To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 87
- compare with another revision
- download diff
- download tarball
- view history from revision 87
- Committer: Teddy Hogeborn
- Date: 2008-08-18 05:24:20 UTC
- Revision ID: teddy@fukt.bsnet.se-20080818052420-ab5eurrioz8n2qy6
* Makefile: Bug fix: fixed creation of man pages in "plugins.d".
* mandos-keygen Bug fix: make the --expire option modify
KEYEXPIRE, not KEYCOMMENT. Use the "--no-options"
option to gpg when exporting keys from the temporary
key ring files.
* mandos-keygen.xml (EXIT STATUS): Filled in.
(ENVIRONMENT): New section, documenting use of TMPDIR.
(FILES): Document use of key files and /tmp.
(BUGS): Filled in.
(EXAMPLE): Added two examples.
(SECURITY): Added some text.
* plugins.d/password-prompt.xml (NOTES): Removed, since this is
created automatically for
footnotes.
(ENVIRONMENT, FILES): Added empty sections.
(EXAMPLES): Renamed to "EXAMPLE", as per man-pages(7).
* plugins.d/password-request.xml: Reordered sections.
(ENVIRONMENT): New empty section.
(EXAMPLES): Renamed to "EXAMPLE", as per man-pages(7).
* mandos-keygen Bug fix: make the --expire option modify
KEYEXPIRE, not KEYCOMMENT. Use the "--no-options"
option to gpg when exporting keys from the temporary
key ring files.
* mandos-keygen.xml (EXIT STATUS): Filled in.
(ENVIRONMENT): New section, documenting use of TMPDIR.
(FILES): Document use of key files and /tmp.
(BUGS): Filled in.
(EXAMPLE): Added two examples.
(SECURITY): Added some text.
* plugins.d/password-prompt.xml (NOTES): Removed, since this is
created automatically for
footnotes.
(ENVIRONMENT, FILES): Added empty sections.
(EXAMPLES): Renamed to "EXAMPLE", as per man-pages(7).
* plugins.d/password-request.xml: Reordered sections.
(ENVIRONMENT): New empty section.
(EXAMPLES): Renamed to "EXAMPLE", as per man-pages(7).
- files added:
- plugins.d/usplash
- files removed:
- .bzr-builddeb
- debian
- debian/po
- files renamed:
- plugins.d/mandos-client.c => plugins.d/password-request.c
- plugins.d/mandos-client.xml => plugins.d/password-request.xml
- files modified:
- Makefile
added
removed
mandos
6
6
# This program is partly derived from an example program for an Avahi
7
7
# service publisher, downloaded from
8
8
# <http://avahi.org/wiki/PythonPublishExample>. This includes the
9
# methods "add", "remove", "server_state_changed",
10
# "entry_group_state_changed", "cleanup", and "activate" in the
11
# "AvahiService" class, and some lines in "main".
9
# methods "add" and "remove" in the "AvahiService" class, the
10
# "server_state_changed" and "entry_group_state_changed" functions,
11
# and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008,2009 Teddy Hogeborn
15
# Copyright © 2008,2009 Björn Påhlsson
14
# Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
16
15
#
17
16
# This program is free software: you can redistribute it and/or modify
18
17
# it under the terms of the GNU General Public License as published by
25
24
# GNU General Public License for more details.
26
25
#
27
26
# You should have received a copy of the GNU General Public License
28
# along with this program. If not, see
29
# <http://www.gnu.org/licenses/>.
27
# along with this program. If not, see <http://www.gnu.org/licenses/>.
30
28
#
31
29
# Contact the authors at <mandos@fukt.bsnet.se>.
32
30
#
33
31
34
from __future__ import division, with_statement, absolute_import
32
from __future__ import division
35
33
36
import SocketServer as socketserver
34
import SocketServer
37
35
import socket
38
import optparse
36
import select
37
from optparse import OptionParser
39
38
import datetime
40
39
import errno
41
40
import gnutls.crypto
44
43
import gnutls.library.functions
45
44
import gnutls.library.constants
46
45
import gnutls.library.types
47
import ConfigParser as configparser
46
import ConfigParser
48
47
import sys
49
48
import re
50
49
import os
51
50
import signal
51
from sets import Set
52
52
import subprocess
53
53
import atexit
54
54
import stat
55
55
import logging
56
56
import logging.handlers
57
import pwd
58
from contextlib import closing
59
import struct
60
import fcntl
61
57
62
58
import dbus
63
import dbus.service
64
59
import gobject
65
60
import avahi
66
61
from dbus.mainloop.glib import DBusGMainLoop
67
62
import ctypes
68
import ctypes.util
69
70
try:
71
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
72
except AttributeError:
73
try:
74
from IN import SO_BINDTODEVICE
75
except ImportError:
76
# From /usr/include/asm/socket.h
77
SO_BINDTODEVICE = 25
78
79
80
version = "1.0.8"
81
82
logger = logging.Logger(u'mandos')
83
syslogger = (logging.handlers.SysLogHandler
84
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
85
address = "/dev/log"))
86
syslogger.setFormatter(logging.Formatter
87
(u'Mandos [%(process)d]: %(levelname)s:'
88
u' %(message)s'))
63
64
version = "1.0"
65
66
logger = logging.Logger('mandos')
67
syslogger = logging.handlers.SysLogHandler\
68
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
69
address = "/dev/log")
70
syslogger.setFormatter(logging.Formatter\
71
('Mandos: %(levelname)s: %(message)s'))
89
72
logger.addHandler(syslogger)
90
73
91
74
console = logging.StreamHandler()
92
console.setFormatter(logging.Formatter(u'%(name)s [%(process)d]:'
93
u' %(levelname)s:'
94
u' %(message)s'))
75
console.setFormatter(logging.Formatter('%(name)s: %(levelname)s:'
76
' %(message)s'))
95
77
logger.addHandler(console)
96
78
97
79
class AvahiError(Exception):
98
def __init__(self, value, *args, **kwargs):
80
def __init__(self, value):
99
81
self.value = value
100
super(AvahiError, self).__init__(value, *args, **kwargs)
101
def __unicode__(self):
102
return unicode(repr(self.value))
82
def __str__(self):
83
return repr(self.value)
103
84
104
85
class AvahiServiceError(AvahiError):
105
86
pass
110
91
111
92
class AvahiService(object):
112
93
"""An Avahi (Zeroconf) service.
113
114
94
Attributes:
115
95
interface: integer; avahi.IF_UNSPEC or an interface index.
116
96
Used to optionally bind to the specified interface.
117
name: string; Example: u'Mandos'
118
type: string; Example: u'_mandos._tcp'.
97
name: string; Example: 'Mandos'
98
type: string; Example: '_mandos._tcp'.
119
99
See <http://www.dns-sd.org/ServiceTypes.html>
120
100
port: integer; what port to announce
121
101
TXT: list of strings; TXT record for the service
124
104
max_renames: integer; maximum number of renames
125
105
rename_count: integer; counter so we only rename after collisions
126
106
a sensible number of times
127
group: D-Bus Entry Group
128
server: D-Bus Server
129
107
"""
130
108
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
131
servicetype = None, port = None, TXT = None,
132
domain = u"", host = u"", max_renames = 32768,
133
protocol = avahi.PROTO_UNSPEC):
109
type = None, port = None, TXT = None, domain = "",
110
host = "", max_renames = 32768):
134
111
self.interface = interface
135
112
self.name = name
136
self.type = servicetype
113
self.type = type
137
114
self.port = port
138
self.TXT = TXT if TXT is not None else []
115
if TXT is None:
116
self.TXT = []
117
else:
118
self.TXT = TXT
139
119
self.domain = domain
140
120
self.host = host
141
121
self.rename_count = 0
142
122
self.max_renames = max_renames
143
self.protocol = protocol
144
self.group = None # our entry group
145
self.server = None
146
123
def rename(self):
147
124
"""Derived from the Avahi example code"""
148
125
if self.rename_count >= self.max_renames:
149
logger.critical(u"No suitable Zeroconf service name found"
150
u" after %i retries, exiting.",
151
self.rename_count)
152
raise AvahiServiceError(u"Too many renames")
153
self.name = self.server.GetAlternativeServiceName(self.name)
154
logger.info(u"Changing Zeroconf service name to %r ...",
155
unicode(self.name))
156
syslogger.setFormatter(logging.Formatter
157
(u'Mandos (%s) [%%(process)d]:'
158
u' %%(levelname)s: %%(message)s'
159
% self.name))
126
logger.critical(u"No suitable service name found after %i"
127
u" retries, exiting.", rename_count)
128
raise AvahiServiceError("Too many renames")
129
self.name = server.GetAlternativeServiceName(self.name)
130
logger.info(u"Changing name to %r ...", str(self.name))
131
syslogger.setFormatter(logging.Formatter\
132
('Mandos (%s): %%(levelname)s:'
133
' %%(message)s' % self.name))
160
134
self.remove()
161
135
self.add()
162
136
self.rename_count += 1
163
137
def remove(self):
164
138
"""Derived from the Avahi example code"""
165
if self.group is not None:
166
self.group.Reset()
139
if group is not None:
140
group.Reset()
167
141
def add(self):
168
142
"""Derived from the Avahi example code"""
169
if self.group is None:
170
self.group = dbus.Interface(
171
bus.get_object(avahi.DBUS_NAME,
172
self.server.EntryGroupNew()),
173
avahi.DBUS_INTERFACE_ENTRY_GROUP)
174
self.group.connect_to_signal('StateChanged',
175
self.entry_group_state_changed)
176
logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",
177
self.name, self.type)
178
self.group.AddService(
179
self.interface,
180
self.protocol,
181
dbus.UInt32(0), # flags
182
self.name, self.type,
183
self.domain, self.host,
184
dbus.UInt16(self.port),
185
avahi.string_array_to_txt_array(self.TXT))
186
self.group.Commit()
187
def entry_group_state_changed(self, state, error):
188
"""Derived from the Avahi example code"""
189
logger.debug(u"Avahi state change: %i", state)
190
191
if state == avahi.ENTRY_GROUP_ESTABLISHED:
192
logger.debug(u"Zeroconf service established.")
