To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to server.py
- browse files at revision 24
- compare with another revision
- download diff
- download tarball
- view history from revision 24
- Committer: Teddy Hogeborn
- Date: 2008-07-22 01:59:47 UTC
- Revision ID: teddy@fukt.bsnet.se-20080722015947-y7o6keji020nvrhw
* Makefile (OPTIMIZE): New; optimize for size.
(CFLAGS): Use $(OPTIMIZE).
(CFLAGS): Use $(OPTIMIZE).
- files added:
- ca.pem
- files removed:
- .bzr-builddeb
- debian
- debian/po
- files renamed:
- clients.conf => mandos-clients.conf
- plugin-runner.c => plugbasedclient.c
- plugins.d/mandos-client.c => plugins.d/mandosclient.c
- plugins.d/password-prompt.c => plugins.d/passprompt.c
- mandos => server.py
- files modified:
- Makefile
added
removed
server.py
6
6
# This program is partly derived from an example program for an Avahi
7
7
# service publisher, downloaded from
8
8
# <http://avahi.org/wiki/PythonPublishExample>. This includes the
9
# methods "add", "remove", "server_state_changed",
10
# "entry_group_state_changed", "cleanup", and "activate" in the
11
# "AvahiService" class, and some lines in "main".
9
# following functions: "add_service", "remove_service",
10
# "server_state_changed", "entry_group_state_changed", and some lines
11
# in "main".
12
12
#
13
# Everything else is
14
# Copyright © 2008,2009 Teddy Hogeborn
15
# Copyright © 2008,2009 Björn Påhlsson
13
# Everything else is Copyright © 2007-2008 Teddy Hogeborn and Björn
14
# Påhlsson.
16
15
#
17
16
# This program is free software: you can redistribute it and/or modify
18
17
# it under the terms of the GNU General Public License as published by
25
24
# GNU General Public License for more details.
26
25
#
27
26
# You should have received a copy of the GNU General Public License
28
# along with this program. If not, see
29
# <http://www.gnu.org/licenses/>.
30
#
31
# Contact the authors at <mandos@fukt.bsnet.se>.
32
#
33
34
from __future__ import division, with_statement, absolute_import
35
36
import SocketServer as socketserver
27
# along with this program. If not, see <http://www.gnu.org/licenses/>.
28
#
29
# Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and
30
# <https://www.fukt.bsnet.se/~teddy/>.
31
#
32
33
from __future__ import division
34
35
import SocketServer
37
36
import socket
38
import optparse
37
import select
38
from optparse import OptionParser
39
39
import datetime
40
40
import errno
41
41
import gnutls.crypto
44
44
import gnutls.library.functions
45
45
import gnutls.library.constants
46
46
import gnutls.library.types
47
import ConfigParser as configparser
47
import ConfigParser
48
48
import sys
49
49
import re
50
50
import os
51
51
import signal
52
from sets import Set
52
53
import subprocess
53
54
import atexit
54
55
import stat
55
56
import logging
56
57
import logging.handlers
57
import pwd
58
from contextlib import closing
59
import struct
60
import fcntl
61
58
62
59
import dbus
63
import dbus.service
64
60
import gobject
65
61
import avahi
66
62
from dbus.mainloop.glib import DBusGMainLoop
67
63
import ctypes
68
import ctypes.util
69
70
try:
71
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
72
except AttributeError:
73
try:
74
from IN import SO_BINDTODEVICE
75
except ImportError:
76
# From /usr/include/asm/socket.h
77
SO_BINDTODEVICE = 25
78
79
80
version = "1.0.8"
81
82
logger = logging.Logger(u'mandos')
83
syslogger = (logging.handlers.SysLogHandler
84
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
85
address = "/dev/log"))
86
syslogger.setFormatter(logging.Formatter
87
(u'Mandos [%(process)d]: %(levelname)s:'
88
u' %(message)s'))
64
65
# Brief description of the operation of this program:
66
#
67
# This server announces itself as a Zeroconf service. Connecting
68
# clients use the TLS protocol, with the unusual quirk that this
69
# server program acts as a TLS "client" while the connecting clients
70
# acts as a TLS "server". The clients (acting as a TLS "server") must
71
# supply an OpenPGP certificate, and the fingerprint of this
72
# certificate is used by this server to look up (in a list read from a
73
# file at start time) which binary blob to give the client. No other
74
# authentication or authorization is done by this server.
75
76
77
logger = logging.Logger('mandos')
78
syslogger = logging.handlers.SysLogHandler\
79
(facility = logging.handlers.SysLogHandler.LOG_DAEMON)
80
syslogger.setFormatter(logging.Formatter\
81
('%(levelname)s: %(message)s'))
89
82
logger.addHandler(syslogger)
90
91
console = logging.StreamHandler()
92
console.setFormatter(logging.Formatter(u'%(name)s [%(process)d]:'
93
u' %(levelname)s:'
94
u' %(message)s'))
95
logger.addHandler(console)
96
97
class AvahiError(Exception):
98
def __init__(self, value, *args, **kwargs):
99
self.value = value
100
super(AvahiError, self).__init__(value, *args, **kwargs)
101
def __unicode__(self):
102
return unicode(repr(self.value))
103
104
class AvahiServiceError(AvahiError):
105
pass
106
107
class AvahiGroupError(AvahiError):
108
pass
109
110
111
class AvahiService(object):
112
"""An Avahi (Zeroconf) service.
113
114
Attributes:
115
interface: integer; avahi.IF_UNSPEC or an interface index.
116
Used to optionally bind to the specified interface.
117
name: string; Example: u'Mandos'
118
type: string; Example: u'_mandos._tcp'.
119
See <http://www.dns-sd.org/ServiceTypes.html>
120
port: integer; what port to announce
121
TXT: list of strings; TXT record for the service
122
domain: string; Domain to publish on, default to .local if empty.
123
host: string; Host to publish records for, default is localhost
124
max_renames: integer; maximum number of renames
125
rename_count: integer; counter so we only rename after collisions
126
a sensible number of times
127
group: D-Bus Entry Group
128
server: D-Bus Server
129
"""
130
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
131
servicetype = None, port = None, TXT = None,
132
domain = u"", host = u"", max_renames = 32768,
133
protocol = avahi.PROTO_UNSPEC):
134
self.interface = interface
135
self.name = name
136
self.type = servicetype
137
self.port = port
138
self.TXT = TXT if TXT is not None else []
139
self.domain = domain
140
self.host = host
141
self.rename_count = 0
142
self.max_renames = max_renames
143
self.protocol = protocol
144
self.group = None # our entry group
145
self.server = None
146
def rename(self):
147
"""Derived from the Avahi example code"""
148
if self.rename_count >= self.max_renames:
149
logger.critical(u"No suitable Zeroconf service name found"
150
u" after %i retries, exiting.",
151
self.rename_count)
152
raise AvahiServiceError(u"Too many renames")
153
self.name = self.server.GetAlternativeServiceName(self.name)
154
logger.info(u"Changing Zeroconf service name to %r ...",
155
unicode(self.name))
156
syslogger.setFormatter(logging.Formatter
157
(u'Mandos (%s) [%%(process)d]:'
158
u' %%(levelname)s: %%(message)s'
159
% self.name))
160
self.remove()
161
self.add()
162
self.rename_count += 1
163
def remove(self):
164
"""Derived from the Avahi example code"""
165
if self.group is not None:
166
self.group.Reset()
167
def add(self):
168
"""Derived from the Avahi example code"""
169
if self.group is None:
170
self.group = dbus.Interface(
171
bus.get_object(avahi.DBUS_NAME,
172
self.server.EntryGroupNew()),
173
avahi.DBUS_INTERFACE_ENTRY_GROUP)
174
self.group.connect_to_signal('StateChanged',
175
self.entry_group_state_changed)
176
logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",
177
self.name, self.type)
178
self.group.AddService(
179
self.interface,
180
self.protocol,
181
dbus.UInt32(0), # flags
182
self.name, self.type,
183
self.domain, self.host,
184
dbus.UInt16(self.port),
185
avahi.string_array_to_txt_array(self.TXT))
186
self.group.Commit()
187
def entry_group_state_changed(self, state, error):
188
"""Derived from the Avahi example code"""
189
logger.debug(u"Avahi state change: %i", state)
190
191
if state == avahi.ENTRY_GROUP_ESTABLISHED:
192
logger.debug(u"Zeroconf service established.")
193
elif state == avahi.ENTRY_GROUP_COLLISION:
194
logger.warning(u"Zeroconf service name collision.")
