed to override Introspection method",
1564
exc_info=error)
1602
1565
return xmlstring
1603
1566
1604
1567
1636
1599
1637
1600
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
1638
1601
out_signature="s",
1639
path_keyword="object_path",
1640
connection_keyword="connection")
1602
path_keyword='object_path',
1603
connection_keyword='connection')
1641
1604
def Introspect(self, object_path, connection):
1642
1605
"""Overloading of standard D-Bus method.
1643
1606
1668
1631
document.unlink()
1669
1632
except (AttributeError, xml.dom.DOMException,
1670
1633
xml.parsers.expat.ExpatError) as error:
1671
log.error("Failed to override Introspection method",
1672
exc_info=error)
1634
logger.error("Failed to override Introspection method",
1635
exc_info=error)
1673
1636
return xmlstring
1674
1637
1675
1638
2309
2272
class ProxyClient:
2310
2273
def __init__(self, child_pipe, key_id, fpr, address):
2311
2274
self._pipe = child_pipe
2312
self._pipe.send(("init", key_id, fpr, address))
2275
self._pipe.send(('init', key_id, fpr, address))
2313
2276
if not self._pipe.recv():
2314
2277
raise KeyError(key_id or fpr)
2315
2278
2316
2279
def __getattribute__(self, name):
2317
if name == "_pipe":
2280
if name == '_pipe':
2318
2281
return super(ProxyClient, self).__getattribute__(name)
2319
self._pipe.send(("getattr", name))
2282
self._pipe.send(('getattr', name))
2320
2283
data = self._pipe.recv()
2321
if data[0] == "data":
2284
if data[0] == 'data':
2322
2285
return data[1]
2323
if data[0] == "function":
2286
if data[0] == 'function':
2324
2287
2325
2288
def func(*args, **kwargs):
2326
self._pipe.send(("funcall", name, args, kwargs))
2289
self._pipe.send(('funcall', name, args, kwargs))
2327
2290
return self._pipe.recv()[1]
2328
2291
2329
2292
return func
2330
2293
2331
2294
def __setattr__(self, name, value):
2332
if name == "_pipe":
2295
if name == '_pipe':
2333
2296
return super(ProxyClient, self).__setattr__(name, value)
2334
self._pipe.send(("setattr", name, value))
2297
self._pipe.send(('setattr', name, value))
2335
2298
2336
2299
2337
2300
class ClientHandler(socketserver.BaseRequestHandler, object):
2342
2305
2343
2306
def handle(self):
2344
2307
with contextlib.closing(self.server.child_pipe) as child_pipe:
2345
log.info("TCP connection from: %s",
2346
str(self.client_address))
2347
log.debug("Pipe FD: %d", self.server.child_pipe.fileno())
2308
logger.info("TCP connection from: %s",
2309
str(self.client_address))
2310
logger.debug("Pipe FD: %d",
2311
self.server.child_pipe.fileno())
2348
2312
2349
2313
session = gnutls.ClientSession(self.request)
2350
2314
2351
# priority = ":".join(("NONE", "+VERS-TLS1.1",
2315
# priority = ':'.join(("NONE", "+VERS-TLS1.1",
2352
2316
# "+AES-256-CBC", "+SHA1",
2353
2317
# "+COMP-NULL", "+CTYPE-OPENPGP",
2354
2318
# "+DHE-DSS"))
2362
2326
# Start communication using the Mandos protocol
2363
2327
# Get protocol number
2364
2328
line = self.request.makefile().readline()
2365
log.debug("Protocol version: %r", line)
2329
logger.debug("Protocol version: %r", line)
2366
2330
try:
2367
2331
if int(line.strip().split()[0]) > 1:
2368
2332
raise RuntimeError(line)
2369
2333
except (ValueError, IndexError, RuntimeError) as error:
2370
log.error("Unknown protocol version: %s", error)
2334
logger.error("Unknown protocol version: %s", error)
2371
2335
return
2372
2336
2373
2337
# Start GnuTLS connection
2374
2338
try:
2375
2339
session.handshake()
2376
2340
except gnutls.Error as error:
2377
log.warning("Handshake failed: %s", error)
2341
logger.warning("Handshake failed: %s", error)