193
elif state == avahi.ENTRY_GROUP_COLLISION:
194
logger.warning(u"Zeroconf service name collision.")
195
self.rename()
196
elif state == avahi.ENTRY_GROUP_FAILURE:
197
logger.critical(u"Avahi: Error in group state changed %s",
198
unicode(error))
199
raise AvahiGroupError(u"State changed: %s"
200
% unicode(error))
201
def cleanup(self):
202
"""Derived from the Avahi example code"""
203
if self.group is not None:
204
self.group.Free()
205
self.group = None
206
def server_state_changed(self, state):
207
"""Derived from the Avahi example code"""
208
if state == avahi.SERVER_COLLISION:
209
logger.error(u"Zeroconf server name collision")
210
self.remove()
211
elif state == avahi.SERVER_RUNNING:
212
self.add()
213
def activate(self):
214
"""Derived from the Avahi example code"""
215
if self.server is None:
216
self.server = dbus.Interface(
217
bus.get_object(avahi.DBUS_NAME,
218
avahi.DBUS_PATH_SERVER),
219
avahi.DBUS_INTERFACE_SERVER)
220
self.server.connect_to_signal(u"StateChanged",
221
self.server_state_changed)
222
self.server_state_changed(self.server.GetState())
143
global group
144
if group is None:
145
group = dbus.Interface\
146
(bus.get_object(avahi.DBUS_NAME,
147
server.EntryGroupNew()),
148
avahi.DBUS_INTERFACE_ENTRY_GROUP)
149
group.connect_to_signal('StateChanged',
150
entry_group_state_changed)
151
logger.debug(u"Adding service '%s' of type '%s' ...",
152
service.name, service.type)
153
group.AddService(
154
self.interface, # interface
155
avahi.PROTO_INET6, # protocol
156
dbus.UInt32(0), # flags
157
self.name, self.type,
158
self.domain, self.host,
159
dbus.UInt16(self.port),
160
avahi.string_array_to_txt_array(self.TXT))
161
group.Commit()
162
163
# From the Avahi example code:
164
group = None # our entry group
165
# End of Avahi example code
223
166
224
167
225
168
class Client(object):
226
169
"""A representation of a client host served by this server.
227
228
170
Attributes:
229
name: string; from the config file, used in log messages and
230
D-Bus identifiers
171
name: string; from the config file, used in log messages
231
172
fingerprint: string (40 or 32 hexadecimal digits); used to
232
173
uniquely identify the client
233
secret: bytestring; sent verbatim (over TLS) to client
234
host: string; available for use by the checker command
235
created: datetime.datetime(); (UTC) object creation
236
last_enabled: datetime.datetime(); (UTC)
237
enabled: bool()
238
last_checked_ok: datetime.datetime(); (UTC) or None
239
timeout: datetime.timedelta(); How long from last_checked_ok
240
until this client is invalid
241
interval: datetime.timedelta(); How often to start a new checker
242
disable_hook: If set, called by disable() as disable_hook(self)
243
checker: subprocess.Popen(); a running checker process used
244
to see if the client lives.
245
'None' if no process is running.
174
secret: bytestring; sent verbatim (over TLS) to client
175
host: string; available for use by the checker command
176
created: datetime.datetime(); object creation, not client host
177
last_checked_ok: datetime.datetime() or None if not yet checked OK
178
timeout: datetime.timedelta(); How long from last_checked_ok
179
until this client is invalid
180
interval: datetime.timedelta(); How often to start a new checker
181
stop_hook: If set, called by stop() as stop_hook(self)
182
checker: subprocess.Popen(); a running checker process used
183
to see if the client lives.
184
'None' if no process is running.
246
185
checker_initiator_tag: a gobject event source tag, or None
247
disable_initiator_tag: - '' -
186
stop_initiator_tag: - '' -
248
187
checker_callback_tag: - '' -
249
188
checker_command: string; External command which is run to check if
250
189
client lives. %() expansions are done at
251
190
runtime with vars(self) as dict, so that for
252
191
instance %(name)s can be used in the command.
253
current_checker_command: string; current running checker_command
192
Private attibutes:
193
_timeout: Real variable for 'timeout'
194
_interval: Real variable for 'interval'
195
_timeout_milliseconds: Used when calling gobject.timeout_add()
196
_interval_milliseconds: - '' -
254
197
"""
255
256
@staticmethod
257
def _datetime_to_milliseconds(dt):
258
"Convert a datetime.datetime() to milliseconds"
259
return ((dt.days * 24 * 60 * 60 * 1000)
260
+ (dt.seconds * 1000)
261
+ (dt.microseconds // 1000))
262
263
def timeout_milliseconds(self):
264
"Return the 'timeout' attribute in milliseconds"
265
return self._datetime_to_milliseconds(self.timeout)
266
267
def interval_milliseconds(self):
268
"Return the 'interval' attribute in milliseconds"
269
return self._datetime_to_milliseconds(self.interval)
270
271
def __init__(self, name = None, disable_hook=None, config=None):
198
def _set_timeout(self, timeout):
199
"Setter function for 'timeout' attribute"
200
self._timeout = timeout
201
self._timeout_milliseconds = ((self.timeout.days
202
* 24 * 60 * 60 * 1000)
203
+ (self.timeout.seconds * 1000)
204
+ (self.timeout.microseconds
205
// 1000))
206
timeout = property(lambda self: self._timeout,
207
_set_timeout)
208
del _set_timeout
209
def _set_interval(self, interval):
210
"Setter function for 'interval' attribute"
211
self._interval = interval
212
self._interval_milliseconds = ((self.interval.days
213
* 24 * 60 * 60 * 1000)
214
+ (self.interval.seconds
215
* 1000)
216
+ (self.interval.microseconds
217
// 1000))
218
interval = property(lambda self: self._interval,
219
_set_interval)
220
del _set_interval
221
def __init__(self, name = None, stop_hook=None, config={}):
272
222
"""Note: the 'checker' key in 'config' sets the
273
223
'checker_command' attribute and *not* the 'checker'
274
224
attribute."""
275
225
self.name = name
276
if config is None:
277
config = {}
278
226
logger.debug(u"Creating client %r", self.name)
279
227
# Uppercase and remove spaces from fingerprint for later
280
228
# comparison purposes with return value from the fingerprint()
281
229
# function
282
self.fingerprint = (config[u"fingerprint"].upper()
283
.replace(u" ", u""))
230
self.fingerprint = config["fingerprint"].upper()\
231
.replace(u" ", u"")
284
232
logger.debug(u" Fingerprint: %s", self.fingerprint)
285
if u"secret" in config:
286
self.secret = config[u"secret"].decode(u"base64")
287
elif u"secfile" in config:
288
with closing(open(os.path.expanduser
289
(os.path.expandvars
290
(config[u"secfile"])))) as secfile:
291
self.secret = secfile.read()
233
if "secret" in config:
234
self.secret = config["secret"].decode(u"base64")
235
elif "secfile" in config:
236
sf = open(config["secfile"])
237
self.secret = sf.read()
238
sf.close()
292
239
else:
293
240
raise TypeError(u"No secret or secfile for client %s"
294
241
% self.name)
295
self.host = config.get(u"host", u"")
296
self.created = datetime.datetime.utcnow()
297
self.enabled = False
298
self.last_enabled = None
242
self.host = config.get("host", "")
243
self.created = datetime.datetime.now()
299
244
self.last_checked_ok = None
300
self.timeout = string_to_delta(config[u"timeout"])
301
self.interval = string_to_delta(config[u"interval"])
302
self.disable_hook = disable_hook
245
self.timeout = string_to_delta(config["timeout"])
246
self.interval = string_to_delta(config["interval"])
247
self.stop_hook = stop_hook
303
248
self.checker = None
304
249
self.checker_initiator_tag = None
305
self.disable_initiator_tag = None
250
self.stop_initiator_tag = None
306
251
self.checker_callback_tag = None
307
self.checker_command = config[u"checker"]
308
self.current_checker_command = None
309
self.last_connect = None
310
311
def enable(self):
252
self.check_command = config["checker"]
253
def start(self):
312
254
"""Start this client's checker and timeout hooks"""
313
self.last_enabled = datetime.datetime.utcnow()
314
255
# Schedule a new checker to be started an 'interval' from now,
315
256
# and every interval from then on.
316
self.checker_initiator_tag = (gobject.timeout_add
317
(self.interval_milliseconds(),
318
self.start_checker))
257
self.checker_initiator_tag = gobject.timeout_add\
258
(self._interval_milliseconds,
259
self.start_checker)
319
260
# Also start a new checker *right now*.
320
261
self.start_checker()
321
# Schedule a disable() when 'timeout' has passed
322
self.disable_initiator_tag = (gobject.timeout_add
323
(self.timeout_milliseconds(),
324
self.disable))
325
self.enabled = True
326
327
def disable(self):
328
"""Disable this client."""
