To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 1161
- compare with another revision
- download diff
- download tarball
- view history from revision 1161
- Committer: Teddy Hogeborn
- Date: 2019-08-18 04:14:31 UTC
- Revision ID: teddy@recompile.se-20190818041431-jgt8pizlzjvxalj0
Debian package: Client: Install the systemd sysusers.d file
* debian/mandos-client.dirs (usr/lib/sysusers.d): New.
* debian/mandos-client.dirs (usr/lib/sysusers.d): New.
- files added:
- debian/mandos-client.templates
- debian/tests
- dracut-module
- files removed:
- initramfs-tools-hook-conf
- files modified:
- .bzrignore
added
removed
mandos
11
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008-2018 Teddy Hogeborn
15
# Copyright © 2008-2018 Björn Påhlsson
14
# Copyright © 2008-2019 Teddy Hogeborn
15
# Copyright © 2008-2019 Björn Påhlsson
16
16
#
17
17
# This file is part of Mandos.
18
18
#
80
80
81
81
import dbus
82
82
import dbus.service
83
import gi
83
84
from gi.repository import GLib
84
85
from dbus.mainloop.glib import DBusGMainLoop
85
86
import ctypes
87
88
import xml.dom.minidom
88
89
import inspect
89
90
91
if sys.version_info.major == 2:
92
__metaclass__ = type
93
90
94
# Try to find the value of SO_BINDTODEVICE:
91
95
try:
92
96
# This is where SO_BINDTODEVICE is in Python 3.3 (or 3.4?) and
115
119
if sys.version_info.major == 2:
116
120
str = unicode
117
121
118
version = "1.7.16"
122
if sys.version_info < (3, 2):
123
configparser.Configparser = configparser.SafeConfigParser
124
125
version = "1.8.7"
119
126
stored_state_file = "clients.pickle"
120
127
121
128
logger = logging.getLogger()
179
186
pass
180
187
181
188
182
class PGPEngine(object):
189
class PGPEngine:
183
190
"""A simple class for OpenPGP symmetric encryption & decryption"""
184
191
185
192
def __init__(self):
275
282
276
283
277
284
# Pretend that we have an Avahi module
278
class Avahi(object):
279
"""This isn't so much a class as it is a module-like namespace.
280
It is instantiated once, and simulates having an Avahi module."""
285
class avahi:
286
"""This isn't so much a class as it is a module-like namespace."""
281
287
IF_UNSPEC = -1 # avahi-common/address.h
282
288
PROTO_UNSPEC = -1 # avahi-common/address.h
283
289
PROTO_INET = 0 # avahi-common/address.h
287
293
DBUS_INTERFACE_SERVER = DBUS_NAME + ".Server"
288
294
DBUS_PATH_SERVER = "/"
289
295
290
def string_array_to_txt_array(self, t):
296
@staticmethod
297
def string_array_to_txt_array(t):
291
298
return dbus.Array((dbus.ByteArray(s.encode("utf-8"))
292
299
for s in t), signature="ay")
293
300
ENTRY_GROUP_ESTABLISHED = 2 # avahi-common/defs.h
298
305
SERVER_RUNNING = 2 # avahi-common/defs.h
299
306
SERVER_COLLISION = 3 # avahi-common/defs.h
300
307
SERVER_FAILURE = 4 # avahi-common/defs.h
301
avahi = Avahi()
302
308
303
309
304
310
class AvahiError(Exception):
316
322
pass
317
323
318
324
319
class AvahiService(object):
325
class AvahiService:
320
326
"""An Avahi (Zeroconf) service.
321
327
322
328
Attributes:
496
502
class AvahiServiceToSyslog(AvahiService):
497
503
def rename(self, *args, **kwargs):
498
504
"""Add the new name to the syslog messages"""
499
ret = super(AvahiServiceToSyslog, self).rename(self, *args,
500
**kwargs)
505
ret = super(AvahiServiceToSyslog, self).rename(*args, **kwargs)
501
506
syslogger.setFormatter(logging.Formatter(
502
507
'Mandos ({}) [%(process)d]: %(levelname)s: %(message)s'
503
508
.format(self.name)))
505
510
506
511
507
512
# Pretend that we have a GnuTLS module
508
class GnuTLS(object):
509
"""This isn't so much a class as it is a module-like namespace.