195
self.rename()
196
elif state == avahi.ENTRY_GROUP_FAILURE:
197
logger.critical(u"Avahi: Error in group state changed %s",
198
unicode(error))
199
raise AvahiGroupError(u"State changed: %s"
200
% unicode(error))
201
def cleanup(self):
202
"""Derived from the Avahi example code"""
203
if self.group is not None:
204
self.group.Free()
205
self.group = None
206
def server_state_changed(self, state):
207
"""Derived from the Avahi example code"""
208
if state == avahi.SERVER_COLLISION:
209
logger.error(u"Zeroconf server name collision")
210
self.remove()
211
elif state == avahi.SERVER_RUNNING:
212
self.add()
213
def activate(self):
214
"""Derived from the Avahi example code"""
215
if self.server is None:
216
self.server = dbus.Interface(
217
bus.get_object(avahi.DBUS_NAME,
218
avahi.DBUS_PATH_SERVER),
219
avahi.DBUS_INTERFACE_SERVER)
220
self.server.connect_to_signal(u"StateChanged",
221
self.server_state_changed)
222
self.server_state_changed(self.server.GetState())
83
del syslogger
84
85
# This variable is used to optionally bind to a specified interface.
86
# It is a global variable to fit in with the other variables from the
87
# Avahi example code.
88
serviceInterface = avahi.IF_UNSPEC
89
# From the Avahi example code:
90
serviceName = "Mandos"
91
serviceType = "_mandos._tcp" # http://www.dns-sd.org/ServiceTypes.html
92
servicePort = None # Not known at startup
93
serviceTXT = [] # TXT record for the service
94
domain = "" # Domain to publish on, default to .local
95
host = "" # Host to publish records for, default to localhost
96
group = None #our entry group
97
rename_count = 12 # Counter so we only rename after collisions a
98
# sensible number of times
99
# End of Avahi example code
223
100
224
101
225
102
class Client(object):
226
103
"""A representation of a client host served by this server.
227
228
104
Attributes:
229
name: string; from the config file, used in log messages and
230
D-Bus identifiers
105
name: string; from the config file, used in log messages
231
106
fingerprint: string (40 or 32 hexadecimal digits); used to
232
107
uniquely identify the client
233
secret: bytestring; sent verbatim (over TLS) to client
234
host: string; available for use by the checker command
235
created: datetime.datetime(); (UTC) object creation
236
last_enabled: datetime.datetime(); (UTC)
237
enabled: bool()
238
last_checked_ok: datetime.datetime(); (UTC) or None
239
timeout: datetime.timedelta(); How long from last_checked_ok
240
until this client is invalid
241
interval: datetime.timedelta(); How often to start a new checker
242
disable_hook: If set, called by disable() as disable_hook(self)
243
checker: subprocess.Popen(); a running checker process used
244
to see if the client lives.
245
'None' if no process is running.
108
secret: bytestring; sent verbatim (over TLS) to client
109
fqdn: string (FQDN); available for use by the checker command
110
created: datetime.datetime()
111
last_seen: datetime.datetime() or None if not yet seen
112
timeout: datetime.timedelta(); How long from last_seen until
113
this client is invalid
114
interval: datetime.timedelta(); How often to start a new checker
115
stop_hook: If set, called by stop() as stop_hook(self)
116
checker: subprocess.Popen(); a running checker process used
117
to see if the client lives.
118
Is None if no process is running.
246
119
checker_initiator_tag: a gobject event source tag, or None
247
disable_initiator_tag: - '' -
120
stop_initiator_tag: - '' -
248
121
checker_callback_tag: - '' -
249
122
checker_command: string; External command which is run to check if
250
client lives. %() expansions are done at
123
client lives. %()s expansions are done at
251
124
runtime with vars(self) as dict, so that for
252
125
instance %(name)s can be used in the command.
253
current_checker_command: string; current running checker_command
126
Private attibutes:
127
_timeout: Real variable for 'timeout'
128
_interval: Real variable for 'interval'
129
_timeout_milliseconds: Used by gobject.timeout_add()
130
_interval_milliseconds: - '' -
254
131
"""
255
256
@staticmethod
257
def _datetime_to_milliseconds(dt):
258
"Convert a datetime.datetime() to milliseconds"
259
return ((dt.days * 24 * 60 * 60 * 1000)
260
+ (dt.seconds * 1000)
261
+ (dt.microseconds // 1000))
262
263
def timeout_milliseconds(self):
264
"Return the 'timeout' attribute in milliseconds"
265
return self._datetime_to_milliseconds(self.timeout)
266
267
def interval_milliseconds(self):
268
"Return the 'interval' attribute in milliseconds"
269
return self._datetime_to_milliseconds(self.interval)
270
271
def __init__(self, name = None, disable_hook=None, config=None):
272
"""Note: the 'checker' key in 'config' sets the
273
'checker_command' attribute and *not* the 'checker'
274
attribute."""
132
def _set_timeout(self, timeout):
133
"Setter function for 'timeout' attribute"
134
self._timeout = timeout
135
self._timeout_milliseconds = ((self.timeout.days
136
* 24 * 60 * 60 * 1000)
137
+ (self.timeout.seconds * 1000)
138
+ (self.timeout.microseconds
139
// 1000))
140
timeout = property(lambda self: self._timeout,
141
_set_timeout)
142
del _set_timeout
143
def _set_interval(self, interval):
144
"Setter function for 'interval' attribute"
145
self._interval = interval
146
self._interval_milliseconds = ((self.interval.days
147
* 24 * 60 * 60 * 1000)
148
+ (self.interval.seconds
149
* 1000)
150
+ (self.interval.microseconds
151
// 1000))
152
interval = property(lambda self: self._interval,
153
_set_interval)
154
del _set_interval
155
def __init__(self, name=None, options=None, stop_hook=None,
156
fingerprint=None, secret=None, secfile=None,
157
fqdn=None, timeout=None, interval=-1, checker=None):
158
"""Note: the 'checker' argument sets the 'checker_command'
159
attribute and not the 'checker' attribute.."""
275
160
self.name = name
276
if config is None:
277
config = {}
278
logger.debug(u"Creating client %r", self.name)
279
# Uppercase and remove spaces from fingerprint for later
280
# comparison purposes with return value from the fingerprint()
281
# function
282
self.fingerprint = (config[u"fingerprint"].upper()
283
.replace(u" ", u""))
284
logger.debug(u" Fingerprint: %s", self.fingerprint)
285
if u"secret" in config:
286
self.secret = config[u"secret"].decode(u"base64")
287
elif u"secfile" in config:
288
with closing(open(os.path.expanduser
289
(os.path.expandvars
290
(config[u"secfile"])))) as secfile:
291
self.secret = secfile.read()
292
else:
293
raise TypeError(u"No secret or secfile for client %s"
294
% self.name)
295
self.host = config.get(u"host", u"")
296
self.created = datetime.datetime.utcnow()
297
self.enabled = False
298
self.last_enabled = None
299
self.last_checked_ok = None
300
self.timeout = string_to_delta(config[u"timeout"])
301
self.interval = string_to_delta(config[u"interval"])
302
self.disable_hook = disable_hook
161
# Uppercase and remove spaces from fingerprint
162
# for later comparison purposes with return value of
163
# the fingerprint() function
164
self.fingerprint = fingerprint.upper().replace(u" ", u"")
165
if secret:
166
self.secret = secret.decode(u"base64")
167
elif secfile:
168
sf = open(secfile)
169
self.secret = sf.read()
170
sf.close()
171
else:
172
raise RuntimeError(u"No secret or secfile for client %s"
173
% self.name)
174
self.fqdn = fqdn # string
175
self.created = datetime.datetime.now()
176
self.last_seen = None
177
if timeout is None:
178
self.timeout = options.timeout
179
else:
180
self.timeout = string_to_delta(timeout)
181
if interval == -1:
182
self.interval = options.interval
183
else:
184
self.interval = string_to_delta(interval)
185
self.stop_hook = stop_hook
303
186
self.checker = None
304
187
self.checker_initiator_tag = None
305
self.disable_initiator_tag = None
188
self.stop_initiator_tag = None
306
189
self.checker_callback_tag = None
307
self.checker_command = config[u"checker"]
308
self.current_checker_command = None
309
self.last_connect = None
310
311
def enable(self):
190
self.check_command = checker
191
def start(self):
312
192
"""Start this client's checker and timeout hooks"""
313
self.last_enabled = datetime.datetime.utcnow()
314
193
# Schedule a new checker to be started an 'interval' from now,
315
194
# and every interval from then on.
316
self.checker_initiator_tag = (gobject.timeout_add
317
(self.interval_milliseconds(),
318
self.start_checker))
195
self.checker_initiator_tag = gobject.timeout_add\
196
(self._interval_milliseconds,
197
self.start_checker)
319
198
# Also start a new checker *right now*.
320
199
self.start_checker()
321
# Schedule a disable() when 'timeout' has passed
322
self.disable_initiator_tag = (gobject.timeout_add
323
(self.timeout_milliseconds(),
324
self.disable))
325
self.enabled = True
326
327
def disable(self):
328
"""Disable this client."""
329
if not getattr(self, "enabled", False):
200
# Schedule a stop() when 'timeout' has passed
201
self.stop_initiator_tag = gobject.timeout_add\
202
(self._timeout_milliseconds,
203
self.stop)
204
def stop(self):
205
"""Stop this client.
206
The possibility that this client might be restarted is left
207
open, but not currently used."""