2378
2342
# Do not run session.bye() here: the session is not
2379
2343
# established. Just abandon the request.
2380
2344
return
2381
log.debug("Handshake succeeded")
2345
logger.debug("Handshake succeeded")
2382
2346
2383
2347
approval_required = False
2384
2348
try:
2388
2352
key_id = self.key_id(
2389
2353
self.peer_certificate(session))
2390
2354
except (TypeError, gnutls.Error) as error:
2391
log.warning("Bad certificate: %s", error)
2355
logger.warning("Bad certificate: %s", error)
2392
2356
return
2393
log.debug("Key ID: %s",
2394
key_id.decode("utf-8",
2395
errors="replace"))
2357
logger.debug("Key ID: %s",
2358
key_id.decode("utf-8",
2359
errors="replace"))
2396
2360
2397
2361
else:
2398
2362
key_id = b""
2400
2364
fpr = self.fingerprint(
2401
2365
self.peer_certificate(session))
2402
2366
except (TypeError, gnutls.Error) as error:
2403
log.warning("Bad certificate: %s", error)
2367
logger.warning("Bad certificate: %s", error)
2404
2368
return
2405
log.debug("Fingerprint: %s", fpr)
2369
logger.debug("Fingerprint: %s", fpr)
2406
2370
2407
2371
try:
2408
2372
client = ProxyClient(child_pipe, key_id, fpr,
2417
2381
2418
2382
while True:
2419
2383
if not client.enabled:
2420
log.info("Client %s is disabled", client.name)
2384
logger.info("Client %s is disabled",
2385
client.name)
2421
2386
if self.server.use_dbus:
2422
2387
# Emit D-Bus signal
2423
2388
client.Rejected("Disabled")
2427
2392
# We are approved or approval is disabled
2428
2393
break
2429
2394
elif client.approved is None:
2430
log.info("Client %s needs approval",
2431
client.name)
2395
logger.info("Client %s needs approval",
2396
client.name)
2432
2397
if self.server.use_dbus:
2433
2398
# Emit D-Bus signal
2434
2399
client.NeedApproval(
2435
2400
client.approval_delay.total_seconds()
2436
2401
* 1000, client.approved_by_default)
2437
2402
else:
2438
log.warning("Client %s was not approved",
2439
client.name)
2403
logger.warning("Client %s was not approved",
2404
client.name)
2440
2405
if self.server.use_dbus:
2441
2406
# Emit D-Bus signal
2442
2407
client.Rejected("Denied")
2450
2415
time2 = datetime.datetime.now()
2451
2416
if (time2 - time) >= delay:
2452
2417
if not client.approved_by_default:
2453
log.warning("Client %s timed out while"
2454
" waiting for approval",
2455
client.name)
2418
logger.warning("Client %s timed out while"
2419
" waiting for approval",
2420
client.name)
2456
2421
if self.server.use_dbus:
2457
2422
# Emit D-Bus signal
2458
2423
client.Rejected("Approval timed out")
2465
2430
try:
2466
2431
session.send(client.secret)
2467
2432
except gnutls.Error as error:
2468
log.warning("gnutls send failed", exc_info=error)
2433
logger.warning("gnutls send failed",
2434
exc_info=error)
2469
2435
return
2470
2436
2471
log.info("Sending secret to %s", client.name)
2437
logger.info("Sending secret to %s", client.name)
2472
2438
# bump the timeout using extended_timeout
2473
2439
client.bump_timeout(client.extended_timeout)
2474
2440
if self.server.use_dbus:
2481
2447
try:
2482
2448
session.bye()
2483
2449
except gnutls.Error as error:
2484
log.warning("GnuTLS bye failed", exc_info=error)
2450
logger.warning("GnuTLS bye failed",
2451
exc_info=error)
2485
2452
2486
2453
@staticmethod
2487
2454
def peer_certificate(session):
2497
2464
valid_cert_types = frozenset((gnutls.CRT_OPENPGP,))