510
It is instantiated once, and simulates having a GnuTLS module."""
513
class gnutls:
514
"""This isn't so much a class as it is a module-like namespace."""
511
515
512
516
library = ctypes.util.find_library("gnutls")
513
517
if library is None:
514
518
library = ctypes.util.find_library("gnutls-deb0")
515
519
_library = ctypes.cdll.LoadLibrary(library)
516
520
del library
517
_need_version = b"3.3.0"
518
519
def __init__(self):
520
# Need to use "self" here, since this method is called before
521
# the assignment to the "gnutls" global variable happens.
522
if self.check_version(self._need_version) is None:
523
raise self.Error("Needs GnuTLS {} or later"
524
.format(self._need_version))
525
521
526
522
# Unless otherwise indicated, the constants and types below are
527
523
# all from the gnutls/gnutls.h C header file.
531
527
E_INTERRUPTED = -52
532
528
E_AGAIN = -28
533
529
CRT_OPENPGP = 2
530
CRT_RAWPK = 3
534
531
CLIENT = 2
535
532
SHUT_RDWR = 0
536
533
CRD_CERTIFICATE = 1
537
534
E_NO_CERTIFICATE_FOUND = -49
535
X509_FMT_DER = 0
536
NO_TICKETS = 1<<10
537
ENABLE_RAWPK = 1<<18
538
CTYPE_PEERS = 3
539
KEYID_USE_SHA256 = 1 # gnutls/x509.h
538
540
OPENPGP_FMT_RAW = 0 # gnutls/openpgp.h
539
541
540
542
# Types
563
565
564
566
# Exceptions
565
567
class Error(Exception):
566
# We need to use the class name "GnuTLS" here, since this
567
# exception might be raised from within GnuTLS.__init__,
568
# which is called before the assignment to the "gnutls"
569
# global variable has happened.
570
568
def __init__(self, message=None, code=None, args=()):
571
569
# Default usage is by a message string, but if a return
572
570
# code is passed, convert it to a string with
573
571
# gnutls.strerror()
574
572
self.code = code
575
573
if message is None and code is not None:
576
message = GnuTLS.strerror(code)
577
return super(GnuTLS.Error, self).__init__(
574
message = gnutls.strerror(code)
575
return super(gnutls.Error, self).__init__(
578
576
message, *args)
579
577
580
578
class CertificateSecurityError(Error):
581
579
pass
582
580
583
581
# Classes
584
class Credentials(object):
582
class Credentials:
585
583
def __init__(self):
586
584
self._c_object = gnutls.certificate_credentials_t()
587
585
gnutls.certificate_allocate_credentials(
591
589
def __del__(self):
592
590
gnutls.certificate_free_credentials(self._c_object)
593
591
594
class ClientSession(object):
592
class ClientSession:
595
593
def __init__(self, socket, credentials=None):
596
594
self._c_object = gnutls.session_t()
597
gnutls.init(ctypes.byref(self._c_object), gnutls.CLIENT)
595
gnutls_flags = gnutls.CLIENT
596
if gnutls.check_version(b"3.5.6"):
597
gnutls_flags |= gnutls.NO_TICKETS
598
if gnutls.has_rawpk:
599
gnutls_flags |= gnutls.ENABLE_RAWPK
600
gnutls.init(ctypes.byref(self._c_object), gnutls_flags)
601
del gnutls_flags
598
602
gnutls.set_default_priority(self._c_object)
599
603
gnutls.transport_set_ptr(self._c_object, socket.fileno())
600
604
gnutls.handshake_set_private_extensions(self._c_object,
732
736
check_version.argtypes = [ctypes.c_char_p]
733
737
check_version.restype = ctypes.c_char_p
734
738
735
# All the function declarations below are from gnutls/openpgp.h
736
737
openpgp_crt_init = _library.gnutls_openpgp_crt_init
