=== modified file 'mandos'
--- mandos 2009-02-12 06:09:24 +0000
+++ mandos 2009-02-13 05:38:21 +0000
@@ -114,7 +114,8 @@
"""
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
servicetype = None, port = None, TXT = None,
- domain = "", host = "", max_renames = 32768):
+ domain = "", host = "", max_renames = 32768,
+ protocol = avahi.PROTO_UNSPEC):
self.interface = interface
self.name = name
self.type = servicetype
@@ -124,6 +125,7 @@
self.host = host
self.rename_count = 0
self.max_renames = max_renames
+ self.protocol = protocol
def rename(self):
"""Derived from the Avahi example code"""
if self.rename_count >= self.max_renames:
@@ -158,7 +160,7 @@
service.name, service.type)
group.AddService(
self.interface, # interface
- avahi.PROTO_INET6, # protocol
+ self.protocol, # protocol
dbus.UInt32(0), # flags
self.name, self.type,
self.domain, self.host,
@@ -738,7 +740,7 @@
class IPv6_TCPServer(SocketServer.ForkingMixIn,
SocketServer.TCPServer, object):
- """IPv6 TCP server. Accepts 'None' as address and/or port.
+ """IPv6-capable TCP server. Accepts 'None' as address and/or port.
Attributes:
settings: Server settings
clients: Set() of Client objects
@@ -752,6 +754,10 @@
if "clients" in kwargs:
self.clients = kwargs["clients"]
del kwargs["clients"]
+ if "use_ipv6" in kwargs:
+ if not kwargs["use_ipv6"]:
+ self.address_family = socket.AF_INET
+ del kwargs["use_ipv6"]
self.enabled = False
super(IPv6_TCPServer, self).__init__(*args, **kwargs)
def server_bind(self):
@@ -775,8 +781,11 @@
# Only bind(2) the socket if we really need to.
if self.server_address[0] or self.server_address[1]:
if not self.server_address[0]:
- in6addr_any = "::"
- self.server_address = (in6addr_any,
+ if self.address_family == socket.AF_INET6:
+ any_address = "::" # in6addr_any
+ else:
+ any_address = socket.INADDR_ANY
+ self.server_address = (any_address,
self.server_address[1])
elif not self.server_address[1]:
self.server_address = (self.server_address[0],
@@ -929,6 +938,8 @@
dest="use_dbus",
help="Do not provide D-Bus system bus"
" interface")
+ parser.add_option("--no-ipv6", action="store_false",
+ dest="use_ipv6", help="Do not use IPv6")
options = parser.parse_args()[0]
if options.check:
@@ -945,6 +956,7 @@
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
"servicename": "Mandos",
"use_dbus": "True",
+ "use_ipv6": "True",
}
# Parse config file for server-global settings
@@ -958,6 +970,8 @@
"debug")
server_settings["use_dbus"] = server_config.getboolean("DEFAULT",
"use_dbus")
+ server_settings["use_ipv6"] = server_config.getboolean("DEFAULT",
+ "use_ipv6")
if server_settings["port"]:
server_settings["port"] = server_config.getint("DEFAULT",
"port")
