149
126
self.rename_count = 0
150
127
self.max_renames = max_renames
151
128
self.protocol = protocol
152
self.group = None # our entry group
155
self.entry_group_state_changed_match = None
156
129
def rename(self):
157
130
"""Derived from the Avahi example code"""
158
131
if self.rename_count >= self.max_renames:
159
logger.critical("No suitable Zeroconf service name found"
160
" after %i retries, exiting.",
132
logger.critical(u"No suitable Zeroconf service name found"
133
u" after %i retries, exiting.",
161
134
self.rename_count)
162
raise AvahiServiceError("Too many renames")
163
self.name = unicode(self.server
164
.GetAlternativeServiceName(self.name))
165
logger.info("Changing Zeroconf service name to %r ...",
135
raise AvahiServiceError(u"Too many renames")
136
self.name = server.GetAlternativeServiceName(self.name)
137
logger.info(u"Changing Zeroconf service name to %r ...",
167
139
syslogger.setFormatter(logging.Formatter
168
140
('Mandos (%s) [%%(process)d]:'
169
141
' %%(levelname)s: %%(message)s'
174
except dbus.exceptions.DBusException as error:
175
logger.critical("DBusException: %s", error)
178
145
self.rename_count += 1
179
146
def remove(self):
180
147
"""Derived from the Avahi example code"""
181
if self.entry_group_state_changed_match is not None:
182
self.entry_group_state_changed_match.remove()
183
self.entry_group_state_changed_match = None
184
if self.group is not None:
148
if group is not None:
187
151
"""Derived from the Avahi example code"""
189
if self.group is None:
190
self.group = dbus.Interface(
191
self.bus.get_object(avahi.DBUS_NAME,
192
self.server.EntryGroupNew()),
193
avahi.DBUS_INTERFACE_ENTRY_GROUP)
194
self.entry_group_state_changed_match = (
195
self.group.connect_to_signal(
196
'StateChanged', self .entry_group_state_changed))
197
logger.debug("Adding Zeroconf service '%s' of type '%s' ...",
198
self.name, self.type)
199
self.group.AddService(
202
dbus.UInt32(0), # flags
203
self.name, self.type,
204
self.domain, self.host,
205
dbus.UInt16(self.port),
206
avahi.string_array_to_txt_array(self.TXT))
208
def entry_group_state_changed(self, state, error):
209
"""Derived from the Avahi example code"""
210
logger.debug("Avahi entry group state change: %i", state)
212
if state == avahi.ENTRY_GROUP_ESTABLISHED:
213
logger.debug("Zeroconf service established.")
214
elif state == avahi.ENTRY_GROUP_COLLISION:
215
logger.info("Zeroconf service name collision.")
217
elif state == avahi.ENTRY_GROUP_FAILURE:
218
logger.critical("Avahi: Error in group state changed %s",
220
raise AvahiGroupError("State changed: %s"
223
"""Derived from the Avahi example code"""
224
if self.group is not None:
227
except (dbus.exceptions.UnknownMethodException,
228
dbus.exceptions.DBusException) as e:
232
def server_state_changed(self, state, error=None):
233
"""Derived from the Avahi example code"""
234
logger.debug("Avahi server state change: %i", state)
235
bad_states = { avahi.SERVER_INVALID:
236
"Zeroconf server invalid",
237
avahi.SERVER_REGISTERING: None,
238
avahi.SERVER_COLLISION:
239
"Zeroconf server name collision",
240
avahi.SERVER_FAILURE:
241
"Zeroconf server failure" }
242
if state in bad_states:
243
if bad_states[state] is not None:
245
logger.error(bad_states[state])
247
logger.error(bad_states[state] + ": %r", error)
249
elif state == avahi.SERVER_RUNNING:
253
logger.debug("Unknown state: %r", state)
255
logger.debug("Unknown state: %r: %r", state, error)
257
"""Derived from the Avahi example code"""
258
if self.server is None:
259
self.server = dbus.Interface(
260
self.bus.get_object(avahi.DBUS_NAME,
261
avahi.DBUS_PATH_SERVER,
262
follow_name_owner_changes=True),
263
avahi.DBUS_INTERFACE_SERVER)
264
self.server.connect_to_signal("StateChanged",
265
self.server_state_changed)
266
self.server_state_changed(self.server.GetState())
269
def _timedelta_to_milliseconds(td):
270
"Convert a datetime.timedelta() to milliseconds"
271
return ((td.days * 24 * 60 * 60 * 1000)
272
+ (td.seconds * 1000)
273
+ (td.microseconds // 1000))
154
group = dbus.Interface(bus.get_object
156
server.EntryGroupNew()),
157
avahi.DBUS_INTERFACE_ENTRY_GROUP)
158
group.connect_to_signal('StateChanged',
159
entry_group_state_changed)
160
logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",
161
service.name, service.type)
163
self.interface, # interface
164
self.protocol, # protocol
165
dbus.UInt32(0), # flags
166
self.name, self.type,
167
self.domain, self.host,
168
dbus.UInt16(self.port),
169
avahi.string_array_to_txt_array(self.TXT))
172
# From the Avahi example code:
173
group = None # our entry group
174
# End of Avahi example code
177
def _datetime_to_dbus(dt, variant_level=0):
178
"""Convert a UTC datetime.datetime() to a D-Bus type."""
179
return dbus.String(dt.isoformat(), variant_level=variant_level)
275
182
class Client(object):
276
183
"""A representation of a client host served by this server.
279
_approved: bool(); 'None' if not yet approved/disapproved
280
approval_delay: datetime.timedelta(); Time to wait for approval
281
approval_duration: datetime.timedelta(); Duration of one approval
185
name: string; from the config file, used in log messages and
187
fingerprint: string (40 or 32 hexadecimal digits); used to
188
uniquely identify the client
189
secret: bytestring; sent verbatim (over TLS) to client
190
host: string; available for use by the checker command
191
created: datetime.datetime(); (UTC) object creation
192
last_enabled: datetime.datetime(); (UTC)
194
last_checked_ok: datetime.datetime(); (UTC) or None
195
timeout: datetime.timedelta(); How long from last_checked_ok
196
until this client is invalid
197
interval: datetime.timedelta(); How often to start a new checker
198
disable_hook: If set, called by disable() as disable_hook(self)
282
199
checker: subprocess.Popen(); a running checker process used
283
200
to see if the client lives.
