To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 24.1.137
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.137
- Committer: Björn Påhlsson
- Date: 2009-03-31 02:40:43 UTC
- mfrom: (237.2.91 mandos)
- mto: (237.7.1 mandos) (24.1.154 mandos)
- mto: This revision was merged to the branch mainline in revision 270.
- Revision ID: belorn@braxen-20090331024043-4kdovnn8llszjqsn
merge
- files removed:
- DBUS-API
- debian/source
- files modified:
- .bzrignore
added
removed
mandos
6
6
# This program is partly derived from an example program for an Avahi
7
7
# service publisher, downloaded from
8
8
# <http://avahi.org/wiki/PythonPublishExample>. This includes the
9
# methods "add", "remove", "server_state_changed",
10
# "entry_group_state_changed", "cleanup", and "activate" in the
11
# "AvahiService" class, and some lines in "main".
9
# methods "add" and "remove" in the "AvahiService" class, the
10
# "server_state_changed" and "entry_group_state_changed" functions,
11
# and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008-2011 Teddy Hogeborn
15
# Copyright © 2008-2011 Björn Påhlsson
14
# Copyright © 2008,2009 Teddy Hogeborn
15
# Copyright © 2008,2009 Björn Påhlsson
16
16
#
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
28
28
# along with this program. If not, see
29
29
# <http://www.gnu.org/licenses/>.
30
30
#
31
# Contact the authors at <mandos@recompile.se>.
31
# Contact the authors at <mandos@fukt.bsnet.se>.
32
32
#
33
33
34
from __future__ import (division, absolute_import, print_function,
35
unicode_literals)
34
from __future__ import division, with_statement, absolute_import
36
35
37
import SocketServer as socketserver
36
import SocketServer
38
37
import socket
39
import argparse
38
import optparse
40
39
import datetime
41
40
import errno
42
41
import gnutls.crypto
45
44
import gnutls.library.functions
46
45
import gnutls.library.constants
47
46
import gnutls.library.types
48
import ConfigParser as configparser
47
import ConfigParser
49
48
import sys
50
49
import re
51
50
import os
52
51
import signal
52
from sets import Set
53
53
import subprocess
54
54
import atexit
55
55
import stat
56
56
import logging
57
57
import logging.handlers
58
58
import pwd
59
import contextlib
60
import struct
61
import fcntl
62
import functools
63
import cPickle as pickle
64
import multiprocessing
65
import types
59
from contextlib import closing
66
60
67
61
import dbus
68
62
import dbus.service
71
65
from dbus.mainloop.glib import DBusGMainLoop
72
66
import ctypes
73
67
import ctypes.util
74
import xml.dom.minidom
75
import inspect
76
77
try:
78
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
79
except AttributeError:
80
try:
81
from IN import SO_BINDTODEVICE
82
except ImportError:
83
SO_BINDTODEVICE = None
84
85
86
version = "1.3.1"
87
88
#logger = logging.getLogger('mandos')
68
69
version = "1.0.8"
70
89
71
logger = logging.Logger('mandos')
90
72
syslogger = (logging.handlers.SysLogHandler
91
73
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
92
address = str("/dev/log")))
74
address = "/dev/log"))
93
75
syslogger.setFormatter(logging.Formatter
94
76
('Mandos [%(process)d]: %(levelname)s:'
95
77
' %(message)s'))
97
79
98
80
console = logging.StreamHandler()
99
81
console.setFormatter(logging.Formatter('%(name)s [%(process)d]:'
100
' %(levelname)s:'
101
' %(message)s'))
82
' %(levelname)s: %(message)s'))
102
83
logger.addHandler(console)
103
84
104
85
class AvahiError(Exception):
117
98
118
99
class AvahiService(object):
119
100
"""An Avahi (Zeroconf) service.
120
121
101
Attributes:
122
102
interface: integer; avahi.IF_UNSPEC or an interface index.
123
103
Used to optionally bind to the specified interface.
131
111
max_renames: integer; maximum number of renames
132
112
rename_count: integer; counter so we only rename after collisions
133
113
a sensible number of times
134
group: D-Bus Entry Group
135
server: D-Bus Server
136
bus: dbus.SystemBus()
137
114
"""
138
115
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
139
116
servicetype = None, port = None, TXT = None,
140
117
domain = "", host = "", max_renames = 32768,
141
protocol = avahi.PROTO_UNSPEC, bus = None):
118
protocol = avahi.PROTO_UNSPEC):
142
119
self.interface = interface
143
120
self.name = name
144
121
self.type = servicetype
149
126
self.rename_count = 0
150
127
self.max_renames = max_renames
151
128
self.protocol = protocol
152
self.group = None # our entry group
153
self.server = None
154
self.bus = bus
155
self.entry_group_state_changed_match = None
156
129
def rename(self):
157
130
"""Derived from the Avahi example code"""
158
131
if self.rename_count >= self.max_renames:
159
logger.critical("No suitable Zeroconf service name found"
160
" after %i retries, exiting.",
132
logger.critical(u"No suitable Zeroconf service name found"
133
u" after %i retries, exiting.",
161
134
self.rename_count)
162
raise AvahiServiceError("Too many renames")
163
self.name = unicode(self.server
164
.GetAlternativeServiceName(self.name))
165
logger.info("Changing Zeroconf service name to %r ...",
166
self.name)
135
raise AvahiServiceError(u"Too many renames")
136
self.name = server.GetAlternativeServiceName(self.name)
137
logger.info(u"Changing Zeroconf service name to %r ...",
138
str(self.name))
167
139
syslogger.setFormatter(logging.Formatter
168
140
('Mandos (%s) [%%(process)d]:'
169
141
' %%(levelname)s: %%(message)s'
170
142
% self.name))
171
143
self.remove()
172
try:
173
self.add()
174
except dbus.exceptions.DBusException as error:
175
logger.critical("DBusException: %s", error)
176
self.cleanup()
177
os._exit(1)
144
self.add()
178
145
self.rename_count += 1
179
146
def remove(self):
180
147
"""Derived from the Avahi example code"""
181
if self.entry_group_state_changed_match is not None:
182
self.entry_group_state_changed_match.remove()
183
self.entry_group_state_changed_match = None
184
if self.group is not None:
185
self.group.Reset()
148
if group is not None:
149
group.Reset()
186
150
def add(self):
187
151
"""Derived from the Avahi example code"""
188
self.remove()
189
if self.group is None:
190
self.group = dbus.Interface(
191
self.bus.get_object(avahi.DBUS_NAME,
192
self.server.EntryGroupNew()),
193
avahi.DBUS_INTERFACE_ENTRY_GROUP)
194
self.entry_group_state_changed_match = (
195
self.group.connect_to_signal(
196
'StateChanged', self .entry_group_state_changed))
197
logger.debug("Adding Zeroconf service '%s' of type '%s' ...",
198
self.name, self.type)
199
self.group.AddService(
200
self.interface,
201
self.protocol,
202
dbus.UInt32(0), # flags
203
self.name, self.type,
204
self.domain, self.host,
205
dbus.UInt16(self.port),
206
avahi.string_array_to_txt_array(self.TXT))
207
self.group.Commit()
208
def entry_group_state_changed(self, state, error):
209
"""Derived from the Avahi example code"""
210
logger.debug("Avahi entry group state change: %i", state)
211
212
if state == avahi.ENTRY_GROUP_ESTABLISHED:
213
logger.debug("Zeroconf service established.")
214
elif state == avahi.ENTRY_GROUP_COLLISION:
215
logger.info("Zeroconf service name collision.")
216
self.rename()
217
elif state == avahi.ENTRY_GROUP_FAILURE:
218
logger.critical("Avahi: Error in group state changed %s",
219
unicode(error))
220
raise AvahiGroupError("State changed: %s"
221
% unicode(error))
222
def cleanup(self):
223
"""Derived from the Avahi example code"""
224
if self.group is not None:
225
try:
226
self.group.Free()
227
except (dbus.exceptions.UnknownMethodException,
228
dbus.exceptions.DBusException) as e:
229
pass
230
self.group = None
231
self.remove()
232
def server_state_changed(self, state, error=None):
233
"""Derived from the Avahi example code"""
234
logger.debug("Avahi server state change: %i", state)
235
bad_states = { avahi.SERVER_INVALID:
236
"Zeroconf server invalid",
237
avahi.SERVER_REGISTERING: None,
238
avahi.SERVER_COLLISION:
239
"Zeroconf server name collision",
240
avahi.SERVER_FAILURE:
241
"Zeroconf server failure" }
242
if state in bad_states:
243
if bad_states[state] is not None:
244
if error is None:
245
logger.error(bad_states[state])
246
else:
247
logger.error(bad_states[state] + ": %r", error)
248
self.cleanup()
249
elif state == avahi.SERVER_RUNNING:
250
self.add()
251
else:
252
if error is None:
253
logger.debug("Unknown state: %r", state)
254
else:
255
logger.debug("Unknown state: %r: %r", state, error)
256
def activate(self):
257
"""Derived from the Avahi example code"""
258
if self.server is None:
259
self.server = dbus.Interface(
260
self.bus.get_object(avahi.DBUS_NAME,
261
avahi.DBUS_PATH_SERVER,
262
follow_name_owner_changes=True),
263
avahi.DBUS_INTERFACE_SERVER)
264
self.server.connect_to_signal("StateChanged",
265
self.server_state_changed)
266
self.server_state_changed(self.server.GetState())
267
268
269
def _timedelta_to_milliseconds(td):
270
"Convert a datetime.timedelta() to milliseconds"
271
return ((td.days * 24 * 60 * 60 * 1000)
272
+ (td.seconds * 1000)
273
+ (td.microseconds // 1000))
274
152
global group
153
if group is None:
154
group = dbus.Interface(bus.get_object
155
(avahi.DBUS_NAME,
156
server.EntryGroupNew()),
157
avahi.DBUS_INTERFACE_ENTRY_GROUP)
158
group.connect_to_signal('StateChanged',
159
entry_group_state_changed)
160
logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",
161
service.name, service.type)
162
group.AddService(
163
self.interface, # interface
164
self.protocol, # protocol
165
dbus.UInt32(0), # flags
166
self.name, self.type,
167
self.domain, self.host,
168
dbus.UInt16(self.port),
169
avahi.string_array_to_txt_array(self.TXT))
170
group.Commit()
171
172
# From the Avahi example code:
173
group = None # our entry group
174
# End of Avahi example code
175
176
177
def _datetime_to_dbus(dt, variant_level=0):
178
"""Convert a UTC datetime.datetime() to a D-Bus type."""
179
return dbus.String(dt.isoformat(), variant_level=variant_level)
180
181
275
182
class Client(object):
276
183
"""A representation of a client host served by this server.
277
278
184
Attributes:
279
_approved: bool(); 'None' if not yet approved/disapproved
280
approval_delay: datetime.timedelta(); Time to wait for approval
281
approval_duration: datetime.timedelta(); Duration of one approval
185
name: string; from the config file, used in log messages and
186
D-Bus identifiers
187
fingerprint: string (40 or 32 hexadecimal digits); used to
188
uniquely identify the client
189
secret: bytestring; sent verbatim (over TLS) to client
190
host: string; available for use by the checker command
191
created: datetime.datetime(); (UTC) object creation
192
last_enabled: datetime.datetime(); (UTC)
193
enabled: bool()
194
last_checked_ok: datetime.datetime(); (UTC) or None
195
timeout: datetime.timedelta(); How long from last_checked_ok
196
until this client is invalid
197
interval: datetime.timedelta(); How often to start a new checker
198
disable_hook: If set, called by disable() as disable_hook(self)
282
199
checker: subprocess.Popen(); a running checker process used
283
200
to see if the client lives.
284
201
'None' if no process is running.
285
checker_callback_tag: a gobject event source tag, or None
286
checker_command: string; External command which is run to check
287
if client lives. %() expansions are done at
202
checker_initiator_tag: a gobject event source tag, or None
203
disable_initiator_tag: - '' -
204
checker_callback_tag: - '' -
205
checker_command: string; External command which is run to check if
206
client lives. %() expansions are done at
288
207
runtime with vars(self) as dict, so that for
289
208
instance %(name)s can be used in the command.
290
checker_initiator_tag: a gobject event source tag, or None
291
created: datetime.datetime(); (UTC) object creation
292
209
current_checker_command: string; current running checker_command
293
disable_hook: If set, called by disable() as disable_hook(self)
294
disable_initiator_tag: a gobject event source tag, or None
295
enabled: bool()
296
fingerprint: string (40 or 32 hexadecimal digits); used to
297
uniquely identify the client
298
host: string; available for use by the checker command
299
interval: datetime.timedelta(); How often to start a new checker
300
last_approval_request: datetime.datetime(); (UTC) or None
301
last_checked_ok: datetime.datetime(); (UTC) or None
302
last_enabled: datetime.datetime(); (UTC)
303
name: string; from the config file, used in log messages and
304
D-Bus identifiers
305
secret: bytestring; sent verbatim (over TLS) to client
306
timeout: datetime.timedelta(); How long from last_checked_ok
307
until this client is disabled
308
extended_timeout: extra long timeout when password has been sent
309
runtime_expansions: Allowed attributes for runtime expansion.
