To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to server.py
- browse files at revision 24.1.10
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.10
- Committer: Björn Påhlsson
- Date: 2008-08-03 14:57:46 UTC
- mto: (237.7.1 mandos) (24.1.154 mandos)
- mto: This revision was merged to the branch mainline in revision 41.
- Revision ID: belorn@braxen-20080803145746-4boahihngi1uwjap
merge commit
- files added:
- ca.pem
- files removed:
- .bzr-builddeb
- debian
- debian/po
- files renamed:
- plugin-runner.c => plugbasedclient.c
- plugins.d/mandos-client.c => plugins.d/mandosclient.c
- plugins.d/password-prompt.c => plugins.d/passprompt.c
- mandos.conf => server.conf
- mandos => server.py
- files modified:
- Makefile
added
removed
server.py
6
6
# This program is partly derived from an example program for an Avahi
7
7
# service publisher, downloaded from
8
8
# <http://avahi.org/wiki/PythonPublishExample>. This includes the
9
# methods "add", "remove", "server_state_changed",
10
# "entry_group_state_changed", "cleanup", and "activate" in the
11
# "AvahiService" class, and some lines in "main".
9
# following functions: "AvahiService.add", "AvahiService.remove",
10
# "server_state_changed", "entry_group_state_changed", and some lines
11
# in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008,2009 Teddy Hogeborn
15
# Copyright © 2008,2009 Björn Påhlsson
14
# Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
16
15
#
17
16
# This program is free software: you can redistribute it and/or modify
18
17
# it under the terms of the GNU General Public License as published by
25
24
# GNU General Public License for more details.
26
25
#
27
26
# You should have received a copy of the GNU General Public License
28
# along with this program. If not, see
29
# <http://www.gnu.org/licenses/>.
27
# along with this program. If not, see <http://www.gnu.org/licenses/>.
30
28
#
31
29
# Contact the authors at <mandos@fukt.bsnet.se>.
32
30
#
33
31
34
from __future__ import division, with_statement, absolute_import
32
from __future__ import division
35
33
36
import SocketServer as socketserver
34
import SocketServer
37
35
import socket
38
import optparse
36
import select
37
from optparse import OptionParser
39
38
import datetime
40
39
import errno
41
40
import gnutls.crypto
44
43
import gnutls.library.functions
45
44
import gnutls.library.constants
46
45
import gnutls.library.types
47
import ConfigParser as configparser
46
import ConfigParser
48
47
import sys
49
48
import re
50
49
import os
51
50
import signal
51
from sets import Set
52
52
import subprocess
53
53
import atexit
54
54
import stat
55
55
import logging
56
56
import logging.handlers
57
import pwd
58
from contextlib import closing
59
import struct
60
import fcntl
61
57
62
58
import dbus
63
import dbus.service
64
59
import gobject
65
60
import avahi
66
61
from dbus.mainloop.glib import DBusGMainLoop
67
62
import ctypes
68
import ctypes.util
69
70
try:
71
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
72
except AttributeError:
73
try:
74
from IN import SO_BINDTODEVICE
75
except ImportError:
76
# From /usr/include/asm/socket.h
77
SO_BINDTODEVICE = 25
78
79
80
version = "1.0.8"
81
82
logger = logging.Logger(u'mandos')
83
syslogger = (logging.handlers.SysLogHandler
84
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
85
address = "/dev/log"))
86
syslogger.setFormatter(logging.Formatter
87
(u'Mandos [%(process)d]: %(levelname)s:'
88
u' %(message)s'))
63
64
# Brief description of the operation of this program:
65
#
66
# This server announces itself as a Zeroconf service. Connecting
67
# clients use the TLS protocol, with the unusual quirk that this
68
# server program acts as a TLS "client" while a connecting client acts
69
# as a TLS "server". The client (acting as a TLS "server") must
70
# supply an OpenPGP certificate, and the fingerprint of this
71
# certificate is used by this server to look up (in a list read from a
72
# file at start time) which binary blob to give the client. No other
73
# authentication or authorization is done by this server.
74
75
76
logger = logging.Logger('mandos')
77
syslogger = logging.handlers.SysLogHandler\
78
(facility = logging.handlers.SysLogHandler.LOG_DAEMON)
79
syslogger.setFormatter(logging.Formatter\
80
('%(levelname)s: %(message)s'))
89
81
logger.addHandler(syslogger)
82
del syslogger
90
83
91
console = logging.StreamHandler()
92
console.setFormatter(logging.Formatter(u'%(name)s [%(process)d]:'
93
u' %(levelname)s:'
94
u' %(message)s'))
95
logger.addHandler(console)
96
84
97
85
class AvahiError(Exception):
98
def __init__(self, value, *args, **kwargs):
86
def __init__(self, value):
99
87
self.value = value
100
super(AvahiError, self).__init__(value, *args, **kwargs)
101
def __unicode__(self):
102
return unicode(repr(self.value))
88
def __str__(self):
89
return repr(self.value)
103
90
104
91
class AvahiServiceError(AvahiError):
105
92
pass
109
96
110
97
111
98
class AvahiService(object):
112
"""An Avahi (Zeroconf) service.
113
114
Attributes:
99
"""
115
100
interface: integer; avahi.IF_UNSPEC or an interface index.
116
101
Used to optionally bind to the specified interface.
117
name: string; Example: u'Mandos'
118
type: string; Example: u'_mandos._tcp'.
119
See <http://www.dns-sd.org/ServiceTypes.html>
120
port: integer; what port to announce
121
TXT: list of strings; TXT record for the service
122
domain: string; Domain to publish on, default to .local if empty.
123
host: string; Host to publish records for, default is localhost
124
max_renames: integer; maximum number of renames
125
rename_count: integer; counter so we only rename after collisions
126
a sensible number of times
127
group: D-Bus Entry Group
128
server: D-Bus Server
102
name = string; Example: "Mandos"
103
type = string; Example: "_mandos._tcp".
104
See <http://www.dns-sd.org/ServiceTypes.html>
105
port = integer; what port to announce
106
TXT = list of strings; TXT record for the service
107
domain = string; Domain to publish on, default to .local if empty.
108
host = string; Host to publish records for, default to localhost
109
if empty.
110
max_renames = integer; maximum number of renames
111
rename_count = integer; counter so we only rename after collisions
112
a sensible number of times
129
113
"""
130
114
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
131
servicetype = None, port = None, TXT = None,
132
domain = u"", host = u"", max_renames = 32768,
133
protocol = avahi.PROTO_UNSPEC):
115
type = None, port = None, TXT = None, domain = "",
116
host = "", max_renames = 12):
117
"""An Avahi (Zeroconf) service. """
134
118
self.interface = interface
135
119
self.name = name
136
self.type = servicetype
120
self.type = type
137
121
self.port = port
138
self.TXT = TXT if TXT is not None else []
122
if TXT is None:
123
self.TXT = []
124
else:
125
self.TXT = TXT
139
126
self.domain = domain
140
127
self.host = host
141
128
self.rename_count = 0
142
self.max_renames = max_renames
143
self.protocol = protocol
144
self.group = None # our entry group
145
self.server = None
146
129
def rename(self):
147
130
"""Derived from the Avahi example code"""
148
131
if self.rename_count >= self.max_renames:
149
logger.critical(u"No suitable Zeroconf service name found"
150
u" after %i retries, exiting.",
151
self.rename_count)
152
raise AvahiServiceError(u"Too many renames")
153
self.name = self.server.GetAlternativeServiceName(self.name)
154
logger.info(u"Changing Zeroconf service name to %r ...",
155
unicode(self.name))
156
syslogger.setFormatter(logging.Formatter
157
(u'Mandos (%s) [%%(process)d]:'
158
u' %%(levelname)s: %%(message)s'
159
% self.name))
132
logger.critical(u"No suitable service name found after %i"
133
u" retries, exiting.", rename_count)
134
raise AvahiServiceError("Too many renames")
135
name = server.GetAlternativeServiceName(name)
136
logger.notice(u"Changing name to %r ...", name)
160
137
self.remove()
161
138
self.add()
162
139
self.rename_count += 1
163
140
def remove(self):
164
141
"""Derived from the Avahi example code"""
165
if self.group is not None:
166
self.group.Reset()
142
if group is not None:
143
group.Reset()
167
144
def add(self):
168
145
"""Derived from the Avahi example code"""
169
if self.group is None:
170
self.group = dbus.Interface(
171
bus.get_object(avahi.DBUS_NAME,
172
self.server.EntryGroupNew()),
173
avahi.DBUS_INTERFACE_ENTRY_GROUP)
174
self.group.connect_to_signal('StateChanged',
175
self.entry_group_state_changed)
176
logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",
177
self.name, self.type)
178
self.group.AddService(
179
self.interface,
180
self.protocol,
181
dbus.UInt32(0), # flags
182
self.name, self.type,
183
self.domain, self.host,
184
dbus.UInt16(self.port),
185
avahi.string_array_to_txt_array(self.TXT))
186
self.group.Commit()
187
def entry_group_state_changed(self, state, error):
188
"""Derived from the Avahi example code"""
189
logger.debug(u"Avahi state change: %i", state)
190
191
if state == avahi.ENTRY_GROUP_ESTABLISHED:
192
logger.debug(u"Zeroconf service established.")
