To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 289
- compare with another revision
- download diff
- download tarball
- view history from revision 289
- Committer: Björn Påhlsson
- Date: 2011-10-15 16:48:03 UTC
- Revision ID: belorn@fukt.bsnet.se-20111015164803-61q3hzrv91d042mb
Tags: version-1.4.1-1
* Makefile (version): Changed to "1.4.1".
* NEWS (Version 1.4.1): New entry.
* debian/changelog (1.4.1-1): - '' -
* NEWS (Version 1.4.1): New entry.
* debian/changelog (1.4.1-1): - '' -
- files added:
- DBUS-API
- debian/source
- files modified:
- .bzrignore
added
removed
mandos
6
6
# This program is partly derived from an example program for an Avahi
7
7
# service publisher, downloaded from
8
8
# <http://avahi.org/wiki/PythonPublishExample>. This includes the
9
# methods "add" and "remove" in the "AvahiService" class, the
10
# "server_state_changed" and "entry_group_state_changed" functions,
11
# and some lines in "main".
9
# methods "add", "remove", "server_state_changed",
10
# "entry_group_state_changed", "cleanup", and "activate" in the
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008,2009 Teddy Hogeborn
15
# Copyright © 2008,2009 Björn Påhlsson
14
# Copyright © 2008-2011 Teddy Hogeborn
15
# Copyright © 2008-2011 Björn Påhlsson
16
16
#
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
28
28
# along with this program. If not, see
29
29
# <http://www.gnu.org/licenses/>.
30
30
#
31
# Contact the authors at <mandos@fukt.bsnet.se>.
31
# Contact the authors at <mandos@recompile.se>.
32
32
#
33
33
34
from __future__ import division, with_statement, absolute_import
34
from __future__ import (division, absolute_import, print_function,
35
unicode_literals)
35
36
36
import SocketServer
37
import SocketServer as socketserver
37
38
import socket
38
import optparse
39
import argparse
39
40
import datetime
40
41
import errno
41
42
import gnutls.crypto
44
45
import gnutls.library.functions
45
46
import gnutls.library.constants
46
47
import gnutls.library.types
47
import ConfigParser
48
import ConfigParser as configparser
48
49
import sys
49
50
import re
50
51
import os
51
52
import signal
52
from sets import Set
53
53
import subprocess
54
54
import atexit
55
55
import stat
56
56
import logging
57
57
import logging.handlers
58
58
import pwd
59
from contextlib import closing
59
import contextlib
60
import struct
61
import fcntl
62
import functools
63
import cPickle as pickle
64
import multiprocessing
65
import types
60
66
61
67
import dbus
62
68
import dbus.service
65
71
from dbus.mainloop.glib import DBusGMainLoop
66
72
import ctypes
67
73
import ctypes.util
68
69
version = "1.0.8"
70
74
import xml.dom.minidom
75
import inspect
76
77
try:
78
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
79
except AttributeError:
80
try:
81
from IN import SO_BINDTODEVICE
82
except ImportError:
83
SO_BINDTODEVICE = None
84
85
86
version = "1.4.1"
87
88
#logger = logging.getLogger('mandos')
71
89
logger = logging.Logger('mandos')
72
90
syslogger = (logging.handlers.SysLogHandler
73
91
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
74
address = "/dev/log"))
92
address = str("/dev/log")))
75
93
syslogger.setFormatter(logging.Formatter
76
94
('Mandos [%(process)d]: %(levelname)s:'
77
95
' %(message)s'))
79
97
80
98
console = logging.StreamHandler()
81
99
console.setFormatter(logging.Formatter('%(name)s [%(process)d]:'
82
' %(levelname)s: %(message)s'))
100
' %(levelname)s:'
101
' %(message)s'))
83
102
logger.addHandler(console)
84
103
85
104
class AvahiError(Exception):
98
117
99
118
class AvahiService(object):
100
119
"""An Avahi (Zeroconf) service.
120
101
121
Attributes:
102
122
interface: integer; avahi.IF_UNSPEC or an interface index.
103
123
Used to optionally bind to the specified interface.
111
131
max_renames: integer; maximum number of renames
112
132
rename_count: integer; counter so we only rename after collisions
113
133
a sensible number of times
134
group: D-Bus Entry Group
135
server: D-Bus Server
136
bus: dbus.SystemBus()
114
137
"""
115
138
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
116
139
servicetype = None, port = None, TXT = None,
117
140
domain = "", host = "", max_renames = 32768,
118
protocol = avahi.PROTO_UNSPEC):
141
protocol = avahi.PROTO_UNSPEC, bus = None):
119
142
self.interface = interface
120
143
self.name = name
121
144
self.type = servicetype
126
149
self.rename_count = 0
127
150
self.max_renames = max_renames
128
151
self.protocol = protocol
152
self.group = None # our entry group
153
self.server = None
154
self.bus = bus
155
self.entry_group_state_changed_match = None
129
156
def rename(self):
130
157
"""Derived from the Avahi example code"""
131
158
if self.rename_count >= self.max_renames:
132
logger.critical(u"No suitable Zeroconf service name found"
133
u" after %i retries, exiting.",
159
logger.critical("No suitable Zeroconf service name found"
160
" after %i retries, exiting.",
134
161
self.rename_count)
135
raise AvahiServiceError(u"Too many renames")
136
self.name = server.GetAlternativeServiceName(self.name)
137
logger.info(u"Changing Zeroconf service name to %r ...",
138
str(self.name))
162
raise AvahiServiceError("Too many renames")
163
self.name = unicode(self.server
164
.GetAlternativeServiceName(self.name))
165
logger.info("Changing Zeroconf service name to %r ...",
166
self.name)
139
167
syslogger.setFormatter(logging.Formatter
140
168
('Mandos (%s) [%%(process)d]:'
141
169
' %%(levelname)s: %%(message)s'
142
170
% self.name))
143
171
self.remove()
144
self.add()
172
try:
173
self.add()
174
except dbus.exceptions.DBusException as error:
175
logger.critical("DBusException: %s", error)
176
self.cleanup()
177
os._exit(1)
145
178
self.rename_count += 1
146
179
def remove(self):
147
180
"""Derived from the Avahi example code"""
148
if group is not None:
149
group.Reset()
181
if self.entry_group_state_changed_match is not None:
182
self.entry_group_state_changed_match.remove()
183
self.entry_group_state_changed_match = None
184
if self.group is not None:
185
self.group.Reset()
150
186
def add(self):
151
187
"""Derived from the Avahi example code"""
152
global group
153
if group is None:
154
group = dbus.Interface(bus.get_object
155
(avahi.DBUS_NAME,
156
server.EntryGroupNew()),
157
avahi.DBUS_INTERFACE_ENTRY_GROUP)
158
group.connect_to_signal('StateChanged',
159
entry_group_state_changed)
160
logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",
161
service.name, service.type)
162
group.AddService(
163
self.interface, # interface
164
self.protocol, # protocol
165
dbus.UInt32(0), # flags
166
self.name, self.type,
167
self.domain, self.host,
168
dbus.UInt16(self.port),
169
avahi.string_array_to_txt_array(self.TXT))
170
group.Commit()
171
172
# From the Avahi example code:
173
group = None # our entry group
174
# End of Avahi example code
175
176
177
def _datetime_to_dbus(dt, variant_level=0):
178
"""Convert a UTC datetime.datetime() to a D-Bus type."""
179
return dbus.String(dt.isoformat(), variant_level=variant_level)
180
181
188
self.remove()
189
if self.group is None:
190
self.group = dbus.Interface(
191
self.bus.get_object(avahi.DBUS_NAME,
192
self.server.EntryGroupNew()),
193
avahi.DBUS_INTERFACE_ENTRY_GROUP)
194
self.entry_group_state_changed_match = (
195
self.group.connect_to_signal(
196
'StateChanged', self .entry_group_state_changed))
197
logger.debug("Adding Zeroconf service '%s' of type '%s' ...",
198
self.name, self.type)
199
self.group.AddService(
200
self.interface,
201
self.protocol,
202
dbus.UInt32(0), # flags
203
self.name, self.type,
204
self.domain, self.host,
205
dbus.UInt16(self.port),
206
avahi.string_array_to_txt_array(self.TXT))
207
self.group.Commit()
208
def entry_group_state_changed(self, state, error):
209
"""Derived from the Avahi example code"""
210
logger.debug("Avahi entry group state change: %i", state)
211
212
if state == avahi.ENTRY_GROUP_ESTABLISHED:
213
logger.debug("Zeroconf service established.")
214
elif state == avahi.ENTRY_GROUP_COLLISION:
215
logger.info("Zeroconf service name collision.")
216
self.rename()
217
elif state == avahi.ENTRY_GROUP_FAILURE:
218
logger.critical("Avahi: Error in group state changed %s",
219
unicode(error))
220
raise AvahiGroupError("State changed: %s"
221
% unicode(error))
222
def cleanup(self):
223
"""Derived from the Avahi example code"""
224
if self.group is not None:
225
try:
226
self.group.Free()
227
except (dbus.exceptions.UnknownMethodException,
228
dbus.exceptions.DBusException) as e:
229
pass
230
self.group = None
231
self.remove()
232
def server_state_changed(self, state, error=None):
233
"""Derived from the Avahi example code"""
234
logger.debug("Avahi server state change: %i", state)
235
bad_states = { avahi.SERVER_INVALID:
236
"Zeroconf server invalid",
237
avahi.SERVER_REGISTERING: None,
238
avahi.SERVER_COLLISION:
239
"Zeroconf server name collision",
240
avahi.SERVER_FAILURE:
241
"Zeroconf server failure" }
242
if state in bad_states:
243
if bad_states[state] is not None:
244
if error is None:
245
logger.error(bad_states[state])
246
else:
247
logger.error(bad_states[state] + ": %r", error)
248
self.cleanup()
249
elif state == avahi.SERVER_RUNNING:
250
self.add()
251
else:
252
if error is None:
253
logger.debug("Unknown state: %r", state)
254
else:
255
logger.debug("Unknown state: %r: %r", state, error)
256
def activate(self):
257
"""Derived from the Avahi example code"""
258
if self.server is None:
259
self.server = dbus.Interface(
260
self.bus.get_object(avahi.DBUS_NAME,
261
avahi.DBUS_PATH_SERVER,
262
follow_name_owner_changes=True),
263
avahi.DBUS_INTERFACE_SERVER)
264
self.server.connect_to_signal("StateChanged",
265
self.server_state_changed)
266
self.server_state_changed(self.server.GetState())
267
268
269
def _timedelta_to_milliseconds(td):
270
"Convert a datetime.timedelta() to milliseconds"
271
return ((td.days * 24 * 60 * 60 * 1000)
272
+ (td.seconds * 1000)
273
+ (td.microseconds // 1000))
274
182
275
class Client(object):
183
276
"""A representation of a client host served by this server.
277
184
278
Attributes:
185
name: string; from the config file, used in log messages and
186
D-Bus identifiers
187
fingerprint: string (40 or 32 hexadecimal digits); used to
188
uniquely identify the client
189
secret: bytestring; sent verbatim (over TLS) to client
190
host: string; available for use by the checker command
191
created: datetime.datetime(); (UTC) object creation
192
last_enabled: datetime.datetime(); (UTC)
193
enabled: bool()
194
last_checked_ok: datetime.datetime(); (UTC) or None
195
timeout: datetime.timedelta(); How long from last_checked_ok
196
until this client is invalid
197
interval: datetime.timedelta(); How often to start a new checker
198
disable_hook: If set, called by disable() as disable_hook(self)
279
_approved: bool(); 'None' if not yet approved/disapproved
280
approval_delay: datetime.timedelta(); Time to wait for approval
281
approval_duration: datetime.timedelta(); Duration of one approval
199
282
checker: subprocess.Popen(); a running checker process used
200
283
to see if the client lives.
201
284
'None' if no process is running.
202
checker_initiator_tag: a gobject event source tag, or None
203
disable_initiator_tag: - '' -
204
checker_callback_tag: - '' -
205
checker_command: string; External command which is run to check if
206
client lives. %() expansions are done at
285
checker_callback_tag: a gobject event source tag, or None
286
checker_command: string; External command which is run to check
287
if client lives. %() expansions are done at
207
288
runtime with vars(self) as dict, so that for
208
289
instance %(name)s can be used in the command.
