290
299
if u"secret" in config:
291
300
self.secret = config[u"secret"].decode(u"base64")
292
301
elif u"secfile" in config:
293
with closing(open(os.path.expanduser
295
(config[u"secfile"])))) as secfile:
302
with open(os.path.expanduser(os.path.expandvars
303
(config[u"secfile"])),
296
305
self.secret = secfile.read()
307
#XXX Need to allow secret on demand!
298
308
raise TypeError(u"No secret or secfile for client %s"
300
310
self.host = config.get(u"host", u"")
312
322
self.checker_command = config[u"checker"]
313
323
self.current_checker_command = None
314
324
self.last_connect = None
325
self._approved = None
326
self.approved_by_default = config.get(u"approved_by_default",
328
self.approvals_pending = 0
329
self.approved_delay = string_to_delta(
330
config[u"approved_delay"])
331
self.approved_duration = string_to_delta(
332
config[u"approved_duration"])
333
self.changedstate = multiprocessing_manager.Condition(multiprocessing_manager.Lock())
335
def send_changedstate(self):
336
self.changedstate.acquire()
337
self.changedstate.notify_all()
338
self.changedstate.release()
316
340
def enable(self):
317
341
"""Start this client's checker and timeout hooks"""
318
342
if getattr(self, u"enabled", False):
319
343
# Already enabled
345
self.send_changedstate()
321
346
self.last_enabled = datetime.datetime.utcnow()
322
347
# Schedule a new checker to be started an 'interval' from now,
323
348
# and every interval from then on.
324
349
self.checker_initiator_tag = (gobject.timeout_add
325
350
(self.interval_milliseconds(),
326
351
self.start_checker))
327
# Also start a new checker *right now*.
329
352
# Schedule a disable() when 'timeout' has passed
330
353
self.disable_initiator_tag = (gobject.timeout_add
331
354
(self.timeout_milliseconds(),
333
356
self.enabled = True
357
# Also start a new checker *right now*.
360
def disable(self, quiet=True):
336
361
"""Disable this client."""
337
362
if not getattr(self, "enabled", False):
339
logger.info(u"Disabling client %s", self.name)
365
self.send_changedstate()
367
logger.info(u"Disabling client %s", self.name)
340
368
if getattr(self, u"disable_initiator_tag", False):
341
369
gobject.source_remove(self.disable_initiator_tag)
342
370
self.disable_initiator_tag = None
466
494
logger.debug(u"Stopping checker for %(name)s", vars(self))
468
496
os.kill(self.checker.pid, signal.SIGTERM)
470
498
#if self.checker.poll() is None:
471
499
# os.kill(self.checker.pid, signal.SIGKILL)
472
500
except OSError, error:
473
501
if error.errno != errno.ESRCH: # No such process
475
503
self.checker = None
477
def still_valid(self):
478
"""Has the timeout not yet passed for this client?"""
479
if not getattr(self, u"enabled", False):
481
now = datetime.datetime.utcnow()
482
if self.last_checked_ok is None:
483
return now < (self.created + self.timeout)
485
return now < (self.last_checked_ok + self.timeout)
488
505
def dbus_service_property(dbus_interface, signature=u"v",
489
506
access=u"readwrite", byte_arrays=False):
497
514
dbus.service.method, except there is only "signature", since the
498
515
type from Get() and the type sent to Set() is the same.
517
# Encoding deeply encoded byte arrays is not supported yet by the
518
# "Set" method, so we fail early here:
519
if byte_arrays and signature != u"ay":
520
raise ValueError(u"Byte arrays not supported for non-'ay'"
521
u" signature %r" % signature)
500
522
def decorator(func):
501
523
func._dbus_is_property = True
502
524
func._dbus_interface = dbus_interface
625
651
"""Standard D-Bus method, overloaded to insert property tags.