193
elif state == avahi.ENTRY_GROUP_COLLISION:
194
logger.warning(u"Zeroconf service name collision.")
195
self.rename()
196
elif state == avahi.ENTRY_GROUP_FAILURE:
197
logger.critical(u"Avahi: Error in group state changed %s",
198
unicode(error))
199
raise AvahiGroupError(u"State changed: %s"
200
% unicode(error))
201
def cleanup(self):
202
"""Derived from the Avahi example code"""
203
if self.group is not None:
204
self.group.Free()
205
self.group = None
206
def server_state_changed(self, state):
207
"""Derived from the Avahi example code"""
208
if state == avahi.SERVER_COLLISION:
209
logger.error(u"Zeroconf server name collision")
210
self.remove()
211
elif state == avahi.SERVER_RUNNING:
212
self.add()
213
def activate(self):
214
"""Derived from the Avahi example code"""
215
if self.server is None:
216
self.server = dbus.Interface(
217
bus.get_object(avahi.DBUS_NAME,
218
avahi.DBUS_PATH_SERVER),
219
avahi.DBUS_INTERFACE_SERVER)
220
self.server.connect_to_signal(u"StateChanged",
221
self.server_state_changed)
222
self.server_state_changed(self.server.GetState())
146
global group
147
if group is None:
148
group = dbus.Interface\
149
(bus.get_object(avahi.DBUS_NAME,
150
server.EntryGroupNew()),
151
avahi.DBUS_INTERFACE_ENTRY_GROUP)
152
group.connect_to_signal('StateChanged',
153
entry_group_state_changed)
154
logger.debug(u"Adding service '%s' of type '%s' ...",
155
service.name, service.type)
156
group.AddService(
157
self.interface, # interface
158
avahi.PROTO_INET6, # protocol
159
dbus.UInt32(0), # flags
160
self.name, self.type,
161
self.domain, self.host,
162
dbus.UInt16(self.port),
163
avahi.string_array_to_txt_array(self.TXT))
164
group.Commit()
165
166
# From the Avahi example code:
167
group = None # our entry group
168
# End of Avahi example code
223
169
224
170
225
171
class Client(object):
226
172
"""A representation of a client host served by this server.
227
228
173
Attributes:
229
name: string; from the config file, used in log messages and
230
D-Bus identifiers
174
name: string; from the config file, used in log messages
231
175
fingerprint: string (40 or 32 hexadecimal digits); used to
232
176
uniquely identify the client
233
secret: bytestring; sent verbatim (over TLS) to client
234
host: string; available for use by the checker command
235
created: datetime.datetime(); (UTC) object creation
236
last_enabled: datetime.datetime(); (UTC)
237
enabled: bool()
238
last_checked_ok: datetime.datetime(); (UTC) or None
239
timeout: datetime.timedelta(); How long from last_checked_ok
240
until this client is invalid
241
interval: datetime.timedelta(); How often to start a new checker
242
disable_hook: If set, called by disable() as disable_hook(self)
243
checker: subprocess.Popen(); a running checker process used
244
to see if the client lives.
245
'None' if no process is running.
177
secret: bytestring; sent verbatim (over TLS) to client
178
fqdn: string (FQDN); available for use by the checker command
179
created: datetime.datetime(); object creation, not client host
180
last_checked_ok: datetime.datetime() or None if not yet checked OK
181
timeout: datetime.timedelta(); How long from last_checked_ok
182
until this client is invalid
183
interval: datetime.timedelta(); How often to start a new checker
184
stop_hook: If set, called by stop() as stop_hook(self)
185
checker: subprocess.Popen(); a running checker process used
186
to see if the client lives.
187
'None' if no process is running.
246
188
checker_initiator_tag: a gobject event source tag, or None
247
disable_initiator_tag: - '' -
189
stop_initiator_tag: - '' -
248
190
checker_callback_tag: - '' -
249
191
checker_command: string; External command which is run to check if
250
192
client lives. %() expansions are done at
251
193
runtime with vars(self) as dict, so that for
252
194
instance %(name)s can be used in the command.
253
current_checker_command: string; current running checker_command
195
Private attibutes:
196
_timeout: Real variable for 'timeout'
197
_interval: Real variable for 'interval'
198
_timeout_milliseconds: Used when calling gobject.timeout_add()
199
_interval_milliseconds: - '' -
254
200
"""
255
256
@staticmethod
257
def _datetime_to_milliseconds(dt):
258
"Convert a datetime.datetime() to milliseconds"
259
return ((dt.days * 24 * 60 * 60 * 1000)
260
+ (dt.seconds * 1000)
261
+ (dt.microseconds // 1000))
262
263
def timeout_milliseconds(self):
264
"Return the 'timeout' attribute in milliseconds"
265
return self._datetime_to_milliseconds(self.timeout)
266
267
def interval_milliseconds(self):
268
"Return the 'interval' attribute in milliseconds"
269
return self._datetime_to_milliseconds(self.interval)
270
271
def __init__(self, name = None, disable_hook=None, config=None):
272
"""Note: the 'checker' key in 'config' sets the
273
'checker_command' attribute and *not* the 'checker'
274
attribute."""
201
def _set_timeout(self, timeout):
202
"Setter function for 'timeout' attribute"
203
self._timeout = timeout
204
self._timeout_milliseconds = ((self.timeout.days
205
* 24 * 60 * 60 * 1000)
206
+ (self.timeout.seconds * 1000)
207
+ (self.timeout.microseconds
208
// 1000))
209
timeout = property(lambda self: self._timeout,
210
_set_timeout)
211
del _set_timeout
212
def _set_interval(self, interval):
213
"Setter function for 'interval' attribute"
214
self._interval = interval
215
self._interval_milliseconds = ((self.interval.days
216
* 24 * 60 * 60 * 1000)
217
+ (self.interval.seconds
218
* 1000)
219
+ (self.interval.microseconds
220
// 1000))
221
interval = property(lambda self: self._interval,
222
_set_interval)
223
del _set_interval
224
def __init__(self, name=None, stop_hook=None, fingerprint=None,
225
secret=None, secfile=None, fqdn=None, timeout=None,
226
interval=-1, checker=None):
227
"""Note: the 'checker' argument sets the 'checker_command'
228
attribute and not the 'checker' attribute.."""
275
229
self.name = name
276
if config is None:
277
config = {}
278
230
logger.debug(u"Creating client %r", self.name)
279
# Uppercase and remove spaces from fingerprint for later
280
# comparison purposes with return value from the fingerprint()
281
# function
282
self.fingerprint = (config[u"fingerprint"].upper()
283
.replace(u" ", u""))
231
# Uppercase and remove spaces from fingerprint
232
# for later comparison purposes with return value of
233
# the fingerprint() function
234
self.fingerprint = fingerprint.upper().replace(u" ", u"")
284
235
logger.debug(u" Fingerprint: %s", self.fingerprint)
285
if u"secret" in config:
286
self.secret = config[u"secret"].decode(u"base64")
287
elif u"secfile" in config:
288
with closing(open(os.path.expanduser
289
(os.path.expandvars
290
(config[u"secfile"])))) as secfile:
291
self.secret = secfile.read()
236
if secret:
237
self.secret = secret.decode(u"base64")
238
elif secfile:
239
sf = open(secfile)
240
self.secret = sf.read()
241
sf.close()
292
242
else:
293
243
raise TypeError(u"No secret or secfile for client %s"
294
244
% self.name)
295
self.host = config.get(u"host", u"")
296
self.created = datetime.datetime.utcnow()
297
self.enabled = False
298
self.last_enabled = None
245
self.fqdn = fqdn
246
self.created = datetime.datetime.now()
299
247
self.last_checked_ok = None
300
self.timeout = string_to_delta(config[u"timeout"])
301
self.interval = string_to_delta(config[u"interval"])
302
self.disable_hook = disable_hook
248
self.timeout = string_to_delta(timeout)
249
self.interval = string_to_delta(interval)
250
self.stop_hook = stop_hook
303
251
self.checker = None
304
252
self.checker_initiator_tag = None
305
self.disable_initiator_tag = None
253
self.stop_initiator_tag = None
306
254
self.checker_callback_tag = None
307
self.checker_command = config[u"checker"]
308
self.current_checker_command = None
309
self.last_connect = None
310
311
def enable(self):
255
self.check_command = checker
256
def start(self):
312
257
"""Start this client's checker and timeout hooks"""
313
self.last_enabled = datetime.datetime.utcnow()
314
258
# Schedule a new checker to be started an 'interval' from now,
315
259
# and every interval from then on.
316
self.checker_initiator_tag = (gobject.timeout_add
317
(self.interval_milliseconds(),
318
self.start_checker))
260
self.checker_initiator_tag = gobject.timeout_add\
261
(self._interval_milliseconds,
262
self.start_checker)
319
263
# Also start a new checker *right now*.
320
264
self.start_checker()
321
# Schedule a disable() when 'timeout' has passed
322
self.disable_initiator_tag = (gobject.timeout_add
323
(self.timeout_milliseconds(),
324
self.disable))
325
self.enabled = True
326
327
def disable(self):
328
"""Disable this client."""