284
201
'None' if no process is running.
285
checker_callback_tag: a gobject event source tag, or None
286
checker_command: string; External command which is run to check
287
if client lives. %() expansions are done at
202
checker_initiator_tag: a gobject event source tag, or None
203
disable_initiator_tag: - '' -
204
checker_callback_tag: - '' -
205
checker_command: string; External command which is run to check if
206
client lives. %() expansions are done at
288
207
runtime with vars(self) as dict, so that for
289
208
instance %(name)s can be used in the command.
290
checker_initiator_tag: a gobject event source tag, or None
291
created: datetime.datetime(); (UTC) object creation
292
209
current_checker_command: string; current running checker_command
293
disable_hook: If set, called by disable() as disable_hook(self)
294
disable_initiator_tag: a gobject event source tag, or None
296
fingerprint: string (40 or 32 hexadecimal digits); used to
297
uniquely identify the client
298
host: string; available for use by the checker command
299
interval: datetime.timedelta(); How often to start a new checker
300
last_approval_request: datetime.datetime(); (UTC) or None
301
last_checked_ok: datetime.datetime(); (UTC) or None
302
last_enabled: datetime.datetime(); (UTC)
303
name: string; from the config file, used in log messages and
305
secret: bytestring; sent verbatim (over TLS) to client
306
timeout: datetime.timedelta(); How long from last_checked_ok
307
until this client is disabled
308
extended_timeout: extra long timeout when password has been sent
309
runtime_expansions: Allowed attributes for runtime expansion.
310
expires: datetime.datetime(); time (UTC) when a client will be
314
runtime_expansions = ("approval_delay", "approval_duration",
315
"created", "enabled", "fingerprint",
316
"host", "interval", "last_checked_ok",
317
"last_enabled", "name", "timeout")
319
211
def timeout_milliseconds(self):
320
212
"Return the 'timeout' attribute in milliseconds"
321
return _timedelta_to_milliseconds(self.timeout)
323
def extended_timeout_milliseconds(self):
324
"Return the 'extended_timeout' attribute in milliseconds"
325
return _timedelta_to_milliseconds(self.extended_timeout)
213
return ((self.timeout.days * 24 * 60 * 60 * 1000)
214
+ (self.timeout.seconds * 1000)
215
+ (self.timeout.microseconds // 1000))
327
217
def interval_milliseconds(self):
328
218
"Return the 'interval' attribute in milliseconds"
329
return _timedelta_to_milliseconds(self.interval)
331
def approval_delay_milliseconds(self):
332
return _timedelta_to_milliseconds(self.approval_delay)
219
return ((self.interval.days * 24 * 60 * 60 * 1000)
220
+ (self.interval.seconds * 1000)
221
+ (self.interval.microseconds // 1000))
334
223
def __init__(self, name = None, disable_hook=None, config=None):
335
224
"""Note: the 'checker' key in 'config' sets the
555
397
self.checker_callback_tag = None
556
398
if getattr(self, "checker", None) is None:
558
logger.debug("Stopping checker for %(name)s", vars(self))
400
logger.debug(u"Stopping checker for %(name)s", vars(self))
560
402
os.kill(self.checker.pid, signal.SIGTERM)
562
404
#if self.checker.poll() is None:
563
405
# os.kill(self.checker.pid, signal.SIGKILL)
564
except OSError as error:
406
except OSError, error:
565
407
if error.errno != errno.ESRCH: # No such process
567
409
self.checker = None
570
def dbus_service_property(dbus_interface, signature="v",
571
access="readwrite", byte_arrays=False):
572
"""Decorators for marking methods of a DBusObjectWithProperties to
573
become properties on the D-Bus.
575
The decorated method will be called with no arguments by "Get"
576
and with one argument by "Set".
578
The parameters, where they are supported, are the same as
579
dbus.service.method, except there is only "signature", since the
580
type from Get() and the type sent to Set() is the same.
582
# Encoding deeply encoded byte arrays is not supported yet by the
583
# "Set" method, so we fail early here:
584
if byte_arrays and signature != "ay":
585
raise ValueError("Byte arrays not supported for non-'ay'"
586
" signature %r" % signature)
588
func._dbus_is_property = True
589
func._dbus_interface = dbus_interface
590
func._dbus_signature = signature
591
func._dbus_access = access
592
func._dbus_name = func.__name__
593
if func._dbus_name.endswith("_dbus_property"):
594
func._dbus_name = func._dbus_name[:-14]
595
func._dbus_get_args_options = {'byte_arrays': byte_arrays }
600
class DBusPropertyException(dbus.exceptions.DBusException):
601
"""A base class for D-Bus property-related exceptions
603
def __unicode__(self):
604
return unicode(str(self))
607
class DBusPropertyAccessException(DBusPropertyException):
608
"""A property's access permissions disallows an operation.
613
class DBusPropertyNotFound(DBusPropertyException):
614
"""An attempt was made to access a non-existing property.
619
class DBusObjectWithProperties(dbus.service.Object):
620
"""A D-Bus object with properties.
622
Classes inheriting from this can use the dbus_service_property
623
decorator to expose methods as D-Bus properties. It exposes the
624
standard Get(), Set(), and GetAll() methods on the D-Bus.
628
def _is_dbus_property(obj):
629
return getattr(obj, "_dbus_is_property", False)
631
def _get_all_dbus_properties(self):
632
"""Returns a generator of (name, attribute) pairs
634
return ((prop.__get__(self)._dbus_name, prop.__get__(self))
635
for cls in self.__class__.__mro__
637
inspect.getmembers(cls, self._is_dbus_property))
639
def _get_dbus_property(self, interface_name, property_name):
640
"""Returns a bound method if one exists which is a D-Bus
641
property with the specified name and interface.
643
for cls in self.__class__.__mro__:
644
for name, value in (inspect.getmembers
645
(cls, self._is_dbus_property)):
646
if (value._dbus_name == property_name
647
and value._dbus_interface == interface_name):
648
return value.__get__(self)
651
raise DBusPropertyNotFound(self.dbus_object_path + ":"
652
+ interface_name + "."
655
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
657
def Get(self, interface_name, property_name):
658
"""Standard D-Bus property Get() method, see D-Bus standard.
