To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 302
- compare with another revision
- download diff
- download tarball
- view history from revision 302
- Committer: Teddy Hogeborn
- Date: 2012-06-17 22:26:40 UTC
- mfrom: (301.1.1 release)
- Revision ID: teddy@recompile.se-20120617222640-49scfn0husnrr5bi
Tags: version-1.6.0-1
* Makefile (version): Changed to "1.6.0".
* NEWS (Version 1.6.0): New entry.
* debian/changelog (1.6.0-1): - '' -
* NEWS (Version 1.6.0): New entry.
* debian/changelog (1.6.0-1): - '' -
- files removed:
- initramfs-unpack
- files modified:
- INSTALL
added
removed
mandos
11
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008-2013 Teddy Hogeborn
15
# Copyright © 2008-2013 Björn Påhlsson
14
# Copyright © 2008-2012 Teddy Hogeborn
15
# Copyright © 2008-2012 Björn Påhlsson
16
16
#
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
68
68
import binascii
69
69
import tempfile
70
70
import itertools
71
import collections
72
71
73
72
import dbus
74
73
import dbus.service
79
78
import ctypes.util
80
79
import xml.dom.minidom
81
80
import inspect
81
import GnuPGInterface
82
82
83
83
try:
84
84
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
88
88
except ImportError:
89
89
SO_BINDTODEVICE = None
90
90
91
version = "1.6.2"
91
version = "1.6.0"
92
92
stored_state_file = "clients.pickle"
93
93
94
94
logger = logging.getLogger()
139
139
class PGPEngine(object):
140
140
"""A simple class for OpenPGP symmetric encryption & decryption"""
141
141
def __init__(self):
142
self.gnupg = GnuPGInterface.GnuPG()
142
143
self.tempdir = tempfile.mkdtemp(prefix="mandos-")
143
self.gnupgargs = ['--batch',
144
'--home', self.tempdir,
145
'--force-mdc',
146
'--quiet',
147
'--no-use-agent']
144
self.gnupg = GnuPGInterface.GnuPG()
145
self.gnupg.options.meta_interactive = False
146
self.gnupg.options.homedir = self.tempdir
147
self.gnupg.options.extra_args.extend(['--force-mdc',
148
'--quiet',
149
'--no-use-agent'])
148
150
149
151
def __enter__(self):
150
152
return self
172
174
def password_encode(self, password):
173
175
# Passphrase can not be empty and can not contain newlines or
174
176
# NUL bytes. So we prefix it and hex encode it.
175
encoded = b"mandos" + binascii.hexlify(password)
176
if len(encoded) > 2048:
177
# GnuPG can't handle long passwords, so encode differently
178
encoded = (b"mandos" + password.replace(b"\\", b"\\\\")
179
.replace(b"\n", b"\\n")
180
.replace(b"\0", b"\\x00"))
181
return encoded
177
return b"mandos" + binascii.hexlify(password)
182
178
183
179
def encrypt(self, data, password):
184
passphrase = self.password_encode(password)
185
with tempfile.NamedTemporaryFile(dir=self.tempdir
186
) as passfile:
187
passfile.write(passphrase)
188
passfile.flush()
189
proc = subprocess.Popen(['gpg', '--symmetric',
190
'--passphrase-file',
191
passfile.name]
192
+ self.gnupgargs,
193
stdin = subprocess.PIPE,
194
stdout = subprocess.PIPE,
195
stderr = subprocess.PIPE)
196
ciphertext, err = proc.communicate(input = data)
197
if proc.returncode != 0:
198
raise PGPError(err)
180
self.gnupg.passphrase = self.password_encode(password)
181
with open(os.devnull, "w") as devnull:
182
try:
183
proc = self.gnupg.run(['--symmetric'],
184
create_fhs=['stdin', 'stdout'],
185
attach_fhs={'stderr': devnull})
186
with contextlib.closing(proc.handles['stdin']) as f:
187
f.write(data)
188
with contextlib.closing(proc.handles['stdout']) as f:
189
ciphertext = f.read()