329
if not getattr(self, "enabled", False):
262
# Schedule a stop() when 'timeout' has passed
263
self.stop_initiator_tag = gobject.timeout_add\
264
(self._timeout_milliseconds,
265
self.stop)
266
def stop(self):
267
"""Stop this client.
268
The possibility that a client might be restarted is left open,
269
but not currently used."""
270
# If this client doesn't have a secret, it is already stopped.
271
if hasattr(self, "secret") and self.secret:
272
logger.info(u"Stopping client %s", self.name)
273
self.secret = None
274
else:
330
275
return False
331
logger.info(u"Disabling client %s", self.name)
332
if getattr(self, u"disable_initiator_tag", False):
333
gobject.source_remove(self.disable_initiator_tag)
334
self.disable_initiator_tag = None
335
if getattr(self, u"checker_initiator_tag", False):
276
if getattr(self, "stop_initiator_tag", False):
277
gobject.source_remove(self.stop_initiator_tag)
278
self.stop_initiator_tag = None
279
if getattr(self, "checker_initiator_tag", False):
336
280
gobject.source_remove(self.checker_initiator_tag)
337
281
self.checker_initiator_tag = None
338
282
self.stop_checker()
339
if self.disable_hook:
340
self.disable_hook(self)
341
self.enabled = False
283
if self.stop_hook:
284
self.stop_hook(self)
342
285
# Do not run this again if called by a gobject.timeout_add
343
286
return False
344
345
287
def __del__(self):
346
self.disable_hook = None
347
self.disable()
348
349
def checker_callback(self, pid, condition, command):
288
self.stop_hook = None
289
self.stop()
290
def checker_callback(self, pid, condition):
350
291
"""The checker has completed, so take appropriate actions."""
292
now = datetime.datetime.now()
351
293
self.checker_callback_tag = None
352
294
self.checker = None
353
if os.WIFEXITED(condition):
354
exitstatus = os.WEXITSTATUS(condition)
355
if exitstatus == 0:
356
logger.info(u"Checker for %(name)s succeeded",
357
vars(self))
358
self.checked_ok()
359
else:
360
logger.info(u"Checker for %(name)s failed",
361
vars(self))
362
else:
295
if os.WIFEXITED(condition) \
296
and (os.WEXITSTATUS(condition) == 0):
297
logger.info(u"Checker for %(name)s succeeded",
298
vars(self))
299
self.last_checked_ok = now
300
gobject.source_remove(self.stop_initiator_tag)
301
self.stop_initiator_tag = gobject.timeout_add\
302
(self._timeout_milliseconds,
303
self.stop)
304
elif not os.WIFEXITED(condition):
363
305
logger.warning(u"Checker for %(name)s crashed?",
364
306
vars(self))
365
366
def checked_ok(self):
367
"""Bump up the timeout for this client.
368
369
This should only be called when the client has been seen,
370
alive and well.
371
"""
372
self.last_checked_ok = datetime.datetime.utcnow()
373
gobject.source_remove(self.disable_initiator_tag)
374
self.disable_initiator_tag = (gobject.timeout_add
375
(self.timeout_milliseconds(),
376
self.disable))
377
307
else:
308
logger.info(u"Checker for %(name)s failed",
309
vars(self))
378
310
def start_checker(self):
379
311
"""Start a new checker subprocess if one is not running.
380
381
312
If a checker already exists, leave it running and do
382
313
nothing."""
383
314
# The reason for not killing a running checker is that if we
388
319
# checkers alone, the checker would have to take more time
389
320
# than 'timeout' for the client to be declared invalid, which
390
321
# is as it should be.
391
392
# If a checker exists, make sure it is not a zombie
393
if self.checker is not None:
394
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
395
if pid:
396
logger.warning(u"Checker was a zombie")
397
gobject.source_remove(self.checker_callback_tag)
398
self.checker_callback(pid, status,
399
self.current_checker_command)
400
# Start a new checker if needed
401
322
if self.checker is None:
402
323
try:
403
# In case checker_command has exactly one % operator
404
command = self.checker_command % self.host
324
# In case check_command has exactly one % operator
325
command = self.check_command % self.host
405
326
except TypeError:
406
327
# Escape attributes for the shell
407
escaped_attrs = dict((key,
408
re.escape(unicode(str(val),
409
errors=
410
u'replace')))
328
escaped_attrs = dict((key, re.escape(str(val)))
411
329
for key, val in
412
330
vars(self).iteritems())
413
331
try:
414
command = self.checker_command % escaped_attrs
332
command = self.check_command % escaped_attrs
415
333
except TypeError, error:
416
334
logger.error(u'Could not format string "%s":'
417
u' %s', self.checker_command, error)
335
u' %s', self.check_command, error)
418
336
return True # Try again later
419
self.current_checker_command = command
420
337
try:
421
338
logger.info(u"Starting checker %r for %s",
422
339
command, self.name)
423
# We don't need to redirect stdout and stderr, since
424
# in normal mode, that is already done by daemon(),
425
# and in debug mode we don't want to. (Stdin is
426
# always replaced by /dev/null.)
427
340
self.checker = subprocess.Popen(command,
428
341
close_fds=True,
429
shell=True, cwd=u"/")
430
self.checker_callback_tag = (gobject.child_watch_add
431
(self.checker.pid,
432
self.checker_callback,
433
data=command))
434
# The checker may have completed before the gobject
435
# watch was added. Check for this.
436
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
437
if pid:
438
gobject.source_remove(self.checker_callback_tag)
439
self.checker_callback(pid, status, command)
440
except OSError, error:
342
shell=True, cwd="/")
343
self.checker_callback_tag = gobject.child_watch_add\
344
(self.checker.pid,
345
self.checker_callback)
346
except subprocess.OSError, error:
441
347
logger.error(u"Failed to start subprocess: %s",
442
348
error)
443
349
# Re-run this periodically if run by gobject.timeout_add
444
350
return True
445
446
351
def stop_checker(self):
447
352
"""Force the checker process, if any, to stop."""
448
353
if self.checker_callback_tag:
449
354
gobject.source_remove(self.checker_callback_tag)
450
355
self.checker_callback_tag = None
451
if getattr(self, u"checker", None) is None:
356
if getattr(self, "checker", None) is None:
452
357
return
453
358
logger.debug(u"Stopping checker for %(name)s", vars(self))
454
359
try:
460
365
if error.errno != errno.ESRCH: # No such process
461
366
raise
462
367
self.checker = None
463
464
368
def still_valid(self):
465
369
"""Has the timeout not yet passed for this client?"""
466
if not getattr(self, u"enabled", False):
467
return False
468
now = datetime.datetime.utcnow()
370
now = datetime.datetime.now()
469
371
if self.last_checked_ok is None:
470
372
return now < (self.created + self.timeout)
471
373
else:
472
374
return now < (self.last_checked_ok + self.timeout)
473
375
474
376
475
class ClientDBus(Client, dbus.service.Object):
476
"""A Client class using D-Bus
477
478
Attributes:
479
dbus_object_path: dbus.ObjectPath ; only set if self.use_dbus
480
"""
481
# dbus.service.Object doesn't use super(), so we can't either.
482
483
def __init__(self, *args, **kwargs):
484
Client.__init__(self, *args, **kwargs)
485
# Only now, when this client is initialized, can it show up on
486
# the D-Bus
487
self.dbus_object_path = (dbus.ObjectPath
488
(u"/clients/"
489
+ self.name.replace(u".", u"_")))
490
dbus.service.Object.__init__(self, bus,
491
self.dbus_object_path)
492
493
@staticmethod
494
def _datetime_to_dbus(dt, variant_level=0):
495
"""Convert a UTC datetime.datetime() to a D-Bus type."""