310
expires: datetime.datetime(); time (UTC) when a client will be
311
disabled, or None
312
210
"""
313
314
runtime_expansions = ("approval_delay", "approval_duration",
315
"created", "enabled", "fingerprint",
316
"host", "interval", "last_checked_ok",
317
"last_enabled", "name", "timeout")
318
319
211
def timeout_milliseconds(self):
320
212
"Return the 'timeout' attribute in milliseconds"
321
return _timedelta_to_milliseconds(self.timeout)
322
323
def extended_timeout_milliseconds(self):
324
"Return the 'extended_timeout' attribute in milliseconds"
325
return _timedelta_to_milliseconds(self.extended_timeout)
213
return ((self.timeout.days * 24 * 60 * 60 * 1000)
214
+ (self.timeout.seconds * 1000)
215
+ (self.timeout.microseconds // 1000))
326
216
327
217
def interval_milliseconds(self):
328
218
"Return the 'interval' attribute in milliseconds"
329
return _timedelta_to_milliseconds(self.interval)
330
331
def approval_delay_milliseconds(self):
332
return _timedelta_to_milliseconds(self.approval_delay)
219
return ((self.interval.days * 24 * 60 * 60 * 1000)
220
+ (self.interval.seconds * 1000)
221
+ (self.interval.microseconds // 1000))
333
222
334
223
def __init__(self, name = None, disable_hook=None, config=None):
335
224
"""Note: the 'checker' key in 'config' sets the
338
227
self.name = name
339
228
if config is None:
340
229
config = {}
341
logger.debug("Creating client %r", self.name)
230
logger.debug(u"Creating client %r", self.name)
342
231
# Uppercase and remove spaces from fingerprint for later
343
232
# comparison purposes with return value from the fingerprint()
344
233
# function
345
234
self.fingerprint = (config["fingerprint"].upper()
346
.replace(" ", ""))
347
logger.debug(" Fingerprint: %s", self.fingerprint)
235
.replace(u" ", u""))
236
logger.debug(u" Fingerprint: %s", self.fingerprint)
348
237
if "secret" in config:
349
self.secret = config["secret"].decode("base64")
238
self.secret = config["secret"].decode(u"base64")
350
239
elif "secfile" in config:
351
with open(os.path.expanduser(os.path.expandvars
352
(config["secfile"])),
353
"rb") as secfile:
240
with closing(open(os.path.expanduser
241
(os.path.expandvars
242
(config["secfile"])))) as secfile:
354
243
self.secret = secfile.read()
355
244
else:
356
raise TypeError("No secret or secfile for client %s"
245
raise TypeError(u"No secret or secfile for client %s"
357
246
% self.name)
358
247
self.host = config.get("host", "")
359
248
self.created = datetime.datetime.utcnow()
360
249
self.enabled = False
361
self.last_approval_request = None
362
250
self.last_enabled = None
363
251
self.last_checked_ok = None
364
252
self.timeout = string_to_delta(config["timeout"])
365
self.extended_timeout = string_to_delta(config
366
["extended_timeout"])
367
253
self.interval = string_to_delta(config["interval"])
368
254
self.disable_hook = disable_hook
369
255
self.checker = None
370
256
self.checker_initiator_tag = None
371
257
self.disable_initiator_tag = None
372
self.expires = None
373
258
self.checker_callback_tag = None
374
259
self.checker_command = config["checker"]
375
260
self.current_checker_command = None
376
261
self.last_connect = None
377
self._approved = None
378
self.approved_by_default = config.get("approved_by_default",
379
True)
380
self.approvals_pending = 0
381
self.approval_delay = string_to_delta(
382
config["approval_delay"])
383
self.approval_duration = string_to_delta(
384
config["approval_duration"])
385
self.changedstate = (multiprocessing_manager
386
.Condition(multiprocessing_manager
387
.Lock()))
388
389
def send_changedstate(self):
390
self.changedstate.acquire()
391
self.changedstate.notify_all()
392
self.changedstate.release()
393
262
394
263
def enable(self):
395
264
"""Start this client's checker and timeout hooks"""
396
if getattr(self, "enabled", False):
397
# Already enabled
398
return
399
self.send_changedstate()
265
self.last_enabled = datetime.datetime.utcnow()
400
266
# Schedule a new checker to be started an 'interval' from now,
401
267
# and every interval from then on.
402
268
self.checker_initiator_tag = (gobject.timeout_add
403
269
(self.interval_milliseconds(),
404
270
self.start_checker))
271
# Also start a new checker *right now*.
272
self.start_checker()
405
273
# Schedule a disable() when 'timeout' has passed
406
self.expires = datetime.datetime.utcnow() + self.timeout
407
274
self.disable_initiator_tag = (gobject.timeout_add
408
275
(self.timeout_milliseconds(),
409
276
self.disable))
410
277
self.enabled = True
411
self.last_enabled = datetime.datetime.utcnow()
412
# Also start a new checker *right now*.
413
self.start_checker()
414
278
415
def disable(self, quiet=True):
279
def disable(self):
416
280
"""Disable this client."""
417
281
if not getattr(self, "enabled", False):
418
282
return False
419
if not quiet:
420
self.send_changedstate()
421
if not quiet:
422
logger.info("Disabling client %s", self.name)
283
logger.info(u"Disabling client %s", self.name)
423
284
if getattr(self, "disable_initiator_tag", False):
424
285
gobject.source_remove(self.disable_initiator_tag)
425
286
self.disable_initiator_tag = None
426
self.expires = None
427
287
if getattr(self, "checker_initiator_tag", False):
428
288
gobject.source_remove(self.checker_initiator_tag)
429
289
self.checker_initiator_tag = None
445
305
if os.WIFEXITED(condition):
446
306
exitstatus = os.WEXITSTATUS(condition)
447
307
if exitstatus == 0:
448
logger.info("Checker for %(name)s succeeded",
308
logger.info(u"Checker for %(name)s succeeded",
449
309
vars(self))
450
310
self.checked_ok()
451
311
else:
452
logger.info("Checker for %(name)s failed",
312
logger.info(u"Checker for %(name)s failed",
453
313
vars(self))
454
314
else:
455
logger.warning("Checker for %(name)s crashed?",
315
logger.warning(u"Checker for %(name)s crashed?",
456
316
vars(self))
457
317
458
def checked_ok(self, timeout=None):
318
def checked_ok(self):
459
319
"""Bump up the timeout for this client.
460
461
320
This should only be called when the client has been seen,
462
321
alive and well.
463
322
"""
464
if timeout is None:
465
timeout = self.timeout
466
323
self.last_checked_ok = datetime.datetime.utcnow()
467
324
gobject.source_remove(self.disable_initiator_tag)
468
325
self.disable_initiator_tag = (gobject.timeout_add
469
(_timedelta_to_milliseconds
470
(timeout), self.disable))
471
self.expires = datetime.datetime.utcnow() + timeout
472
473
def need_approval(self):
474
self.last_approval_request = datetime.datetime.utcnow()
326
(self.timeout_milliseconds(),
327
self.disable))
475
328
476
329
def start_checker(self):
477
330
"""Start a new checker subprocess if one is not running.
478
479
331
If a checker already exists, leave it running and do
480
332
nothing."""
481
333
# The reason for not killing a running checker is that if we
484
336
# client would inevitably timeout, since no checker would get
485
337
# a chance to run to completion. If we instead leave running
486
338
# checkers alone, the checker would have to take more time
487
# than 'timeout' for the client to be disabled, which is as it
488
# should be.
339
# than 'timeout' for the client to be declared invalid, which
340
# is as it should be.
489
341
490
342
# If a checker exists, make sure it is not a zombie
491
try:
343
if self.checker is not None:
492
344
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
493
except (AttributeError, OSError) as error:
494
if (isinstance(error, OSError)
495
and error.errno != errno.ECHILD):
496
raise error
497
else:
498
345
if pid:
499
346
logger.warning("Checker was a zombie")
500
347
gobject.source_remove(self.checker_callback_tag)
507
354
command = self.checker_command % self.host
508
355
except TypeError:
509
356
# Escape attributes for the shell
510
escaped_attrs = dict(
511
(attr,
512
re.escape(unicode(str(getattr(self, attr, "")),
513
errors=
514
'replace')))
515
for attr in
516
self.runtime_expansions)
517
357
escaped_attrs = dict((key, re.escape(str(val)))
358
for key, val in
359
vars(self).iteritems())
518
360
try:
519
361
command = self.checker_command % escaped_attrs
520
except TypeError as error:
521
logger.error('Could not format string "%s":'
522
' %s', self.checker_command, error)
362
except TypeError, error:
363
logger.error(u'Could not format string "%s":'
364
u' %s', self.checker_command, error)
523
365
return True # Try again later
524
366
self.current_checker_command = command
525
367
try:
526
logger.info("Starting checker %r for %s",
368
logger.info(u"Starting checker %r for %s",
527
369
command, self.name)
528
370
# We don't need to redirect stdout and stderr, since
529
371
# in normal mode, that is already done by daemon(),
542
384
if pid:
543
385
gobject.source_remove(self.checker_callback_tag)
544
386
self.checker_callback(pid, status, command)
545
except OSError as error:
546
logger.error("Failed to start subprocess: %s",
387
except OSError, error:
388
logger.error(u"Failed to start subprocess: %s",
547
389
error)
548
390
# Re-run this periodically if run by gobject.timeout_add
549
391
return True
555
397
self.checker_callback_tag = None
556
398
if getattr(self, "checker", None) is None:
557
399
return
558
logger.debug("Stopping checker for %(name)s", vars(self))
400
logger.debug(u"Stopping checker for %(name)s", vars(self))
559
401
try:
560
402
os.kill(self.checker.pid, signal.SIGTERM)
561
#time.sleep(0.5)
403
#os.sleep(0.5)
562
404
#if self.checker.poll() is None:
563
405
# os.kill(self.checker.pid, signal.SIGKILL)
564
except OSError as error:
406
except OSError, error:
565
407
if error.errno != errno.ESRCH: # No such process
566
408
raise
567
409
self.checker = None
568
569
570
def dbus_service_property(dbus_interface, signature="v",
571
access="readwrite", byte_arrays=False):
572
"""Decorators for marking methods of a DBusObjectWithProperties to
573
become properties on the D-Bus.
574
575
The decorated method will be called with no arguments by "Get"
576
and with one argument by "Set".
577
578
The parameters, where they are supported, are the same as
579
dbus.service.method, except there is only "signature", since the
580
type from Get() and the type sent to Set() is the same.
581
"""
582
# Encoding deeply encoded byte arrays is not supported yet by the
583
# "Set" method, so we fail early here:
584
if byte_arrays and signature != "ay":
585
raise ValueError("Byte arrays not supported for non-'ay'"
586
" signature %r" % signature)
587
def decorator(func):
588
func._dbus_is_property = True
589
func._dbus_interface = dbus_interface
590
func._dbus_signature = signature
591
func._dbus_access = access
592
func._dbus_name = func.__name__
593
if func._dbus_name.endswith("_dbus_property"):
594
func._dbus_name = func._dbus_name[:-14]
595
func._dbus_get_args_options = {'byte_arrays': byte_arrays }
596
return func
597
return decorator
598
599
600
class DBusPropertyException(dbus.exceptions.DBusException):
601
"""A base class for D-Bus property-related exceptions
602
"""
603
def __unicode__(self):
604
return unicode(str(self))
605
606
607
class DBusPropertyAccessException(DBusPropertyException):
608
"""A property's access permissions disallows an operation.
609
"""
610
pass
611
612
613
class DBusPropertyNotFound(DBusPropertyException):
614
"""An attempt was made to access a non-existing property.
615
"""
616
pass
617
618
619
class DBusObjectWithProperties(dbus.service.Object):
620
"""A D-Bus object with properties.
621
622
Classes inheriting from this can use the dbus_service_property
623
decorator to expose methods as D-Bus properties. It exposes the
624
standard Get(), Set(), and GetAll() methods on the D-Bus.
625
"""
626
627
@staticmethod
628
def _is_dbus_property(obj):
629
return getattr(obj, "_dbus_is_property", False)
630
631
def _get_all_dbus_properties(self):
632
"""Returns a generator of (name, attribute) pairs
633
"""
634
return ((prop.__get__(self)._dbus_name, prop.__get__(self))
635
for cls in self.__class__.__mro__
636
for name, prop in
637
inspect.getmembers(cls, self._is_dbus_property))
638
639
def _get_dbus_property(self, interface_name, property_name):
640
"""Returns a bound method if one exists which is a D-Bus
641
property with the specified name and interface.