2498
2465
# If not a valid certificate type...
2499
2466
if cert_type not in valid_cert_types:
2500
log.info("Cert type %r not in %r", cert_type,
2501
valid_cert_types)
2467
logger.info("Cert type %r not in %r", cert_type,
2468
valid_cert_types)
2502
2469
# ...return invalid data
2503
2470
return b""
2504
2471
list_size = ctypes.c_uint(1)
2623
2590
2624
2591
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
2625
2592
socketserver.TCPServer):
2626
"""IPv6-capable TCP server. Accepts None as address and/or port
2593
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
2627
2594
2628
2595
Attributes:
2629
2596
enabled: Boolean; whether this server is activated yet
2680
2647
if SO_BINDTODEVICE is None:
2681
2648
# Fall back to a hard-coded value which seems to be
2682
2649
# common enough.
2683
log.warning("SO_BINDTODEVICE not found, trying 25")
2650
logger.warning("SO_BINDTODEVICE not found, trying 25")
2684
2651
SO_BINDTODEVICE = 25
2685
2652
try:
2686
2653
self.socket.setsockopt(
2688
2655
(self.interface + "\0").encode("utf-8"))
2689
2656
except socket.error as error:
2690
2657
if error.errno == errno.EPERM:
2691
log.error("No permission to bind to interface %s",
2692
self.interface)
2658
logger.error("No permission to bind to"
2659
" interface %s", self.interface)
2693
2660
elif error.errno == errno.ENOPROTOOPT:
2694
log.error("SO_BINDTODEVICE not available; cannot"
2695
" bind to interface %s", self.interface)
2661
logger.error("SO_BINDTODEVICE not available;"
2662
" cannot bind to interface %s",
2663
self.interface)
2696
2664
elif error.errno == errno.ENODEV:
2697
log.error("Interface %s does not exist, cannot"
2698
" bind", self.interface)
2665
logger.error("Interface %s does not exist,"
2666
" cannot bind", self.interface)
2699
2667
else:
2700
2668
raise
2701
2669
# Only bind(2) the socket if we really need to.
2780
2748
request = parent_pipe.recv()
2781
2749
command = request[0]
2782
2750
2783
if command == "init":
2751
if command == 'init':
2784
2752
key_id = request[1].decode("ascii")
2785
2753
fpr = request[2].decode("ascii")
2786
2754
address = request[3]
2796
2764
client = c
2797
2765
break
2798
2766
else:
2799
log.info("Client not found for key ID: %s, address:"
2800
" %s", key_id or fpr, address)
2767
logger.info("Client not found for key ID: %s, address"
2768
": %s", key_id or fpr, address)
2801
2769
if self.use_dbus:
2802
2770
# Emit D-Bus signal
2803
2771
mandos_dbus_service.ClientNotFound(key_id or fpr,
2816
2784
# remove the old hook in favor of the new above hook on
2817
2785
# same fileno
2818
2786
return False
2819
if command == "funcall":
2787
if command == 'funcall':
2820
2788
funcname = request[1]
2821
2789
args = request[2]
2822
2790
kwargs = request[3]
2823
2791
2824
parent_pipe.send(("data", getattr(client_object,
2792
parent_pipe.send(('data', getattr(client_object,
2825
2793
funcname)(*args,
2826
2794
**kwargs)))
2827
2795
2828
if command == "getattr":
2796
if command == 'getattr':
2829
2797
attrname = request[1]
2830
2798
if isinstance(client_object.__getattribute__(attrname),
2831
2799
collections.abc.Callable):
2832
parent_pipe.send(("function", ))
2800
parent_pipe.send(('function', ))
2833
2801
else:
2834
2802
parent_pipe.send((
2835
"data", client_object.__getattribute__(attrname)))
2803
'data', client_object.__getattribute__(attrname)))
2836
2804
2837
if command == "setattr":
