To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 295
- compare with another revision
- download diff
- download tarball
- view history from revision 295
- Committer: Teddy Hogeborn
- Date: 2012-01-08 10:19:33 UTC
- Revision ID: teddy@recompile.se-20120108101933-xbtodqgepxax8hn1
Tags: version-1.5.2-1
* Makefile (version): Changed to "1.5.2".
* NEWS (Version 1.5.2): New entry.
* debian/changelog (1.5.2-1): - '' -
* NEWS (Version 1.5.2): New entry.
* debian/changelog (1.5.2-1): - '' -
- files removed:
- debian/mandos-client.examples
- debian/upstream
- plugin-helpers
- files modified:
- .bzrignore
added
removed
mandos
1
#!/usr/bin/python2.7
1
#!/usr/bin/python
2
2
# -*- mode: python; coding: utf-8 -*-
3
3
#
4
4
# Mandos server - give out binary blobs to connecting clients.
11
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008-2015 Teddy Hogeborn
15
# Copyright © 2008-2015 Björn Påhlsson
14
# Copyright © 2008-2012 Teddy Hogeborn
15
# Copyright © 2008-2012 Björn Påhlsson
16
16
#
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
34
34
from __future__ import (division, absolute_import, print_function,
35
35
unicode_literals)
36
36
37
from future_builtins import *
38
39
try:
40
import SocketServer as socketserver
41
except ImportError:
42
import socketserver
37
import SocketServer as socketserver
43
38
import socket
44
39
import argparse
45
40
import datetime
46
41
import errno
42
import gnutls.crypto
47
43
import gnutls.connection
48
44
import gnutls.errors
49
45
import gnutls.library.functions
50
46
import gnutls.library.constants
51
47
import gnutls.library.types
52
try:
53
import ConfigParser as configparser
54
except ImportError:
55
import configparser
48
import ConfigParser as configparser
56
49
import sys
57
50
import re
58
51
import os
67
60
import struct
68
61
import fcntl
69
62
import functools
70
try:
71
import cPickle as pickle
72
except ImportError:
73
import pickle
63
import cPickle as pickle
74
64
import multiprocessing
75
65
import types
76
66
import binascii
77
67
import tempfile
78
import itertools
79
import collections
80
import codecs
81
68
82
69
import dbus
83
70
import dbus.service
84
try:
85
import gobject
86
except ImportError:
87
from gi.repository import GObject as gobject
71
import gobject
88
72
import avahi
89
73
from dbus.mainloop.glib import DBusGMainLoop
90
74
import ctypes
91
75
import ctypes.util
92
76
import xml.dom.minidom
93
77
import inspect
78
import GnuPGInterface
94
79
95
80
try:
96
81
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
100
85
except ImportError:
101
86
SO_BINDTODEVICE = None
102
87
103
if sys.version_info.major == 2:
104
str = unicode
105
106
version = "1.7.1"
88
version = "1.5.2"
107
89
stored_state_file = "clients.pickle"
108
90
109
91
logger = logging.getLogger()
110
syslogger = None
92
syslogger = (logging.handlers.SysLogHandler
93
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
94
address = str("/dev/log")))
111
95
112
96
try:
113
if_nametoindex = ctypes.cdll.LoadLibrary(
114
ctypes.util.find_library("c")).if_nametoindex
97
if_nametoindex = (ctypes.cdll.LoadLibrary
98
(ctypes.util.find_library("c"))
99
.if_nametoindex)
115
100
except (OSError, AttributeError):
116
117
101
def if_nametoindex(interface):
118
102
"Get an interface index the hard way, i.e. using fcntl()"
119
103
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
120
104
with contextlib.closing(socket.socket()) as s:
121
105
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
122
struct.pack(b"16s16x", interface))
123
interface_index = struct.unpack("I", ifreq[16:20])[0]
106
struct.pack(str("16s16x"),
107
interface))
108
interface_index = struct.unpack(str("I"),
109
ifreq[16:20])[0]
124
110
return interface_index
125
111
126
112
127
113
def initlogger(debug, level=logging.WARNING):
128
114
"""init logger and add loglevel"""
129
115
130
global syslogger
131
syslogger = (logging.handlers.SysLogHandler(
132
facility = logging.handlers.SysLogHandler.LOG_DAEMON,
133
address = "/dev/log"))
134
116
syslogger.setFormatter(logging.Formatter
135
117
('Mandos [%(process)d]: %(levelname)s:'
136
118
' %(message)s'))
153
135
154
136
class PGPEngine(object):
155
137
"""A simple class for OpenPGP symmetric encryption & decryption"""
156
157
138
def __init__(self):
139
self.gnupg = GnuPGInterface.GnuPG()
158
140
self.tempdir = tempfile.mkdtemp(prefix="mandos-")
159
self.gnupgargs = ['--batch',
160
'--home', self.tempdir,
161
'--force-mdc',
162
'--quiet',
163
'--no-use-agent']
141
self.gnupg = GnuPGInterface.GnuPG()
142
self.gnupg.options.meta_interactive = False
143
self.gnupg.options.homedir = self.tempdir
144
self.gnupg.options.extra_args.extend(['--force-mdc',
145
'--quiet',
146
'--no-use-agent'])
164
147
165
148
def __enter__(self):
166
149
return self
167
150
168
def __exit__(self, exc_type, exc_value, traceback):
151
def __exit__ (self, exc_type, exc_value, traceback):
169
152
self._cleanup()
170
153
return False
171
154
188
171
def password_encode(self, password):
189
172
# Passphrase can not be empty and can not contain newlines or
190
173
# NUL bytes. So we prefix it and hex encode it.
191
encoded = b"mandos" + binascii.hexlify(password)
192
if len(encoded) > 2048:
193
# GnuPG can't handle long passwords, so encode differently
194
encoded = (b"mandos" + password.replace(b"\\", b"\\\\")
195
.replace(b"\n", b"\\n")
196
.replace(b"\0", b"\\x00"))
197
return encoded
174
return b"mandos" + binascii.hexlify(password)
198
175
199
176
def encrypt(self, data, password):
200
passphrase = self.password_encode(password)
201
with tempfile.NamedTemporaryFile(
202
dir=self.tempdir) as passfile:
203
passfile.write(passphrase)
204
passfile.flush()
205
proc = subprocess.Popen(['gpg', '--symmetric',
206
'--passphrase-file',
207
passfile.name]
208
+ self.gnupgargs,
209
stdin = subprocess.PIPE,
210
stdout = subprocess.PIPE,
211
stderr = subprocess.PIPE)
212
ciphertext, err = proc.communicate(input = data)
213
if proc.returncode != 0:
214
raise PGPError(err)
177
self.gnupg.passphrase = self.password_encode(password)
178
with open(os.devnull) as devnull:
179
try:
180
proc = self.gnupg.run(['--symmetric'],
181
create_fhs=['stdin', 'stdout'],
182
attach_fhs={'stderr': devnull})
183
with contextlib.closing(proc.handles['stdin']) as f:
184
f.write(data)
185
with contextlib.closing(proc.handles['stdout']) as f:
186
ciphertext = f.read()
187
proc.wait()
188
except IOError as e:
189
raise PGPError(e)
190
self.gnupg.passphrase = None
215
191
return ciphertext
216
192
217
193
def decrypt(self, data, password):
218
passphrase = self.password_encode(password)
219
with tempfile.NamedTemporaryFile(
220
dir = self.tempdir) as passfile:
221
passfile.write(passphrase)
222
passfile.flush()
223
proc = subprocess.Popen(['gpg', '--decrypt',
224
'--passphrase-file',
225
passfile.name]
226
+ self.gnupgargs,
227
stdin = subprocess.PIPE,
228
stdout = subprocess.PIPE,
229
stderr = subprocess.PIPE)
230
decrypted_plaintext, err = proc.communicate(input = data)
231
if proc.returncode != 0:
232
raise PGPError(err)
194
self.gnupg.passphrase = self.password_encode(password)
195
with open(os.devnull) as devnull:
196
try:
197
proc = self.gnupg.run(['--decrypt'],
198
create_fhs=['stdin', 'stdout'],
199
attach_fhs={'stderr': devnull})
200
with contextlib.closing(proc.handles['stdin'] ) as f:
201
f.write(data)
202
with contextlib.closing(proc.handles['stdout']) as f:
203
decrypted_plaintext = f.read()
204
proc.wait()
205
except IOError as e:
206
raise PGPError(e)
207
self.gnupg.passphrase = None
233
208
return decrypted_plaintext
234
209
235
210
211
236
212
class AvahiError(Exception):
237
213
def __init__(self, value, *args, **kwargs):
238
214
self.value = value
239
return super(AvahiError, self).__init__(value, *args,
240
**kwargs)
241
215
super(AvahiError, self).__init__(value, *args, **kwargs)
216
def __unicode__(self):
217
return unicode(repr(self.value))
242
218
243
219
class AvahiServiceError(AvahiError):
244
220
pass
245
221
246
247
222
class AvahiGroupError(AvahiError):
248
223
pass
249
224
256
231
Used to optionally bind to the specified interface.
257
232
name: string; Example: 'Mandos'
258
233
type: string; Example: '_mandos._tcp'.
259
See <https://www.iana.org/assignments/service-names-port-numbers>
234
See <http://www.dns-sd.org/ServiceTypes.html>
260
235
port: integer; what port to announce
261
236
TXT: list of strings; TXT record for the service
262
237
domain: string; Domain to publish on, default to .local if empty.
268
243
server: D-Bus Server
269
244
bus: dbus.SystemBus()
270
245
"""
271
272
def __init__(self,
273
interface = avahi.IF_UNSPEC,
274
name = None,
275
servicetype = None,
276
port = None,
277
TXT = None,
278
domain = "",
279
host = "",
280
max_renames = 32768,
281
protocol = avahi.PROTO_UNSPEC,
282
bus = None):
246
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
247
servicetype = None, port = None, TXT = None,
248
domain = "", host = "", max_renames = 32768,
249
protocol = avahi.PROTO_UNSPEC, bus = None):
283
250
self.interface = interface
284
251
self.name = name
285
252
self.type = servicetype
294
261
self.server = None
295
262
self.bus = bus
296
263
self.entry_group_state_changed_match = None
297
298
def rename(self, remove=True):
264
def rename(self):
299
265
"""Derived from the Avahi example code"""
300
266
if self.rename_count >= self.max_renames:
301
267
logger.critical("No suitable Zeroconf service name found"
302
268
" after %i retries, exiting.",
303
269
self.rename_count)
304
270
raise AvahiServiceError("Too many renames")
305
self.name = str(
306
self.server.GetAlternativeServiceName(self.name))
307
self.rename_count += 1
271
self.name = unicode(self.server
272
.GetAlternativeServiceName(self.name))
308
273
logger.info("Changing Zeroconf service name to %r ...",
309
274
self.name)
310
if remove:
311
self.remove()
275
self.remove()
312
276
try:
313
277
self.add()
314
278
except dbus.exceptions.DBusException as error:
315
if (error.get_dbus_name()
316
== "org.freedesktop.Avahi.CollisionError"):
317
logger.info("Local Zeroconf service name collision.")
318
return self.rename(remove=False)
319
else:
320
logger.critical("D-Bus Exception", exc_info=error)
321
self.cleanup()
322
os._exit(1)
323
279
logger.critical("DBusException: %s", error)
280
self.cleanup()
281
os._exit(1)
282
self.rename_count += 1
324
283
def remove(self):
325
284
"""Derived from the Avahi example code"""
326
285
if self.entry_group_state_changed_match is not None:
328
287
self.entry_group_state_changed_match = None
329
288
if self.group is not None:
330
289
self.group.Reset()
331
332
290
def add(self):
333
291
"""Derived from the Avahi example code"""
334
292
self.remove()
351
309
dbus.UInt16(self.port),
352
310
avahi.string_array_to_txt_array(self.TXT))
353
311
self.group.Commit()
354
355
312
def entry_group_state_changed(self, state, error):
356
313
"""Derived from the Avahi example code"""
357
314
logger.debug("Avahi entry group state change: %i", state)
363
320
self.rename()
364
321
elif state == avahi.ENTRY_GROUP_FAILURE:
365
322
logger.critical("Avahi: Error in group state changed %s",
366
str(error))
367
raise AvahiGroupError("State changed: {!s}".format(error))
368
323
unicode(error))
324
raise AvahiGroupError("State changed: %s"
325
% unicode(error))
369
326
def cleanup(self):
370
327
"""Derived from the Avahi example code"""
371
328
if self.group is not None:
376
333
pass
377
334
self.group = None
378
335
self.remove()
379
380
336
def server_state_changed(self, state, error=None):
381
337
"""Derived from the Avahi example code"""
382
338
logger.debug("Avahi server state change: %i", state)
383
bad_states = {
384
avahi.SERVER_INVALID: "Zeroconf server invalid",
385
avahi.SERVER_REGISTERING: None,
386
avahi.SERVER_COLLISION: "Zeroconf server name collision",
387
avahi.SERVER_FAILURE: "Zeroconf server failure",
388
}
339
bad_states = { avahi.SERVER_INVALID:
340
"Zeroconf server invalid",
341
avahi.SERVER_REGISTERING: None,
342
avahi.SERVER_COLLISION:
343
"Zeroconf server name collision",
344
avahi.SERVER_FAILURE:
345
"Zeroconf server failure" }
389
346
if state in bad_states:
390
347
if bad_states[state] is not None:
391
348
if error is None:
394
351
logger.error(bad_states[state] + ": %r", error)
395
352
self.cleanup()
396
353
elif state == avahi.SERVER_RUNNING:
397
try:
398
self.add()
399
except dbus.exceptions.DBusException as error:
400
if (error.get_dbus_name()
401
== "org.freedesktop.Avahi.CollisionError"):
402
logger.info("Local Zeroconf service name"
403
" collision.")
404
return self.rename(remove=False)
405
else:
406
logger.critical("D-Bus Exception", exc_info=error)
407
self.cleanup()
408
os._exit(1)
354
self.add()
409
355
else:
410
356
if error is None:
411
357
logger.debug("Unknown state: %r", state)
412
358
else:
413
359
logger.debug("Unknown state: %r: %r", state, error)
414
415
360
def activate(self):
416
361
"""Derived from the Avahi example code"""
417
362
if self.server is None:
421
366
follow_name_owner_changes=True),
422
367
avahi.DBUS_INTERFACE_SERVER)
423
368
self.server.connect_to_signal("StateChanged",
424
self.server_state_changed)
369
self.server_state_changed)
425
370
self.server_state_changed(self.server.GetState())
426
371
427
428
372
class AvahiServiceToSyslog(AvahiService):
429
def rename(self, *args, **kwargs):
373
def rename(self):
430
374
"""Add the new name to the syslog messages"""
431
ret = AvahiService.rename(self, *args, **kwargs)
432
syslogger.setFormatter(logging.Formatter(
433
'Mandos ({}) [%(process)d]: %(levelname)s: %(message)s'
434
.format(self.name)))
375
ret = AvahiService.rename(self)
376
syslogger.setFormatter(logging.Formatter
377
('Mandos (%s) [%%(process)d]:'
378
' %%(levelname)s: %%(message)s'
379
% self.name))
435
380
return ret
436
381
437
def call_pipe(connection, # : multiprocessing.Connection
438
func, *args, **kwargs):
439
"""This function is meant to be called by multiprocessing.Process
440
441
This function runs func(*args, **kwargs), and writes the resulting
442
return value on the provided multiprocessing.Connection.