290
checker_initiator_tag: a gobject event source tag, or None
291
created: datetime.datetime(); (UTC) object creation
209
292
current_checker_command: string; current running checker_command
293
disable_hook: If set, called by disable() as disable_hook(self)
294
disable_initiator_tag: a gobject event source tag, or None
295
enabled: bool()
296
fingerprint: string (40 or 32 hexadecimal digits); used to
297
uniquely identify the client
298
host: string; available for use by the checker command
299
interval: datetime.timedelta(); How often to start a new checker
300
last_approval_request: datetime.datetime(); (UTC) or None
301
last_checked_ok: datetime.datetime(); (UTC) or None
302
last_enabled: datetime.datetime(); (UTC)
303
name: string; from the config file, used in log messages and
304
D-Bus identifiers
305
secret: bytestring; sent verbatim (over TLS) to client
306
timeout: datetime.timedelta(); How long from last_checked_ok
307
until this client is disabled
308
extended_timeout: extra long timeout when password has been sent
309
runtime_expansions: Allowed attributes for runtime expansion.
310
expires: datetime.datetime(); time (UTC) when a client will be
311
disabled, or None
210
312
"""
313
314
runtime_expansions = ("approval_delay", "approval_duration",
315
"created", "enabled", "fingerprint",
316
"host", "interval", "last_checked_ok",
317
"last_enabled", "name", "timeout")
318
211
319
def timeout_milliseconds(self):
212
320
"Return the 'timeout' attribute in milliseconds"
213
return ((self.timeout.days * 24 * 60 * 60 * 1000)
214
+ (self.timeout.seconds * 1000)
215
+ (self.timeout.microseconds // 1000))
321
return _timedelta_to_milliseconds(self.timeout)
322
323
def extended_timeout_milliseconds(self):
324
"Return the 'extended_timeout' attribute in milliseconds"
325
return _timedelta_to_milliseconds(self.extended_timeout)
216
326
217
327
def interval_milliseconds(self):
218
328
"Return the 'interval' attribute in milliseconds"
219
return ((self.interval.days * 24 * 60 * 60 * 1000)
220
+ (self.interval.seconds * 1000)
221
+ (self.interval.microseconds // 1000))
329
return _timedelta_to_milliseconds(self.interval)
330
331
def approval_delay_milliseconds(self):
332
return _timedelta_to_milliseconds(self.approval_delay)
222
333
223
334
def __init__(self, name = None, disable_hook=None, config=None):
224
335
"""Note: the 'checker' key in 'config' sets the
227
338
self.name = name
228
339
if config is None:
229
340
config = {}
230
logger.debug(u"Creating client %r", self.name)
341
logger.debug("Creating client %r", self.name)
231
342
# Uppercase and remove spaces from fingerprint for later
232
343
# comparison purposes with return value from the fingerprint()
233
344
# function
234
345
self.fingerprint = (config["fingerprint"].upper()
235
.replace(u" ", u""))
236
logger.debug(u" Fingerprint: %s", self.fingerprint)
346
.replace(" ", ""))
347
logger.debug(" Fingerprint: %s", self.fingerprint)
237
348
if "secret" in config:
238
self.secret = config["secret"].decode(u"base64")
349
self.secret = config["secret"].decode("base64")
239
350
elif "secfile" in config:
240
with closing(open(os.path.expanduser
241
(os.path.expandvars
242
(config["secfile"])))) as secfile:
351
with open(os.path.expanduser(os.path.expandvars
352
(config["secfile"])),
353
"rb") as secfile:
243
354
self.secret = secfile.read()
244
355
else:
245
raise TypeError(u"No secret or secfile for client %s"
356
raise TypeError("No secret or secfile for client %s"
246
357
% self.name)
247
358
self.host = config.get("host", "")
248
359
self.created = datetime.datetime.utcnow()
249
360
self.enabled = False
361
self.last_approval_request = None
250
362
self.last_enabled = None
251
363
self.last_checked_ok = None
252
364
self.timeout = string_to_delta(config["timeout"])
365
self.extended_timeout = string_to_delta(config
366
["extended_timeout"])
253
367
self.interval = string_to_delta(config["interval"])
254
368
self.disable_hook = disable_hook
255
369
self.checker = None
256
370
self.checker_initiator_tag = None
257
371
self.disable_initiator_tag = None
372
self.expires = None
258
373
self.checker_callback_tag = None
259
374
self.checker_command = config["checker"]
260
375
self.current_checker_command = None
261
376
self.last_connect = None
377
self._approved = None
378
self.approved_by_default = config.get("approved_by_default",
379
True)
380
self.approvals_pending = 0
381
self.approval_delay = string_to_delta(
382
config["approval_delay"])
383
self.approval_duration = string_to_delta(
384
config["approval_duration"])
385
self.changedstate = (multiprocessing_manager
386
.Condition(multiprocessing_manager
387
.Lock()))
388
389
def send_changedstate(self):
390
self.changedstate.acquire()
391
self.changedstate.notify_all()
392
self.changedstate.release()
262
393
263
394
def enable(self):
264
395
"""Start this client's checker and timeout hooks"""
265
self.last_enabled = datetime.datetime.utcnow()
396
if getattr(self, "enabled", False):
397
# Already enabled
398
return
399
self.send_changedstate()
266
400
# Schedule a new checker to be started an 'interval' from now,
267
401
# and every interval from then on.
268
402
self.checker_initiator_tag = (gobject.timeout_add
269
403
(self.interval_milliseconds(),
270
404
self.start_checker))
271
# Also start a new checker *right now*.
272
self.start_checker()
273
405
# Schedule a disable() when 'timeout' has passed
406
self.expires = datetime.datetime.utcnow() + self.timeout
274
407
self.disable_initiator_tag = (gobject.timeout_add
275
408
(self.timeout_milliseconds(),
276
409
self.disable))
277
410
self.enabled = True
411
self.last_enabled = datetime.datetime.utcnow()
412
# Also start a new checker *right now*.
413
self.start_checker()
278
414
279
def disable(self):
415
def disable(self, quiet=True):
280
416
"""Disable this client."""
281
417
if not getattr(self, "enabled", False):
282
418
return False
283
logger.info(u"Disabling client %s", self.name)
419
if not quiet:
420
self.send_changedstate()
421
if not quiet:
422
logger.info("Disabling client %s", self.name)
284
423
if getattr(self, "disable_initiator_tag", False):
285
424
gobject.source_remove(self.disable_initiator_tag)
286
425
self.disable_initiator_tag = None
426
self.expires = None
287
427
if getattr(self, "checker_initiator_tag", False):
288
428
gobject.source_remove(self.checker_initiator_tag)
289
429
self.checker_initiator_tag = None
305
445
if os.WIFEXITED(condition):
306
446
exitstatus = os.WEXITSTATUS(condition)
307
447
if exitstatus == 0:
308
logger.info(u"Checker for %(name)s succeeded",
448
logger.info("Checker for %(name)s succeeded",
309
449
vars(self))
310
450
self.checked_ok()
311
451
else:
312
logger.info(u"Checker for %(name)s failed",
452
logger.info("Checker for %(name)s failed",
313
453
vars(self))
314
454
else:
315
logger.warning(u"Checker for %(name)s crashed?",
455
logger.warning("Checker for %(name)s crashed?",
316
456
vars(self))
317
457
318
def checked_ok(self):
458
def checked_ok(self, timeout=None):
319
459
"""Bump up the timeout for this client.
460
320
461
This should only be called when the client has been seen,
321
462
alive and well.
322
463
"""
464
if timeout is None:
465
timeout = self.timeout
323
466
self.last_checked_ok = datetime.datetime.utcnow()
324
gobject.source_remove(self.disable_initiator_tag)
325
self.disable_initiator_tag = (gobject.timeout_add
326
(self.timeout_milliseconds(),
327
self.disable))
467
if self.disable_initiator_tag is not None:
468
gobject.source_remove(self.disable_initiator_tag)
469
if getattr(self, "enabled", False):
470
self.disable_initiator_tag = (gobject.timeout_add
471
(_timedelta_to_milliseconds
472
(timeout), self.disable))
473
self.expires = datetime.datetime.utcnow() + timeout
474
475
def need_approval(self):
476
self.last_approval_request = datetime.datetime.utcnow()
328
477
329
478
def start_checker(self):
330
479
"""Start a new checker subprocess if one is not running.
480
331
481
If a checker already exists, leave it running and do
332
482
nothing."""
333
483
# The reason for not killing a running checker is that if we
336
486
# client would inevitably timeout, since no checker would get
337
487
# a chance to run to completion. If we instead leave running
338
488
# checkers alone, the checker would have to take more time
339
# than 'timeout' for the client to be declared invalid, which
340
# is as it should be.
489
# than 'timeout' for the client to be disabled, which is as it
490
# should be.
341
491
342
492
# If a checker exists, make sure it is not a zombie
343
if self.checker is not None:
493
try:
344
494
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
495
except (AttributeError, OSError) as error:
496
if (isinstance(error, OSError)
497
and error.errno != errno.ECHILD):
498
raise error
499
else:
345
500
if pid:
346
501
logger.warning("Checker was a zombie")
347
502
gobject.source_remove(self.checker_callback_tag)
354
509
command = self.checker_command % self.host
355
510
except TypeError:
356
511
# Escape attributes for the shell
357
escaped_attrs = dict((key, re.escape(str(val)))
358
for key, val in
359
vars(self).iteritems())
512
escaped_attrs = dict(
513
(attr,
514
re.escape(unicode(str(getattr(self, attr, "")),
515
errors=
516
'replace')))
517
for attr in
518
self.runtime_expansions)
519
360
520
try:
361
521
command = self.checker_command % escaped_attrs
362
except TypeError, error:
363
logger.error(u'Could not format string "%s":'
364
u' %s', self.checker_command, error)
522
except TypeError as error:
523
logger.error('Could not format string "%s":'
524
' %s', self.checker_command, error)
365
525
return True # Try again later
366
526
self.current_checker_command = command
367
527
try:
368
logger.info(u"Starting checker %r for %s",
528
logger.info("Starting checker %r for %s",
369
529
command, self.name)
370
530
# We don't need to redirect stdout and stderr, since
371
531
# in normal mode, that is already done by daemon(),
384
544
if pid:
385
545
gobject.source_remove(self.checker_callback_tag)
386
546
self.checker_callback(pid, status, command)
387
except OSError, error:
388
logger.error(u"Failed to start subprocess: %s",
547
except OSError as error:
548
logger.error("Failed to start subprocess: %s",
389
549
error)
390
550
# Re-run this periodically if run by gobject.timeout_add
391
551
return True
397
557
self.checker_callback_tag = None
398
558
if getattr(self, "checker", None) is None:
399
559
return
400
logger.debug(u"Stopping checker for %(name)s", vars(self))
560
logger.debug("Stopping checker for %(name)s", vars(self))
401
561
try:
402
562
os.kill(self.checker.pid, signal.SIGTERM)
403
#os.sleep(0.5)
563
#time.sleep(0.5)
404
564
#if self.checker.poll() is None:
405
565
# os.kill(self.checker.pid, signal.SIGKILL)
406
except OSError, error:
566
except OSError as error:
407
567
if error.errno != errno.ESRCH: # No such process
408
568
raise
409
569
self.checker = None
410
411
def still_valid(self):
412
"""Has the timeout not yet passed for this client?"""
413
if not getattr(self, "enabled", False):
414
return False
415
now = datetime.datetime.utcnow()
416
if self.last_checked_ok is None:
417
return now < (self.created + self.timeout)
418
else:
419
return now < (self.last_checked_ok + self.timeout)
420
421
422
class ClientDBus(Client, dbus.service.Object):
570
571
572
def dbus_service_property(dbus_interface, signature="v",
573
access="readwrite", byte_arrays=False):
574
"""Decorators for marking methods of a DBusObjectWithProperties to
575
become properties on the D-Bus.
576
577
The decorated method will be called with no arguments by "Get"
578
and with one argument by "Set".
579
580
The parameters, where they are supported, are the same as
581
dbus.service.method, except there is only "signature", since the
582
type from Get() and the type sent to Set() is the same.