660
prop = self._get_dbus_property(interface_name, property_name)
661
if prop._dbus_access == "write":
662
raise DBusPropertyAccessException(property_name)
664
if not hasattr(value, "variant_level"):
666
return type(value)(value, variant_level=value.variant_level+1)
668
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ssv")
669
def Set(self, interface_name, property_name, value):
670
"""Standard D-Bus property Set() method, see D-Bus standard.
672
prop = self._get_dbus_property(interface_name, property_name)
673
if prop._dbus_access == "read":
674
raise DBusPropertyAccessException(property_name)
675
if prop._dbus_get_args_options["byte_arrays"]:
676
# The byte_arrays option is not supported yet on
677
# signatures other than "ay".
678
if prop._dbus_signature != "ay":
680
value = dbus.ByteArray(''.join(unichr(byte)
684
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
685
out_signature="a{sv}")
686
def GetAll(self, interface_name):
687
"""Standard D-Bus property GetAll() method, see D-Bus
690
Note: Will not include properties with access="write".
693
for name, prop in self._get_all_dbus_properties():
695
and interface_name != prop._dbus_interface):
696
# Interface non-empty but did not match
698
# Ignore write-only properties
699
if prop._dbus_access == "write":
702
if not hasattr(value, "variant_level"):
705
all[name] = type(value)(value, variant_level=
706
value.variant_level+1)
707
return dbus.Dictionary(all, signature="sv")
709
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
711
path_keyword='object_path',
712
connection_keyword='connection')
713
def Introspect(self, object_path, connection):
714
"""Standard D-Bus method, overloaded to insert property tags.
716
xmlstring = dbus.service.Object.Introspect(self, object_path,
719
document = xml.dom.minidom.parseString(xmlstring)
720
def make_tag(document, name, prop):
721
e = document.createElement("property")
722
e.setAttribute("name", name)
723
e.setAttribute("type", prop._dbus_signature)
724
e.setAttribute("access", prop._dbus_access)
726
for if_tag in document.getElementsByTagName("interface"):
727
for tag in (make_tag(document, name, prop)
729
in self._get_all_dbus_properties()
730
if prop._dbus_interface
731
== if_tag.getAttribute("name")):
732
if_tag.appendChild(tag)
733
# Add the names to the return values for the
734
# "org.freedesktop.DBus.Properties" methods
735
if (if_tag.getAttribute("name")
736
== "org.freedesktop.DBus.Properties"):
737
for cn in if_tag.getElementsByTagName("method"):
738
if cn.getAttribute("name") == "Get":
739
for arg in cn.getElementsByTagName("arg"):
740
if (arg.getAttribute("direction")
742
arg.setAttribute("name", "value")
743
elif cn.getAttribute("name") == "GetAll":
744
for arg in cn.getElementsByTagName("arg"):
745
if (arg.getAttribute("direction")
747
arg.setAttribute("name", "props")
748
xmlstring = document.toxml("utf-8")
750
except (AttributeError, xml.dom.DOMException,
751
xml.parsers.expat.ExpatError) as error:
752
logger.error("Failed to override Introspection method",
757
def datetime_to_dbus (dt, variant_level=0):
758
"""Convert a UTC datetime.datetime() to a D-Bus type."""
760
return dbus.String("", variant_level = variant_level)
761
return dbus.String(dt.isoformat(),
762
variant_level=variant_level)
764
class AlternateDBusNamesMetaclass(DBusObjectWithProperties
766
"""Applied to an empty subclass of a D-Bus object, this metaclass
767
will add additional D-Bus attributes matching a certain pattern.
769
def __new__(mcs, name, bases, attr):
770
# Go through all the base classes which could have D-Bus
771
# methods, signals, or properties in them
772
for base in (b for b in bases
773
if issubclass(b, dbus.service.Object)):
774
# Go though all attributes of the base class
775
for attrname, attribute in inspect.getmembers(base):
776
# Ignore non-D-Bus attributes, and D-Bus attributes
777
# with the wrong interface name
778
if (not hasattr(attribute, "_dbus_interface")
779
or not attribute._dbus_interface
780
.startswith("se.recompile.Mandos")):
782
# Create an alternate D-Bus interface name based on
784
alt_interface = (attribute._dbus_interface
785
.replace("se.recompile.Mandos",
786
"se.bsnet.fukt.Mandos"))
787
# Is this a D-Bus signal?
788
if getattr(attribute, "_dbus_is_signal", False):
789
# Extract the original non-method function by
791
nonmethod_func = (dict(
792
zip(attribute.func_code.co_freevars,
793
attribute.__closure__))["func"]
795
# Create a new, but exactly alike, function
796
# object, and decorate it to be a new D-Bus signal
797
# with the alternate D-Bus interface name
798
new_function = (dbus.service.signal
800
attribute._dbus_signature)
802
nonmethod_func.func_code,
803
nonmethod_func.func_globals,
804
nonmethod_func.func_name,
805
nonmethod_func.func_defaults,
806
nonmethod_func.func_closure)))
807
# Define a creator of a function to call both the
808
# old and new functions, so both the old and new
809
# signals gets sent when the function is called
810
def fixscope(func1, func2):
811
"""This function is a scope container to pass
812
func1 and func2 to the "call_both" function
813
outside of its arguments"""
814
def call_both(*args, **kwargs):
815
"""This function will emit two D-Bus
816
signals by calling func1 and func2"""
817
func1(*args, **kwargs)
818
func2(*args, **kwargs)
820
# Create the "call_both" function and add it to
822
attr[attrname] = fixscope(attribute,
824
# Is this a D-Bus method?
825
elif getattr(attribute, "_dbus_is_method", False):
826
# Create a new, but exactly alike, function
827
# object. Decorate it to be a new D-Bus method
828
# with the alternate D-Bus interface name. Add it
830
attr[attrname] = (dbus.service.method
832
attribute._dbus_in_signature,
833
attribute._dbus_out_signature)
835
(attribute.func_code,
836
attribute.func_globals,
838
attribute.func_defaults,
839
attribute.func_closure)))
840
# Is this a D-Bus property?
841
elif getattr(attribute, "_dbus_is_property", False):
842
# Create a new, but exactly alike, function
843
# object, and decorate it to be a new D-Bus
844
# property with the alternate D-Bus interface
845
# name. Add it to the class.
846
attr[attrname] = (dbus_service_property
848
attribute._dbus_signature,
849
attribute._dbus_access,
851
._dbus_get_args_options
854
(attribute.func_code,
855
attribute.func_globals,
857
attribute.func_defaults,
858
attribute.func_closure)))
859
return type.__new__(mcs, name, bases, attr)
861
class ClientDBus(Client, DBusObjectWithProperties):
411
def still_valid(self):
412
"""Has the timeout not yet passed for this client?"""