443
"""
444
connection.send(func(*args, **kwargs))
445
connection.close()
446
382
def timedelta_to_milliseconds(td):
383
"Convert a datetime.timedelta() to milliseconds"
384
return ((td.days * 24 * 60 * 60 * 1000)
385
+ (td.seconds * 1000)
386
+ (td.microseconds // 1000))
387
447
388
class Client(object):
448
389
"""A representation of a client host served by this server.
449
390
474
415
last_checked_ok: datetime.datetime(); (UTC) or None
475
416
last_checker_status: integer between 0 and 255 reflecting exit
476
417
status of last checker. -1 reflects crashed
477
checker, -2 means no checker completed yet.
478
last_checker_signal: The signal which killed the last checker, if
479
last_checker_status is -1
418
checker, or None.
480
419
last_enabled: datetime.datetime(); (UTC) or None
481
420
name: string; from the config file, used in log messages and
482
421
D-Bus identifiers
487
426
runtime_expansions: Allowed attributes for runtime expansion.
488
427
expires: datetime.datetime(); time (UTC) when a client will be
489
428
disabled, or None
490
server_settings: The server_settings dict from main()
491
429
"""
492
430
493
431
runtime_expansions = ("approval_delay", "approval_duration",
494
"created", "enabled", "expires",
495
"fingerprint", "host", "interval",
496
"last_approval_request", "last_checked_ok",
432
"created", "enabled", "fingerprint",
433
"host", "interval", "last_checked_ok",
497
434
"last_enabled", "name", "timeout")
498
client_defaults = {
499
"timeout": "PT5M",
500
"extended_timeout": "PT15M",
501
"interval": "PT2M",
502
"checker": "fping -q -- %%(host)s",
503
"host": "",
504
"approval_delay": "PT0S",
505
"approval_duration": "PT1S",
506
"approved_by_default": "True",
507
"enabled": "True",
508
}
509
435
client_defaults = { "timeout": "5m",
436
"extended_timeout": "15m",
437
"interval": "2m",
438
"checker": "fping -q -- %%(host)s",
439
"host": "",
440
"approval_delay": "0s",
441
"approval_duration": "1s",
442
"approved_by_default": "True",
443
"enabled": "True",
444
}
445
446
def timeout_milliseconds(self):
447
"Return the 'timeout' attribute in milliseconds"
448
return timedelta_to_milliseconds(self.timeout)
449
450
def extended_timeout_milliseconds(self):
451
"Return the 'extended_timeout' attribute in milliseconds"
452
return timedelta_to_milliseconds(self.extended_timeout)
453
454
def interval_milliseconds(self):
455
"Return the 'interval' attribute in milliseconds"
456
return timedelta_to_milliseconds(self.interval)
457
458
def approval_delay_milliseconds(self):
459
return timedelta_to_milliseconds(self.approval_delay)
460
510
461
@staticmethod
511
462
def config_parser(config):
512
463
"""Construct a new dict of client settings of this form:
527
478
client["enabled"] = config.getboolean(client_name,
528
479
"enabled")
529
480
530
# Uppercase and remove spaces from fingerprint for later
531
# comparison purposes with return value from the
532
# fingerprint() function
533
481
client["fingerprint"] = (section["fingerprint"].upper()
534
482
.replace(" ", ""))
535
483
if "secret" in section:
540
488
"rb") as secfile:
541
489
client["secret"] = secfile.read()
542
490
else:
543
raise TypeError("No secret or secfile for section {}"
544
.format(section))
491
raise TypeError("No secret or secfile for section %s"
492
% section)
545
493
client["timeout"] = string_to_delta(section["timeout"])
546
494
client["extended_timeout"] = string_to_delta(
547
495
section["extended_timeout"])
553
501
client["checker_command"] = section["checker"]
554
502
client["last_approval_request"] = None
555
503
client["last_checked_ok"] = None
556
client["last_checker_status"] = -2
504
client["last_checker_status"] = None
557
505
558
506
return settings
559
560
def __init__(self, settings, name = None, server_settings=None):
507
508
509
def __init__(self, settings, name = None):
510
"""Note: the 'checker' key in 'config' sets the
511
'checker_command' attribute and *not* the 'checker'
512
attribute."""
561
513
self.name = name
562
if server_settings is None:
563
server_settings = {}
564
self.server_settings = server_settings
565
514
# adding all client settings
566
for setting, value in settings.items():
515
for setting, value in settings.iteritems():
567
516
setattr(self, setting, value)
568
517
569
518
if self.enabled:
575
524
else:
576
525
self.last_enabled = None
577
526
self.expires = None
578
527
579
528
logger.debug("Creating client %r", self.name)
529
# Uppercase and remove spaces from fingerprint for later
530
# comparison purposes with return value from the fingerprint()
531
# function
580
532
logger.debug(" Fingerprint: %s", self.fingerprint)
581
533
self.created = settings.get("created",
582
534
datetime.datetime.utcnow())
583
535
584
536
# attributes specific for this server instance
585
537
self.checker = None
586
538
self.checker_initiator_tag = None
589
541
self.current_checker_command = None
590
542
self.approved = None
591
543
self.approvals_pending = 0
592
self.changedstate = multiprocessing_manager.Condition(
593
multiprocessing_manager.Lock())
594
self.client_structure = [attr
595
for attr in self.__dict__.iterkeys()
544
self.changedstate = (multiprocessing_manager
545
.Condition(multiprocessing_manager
546
.Lock()))
547
self.client_structure = [attr for attr in
548
self.__dict__.iterkeys()
596
549
if not attr.startswith("_")]
597
550
self.client_structure.append("client_structure")
598
551
599
for name, t in inspect.getmembers(
600
type(self), lambda obj: isinstance(obj, property)):
552
for name, t in inspect.getmembers(type(self),
553
lambda obj:
554
isinstance(obj,
555
property)):
601
556
if not name.startswith("_"):
602
557
self.client_structure.append(name)
603
558
611
566
if getattr(self, "enabled", False):
612
567
# Already enabled
613
568
return
569
self.send_changedstate()
614
570
self.expires = datetime.datetime.utcnow() + self.timeout
615
571
self.enabled = True
616
572
self.last_enabled = datetime.datetime.utcnow()
617
573
self.init_checker()
618
self.send_changedstate()
619
574
620
575
def disable(self, quiet=True):
621
576
"""Disable this client."""
622
577
if not getattr(self, "enabled", False):
623
578
return False
624
579
if not quiet:
580
self.send_changedstate()
581
if not quiet:
625
582
logger.info("Disabling client %s", self.name)
626
if getattr(self, "disable_initiator_tag", None) is not None:
583
if getattr(self, "disable_initiator_tag", False):
627
584
gobject.source_remove(self.disable_initiator_tag)
628
585
self.disable_initiator_tag = None
629
586
self.expires = None
630
if getattr(self, "checker_initiator_tag", None) is not None:
587
if getattr(self, "checker_initiator_tag", False):
631
588
gobject.source_remove(self.checker_initiator_tag)
632
589
self.checker_initiator_tag = None
633
590
self.stop_checker()
634
591
self.enabled = False
635
if not quiet:
636
self.send_changedstate()
637
592
# Do not run this again if called by a gobject.timeout_add
638
593
return False
639
594
643
598
def init_checker(self):
644
599
# Schedule a new checker to be started an 'interval' from now,
645
600
# and every interval from then on.
646
if self.checker_initiator_tag is not None:
647
gobject.source_remove(self.checker_initiator_tag)
648
self.checker_initiator_tag = gobject.timeout_add(
649
int(self.interval.total_seconds() * 1000),
650
self.start_checker)
601
self.checker_initiator_tag = (gobject.timeout_add
602
(self.interval_milliseconds(),
603
self.start_checker))
651
604
# Schedule a disable() when 'timeout' has passed
652
if self.disable_initiator_tag is not None:
653
gobject.source_remove(self.disable_initiator_tag)
654
self.disable_initiator_tag = gobject.timeout_add(
655
int(self.timeout.total_seconds() * 1000), self.disable)
605
self.disable_initiator_tag = (gobject.timeout_add
606
(self.timeout_milliseconds(),
607
self.disable))
656
608
# Also start a new checker *right now*.
657
609
self.start_checker()
658
610
659
def checker_callback(self, source, condition, connection,
660
command):
611
def checker_callback(self, pid, condition, command):
661
612
"""The checker has completed, so take appropriate actions."""
662
613
self.checker_callback_tag = None
663
614
self.checker = None
664
# Read return code from connection (see call_pipe)
665
returncode = connection.recv()
666
connection.close()
667
668
if returncode >= 0:
669
self.last_checker_status = returncode
670
self.last_checker_signal = None
615
if os.WIFEXITED(condition):
616
self.last_checker_status = os.WEXITSTATUS(condition)
671
617
if self.last_checker_status == 0:
672
618
logger.info("Checker for %(name)s succeeded",
673
619
vars(self))
674
620
self.checked_ok()
675
621
else:
676
logger.info("Checker for %(name)s failed", vars(self))
622
logger.info("Checker for %(name)s failed",
623
vars(self))
677
624
else:
678
625
self.last_checker_status = -1
679
self.last_checker_signal = -returncode
680
626
logger.warning("Checker for %(name)s crashed?",
681
627
vars(self))
682
return False
683
684
def checked_ok(self):
685
"""Assert that the client has been seen, alive and well."""
686
self.last_checked_ok = datetime.datetime.utcnow()
687
self.last_checker_status = 0
688
self.last_checker_signal = None
689
self.bump_timeout()
690
691
def bump_timeout(self, timeout=None):
692
"""Bump up the timeout for this client."""
628
629
def checked_ok(self, timeout=None):
630
"""Bump up the timeout for this client.
631
632
This should only be called when the client has been seen,
633
alive and well.
634
"""
693
635
if timeout is None:
694
636
timeout = self.timeout
637
self.last_checked_ok = datetime.datetime.utcnow()
695
638
if self.disable_initiator_tag is not None:
696
639
gobject.source_remove(self.disable_initiator_tag)
697
self.disable_initiator_tag = None
698
640
if getattr(self, "enabled", False):
699
self.disable_initiator_tag = gobject.timeout_add(
700
int(timeout.total_seconds() * 1000), self.disable)
641
self.disable_initiator_tag = (gobject.timeout_add
642
(timedelta_to_milliseconds
643
(timeout), self.disable))
701
644
self.expires = datetime.datetime.utcnow() + timeout
702
645
703
646
def need_approval(self):
709
652
If a checker already exists, leave it running and do
710
653
nothing."""
711
654
# The reason for not killing a running checker is that if we
712
# did that, and if a checker (for some reason) started running
713
# slowly and taking more than 'interval' time, then the client
714
# would inevitably timeout, since no checker would get a
715
# chance to run to completion. If we instead leave running
655
# did that, then if a checker (for some reason) started
656
# running slowly and taking more than 'interval' time, the
657
# client would inevitably timeout, since no checker would get
658
# a chance to run to completion. If we instead leave running
716
659
# checkers alone, the checker would have to take more time
717
660
# than 'timeout' for the client to be disabled, which is as it
718
661
# should be.
719
662
720
if self.checker is not None and not self.checker.is_alive():
721
logger.warning("Checker was not alive; joining")
722
self.checker.join()
723
self.checker = None
663
# If a checker exists, make sure it is not a zombie
664
try:
665
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
666
except (AttributeError, OSError) as error:
667
if (isinstance(error, OSError)
668
and error.errno != errno.ECHILD):
669
raise error
670
else:
671
if pid:
672
logger.warning("Checker was a zombie")
673
gobject.source_remove(self.checker_callback_tag)
674
self.checker_callback(pid, status,
675
self.current_checker_command)
724
676
# Start a new checker if needed
725
677
if self.checker is None:
726
# Escape attributes for the shell
727
escaped_attrs = {
728
attr: re.escape(str(getattr(self, attr)))
729
for attr in self.runtime_expansions }
730
678
try:
731
command = self.checker_command % escaped_attrs
732
except TypeError as error:
733
logger.error('Could not format string "%s"',
734
self.checker_command,
735
exc_info=error)
736
return True # Try again later
679
# In case checker_command has exactly one % operator
680
command = self.checker_command % self.host
681
except TypeError:
682
# Escape attributes for the shell
683
escaped_attrs = dict(
684
(attr,
685
re.escape(unicode(str(getattr(self, attr, "")),
686
errors=
687
'replace')))
688
for attr in
689
self.runtime_expansions)
690
691
try:
692
command = self.checker_command % escaped_attrs
693
except TypeError as error:
694
logger.error('Could not format string "%s":'
695
' %s', self.checker_command, error)
696
return True # Try again later
737
697
self.current_checker_command = command
738
logger.info("Starting checker %r for %s", command,
739
self.name)
740
# We don't need to redirect stdout and stderr, since
741
# in normal mode, that is already done by daemon(),
742
# and in debug mode we don't want to. (Stdin is
743
# always replaced by /dev/null.)
744
# The exception is when not debugging but nevertheless
745
# running in the foreground; use the previously
746
# created wnull.
747
popen_args = { "close_fds": True,
748
"shell": True,
749
"cwd": "/" }
750
if (not self.server_settings["debug"]
751
and self.server_settings["foreground"]):
752
popen_args.update({"stdout": wnull,
753
"stderr": wnull })
754
pipe = multiprocessing.Pipe(duplex = False)
755
self.checker = multiprocessing.Process(
756
target = call_pipe,
757
args = (pipe[1], subprocess.call, command),
758
kwargs = popen_args)
759
self.checker.start()
760
self.checker_callback_tag = gobject.io_add_watch(
761
pipe[0].fileno(), gobject.IO_IN,
762
self.checker_callback, pipe[0], command)
698
try:
699
logger.info("Starting checker %r for %s",
700
command, self.name)
701
# We don't need to redirect stdout and stderr, since
702
# in normal mode, that is already done by daemon(),
703
# and in debug mode we don't want to. (Stdin is
704
# always replaced by /dev/null.)
705
self.checker = subprocess.Popen(command,
706
close_fds=True,
707
shell=True, cwd="/")
708
self.checker_callback_tag = (gobject.child_watch_add
709
(self.checker.pid,
710
self.checker_callback,
711
data=command))
712
# The checker may have completed before the gobject
713
# watch was added. Check for this.
714
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
715
if pid:
716
gobject.source_remove(self.checker_callback_tag)
717
self.checker_callback(pid, status, command)
718
except OSError as error:
719
logger.error("Failed to start subprocess: %s",
720
error)
763
721
# Re-run this periodically if run by gobject.timeout_add
764
722
return True
765
723
771
729
if getattr(self, "checker", None) is None:
772
730
return
773
731
logger.debug("Stopping checker for %(name)s", vars(self))
774
self.checker.terminate()
732
try:
733
os.kill(self.checker.pid, signal.SIGTERM)
734
#time.sleep(0.5)
735
#if self.checker.poll() is None:
736
# os.kill(self.checker.pid, signal.SIGKILL)
737
except OSError as error:
738
if error.errno != errno.ESRCH: # No such process
739
raise
775
740
self.checker = None
776
741
777
742
778
def dbus_service_property(dbus_interface,
779
signature="v",
780
access="readwrite",
781
byte_arrays=False):
743
def dbus_service_property(dbus_interface, signature="v",
744
access="readwrite", byte_arrays=False):
782
745
"""Decorators for marking methods of a DBusObjectWithProperties to
783
746
become properties on the D-Bus.