627
653
xmlstring = dbus.service.Object.Introspect(self, object_path,
629
document = xml.dom.minidom.parseString(xmlstring)
631
def make_tag(document, name, prop):
632
e = document.createElement(u"property")
633
e.setAttribute(u"name", name)
634
e.setAttribute(u"type", prop._dbus_signature)
635
e.setAttribute(u"access", prop._dbus_access)
637
for if_tag in document.getElementsByTagName(u"interface"):
638
for tag in (make_tag(document, name, prop)
640
in self._get_all_dbus_properties()
641
if prop._dbus_interface
642
== if_tag.getAttribute(u"name")):
643
if_tag.appendChild(tag)
644
xmlstring = document.toxml(u"utf-8")
656
document = xml.dom.minidom.parseString(xmlstring)
657
def make_tag(document, name, prop):
658
e = document.createElement(u"property")
659
e.setAttribute(u"name", name)
660
e.setAttribute(u"type", prop._dbus_signature)
661
e.setAttribute(u"access", prop._dbus_access)
663
for if_tag in document.getElementsByTagName(u"interface"):
664
for tag in (make_tag(document, name, prop)
666
in self._get_all_dbus_properties()
667
if prop._dbus_interface
668
== if_tag.getAttribute(u"name")):
669
if_tag.appendChild(tag)
670
# Add the names to the return values for the
671
# "org.freedesktop.DBus.Properties" methods
672
if (if_tag.getAttribute(u"name")
673
== u"org.freedesktop.DBus.Properties"):
674
for cn in if_tag.getElementsByTagName(u"method"):
675
if cn.getAttribute(u"name") == u"Get":
676
for arg in cn.getElementsByTagName(u"arg"):
677
if (arg.getAttribute(u"direction")
679
arg.setAttribute(u"name", u"value")
680
elif cn.getAttribute(u"name") == u"GetAll":
681
for arg in cn.getElementsByTagName(u"arg"):
682
if (arg.getAttribute(u"direction")
684
arg.setAttribute(u"name", u"props")
685
xmlstring = document.toxml(u"utf-8")
687
except (AttributeError, xml.dom.DOMException,
688
xml.parsers.expat.ExpatError), error:
689
logger.error(u"Failed to override Introspection method",
665
711
+ self.name.replace(u".", u"_")))
666
712
DBusObjectWithProperties.__init__(self, self.bus,
667
713
self.dbus_object_path)
715
#Could possible return a bool(self._approvals_pending),
716
#but this could mess up approvals_pending += 1 XXX
717
def _get_approvals_pending(self):
718
return self._approvals_pending
719
def _set_approvals_pending(self, value):
720
old_value = self._approvals_pending
721
self._approvals_pending = value
723
if (hasattr(self, "dbus_object_path")
724
and bval is not bool(old_value)):
725
dbus_bool = dbus.Boolean(bval, variant_level=1)
726
self.PropertyChanged(dbus.String(u"approved_pending"),
729
approvals_pending = property(_get_approvals_pending,
730
_set_approvals_pending)
731
del _get_approvals_pending, _set_approvals_pending
670
734
def _datetime_to_dbus(dt, variant_level=0):
685
749
variant_level=1))
688
def disable(self, signal = True):
752
def disable(self, quiet = False):
689
753
oldstate = getattr(self, u"enabled", False)
690
r = Client.disable(self)
691
if signal and oldstate != self.enabled:
754
r = Client.disable(self, quiet=quiet)
755
if not quiet and oldstate != self.enabled:
692
756
# Emit D-Bus signal
693
757
self.PropertyChanged(dbus.String(u"enabled"),
694
758
dbus.Boolean(False, variant_level=1))
759
823
self.PropertyChanged(dbus.String(u"checker_running"),
760
824
dbus.Boolean(False, variant_level=1))
763
## D-Bus methods & signals
827
def _reset_approved(self):
828
self._approved = None
831
def approve(self, value=True):
832
self.send_changedstate()
833
self._approved = value
834
gobject.timeout_add(self._timedelta_to_milliseconds(self.approved_duration),
835
self._reset_approved)
838
## D-Bus methods, signals & properties
764
839
_interface = u"se.bsnet.fukt.Mandos.Client"
767
@dbus.service.method(_interface)
769
return self.checked_ok()
771
843
# CheckerCompleted - signal
772
844
@dbus.service.signal(_interface, signature=u"nxs")
789
# ReceivedSecret - signal
862
# XXXTEDDY Is sent after succesfull transfer of secret from mandos-server to mandos-client
790
863
@dbus.service.signal(_interface)
791
def ReceivedSecret(self):
795
868
# Rejected - signal
796
@dbus.service.signal(_interface)
869
@dbus.service.signal(_interface, signature=u"s")