642
"""
643
for cls in self.__class__.__mro__:
644
for name, value in (inspect.getmembers
645
(cls, self._is_dbus_property)):
646
if (value._dbus_name == property_name
647
and value._dbus_interface == interface_name):
648
return value.__get__(self)
649
650
# No such property
651
raise DBusPropertyNotFound(self.dbus_object_path + ":"
652
+ interface_name + "."
653
+ property_name)
654
655
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
656
out_signature="v")
657
def Get(self, interface_name, property_name):
658
"""Standard D-Bus property Get() method, see D-Bus standard.
659
"""
660
prop = self._get_dbus_property(interface_name, property_name)
661
if prop._dbus_access == "write":
662
raise DBusPropertyAccessException(property_name)
663
value = prop()
664
if not hasattr(value, "variant_level"):
665
return value
666
return type(value)(value, variant_level=value.variant_level+1)
667
668
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ssv")
669
def Set(self, interface_name, property_name, value):
670
"""Standard D-Bus property Set() method, see D-Bus standard.
671
"""
672
prop = self._get_dbus_property(interface_name, property_name)
673
if prop._dbus_access == "read":
674
raise DBusPropertyAccessException(property_name)
675
if prop._dbus_get_args_options["byte_arrays"]:
676
# The byte_arrays option is not supported yet on
677
# signatures other than "ay".
678
if prop._dbus_signature != "ay":
679
raise ValueError
680
value = dbus.ByteArray(''.join(unichr(byte)
681
for byte in value))
682
prop(value)
683
684
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
685
out_signature="a{sv}")
686
def GetAll(self, interface_name):
687
"""Standard D-Bus property GetAll() method, see D-Bus
688
standard.
689
690
Note: Will not include properties with access="write".
691
"""
692
all = {}
693
for name, prop in self._get_all_dbus_properties():
694
if (interface_name
695
and interface_name != prop._dbus_interface):
696
# Interface non-empty but did not match
697
continue
698
# Ignore write-only properties
699
if prop._dbus_access == "write":
700
continue
701
value = prop()
702
if not hasattr(value, "variant_level"):
703
all[name] = value
704
continue
705
all[name] = type(value)(value, variant_level=
706
value.variant_level+1)
707
return dbus.Dictionary(all, signature="sv")
708
709
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
710
out_signature="s",
711
path_keyword='object_path',
712
connection_keyword='connection')
713
def Introspect(self, object_path, connection):
714
"""Standard D-Bus method, overloaded to insert property tags.
715
"""
716
xmlstring = dbus.service.Object.Introspect(self, object_path,
717
connection)
718
try:
719
document = xml.dom.minidom.parseString(xmlstring)
720
def make_tag(document, name, prop):
721
e = document.createElement("property")
722
e.setAttribute("name", name)
723
e.setAttribute("type", prop._dbus_signature)
724
e.setAttribute("access", prop._dbus_access)
725
return e
726
for if_tag in document.getElementsByTagName("interface"):
727
for tag in (make_tag(document, name, prop)
728
for name, prop
729
in self._get_all_dbus_properties()
730
if prop._dbus_interface
731
== if_tag.getAttribute("name")):
732
if_tag.appendChild(tag)
733
# Add the names to the return values for the
734
# "org.freedesktop.DBus.Properties" methods
735
if (if_tag.getAttribute("name")
736
== "org.freedesktop.DBus.Properties"):
737
for cn in if_tag.getElementsByTagName("method"):
738
if cn.getAttribute("name") == "Get":
739
for arg in cn.getElementsByTagName("arg"):
740
if (arg.getAttribute("direction")
741
== "out"):
742
arg.setAttribute("name", "value")
743
elif cn.getAttribute("name") == "GetAll":
744
for arg in cn.getElementsByTagName("arg"):
745
if (arg.getAttribute("direction")
746
== "out"):
747
arg.setAttribute("name", "props")
748
xmlstring = document.toxml("utf-8")
749
document.unlink()
750
except (AttributeError, xml.dom.DOMException,
751
xml.parsers.expat.ExpatError) as error:
752
logger.error("Failed to override Introspection method",
753
error)
754
return xmlstring
755
756
757
def datetime_to_dbus (dt, variant_level=0):
758
"""Convert a UTC datetime.datetime() to a D-Bus type."""
759
if dt is None:
760
return dbus.String("", variant_level = variant_level)
761
return dbus.String(dt.isoformat(),
762
variant_level=variant_level)
763
764
class AlternateDBusNamesMetaclass(DBusObjectWithProperties
765
.__metaclass__):
766
"""Applied to an empty subclass of a D-Bus object, this metaclass
767
will add additional D-Bus attributes matching a certain pattern.
768
"""
769
def __new__(mcs, name, bases, attr):
770
# Go through all the base classes which could have D-Bus
771
# methods, signals, or properties in them
772
for base in (b for b in bases
773
if issubclass(b, dbus.service.Object)):
774
# Go though all attributes of the base class
775
for attrname, attribute in inspect.getmembers(base):
776
# Ignore non-D-Bus attributes, and D-Bus attributes
777
# with the wrong interface name
778
if (not hasattr(attribute, "_dbus_interface")
779
or not attribute._dbus_interface
780
.startswith("se.recompile.Mandos")):
781
continue
782
# Create an alternate D-Bus interface name based on
783
# the current name
784
alt_interface = (attribute._dbus_interface
785
.replace("se.recompile.Mandos",
786
"se.bsnet.fukt.Mandos"))
787
# Is this a D-Bus signal?
788
if getattr(attribute, "_dbus_is_signal", False):
789
# Extract the original non-method function by
790
# black magic
791
nonmethod_func = (dict(
792
zip(attribute.func_code.co_freevars,
793
attribute.__closure__))["func"]
794
.cell_contents)
795
# Create a new, but exactly alike, function
796
# object, and decorate it to be a new D-Bus signal
797
# with the alternate D-Bus interface name
798
new_function = (dbus.service.signal
799
(alt_interface,
800
attribute._dbus_signature)
801
(types.FunctionType(
802
nonmethod_func.func_code,
803
nonmethod_func.func_globals,
804
nonmethod_func.func_name,
805
nonmethod_func.func_defaults,
806
nonmethod_func.func_closure)))
807
# Define a creator of a function to call both the
808
# old and new functions, so both the old and new
809
# signals gets sent when the function is called
810
def fixscope(func1, func2):
811
"""This function is a scope container to pass
812
func1 and func2 to the "call_both" function
813
outside of its arguments"""
814
def call_both(*args, **kwargs):
815
"""This function will emit two D-Bus
816
signals by calling func1 and func2"""
817
func1(*args, **kwargs)
818
func2(*args, **kwargs)
819
return call_both
820
# Create the "call_both" function and add it to
821
# the class
822
attr[attrname] = fixscope(attribute,
823
new_function)
824
# Is this a D-Bus method?
825
elif getattr(attribute, "_dbus_is_method", False):
826
# Create a new, but exactly alike, function
827
# object. Decorate it to be a new D-Bus method
828
# with the alternate D-Bus interface name. Add it
829
# to the class.
830
attr[attrname] = (dbus.service.method
831
(alt_interface,
832
attribute._dbus_in_signature,
833
attribute._dbus_out_signature)
834
(types.FunctionType
835
(attribute.func_code,
836
attribute.func_globals,
837
attribute.func_name,
838
attribute.func_defaults,
839
attribute.func_closure)))
840
# Is this a D-Bus property?
841
elif getattr(attribute, "_dbus_is_property", False):
842
# Create a new, but exactly alike, function
843
# object, and decorate it to be a new D-Bus
844
# property with the alternate D-Bus interface
845
# name. Add it to the class.
846
attr[attrname] = (dbus_service_property
847
(alt_interface,
848
attribute._dbus_signature,
849
attribute._dbus_access,
850
attribute
851
._dbus_get_args_options
852
["byte_arrays"])
853
(types.FunctionType
854
(attribute.func_code,
855
attribute.func_globals,
856
attribute.func_name,
857
attribute.func_defaults,
858
attribute.func_closure)))
859
return type.__new__(mcs, name, bases, attr)
860
861
class ClientDBus(Client, DBusObjectWithProperties):
410
411
def still_valid(self):
412
"""Has the timeout not yet passed for this client?"""
413
if not getattr(self, "enabled", False):
414
return False
415
now = datetime.datetime.utcnow()
416
if self.last_checked_ok is None:
417
return now < (self.created + self.timeout)
418
else:
419
return now < (self.last_checked_ok + self.timeout)
420
421
422
class ClientDBus(Client, dbus.service.Object):
862
423
"""A Client class using D-Bus
863
864
424
Attributes:
865
dbus_object_path: dbus.ObjectPath
866
bus: dbus.SystemBus()
425
dbus_object_path: dbus.ObjectPath ; only set if self.use_dbus
867
426
"""
868
869
runtime_expansions = (Client.runtime_expansions
870
+ ("dbus_object_path",))
871
872
427
# dbus.service.Object doesn't use super(), so we can't either.
873
428
874
def __init__(self, bus = None, *args, **kwargs):
875
self._approvals_pending = 0
876
self.bus = bus
429
def __init__(self, *args, **kwargs):
877
430
Client.__init__(self, *args, **kwargs)
878
431
# Only now, when this client is initialized, can it show up on
879
432
# the D-Bus
880
client_object_name = unicode(self.name).translate(
881
{ord("."): ord("_"),
882
ord("-"): ord("_")})
883
433
self.dbus_object_path = (dbus.ObjectPath
884
("/clients/" + client_object_name))
885
DBusObjectWithProperties.__init__(self, self.bus,
886
self.dbus_object_path)
887
888
def notifychangeproperty(transform_func,
889
dbus_name, type_func=lambda x: x,
890
variant_level=1):
891
""" Modify a variable so that it's a property which announces
892
its changes to DBus.
893
894
transform_fun: Function that takes a value and transforms it
895
to a D-Bus type.