583
"""
584
# Encoding deeply encoded byte arrays is not supported yet by the
585
# "Set" method, so we fail early here:
586
if byte_arrays and signature != "ay":
587
raise ValueError("Byte arrays not supported for non-'ay'"
588
" signature %r" % signature)
589
def decorator(func):
590
func._dbus_is_property = True
591
func._dbus_interface = dbus_interface
592
func._dbus_signature = signature
593
func._dbus_access = access
594
func._dbus_name = func.__name__
595
if func._dbus_name.endswith("_dbus_property"):
596
func._dbus_name = func._dbus_name[:-14]
597
func._dbus_get_args_options = {'byte_arrays': byte_arrays }
598
return func
599
return decorator
600
601
602
class DBusPropertyException(dbus.exceptions.DBusException):
603
"""A base class for D-Bus property-related exceptions
604
"""
605
def __unicode__(self):
606
return unicode(str(self))
607
608
609
class DBusPropertyAccessException(DBusPropertyException):
610
"""A property's access permissions disallows an operation.
611
"""
612
pass
613
614
615
class DBusPropertyNotFound(DBusPropertyException):
616
"""An attempt was made to access a non-existing property.
617
"""
618
pass
619
620
621
class DBusObjectWithProperties(dbus.service.Object):
622
"""A D-Bus object with properties.
623
624
Classes inheriting from this can use the dbus_service_property
625
decorator to expose methods as D-Bus properties. It exposes the
626
standard Get(), Set(), and GetAll() methods on the D-Bus.
627
"""
628
629
@staticmethod
630
def _is_dbus_property(obj):
631
return getattr(obj, "_dbus_is_property", False)
632
633
def _get_all_dbus_properties(self):
634
"""Returns a generator of (name, attribute) pairs
635
"""
636
return ((prop.__get__(self)._dbus_name, prop.__get__(self))
637
for cls in self.__class__.__mro__
638
for name, prop in
639
inspect.getmembers(cls, self._is_dbus_property))
640
641
def _get_dbus_property(self, interface_name, property_name):
642
"""Returns a bound method if one exists which is a D-Bus
643
property with the specified name and interface.
644
"""
645
for cls in self.__class__.__mro__:
646
for name, value in (inspect.getmembers
647
(cls, self._is_dbus_property)):
648
if (value._dbus_name == property_name
649
and value._dbus_interface == interface_name):
650
return value.__get__(self)
651
652
# No such property
653
raise DBusPropertyNotFound(self.dbus_object_path + ":"
654
+ interface_name + "."
655
+ property_name)
656
657
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
658
out_signature="v")
659
def Get(self, interface_name, property_name):
660
"""Standard D-Bus property Get() method, see D-Bus standard.
661
"""
662
prop = self._get_dbus_property(interface_name, property_name)
663
if prop._dbus_access == "write":
664
raise DBusPropertyAccessException(property_name)
665
value = prop()
666
if not hasattr(value, "variant_level"):
667
return value
668
return type(value)(value, variant_level=value.variant_level+1)
669
670
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ssv")
671
def Set(self, interface_name, property_name, value):
672
"""Standard D-Bus property Set() method, see D-Bus standard.
673
"""
674
prop = self._get_dbus_property(interface_name, property_name)
675
if prop._dbus_access == "read":
676
raise DBusPropertyAccessException(property_name)
677
if prop._dbus_get_args_options["byte_arrays"]:
678
# The byte_arrays option is not supported yet on
679
# signatures other than "ay".
680
if prop._dbus_signature != "ay":
681
raise ValueError
682
value = dbus.ByteArray(''.join(unichr(byte)
683
for byte in value))
684
prop(value)
685
686
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
687
out_signature="a{sv}")
688
def GetAll(self, interface_name):
689
"""Standard D-Bus property GetAll() method, see D-Bus
690
standard.
691
692
Note: Will not include properties with access="write".
693
"""
694
all = {}
695
for name, prop in self._get_all_dbus_properties():
696
if (interface_name
697
and interface_name != prop._dbus_interface):
698
# Interface non-empty but did not match
699
continue
700
# Ignore write-only properties
701
if prop._dbus_access == "write":
702
continue
703
value = prop()
704
if not hasattr(value, "variant_level"):
705
all[name] = value
706
continue
707
all[name] = type(value)(value, variant_level=
708
value.variant_level+1)
709
return dbus.Dictionary(all, signature="sv")
710
711
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
712
out_signature="s",
713
path_keyword='object_path',
714
connection_keyword='connection')
715
def Introspect(self, object_path, connection):
716
"""Standard D-Bus method, overloaded to insert property tags.
717
"""
718
xmlstring = dbus.service.Object.Introspect(self, object_path,
719
connection)
720
try:
721
document = xml.dom.minidom.parseString(xmlstring)
722
def make_tag(document, name, prop):
723
e = document.createElement("property")
724
e.setAttribute("name", name)
725
e.setAttribute("type", prop._dbus_signature)
726
e.setAttribute("access", prop._dbus_access)
727
return e
728
for if_tag in document.getElementsByTagName("interface"):
729
for tag in (make_tag(document, name, prop)
730
for name, prop
731
in self._get_all_dbus_properties()
732
if prop._dbus_interface
733
== if_tag.getAttribute("name")):
734
if_tag.appendChild(tag)
735
# Add the names to the return values for the
736
# "org.freedesktop.DBus.Properties" methods
737
if (if_tag.getAttribute("name")
738
== "org.freedesktop.DBus.Properties"):
739
for cn in if_tag.getElementsByTagName("method"):
740
if cn.getAttribute("name") == "Get":
741
for arg in cn.getElementsByTagName("arg"):
742
if (arg.getAttribute("direction")
743
== "out"):
744
arg.setAttribute("name", "value")
745
elif cn.getAttribute("name") == "GetAll":
746
for arg in cn.getElementsByTagName("arg"):
747
if (arg.getAttribute("direction")
748
== "out"):
749
arg.setAttribute("name", "props")
750
xmlstring = document.toxml("utf-8")
751
document.unlink()
752
except (AttributeError, xml.dom.DOMException,
753
xml.parsers.expat.ExpatError) as error:
754
logger.error("Failed to override Introspection method",
755
error)
756
return xmlstring
757
758
759
def datetime_to_dbus (dt, variant_level=0):
760
"""Convert a UTC datetime.datetime() to a D-Bus type."""
761
if dt is None:
762
return dbus.String("", variant_level = variant_level)
763
return dbus.String(dt.isoformat(),
764
variant_level=variant_level)
765
766
class AlternateDBusNamesMetaclass(DBusObjectWithProperties
767
.__metaclass__):
768
"""Applied to an empty subclass of a D-Bus object, this metaclass
769
will add additional D-Bus attributes matching a certain pattern.
770
"""
771
def __new__(mcs, name, bases, attr):
772
# Go through all the base classes which could have D-Bus
773
# methods, signals, or properties in them
774
for base in (b for b in bases
775
if issubclass(b, dbus.service.Object)):
776
# Go though all attributes of the base class
777
for attrname, attribute in inspect.getmembers(base):
778
# Ignore non-D-Bus attributes, and D-Bus attributes
779
# with the wrong interface name
780
if (not hasattr(attribute, "_dbus_interface")
781
or not attribute._dbus_interface
782
.startswith("se.recompile.Mandos")):
783
continue
784
# Create an alternate D-Bus interface name based on
785
# the current name
786
alt_interface = (attribute._dbus_interface
787
.replace("se.recompile.Mandos",
788
"se.bsnet.fukt.Mandos"))
789
# Is this a D-Bus signal?
790
if getattr(attribute, "_dbus_is_signal", False):
791
# Extract the original non-method function by
792
# black magic
793
nonmethod_func = (dict(
794
zip(attribute.func_code.co_freevars,
795
attribute.__closure__))["func"]
796
.cell_contents)
797
# Create a new, but exactly alike, function
798
# object, and decorate it to be a new D-Bus signal
799
# with the alternate D-Bus interface name
800
new_function = (dbus.service.signal
801
(alt_interface,
802
attribute._dbus_signature)
803
(types.FunctionType(
804
nonmethod_func.func_code,
805
nonmethod_func.func_globals,
806
nonmethod_func.func_name,
807
nonmethod_func.func_defaults,
808
nonmethod_func.func_closure)))
809
# Define a creator of a function to call both the
810
# old and new functions, so both the old and new
811
# signals gets sent when the function is called
812
def fixscope(func1, func2):
813
"""This function is a scope container to pass
814
func1 and func2 to the "call_both" function
815
outside of its arguments"""
816
def call_both(*args, **kwargs):
817
"""This function will emit two D-Bus
818
signals by calling func1 and func2"""
819
func1(*args, **kwargs)
820
func2(*args, **kwargs)
821
return call_both
822
# Create the "call_both" function and add it to
823
# the class
824
attr[attrname] = fixscope(attribute,
825
new_function)
826
# Is this a D-Bus method?
827
elif getattr(attribute, "_dbus_is_method", False):
828
# Create a new, but exactly alike, function
829
# object. Decorate it to be a new D-Bus method
830
# with the alternate D-Bus interface name. Add it
831
# to the class.
832
attr[attrname] = (dbus.service.method
833
(alt_interface,
834
attribute._dbus_in_signature,
835
attribute._dbus_out_signature)
836
(types.FunctionType
837
(attribute.func_code,
838
attribute.func_globals,
839
attribute.func_name,
840
attribute.func_defaults,
841
attribute.func_closure)))
842
# Is this a D-Bus property?
843
elif getattr(attribute, "_dbus_is_property", False):
844
# Create a new, but exactly alike, function
845
# object, and decorate it to be a new D-Bus
846
# property with the alternate D-Bus interface
847
# name. Add it to the class.
848
attr[attrname] = (dbus_service_property
849
(alt_interface,
850
attribute._dbus_signature,
851
attribute._dbus_access,
852
attribute
853
._dbus_get_args_options
854
["byte_arrays"])
855
(types.FunctionType
856
(attribute.func_code,
857
attribute.func_globals,
858
attribute.func_name,
859
attribute.func_defaults,
860
attribute.func_closure)))
861
return type.__new__(mcs, name, bases, attr)
862
863
class ClientDBus(Client, DBusObjectWithProperties):
423
864
"""A Client class using D-Bus
865
424
866
Attributes:
425
dbus_object_path: dbus.ObjectPath ; only set if self.use_dbus
867
dbus_object_path: dbus.ObjectPath
868
bus: dbus.SystemBus()
426
869
"""
870
871
runtime_expansions = (Client.runtime_expansions
872
+ ("dbus_object_path",))
873
427
874
# dbus.service.Object doesn't use super(), so we can't either.
428
875
429
def __init__(self, *args, **kwargs):
876
def __init__(self, bus = None, *args, **kwargs):
877
self._approvals_pending = 0
878
self.bus = bus
430
879
Client.__init__(self, *args, **kwargs)
431
880
# Only now, when this client is initialized, can it show up on
432
881
# the D-Bus
882
client_object_name = unicode(self.name).translate(
883
{ord("."): ord("_"),
884
ord("-"): ord("_")})
433
885
self.dbus_object_path = (dbus.ObjectPath
434
("/clients/"
435
+ self.name.replace(".", "_")))
436
dbus.service.Object.__init__(self, bus,
437
self.dbus_object_path)
438
def enable(self):
439
oldstate = getattr(self, "enabled", False)
440
r = Client.enable(self)
441
if oldstate != self.enabled:
442
# Emit D-Bus signals
443
self.PropertyChanged(dbus.String(u"enabled"),
444
dbus.Boolean(True, variant_level=1))
445
self.PropertyChanged(dbus.String(u"last_enabled"),
446
(_datetime_to_dbus(self.last_enabled,
447
variant_level=1)))
448
return r
449
450
def disable(self, signal = True):
451
oldstate = getattr(self, "enabled", False)
452
r = Client.disable(self)
453
if signal and oldstate != self.enabled:
454
# Emit D-Bus signal
455
self.PropertyChanged(dbus.String(u"enabled"),
456
dbus.Boolean(False, variant_level=1))
457
return r
886
("/clients/" + client_object_name))
887
DBusObjectWithProperties.__init__(self, self.bus,
888
self.dbus_object_path)
889
890
def notifychangeproperty(transform_func,
891
dbus_name, type_func=lambda x: x,
892
variant_level=1):
893
""" Modify a variable so that it's a property which announces
894
its changes to DBus.
895
896
transform_fun: Function that takes a value and a variant_level
897
and transforms it to a D-Bus type.