2805
if command == 'setattr':
2838
2806
attrname = request[1]
2839
2807
value = request[2]
2840
2808
setattr(client_object, attrname, value)
2946
2914
def string_to_delta(interval):
2947
2915
"""Parse a string and return a datetime.timedelta
2948
2916
2949
>>> string_to_delta("7d") == datetime.timedelta(7)
2950
True
2951
>>> string_to_delta("60s") == datetime.timedelta(0, 60)
2952
True
2953
>>> string_to_delta("60m") == datetime.timedelta(0, 3600)
2954
True
2955
>>> string_to_delta("24h") == datetime.timedelta(1)
2956
True
2957
>>> string_to_delta("1w") == datetime.timedelta(7)
2958
True
2959
>>> string_to_delta("5m 30s") == datetime.timedelta(0, 330)
2917
>>> string_to_delta('7d') == datetime.timedelta(7)
2918
True
2919
>>> string_to_delta('60s') == datetime.timedelta(0, 60)
2920
True
2921
>>> string_to_delta('60m') == datetime.timedelta(0, 3600)
2922
True
2923
>>> string_to_delta('24h') == datetime.timedelta(1)
2924
True
2925
>>> string_to_delta('1w') == datetime.timedelta(7)
2926
True
2927
>>> string_to_delta('5m 30s') == datetime.timedelta(0, 330)
2960
2928
True
2961
2929
"""
2962
2930
3109
3077
# Later, stdin will, and stdout and stderr might, be dup'ed
3110
3078
# over with an opened os.devnull. But we don't want this to
3111
3079
# happen with a supplied network socket.
3112
while 0 <= server_settings["socket"] <= 2:
3080
if 0 <= server_settings["socket"] <= 2:
3113
3081
server_settings["socket"] = os.dup(server_settings
3114
3082
["socket"])
3115
os.set_inheritable(server_settings["socket"], False)
3116
3083
del server_config
3117
3084
3118
3085
# Override the settings from the config file with command line
3167
3134
3168
3135
if server_settings["servicename"] != "Mandos":
3169
3136
syslogger.setFormatter(
3170
logging.Formatter("Mandos ({}) [%(process)d]:"
3171
" %(levelname)s: %(message)s".format(
3137
logging.Formatter('Mandos ({}) [%(process)d]:'
3138
' %(levelname)s: %(message)s'.format(
3172
3139
server_settings["servicename"])))
3173
3140
3174
3141
# Parse config file with clients
3198
3165
try:
3199
3166
pidfile = codecs.open(pidfilename, "w", encoding="utf-8")
3200
3167
except IOError as e:
3201
log.error("Could not open file %r", pidfilename,
3202
exc_info=e)
3168
logger.error("Could not open file %r", pidfilename,
3169
exc_info=e)
3203
3170
3204
3171
for name, group in (("_mandos", "_mandos"),
3205
3172
("mandos", "mandos"),
3216
3183
try:
3217
3184
os.setgid(gid)
3218
3185
os.setuid(uid)
3219
log.debug("Did setuid/setgid to %s:%s", uid, gid)
3186
if debug:
3187
logger.debug("Did setuid/setgid to {}:{}".format(uid,
3188
gid))
3220
3189
except OSError as error:
3221
log.warning("Failed to setuid/setgid to %s:%s: %s", uid, gid,
3222
os.strerror(error.errno))
3190
logger.warning("Failed to setuid/setgid to {}:{}: {}"
3191
.format(uid, gid, os.strerror(error.errno)))
3223
3192
if error.errno != errno.EPERM:
3224
3193
raise
3225
3194
3232
3201
3233
3202
@gnutls.log_func
3234
3203
def debug_gnutls(level, string):
3235
log.debug("GnuTLS: %s",
3236
string[:-1].decode("utf-8", errors="replace"))
3204
logger.debug("GnuTLS: %s",
3205
string[:-1].decode("utf-8",
3206
errors="replace"))
3237
3207
3238
3208
gnutls.global_set_log_function(debug_gnutls)
3239
3209
3257
3227
# From the Avahi example code
3258
3228
DBusGMainLoop(set_as_default=True)
3259
3229
main_loop = GLib.MainLoop()
3260
if use_dbus or zeroconf:
3261
bus = dbus.SystemBus()
3230
bus = dbus.SystemBus()
3262
3231
# End of Avahi example code
3263
3232
if use_dbus:
3264
3233
try:
3269
3238
"se.bsnet.fukt.Mandos", bus,
3270
3239
do_not_queue=True)
3271
3240
except dbus.exceptions.DBusException as e:
3272
log.error("Disabling D-Bus:", exc_info=e)
3241
logger.error("Disabling D-Bus:", exc_info=e)
3273
3242
use_dbus = False
3274
3243
server_settings["use_dbus"] = False
3275
3244
tcp_server.use_dbus = False
3360
3329
os.remove(stored_state_path)
3361
3330
except IOError as e:
3362
3331
if e.errno == errno.ENOENT:
3363
log.warning("Could not load persistent state:"
3364
" %s", os.strerror(e.errno))
3332
logger.warning("Could not load persistent state:"
3333
" {}".format(os.strerror(e.errno)))
3365
3334
else:
3366
log.critical("Could not load persistent state:",
3367
exc_info=e)
3335
logger.critical("Could not load persistent state:",
3336
exc_info=e)
3368
3337
raise
3369
3338
except EOFError as e:
3370
log.warning("Could not load persistent state: EOFError:",
3371
exc_info=e)
3339
logger.warning("Could not load persistent state: "
3340
"EOFError:",
3341
exc_info=e)
3372
3342
3373
3343
with PGPEngine() as pgp:
3374
3344
for client_name, client in clients_data.items():
3401
3371
if client["enabled"]:
3402
3372
if datetime.datetime.utcnow() >= client["expires"]:
3403
3373
if not client["last_checked_ok"]:
3404
log.warning("disabling client %s - Client"
3405
" never performed a successful"
3406
" checker", client_name)
3374
logger.warning(
3375
"disabling client {} - Client never "
3376
"performed a successful checker".format(
3377
client_name))
3407
3378
client["enabled"] = False
3408
3379
elif client["last_checker_status"] != 0:
3409
log.warning("disabling client %s - Client"
3410
" last checker failed with error"
3411
" code %s", client_name,
3412
client["last_checker_status"])
3380
logger.warning(
3381
"disabling client {} - Client last"
3382
" checker failed with error code"
3383
" {}".format(
3384
client_name,
3385
client["last_checker_status"]))
3413
3386
client["enabled"] = False
3414
3387
else:
3415
3388
client["expires"] = (
3416
3389
datetime.datetime.utcnow()
3417
3390
+ client["timeout"])
3418
log.debug("Last checker succeeded, keeping %s"
3419
" enabled", client_name)
3391
logger.debug("Last checker succeeded,"
3392
" keeping {} enabled".format(
3393
client_name))
3420
3394
try:
3421
3395
client["secret"] = pgp.decrypt(
3422
3396
client["encrypted_secret"],
3423
3397
client_settings[client_name]["secret"])
3424
3398
except PGPError:
3425
3399
# If decryption fails, we use secret from new settings
3426
log.debug("Failed to decrypt %s old secret",
3427
client_name)
3400
logger.debug("Failed to decrypt {} old secret".format(
3401
client_name))
3428
3402
client["secret"] = (client_settings[client_name]
3429
3403
["secret"])
3430
3404
3444
3418
server_settings=server_settings)
3445
3419
3446
3420
if not tcp_server.clients:
3447
log.warning("No clients defined")
3421
logger.warning("No clients defined")
3448
3422
3449
3423
if not foreground:
3450
3424
if pidfile is not None:
3453
3427
with pidfile:
3454
3428
print(pid, file=pidfile)
3455
3429
except IOError:
3456
log.error("Could not write to file %r with PID %d",
3457
pidfilename, pid)
3430
logger.error("Could not write to file %r with PID %d",
3431
pidfilename, pid)
3458
3432
del pidfile
3459
3433
