/mandos/trunk : revision 12

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to server.py

Committer: Teddy Hogeborn
Date: 2008-07-19 18:43:24 UTC
Revision ID: teddy@fukt.bsnet.se-20080719184324-iwhoa5in75xa0u2u

* mandos-clients.conf ([foo]/dn, [foo]/password, [braxen_client]/dn,
                       [braxen_client]/password): Removed.
  ([foo]/fingerprint, [braxen_client]/fingerprint): New.
  ([foo]/checker): New.
  ([foo]/secfile): New.
  ([braxen_client]/secret): New.

* server.py: New "--debug" option to set debug flag.  Removed "cert",
             "key", "ca", "crl", and "cred" variables.  Added default
             value for "checker" config file setting.  Do not pass
             credentials to IPv6_TCPServer constructor.
  (debug): New global debug flag.  Used by most debugging output code.
  (Client.__init__): Keyword argument "dn" replaced by "fingerprint",
                     "password" renamed to "secret", and "passfile"
                     renamed to "secfile".  New keyword argument
                     "checker". All callers changed.
  (Client.dn): Removed.
  (Client.fingerprint): New.
  (Client.password): Renamed to "secret"; all users changed.
  (Client.passfile): Renamed to "secfile"; all users changed.
  (Client.timeout, Client.interval): Changed to be properties; now
                                     automatically updates the
                                     "_timeout_milliseconds" and
                                     "_interval_milliseconds" values.
  (Client.timeout_milliseconds): Renamed to "_timeout_milliseconds".
  (Client.interval_milliseconds): Renamed to "_interval_milliseconds".
  (Client.check_command): New.
  (Client.start_checker): Use the new "check_command" attribute.
  (peer_certificate, fingerprint): New functions.

  (tcp_handler.handle): Use ClientSession with empty credentials
                        object instead of ServerSession.  Set gnutls
                        priority string.  Do not verify peer.  Use
                        fingerprint instead of DN when searching for
                        clients.  Bug fix: Loop sending data so even large
                        secret data strings are sent.
  (IPv6_TCPServer.credentials): Removed.
  (if_nametoindex): Do not import ctypes since that is now imported
                    globally.

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

client.cpp

crl.pem

key.pem

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
clients.conf => mandos-clients.conf

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

server.py

#!/usr/bin/python

# -*- mode: python; coding: utf-8 -*-

# Mandos server - give out binary blobs to connecting clients.

# This program is partly derived from an example program for an Avahi

# service publisher, downloaded from

# <http://avahi.org/wiki/PythonPublishExample>. This includes the

# methods "add" and "remove" in the "AvahiService" class, the

# "server_state_changed" and "entry_group_state_changed" functions,

# and some lines in "main".

# Everything else is

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License

# along with this program. If not, see

# <http://www.gnu.org/licenses/>.

# Contact the authors at <mandos@fukt.bsnet.se>.

from __future__ import division, with_statement, absolute_import

from __future__ import division

import SocketServer

import socket

import optparse

import select

from optparse import OptionParser

import datetime

import errno

import gnutls.crypto

import signal

from sets import Set

import subprocess

import atexit

import stat

import logging

import logging.handlers

import pwd

from contextlib import closing

import dbus

import dbus.service

import gobject

import avahi

from dbus.mainloop.glib import DBusGMainLoop

import ctypes

import ctypes.util

try:

SO_BINDTODEVICE = socket.SO_BINDTODEVICE

except AttributeError:

try:

from IN import SO_BINDTODEVICE

except ImportError:

# From /usr/include/asm/socket.h

SO_BINDTODEVICE = 25

version = "1.0.8"

logger = logging.Logger('mandos')

syslogger = (logging.handlers.SysLogHandler

(facility = logging.handlers.SysLogHandler.LOG_DAEMON,

address = "/dev/log"))

syslogger.setFormatter(logging.Formatter

('Mandos [%(process)d]: %(levelname)s:'

' %(message)s'))

logger.addHandler(syslogger)

console = logging.StreamHandler()

console.setFormatter(logging.Formatter('%(name)s [%(process)d]:'

' %(levelname)s: %(message)s'))

logger.addHandler(console)

class AvahiError(Exception):

def __init__(self, value, *args, **kwargs):

self.value = value

super(AvahiError, self).__init__(value, *args, **kwargs)

def __unicode__(self):

100

return unicode(repr(self.value))

101

102

class AvahiServiceError(AvahiError):

103

pass

104

105

class AvahiGroupError(AvahiError):

106

pass

107

108

109

class AvahiService(object):

110

"""An Avahi (Zeroconf) service.