496
return dbus.String(dt.isoformat(),
497
variant_level=variant_level)
498
499
def enable(self):
500
oldstate = getattr(self, u"enabled", False)
501
r = Client.enable(self)
502
if oldstate != self.enabled:
503
# Emit D-Bus signals
504
self.PropertyChanged(dbus.String(u"enabled"),
505
dbus.Boolean(True, variant_level=1))
506
self.PropertyChanged(
507
dbus.String(u"last_enabled"),
508
self._datetime_to_dbus(self.last_enabled,
509
variant_level=1))
510
return r
511
512
def disable(self, signal = True):
513
oldstate = getattr(self, u"enabled", False)
514
r = Client.disable(self)
515
if signal and oldstate != self.enabled:
516
# Emit D-Bus signal
517
self.PropertyChanged(dbus.String(u"enabled"),
518
dbus.Boolean(False, variant_level=1))
519
return r
520
521
def __del__(self, *args, **kwargs):
522
try:
523
self.remove_from_connection()
524
except LookupError:
525
pass
526
if hasattr(dbus.service.Object, u"__del__"):
527
dbus.service.Object.__del__(self, *args, **kwargs)
528
Client.__del__(self, *args, **kwargs)
529
530
def checker_callback(self, pid, condition, command,
531
*args, **kwargs):
532
self.checker_callback_tag = None
533
self.checker = None
534
# Emit D-Bus signal
535
self.PropertyChanged(dbus.String(u"checker_running"),
536
dbus.Boolean(False, variant_level=1))
537
if os.WIFEXITED(condition):
538
exitstatus = os.WEXITSTATUS(condition)
539
# Emit D-Bus signal
540
self.CheckerCompleted(dbus.Int16(exitstatus),
541
dbus.Int64(condition),
542
dbus.String(command))
543
else:
544
# Emit D-Bus signal
545
self.CheckerCompleted(dbus.Int16(-1),
546
dbus.Int64(condition),
547
dbus.String(command))
548
549
return Client.checker_callback(self, pid, condition, command,
550
*args, **kwargs)
551
552
def checked_ok(self, *args, **kwargs):
553
r = Client.checked_ok(self, *args, **kwargs)
554
# Emit D-Bus signal
555
self.PropertyChanged(
556
dbus.String(u"last_checked_ok"),
557
(self._datetime_to_dbus(self.last_checked_ok,
558
variant_level=1)))
559
return r
560
561
def start_checker(self, *args, **kwargs):
562
old_checker = self.checker
563
if self.checker is not None:
564
old_checker_pid = self.checker.pid
565
else:
566
old_checker_pid = None
567
r = Client.start_checker(self, *args, **kwargs)
568
# Only if new checker process was started
569
if (self.checker is not None
570
and old_checker_pid != self.checker.pid):
571
# Emit D-Bus signal
572
self.CheckerStarted(self.current_checker_command)
573
self.PropertyChanged(
574
dbus.String(u"checker_running"),
575
dbus.Boolean(True, variant_level=1))
576
return r
577
578
def stop_checker(self, *args, **kwargs):
579
old_checker = getattr(self, u"checker", None)
580
r = Client.stop_checker(self, *args, **kwargs)
581
if (old_checker is not None
582
and getattr(self, u"checker", None) is None):
583
self.PropertyChanged(dbus.String(u"checker_running"),
584
dbus.Boolean(False, variant_level=1))
585
return r
586
587
## D-Bus methods & signals
588
_interface = u"se.bsnet.fukt.Mandos.Client"
589
590
# CheckedOK - method
591
@dbus.service.method(_interface)
592
def CheckedOK(self):
593
return self.checked_ok()
594
595
# CheckerCompleted - signal
596
@dbus.service.signal(_interface, signature=u"nxs")
597
def CheckerCompleted(self, exitcode, waitstatus, command):
598
"D-Bus signal"
599
pass
600
601
# CheckerStarted - signal
602
@dbus.service.signal(_interface, signature=u"s")
603
def CheckerStarted(self, command):
604
"D-Bus signal"
605
pass
606
607
# GetAllProperties - method
608
@dbus.service.method(_interface, out_signature=u"a{sv}")
609
def GetAllProperties(self):
610
"D-Bus method"
611
return dbus.Dictionary({
612
dbus.String(u"name"):
613
dbus.String(self.name, variant_level=1),
614
dbus.String(u"fingerprint"):
615
dbus.String(self.fingerprint, variant_level=1),
616
dbus.String(u"host"):
617
dbus.String(self.host, variant_level=1),
618
dbus.String(u"created"):
619
self._datetime_to_dbus(self.created,
620
variant_level=1),
621
dbus.String(u"last_enabled"):
622
(self._datetime_to_dbus(self.last_enabled,
623
variant_level=1)
624
if self.last_enabled is not None
625
else dbus.Boolean(False, variant_level=1)),
626
dbus.String(u"enabled"):
627
dbus.Boolean(self.enabled, variant_level=1),
628
dbus.String(u"last_checked_ok"):
629
(self._datetime_to_dbus(self.last_checked_ok,
630
variant_level=1)
631
if self.last_checked_ok is not None
632
else dbus.Boolean (False, variant_level=1)),
633
dbus.String(u"timeout"):
634
dbus.UInt64(self.timeout_milliseconds(),
635
variant_level=1),
636
dbus.String(u"interval"):
637
dbus.UInt64(self.interval_milliseconds(),
638
variant_level=1),
639
dbus.String(u"checker"):
640
dbus.String(self.checker_command,
641
variant_level=1),
642
dbus.String(u"checker_running"):
643
dbus.Boolean(self.checker is not None,
644
variant_level=1),
645
dbus.String(u"object_path"):
646
dbus.ObjectPath(self.dbus_object_path,
647
variant_level=1)
648
}, signature=u"sv")
649
650
# IsStillValid - method
651
@dbus.service.method(_interface, out_signature=u"b")
652
def IsStillValid(self):
653
return self.still_valid()
654
655
# PropertyChanged - signal
656
@dbus.service.signal(_interface, signature=u"sv")
657
def PropertyChanged(self, property, value):
658
"D-Bus signal"
659
pass
660
661
# ReceivedSecret - signal
662
@dbus.service.signal(_interface)
663
def ReceivedSecret(self):
664
"D-Bus signal"
665
pass
666
667
# Rejected - signal
668
@dbus.service.signal(_interface)
669
def Rejected(self):
670
"D-Bus signal"
671
pass
672
673
# SetChecker - method
674
@dbus.service.method(_interface, in_signature=u"s")
675
def SetChecker(self, checker):
676
"D-Bus setter method"
677
self.checker_command = checker
678
# Emit D-Bus signal
679
self.PropertyChanged(dbus.String(u"checker"),
680
dbus.String(self.checker_command,
681
variant_level=1))
682
683
# SetHost - method
684
@dbus.service.method(_interface, in_signature=u"s")
685
def SetHost(self, host):
686
"D-Bus setter method"
687
self.host = host
688
# Emit D-Bus signal
689
self.PropertyChanged(dbus.String(u"host"),
690
dbus.String(self.host, variant_level=1))
691
692
# SetInterval - method
693
@dbus.service.method(_interface, in_signature=u"t")
694
def SetInterval(self, milliseconds):
695
self.interval = datetime.timedelta(0, 0, 0, milliseconds)
696
# Emit D-Bus signal
697
self.PropertyChanged(dbus.String(u"interval"),
698
(dbus.UInt64(self.interval_milliseconds(),
699
variant_level=1)))
700
701
# SetSecret - method
702
@dbus.service.method(_interface, in_signature=u"ay",
703
byte_arrays=True)
704
def SetSecret(self, secret):
705
"D-Bus setter method"
706
self.secret = str(secret)
707
708
# SetTimeout - method
709
@dbus.service.method(_interface, in_signature=u"t")
710
def SetTimeout(self, milliseconds):
711
self.timeout = datetime.timedelta(0, 0, 0, milliseconds)
712
# Emit D-Bus signal
713
self.PropertyChanged(dbus.String(u"timeout"),
714
(dbus.UInt64(self.timeout_milliseconds(),
715
variant_level=1)))
716
717
# Enable - method
718
@dbus.service.method(_interface)
719
def Enable(self):
720
"D-Bus method"
721
self.enable()
722
723
# StartChecker - method
724
@dbus.service.method(_interface)
725
def StartChecker(self):
726
"D-Bus method"
727
self.start_checker()
728
729
# Disable - method
730
@dbus.service.method(_interface)
731
def Disable(self):
732
"D-Bus method"
733
self.disable()
734
735
# StopChecker - method
736
@dbus.service.method(_interface)
737
def StopChecker(self):
738
self.stop_checker()
739
740
del _interface
741
742
743
class ClientHandler(socketserver.BaseRequestHandler, object):
744
"""A class to handle client connections.
745
746
Instantiated once for each connection to handle it.
377
def peer_certificate(session):
378
"Return the peer's OpenPGP certificate as a bytestring"
379
# If not an OpenPGP certificate...
380
if gnutls.library.functions.gnutls_certificate_type_get\
381
(session._c_object) \
382
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP:
383
# ...do the normal thing
384
return session.peer_certificate
385
list_size = ctypes.c_uint()
386
cert_list = gnutls.library.functions.gnutls_certificate_get_peers\
387
(session._c_object, ctypes.byref(list_size))
388
if list_size.value == 0:
389
return None
390
cert = cert_list[0]
391
return ctypes.string_at(cert.data, cert.size)
392
393
394
def fingerprint(openpgp):
395
"Convert an OpenPGP bytestring to a hexdigit fingerprint string"
396
# New GnuTLS "datum" with the OpenPGP public key
397
datum = gnutls.library.types.gnutls_datum_t\
398
(ctypes.cast(ctypes.c_char_p(openpgp),
399
ctypes.POINTER(ctypes.c_ubyte)),
400
ctypes.c_uint(len(openpgp)))
401
# New empty GnuTLS certificate
402
crt = gnutls.library.types.gnutls_openpgp_crt_t()
403
gnutls.library.functions.gnutls_openpgp_crt_init\
404
(ctypes.byref(crt))
405
# Import the OpenPGP public key into the certificate
406
gnutls.library.functions.gnutls_openpgp_crt_import\
407
(crt, ctypes.byref(datum),
408
gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)
409
# New buffer for the fingerprint
410
buffer = ctypes.create_string_buffer(20)
411
buffer_length = ctypes.c_size_t()
412
# Get the fingerprint from the certificate into the buffer
413
gnutls.library.functions.gnutls_openpgp_crt_get_fingerprint\
414
(crt, ctypes.byref(buffer), ctypes.byref(buffer_length))
415
# Deinit the certificate
416
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
417
# Convert the buffer to a Python bytestring
418
fpr = ctypes.string_at(buffer, buffer_length.value)
419
# Convert the bytestring to hexadecimal notation
420
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
421
return hex_fpr
422
423
424
class tcp_handler(SocketServer.BaseRequestHandler, object):
425
"""A TCP request handler class.