208
# If this client doesn't have a secret, it is already stopped.
209
if self.secret:
210
logger.debug(u"Stopping client %s", self.name)
211
self.secret = None
212
else:
330
213
return False
331
logger.info(u"Disabling client %s", self.name)
332
if getattr(self, u"disable_initiator_tag", False):
333
gobject.source_remove(self.disable_initiator_tag)
334
self.disable_initiator_tag = None
335
if getattr(self, u"checker_initiator_tag", False):
214
if hasattr(self, "stop_initiator_tag") \
215
and self.stop_initiator_tag:
216
gobject.source_remove(self.stop_initiator_tag)
217
self.stop_initiator_tag = None
218
if hasattr(self, "checker_initiator_tag") \
219
and self.checker_initiator_tag:
336
220
gobject.source_remove(self.checker_initiator_tag)
337
221
self.checker_initiator_tag = None
338
222
self.stop_checker()
339
if self.disable_hook:
340
self.disable_hook(self)
341
self.enabled = False
223
if self.stop_hook:
224
self.stop_hook(self)
342
225
# Do not run this again if called by a gobject.timeout_add
343
226
return False
344
345
227
def __del__(self):
346
self.disable_hook = None
347
self.disable()
348
349
def checker_callback(self, pid, condition, command):
228
self.stop_hook = None
229
self.stop()
230
def checker_callback(self, pid, condition):
350
231
"""The checker has completed, so take appropriate actions."""
232
now = datetime.datetime.now()
351
233
self.checker_callback_tag = None
352
234
self.checker = None
353
if os.WIFEXITED(condition):
354
exitstatus = os.WEXITSTATUS(condition)
355
if exitstatus == 0:
356
logger.info(u"Checker for %(name)s succeeded",
357
vars(self))
358
self.checked_ok()
359
else:
360
logger.info(u"Checker for %(name)s failed",
361
vars(self))
362
else:
235
if os.WIFEXITED(condition) \
236
and (os.WEXITSTATUS(condition) == 0):
237
logger.debug(u"Checker for %(name)s succeeded",
238
vars(self))
239
self.last_seen = now
240
gobject.source_remove(self.stop_initiator_tag)
241
self.stop_initiator_tag = gobject.timeout_add\
242
(self._timeout_milliseconds,
243
self.stop)
244
elif not os.WIFEXITED(condition):
363
245
logger.warning(u"Checker for %(name)s crashed?",
364
246
vars(self))
365
366
def checked_ok(self):
367
"""Bump up the timeout for this client.
368
369
This should only be called when the client has been seen,
370
alive and well.
371
"""
372
self.last_checked_ok = datetime.datetime.utcnow()
373
gobject.source_remove(self.disable_initiator_tag)
374
self.disable_initiator_tag = (gobject.timeout_add
375
(self.timeout_milliseconds(),
376
self.disable))
377
247
else:
248
logger.debug(u"Checker for %(name)s failed",
249
vars(self))
378
250
def start_checker(self):
379
251
"""Start a new checker subprocess if one is not running.
380
381
252
If a checker already exists, leave it running and do
382
253
nothing."""
383
254
# The reason for not killing a running checker is that if we
388
259
# checkers alone, the checker would have to take more time
389
260
# than 'timeout' for the client to be declared invalid, which
390
261
# is as it should be.
391
392
# If a checker exists, make sure it is not a zombie
393
if self.checker is not None:
394
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
395
if pid:
396
logger.warning(u"Checker was a zombie")
397
gobject.source_remove(self.checker_callback_tag)
398
self.checker_callback(pid, status,
399
self.current_checker_command)
400
# Start a new checker if needed
401
262
if self.checker is None:
402
263
try:
403
# In case checker_command has exactly one % operator
404
command = self.checker_command % self.host
264
command = self.check_command % self.fqdn
405
265
except TypeError:
406
# Escape attributes for the shell
407
escaped_attrs = dict((key,
408
re.escape(unicode(str(val),
409
errors=
410
u'replace')))
266
escaped_attrs = dict((key, re.escape(str(val)))
411
267
for key, val in
412
268
vars(self).iteritems())
413
269
try:
414
command = self.checker_command % escaped_attrs
270
command = self.check_command % escaped_attrs
415
271
except TypeError, error:
416
logger.error(u'Could not format string "%s":'
417
u' %s', self.checker_command, error)
272
logger.critical(u'Could not format string "%s":'
273
u' %s', self.check_command, error)
418
274
return True # Try again later
419
self.current_checker_command = command
420
275
try:
421
logger.info(u"Starting checker %r for %s",
422
command, self.name)
423
# We don't need to redirect stdout and stderr, since
424
# in normal mode, that is already done by daemon(),
425
# and in debug mode we don't want to. (Stdin is
426
# always replaced by /dev/null.)
427
self.checker = subprocess.Popen(command,
428
close_fds=True,
429
shell=True, cwd=u"/")
430
self.checker_callback_tag = (gobject.child_watch_add
431
(self.checker.pid,
432
self.checker_callback,
433
data=command))
434
# The checker may have completed before the gobject
435
# watch was added. Check for this.
436
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
437
if pid:
438
gobject.source_remove(self.checker_callback_tag)
439
self.checker_callback(pid, status, command)
440
except OSError, error:
276
logger.debug(u"Starting checker %r for %s",
277
command, self.name)
278
self.checker = subprocess.\
279
Popen(command,
280
close_fds=True, shell=True,
281
cwd="/")
282
self.checker_callback_tag = gobject.child_watch_add\
283
(self.checker.pid,
284
self.checker_callback)
285
except subprocess.OSError, error:
441
286
logger.error(u"Failed to start subprocess: %s",
442
287
error)
443
288
# Re-run this periodically if run by gobject.timeout_add
444
289
return True
445
446
290
def stop_checker(self):
447
291
"""Force the checker process, if any, to stop."""
448
292
if self.checker_callback_tag:
449
293
gobject.source_remove(self.checker_callback_tag)
450
294
self.checker_callback_tag = None
451
if getattr(self, u"checker", None) is None:
295
if not hasattr(self, "checker") or self.checker is None:
452
296
return
453
logger.debug(u"Stopping checker for %(name)s", vars(self))
297
logger.debug("Stopping checker for %(name)s", vars(self))
454
298
try:
455
299
os.kill(self.checker.pid, signal.SIGTERM)
456
300
#os.sleep(0.5)
457
301
#if self.checker.poll() is None:
458
302
# os.kill(self.checker.pid, signal.SIGKILL)
459
303
except OSError, error:
460
if error.errno != errno.ESRCH: # No such process
304
if error.errno != errno.ESRCH:
461
305
raise
462
306
self.checker = None
463
464
def still_valid(self):
307
def still_valid(self, now=None):
465
308
"""Has the timeout not yet passed for this client?"""
466
if not getattr(self, u"enabled", False):
467
return False
468
now = datetime.datetime.utcnow()
469
if self.last_checked_ok is None:
309
if now is None:
310
now = datetime.datetime.now()
311
if self.last_seen is None:
470
312
return now < (self.created + self.timeout)
471
313
else:
472
return now < (self.last_checked_ok + self.timeout)
473
474
475
class ClientDBus(Client, dbus.service.Object):
476
"""A Client class using D-Bus
477
478
Attributes:
479
dbus_object_path: dbus.ObjectPath ; only set if self.use_dbus
480
"""
481
# dbus.service.Object doesn't use super(), so we can't either.
482
483
def __init__(self, *args, **kwargs):
484
Client.__init__(self, *args, **kwargs)
485
# Only now, when this client is initialized, can it show up on
486
# the D-Bus
487
self.dbus_object_path = (dbus.ObjectPath
488
(u"/clients/"
489
+ self.name.replace(u".", u"_")))
490
dbus.service.Object.__init__(self, bus,
491
self.dbus_object_path)
492
493
@staticmethod
494
def _datetime_to_dbus(dt, variant_level=0):
495
"""Convert a UTC datetime.datetime() to a D-Bus type."""