329
if not getattr(self, "enabled", False):
265
# Schedule a stop() when 'timeout' has passed
266
self.stop_initiator_tag = gobject.timeout_add\
267
(self._timeout_milliseconds,
268
self.stop)
269
def stop(self):
270
"""Stop this client.
271
The possibility that a client might be restarted is left open,
272
but not currently used."""
273
# If this client doesn't have a secret, it is already stopped.
274
if self.secret:
275
logger.debug(u"Stopping client %s", self.name)
276
self.secret = None
277
else:
330
278
return False
331
logger.info(u"Disabling client %s", self.name)
332
if getattr(self, u"disable_initiator_tag", False):
333
gobject.source_remove(self.disable_initiator_tag)
334
self.disable_initiator_tag = None
335
if getattr(self, u"checker_initiator_tag", False):
279
if getattr(self, "stop_initiator_tag", False):
280
gobject.source_remove(self.stop_initiator_tag)
281
self.stop_initiator_tag = None
282
if getattr(self, "checker_initiator_tag", False):
336
283
gobject.source_remove(self.checker_initiator_tag)
337
284
self.checker_initiator_tag = None
338
285
self.stop_checker()
339
if self.disable_hook:
340
self.disable_hook(self)
341
self.enabled = False
286
if self.stop_hook:
287
self.stop_hook(self)
342
288
# Do not run this again if called by a gobject.timeout_add
343
289
return False
344
345
290
def __del__(self):
346
self.disable_hook = None
347
self.disable()
348
349
def checker_callback(self, pid, condition, command):
291
self.stop_hook = None
292
self.stop()
293
def checker_callback(self, pid, condition):
350
294
"""The checker has completed, so take appropriate actions."""
295
now = datetime.datetime.now()
351
296
self.checker_callback_tag = None
352
297
self.checker = None
353
if os.WIFEXITED(condition):
354
exitstatus = os.WEXITSTATUS(condition)
355
if exitstatus == 0:
356
logger.info(u"Checker for %(name)s succeeded",
357
vars(self))
358
self.checked_ok()
359
else:
360
logger.info(u"Checker for %(name)s failed",
361
vars(self))
362
else:
298
if os.WIFEXITED(condition) \
299
and (os.WEXITSTATUS(condition) == 0):
300
logger.debug(u"Checker for %(name)s succeeded",
301
vars(self))
302
self.last_checked_ok = now
303
gobject.source_remove(self.stop_initiator_tag)
304
self.stop_initiator_tag = gobject.timeout_add\
305
(self._timeout_milliseconds,
306
self.stop)
307
elif not os.WIFEXITED(condition):
363
308
logger.warning(u"Checker for %(name)s crashed?",
364
309
vars(self))
365
366
def checked_ok(self):
367
"""Bump up the timeout for this client.
368
369
This should only be called when the client has been seen,
370
alive and well.
371
"""
372
self.last_checked_ok = datetime.datetime.utcnow()
373
gobject.source_remove(self.disable_initiator_tag)
374
self.disable_initiator_tag = (gobject.timeout_add
375
(self.timeout_milliseconds(),
376
self.disable))
377
310
else:
311
logger.debug(u"Checker for %(name)s failed",
312
vars(self))
378
313
def start_checker(self):
379
314
"""Start a new checker subprocess if one is not running.
380
381
315
If a checker already exists, leave it running and do
382
316
nothing."""
383
317
# The reason for not killing a running checker is that if we
388
322
# checkers alone, the checker would have to take more time
389
323
# than 'timeout' for the client to be declared invalid, which
390
324
# is as it should be.
391
392
# If a checker exists, make sure it is not a zombie
393
if self.checker is not None:
394
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
395
if pid:
396
logger.warning(u"Checker was a zombie")
397
gobject.source_remove(self.checker_callback_tag)
398
self.checker_callback(pid, status,
399
self.current_checker_command)
400
# Start a new checker if needed
401
325
if self.checker is None:
402
326
try:
403
# In case checker_command has exactly one % operator
404
command = self.checker_command % self.host
327
# In case check_command has exactly one % operator
328
command = self.check_command % self.fqdn
405
329
except TypeError:
406
330
# Escape attributes for the shell
407
escaped_attrs = dict((key,
408
re.escape(unicode(str(val),
409
errors=
410
u'replace')))
331
escaped_attrs = dict((key, re.escape(str(val)))
411
332
for key, val in
412
333
vars(self).iteritems())
413
334
try:
414
command = self.checker_command % escaped_attrs
335
command = self.check_command % escaped_attrs
415
336
except TypeError, error:
416
337
logger.error(u'Could not format string "%s":'
417
u' %s', self.checker_command, error)
338
u' %s', self.check_command, error)
418
339
return True # Try again later
419
self.current_checker_command = command
420
340
try:
421
logger.info(u"Starting checker %r for %s",
422
command, self.name)
423
# We don't need to redirect stdout and stderr, since
424
# in normal mode, that is already done by daemon(),
425
# and in debug mode we don't want to. (Stdin is
426
# always replaced by /dev/null.)
341
logger.debug(u"Starting checker %r for %s",
342
command, self.name)
427
343
self.checker = subprocess.Popen(command,
428
344
close_fds=True,
429
shell=True, cwd=u"/")
430
self.checker_callback_tag = (gobject.child_watch_add
431
(self.checker.pid,
432
self.checker_callback,
433
data=command))
434
# The checker may have completed before the gobject
435
# watch was added. Check for this.
436
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
437
if pid:
438
gobject.source_remove(self.checker_callback_tag)
439
self.checker_callback(pid, status, command)
440
except OSError, error:
345
shell=True, cwd="/")
346
self.checker_callback_tag = gobject.child_watch_add\
347
(self.checker.pid,
348
self.checker_callback)
349
except subprocess.OSError, error:
441
350
logger.error(u"Failed to start subprocess: %s",
442
351
error)
443
352
# Re-run this periodically if run by gobject.timeout_add
444
353
return True
445
446
354
def stop_checker(self):
447
355
"""Force the checker process, if any, to stop."""
448
356
if self.checker_callback_tag:
449
357
gobject.source_remove(self.checker_callback_tag)
450
358
self.checker_callback_tag = None
451
if getattr(self, u"checker", None) is None:
359
if getattr(self, "checker", None) is None:
452
360
return
453
logger.debug(u"Stopping checker for %(name)s", vars(self))
361
logger.debug("Stopping checker for %(name)s", vars(self))
454
362
try:
455
363
os.kill(self.checker.pid, signal.SIGTERM)
456
364
#os.sleep(0.5)
460
368
if error.errno != errno.ESRCH: # No such process
461
369
raise
462
370
self.checker = None
463
464
371
def still_valid(self):
465
372
"""Has the timeout not yet passed for this client?"""
466
if not getattr(self, u"enabled", False):
467
return False
468
now = datetime.datetime.utcnow()
373
now = datetime.datetime.now()
469
374
if self.last_checked_ok is None:
470
375
return now < (self.created + self.timeout)
471
376
else:
472
377
return now < (self.last_checked_ok + self.timeout)
473
378
474
379
475
class ClientDBus(Client, dbus.service.Object):
476
"""A Client class using D-Bus
477
478
Attributes:
479
dbus_object_path: dbus.ObjectPath ; only set if self.use_dbus
480
"""
481
# dbus.service.Object doesn't use super(), so we can't either.
482
483
def __init__(self, *args, **kwargs):
484
Client.__init__(self, *args, **kwargs)
485
# Only now, when this client is initialized, can it show up on
486
# the D-Bus
487
self.dbus_object_path = (dbus.ObjectPath
488
(u"/clients/"
489
+ self.name.replace(u".", u"_")))
490
dbus.service.Object.__init__(self, bus,
491
self.dbus_object_path)
492
493
@staticmethod
494
def _datetime_to_dbus(dt, variant_level=0):
495
"""Convert a UTC datetime.datetime() to a D-Bus type."""