898
dbus_name: D-Bus name of the variable
899
type_func: Function that transform the value before sending it
900
to the D-Bus. Default: no transform
901
variant_level: D-Bus variant level. Default: 1
902
"""
903
attrname = "_{0}".format(dbus_name)
904
def setter(self, value):
905
if hasattr(self, "dbus_object_path"):
906
if (not hasattr(self, attrname) or
907
type_func(getattr(self, attrname, None))
908
!= type_func(value)):
909
dbus_value = transform_func(type_func(value),
910
variant_level
911
=variant_level)
912
self.PropertyChanged(dbus.String(dbus_name),
913
dbus_value)
914
setattr(self, attrname, value)
915
916
return property(lambda self: getattr(self, attrname), setter)
917
918
919
expires = notifychangeproperty(datetime_to_dbus, "Expires")
920
approvals_pending = notifychangeproperty(dbus.Boolean,
921
"ApprovalPending",
922
type_func = bool)
923
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
924
last_enabled = notifychangeproperty(datetime_to_dbus,
925
"LastEnabled")
926
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
927
type_func = lambda checker:
928
checker is not None)
929
last_checked_ok = notifychangeproperty(datetime_to_dbus,
930
"LastCheckedOK")
931
last_approval_request = notifychangeproperty(
932
datetime_to_dbus, "LastApprovalRequest")
933
approved_by_default = notifychangeproperty(dbus.Boolean,
934
"ApprovedByDefault")
935
approval_delay = notifychangeproperty(dbus.UInt16,
936
"ApprovalDelay",
937
type_func =
938
_timedelta_to_milliseconds)
939
approval_duration = notifychangeproperty(
940
dbus.UInt16, "ApprovalDuration",
941
type_func = _timedelta_to_milliseconds)
942
host = notifychangeproperty(dbus.String, "Host")
943
timeout = notifychangeproperty(dbus.UInt16, "Timeout",
944
type_func =
945
_timedelta_to_milliseconds)
946
extended_timeout = notifychangeproperty(
947
dbus.UInt16, "ExtendedTimeout",
948
type_func = _timedelta_to_milliseconds)
949
interval = notifychangeproperty(dbus.UInt16,
950
"Interval",
951
type_func =
952
_timedelta_to_milliseconds)
953
checker_command = notifychangeproperty(dbus.String, "Checker")
954
955
del notifychangeproperty
458
956
459
957
def __del__(self, *args, **kwargs):
460
958
try:
461
959
self.remove_from_connection()
462
960
except LookupError:
463
961
pass
464
if hasattr(dbus.service.Object, "__del__"):
465
dbus.service.Object.__del__(self, *args, **kwargs)
962
if hasattr(DBusObjectWithProperties, "__del__"):
963
DBusObjectWithProperties.__del__(self, *args, **kwargs)
466
964
Client.__del__(self, *args, **kwargs)
467
965
468
966
def checker_callback(self, pid, condition, command,
469
967
*args, **kwargs):
470
968
self.checker_callback_tag = None
471
969
self.checker = None
472
# Emit D-Bus signal
473
self.PropertyChanged(dbus.String(u"checker_running"),
474
dbus.Boolean(False, variant_level=1))
475
970
if os.WIFEXITED(condition):
476
971
exitstatus = os.WEXITSTATUS(condition)
477
972
# Emit D-Bus signal
487
982
return Client.checker_callback(self, pid, condition, command,
488
983
*args, **kwargs)
489
984
490
def checked_ok(self, *args, **kwargs):
491
r = Client.checked_ok(self, *args, **kwargs)
492
# Emit D-Bus signal
493
self.PropertyChanged(
494
dbus.String(u"last_checked_ok"),
495
(_datetime_to_dbus(self.last_checked_ok,
496
variant_level=1)))
497
return r
498
499
985
def start_checker(self, *args, **kwargs):
500
986
old_checker = self.checker
501
987
if self.checker is not None:
508
994
and old_checker_pid != self.checker.pid):
509
995
# Emit D-Bus signal
510
996
self.CheckerStarted(self.current_checker_command)
511
self.PropertyChanged(
512
dbus.String("checker_running"),
513
dbus.Boolean(True, variant_level=1))
514
return r
515
516
def stop_checker(self, *args, **kwargs):
517
old_checker = getattr(self, "checker", None)
518
r = Client.stop_checker(self, *args, **kwargs)
519
if (old_checker is not None
520
and getattr(self, "checker", None) is None):
521
self.PropertyChanged(dbus.String(u"checker_running"),
522
dbus.Boolean(False, variant_level=1))
523
return r
524
525
## D-Bus methods & signals
526
_interface = u"se.bsnet.fukt.Mandos.Client"
527
528
# CheckedOK - method
529
CheckedOK = dbus.service.method(_interface)(checked_ok)
530
CheckedOK.__name__ = "CheckedOK"
997
return r
998
999
def _reset_approved(self):
1000
self._approved = None
1001
return False
1002
1003
def approve(self, value=True):
1004
self.send_changedstate()
1005
self._approved = value
1006
gobject.timeout_add(_timedelta_to_milliseconds
1007
(self.approval_duration),
1008
self._reset_approved)
1009
1010
1011
## D-Bus methods, signals & properties
1012
_interface = "se.recompile.Mandos.Client"
1013
1014
## Signals
531
1015
532
1016
# CheckerCompleted - signal
533
1017
@dbus.service.signal(_interface, signature="nxs")
541
1025
"D-Bus signal"
542
1026
pass
543
1027
544
# GetAllProperties - method
545
@dbus.service.method(_interface, out_signature="a{sv}")
546
def GetAllProperties(self):
547
"D-Bus method"
548
return dbus.Dictionary({
549
dbus.String("name"):
550
dbus.String(self.name, variant_level=1),
551
dbus.String("fingerprint"):
552
dbus.String(self.fingerprint, variant_level=1),
553
dbus.String("host"):
554
dbus.String(self.host, variant_level=1),
555
dbus.String("created"):
556
_datetime_to_dbus(self.created, variant_level=1),
557
dbus.String("last_enabled"):
558
(_datetime_to_dbus(self.last_enabled,
559
variant_level=1)
560
if self.last_enabled is not None
561
else dbus.Boolean(False, variant_level=1)),
562
dbus.String("enabled"):
563
dbus.Boolean(self.enabled, variant_level=1),
564
dbus.String("last_checked_ok"):
565
(_datetime_to_dbus(self.last_checked_ok,
566
variant_level=1)
567
if self.last_checked_ok is not None
568
else dbus.Boolean (False, variant_level=1)),
569
dbus.String("timeout"):
570
dbus.UInt64(self.timeout_milliseconds(),
571
variant_level=1),
572
dbus.String("interval"):
573
dbus.UInt64(self.interval_milliseconds(),
574
variant_level=1),
575
dbus.String("checker"):
576
dbus.String(self.checker_command,
577
variant_level=1),
578
dbus.String("checker_running"):
579
dbus.Boolean(self.checker is not None,
580
variant_level=1),
581
dbus.String("object_path"):
582
dbus.ObjectPath(self.dbus_object_path,
583
variant_level=1)
584
}, signature="sv")
585
586
# IsStillValid - method
587
@dbus.service.method(_interface, out_signature="b")
588
def IsStillValid(self):
589
return self.still_valid()
590
591
1028
# PropertyChanged - signal
592
1029
@dbus.service.signal(_interface, signature="sv")
593
1030
def PropertyChanged(self, property, value):
594
1031
"D-Bus signal"
595
1032
pass
596
1033
597
# ReceivedSecret - signal
1034
# GotSecret - signal
598
1035
@dbus.service.signal(_interface)
599
def ReceivedSecret(self):
600
"D-Bus signal"
1036
def GotSecret(self):
1037
"""D-Bus signal
1038
Is sent after a successful transfer of secret from the Mandos
1039
server to mandos-client
1040
"""
601
1041
pass
602
1042
603
1043
# Rejected - signal
604
@dbus.service.signal(_interface)
605
def Rejected(self):
1044
@dbus.service.signal(_interface, signature="s")
1045
def Rejected(self, reason):
606
1046
"D-Bus signal"
607
1047
pass
608
1048
609
# SetChecker - method
610
@dbus.service.method(_interface, in_signature="s")
611
def SetChecker(self, checker):
612
"D-Bus setter method"
613
self.checker_command = checker
614
# Emit D-Bus signal
615
self.PropertyChanged(dbus.String(u"checker"),
616
dbus.String(self.checker_command,
617
variant_level=1))
618
619
# SetHost - method
620
@dbus.service.method(_interface, in_signature="s")
621
def SetHost(self, host):
622
"D-Bus setter method"
623
self.host = host
624
# Emit D-Bus signal
625
self.PropertyChanged(dbus.String(u"host"),
626
dbus.String(self.host, variant_level=1))
627
628
# SetInterval - method
629
@dbus.service.method(_interface, in_signature="t")
630
def SetInterval(self, milliseconds):
631
self.interval = datetime.timedelta(0, 0, 0, milliseconds)
632
# Emit D-Bus signal
633
self.PropertyChanged(dbus.String(u"interval"),
634
(dbus.UInt64(self.interval_milliseconds(),
635
variant_level=1)))
636
637
# SetSecret - method
638
@dbus.service.method(_interface, in_signature="ay",
639
byte_arrays=True)
640
def SetSecret(self, secret):
641
"D-Bus setter method"
642
self.secret = str(secret)
643
644
# SetTimeout - method
645
@dbus.service.method(_interface, in_signature="t")
646
def SetTimeout(self, milliseconds):
647
self.timeout = datetime.timedelta(0, 0, 0, milliseconds)
648
# Emit D-Bus signal
649
self.PropertyChanged(dbus.String(u"timeout"),
650
(dbus.UInt64(self.timeout_milliseconds(),
651
variant_level=1)))
1049
# NeedApproval - signal
1050
@dbus.service.signal(_interface, signature="tb")
1051
def NeedApproval(self, timeout, default):
1052
"D-Bus signal"
1053
return self.need_approval()
1054
1055
## Methods
1056
1057
# Approve - method
1058
@dbus.service.method(_interface, in_signature="b")
1059
def Approve(self, value):
1060
self.approve(value)
1061
1062
# CheckedOK - method
1063
@dbus.service.method(_interface)
1064
def CheckedOK(self):
1065
self.checked_ok()
652
1066
653
1067
# Enable - method
654
Enable = dbus.service.method(_interface)(enable)
655
Enable.__name__ = "Enable"
1068
@dbus.service.method(_interface)
1069
def Enable(self):
1070
"D-Bus method"
1071
self.enable()
656
1072
657
1073
# StartChecker - method
658
1074
@dbus.service.method(_interface)
667
1083
self.disable()
668
1084
669
1085
# StopChecker - method
670
StopChecker = dbus.service.method(_interface)(stop_checker)
671
StopChecker.__name__ = "StopChecker"
1086
@dbus.service.method(_interface)
1087
def StopChecker(self):
1088
self.stop_checker()
1089
1090
## Properties
1091
1092
# ApprovalPending - property
1093
@dbus_service_property(_interface, signature="b", access="read")
1094
def ApprovalPending_dbus_property(self):
1095
return dbus.Boolean(bool(self.approvals_pending))
1096
1097
# ApprovedByDefault - property
1098
@dbus_service_property(_interface, signature="b",
1099
access="readwrite")
1100
def ApprovedByDefault_dbus_property(self, value=None):
1101
if value is None: # get
1102
return dbus.Boolean(self.approved_by_default)
1103
self.approved_by_default = bool(value)
1104
1105
# ApprovalDelay - property
1106
@dbus_service_property(_interface, signature="t",
1107
access="readwrite")
1108
def ApprovalDelay_dbus_property(self, value=None):
1109
if value is None: # get
1110
return dbus.UInt64(self.approval_delay_milliseconds())
1111
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1112
1113
# ApprovalDuration - property
1114
@dbus_service_property(_interface, signature="t",
1115
access="readwrite")
1116
def ApprovalDuration_dbus_property(self, value=None):
1117
if value is None: # get
1118
return dbus.UInt64(_timedelta_to_milliseconds(
1119
self.approval_duration))
1120
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1121
1122
# Name - property
1123
@dbus_service_property(_interface, signature="s", access="read")
1124
def Name_dbus_property(self):
1125
return dbus.String(self.name)
1126
1127
# Fingerprint - property
1128
@dbus_service_property(_interface, signature="s", access="read")
1129
def Fingerprint_dbus_property(self):
1130
return dbus.String(self.fingerprint)
1131
1132
# Host - property
1133
@dbus_service_property(_interface, signature="s",
1134
access="readwrite")
1135
def Host_dbus_property(self, value=None):
1136
if value is None: # get
1137
return dbus.String(self.host)
1138
self.host = value
1139
1140
# Created - property
1141
@dbus_service_property(_interface, signature="s", access="read")
1142
def Created_dbus_property(self):
1143
return dbus.String(datetime_to_dbus(self.created))
1144
1145
# LastEnabled - property
1146
@dbus_service_property(_interface, signature="s", access="read")
1147
def LastEnabled_dbus_property(self):
1148
return datetime_to_dbus(self.last_enabled)
1149
1150
# Enabled - property
1151
@dbus_service_property(_interface, signature="b",
1152
access="readwrite")
1153