@@ -967,7 +981,7 @@
# options, if set.
for option in ("interface", "address", "port", "debug",
"priority", "servicename", "configdir",
- "use_dbus"):
+ "use_dbus", "use_ipv6"):
value = getattr(options, option)
if value is not None:
server_settings[option] = value
@@ -977,6 +991,7 @@
# For convenience
debug = server_settings["debug"]
use_dbus = server_settings["use_dbus"]
+ use_ipv6 = server_settings["use_ipv6"]
if not debug:
syslogger.setLevel(logging.WARNING)
@@ -1003,7 +1018,7 @@
server_settings["port"]),
TCP_handler,
settings=server_settings,
- clients=clients)
+ clients=clients, use_ipv6=use_ipv6)
pidfilename = "/var/run/mandos.pid"
try:
pidfile = open(pidfilename, "w")
@@ -1045,8 +1060,10 @@
.gnutls_global_set_log_function(debug_gnutls))
global service
+ protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
service = AvahiService(name = server_settings["servicename"],
- servicetype = "_mandos._tcp", )
+ servicetype = "_mandos._tcp",
+ protocol = protocol)
if server_settings["interface"]:
service.interface = (if_nametoindex
(server_settings["interface"]))
@@ -1179,8 +1196,13 @@
# Find out what port we got
service.port = tcp_server.socket.getsockname()[1]
- logger.info(u"Now listening on address %r, port %d, flowinfo %d,"
- u" scope_id %d" % tcp_server.socket.getsockname())
+ if use_ipv6:
+ logger.info(u"Now listening on address %r, port %d,"
+ " flowinfo %d, scope_id %d"
+ % tcp_server.socket.getsockname())
+ else: # IPv4
+ logger.info(u"Now listening on address %r, port %d"
+ % tcp_server.socket.getsockname())
#service.interface = tcp_server.socket.getsockname()[3]
=== modified file 'mandos-options.xml'
--- mandos-options.xml 2008-12-29 02:44:54 +0000
+++ mandos-options.xml 2009-02-13 05:38:21 +0000
@@ -26,10 +26,12 @@
specified IPv6 address. If a link-local address is specified, an
interface should be set, since a link-local address is only valid
on a single interface. By default, the server will listen to all
- available addresses. If set, this must be an IPv6 address; an
- IPv4 address can only be specified using IPv4-mapped IPv6 address
- syntax: ::FFFF:192.0.2.3.
+ available addresses. If set, this must normally be an IPv6
+ address; an IPv4 address can only be specified using IPv4-mapped
+ IPv6 address syntax: ::FFFF:192.0.2.3. (Only if IPv6 usage is
+ disabled (see below) must this be an IPv4
+ address.)
@@ -65,11 +67,23 @@
rename itself to Mandos #2, and
so on; therefore, this option is not needed in that case.
-
+
This option controls whether the server will provide a D-Bus
system bus interface. The default is to provide such an
interface.
+
+ This option controls whether the server will use IPv6 sockets and
+ addresses. The default is to use IPv6. This option should
+ never normally be turned off, even in
+ IPv4-only environments. This is because
+ mandos-client
+ 8mandos will normally use
+ IPv6 link-local addresses, and will not be able to find or connect
+ to the server if this option is turned off. Only
+ advanced users should consider changing this option.
+
+
=== modified file 'mandos.conf'
--- mandos.conf 2008-12-29 02:44:54 +0000
+++ mandos.conf 2009-02-13 05:38:21 +0000
@@ -39,3 +39,6 @@
# Whether to provide a D-Bus system bus interface or not
;use_dbus = True
+
+# Whether to use IPv6. (Changing this is NOT recommended.)
+;use_ipv6 = True
=== modified file 'mandos.conf.xml'
--- mandos.conf.xml 2009-01-04 21:54:55 +0000
+++ mandos.conf.xml 2009-02-13 05:38:21 +0000
@@ -3,7 +3,7 @@
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
/etc/mandos/mandos.conf">
-
+
%common;
]>
@@ -142,6 +142,17 @@
+
+
+
+
+
+
+
@@ -179,12 +190,13 @@
[DEFAULT]
# A configuration example
interface = eth0
-address = 2001:db8:f983:bd0b:30de:ae4a:71f2:f672
+address = fe80::aede:48ff:fe71:f6f2
port = 1025
debug = true
priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP
servicename = Daena
use_dbus = False
+use_ipv6 = True
=== modified file 'mandos.xml'
--- mandos.xml 2009-01-15 05:27:55 +0000
+++ mandos.xml 2009-02-13 05:38:21 +0000
@@ -2,7 +2,7 @@
-
+
%common;
]>
@@ -87,6 +87,8 @@
+
+ &COMMANDNAME;
@@ -241,6 +243,13 @@
+
+
+
+
+
+
+