111

112

Attributes:

113

interface: integer; avahi.IF_UNSPEC or an interface index.

114

Used to optionally bind to the specified interface.

115

116

type: string; Example: '_mandos._tcp'.

117

See <http://www.dns-sd.org/ServiceTypes.html>

118

port: integer; what port to announce

119

TXT: list of strings; TXT record for the service

120

domain: string; Domain to publish on, default to .local if empty.

121

host: string; Host to publish records for, default is localhost

122

max_renames: integer; maximum number of renames

123

rename_count: integer; counter so we only rename after collisions

124

a sensible number of times

125

"""

126

def __init__(self, interface = avahi.IF_UNSPEC, name = None,

127

servicetype = None, port = None, TXT = None,

128

domain = "", host = "", max_renames = 32768,

129

protocol = avahi.PROTO_UNSPEC):

130

self.interface = interface

131

self.name = name

132

self.type = servicetype

133

self.port = port

134

self.TXT = TXT if TXT is not None else []

135

self.domain = domain

136

self.host = host

137

self.rename_count = 0

138

self.max_renames = max_renames

139

self.protocol = protocol

140

def rename(self):

141

"""Derived from the Avahi example code"""

142

if self.rename_count >= self.max_renames:

143

logger.critical(u"No suitable Zeroconf service name found"

144

u" after %i retries, exiting.",

145

self.rename_count)

146

raise AvahiServiceError(u"Too many renames")

147

self.name = server.GetAlternativeServiceName(self.name)

148

logger.info(u"Changing Zeroconf service name to %r ...",

149

str(self.name))

150

syslogger.setFormatter(logging.Formatter

151

('Mandos (%s) [%%(process)d]:'

152

' %%(levelname)s: %%(message)s'

153

% self.name))

154

self.remove()

155

self.add()

156

self.rename_count += 1

157

def remove(self):

158

"""Derived from the Avahi example code"""

159

if group is not None:

160

group.Reset()

161

def add(self):

162

"""Derived from the Avahi example code"""

163

global group

164

if group is None:

165

group = dbus.Interface(bus.get_object

166

(avahi.DBUS_NAME,

167

server.EntryGroupNew()),

168

avahi.DBUS_INTERFACE_ENTRY_GROUP)

169

group.connect_to_signal('StateChanged',

170

entry_group_state_changed)

171

logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",

172

service.name, service.type)

173

group.AddService(

174

self.interface, # interface

175

self.protocol, # protocol

176

dbus.UInt32(0), # flags

177

self.name, self.type,

178

self.domain, self.host,

179

dbus.UInt16(self.port),

180

avahi.string_array_to_txt_array(self.TXT))

181

group.Commit()

182

183

# From the Avahi example code:

184

group = None # our entry group

# This variable is used to optionally bind to a specified interface.

# It is a global variable to fit in with the other variables from the

# Avahi server example code.

serviceInterface = avahi.IF_UNSPEC

# From the Avahi server example code:

serviceName = "Mandos"

serviceType = "_mandos._tcp" # http://www.dns-sd.org/ServiceTypes.html

servicePort = None # Not known at startup

serviceTXT = [] # TXT record for the service

domain = "" # Domain to publish on, default to .local

host = "" # Host to publish records for, default to localhost

group = None #our entry group

rename_count = 12 # Counter so we only rename after collisions a

# sensible number of times

185

# End of Avahi example code

186

187

188

def _datetime_to_dbus(dt, variant_level=0):

189

"""Convert a UTC datetime.datetime() to a D-Bus type."""

190

return dbus.String(dt.isoformat(), variant_level=variant_level)

191

192

193

class Client(object):

194

"""A representation of a client host served by this server.