896
dbus_name: D-Bus name of the variable
897
type_func: Function that transform the value before sending it
898
to the D-Bus. Default: no transform
899
variant_level: D-Bus variant level. Default: 1
900
"""
901
attrname = "_{0}".format(dbus_name)
902
def setter(self, value):
903
if hasattr(self, "dbus_object_path"):
904
if (not hasattr(self, attrname) or
905
type_func(getattr(self, attrname, None))
906
!= type_func(value)):
907
dbus_value = transform_func(type_func(value),
908
variant_level)
909
self.PropertyChanged(dbus.String(dbus_name),
910
dbus_value)
911
setattr(self, attrname, value)
912
913
return property(lambda self: getattr(self, attrname), setter)
914
915
916
expires = notifychangeproperty(datetime_to_dbus, "Expires")
917
approvals_pending = notifychangeproperty(dbus.Boolean,
918
"ApprovalPending",
919
type_func = bool)
920
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
921
last_enabled = notifychangeproperty(datetime_to_dbus,
922
"LastEnabled")
923
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
924
type_func = lambda checker:
925
checker is not None)
926
last_checked_ok = notifychangeproperty(datetime_to_dbus,
927
"LastCheckedOK")
928
last_approval_request = notifychangeproperty(
929
datetime_to_dbus, "LastApprovalRequest")
930
approved_by_default = notifychangeproperty(dbus.Boolean,
931
"ApprovedByDefault")
932
approval_delay = notifychangeproperty(dbus.UInt16,
933
"ApprovalDelay",
934
type_func =
935
_timedelta_to_milliseconds)
936
approval_duration = notifychangeproperty(
937
dbus.UInt16, "ApprovalDuration",
938
type_func = _timedelta_to_milliseconds)
939
host = notifychangeproperty(dbus.String, "Host")
940
timeout = notifychangeproperty(dbus.UInt16, "Timeout",
941
type_func =
942
_timedelta_to_milliseconds)
943
extended_timeout = notifychangeproperty(
944
dbus.UInt16, "ExtendedTimeout",
945
type_func = _timedelta_to_milliseconds)
946
interval = notifychangeproperty(dbus.UInt16,
947
"Interval",
948
type_func =
949
_timedelta_to_milliseconds)
950
checker_command = notifychangeproperty(dbus.String, "Checker")
951
952
del notifychangeproperty
434
("/clients/"
435
+ self.name.replace(".", "_")))
436
dbus.service.Object.__init__(self, bus,
437
self.dbus_object_path)
438
def enable(self):
439
oldstate = getattr(self, "enabled", False)
440
r = Client.enable(self)
441
if oldstate != self.enabled:
442
# Emit D-Bus signals
443
self.PropertyChanged(dbus.String(u"enabled"),
444
dbus.Boolean(True, variant_level=1))
445
self.PropertyChanged(dbus.String(u"last_enabled"),
446
(_datetime_to_dbus(self.last_enabled,
447
variant_level=1)))
448
return r
449
450
def disable(self, signal = True):
451
oldstate = getattr(self, "enabled", False)
452
r = Client.disable(self)
453
if signal and oldstate != self.enabled:
454
# Emit D-Bus signal
455
self.PropertyChanged(dbus.String(u"enabled"),
456
dbus.Boolean(False, variant_level=1))
457
return r
953
458
954
459
def __del__(self, *args, **kwargs):
955
460
try:
956
461
self.remove_from_connection()
957
except LookupError:
462
except org.freedesktop.DBus.Python.LookupError:
958
463
pass
959
if hasattr(DBusObjectWithProperties, "__del__"):
960
DBusObjectWithProperties.__del__(self, *args, **kwargs)
464
dbus.service.Object.__del__(self, *args, **kwargs)
961
465
Client.__del__(self, *args, **kwargs)
962
466
963
467
def checker_callback(self, pid, condition, command,
964
468
*args, **kwargs):
965
469
self.checker_callback_tag = None
966
470
self.checker = None
471
# Emit D-Bus signal
472
self.PropertyChanged(dbus.String(u"checker_running"),
473
dbus.Boolean(False, variant_level=1))
967
474
if os.WIFEXITED(condition):
968
475
exitstatus = os.WEXITSTATUS(condition)
969
476
# Emit D-Bus signal
979
486
return Client.checker_callback(self, pid, condition, command,
980
487
*args, **kwargs)
981
488
489
def checked_ok(self, *args, **kwargs):
490
r = Client.checked_ok(self, *args, **kwargs)
491
# Emit D-Bus signal
492
self.PropertyChanged(
493
dbus.String(u"last_checked_ok"),
494
(_datetime_to_dbus(self.last_checked_ok,
495
variant_level=1)))
496
return r
497
982
498
def start_checker(self, *args, **kwargs):
983
499
old_checker = self.checker
984
500
if self.checker is not None:
986
502
else:
987
503
old_checker_pid = None
988
504
r = Client.start_checker(self, *args, **kwargs)
989
# Only if new checker process was started
990
if (self.checker is not None
991
and old_checker_pid != self.checker.pid):
992
# Emit D-Bus signal
505
# Only emit D-Bus signal if new checker process was started
506
if ((self.checker is not None)
507
and not (old_checker is not None
508
and old_checker_pid == self.checker.pid)):
993
509
self.CheckerStarted(self.current_checker_command)
994
return r
995
996
def _reset_approved(self):
997
self._approved = None
998
return False
999
1000
def approve(self, value=True):
1001
self.send_changedstate()
1002
self._approved = value
1003
gobject.timeout_add(_timedelta_to_milliseconds
1004
(self.approval_duration),
1005
self._reset_approved)
1006
1007
1008
## D-Bus methods, signals & properties
1009
_interface = "se.recompile.Mandos.Client"
1010
1011
## Signals
510
self.PropertyChanged(
511
dbus.String("checker_running"),
512
dbus.Boolean(True, variant_level=1))
513
return r
514
515
def stop_checker(self, *args, **kwargs):
516
old_checker = getattr(self, "checker", None)
517
r = Client.stop_checker(self, *args, **kwargs)
518
if (old_checker is not None
519
and getattr(self, "checker", None) is None):
520
self.PropertyChanged(dbus.String(u"checker_running"),
521
dbus.Boolean(False, variant_level=1))
522
return r
523
524
## D-Bus methods & signals
525
_interface = u"se.bsnet.fukt.Mandos.Client"
526
527
# CheckedOK - method
528
CheckedOK = dbus.service.method(_interface)(checked_ok)
529
CheckedOK.__name__ = "CheckedOK"
1012
530
1013
531
# CheckerCompleted - signal
1014
532
@dbus.service.signal(_interface, signature="nxs")
1022
540
"D-Bus signal"
1023
541
pass
1024
542
543
# GetAllProperties - method
544
@dbus.service.method(_interface, out_signature="a{sv}")
545
def GetAllProperties(self):
546
"D-Bus method"
547
return dbus.Dictionary({
548
dbus.String("name"):
549
dbus.String(self.name, variant_level=1),
550
dbus.String("fingerprint"):
551
dbus.String(self.fingerprint, variant_level=1),
552
dbus.String("host"):
553
dbus.String(self.host, variant_level=1),
554
dbus.String("created"):
555
_datetime_to_dbus(self.created, variant_level=1),
556
dbus.String("last_enabled"):
557
(_datetime_to_dbus(self.last_enabled,
558
variant_level=1)
559
if self.last_enabled is not None
560
else dbus.Boolean(False, variant_level=1)),
561
dbus.String("enabled"):
562
dbus.Boolean(self.enabled, variant_level=1),
563
dbus.String("last_checked_ok"):
564
(_datetime_to_dbus(self.last_checked_ok,
565
variant_level=1)
566
if self.last_checked_ok is not None
567
else dbus.Boolean (False, variant_level=1)),
568
dbus.String("timeout"):
569
dbus.UInt64(self.timeout_milliseconds(),
570
variant_level=1),
571
dbus.String("interval"):
572
dbus.UInt64(self.interval_milliseconds(),
573
variant_level=1),
574
dbus.String("checker"):
575
dbus.String(self.checker_command,
576
variant_level=1),
577
dbus.String("checker_running"):
578
dbus.Boolean(self.checker is not None,
579
variant_level=1),
580
dbus.String("object_path"):
581
dbus.ObjectPath(self.dbus_object_path,
582
variant_level=1)
583
}, signature="sv")
584
585
# IsStillValid - method
586
@dbus.service.method(_interface, out_signature="b")
587
def IsStillValid(self):
588
return self.still_valid()
589
1025
590
# PropertyChanged - signal
1026
591
@dbus.service.signal(_interface, signature="sv")
1027
592
def PropertyChanged(self, property, value):
1028
593
"D-Bus signal"
1029
594
pass
1030
595
1031
# GotSecret - signal
596
# ReceivedSecret - signal
1032
597
@dbus.service.signal(_interface)
1033
def GotSecret(self):
1034
"""D-Bus signal
1035
Is sent after a successful transfer of secret from the Mandos
1036
server to mandos-client
1037
"""
598
def ReceivedSecret(self):
599
"D-Bus signal"
1038
600
pass
1039
601
1040
602
# Rejected - signal
1041
@dbus.service.signal(_interface, signature="s")
1042
def Rejected(self, reason):
603
@dbus.service.signal(_interface)
604
def Rejected(self):
1043
605
"D-Bus signal"
1044
606
pass
1045
607
1046
# NeedApproval - signal
1047
@dbus.service.signal(_interface, signature="tb")
1048
def NeedApproval(self, timeout, default):
1049
"D-Bus signal"
1050
return self.need_approval()
1051
1052
## Methods
1053
1054
# Approve - method
1055
@dbus.service.method(_interface, in_signature="b")
1056
def Approve(self, value):
1057
self.approve(value)
1058
1059
# CheckedOK - method
1060
@dbus.service.method(_interface)
1061
def CheckedOK(self):
1062
self.checked_ok()
608
# SetChecker - method
609
@dbus.service.method(_interface, in_signature="s")
610
def SetChecker(self, checker):
611
"D-Bus setter method"
612
self.checker_command = checker
613
# Emit D-Bus signal
614
self.PropertyChanged(dbus.String(u"checker"),
615
dbus.String(self.checker_command,
616
variant_level=1))
617
618
# SetHost - method
619
@dbus.service.method(_interface, in_signature="s")
620
def SetHost(self, host):
621
"D-Bus setter method"
622
self.host = host
623
# Emit D-Bus signal
624
self.PropertyChanged(dbus.String(u"host"),
625
dbus.String(self.host, variant_level=1))
626
627
# SetInterval - method
628
@dbus.service.method(_interface, in_signature="t")
629
def SetInterval(self, milliseconds):
630
self.interval = datetime.timedelta(0, 0, 0, milliseconds)
631
# Emit D-Bus signal
632
self.PropertyChanged(dbus.String(u"interval"),
633
(dbus.UInt64(self.interval_milliseconds(),
634
variant_level=1)))
635
636
# SetSecret - method
637
@dbus.service.method(_interface, in_signature="ay",
638
byte_arrays=True)
639
def SetSecret(self, secret):
640
"D-Bus setter method"
641
self.secret = str(secret)
642
643
# SetTimeout - method
644
@dbus.service.method(_interface, in_signature="t")
645
def SetTimeout(self, milliseconds):
646
self.timeout = datetime.timedelta(0, 0, 0, milliseconds)
647
# Emit D-Bus signal
648
self.PropertyChanged(dbus.String(u"timeout"),
649
(dbus.UInt64(self.timeout_milliseconds(),
650
variant_level=1)))
1063
651
1064
652
# Enable - method
1065
@dbus.service.method(_interface)
1066
def Enable(self):
1067
"D-Bus method"
1068
self.enable()
653
Enable = dbus.service.method(_interface)(enable)
654
Enable.__name__ = "Enable"
1069
655
1070
656
# StartChecker - method
1071
657
@dbus.service.method(_interface)
1080
666
self.disable()
1081
667
1082
668
# StopChecker - method
1083
@dbus.service.method(_interface)
1084
def StopChecker(self):
1085
self.stop_checker()
1086
1087
## Properties
1088
1089
# ApprovalPending - property
1090
@dbus_service_property(_interface, signature="b", access="read")
1091
def ApprovalPending_dbus_property(self):
1092
return dbus.Boolean(bool(self.approvals_pending))
1093
1094
# ApprovedByDefault - property
1095
@dbus_service_property(_interface, signature="b",
1096
access="readwrite")
1097
def ApprovedByDefault_dbus_property(self, value=None):
1098
if value is None: # get
1099
return dbus.Boolean(self.approved_by_default)
1100
self.approved_by_default = bool(value)
1101
1102
# ApprovalDelay - property
1103
@dbus_service_property(_interface, signature="t",
1104
access="readwrite")
1105
def ApprovalDelay_dbus_property(self, value=None):
1106
if value is None: # get
1107
return dbus.UInt64(self.approval_delay_milliseconds())
1108
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1109
1110
# ApprovalDuration - property
1111
@dbus_service_property(_interface, signature="t",
1112
access="readwrite")
1113
def ApprovalDuration_dbus_property(self, value=None):
1114
if value is None: # get
1115
return dbus.UInt64(_timedelta_to_milliseconds(
1116
self.approval_duration))
1117
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1118
1119
# Name - property
1120
@dbus_service_property(_interface, signature="s", access="read")
1121
def Name_dbus_property(self):
1122
return dbus.String(self.name)
1123
1124
# Fingerprint - property
1125
@dbus_service_property(_interface, signature="s", access="read")
1126
def Fingerprint_dbus_property(self):
1127
return dbus.String(self.fingerprint)
1128
1129
# Host - property
1130
@dbus_service_property(_interface, signature="s",
1131
access="readwrite")
1132
def Host_dbus_property(self, value=None):
1133
if value is None: # get
1134
return dbus.String(self.host)
1135
self.host = value
1136
1137
# Created - property
1138
@dbus_service_property(_interface, signature="s", access="read")
1139
def Created_dbus_property(self):
1140
return dbus.String(datetime_to_dbus(self.created))
1141
1142
# LastEnabled - property
1143
@dbus_service_property(_interface, signature="s", access="read")
1144
def LastEnabled_dbus_property(self):
1145
return datetime_to_dbus(self.last_enabled)
1146
1147
# Enabled - property
1148
@dbus_service_property(_interface, signature="b",
1149
access="readwrite")
1150
def Enabled_dbus_property(self, value=None):
1151
if value is None: # get
1152
return dbus.Boolean(self.enabled)
1153
if value:
1154
self.enable()
1155
else:
1156
self.disable()
1157
1158
# LastCheckedOK - property
1159
@dbus_service_property(_interface, signature="s",
1160
access="readwrite")
1161
def LastCheckedOK_dbus_property(self, value=None):
1162
if value is not None:
1163
self.checked_ok()
1164
return
1165
return datetime_to_dbus(self.last_checked_ok)
1166
1167
# Expires - property
1168
@dbus_service_property(_interface, signature="s", access="read")
1169
def Expires_dbus_property(self):
1170
return datetime_to_dbus(self.expires)
1171
1172
# LastApprovalRequest - property
1173
@dbus_service_property(_interface, signature="s", access="read")
1174
def LastApprovalRequest_dbus_property(self):
1175
return datetime_to_dbus(self.last_approval_request)
1176
1177
# Timeout - property
1178
@dbus_service_property(_interface, signature="t",
1179
access="readwrite")
1180
def Timeout_dbus_property(self, value=None):
1181
if value is None: # get
1182
return dbus.UInt64(self.timeout_milliseconds())
1183
self.timeout = datetime.timedelta(0, 0, 0, value)
1184
if getattr(self, "disable_initiator_tag", None) is None:
1185
return
1186
# Reschedule timeout
1187
gobject.source_remove(self.disable_initiator_tag)
1188
self.disable_initiator_tag = None
1189
self.expires = None
1190
time_to_die = (self.