413
if not getattr(self, "enabled", False):
415
now = datetime.datetime.utcnow()
416
if self.last_checked_ok is None:
417
return now < (self.created + self.timeout)
419
return now < (self.last_checked_ok + self.timeout)
422
class ClientDBus(Client, dbus.service.Object):
862
423
"""A Client class using D-Bus
865
dbus_object_path: dbus.ObjectPath
866
bus: dbus.SystemBus()
425
dbus_object_path: dbus.ObjectPath ; only set if self.use_dbus
869
runtime_expansions = (Client.runtime_expansions
870
+ ("dbus_object_path",))
872
427
# dbus.service.Object doesn't use super(), so we can't either.
874
def __init__(self, bus = None, *args, **kwargs):
875
self._approvals_pending = 0
429
def __init__(self, *args, **kwargs):
877
430
Client.__init__(self, *args, **kwargs)
878
431
# Only now, when this client is initialized, can it show up on
880
client_object_name = unicode(self.name).translate(
883
433
self.dbus_object_path = (dbus.ObjectPath
884
("/clients/" + client_object_name))
885
DBusObjectWithProperties.__init__(self, self.bus,
886
self.dbus_object_path)
888
def notifychangeproperty(transform_func,
889
dbus_name, type_func=lambda x: x,
891
""" Modify a variable so that it's a property which announces
894
transform_fun: Function that takes a value and transforms it
896
dbus_name: D-Bus name of the variable
897
type_func: Function that transform the value before sending it
898
to the D-Bus. Default: no transform
899
variant_level: D-Bus variant level. Default: 1
901
attrname = "_{0}".format(dbus_name)
902
def setter(self, value):
903
if hasattr(self, "dbus_object_path"):
904
if (not hasattr(self, attrname) or
905
type_func(getattr(self, attrname, None))
906
!= type_func(value)):
907
dbus_value = transform_func(type_func(value),
909
self.PropertyChanged(dbus.String(dbus_name),
911
setattr(self, attrname, value)
913
return property(lambda self: getattr(self, attrname), setter)
916
expires = notifychangeproperty(datetime_to_dbus, "Expires")
917
approvals_pending = notifychangeproperty(dbus.Boolean,
920
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
921
last_enabled = notifychangeproperty(datetime_to_dbus,
923
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
924
type_func = lambda checker:
926
last_checked_ok = notifychangeproperty(datetime_to_dbus,
928
last_approval_request = notifychangeproperty(
929
datetime_to_dbus, "LastApprovalRequest")
930
approved_by_default = notifychangeproperty(dbus.Boolean,
932
approval_delay = notifychangeproperty(dbus.UInt16,
935
_timedelta_to_milliseconds)
936
approval_duration = notifychangeproperty(
937
dbus.UInt16, "ApprovalDuration",
938
type_func = _timedelta_to_milliseconds)
939
host = notifychangeproperty(dbus.String, "Host")
940
timeout = notifychangeproperty(dbus.UInt16, "Timeout",
942
_timedelta_to_milliseconds)
943
extended_timeout = notifychangeproperty(
944
dbus.UInt16, "ExtendedTimeout",
945
type_func = _timedelta_to_milliseconds)
946
interval = notifychangeproperty(dbus.UInt16,
949
_timedelta_to_milliseconds)
950
checker_command = notifychangeproperty(dbus.String, "Checker")
952
del notifychangeproperty
435
+ self.name.replace(".", "_")))
436
dbus.service.Object.__init__(self, bus,
437
self.dbus_object_path)
439
oldstate = getattr(self, "enabled", False)
440
r = Client.enable(self)
441
if oldstate != self.enabled:
443
self.PropertyChanged(dbus.String(u"enabled"),
444
dbus.Boolean(True, variant_level=1))
445
self.PropertyChanged(dbus.String(u"last_enabled"),
446
(_datetime_to_dbus(self.last_enabled,
450
def disable(self, signal = True):
451
oldstate = getattr(self, "enabled", False)
452
r = Client.disable(self)
453
if signal and oldstate != self.enabled:
455
self.PropertyChanged(dbus.String(u"enabled"),
456
dbus.Boolean(False, variant_level=1))
954
459
def __del__(self, *args, **kwargs):
956
461
self.remove_from_connection()
462
except org.freedesktop.DBus.Python.LookupError:
959
if hasattr(DBusObjectWithProperties, "__del__"):
960
DBusObjectWithProperties.__del__(self, *args, **kwargs)
464
dbus.service.Object.__del__(self, *args, **kwargs)
961
465
Client.__del__(self, *args, **kwargs)
963
467
def checker_callback(self, pid, condition, command,
964
468
*args, **kwargs):
965
469
self.checker_callback_tag = None
966
470
self.checker = None
472
self.PropertyChanged(dbus.String(u"checker_running"),
473
dbus.Boolean(False, variant_level=1))
967
474
if os.WIFEXITED(condition):
968
475
exitstatus = os.WEXITSTATUS(condition)
969
476
# Emit D-Bus signal
1082
668
# StopChecker - method
1083
@dbus.service.method(_interface)
1084
def StopChecker(self):
1089
# ApprovalPending - property
1090
@dbus_service_property(_interface, signature="b", access="read")
1091
def ApprovalPending_dbus_property(self):
1092
return dbus.Boolean(bool(self.approvals_pending))
1094
# ApprovedByDefault - property
1095
@dbus_service_property(_interface, signature="b",
1097
def ApprovedByDefault_dbus_property(self, value=None):
1098
if value is None: # get
1099
return dbus.Boolean(self.approved_by_default)
1100
self.approved_by_default = bool(value)
1102
# ApprovalDelay - property
1103
@dbus_service_property(_interface, signature="t",
1105
def ApprovalDelay_dbus_property(self, value=None):
1106
if value is None: # get
1107
return dbus.UInt64(self.approval_delay_milliseconds())
1108
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1110
# ApprovalDuration - property
1111
@dbus_service_property(_interface, signature="t",
1113