195

196

Attributes:

197

198

D-Bus identifiers

199

fingerprint: string (40 or 32 hexadecimal digits); used to

200

uniquely identify the client

201

secret: bytestring; sent verbatim (over TLS) to client

202

host: string; available for use by the checker command

203

created: datetime.datetime(); (UTC) object creation

204

last_enabled: datetime.datetime(); (UTC)

205

enabled: bool()

206

last_checked_ok: datetime.datetime(); (UTC) or None

207

timeout: datetime.timedelta(); How long from last_checked_ok

208

until this client is invalid

209

interval: datetime.timedelta(); How often to start a new checker

210

disable_hook: If set, called by disable() as disable_hook(self)

211

checker: subprocess.Popen(); a running checker process used

212

to see if the client lives.

213

'None' if no process is running.

secret: bytestring; sent verbatim (over TLS) to client

fqdn: string (FQDN); available for use by the checker command

created: datetime.datetime()

last_seen: datetime.datetime() or None if not yet seen

timeout: datetime.timedelta(); How long from last_seen until

this client is invalid

interval: datetime.timedelta(); How often to start a new checker

stop_hook: If set, called by stop() as stop_hook(self)

checker: subprocess.Popen(); a running checker process used

to see if the client lives.

Is None if no process is running.

214

checker_initiator_tag: a gobject event source tag, or None

215

disable_initiator_tag: - '' -

stop_initiator_tag: - '' -

216

checker_callback_tag: - '' -

217

checker_command: string; External command which is run to check if

218

client lives. %() expansions are done at

client lives. %()s expansions are done at

219

runtime with vars(self) as dict, so that for

220

instance %(name)s can be used in the command.

221

current_checker_command: string; current running checker_command

Private attibutes:

_timeout: Real variable for 'timeout'

_interval: Real variable for 'interval'

_timeout_milliseconds: Used by gobject.timeout_add()

_interval_milliseconds: - '' -

222

"""

223

def timeout_milliseconds(self):

224

"Return the 'timeout' attribute in milliseconds"

225

return ((self.timeout.days * 24 * 60 * 60 * 1000)

226

+ (self.timeout.seconds * 1000)

227

+ (self.timeout.microseconds // 1000))

228

229

def interval_milliseconds(self):

230

"Return the 'interval' attribute in milliseconds"

231

return ((self.interval.days * 24 * 60 * 60 * 1000)

232

+ (self.interval.seconds * 1000)

233

+ (self.interval.microseconds // 1000))

234

235

def __init__(self, name = None, disable_hook=None, config=None):

236

"""Note: the 'checker' key in 'config' sets the

237

'checker_command' attribute and *not* the 'checker'

238

attribute."""

def _set_timeout(self, timeout):

"Setter function for 'timeout' attribute"

self._timeout = timeout

self._timeout_milliseconds = ((self.timeout.days

* 24 * 60 * 60 * 1000)

+ (self.timeout.seconds * 1000)

+ (self.timeout.microseconds

// 1000))

timeout = property(lambda self: self._timeout,

_set_timeout)

del _set_timeout

def _set_interval(self, interval):

"Setter function for 'interval' attribute"

self._interval = interval

self._interval_milliseconds = ((self.interval.days

* 24 * 60 * 60 * 1000)

+ (self.interval.seconds

* 1000)

+ (self.interval.microseconds

// 1000))

interval = property(lambda self: self._interval,

_set_interval)

100

del _set_interval

101

def __init__(self, name=None, options=None, stop_hook=None,

102

fingerprint=None, secret=None, secfile=None, fqdn=None,

103

timeout=None, interval=-1, checker=None):

239

104

self.name = name

240

if config is None:

241

config = {}

242

logger.debug(u"Creating client %r", self.name)

243

# Uppercase and remove spaces from fingerprint for later

244

# comparison purposes with return value from the fingerprint()

245

# function

246

self.fingerprint = (config["fingerprint"].upper()

247

.replace(u" ", u""))

248

logger.debug(u" Fingerprint: %s", self.fingerprint)

249

if "secret" in config:

250

self.secret = config["secret"].decode(u"base64")

251

elif "secfile" in config:

252

with closing(open(os.path.expanduser

253

(os.path.expandvars

254

(config["secfile"])))) as secfile:

255

self.secret = secfile.read()

256

else:

257

raise TypeError(u"No secret or secfile for client %s"

258

% self.name)

259

self.host = config.get("host", "")

260

self.created = datetime.datetime.utcnow()

261

self.enabled = False

262

self.last_enabled = None

263

self.last_checked_ok = None

264

self.timeout = string_to_delta(config["timeout"])