784
747
793
756
# "Set" method, so we fail early here:
794
757
if byte_arrays and signature != "ay":
795
758
raise ValueError("Byte arrays not supported for non-'ay'"
796
" signature {!r}".format(signature))
797
759
" signature %r" % signature)
798
760
def decorator(func):
799
761
func._dbus_is_property = True
800
762
func._dbus_interface = dbus_interface
805
767
func._dbus_name = func._dbus_name[:-14]
806
768
func._dbus_get_args_options = {'byte_arrays': byte_arrays }
807
769
return func
808
809
return decorator
810
811
812
def dbus_interface_annotations(dbus_interface):
813
"""Decorator for marking functions returning interface annotations
814
815
Usage:
816
817
@dbus_interface_annotations("org.example.Interface")
818
def _foo(self): # Function name does not matter
819
return {"org.freedesktop.DBus.Deprecated": "true",
820
"org.freedesktop.DBus.Property.EmitsChangedSignal":
821
"false"}
822
"""
823
824
def decorator(func):
825
func._dbus_is_interface = True
826
func._dbus_interface = dbus_interface
827
func._dbus_name = dbus_interface
828
return func
829
830
return decorator
831
832
833
def dbus_annotations(annotations):
834
"""Decorator to annotate D-Bus methods, signals or properties
835
Usage:
836
837
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true",
838
"org.freedesktop.DBus.Property."
839
"EmitsChangedSignal": "false"})
840
@dbus_service_property("org.example.Interface", signature="b",
841
access="r")
842
def Property_dbus_property(self):
843
return dbus.Boolean(False)
844
845
See also the DBusObjectWithAnnotations class.
846
"""
847
848
def decorator(func):
849
func._dbus_annotations = annotations
850
return func
851
852
770
return decorator
853
771
854
772
855
773
class DBusPropertyException(dbus.exceptions.DBusException):
856
774
"""A base class for D-Bus property-related exceptions
857
775
"""
858
pass
776
def __unicode__(self):
777
return unicode(str(self))
859
778
860
779
861
780
class DBusPropertyAccessException(DBusPropertyException):
870
789
pass
871
790
872
791
873
class DBusObjectWithAnnotations(dbus.service.Object):
874
"""A D-Bus object with annotations.
875
876
Classes inheriting from this can use the dbus_annotations
877
decorator to add annotations to methods or signals.
878
"""
879
880
@staticmethod
881
def _is_dbus_thing(thing):
882
"""Returns a function testing if an attribute is a D-Bus thing
883
884
If called like _is_dbus_thing("method") it returns a function
885
suitable for use as predicate to inspect.getmembers().
886
"""
887
return lambda obj: getattr(obj, "_dbus_is_{}".format(thing),
888
False)
889
890
def _get_all_dbus_things(self, thing):
891
"""Returns a generator of (name, attribute) pairs
892
"""
893
return ((getattr(athing.__get__(self), "_dbus_name", name),
894
athing.__get__(self))
895
for cls in self.__class__.__mro__
896
for name, athing in
897
inspect.getmembers(cls, self._is_dbus_thing(thing)))
898
899
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
900
out_signature = "s",
901
path_keyword = 'object_path',
902
connection_keyword = 'connection')
903
def Introspect(self, object_path, connection):
904
"""Overloading of standard D-Bus method.
905
906
Inserts annotation tags on methods and signals.
907
"""
908
xmlstring = dbus.service.Object.Introspect(self, object_path,
909
connection)
910
try:
911
document = xml.dom.minidom.parseString(xmlstring)
912
913
for if_tag in document.getElementsByTagName("interface"):
914
# Add annotation tags
915
for typ in ("method", "signal"):
916
for tag in if_tag.getElementsByTagName(typ):
917
annots = dict()
918
for name, prop in (self.
919
_get_all_dbus_things(typ)):
920
if (name == tag.getAttribute("name")
921
and prop._dbus_interface
922
== if_tag.getAttribute("name")):
923
annots.update(getattr(
924
prop, "_dbus_annotations", {}))
925
for name, value in annots.items():
926
ann_tag = document.createElement(
927
"annotation")
928
ann_tag.setAttribute("name", name)
929
ann_tag.setAttribute("value", value)
930
tag.appendChild(ann_tag)
931
# Add interface annotation tags
932
for annotation, value in dict(
933
itertools.chain.from_iterable(
934
annotations().items()
935
for name, annotations
936
in self._get_all_dbus_things("interface")
937
if name == if_tag.getAttribute("name")
938
)).items():
939
ann_tag = document.createElement("annotation")
940
ann_tag.setAttribute("name", annotation)
941
ann_tag.setAttribute("value", value)
942
if_tag.appendChild(ann_tag)
943
# Fix argument name for the Introspect method itself
944
if (if_tag.getAttribute("name")
945
== dbus.INTROSPECTABLE_IFACE):
946
for cn in if_tag.getElementsByTagName("method"):
947
if cn.getAttribute("name") == "Introspect":
948
for arg in cn.getElementsByTagName("arg"):
949
if (arg.getAttribute("direction")
950
== "out"):
951
arg.setAttribute("name",
952
"xml_data")
953
xmlstring = document.toxml("utf-8")
954
document.unlink()
955
except (AttributeError, xml.dom.DOMException,
956
xml.parsers.expat.ExpatError) as error:
957
logger.error("Failed to override Introspection method",
958
exc_info=error)
959
return xmlstring
960
961
962
class DBusObjectWithProperties(DBusObjectWithAnnotations):
792
class DBusObjectWithProperties(dbus.service.Object):
963
793
"""A D-Bus object with properties.
964
794
965
795
Classes inheriting from this can use the dbus_service_property
967
797
standard Get(), Set(), and GetAll() methods on the D-Bus.
968
798
"""
969
799
800
@staticmethod
801
def _is_dbus_property(obj):
802
return getattr(obj, "_dbus_is_property", False)
803
804
def _get_all_dbus_properties(self):
805
"""Returns a generator of (name, attribute) pairs
806
"""
807
return ((prop.__get__(self)._dbus_name, prop.__get__(self))
808
for cls in self.__class__.__mro__
809
for name, prop in
810
inspect.getmembers(cls, self._is_dbus_property))
811
970
812
def _get_dbus_property(self, interface_name, property_name):
971
813
"""Returns a bound method if one exists which is a D-Bus
972
814
property with the specified name and interface.
973
815
"""
974
for cls in self.__class__.__mro__:
975
for name, value in inspect.getmembers(
976
cls, self._is_dbus_thing("property")):
816
for cls in self.__class__.__mro__:
817
for name, value in (inspect.getmembers
818
(cls, self._is_dbus_property)):
977
819
if (value._dbus_name == property_name
978
820
and value._dbus_interface == interface_name):
979
821
return value.__get__(self)
980
822
981
823
# No such property
982
raise DBusPropertyNotFound("{}:{}.{}".format(
983
self.dbus_object_path, interface_name, property_name))
984
985
@classmethod
986
def _get_all_interface_names(cls):
987
"""Get a sequence of all interfaces supported by an object"""
988
return (name for name in set(getattr(getattr(x, attr),
989
"_dbus_interface", None)
990
for x in (inspect.getmro(cls))
991
for attr in dir(x))
992
if name is not None)
993
994
@dbus.service.method(dbus.PROPERTIES_IFACE,
995
in_signature="ss",
824
raise DBusPropertyNotFound(self.dbus_object_path + ":"
825
+ interface_name + "."
826
+ property_name)
827
828
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
996
829
out_signature="v")
997
830
def Get(self, interface_name, property_name):
998
831
"""Standard D-Bus property Get() method, see D-Bus standard.
1016
849
# The byte_arrays option is not supported yet on
1017
850
# signatures other than "ay".
1018
851
if prop._dbus_signature != "ay":
1019
raise ValueError("Byte arrays not supported for non-"
1020
"'ay' signature {!r}"
1021
.format(prop._dbus_signature))
852
raise ValueError
1022
853
value = dbus.ByteArray(b''.join(chr(byte)
1023
854
for byte in value))
1024
855
prop(value)
1025
856
1026
@dbus.service.method(dbus.PROPERTIES_IFACE,
1027
in_signature="s",
857
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
1028
858
out_signature="a{sv}")
1029
859
def GetAll(self, interface_name):
1030
860
"""Standard D-Bus property GetAll() method, see D-Bus
1033
863
Note: Will not include properties with access="write".
1034
864
"""
1035
865
properties = {}
1036
for name, prop in self._get_all_dbus_things("property"):
866
for name, prop in self._get_all_dbus_properties():
1037
867
if (interface_name
1038
868
and interface_name != prop._dbus_interface):
1039
869
# Interface non-empty but did not match
1045
875
if not hasattr(value, "variant_level"):
1046
876
properties[name] = value
1047
877
continue
1048
properties[name] = type(value)(
1049
value, variant_level = value.variant_level + 1)
878
properties[name] = type(value)(value, variant_level=
879
value.variant_level+1)
1050
880
return dbus.Dictionary(properties, signature="sv")
1051
881
1052
@dbus.service.signal(dbus.PROPERTIES_IFACE, signature="sa{sv}as")
1053
def PropertiesChanged(self, interface_name, changed_properties,
1054
invalidated_properties):
1055
"""Standard D-Bus PropertiesChanged() signal, see D-Bus
1056
standard.
1057
"""
1058
pass
1059
1060
882
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
1061
883
out_signature="s",
1062
884
path_keyword='object_path',
1063
885
connection_keyword='connection')
1064
886
def Introspect(self, object_path, connection):
1065
"""Overloading of standard D-Bus method.
1066
1067
Inserts property tags and interface annotation tags.
887
"""Standard D-Bus method, overloaded to insert property tags.
1068
888
"""
1069
xmlstring = DBusObjectWithAnnotations.Introspect(self,
1070
object_path,
1071
connection)
889
xmlstring = dbus.service.Object.Introspect(self, object_path,
890
connection)
1072
891
try:
1073
892
document = xml.dom.minidom.parseString(xmlstring)
1074
1075
893
def make_tag(document, name, prop):
1076
894
e = document.createElement("property")
1077
895
e.setAttribute("name", name)
1078
896
e.setAttribute("type", prop._dbus_signature)
1079
897
e.setAttribute("access", prop._dbus_access)
1080
898
return e
1081
1082
899
for if_tag in document.getElementsByTagName("interface"):
1083
# Add property tags
1084
900
for tag in (make_tag(document, name, prop)
1085
901
for name, prop
1086
in self._get_all_dbus_things("property")
902
in self._get_all_dbus_properties()
1087
903
if prop._dbus_interface
1088
904
== if_tag.getAttribute("name")):
1089
905
if_tag.appendChild(tag)
1090
# Add annotation tags for properties
1091
for tag in if_tag.getElementsByTagName("property"):
1092
annots = dict()
1093
for name, prop in self._get_all_dbus_things(
1094
"property"):
1095
if (name == tag.getAttribute("name")
1096
and prop._dbus_interface
1097
== if_tag.getAttribute("name")):
1098
annots.update(getattr(
1099
prop, "_dbus_annotations", {}))
1100
for name, value in annots.items():
1101
ann_tag = document.createElement(
1102
"annotation")
1103
ann_tag.setAttribute("name", name)
1104
ann_tag.setAttribute("value", value)
1105
tag.appendChild(ann_tag)
1106
906
# Add the names to the return values for the
1107
907
# "org.freedesktop.DBus.Properties" methods
1108
908
if (if_tag.getAttribute("name")
1123
923
except (AttributeError, xml.dom.DOMException,
1124
924
xml.parsers.expat.ExpatError) as error:
1125
925
logger.error("Failed to override Introspection method",
1126
exc_info=error)
1127
return xmlstring
1128
1129
try:
1130
dbus.OBJECT_MANAGER_IFACE
1131
except AttributeError:
1132
dbus.OBJECT_MANAGER_IFACE = "org.freedesktop.DBus.ObjectManager"
1133
1134
class DBusObjectWithObjectManager(DBusObjectWithAnnotations):
1135
"""A D-Bus object with an ObjectManager.
1136
1137
Classes inheriting from this exposes the standard
1138
GetManagedObjects call and the InterfacesAdded and
1139
InterfacesRemoved signals on the standard
1140
"org.freedesktop.DBus.ObjectManager" interface.
1141
1142
Note: No signals are sent automatically; they must be sent
1143
manually.
1144
"""
1145
@dbus.service.method(dbus.OBJECT_MANAGER_IFACE,
1146
out_signature = "a{oa{sa{sv}}}")
1147
def GetManagedObjects(self):
1148
"""This function must be overridden"""
1149
raise NotImplementedError()
1150
1151
@dbus.service.signal(dbus.OBJECT_MANAGER_IFACE,
1152
signature = "oa{sa{sv}}")
1153
def InterfacesAdded(self, object_path, interfaces_and_properties):
1154
pass
1155
1156
@dbus.service.signal(dbus.OBJECT_MANAGER_IFACE, signature = "oas")
1157
def InterfacesRemoved(self, object_path, interfaces):
1158
pass
1159
1160
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
1161
out_signature = "s",
1162
path_keyword = 'object_path',
1163
connection_keyword = 'connection')
1164
def Introspect(self, object_path, connection):
1165
"""Overloading of standard D-Bus method.
1166
1167
Override return argument name of GetManagedObjects to be
1168
"objpath_interfaces_and_properties"
1169
"""
1170
xmlstring = DBusObjectWithAnnotations.Introspect(self,
1171
object_path,
1172
connection)
1173
try:
1174
document = xml.dom.minidom.parseString(xmlstring)
1175
1176
for if_tag in document.getElementsByTagName("interface"):
1177
# Fix argument name for the GetManagedObjects method
1178
if (if_tag.getAttribute("name")
1179
== dbus.OBJECT_MANAGER_IFACE):
1180
for cn in if_tag.getElementsByTagName("method"):
1181
if (cn.getAttribute("name")
1182
== "GetManagedObjects"):
1183
for arg in cn.getElementsByTagName("arg"):
1184
if (arg.getAttribute("direction")
1185
== "out"):
1186
arg.setAttribute(
1187
"name",
1188
"objpath_interfaces"
1189
"_and_properties")
1190
xmlstring = document.toxml("utf-8")
1191
document.unlink()
1192
except (AttributeError, xml.dom.DOMException,
1193
xml.parsers.expat.ExpatError) as error:
1194
logger.error("Failed to override Introspection method",
1195
exc_info = error)
1196
return xmlstring
1197
1198
def datetime_to_dbus(dt, variant_level=0):
926
error)
927
return xmlstring
928
929
930
def datetime_to_dbus (dt, variant_level=0):
1199
931
"""Convert a UTC datetime.datetime() to a D-Bus type."""
1200
932
if dt is None:
1201
933
return dbus.String("", variant_level = variant_level)
1202
return dbus.String(dt.isoformat(), variant_level=variant_level)
1203
1204
1205
def alternate_dbus_interfaces(alt_interface_names, deprecate=True):
1206
"""A class decorator; applied to a subclass of
1207
dbus.service.Object, it will add alternate D-Bus attributes with
1208
interface names according to the "alt_interface_names" mapping.
1209
Usage:
1210
1211
@alternate_dbus_interfaces({"org.example.Interface":
1212
"net.example.AlternateInterface"})
1213
class SampleDBusObject(dbus.service.Object):
1214
@dbus.service.method("org.example.Interface")
1215
def SampleDBusMethod():
1216
pass
1217
1218
The above "SampleDBusMethod" on "SampleDBusObject" will be
1219
reachable via two interfaces: "org.example.Interface" and
1220
"net.example.AlternateInterface", the latter of which will have
1221
its D-Bus annotation "org.freedesktop.DBus.Deprecated" set to
1222
"true", unless "deprecate" is passed with a False value.
1223
1224
This works for methods and signals, and also for D-Bus properties
1225
(from DBusObjectWithProperties) and interfaces (from the
1226
dbus_interface_annotations decorator).