190
proc.wait()
191
except IOError as e:
192
raise PGPError(e)
193
self.gnupg.passphrase = None
199
194
return ciphertext
200
195
201
196
def decrypt(self, data, password):
202
passphrase = self.password_encode(password)
203
with tempfile.NamedTemporaryFile(dir = self.tempdir
204
) as passfile:
205
passfile.write(passphrase)
206
passfile.flush()
207
proc = subprocess.Popen(['gpg', '--decrypt',
208
'--passphrase-file',
209
passfile.name]
210
+ self.gnupgargs,
211
stdin = subprocess.PIPE,
212
stdout = subprocess.PIPE,
213
stderr = subprocess.PIPE)
214
decrypted_plaintext, err = proc.communicate(input
215
= data)
216
if proc.returncode != 0:
217
raise PGPError(err)
197
self.gnupg.passphrase = self.password_encode(password)
198
with open(os.devnull, "w") as devnull:
199
try:
200
proc = self.gnupg.run(['--decrypt'],
201
create_fhs=['stdin', 'stdout'],
202
attach_fhs={'stderr': devnull})
203
with contextlib.closing(proc.handles['stdin']) as f:
204
f.write(data)
205
with contextlib.closing(proc.handles['stdout']) as f:
206
decrypted_plaintext = f.read()
207
proc.wait()
208
except IOError as e:
209
raise PGPError(e)
210
self.gnupg.passphrase = None
218
211
return decrypted_plaintext
219
212
220
213
240
233
Used to optionally bind to the specified interface.
241
234
name: string; Example: 'Mandos'
242
235
type: string; Example: '_mandos._tcp'.
243
See <https://www.iana.org/assignments/service-names-port-numbers>
236
See <http://www.dns-sd.org/ServiceTypes.html>
244
237
port: integer; what port to announce
245
238
TXT: list of strings; TXT record for the service
246
239
domain: string; Domain to publish on, default to .local if empty.
446
439
runtime_expansions: Allowed attributes for runtime expansion.
447
440
expires: datetime.datetime(); time (UTC) when a client will be
448
441
disabled, or None
449
server_settings: The server_settings dict from main()
450
442
"""
451
443
452
444
runtime_expansions = ("approval_delay", "approval_duration",
454
446
"fingerprint", "host", "interval",
455
447
"last_approval_request", "last_checked_ok",
456
448
"last_enabled", "name", "timeout")
457
client_defaults = { "timeout": "PT5M",
458
"extended_timeout": "PT15M",
459
"interval": "PT2M",
449
client_defaults = { "timeout": "5m",
450
"extended_timeout": "15m",
451
"interval": "2m",
460
452
"checker": "fping -q -- %%(host)s",
461
453
"host": "",
462
"approval_delay": "PT0S",
463
"approval_duration": "PT1S",
454
"approval_delay": "0s",
455
"approval_duration": "1s",
464
456
"approved_by_default": "True",
465
457
"enabled": "True",
466
458
}
527
519
528
520
return settings
529
521
530
def __init__(self, settings, name = None, server_settings=None):
522
def __init__(self, settings, name = None):
531
523
self.name = name
532
if server_settings is None:
533
server_settings = {}
534
self.server_settings = server_settings
535
524
# adding all client settings
536
525
for setting, value in settings.iteritems():
537
526
setattr(self, setting, value)
690
679
# If a checker exists, make sure it is not a zombie
691
680
try:
692
681
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
693
except AttributeError:
694
pass
695
except OSError as error:
696
if error.errno != errno.ECHILD:
697
raise
682
except (AttributeError, OSError) as error:
683
if (isinstance(error, OSError)
684
and error.errno != errno.ECHILD):
685
raise error
698
686
else:
699
687
if pid:
700
688
logger.warning("Checker was a zombie")