265

self.interval = string_to_delta(config["interval"])

266

self.disable_hook = disable_hook

105

# Uppercase and remove spaces from fingerprint

106

# for later comparison purposes with return value of

107

# the fingerprint() function

108

self.fingerprint = fingerprint.upper().replace(u" ", u"")

109

if secret:

110

self.secret = secret.decode(u"base64")

111

elif secfile:

112

sf = open(secfile)

113

self.secret = sf.read()

114

sf.close()

115

else:

116

raise RuntimeError(u"No secret or secfile for client %s"

117

% self.name)

118

self.fqdn = fqdn # string

119

self.created = datetime.datetime.now()

120

self.last_seen = None

121

if timeout is None:

122

timeout = options.timeout

123

self.timeout = timeout

124

if interval == -1:

125

interval = options.interval

126

else:

127

interval = string_to_delta(interval)

128

self.interval = interval

129

self.stop_hook = stop_hook

267

130

self.checker = None

268

131

self.checker_initiator_tag = None

269

self.disable_initiator_tag = None

132

self.stop_initiator_tag = None

270

133

self.checker_callback_tag = None

271

self.checker_command = config["checker"]

272

self.current_checker_command = None

273

self.last_connect = None

274

275

def enable(self):

276

"""Start this client's checker and timeout hooks"""

277

self.last_enabled = datetime.datetime.utcnow()

134

self.check_command = checker

135

def start(self):

136

"""Start this clients checker and timeout hooks"""

278

137

# Schedule a new checker to be started an 'interval' from now,

279

138

# and every interval from then on.

280

self.checker_initiator_tag = (gobject.timeout_add

281

(self.interval_milliseconds(),

282

self.start_checker))

139

self.checker_initiator_tag = gobject.timeout_add\

140

(self._interval_milliseconds,

141

self.start_checker)

283

142

# Also start a new checker *right now*.

284

143

self.start_checker()

285

# Schedule a disable() when 'timeout' has passed

286

self.disable_initiator_tag = (gobject.timeout_add

287

(self.timeout_milliseconds(),

288

self.disable))

289

self.enabled = True

290

291

def disable(self):

292

"""Disable this client."""

293

if not getattr(self, "enabled", False):

294

return False

295

logger.info(u"Disabling client %s", self.name)

296

if getattr(self, "disable_initiator_tag", False):

297

gobject.source_remove(self.disable_initiator_tag)

298

self.disable_initiator_tag = None

299

if getattr(self, "checker_initiator_tag", False):

144

# Schedule a stop() when 'timeout' has passed

145

self.stop_initiator_tag = gobject.timeout_add\

146

(self._timeout_milliseconds,

147

self.stop)

148

def stop(self):

149

"""Stop this client.

150

The possibility that this client might be restarted is left

151

open, but not currently used."""

152

if debug:

153

sys.stderr.write(u"Stopping client %s\n" % self.name)

154

self.secret = None

155

if self.stop_initiator_tag:

156

gobject.source_remove(self.stop_initiator_tag)

157

self.stop_initiator_tag = None

158

if self.checker_initiator_tag:

300

159

gobject.source_remove(self.checker_initiator_tag)

301

160

self.checker_initiator_tag = None

302

161

self.stop_checker()

303

if self.disable_hook:

304

self.disable_hook(self)

305

self.enabled = False

162

if self.stop_hook:

163

self.stop_hook(self)

306

164

# Do not run this again if called by a gobject.timeout_add

307

165

return False

308

309

166

def __del__(self):

310

self.disable_hook = None

311

self.disable()

312

313

def checker_callback(self, pid, condition, command):

167

# Some code duplication here and in stop()

168

if hasattr(self, "stop_initiator_tag") \

169

and self.stop_initiator_tag:

170

gobject.source_remove(self.stop_initiator_tag)

171

self.stop_initiator_tag = None

172

if hasattr(self, "checker_initiator_tag") \

173

and self.checker_initiator_tag:

174

gobject.source_remove(self.checker_initiator_tag)

175

self.checker_initiator_tag = None

176

self.stop_checker()

177

def checker_callback(self, pid, condition):

314

178

"""The checker has completed, so take appropriate actions."""