738
openpgp_crt_init.argtypes = [ctypes.POINTER(openpgp_crt_t)]
739
openpgp_crt_init.restype = _error_code
740
741
openpgp_crt_import = _library.gnutls_openpgp_crt_import
742
openpgp_crt_import.argtypes = [openpgp_crt_t,
743
ctypes.POINTER(datum_t),
744
openpgp_crt_fmt_t]
745
openpgp_crt_import.restype = _error_code
746
747
openpgp_crt_verify_self = _library.gnutls_openpgp_crt_verify_self
748
openpgp_crt_verify_self.argtypes = [openpgp_crt_t, ctypes.c_uint,
749
ctypes.POINTER(ctypes.c_uint)]
750
openpgp_crt_verify_self.restype = _error_code
751
752
openpgp_crt_deinit = _library.gnutls_openpgp_crt_deinit
753
openpgp_crt_deinit.argtypes = [openpgp_crt_t]
754
openpgp_crt_deinit.restype = None
755
756
openpgp_crt_get_fingerprint = (
757
_library.gnutls_openpgp_crt_get_fingerprint)
758
openpgp_crt_get_fingerprint.argtypes = [openpgp_crt_t,
759
ctypes.c_void_p,
760
ctypes.POINTER(
761
ctypes.c_size_t)]
762
openpgp_crt_get_fingerprint.restype = _error_code
739
_need_version = b"3.3.0"
740
if check_version(_need_version) is None:
741
raise self.Error("Needs GnuTLS {} or later"
742
.format(_need_version))
743
744
_tls_rawpk_version = b"3.6.6"
745
has_rawpk = bool(check_version(_tls_rawpk_version))
746
747
if has_rawpk:
748
# Types
749
class pubkey_st(ctypes.Structure):
750
_fields = []
751
pubkey_t = ctypes.POINTER(pubkey_st)
752
753
x509_crt_fmt_t = ctypes.c_int
754
755
# All the function declarations below are from gnutls/abstract.h
756
pubkey_init = _library.gnutls_pubkey_init
757
pubkey_init.argtypes = [ctypes.POINTER(pubkey_t)]
758
pubkey_init.restype = _error_code
759
760
pubkey_import = _library.gnutls_pubkey_import
761
pubkey_import.argtypes = [pubkey_t, ctypes.POINTER(datum_t),
762
x509_crt_fmt_t]
763
pubkey_import.restype = _error_code
764
765
pubkey_get_key_id = _library.gnutls_pubkey_get_key_id
766
pubkey_get_key_id.argtypes = [pubkey_t, ctypes.c_int,
767
ctypes.POINTER(ctypes.c_ubyte),
768
ctypes.POINTER(ctypes.c_size_t)]
769
pubkey_get_key_id.restype = _error_code
770
771
pubkey_deinit = _library.gnutls_pubkey_deinit
772
pubkey_deinit.argtypes = [pubkey_t]
773
pubkey_deinit.restype = None
774
else:
775
# All the function declarations below are from gnutls/openpgp.h
776
777
openpgp_crt_init = _library.gnutls_openpgp_crt_init
778
openpgp_crt_init.argtypes = [ctypes.POINTER(openpgp_crt_t)]
779
openpgp_crt_init.restype = _error_code
780
781
openpgp_crt_import = _library.gnutls_openpgp_crt_import
782
openpgp_crt_import.argtypes = [openpgp_crt_t,
783
ctypes.POINTER(datum_t),
784
openpgp_crt_fmt_t]
785
openpgp_crt_import.restype = _error_code
786
787
openpgp_crt_verify_self = _library.gnutls_openpgp_crt_verify_self
788
openpgp_crt_verify_self.argtypes = [openpgp_crt_t, ctypes.c_uint,
789
ctypes.POINTER(ctypes.c_uint)]
790
openpgp_crt_verify_self.restype = _error_code
791
792
openpgp_crt_deinit = _library.gnutls_openpgp_crt_deinit
793
openpgp_crt_deinit.argtypes = [openpgp_crt_t]
794
openpgp_crt_deinit.restype = None
795
796
openpgp_crt_get_fingerprint = (
797
_library.gnutls_openpgp_crt_get_fingerprint)
798
openpgp_crt_get_fingerprint.argtypes = [openpgp_crt_t,
799
ctypes.c_void_p,
800
ctypes.POINTER(
801
ctypes.c_size_t)]
802