934
return dbus.String(dt.isoformat(),
935
variant_level=variant_level)
936
937
938
class AlternateDBusNamesMetaclass(DBusObjectWithProperties
939
.__metaclass__):
940
"""Applied to an empty subclass of a D-Bus object, this metaclass
941
will add additional D-Bus attributes matching a certain pattern.
1227
942
"""
1228
1229
def wrapper(cls):
1230
for orig_interface_name, alt_interface_name in (
1231
alt_interface_names.items()):
1232
attr = {}
1233
interface_names = set()
1234
# Go though all attributes of the class
1235
for attrname, attribute in inspect.getmembers(cls):
943
def __new__(mcs, name, bases, attr):
944
# Go through all the base classes which could have D-Bus
945
# methods, signals, or properties in them
946
for base in (b for b in bases
947
if issubclass(b, dbus.service.Object)):
948
# Go though all attributes of the base class
949
for attrname, attribute in inspect.getmembers(base):
1236
950
# Ignore non-D-Bus attributes, and D-Bus attributes
1237
951
# with the wrong interface name
1238
952
if (not hasattr(attribute, "_dbus_interface")
1239
or not attribute._dbus_interface.startswith(
1240
orig_interface_name)):
953
or not attribute._dbus_interface
954
.startswith("se.recompile.Mandos")):
1241
955
continue
1242
956
# Create an alternate D-Bus interface name based on
1243
957
# the current name
1244
alt_interface = attribute._dbus_interface.replace(
1245
orig_interface_name, alt_interface_name)
1246
interface_names.add(alt_interface)
958
alt_interface = (attribute._dbus_interface
959
.replace("se.recompile.Mandos",
960
"se.bsnet.fukt.Mandos"))
1247
961
# Is this a D-Bus signal?
1248
962
if getattr(attribute, "_dbus_is_signal", False):
1249
if sys.version_info.major == 2:
1250
# Extract the original non-method undecorated
1251
# function by black magic
1252
nonmethod_func = (dict(
963
# Extract the original non-method function by
964
# black magic
965
nonmethod_func = (dict(
1253
966
zip(attribute.func_code.co_freevars,
1254
attribute.__closure__))
1255
["func"].cell_contents)
1256
else:
1257
nonmethod_func = attribute
967
attribute.__closure__))["func"]
968
.cell_contents)
1258
969
# Create a new, but exactly alike, function
1259
970
# object, and decorate it to be a new D-Bus signal
1260
971
# with the alternate D-Bus interface name
1261
if sys.version_info.major == 2:
1262
new_function = types.FunctionType(
1263
nonmethod_func.func_code,
1264
nonmethod_func.func_globals,
1265
nonmethod_func.func_name,
1266
nonmethod_func.func_defaults,
1267
nonmethod_func.func_closure)
1268
else:
1269
new_function = types.FunctionType(
1270
nonmethod_func.__code__,
1271
nonmethod_func.__globals__,
1272
nonmethod_func.__name__,
1273
nonmethod_func.__defaults__,
1274
nonmethod_func.__closure__)
1275
new_function = (dbus.service.signal(
1276
alt_interface,
1277
attribute._dbus_signature)(new_function))
1278
# Copy annotations, if any
1279
try:
1280
new_function._dbus_annotations = dict(
1281
attribute._dbus_annotations)
1282
except AttributeError:
1283
pass
972
new_function = (dbus.service.signal
973
(alt_interface,
974
attribute._dbus_signature)
975
(types.FunctionType(
976
nonmethod_func.func_code,
977
nonmethod_func.func_globals,
978
nonmethod_func.func_name,
979
nonmethod_func.func_defaults,
980
nonmethod_func.func_closure)))
1284
981
# Define a creator of a function to call both the
1285
# original and alternate functions, so both the
1286
# original and alternate signals gets sent when
1287
# the function is called
982
# old and new functions, so both the old and new
983
# signals gets sent when the function is called
1288
984
def fixscope(func1, func2):
1289
985
"""This function is a scope container to pass
1290
986
func1 and func2 to the "call_both" function
1291
987
outside of its arguments"""
1292
1293
@functools.wraps(func2)
1294
988
def call_both(*args, **kwargs):
1295
989
"""This function will emit two D-Bus
1296
990
signals by calling func1 and func2"""
1297
991
func1(*args, **kwargs)
1298
992
func2(*args, **kwargs)
1299
# Make wrapper function look like a D-Bus signal
1300
for name, attr in inspect.getmembers(func2):
1301
if name.startswith("_dbus_"):
1302
setattr(call_both, name, attr)
1303
1304
993
return call_both
1305
994
# Create the "call_both" function and add it to
1306
995
# the class
1307
attr[attrname] = fixscope(attribute, new_function)
996
attr[attrname] = fixscope(attribute,
997
new_function)
1308
998
# Is this a D-Bus method?
1309
999
elif getattr(attribute, "_dbus_is_method", False):
1310
1000
# Create a new, but exactly alike, function
1311
1001
# object. Decorate it to be a new D-Bus method
1312
1002
# with the alternate D-Bus interface name. Add it
1313
1003
# to the class.
1314
attr[attrname] = (
1315
dbus.service.method(
1316
alt_interface,
1317
attribute._dbus_in_signature,
1318
attribute._dbus_out_signature)
1319
(types.FunctionType(attribute.func_code,
1320
attribute.func_globals,
1321
attribute.func_name,
1322
attribute.func_defaults,
1323
attribute.func_closure)))
1324
# Copy annotations, if any
1325
try:
1326
attr[attrname]._dbus_annotations = dict(
1327
attribute._dbus_annotations)
1328
except AttributeError:
1329
pass
1004
attr[attrname] = (dbus.service.method
1005
(alt_interface,
1006
attribute._dbus_in_signature,
1007
attribute._dbus_out_signature)
1008
(types.FunctionType
1009
(attribute.func_code,
1010
attribute.func_globals,
1011
attribute.func_name,
1012
attribute.func_defaults,
1013
attribute.func_closure)))
1330
1014
# Is this a D-Bus property?
1331
1015
elif getattr(attribute, "_dbus_is_property", False):
1332
1016
# Create a new, but exactly alike, function
1333
1017
# object, and decorate it to be a new D-Bus
1334
1018
# property with the alternate D-Bus interface
1335
1019
# name. Add it to the class.
1336
attr[attrname] = (dbus_service_property(
1337
alt_interface, attribute._dbus_signature,
1338
attribute._dbus_access,
1339
attribute._dbus_get_args_options
1340
["byte_arrays"])
1341
(types.FunctionType(
1342
attribute.func_code,
1343
attribute.func_globals,
1344
attribute.func_name,
1345
attribute.func_defaults,
1346
attribute.func_closure)))
1347
# Copy annotations, if any
1348
try:
1349
attr[attrname]._dbus_annotations = dict(
1350
attribute._dbus_annotations)
1351
except AttributeError:
1352
pass
1353
# Is this a D-Bus interface?
1354
elif getattr(attribute, "_dbus_is_interface", False):
1355
# Create a new, but exactly alike, function
1356
# object. Decorate it to be a new D-Bus interface
1357
# with the alternate D-Bus interface name. Add it
1358
# to the class.
1359
attr[attrname] = (
1360
dbus_interface_annotations(alt_interface)
1361
(types.FunctionType(attribute.func_code,
1362
attribute.func_globals,
1363
attribute.func_name,
1364
attribute.func_defaults,
1365
attribute.func_closure)))
1366
if deprecate:
1367
# Deprecate all alternate interfaces
1368
iname="_AlternateDBusNames_interface_annotation{}"
1369
for interface_name in interface_names:
1370
1371
@dbus_interface_annotations(interface_name)
1372
def func(self):
1373
return { "org.freedesktop.DBus.Deprecated":
1374
"true" }
1375
# Find an unused name
1376
for aname in (iname.format(i)
1377
for i in itertools.count()):
1378
if aname not in attr:
1379
attr[aname] = func
1380
break
1381
if interface_names:
1382
# Replace the class with a new subclass of it with
1383
# methods, signals, etc. as created above.
1384
cls = type(b"{}Alternate".format(cls.__name__),
1385
(cls, ), attr)
1386
return cls
1387
1388
return wrapper
1389
1390
1391
@alternate_dbus_interfaces({"se.recompile.Mandos":
1392
"se.bsnet.fukt.Mandos"})
1020
attr[attrname] = (dbus_service_property
1021
(alt_interface,
1022
attribute._dbus_signature,
1023
attribute._dbus_access,
1024
attribute
1025
._dbus_get_args_options
1026
["byte_arrays"])
1027
(types.FunctionType
1028
(attribute.func_code,
1029
attribute.func_globals,
1030
attribute.func_name,
1031
attribute.func_defaults,
1032
attribute.func_closure)))
1033
return type.__new__(mcs, name, bases, attr)
1034
1035
1393
1036
class ClientDBus(Client, DBusObjectWithProperties):
1394
1037
"""A Client class using D-Bus
1395
1038
1399
1042
"""
1400
1043
1401
1044
runtime_expansions = (Client.runtime_expansions
1402
+ ("dbus_object_path", ))
1403
1404
_interface = "se.recompile.Mandos.Client"
1045
+ ("dbus_object_path",))
1405
1046
1406
1047
# dbus.service.Object doesn't use super(), so we can't either.
1407
1048
1410
1051
Client.__init__(self, *args, **kwargs)
1411
1052
# Only now, when this client is initialized, can it show up on
1412
1053
# the D-Bus
1413
client_object_name = str(self.name).translate(
1054
client_object_name = unicode(self.name).translate(
1414
1055
{ord("."): ord("_"),
1415
1056
ord("-"): ord("_")})
1416
self.dbus_object_path = dbus.ObjectPath(
1417
"/clients/" + client_object_name)
1057
self.dbus_object_path = (dbus.ObjectPath
1058
("/clients/" + client_object_name))
1418
1059
DBusObjectWithProperties.__init__(self, self.bus,
1419
1060
self.dbus_object_path)
1420
1421
def notifychangeproperty(transform_func, dbus_name,
1422
type_func=lambda x: x,
1423
variant_level=1,
1424
invalidate_only=False,
1425
_interface=_interface):
1061
1062
def notifychangeproperty(transform_func,
1063
dbus_name, type_func=lambda x: x,
1064
variant_level=1):
1426
1065
""" Modify a variable so that it's a property which announces
1427
1066
its changes to DBus.
1428
1067
1433
1072
to the D-Bus. Default: no transform
1434
1073
variant_level: D-Bus variant level. Default: 1
1435
1074
"""
1436
attrname = "_{}".format(dbus_name)
1437
1075
attrname = "_{0}".format(dbus_name)
1438
1076
def setter(self, value):
1439
1077
if hasattr(self, "dbus_object_path"):
1440
1078
if (not hasattr(self, attrname) or
1441
1079
type_func(getattr(self, attrname, None))
1442
1080
!= type_func(value)):
1443
if invalidate_only:
1444
self.PropertiesChanged(
1445
_interface, dbus.Dictionary(),
1446
dbus.Array((dbus_name, )))
1447
else:
1448
dbus_value = transform_func(
1449
type_func(value),
1450
variant_level = variant_level)
1451
self.PropertyChanged(dbus.String(dbus_name),
1452
dbus_value)
1453
self.PropertiesChanged(
1454
_interface,
1455
dbus.Dictionary({ dbus.String(dbus_name):
1456
dbus_value }),
1457
dbus.Array())
1081
dbus_value = transform_func(type_func(value),
1082
variant_level
1083
=variant_level)
1084
self.PropertyChanged(dbus.String(dbus_name),
1085
dbus_value)
1458
1086
setattr(self, attrname, value)
1459
1087
1460
1088
return property(lambda self: getattr(self, attrname), setter)
1461
1089
1090
1462
1091
expires = notifychangeproperty(datetime_to_dbus, "Expires")
1463
1092
approvals_pending = notifychangeproperty(dbus.Boolean,
1464
1093
"ApprovalPending",
1466
1095
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
1467
1096
last_enabled = notifychangeproperty(datetime_to_dbus,
1468
1097
"LastEnabled")
1469
checker = notifychangeproperty(
1470
dbus.Boolean, "CheckerRunning",
1471
type_func = lambda checker: checker is not None)
1098
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
1099
type_func = lambda checker:
1100
checker is not None)
1472
1101
last_checked_ok = notifychangeproperty(datetime_to_dbus,
1473
1102
"LastCheckedOK")
1474
last_checker_status = notifychangeproperty(dbus.Int16,
1475
"LastCheckerStatus")
1476
1103
last_approval_request = notifychangeproperty(
1477
1104
datetime_to_dbus, "LastApprovalRequest")
1478
1105
approved_by_default = notifychangeproperty(dbus.Boolean,
1479
1106
"ApprovedByDefault")
1480
approval_delay = notifychangeproperty(
1481
dbus.UInt64, "ApprovalDelay",
1482
type_func = lambda td: td.total_seconds() * 1000)
1107
approval_delay = notifychangeproperty(dbus.UInt64,
1108
"ApprovalDelay",
1109
type_func =
1110
timedelta_to_milliseconds)
1483
1111
approval_duration = notifychangeproperty(
1484
1112
dbus.UInt64, "ApprovalDuration",
1485
type_func = lambda td: td.total_seconds() * 1000)
1113
type_func = timedelta_to_milliseconds)
1486
1114
host = notifychangeproperty(dbus.String, "Host")
1487
timeout = notifychangeproperty(
1488
dbus.UInt64, "Timeout",
1489
type_func = lambda td: td.total_seconds() * 1000)
1115
timeout = notifychangeproperty(dbus.UInt64, "Timeout",
1116
type_func =
1117
timedelta_to_milliseconds)
1490
1118
extended_timeout = notifychangeproperty(
1491
1119
dbus.UInt64, "ExtendedTimeout",
1492
type_func = lambda td: td.total_seconds() * 1000)
1493
interval = notifychangeproperty(
1494
dbus.UInt64, "Interval",
1495
type_func = lambda td: td.total_seconds() * 1000)
1120
type_func = timedelta_to_milliseconds)
1121
interval = notifychangeproperty(dbus.UInt64,
1122
"Interval",
1123
type_func =
1124
timedelta_to_milliseconds)
1496
1125
checker_command = notifychangeproperty(dbus.String, "Checker")
1497
secret = notifychangeproperty(dbus.ByteArray, "Secret",
1498
invalidate_only=True)
1499
1126
1500
1127
del notifychangeproperty
1501
1128
1508
1135
DBusObjectWithProperties.__del__(self, *args, **kwargs)
1509
1136
Client.__del__(self, *args, **kwargs)
1510
1137
1511
def checker_callback(self, source, condition,
1512
connection, command, *args, **kwargs):
1513
ret = Client.checker_callback(self, source, condition,
1514
connection, command, *args,
1515
**kwargs)
1516
exitstatus = self.last_checker_status
1517
if exitstatus >= 0:
1138
def checker_callback(self, pid, condition, command,
1139
*args, **kwargs):
1140
self.checker_callback_tag = None
1141
self.checker = None
1142
if os.WIFEXITED(condition):
1143
exitstatus = os.WEXITSTATUS(condition)
1518
1144
# Emit D-Bus signal
1519
1145
self.CheckerCompleted(dbus.Int16(exitstatus),
1520
# This is specific to GNU libC
1521
dbus.Int64(exitstatus << 8),
1146
dbus.Int64(condition),
1522
1147
dbus.String(command))
1523
1148
else:
1524
1149
# Emit D-Bus signal
1525
1150
self.CheckerCompleted(dbus.Int16(-1),
1526
dbus.Int64(
1527
# This is specific to GNU libC
1528
(exitstatus << 8)
1529
| self.last_checker_signal),
1151
dbus.Int64(condition),
1530
1152
dbus.String(command))
1531
return ret
1153
1154
return Client.checker_callback(self, pid, condition, command,
1155
*args, **kwargs)
1532
1156
1533
1157
def start_checker(self, *args, **kwargs):
1534
old_checker_pid = getattr(self.checker, "pid", None)
1158
old_checker = self.checker
1159
if self.checker is not None:
1160
old_checker_pid = self.checker.pid
1161
else:
1162
old_checker_pid = None
1535
1163
r = Client.start_checker(self, *args, **kwargs)
1536
1164
# Only if new checker process was started
1537
1165
if (self.checker is not None
1545
1173
return False
1546
1174
1547
1175