179

now = datetime.datetime.now()

180

if os.WIFEXITED(condition) \

181

and (os.WEXITSTATUS(condition) == 0):

182

if debug:

183

sys.stderr.write(u"Checker for %(name)s succeeded\n"

184

% vars(self))

185

self.last_seen = now

186

gobject.source_remove(self.stop_initiator_tag)

187

self.stop_initiator_tag = gobject.timeout_add\

188

(self._timeout_milliseconds,

189

self.stop)

190

elif debug:

191

if not os.WIFEXITED(condition):

192

sys.stderr.write(u"Checker for %(name)s crashed?\n"

193

% vars(self))

194

else:

195

sys.stderr.write(u"Checker for %(name)s failed\n"

196

% vars(self))

197

self.checker = None

315

198

self.checker_callback_tag = None

316

self.checker = None

317

if os.WIFEXITED(condition):

318

exitstatus = os.WEXITSTATUS(condition)

319

if exitstatus == 0:

320

logger.info(u"Checker for %(name)s succeeded",

321

vars(self))

322

self.checked_ok()

323

else:

324

logger.info(u"Checker for %(name)s failed",

325

vars(self))

326

else:

327

logger.warning(u"Checker for %(name)s crashed?",

328

vars(self))

329

330

def checked_ok(self):

331

"""Bump up the timeout for this client.

332

333

This should only be called when the client has been seen,

334

alive and well.

335

"""

336

self.last_checked_ok = datetime.datetime.utcnow()

337

gobject.source_remove(self.disable_initiator_tag)

338

self.disable_initiator_tag = (gobject.timeout_add

339

(self.timeout_milliseconds(),

340

self.disable))

341

342

199

def start_checker(self):

343

200

"""Start a new checker subprocess if one is not running.

344

345

201

If a checker already exists, leave it running and do

346

202

nothing."""

347

# The reason for not killing a running checker is that if we

348

# did that, then if a checker (for some reason) started

349

# running slowly and taking more than 'interval' time, the

350

# client would inevitably timeout, since no checker would get

351

# a chance to run to completion. If we instead leave running

352

# checkers alone, the checker would have to take more time

353

# than 'timeout' for the client to be declared invalid, which

354

# is as it should be.

355

356

# If a checker exists, make sure it is not a zombie

357

if self.checker is not None:

358

pid, status = os.waitpid(self.checker.pid, os.WNOHANG)

359

if pid:

360

logger.warning("Checker was a zombie")

361

gobject.source_remove(self.checker_callback_tag)

362

self.checker_callback(pid, status,

363

self.current_checker_command)

364

# Start a new checker if needed

365

203

if self.checker is None:

204

if debug:

205

sys.stderr.write(u"Starting checker for %s\n"

206

% self.name)

366

207

try:

367

# In case checker_command has exactly one % operator

368

command = self.checker_command % self.host

208

command = self.check_command % self.fqdn

369

209

except TypeError:

370

# Escape attributes for the shell

371

210

escaped_attrs = dict((key, re.escape(str(val)))

372

211

for key, val in

373

212

vars(self).iteritems())

374

try:

375

command = self.checker_command % escaped_attrs

376

except TypeError, error:

377

logger.error(u'Could not format string "%s":'

378

u' %s', self.checker_command, error)

379

return True # Try again later

380

self.current_checker_command = command

213

command = self.check_command % escaped_attrs

381

214

try:

382

logger.info(u"Starting checker %r for %s",

383

command, self.name)

384

# We don't need to redirect stdout and stderr, since

385

# in normal mode, that is already done by daemon(),

386

# and in debug mode we don't want to. (Stdin is

387

# always replaced by /dev/null.)

388

self.checker = subprocess.Popen(command,

389

close_fds=True,

390

shell=True, cwd="/")

391

self.checker_callback_tag = (gobject.child_watch_add

392

(self.checker.pid,

393

self.checker_callback,

394

data=command))

395

# The checker may have completed before the gobject

396

# watch was added. Check for this.

397

pid, status = os.waitpid(self.checker.pid, os.WNOHANG)

398

if pid:

399

gobject.source_remove(self.checker_callback_tag)

400

self.checker_callback(pid, status, command)

401

except OSError, error:

402

logger.error(u"Failed to start subprocess: %s",

403

error)

215

self.checker = subprocess.\

216

Popen(command,

217

stdout=subprocess.PIPE,

218

close_fds=True, shell=True,

219

cwd="/")

220

self.checker_callback_tag = gobject.\

221

child_watch_add(self.checker.pid,

222

self.\

223

checker_callback)

224

except subprocess.OSError, error:

225

sys.stderr.write(u"Failed to start subprocess: %s\n"

226

% error)

404

227

# Re-run this periodically if run by gobject.timeout_add

405

228

return True

406

407

229

def stop_checker(self):

408

230

"""Force the checker process, if any, to stop."""