426
Instantiated by IPv6_TCPServer for each request to handle it.
747
427
Note: This will run in its own forked process."""
748
428
749
429
def handle(self):
750
430
logger.info(u"TCP connection from: %s",
751
unicode(self.client_address))
752
logger.debug(u"IPC Pipe FD: %d", self.server.pipe[1])
753
# Open IPC pipe to parent process
754
with closing(os.fdopen(self.server.pipe[1], u"w", 1)) as ipc:
755
session = (gnutls.connection
756
.ClientSession(self.request,
757
gnutls.connection
758
.X509Credentials()))
759
760
line = self.request.makefile().readline()
761
logger.debug(u"Protocol version: %r", line)
762
try:
763
if int(line.strip().split()[0]) > 1:
764
raise RuntimeError
765
except (ValueError, IndexError, RuntimeError), error:
766
logger.error(u"Unknown protocol version: %s", error)
767
return
768
769
# Note: gnutls.connection.X509Credentials is really a
770
# generic GnuTLS certificate credentials object so long as
771
# no X.509 keys are added to it. Therefore, we can use it
772
# here despite using OpenPGP certificates.
773
774
#priority = u':'.join((u"NONE", u"+VERS-TLS1.1",
775
# u"+AES-256-CBC", u"+SHA1",
776
# u"+COMP-NULL", u"+CTYPE-OPENPGP",
777
# u"+DHE-DSS"))
778
# Use a fallback default, since this MUST be set.
779
priority = self.server.gnutls_priority
780
if priority is None:
781
priority = u"NORMAL"
782
(gnutls.library.functions
783
.gnutls_priority_set_direct(session._c_object,
784
priority, None))
785
786
try:
787
session.handshake()
788
except gnutls.errors.GNUTLSError, error:
789
logger.warning(u"Handshake failed: %s", error)
790
# Do not run session.bye() here: the session is not
791
# established. Just abandon the request.
792
return
793
logger.debug(u"Handshake succeeded")
794
try:
795
fpr = self.fingerprint(self.peer_certificate(session))
796
except (TypeError, gnutls.errors.GNUTLSError), error:
797
logger.warning(u"Bad certificate: %s", error)
798
session.bye()
799
return
800
logger.debug(u"Fingerprint: %s", fpr)
801
802
for c in self.server.clients:
803
if c.fingerprint == fpr:
804
client = c
805
break
806
else:
807
ipc.write(u"NOTFOUND %s\n" % fpr)
808
session.bye()
809
return
810
# Have to check if client.still_valid(), since it is
811
# possible that the client timed out while establishing
812
# the GnuTLS session.
813
if not client.still_valid():
814
ipc.write(u"INVALID %s\n" % client.name)
815
session.bye()
816
return
817
ipc.write(u"SENDING %s\n" % client.name)
818
sent_size = 0
819
while sent_size < len(client.secret):
820
sent = session.send(client.secret[sent_size:])
821
logger.debug(u"Sent: %d, remaining: %d",
822
sent, len(client.secret)
823
- (sent_size + sent))
824
sent_size += sent
825
session.bye()
826
827
@staticmethod
828
def peer_certificate(session):
829
"Return the peer's OpenPGP certificate as a bytestring"
830
# If not an OpenPGP certificate...
831
if (gnutls.library.functions
832
.gnutls_certificate_type_get(session._c_object)
833
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
834
# ...do the normal thing
835
return session.peer_certificate
836
list_size = ctypes.c_uint(1)
837
cert_list = (gnutls.library.functions
838
.gnutls_certificate_get_peers
839
(session._c_object, ctypes.byref(list_size)))
840
if not bool(cert_list) and list_size.value != 0:
841
raise gnutls.errors.GNUTLSError(u"error getting peer"
842
u" certificate")
843
if list_size.value == 0:
844
return None
845
cert = cert_list[0]
846
return ctypes.string_at(cert.data, cert.size)
847
848
@staticmethod
849
def fingerprint(openpgp):
850
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
851
# New GnuTLS "datum" with the OpenPGP public key
852
datum = (gnutls.library.types
853
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
854
ctypes.POINTER
855
(ctypes.c_ubyte)),
856
ctypes.c_uint(len(openpgp))))
857
# New empty GnuTLS certificate
858
crt = gnutls.library.types.gnutls_openpgp_crt_t()
859
(gnutls.library.functions
860
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
861
# Import the OpenPGP public key into the certificate
862
(gnutls.library.functions
863
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
864
gnutls.library.constants
865
.GNUTLS_OPENPGP_FMT_RAW))
866
# Verify the self signature in the key
867
crtverify = ctypes.c_uint()
868
(gnutls.library.functions
869
.gnutls_openpgp_crt_verify_self(crt, 0,
870
ctypes.byref(crtverify)))
871
if crtverify.value != 0:
872
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
873
raise (gnutls.errors.CertificateSecurityError
874
(u"Verify failed"))
875
# New buffer for the fingerprint
876
buf = ctypes.create_string_buffer(20)
877
buf_len = ctypes.c_size_t()
878
# Get the fingerprint from the certificate into the buffer
879
(gnutls.library.functions
880
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
881
ctypes.byref(buf_len)))
882
# Deinit the certificate
883
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
884
# Convert the buffer to a Python bytestring
885
fpr = ctypes.string_at(buf, buf_len.value)
886
# Convert the bytestring to hexadecimal notation
887
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
888
return hex_fpr
889
890
891
class ForkingMixInWithPipe(socketserver.ForkingMixIn, object):
892
"""Like socketserver.ForkingMixIn, but also pass a pipe.
893
894
Assumes a gobject.MainLoop event loop.
895
"""
896
def process_request(self, request, client_address):
897
"""Overrides and wraps the original process_request().
898
899
This function creates a new pipe in self.pipe
900
"""
901
self.pipe = os.pipe()
902
super(ForkingMixInWithPipe,
903
self).process_request(request, client_address)
904
os.close(self.pipe[1]) # close write end
905
# Call "handle_ipc" for both data and EOF events
906
gobject.io_add_watch(self.pipe[0],
907
gobject.IO_IN | gobject.IO_HUP,
908
self.handle_ipc)
909
def handle_ipc(source, condition):
910
"""Dummy function; override as necessary"""
911
os.close(source)
912
return False
913
914
915
class IPv6_TCPServer(ForkingMixInWithPipe,
916
socketserver.TCPServer, object):
917
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
918
431
unicode(self.client_address))
432
session = gnutls.connection.ClientSession\
433
(self.request, gnutls.connection.X509Credentials())
434
435
line = self.request.makefile().readline()
436
logger.debug(u"Protocol version: %r", line)
437
try:
438
if int(line.strip().split()[0]) > 1:
439
raise RuntimeError
440
except (ValueError, IndexError, RuntimeError), error:
441
logger.error(u"Unknown protocol version: %s", error)
442
return
443
444
# Note: gnutls.connection.X509Credentials is really a generic
445
# GnuTLS certificate credentials object so long as no X.509
446
# keys are added to it. Therefore, we can use it here despite
447
# using OpenPGP certificates.
448
449
#priority = ':'.join(("NONE", "+VERS-TLS1.1", "+AES-256-CBC",
450
# "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",
451
# "+DHE-DSS"))
452
priority = "NORMAL" # Fallback default, since this
453
# MUST be set.
454
if self.server.settings["priority"]:
455
priority = self.server.settings["priority"]
456
gnutls.library.functions.gnutls_priority_set_direct\
457
(session._c_object, priority, None);
458
459
try:
460
session.handshake()
461
except gnutls.errors.GNUTLSError, error:
462
logger.warning(u"Handshake failed: %s", error)
463
# Do not run session.bye() here: the session is not
464
# established. Just abandon the request.
465
return
466
try:
467
fpr = fingerprint(peer_certificate(session))
468
except (TypeError, gnutls.errors.GNUTLSError), error:
469
logger.warning(u"Bad certificate: %s", error)
470
session.bye()
471
return
472
logger.debug(u"Fingerprint: %s", fpr)
473
client = None
474
for c in self.server.clients:
475
if c.fingerprint == fpr:
476
client = c
477
break
478
if not client:
479
logger.warning(u"Client not found for fingerprint: %s",
480
fpr)
481
session.bye()
482
return
483
# Have to check if client.still_valid(), since it is possible
484
# that the client timed out while establishing the GnuTLS
485
# session.
486
if not client.still_valid():
487
logger.warning(u"Client %(name)s is invalid",
488
vars(client))
489
session.bye()
490
return
491
sent_size = 0
492
while sent_size < len(client.secret):
493
sent = session.send(client.secret[sent_size:])
494
logger.debug(u"Sent: %d, remaining: %d",
495
sent, len(client.secret)
496
- (sent_size + sent))
497
sent_size += sent
498
session.bye()
499
500
501
class IPv6_TCPServer(SocketServer.ForkingTCPServer, object):
502
"""IPv6 TCP server. Accepts 'None' as address and/or port.
