/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

  • Committer: Teddy Hogeborn
  • Date: 2019-11-03 18:58:44 UTC
  • Revision ID: teddy@recompile.se-20191103185844-r5ghn595fdzefg4w
mandos-monitor: Formatting changes only

* mandos-monitor: Re-order imports and normally use double quotes
                  instead of single quotes for strings.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos
1
 
#!/usr/bin/python3 -bI
 
1
#!/usr/bin/python3 -b
2
2
# -*- mode: python; after-save-hook: (lambda () (let ((command (if (fboundp 'file-local-name) (file-local-name (buffer-file-name)) (or (file-remote-p (buffer-file-name) 'localname) (buffer-file-name))))) (if (= (progn (if (get-buffer "*Test*") (kill-buffer "*Test*")) (process-file-shell-command (format "%s --check" (shell-quote-argument command)) nil "*Test*")) 0) (let ((w (get-buffer-window "*Test*"))) (if w (delete-window w))) (progn (with-current-buffer "*Test*" (compilation-mode)) (display-buffer "*Test*" '(display-buffer-in-side-window)))))); coding: utf-8 -*-
3
3
#
4
4
# Mandos server - give out binary blobs to connecting clients.
11
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
 
# Copyright © 2008-2020 Teddy Hogeborn
15
 
# Copyright © 2008-2020 Björn Påhlsson
 
14
# Copyright © 2008-2019 Teddy Hogeborn
 
15
# Copyright © 2008-2019 Björn Påhlsson
16
16
#
17
17
# This file is part of Mandos.
18
18
#
78
78
import collections
79
79
import codecs
80
80
import unittest
81
 
import random
82
 
import shlex
83
81
 
84
82
import dbus
85
83
import dbus.service
93
91
 
94
92
if sys.version_info.major == 2:
95
93
    __metaclass__ = type
96
 
    str = unicode
97
 
 
98
 
# Add collections.abc.Callable if it does not exist
99
 
try:
100
 
    collections.abc.Callable
101
 
except AttributeError:
102
 
    class abc:
103
 
        Callable = collections.Callable
104
 
    collections.abc = abc
105
 
    del abc
106
 
 
107
 
# Add shlex.quote if it does not exist
108
 
try:
109
 
    shlex.quote
110
 
except AttributeError:
111
 
    shlex.quote = re.escape
112
94
 
113
95
# Show warnings by default
114
96
if not sys.warnoptions:
140
122
            # No value found
141
123
            SO_BINDTODEVICE = None
142
124
 
 
125
if sys.version_info.major == 2:
 
126
    str = unicode
 
127
 
143
128
if sys.version_info < (3, 2):
144
129
    configparser.Configparser = configparser.SafeConfigParser
145
130
 
146
 
version = "1.8.14"
 
131
version = "1.8.9"
147
132
stored_state_file = "clients.pickle"
148
133
 
149
134
logger = logging.getLogger()
524
509
class AvahiServiceToSyslog(AvahiService):
525
510
    def rename(self, *args, **kwargs):
526
511
        """Add the new name to the syslog messages"""
527
 
        ret = super(AvahiServiceToSyslog, self).rename(*args,
528
 
                                                       **kwargs)
 
512
        ret = super(AvahiServiceToSyslog, self).rename(*args, **kwargs)
529
513
        syslogger.setFormatter(logging.Formatter(
530
514
            'Mandos ({}) [%(process)d]: %(levelname)s: %(message)s'
531
515
            .format(self.name)))
661
645
            raise gnutls.CertificateSecurityError(code=result)
662
646
        raise gnutls.Error(code=result)
663
647
 
664
 
    def _retry_on_error(result, func, arguments,
665
 
                        _error_code=_error_code):
 
648
    def _retry_on_error(result, func, arguments):
666
649
        """A function to retry on some errors, suitable
667
650
        for the 'errcheck' attribute on ctypes functions"""
668
651
        while result < 0:
776
759
 
777
760
        x509_crt_fmt_t = ctypes.c_int
778
761
 
779
 
        # All the function declarations below are from
780
 
        # gnutls/abstract.h
 
762
        # All the function declarations below are from gnutls/abstract.h
781
763
        pubkey_init = _library.gnutls_pubkey_init
782
764
        pubkey_init.argtypes = [ctypes.POINTER(pubkey_t)]
783
765
        pubkey_init.restype = _error_code
797
779
        pubkey_deinit.argtypes = [pubkey_t]
798
780
        pubkey_deinit.restype = None
799
781
    else:
800
 
        # All the function declarations below are from
801
 
        # gnutls/openpgp.h
 
782
        # All the function declarations below are from gnutls/openpgp.h
802
783
 
803
784
        openpgp_crt_init = _library.gnutls_openpgp_crt_init
804
785
        openpgp_crt_init.argtypes = [ctypes.POINTER(openpgp_crt_t)]
810
791
                                       openpgp_crt_fmt_t]
811
792
        openpgp_crt_import.restype = _error_code
812
793
 
813
 
        openpgp_crt_verify_self = \
814
 
            _library.gnutls_openpgp_crt_verify_self
815
 
        openpgp_crt_verify_self.argtypes = [
816
 
            openpgp_crt_t,
817
 
            ctypes.c_uint,
818
 
            ctypes.POINTER(ctypes.c_uint),
819
 
        ]
 
794
        openpgp_crt_verify_self = _library.gnutls_openpgp_crt_verify_self
 
795
        openpgp_crt_verify_self.argtypes = [openpgp_crt_t, ctypes.c_uint,
 
796
                                            ctypes.POINTER(ctypes.c_uint)]
820
797
        openpgp_crt_verify_self.restype = _error_code
821
798
 