409

if self.checker_callback_tag:

410

gobject.source_remove(self.checker_callback_tag)

411

self.checker_callback_tag = None

412

if getattr(self, "checker", None) is None:

231

if not hasattr(self, "checker") or self.checker is None:

413

232

return

414

logger.debug(u"Stopping checker for %(name)s", vars(self))

415

try:

416

os.kill(self.checker.pid, signal.SIGTERM)

417

#os.sleep(0.5)

418

#if self.checker.poll() is None:

419

# os.kill(self.checker.pid, signal.SIGKILL)

420

except OSError, error:

421

if error.errno != errno.ESRCH: # No such process

422

raise

233

gobject.source_remove(self.checker_callback_tag)

234

self.checker_callback_tag = None

235

os.kill(self.checker.pid, signal.SIGTERM)

236

if self.checker.poll() is None:

237

os.kill(self.checker.pid, signal.SIGKILL)

423

238

self.checker = None

424

425

def still_valid(self):

239

def still_valid(self, now=None):

426

240

"""Has the timeout not yet passed for this client?"""

427

if not getattr(self, "enabled", False):

428

return False

429

now = datetime.datetime.utcnow()

430

if self.last_checked_ok is None:

241

if now is None:

242

now = datetime.datetime.now()

243

if self.last_seen is None:

431

244

return now < (self.created + self.timeout)

432

245

else:

433

return now < (self.last_checked_ok + self.timeout)

434

435

436

class ClientDBus(Client, dbus.service.Object):

437

"""A Client class using D-Bus

438

439

Attributes:

440

dbus_object_path: dbus.ObjectPath ; only set if self.use_dbus

441

"""

442

# dbus.service.Object doesn't use super(), so we can't either.

443

444

def __init__(self, *args, **kwargs):

445

Client.__init__(self, *args, **kwargs)

446

# Only now, when this client is initialized, can it show up on

447

# the D-Bus

448

self.dbus_object_path = (dbus.ObjectPath

449

("/clients/"

450

+ self.name.replace(".", "_")))

451

dbus.service.Object.__init__(self, bus,

452

self.dbus_object_path)

453

def enable(self):

454

oldstate = getattr(self, "enabled", False)

455

r = Client.enable(self)

456

if oldstate != self.enabled:

457

# Emit D-Bus signals

458

self.PropertyChanged(dbus.String(u"enabled"),

459

dbus.Boolean(True, variant_level=1))

460

self.PropertyChanged(dbus.String(u"last_enabled"),

461

(_datetime_to_dbus(self.last_enabled,

462

variant_level=1)))

463

return r

464

465

def disable(self, signal = True):

466

oldstate = getattr(self, "enabled", False)

467

r = Client.disable(self)

468

if signal and oldstate != self.enabled:

469

# Emit D-Bus signal

470

self.PropertyChanged(dbus.String(u"enabled"),

471

dbus.Boolean(False, variant_level=1))

472

return r

473

474

def __del__(self, *args, **kwargs):

475

try:

476

self.remove_from_connection()

477

except LookupError:

478

pass

479

if hasattr(dbus.service.Object, "__del__"):

480

dbus.service.Object.__del__(self, *args, **kwargs)

481

Client.__del__(self, *args, **kwargs)

482

483

def checker_callback(self, pid, condition, command,

484

*args, **kwargs):

485

self.checker_callback_tag = None

486

self.checker = None

487

# Emit D-Bus signal

488

self.PropertyChanged(dbus.String(u"checker_running"),

489

dbus.Boolean(False, variant_level=1))

490

if os.WIFEXITED(condition):

491

exitstatus = os.WEXITSTATUS(condition)

492

# Emit D-Bus signal

493

self.CheckerCompleted(dbus.Int16(exitstatus),

494

dbus.Int64(condition),

495

dbus.String(command))