919
503
Attributes:
920
enabled: Boolean; whether this server is activated yet
921
interface: None or a network interface name (string)
922
use_ipv6: Boolean; to use IPv6 or not
923
----
924
clients: set of Client objects
925
gnutls_priority GnuTLS priority string
926
use_dbus: Boolean; to emit D-Bus signals or not
504
settings: Server settings
505
clients: Set() of Client objects
927
506
"""
928
def __init__(self, server_address, RequestHandlerClass,
929
interface=None, use_ipv6=True, clients=None,
930
gnutls_priority=None, use_dbus=True):
931
self.enabled = False
932
self.interface = interface
933
if use_ipv6:
934
self.address_family = socket.AF_INET6
935
self.clients = clients
936
self.use_dbus = use_dbus
937
self.gnutls_priority = gnutls_priority
938
socketserver.TCPServer.__init__(self, server_address,
939
RequestHandlerClass)
507
address_family = socket.AF_INET6
508
def __init__(self, *args, **kwargs):
509
if "settings" in kwargs:
510
self.settings = kwargs["settings"]
511
del kwargs["settings"]
512
if "clients" in kwargs:
513
self.clients = kwargs["clients"]
514
del kwargs["clients"]
515
return super(type(self), self).__init__(*args, **kwargs)
940
516
def server_bind(self):
941
517
"""This overrides the normal server_bind() function
942
518
to bind to an interface if one was specified, and also NOT to
943
519
bind to an address or port if they were not specified."""
944
if self.interface is not None:
520
if self.settings["interface"]:
521
# 25 is from /usr/include/asm-i486/socket.h
522
SO_BINDTODEVICE = getattr(socket, "SO_BINDTODEVICE", 25)
945
523
try:
946
524
self.socket.setsockopt(socket.SOL_SOCKET,
947
525
SO_BINDTODEVICE,
948
str(self.interface + u'\0'))
526
self.settings["interface"])
949
527
except socket.error, error:
950
528
if error[0] == errno.EPERM:
951
529
logger.error(u"No permission to"
952
530
u" bind to interface %s",
953
self.interface)
531
self.settings["interface"])
954
532
else:
955
raise
533
raise error
956
534
# Only bind(2) the socket if we really need to.
957
535
if self.server_address[0] or self.server_address[1]:
958
536
if not self.server_address[0]:
959
if self.address_family == socket.AF_INET6:
960
any_address = u"::" # in6addr_any
961
else:
962
any_address = socket.INADDR_ANY
963
self.server_address = (any_address,
537
in6addr_any = "::"
538
self.server_address = (in6addr_any,
964
539
self.server_address[1])
965
540
elif not self.server_address[1]:
966
541
self.server_address = (self.server_address[0],
967
542
0)
968
# if self.interface:
543
# if self.settings["interface"]:
969
544
# self.server_address = (self.server_address[0],
970
545
# 0, # port
971
546
# 0, # flowinfo
972
547
# if_nametoindex
973
# (self.interface))
974
return socketserver.TCPServer.server_bind(self)
975
def server_activate(self):
976
if self.enabled:
977
return socketserver.TCPServer.server_activate(self)
978
def enable(self):
979
self.enabled = True
980
def handle_ipc(self, source, condition, file_objects={}):
981
condition_names = {
982
gobject.IO_IN: u"IN", # There is data to read.
983
gobject.IO_OUT: u"OUT", # Data can be written (without
984
# blocking).
985
gobject.IO_PRI: u"PRI", # There is urgent data to read.
986
gobject.IO_ERR: u"ERR", # Error condition.
987
gobject.IO_HUP: u"HUP" # Hung up (the connection has been
988
# broken, usually for pipes and
989
# sockets).
990
}
991
conditions_string = ' | '.join(name
992
for cond, name in
993
condition_names.iteritems()
994
if cond & condition)
995
logger.debug(u"Handling IPC: FD = %d, condition = %s", source,
996
conditions_string)
997
998
# Turn the pipe file descriptor into a Python file object
999
if source not in file_objects:
1000
file_objects[source] = os.fdopen(source, u"r", 1)
1001
1002
# Read a line from the file object
1003
cmdline = file_objects[source].readline()
1004
if not cmdline: # Empty line means end of file
1005
# close the IPC pipe
1006
file_objects[source].close()
1007
del file_objects[source]
1008
1009
# Stop calling this function
1010
return False
1011
1012
logger.debug(u"IPC command: %r", cmdline)
1013
1014
# Parse and act on command
1015
cmd, args = cmdline.rstrip(u"\r\n").split(None, 1)
1016
1017
if cmd == u"NOTFOUND":
1018
logger.warning(u"Client not found for fingerprint: %s",
1019
args)
1020
if self.use_dbus:
1021
# Emit D-Bus signal
1022
mandos_dbus_service.ClientNotFound(args)
1023
elif cmd == u"INVALID":
1024
for client in self.clients:
1025
if client.name == args:
1026
logger.warning(u"Client %s is invalid", args)
1027
if self.use_dbus:
1028
# Emit D-Bus signal
1029
client.Rejected()
1030
break
1031
else:
1032
logger.error(u"Unknown client %s is invalid", args)
1033
elif cmd == u"SENDING":
1034
for client in self.clients:
1035
if client.name == args:
1036
logger.info(u"Sending secret to %s", client.name)
1037
client.checked_ok()
1038
if self.use_dbus:
1039
# Emit D-Bus signal
1040
client.ReceivedSecret()
1041
break
1042
else:
1043
logger.error(u"Sending secret to unknown client %s",
1044
args)
1045
else:
1046
logger.error(u"Unknown IPC command: %r", cmdline)
1047
1048
# Keep calling this function
1049
return True
548
# (self.settings
549
# ["interface"]))
550
return super(type(self), self).server_bind()
1050
551
1051
552
1052
553
def string_to_delta(interval):
1053
554
"""Parse a string and return a datetime.timedelta
1054
1055
>>> string_to_delta(u'7d')
555
556
>>> string_to_delta('7d')
1056
557
datetime.timedelta(7)
1057
>>> string_to_delta(u'60s')
558
>>> string_to_delta('60s')
1058
559
datetime.timedelta(0, 60)
1059
>>> string_to_delta(u'60m')
560
>>> string_to_delta('60m')
1060
561
datetime.timedelta(0, 3600)
1061
>>> string_to_delta(u'24h')
562
>>> string_to_delta('24h')
1062
563
datetime.timedelta(1)
1063
564
>>> string_to_delta(u'1w')
1064
565
datetime.timedelta(7)
1065
>>> string_to_delta(u'5m 30s')
1066
datetime.timedelta(0, 330)
1067
566
"""
1068
timevalue = datetime.timedelta(0)
1069
for s in interval.split():
1070
try:
1071
suffix = unicode(s[-1])
1072
value = int(s[:-1])
1073
if suffix == u"d":
1074
delta = datetime.timedelta(value)
1075
elif suffix == u"s":
1076
delta = datetime.timedelta(0, value)
1077
elif suffix == u"m":
1078
delta = datetime.timedelta(0, 0, 0, 0, value)
1079
elif suffix == u"h":
1080
delta = datetime.timedelta(0, 0, 0, 0, 0, value)
1081
elif suffix == u"w":
1082
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
1083
else:
1084
raise ValueError
1085
except (ValueError, IndexError):
567
try:
568
suffix=unicode(interval[-1])
569
value=int(interval[:-1])
570
if suffix == u"d":
571
delta = datetime.timedelta(value)
572
elif suffix == u"s":
573
delta = datetime.timedelta(0, value)
574
elif suffix == u"m":
575
delta = datetime.timedelta(0, 0, 0, 0, value)
576
elif suffix == u"h":
577
delta = datetime.timedelta(0, 0, 0, 0, 0, value)
578
elif suffix == u"w":
579
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
580
else:
1086
581
raise ValueError
1087
timevalue += delta
1088
return timevalue
1089
582
except (ValueError, IndexError):
583
raise ValueError
584
return delta
585
586
587
def server_state_changed(state):
588
"""Derived from the Avahi example code"""
589
if state == avahi.SERVER_COLLISION:
590
logger.error(u"Server name collision")
591
service.remove()
592
elif state == avahi.SERVER_RUNNING:
593
service.add()
594
595
596
def entry_group_state_changed(state, error):
597
"""Derived from the Avahi example code"""
598
logger.debug(u"state change: %i", state)
599
600
if state == avahi.ENTRY_GROUP_ESTABLISHED:
601
logger.debug(u"Service established.")
602
elif state == avahi.ENTRY_GROUP_COLLISION:
603
logger.warning(u"Service name collision.")
604
service.rename()
605
elif state == avahi.ENTRY_GROUP_FAILURE:
606
logger.critical(u"Error in group state changed %s",
607
unicode(error))
608
raise AvahiGroupError("State changed: %s", str(error))
1090
609
1091
610
def if_nametoindex(interface):
1092
"""Call the C function if_nametoindex(), or equivalent
1093
1094
Note: This function cannot accept a unicode string."""