1191
_timedelta_to_milliseconds((self
1192
.last_checked_ok
1193
+ self.timeout)
1194
- datetime.datetime
1195
.utcnow()))
1196
if time_to_die <= 0:
1197
# The timeout has passed
1198
self.disable()
1199
else:
1200
self.expires = (datetime.datetime.utcnow()
1201
+ datetime.timedelta(milliseconds =
1202
time_to_die))
1203
self.disable_initiator_tag = (gobject.timeout_add
1204
(time_to_die, self.disable))
1205
1206
# ExtendedTimeout - property
1207
@dbus_service_property(_interface, signature="t",
1208
access="readwrite")
1209
def ExtendedTimeout_dbus_property(self, value=None):
1210
if value is None: # get
1211
return dbus.UInt64(self.extended_timeout_milliseconds())
1212
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1213
1214
# Interval - property
1215
@dbus_service_property(_interface, signature="t",
1216
access="readwrite")
1217
def Interval_dbus_property(self, value=None):
1218
if value is None: # get
1219
return dbus.UInt64(self.interval_milliseconds())
1220
self.interval = datetime.timedelta(0, 0, 0, value)
1221
if getattr(self, "checker_initiator_tag", None) is None:
1222
return
1223
# Reschedule checker run
1224
gobject.source_remove(self.checker_initiator_tag)
1225
self.checker_initiator_tag = (gobject.timeout_add
1226
(value, self.start_checker))
1227
self.start_checker() # Start one now, too
1228
1229
# Checker - property
1230
@dbus_service_property(_interface, signature="s",
1231
access="readwrite")
1232
def Checker_dbus_property(self, value=None):
1233
if value is None: # get
1234
return dbus.String(self.checker_command)
1235
self.checker_command = value
1236
1237
# CheckerRunning - property
1238
@dbus_service_property(_interface, signature="b",
1239
access="readwrite")
1240
def CheckerRunning_dbus_property(self, value=None):
1241
if value is None: # get
1242
return dbus.Boolean(self.checker is not None)
1243
if value:
1244
self.start_checker()
1245
else:
1246
self.stop_checker()
1247
1248
# ObjectPath - property
1249
@dbus_service_property(_interface, signature="o", access="read")
1250
def ObjectPath_dbus_property(self):
1251
return self.dbus_object_path # is already a dbus.ObjectPath
1252
1253
# Secret = property
1254
@dbus_service_property(_interface, signature="ay",
1255
access="write", byte_arrays=True)
1256
def Secret_dbus_property(self, value):
1257
self.secret = str(value)
669
StopChecker = dbus.service.method(_interface)(stop_checker)
670
StopChecker.__name__ = "StopChecker"
1258
671
1259
672
del _interface
1260
673
1261
674
1262
class ProxyClient(object):
1263
def __init__(self, child_pipe, fpr, address):
1264
self._pipe = child_pipe
1265
self._pipe.send(('init', fpr, address))
1266
if not self._pipe.recv():
1267
raise KeyError()
1268
1269
def __getattribute__(self, name):
1270
if(name == '_pipe'):
1271
return super(ProxyClient, self).__getattribute__(name)
1272
self._pipe.send(('getattr', name))
1273
data = self._pipe.recv()
1274
if data[0] == 'data':
1275
return data[1]
1276
if data[0] == 'function':
1277
def func(*args, **kwargs):
1278
self._pipe.send(('funcall', name, args, kwargs))
1279
return self._pipe.recv()[1]
1280
return func
1281
1282
def __setattr__(self, name, value):
1283
if(name == '_pipe'):
1284
return super(ProxyClient, self).__setattr__(name, value)
1285
self._pipe.send(('setattr', name, value))
1286
1287
class ClientDBusTransitional(ClientDBus):
1288
__metaclass__ = AlternateDBusNamesMetaclass
1289
1290
class ClientHandler(socketserver.BaseRequestHandler, object):
1291
"""A class to handle client connections.
1292
1293
Instantiated once for each connection to handle it.
675
def peer_certificate(session):
676
"Return the peer's OpenPGP certificate as a bytestring"
677
# If not an OpenPGP certificate...
678
if (gnutls.library.functions
679
.gnutls_certificate_type_get(session._c_object)
680
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
681
# ...do the normal thing
682
return session.peer_certificate
683
list_size = ctypes.c_uint(1)
684
cert_list = (gnutls.library.functions
685
.gnutls_certificate_get_peers
686
(session._c_object, ctypes.byref(list_size)))
687
if not bool(cert_list) and list_size.value != 0:
688
raise gnutls.errors.GNUTLSError("error getting peer"
689
" certificate")
690
if list_size.value == 0:
691
return None
692
cert = cert_list[0]
693
return ctypes.string_at(cert.data, cert.size)
694
695
696
def fingerprint(openpgp):
697
"Convert an OpenPGP bytestring to a hexdigit fingerprint string"
698
# New GnuTLS "datum" with the OpenPGP public key
699
datum = (gnutls.library.types
700
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
701
ctypes.POINTER
702
(ctypes.c_ubyte)),
703
ctypes.c_uint(len(openpgp))))
704
# New empty GnuTLS certificate
705
crt = gnutls.library.types.gnutls_openpgp_crt_t()
706
(gnutls.library.functions
707
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
708
# Import the OpenPGP public key into the certificate
709
(gnutls.library.functions
710
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
711
gnutls.library.constants
712
.GNUTLS_OPENPGP_FMT_RAW))
713
# Verify the self signature in the key
714
crtverify = ctypes.c_uint()
715
(gnutls.library.functions
716
.gnutls_openpgp_crt_verify_self(crt, 0, ctypes.byref(crtverify)))
717
if crtverify.value != 0:
718
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
719
raise gnutls.errors.CertificateSecurityError("Verify failed")
720
# New buffer for the fingerprint
721
buf = ctypes.create_string_buffer(20)
722
buf_len = ctypes.c_size_t()
723
# Get the fingerprint from the certificate into the buffer
724
(gnutls.library.functions
725
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
726
ctypes.byref(buf_len)))
727
# Deinit the certificate
728
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
729
# Convert the buffer to a Python bytestring
730
fpr = ctypes.string_at(buf, buf_len.value)
731
# Convert the bytestring to hexadecimal notation
732
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
733
return hex_fpr
734
735
736
class TCP_handler(SocketServer.BaseRequestHandler, object):
737
"""A TCP request handler class.
738
Instantiated by IPv6_TCPServer for each request to handle it.
1294
739
Note: This will run in its own forked process."""
1295
740
1296
741
def handle(self):
1297
with contextlib.closing(self.server.child_pipe) as child_pipe:
1298
logger.info("TCP connection from: %s",
1299
unicode(self.client_address))
1300
logger.debug("Pipe FD: %d",
1301
self.server.child_pipe.fileno())
1302
742
logger.info(u"TCP connection from: %s",
743
unicode(self.client_address))
744
logger.debug(u"IPC Pipe FD: %d", self.server.pipe[1])
745
# Open IPC pipe to parent process
746
with closing(os.fdopen(self.server.pipe[1], "w", 1)) as ipc:
1303
747
session = (gnutls.connection
1304
748
.ClientSession(self.request,
1305
749
gnutls.connection
1306
750
.X509Credentials()))
1307
751
752
line = self.request.makefile().readline()
753
logger.debug(u"Protocol version: %r", line)
754
try:
755
if int(line.strip().split()[0]) > 1:
756
raise RuntimeError
757
except (ValueError, IndexError, RuntimeError), error:
758
logger.error(u"Unknown protocol version: %s", error)
759
return
760
1308
761
# Note: gnutls.connection.X509Credentials is really a
1309
762
# generic GnuTLS certificate credentials object so long as
1310
763
# no X.509 keys are added to it. Therefore, we can use it
1311
764
# here despite using OpenPGP certificates.
1312
765
1313
766
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
1314
# "+AES-256-CBC", "+SHA1",
1315
# "+COMP-NULL", "+CTYPE-OPENPGP",
1316
# "+DHE-DSS"))
767
# "+AES-256-CBC", "+SHA1",
768
# "+COMP-NULL", "+CTYPE-OPENPGP",
769
# "+DHE-DSS"))
1317
770
# Use a fallback default, since this MUST be set.
1318
priority = self.server.gnutls_priority
1319
if priority is None:
1320
priority = "NORMAL"
771
priority = self.server.settings.get("priority", "NORMAL")
1321
772
(gnutls.library.functions
1322
773
.gnutls_priority_set_direct(session._c_object,
1323
774
priority, None))
1324
775
1325
# Start communication using the Mandos protocol
1326
# Get protocol number
1327
line = self.request.makefile().readline()
1328
logger.debug("Protocol version: %r", line)
1329
try:
1330
if int(line.strip().split()[0]) > 1:
1331
raise RuntimeError
1332
except (ValueError, IndexError, RuntimeError) as error:
1333
logger.error("Unknown protocol version: %s", error)
1334
return
1335
1336
# Start GnuTLS connection
1337
776
try:
1338
777
session.handshake()
1339
except gnutls.errors.GNUTLSError as error:
1340
logger.warning("Handshake failed: %s", error)
778
except gnutls.errors.GNUTLSError, error:
779
logger.warning(u"Handshake failed: %s", error)
1341
780
# Do not run session.bye() here: the session is not
1342
781
# established. Just abandon the request.
1343
782
return
1344
logger.debug("Handshake succeeded")
1345
1346
approval_required = False
783
logger.debug(u"Handshake succeeded")
1347
784
try:
1348
try:
1349
fpr = self.fingerprint(self.peer_certificate
1350
(session))
1351
except (TypeError,
1352
gnutls.errors.GNUTLSError) as error:
1353
logger.warning("Bad certificate: %s", error)
1354
return
1355
logger.debug("Fingerprint: %s", fpr)
1356
1357
try:
1358
client = ProxyClient(child_pipe, fpr,
1359
self.client_address)
1360
except KeyError:
1361
return
1362
1363
if client.approval_delay:
1364
delay = client.approval_delay
1365
client.approvals_pending += 1
1366
approval_required = True
1367
1368
while True:
1369
if not client.enabled:
1370
logger.info("Client %s is disabled",
1371
client.name)
1372
if self.server.use_dbus:
1373
# Emit D-Bus signal
1374
client.Rejected("Disabled")
1375
return
1376
1377
if client._approved or not client.approval_delay:
1378
#We are approved or approval is disabled
1379
break
1380
elif client._approved is None:
1381
logger.info("Client %s needs approval",
1382
client.name)
1383
if self.server.use_dbus:
1384
# Emit D-Bus signal
1385
client.NeedApproval(
1386
client.approval_delay_milliseconds(),
1387
client.approved_by_default)
1388
else:
1389
logger.warning("Client %s was not approved",
1390
client.name)
1391
if self.server.use_dbus:
1392
# Emit D-Bus signal
1393
client.Rejected("Denied")
1394
return
1395
1396
#wait until timeout or approved
1397
time = datetime.datetime.now()
1398
client.changedstate.acquire()
1399
(client.changedstate.wait
1400
(float(client._timedelta_to_milliseconds(delay)
1401
/ 1000)))
1402
client.changedstate.release()
1403
time2 = datetime.datetime.now()
1404
if (time2 - time) >= delay:
1405
if not client.approved_by_default:
1406
logger.warning("Client %s timed out while"
1407
" waiting for approval",
1408
client.name)
1409
if self.server.use_dbus:
1410
# Emit D-Bus signal
1411
client.Rejected("Approval timed out")
1412
return
1413
else:
1414
break
1415
else:
1416
delay -= time2 - time
1417
1418
sent_size = 0
1419
while sent_size < len(client.secret):
1420
try:
1421
sent = session.send(client.secret[sent_size:])
1422
except gnutls.errors.GNUTLSError as error:
1423
logger.warning("gnutls send failed")
1424
return
1425
logger.debug("Sent: %d, remaining: %d",
1426
sent, len(client.secret)
1427
- (sent_size + sent))
1428
sent_size += sent
1429
1430
logger.info("Sending secret to %s", client.name)
1431
# bump the timeout as if seen
1432
client.checked_ok(client.extended_timeout)
1433
if self.server.use_dbus:
1434
# Emit D-Bus signal
1435
client.GotSecret()
785
fpr = fingerprint(peer_certificate(session))
786
except (TypeError, gnutls.errors.GNUTLSError), error:
787
logger.warning(u"Bad certificate: %s", error)
788
session.bye()
789
return
790
logger.debug(u"Fingerprint: %s", fpr)
1436
791
1437
finally:
1438
if approval_required:
1439
client.approvals_pending -= 1
1440
try:
1441
session.bye()
1442
except gnutls.errors.GNUTLSError as error:
1443
logger.warning("GnuTLS bye failed")
1444
1445
@staticmethod
1446
def peer_certificate(session):
1447
"Return the peer's OpenPGP certificate as a bytestring"