870
def Rejected(self, reason):
874
# NeedApproval - signal
875
@dbus.service.signal(_interface, signature=u"db")
876
def NeedApproval(self, timeout, default):
883
@dbus.service.method(_interface, in_signature=u"b")
884
def Approve(self, value):
888
@dbus.service.method(_interface)
890
return self.checked_ok()
801
892
# Enable - method
802
893
@dbus.service.method(_interface)
821
912
def StopChecker(self):
822
913
self.stop_checker()
917
# approved_pending - property
918
@dbus_service_property(_interface, signature=u"b", access=u"read")
919
def approved_pending_dbus_property(self):
920
return dbus.Boolean(bool(self.approvals_pending))
922
# approved_by_default - property
923
@dbus_service_property(_interface, signature=u"b",
925
def approved_by_default_dbus_property(self):
926
return dbus.Boolean(self.approved_by_default)
928
# approved_delay - property
929
@dbus_service_property(_interface, signature=u"t",
931
def approved_delay_dbus_property(self):
932
return dbus.UInt64(self.approved_delay_milliseconds())
934
# approved_duration - property
935
@dbus_service_property(_interface, signature=u"t",
937
def approved_duration_dbus_property(self):
938
return dbus.UInt64(self._timedelta_to_milliseconds(
939
self.approved_duration))
824
941
# name - property
825
942
@dbus_service_property(_interface, signature=u"s", access=u"read")
826
943
def name_dbus_property(self):
1080
class ProxyClient(object):
1081
def __init__(self, child_pipe, fpr, address):
1082
self._pipe = child_pipe
1083
self._pipe.send(('init', fpr, address))
1084
if not self._pipe.recv():
1087
def __getattribute__(self, name):
1088
if(name == '_pipe'):
1089
return super(ProxyClient, self).__getattribute__(name)
1090
self._pipe.send(('getattr', name))
1091
data = self._pipe.recv()
1092
if data[0] == 'data':
1094
if data[0] == 'function':
1095
def func(*args, **kwargs):
1096
self._pipe.send(('funcall', name, args, kwargs))
1097
return self._pipe.recv()[1]
1100
def __setattr__(self, name, value):
1101
if(name == '_pipe'):
1102
return super(ProxyClient, self).__setattr__(name, value)
1103
self._pipe.send(('setattr', name, value))
963
1106
class ClientHandler(socketserver.BaseRequestHandler, object):
964
1107
"""A class to handle client connections.
967
1110
Note: This will run in its own forked process."""
969
1112
def handle(self):
970
logger.info(u"TCP connection from: %s",
971
unicode(self.client_address))
972
logger.debug(u"IPC Pipe FD: %d", self.server.pipe[1])
973
# Open IPC pipe to parent process
974
with closing(os.fdopen(self.server.pipe[1], u"w", 1)) as ipc:
1113
with contextlib.closing(self.server.child_pipe) as child_pipe:
1114
logger.info(u"TCP connection from: %s",
1115
unicode(self.client_address))
1116
logger.debug(u"Pipe FD: %d",
1117
self.server.child_pipe.fileno())
975
1119
session = (gnutls.connection
976
1120
.ClientSession(self.request,
977
1121
gnutls.connection
978
1122
.X509Credentials()))
980
line = self.request.makefile().readline()
981
logger.debug(u"Protocol version: %r", line)
983
if int(line.strip().split()[0]) > 1:
985
except (ValueError, IndexError, RuntimeError), error:
986
logger.error(u"Unknown protocol version: %s", error)
989
1124
# Note: gnutls.connection.X509Credentials is really a
990
1125
# generic GnuTLS certificate credentials object so long as
991
1126
# no X.509 keys are added to it. Therefore, we can use it
992
1127
# here despite using OpenPGP certificates.
994
1129
#priority = u':'.join((u"NONE", u"+VERS-TLS1.1",
995
1130
# u"+AES-256-CBC", u"+SHA1",
996
1131
# u"+COMP-NULL", u"+CTYPE-OPENPGP",
1002
1137
(gnutls.library.functions
1003
1138
.gnutls_priority_set_direct(session._c_object,
1004
1139
priority, None))
1141
# Start communication using the Mandos protocol
1142
# Get protocol number
1143
line = self.request.makefile().readline()
1144
logger.debug(u"Protocol version: %r", line)
1146
if int(line.strip().split()[0]) > 1:
1148
except (ValueError, IndexError, RuntimeError), error:
1149
logger.error(u"Unknown protocol version: %s", error)
1152
# Start GnuTLS connection
1007
1154
session.handshake()
1008
1155
except gnutls.errors.GNUTLSError, error:
1011
1158
# established. Just abandon the request.
1013
1160
logger.debug(u"Handshake succeeded")
1162
approval_required = False
1015
fpr = self.fingerprint(self.peer_certificate(session))
1016
except (TypeError, gnutls.errors.GNUTLSError), error:
1017
logger.warning(u"Bad certificate: %s", error)
1020
logger.debug(u"Fingerprint: %s", fpr)
1165
fpr = self.fingerprint(self.peer_certificate
1167
except (TypeError, gnutls.errors.GNUTLSError), error:
1168
logger.warning(u"Bad certificate: %s", error)
1170
logger.debug(u"Fingerprint: %s", fpr)
1173
client = ProxyClient(child_pipe, fpr,
1174
self.client_address)
1178
if client.approved_delay:
1179
delay = client.approved_delay
1180
client.approvals_pending += 1
1181
approval_required = True
1184
if not client.enabled:
1185
logger.warning(u"Client %s is disabled",
1187
if self.server.use_dbus:
1189
client.Rejected("Disabled")
1192
if client._approved or not client.approved_delay:
1193
#We are approved or approval is disabled
1195
elif client._approved is None:
1196
logger.info(u"Client %s need approval",
1198
if self.server.use_dbus:
1200
client.NeedApproval(
1201
client.approved_delay_milliseconds(),
1202
client.approved_by_default)
1204
logger.warning(u"Client %s was not approved",
1206
if self.server.use_dbus:
1208
client.Rejected("Disapproved")
1211
#wait until timeout or approved
1212
#x = float(client._timedelta_to_milliseconds(delay))
1213
time = datetime.datetime.now()
1214
client.changedstate.acquire()
1215
client.changedstate.wait(float(client._timedelta_to_milliseconds(delay) / 1000))
1216
client.changedstate.release()
1217
time2 = datetime.datetime.now()
1218
if (time2 - time) >= delay:
1219
if not client.approved_by_default:
1220
logger.warning("Client %s timed out while"
1221
" waiting for approval",
1223
if self.server.use_dbus:
1225
client.Rejected("Time out")
1230
delay -= time2 - time
1233
while sent_size < len(client.secret):
1234
# XXX handle session exception
1235
sent = session.send(client.secret[sent_size:])
1236
logger.debug(u"Sent: %d, remaining: %d",
1237
sent, len(client.secret)
1238
- (sent_size + sent))
1241
logger.info(u"Sending secret to %s", client.name)
1242
# bump the timeout as if seen
1244
if self.server.use_dbus:
1022
for c in self.server.clients:
1023
if c.fingerprint == fpr:
1027
ipc.write(u"NOTFOUND %s %s\n"
1028
% (fpr, unicode(self.client_address)))
1031
# Have to check if client.still_valid(), since it is
1032
# possible that the client timed out while establishing
1033
# the GnuTLS session.
1034
if not client.still_valid():
1035
ipc.write(u"INVALID %s\n" % client.name)
1038
ipc.write(u"SENDING %s\n" % client.name)
1040
while sent_size < len(client.secret):
1041
sent = session.send(client.secret[sent_size:])
1042
logger.debug(u"Sent: %d, remaining: %d",
1043
sent, len(client.secret)
1044
- (sent_size + sent))
1249
if approval_required:
1250
client.approvals_pending -= 1
1049
1254
def peer_certificate(session):
1112
class ForkingMixInWithPipe(socketserver.ForkingMixIn, object):
1113
"""Like socketserver.ForkingMixIn, but also pass a pipe."""
1317
class MultiprocessingMixIn(object):
1318
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
1319
def sub_process_main(self, request, address):
1321
self.finish_request(request, address)
1323
self.handle_error(request, address)
1324
self.close_request(request)
1326
def process_request(self, request, address):
1327
"""Start a new process to process the request."""
1328
multiprocessing.Process(target = self.sub_process_main,
1329
args = (request, address)).start()
1331
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
1332
""" adds a pipe to the MixIn """
1114
1333
def process_request(self, request, client_address):
1115
1334
"""Overrides and wraps the original process_request().