496

else:

497

# Emit D-Bus signal

498

self.CheckerCompleted(dbus.Int16(-1),

499

dbus.Int64(condition),

500

dbus.String(command))

501

502

return Client.checker_callback(self, pid, condition, command,

503

*args, **kwargs)

504

505

def checked_ok(self, *args, **kwargs):

506

r = Client.checked_ok(self, *args, **kwargs)

507

# Emit D-Bus signal

508

self.PropertyChanged(

509

dbus.String(u"last_checked_ok"),

510

(_datetime_to_dbus(self.last_checked_ok,

511

variant_level=1)))

512

return r

513

514

def start_checker(self, *args, **kwargs):

515

old_checker = self.checker

516

if self.checker is not None:

517

old_checker_pid = self.checker.pid

518

else:

519

old_checker_pid = None

520

r = Client.start_checker(self, *args, **kwargs)

521

# Only if new checker process was started

522

if (self.checker is not None

523

and old_checker_pid != self.checker.pid):

524

# Emit D-Bus signal

525

self.CheckerStarted(self.current_checker_command)

526

self.PropertyChanged(

527

dbus.String("checker_running"),

528

dbus.Boolean(True, variant_level=1))

529

return r

530

531

def stop_checker(self, *args, **kwargs):

532

old_checker = getattr(self, "checker", None)

533

r = Client.stop_checker(self, *args, **kwargs)

534

if (old_checker is not None

535

and getattr(self, "checker", None) is None):

536

self.PropertyChanged(dbus.String(u"checker_running"),

537

dbus.Boolean(False, variant_level=1))

538

return r

539

540

## D-Bus methods & signals

541

_interface = u"se.bsnet.fukt.Mandos.Client"

542

543

# CheckedOK - method

544

CheckedOK = dbus.service.method(_interface)(checked_ok)

545

CheckedOK.__name__ = "CheckedOK"

546

547

# CheckerCompleted - signal

548

@dbus.service.signal(_interface, signature="nxs")

549

def CheckerCompleted(self, exitcode, waitstatus, command):

550

"D-Bus signal"

551

pass

552

553

# CheckerStarted - signal

554

@dbus.service.signal(_interface, signature="s")

555

def CheckerStarted(self, command):

556

"D-Bus signal"

557

pass

558

559

# GetAllProperties - method

560

@dbus.service.method(_interface, out_signature="a{sv}")

561

def GetAllProperties(self):

562

"D-Bus method"

563

return dbus.Dictionary({

564

dbus.String("name"):

565

dbus.String(self.name, variant_level=1),

566

dbus.String("fingerprint"):

567

dbus.String(self.fingerprint, variant_level=1),

568

dbus.String("host"):

569

dbus.String(self.host, variant_level=1),

570

dbus.String("created"):

571

_datetime_to_dbus(self.created, variant_level=1),

572

dbus.String("last_enabled"):

573

(_datetime_to_dbus(self.last_enabled,

574

variant_level=1)

575

if self.last_enabled is not None

576

else dbus.Boolean(False, variant_level=1)),

577

dbus.String("enabled"):

578

dbus.Boolean(self.enabled, variant_level=1),

579

dbus.String("last_checked_ok"):

580

(_datetime_to_dbus(self.last_checked_ok,

581

variant_level=1)

582

if self.last_checked_ok is not None

583

else dbus.Boolean (False, variant_level=1)),

584

dbus.String("timeout"):

585

dbus.UInt64(self.timeout_milliseconds(),

586

variant_level=1),

587

dbus.String("interval"):

588

dbus.UInt64(self.interval_milliseconds(),

589

variant_level=1),

590

dbus.String("checker"):

591

dbus.String(self.checker_command,

592

variant_level=1),

593

dbus.String("checker_running"):

594

dbus.Boolean(self.checker is not None,

595

variant_level=1),

596

dbus.String("object_path"):

597

dbus.ObjectPath(self.dbus_object_path,

598

variant_level=1)

599

}, signature="sv")

600

601

# IsStillValid - method

602

@dbus.service.method(_interface, out_signature="b")

603

def IsStillValid(self):

604

return self.still_valid()

605

606

# PropertyChanged - signal

607

@dbus.service.signal(_interface, signature="sv")