def approve(self, value=True):
1176
self.send_changedstate()
1548
1177
self.approved = value
1549
gobject.timeout_add(int(self.approval_duration.total_seconds()
1550
* 1000), self._reset_approved)
1551
self.send_changedstate()
1178
gobject.timeout_add(timedelta_to_milliseconds
1179
(self.approval_duration),
1180
self._reset_approved)
1181
1552
1182
1553
1183
## D-Bus methods, signals & properties
1554
1555
## Interfaces
1184
_interface = "se.recompile.Mandos.Client"
1556
1185
1557
1186
## Signals
1558
1187
1569
1198
pass
1570
1199
1571
1200
# PropertyChanged - signal
1572
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1573
1201
@dbus.service.signal(_interface, signature="sv")
1574
1202
def PropertyChanged(self, property, value):
1575
1203
"D-Bus signal"
1609
1237
self.checked_ok()
1610
1238
1611
1239
# Enable - method
1612
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1613
1240
@dbus.service.method(_interface)
1614
1241
def Enable(self):
1615
1242
"D-Bus method"
1616
1243
self.enable()
1617
1244
1618
1245
# StartChecker - method
1619
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1620
1246
@dbus.service.method(_interface)
1621
1247
def StartChecker(self):
1622
1248
"D-Bus method"
1623
1249
self.start_checker()
1624
1250
1625
1251
# Disable - method
1626
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1627
1252
@dbus.service.method(_interface)
1628
1253
def Disable(self):
1629
1254
"D-Bus method"
1630
1255
self.disable()
1631
1256
1632
1257
# StopChecker - method
1633
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1634
1258
@dbus.service.method(_interface)
1635
1259
def StopChecker(self):
1636
1260
self.stop_checker()
1643
1267
return dbus.Boolean(bool(self.approvals_pending))
1644
1268
1645
1269
# ApprovedByDefault - property
1646
@dbus_service_property(_interface,
1647
signature="b",
1270
@dbus_service_property(_interface, signature="b",
1648
1271
access="readwrite")
1649
1272
def ApprovedByDefault_dbus_property(self, value=None):
1650
1273
if value is None: # get
1652
1275
self.approved_by_default = bool(value)
1653
1276
1654
1277
# ApprovalDelay - property
1655
@dbus_service_property(_interface,
1656
signature="t",
1278
@dbus_service_property(_interface, signature="t",
1657
1279
access="readwrite")
1658
1280
def ApprovalDelay_dbus_property(self, value=None):
1659
1281
if value is None: # get
1660
return dbus.UInt64(self.approval_delay.total_seconds()
1661
* 1000)
1282
return dbus.UInt64(self.approval_delay_milliseconds())
1662
1283
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1663
1284
1664
1285
# ApprovalDuration - property
1665
@dbus_service_property(_interface,
1666
signature="t",
1286
@dbus_service_property(_interface, signature="t",
1667
1287
access="readwrite")
1668
1288
def ApprovalDuration_dbus_property(self, value=None):
1669
1289
if value is None: # get
1670
return dbus.UInt64(self.approval_duration.total_seconds()
1671
* 1000)
1290
return dbus.UInt64(timedelta_to_milliseconds(
1291
self.approval_duration))
1672
1292
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1673
1293
1674
1294
# Name - property
1675
@dbus_annotations(
1676
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1677
1295
@dbus_service_property(_interface, signature="s", access="read")
1678
1296
def Name_dbus_property(self):
1679
1297
return dbus.String(self.name)
1680
1298
1681
1299
# Fingerprint - property
1682
@dbus_annotations(
1683
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1684
1300
@dbus_service_property(_interface, signature="s", access="read")
1685
1301
def Fingerprint_dbus_property(self):
1686
1302
return dbus.String(self.fingerprint)
1687
1303
1688
1304
# Host - property
1689
@dbus_service_property(_interface,
1690
signature="s",
1305
@dbus_service_property(_interface, signature="s",
1691
1306
access="readwrite")
1692
1307
def Host_dbus_property(self, value=None):
1693
1308
if value is None: # get
1694
1309
return dbus.String(self.host)
1695
self.host = str(value)
1310
self.host = unicode(value)
1696
1311
1697
1312
# Created - property
1698
@dbus_annotations(
1699
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1700
1313
@dbus_service_property(_interface, signature="s", access="read")
1701
1314
def Created_dbus_property(self):
1702
1315
return datetime_to_dbus(self.created)
1707
1320
return datetime_to_dbus(self.last_enabled)
1708
1321
1709
1322
# Enabled - property
1710
@dbus_service_property(_interface,
1711
signature="b",
1323
@dbus_service_property(_interface, signature="b",
1712
1324
access="readwrite")
1713
1325
def Enabled_dbus_property(self, value=None):
1714
1326
if value is None: # get
1719
1331
self.disable()
1720
1332
1721
1333
# LastCheckedOK - property
1722
@dbus_service_property(_interface,
1723
signature="s",
1334
@dbus_service_property(_interface, signature="s",
1724
1335
access="readwrite")
1725
1336
def LastCheckedOK_dbus_property(self, value=None):
1726
1337
if value is not None:
1728
1339
return
1729
1340
return datetime_to_dbus(self.last_checked_ok)
1730
1341
1731
# LastCheckerStatus - property
1732
@dbus_service_property(_interface, signature="n", access="read")
1733
def LastCheckerStatus_dbus_property(self):
1734
return dbus.Int16(self.last_checker_status)
1735
1736
1342
# Expires - property
1737
1343
@dbus_service_property(_interface, signature="s", access="read")
1738
1344
def Expires_dbus_property(self):
1744
1350
return datetime_to_dbus(self.last_approval_request)
1745
1351
1746
1352
# Timeout - property
1747
@dbus_service_property(_interface,
1748
signature="t",
1353
@dbus_service_property(_interface, signature="t",
1749
1354
access="readwrite")
1750
1355
def Timeout_dbus_property(self, value=None):
1751
1356
if value is None: # get
1752
return dbus.UInt64(self.timeout.total_seconds() * 1000)
1753
old_timeout = self.timeout
1357
return dbus.UInt64(self.timeout_milliseconds())
1754
1358
self.timeout = datetime.timedelta(0, 0, 0, value)
1755
# Reschedule disabling
1359
# Reschedule timeout
1756
1360
if self.enabled:
1757
1361
now = datetime.datetime.utcnow()
1758
self.expires += self.timeout - old_timeout
1759
if self.expires <= now:
1362
time_to_die = timedelta_to_milliseconds(
1363
(self.last_checked_ok + self.timeout) - now)
1364
if time_to_die <= 0:
1760
1365
# The timeout has passed
1761
1366
self.disable()
1762
1367
else:
1368
self.expires = (now +
1369
datetime.timedelta(milliseconds =
1370
time_to_die))
1763
1371
if (getattr(self, "disable_initiator_tag", None)
1764
1372
is None):
1765
1373
return
1766
1374
gobject.source_remove(self.disable_initiator_tag)
1767
self.disable_initiator_tag = gobject.timeout_add(
1768
int((self.expires - now).total_seconds() * 1000),
1769
self.disable)
1375
self.disable_initiator_tag = (gobject.timeout_add
1376
(time_to_die,
1377
self.disable))
1770
1378
1771
1379
# ExtendedTimeout - property
1772
@dbus_service_property(_interface,
1773
signature="t",
1380
@dbus_service_property(_interface, signature="t",
1774
1381
access="readwrite")
1775
1382
def ExtendedTimeout_dbus_property(self, value=None):
1776
1383
if value is None: # get
1777
return dbus.UInt64(self.extended_timeout.total_seconds()
1778
* 1000)
1384
return dbus.UInt64(self.extended_timeout_milliseconds())
1779
1385
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1780
1386
1781
1387
# Interval - property
1782
@dbus_service_property(_interface,
1783
signature="t",
1388
@dbus_service_property(_interface, signature="t",
1784
1389
access="readwrite")
1785
1390
def Interval_dbus_property(self, value=None):
1786
1391
if value is None: # get
1787
return dbus.UInt64(self.interval.total_seconds() * 1000)
1392
return dbus.UInt64(self.interval_milliseconds())
1788
1393
self.interval = datetime.timedelta(0, 0, 0, value)
1789
1394
if getattr(self, "checker_initiator_tag", None) is None:
1790
1395
return
1791
1396
if self.enabled:
1792
1397
# Reschedule checker run
1793
1398
gobject.source_remove(self.checker_initiator_tag)
1794
self.checker_initiator_tag = gobject.timeout_add(
1795
value, self.start_checker)
1796
self.start_checker() # Start one now, too
1399
self.checker_initiator_tag = (gobject.timeout_add
1400
(value, self.start_checker))
1401
self.start_checker() # Start one now, too
1797
1402
1798
1403
# Checker - property
1799
@dbus_service_property(_interface,
1800
signature="s",
1404
@dbus_service_property(_interface, signature="s",
1801
1405
access="readwrite")
1802
1406
def Checker_dbus_property(self, value=None):
1803
1407
if value is None: # get
1804
1408
return dbus.String(self.checker_command)
1805
self.checker_command = str(value)
1409
self.checker_command = unicode(value)
1806
1410
1807
1411
# CheckerRunning - property
1808
@dbus_service_property(_interface,
1809
signature="b",
1412
@dbus_service_property(_interface, signature="b",
1810
1413
access="readwrite")
1811
1414
def CheckerRunning_dbus_property(self, value=None):
1812
1415
if value is None: # get
1817
1420
self.stop_checker()
1818
1421
1819
1422
# ObjectPath - property
1820
@dbus_annotations(
1821
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const",
1822
"org.freedesktop.DBus.Deprecated": "true"})
1823
1423
@dbus_service_property(_interface, signature="o", access="read")
1824
1424
def ObjectPath_dbus_property(self):
1825
1425
return self.dbus_object_path # is already a dbus.ObjectPath
1826
1426
1827
1427
# Secret = property
1828
@dbus_annotations(
1829
{"org.freedesktop.DBus.Property.EmitsChangedSignal":
1830
"invalidates"})
1831
@dbus_service_property(_interface,
1832
signature="ay",
1833
access="write",
1834
byte_arrays=True)
1428
@dbus_service_property(_interface, signature="ay",
1429
access="write", byte_arrays=True)
1835
1430
def Secret_dbus_property(self, value):
1836
self.secret = bytes(value)
1431
self.secret = str(value)
1837
1432
1838
1433
del _interface
1839
1434
1843
1438
self._pipe = child_pipe
1844
1439
self._pipe.send(('init', fpr, address))
1845
1440
if not self._pipe.recv():
1846
raise KeyError(fpr)
1441
raise KeyError()
1847
1442
1848
1443
def __getattribute__(self, name):
1849
1444
if name == '_pipe':
1853
1448
if data[0] == 'data':
1854
1449
return data[1]
1855
1450
if data[0] == 'function':
1856
1857
1451
def func(*args, **kwargs):
1858
1452
self._pipe.send(('funcall', name, args, kwargs))
1859
1453
return self._pipe.recv()[1]
1860
1861
1454
return func
1862
1455
1863
1456
def __setattr__(self, name, value):
1866
1459
self._pipe.send(('setattr', name, value))
1867
1460
1868
1461
1462
class ClientDBusTransitional(ClientDBus):
1463
__metaclass__ = AlternateDBusNamesMetaclass
1464
1465
1869
1466
class ClientHandler(socketserver.BaseRequestHandler, object):
1870
1467
"""A class to handle client connections.
1871
1468
1875
1472
def handle(self):
1876
1473
with contextlib.closing(self.server.child_pipe) as child_pipe:
1877
1474
logger.info("TCP connection from: %s",
1878
str(self.client_address))
1475
unicode(self.client_address))
1879
1476
logger.debug("Pipe FD: %d",
1880
1477
self.server.child_pipe.fileno())
1881
1478
1882
session = gnutls.connection.ClientSession(
1883
self.request, gnutls.connection.X509Credentials())
1479
session = (gnutls.connection
1480
.ClientSession(self.request,
1481
gnutls.connection
1482
.X509Credentials()))
1884
1483
1885
1484
# Note: gnutls.connection.X509Credentials is really a
1886
1485
# generic GnuTLS certificate credentials object so long as
1895
1494
priority = self.server.gnutls_priority
1896
1495
if priority is None:
1897
1496
priority = "NORMAL"
1898
gnutls.library.functions.gnutls_priority_set_direct(
1899
session._c_object, priority, None)
1497
(gnutls.library.functions
1498
.gnutls_priority_set_direct(session._c_object,
1499
priority, None))
1900
1500
1901
1501
# Start communication using the Mandos protocol
1902
1502
# Get protocol number
1904
1504
logger.debug("Protocol version: %r", line)
1905
1505
try:
1906
1506
if int(line.strip().split()[0]) > 1:
1907
raise RuntimeError(line)
1507
raise RuntimeError
1908
1508
except (ValueError, IndexError, RuntimeError) as error:
1909
1509
logger.error("Unknown protocol version: %s", error)
1910
1510
return
1922
1522
approval_required = False
1923
1523
try:
1924
1524
try:
1925
fpr = self.fingerprint(
1926
self.peer_certificate(session))
1525
fpr = self.fingerprint(self.peer_certificate
1526
(session))
1927
1527
except (TypeError,
1928
1528
gnutls.errors.GNUTLSError) as error:
1929
1529
logger.warning("Bad certificate: %s", error)
1944
1544
while True:
1945
1545
if not client.enabled:
1946
1546
logger.info("Client %s is disabled",
1947
client.name)
1547
client.name)
1948
1548
if self.server.use_dbus:
1949
1549
# Emit D-Bus signal
1950
1550
client.Rejected("Disabled")
1959
1559
if self.server.use_dbus:
1960
1560
# Emit D-Bus signal
1961
1561
client.NeedApproval(
1962
client.approval_delay.total_seconds()
1963
* 1000, client.approved_by_default)
1562
client.approval_delay_milliseconds(),
1563
client.approved_by_default)
1964
1564
else:
1965
1565
logger.warning("Client %s was not approved",
1966
1566
client.name)
1972
1572
#wait until timeout or approved
1973
1573
time = datetime.datetime.now()
1974
1574
client.changedstate.acquire()
1975
client.changedstate.wait(delay.total_seconds())
1575
(client.changedstate.wait
1576
(float(client.timedelta_to_milliseconds(delay)
1577
/ 1000)))
1976
1578
client.changedstate.release()
1977
1579
time2 = datetime.datetime.now()
1978
1580
if (time2 - time) >= delay:
1994
1596
try:
1995
1597
sent = session.send(client.secret[sent_size:])
1996
1598
except gnutls.errors.GNUTLSError as error:
1997
logger.warning("gnutls send failed",
1998
exc_info=error)
1599
logger.warning("gnutls send failed")
1999
1600
return
2000
logger.debug("Sent: %d, remaining: %d", sent,
2001
len(client.secret) - (sent_size
2002
+ sent))
1601
logger.debug("Sent: %d, remaining: %d",
1602
sent, len(client.secret)
1603
- (sent_size + sent))
2003
1604
sent_size += sent
2004
1605
2005
1606
logger.info("Sending secret to %s", client.name)
2006
1607
# bump the timeout using extended_timeout
2007
client.bump_timeout(client.extended_timeout)
1608
client.checked_ok(client.extended_timeout)
2008
1609
if self.server.use_dbus:
2009
1610
# Emit D-Bus signal
2010
1611
client.GotSecret()
2015
1616
try:
2016
1617
session.bye()
2017
1618
except gnutls.errors.GNUTLSError as error:
2018
logger.warning("GnuTLS bye failed",
2019
exc_info=error)
1619
logger.warning("GnuTLS bye failed")
2020
1620
2021
1621
@staticmethod
2022
1622
def peer_certificate(session):
2023
1623
"Return the peer's OpenPGP certificate as a bytestring"