def Enabled_dbus_property(self, value=None):
1154
if value is None: # get
1155
return dbus.Boolean(self.enabled)
1156
if value:
1157
self.enable()
1158
else:
1159
self.disable()
1160
1161
# LastCheckedOK - property
1162
@dbus_service_property(_interface, signature="s",
1163
access="readwrite")
1164
def LastCheckedOK_dbus_property(self, value=None):
1165
if value is not None:
1166
self.checked_ok()
1167
return
1168
return datetime_to_dbus(self.last_checked_ok)
1169
1170
# Expires - property
1171
@dbus_service_property(_interface, signature="s", access="read")
1172
def Expires_dbus_property(self):
1173
return datetime_to_dbus(self.expires)
1174
1175
# LastApprovalRequest - property
1176
@dbus_service_property(_interface, signature="s", access="read")
1177
def LastApprovalRequest_dbus_property(self):
1178
return datetime_to_dbus(self.last_approval_request)
1179
1180
# Timeout - property
1181
@dbus_service_property(_interface, signature="t",
1182
access="readwrite")
1183
def Timeout_dbus_property(self, value=None):
1184
if value is None: # get
1185
return dbus.UInt64(self.timeout_milliseconds())
1186
self.timeout = datetime.timedelta(0, 0, 0, value)
1187
if getattr(self, "disable_initiator_tag", None) is None:
1188
return
1189
# Reschedule timeout
1190
gobject.source_remove(self.disable_initiator_tag)
1191
self.disable_initiator_tag = None
1192
self.expires = None
1193
time_to_die = _timedelta_to_milliseconds((self
1194
.last_checked_ok
1195
+ self.timeout)
1196
- datetime.datetime
1197
.utcnow())
1198
if time_to_die <= 0:
1199
# The timeout has passed
1200
self.disable()
1201
else:
1202
self.expires = (datetime.datetime.utcnow()
1203
+ datetime.timedelta(milliseconds =
1204
time_to_die))
1205
self.disable_initiator_tag = (gobject.timeout_add
1206
(time_to_die, self.disable))
1207
1208
# ExtendedTimeout - property
1209
@dbus_service_property(_interface, signature="t",
1210
access="readwrite")
1211
def ExtendedTimeout_dbus_property(self, value=None):
1212
if value is None: # get
1213
return dbus.UInt64(self.extended_timeout_milliseconds())
1214
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1215
1216
# Interval - property
1217
@dbus_service_property(_interface, signature="t",
1218
access="readwrite")
1219
def Interval_dbus_property(self, value=None):
1220
if value is None: # get
1221
return dbus.UInt64(self.interval_milliseconds())
1222
self.interval = datetime.timedelta(0, 0, 0, value)
1223
if getattr(self, "checker_initiator_tag", None) is None:
1224
return
1225
# Reschedule checker run
1226
gobject.source_remove(self.checker_initiator_tag)
1227
self.checker_initiator_tag = (gobject.timeout_add
1228
(value, self.start_checker))
1229
self.start_checker() # Start one now, too
1230
1231
# Checker - property
1232
@dbus_service_property(_interface, signature="s",
1233
access="readwrite")
1234
def Checker_dbus_property(self, value=None):
1235
if value is None: # get
1236
return dbus.String(self.checker_command)
1237
self.checker_command = value
1238
1239
# CheckerRunning - property
1240
@dbus_service_property(_interface, signature="b",
1241
access="readwrite")
1242
def CheckerRunning_dbus_property(self, value=None):
1243
if value is None: # get
1244
return dbus.Boolean(self.checker is not None)
1245
if value:
1246
self.start_checker()
1247
else:
1248
self.stop_checker()
1249
1250
# ObjectPath - property
1251
@dbus_service_property(_interface, signature="o", access="read")
1252
def ObjectPath_dbus_property(self):
1253
return self.dbus_object_path # is already a dbus.ObjectPath
1254
1255
# Secret = property
1256
@dbus_service_property(_interface, signature="ay",
1257
access="write", byte_arrays=True)
1258
def Secret_dbus_property(self, value):
1259
self.secret = str(value)
672
1260
673
1261
del _interface
674
1262
675
1263
676
class TCP_handler(SocketServer.BaseRequestHandler, object):
677
"""A TCP request handler class.
678
Instantiated by IPv6_TCPServer for each request to handle it.
1264
class ProxyClient(object):
1265
def __init__(self, child_pipe, fpr, address):
1266
self._pipe = child_pipe
1267
self._pipe.send(('init', fpr, address))
1268
if not self._pipe.recv():
1269
raise KeyError()
1270
1271
def __getattribute__(self, name):
1272
if(name == '_pipe'):
1273
return super(ProxyClient, self).__getattribute__(name)
1274
self._pipe.send(('getattr', name))
1275
data = self._pipe.recv()
1276
if data[0] == 'data':
1277
return data[1]
1278
if data[0] == 'function':
1279
def func(*args, **kwargs):
1280
self._pipe.send(('funcall', name, args, kwargs))
1281
return self._pipe.recv()[1]
1282
return func
1283
1284
def __setattr__(self, name, value):
1285
if(name == '_pipe'):
1286
return super(ProxyClient, self).__setattr__(name, value)
1287
self._pipe.send(('setattr', name, value))
1288
1289
class ClientDBusTransitional(ClientDBus):
1290
__metaclass__ = AlternateDBusNamesMetaclass
1291
1292
class ClientHandler(socketserver.BaseRequestHandler, object):
1293
"""A class to handle client connections.
1294
1295
Instantiated once for each connection to handle it.
679
1296
Note: This will run in its own forked process."""
680
1297
681
1298
def handle(self):
682
logger.info(u"TCP connection from: %s",
683
unicode(self.client_address))
684
logger.debug(u"IPC Pipe FD: %d", self.server.pipe[1])
685
# Open IPC pipe to parent process
686
with closing(os.fdopen(self.server.pipe[1], "w", 1)) as ipc:
1299
with contextlib.closing(self.server.child_pipe) as child_pipe:
1300
logger.info("TCP connection from: %s",
1301
unicode(self.client_address))
1302
logger.debug("Pipe FD: %d",
1303
self.server.child_pipe.fileno())
1304
687
1305
session = (gnutls.connection
688
1306
.ClientSession(self.request,
689
1307
gnutls.connection
690
1308
.X509Credentials()))
691
1309
692
line = self.request.makefile().readline()
693
logger.debug(u"Protocol version: %r", line)
694
try:
695
if int(line.strip().split()[0]) > 1:
696
raise RuntimeError
697
except (ValueError, IndexError, RuntimeError), error:
698
logger.error(u"Unknown protocol version: %s", error)
699
return
700
701
1310
# Note: gnutls.connection.X509Credentials is really a
702
1311
# generic GnuTLS certificate credentials object so long as
703
1312
# no X.509 keys are added to it. Therefore, we can use it
704
1313
# here despite using OpenPGP certificates.
705
1314
706
1315
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
707
# "+AES-256-CBC", "+SHA1",
708
# "+COMP-NULL", "+CTYPE-OPENPGP",
709
# "+DHE-DSS"))
1316
# "+AES-256-CBC", "+SHA1",
1317
# "+COMP-NULL", "+CTYPE-OPENPGP",
1318
# "+DHE-DSS"))
710
1319
# Use a fallback default, since this MUST be set.
711
priority = self.server.settings.get("priority", "NORMAL")
1320
priority = self.server.gnutls_priority
1321
if priority is None:
1322
priority = "NORMAL"
712
1323
(gnutls.library.functions
713
1324
.gnutls_priority_set_direct(session._c_object,
714
1325
priority, None))
715
1326
1327
# Start communication using the Mandos protocol
1328
# Get protocol number
1329
line = self.request.makefile().readline()
1330
logger.debug("Protocol version: %r", line)
1331
try:
1332
if int(line.strip().split()[0]) > 1:
1333
raise RuntimeError
1334
except (ValueError, IndexError, RuntimeError) as error:
1335
logger.error("Unknown protocol version: %s", error)
1336
return
1337
1338
# Start GnuTLS connection
716
1339
try:
717
1340
session.handshake()
718
except gnutls.errors.GNUTLSError, error:
719
logger.warning(u"Handshake failed: %s", error)
1341
except gnutls.errors.GNUTLSError as error:
1342
logger.warning("Handshake failed: %s", error)
720
1343
# Do not run session.bye() here: the session is not
721
1344
# established. Just abandon the request.
722
1345
return
723
logger.debug(u"Handshake succeeded")
1346
logger.debug("Handshake succeeded")
1347
1348
approval_required = False
724
1349
try:
725
fpr = self.fingerprint(self.peer_certificate(session))
726
except (TypeError, gnutls.errors.GNUTLSError), error:
727
logger.warning(u"Bad certificate: %s", error)
728
session.bye()
729
return
730
logger.debug(u"Fingerprint: %s", fpr)
1350
try:
1351
fpr = self.fingerprint(self.peer_certificate
1352
(session))
1353
except (TypeError,
1354
gnutls.errors.GNUTLSError) as error:
1355
logger.warning("Bad certificate: %s", error)
1356
return
1357
logger.debug("Fingerprint: %s", fpr)
1358
1359
try:
1360
client = ProxyClient(child_pipe, fpr,
1361
self.client_address)
1362
except KeyError:
1363
return
1364
1365
if client.approval_delay:
1366
delay = client.approval_delay
1367
client.approvals_pending += 1
1368
approval_required = True
1369
1370
while True:
1371
if not client.enabled:
1372
logger.info("Client %s is disabled",
1373
client.name)
1374
if self.server.use_dbus:
1375
# Emit D-Bus signal
1376
client.Rejected("Disabled")
1377
return
1378
1379
if client._approved or not client.approval_delay:
1380
#We are approved or approval is disabled
1381
break
1382
elif client._approved is None:
1383
logger.info("Client %s needs approval",
1384
client.name)
1385
if self.server.use_dbus:
1386
# Emit D-Bus signal
1387
client.NeedApproval(
1388
client.approval_delay_milliseconds(),
1389
client.approved_by_default)
1390
else:
1391
logger.warning("Client %s was not approved",
1392
client.name)
1393
if self.server.use_dbus:
1394
# Emit D-Bus signal
1395
client.Rejected("Denied")
1396
return
1397
1398
#wait until timeout or approved
1399
time = datetime.datetime.now()
1400
client.changedstate.acquire()
1401
(client.changedstate.wait
1402
(float(client._timedelta_to_milliseconds(delay)
1403
/ 1000)))
1404
client.changedstate.release()
1405
time2 = datetime.datetime.now()
1406
if (time2 - time) >= delay:
1407
if not client.approved_by_default:
1408
logger.warning("Client %s timed out while"
1409
" waiting for approval",
1410
client.name)
1411
if self.server.use_dbus:
1412
# Emit D-Bus signal
1413
client.Rejected("Approval timed out")
1414
return
1415
else:
1416
break
1417
else:
1418
delay -= time2 - time
1419
1420
sent_size = 0
1421
while sent_size < len(client.secret):
1422
try:
1423
sent = session.send(client.secret[sent_size:])
1424
except gnutls.errors.GNUTLSError as error:
1425
logger.warning("gnutls send failed")
1426
return
1427
logger.debug("Sent: %d, remaining: %d",
1428
sent, len(client.secret)
1429
- (sent_size + sent))
1430
sent_size += sent
1431
1432
logger.info("Sending secret to %s", client.name)
1433
# bump the timeout using extended_timeout
1434
client.checked_ok(client.extended_timeout)
1435
if self.server.use_dbus:
1436
# Emit D-Bus signal
1437
client.GotSecret()
731
1438
732
for c in self.server.clients:
733
if c.fingerprint == fpr:
734
client = c
735
break
736
else:
737
ipc.write("NOTFOUND %s\n" % fpr)
738
session.bye()
739
return
740
# Have to check if client.still_valid(), since it is
741
# possible that the client timed out while establishing
742
# the GnuTLS session.
743
if not client.still_valid():
744
ipc.write("INVALID %s\n" % client.name)
745
session.bye()
746
return
747
ipc.write("SENDING %s\n" % client.name)
748
sent_size = 0
749
while sent_size < len(client.secret):
750
sent = session.send(client.secret[sent_size:])
751
logger.debug(u"Sent: %d, remaining: %d",
752
sent, len(client.secret)
753
- (sent_size + sent))
754
sent_size += sent
755
session.bye()
1439
finally:
1440
if approval_required:
1441
client.approvals_pending -= 1
1442
try:
1443
session.bye()
1444
except gnutls.errors.GNUTLSError as error:
1445
logger.warning("GnuTLS bye failed")
756
1446
757
1447
@staticmethod
758
1448
def peer_certificate(session):
814
1504
# Convert the buffer to a Python bytestring
815
1505
fpr = ctypes.string_at(buf, buf_len.value)
816
1506
# Convert the bytestring to hexadecimal notation
817
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
1507
hex_fpr = ''.join("%02X" % ord(char) for char in fpr)
818
1508
return hex_fpr
819
1509
820
1510
821
class ForkingMixInWithPipe(SocketServer.ForkingMixIn, object):
822
"""Like SocketServer.ForkingMixIn, but also pass a pipe.