def ApprovalDuration_dbus_property(self, value=None):
1114
if value is None: # get
1115
return dbus.UInt64(_timedelta_to_milliseconds(
1116
self.approval_duration))
1117
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1120
@dbus_service_property(_interface, signature="s", access="read")
1121
def Name_dbus_property(self):
1122
return dbus.String(self.name)
1124
# Fingerprint - property
1125
@dbus_service_property(_interface, signature="s", access="read")
1126
def Fingerprint_dbus_property(self):
1127
return dbus.String(self.fingerprint)
1130
@dbus_service_property(_interface, signature="s",
1132
def Host_dbus_property(self, value=None):
1133
if value is None: # get
1134
return dbus.String(self.host)
1137
# Created - property
1138
@dbus_service_property(_interface, signature="s", access="read")
1139
def Created_dbus_property(self):
1140
return dbus.String(datetime_to_dbus(self.created))
1142
# LastEnabled - property
1143
@dbus_service_property(_interface, signature="s", access="read")
1144
def LastEnabled_dbus_property(self):
1145
return datetime_to_dbus(self.last_enabled)
1147
# Enabled - property
1148
@dbus_service_property(_interface, signature="b",
1150
def Enabled_dbus_property(self, value=None):
1151
if value is None: # get
1152
return dbus.Boolean(self.enabled)
1158
# LastCheckedOK - property
1159
@dbus_service_property(_interface, signature="s",
1161
def LastCheckedOK_dbus_property(self, value=None):
1162
if value is not None:
1165
return datetime_to_dbus(self.last_checked_ok)
1167
# Expires - property
1168
@dbus_service_property(_interface, signature="s", access="read")
1169
def Expires_dbus_property(self):
1170
return datetime_to_dbus(self.expires)
1172
# LastApprovalRequest - property
1173
@dbus_service_property(_interface, signature="s", access="read")
1174
def LastApprovalRequest_dbus_property(self):
1175
return datetime_to_dbus(self.last_approval_request)
1177
# Timeout - property
1178
@dbus_service_property(_interface, signature="t",
1180
def Timeout_dbus_property(self, value=None):
1181
if value is None: # get
1182
return dbus.UInt64(self.timeout_milliseconds())
1183
self.timeout = datetime.timedelta(0, 0, 0, value)
1184
if getattr(self, "disable_initiator_tag", None) is None:
1186
# Reschedule timeout
1187
gobject.source_remove(self.disable_initiator_tag)
1188
self.disable_initiator_tag = None
1190
time_to_die = (self.
1191
_timedelta_to_milliseconds((self
1196
if time_to_die <= 0:
1197
# The timeout has passed
1200
self.expires = (datetime.datetime.utcnow()
1201
+ datetime.timedelta(milliseconds =
1203
self.disable_initiator_tag = (gobject.timeout_add
1204
(time_to_die, self.disable))
1206
# ExtendedTimeout - property
1207
@dbus_service_property(_interface, signature="t",
1209
def ExtendedTimeout_dbus_property(self, value=None):
1210
if value is None: # get
1211
return dbus.UInt64(self.extended_timeout_milliseconds())
1212
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1214
# Interval - property
1215
@dbus_service_property(_interface, signature="t",
1217
def Interval_dbus_property(self, value=None):
1218
if value is None: # get
1219
return dbus.UInt64(self.interval_milliseconds())
1220
self.interval = datetime.timedelta(0, 0, 0, value)
1221
if getattr(self, "checker_initiator_tag", None) is None:
1223
# Reschedule checker run
1224
gobject.source_remove(self.checker_initiator_tag)
1225
self.checker_initiator_tag = (gobject.timeout_add
1226
(value, self.start_checker))
1227
self.start_checker() # Start one now, too
1229
# Checker - property
1230
@dbus_service_property(_interface, signature="s",
1232
def Checker_dbus_property(self, value=None):
1233
if value is None: # get
1234
return dbus.String(self.checker_command)
1235
self.checker_command = value
1237
# CheckerRunning - property
1238
@dbus_service_property(_interface, signature="b",
1240
def CheckerRunning_dbus_property(self, value=None):
1241
if value is None: # get
1242
return dbus.Boolean(self.checker is not None)
1244
self.start_checker()
1248
# ObjectPath - property
1249
@dbus_service_property(_interface, signature="o", access="read")
1250
def ObjectPath_dbus_property(self):
1251
return self.dbus_object_path # is already a dbus.ObjectPath
1254
@dbus_service_property(_interface, signature="ay",
1255
access="write", byte_arrays=True)
1256
def Secret_dbus_property(self, value):
1257
self.secret = str(value)
669
StopChecker = dbus.service.method(_interface)(stop_checker)
670
StopChecker.__name__ = "StopChecker"
1262
class ProxyClient(object):
1263
def __init__(self, child_pipe, fpr, address):
1264
self._pipe = child_pipe
1265
self._pipe.send(('init', fpr, address))
1266
if not self._pipe.recv():
1269
def __getattribute__(self, name):
1270
if(name == '_pipe'):
1271
return super(ProxyClient, self).__getattribute__(name)
1272
self._pipe.send(('getattr', name))
1273
data = self._pipe.recv()
1274
if data[0] == 'data':
1276
if data[0] == 'function':
1277
def func(*args, **kwargs):
1278
self._pipe.send(('funcall', name, args, kwargs))
1279
return self._pipe.recv()[1]
1282
def __setattr__(self, name, value):
1283
if(name == '_pipe'):
1284
return super(ProxyClient, self).__setattr__(name, value)
1285
self._pipe.send(('setattr', name, value))
1287
class ClientDBusTransitional(ClientDBus):
1288
__metaclass__ = AlternateDBusNamesMetaclass
1290
class ClientHandler(socketserver.BaseRequestHandler, object):
1291
"""A class to handle client connections.
1293
Instantiated once for each connection to handle it.