722
710
# in normal mode, that is already done by daemon(),
723
711
# and in debug mode we don't want to. (Stdin is
724
712
# always replaced by /dev/null.)
725
# The exception is when not debugging but nevertheless
726
# running in the foreground; use the previously
727
# created wnull.
728
popen_args = {}
729
if (not self.server_settings["debug"]
730
and self.server_settings["foreground"]):
731
popen_args.update({"stdout": wnull,
732
"stderr": wnull })
733
713
self.checker = subprocess.Popen(command,
734
714
close_fds=True,
735
shell=True, cwd="/",
736
**popen_args)
715
shell=True, cwd="/")
737
716
except OSError as error:
738
717
logger.error("Failed to start subprocess",
739
718
exc_info=error)
740
return True
741
719
self.checker_callback_tag = (gobject.child_watch_add
742
720
(self.checker.pid,
743
721
self.checker_callback,
744
722
data=command))
745
723
# The checker may have completed before the gobject
746
724
# watch was added. Check for this.
747
try:
748
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
749
except OSError as error:
750
if error.errno == errno.ECHILD:
751
# This should never happen
752
logger.error("Child process vanished",
753
exc_info=error)
754
return True
755
raise
725
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
756
726
if pid:
757
727
gobject.source_remove(self.checker_callback_tag)
758
728
self.checker_callback(pid, status, command)
1098
1068
interface_names.add(alt_interface)
1099
1069
# Is this a D-Bus signal?
1100
1070
if getattr(attribute, "_dbus_is_signal", False):
1101
# Extract the original non-method undecorated
1102
# function by black magic
1071
# Extract the original non-method function by
1072
# black magic
1103
1073
nonmethod_func = (dict(
1104
1074
zip(attribute.func_code.co_freevars,
1105
1075
attribute.__closure__))["func"]
1703
1673
logger.debug("Protocol version: %r", line)
1704
1674
try:
1705
1675
if int(line.strip().split()[0]) > 1:
1706
raise RuntimeError(line)
1676
raise RuntimeError
1707
1677
except (ValueError, IndexError, RuntimeError) as error:
1708
1678
logger.error("Unknown protocol version: %s", error)
1709
1679
return
1916
1886
1917
1887
def add_pipe(self, parent_pipe, proc):
1918
1888
"""Dummy function; override as necessary"""
1919
raise NotImplementedError()
1889
raise NotImplementedError
1920
1890
1921
1891
1922
1892
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
1998
1968
if self.address_family == socket.AF_INET6:
1999
1969
any_address = "::" # in6addr_any
2000
1970
else:
2001
any_address = "0.0.0.0" # INADDR_ANY
1971
any_address = socket.INADDR_ANY
2002
1972
self.server_address = (any_address,
2003
1973
self.server_address[1])
2004
1974
elif not self.server_address[1]:
2120
2090
return True
2121
2091
2122
2092
2123
def rfc3339_duration_to_delta(duration):
2124
"""Parse an RFC 3339 "duration" and return a datetime.timedelta
2125
2126
>>> rfc3339_duration_to_delta("P7D")
2127
datetime.timedelta(7)
2128
>>> rfc3339_duration_to_delta("PT60S")
2129
datetime.timedelta(0, 60)
2130
>>> rfc3339_duration_to_delta("PT60M")
2131
datetime.timedelta(0, 3600)
2132
>>> rfc3339_duration_to_delta("PT24H")
2133
datetime.timedelta(1)
2134
>>> rfc3339_duration_to_delta("P1W")
2135
datetime.timedelta(7)
2136
>>> rfc3339_duration_to_delta("PT5M30S")
2137
datetime.timedelta(0, 330)
2138
>>> rfc3339_duration_to_delta("P1DT3M20S")
2139
datetime.timedelta(1, 200)
2140
"""