2024
1624
# If not an OpenPGP certificate...
2025
if (gnutls.library.functions.gnutls_certificate_type_get(
2026
session._c_object)
1625
if (gnutls.library.functions
1626
.gnutls_certificate_type_get(session._c_object)
2027
1627
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
2028
1628
# ...do the normal thing
2029
1629
return session.peer_certificate
2043
1643
def fingerprint(openpgp):
2044
1644
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
2045
1645
# New GnuTLS "datum" with the OpenPGP public key
2046
datum = gnutls.library.types.gnutls_datum_t(
2047
ctypes.cast(ctypes.c_char_p(openpgp),
2048
ctypes.POINTER(ctypes.c_ubyte)),
2049
ctypes.c_uint(len(openpgp)))
1646
datum = (gnutls.library.types
1647
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
1648
ctypes.POINTER
1649
(ctypes.c_ubyte)),
1650
ctypes.c_uint(len(openpgp))))
2050
1651
# New empty GnuTLS certificate
2051
1652
crt = gnutls.library.types.gnutls_openpgp_crt_t()
2052
gnutls.library.functions.gnutls_openpgp_crt_init(
2053
ctypes.byref(crt))
1653
(gnutls.library.functions
1654
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
2054
1655
# Import the OpenPGP public key into the certificate
2055
gnutls.library.functions.gnutls_openpgp_crt_import(
2056
crt, ctypes.byref(datum),
2057
gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)
1656
(gnutls.library.functions
1657
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
1658
gnutls.library.constants
1659
.GNUTLS_OPENPGP_FMT_RAW))
2058
1660
# Verify the self signature in the key
2059
1661
crtverify = ctypes.c_uint()
2060
gnutls.library.functions.gnutls_openpgp_crt_verify_self(
2061
crt, 0, ctypes.byref(crtverify))
1662
(gnutls.library.functions
1663
.gnutls_openpgp_crt_verify_self(crt, 0,
1664
ctypes.byref(crtverify)))
2062
1665
if crtverify.value != 0:
2063
1666
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
2064
raise gnutls.errors.CertificateSecurityError(
2065
"Verify failed")
1667
raise (gnutls.errors.CertificateSecurityError
1668
("Verify failed"))
2066
1669
# New buffer for the fingerprint
2067
1670
buf = ctypes.create_string_buffer(20)
2068
1671
buf_len = ctypes.c_size_t()
2069
1672
# Get the fingerprint from the certificate into the buffer
2070
gnutls.library.functions.gnutls_openpgp_crt_get_fingerprint(
2071
crt, ctypes.byref(buf), ctypes.byref(buf_len))
1673
(gnutls.library.functions
1674
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
1675
ctypes.byref(buf_len)))
2072
1676
# Deinit the certificate
2073
1677
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
2074
1678
# Convert the buffer to a Python bytestring
2080
1684
2081
1685
class MultiprocessingMixIn(object):
2082
1686
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
2083
2084
1687
def sub_process_main(self, request, address):
2085
1688
try:
2086
1689
self.finish_request(request, address)
2091
1694
def process_request(self, request, address):
2092
1695
"""Start a new process to process the request."""
2093
1696
proc = multiprocessing.Process(target = self.sub_process_main,
2094
args = (request, address))
1697
args = (request,
1698
address))
2095
1699
proc.start()
2096
1700
return proc
2097
1701
2098
1702
2099
1703
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
2100
1704
""" adds a pipe to the MixIn """
2101
2102
1705
def process_request(self, request, client_address):
2103
1706
"""Overrides and wraps the original process_request().
2104
1707
2113
1716
2114
1717
def add_pipe(self, parent_pipe, proc):
2115
1718
"""Dummy function; override as necessary"""
2116
raise NotImplementedError()
1719
raise NotImplementedError
2117
1720
2118
1721
2119
1722
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
2125
1728
interface: None or a network interface name (string)
2126
1729
use_ipv6: Boolean; to use IPv6 or not
2127
1730
"""
2128
2129
1731
def __init__(self, server_address, RequestHandlerClass,
2130
interface=None,
2131
use_ipv6=True,
2132
socketfd=None):
2133
"""If socketfd is set, use that file descriptor instead of
2134
creating a new one with socket.socket().
2135
"""
1732
interface=None, use_ipv6=True):
2136
1733
self.interface = interface
2137
1734
if use_ipv6:
2138
1735
self.address_family = socket.AF_INET6
2139
if socketfd is not None:
2140
# Save the file descriptor
2141
self.socketfd = socketfd
2142
# Save the original socket.socket() function
2143
self.socket_socket = socket.socket
2144
# To implement --socket, we monkey patch socket.socket.
2145
#
2146
# (When socketserver.TCPServer is a new-style class, we
2147
# could make self.socket into a property instead of monkey
2148
# patching socket.socket.)
2149
#
2150
# Create a one-time-only replacement for socket.socket()
2151
@functools.wraps(socket.socket)
2152
def socket_wrapper(*args, **kwargs):
2153
# Restore original function so subsequent calls are
2154
# not affected.
2155
socket.socket = self.socket_socket
2156
del self.socket_socket
2157
# This time only, return a new socket object from the
2158
# saved file descriptor.
2159
return socket.fromfd(self.socketfd, *args, **kwargs)
2160
# Replace socket.socket() function with wrapper
2161
socket.socket = socket_wrapper
2162
# The socketserver.TCPServer.__init__ will call
2163
# socket.socket(), which might be our replacement,
2164
# socket_wrapper(), if socketfd was set.
2165
1736
socketserver.TCPServer.__init__(self, server_address,
2166
1737
RequestHandlerClass)
2167
2168
1738
def server_bind(self):
2169
1739
"""This overrides the normal server_bind() function
2170
1740
to bind to an interface if one was specified, and also NOT to
2176
1746
self.interface)
2177
1747
else:
2178
1748
try:
2179
self.socket.setsockopt(
2180
socket.SOL_SOCKET, SO_BINDTODEVICE,
2181
(self.interface + "\0").encode("utf-8"))
1749
self.socket.setsockopt(socket.SOL_SOCKET,
1750
SO_BINDTODEVICE,
1751
str(self.interface
1752
+ '\0'))
2182
1753
except socket.error as error:
2183
if error.errno == errno.EPERM:
2184
logger.error("No permission to bind to"
2185
" interface %s", self.interface)
2186
elif error.errno == errno.ENOPROTOOPT:
1754
if error[0] == errno.EPERM:
1755
logger.error("No permission to"
1756
" bind to interface %s",
1757
self.interface)
1758
elif error[0] == errno.ENOPROTOOPT:
2187
1759
logger.error("SO_BINDTODEVICE not available;"
2188
1760
" cannot bind to interface %s",
2189
1761
self.interface)
2190
elif error.errno == errno.ENODEV:
2191
logger.error("Interface %s does not exist,"
2192
" cannot bind", self.interface)
2193
1762
else:
2194
1763
raise
2195
1764
# Only bind(2) the socket if we really need to.
2198
1767
if self.address_family == socket.AF_INET6:
2199
1768
any_address = "::" # in6addr_any
2200
1769
else:
2201
any_address = "0.0.0.0" # INADDR_ANY
1770
any_address = socket.INADDR_ANY
2202
1771
self.server_address = (any_address,
2203
1772
self.server_address[1])
2204
1773
elif not self.server_address[1]:
2205
self.server_address = (self.server_address[0], 0)
1774
self.server_address = (self.server_address[0],
1775
0)
2206
1776
# if self.interface:
2207
1777
# self.server_address = (self.server_address[0],
2208
1778
# 0, # port
2222
1792
2223
1793
Assumes a gobject.MainLoop event loop.
2224
1794
"""
2225
2226
1795
def __init__(self, server_address, RequestHandlerClass,
2227
interface=None,
2228
use_ipv6=True,
2229
clients=None,
2230
gnutls_priority=None,
2231
use_dbus=True,
2232
socketfd=None):
1796
interface=None, use_ipv6=True, clients=None,
1797
gnutls_priority=None, use_dbus=True):
2233
1798
self.enabled = False
2234
1799
self.clients = clients
2235
1800
if self.clients is None:
2239
1804
IPv6_TCPServer.__init__(self, server_address,
2240
1805
RequestHandlerClass,
2241
1806
interface = interface,
2242
use_ipv6 = use_ipv6,
2243
socketfd = socketfd)
2244
1807
use_ipv6 = use_ipv6)
2245
1808
def server_activate(self):
2246
1809
if self.enabled:
2247
1810
return socketserver.TCPServer.server_activate(self)
2251
1814
2252
1815
def add_pipe(self, parent_pipe, proc):
2253
1816
# Call "handle_ipc" for both data and EOF events
2254
gobject.io_add_watch(
2255
parent_pipe.fileno(),
2256
gobject.IO_IN | gobject.IO_HUP,
2257
functools.partial(self.handle_ipc,
2258
parent_pipe = parent_pipe,
2259
proc = proc))
1817
gobject.io_add_watch(parent_pipe.fileno(),
1818
gobject.IO_IN | gobject.IO_HUP,
1819
functools.partial(self.handle_ipc,
1820
parent_pipe =
1821
parent_pipe,
1822
proc = proc))
2260
1823
2261
def handle_ipc(self, source, condition,
2262
parent_pipe=None,
2263
proc = None,
2264
client_object=None):
1824
def handle_ipc(self, source, condition, parent_pipe=None,
1825
proc = None, client_object=None):
1826
condition_names = {
1827
gobject.IO_IN: "IN", # There is data to read.
1828
gobject.IO_OUT: "OUT", # Data can be written (without
1829
# blocking).
1830
gobject.IO_PRI: "PRI", # There is urgent data to read.
1831
gobject.IO_ERR: "ERR", # Error condition.
1832
gobject.IO_HUP: "HUP" # Hung up (the connection has been
1833
# broken, usually for pipes and
1834
# sockets).
1835
}
1836
conditions_string = ' | '.join(name
1837
for cond, name in
1838
condition_names.iteritems()
1839
if cond & condition)
2265
1840
# error, or the other end of multiprocessing.Pipe has closed
2266
if condition & (gobject.IO_ERR | gobject.IO_HUP):
1841
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
2267
1842
# Wait for other process to exit
2268
1843
proc.join()
2269
1844
return False
2290
1865
parent_pipe.send(False)
2291
1866
return False
2292
1867
2293
gobject.io_add_watch(
2294
parent_pipe.fileno(),
2295
gobject.IO_IN | gobject.IO_HUP,
2296
functools.partial(self.handle_ipc,
2297
parent_pipe = parent_pipe,
2298
proc = proc,
2299
client_object = client))
1868
gobject.io_add_watch(parent_pipe.fileno(),
1869
gobject.IO_IN | gobject.IO_HUP,
1870
functools.partial(self.handle_ipc,
1871
parent_pipe =
1872
parent_pipe,
1873
proc = proc,
1874
client_object =
1875
client))
2300
1876
parent_pipe.send(True)
2301
1877
# remove the old hook in favor of the new above hook on
2302
1878
# same fileno
2308
1884
2309
1885
parent_pipe.send(('data', getattr(client_object,
2310
1886
funcname)(*args,
2311
**kwargs)))
1887
**kwargs)))
2312
1888
2313
1889
if command == 'getattr':
2314
1890
attrname = request[1]
2315
if isinstance(client_object.__getattribute__(attrname),
2316
collections.Callable):
2317
parent_pipe.send(('function', ))
1891
if callable(client_object.__getattribute__(attrname)):
1892
parent_pipe.send(('function',))
2318
1893
else:
2319
parent_pipe.send((
2320
'data', client_object.__getattribute__(attrname)))
1894
parent_pipe.send(('data', client_object
1895
.__getattribute__(attrname)))
2321
1896
2322
1897
if command == 'setattr':
2323
1898
attrname = request[1]
2327
1902
return True
2328
1903
2329
1904
2330
def rfc3339_duration_to_delta(duration):
2331
"""Parse an RFC 3339 "duration" and return a datetime.timedelta
2332
2333
>>> rfc3339_duration_to_delta("P7D")
2334
datetime.timedelta(7)
2335
>>> rfc3339_duration_to_delta("PT60S")
2336
datetime.timedelta(0, 60)
2337
>>> rfc3339_duration_to_delta("PT60M")
2338
datetime.timedelta(0, 3600)
2339
>>> rfc3339_duration_to_delta("PT24H")
2340
datetime.timedelta(1)
2341
>>> rfc3339_duration_to_delta("P1W")
2342
datetime.timedelta(7)
2343
>>> rfc3339_duration_to_delta("PT5M30S")
2344
datetime.timedelta(0, 330)
2345
>>> rfc3339_duration_to_delta("P1DT3M20S")
2346
datetime.timedelta(1, 200)
2347
"""