1117
1336
This function creates a new pipe in self.pipe
1119
self.pipe = os.pipe()
1120
super(ForkingMixInWithPipe,
1338
parent_pipe, self.child_pipe = multiprocessing.Pipe()
1340
super(MultiprocessingMixInWithPipe,
1121
1341
self).process_request(request, client_address)
1122
os.close(self.pipe[1]) # close write end
1123
self.add_pipe(self.pipe[0])
1124
def add_pipe(self, pipe):
1342
self.child_pipe.close()
1343
self.add_pipe(parent_pipe)
1345
def add_pipe(self, parent_pipe):
1125
1346
"""Dummy function; override as necessary"""
1129
class IPv6_TCPServer(ForkingMixInWithPipe,
1349
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
1130
1350
socketserver.TCPServer, object):
1131
1351
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
1217
1437
return socketserver.TCPServer.server_activate(self)
1218
1438
def enable(self):
1219
1439
self.enabled = True
1220
def add_pipe(self, pipe):
1440
def add_pipe(self, parent_pipe):
1221
1441
# Call "handle_ipc" for both data and EOF events
1222
gobject.io_add_watch(pipe, gobject.IO_IN | gobject.IO_HUP,
1224
def handle_ipc(self, source, condition, file_objects={}):
1442
gobject.io_add_watch(parent_pipe.fileno(),
1443
gobject.IO_IN | gobject.IO_HUP,
1444
functools.partial(self.handle_ipc,
1445
parent_pipe = parent_pipe))
1447
def handle_ipc(self, source, condition, parent_pipe=None,
1448
client_object=None):
1225
1449
condition_names = {
1226
1450
gobject.IO_IN: u"IN", # There is data to read.
1227
1451
gobject.IO_OUT: u"OUT", # Data can be written (without
1238
1462
if cond & condition)
1239
1463
logger.debug(u"Handling IPC: FD = %d, condition = %s", source,
1240
1464
conditions_string)
1242
# Turn the pipe file descriptor into a Python file object
1243
if source not in file_objects:
1244
file_objects[source] = os.fdopen(source, u"r", 1)
1246
# Read a line from the file object
1247
cmdline = file_objects[source].readline()
1248
if not cmdline: # Empty line means end of file
1249
# close the IPC pipe
1250
file_objects[source].close()
1251
del file_objects[source]
1253
# Stop calling this function
1256
logger.debug(u"IPC command: %r", cmdline)
1258
# Parse and act on command
1259
cmd, args = cmdline.rstrip(u"\r\n").split(None, 1)
1261
if cmd == u"NOTFOUND":
1262
logger.warning(u"Client not found for fingerprint: %s",
1266
mandos_dbus_service.ClientNotFound(args)
1267
elif cmd == u"INVALID":
1268
for client in self.clients:
1269
if client.name == args:
1270
logger.warning(u"Client %s is invalid", args)
1276
logger.error(u"Unknown client %s is invalid", args)
1277
elif cmd == u"SENDING":
1278
for client in self.clients:
1279
if client.name == args:
1280
logger.info(u"Sending secret to %s", client.name)
1284
client.ReceivedSecret()
1287
logger.error(u"Sending secret to unknown client %s",
1290
logger.error(u"Unknown IPC command: %r", cmdline)
1292
# Keep calling this function
1466
# XXXTEDDY error or the other end of multiprocessing.Pipe has closed
1467
if condition & gobject.IO_HUP or condition & gobject.IO_ERR:
1470
# Read a request from the child
1471
request = parent_pipe.recv()
1472
logger.debug(u"IPC request: %s", repr(request))
1473
command = request[0]
1475
if command == 'init':
1477
address = request[2]
1479
for c in self.clients:
1480
if c.fingerprint == fpr:
1484
logger.warning(u"Client not found for fingerprint: %s, ad"
1485
u"dress: %s", fpr, address)
1488
mandos_dbus_service.ClientNotFound(fpr, address)
1489
parent_pipe.send(False)
1492
gobject.io_add_watch(parent_pipe.fileno(),
1493
gobject.IO_IN | gobject.IO_HUP,
1494
functools.partial(self.handle_ipc,
1495
parent_pipe = parent_pipe,
1496
client_object = client))
1497
parent_pipe.send(True)
1498
# remove the old hook in favor of the new above hook on same fileno
1500
if command == 'funcall':
1501