del pidfilename
3460
3434
3610
3584
3611
3585
try:
3612
3586
with tempfile.NamedTemporaryFile(
3613
mode="wb",
3587
mode='wb',
3614
3588
suffix=".pickle",
3615
prefix="clients-",
3589
prefix='clients-',
3616
3590
dir=os.path.dirname(stored_state_path),
3617
3591
delete=False) as stored_state:
3618
3592
pickle.dump((clients, client_settings), stored_state,
3626
3600
except NameError:
3627
3601
pass
3628
3602
if e.errno in (errno.ENOENT, errno.EACCES, errno.EEXIST):
3629
log.warning("Could not save persistent state: %s",
3630
os.strerror(e.errno))
3603
logger.warning("Could not save persistent state: {}"
3604
.format(os.strerror(e.errno)))
3631
3605
else:
3632
log.warning("Could not save persistent state:",
3633
exc_info=e)
3606
logger.warning("Could not save persistent state:",
3607
exc_info=e)
3634
3608
raise
3635
3609
3636
3610
# Delete all clients, and settings from config
3653
3627
mandos_dbus_service.client_added_signal(client)
3654
3628
# Need to initiate checking of clients
3655
3629
if client.enabled:
3656
client.init_checker(randomize_start=True)
3630
client.init_checker()
3657
3631
3658
3632
tcp_server.enable()
3659
3633
tcp_server.server_activate()
3662
3636
if zeroconf:
3663
3637
service.port = tcp_server.socket.getsockname()[1]
3664
3638
if use_ipv6:
3665
log.info("Now listening on address %r, port %d, flowinfo %d,"
3666
" scope_id %d", *tcp_server.socket.getsockname())
3639
logger.info("Now listening on address %r, port %d,"
3640
" flowinfo %d, scope_id %d",
3641
*tcp_server.socket.getsockname())
3667
3642
else: # IPv4
3668
log.info("Now listening on address %r, port %d",
3669
*tcp_server.socket.getsockname())
3643
logger.info("Now listening on address %r, port %d",
3644
*tcp_server.socket.getsockname())
3670
3645
3671
3646
# service.interface = tcp_server.socket.getsockname()[3]
3672
3647
3676
3651
try:
3677
3652
service.activate()
3678
3653
except dbus.exceptions.DBusException as error:
3679
log.critical("D-Bus Exception", exc_info=error)
3654
logger.critical("D-Bus Exception", exc_info=error)
3680
3655
cleanup()
3681
3656
sys.exit(1)
3682
3657
# End of Avahi example code
3687
3662
lambda *args, **kwargs: (tcp_server.handle_request
3688
3663
(*args[2:], **kwargs) or True))
3689
3664
3690
log.debug("Starting main loop")
3665
logger.debug("Starting main loop")
3691
3666
main_loop.run()
3692
3667
except AvahiError as error:
3693
log.critical("Avahi Error", exc_info=error)
3668
logger.critical("Avahi Error", exc_info=error)
3694
3669
cleanup()
3695
3670
sys.exit(1)
3696
3671
except KeyboardInterrupt:
3697
3672
if debug:
3698
3673
print("", file=sys.stderr)
3699
log.debug("Server received KeyboardInterrupt")
3700
log.debug("Server exiting")
3674
logger.debug("Server received KeyboardInterrupt")
3675
logger.debug("Server exiting")
3701
3676
# Must run before the D-Bus bus name gets deregistered
3702
3677
cleanup()
3703
3678
3704
3679
3705
def parse_test_args():
3706
# type: () -> argparse.Namespace
3680
def should_only_run_tests():
3707
3681
parser = argparse.ArgumentParser(add_help=False)
3708
parser.add_argument("--check", action="store_true")
3709
parser.add_argument("--prefix", )
3682
parser.add_argument("--check", action='store_true')
3710
3683
args, unknown_args = parser.parse_known_args()
3711
if args.check:
3712
# Remove test options from sys.argv
3684
run_tests = args.check
3685
if run_tests:
3686
# Remove --check argument from sys.argv
3713
3687
sys.argv[1:] = unknown_args
3714
return args
3688
return run_tests
3715
3689
3716
3690
# Add all tests from doctest strings
3717
3691
def load_tests(loader, tests, none):
3719
3693
tests.addTests(doctest.DocTestSuite())
3720
3694
return tests
3721
3695
3722
if __name__ == "__main__":
3723
options = parse_test_args()
3696
if __name__ == '__main__':
3724
3697
try:
3725
if options.check:
3726
extra_test_prefix = options.prefix
3727
if extra_test_prefix is not None:
3728
if not (unittest.main(argv=[""], exit=False)
3729
.result.wasSuccessful()):
3730
sys.exit(1)
3731
class ExtraTestLoader(unittest.TestLoader):
3732
testMethodPrefix = extra_test_prefix
3733
# Call using ./scriptname --test [--verbose]
3734
unittest.main(argv=[""], testLoader=ExtraTestLoader())
3735
else:
3736
unittest.main(argv=[""])
3698
if should_only_run_tests():
3699
# Call using ./mandos --check [--verbose]
3700
unittest.main()
3737
3701
else:
3738
3702
main()
3739
3703
finally:
3740
3704
logging.shutdown()
3741
3742
# Local Variables:
3743
# run-tests:
3744
# (lambda (&optional extra)
3745
# (if (not (funcall run-tests-in-test-buffer default-directory
3746
# extra))
3747
# (funcall show-test-buffer-in-test-window)
3748
# (funcall remove-test-window)
3749
# (if extra (message "Extra tests run successfully!"))))
3750
# run-tests-in-test-buffer:
3751
# (lambda (dir &optional extra)
3752
# (with-current-buffer (get-buffer-create "*Test*")
3753
# (setq buffer-read-only nil
3754
# default-directory dir)
3755
# (erase-buffer)
3756
# (compilation-mode))
3757
# (let ((process-result
3758
# (let ((inhibit-read-only t))
3759
# (process-file-shell-command
3760
# (funcall get-command-line extra) nil "*Test*"))))
3761
# (and (numberp process-result)
3762
# (= process-result 0))))
3763
# get-command-line:
3764
# (lambda (&optional extra)
3765
# (let ((quoted-script
3766
# (shell-quote-argument (funcall get-script-name))))
3767
# (format
3768
# (concat "%s --check" (if extra " --prefix=atest" ""))
3769
# quoted-script)))
3770
# get-script-name:
3771
# (lambda ()
3772
# (if (fboundp 'file-local-name)
3773
# (file-local-name (buffer-file-name))
3774
# (or (file-remote-p (buffer-file-name) 'localname)
3775
# (buffer-file-name))))
3776
# remove-test-window:
3777
# (lambda ()
3778
# (let ((test-window (get-buffer-window "*Test*")))
3779
# (if test-window (delete-window test-window))))
3780
# show-test-buffer-in-test-window:
3781
# (lambda ()
3782
# (when (not (get-buffer-window-list "*Test*"))
3783
# (setq next-error-last-buffer (get-buffer "*Test*"))
3784
# (let* ((side (if (>= (window-width) 146) 'right 'bottom))
3785
# (display-buffer-overriding-action
3786
# `((display-buffer-in-side-window) (side . ,side)
3787
# (window-height . fit-window-to-buffer)
3788
# (window-width . fit-window-to-buffer))))
3789
# (display-buffer "*Test*"))))
3790
# eval:
3791
# (progn
3792
# (let* ((run-extra-tests (lambda () (interactive)
3793
# (funcall run-tests t)))
3794
# (inner-keymap `(keymap (116 . ,run-extra-tests))) ; t
3795
# (outer-keymap `(keymap (3 . ,inner-keymap)))) ; C-c
3796
# (setq minor-mode-overriding-map-alist
3797
# (cons `(run-tests . ,outer-keymap)
3798
# minor-mode-overriding-map-alist)))
3799
# (add-hook 'after-save-hook run-tests 90 t))
3800
# End:
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0