1448
# If not an OpenPGP certificate...
1449
if (gnutls.library.functions
1450
.gnutls_certificate_type_get(session._c_object)
1451
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
1452
# ...do the normal thing
1453
return session.peer_certificate
1454
list_size = ctypes.c_uint(1)
1455
cert_list = (gnutls.library.functions
1456
.gnutls_certificate_get_peers
1457
(session._c_object, ctypes.byref(list_size)))
1458
if not bool(cert_list) and list_size.value != 0:
1459
raise gnutls.errors.GNUTLSError("error getting peer"
1460
" certificate")
1461
if list_size.value == 0:
1462
return None
1463
cert = cert_list[0]
1464
return ctypes.string_at(cert.data, cert.size)
1465
1466
@staticmethod
1467
def fingerprint(openpgp):
1468
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
1469
# New GnuTLS "datum" with the OpenPGP public key
1470
datum = (gnutls.library.types
1471
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
1472
ctypes.POINTER
1473
(ctypes.c_ubyte)),
1474
ctypes.c_uint(len(openpgp))))
1475
# New empty GnuTLS certificate
1476
crt = gnutls.library.types.gnutls_openpgp_crt_t()
1477
(gnutls.library.functions
1478
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
1479
# Import the OpenPGP public key into the certificate
1480
(gnutls.library.functions
1481
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
1482
gnutls.library.constants
1483
.GNUTLS_OPENPGP_FMT_RAW))
1484
# Verify the self signature in the key
1485
crtverify = ctypes.c_uint()
1486
(gnutls.library.functions
1487
.gnutls_openpgp_crt_verify_self(crt, 0,
1488
ctypes.byref(crtverify)))
1489
if crtverify.value != 0:
1490
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1491
raise (gnutls.errors.CertificateSecurityError
1492
("Verify failed"))
1493
# New buffer for the fingerprint
1494
buf = ctypes.create_string_buffer(20)
1495
buf_len = ctypes.c_size_t()
1496
# Get the fingerprint from the certificate into the buffer
1497
(gnutls.library.functions
1498
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
1499
ctypes.byref(buf_len)))
1500
# Deinit the certificate
1501
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1502
# Convert the buffer to a Python bytestring
1503
fpr = ctypes.string_at(buf, buf_len.value)
1504
# Convert the bytestring to hexadecimal notation
1505
hex_fpr = ''.join("%02X" % ord(char) for char in fpr)
1506
return hex_fpr
1507
1508
1509
class MultiprocessingMixIn(object):
1510
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
1511
def sub_process_main(self, request, address):
1512
try:
1513
self.finish_request(request, address)
1514
except:
1515
self.handle_error(request, address)
1516
self.close_request(request)
1517
1518
def process_request(self, request, address):
1519
"""Start a new process to process the request."""
1520
proc = multiprocessing.Process(target = self.sub_process_main,
1521
args = (request,
1522
address))
1523
proc.start()
1524
return proc
1525
1526
1527
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
1528
""" adds a pipe to the MixIn """
792
for c in self.server.clients:
793
if c.fingerprint == fpr:
794
client = c
795
break
796
else:
797
logger.warning(u"Client not found for fingerprint: %s",
798
fpr)
799
ipc.write("NOTFOUND %s\n" % fpr)
800
session.bye()
801
return
802
# Have to check if client.still_valid(), since it is
803
# possible that the client timed out while establishing
804
# the GnuTLS session.
805
if not client.still_valid():
806
logger.warning(u"Client %(name)s is invalid",
807
vars(client))
808
ipc.write("INVALID %s\n" % client.name)
809
session.bye()
810
return
811
ipc.write("SENDING %s\n" % client.name)
812
sent_size = 0
813
while sent_size < len(client.secret):
814
sent = session.send(client.secret[sent_size:])
815
logger.debug(u"Sent: %d, remaining: %d",
816
sent, len(client.secret)
817
- (sent_size + sent))
818
sent_size += sent
819
session.bye()
820
821
822
class ForkingMixInWithPipe(SocketServer.ForkingMixIn, object):
823
"""Like SocketServer.ForkingMixIn, but also pass a pipe.
824
Assumes a gobject.MainLoop event loop.
825
"""
1529
826
def process_request(self, request, client_address):
1530
"""Overrides and wraps the original process_request().
1531
1532
This function creates a new pipe in self.pipe
827
"""This overrides and wraps the original process_request().
828
This function creates a new pipe in self.pipe
1533
829
"""
1534
parent_pipe, self.child_pipe = multiprocessing.Pipe()
1535
1536
proc = MultiprocessingMixIn.process_request(self, request,
1537
client_address)
1538
self.child_pipe.close()
1539
self.add_pipe(parent_pipe, proc)
1540
1541
def add_pipe(self, parent_pipe, proc):
830
self.pipe = os.pipe()
831
super(ForkingMixInWithPipe,
832
self).process_request(request, client_address)
833
os.close(self.pipe[1]) # close write end
834
# Call "handle_ipc" for both data and EOF events
835
gobject.io_add_watch(self.pipe[0],
836
gobject.IO_IN | gobject.IO_HUP,
837
self.handle_ipc)
838
def handle_ipc(source, condition):
1542
839
"""Dummy function; override as necessary"""
1543
raise NotImplementedError
1544
1545
1546
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
1547
socketserver.TCPServer, object):
840
os.close(source)
841
return False
842
843
844
class IPv6_TCPServer(ForkingMixInWithPipe,
845
SocketServer.TCPServer, object):
1548
846
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
1549
1550
847
Attributes:
848
settings: Server settings
849
clients: Set() of Client objects
1551
850
enabled: Boolean; whether this server is activated yet
1552
interface: None or a network interface name (string)
1553
use_ipv6: Boolean; to use IPv6 or not
1554
851
"""
1555
def __init__(self, server_address, RequestHandlerClass,
1556
interface=None, use_ipv6=True):
1557
self.interface = interface
1558
if use_ipv6:
1559
self.address_family = socket.AF_INET6
1560
socketserver.TCPServer.__init__(self, server_address,
1561
RequestHandlerClass)
852
address_family = socket.AF_INET6
853
def __init__(self, *args, **kwargs):
854
if "settings" in kwargs:
855
self.settings = kwargs["settings"]
856
del kwargs["settings"]
857
if "clients" in kwargs:
858
self.clients = kwargs["clients"]
859
del kwargs["clients"]
860
if "use_ipv6" in kwargs:
861
if not kwargs["use_ipv6"]:
862
self.address_family = socket.AF_INET
863
del kwargs["use_ipv6"]
864
self.enabled = False
865
super(IPv6_TCPServer, self).__init__(*args, **kwargs)
1562
866
def server_bind(self):
1563
867
"""This overrides the normal server_bind() function
1564
868
to bind to an interface if one was specified, and also NOT to
1565
869
bind to an address or port if they were not specified."""
1566
if self.interface is not None:
1567
if SO_BINDTODEVICE is None:
1568
logger.error("SO_BINDTODEVICE does not exist;"
1569
" cannot bind to interface %s",
1570
self.interface)
1571
else:
1572
try:
1573
self.socket.setsockopt(socket.SOL_SOCKET,
1574
SO_BINDTODEVICE,
1575
str(self.interface
1576
+ '\0'))
1577
except socket.error as error:
1578
if error[0] == errno.EPERM:
1579
logger.error("No permission to"
1580
" bind to interface %s",
1581
self.interface)
1582
elif error[0] == errno.ENOPROTOOPT:
1583
logger.error("SO_BINDTODEVICE not available;"
1584
" cannot bind to interface %s",
1585
self.interface)
1586
else:
1587
raise
870
if self.settings["interface"]:
871
# 25 is from /usr/include/asm-i486/socket.h
872
SO_BINDTODEVICE = getattr(socket, "SO_BINDTODEVICE", 25)
873
try:
874
self.socket.setsockopt(socket.SOL_SOCKET,
875
SO_BINDTODEVICE,
876
self.settings["interface"])
877
except socket.error, error:
878
if error[0] == errno.EPERM:
879
logger.error(u"No permission to"
880
u" bind to interface %s",
881
self.settings["interface"])
882
else:
883
raise
1588
884
# Only bind(2) the socket if we really need to.
1589
885
if self.server_address[0] or self.server_address[1]:
1590
886
if not self.server_address[0]:
1597
893
elif not self.server_address[1]:
1598
894
self.server_address = (self.server_address[0],
1599
895
0)
1600
# if self.interface:
896
# if self.settings["interface"]:
1601
897
# self.server_address = (self.server_address[0],
1602
898
# 0, # port
1603
899
# 0, # flowinfo
1604
900
# if_nametoindex
1605
# (self.interface))
1606
return socketserver.TCPServer.server_bind(self)
1607
1608
1609
class MandosServer(IPv6_TCPServer):
1610
"""Mandos server.
1611
1612
Attributes:
1613
clients: set of Client objects
1614
gnutls_priority GnuTLS priority string
1615
use_dbus: Boolean; to emit D-Bus signals or not
1616
1617
Assumes a gobject.MainLoop event loop.
1618
"""
1619
def __init__(self, server_address, RequestHandlerClass,
1620
interface=None, use_ipv6=True, clients=None,
1621
gnutls_priority=None, use_dbus=True):
1622
self.enabled = False
1623
self.clients = clients
1624
if self.clients is None:
1625
self.clients = set()
1626
self.use_dbus = use_dbus
1627
self.gnutls_priority = gnutls_priority
1628
IPv6_TCPServer.__init__(self, server_address,
1629
RequestHandlerClass,
1630
interface = interface,
1631
use_ipv6 = use_ipv6)
901
# (self.settings
902
# ["interface"]))
903
return super(IPv6_TCPServer, self).server_bind()
1632
904
def server_activate(self):
1633
905
if self.enabled:
1634
return socketserver.TCPServer.server_activate(self)
1635
906
return super(IPv6_TCPServer, self).server_activate()
1636
907
def enable(self):
1637
908
self.enabled = True
1638
1639
def add_pipe(self, parent_pipe, proc):
1640
# Call "handle_ipc" for both data and EOF events
1641
gobject.io_add_watch(parent_pipe.fileno(),
1642
gobject.IO_IN | gobject.IO_HUP,
1643
functools.partial(self.handle_ipc,
1644
parent_pipe =
1645
parent_pipe,
1646
proc = proc))
1647
1648
def handle_ipc(self, source, condition, parent_pipe=None,
1649
proc = None, client_object=None):
909
def handle_ipc(self, source, condition, file_objects={}):
1650
910
condition_names = {
1651
gobject.IO_IN: "IN", # There is data to read.
911
gobject.IO_IN: "IN", # There is data to read.
1652
912
gobject.IO_OUT: "OUT", # Data can be written (without
1653
# blocking).
913
# blocking).
1654
914
gobject.IO_PRI: "PRI", # There is urgent data to read.
1655
915
gobject.IO_ERR: "ERR", # Error condition.