funcname = request[1]
1505
parent_pipe.send(('data', getattr(client_object, funcname)(*args, **kwargs)))
1507
if command == 'getattr':
1508
attrname = request[1]
1509
if callable(client_object.__getattribute__(attrname)):
1510
parent_pipe.send(('function',))
1512
parent_pipe.send(('data', client_object.__getattribute__(attrname)))
1514
if command == 'setattr':
1515
attrname = request[1]
1517
setattr(client_object, attrname, value)
1372
1598
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1373
1599
if not stat.S_ISCHR(os.fstat(null).st_mode):
1374
1600
raise OSError(errno.ENODEV,
1375
u"/dev/null not a character device")
1601
u"%s not a character device"
1376
1603
os.dup2(null, sys.stdin.fileno())
1377
1604
os.dup2(null, sys.stdout.fileno())
1378
1605
os.dup2(null, sys.stderr.fileno())
1545
1774
bus = dbus.SystemBus()
1546
1775
# End of Avahi example code
1548
bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos", bus)
1778
bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos",
1779
bus, do_not_queue=True)
1780
except dbus.exceptions.NameExistsException, e:
1781
logger.error(unicode(e) + u", disabling D-Bus")
1783
server_settings[u"use_dbus"] = False
1784
tcp_server.use_dbus = False
1549
1785
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
1550
1786
service = AvahiService(name = server_settings[u"servicename"],
1551
1787
servicetype = u"_mandos._tcp",
1553
1789
if server_settings["interface"]:
1554
1790
service.interface = (if_nametoindex
1555
1791
(str(server_settings[u"interface"])))
1793
global multiprocessing_manager
1794
multiprocessing_manager = multiprocessing.Manager()
1557
1796
client_class = Client
1559
1798
client_class = functools.partial(ClientDBus, bus = bus)
1799
def client_config_items(config, section):
1800
special_settings = {
1801
"approved_by_default":
1802
lambda: config.getboolean(section,
1803
"approved_by_default"),
1805
for name, value in config.items(section):
1807
yield (name, special_settings[name]())
1560
1811
tcp_server.clients.update(set(
1561
1812
client_class(name = section,
1562
config= dict(client_config.items(section)))
1813
config= dict(client_config_items(
1814
client_config, section)))
1563
1815
for section in client_config.sections()))
1564
1816
if not tcp_server.clients:
1565
1817
logger.warning(u"No clients defined")
1612
1853
dbus.service.Object.__init__(self, bus, u"/")
1613
1854
_interface = u"se.bsnet.fukt.Mandos"
1615
@dbus.service.signal(_interface, signature=u"oa{sv}")
1616
def ClientAdded(self, objpath, properties):
1856
@dbus.service.signal(_interface, signature=u"o")
1857
def ClientAdded(self, objpath):
1620
@dbus.service.signal(_interface, signature=u"s")
1621
def ClientNotFound(self, fingerprint):
1861
@dbus.service.signal(_interface, signature=u"ss")
1862
def ClientNotFound(self, fingerprint, address):
1650
1891
tcp_server.clients.remove(c)
1651
1892
c.remove_from_connection()
1652
1893
# Don't signal anything except ClientRemoved
1653
c.disable(signal=False)
1894
c.disable(quiet=True)
1654
1895
# Emit D-Bus signal
1655
1896
self.ClientRemoved(object_path, c.name)
1898
raise KeyError(object_path)
1661
1902
mandos_dbus_service = MandosDBusService()
1905
"Cleanup function; run on exit"
1908
while tcp_server.clients:
1909
client = tcp_server.clients.pop()
1911
client.remove_from_connection()
1912
client.disable_hook = None
1913
# Don't signal anything except ClientRemoved
1914
client.disable(quiet=True)
1917
mandos_dbus_service.ClientRemoved(client.dbus_object_path,
1920
atexit.register(cleanup)
1663
1922
for client in tcp_server.clients:
1665
1924
# Emit D-Bus signal
1666
mandos_dbus_service.ClientAdded(client.dbus_object_path,
1925
mandos_dbus_service.ClientAdded(client.dbus_object_path)
1668
1926
client.enable()
1670
1928
tcp_server.enable()