openpgp_crt_get_fingerprint.restype = _error_code
803
804
if check_version(b"3.6.4"):
805
certificate_type_get2 = _library.gnutls_certificate_type_get2
806
certificate_type_get2.argtypes = [session_t, ctypes.c_int]
807
certificate_type_get2.restype = _error_code
763
808
764
809
# Remove non-public functions
765
810
del _error_code, _retry_on_error
766
# Create the global "gnutls" object, simulating a module
767
gnutls = GnuTLS()
768
811
769
812
770
813
def call_pipe(connection, # : multiprocessing.Connection
778
821
connection.close()
779
822
780
823
781
class Client(object):
824
class Client:
782
825
"""A representation of a client host served by this server.
783
826
784
827
Attributes:
785
828
approved: bool(); 'None' if not yet approved/disapproved
786
829
approval_delay: datetime.timedelta(); Time to wait for approval
787
830
approval_duration: datetime.timedelta(); Duration of one approval
788
checker: subprocess.Popen(); a running checker process used
789
to see if the client lives.
790
'None' if no process is running.
831
checker: multiprocessing.Process(); a running checker process used
832
to see if the client lives. 'None' if no process is
833
running.
791
834
checker_callback_tag: a GLib event source tag, or None
792
835
checker_command: string; External command which is run to check
793
836
if client lives. %() expansions are done at
801
844
disable_initiator_tag: a GLib event source tag, or None
802
845
enabled: bool()
803
846
fingerprint: string (40 or 32 hexadecimal digits); used to
804
uniquely identify the client
847
uniquely identify an OpenPGP client
848
key_id: string (64 hexadecimal digits); used to uniquely identify
849
a client using raw public keys
805
850
host: string; available for use by the checker command
806
851
interval: datetime.timedelta(); How often to start a new checker
807
852
last_approval_request: datetime.datetime(); (UTC) or None
825
870
"""
826
871
827
872
runtime_expansions = ("approval_delay", "approval_duration",
828
"created", "enabled", "expires",
873
"created", "enabled", "expires", "key_id",
829
874
"fingerprint", "host", "interval",
830
875
"last_approval_request", "last_checked_ok",
831
876
"last_enabled", "name", "timeout")
861
906
client["enabled"] = config.getboolean(client_name,
862
907
"enabled")
863
908
864
# Uppercase and remove spaces from fingerprint for later
865
# comparison purposes with return value from the
866
# fingerprint() function
909
# Uppercase and remove spaces from key_id and fingerprint
910
# for later comparison purposes with return value from the
911
# key_id() and fingerprint() functions
912
client["key_id"] = (section.get("key_id", "").upper()
913
.replace(" ", ""))
867
914
client["fingerprint"] = (section["fingerprint"].upper()
868
915
.replace(" ", ""))
869
916
if "secret" in section:
913
960
self.expires = None
914
961
915
962
logger.debug("Creating client %r", self.name)
963
logger.debug(" Key ID: %s", self.key_id)
916
964
logger.debug(" Fingerprint: %s", self.fingerprint)
917
965
self.created = settings.get("created",
918
966
datetime.datetime.utcnow())
995
1043
def checker_callback(self, source, condition, connection,
996
1044
command):
997
1045
"""The checker has completed, so take appropriate actions."""