675
def peer_certificate(session):
676
"Return the peer's OpenPGP certificate as a bytestring"
677
# If not an OpenPGP certificate...
678
if (gnutls.library.functions
679
.gnutls_certificate_type_get(session._c_object)
680
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
681
# ...do the normal thing
682
return session.peer_certificate
683
list_size = ctypes.c_uint(1)
684
cert_list = (gnutls.library.functions
685
.gnutls_certificate_get_peers
686
(session._c_object, ctypes.byref(list_size)))
687
if not bool(cert_list) and list_size.value != 0:
688
raise gnutls.errors.GNUTLSError("error getting peer"
690
if list_size.value == 0:
693
return ctypes.string_at(cert.data, cert.size)
696
def fingerprint(openpgp):
697
"Convert an OpenPGP bytestring to a hexdigit fingerprint string"
698
# New GnuTLS "datum" with the OpenPGP public key
699
datum = (gnutls.library.types
700
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
703
ctypes.c_uint(len(openpgp))))
704
# New empty GnuTLS certificate
705
crt = gnutls.library.types.gnutls_openpgp_crt_t()
706
(gnutls.library.functions
707
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
708
# Import the OpenPGP public key into the certificate
709
(gnutls.library.functions
710
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
711
gnutls.library.constants
712
.GNUTLS_OPENPGP_FMT_RAW))
713
# Verify the self signature in the key
714
crtverify = ctypes.c_uint()
715
(gnutls.library.functions
716
.gnutls_openpgp_crt_verify_self(crt, 0, ctypes.byref(crtverify)))
717
if crtverify.value != 0:
718
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
719
raise gnutls.errors.CertificateSecurityError("Verify failed")
720
# New buffer for the fingerprint
721
buf = ctypes.create_string_buffer(20)
722
buf_len = ctypes.c_size_t()
723
# Get the fingerprint from the certificate into the buffer
724
(gnutls.library.functions
725
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
726
ctypes.byref(buf_len)))
727
# Deinit the certificate
728
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
729
# Convert the buffer to a Python bytestring
730
fpr = ctypes.string_at(buf, buf_len.value)
731
# Convert the bytestring to hexadecimal notation
732
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
736
class TCP_handler(SocketServer.BaseRequestHandler, object):
737
"""A TCP request handler class.
738
Instantiated by IPv6_TCPServer for each request to handle it.
1294
739
Note: This will run in its own forked process."""
1296
741
def handle(self):
1297
with contextlib.closing(self.server.child_pipe) as child_pipe:
1298
logger.info("TCP connection from: %s",
1299
unicode(self.client_address))
1300
logger.debug("Pipe FD: %d",
1301
self.server.child_pipe.fileno())
742
logger.info(u"TCP connection from: %s",
743
unicode(self.client_address))
744
logger.debug(u"IPC Pipe FD: %d", self.server.pipe[1])
745
# Open IPC pipe to parent process
746
with closing(os.fdopen(self.server.pipe[1], "w", 1)) as ipc:
1303
747
session = (gnutls.connection
1304
748
.ClientSession(self.request,
1305
749
gnutls.connection
1306
750
.X509Credentials()))
752
line = self.request.makefile().readline()
753
logger.debug(u"Protocol version: %r", line)
755
if int(line.strip().split()[0]) > 1:
757
except (ValueError, IndexError, RuntimeError), error:
758
logger.error(u"Unknown protocol version: %s", error)
1308
761
# Note: gnutls.connection.X509Credentials is really a
1309
762
# generic GnuTLS certificate credentials object so long as
1310
763
# no X.509 keys are added to it. Therefore, we can use it
1311
764
# here despite using OpenPGP certificates.
1313
766
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
1314
# "+AES-256-CBC", "+SHA1",
1315
# "+COMP-NULL", "+CTYPE-OPENPGP",
767
# "+AES-256-CBC", "+SHA1",
768
# "+COMP-NULL", "+CTYPE-OPENPGP",
1317
770
# Use a fallback default, since this MUST be set.
1318
priority = self.server.gnutls_priority
1319
if priority is None:
771
priority = self.server.settings.get("priority", "NORMAL")
1321
772
(gnutls.library.functions
1322
773
.gnutls_priority_set_direct(session._c_object,
1323
774
priority, None))
1325
# Start communication using the Mandos protocol
1326
# Get protocol number
1327
line = self.request.makefile().readline()
1328
logger.debug("Protocol version: %r", line)
1330
if int(line.strip().split()[0]) > 1:
1332
except (ValueError, IndexError, RuntimeError) as error:
1333
logger.error("Unknown protocol version: %s", error)
1336
# Start GnuTLS connection
1338
777
session.handshake()
1339
except gnutls.errors.GNUTLSError as error:
1340
logger.warning("Handshake failed: %s", error)
778
except gnutls.errors.GNUTLSError, error:
779
logger.warning(u"Handshake failed: %s", error)
1341
780
# Do not run session.bye() here: the session is not
1342
781
# established. Just abandon the request.
1344
logger.debug("Handshake succeeded")
1346
approval_required = False
783
logger.debug(u"Handshake succeeded")
1349
fpr = self.fingerprint(self.peer_certificate
1352
gnutls.errors.GNUTLSError) as error:
1353
logger.warning("Bad certificate: %s", error)
1355
logger.debug("Fingerprint: %s", fpr)
1358
client = ProxyClient(child_pipe, fpr,
1359
self.client_address)
1363
if client.approval_delay:
1364
delay = client.approval_delay
1365
client.approvals_pending += 1
1366
approval_required = True
1369
if not client.enabled:
1370
logger.info("Client %s is disabled",
1372
if self.server.use_dbus:
1374
client.Rejected("Disabled")
1377
if client._approved or not client.approval_delay:
1378
#We are approved or approval is disabled
1380
elif client._approved is None:
1381
logger.info("Client %s needs approval",
1383
if self.server.use_dbus:
1385
client.NeedApproval(
1386
client.approval_delay_milliseconds(),
1387
client.approved_by_default)
1389
logger.warning("Client %s was not approved",
1391
if self.server.use_dbus:
1393
client.Rejected("Denied")
1396
#wait until timeout or approved
1397
time = datetime.datetime.now()
1398
client.changedstate.acquire()
1399
(client.changedstate.wait
1400
(float(client._timedelta_to_milliseconds(delay)
1402
client.changedstate.release()
1403
time2 = datetime.datetime.now()
1404
if (time2 - time) >= delay:
1405
if not client.approved_by_default:
1406
logger.warning("Client %s timed out while"
1407
" waiting for approval",
1409
if self.server.use_dbus:
1411
client.Rejected("Approval timed out")
1416
delay -= time2 - time
1419
while sent_size < len(client.secret):
1421
sent = session.send(client.secret[sent_size:])
1422
except gnutls.errors.GNUTLSError as error:
1423
logger.warning("gnutls send failed")
1425
logger.debug("Sent: %d, remaining: %d",
1426
sent, len(client.secret)
1427
- (sent_size + sent))
1430
logger.info("Sending secret to %s", client.name)
1431
# bump the timeout as if seen
1432
client.checked_ok(client.extended_timeout)
1433
if self.server.use_dbus:
785
fpr = fingerprint(peer_certificate(session))
786
except (TypeError, gnutls.errors.GNUTLSError), error:
787
logger.warning(u"Bad certificate: %s", error)
790
logger.debug(u"Fingerprint: %s", fpr)
1438
if approval_required:
1439
client.approvals_pending -= 1
1442
except gnutls.errors.GNUTLSError as error:
1443
logger.warning("GnuTLS bye failed")
1446
def peer_certificate(session):
1447
"Return the peer's OpenPGP certificate as a bytestring"