496
return dbus.String(dt.isoformat(),
497
variant_level=variant_level)
498
499
def enable(self):
500
oldstate = getattr(self, u"enabled", False)
501
r = Client.enable(self)
502
if oldstate != self.enabled:
503
# Emit D-Bus signals
504
self.PropertyChanged(dbus.String(u"enabled"),
505
dbus.Boolean(True, variant_level=1))
506
self.PropertyChanged(
507
dbus.String(u"last_enabled"),
508
self._datetime_to_dbus(self.last_enabled,
509
variant_level=1))
510
return r
511
512
def disable(self, signal = True):
513
oldstate = getattr(self, u"enabled", False)
514
r = Client.disable(self)
515
if signal and oldstate != self.enabled:
516
# Emit D-Bus signal
517
self.PropertyChanged(dbus.String(u"enabled"),
518
dbus.Boolean(False, variant_level=1))
519
return r
520
521
def __del__(self, *args, **kwargs):
522
try:
523
self.remove_from_connection()
524
except LookupError:
525
pass
526
if hasattr(dbus.service.Object, u"__del__"):
527
dbus.service.Object.__del__(self, *args, **kwargs)
528
Client.__del__(self, *args, **kwargs)
529
530
def checker_callback(self, pid, condition, command,
531
*args, **kwargs):
532
self.checker_callback_tag = None
533
self.checker = None
534
# Emit D-Bus signal
535
self.PropertyChanged(dbus.String(u"checker_running"),
536
dbus.Boolean(False, variant_level=1))
537
if os.WIFEXITED(condition):
538
exitstatus = os.WEXITSTATUS(condition)
539
# Emit D-Bus signal
540
self.CheckerCompleted(dbus.Int16(exitstatus),
541
dbus.Int64(condition),
542
dbus.String(command))
543
else:
544
# Emit D-Bus signal
545
self.CheckerCompleted(dbus.Int16(-1),
546
dbus.Int64(condition),
547
dbus.String(command))
548
549
return Client.checker_callback(self, pid, condition, command,
550
*args, **kwargs)
551
552
def checked_ok(self, *args, **kwargs):
553
r = Client.checked_ok(self, *args, **kwargs)
554
# Emit D-Bus signal
555
self.PropertyChanged(
556
dbus.String(u"last_checked_ok"),
557
(self._datetime_to_dbus(self.last_checked_ok,
558
variant_level=1)))
559
return r
560
561
def start_checker(self, *args, **kwargs):
562
old_checker = self.checker
563
if self.checker is not None:
564
old_checker_pid = self.checker.pid
565
else:
566
old_checker_pid = None
567
r = Client.start_checker(self, *args, **kwargs)
568
# Only if new checker process was started
569
if (self.checker is not None
570
and old_checker_pid != self.checker.pid):
571
# Emit D-Bus signal
572
self.CheckerStarted(self.current_checker_command)
573
self.PropertyChanged(
574
dbus.String(u"checker_running"),
575
dbus.Boolean(True, variant_level=1))
576
return r
577
578
def stop_checker(self, *args, **kwargs):
579
old_checker = getattr(self, u"checker", None)
580
r = Client.stop_checker(self, *args, **kwargs)
581
if (old_checker is not None
582
and getattr(self, u"checker", None) is None):
583
self.PropertyChanged(dbus.String(u"checker_running"),
584
dbus.Boolean(False, variant_level=1))
585
return r
586
587
## D-Bus methods & signals
588
_interface = u"se.bsnet.fukt.Mandos.Client"
589
590
# CheckedOK - method
591
@dbus.service.method(_interface)
592
def CheckedOK(self):
593
return self.checked_ok()
594
595
# CheckerCompleted - signal
596
@dbus.service.signal(_interface, signature=u"nxs")
597
def CheckerCompleted(self, exitcode, waitstatus, command):
598
"D-Bus signal"
599
pass
600
601
# CheckerStarted - signal
602
@dbus.service.signal(_interface, signature=u"s")
603
def CheckerStarted(self, command):
604
"D-Bus signal"
605
pass
606
607
# GetAllProperties - method
608
@dbus.service.method(_interface, out_signature=u"a{sv}")
609
def GetAllProperties(self):
610
"D-Bus method"
611
return dbus.Dictionary({
612
dbus.String(u"name"):
613
dbus.String(self.name, variant_level=1),
614
dbus.String(u"fingerprint"):
615
dbus.String(self.fingerprint, variant_level=1),
616
dbus.String(u"host"):
617
dbus.String(self.host, variant_level=1),
618
dbus.String(u"created"):
619
self._datetime_to_dbus(self.created,
620
variant_level=1),
621
dbus.String(u"last_enabled"):
622
(self._datetime_to_dbus(self.last_enabled,
623
variant_level=1)
624
if self.last_enabled is not None
625
else dbus.Boolean(False, variant_level=1)),
626
dbus.String(u"enabled"):
627
dbus.Boolean(self.enabled, variant_level=1),
628
dbus.String(u"last_checked_ok"):
629
(self._datetime_to_dbus(self.last_checked_ok,
630
variant_level=1)
631
if self.last_checked_ok is not None
632
else dbus.Boolean (False, variant_level=1)),
633
dbus.String(u"timeout"):
634
dbus.UInt64(self.timeout_milliseconds(),
635
variant_level=1),
636
dbus.String(u"interval"):
637
dbus.UInt64(self.interval_milliseconds(),
638
variant_level=1),
639
dbus.String(u"checker"):
640
dbus.String(self.checker_command,
641
variant_level=1),
642
dbus.String(u"checker_running"):
643
dbus.Boolean(self.checker is not None,
644
variant_level=1),
645
dbus.String(u"object_path"):
646
dbus.ObjectPath(self.dbus_object_path,
647
variant_level=1)
648
}, signature=u"sv")
649
650
# IsStillValid - method
651
@dbus.service.method(_interface, out_signature=u"b")
652
def IsStillValid(self):
653
return self.still_valid()
654
655
# PropertyChanged - signal
656
@dbus.service.signal(_interface, signature=u"sv")
657
def PropertyChanged(self, property, value):
658
"D-Bus signal"
659
pass
660
661
# ReceivedSecret - signal
662
@dbus.service.signal(_interface)
663
def ReceivedSecret(self):
664
"D-Bus signal"
665
pass
666
667
# Rejected - signal
668
@dbus.service.signal(_interface)
669
def Rejected(self):
670
"D-Bus signal"
671
pass
672
673
# SetChecker - method
674
@dbus.service.method(_interface, in_signature=u"s")
675
def SetChecker(self, checker):
676
"D-Bus setter method"
677
self.checker_command = checker
678
# Emit D-Bus signal
679
self.PropertyChanged(dbus.String(u"checker"),
680
dbus.String(self.checker_command,
681
variant_level=1))
682
683
# SetHost - method
684
@dbus.service.method(_interface, in_signature=u"s")
685
def SetHost(self, host):
686
"D-Bus setter method"
687
self.host = host
688
# Emit D-Bus signal
689
self.PropertyChanged(dbus.String(u"host"),
690
dbus.String(self.host, variant_level=1))
691
692
# SetInterval - method
693
@dbus.service.method(_interface, in_signature=u"t")
694
def SetInterval(self, milliseconds):
695
self.interval = datetime.timedelta(0, 0, 0, milliseconds)
696
# Emit D-Bus signal
697
self.PropertyChanged(dbus.String(u"interval"),
698
(dbus.UInt64(self.interval_milliseconds(),
699
variant_level=1)))
700
701
# SetSecret - method
702
@dbus.service.method(_interface, in_signature=u"ay",
703
byte_arrays=True)
704
def SetSecret(self, secret):
705
"D-Bus setter method"
706
self.secret = str(secret)
707
708
# SetTimeout - method
709
@dbus.service.method(_interface, in_signature=u"t")
710
def SetTimeout(self, milliseconds):
711
self.timeout = datetime.timedelta(0, 0, 0, milliseconds)
712
# Emit D-Bus signal
713
self.PropertyChanged(dbus.String(u"timeout"),
714
(dbus.UInt64(self.timeout_milliseconds(),
715
variant_level=1)))
716
717
# Enable - method
718
@dbus.service.method(_interface)
719
def Enable(self):
720
"D-Bus method"
721
self.enable()
722
723
# StartChecker - method
724
@dbus.service.method(_interface)
725
def StartChecker(self):
726
"D-Bus method"
727
self.start_checker()
728
729
# Disable - method
730
@dbus.service.method(_interface)
731
def Disable(self):
732
"D-Bus method"
733
self.disable()
734
735
# StopChecker - method
736
@dbus.service.method(_interface)
737
def StopChecker(self):
738
self.stop_checker()
739
740
del _interface
741
742
743
class ClientHandler(socketserver.BaseRequestHandler, object):
744
"""A class to handle client connections.
745
746
Instantiated once for each connection to handle it.
314
return now < (self.last_seen + self.timeout)
315
316
317
def peer_certificate(session):
318
"Return the peer's OpenPGP certificate as a bytestring"
319
# If not an OpenPGP certificate...
320
if gnutls.library.functions.gnutls_certificate_type_get\
321
(session._c_object) \
322
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP:
323
# ...do the normal thing
324
return session.peer_certificate
325
list_size = ctypes.c_uint()
326
cert_list = gnutls.library.functions.gnutls_certificate_get_peers\
327
(session._c_object, ctypes.byref(list_size))
328
if list_size.value == 0:
329
return None
330
cert = cert_list[0]
331
return ctypes.string_at(cert.data, cert.size)
332
333
334
def fingerprint(openpgp):
335
"Convert an OpenPGP bytestring to a hexdigit fingerprint string"
336
# New empty GnuTLS certificate
337
crt = gnutls.library.types.gnutls_openpgp_crt_t()
338
gnutls.library.functions.gnutls_openpgp_crt_init\
339
(ctypes.byref(crt))
340
# New GnuTLS "datum" with the OpenPGP public key
341
datum = gnutls.library.types.gnutls_datum_t\
342
(ctypes.cast(ctypes.c_char_p(openpgp),
343
ctypes.POINTER(ctypes.c_ubyte)),
344
ctypes.c_uint(len(openpgp)))
345
# Import the OpenPGP public key into the certificate
346
ret = gnutls.library.functions.gnutls_openpgp_crt_import\
347
(crt,
348
ctypes.byref(datum),
349
gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)
350
# New buffer for the fingerprint
351
buffer = ctypes.create_string_buffer(20)
352
buffer_length = ctypes.c_size_t()
353
# Get the fingerprint from the certificate into the buffer
354
gnutls.library.functions.gnutls_openpgp_crt_get_fingerprint\
355
(crt, ctypes.byref(buffer), ctypes.byref(buffer_length))
356
# Deinit the certificate
357
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
358
# Convert the buffer to a Python bytestring
359
fpr = ctypes.string_at(buffer, buffer_length.value)
360
# Convert the bytestring to hexadecimal notation
361
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
362
return hex_fpr
363
364
365
class tcp_handler(SocketServer.BaseRequestHandler, object):
366
"""A TCP request handler class.