496
return dbus.String(dt.isoformat(),
497
variant_level=variant_level)
498
499
def enable(self):
500
oldstate = getattr(self, u"enabled", False)
501
r = Client.enable(self)
502
if oldstate != self.enabled:
503
# Emit D-Bus signals
504
self.PropertyChanged(dbus.String(u"enabled"),
505
dbus.Boolean(True, variant_level=1))
506
self.PropertyChanged(
507
dbus.String(u"last_enabled"),
508
self._datetime_to_dbus(self.last_enabled,
509
variant_level=1))
510
return r
511
512
def disable(self, signal = True):
513
oldstate = getattr(self, u"enabled", False)
514
r = Client.disable(self)
515
if signal and oldstate != self.enabled:
516
# Emit D-Bus signal
517
self.PropertyChanged(dbus.String(u"enabled"),
518
dbus.Boolean(False, variant_level=1))
519
return r
520
521
def __del__(self, *args, **kwargs):
522
try:
523
self.remove_from_connection()
524
except LookupError:
525
pass
526
if hasattr(dbus.service.Object, u"__del__"):
527
dbus.service.Object.__del__(self, *args, **kwargs)
528
Client.__del__(self, *args, **kwargs)
529
530
def checker_callback(self, pid, condition, command,
531
*args, **kwargs):
532
self.checker_callback_tag = None
533
self.checker = None
534
# Emit D-Bus signal
535
self.PropertyChanged(dbus.String(u"checker_running"),
536
dbus.Boolean(False, variant_level=1))
537
if os.WIFEXITED(condition):
538
exitstatus = os.WEXITSTATUS(condition)
539
# Emit D-Bus signal
540
self.CheckerCompleted(dbus.Int16(exitstatus),
541
dbus.Int64(condition),
542
dbus.String(command))
543
else:
544
# Emit D-Bus signal
545
self.CheckerCompleted(dbus.Int16(-1),
546
dbus.Int64(condition),
547
dbus.String(command))
548
549
return Client.checker_callback(self, pid, condition, command,
550
*args, **kwargs)
551
552
def checked_ok(self, *args, **kwargs):
553
r = Client.checked_ok(self, *args, **kwargs)
554
# Emit D-Bus signal
555
self.PropertyChanged(
556
dbus.String(u"last_checked_ok"),
557
(self._datetime_to_dbus(self.last_checked_ok,
558
variant_level=1)))
559
return r
560
561
def start_checker(self, *args, **kwargs):
562
old_checker = self.checker
563
if self.checker is not None:
564
old_checker_pid = self.checker.pid
565
else:
566
old_checker_pid = None
567
r = Client.start_checker(self, *args, **kwargs)
568
# Only if new checker process was started
569
if (self.checker is not None
570
and old_checker_pid != self.checker.pid):
571
# Emit D-Bus signal
572
self.CheckerStarted(self.current_checker_command)
573
self.PropertyChanged(
574
dbus.String(u"checker_running"),
575
dbus.Boolean(True, variant_level=1))
576
return r
577
578
def stop_checker(self, *args, **kwargs):
579
old_checker = getattr(self, u"checker", None)
580
r = Client.stop_checker(self, *args, **kwargs)
581
if (old_checker is not None
582
and getattr(self, u"checker", None) is None):
583
self.PropertyChanged(dbus.String(u"checker_running"),
584
dbus.Boolean(False, variant_level=1))
585
return r
586
587
## D-Bus methods & signals
588
_interface = u"se.bsnet.fukt.Mandos.Client"
589
590
# CheckedOK - method
591
@dbus.service.method(_interface)
592
def CheckedOK(self):
593
return self.checked_ok()
594
595
# CheckerCompleted - signal
596
@dbus.service.signal(_interface, signature=u"nxs")
597
def CheckerCompleted(self, exitcode, waitstatus, command):
598
"D-Bus signal"
599
pass
600
601
# CheckerStarted - signal
602
@dbus.service.signal(_interface, signature=u"s")
603
def CheckerStarted(self, command):
604
"D-Bus signal"
605
pass
606
607
# GetAllProperties - method
608
@dbus.service.method(_interface, out_signature=u"a{sv}")
609
def GetAllProperties(self):
610
"D-Bus method"
611
return dbus.Dictionary({
612
dbus.String(u"name"):
613
dbus.String(self.name, variant_level=1),
614
dbus.String(u"fingerprint"):
615
dbus.String(self.fingerprint, variant_level=1),
616
dbus.String(u"host"):
617
dbus.String(self.host, variant_level=1),
618
dbus.String(u"created"):
619
self._datetime_to_dbus(self.created,
620
variant_level=1),
621
dbus.String(u"last_enabled"):
622
(self._datetime_to_dbus(self.last_enabled,
623
variant_level=1)
624
if self.last_enabled is not None
625
else dbus.Boolean(False, variant_level=1)),
626
dbus.String(u"enabled"):
627
dbus.Boolean(self.enabled, variant_level=1),
628
dbus.String(u"last_checked_ok"):
629
(self._datetime_to_dbus(self.last_checked_ok,
630
variant_level=1)
631
if self.last_checked_ok is not None
632
else dbus.Boolean (False, variant_level=1)),
633
dbus.String(u"timeout"):
634
dbus.UInt64(self.timeout_milliseconds(),
635
variant_level=1),
636
dbus.String(u"interval"):
637
dbus.UInt64(self.interval_milliseconds(),
638
variant_level=1),
639
dbus.String(u"checker"):
640
dbus.String(self.checker_command,
641
variant_level=1),
642
dbus.String(u"checker_running"):
643
dbus.Boolean(self.checker is not None,
644
variant_level=1),
645
dbus.String(u"object_path"):
646
dbus.ObjectPath(self.dbus_object_path,
647
variant_level=1)
648
}, signature=u"sv")
649
650
# IsStillValid - method
651
@dbus.service.method(_interface, out_signature=u"b")
652
def IsStillValid(self):
653
return self.still_valid()
654
655
# PropertyChanged - signal
656
@dbus.service.signal(_interface, signature=u"sv")
657
def PropertyChanged(self, property, value):
658
"D-Bus signal"
659
pass
660
661
# ReceivedSecret - signal
662
@dbus.service.signal(_interface)
663
def ReceivedSecret(self):
664
"D-Bus signal"
665
pass
666
667
# Rejected - signal
668
@dbus.service.signal(_interface)
669
def Rejected(self):
670
"D-Bus signal"
671
pass
672
673
# SetChecker - method
674
@dbus.service.method(_interface, in_signature=u"s")
675
def SetChecker(self, checker):
676
"D-Bus setter method"
677
self.checker_command = checker
678
# Emit D-Bus signal
679
self.PropertyChanged(dbus.String(u"checker"),
680
dbus.String(self.checker_command,
681
variant_level=1))
682
683
# SetHost - method
684
@dbus.service.method(_interface, in_signature=u"s")
685
def SetHost(self, host):
686
"D-Bus setter method"
687
self.host = host
688
# Emit D-Bus signal
689
self.PropertyChanged(dbus.String(u"host"),
690
dbus.String(self.host, variant_level=1))
691
692
# SetInterval - method
693
@dbus.service.method(_interface, in_signature=u"t")
694
def SetInterval(self, milliseconds):
695
self.interval = datetime.timedelta(0, 0, 0, milliseconds)
696
# Emit D-Bus signal
697
self.PropertyChanged(dbus.String(u"interval"),
698
(dbus.UInt64(self.interval_milliseconds(),
699
variant_level=1)))
700
701
# SetSecret - method
702
@dbus.service.method(_interface, in_signature=u"ay",
703
byte_arrays=True)
704
def SetSecret(self, secret):
705
"D-Bus setter method"
706
self.secret = str(secret)
707
708
# SetTimeout - method
709
@dbus.service.method(_interface, in_signature=u"t")
710
def SetTimeout(self, milliseconds):
711
self.timeout = datetime.timedelta(0, 0, 0, milliseconds)
712
# Emit D-Bus signal
713
self.PropertyChanged(dbus.String(u"timeout"),
714
(dbus.UInt64(self.timeout_milliseconds(),
715
variant_level=1)))
716
717
# Enable - method
718
@dbus.service.method(_interface)
719
def Enable(self):
720
"D-Bus method"
721
self.enable()
722
723
# StartChecker - method
724
@dbus.service.method(_interface)
725
def StartChecker(self):
726
"D-Bus method"
727
self.start_checker()
728
729
# Disable - method
730
@dbus.service.method(_interface)
731
def Disable(self):
732
"D-Bus method"
733
self.disable()
734
735
# StopChecker - method
736
@dbus.service.method(_interface)
737
def StopChecker(self):
738
self.stop_checker()
739
740
del _interface
741
742
743
class ClientHandler(socketserver.BaseRequestHandler, object):
744
"""A class to handle client connections.
745
746
Instantiated once for each connection to handle it.
380
def peer_certificate(session):
381
"Return the peer's OpenPGP certificate as a bytestring"
382
# If not an OpenPGP certificate...
383
if gnutls.library.functions.gnutls_certificate_type_get\
384
(session._c_object) \
385
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP:
386
# ...do the normal thing
387
return session.peer_certificate
388
list_size = ctypes.c_uint()
389
cert_list = gnutls.library.functions.gnutls_certificate_get_peers\
390
(session._c_object, ctypes.byref(list_size))
391
if list_size.value == 0:
392
return None
393
cert = cert_list[0]
394
return ctypes.string_at(cert.data, cert.size)
395
396
397
def fingerprint(openpgp):
398
"Convert an OpenPGP bytestring to a hexdigit fingerprint string"
399
# New empty GnuTLS certificate
400
crt = gnutls.library.types.gnutls_openpgp_crt_t()
401
gnutls.library.functions.gnutls_openpgp_crt_init\
402
(ctypes.byref(crt))
403
# New GnuTLS "datum" with the OpenPGP public key
404
datum = gnutls.library.types.gnutls_datum_t\
405
(ctypes.cast(ctypes.c_char_p(openpgp),
406
ctypes.POINTER(ctypes.c_ubyte)),
407
ctypes.c_uint(len(openpgp)))
408
# Import the OpenPGP public key into the certificate
409
ret = gnutls.library.functions.gnutls_openpgp_crt_import\
410
(crt,
411
ctypes.byref(datum),
412
gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)
413
# New buffer for the fingerprint
414
buffer = ctypes.create_string_buffer(20)
415
buffer_length = ctypes.c_size_t()
416
# Get the fingerprint from the certificate into the buffer
417
gnutls.library.functions.gnutls_openpgp_crt_get_fingerprint\
418
(crt, ctypes.byref(buffer), ctypes.byref(buffer_length))
419
# Deinit the certificate
420
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
421
# Convert the buffer to a Python bytestring
422
fpr = ctypes.string_at(buffer, buffer_length.value)
423
# Convert the bytestring to hexadecimal notation
424
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
425
return hex_fpr
426
427
428
class tcp_handler(SocketServer.BaseRequestHandler, object):
429
"""A TCP request handler class.