998
self.checker_callback_tag = None
999
self.checker = None
1000
1046
# Read return code from connection (see call_pipe)
1001
1047
returncode = connection.recv()
1002
1048
connection.close()
1049
self.checker.join()
1050
self.checker_callback_tag = None
1051
self.checker = None
1003
1052
1004
1053
if returncode >= 0:
1005
1054
self.last_checker_status = returncode
2000
2049
def Name_dbus_property(self):
2001
2050
return dbus.String(self.name)
2002
2051
2052
# KeyID - property
2053
@dbus_annotations(
2054
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
2055
@dbus_service_property(_interface, signature="s", access="read")
2056
def KeyID_dbus_property(self):
2057
return dbus.String(self.key_id)
2058
2003
2059
# Fingerprint - property
2004
2060
@dbus_annotations(
2005
2061
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
2160
2216
del _interface
2161
2217
2162
2218
2163
class ProxyClient(object):
2164
def __init__(self, child_pipe, fpr, address):
2219
class ProxyClient:
2220
def __init__(self, child_pipe, key_id, fpr, address):
2165
2221
self._pipe = child_pipe
2166
self._pipe.send(('init', fpr, address))
2222
self._pipe.send(('init', key_id, fpr, address))
2167
2223
if not self._pipe.recv():
2168
raise KeyError(fpr)
2224
raise KeyError(key_id or fpr)
2169
2225
2170
2226
def __getattribute__(self, name):
2171
2227
if name == '_pipe':
2238
2294
2239
2295
approval_required = False
2240
2296
try:
2241
try:
2242
fpr = self.fingerprint(
2243
self.peer_certificate(session))
2244
except (TypeError, gnutls.Error) as error:
2245
logger.warning("Bad certificate: %s", error)
2246
return
2247
logger.debug("Fingerprint: %s", fpr)
2248
2249
try:
2250
client = ProxyClient(child_pipe, fpr,
2297
if gnutls.has_rawpk:
2298
fpr = b""
2299
try:
2300
key_id = self.key_id(
2301
self.peer_certificate(session))
2302
except (TypeError, gnutls.Error) as error:
2303
logger.warning("Bad certificate: %s", error)
2304
return
2305
logger.debug("Key ID: %s", key_id)
2306
2307
else:
2308
key_id = b""
2309
try:
2310
fpr = self.fingerprint(
2311
self.peer_certificate(session))
2312
except (TypeError, gnutls.Error) as error:
2313
logger.warning("Bad certificate: %s", error)
2314
return
2315
logger.debug("Fingerprint: %s", fpr)
2316
2317
try:
2318
client = ProxyClient(child_pipe, key_id, fpr,
2251
2319
self.client_address)
2252
2320
except KeyError:
2253
2321
return
2330
2398
2331
2399
@staticmethod
2332
2400
def peer_certificate(session):
2333
"Return the peer's OpenPGP certificate as a bytestring"
2334
# If not an OpenPGP certificate...
2335
if (gnutls.certificate_type_get(session._c_object)
2336
!= gnutls.CRT_OPENPGP):
2401
"Return the peer's certificate as a bytestring"
2402
try:
2403
cert_type = gnutls.certificate_type_get2(session._c_object,
2404
gnutls.CTYPE_PEERS)
2405
except AttributeError:
2406
cert_type = gnutls.certificate_type_get(session._c_object)
2407
if gnutls.has_rawpk:
2408
valid_cert_types = frozenset((gnutls.CRT_RAWPK,))
2409
else:
2410
valid_cert_types = frozenset((gnutls.CRT_OPENPGP,))