2348
2349
# Parsing an RFC 3339 duration with regular expressions is not
2350
# possible - there would have to be multiple places for the same
2351
# values, like seconds. The current code, while more esoteric, is
2352
# cleaner without depending on a parsing library. If Python had a
2353
# built-in library for parsing we would use it, but we'd like to
2354
# avoid excessive use of external libraries.
2355
2356
# New type for defining tokens, syntax, and semantics all-in-one
2357
Token = collections.namedtuple("Token", (
2358
"regexp", # To match token; if "value" is not None, must have
2359
# a "group" containing digits
2360
"value", # datetime.timedelta or None
2361
"followers")) # Tokens valid after this token
2362
# RFC 3339 "duration" tokens, syntax, and semantics; taken from
2363
# the "duration" ABNF definition in RFC 3339, Appendix A.
2364
token_end = Token(re.compile(r"$"), None, frozenset())
2365
token_second = Token(re.compile(r"(\d+)S"),
2366
datetime.timedelta(seconds=1),
2367
frozenset((token_end, )))
2368
token_minute = Token(re.compile(r"(\d+)M"),
2369
datetime.timedelta(minutes=1),
2370
frozenset((token_second, token_end)))
2371
token_hour = Token(re.compile(r"(\d+)H"),
2372
datetime.timedelta(hours=1),
2373
frozenset((token_minute, token_end)))
2374
token_time = Token(re.compile(r"T"),
2375
None,
2376
frozenset((token_hour, token_minute,
2377
token_second)))
2378
token_day = Token(re.compile(r"(\d+)D"),
2379
datetime.timedelta(days=1),
2380
frozenset((token_time, token_end)))
2381
token_month = Token(re.compile(r"(\d+)M"),
2382
datetime.timedelta(weeks=4),
2383
frozenset((token_day, token_end)))
2384
token_year = Token(re.compile(r"(\d+)Y"),
2385
datetime.timedelta(weeks=52),
2386
frozenset((token_month, token_end)))
2387
token_week = Token(re.compile(r"(\d+)W"),
2388
datetime.timedelta(weeks=1),
2389
frozenset((token_end, )))
2390
token_duration = Token(re.compile(r"P"), None,
2391
frozenset((token_year, token_month,
2392
token_day, token_time,
2393
token_week)))
2394
# Define starting values
2395
value = datetime.timedelta() # Value so far
2396
found_token = None
2397
followers = frozenset((token_duration, )) # Following valid tokens
2398
s = duration # String left to parse
2399
# Loop until end token is found
2400
while found_token is not token_end:
2401
# Search for any currently valid tokens
2402
for token in followers:
2403
match = token.regexp.match(s)
2404
if match is not None:
2405
# Token found
2406
if token.value is not None:
2407
# Value found, parse digits
2408
factor = int(match.group(1), 10)
2409
# Add to value so far
2410
value += factor * token.value
2411
# Strip token from string
2412
s = token.regexp.sub("", s, 1)
2413
# Go to found token
2414
found_token = token
2415
# Set valid next tokens
2416
followers = found_token.followers
2417
break
2418
else:
2419
# No currently valid tokens were found
2420
raise ValueError("Invalid RFC 3339 duration: {!r}"
2421
.format(duration))
2422
# End token found
2423
return value
2424
2425
2426
1905
def string_to_delta(interval):
2427
1906
"""Parse a string and return a datetime.timedelta
2428
1907
2439
1918
>>> string_to_delta('5m 30s')
2440
1919
datetime.timedelta(0, 330)
2441
1920
"""
2442
2443
try:
2444
return rfc3339_duration_to_delta(interval)
2445
except ValueError:
2446
pass
2447
2448
1921
timevalue = datetime.timedelta(0)
2449
1922
for s in interval.split():
2450
1923
try:
2451
suffix = s[-1]
1924
suffix = unicode(s[-1])
2452
1925
value = int(s[:-1])
2453
1926
if suffix == "d":
2454
1927
delta = datetime.timedelta(value)
2461
1934
elif suffix == "w":
2462
1935
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
2463
1936
else:
2464
raise ValueError("Unknown suffix {!r}".format(suffix))
2465
except IndexError as e:
1937
raise ValueError("Unknown suffix %r" % suffix)
1938
except (ValueError, IndexError) as e:
2466
1939
raise ValueError(*(e.args))
2467
1940
timevalue += delta
2468
1941
return timevalue
2481
1954
sys.exit()
2482
1955
if not noclose:
2483
1956
# Close all standard open file descriptors
2484
null = os.open(os.devnull, os.O_NOCTTY | os.O_RDWR)
1957
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
2485
1958
if not stat.S_ISCHR(os.fstat(null).st_mode):
2486
1959
raise OSError(errno.ENODEV,
2487
"{} not a character device"
2488
.format(os.devnull))
1960
"%s not a character device"
1961
% os.path.devnull)
2489
1962
os.dup2(null, sys.stdin.fileno())
2490
1963
os.dup2(null, sys.stdout.fileno())
2491
1964
os.dup2(null, sys.stderr.fileno())
2500
1973
2501
1974
parser = argparse.ArgumentParser()
2502
1975
parser.add_argument("-v", "--version", action="version",
2503
version = "%(prog)s {}".format(version),
1976
version = "%%(prog)s %s" % version,
2504
1977
help="show version number and exit")
2505
1978
parser.add_argument("-i", "--interface", metavar="IF",
2506
1979
help="Bind to interface IF")
2512
1985
help="Run self-test")
2513
1986
parser.add_argument("--debug", action="store_true",
2514
1987
help="Debug mode; run in foreground and log"
2515
" to terminal", default=None)
1988
" to terminal")
2516
1989
parser.add_argument("--debuglevel", metavar="LEVEL",
2517
1990
help="Debug level for stdout output")
2518
1991
parser.add_argument("--priority", help="GnuTLS"
2525
1998
" files")
2526
1999
parser.add_argument("--no-dbus", action="store_false",
2527
2000
dest="use_dbus", help="Do not provide D-Bus"
2528
" system bus interface", default=None)
2001
" system bus interface")
2529
2002
parser.add_argument("--no-ipv6", action="store_false",
2530
dest="use_ipv6", help="Do not use IPv6",
2531
default=None)
2003
dest="use_ipv6", help="Do not use IPv6")
2532
2004
parser.add_argument("--no-restore", action="store_false",
2533
2005
dest="restore", help="Do not restore stored"
2534
" state", default=None)
2535
parser.add_argument("--socket", type=int,
2536
help="Specify a file descriptor to a network"
2537
" socket to use instead of creating one")
2006
" state")
2538
2007
parser.add_argument("--statedir", metavar="DIR",
2539
2008
help="Directory to save/restore state in")
2540
parser.add_argument("--foreground", action="store_true",
2541
help="Run in foreground", default=None)
2542
parser.add_argument("--no-zeroconf", action="store_false",
2543
dest="zeroconf", help="Do not use Zeroconf",
2544
default=None)
2545
2009
2546
2010
options = parser.parse_args()
2547
2011
2548
2012
if options.check:
2549
2013
import doctest
2550
fail_count, test_count = doctest.testmod()
2551
sys.exit(os.EX_OK if fail_count == 0 else 1)
2014
doctest.testmod()
2015
sys.exit()
2552
2016
2553
2017
# Default values for config file for server-global settings
2554
2018
server_defaults = { "interface": "",
2556
2020
"port": "",
2557
2021
"debug": "False",
2558
2022
"priority":
2559
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA"
2560
":+SIGN-DSA-SHA256",
2023
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
2561
2024
"servicename": "Mandos",
2562
2025
"use_dbus": "True",
2563
2026
"use_ipv6": "True",
2564
2027
"debuglevel": "",
2565
2028
"restore": "True",
2566
"socket": "",
2567
"statedir": "/var/lib/mandos",
2568
"foreground": "False",
2569
"zeroconf": "True",
2570
}
2029
"statedir": "/var/lib/mandos"
2030
}
2571
2031
2572
2032
# Parse config file for server-global settings
2573
2033
server_config = configparser.SafeConfigParser(server_defaults)
2574
2034
del server_defaults
2575
server_config.read(os.path.join(options.configdir, "mandos.conf"))
2035
server_config.read(os.path.join(options.configdir,
2036
"mandos.conf"))
2576
2037
# Convert the SafeConfigParser object to a dict
2577
2038
server_settings = server_config.defaults()
2578
2039
# Use the appropriate methods on the non-string config options
2579
for option in ("debug", "use_dbus", "use_ipv6", "foreground"):
2040
for option in ("debug", "use_dbus", "use_ipv6"):
2580
2041
server_settings[option] = server_config.getboolean("DEFAULT",
2581
2042
option)
2582
2043
if server_settings["port"]:
2583
2044
server_settings["port"] = server_config.getint("DEFAULT",
2584
2045
"port")
2585
if server_settings["socket"]:
2586
server_settings["socket"] = server_config.getint("DEFAULT",
2587
"socket")
2588
# Later, stdin will, and stdout and stderr might, be dup'ed
2589
# over with an opened os.devnull. But we don't want this to
2590
# happen with a supplied network socket.
2591
if 0 <= server_settings["socket"] <= 2:
2592
server_settings["socket"] = os.dup(server_settings
2593
["socket"])
2594
2046
del server_config
2595
2047
2596
2048
# Override the settings from the config file with command line
2597
2049
# options, if set.
2598
2050
for option in ("interface", "address", "port", "debug",
2599
"priority", "servicename", "configdir", "use_dbus",
2600
"use_ipv6", "debuglevel", "restore", "statedir",
2601
"socket", "foreground", "zeroconf"):
2051
"priority", "servicename", "configdir",
2052
"use_dbus", "use_ipv6", "debuglevel", "restore",
2053
"statedir"):
2602
2054
value = getattr(options, option)
2603
2055
if value is not None:
2604
2056
server_settings[option] = value
2605
2057
del options
2606
2058
# Force all strings to be unicode
2607
2059
for option in server_settings.keys():
2608
if isinstance(server_settings[option], bytes):
2609
server_settings[option] = (server_settings[option]
2610
.decode("utf-8"))
2611
# Force all boolean options to be boolean
2612
for option in ("debug", "use_dbus", "use_ipv6", "restore",
2613
"foreground", "zeroconf"):
2614
server_settings[option] = bool(server_settings[option])
2615
# Debug implies foreground
2616
if server_settings["debug"]:
2617
server_settings["foreground"] = True
2060
if type(server_settings[option]) is str:
2061
server_settings[option] = unicode(server_settings[option])
2618
2062
# Now we have our good server settings in "server_settings"
2619
2063
2620
2064
##################################################################
2621
2065
2622
if (not server_settings["zeroconf"]
2623
and not (server_settings["port"]
2624
or server_settings["socket"] != "")):
2625
parser.error("Needs port or socket to work without Zeroconf")
2626
2627
2066
# For convenience
2628
2067
debug = server_settings["debug"]
2629
2068
debuglevel = server_settings["debuglevel"]
2631
2070
use_ipv6 = server_settings["use_ipv6"]
2632
2071
stored_state_path = os.path.join(server_settings["statedir"],
2633
2072
stored_state_file)
2634
foreground = server_settings["foreground"]
2635
zeroconf = server_settings["zeroconf"]
2636
2073
2637
2074
if debug:
2638
2075
initlogger(debug, logging.DEBUG)
2644
2081
initlogger(debug, level)
2645
2082
2646
2083
if server_settings["servicename"] != "Mandos":
2647
syslogger.setFormatter(
2648
logging.Formatter('Mandos ({}) [%(process)d]:'
2649
' %(levelname)s: %(message)s'.format(
2650
server_settings["servicename"])))
2084
syslogger.setFormatter(logging.Formatter
2085
('Mandos (%s) [%%(process)d]:'
2086
' %%(levelname)s: %%(message)s'
2087
% server_settings["servicename"]))
2651
2088
2652
2089
# Parse config file with clients
2653
2090
client_config = configparser.SafeConfigParser(Client
2658
2095
global mandos_dbus_service
2659
2096
mandos_dbus_service = None
2660
2097
2661
socketfd = None
2662
if server_settings["socket"] != "":
2663
socketfd = server_settings["socket"]
2664
tcp_server = MandosServer(
2665
(server_settings["address"], server_settings["port"]),
2666
ClientHandler,
2667
interface=(server_settings["interface"] or None),
2668
use_ipv6=use_ipv6,
2669
gnutls_priority=server_settings["priority"],
2670
use_dbus=use_dbus,
2671
socketfd=socketfd)
2672
if not foreground:
2673
pidfilename = "/run/mandos.pid"
2674
if not os.path.isdir("/run/."):
2675
pidfilename = "/var/run/mandos.pid"
2676
pidfile = None
2098
tcp_server = MandosServer((server_settings["address"],
2099
server_settings["port"]),
2100
ClientHandler,
2101
interface=(server_settings["interface"]
2102
or None),
2103
use_ipv6=use_ipv6,
2104
gnutls_priority=
2105
server_settings["priority"],
2106
use_dbus=use_dbus)
2107
if not debug:
2108
pidfilename = "/var/run/mandos.pid"
2677
2109
try:
2678
pidfile = codecs.open(pidfilename, "w", encoding="utf-8")
2679
except IOError as e:
2680
logger.error("Could not open file %r", pidfilename,
2681
exc_info=e)
2110
pidfile = open(pidfilename, "w")
2111
except IOError:
2112
logger.error("Could not open file %r", pidfilename)
2682
2113
2683
for name in ("_mandos", "mandos", "nobody"):
2114
try:
2115
uid = pwd.getpwnam("_mandos").pw_uid
2116
gid = pwd.getpwnam("_mandos").pw_gid
2117
except KeyError:
2684
2118
try:
2685
uid = pwd.getpwnam(name).pw_uid
2686
gid = pwd.getpwnam(name).pw_gid
2687
break
2119
uid = pwd.getpwnam("mandos").pw_uid
2120
gid = pwd.getpwnam("mandos").pw_gid
2688
2121
except KeyError:
2689
continue
2690
else:
2691
uid = 65534
2692
gid = 65534
2122
try:
2123
uid = pwd.getpwnam("nobody").pw_uid
2124
gid = pwd.getpwnam("nobody").pw_gid
2125
except KeyError:
2126
uid = 65534
2127
gid = 65534
2693
2128
try:
2694
2129
os.setgid(gid)
2695
2130
os.setuid(uid)
2696
2131
except OSError as error:
2697
if error.errno != errno.EPERM:
2698
raise
2132
if error[0] != errno.EPERM:
2133
raise error
2699
2134
2700
2135
if debug:
2701
2136
# Enable all possible GnuTLS debugging
2708
2143
def debug_gnutls(level, string):
2709
2144
logger.debug("GnuTLS: %s", string[:-1])
2710
2145
2711
gnutls.library.functions.gnutls_global_set_log_function(
2712
debug_gnutls)
2146
(gnutls.library.functions
2147
.gnutls_global_set_log_function(debug_gnutls))
2713
2148
2714
2149
# Redirect stdin so all checkers get /dev/null
2715
null = os.open(os.devnull, os.O_NOCTTY | os.O_RDWR)
2150
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
2716
2151
os.dup2(null, sys.stdin.fileno())
2717
2152
if null > 2:
2718
2153
os.close(null)
2719
2154
2720
2155
# Need to fork before connecting to D-Bus
2721
if not foreground:
2156
if not debug:
2722
2157
# Close all input and output, do double fork, etc.
2723
2158
daemon()
2724
2159
2725
# multiprocessing will use threads, so before we use gobject we
2726
# need to inform gobject that threads will be used.
2727
2160
gobject.threads_init()
2728
2161
2729
2162
global main_loop
2730
2163
# From the Avahi example code
2731
DBusGMainLoop(set_as_default=True)
2164
DBusGMainLoop(set_as_default=True )
2732
2165
main_loop = gobject.MainLoop()
2733
2166
bus = dbus.SystemBus()
2734
2167
# End of Avahi example code
2735
2168
if use_dbus:
2736
2169
try:
2737
2170
bus_name = dbus.service.BusName("se.recompile.Mandos",
2738
bus,
2739
do_not_queue=True)
2740
old_bus_name = dbus.service.BusName(
2741
"se.bsnet.fukt.Mandos", bus,
2742
do_not_queue=True)
2743
except dbus.exceptions.DBusException as e:
2744
logger.error("Disabling D-Bus:", exc_info=e)
2171
bus, do_not_queue=True)
2172
old_bus_name = (dbus.service.BusName
2173
("se.bsnet.fukt.Mandos", bus,
2174
do_not_queue=True))
2175
except dbus.exceptions.NameExistsException as e:
2176
logger.error(unicode(e) + ", disabling D-Bus")
2745
2177
use_dbus = False
2746
2178
server_settings["use_dbus"] = False
2747
2179
tcp_server.use_dbus = False
2748
if zeroconf:
2749
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2750
service = AvahiServiceToSyslog(
2751
name = server_settings["servicename"],
2752
servicetype = "_mandos._tcp",
2753
protocol = protocol,
2754
bus = bus)
2755
if server_settings["interface"]:
2756
service.interface = if_nametoindex(
2757
server_settings["interface"].encode("utf-8"))
2180
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2181
service = AvahiServiceToSyslog(name =
2182
server_settings["servicename"],
2183
servicetype = "_mandos._tcp",
2184
protocol = protocol, bus = bus)
2185
if server_settings["interface"]:
2186
service.interface = (if_nametoindex
2187
(str(server_settings["interface"])))
2758
2188
2759
2189
global multiprocessing_manager
2760
2190
multiprocessing_manager = multiprocessing.Manager()
2761
2191
2762
2192
client_class = Client
2763
2193
if use_dbus:
2764
client_class = functools.partial(ClientDBus, bus = bus)
2194
client_class = functools.partial(ClientDBusTransitional,
2195
bus = bus)
2765
2196
2766
2197
client_settings = Client.config_parser(client_config)
2767
2198
old_client_settings = {}
2768
2199
clients_data = {}
2769
2200
2770
# This is used to redirect stdout and stderr for checker processes
2771
global wnull
2772
wnull = open(os.devnull, "w") # A writable /dev/null
2773
# Only used if server is running in foreground but not in debug
2774
# mode
2775
if debug or not foreground:
2776
wnull.close()