2141
2142
# Parsing an RFC 3339 duration with regular expressions is not
2143
# possible - there would have to be multiple places for the same
2144
# values, like seconds. The current code, while more esoteric, is
2145
# cleaner without depending on a parsing library. If Python had a
2146
# built-in library for parsing we would use it, but we'd like to
2147
# avoid excessive use of external libraries.
2148
2149
# New type for defining tokens, syntax, and semantics all-in-one
2150
Token = collections.namedtuple("Token",
2151
("regexp", # To match token; if
2152
# "value" is not None,
2153
# must have a "group"
2154
# containing digits
2155
"value", # datetime.timedelta or
2156
# None
2157
"followers")) # Tokens valid after
2158
# this token
2159
# RFC 3339 "duration" tokens, syntax, and semantics; taken from
2160
# the "duration" ABNF definition in RFC 3339, Appendix A.
2161
token_end = Token(re.compile(r"$"), None, frozenset())
2162
token_second = Token(re.compile(r"(\d+)S"),
2163
datetime.timedelta(seconds=1),
2164
frozenset((token_end,)))
2165
token_minute = Token(re.compile(r"(\d+)M"),
2166
datetime.timedelta(minutes=1),
2167
frozenset((token_second, token_end)))
2168
token_hour = Token(re.compile(r"(\d+)H"),
2169
datetime.timedelta(hours=1),
2170
frozenset((token_minute, token_end)))
2171
token_time = Token(re.compile(r"T"),
2172
None,
2173
frozenset((token_hour, token_minute,
2174
token_second)))
2175
token_day = Token(re.compile(r"(\d+)D"),
2176
datetime.timedelta(days=1),
2177
frozenset((token_time, token_end)))
2178
token_month = Token(re.compile(r"(\d+)M"),
2179
datetime.timedelta(weeks=4),
2180
frozenset((token_day, token_end)))
2181
token_year = Token(re.compile(r"(\d+)Y"),
2182
datetime.timedelta(weeks=52),
2183
frozenset((token_month, token_end)))
2184
token_week = Token(re.compile(r"(\d+)W"),
2185
datetime.timedelta(weeks=1),
2186
frozenset((token_end,)))
2187
token_duration = Token(re.compile(r"P"), None,
2188
frozenset((token_year, token_month,
2189
token_day, token_time,
2190
token_week))),
2191
# Define starting values
2192
value = datetime.timedelta() # Value so far
2193
found_token = None
2194
followers = frozenset(token_duration,) # Following valid tokens
2195
s = duration # String left to parse
2196
# Loop until end token is found
2197
while found_token is not token_end:
2198
# Search for any currently valid tokens
2199
for token in followers:
2200
match = token.regexp.match(s)
2201
if match is not None:
2202
# Token found
2203
if token.value is not None:
2204
# Value found, parse digits
2205
factor = int(match.group(1), 10)
2206
# Add to value so far
2207
value += factor * token.value
2208
# Strip token from string
2209
s = token.regexp.sub("", s, 1)
2210
# Go to found token
2211
found_token = token
2212
# Set valid next tokens
2213
followers = found_token.followers
2214
break
2215
else:
2216
# No currently valid tokens were found
2217
raise ValueError("Invalid RFC 3339 duration")
2218
# End token found
2219
return value
2220
2221
2222
2093
def string_to_delta(interval):
2223
2094
"""Parse a string and return a datetime.timedelta
2224
2095
2235
2106
>>> string_to_delta('5m 30s')
2236
2107
datetime.timedelta(0, 330)
2237
2108
"""
2238
2239
try:
2240
return rfc3339_duration_to_delta(interval)
2241
except ValueError:
2242
pass
2243
2244
2109
timevalue = datetime.timedelta(0)
2245
2110
for s in interval.split():
2246
2111
try:
2259
2124
else:
2260
2125
raise ValueError("Unknown suffix {0!r}"
2261
2126
.format(suffix))
2262
except IndexError as e:
2127
except (ValueError, IndexError) as e:
2263
2128
raise ValueError(*(e.args))
2264
2129
timevalue += delta
2265
2130
return timevalue
2309
2174
help="Run self-test")
2310
2175
parser.add_argument("--debug", action="store_true",
2311
2176
help="Debug mode; run in foreground and log"
2312
" to terminal", default=None)
2177
" to terminal")
2313
2178
parser.add_argument("--debuglevel", metavar="LEVEL",
2314
2179
help="Debug level for stdout output")
2315
2180
parser.add_argument("--priority", help="GnuTLS"
2322
2187
" files")
2323
2188
parser.add_argument("--no-dbus", action="store_false",
2324
2189
dest="use_dbus", help="Do not provide D-Bus"
2325
" system bus interface", default=None)