367
Instantiated by IPv6_TCPServer for each request to handle it.
747
368
Note: This will run in its own forked process."""
748
369
749
370
def handle(self):
750
logger.info(u"TCP connection from: %s",
751
unicode(self.client_address))
752
logger.debug(u"IPC Pipe FD: %d", self.server.pipe[1])
753
# Open IPC pipe to parent process
754
with closing(os.fdopen(self.server.pipe[1], u"w", 1)) as ipc:
755
session = (gnutls.connection
756
.ClientSession(self.request,
757
gnutls.connection
758
.X509Credentials()))
759
760
line = self.request.makefile().readline()
761
logger.debug(u"Protocol version: %r", line)
762
try:
763
if int(line.strip().split()[0]) > 1:
764
raise RuntimeError
765
except (ValueError, IndexError, RuntimeError), error:
766
logger.error(u"Unknown protocol version: %s", error)
767
return
768
769
# Note: gnutls.connection.X509Credentials is really a
770
# generic GnuTLS certificate credentials object so long as
771
# no X.509 keys are added to it. Therefore, we can use it
772
# here despite using OpenPGP certificates.
773
774
#priority = u':'.join((u"NONE", u"+VERS-TLS1.1",
775
# u"+AES-256-CBC", u"+SHA1",
776
# u"+COMP-NULL", u"+CTYPE-OPENPGP",
777
# u"+DHE-DSS"))
778
# Use a fallback default, since this MUST be set.
779
priority = self.server.gnutls_priority
780
if priority is None:
781
priority = u"NORMAL"
782
(gnutls.library.functions
783
.gnutls_priority_set_direct(session._c_object,
784
priority, None))
785
786
try:
787
session.handshake()
788
except gnutls.errors.GNUTLSError, error:
789
logger.warning(u"Handshake failed: %s", error)
790
# Do not run session.bye() here: the session is not
791
# established. Just abandon the request.
792
return
793
logger.debug(u"Handshake succeeded")
794
try:
795
fpr = self.fingerprint(self.peer_certificate(session))
796
except (TypeError, gnutls.errors.GNUTLSError), error:
797
logger.warning(u"Bad certificate: %s", error)
798
session.bye()
799
return
800
logger.debug(u"Fingerprint: %s", fpr)
801
802
for c in self.server.clients:
803
if c.fingerprint == fpr:
804
client = c
805
break
371
logger.debug(u"TCP connection from: %s",
372
unicode(self.client_address))
373
session = gnutls.connection.ClientSession(self.request,
374
gnutls.connection.\
375
X509Credentials())
376
377
#priority = ':'.join(("NONE", "+VERS-TLS1.1", "+AES-256-CBC",
378
# "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",
379
# "+DHE-DSS"))
380
priority = "SECURE256"
381
382
gnutls.library.functions.gnutls_priority_set_direct\
383
(session._c_object, priority, None);
384
385
try:
386
session.handshake()
387
except gnutls.errors.GNUTLSError, error:
388
logger.debug(u"Handshake failed: %s", error)
389
# Do not run session.bye() here: the session is not
390
# established. Just abandon the request.
391
return
392
try:
393
fpr = fingerprint(peer_certificate(session))
394
except (TypeError, gnutls.errors.GNUTLSError), error:
395
logger.debug(u"Bad certificate: %s", error)
396
session.bye()
397
return
398
logger.debug(u"Fingerprint: %s", fpr)
399
client = None
400
for c in self.server.clients:
401
if c.fingerprint == fpr:
402
client = c
403
break
404
# Have to check if client.still_valid(), since it is possible
405
# that the client timed out while establishing the GnuTLS
406
# session.
407
if (not client) or (not client.still_valid()):
408
if client:
409
logger.debug(u"Client %(name)s is invalid",
410
vars(client))
806
411
else:
807
ipc.write(u"NOTFOUND %s\n" % fpr)
808
session.bye()
809
return
810
# Have to check if client.still_valid(), since it is
811
# possible that the client timed out while establishing
812
# the GnuTLS session.
813
if not client.still_valid():
814
ipc.write(u"INVALID %s\n" % client.name)
815
session.bye()
816
return
817
ipc.write(u"SENDING %s\n" % client.name)
818
sent_size = 0
819
while sent_size < len(client.secret):
820
sent = session.send(client.secret[sent_size:])
821
logger.debug(u"Sent: %d, remaining: %d",
822
sent, len(client.secret)
823
- (sent_size + sent))
824
sent_size += sent
412
logger.debug(u"Client not found for fingerprint: %s",
413
fpr)
825
414
session.bye()
826
827
@staticmethod
828
def peer_certificate(session):
829
"Return the peer's OpenPGP certificate as a bytestring"
830
# If not an OpenPGP certificate...
831
if (gnutls.library.functions
832
.gnutls_certificate_type_get(session._c_object)
833
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
834
# ...do the normal thing
835
return session.peer_certificate
836
list_size = ctypes.c_uint(1)
837
cert_list = (gnutls.library.functions
838
.gnutls_certificate_get_peers
839
(session._c_object, ctypes.byref(list_size)))
840
if not bool(cert_list) and list_size.value != 0:
841
raise gnutls.errors.GNUTLSError(u"error getting peer"
842
u" certificate")
843
if list_size.value == 0:
844
return None
845
cert = cert_list[0]
846
return ctypes.string_at(cert.data, cert.size)
847
848
@staticmethod
849
def fingerprint(openpgp):
850
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
851
# New GnuTLS "datum" with the OpenPGP public key
852
datum = (gnutls.library.types
853
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
854
ctypes.POINTER
855
(ctypes.c_ubyte)),
856
ctypes.c_uint(len(openpgp))))
857
# New empty GnuTLS certificate
858
crt = gnutls.library.types.gnutls_openpgp_crt_t()
859
(gnutls.library.functions
860
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
861
# Import the OpenPGP public key into the certificate
862
(gnutls.library.functions
863
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
864
gnutls.library.constants
865
.GNUTLS_OPENPGP_FMT_RAW))
866
# Verify the self signature in the key
867
crtverify = ctypes.c_uint()
868
(gnutls.library.functions
869
.gnutls_openpgp_crt_verify_self(crt, 0,
870
ctypes.byref(crtverify)))
871
if crtverify.value != 0:
872
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
873
raise (gnutls.errors.CertificateSecurityError
874
(u"Verify failed"))
875
# New buffer for the fingerprint
876
buf = ctypes.create_string_buffer(20)
877
buf_len = ctypes.c_size_t()
878
# Get the fingerprint from the certificate into the buffer
879
(gnutls.library.functions
880
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
881
ctypes.byref(buf_len)))
882
# Deinit the certificate
883
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
884
# Convert the buffer to a Python bytestring
885
fpr = ctypes.string_at(buf, buf_len.value)
886
# Convert the bytestring to hexadecimal notation
887
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
888
return hex_fpr
889
890
891
class ForkingMixInWithPipe(socketserver.ForkingMixIn, object):
892
"""Like socketserver.ForkingMixIn, but also pass a pipe.
893
894
Assumes a gobject.MainLoop event loop.
895
"""
896
def process_request(self, request, client_address):
897
"""Overrides and wraps the original process_request().
898
899
This function creates a new pipe in self.pipe
900
"""
901
self.pipe = os.pipe()
902
super(ForkingMixInWithPipe,
903
self).process_request(request, client_address)
904
os.close(self.pipe[1]) # close write end
905
# Call "handle_ipc" for both data and EOF events
906
gobject.io_add_watch(self.pipe[0],
907
gobject.IO_IN | gobject.IO_HUP,
908
self.handle_ipc)
909
def handle_ipc(source, condition):
910
"""Dummy function; override as necessary"""
911
os.close(source)
912
return False
913
914
915
class IPv6_TCPServer(ForkingMixInWithPipe,
916
socketserver.TCPServer, object):
917
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
918
415
return
416
sent_size = 0
417
while sent_size < len(client.secret):
418
sent = session.send(client.secret[sent_size:])
419
logger.debug(u"Sent: %d, remaining: %d",
420
sent, len(client.secret)
421
- (sent_size + sent))
422
sent_size += sent
423
session.bye()
424
425
426
class IPv6_TCPServer(SocketServer.ForkingTCPServer, object):
427
"""IPv6 TCP server. Accepts 'None' as address and/or port.
919
428
Attributes:
920
enabled: Boolean; whether this server is activated yet
921
interface: None or a network interface name (string)
922
use_ipv6: Boolean; to use IPv6 or not
923
----
924
clients: set of Client objects
925
gnutls_priority GnuTLS priority string
926
use_dbus: Boolean; to emit D-Bus signals or not
429
options: Command line options
430
clients: Set() of Client objects
927
431
"""
928
def __init__(self, server_address, RequestHandlerClass,
929
interface=None, use_ipv6=True, clients=None,
930
gnutls_priority=None, use_dbus=True):
931
self.enabled = False
932
self.interface = interface
933
if use_ipv6:
934
self.address_family = socket.AF_INET6
935
self.clients = clients
936
self.use_dbus = use_dbus
937
self.gnutls_priority = gnutls_priority
938
socketserver.TCPServer.__init__(self, server_address,
939
RequestHandlerClass)
432
address_family = socket.AF_INET6
433
def __init__(self, *args, **kwargs):
434
if "options" in kwargs:
435
self.options = kwargs["options"]
436
del kwargs["options"]
437
if "clients" in kwargs:
438
self.clients = kwargs["clients"]
439
del kwargs["clients"]
440
return super(type(self), self).__init__(*args, **kwargs)
940
441
def server_bind(self):
941
442
"""This overrides the normal server_bind() function
942
443
to bind to an interface if one was specified, and also NOT to
943
444
bind to an address or port if they were not specified."""
