=== modified file 'TODO' --- TODO 2008-07-21 19:15:06 +0000 +++ TODO 2008-07-22 06:23:29 +0000 @@ -1,19 +1,25 @@ [Mandos client] configuration for OpenPGP key +header files/symbols tally +check exit codes of all system calls IPv4 support [Pluginbasedclient] disable certain plugins +header files/symbols tally +check exit codes of all system calls change uid to nobody:nogroup other drop privs stuff? [Server] config file for: TXT record - GnuTLS priority string run-time communication with server [Mandos-tools/utilities] List clients Enable client Disable client + +[Installer] +... === modified file 'mandos-clients.conf' --- mandos-clients.conf 2008-07-20 06:33:48 +0000 +++ mandos-clients.conf 2008-07-22 06:23:29 +0000 @@ -1,3 +1,8 @@ +[DEFAULT] +timeout = 1h +interval = 5m +checker = fping -q -- %%(fqdn)s + # Example [foo] fingerprint = 3e393aeaefb84c7e89e2f547b3a107558fca3a27 === modified file 'plugins.d/mandosclient.c' --- plugins.d/mandosclient.c 2008-07-21 22:51:46 +0000 +++ plugins.d/mandosclient.c 2008-07-22 06:23:29 +0000 @@ -419,8 +419,10 @@ ret = gnutls_handshake (es.session); if (ret != GNUTLS_E_SUCCESS){ - fprintf(stderr, "\n*** Handshake failed ***\n"); - gnutls_perror (ret); + if(debug){ + fprintf(stderr, "\n*** Handshake failed ***\n"); + gnutls_perror (ret); + } retval = -1; goto exit; } @@ -551,15 +553,13 @@ char ip[AVAHI_ADDRESS_STR_MAX]; avahi_address_snprint(ip, sizeof(ip), address); if(debug){ - fprintf(stderr, "Mandos server found on %s (%s) on port %d\n", - host_name, ip, port); + fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on" + " port %d\n", name, host_name, ip, port); } int ret = start_mandos_communication(ip, port, (unsigned int) interface); if (ret == 0){ exit(EXIT_SUCCESS); - } else { - exit(EXIT_FAILURE); } } } === modified file 'server.py' --- server.py 2008-07-21 01:50:31 +0000 +++ server.py 2008-07-22 06:23:29 +0000 @@ -87,7 +87,7 @@ # Avahi example code. serviceInterface = avahi.IF_UNSPEC # From the Avahi example code: -serviceName = "Mandos" +serviceName = None serviceType = "_mandos._tcp" # http://www.dns-sd.org/ServiceTypes.html servicePort = None # Not known at startup serviceTXT = [] # TXT record for the service @@ -152,16 +152,18 @@ interval = property(lambda self: self._interval, _set_interval) del _set_interval - def __init__(self, name=None, options=None, stop_hook=None, - fingerprint=None, secret=None, secfile=None, - fqdn=None, timeout=None, interval=-1, checker=None): + def __init__(self, name=None, stop_hook=None, fingerprint=None, + secret=None, secfile=None, fqdn=None, timeout=None, + interval=-1, checker=None): """Note: the 'checker' argument sets the 'checker_command' attribute and not the 'checker' attribute..""" self.name = name + logger.debug(u"Creating client %r", self.name) # Uppercase and remove spaces from fingerprint # for later comparison purposes with return value of # the fingerprint() function self.fingerprint = fingerprint.upper().replace(u" ", u"") + logger.debug(u" Fingerprint: %s", self.fingerprint) if secret: self.secret = secret.decode(u"base64") elif secfile: @@ -174,14 +176,8 @@ self.fqdn = fqdn # string self.created = datetime.datetime.now() self.last_seen = None - if timeout is None: - self.timeout = options.timeout - else: - self.timeout = string_to_delta(timeout) - if interval == -1: - self.interval = options.interval - else: - self.interval = string_to_delta(interval) + self.timeout = string_to_delta(timeout) + self.interval = string_to_delta(interval) self.stop_hook = stop_hook self.checker = None self.checker_initiator_tag = None @@ -377,8 +373,9 @@ #priority = ':'.join(("NONE", "+VERS-TLS1.1", "+AES-256-CBC", # "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP", # "+DHE-DSS")) - priority = "SECURE256" - + priority = "NORMAL" + if self.server.options.priority: + priority = self.server.options.priority gnutls.library.functions.gnutls_priority_set_direct\ (session._c_object, priority, None); @@ -636,16 +633,16 @@ help="Address to listen for requests on") parser.add_option("-p", "--port", type="int", default=None, help="Port number to receive requests on") - parser.add_option("--timeout", type="string", # Parsed later - default="1h", - help="Amount of downtime allowed for clients") - parser.add_option("--interval", type="string", # Parsed later - default="5m", - help="How often to check that a client is up") parser.add_option("--check", action="store_true", default=False, help="Run self-test") parser.add_option("--debug", action="store_true", default=False, help="Debug mode") + parser.add_option("--priority", type="string", + default="SECURE256", + help="GnuTLS priority string" + " (see GnuTLS documentation)") + parser.add_option("--servicename", type="string", + default="Mandos", help="Zeroconf service name") (options, args) = parser.parse_args() if options.check: @@ -653,22 +650,18 @@ doctest.testmod() sys.exit() - # Parse the time arguments - try: - options.timeout = string_to_delta(options.timeout) - except ValueError: - parser.error("option --timeout: Unparseable time") - try: - options.interval = string_to_delta(options.interval) - except ValueError: - parser.error("option --interval: Unparseable time") - # Parse config file - defaults = { "checker": "fping -q -- %%(fqdn)s" } + defaults = { "timeout": "1h", + "interval": "5m", + "checker": "fping -q -- %%(fqdn)s", + } client_config = ConfigParser.SafeConfigParser(defaults) #client_config.readfp(open("global.conf"), "global.conf") client_config.read("mandos-clients.conf") + global serviceName + serviceName = options.servicename; + global main_loop global bus global server @@ -698,7 +691,7 @@ logger.debug(u"No clients left, exiting") killme() - clients.update(Set(Client(name=section, options=options, + clients.update(Set(Client(name=section, stop_hook = remove_from_clients, **(dict(client_config\ .items(section))))