430
Instantiated by IPv6_TCPServer for each request to handle it.
747
431
Note: This will run in its own forked process."""
748
432
749
433
def handle(self):
750
logger.info(u"TCP connection from: %s",
751
unicode(self.client_address))
752
logger.debug(u"IPC Pipe FD: %d", self.server.pipe[1])
753
# Open IPC pipe to parent process
754
with closing(os.fdopen(self.server.pipe[1], u"w", 1)) as ipc:
755
session = (gnutls.connection
756
.ClientSession(self.request,
757
gnutls.connection
758
.X509Credentials()))
759
760
line = self.request.makefile().readline()
761
logger.debug(u"Protocol version: %r", line)
762
try:
763
if int(line.strip().split()[0]) > 1:
764
raise RuntimeError
765
except (ValueError, IndexError, RuntimeError), error:
766
logger.error(u"Unknown protocol version: %s", error)
767
return
768
769
# Note: gnutls.connection.X509Credentials is really a
770
# generic GnuTLS certificate credentials object so long as
771
# no X.509 keys are added to it. Therefore, we can use it
772
# here despite using OpenPGP certificates.
773
774
#priority = u':'.join((u"NONE", u"+VERS-TLS1.1",
775
# u"+AES-256-CBC", u"+SHA1",
776
# u"+COMP-NULL", u"+CTYPE-OPENPGP",
777
# u"+DHE-DSS"))
778
# Use a fallback default, since this MUST be set.
779
priority = self.server.gnutls_priority
780
if priority is None:
781
priority = u"NORMAL"
782
(gnutls.library.functions
783
.gnutls_priority_set_direct(session._c_object,
784
priority, None))
785
786
try:
787
session.handshake()
788
except gnutls.errors.GNUTLSError, error:
789
logger.warning(u"Handshake failed: %s", error)
790
# Do not run session.bye() here: the session is not
791
# established. Just abandon the request.
792
return
793
logger.debug(u"Handshake succeeded")
794
try:
795
fpr = self.fingerprint(self.peer_certificate(session))
796
except (TypeError, gnutls.errors.GNUTLSError), error:
797
logger.warning(u"Bad certificate: %s", error)
798
session.bye()
799
return
800
logger.debug(u"Fingerprint: %s", fpr)
801
802
for c in self.server.clients:
803
if c.fingerprint == fpr:
804
client = c
805
break
806
else:
807
ipc.write(u"NOTFOUND %s\n" % fpr)
808
session.bye()
809
return
810
# Have to check if client.still_valid(), since it is
811
# possible that the client timed out while establishing
812
# the GnuTLS session.
813
if not client.still_valid():
814
ipc.write(u"INVALID %s\n" % client.name)
815
session.bye()
816
return
817
ipc.write(u"SENDING %s\n" % client.name)
818
sent_size = 0
819
while sent_size < len(client.secret):
820
sent = session.send(client.secret[sent_size:])
821
logger.debug(u"Sent: %d, remaining: %d",
822
sent, len(client.secret)
823
- (sent_size + sent))
824
sent_size += sent
825
session.bye()
826
827
@staticmethod
828
def peer_certificate(session):
829
"Return the peer's OpenPGP certificate as a bytestring"
830
# If not an OpenPGP certificate...
831
if (gnutls.library.functions
832
.gnutls_certificate_type_get(session._c_object)
833
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
834
# ...do the normal thing
835
return session.peer_certificate
836
list_size = ctypes.c_uint(1)
837
cert_list = (gnutls.library.functions
838
.gnutls_certificate_get_peers
839
(session._c_object, ctypes.byref(list_size)))
840
if not bool(cert_list) and list_size.value != 0:
841
raise gnutls.errors.GNUTLSError(u"error getting peer"
842
u" certificate")
843
if list_size.value == 0:
844
return None
845
cert = cert_list[0]
846
return ctypes.string_at(cert.data, cert.size)
847
848
@staticmethod
849
def fingerprint(openpgp):
850
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
851
# New GnuTLS "datum" with the OpenPGP public key
852
datum = (gnutls.library.types
853
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
854
ctypes.POINTER
855
(ctypes.c_ubyte)),
856
ctypes.c_uint(len(openpgp))))
857
# New empty GnuTLS certificate
858
crt = gnutls.library.types.gnutls_openpgp_crt_t()
859
(gnutls.library.functions
860
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
861
# Import the OpenPGP public key into the certificate
862
(gnutls.library.functions
863
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
864
gnutls.library.constants
865
.GNUTLS_OPENPGP_FMT_RAW))
866
# Verify the self signature in the key
867
crtverify = ctypes.c_uint()
868
(gnutls.library.functions
869
.gnutls_openpgp_crt_verify_self(crt, 0,
870
ctypes.byref(crtverify)))
871
if crtverify.value != 0:
872
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
873
raise (gnutls.errors.CertificateSecurityError
874
(u"Verify failed"))
875
# New buffer for the fingerprint
876
buf = ctypes.create_string_buffer(20)
877
buf_len = ctypes.c_size_t()
878
# Get the fingerprint from the certificate into the buffer
879
(gnutls.library.functions
880
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
881
ctypes.byref(buf_len)))
882
# Deinit the certificate
883
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
884
# Convert the buffer to a Python bytestring
885
fpr = ctypes.string_at(buf, buf_len.value)
886
# Convert the bytestring to hexadecimal notation
887
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
888
return hex_fpr
889
890
891
class ForkingMixInWithPipe(socketserver.ForkingMixIn, object):
892
"""Like socketserver.ForkingMixIn, but also pass a pipe.
893
894
Assumes a gobject.MainLoop event loop.
895
"""
896
def process_request(self, request, client_address):
897
"""Overrides and wraps the original process_request().
898
899
This function creates a new pipe in self.pipe
900
"""
901
self.pipe = os.pipe()
902
super(ForkingMixInWithPipe,
903
self).process_request(request, client_address)
904
os.close(self.pipe[1]) # close write end
905
# Call "handle_ipc" for both data and EOF events
906
gobject.io_add_watch(self.pipe[0],
907
gobject.IO_IN | gobject.IO_HUP,
908
self.handle_ipc)
909
def handle_ipc(source, condition):
910
"""Dummy function; override as necessary"""
911
os.close(source)
912
return False
913
914
915
class IPv6_TCPServer(ForkingMixInWithPipe,
916
socketserver.TCPServer, object):
917
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
918
434
logger.debug(u"TCP connection from: %s",
435
unicode(self.client_address))
436
session = gnutls.connection.ClientSession\
437
(self.request, gnutls.connection.X509Credentials())
438
# Note: gnutls.connection.X509Credentials is really a generic
439
# GnuTLS certificate credentials object so long as no X.509
440
# keys are added to it. Therefore, we can use it here despite
441
# using OpenPGP certificates.
442
443
#priority = ':'.join(("NONE", "+VERS-TLS1.1", "+AES-256-CBC",
444
# "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",
445
# "+DHE-DSS"))
446
priority = "NORMAL" # Fallback default, since this
447
# MUST be set.
448
if self.server.settings["priority"]:
449
priority = self.server.settings["priority"]
450
gnutls.library.functions.gnutls_priority_set_direct\
451
(session._c_object, priority, None);
452
453
try:
454
session.handshake()
455
except gnutls.errors.GNUTLSError, error:
456
logger.debug(u"Handshake failed: %s", error)
457
# Do not run session.bye() here: the session is not
458
# established. Just abandon the request.
459
return
460
try:
461
fpr = fingerprint(peer_certificate(session))
462
except (TypeError, gnutls.errors.GNUTLSError), error:
463
logger.debug(u"Bad certificate: %s", error)
464
session.bye()
465
return
466
logger.debug(u"Fingerprint: %s", fpr)
467
client = None
468
for c in self.server.clients:
469
if c.fingerprint == fpr:
470
client = c
471
break
472
if not client:
473
logger.debug(u"Client not found for fingerprint: %s", fpr)
474
session.bye()
475
return
476
# Have to check if client.still_valid(), since it is possible
477
# that the client timed out while establishing the GnuTLS
478
# session.
479
if not client.still_valid():
480
logger.debug(u"Client %(name)s is invalid", vars(client))
481
session.bye()
482
return
483
sent_size = 0
484
while sent_size < len(client.secret):
485
sent = session.send(client.secret[sent_size:])
486
logger.debug(u"Sent: %d, remaining: %d",
487
sent, len(client.secret)
488
- (sent_size + sent))
489
sent_size += sent
490
session.bye()
491
492
493
class IPv6_TCPServer(SocketServer.ForkingTCPServer, object):
494
"""IPv6 TCP server. Accepts 'None' as address and/or port.