2190
" system bus interface")
2326
2191
parser.add_argument("--no-ipv6", action="store_false",
2327
dest="use_ipv6", help="Do not use IPv6",
2328
default=None)
2192
dest="use_ipv6", help="Do not use IPv6")
2329
2193
parser.add_argument("--no-restore", action="store_false",
2330
2194
dest="restore", help="Do not restore stored"
2331
" state", default=None)
2195
" state")
2332
2196
parser.add_argument("--socket", type=int,
2333
2197
help="Specify a file descriptor to a network"
2334
2198
" socket to use instead of creating one")
2335
2199
parser.add_argument("--statedir", metavar="DIR",
2336
2200
help="Directory to save/restore state in")
2337
2201
parser.add_argument("--foreground", action="store_true",
2338
help="Run in foreground", default=None)
2202
help="Run in foreground")
2339
2203
2340
2204
options = parser.parse_args()
2341
2205
2350
2214
"port": "",
2351
2215
"debug": "False",
2352
2216
"priority":
2353
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:+SIGN-RSA-SHA224:+SIGN-RSA-RMD160",
2217
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
2354
2218
"servicename": "Mandos",
2355
2219
"use_dbus": "True",
2356
2220
"use_ipv6": "True",
2400
2264
for option in server_settings.keys():
2401
2265
if type(server_settings[option]) is str:
2402
2266
server_settings[option] = unicode(server_settings[option])
2403
# Force all boolean options to be boolean
2404
for option in ("debug", "use_dbus", "use_ipv6", "restore",
2405
"foreground"):
2406
server_settings[option] = bool(server_settings[option])
2407
2267
# Debug implies foreground
2408
2268
if server_settings["debug"]:
2409
2269
server_settings["foreground"] = True
2457
2317
socketfd=(server_settings["socket"]
2458
2318
or None))
2459
2319
if not foreground:
2460
pidfilename = "/run/mandos.pid"
2461
if not os.path.isdir("/run/."):
2462
pidfilename = "/var/run/mandos.pid"
2320
pidfilename = "/var/run/mandos.pid"
2463
2321
pidfile = None
2464
2322
try:
2465
2323
pidfile = open(pidfilename, "w")
2482
2340
os.setuid(uid)
2483
2341
except OSError as error:
2484
2342
if error.errno != errno.EPERM:
2485
raise
2343
raise error
2486
2344
2487
2345
if debug:
2488
2346
# Enable all possible GnuTLS debugging
2551
2409
old_client_settings = {}
2552
2410
clients_data = {}
2553
2411
2554
# This is used to redirect stdout and stderr for checker processes
2555
global wnull
2556
wnull = open(os.devnull, "w") # A writable /dev/null
2557
# Only used if server is running in foreground but not in debug
2558
# mode
2559
if debug or not foreground:
2560
wnull.close()
2561
2562
2412
# Get client data and settings from last running state.
2563
2413
if server_settings["restore"]:
2564
2414
try:
2580
2430
2581
2431
with PGPEngine() as pgp:
2582
2432
for client_name, client in clients_data.iteritems():
2583
# Skip removed clients
2584
if client_name not in client_settings:
2585
continue
2586
2587
2433
# Decide which value to use after restoring saved state.
2588
2434
# We have three different values: Old config file,
2589
2435
# new config file, and saved state.
2651
2497
# Create all client objects
2652
2498
for client_name, client in clients_data.iteritems():
2653
2499
tcp_server.clients[client_name] = client_class(
2654
name = client_name, settings = client,
2655
server_settings = server_settings)
2500
name = client_name, settings = client)
2656
2501
2657
2502
if not tcp_server.clients:
2658
2503
logger.warning("No clients defined")
2741
2586
service.cleanup()
2742
2587
2743
2588
multiprocessing.active_children()
2744
wnull.close()
2745
2589
if not (tcp_server.clients or client_settings):
2746
2590
return
2747
2591
2759
2603
# A list of attributes that can not be pickled
2760
2604
# + secret.
2761
2605
exclude = set(("bus", "changedstate", "secret",
2762
"checker", "server_settings"))
2606
"checker"))
2763
2607
for name, typ in (inspect.getmembers
2764
2608
(dbus.service.Object)):
2765
2609
exclude.add(name)
2793
2637
else:
2794
2638
logger.warning("Could not save persistent state:",
2795
2639
exc_info=e)
2796
raise
2640
raise e
2797
2641
2798
2642
# Delete all clients, and settings from config
2799
2643
while tcp_server.clients:
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0