2777
2778
2201
# Get client data and settings from last running state.
2779
2202
if server_settings["restore"]:
2780
2203
try:
2781
2204
with open(stored_state_path, "rb") as stored_state:
2782
clients_data, old_client_settings = pickle.load(
2783
stored_state)
2205
clients_data, old_client_settings = (pickle.load
2206
(stored_state))
2784
2207
os.remove(stored_state_path)
2785
2208
except IOError as e:
2786
if e.errno == errno.ENOENT:
2787
logger.warning("Could not load persistent state:"
2788
" {}".format(os.strerror(e.errno)))
2789
else:
2790
logger.critical("Could not load persistent state:",
2791
exc_info=e)
2209
logger.warning("Could not load persistent state: {0}"
2210
.format(e))
2211
if e.errno != errno.ENOENT:
2792
2212
raise
2793
2213
except EOFError as e:
2794
2214
logger.warning("Could not load persistent state: "
2795
"EOFError:",
2796
exc_info=e)
2215
"EOFError: {0}".format(e))
2797
2216
2798
2217
with PGPEngine() as pgp:
2799
for client_name, client in clients_data.items():
2800
# Skip removed clients
2801
if client_name not in client_settings:
2802
continue
2803
2218
for client_name, client in clients_data.iteritems():
2804
2219
# Decide which value to use after restoring saved state.
2805
2220
# We have three different values: Old config file,
2806
2221
# new config file, and saved state.
2811
2226
# For each value in new config, check if it
2812
2227
# differs from the old config value (Except for
2813
2228
# the "secret" attribute)
2814
if (name != "secret"
2815
and (value !=
2816
old_client_settings[client_name][name])):
2229
if (name != "secret" and
2230
value != old_client_settings[client_name]
2231
[name]):
2817
2232
client[name] = value
2818
2233
except KeyError:
2819
2234
pass
2820
2235
2821
2236
# Clients who has passed its expire date can still be
2822
# enabled if its last checker was successful. A Client
2237
# enabled if its last checker was successful. Clients
2823
2238
# whose checker succeeded before we stored its state is
2824
2239
# assumed to have successfully run all checkers during
2825
2240
# downtime.
2827
2242
if datetime.datetime.utcnow() >= client["expires"]:
2828
2243
if not client["last_checked_ok"]:
2829
2244
logger.warning(
2830
"disabling client {} - Client never "
2831
"performed a successful checker".format(
2832
client_name))
2245
"disabling client {0} - Client never "
2246
"performed a successful checker"
2247
.format(client_name))
2833
2248
client["enabled"] = False
2834
2249
elif client["last_checker_status"] != 0:
2835
2250
logger.warning(
2836
"disabling client {} - Client last"
2837
" checker failed with error code"
2838
" {}".format(
2839
client_name,
2840
client["last_checker_status"]))
2251
"disabling client {0} - Client "
2252
"last checker failed with error code {1}"
2253
.format(client_name,
2254
client["last_checker_status"]))
2841
2255
client["enabled"] = False
2842
2256
else:
2843
client["expires"] = (
2844
datetime.datetime.utcnow()
2845
+ client["timeout"])
2257
client["expires"] = (datetime.datetime
2258
.utcnow()
2259
+ client["timeout"])
2846
2260
logger.debug("Last checker succeeded,"
2847
" keeping {} enabled".format(
2848
client_name))
2261
" keeping {0} enabled"
2262
.format(client_name))
2849
2263
try:
2850
client["secret"] = pgp.decrypt(
2851
client["encrypted_secret"],
2852
client_settings[client_name]["secret"])
2264
client["secret"] = (
2265
pgp.decrypt(client["encrypted_secret"],
2266
client_settings[client_name]
2267
["secret"]))
2853
2268
except PGPError:
2854
2269
# If decryption fails, we use secret from new settings
2855
logger.debug("Failed to decrypt {} old secret".format(
2856
client_name))
2857
client["secret"] = (client_settings[client_name]
2858
["secret"])
2270
logger.debug("Failed to decrypt {0} old secret"
2271
.format(client_name))
2272
client["secret"] = (
2273
client_settings[client_name]["secret"])
2274
2859
2275
2860
2276
# Add/remove clients based on new changes made to config
2861
2277
for client_name in (set(old_client_settings)
2864
2280
for client_name in (set(client_settings)
2865
2281
- set(old_client_settings)):
2866
2282
clients_data[client_name] = client_settings[client_name]
2867
2283
2868
2284
# Create all client objects
2869
for client_name, client in clients_data.items():
2285
for client_name, client in clients_data.iteritems():
2870
2286
tcp_server.clients[client_name] = client_class(
2871
name = client_name,
2872
settings = client,
2873
server_settings = server_settings)
2287
name = client_name, settings = client)
2874
2288
2875
2289
if not tcp_server.clients:
2876
2290
logger.warning("No clients defined")
2877
2878
if not foreground:
2879
if pidfile is not None:
2880
pid = os.getpid()
2881
try:
2882
with pidfile:
2883
print(pid, file=pidfile)
2884
except IOError:
2885
logger.error("Could not write to file %r with PID %d",
2886
pidfilename, pid)
2887
del pidfile
2291
2292
if not debug:
2293
try:
2294
with pidfile:
2295
pid = os.getpid()
2296
pidfile.write(str(pid) + "\n".encode("utf-8"))
2297
del pidfile
2298
except IOError:
2299
logger.error("Could not write to file %r with PID %d",
2300
pidfilename, pid)
2301
except NameError:
2302
# "pidfile" was never created
2303
pass
2888
2304
del pidfilename
2305
signal.signal(signal.SIGINT, signal.SIG_IGN)
2889
2306
2890
2307
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
2891
2308
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
2892
2309
2893
2310
if use_dbus:
2894
2895
@alternate_dbus_interfaces(
2896
{ "se.recompile.Mandos": "se.bsnet.fukt.Mandos" })
2897
class MandosDBusService(DBusObjectWithObjectManager):
2311
class MandosDBusService(dbus.service.Object):
2898
2312
"""A D-Bus proxy object"""
2899
2900
2313
def __init__(self):
2901
2314
dbus.service.Object.__init__(self, bus, "/")
2902
2903
2315
_interface = "se.recompile.Mandos"
2904
2316
2905
2317
@dbus.service.signal(_interface, signature="o")
2912
2324
"D-Bus signal"
2913
2325
pass
2914
2326
2915
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
2916
"true"})
2917
2327
@dbus.service.signal(_interface, signature="os")
2918
2328
def ClientRemoved(self, objpath, name):
2919
2329
"D-Bus signal"
2920
2330
pass
2921
2331
2922
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
2923
"true"})
2924
2332
@dbus.service.method(_interface, out_signature="ao")
2925
2333
def GetAllClients(self):
2926
2334
"D-Bus method"
2927
return dbus.Array(c.dbus_object_path for c in
2335
return dbus.Array(c.dbus_object_path
2336
for c in
2928
2337
tcp_server.clients.itervalues())
2929
2338
2930
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
2931
"true"})
2932
2339
@dbus.service.method(_interface,
2933
2340
out_signature="a{oa{sv}}")
2934
2341
def GetAllClientsWithProperties(self):
2935
2342
"D-Bus method"
2936
2343
return dbus.Dictionary(
2937
{ c.dbus_object_path: c.GetAll(
2938
"se.recompile.Mandos.Client")
2939
for c in tcp_server.clients.itervalues() },
2344
((c.dbus_object_path, c.GetAll(""))
2345
for c in tcp_server.clients.itervalues()),
2940
2346
signature="oa{sv}")
2941
2347
2942
2348
@dbus.service.method(_interface, in_signature="o")
2946
2352
if c.dbus_object_path == object_path:
2947
2353
del tcp_server.clients[c.name]
2948
2354
c.remove_from_connection()
2949
# Don't signal the disabling
2355
# Don't signal anything except ClientRemoved
2950
2356
c.disable(quiet=True)
2951
# Emit D-Bus signal for removal
2952
self.client_removed_signal(c)
2357
# Emit D-Bus signal
2358
self.ClientRemoved(object_path, c.name)
2953
2359
return
2954
2360
raise KeyError(object_path)
2955
2361
2956
2362
del _interface
2957
2958
@dbus.service.method(dbus.OBJECT_MANAGER_IFACE,
2959
out_signature = "a{oa{sa{sv}}}")
2960
def GetManagedObjects(self):
2961
"""D-Bus method"""
2962
return dbus.Dictionary(
2963
{ client.dbus_object_path:
2964
dbus.Dictionary(
2965
{ interface: client.GetAll(interface)
2966
for interface in
2967
client._get_all_interface_names()})
2968
for client in tcp_server.clients.values()})
2969
2970
def client_added_signal(self, client):
2971
"""Send the new standard signal and the old signal"""
2972
if use_dbus:
2973
# New standard signal
2974
self.InterfacesAdded(
2975
client.dbus_object_path,
2976
dbus.Dictionary(
2977
{ interface: client.GetAll(interface)
2978
for interface in
2979
client._get_all_interface_names()}))
2980
# Old signal
2981
self.ClientAdded(client.dbus_object_path)
2982
2983
def client_removed_signal(self, client):
2984
"""Send the new standard signal and the old signal"""
2985
if use_dbus:
2986
# New standard signal
2987
self.InterfacesRemoved(
2988
client.dbus_object_path,
2989
client._get_all_interface_names())
2990
# Old signal
2991
self.ClientRemoved(client.dbus_object_path,
2992
client.name)
2993
2363
2994
mandos_dbus_service = MandosDBusService()
2364
class MandosDBusServiceTransitional(MandosDBusService):
2365
__metaclass__ = AlternateDBusNamesMetaclass
2366
mandos_dbus_service = MandosDBusServiceTransitional()
2995
2367
2996
2368
def cleanup():
2997
2369
"Cleanup function; run on exit"
2998
if zeroconf:
2999
service.cleanup()
2370
service.cleanup()
3000
2371
3001
2372
multiprocessing.active_children()
3002
wnull.close()
3003
2373
if not (tcp_server.clients or client_settings):
3004
2374
return
3005
2375
3016
2386
3017
2387
# A list of attributes that can not be pickled
3018
2388
# + secret.
3019
exclude = { "bus", "changedstate", "secret",
3020
"checker", "server_settings" }
3021
for name, typ in inspect.getmembers(dbus.service
3022
.Object):
2389
exclude = set(("bus", "changedstate", "secret",
2390
"checker"))
2391
for name, typ in (inspect.getmembers
2392
(dbus.service.Object)):
3023
2393
exclude.add(name)
3024
2394
3025
2395
client_dict["encrypted_secret"] = (client
3032
2402
del client_settings[client.name]["secret"]
3033
2403
3034
2404
try:
3035
with tempfile.NamedTemporaryFile(
3036
mode='wb',
3037
suffix=".pickle",
3038
prefix='clients-',
3039
dir=os.path.dirname(stored_state_path),
3040
delete=False) as stored_state:
2405
tempfd, tempname = tempfile.mkstemp(suffix=".pickle",
2406
prefix="clients-",
2407
dir=os.path.dirname
2408
(stored_state_path))
2409
with os.fdopen(tempfd, "wb") as stored_state:
3041
2410
pickle.dump((clients, client_settings), stored_state)
3042
tempname = stored_state.name
3043
2411
os.rename(tempname, stored_state_path)
3044
2412
except (IOError, OSError) as e:
2413
logger.warning("Could not save persistent state: {0}"
2414
.format(e))
3045
2415
if not debug:
3046
2416
try:
3047
2417
os.remove(tempname)
3048
2418
except NameError:
3049
2419
pass
3050
if e.errno in (errno.ENOENT, errno.EACCES, errno.EEXIST):
3051
logger.warning("Could not save persistent state: {}"
3052
.format(os.strerror(e.errno)))
3053
else:
3054
logger.warning("Could not save persistent state:",
3055
exc_info=e)
3056
raise
2420
if e.errno not in set((errno.ENOENT, errno.EACCES,
2421
errno.EEXIST)):
2422
raise e
3057
2423
3058
2424
# Delete all clients, and settings from config
3059
2425
while tcp_server.clients:
3060
2426
name, client = tcp_server.clients.popitem()
3061
2427
if use_dbus:
3062
2428
client.remove_from_connection()
3063
# Don't signal the disabling
2429
# Don't signal anything except ClientRemoved
3064
2430
client.disable(quiet=True)
3065
# Emit D-Bus signal for removal
3066
2431
if use_dbus:
3067
mandos_dbus_service.client_removed_signal(client)
2432
# Emit D-Bus signal
2433
mandos_dbus_service.ClientRemoved(client
2434
.dbus_object_path,
2435
client.name)
3068
2436
client_settings.clear()
3069
2437
3070
2438
atexit.register(cleanup)
3071
2439
3072
2440
for client in tcp_server.clients.itervalues():
3073
2441
if use_dbus:
3074
# Emit D-Bus signal for adding
3075
mandos_dbus_service.client_added_signal(client)
2442
# Emit D-Bus signal
2443
mandos_dbus_service.ClientAdded(client.dbus_object_path)
3076
2444
# Need to initiate checking of clients
3077
2445
if client.enabled:
3078
2446
client.init_checker()
3081
2449
tcp_server.server_activate()
3082
2450
3083
2451
# Find out what port we got
3084
if zeroconf:
3085
service.port = tcp_server.socket.getsockname()[1]
2452
service.port = tcp_server.socket.getsockname()[1]
3086
2453
if use_ipv6:
3087
2454
logger.info("Now listening on address %r, port %d,"
3088
" flowinfo %d, scope_id %d",
3089
*tcp_server.socket.getsockname())
2455
" flowinfo %d, scope_id %d"
2456
% tcp_server.socket.getsockname())
3090
2457
else: # IPv4
3091
logger.info("Now listening on address %r, port %d",
3092
*tcp_server.socket.getsockname())
2458
logger.info("Now listening on address %r, port %d"
2459
% tcp_server.socket.getsockname())
3093
2460
3094
2461
#service.interface = tcp_server.socket.getsockname()[3]
3095
2462
3096
2463
try:
3097
if zeroconf:
3098
# From the Avahi example code
3099
try:
3100
service.activate()
3101
except dbus.exceptions.DBusException as error:
3102
logger.critical("D-Bus Exception", exc_info=error)
3103
cleanup()
3104
sys.exit(1)
3105
# End of Avahi example code
2464
# From the Avahi example code
2465
try:
2466
service.activate()
2467
except dbus.exceptions.DBusException as error:
2468
logger.critical("DBusException: %s", error)
2469
cleanup()
2470
sys.exit(1)
2471
# End of Avahi example code
3106
2472
3107
2473
gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,
3108
2474
lambda *args, **kwargs:
3112
2478
logger.debug("Starting main loop")
3113
2479
main_loop.run()
3114
2480
except AvahiError as error:
3115
logger.critical("Avahi Error", exc_info=error)
2481
logger.critical("AvahiError: %s", error)
3116
2482
cleanup()
3117
2483
sys.exit(1)
3118
2484
except KeyboardInterrupt:
3123
2489
# Must run before the D-Bus bus name gets deregistered
3124
2490
cleanup()
3125
2491
3126
3127
2492
if __name__ == '__main__':
3128
2493
main()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0