944
if self.interface is not None:
445
if self.options.interface:
446
if not hasattr(socket, "SO_BINDTODEVICE"):
447
# From /usr/include/asm-i486/socket.h
448
socket.SO_BINDTODEVICE = 25
945
449
try:
946
450
self.socket.setsockopt(socket.SOL_SOCKET,
947
SO_BINDTODEVICE,
948
str(self.interface + u'\0'))
451
socket.SO_BINDTODEVICE,
452
self.options.interface)
949
453
except socket.error, error:
950
454
if error[0] == errno.EPERM:
951
logger.error(u"No permission to"
952
u" bind to interface %s",
953
self.interface)
455
logger.warning(u"No permission to"
456
u" bind to interface %s",
457
self.options.interface)
954
458
else:
955
raise
459
raise error
956
460
# Only bind(2) the socket if we really need to.
957
461
if self.server_address[0] or self.server_address[1]:
958
462
if not self.server_address[0]:
959
if self.address_family == socket.AF_INET6:
960
any_address = u"::" # in6addr_any
961
else:
962
any_address = socket.INADDR_ANY
963
self.server_address = (any_address,
463
in6addr_any = "::"
464
self.server_address = (in6addr_any,
964
465
self.server_address[1])
965
elif not self.server_address[1]:
466
elif self.server_address[1] is None:
966
467
self.server_address = (self.server_address[0],
967
468
0)
968
# if self.interface:
969
# self.server_address = (self.server_address[0],
970
# 0, # port
971
# 0, # flowinfo
972
# if_nametoindex
973
# (self.interface))
974
return socketserver.TCPServer.server_bind(self)
975
def server_activate(self):
976
if self.enabled:
977
return socketserver.TCPServer.server_activate(self)
978
def enable(self):
979
self.enabled = True
980
def handle_ipc(self, source, condition, file_objects={}):
981
condition_names = {
982
gobject.IO_IN: u"IN", # There is data to read.
983
gobject.IO_OUT: u"OUT", # Data can be written (without
984
# blocking).
985
gobject.IO_PRI: u"PRI", # There is urgent data to read.
986
gobject.IO_ERR: u"ERR", # Error condition.
987
gobject.IO_HUP: u"HUP" # Hung up (the connection has been
988
# broken, usually for pipes and
989
# sockets).
990
}
991
conditions_string = ' | '.join(name
992
for cond, name in
993
condition_names.iteritems()
994
if cond & condition)
995
logger.debug(u"Handling IPC: FD = %d, condition = %s", source,
996
conditions_string)
997
998
# Turn the pipe file descriptor into a Python file object
999
if source not in file_objects:
1000
file_objects[source] = os.fdopen(source, u"r", 1)
1001
1002
# Read a line from the file object
1003
cmdline = file_objects[source].readline()
1004
if not cmdline: # Empty line means end of file
1005
# close the IPC pipe
1006
file_objects[source].close()
1007
del file_objects[source]
1008
1009
# Stop calling this function
1010
return False
1011
1012
logger.debug(u"IPC command: %r", cmdline)
1013
1014
# Parse and act on command
1015
cmd, args = cmdline.rstrip(u"\r\n").split(None, 1)
1016
1017
if cmd == u"NOTFOUND":
1018
logger.warning(u"Client not found for fingerprint: %s",
1019
args)
1020
if self.use_dbus:
1021
# Emit D-Bus signal
1022
mandos_dbus_service.ClientNotFound(args)
1023
elif cmd == u"INVALID":
1024
for client in self.clients:
1025
if client.name == args:
1026
logger.warning(u"Client %s is invalid", args)
1027
if self.use_dbus:
1028
# Emit D-Bus signal
1029
client.Rejected()
1030
break
1031
else:
1032
logger.error(u"Unknown client %s is invalid", args)
1033
elif cmd == u"SENDING":
1034
for client in self.clients:
1035
if client.name == args:
1036
logger.info(u"Sending secret to %s", client.name)
1037
client.checked_ok()
1038
if self.use_dbus:
1039
# Emit D-Bus signal
1040
client.ReceivedSecret()
1041
break
1042
else:
1043
logger.error(u"Sending secret to unknown client %s",
1044
args)
1045
else:
1046
logger.error(u"Unknown IPC command: %r", cmdline)
1047
1048
# Keep calling this function
1049
return True
469
return super(type(self), self).server_bind()
1050
470
1051
471
1052
472
def string_to_delta(interval):
1053
473
"""Parse a string and return a datetime.timedelta
1054
1055
>>> string_to_delta(u'7d')
474
475
>>> string_to_delta('7d')
1056
476
datetime.timedelta(7)
1057
>>> string_to_delta(u'60s')
477
>>> string_to_delta('60s')
1058
478
datetime.timedelta(0, 60)
1059
>>> string_to_delta(u'60m')
479
>>> string_to_delta('60m')
1060
480
datetime.timedelta(0, 3600)
1061
>>> string_to_delta(u'24h')
481
>>> string_to_delta('24h')
1062
482
datetime.timedelta(1)
1063
483
>>> string_to_delta(u'1w')
1064
484
datetime.timedelta(7)
1065
>>> string_to_delta(u'5m 30s')
1066
datetime.timedelta(0, 330)
1067
485
"""
1068
timevalue = datetime.timedelta(0)
1069
for s in interval.split():
1070
try:
1071
suffix = unicode(s[-1])
1072
value = int(s[:-1])
1073
if suffix == u"d":
1074
delta = datetime.timedelta(value)
1075
elif suffix == u"s":
1076
delta = datetime.timedelta(0, value)
1077
elif suffix == u"m":
1078
delta = datetime.timedelta(0, 0, 0, 0, value)
1079
elif suffix == u"h":
1080
delta = datetime.timedelta(0, 0, 0, 0, 0, value)
1081
elif suffix == u"w":
1082
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
1083
else:
1084
raise ValueError
1085
except (ValueError, IndexError):
486
try:
487
suffix=unicode(interval[-1])
488
value=int(interval[:-1])
489
if suffix == u"d":
490
delta = datetime.timedelta(value)
491
elif suffix == u"s":
492
delta = datetime.timedelta(0, value)
493
elif suffix == u"m":
494
delta = datetime.timedelta(0, 0, 0, 0, value)
495
elif suffix == u"h":
496
delta = datetime.timedelta(0, 0, 0, 0, 0, value)
497
elif suffix == u"w":
498
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
499
else:
1086
500
raise ValueError
1087
timevalue += delta
1088
return timevalue
501
except (ValueError, IndexError):
502
raise ValueError
503
return delta
504
505
506
def add_service():
507
"""Derived from the Avahi example code"""
508
global group, serviceName, serviceType, servicePort, serviceTXT, \
509
domain, host
510
if group is None:
511
group = dbus.Interface(
512
bus.get_object( avahi.DBUS_NAME,
513
server.EntryGroupNew()),
514
avahi.DBUS_INTERFACE_ENTRY_GROUP)
515
group.connect_to_signal('StateChanged',
516
entry_group_state_changed)
517
logger.debug(u"Adding service '%s' of type '%s' ...",
518
serviceName, serviceType)
519
520
group.AddService(
521
serviceInterface, # interface
522
avahi.PROTO_INET6, # protocol
523
dbus.UInt32(0), # flags
524
serviceName, serviceType,
525
domain, host,
526
dbus.UInt16(servicePort),
527
avahi.string_array_to_txt_array(serviceTXT))
528
group.Commit()
529
530
531
def remove_service():
532
"""From the Avahi example code"""
533
global group
534
535
if not group is None:
536
group.Reset()
537
538
539
def server_state_changed(state):
540
"""Derived from the Avahi example code"""
541
if state == avahi.SERVER_COLLISION:
542
logger.warning(u"Server name collision")
543
remove_service()
544
elif state == avahi.SERVER_RUNNING:
545
add_service()
546
547
548
def entry_group_state_changed(state, error):
549
"""Derived from the Avahi example code"""
550
global serviceName, server, rename_count
551
552
logger.debug(u"state change: %i", state)
553
554
if state == avahi.ENTRY_GROUP_ESTABLISHED:
555
logger.debug(u"Service established.")
556
elif state == avahi.ENTRY_GROUP_COLLISION:
557
558
rename_count = rename_count - 1
559
if rename_count > 0:
560
name = server.GetAlternativeServiceName(name)
561
logger.warning(u"Service name collision, "
562
u"changing name to '%s' ...", name)
563
remove_service()
564
add_service()
565
566
else:
567
logger.error(u"No suitable service name found after %i"
568
u" retries, exiting.", n_rename)
569
killme(1)
570
elif state == avahi.ENTRY_GROUP_FAILURE:
571
logger.error(u"Error in group state changed %s",
572
unicode(error))
573
killme(1)
1089
574
1090
575
1091
576
def if_nametoindex(interface):
1092
"""Call the C function if_nametoindex(), or equivalent
1093
1094
Note: This function cannot accept a unicode string."""