823
Assumes a gobject.MainLoop event loop.
824
"""
1511
class MultiprocessingMixIn(object):
1512
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
1513
def sub_process_main(self, request, address):
1514
try:
1515
self.finish_request(request, address)
1516
except:
1517
self.handle_error(request, address)
1518
self.close_request(request)
1519
1520
def process_request(self, request, address):
1521
"""Start a new process to process the request."""
1522
proc = multiprocessing.Process(target = self.sub_process_main,
1523
args = (request,
1524
address))
1525
proc.start()
1526
return proc
1527
1528
1529
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
1530
""" adds a pipe to the MixIn """
825
1531
def process_request(self, request, client_address):
826
"""This overrides and wraps the original process_request().
827
This function creates a new pipe in self.pipe
1532
"""Overrides and wraps the original process_request().
1533
1534
This function creates a new pipe in self.pipe
828
1535
"""
829
self.pipe = os.pipe()
830
super(ForkingMixInWithPipe,
831
self).process_request(request, client_address)
832
os.close(self.pipe[1]) # close write end
833
# Call "handle_ipc" for both data and EOF events
834
gobject.io_add_watch(self.pipe[0],
835
gobject.IO_IN | gobject.IO_HUP,
836
self.handle_ipc)
837
def handle_ipc(source, condition):
1536
parent_pipe, self.child_pipe = multiprocessing.Pipe()
1537
1538
proc = MultiprocessingMixIn.process_request(self, request,
1539
client_address)
1540
self.child_pipe.close()
1541
self.add_pipe(parent_pipe, proc)
1542
1543
def add_pipe(self, parent_pipe, proc):
838
1544
"""Dummy function; override as necessary"""
839
os.close(source)
840
return False
841
842
843
class IPv6_TCPServer(ForkingMixInWithPipe,
844
SocketServer.TCPServer, object):
1545
raise NotImplementedError
1546
1547
1548
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
1549
socketserver.TCPServer, object):
845
1550
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
1551
846
1552
Attributes:
847
settings: Server settings
848
clients: Set() of Client objects
849
1553
enabled: Boolean; whether this server is activated yet
1554
interface: None or a network interface name (string)
1555
use_ipv6: Boolean; to use IPv6 or not
850
1556
"""
851
address_family = socket.AF_INET6
852
def __init__(self, *args, **kwargs):
853
if "settings" in kwargs:
854
self.settings = kwargs["settings"]
855
del kwargs["settings"]
856
if "clients" in kwargs:
857
self.clients = kwargs["clients"]
858
del kwargs["clients"]
859
if "use_ipv6" in kwargs:
860
if not kwargs["use_ipv6"]:
861
self.address_family = socket.AF_INET
862
del kwargs["use_ipv6"]
863
self.enabled = False
864
super(IPv6_TCPServer, self).__init__(*args, **kwargs)
1557
def __init__(self, server_address, RequestHandlerClass,
1558
interface=None, use_ipv6=True):
1559
self.interface = interface
1560
if use_ipv6:
1561
self.address_family = socket.AF_INET6
1562
socketserver.TCPServer.__init__(self, server_address,
1563
RequestHandlerClass)
865
1564
def server_bind(self):
866
1565
"""This overrides the normal server_bind() function
867
1566
to bind to an interface if one was specified, and also NOT to
868
1567
bind to an address or port if they were not specified."""
869
if self.settings["interface"]:
870
# 25 is from /usr/include/asm-i486/socket.h
871
SO_BINDTODEVICE = getattr(socket, "SO_BINDTODEVICE", 25)
872
try:
873
self.socket.setsockopt(socket.SOL_SOCKET,
874
SO_BINDTODEVICE,
875
self.settings["interface"])
876
except socket.error, error:
877
if error[0] == errno.EPERM:
878
logger.error(u"No permission to"
879
u" bind to interface %s",
880
self.settings["interface"])
881
else:
882
raise
1568
if self.interface is not None:
1569
if SO_BINDTODEVICE is None:
1570
logger.error("SO_BINDTODEVICE does not exist;"
1571
" cannot bind to interface %s",
1572
self.interface)
1573
else:
1574
try:
1575
self.socket.setsockopt(socket.SOL_SOCKET,
1576
SO_BINDTODEVICE,
1577
str(self.interface
1578
+ '\0'))
1579
except socket.error as error:
1580
if error[0] == errno.EPERM:
1581
logger.error("No permission to"
1582
" bind to interface %s",
1583
self.interface)
1584
elif error[0] == errno.ENOPROTOOPT:
1585
logger.error("SO_BINDTODEVICE not available;"
1586
" cannot bind to interface %s",
1587
self.interface)
1588
else:
1589
raise
883
1590
# Only bind(2) the socket if we really need to.
884
1591
if self.server_address[0] or self.server_address[1]:
885
1592
if not self.server_address[0]:
892
1599
elif not self.server_address[1]:
893
1600
self.server_address = (self.server_address[0],
894
1601
0)
895
# if self.settings["interface"]:
1602
# if self.interface:
896
1603
# self.server_address = (self.server_address[0],
897
1604
# 0, # port
898
1605
# 0, # flowinfo
899
1606
# if_nametoindex
900
# (self.settings
901
# ["interface"]))
902
return super(IPv6_TCPServer, self).server_bind()
1607
# (self.interface))
1608
return socketserver.TCPServer.server_bind(self)
1609
1610
1611
class MandosServer(IPv6_TCPServer):
1612
"""Mandos server.
1613
1614
Attributes:
1615
clients: set of Client objects
1616
gnutls_priority GnuTLS priority string
1617
use_dbus: Boolean; to emit D-Bus signals or not
1618
1619
Assumes a gobject.MainLoop event loop.
1620
"""
1621
def __init__(self, server_address, RequestHandlerClass,
1622
interface=None, use_ipv6=True, clients=None,
1623
gnutls_priority=None, use_dbus=True):
1624
self.enabled = False
1625
self.clients = clients
1626
if self.clients is None:
1627
self.clients = set()
1628
self.use_dbus = use_dbus
1629
self.gnutls_priority = gnutls_priority
1630
IPv6_TCPServer.__init__(self, server_address,
1631
RequestHandlerClass,
1632
interface = interface,
1633
use_ipv6 = use_ipv6)
903
1634
def server_activate(self):
904
1635
if self.enabled:
905
return super(IPv6_TCPServer, self).server_activate()
1636
return socketserver.TCPServer.server_activate(self)
1637
906
1638
def enable(self):
907
1639
self.enabled = True
908
def handle_ipc(self, source, condition, file_objects={}):
1640
1641
def add_pipe(self, parent_pipe, proc):
1642
# Call "handle_ipc" for both data and EOF events
1643
gobject.io_add_watch(parent_pipe.fileno(),
1644
gobject.IO_IN | gobject.IO_HUP,
1645
functools.partial(self.handle_ipc,
1646
parent_pipe =
1647
parent_pipe,
1648
proc = proc))
1649
1650
def handle_ipc(self, source, condition, parent_pipe=None,
1651
proc = None, client_object=None):
909
1652
condition_names = {
910
gobject.IO_IN: "IN", # There is data to read.
1653
gobject.IO_IN: "IN", # There is data to read.
911
1654
gobject.IO_OUT: "OUT", # Data can be written (without
912
# blocking).
1655
# blocking).
913
1656
gobject.IO_PRI: "PRI", # There is urgent data to read.
914
1657
gobject.IO_ERR: "ERR", # Error condition.
915
1658
gobject.IO_HUP: "HUP" # Hung up (the connection has been
916
# broken, usually for pipes and
917
# sockets).
1659
# broken, usually for pipes and
1660
# sockets).
918
1661
}
919
1662
conditions_string = ' | '.join(name
920
1663
for cond, name in
921
1664
condition_names.iteritems()
922
1665
if cond & condition)
923
logger.debug("Handling IPC: FD = %d, condition = %s", source,
924
conditions_string)
925
926
# Turn the pipe file descriptor into a Python file object
927
if source not in file_objects:
928
file_objects[source] = os.fdopen(source, "r", 1)
929
930
# Read a line from the file object
931
cmdline = file_objects[source].readline()
932
if not cmdline: # Empty line means end of file
933
# close the IPC pipe
934
file_objects[source].close()
935
del file_objects[source]
936
937
# Stop calling this function
938
return False
939
940
logger.debug("IPC command: %r", cmdline)
941
942
# Parse and act on command
943
cmd, args = cmdline.rstrip("\r\n").split(None, 1)
944
945
if cmd == "NOTFOUND":
946
logger.warning(u"Client not found for fingerprint: %s",
947
args)
948
if self.settings["use_dbus"]:
949
# Emit D-Bus signal
950
mandos_dbus_service.ClientNotFound(args)
951
elif cmd == "INVALID":
952
for client in self.clients:
953
if client.name == args:
954
logger.warning(u"Client %s is invalid", args)
955
if self.settings["use_dbus"]:
956
# Emit D-Bus signal
957
client.Rejected()
958
break
959
else:
960
logger.error(u"Unknown client %s is invalid", args)
961
elif cmd == "SENDING":
962
for client in self.clients:
963
if client.name == args:
964
logger.info(u"Sending secret to %s", client.name)
965
client.checked_ok()
966
if self.settings["use_dbus"]:
967
# Emit D-Bus signal
968
client.ReceivedSecret()
969
break
970
else:
971
logger.error(u"Sending secret to unknown client %s",
972
args)
973
else:
974
logger.error("Unknown IPC command: %r", cmdline)
975
976
# Keep calling this function
1666
# error, or the other end of multiprocessing.Pipe has closed
1667
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
1668
# Wait for other process to exit
1669
proc.join()
1670
return False
1671
1672
# Read a request from the child
1673
request = parent_pipe.recv()
1674
command = request[0]
1675
1676
if command == 'init':
1677
fpr = request[1]
1678
address = request[2]
1679
1680
for c in self.clients:
1681
if c.fingerprint == fpr:
1682
client = c
1683
break
1684
else:
1685
logger.info("Client not found for fingerprint: %s, ad"
1686
"dress: %s", fpr, address)
1687
if self.use_dbus:
1688
# Emit D-Bus signal
1689
mandos_dbus_service.ClientNotFound(fpr,
1690
address[0])
1691
parent_pipe.send(False)
1692
return False
1693
1694
gobject.io_add_watch(parent_pipe.fileno(),
1695
gobject.IO_IN | gobject.IO_HUP,
1696
functools.partial(self.handle_ipc,
1697
parent_pipe =
1698
parent_pipe,
1699
proc = proc,
1700
client_object =
1701
client))
1702
parent_pipe.send(True)
1703
# remove the old hook in favor of the new above hook on
1704
# same fileno
1705
return False
1706
if command == 'funcall':
1707
funcname = request[1]
1708
args = request[2]
1709
kwargs = request[3]
1710
1711
parent_pipe.send(('data', getattr(client_object,
1712
funcname)(*args,
1713
**kwargs)))
1714
1715
if command == 'getattr':
1716
attrname = request[1]
1717
if callable(client_object.__getattribute__(attrname)):
1718
parent_pipe.send(('function',))
1719
else:
1720
parent_pipe.send(('data', client_object
1721
.__getattribute__(attrname)))
1722
1723
if command == 'setattr':
1724
attrname = request[1]
1725
value = request[2]
1726
setattr(client_object, attrname, value)
1727
977
1728
return True
978
1729
979
1730
988
1739
datetime.timedelta(0, 3600)
989
1740
>>> string_to_delta('24h')
990
1741
datetime.timedelta(1)
991
>>> string_to_delta(u'1w')
1742
>>> string_to_delta('1w')
992
1743
datetime.timedelta(7)
993
1744
>>> string_to_delta('5m 30s')
994
1745
datetime.timedelta(0, 330)
998
1749
try:
999
1750
suffix = unicode(s[-1])
1000
1751
value = int(s[:-1])
1001
if suffix == u"d":
1752
if suffix == "d":
1002
1753
delta = datetime.timedelta(value)
1003
elif suffix == u"s":
1754
elif suffix == "s":
1004
1755
delta = datetime.timedelta(0, value)
1005
elif suffix == u"m":
1756
elif suffix == "m":
1006
1757
delta = datetime.timedelta(0, 0, 0, 0, value)
1007
elif suffix == u"h":
1758
elif suffix == "h":
1008
1759
delta = datetime.timedelta(0, 0, 0, 0, 0, value)
1009
elif suffix == u"w":
1760
elif suffix == "w":
1010
1761
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
1011
1762
else:
1012
raise ValueError
1013
except (ValueError, IndexError):
1014
raise ValueError
1763
raise ValueError("Unknown suffix %r" % suffix)
1764
except (ValueError, IndexError) as e:
1765
raise ValueError(*(e.args))
1015
1766
timevalue += delta
1016
1767
return timevalue
1017
1768
1018
1769
1019
def server_state_changed(state):
1020
"""Derived from the Avahi example code"""
1021
if state == avahi.SERVER_COLLISION:
1022
logger.error(u"Zeroconf server name collision")
1023
service.remove()
1024
elif state == avahi.SERVER_RUNNING:
1025
service.add()
1026
1027
1028
def entry_group_state_changed(state, error):
1029
"""Derived from the Avahi example code"""
1030
logger.debug(u"Avahi state change: %i", state)
1031
1032
if state == avahi.ENTRY_GROUP_ESTABLISHED:
1033
logger.debug(u"Zeroconf service established.")