2411
# If not a valid certificate type...
2412
if cert_type not in valid_cert_types:
2413
logger.info("Cert type %r not in %r", cert_type,
2414
valid_cert_types)
2337
2415
# ...return invalid data
2338
2416
return b""
2339
2417
list_size = ctypes.c_uint(1)
2347
2425
return ctypes.string_at(cert.data, cert.size)
2348
2426
2349
2427
@staticmethod
2428
def key_id(certificate):
2429
"Convert a certificate bytestring to a hexdigit key ID"
2430
# New GnuTLS "datum" with the public key
2431
datum = gnutls.datum_t(
2432
ctypes.cast(ctypes.c_char_p(certificate),
2433
ctypes.POINTER(ctypes.c_ubyte)),
2434
ctypes.c_uint(len(certificate)))
2435
# XXX all these need to be created in the gnutls "module"
2436
# New empty GnuTLS certificate
2437
pubkey = gnutls.pubkey_t()
2438
gnutls.pubkey_init(ctypes.byref(pubkey))
2439
# Import the raw public key into the certificate
2440
gnutls.pubkey_import(pubkey,
2441
ctypes.byref(datum),
2442
gnutls.X509_FMT_DER)
2443
# New buffer for the key ID
2444
buf = ctypes.create_string_buffer(32)
2445
buf_len = ctypes.c_size_t(len(buf))
2446
# Get the key ID from the raw public key into the buffer
2447
gnutls.pubkey_get_key_id(pubkey,
2448
gnutls.KEYID_USE_SHA256,
2449
ctypes.cast(ctypes.byref(buf),
2450
ctypes.POINTER(ctypes.c_ubyte)),
2451
ctypes.byref(buf_len))
2452
# Deinit the certificate
2453
gnutls.pubkey_deinit(pubkey)
2454
2455
# Convert the buffer to a Python bytestring
2456
key_id = ctypes.string_at(buf, buf_len.value)
2457
# Convert the bytestring to hexadecimal notation
2458
hex_key_id = binascii.hexlify(key_id).upper()
2459
return hex_key_id
2460
2461
@staticmethod
2350
2462
def fingerprint(openpgp):
2351
2463
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
2352
2464
# New GnuTLS "datum" with the OpenPGP public key
2366
2478
ctypes.byref(crtverify))
2367
2479
if crtverify.value != 0:
2368
2480
gnutls.openpgp_crt_deinit(crt)
2369
raise gnutls.CertificateSecurityError("Verify failed")
2481
raise gnutls.CertificateSecurityError(code
2482
=crtverify.value)
2370
2483
# New buffer for the fingerprint
2371
2484
buf = ctypes.create_string_buffer(20)
2372
2485
buf_len = ctypes.c_size_t()
2382
2495
return hex_fpr
2383
2496
2384
2497
2385
class MultiprocessingMixIn(object):
2498
class MultiprocessingMixIn:
2386
2499
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
2387
2500
2388
2501
def sub_process_main(self, request, address):
2400
2513
return proc
2401
2514
2402
2515
2403
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
2516
class MultiprocessingMixInWithPipe(MultiprocessingMixIn):
2404
2517
""" adds a pipe to the MixIn """
2405
2518
2406
2519
def process_request(self, request, client_address):
2421
2534
2422
2535
2423
2536
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
2424
socketserver.TCPServer, object):
2537
socketserver.TCPServer):
2425
2538
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
2426
2539
2427
2540
Attributes:
2500
2613
raise
2501
2614
# Only bind(2) the socket if we really need to.
2502
2615
if self.server_address[0] or self.server_address[1]:
2616
if self.server_address[1]:
2617
self.allow_reuse_address = True
2503
2618
if not self.server_address[0]:
2504
2619
if self.address_family == socket.AF_INET6:
2505
2620
any_address = "::" # in6addr_any
2579
2694
command = request[0]
2580
2695
2581
2696
if command == 'init':
2582
fpr = request[1].decode("ascii")
2583
address = request[2]
2697
key_id = request[1].decode("ascii")
2698
fpr = request[2].decode("ascii")
2699
address = request[3]
2584
2700
2585
2701
for c in self.clients.values():
2586
if c.fingerprint == fpr:
2702
if key_id == "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855":
2703
continue
2704
if key_id and c.key_id == key_id:
2705
client = c
2706
break
2707
if fpr and c.fingerprint == fpr:
2587
2708
client = c
2588
2709
break
2589
2710
else:
2590
logger.info("Client not found for fingerprint: %s, ad"
2591
"dress: %s", fpr, address)
2711
logger.info("Client not found for key ID: %s, address"
2712
": %s", key_id or fpr, address)
2592
2713
if self.use_dbus:
2593
2714
# Emit D-Bus signal
2594
mandos_dbus_service.ClientNotFound(fpr,
2715
mandos_dbus_service.ClientNotFound(key_id or fpr,
2595
2716
address[0])
2596
2717
parent_pipe.send(False)
2597
2718
return False
2860
2981
sys.exit(os.EX_OK if fail_count == 0 else 1)
2861
2982
2862
2983
# Default values for config file for server-global settings
2984
if gnutls.has_rawpk:
2985
priority = ("SECURE128:!CTYPE-X.509:+CTYPE-RAWPK:!RSA"
2986
":!VERS-ALL:+VERS-TLS1.3:%PROFILE_ULTRA")
2987
else:
2988
priority = ("SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA"
2989
":+SIGN-DSA-SHA256")
2863
2990
server_defaults = {"interface": "",
2864
2991
"address": "",
2865
2992
"port": "",
2866
2993
"debug": "False",
2867
"priority":
2868
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA"
2869
":+SIGN-DSA-SHA256",
2994
"priority": priority,
2870
2995
"servicename": "Mandos",
2871
2996
"use_dbus": "True",
2872
2997
"use_ipv6": "True",
2877
3002
"foreground": "False",
2878
3003
"zeroconf": "True",
2879
3004
}
3005
del priority
2880
3006
2881
3007
# Parse config file for server-global settings
2882
server_config = configparser.SafeConfigParser(server_defaults)
3008
server_config = configparser.ConfigParser(server_defaults)
2883
3009
del server_defaults
2884
3010
server_config.read(os.path.join(options.configdir, "mandos.conf"))
2885
# Convert the SafeConfigParser object to a dict
3011
# Convert the ConfigParser object to a dict
2886
3012
server_settings = server_config.defaults()
2887
3013
# Use the appropriate methods on the non-string config options
2888
3014
for option in ("debug", "use_dbus", "use_ipv6", "restore",
2960
3086
server_settings["servicename"])))
2961
3087
2962
3088
# Parse config file with clients
2963
client_config = configparser.SafeConfigParser(Client
2964
.client_defaults)
3089
client_config = configparser.ConfigParser(Client.client_defaults)
2965
3090
client_config.read(os.path.join(server_settings["configdir"],
2966
3091
"clients.conf"))
2967
3092
3038
3163
# Close all input and output, do double fork, etc.
3039
3164
daemon()
3040
3165
3041
# multiprocessing will use threads, so before we use GLib we need
3042
# to inform GLib that threads will be used.
3043
GLib.threads_init()
3166
if gi.version_info < (3, 10, 2):
3167
# multiprocessing will use threads, so before we use GLib we
3168
# need to inform GLib that threads will be used.
3169
GLib.threads_init()
3044
3170
3045
3171
global main_loop
3046
3172
# From the Avahi example code
3126
3252
for k in ("name", "host"):
3127
3253
if isinstance(value[k], bytes):
3128
3254
value[k] = value[k].decode("utf-8")
3255
if "key_id" not in value:
3256
value["key_id"] = ""
3257
elif "fingerprint" not in value:
3258
value["fingerprint"] = ""
3129
3259
# old_client_settings
3130
3260
# .keys()
3131
3261
old_client_settings = {
3268
3398
pass
3269
3399
3270
3400
@dbus.service.signal(_interface, signature="ss")
3271
def ClientNotFound(self, fingerprint, address):
3401
def ClientNotFound(self, key_id, address):
3272
3402
"D-Bus signal"
3273
3403
pass
3274
3404
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0