822
799
        openpgp_crt_deinit = _library.gnutls_openpgp_crt_deinit
1060
1037
        if self.checker_initiator_tag is not None:
1061
1038
            GLib.source_remove(self.checker_initiator_tag)
1062
1039
        self.checker_initiator_tag = GLib.timeout_add(
1063
 
            random.randrange(int(self.interval.total_seconds() * 1000
1064
 
                                 + 1)),
 
1040
            int(self.interval.total_seconds() * 1000),
1065
1041
            self.start_checker)
1066
1042
        # Schedule a disable() when 'timeout' has passed
1067
1043
        if self.disable_initiator_tag is not None:
1142
1118
        if self.checker is None:
1143
1119
            # Escape attributes for the shell
1144
1120
            escaped_attrs = {
1145
 
                attr: shlex.quote(str(getattr(self, attr)))
 
1121
                attr: re.escape(str(getattr(self, attr)))
1146
1122
                for attr in self.runtime_expansions}
1147
1123
            try:
1148
1124
                command = self.checker_command % escaped_attrs
1437
1413
                raise ValueError("Byte arrays not supported for non-"
1438
1414
                                 "'ay' signature {!r}"
1439
1415
                                 .format(prop._dbus_signature))
1440
 
            value = dbus.ByteArray(bytes(value))
 
1416
            value = dbus.ByteArray(b''.join(chr(byte)
 
1417
                                            for byte in value))
1441
1418
        prop(value)
1442
1419
 
1443
1420
    @dbus.service.method(dbus.PROPERTIES_IFACE,
2476
2453
        buf = ctypes.create_string_buffer(32)
2477
2454
        buf_len = ctypes.c_size_t(len(buf))
2478
2455
        # Get the key ID from the raw public key into the buffer
2479
 
        gnutls.pubkey_get_key_id(
2480
 
            pubkey,
2481
 
            gnutls.KEYID_USE_SHA256,
2482
 
            ctypes.cast(ctypes.byref(buf),
2483
 
                        ctypes.POINTER(ctypes.c_ubyte)),
2484
 
            ctypes.byref(buf_len))
 
2456
        gnutls.pubkey_get_key_id(pubkey,
 
2457
                                 gnutls.KEYID_USE_SHA256,
 
2458
                                 ctypes.cast(ctypes.byref(buf),
 
2459
                                             ctypes.POINTER(ctypes.c_ubyte)),
 
2460
                                 ctypes.byref(buf_len))
2485
2461
        # Deinit the certificate
2486
2462
        gnutls.pubkey_deinit(pubkey)
2487
2463
 
2732
2708
            address = request[3]
2733
2709
 
2734
2710
            for c in self.clients.values():
2735
 
                if key_id == ("E3B0C44298FC1C149AFBF4C8996FB924"
2736
 
                              "27AE41E4649B934CA495991B7852B855"):
 
2711
                if key_id == "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855":
2737
2712
                    continue
2738
2713
                if key_id and c.key_id == key_id:
2739
2714
                    client = c
2774
2749
        if command == 'getattr':
2775
2750
            attrname = request[1]
2776
2751
            if isinstance(client_object.__getattribute__(attrname),
2777
 
                          collections.abc.Callable):
 
2752
                          collections.Callable):
2778
2753
                parent_pipe.send(('function', ))
2779
2754
            else:
2780
2755
                parent_pipe.send((
2791
2766
def rfc3339_duration_to_delta(duration):
2792
2767
    """Parse an RFC 3339 "duration" and return a datetime.timedelta
2793
2768
 
2794
 
    >>> timedelta = datetime.timedelta
2795
 
    >>> rfc3339_duration_to_delta("P7D") == timedelta(7)
2796
 
    True
2797
 
    >>> rfc3339_duration_to_delta("PT60S") == timedelta(0, 60)
2798
 
    True
2799
 
    >>> rfc3339_duration_to_delta("PT60M") == timedelta(0, 3600)
2800
 
    True
2801
 
    >>> rfc3339_duration_to_delta("PT24H") == timedelta(1)
2802
 
    True
2803
 
    >>> rfc3339_duration_to_delta("P1W") == timedelta(7)
2804
 
    True
2805
 
    >>> rfc3339_duration_to_delta("PT5M30S") == timedelta(0, 330)
2806
 
    True
2807
 
    >>> rfc3339_duration_to_delta("P1DT3M20S") == timedelta(1, 200)
2808
 
    True
2809
 
    >>> del timedelta
 
2769
    >>> rfc3339_duration_to_delta("P7D") == datetime.timedelta(7)
 
2770
    True
 
2771
    >>> rfc3339_duration_to_delta("PT60S") == datetime.timedelta(0, 60)
 
2772
    True
 
2773
    >>> rfc3339_duration_to_delta("PT60M") == datetime.timedelta(0, 3600)
 
2774
    True
 
2775
    >>> rfc3339_duration_to_delta("PT24H") == datetime.timedelta(1)
 
2776
    True
 
2777
    >>> rfc3339_duration_to_delta("P1W") == datetime.timedelta(7)
 
2778
    True
 
2779
    >>> rfc3339_duration_to_delta("PT5M30S") == datetime.timedelta(0, 330)
 
2780
    True
 
2781
    >>> rfc3339_duration_to_delta("P1DT3M20S") == datetime.timedelta(1, 200)
 
2782
    True
2810
2783
    """
2811
2784
 
2812
2785
    # Parsing an RFC 3339 duration with regular expressions is not