1095
global if_nametoindex
577
"""Call the C function if_nametoindex()"""
1096
578
try:
1097
if_nametoindex = (ctypes.cdll.LoadLibrary
1098
(ctypes.util.find_library(u"c"))
1099
.if_nametoindex)
579
libc = ctypes.cdll.LoadLibrary("libc.so.6")
580
return libc.if_nametoindex(interface)
1100
581
except (OSError, AttributeError):
1101
logger.warning(u"Doing if_nametoindex the hard way")
1102
def if_nametoindex(interface):
1103
"Get an interface index the hard way, i.e. using fcntl()"
1104
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
1105
with closing(socket.socket()) as s:
1106
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
1107
struct.pack(str(u"16s16x"),
1108
interface))
1109
interface_index = struct.unpack(str(u"I"),
1110
ifreq[16:20])[0]
1111
return interface_index
1112
return if_nametoindex(interface)
1113
1114
1115
def daemon(nochdir = False, noclose = False):
582
if "struct" not in sys.modules:
583
import struct
584
if "fcntl" not in sys.modules:
585
import fcntl
586
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
587
s = socket.socket()
588
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
589
struct.pack("16s16x", interface))
590
s.close()
591
interface_index = struct.unpack("I", ifreq[16:20])[0]
592
return interface_index
593
594
595
def daemon(nochdir, noclose):
1116
596
"""See daemon(3). Standard BSD Unix function.
1117
1118
597
This should really exist as os.daemon, but it doesn't (yet)."""
1119
598
if os.fork():
1120
599
sys.exit()
1121
600
os.setsid()
1122
601
if not nochdir:
1123
os.chdir(u"/")
1124
if os.fork():
1125
sys.exit()
602
os.chdir("/")
1126
603
if not noclose:
1127
604
# Close all standard open file descriptors
1128
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
605
null = os.open("/dev/null", os.O_NOCTTY | os.O_RDWR)
1129
606
if not stat.S_ISCHR(os.fstat(null).st_mode):
1130
607
raise OSError(errno.ENODEV,
1131
u"/dev/null not a character device")
608
"/dev/null not a character device")
1132
609
os.dup2(null, sys.stdin.fileno())
1133
610
os.dup2(null, sys.stdout.fileno())
1134
611
os.dup2(null, sys.stderr.fileno())
1136
613
os.close(null)
1137
614
1138
615
616
def killme(status = 0):
617
logger.debug("Stopping server with exit status %d", status)
618
exitstatus = status
619
if main_loop_started:
620
main_loop.quit()
621
else:
622
sys.exit(status)
623
624
1139
625
def main():
1140
1141
######################################################################
1142
# Parsing of options, both command line and config file
1143
1144
parser = optparse.OptionParser(version = "%%prog %s" % version)
1145
parser.add_option("-i", u"--interface", type=u"string",
1146
metavar="IF", help=u"Bind to interface IF")
1147
parser.add_option("-a", u"--address", type=u"string",
1148
help=u"Address to listen for requests on")
1149
parser.add_option("-p", u"--port", type=u"int",
1150
help=u"Port number to receive requests on")
1151
parser.add_option("--check", action=u"store_true",
1152
help=u"Run self-test")
1153
parser.add_option("--debug", action=u"store_true",
1154
help=u"Debug mode; run in foreground and log to"
1155
u" terminal")
1156
parser.add_option("--priority", type=u"string", help=u"GnuTLS"
1157
u" priority string (see GnuTLS documentation)")
1158
parser.add_option("--servicename", type=u"string",
1159
metavar=u"NAME", help=u"Zeroconf service name")
1160
parser.add_option("--configdir", type=u"string",
1161
default=u"/etc/mandos", metavar=u"DIR",
1162
help=u"Directory to search for configuration"
1163
u" files")
1164
parser.add_option("--no-dbus", action=u"store_false",
1165
dest=u"use_dbus", help=u"Do not provide D-Bus"
1166
u" system bus interface")
1167
parser.add_option("--no-ipv6", action=u"store_false",
1168
dest=u"use_ipv6", help=u"Do not use IPv6")
1169
options = parser.parse_args()[0]
626
global exitstatus
627
exitstatus = 0
628
global main_loop_started
629
main_loop_started = False
630
631
parser = OptionParser()
632
parser.add_option("-i", "--interface", type="string",
633
default=None, metavar="IF",
634
help="Bind to interface IF")
635
parser.add_option("-a", "--address", type="string", default=None,
636
help="Address to listen for requests on")
637
parser.add_option("-p", "--port", type="int", default=None,
638
help="Port number to receive requests on")
639
parser.add_option("--timeout", type="string", # Parsed later
640
default="1h",
641
help="Amount of downtime allowed for clients")
642
parser.add_option("--interval", type="string", # Parsed later
643
default="5m",
644
help="How often to check that a client is up")
645
parser.add_option("--check", action="store_true", default=False,
646
help="Run self-test")
647
parser.add_option("--debug", action="store_true", default=False,
648
help="Debug mode")
649
(options, args) = parser.parse_args()
1170
650
1171
651
if options.check:
1172
652
import doctest
1173
653
doctest.testmod()
1174
654
sys.exit()
1175
655
1176
# Default values for config file for server-global settings
1177
server_defaults = { u"interface": u"",
1178
u"address": u"",
1179
u"port": u"",
1180
u"debug": u"False",
1181
u"priority":
1182
u"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1183
u"servicename": u"Mandos",
1184
u"use_dbus": u"True",
1185
u"use_ipv6": u"True",
1186
}
1187
1188
# Parse config file for server-global settings
1189
server_config = configparser.SafeConfigParser(server_defaults)
1190
del server_defaults
1191
server_config.read(os.path.join(options.configdir,
1192
u"mandos.conf"))
1193
# Convert the SafeConfigParser object to a dict
1194
server_settings = server_config.defaults()
1195
# Use the appropriate methods on the non-string config options
1196
for option in (u"debug", u"use_dbus", u"use_ipv6"):
1197
server_settings[option] = server_config.getboolean(u"DEFAULT",
1198
option)
1199
if server_settings["port"]:
1200
server_settings["port"] = server_config.getint(u"DEFAULT",
1201
u"port")
1202
del server_config
1203
1204
# Override the settings from the config file with command line
1205
# options, if set.
1206
for option in (u"interface", u"address", u"port", u"debug",
1207
u"priority", u"servicename", u"configdir",
1208
u"use_dbus", u"use_ipv6"):
1209
value = getattr(options, option)
1210
if value is not None:
1211
server_settings[option] = value
1212
del options
1213
# Force all strings to be unicode
1214
for option in server_settings.keys():
1215
if type(server_settings[option]) is str:
1216
server_settings[option] = unicode(server_settings[option])
1217
# Now we have our good server settings in "server_settings"
1218
1219
##################################################################
1220
1221
# For convenience
1222
debug = server_settings[u"debug"]
1223
use_dbus = server_settings[u"use_dbus"]
1224
use_ipv6 = server_settings[u"use_ipv6"]
1225
1226
if not debug:
1227
syslogger.setLevel(logging.WARNING)
1228
console.setLevel(logging.WARNING)
1229
1230
if server_settings[u"servicename"] != u"Mandos":
1231
syslogger.setFormatter(logging.Formatter
1232
(u'Mandos (%s) [%%(process)d]:'
1233
u' %%(levelname)s: %%(message)s'
1234
% server_settings[u"servicename"]))
1235
1236
# Parse config file with clients
1237
client_defaults = { u"timeout": u"1h",
1238
u"interval": u"5m",
1239
u"checker": u"fping -q -- %%(host)s",
1240
u"host": u"",
1241
}
1242
client_config = configparser.SafeConfigParser(client_defaults)
1243
client_config.read(os.path.join(server_settings[u"configdir"],
1244
u"clients.conf"))
1245
1246
global mandos_dbus_service
1247
mandos_dbus_service = None
1248
1249
clients = set()
1250
tcp_server = IPv6_TCPServer((server_settings[u"address"],
1251
server_settings[u"port"]),
1252
ClientHandler,
1253
interface=
1254
server_settings[u"interface"],
1255
use_ipv6=use_ipv6,
1256
clients=clients,
1257
gnutls_priority=
1258
server_settings[u"priority"],
1259
use_dbus=use_dbus)
1260
pidfilename = u"/var/run/mandos.pid"
1261
try:
1262
pidfile = open(pidfilename, u"w")
1263
except IOError:
1264
logger.error(u"Could not open file %r", pidfilename)
1265
1266
try:
1267
uid = pwd.getpwnam(u"_mandos").pw_uid
1268
gid = pwd.getpwnam(u"_mandos").pw_gid
1269
except KeyError:
1270
try:
1271
uid = pwd.getpwnam(u"mandos").pw_uid
1272
gid = pwd.getpwnam(u"mandos").pw_gid
1273
except KeyError:
1274
try:
1275
uid = pwd.getpwnam(u"nobody").pw_uid
1276
gid = pwd.getpwnam(u"nobody").pw_gid
1277
except KeyError:
1278
uid = 65534
1279
gid = 65534
1280
try:
1281
os.setgid(gid)
1282
os.setuid(uid)
1283
except OSError, error:
1284
if error[0] != errno.EPERM:
1285
raise error
1286
1287
# Enable all possible GnuTLS debugging
1288
if debug:
1289
# "Use a log level over 10 to enable all debugging options."
1290
# - GnuTLS manual
1291
gnutls.library.functions.gnutls_global_set_log_level(11)
1292
1293
@gnutls.library.types.gnutls_log_func
1294
def debug_gnutls(level, string):
1295
logger.debug(u"GnuTLS: %s", string[:-1])
1296
1297
(gnutls.library.functions
1298
.gnutls_global_set_log_function(debug_gnutls))
1299
1300
global service
1301
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
1302
service = AvahiService(name = server_settings[u"servicename"],
1303
servicetype = u"_mandos._tcp",
1304
protocol = protocol)
1305
if server_settings["interface"]:
1306
service.interface = (if_nametoindex
1307
(str(server_settings[u"interface"])))
656
# Parse the time arguments
657
try:
658
options.timeout = string_to_delta(options.timeout)
659
except ValueError:
660
parser.error("option --timeout: Unparseable time")
661
try:
662
options.interval = string_to_delta(options.interval)
663
except ValueError:
664
parser.error("option --interval: Unparseable time")
665
666
# Parse config file
667
defaults = { "checker": "fping -q -- %%(fqdn)s" }
668
client_config = ConfigParser.SafeConfigParser(defaults)
669
#client_config.readfp(open("global.conf"), "global.conf")
670
client_config.read("mandos-clients.conf")
1308
671
1309
672
global main_loop
1310
673
global bus
674
global server
1311
675
# From the Avahi example code
1312
676
DBusGMainLoop(set_as_default=True )
1313
677
main_loop = gobject.MainLoop()
1314
678
bus = dbus.SystemBus()
679
server = dbus.Interface(
680
bus.get_object( avahi.DBUS_NAME, avahi.DBUS_PATH_SERVER ),
681
avahi.DBUS_INTERFACE_SERVER )
1315
682
# End of Avahi example code
1316
if use_dbus:
1317
bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos", bus)
1318
683
1319
client_class = Client
1320
if use_dbus:
1321
client_class = ClientDBus
1322
clients.update(set(
1323
client_class(name = section,
1324
config= dict(client_config.items(section)))
1325
for section in client_config.sections()))
1326
if not clients:
1327
logger.warning(u"No clients defined")
684
debug = options.debug
1328
685
1329
686
if debug:
1330
# Redirect stdin so all checkers get /dev/null
1331
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1332
os.dup2(null, sys.stdin.fileno())
1333
if null > 2:
1334
os.close(null)
1335
else:
1336
# No console logging
1337
logger.removeHandler(console)
1338
# Close all input and output, do double fork, etc.
1339
daemon()
1340
1341
try:
1342
with closing(pidfile):
1343
pid = os.getpid()
1344
pidfile.write(str(pid) + "\n")
1345
del pidfile
1346
except IOError:
1347
logger.error(u"Could not write to file %r with PID %d",
1348
pidfilename, pid)
1349
except NameError:
1350
# "pidfile" was never created
1351
pass
1352
del pidfilename
687
console = logging.StreamHandler()
688
# console.setLevel(logging.DEBUG)
689
console.setFormatter(logging.Formatter\
690
('%(levelname)s: %(message)s'))
691
logger.addHandler(console)
692
del console
693
694
clients = Set()
695
def remove_from_clients(client):
696
clients.remove(client)
697
if not clients:
698
logger.debug(u"No clients left, exiting")
699
killme()
700
701
clients.update(Set(Client(name=section, options=options,
702
stop_hook = remove_from_clients,
703
**(dict(client_config\
704
.items(section))))
705
for section in client_config.sections()))
706
707
if not debug:
708
daemon(False, False)
1353
709
1354
710
def cleanup():
1355
711
"Cleanup function; run on exit"
1356
service.cleanup()
712
global group
713
# From the Avahi example code
714
if not group is None:
715
group.Free()
716
group = None
717
# End of Avahi example code
1357
718
1358
719
while clients:
1359
720
client = clients.pop()
1360
client.disable_hook = None
1361
client.disable()
721
client.stop_hook = None
722
client.stop()
1362
723
1363
724
atexit.register(cleanup)
1364
725
1365
726
if not debug:
1366
727
signal.signal(signal.SIGINT, signal.SIG_IGN)
1367
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
1368
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
1369
1370
if use_dbus:
1371
class MandosDBusService(dbus.service.Object):
1372
"""A D-Bus proxy object"""
1373
def __init__(self):
1374
dbus.service.Object.__init__(self, bus, u"/")
1375
_interface = u"se.bsnet.fukt.Mandos"
1376
1377
@dbus.service.signal(_interface, signature=u"oa{sv}")
1378
def ClientAdded(self, objpath, properties):
1379
"D-Bus signal"
1380
pass
1381
1382
@dbus.service.signal(_interface, signature=u"s")
1383
def ClientNotFound(self, fingerprint):
1384
"D-Bus signal"
1385
pass
1386
1387
@dbus.service.signal(_interface, signature=u"os")
1388
def ClientRemoved(self, objpath, name):
1389
"D-Bus signal"
1390
pass
1391
1392
@dbus.service.method(_interface, out_signature=u"ao")
1393
def GetAllClients(self):
1394
"D-Bus method"
1395
return dbus.Array(c.dbus_object_path for c in clients)
1396
1397
@dbus.service.method(_interface,
1398
out_signature=u"a{oa{sv}}")
1399
def GetAllClientsWithProperties(self):
1400
"D-Bus method"
1401
return dbus.Dictionary(
1402
((c.dbus_object_path, c.GetAllProperties())
1403
for c in clients),
1404
signature=u"oa{sv}")
1405
1406
@dbus.service.method(_interface, in_signature=u"o")
1407
def RemoveClient(self, object_path):
1408
"D-Bus method"
1409
for c in clients:
1410
if c.dbus_object_path == object_path:
1411
clients.remove(c)
1412
c.remove_from_connection()
1413
# Don't signal anything except ClientRemoved
1414
c.disable(signal=False)
1415
# Emit D-Bus signal
1416
self.ClientRemoved(object_path, c.name)
1417
return
1418
raise KeyError
1419
1420
del _interface
1421
1422
mandos_dbus_service = MandosDBusService()
728
signal.signal(signal.SIGHUP, lambda signum, frame: killme())
729
signal.signal(signal.SIGTERM, lambda signum, frame: killme())
1423
730
1424
731
for client in clients:
1425
if use_dbus:
1426
# Emit D-Bus signal
1427
mandos_dbus_service.ClientAdded(client.dbus_object_path,
1428
client.GetAllProperties())
1429
client.enable()
1430
1431
tcp_server.enable()
1432
tcp_server.server_activate()
1433
1434
# Find out what port we got
1435
service.port = tcp_server.socket.getsockname()[1]
1436
if use_ipv6:
1437
logger.info(u"Now listening on address %r, port %d,"
1438
" flowinfo %d, scope_id %d"
1439
% tcp_server.socket.getsockname())
1440
else: # IPv4
1441
logger.info(u"Now listening on address %r, port %d"
1442
% tcp_server.socket.getsockname())
1443
1444
#service.interface = tcp_server.socket.getsockname()[3]
1445
1446
try:
1447
# From the Avahi example code
1448
try:
1449
service.activate()
1450
except dbus.exceptions.DBusException, error:
1451
logger.critical(u"DBusException: %s", error)
1452
sys.exit(1)
1453
# End of Avahi example code
1454
1455
gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,
1456
lambda *args, **kwargs:
1457
(tcp_server.handle_request
1458
(*args[2:], **kwargs) or True))
1459
1460
logger.debug(u"Starting main loop")
732
client.start()
733
734
tcp_server = IPv6_TCPServer((options.address, options.port),
735
tcp_handler,
736
options=options,
737
clients=clients)
738
# Find out what random port we got
739
global servicePort
740
servicePort = tcp_server.socket.getsockname()[1]
741
logger.debug(u"Now listening on port %d", servicePort)
742
743
if options.interface is not None:
744
global serviceInterface
745
serviceInterface = if_nametoindex(options.interface)
746
747
# From the Avahi example code
748
server.connect_to_signal("StateChanged", server_state_changed)
749
try:
750
server_state_changed(server.GetState())
751
except dbus.exceptions.DBusException, error:
752
logger.critical(u"DBusException: %s", error)
753
killme(1)
754
# End of Avahi example code
755
756
gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,
757
lambda *args, **kwargs:
758
tcp_server.handle_request(*args[2:],
759
**kwargs) or True)
760
try:
761
logger.debug("Starting main loop")
762
main_loop_started = True
1461
763
main_loop.run()
1462
except AvahiError, error:
1463
logger.critical(u"AvahiError: %s", error)
1464
sys.exit(1)
1465
764
except KeyboardInterrupt:
1466
765
if debug:
1467
print >> sys.stderr
1468
logger.debug(u"Server received KeyboardInterrupt")
1469
logger.debug(u"Server exiting")
766
print
767
768
sys.exit(exitstatus)
1470
769
1471
770
if __name__ == '__main__':
1472
771
main()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0