919
495
Attributes:
920
enabled: Boolean; whether this server is activated yet
921
interface: None or a network interface name (string)
922
use_ipv6: Boolean; to use IPv6 or not
923
----
924
clients: set of Client objects
925
gnutls_priority GnuTLS priority string
926
use_dbus: Boolean; to emit D-Bus signals or not
496
settings: Server settings
497
clients: Set() of Client objects
927
498
"""
928
def __init__(self, server_address, RequestHandlerClass,
929
interface=None, use_ipv6=True, clients=None,
930
gnutls_priority=None, use_dbus=True):
931
self.enabled = False
932
self.interface = interface
933
if use_ipv6:
934
self.address_family = socket.AF_INET6
935
self.clients = clients
936
self.use_dbus = use_dbus
937
self.gnutls_priority = gnutls_priority
938
socketserver.TCPServer.__init__(self, server_address,
939
RequestHandlerClass)
499
address_family = socket.AF_INET6
500
def __init__(self, *args, **kwargs):
501
if "settings" in kwargs:
502
self.settings = kwargs["settings"]
503
del kwargs["settings"]
504
if "clients" in kwargs:
505
self.clients = kwargs["clients"]
506
del kwargs["clients"]
507
return super(type(self), self).__init__(*args, **kwargs)
940
508
def server_bind(self):
941
509
"""This overrides the normal server_bind() function
942
510
to bind to an interface if one was specified, and also NOT to
943
511
bind to an address or port if they were not specified."""
944
if self.interface is not None:
512
if self.settings["interface"]:
513
# 25 is from /usr/include/asm-i486/socket.h
514
SO_BINDTODEVICE = getattr(socket, "SO_BINDTODEVICE", 25)
945
515
try:
946
516
self.socket.setsockopt(socket.SOL_SOCKET,
947
517
SO_BINDTODEVICE,
948
str(self.interface + u'\0'))
518
self.settings["interface"])
949
519
except socket.error, error:
950
520
if error[0] == errno.EPERM:
951
logger.error(u"No permission to"
952
u" bind to interface %s",
953
self.interface)
521
logger.warning(u"No permission to"
522
u" bind to interface %s",
523
self.settings["interface"])
954
524
else:
955
raise
525
raise error
956
526
# Only bind(2) the socket if we really need to.
957
527
if self.server_address[0] or self.server_address[1]:
958
528
if not self.server_address[0]:
959
if self.address_family == socket.AF_INET6:
960
any_address = u"::" # in6addr_any
961
else:
962
any_address = socket.INADDR_ANY
963
self.server_address = (any_address,
529
in6addr_any = "::"
530
self.server_address = (in6addr_any,
964
531
self.server_address[1])
965
elif not self.server_address[1]:
532
elif self.server_address[1] is None:
966
533
self.server_address = (self.server_address[0],
967
534
0)
968
# if self.interface:
969
# self.server_address = (self.server_address[0],
970
# 0, # port
971
# 0, # flowinfo
972
# if_nametoindex
973
# (self.interface))
974
return socketserver.TCPServer.server_bind(self)
975
def server_activate(self):
976
if self.enabled:
977
return socketserver.TCPServer.server_activate(self)
978
def enable(self):
979
self.enabled = True
980
def handle_ipc(self, source, condition, file_objects={}):
981
condition_names = {
982
gobject.IO_IN: u"IN", # There is data to read.
983
gobject.IO_OUT: u"OUT", # Data can be written (without
984
# blocking).
985
gobject.IO_PRI: u"PRI", # There is urgent data to read.
986
gobject.IO_ERR: u"ERR", # Error condition.
987
gobject.IO_HUP: u"HUP" # Hung up (the connection has been
988
# broken, usually for pipes and
989
# sockets).
990
}
991
conditions_string = ' | '.join(name
992
for cond, name in
993
condition_names.iteritems()
994
if cond & condition)
995
logger.debug(u"Handling IPC: FD = %d, condition = %s", source,
996
conditions_string)
997
998
# Turn the pipe file descriptor into a Python file object
999
if source not in file_objects:
1000
file_objects[source] = os.fdopen(source, u"r", 1)
1001
1002
# Read a line from the file object
1003
cmdline = file_objects[source].readline()
1004
if not cmdline: # Empty line means end of file
1005
# close the IPC pipe
1006
file_objects[source].close()
1007
del file_objects[source]
1008
1009
# Stop calling this function
1010
return False
1011
1012
logger.debug(u"IPC command: %r", cmdline)
1013
1014
# Parse and act on command
1015
cmd, args = cmdline.rstrip(u"\r\n").split(None, 1)
1016
1017
if cmd == u"NOTFOUND":
1018
logger.warning(u"Client not found for fingerprint: %s",
1019
args)
1020
if self.use_dbus:
1021
# Emit D-Bus signal
1022
mandos_dbus_service.ClientNotFound(args)
1023
elif cmd == u"INVALID":
1024
for client in self.clients:
1025
if client.name == args:
1026
logger.warning(u"Client %s is invalid", args)
1027
if self.use_dbus:
1028
# Emit D-Bus signal
1029
client.Rejected()
1030
break
1031
else:
1032
logger.error(u"Unknown client %s is invalid", args)
1033
elif cmd == u"SENDING":
1034
for client in self.clients:
1035
if client.name == args:
1036
logger.info(u"Sending secret to %s", client.name)
1037
client.checked_ok()
1038
if self.use_dbus:
1039
# Emit D-Bus signal
1040
client.ReceivedSecret()
1041
break
1042
else:
1043
logger.error(u"Sending secret to unknown client %s",
1044
args)
1045
else:
1046
logger.error(u"Unknown IPC command: %r", cmdline)
1047
1048
# Keep calling this function
1049
return True
535
return super(type(self), self).server_bind()
1050
536
1051
537
1052
538
def string_to_delta(interval):
1053
539
"""Parse a string and return a datetime.timedelta
1054
1055
>>> string_to_delta(u'7d')
540
541
>>> string_to_delta('7d')
1056
542
datetime.timedelta(7)
1057
>>> string_to_delta(u'60s')
543
>>> string_to_delta('60s')
1058
544
datetime.timedelta(0, 60)
1059
>>> string_to_delta(u'60m')
545
>>> string_to_delta('60m')
1060
546
datetime.timedelta(0, 3600)
1061
>>> string_to_delta(u'24h')
547
>>> string_to_delta('24h')
1062
548
datetime.timedelta(1)
1063
549
>>> string_to_delta(u'1w')
1064
550
datetime.timedelta(7)
1065
>>> string_to_delta(u'5m 30s')
1066
datetime.timedelta(0, 330)
1067
551
"""
1068
timevalue = datetime.timedelta(0)
1069
for s in interval.split():
1070
try:
1071
suffix = unicode(s[-1])
1072
value = int(s[:-1])
1073
if suffix == u"d":
1074
delta = datetime.timedelta(value)
1075
elif suffix == u"s":
1076
delta = datetime.timedelta(0, value)
1077
elif suffix == u"m":
1078
delta = datetime.timedelta(0, 0, 0, 0, value)
1079
elif suffix == u"h":
1080
delta = datetime.timedelta(0, 0, 0, 0, 0, value)
1081
elif suffix == u"w":
1082
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
1083
else:
1084
raise ValueError
1085
except (ValueError, IndexError):
552
try:
553
suffix=unicode(interval[-1])
554
value=int(interval[:-1])
555
if suffix == u"d":
556
delta = datetime.timedelta(value)
557
elif suffix == u"s":
558
delta = datetime.timedelta(0, value)
559
elif suffix == u"m":
560
delta = datetime.timedelta(0, 0, 0, 0, value)
561
elif suffix == u"h":
562
delta = datetime.timedelta(0, 0, 0, 0, 0, value)
563
elif suffix == u"w":
564
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
565
else:
1086
566
raise ValueError
1087
timevalue += delta
1088
return timevalue
1089
1090
1091
def if_nametoindex(interface):
1092
"""Call the C function if_nametoindex(), or equivalent
567
except (ValueError, IndexError):
568
raise ValueError
569
return delta
570
571
572
def server_state_changed(state):
573
"""Derived from the Avahi example code"""
574
if state == avahi.SERVER_COLLISION:
575
logger.warning(u"Server name collision")
576
service.remove()
577
elif state == avahi.SERVER_RUNNING:
578
service.add()
579
580
581
def entry_group_state_changed(state, error):
582
"""Derived from the Avahi example code"""
583
logger.debug(u"state change: %i", state)
1093
584
1094
Note: This function cannot accept a unicode string."""
1095
global if_nametoindex
585
if state == avahi.ENTRY_GROUP_ESTABLISHED:
586
logger.debug(u"Service established.")
587
elif state == avahi.ENTRY_GROUP_COLLISION:
588
logger.warning(u"Service name collision.")