1656
916
gobject.IO_HUP: "HUP" # Hung up (the connection has been
1657
# broken, usually for pipes and
1658
# sockets).
917
# broken, usually for pipes and
918
# sockets).
1659
919
}
1660
920
conditions_string = ' | '.join(name
1661
921
for cond, name in
1662
922
condition_names.iteritems()
1663
923
if cond & condition)
1664
# error or the other end of multiprocessing.Pipe has closed
1665
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
1666
proc.join()
924
logger.debug("Handling IPC: FD = %d, condition = %s", source,
925
conditions_string)
926
927
# Turn the pipe file descriptor into a Python file object
928
if source not in file_objects:
929
file_objects[source] = os.fdopen(source, "r", 1)
930
931
# Read a line from the file object
932
cmdline = file_objects[source].readline()
933
if not cmdline: # Empty line means end of file
934
# close the IPC pipe
935
file_objects[source].close()
936
del file_objects[source]
937
938
# Stop calling this function
1667
939
return False
1668
940
1669
# Read a request from the child
1670
request = parent_pipe.recv()
1671
command = request[0]
941
logger.debug("IPC command: %r\n" % cmdline)
1672
942
1673
if command == 'init':
1674
fpr = request[1]
1675
address = request[2]
1676
1677
for c in self.clients:
1678
if c.fingerprint == fpr:
1679
client = c
943
# Parse and act on command
944
cmd, args = cmdline.split(None, 1)
945
if cmd == "NOTFOUND":
946
if self.settings["use_dbus"]:
947
# Emit D-Bus signal
948
mandos_dbus_service.ClientNotFound(args)
949
elif cmd == "INVALID":
950
if self.settings["use_dbus"]:
951
for client in self.clients:
952
if client.name == args:
953
# Emit D-Bus signal
954
client.Rejected()
955
break
956
elif cmd == "SENDING":
957
for client in self.clients:
958
if client.name == args:
959
client.checked_ok()
960
if self.settings["use_dbus"]:
961
# Emit D-Bus signal
962
client.ReceivedSecret()
1680
963
break
1681
else:
1682
logger.info("Client not found for fingerprint: %s, ad"
1683
"dress: %s", fpr, address)
1684
if self.use_dbus:
1685
# Emit D-Bus signal
1686
mandos_dbus_service.ClientNotFound(fpr,
1687
address[0])
1688
parent_pipe.send(False)
1689
return False
1690
1691
gobject.io_add_watch(parent_pipe.fileno(),
1692
gobject.IO_IN | gobject.IO_HUP,
1693
functools.partial(self.handle_ipc,
1694
parent_pipe =
1695
parent_pipe,
1696
proc = proc,
1697
client_object =
1698
client))
1699
parent_pipe.send(True)
1700
# remove the old hook in favor of the new above hook on
1701
# same fileno
1702
return False
1703
if command == 'funcall':
1704
funcname = request[1]
1705
args = request[2]
1706
kwargs = request[3]
1707
1708
parent_pipe.send(('data', getattr(client_object,
1709
funcname)(*args,
1710
**kwargs)))
1711
1712
if command == 'getattr':
1713
attrname = request[1]
1714
if callable(client_object.__getattribute__(attrname)):
1715
parent_pipe.send(('function',))
1716
else:
1717
parent_pipe.send(('data', client_object
1718
.__getattribute__(attrname)))
1719
1720
if command == 'setattr':
1721
attrname = request[1]
1722
value = request[2]
1723
setattr(client_object, attrname, value)
1724
964
else:
965
logger.error("Unknown IPC command: %r", cmdline)
966
967
# Keep calling this function
1725
968
return True
1726
969
1727
970
1736
979
datetime.timedelta(0, 3600)
1737
980
>>> string_to_delta('24h')
1738
981
datetime.timedelta(1)
1739
>>> string_to_delta('1w')
982
>>> string_to_delta(u'1w')
1740
983
datetime.timedelta(7)
1741
984
>>> string_to_delta('5m 30s')
1742
985
datetime.timedelta(0, 330)
1746
989
try:
1747
990
suffix = unicode(s[-1])
1748
991
value = int(s[:-1])
1749
if suffix == "d":
992
if suffix == u"d":
1750
993
delta = datetime.timedelta(value)
1751
elif suffix == "s":
994
elif suffix == u"s":
1752
995
delta = datetime.timedelta(0, value)
1753
elif suffix == "m":
996
elif suffix == u"m":
1754
997
delta = datetime.timedelta(0, 0, 0, 0, value)
1755
elif suffix == "h":
998
elif suffix == u"h":
1756
999
delta = datetime.timedelta(0, 0, 0, 0, 0, value)
1757
elif suffix == "w":
1000
elif suffix == u"w":
1758
1001
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
1759
1002
else:
1760
raise ValueError("Unknown suffix %r" % suffix)
1761
except (ValueError, IndexError) as e:
1762
raise ValueError(*(e.args))
1003
raise ValueError
1004
except (ValueError, IndexError):
1005
raise ValueError
1763
1006
timevalue += delta
1764
1007
return timevalue
1765
1008
1766
1009
1010
def server_state_changed(state):
1011
"""Derived from the Avahi example code"""
1012
if state == avahi.SERVER_COLLISION:
1013
logger.error(u"Zeroconf server name collision")
1014
service.remove()
1015
elif state == avahi.SERVER_RUNNING:
1016
service.add()
1017
1018
1019
def entry_group_state_changed(state, error):
1020
"""Derived from the Avahi example code"""
1021
logger.debug(u"Avahi state change: %i", state)
1022
1023
if state == avahi.ENTRY_GROUP_ESTABLISHED:
1024
logger.debug(u"Zeroconf service established.")
1025
elif state == avahi.ENTRY_GROUP_COLLISION:
1026
logger.warning(u"Zeroconf service name collision.")
1027
service.rename()
1028
elif state == avahi.ENTRY_GROUP_FAILURE:
1029
logger.critical(u"Avahi: Error in group state changed %s",
1030
unicode(error))
1031
raise AvahiGroupError(u"State changed: %s" % unicode(error))
1032
1767
1033
def if_nametoindex(interface):
1768
"""Call the C function if_nametoindex(), or equivalent
1769
1770
Note: This function cannot accept a unicode string."""
1034
"""Call the C function if_nametoindex(), or equivalent"""
1771
1035
global if_nametoindex
1772
1036
try:
1773
1037
if_nametoindex = (ctypes.cdll.LoadLibrary
1774
1038
(ctypes.util.find_library("c"))
1775
1039
.if_nametoindex)
1776
1040
except (OSError, AttributeError):
1777
logger.warning("Doing if_nametoindex the hard way")
1041
if "struct" not in sys.modules:
1042
import struct
1043
if "fcntl" not in sys.modules:
1044
import fcntl
1778
1045
def if_nametoindex(interface):
1779
1046
"Get an interface index the hard way, i.e. using fcntl()"
1780
1047
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
1781
with contextlib.closing(socket.socket()) as s:
1048
with closing(socket.socket()) as s:
1782
1049
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
1783
struct.pack(str("16s16x"),
1784
interface))
1785
interface_index = struct.unpack(str("I"),
1786
ifreq[16:20])[0]
1050
struct.pack("16s16x", interface))
1051
interface_index = struct.unpack("I", ifreq[16:20])[0]
1787
1052
return interface_index
1788
1053
return if_nametoindex(interface)
1789
1054
1790
1055
1791
1056
def daemon(nochdir = False, noclose = False):
1792
1057
"""See daemon(3). Standard BSD Unix function.
1793
1794
1058
This should really exist as os.daemon, but it doesn't (yet)."""
1795
1059
if os.fork():
1796
1060
sys.exit()
1804
1068
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1805
1069
if not stat.S_ISCHR(os.fstat(null).st_mode):
1806
1070
raise OSError(errno.ENODEV,
1807
"%s not a character device"
1808
% os.path.devnull)
1071
"/dev/null not a character device")
1809
1072
os.dup2(null, sys.stdin.fileno())
1810
1073
os.dup2(null, sys.stdout.fileno())
1811
1074
os.dup2(null, sys.stderr.fileno())
1815
1078
1816
1079
def main():
1817
1080
1818
##################################################################
1081
######################################################################
1819
1082
# Parsing of options, both command line and config file
1820
1083
1821
parser = argparse.ArgumentParser()
1822
parser.add_argument("-v", "--version", action="version",
1823
version = "%%(prog)s %s" % version,
1824
help="show version number and exit")
1825
parser.add_argument("-i", "--interface", metavar="IF",
1826
help="Bind to interface IF")
1827
parser.add_argument("-a", "--address",
1828
help="Address to listen for requests on")
1829
parser.add_argument("-p", "--port", type=int,
1830
help="Port number to receive requests on")
1831
parser.add_argument("--check", action="store_true",
1832
help="Run self-test")
1833
parser.add_argument("--debug", action="store_true",
1834
help="Debug mode; run in foreground and log"
1835
" to terminal")
1836
parser.add_argument("--debuglevel", metavar="LEVEL",
1837
help="Debug level for stdout output")
1838
parser.add_argument("--priority", help="GnuTLS"
1839
" priority string (see GnuTLS documentation)")
1840
parser.add_argument("--servicename",
1841
metavar="NAME", help="Zeroconf service name")
1842
parser.add_argument("--configdir",
1843
default="/etc/mandos", metavar="DIR",
1844
help="Directory to search for configuration"
1845
" files")
1846
parser.add_argument("--no-dbus", action="store_false",
1847
dest="use_dbus", help="Do not provide D-Bus"
1848
" system bus interface")
1849
parser.add_argument("--no-ipv6", action="store_false",
1850
dest="use_ipv6", help="Do not use IPv6")
1851
options = parser.parse_args()
1084
parser = optparse.OptionParser(version = "%%prog %s" % version)
1085
parser.add_option("-i", "--interface", type="string",
1086
metavar="IF", help="Bind to interface IF")
1087
parser.add_option("-a", "--address", type="string",
1088
help="Address to listen for requests on")
1089
parser.add_option("-p", "--port", type="int",
1090
help="Port number to receive requests on")
1091
parser.add_option("--check", action="store_true",
1092
help="Run self-test")
1093
parser.add_option("--debug", action="store_true",
1094
help="Debug mode; run in foreground and log to"
1095
" terminal")
1096
parser.add_option("--priority", type="string", help="GnuTLS"
1097
" priority string (see GnuTLS documentation)")
1098
parser.add_option("--servicename", type="string", metavar="NAME",
1099
help="Zeroconf service name")
1100
parser.add_option("--configdir", type="string",
1101
default="/etc/mandos", metavar="DIR",
1102
help="Directory to search for configuration"
1103
" files")
1104
parser.add_option("--no-dbus", action="store_false",
1105
dest="use_dbus",
1106
help="Do not provide D-Bus system bus"
1107
" interface")
1108
parser.add_option("--no-ipv6", action="store_false",
1109
dest="use_ipv6", help="Do not use IPv6")
1110
options = parser.parse_args()[0]
1852
1111
1853
1112
if options.check:
1854
1113
import doctest
1865
1124
"servicename": "Mandos",
1866
1125
"use_dbus": "True",
1867
1126
"use_ipv6": "True",
1868
"debuglevel": "",
1869
1127
}
1870
1128
1871
1129
# Parse config file for server-global settings
1872
server_config = configparser.SafeConfigParser(server_defaults)
1130
server_config = ConfigParser.SafeConfigParser(server_defaults)
1873
1131
del server_defaults
1874
server_config.read(os.path.join(options.configdir,
1875
"mandos.conf"))
1132
server_config.read(os.path.join(options.configdir, "mandos.conf"))
1876
1133
# Convert the SafeConfigParser object to a dict
1877
1134
server_settings = server_config.defaults()
1878
1135
# Use the appropriate methods on the non-string config options
1879
for option in ("debug", "use_dbus", "use_ipv6"):
1880
server_settings[option] = server_config.getboolean("DEFAULT",
1881
option)
1136
server_settings["debug"] = server_config.getboolean("DEFAULT",
1137
"debug")
1138
server_settings["use_dbus"] = server_config.getboolean("DEFAULT",
1139
"use_dbus")
1140
server_settings["use_ipv6"] = server_config.getboolean("DEFAULT",
1141
"use_ipv6")
1882
1142
if server_settings["port"]:
1883
1143
server_settings["port"] = server_config.getint("DEFAULT",
1884
1144
"port")
1888
1148
# options, if set.
1889
1149
for option in ("interface", "address", "port", "debug",
1890
1150
"priority", "servicename", "configdir",
1891
"use_dbus", "use_ipv6", "debuglevel"):
1151
"use_dbus", "use_ipv6"):
1892
1152
value = getattr(options, option)
1893
1153
if value is not None:
1894
1154
server_settings[option] = value
1895
1155
del options
1896
# Force all strings to be unicode
1897
for option in server_settings.keys():
1898
if type(server_settings[option]) is str:
1899
server_settings[option] = unicode(server_settings[option])
1900
1156
# Now we have our good server settings in "server_settings"
1901
1157
1902
1158
##################################################################
1903
1159
1904
1160
# For convenience
1905
1161
debug = server_settings["debug"]
1906
debuglevel = server_settings["debuglevel"]
1907
1162
use_dbus = server_settings["use_dbus"]
1908
1163
use_ipv6 = server_settings["use_ipv6"]
1909
1164
1165
if not debug:
1166
syslogger.setLevel(logging.WARNING)
1167
console.setLevel(logging.WARNING)
1168
1910
1169
if server_settings["servicename"] != "Mandos":
1911
1170
syslogger.setFormatter(logging.Formatter
1912
1171
('Mandos (%s) [%%(process)d]:'
1914
1173
% server_settings["servicename"]))
1915
1174
1916
1175
# Parse config file with clients
1917
client_defaults = { "timeout": "5m",
1918
"extended_timeout": "15m",
1919
"interval": "2m",
1176
client_defaults = { "timeout": "1h",
1177
"interval": "5m",
1920
1178
"checker": "fping -q -- %%(host)s",
1921
1179
"host": "",
1922
"approval_delay": "0s",
1923
"approval_duration": "1s",
1924
1180
}
1925
client_config = configparser.SafeConfigParser(client_defaults)
1181
client_config = ConfigParser.SafeConfigParser(client_defaults)
1926
1182
client_config.read(os.path.join(server_settings["configdir"],
1927
1183
"clients.conf"))
1928
1184
1929
1185
global mandos_dbus_service
1930
1186
mandos_dbus_service = None
1931
1187
1932
tcp_server = MandosServer((server_settings["address"],
1933
server_settings["port"]),
1934
ClientHandler,
1935
interface=(server_settings["interface"]
1936
or None),
1937
use_ipv6=use_ipv6,
1938
gnutls_priority=
1939
server_settings["priority"],
1940
use_dbus=use_dbus)
1941
if not debug:
1942
pidfilename = "/var/run/mandos.pid"
1943
try:
1944
pidfile = open(pidfilename, "w")
1945
except IOError:
1946
logger.error("Could not open file %r", pidfilename)
1188
clients = Set()
1189
tcp_server = IPv6_TCPServer((server_settings["address"],
1190
server_settings["port"]),
1191
TCP_handler,
1192
settings=server_settings,
1193
clients=clients, use_ipv6=use_ipv6)
1194
pidfilename = "/var/run/mandos.pid"
1195
try:
1196
pidfile = open(pidfilename, "w")
1197
except IOError:
1198
logger.error("Could not open file %r", pidfilename)
1947
1199
1948
1200
try:
1949
1201
uid = pwd.getpwnam("_mandos").pw_uid
1955
1207
except KeyError:
1956
1208
try:
1957
1209
uid = pwd.getpwnam("nobody").pw_uid
1958
gid = pwd.getpwnam("nobody").pw_gid
1210
gid = pwd.getpwnam("nogroup").pw_gid
1959
1211
except KeyError:
1960
1212
uid = 65534
1961
1213
gid = 65534
1962
1214
try:
1963
1215
os.setgid(gid)
1964
1216
os.setuid(uid)
1965
except OSError as error:
1217
except OSError, error:
1966
1218
if error[0] != errno.EPERM:
1967
1219
raise error
1968
1220
1969
if not debug and not debuglevel:
1970
syslogger.setLevel(logging.WARNING)
1971
console.setLevel(logging.WARNING)
1972
if debuglevel:
1973
level = getattr(logging, debuglevel.upper())
1974
syslogger.setLevel(level)
1975
console.setLevel(level)
1976
1221
# Enable all possible GnuTLS debugging
1977
1222
if debug:
1978
# Enable all possible GnuTLS debugging
1979
1980
1223
# "Use a log level over 10 to enable all debugging options."
1981
1224
# - GnuTLS manual
1982
1225
gnutls.library.functions.gnutls_global_set_log_level(11)
1987
1230
1988
1231
(gnutls.library.functions
1989
1232
.gnutls_global_set_log_function(debug_gnutls))
1990
1991
# Redirect stdin so all checkers get /dev/null
1992
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1993
os.dup2(null, sys.stdin.fileno())
1994
if null > 2:
1995
os.close(null)
1996
else:
1997
# No console logging
1998
logger.removeHandler(console)
1999
1233
2000
# Need to fork before connecting to D-Bus
2001
if not debug:
2002
# Close all input and output, do double fork, etc.
2003
daemon()
1234
global service
1235
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
1236
service = AvahiService(name = server_settings["servicename"],
1237
servicetype = "_mandos._tcp",
1238
protocol = protocol)
1239
if server_settings["interface"]:
1240
service.interface = (if_nametoindex
1241
(server_settings["interface"]))
2004
1242
2005
1243
global main_loop
1244
global bus
1245
global server
2006
1246
# From the Avahi example code
2007
1247
DBusGMainLoop(set_as_default=True )
2008
1248
main_loop = gobject.MainLoop()
2009
1249
bus = dbus.SystemBus()
1250
server = dbus.Interface(bus.get_object(avahi.DBUS_NAME,
1251
avahi.DBUS_PATH_SERVER),
1252
avahi.DBUS_INTERFACE_SERVER)
2010
1253
# End of Avahi example code
2011
1254
if use_dbus:
2012
try:
2013
bus_name = dbus.service.BusName("se.recompile.Mandos",
2014
bus, do_not_queue=True)
2015
old_bus_name = (dbus.service.BusName
2016
("se.bsnet.fukt.Mandos", bus,
2017
do_not_queue=True))
2018
except dbus.exceptions.NameExistsException as e:
2019
logger.error(unicode(e) + ", disabling D-Bus")
2020
use_dbus = False
2021
server_settings["use_dbus"] = False
2022
tcp_server.use_dbus = False
2023
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2024
service = AvahiService(name = server_settings["servicename"],
2025
servicetype = "_mandos._tcp",
2026
protocol = protocol, bus = bus)
2027
if server_settings["interface"]:
2028
service.interface = (if_nametoindex
2029
(str(server_settings["interface"])))
2030
2031
global multiprocessing_manager
2032
multiprocessing_manager = multiprocessing.Manager()
1255
bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos", bus)
2033
1256
2034
1257
client_class = Client
2035
1258
if use_dbus:
2036
client_class = functools.partial(ClientDBusTransitional,
2037
bus = bus)
2038
def client_config_items(config, section):
2039
special_settings = {
2040
"approved_by_default":
2041
lambda: config.getboolean(section,
2042
"approved_by_default"),
2043
}
2044
for name, value in config.items(section):
2045
try:
2046
yield (name, special_settings[name]())
2047
except KeyError:
2048
yield (name, value)
2049
2050
tcp_server.clients.update(set(
1259
client_class = ClientDBus
1260
clients.update(Set(
2051
1261
client_class(name = section,
2052
config= dict(client_config_items(
2053
client_config, section)))
1262
config= dict(client_config.items(section)))
2054
1263
for section in client_config.sections()))
2055
if not tcp_server.clients:
2056
logger.warning("No clients defined")
1264
if not clients:
1265
logger.warning(u"No clients defined")
1266
1267
if debug:
1268
# Redirect stdin so all checkers get /dev/null
1269
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1270
os.dup2(null, sys.stdin.fileno())
1271
if null > 2:
1272
os.close(null)
1273
else:
1274
# No console logging
1275
logger.removeHandler(console)
1276
# Close all input and output, do double fork, etc.
1277
daemon()
1278
1279
try:
1280
with closing(pidfile):
1281
pid = os.getpid()
1282
pidfile.write(str(pid) + "\n")
1283
del pidfile
1284
except IOError:
1285
logger.error(u"Could not write to file %r with PID %d",
1286
pidfilename, pid)
1287
except NameError:
1288
# "pidfile" was never created
1289
pass
1290
del pidfilename
1291
1292
def cleanup():
1293
"Cleanup function; run on exit"
1294
global group
1295
# From the Avahi example code
1296
if not group is None:
1297
group.Free()
1298
group = None
1299
# End of Avahi example code
2057
1300
1301
while clients:
1302
client = clients.pop()
1303
client.disable_hook = None
1304
client.disable()
1305
1306
atexit.register(cleanup)
1307
2058
1308
if not debug:
2059
try:
2060
with pidfile:
2061
pid = os.getpid()
2062
pidfile.write(str(pid) + "\n".encode("utf-8"))
2063
del pidfile
2064
except IOError:
2065
logger.error("Could not write to file %r with PID %d",
2066
pidfilename, pid)
2067
except NameError:
2068
# "pidfile" was never created
2069
pass
2070
del pidfilename
2071
2072
1309
signal.signal(signal.SIGINT, signal.SIG_IGN)
2073
2074
1310
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
2075
1311
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
2076
1312
2079
1315
"""A D-Bus proxy object"""
2080
1316
def __init__(self):
2081
1317
dbus.service.Object.__init__(self, bus, "/")
2082
_interface = "se.recompile.Mandos"
1318
_interface = u"se.bsnet.fukt.Mandos"
2083
1319
2084
@dbus.service.signal(_interface, signature="o")
2085
def ClientAdded(self, objpath):
1320
@dbus.service.signal(_interface, signature="oa{sv}")
1321
def ClientAdded(self, objpath, properties):
2086
1322
"D-Bus signal"
2087
1323
pass
2088
1324
2089
@dbus.service.signal(_interface, signature="ss")
2090
def ClientNotFound(self, fingerprint, address):
1325
@dbus.service.signal(_interface, signature="s")
1326
def ClientNotFound(self, fingerprint):
2091
1327
"D-Bus signal"
2092
1328
pass
2093
1329
2099
1335
@dbus.service.method(_interface, out_signature="ao")
2100
1336
def GetAllClients(self):
2101
1337
"D-Bus method"
2102
return dbus.Array(c.dbus_object_path
2103
for c in tcp_server.clients)
1338
return dbus.Array(c.dbus_object_path for c in clients)
2104
1339
2105
@dbus.service.method(_interface,
2106
out_signature="a{oa{sv}}")
1340
@dbus.service.method(_interface, out_signature="a{oa{sv}}")
2107
1341
def GetAllClientsWithProperties(self):
2108
1342
"D-Bus method"
2109
1343
return dbus.Dictionary(
2110
((c.dbus_object_path, c.GetAll(""))
2111
for c in tcp_server.clients),
1344
((c.dbus_object_path, c.GetAllProperties())
1345
for c in clients),
2112
1346
signature="oa{sv}")
2113
1347
2114
1348
@dbus.service.method(_interface, in_signature="o")
2115
1349
def RemoveClient(self, object_path):
2116
1350
"D-Bus method"
2117
for c in tcp_server.clients:
1351
for c in clients:
2118
1352
if c.dbus_object_path == object_path:
2119
tcp_server.clients.remove(c)
1353
clients.remove(c)
2120
1354
c.remove_from_connection()
2121
1355
# Don't signal anything except ClientRemoved
2122
c.disable(quiet=True)
1356
c.disable(signal=False)
2123
1357
# Emit D-Bus signal
2124
1358
self.ClientRemoved(object_path, c.name)
2125
1359
return
2126
raise KeyError(object_path)
1360
raise KeyError
2127
1361
2128
1362
del _interface
2129
1363
2130
class MandosDBusServiceTransitional(MandosDBusService):
2131
__metaclass__ = AlternateDBusNamesMetaclass
2132
mandos_dbus_service = MandosDBusServiceTransitional()
2133
2134
def cleanup():
2135
"Cleanup function; run on exit"
2136
service.cleanup()
2137
2138
multiprocessing.active_children()
2139
while tcp_server.clients:
2140
client = tcp_server.clients.pop()
2141
if use_dbus:
2142
client.remove_from_connection()
2143
client.disable_hook = None
2144
# Don't signal anything except ClientRemoved
2145
client.disable(quiet=True)
2146
if use_dbus:
2147
# Emit D-Bus signal
2148
mandos_dbus_service.ClientRemoved(client
2149
.dbus_object_path,
2150
client.name)
2151
2152
atexit.register(cleanup)
2153
2154
for client in tcp_server.clients:
1364
mandos_dbus_service = MandosDBusService()
1365
1366
for client in clients:
2155
1367
if use_dbus:
2156
1368
# Emit D-Bus signal
2157
mandos_dbus_service.ClientAdded(client.dbus_object_path)
1369
mandos_dbus_service.ClientAdded(client.dbus_object_path,
1370
client.GetAllProperties())
2158
1371
client.enable()
2159
1372
2160
1373
tcp_server.enable()
2163
1376
# Find out what port we got
2164
1377
service.port = tcp_server.socket.getsockname()[1]
2165
1378
if use_ipv6:
2166
logger.info("Now listening on address %r, port %d,"
1379
logger.info(u"Now listening on address %r, port %d,"
2167
1380
" flowinfo %d, scope_id %d"
2168
1381
% tcp_server.socket.getsockname())
2169
1382
else: # IPv4
2170
logger.info("Now listening on address %r, port %d"
1383
logger.info(u"Now listening on address %r, port %d"
2171
1384
% tcp_server.socket.getsockname())
2172
1385
2173
1386
#service.interface = tcp_server.socket.getsockname()[3]
2174
1387
2175
1388
try:
2176
1389
# From the Avahi example code
1390
server.connect_to_signal("StateChanged", server_state_changed)
2177
1391
try:
2178
service.activate()
2179
except dbus.exceptions.DBusException as error:
2180
logger.critical("DBusException: %s", error)
2181
cleanup()
1392
server_state_changed(server.GetState())
1393
except dbus.exceptions.DBusException, error:
1394
logger.critical(u"DBusException: %s", error)
2182
1395
sys.exit(1)
2183
1396
# End of Avahi example code
2184
1397
2187
1400
(tcp_server.handle_request
2188
1401
(*args[2:], **kwargs) or True))
2189
1402
2190
logger.debug("Starting main loop")
1403
logger.debug(u"Starting main loop")
2191
1404
main_loop.run()
2192
except AvahiError as error:
2193
logger.critical("AvahiError: %s", error)
2194
cleanup()
1405
except AvahiError, error:
1406
logger.critical(u"AvahiError: %s", error)
2195
1407
sys.exit(1)
2196
1408
except KeyboardInterrupt:
2197
1409
if debug:
2198
print("", file=sys.stderr)
1410
print >> sys.stderr
2199
1411
logger.debug("Server received KeyboardInterrupt")
2200
1412
logger.debug("Server exiting")
2201
# Must run before the D-Bus bus name gets deregistered
2202
cleanup()
2203
2204
1413
2205
1414
if __name__ == '__main__':
2206
1415
main()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0