1448
# If not an OpenPGP certificate...
1449
if (gnutls.library.functions
1450
.gnutls_certificate_type_get(session._c_object)
1451
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
1452
# ...do the normal thing
1453
return session.peer_certificate
1454
list_size = ctypes.c_uint(1)
1455
cert_list = (gnutls.library.functions
1456
.gnutls_certificate_get_peers
1457
(session._c_object, ctypes.byref(list_size)))
1458
if not bool(cert_list) and list_size.value != 0:
1459
raise gnutls.errors.GNUTLSError("error getting peer"
1461
if list_size.value == 0:
1464
return ctypes.string_at(cert.data, cert.size)
1467
def fingerprint(openpgp):
1468
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
1469
# New GnuTLS "datum" with the OpenPGP public key
1470
datum = (gnutls.library.types
1471
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
1474
ctypes.c_uint(len(openpgp))))
1475
# New empty GnuTLS certificate
1476
crt = gnutls.library.types.gnutls_openpgp_crt_t()
1477
(gnutls.library.functions
1478
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
1479
# Import the OpenPGP public key into the certificate
1480
(gnutls.library.functions
1481
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
1482
gnutls.library.constants
1483
.GNUTLS_OPENPGP_FMT_RAW))
1484
# Verify the self signature in the key
1485
crtverify = ctypes.c_uint()
1486
(gnutls.library.functions
1487
.gnutls_openpgp_crt_verify_self(crt, 0,
1488
ctypes.byref(crtverify)))
1489
if crtverify.value != 0:
1490
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1491
raise (gnutls.errors.CertificateSecurityError
1493
# New buffer for the fingerprint
1494
buf = ctypes.create_string_buffer(20)
1495
buf_len = ctypes.c_size_t()
1496
# Get the fingerprint from the certificate into the buffer
1497
(gnutls.library.functions
1498
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
1499
ctypes.byref(buf_len)))
1500
# Deinit the certificate
1501
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1502
# Convert the buffer to a Python bytestring
1503
fpr = ctypes.string_at(buf, buf_len.value)
1504
# Convert the bytestring to hexadecimal notation
1505
hex_fpr = ''.join("%02X" % ord(char) for char in fpr)
1509
class MultiprocessingMixIn(object):
1510
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
1511
def sub_process_main(self, request, address):
1513
self.finish_request(request, address)
1515
self.handle_error(request, address)
1516
self.close_request(request)
1518
def process_request(self, request, address):
1519
"""Start a new process to process the request."""
1520
proc = multiprocessing.Process(target = self.sub_process_main,
1527
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
1528
""" adds a pipe to the MixIn """
792
for c in self.server.clients:
793
if c.fingerprint == fpr:
797
logger.warning(u"Client not found for fingerprint: %s",
799
ipc.write("NOTFOUND %s\n" % fpr)
802
# Have to check if client.still_valid(), since it is
803
# possible that the client timed out while establishing
804
# the GnuTLS session.
805
if not client.still_valid():
806
logger.warning(u"Client %(name)s is invalid",
808
ipc.write("INVALID %s\n" % client.name)
811
ipc.write("SENDING %s\n" % client.name)
813
while sent_size < len(client.secret):
814
sent = session.send(client.secret[sent_size:])
815
logger.debug(u"Sent: %d, remaining: %d",
816
sent, len(client.secret)
817
- (sent_size + sent))
822
class ForkingMixInWithPipe(SocketServer.ForkingMixIn, object):
823
"""Like SocketServer.ForkingMixIn, but also pass a pipe.
824
Assumes a gobject.MainLoop event loop.
1529
826
def process_request(self, request, client_address):
1530
"""Overrides and wraps the original process_request().
1532
This function creates a new pipe in self.pipe
827
"""This overrides and wraps the original process_request().
828
This function creates a new pipe in self.pipe
1534
parent_pipe, self.child_pipe = multiprocessing.Pipe()
1536
proc = MultiprocessingMixIn.process_request(self, request,
1538
self.child_pipe.close()
1539
self.add_pipe(parent_pipe, proc)
1541
def add_pipe(self, parent_pipe, proc):
830
self.pipe = os.pipe()
831
super(ForkingMixInWithPipe,
832
self).process_request(request, client_address)
833
os.close(self.pipe[1]) # close write end
834
# Call "handle_ipc" for both data and EOF events
835
gobject.io_add_watch(self.pipe[0],
836
gobject.IO_IN | gobject.IO_HUP,
838
def handle_ipc(source, condition):
1542
839
"""Dummy function; override as necessary"""
1543
raise NotImplementedError
1546
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
1547
socketserver.TCPServer, object):
844
class IPv6_TCPServer(ForkingMixInWithPipe,
845
SocketServer.TCPServer, object):
1548
846
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
848
settings: Server settings
849
clients: Set() of Client objects
1551
850
enabled: Boolean; whether this server is activated yet
1552
interface: None or a network interface name (string)
1553
use_ipv6: Boolean; to use IPv6 or not
1555
def __init__(self, server_address, RequestHandlerClass,
1556
interface=None, use_ipv6=True):
1557
self.interface = interface
1559
self.address_family = socket.AF_INET6
1560
socketserver.TCPServer.__init__(self, server_address,
1561
RequestHandlerClass)
852
address_family = socket.AF_INET6
853
def __init__(self, *args, **kwargs):
854
if "settings" in kwargs:
855
self.settings = kwargs["settings"]
856
del kwargs["settings"]
857
if "clients" in kwargs:
858
self.clients = kwargs["clients"]
859
del kwargs["clients"]
860
if "use_ipv6" in kwargs:
861
if not kwargs["use_ipv6"]:
862
self.address_family = socket.AF_INET
863
del kwargs["use_ipv6"]
865
super(IPv6_TCPServer, self).__init__(*args, **kwargs)
1562
866
def server_bind(self):
1563
867
"""This overrides the normal server_bind() function
1564
868
to bind to an interface if one was specified, and also NOT to
1565
869
bind to an address or port if they were not specified."""