1034
elif state == avahi.ENTRY_GROUP_COLLISION:
1035
logger.warning(u"Zeroconf service name collision.")
1036
service.rename()
1037
elif state == avahi.ENTRY_GROUP_FAILURE:
1038
logger.critical(u"Avahi: Error in group state changed %s",
1039
unicode(error))
1040
raise AvahiGroupError(u"State changed: %s" % unicode(error))
1041
1042
1770
def if_nametoindex(interface):
1043
"""Call the C function if_nametoindex(), or equivalent"""
1771
"""Call the C function if_nametoindex(), or equivalent
1772
1773
Note: This function cannot accept a unicode string."""
1044
1774
global if_nametoindex
1045
1775
try:
1046
1776
if_nametoindex = (ctypes.cdll.LoadLibrary
1047
1777
(ctypes.util.find_library("c"))
1048
1778
.if_nametoindex)
1049
1779
except (OSError, AttributeError):
1050
if "struct" not in sys.modules:
1051
import struct
1052
if "fcntl" not in sys.modules:
1053
import fcntl
1780
logger.warning("Doing if_nametoindex the hard way")
1054
1781
def if_nametoindex(interface):
1055
1782
"Get an interface index the hard way, i.e. using fcntl()"
1056
1783
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
1057
with closing(socket.socket()) as s:
1784
with contextlib.closing(socket.socket()) as s:
1058
1785
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
1059
struct.pack("16s16x", interface))
1060
interface_index = struct.unpack("I", ifreq[16:20])[0]
1786
struct.pack(str("16s16x"),
1787
interface))
1788
interface_index = struct.unpack(str("I"),
1789
ifreq[16:20])[0]
1061
1790
return interface_index
1062
1791
return if_nametoindex(interface)
1063
1792
1064
1793
1065
1794
def daemon(nochdir = False, noclose = False):
1066
1795
"""See daemon(3). Standard BSD Unix function.
1796
1067
1797
This should really exist as os.daemon, but it doesn't (yet)."""
1068
1798
if os.fork():
1069
1799
sys.exit()
1077
1807
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1078
1808
if not stat.S_ISCHR(os.fstat(null).st_mode):
1079
1809
raise OSError(errno.ENODEV,
1080
"/dev/null not a character device")
1810
"%s not a character device"
1811
% os.path.devnull)
1081
1812
os.dup2(null, sys.stdin.fileno())
1082
1813
os.dup2(null, sys.stdout.fileno())
1083
1814
os.dup2(null, sys.stderr.fileno())
1087
1818
1088
1819
def main():
1089
1820
1090
######################################################################
1821
##################################################################
1091
1822
# Parsing of options, both command line and config file
1092
1823
1093
parser = optparse.OptionParser(version = "%%prog %s" % version)
1094
parser.add_option("-i", "--interface", type="string",
1095
metavar="IF", help="Bind to interface IF")
1096
parser.add_option("-a", "--address", type="string",
1097
help="Address to listen for requests on")
1098
parser.add_option("-p", "--port", type="int",
1099
help="Port number to receive requests on")
1100
parser.add_option("--check", action="store_true",
1101
help="Run self-test")
1102
parser.add_option("--debug", action="store_true",
1103
help="Debug mode; run in foreground and log to"
1104
" terminal")
1105
parser.add_option("--priority", type="string", help="GnuTLS"
1106
" priority string (see GnuTLS documentation)")
1107
parser.add_option("--servicename", type="string", metavar="NAME",
1108
help="Zeroconf service name")
1109
parser.add_option("--configdir", type="string",
1110
default="/etc/mandos", metavar="DIR",
1111
help="Directory to search for configuration"
1112
" files")
1113
parser.add_option("--no-dbus", action="store_false",
1114
dest="use_dbus",
1115
help="Do not provide D-Bus system bus"
1116
" interface")
1117
parser.add_option("--no-ipv6", action="store_false",
1118
dest="use_ipv6", help="Do not use IPv6")
1119
options = parser.parse_args()[0]
1824
parser = argparse.ArgumentParser()
1825
parser.add_argument("-v", "--version", action="version",
1826
version = "%%(prog)s %s" % version,
1827
help="show version number and exit")
1828
parser.add_argument("-i", "--interface", metavar="IF",
1829
help="Bind to interface IF")
1830
parser.add_argument("-a", "--address",
1831
help="Address to listen for requests on")
1832
parser.add_argument("-p", "--port", type=int,
1833
help="Port number to receive requests on")
1834
parser.add_argument("--check", action="store_true",
1835
help="Run self-test")
1836
parser.add_argument("--debug", action="store_true",
1837
help="Debug mode; run in foreground and log"
1838
" to terminal")
1839
parser.add_argument("--debuglevel", metavar="LEVEL",
1840
help="Debug level for stdout output")
1841
parser.add_argument("--priority", help="GnuTLS"
1842
" priority string (see GnuTLS documentation)")
1843
parser.add_argument("--servicename",
1844
metavar="NAME", help="Zeroconf service name")
1845
parser.add_argument("--configdir",
1846
default="/etc/mandos", metavar="DIR",
1847
help="Directory to search for configuration"
1848
" files")
1849
parser.add_argument("--no-dbus", action="store_false",
1850
dest="use_dbus", help="Do not provide D-Bus"
1851
" system bus interface")
1852
parser.add_argument("--no-ipv6", action="store_false",
1853
dest="use_ipv6", help="Do not use IPv6")
1854
options = parser.parse_args()
1120
1855
1121
1856
if options.check:
1122
1857
import doctest
1133
1868
"servicename": "Mandos",
1134
1869
"use_dbus": "True",
1135
1870
"use_ipv6": "True",
1871
"debuglevel": "",
1136
1872
}
1137
1873
1138
1874
# Parse config file for server-global settings
1139
server_config = ConfigParser.SafeConfigParser(server_defaults)
1875
server_config = configparser.SafeConfigParser(server_defaults)
1140
1876
del server_defaults
1141
server_config.read(os.path.join(options.configdir, "mandos.conf"))
1877
server_config.read(os.path.join(options.configdir,
1878
"mandos.conf"))
1142
1879
# Convert the SafeConfigParser object to a dict
1143
1880
server_settings = server_config.defaults()
1144
1881
# Use the appropriate methods on the non-string config options
1145
server_settings["debug"] = server_config.getboolean("DEFAULT",
1146
"debug")
1147
server_settings["use_dbus"] = server_config.getboolean("DEFAULT",
1148
"use_dbus")
1149
server_settings["use_ipv6"] = server_config.getboolean("DEFAULT",
1150
"use_ipv6")
1882
for option in ("debug", "use_dbus", "use_ipv6"):
1883
server_settings[option] = server_config.getboolean("DEFAULT",
1884
option)
1151
1885
if server_settings["port"]:
1152
1886
server_settings["port"] = server_config.getint("DEFAULT",
1153
1887
"port")
1157
1891
# options, if set.
1158
1892
for option in ("interface", "address", "port", "debug",
1159
1893
"priority", "servicename", "configdir",
1160
"use_dbus", "use_ipv6"):
1894
"use_dbus", "use_ipv6", "debuglevel"):
1161
1895
value = getattr(options, option)
1162
1896
if value is not None:
1163
1897
server_settings[option] = value
1164
1898
del options
1899
# Force all strings to be unicode
1900
for option in server_settings.keys():
1901
if type(server_settings[option]) is str:
1902
server_settings[option] = unicode(server_settings[option])
1165
1903
# Now we have our good server settings in "server_settings"
1166
1904
1167
1905
##################################################################
1168
1906
1169
1907
# For convenience
1170
1908
debug = server_settings["debug"]
1909
debuglevel = server_settings["debuglevel"]
1171
1910
use_dbus = server_settings["use_dbus"]
1172
1911
use_ipv6 = server_settings["use_ipv6"]
1173
1912
1174
if not debug:
1175
syslogger.setLevel(logging.WARNING)
1176
console.setLevel(logging.WARNING)
1177
1178
1913
if server_settings["servicename"] != "Mandos":
1179
1914
syslogger.setFormatter(logging.Formatter
1180
1915
('Mandos (%s) [%%(process)d]:'
1182
1917
% server_settings["servicename"]))
1183
1918
1184
1919
# Parse config file with clients
1185
client_defaults = { "timeout": "1h",
1186
"interval": "5m",
1920
client_defaults = { "timeout": "5m",
1921
"extended_timeout": "15m",
1922
"interval": "2m",
1187
1923
"checker": "fping -q -- %%(host)s",
1188
1924
"host": "",
1925
"approval_delay": "0s",
1926
"approval_duration": "1s",
1189
1927
}
1190
client_config = ConfigParser.SafeConfigParser(client_defaults)
1928
client_config = configparser.SafeConfigParser(client_defaults)
1191
1929
client_config.read(os.path.join(server_settings["configdir"],
1192
1930
"clients.conf"))
1193
1931
1194
1932
global mandos_dbus_service
1195
1933
mandos_dbus_service = None
1196
1934
1197
clients = Set()
1198
tcp_server = IPv6_TCPServer((server_settings["address"],
1199
server_settings["port"]),
1200
TCP_handler,
1201
settings=server_settings,
1202
clients=clients, use_ipv6=use_ipv6)
1203
pidfilename = "/var/run/mandos.pid"
1204
try:
1205
pidfile = open(pidfilename, "w")
1206
except IOError:
1207
logger.error("Could not open file %r", pidfilename)
1935
tcp_server = MandosServer((server_settings["address"],
1936
server_settings["port"]),
1937
ClientHandler,
1938
interface=(server_settings["interface"]
1939
or None),
1940
use_ipv6=use_ipv6,
1941
gnutls_priority=
1942
server_settings["priority"],
1943
use_dbus=use_dbus)
1944
if not debug:
1945
pidfilename = "/var/run/mandos.pid"
1946
try:
1947
pidfile = open(pidfilename, "w")
1948
except IOError:
1949
logger.error("Could not open file %r", pidfilename)
1208
1950
1209
1951
try:
1210
1952
uid = pwd.getpwnam("_mandos").pw_uid
1216
1958
except KeyError:
1217
1959
try:
1218
1960
uid = pwd.getpwnam("nobody").pw_uid
1219
gid = pwd.getpwnam("nogroup").pw_gid
1961
gid = pwd.getpwnam("nobody").pw_gid
1220
1962
except KeyError:
1221
1963
uid = 65534
1222
1964
gid = 65534
1223
1965
try:
1224
1966
os.setgid(gid)
1225
1967
os.setuid(uid)
1226
except OSError, error:
1968
except OSError as error:
1227
1969
if error[0] != errno.EPERM:
1228
1970
raise error
1229
1971
1230
# Enable all possible GnuTLS debugging
1972
if not debug and not debuglevel:
1973
syslogger.setLevel(logging.WARNING)
1974
console.setLevel(logging.WARNING)
1975
if debuglevel:
1976
level = getattr(logging, debuglevel.upper())
1977
syslogger.setLevel(level)
1978
console.setLevel(level)
1979
1231
1980
if debug:
1981
# Enable all possible GnuTLS debugging
1982
1232
1983
# "Use a log level over 10 to enable all debugging options."
1233
1984
# - GnuTLS manual
1234
1985
gnutls.library.functions.gnutls_global_set_log_level(11)
1239
1990
1240
1991
(gnutls.library.functions
1241
1992
.gnutls_global_set_log_function(debug_gnutls))
1993
1994
# Redirect stdin so all checkers get /dev/null
1995
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1996
os.dup2(null, sys.stdin.fileno())
1997
if null > 2:
1998
os.close(null)
1999
else:
2000
# No console logging
2001
logger.removeHandler(console)
1242
2002
1243
global service
1244
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
1245
service = AvahiService(name = server_settings["servicename"],
1246
servicetype = "_mandos._tcp",
1247
protocol = protocol)
1248
if server_settings["interface"]:
1249
service.interface = (if_nametoindex
1250
(server_settings["interface"]))
2003
# Need to fork before connecting to D-Bus
2004
if not debug:
2005
# Close all input and output, do double fork, etc.
2006
daemon()
1251
2007
1252
2008
global main_loop
1253
global bus
1254
global server
1255
2009
# From the Avahi example code
1256
2010
DBusGMainLoop(set_as_default=True )
1257
2011
main_loop = gobject.MainLoop()
1258
2012
bus = dbus.SystemBus()
1259
server = dbus.Interface(bus.get_object(avahi.DBUS_NAME,
1260
avahi.DBUS_PATH_SERVER),
1261
avahi.DBUS_INTERFACE_SERVER)
1262
2013
# End of Avahi example code
1263
2014
if use_dbus:
1264
bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos", bus)
2015
try:
2016
bus_name = dbus.service.BusName("se.recompile.Mandos",
2017
bus, do_not_queue=True)
2018
old_bus_name = (dbus.service.BusName
2019
("se.bsnet.fukt.Mandos", bus,
2020
do_not_queue=True))
2021
except dbus.exceptions.NameExistsException as e:
2022
logger.error(unicode(e) + ", disabling D-Bus")
2023
use_dbus = False
2024
server_settings["use_dbus"] = False
2025
tcp_server.use_dbus = False
2026
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2027
service = AvahiService(name = server_settings["servicename"],
2028
servicetype = "_mandos._tcp",
2029
protocol = protocol, bus = bus)
2030
if server_settings["interface"]:
2031
service.interface = (if_nametoindex
2032
(str(server_settings["interface"])))
2033
2034
global multiprocessing_manager
2035
multiprocessing_manager = multiprocessing.Manager()
1265
2036
1266
2037
client_class = Client
1267
2038
if use_dbus:
1268
client_class = ClientDBus
1269
clients.update(Set(
2039
client_class = functools.partial(ClientDBusTransitional,
2040
bus = bus)
2041
def client_config_items(config, section):
2042
special_settings = {
2043
"approved_by_default":
2044
lambda: config.getboolean(section,
2045
"approved_by_default"),
2046
}
2047
for name, value in config.items(section):
2048
try:
2049
yield (name, special_settings[name]())
2050
except KeyError:
2051
yield (name, value)
2052
2053
tcp_server.clients.update(set(
1270
2054
client_class(name = section,
1271
config= dict(client_config.items(section)))
2055
config= dict(client_config_items(
2056
client_config, section)))
1272
2057
for section in client_config.sections()))
1273
if not clients:
1274
logger.warning(u"No clients defined")
1275
1276
if debug:
1277
# Redirect stdin so all checkers get /dev/null
1278
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1279
os.dup2(null, sys.stdin.fileno())
1280
if null > 2:
1281
os.close(null)
1282
else:
1283
# No console logging
1284
logger.removeHandler(console)
1285
# Close all input and output, do double fork, etc.
1286
daemon()
1287
1288
try:
1289
with closing(pidfile):
1290
pid = os.getpid()
1291
pidfile.write(str(pid) + "\n")
1292
del pidfile
1293
except IOError:
1294
logger.error(u"Could not write to file %r with PID %d",
1295
pidfilename, pid)
1296
except NameError:
1297
# "pidfile" was never created
1298
pass
1299
del pidfilename
1300
1301
def cleanup():
1302
"Cleanup function; run on exit"
1303
global group
1304
# From the Avahi example code
1305
if not group is None:
1306
group.Free()
1307
group = None
1308
# End of Avahi example code
2058
if not tcp_server.clients:
2059
logger.warning("No clients defined")
1309
2060
1310
while clients:
1311
client = clients.pop()
1312
client.disable_hook = None
1313
client.disable()
1314
1315
atexit.register(cleanup)
1316
1317
2061
if not debug:
2062
try:
2063
with pidfile:
2064
pid = os.getpid()
2065
pidfile.write(str(pid) + "\n".encode("utf-8"))
2066
del pidfile
2067
except IOError:
2068
logger.error("Could not write to file %r with PID %d",
2069
pidfilename, pid)
2070
except NameError:
2071
# "pidfile" was never created
2072
pass
2073
del pidfilename
2074
1318
2075
signal.signal(signal.SIGINT, signal.SIG_IGN)
2076
1319
2077
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
1320
2078
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
1321
2079
1324
2082
"""A D-Bus proxy object"""
1325
2083
def __init__(self):
1326
2084
dbus.service.Object.__init__(self, bus, "/")
1327
_interface = u"se.bsnet.fukt.Mandos"
2085
_interface = "se.recompile.Mandos"
1328
2086
1329
@dbus.service.signal(_interface, signature="oa{sv}")
1330
def ClientAdded(self, objpath, properties):
2087
@dbus.service.signal(_interface, signature="o")
2088
def ClientAdded(self, objpath):
1331
2089
"D-Bus signal"
1332
2090
pass
1333
2091
1334
@dbus.service.signal(_interface, signature="s")
1335
def ClientNotFound(self, fingerprint):
2092
@dbus.service.signal(_interface, signature="ss")
2093
def ClientNotFound(self, fingerprint, address):
1336
2094
"D-Bus signal"
1337
2095
pass
1338
2096
1344
2102
@dbus.service.method(_interface, out_signature="ao")
1345
2103
def GetAllClients(self):
1346
2104
"D-Bus method"
1347
return dbus.Array(c.dbus_object_path for c in clients)
2105
return dbus.Array(c.dbus_object_path
2106
for c in tcp_server.clients)
1348
2107
1349
@dbus.service.method(_interface, out_signature="a{oa{sv}}")
2108
@dbus.service.method(_interface,
2109
out_signature="a{oa{sv}}")
1350
2110
def GetAllClientsWithProperties(self):
1351
2111
"D-Bus method"
1352
2112
return dbus.Dictionary(
1353
((c.dbus_object_path, c.GetAllProperties())
1354
for c in clients),
2113
((c.dbus_object_path, c.GetAll(""))
2114
for c in tcp_server.clients),
1355
2115
signature="oa{sv}")
1356
2116
1357
2117
@dbus.service.method(_interface, in_signature="o")
1358
2118
def RemoveClient(self, object_path):
1359
2119
"D-Bus method"
1360
for c in clients:
2120
for c in tcp_server.clients:
1361
2121
if c.dbus_object_path == object_path:
1362
clients.remove(c)
2122
tcp_server.clients.remove(c)
1363
2123
c.remove_from_connection()
1364
2124
# Don't signal anything except ClientRemoved
1365
c.disable(signal=False)
2125
c.disable(quiet=True)
1366
2126
# Emit D-Bus signal
1367
2127
self.ClientRemoved(object_path, c.name)
1368
2128
return
1369
raise KeyError
2129
raise KeyError(object_path)
1370
2130
1371
2131
del _interface
1372
2132
1373
mandos_dbus_service = MandosDBusService()
1374
1375
for client in clients:
2133
class MandosDBusServiceTransitional(MandosDBusService):
2134
__metaclass__ = AlternateDBusNamesMetaclass
2135
mandos_dbus_service = MandosDBusServiceTransitional()
2136
2137
def cleanup():
2138
"Cleanup function; run on exit"
2139
service.cleanup()
2140
2141
multiprocessing.active_children()
2142
while tcp_server.clients:
2143
client = tcp_server.clients.pop()
2144
if use_dbus:
2145
client.remove_from_connection()
2146
client.disable_hook = None
2147
# Don't signal anything except ClientRemoved
2148
client.disable(quiet=True)
2149
if use_dbus:
2150
# Emit D-Bus signal
2151
mandos_dbus_service.ClientRemoved(client
2152
.dbus_object_path,
2153
client.name)
2154
2155
atexit.register(cleanup)
2156
2157
for client in tcp_server.clients:
1376
2158
if use_dbus:
1377
2159
# Emit D-Bus signal
1378
mandos_dbus_service.ClientAdded(client.dbus_object_path,
1379
client.GetAllProperties())
2160
mandos_dbus_service.ClientAdded(client.dbus_object_path)
1380
2161
client.enable()
1381
2162
1382
2163
tcp_server.enable()
1385
2166
# Find out what port we got
1386
2167
service.port = tcp_server.socket.getsockname()[1]
1387
2168
if use_ipv6:
1388
logger.info(u"Now listening on address %r, port %d,"
2169
logger.info("Now listening on address %r, port %d,"
1389
2170
" flowinfo %d, scope_id %d"
1390
2171
% tcp_server.socket.getsockname())
1391
2172
else: # IPv4
1392
logger.info(u"Now listening on address %r, port %d"
2173
logger.info("Now listening on address %r, port %d"
1393
2174
% tcp_server.socket.getsockname())
1394
2175
1395
2176
#service.interface = tcp_server.socket.getsockname()[3]
1396
2177
1397
2178
try:
1398
2179
# From the Avahi example code
1399
server.connect_to_signal("StateChanged", server_state_changed)
1400
2180
try:
1401
server_state_changed(server.GetState())
1402
except dbus.exceptions.DBusException, error:
1403
logger.critical(u"DBusException: %s", error)
2181
service.activate()
2182
except dbus.exceptions.DBusException as error:
2183
logger.critical("DBusException: %s", error)
2184
cleanup()
1404
2185
sys.exit(1)
1405
2186
# End of Avahi example code
1406
2187
1409
2190
(tcp_server.handle_request
1410
2191
(*args[2:], **kwargs) or True))
1411
2192
1412
logger.debug(u"Starting main loop")
2193
logger.debug("Starting main loop")
1413
2194
main_loop.run()
1414
except AvahiError, error:
1415
logger.critical(u"AvahiError: %s", error)
2195
except AvahiError as error:
2196
logger.critical("AvahiError: %s", error)
2197
cleanup()
1416
2198
sys.exit(1)
1417
2199
except KeyboardInterrupt:
1418
2200
if debug:
1419
print >> sys.stderr
2201
print("", file=sys.stderr)
1420
2202
logger.debug("Server received KeyboardInterrupt")
1421
2203
logger.debug("Server exiting")
2204
# Must run before the D-Bus bus name gets deregistered
2205
cleanup()
2206
1422
2207
1423
2208
if __name__ == '__main__':
1424
2209
main()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0