589
service.rename()
590
elif state == avahi.ENTRY_GROUP_FAILURE:
591
logger.critical(u"Error in group state changed %s",
592
unicode(error))
593
raise AvahiGroupError("State changed: %s", str(error))
594
595
def if_nametoindex(interface, _func=[None]):
596
"""Call the C function if_nametoindex(), or equivalent"""
597
if _func[0] is not None:
598
return _func[0](interface)
1096
599
try:
1097
if_nametoindex = (ctypes.cdll.LoadLibrary
1098
(ctypes.util.find_library(u"c"))
1099
.if_nametoindex)
600
if "ctypes.util" not in sys.modules:
601
import ctypes.util
602
while True:
603
try:
604
libc = ctypes.cdll.LoadLibrary\
605
(ctypes.util.find_library("c"))
606
_func[0] = libc.if_nametoindex
607
return _func[0](interface)
608
except IOError, e:
609
if e != errno.EINTR:
610
raise
1100
611
except (OSError, AttributeError):
1101
logger.warning(u"Doing if_nametoindex the hard way")
1102
def if_nametoindex(interface):
612
if "struct" not in sys.modules:
613
import struct
614
if "fcntl" not in sys.modules:
615
import fcntl
616
def the_hard_way(interface):
1103
617
"Get an interface index the hard way, i.e. using fcntl()"
1104
618
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
1105
with closing(socket.socket()) as s:
1106
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
1107
struct.pack(str(u"16s16x"),
1108
interface))
1109
interface_index = struct.unpack(str(u"I"),
1110
ifreq[16:20])[0]
619
s = socket.socket()
620
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
621
struct.pack("16s16x", interface))
622
s.close()
623
interface_index = struct.unpack("I", ifreq[16:20])[0]
1111
624
return interface_index
1112
return if_nametoindex(interface)
1113
1114
1115
def daemon(nochdir = False, noclose = False):
625
_func[0] = the_hard_way
626
return _func[0](interface)
627
628
629
def daemon(nochdir, noclose):
1116
630
"""See daemon(3). Standard BSD Unix function.
1117
1118
631
This should really exist as os.daemon, but it doesn't (yet)."""
1119
632
if os.fork():
1120
633
sys.exit()
1121
634
os.setsid()
1122
635
if not nochdir:
1123
os.chdir(u"/")
1124
if os.fork():
1125
sys.exit()
636
os.chdir("/")
1126
637
if not noclose:
1127
638
# Close all standard open file descriptors
1128
639
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1129
640
if not stat.S_ISCHR(os.fstat(null).st_mode):
1130
641
raise OSError(errno.ENODEV,
1131
u"/dev/null not a character device")
642
"/dev/null not a character device")
1132
643
os.dup2(null, sys.stdin.fileno())
1133
644
os.dup2(null, sys.stdout.fileno())
1134
645
os.dup2(null, sys.stderr.fileno())
1137
648
1138
649
1139
650
def main():
1140
1141
######################################################################
1142
# Parsing of options, both command line and config file
1143
1144
parser = optparse.OptionParser(version = "%%prog %s" % version)
1145
parser.add_option("-i", u"--interface", type=u"string",
1146
metavar="IF", help=u"Bind to interface IF")
1147
parser.add_option("-a", u"--address", type=u"string",
1148
help=u"Address to listen for requests on")
1149
parser.add_option("-p", u"--port", type=u"int",
1150
help=u"Port number to receive requests on")
1151
parser.add_option("--check", action=u"store_true",
1152
help=u"Run self-test")
1153
parser.add_option("--debug", action=u"store_true",
1154
help=u"Debug mode; run in foreground and log to"
1155
u" terminal")
1156
parser.add_option("--priority", type=u"string", help=u"GnuTLS"
1157
u" priority string (see GnuTLS documentation)")
1158
parser.add_option("--servicename", type=u"string",
1159
metavar=u"NAME", help=u"Zeroconf service name")
1160
parser.add_option("--configdir", type=u"string",
1161
default=u"/etc/mandos", metavar=u"DIR",
1162
help=u"Directory to search for configuration"
1163
u" files")
1164
parser.add_option("--no-dbus", action=u"store_false",
1165
dest=u"use_dbus", help=u"Do not provide D-Bus"
1166
u" system bus interface")
1167
parser.add_option("--no-ipv6", action=u"store_false",
1168
dest=u"use_ipv6", help=u"Do not use IPv6")
1169
options = parser.parse_args()[0]
651
global main_loop_started
652
main_loop_started = False
653
654
parser = OptionParser()
655
parser.add_option("-i", "--interface", type="string",
656
metavar="IF", help="Bind to interface IF")
657
parser.add_option("-a", "--address", type="string",
658
help="Address to listen for requests on")
659
parser.add_option("-p", "--port", type="int",
660
help="Port number to receive requests on")
661
parser.add_option("--check", action="store_true", default=False,
662
help="Run self-test")
663
parser.add_option("--debug", action="store_true", default=False,
664
help="Debug mode; run in foreground and log to"
665
" terminal")
666
parser.add_option("--priority", type="string", help="GnuTLS"
667
" priority string (see GnuTLS documentation)")
668
parser.add_option("--servicename", type="string", metavar="NAME",
669
help="Zeroconf service name")
670
parser.add_option("--configdir", type="string",
671
default="/etc/mandos", metavar="DIR",
672
help="Directory to search for configuration"
673
" files")
674
(options, args) = parser.parse_args()
1170
675
1171
676
if options.check:
1172
677
import doctest
1174
679
sys.exit()
1175
680
1176
681
# Default values for config file for server-global settings
1177
server_defaults = { u"interface": u"",
1178
u"address": u"",
1179
u"port": u"",
1180
u"debug": u"False",
1181
u"priority":
1182
u"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1183
u"servicename": u"Mandos",
1184
u"use_dbus": u"True",
1185
u"use_ipv6": u"True",
682
server_defaults = { "interface": "",
683
"address": "",
684
"port": "",
685
"debug": "False",
686
"priority":
687
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
688
"servicename": "Mandos",
1186
689
}
1187
690
1188
691
# Parse config file for server-global settings
1189
server_config = configparser.SafeConfigParser(server_defaults)
692
server_config = ConfigParser.SafeConfigParser(server_defaults)
1190
693
del server_defaults
1191
server_config.read(os.path.join(options.configdir,
1192
u"mandos.conf"))
694
server_config.read(os.path.join(options.configdir, "server.conf"))
695
server_section = "server"
1193
696
# Convert the SafeConfigParser object to a dict
1194
server_settings = server_config.defaults()
1195
# Use the appropriate methods on the non-string config options
1196
for option in (u"debug", u"use_dbus", u"use_ipv6"):
1197
server_settings[option] = server_config.getboolean(u"DEFAULT",
1198
option)
1199
if server_settings["port"]:
1200
server_settings["port"] = server_config.getint(u"DEFAULT",
1201
u"port")
697
server_settings = dict(server_config.items(server_section))
698
# Use getboolean on the boolean config option
699
server_settings["debug"] = server_config.getboolean\
700
(server_section, "debug")
1202
701
del server_config
1203
702
1204
703
# Override the settings from the config file with command line
1205
704
# options, if set.
1206
for option in (u"interface", u"address", u"port", u"debug",
1207
u"priority", u"servicename", u"configdir",
1208
u"use_dbus", u"use_ipv6"):
705
for option in ("interface", "address", "port", "debug",
706
"priority", "servicename", "configdir"):
1209
707
value = getattr(options, option)
1210
708
if value is not None:
1211
709
server_settings[option] = value
1212
710
del options
1213
# Force all strings to be unicode
1214
for option in server_settings.keys():
1215
if type(server_settings[option]) is str:
1216
server_settings[option] = unicode(server_settings[option])
1217
711
# Now we have our good server settings in "server_settings"
1218
712
1219
##################################################################
1220
1221
# For convenience
1222
debug = server_settings[u"debug"]
1223
use_dbus = server_settings[u"use_dbus"]
1224
use_ipv6 = server_settings[u"use_ipv6"]
1225
1226
if not debug:
1227
syslogger.setLevel(logging.WARNING)
1228
console.setLevel(logging.WARNING)
1229
1230
if server_settings[u"servicename"] != u"Mandos":
1231
syslogger.setFormatter(logging.Formatter
1232
(u'Mandos (%s) [%%(process)d]:'
1233
u' %%(levelname)s: %%(message)s'
1234
% server_settings[u"servicename"]))
1235
1236
713
# Parse config file with clients
1237
client_defaults = { u"timeout": u"1h",
1238
u"interval": u"5m",
1239
u"checker": u"fping -q -- %%(host)s",
1240
u"host": u"",
714
client_defaults = { "timeout": "1h",
715
"interval": "5m",
716
"checker": "fping -q -- %%(fqdn)s",
1241
717
}
1242
client_config = configparser.SafeConfigParser(client_defaults)
1243
client_config.read(os.path.join(server_settings[u"configdir"],
1244
u"clients.conf"))
1245
1246
global mandos_dbus_service
1247
mandos_dbus_service = None
1248
1249
clients = set()
1250
tcp_server = IPv6_TCPServer((server_settings[u"address"],
1251
server_settings[u"port"]),
1252
ClientHandler,
1253
interface=
1254
server_settings[u"interface"],
1255
use_ipv6=use_ipv6,
1256
clients=clients,
1257
gnutls_priority=
1258
server_settings[u"priority"],
1259
use_dbus=use_dbus)
1260
pidfilename = u"/var/run/mandos.pid"
1261
try:
1262
pidfile = open(pidfilename, u"w")
1263
except IOError:
1264
logger.error(u"Could not open file %r", pidfilename)
1265
1266
try:
1267
uid = pwd.getpwnam(u"_mandos").pw_uid
1268
gid = pwd.getpwnam(u"_mandos").pw_gid
1269
except KeyError:
1270
try:
1271
uid = pwd.getpwnam(u"mandos").pw_uid
1272
gid = pwd.getpwnam(u"mandos").pw_gid
1273
except KeyError:
1274
try:
1275
uid = pwd.getpwnam(u"nobody").pw_uid
1276
gid = pwd.getpwnam(u"nobody").pw_gid
1277
except KeyError:
1278
uid = 65534
1279
gid = 65534
1280
try:
1281
os.setgid(gid)
1282
os.setuid(uid)
1283
except OSError, error:
1284
if error[0] != errno.EPERM:
1285
raise error
1286
1287
# Enable all possible GnuTLS debugging
1288
if debug:
1289
# "Use a log level over 10 to enable all debugging options."
1290
# - GnuTLS manual
1291
gnutls.library.functions.gnutls_global_set_log_level(11)
1292
1293
@gnutls.library.types.gnutls_log_func
1294
def debug_gnutls(level, string):
1295
logger.debug(u"GnuTLS: %s", string[:-1])
1296
1297
(gnutls.library.functions
1298
.gnutls_global_set_log_function(debug_gnutls))
718
client_config = ConfigParser.SafeConfigParser(client_defaults)
719
client_config.read(os.path.join(server_settings["configdir"],
720
"clients.conf"))
1299
721
1300
722
global service
1301
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
1302
service = AvahiService(name = server_settings[u"servicename"],
1303
servicetype = u"_mandos._tcp",
1304
protocol = protocol)
723
service = AvahiService(name = server_settings["servicename"],
724
type = "_mandos._tcp", );
1305
725
if server_settings["interface"]:
1306
service.interface = (if_nametoindex
1307
(str(server_settings[u"interface"])))
726
service.interface = if_nametoindex(server_settings["interface"])
1308
727
1309
728
global main_loop
1310
729
global bus
730
global server
1311
731
# From the Avahi example code
1312
732
DBusGMainLoop(set_as_default=True )
1313
733
main_loop = gobject.MainLoop()
1314
734
bus = dbus.SystemBus()
735
server = dbus.Interface(
736
bus.get_object( avahi.DBUS_NAME, avahi.DBUS_PATH_SERVER ),
737
avahi.DBUS_INTERFACE_SERVER )
1315
738
# End of Avahi example code
1316
if use_dbus:
1317
bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos", bus)
1318
739
1319
client_class = Client
1320
if use_dbus:
1321
client_class = ClientDBus
1322
clients.update(set(
1323
client_class(name = section,
1324
config= dict(client_config.items(section)))
1325
for section in client_config.sections()))
1326
if not clients:
1327
logger.warning(u"No clients defined")
740
debug = server_settings["debug"]
1328
741
1329
742
if debug:
1330
# Redirect stdin so all checkers get /dev/null
1331
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1332
os.dup2(null, sys.stdin.fileno())
1333
if null > 2:
1334
os.close(null)
1335
else:
1336
# No console logging
1337
logger.removeHandler(console)
1338
# Close all input and output, do double fork, etc.
1339
daemon()
1340
1341
try:
1342
with closing(pidfile):
1343
pid = os.getpid()
1344
pidfile.write(str(pid) + "\n")
1345
del pidfile
1346
except IOError:
1347
logger.error(u"Could not write to file %r with PID %d",
1348
pidfilename, pid)
1349
except NameError:
1350
# "pidfile" was never created
1351
pass
1352
del pidfilename
743
console = logging.StreamHandler()
744
# console.setLevel(logging.DEBUG)
745
console.setFormatter(logging.Formatter\
746
('%(levelname)s: %(message)s'))
747
logger.addHandler(console)
748
del console
749
750
clients = Set()
751
def remove_from_clients(client):
752
clients.remove(client)
753
if not clients:
754
logger.debug(u"No clients left, exiting")
755
sys.exit()
756
757
clients.update(Set(Client(name=section,
758
stop_hook = remove_from_clients,
759
**(dict(client_config\
760
.items(section))))
761
for section in client_config.sections()))
762
763
if not debug:
764
daemon(False, False)
1353
765
1354
766
def cleanup():
1355
767
"Cleanup function; run on exit"
1356
service.cleanup()
768
global group
769
# From the Avahi example code
770
if not group is None:
771
group.Free()
772
group = None
773
# End of Avahi example code
1357
774
1358
775
while clients:
1359
776
client = clients.pop()
1360
client.disable_hook = None
1361
client.disable()
777
client.stop_hook = None
778
client.stop()
1362
779
1363
780
atexit.register(cleanup)
1364
781
1367
784
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
1368
785
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
1369
786
1370
if use_dbus:
1371
class MandosDBusService(dbus.service.Object):
1372
"""A D-Bus proxy object"""
1373
def __init__(self):
1374
dbus.service.Object.__init__(self, bus, u"/")
1375
_interface = u"se.bsnet.fukt.Mandos"
1376
1377
@dbus.service.signal(_interface, signature=u"oa{sv}")
1378
def ClientAdded(self, objpath, properties):
1379
"D-Bus signal"
1380
pass
1381
1382
@dbus.service.signal(_interface, signature=u"s")
1383
def ClientNotFound(self, fingerprint):
1384
"D-Bus signal"
1385
pass
1386
1387
@dbus.service.signal(_interface, signature=u"os")
1388
def ClientRemoved(self, objpath, name):
1389
"D-Bus signal"
1390
pass
1391
1392
@dbus.service.method(_interface, out_signature=u"ao")
1393
def GetAllClients(self):
1394
"D-Bus method"
1395
return dbus.Array(c.dbus_object_path for c in clients)
1396
1397
@dbus.service.method(_interface,
1398
out_signature=u"a{oa{sv}}")
1399
def GetAllClientsWithProperties(self):
1400
"D-Bus method"
1401
return dbus.Dictionary(
1402
((c.dbus_object_path, c.GetAllProperties())
1403
for c in clients),
1404
signature=u"oa{sv}")
1405
1406
@dbus.service.method(_interface, in_signature=u"o")
1407
def RemoveClient(self, object_path):
1408
"D-Bus method"
1409
for c in clients:
1410
if c.dbus_object_path == object_path:
1411
clients.remove(c)
1412
c.remove_from_connection()
1413
# Don't signal anything except ClientRemoved
1414
c.disable(signal=False)
1415
# Emit D-Bus signal
1416
self.ClientRemoved(object_path, c.name)
1417
return
1418
raise KeyError
1419
1420
del _interface
1421
1422
mandos_dbus_service = MandosDBusService()
1423
1424
787
for client in clients:
1425
if use_dbus:
1426
# Emit D-Bus signal
1427
mandos_dbus_service.ClientAdded(client.dbus_object_path,
1428
client.GetAllProperties())
1429
client.enable()
1430
1431
tcp_server.enable()
1432
tcp_server.server_activate()
1433
788
client.start()
789
790
tcp_server = IPv6_TCPServer((server_settings["address"],
791
server_settings["port"]),
792
tcp_handler,
793
settings=server_settings,
794
clients=clients)
1434
795
# Find out what port we got
1435
796
service.port = tcp_server.socket.getsockname()[1]
1436
if use_ipv6:
1437
logger.info(u"Now listening on address %r, port %d,"
1438
" flowinfo %d, scope_id %d"
1439
% tcp_server.socket.getsockname())
1440
else: # IPv4
1441
logger.info(u"Now listening on address %r, port %d"
1442
% tcp_server.socket.getsockname())
797
logger.debug(u"Now listening on address %r, port %d, flowinfo %d,"
798
u" scope_id %d" % tcp_server.socket.getsockname())
1443
799
1444
800
#service.interface = tcp_server.socket.getsockname()[3]
1445
801
1446
802
try:
1447
803
# From the Avahi example code
804
server.connect_to_signal("StateChanged", server_state_changed)
1448
805
try:
1449
service.activate()
806
server_state_changed(server.GetState())
1450
807
except dbus.exceptions.DBusException, error:
1451
808
logger.critical(u"DBusException: %s", error)
1452
809
sys.exit(1)
1454
811
1455
812
gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,
1456
813
lambda *args, **kwargs:
1457
(tcp_server.handle_request
1458
(*args[2:], **kwargs) or True))
814
tcp_server.handle_request\
815
(*args[2:], **kwargs) or True)
1459
816
1460
logger.debug(u"Starting main loop")
817
logger.debug("Starting main loop")
818
main_loop_started = True
1461
819
main_loop.run()
1462
820
except AvahiError, error:
1463
logger.critical(u"AvahiError: %s", error)
821
logger.critical(u"AvahiError: %s" + unicode(error))
1464
822
sys.exit(1)
1465
823
except KeyboardInterrupt:
1466
824
if debug:
1467
print >> sys.stderr
1468
logger.debug(u"Server received KeyboardInterrupt")
1469
logger.debug(u"Server exiting")
825
print
1470
826
1471
827
if __name__ == '__main__':
1472
828
main()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0