1566
if self.interface is not None:
1567
if SO_BINDTODEVICE is None:
1568
logger.error("SO_BINDTODEVICE does not exist;"
1569
" cannot bind to interface %s",
1573
self.socket.setsockopt(socket.SOL_SOCKET,
1577
except socket.error as error:
1578
if error[0] == errno.EPERM:
1579
logger.error("No permission to"
1580
" bind to interface %s",
1582
elif error[0] == errno.ENOPROTOOPT:
1583
logger.error("SO_BINDTODEVICE not available;"
1584
" cannot bind to interface %s",
870
if self.settings["interface"]:
871
# 25 is from /usr/include/asm-i486/socket.h
872
SO_BINDTODEVICE = getattr(socket, "SO_BINDTODEVICE", 25)
874
self.socket.setsockopt(socket.SOL_SOCKET,
876
self.settings["interface"])
877
except socket.error, error:
878
if error[0] == errno.EPERM:
879
logger.error(u"No permission to"
880
u" bind to interface %s",
881
self.settings["interface"])
1588
884
# Only bind(2) the socket if we really need to.
1589
885
if self.server_address[0] or self.server_address[1]:
1590
886
if not self.server_address[0]:
1597
893
elif not self.server_address[1]:
1598
894
self.server_address = (self.server_address[0],
1600
# if self.interface:
896
# if self.settings["interface"]:
1601
897
# self.server_address = (self.server_address[0],
1604
900
# if_nametoindex
1606
return socketserver.TCPServer.server_bind(self)
1609
class MandosServer(IPv6_TCPServer):
1613
clients: set of Client objects
1614
gnutls_priority GnuTLS priority string
1615
use_dbus: Boolean; to emit D-Bus signals or not
1617
Assumes a gobject.MainLoop event loop.
1619
def __init__(self, server_address, RequestHandlerClass,
1620
interface=None, use_ipv6=True, clients=None,
1621
gnutls_priority=None, use_dbus=True):
1622
self.enabled = False
1623
self.clients = clients
1624
if self.clients is None:
1625
self.clients = set()
1626
self.use_dbus = use_dbus
1627
self.gnutls_priority = gnutls_priority
1628
IPv6_TCPServer.__init__(self, server_address,
1629
RequestHandlerClass,
1630
interface = interface,
1631
use_ipv6 = use_ipv6)
903
return super(IPv6_TCPServer, self).server_bind()
1632
904
def server_activate(self):
1633
905
if self.enabled:
1634
return socketserver.TCPServer.server_activate(self)
906
return super(IPv6_TCPServer, self).server_activate()
1636
907
def enable(self):
1637
908
self.enabled = True
1639
def add_pipe(self, parent_pipe, proc):
1640
# Call "handle_ipc" for both data and EOF events
1641
gobject.io_add_watch(parent_pipe.fileno(),
1642
gobject.IO_IN | gobject.IO_HUP,
1643
functools.partial(self.handle_ipc,
1648
def handle_ipc(self, source, condition, parent_pipe=None,
1649
proc = None, client_object=None):
909
def handle_ipc(self, source, condition, file_objects={}):
1650
910
condition_names = {
1651
gobject.IO_IN: "IN", # There is data to read.
911
gobject.IO_IN: "IN", # There is data to read.
1652
912
gobject.IO_OUT: "OUT", # Data can be written (without
1654
914
gobject.IO_PRI: "PRI", # There is urgent data to read.
1655
915
gobject.IO_ERR: "ERR", # Error condition.
1656
916
gobject.IO_HUP: "HUP" # Hung up (the connection has been
1657
# broken, usually for pipes and
917
# broken, usually for pipes and
1660
920
conditions_string = ' | '.join(name
1661
921
for cond, name in
1662
922
condition_names.iteritems()
1663
923
if cond & condition)
1664
# error or the other end of multiprocessing.Pipe has closed
1665
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
924
logger.debug("Handling IPC: FD = %d, condition = %s", source,
927
# Turn the pipe file descriptor into a Python file object
928
if source not in file_objects:
929
file_objects[source] = os.fdopen(source, "r", 1)
931
# Read a line from the file object
932
cmdline = file_objects[source].readline()
933
if not cmdline: # Empty line means end of file
935
file_objects[source].close()
936
del file_objects[source]
938
# Stop calling this function
1669
# Read a request from the child
1670
request = parent_pipe.recv()
1671
command = request[0]
941
logger.debug("IPC command: %r\n" % cmdline)
1673
if command == 'init':
1675
address = request[2]
1677
for c in self.clients:
1678
if c.fingerprint == fpr:
943
# Parse and act on command
944
cmd, args = cmdline.split(None, 1)
945
if cmd == "NOTFOUND":
946
if self.settings["use_dbus"]:
948
mandos_dbus_service.ClientNotFound(args)
949
elif cmd == "INVALID":
950
if self.settings["use_dbus"]:
951
for client in self.clients:
952
if client.name == args:
956
elif cmd == "SENDING":
957
for client in self.clients:
958
if client.name == args:
960
if self.settings["use_dbus"]:
962
client.ReceivedSecret()
1682
logger.info("Client not found for fingerprint: %s, ad"
1683
"dress: %s", fpr, address)
1686
mandos_dbus_service.ClientNotFound(fpr,
1688
parent_pipe.send(False)
1691
gobject.io_add_watch(parent_pipe.fileno(),
1692
gobject.IO_IN | gobject.IO_HUP,
1693
functools.partial(self.handle_ipc,
1699
parent_pipe.send(True)
1700
# remove the old hook in favor of the new above hook on
1703
if command == 'funcall':
1704
funcname = request[1]
1708
parent_pipe.send(('data', getattr(client_object,
1712
if command == 'getattr':
1713
attrname = request[1]
1714
if callable(client_object.__getattribute__(attrname)):
1715
parent_pipe.send(('function',))
1717
parent_pipe.send(('data', client_object
1718
.__getattribute__(attrname)))
1720
if command == 'setattr':
1721
attrname = request[1]
1723
setattr(client_object, attrname, value)
965
logger.error("Unknown IPC command: %r", cmdline)
967
# Keep calling this function