611
"""Call the C function if_nametoindex(), or equivalent"""
1095
612
global if_nametoindex
1096
613
try:
1097
if_nametoindex = (ctypes.cdll.LoadLibrary
1098
(ctypes.util.find_library(u"c"))
1099
.if_nametoindex)
614
if "ctypes.util" not in sys.modules:
615
import ctypes.util
616
if_nametoindex = ctypes.cdll.LoadLibrary\
617
(ctypes.util.find_library("c")).if_nametoindex
1100
618
except (OSError, AttributeError):
1101
logger.warning(u"Doing if_nametoindex the hard way")
619
if "struct" not in sys.modules:
620
import struct
621
if "fcntl" not in sys.modules:
622
import fcntl
1102
623
def if_nametoindex(interface):
1103
624
"Get an interface index the hard way, i.e. using fcntl()"
1104
625
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
1105
with closing(socket.socket()) as s:
1106
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
1107
struct.pack(str(u"16s16x"),
1108
interface))
1109
interface_index = struct.unpack(str(u"I"),
1110
ifreq[16:20])[0]
626
s = socket.socket()
627
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
628
struct.pack("16s16x", interface))
629
s.close()
630
interface_index = struct.unpack("I", ifreq[16:20])[0]
1111
631
return interface_index
1112
632
return if_nametoindex(interface)
1113
633
1114
634
1115
635
def daemon(nochdir = False, noclose = False):
1116
636
"""See daemon(3). Standard BSD Unix function.
1117
1118
637
This should really exist as os.daemon, but it doesn't (yet)."""
1119
638
if os.fork():
1120
639
sys.exit()
1121
640
os.setsid()
1122
641
if not nochdir:
1123
os.chdir(u"/")
642
os.chdir("/")
1124
643
if os.fork():
1125
644
sys.exit()
1126
645
if not noclose:
1128
647
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1129
648
if not stat.S_ISCHR(os.fstat(null).st_mode):
1130
649
raise OSError(errno.ENODEV,
1131
u"/dev/null not a character device")
650
"/dev/null not a character device")
1132
651
os.dup2(null, sys.stdin.fileno())
1133
652
os.dup2(null, sys.stdout.fileno())
1134
653
os.dup2(null, sys.stderr.fileno())
1137
656
1138
657
1139
658
def main():
1140
1141
######################################################################
1142
# Parsing of options, both command line and config file
1143
1144
parser = optparse.OptionParser(version = "%%prog %s" % version)
1145
parser.add_option("-i", u"--interface", type=u"string",
1146
metavar="IF", help=u"Bind to interface IF")
1147
parser.add_option("-a", u"--address", type=u"string",
1148
help=u"Address to listen for requests on")
1149
parser.add_option("-p", u"--port", type=u"int",
1150
help=u"Port number to receive requests on")
1151
parser.add_option("--check", action=u"store_true",
1152
help=u"Run self-test")
1153
parser.add_option("--debug", action=u"store_true",
1154
help=u"Debug mode; run in foreground and log to"
1155
u" terminal")
1156
parser.add_option("--priority", type=u"string", help=u"GnuTLS"
1157
u" priority string (see GnuTLS documentation)")
1158
parser.add_option("--servicename", type=u"string",
1159
metavar=u"NAME", help=u"Zeroconf service name")
1160
parser.add_option("--configdir", type=u"string",
1161
default=u"/etc/mandos", metavar=u"DIR",
1162
help=u"Directory to search for configuration"
1163
u" files")
1164
parser.add_option("--no-dbus", action=u"store_false",
1165
dest=u"use_dbus", help=u"Do not provide D-Bus"
1166
u" system bus interface")
1167
parser.add_option("--no-ipv6", action=u"store_false",
1168
dest=u"use_ipv6", help=u"Do not use IPv6")
1169
options = parser.parse_args()[0]
659
global main_loop_started
660
main_loop_started = False
661
662
parser = OptionParser(version = "%%prog %s" % version)
663
parser.add_option("-i", "--interface", type="string",
664
metavar="IF", help="Bind to interface IF")
665
parser.add_option("-a", "--address", type="string",
666
help="Address to listen for requests on")
667
parser.add_option("-p", "--port", type="int",
668
help="Port number to receive requests on")
669
parser.add_option("--check", action="store_true", default=False,
670
help="Run self-test")
671
parser.add_option("--debug", action="store_true",
672
help="Debug mode; run in foreground and log to"
673
" terminal")
674
parser.add_option("--priority", type="string", help="GnuTLS"
675
" priority string (see GnuTLS documentation)")
676
parser.add_option("--servicename", type="string", metavar="NAME",
677
help="Zeroconf service name")
678
parser.add_option("--configdir", type="string",
679
default="/etc/mandos", metavar="DIR",
680
help="Directory to search for configuration"
681
" files")
682
(options, args) = parser.parse_args()
1170
683
1171
684
if options.check:
1172
685
import doctest
1174
687
sys.exit()
1175
688
1176
689
# Default values for config file for server-global settings
1177
server_defaults = { u"interface": u"",
1178
u"address": u"",
1179
u"port": u"",
1180
u"debug": u"False",
1181
u"priority":
1182
u"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1183
u"servicename": u"Mandos",
1184
u"use_dbus": u"True",
1185
u"use_ipv6": u"True",
690
server_defaults = { "interface": "",
691
"address": "",
692
"port": "",
693
"debug": "False",
694
"priority":
695
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
696
"servicename": "Mandos",
1186
697
}
1187
698
1188
699
# Parse config file for server-global settings
1189
server_config = configparser.SafeConfigParser(server_defaults)
700
server_config = ConfigParser.SafeConfigParser(server_defaults)
1190
701
del server_defaults
1191
server_config.read(os.path.join(options.configdir,
1192
u"mandos.conf"))
702
server_config.read(os.path.join(options.configdir, "mandos.conf"))
703
server_section = "server"
1193
704
# Convert the SafeConfigParser object to a dict
1194
server_settings = server_config.defaults()
1195
# Use the appropriate methods on the non-string config options
1196
for option in (u"debug", u"use_dbus", u"use_ipv6"):
1197
server_settings[option] = server_config.getboolean(u"DEFAULT",
1198
option)
1199
if server_settings["port"]:
1200
server_settings["port"] = server_config.getint(u"DEFAULT",
1201
u"port")
705
server_settings = dict(server_config.items(server_section))
706
# Use getboolean on the boolean config option
707
server_settings["debug"] = server_config.getboolean\
708
(server_section, "debug")
1202
709
del server_config
1203
710
1204
711
# Override the settings from the config file with command line
1205
712
# options, if set.
1206
for option in (u"interface", u"address", u"port", u"debug",
1207
u"priority", u"servicename", u"configdir",
1208
u"use_dbus", u"use_ipv6"):
713
for option in ("interface", "address", "port", "debug",
714
"priority", "servicename", "configdir"):
1209
715
value = getattr(options, option)
1210
716
if value is not None:
1211
717
server_settings[option] = value
1212
718
del options
1213
# Force all strings to be unicode
1214
for option in server_settings.keys():
1215
if type(server_settings[option]) is str:
1216
server_settings[option] = unicode(server_settings[option])
1217
719
# Now we have our good server settings in "server_settings"
1218
720
1219
##################################################################
1220
1221
# For convenience
1222
debug = server_settings[u"debug"]
1223
use_dbus = server_settings[u"use_dbus"]
1224
use_ipv6 = server_settings[u"use_ipv6"]
721
debug = server_settings["debug"]
1225
722
1226
723
if not debug:
1227
724
syslogger.setLevel(logging.WARNING)
1228
725
console.setLevel(logging.WARNING)
1229
726
1230
if server_settings[u"servicename"] != u"Mandos":
1231
syslogger.setFormatter(logging.Formatter
1232
(u'Mandos (%s) [%%(process)d]:'
1233
u' %%(levelname)s: %%(message)s'
1234
% server_settings[u"servicename"]))
727
if server_settings["servicename"] != "Mandos":
728
syslogger.setFormatter(logging.Formatter\
729
('Mandos (%s): %%(levelname)s:'
730
' %%(message)s'
731
% server_settings["servicename"]))
1235
732
1236
733
# Parse config file with clients
1237
client_defaults = { u"timeout": u"1h",
1238
u"interval": u"5m",
1239
u"checker": u"fping -q -- %%(host)s",
1240
u"host": u"",
734
client_defaults = { "timeout": "1h",
735
"interval": "5m",
736
"checker": "fping -q -- %%(host)s",
1241
737
}
1242
client_config = configparser.SafeConfigParser(client_defaults)
1243
client_config.read(os.path.join(server_settings[u"configdir"],
1244
u"clients.conf"))
1245
1246
global mandos_dbus_service
1247
mandos_dbus_service = None
1248
1249
clients = set()
1250
tcp_server = IPv6_TCPServer((server_settings[u"address"],
1251
server_settings[u"port"]),
1252
ClientHandler,
1253
interface=
1254
server_settings[u"interface"],
1255
use_ipv6=use_ipv6,
1256
clients=clients,
1257
gnutls_priority=
1258
server_settings[u"priority"],
1259
use_dbus=use_dbus)
1260
pidfilename = u"/var/run/mandos.pid"
1261
try:
1262
pidfile = open(pidfilename, u"w")
1263
except IOError:
1264
logger.error(u"Could not open file %r", pidfilename)
1265
1266
try:
1267
uid = pwd.getpwnam(u"_mandos").pw_uid
1268
gid = pwd.getpwnam(u"_mandos").pw_gid
1269
except KeyError:
1270
try:
1271
uid = pwd.getpwnam(u"mandos").pw_uid
1272
gid = pwd.getpwnam(u"mandos").pw_gid
1273
except KeyError:
1274
try:
1275
uid = pwd.getpwnam(u"nobody").pw_uid
1276
gid = pwd.getpwnam(u"nobody").pw_gid
1277
except KeyError:
1278
uid = 65534
1279
gid = 65534
1280
try:
1281
os.setgid(gid)
1282
os.setuid(uid)
1283
except OSError, error:
1284
if error[0] != errno.EPERM:
1285
raise error
1286
1287
# Enable all possible GnuTLS debugging
1288
if debug:
1289
# "Use a log level over 10 to enable all debugging options."
1290
# - GnuTLS manual
1291
gnutls.library.functions.gnutls_global_set_log_level(11)
1292
1293
@gnutls.library.types.gnutls_log_func
1294
def debug_gnutls(level, string):
1295
logger.debug(u"GnuTLS: %s", string[:-1])
1296
1297
(gnutls.library.functions
1298
.gnutls_global_set_log_function(debug_gnutls))
738
client_config = ConfigParser.SafeConfigParser(client_defaults)
739
client_config.read(os.path.join(server_settings["configdir"],
740
"clients.conf"))
1299
741
1300
742
global service
1301
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
1302
service = AvahiService(name = server_settings[u"servicename"],
1303
servicetype = u"_mandos._tcp",
1304
protocol = protocol)
743
service = AvahiService(name = server_settings["servicename"],
744
type = "_mandos._tcp", );
1305
745
if server_settings["interface"]:
1306
service.interface = (if_nametoindex
1307
(str(server_settings[u"interface"])))
746
service.interface = if_nametoindex(server_settings["interface"])
1308
747
1309
748
global main_loop
1310
749
global bus
750
global server
1311
751
# From the Avahi example code
1312
752
DBusGMainLoop(set_as_default=True )
1313
753
main_loop = gobject.MainLoop()
1314
754
bus = dbus.SystemBus()
755
server = dbus.Interface(
756
bus.get_object( avahi.DBUS_NAME, avahi.DBUS_PATH_SERVER ),
757
avahi.DBUS_INTERFACE_SERVER )
1315
758
# End of Avahi example code
1316
if use_dbus:
1317
bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos", bus)
1318
1319
client_class = Client
1320
if use_dbus:
1321
client_class = ClientDBus
1322
clients.update(set(
1323
client_class(name = section,
1324
config= dict(client_config.items(section)))
1325
for section in client_config.sections()))
759
760
clients = Set()
761
def remove_from_clients(client):
762
clients.remove(client)
763
if not clients:
764
logger.critical(u"No clients left, exiting")
765
sys.exit()
766
767
clients.update(Set(Client(name = section,
768
stop_hook = remove_from_clients,
769
config
770
= dict(client_config.items(section)))
771
for section in client_config.sections()))
1326
772
if not clients:
1327
logger.warning(u"No clients defined")
773
logger.critical(u"No clients defined")
774
sys.exit(1)
1328
775
1329
if debug:
1330
# Redirect stdin so all checkers get /dev/null
1331
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1332
os.dup2(null, sys.stdin.fileno())
1333
if null > 2:
1334
os.close(null)
1335
else:
1336
# No console logging
776
if not debug:
1337
777
logger.removeHandler(console)
1338
# Close all input and output, do double fork, etc.
1339
778
daemon()
1340
779
780
pidfilename = "/var/run/mandos/mandos.pid"
781
pid = os.getpid()
1341
782
try:
1342
with closing(pidfile):
1343
pid = os.getpid()
1344
pidfile.write(str(pid) + "\n")
783
pidfile = open(pidfilename, "w")
784
pidfile.write(str(pid) + "\n")
785
pidfile.close()
1345
786
del pidfile
1346
except IOError:
1347
logger.error(u"Could not write to file %r with PID %d",
1348
pidfilename, pid)
1349
except NameError:
1350
# "pidfile" was never created
1351
pass
1352
del pidfilename
787
except IOError, err:
788
logger.error(u"Could not write %s file with PID %d",
789
pidfilename, os.getpid())
1353
790
1354
791
def cleanup():
1355
792
"Cleanup function; run on exit"
1356
service.cleanup()
793
global group
794
# From the Avahi example code
795
if not group is None:
796
group.Free()
797
group = None
798
# End of Avahi example code
1357
799
1358
800
while clients:
1359
801
client = clients.pop()
1360
client.disable_hook = None
1361
client.disable()
802
client.stop_hook = None
803
client.stop()
1362
804
1363
805
atexit.register(cleanup)
1364
806
1367
809
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
1368
810
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
1369
811
1370
if use_dbus:
1371
class MandosDBusService(dbus.service.Object):
1372
"""A D-Bus proxy object"""
1373
def __init__(self):
1374
dbus.service.Object.__init__(self, bus, u"/")
1375
_interface = u"se.bsnet.fukt.Mandos"
1376
1377
@dbus.service.signal(_interface, signature=u"oa{sv}")
1378
def ClientAdded(self, objpath, properties):
1379
"D-Bus signal"
1380
pass
1381
1382
@dbus.service.signal(_interface, signature=u"s")
1383
def ClientNotFound(self, fingerprint):
1384
"D-Bus signal"
1385
pass
1386
1387
@dbus.service.signal(_interface, signature=u"os")
1388
def ClientRemoved(self, objpath, name):
1389
"D-Bus signal"
1390
pass
1391
1392
@dbus.service.method(_interface, out_signature=u"ao")
1393
def GetAllClients(self):
1394
"D-Bus method"
1395
return dbus.Array(c.dbus_object_path for c in clients)
1396
1397
@dbus.service.method(_interface,
1398
out_signature=u"a{oa{sv}}")
1399
def GetAllClientsWithProperties(self):
1400
"D-Bus method"
1401
return dbus.Dictionary(
1402
((c.dbus_object_path, c.GetAllProperties())
1403
for c in clients),
1404
signature=u"oa{sv}")
1405
1406
@dbus.service.method(_interface, in_signature=u"o")
1407
def RemoveClient(self, object_path):
1408
"D-Bus method"
1409
for c in clients:
1410
if c.dbus_object_path == object_path:
1411
clients.remove(c)
1412
c.remove_from_connection()
1413
# Don't signal anything except ClientRemoved
1414
c.disable(signal=False)
1415
# Emit D-Bus signal
1416
self.ClientRemoved(object_path, c.name)
1417
return
1418
raise KeyError
1419
1420
del _interface
1421
1422
mandos_dbus_service = MandosDBusService()
1423
1424
812
for client in clients:
1425
if use_dbus:
1426
# Emit D-Bus signal
1427
mandos_dbus_service.ClientAdded(client.dbus_object_path,
1428
client.GetAllProperties())
1429
client.enable()
1430
1431
tcp_server.enable()
1432
tcp_server.server_activate()
1433
813
client.start()
814
815
tcp_server = IPv6_TCPServer((server_settings["address"],
816
server_settings["port"]),
817
tcp_handler,
818
settings=server_settings,
819
clients=clients)
1434
820
# Find out what port we got
1435
821
service.port = tcp_server.socket.getsockname()[1]
1436
if use_ipv6:
1437
logger.info(u"Now listening on address %r, port %d,"
1438
" flowinfo %d, scope_id %d"
1439
% tcp_server.socket.getsockname())
1440
else: # IPv4
1441
logger.info(u"Now listening on address %r, port %d"
1442
% tcp_server.socket.getsockname())
822
logger.info(u"Now listening on address %r, port %d, flowinfo %d,"
823
u" scope_id %d" % tcp_server.socket.getsockname())
1443
824
1444
825
#service.interface = tcp_server.socket.getsockname()[3]
1445
826
1446
827
try:
1447
828
# From the Avahi example code
829
server.connect_to_signal("StateChanged", server_state_changed)
1448
830
try:
1449
service.activate()
831
server_state_changed(server.GetState())
1450
832
except dbus.exceptions.DBusException, error:
1451
833
logger.critical(u"DBusException: %s", error)
1452
834
sys.exit(1)
1454
836
1455
837
gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,
1456
838
lambda *args, **kwargs:
1457
(tcp_server.handle_request
1458
(*args[2:], **kwargs) or True))
839
tcp_server.handle_request\
840
(*args[2:], **kwargs) or True)
1459
841
1460
842
logger.debug(u"Starting main loop")
843
main_loop_started = True
1461
844
main_loop.run()
1462
845
except AvahiError, error:
1463
logger.critical(u"AvahiError: %s", error)
846
logger.critical(u"AvahiError: %s" + unicode(error))
1464
847
sys.exit(1)
1465
848
except KeyboardInterrupt:
1466
849
if debug:
1467
print >> sys.stderr
1468
logger.debug(u"Server received KeyboardInterrupt")
1469
logger.debug(u"Server exiting")
850
print
1470
851
1471
852
if __name__ == '__main__':
1472
853
main()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0