608

def PropertyChanged(self, property, value):

609

"D-Bus signal"

610

pass

611

612

# ReceivedSecret - signal

613

@dbus.service.signal(_interface)

614

def ReceivedSecret(self):

615

"D-Bus signal"

616

pass

617

618

# Rejected - signal

619

@dbus.service.signal(_interface)

620

def Rejected(self):

621

"D-Bus signal"

622

pass

623

624

# SetChecker - method

625

@dbus.service.method(_interface, in_signature="s")

626

def SetChecker(self, checker):

627

"D-Bus setter method"

628

self.checker_command = checker

629

# Emit D-Bus signal

630

self.PropertyChanged(dbus.String(u"checker"),

631

dbus.String(self.checker_command,

632

variant_level=1))

633

634

# SetHost - method

635

@dbus.service.method(_interface, in_signature="s")

636

def SetHost(self, host):

637

"D-Bus setter method"

638

self.host = host

639

# Emit D-Bus signal

640

self.PropertyChanged(dbus.String(u"host"),

641

dbus.String(self.host, variant_level=1))

642

643

# SetInterval - method

644

@dbus.service.method(_interface, in_signature="t")

645

def SetInterval(self, milliseconds):

646

self.interval = datetime.timedelta(0, 0, 0, milliseconds)

647

# Emit D-Bus signal

648

self.PropertyChanged(dbus.String(u"interval"),

649

(dbus.UInt64(self.interval_milliseconds(),

650

variant_level=1)))

651

652

# SetSecret - method

653

@dbus.service.method(_interface, in_signature="ay",

654

byte_arrays=True)

655

def SetSecret(self, secret):

656

"D-Bus setter method"

657

self.secret = str(secret)

658

659

# SetTimeout - method

660

@dbus.service.method(_interface, in_signature="t")

661

def SetTimeout(self, milliseconds):

662

self.timeout = datetime.timedelta(0, 0, 0, milliseconds)

663

# Emit D-Bus signal

664

self.PropertyChanged(dbus.String(u"timeout"),

665

(dbus.UInt64(self.timeout_milliseconds(),

666

variant_level=1)))

667

668

# Enable - method

669

Enable = dbus.service.method(_interface)(enable)

670

Enable.__name__ = "Enable"

671

672

# StartChecker - method

673

@dbus.service.method(_interface)

674

def StartChecker(self):

675

"D-Bus method"

676

self.start_checker()

677

678

# Disable - method

679

@dbus.service.method(_interface)

680

def Disable(self):

681

"D-Bus method"

682

self.disable()

683

684

# StopChecker - method

685

StopChecker = dbus.service.method(_interface)(stop_checker)

686

StopChecker.__name__ = "StopChecker"

687

688

del _interface

689

690

691

class ClientHandler(SocketServer.BaseRequestHandler, object):

692

"""A class to handle client connections.

693

694

Instantiated once for each connection to handle it.

246

return now < (self.last_seen + self.timeout)

247

248

249

def peer_certificate(session):

250

# If not an OpenPGP certificate...

251

if gnutls.library.functions.gnutls_certificate_type_get\

252

(session._c_object) \

253

!= gnutls.library.constants.GNUTLS_CRT_OPENPGP:

254

# ...do the normal thing

255

return session.peer_certificate

256

list_size = ctypes.c_uint()

257

cert_list = gnutls.library.functions.gnutls_certificate_get_peers\

258

(session._c_object, ctypes.byref(list_size))

259

if list_size.value == 0:

260

return None

261

cert = cert_list[0]

262

return ctypes.string_at(cert.data, cert.size)

263

264

265

def fingerprint(openpgp):

266

# New empty GnuTLS certificate

267

crt = gnutls.library.types.gnutls_openpgp_crt_t()

268

gnutls.library.functions.gnutls_openpgp_crt_init\

269

(ctypes.byref(crt))

270

# New GnuTLS "datum" with the OpenPGP public key

271

datum = gnutls.library.types.gnutls_datum_t\

272

(ctypes.cast(ctypes.c_char_p(openpgp),

273

ctypes.POINTER(ctypes.c_ubyte)),

274

ctypes.c_uint(len(openpgp)))

275

# Import the OpenPGP public key into the certificate

276

ret = gnutls.library.functions.gnutls_openpgp_crt_import\

277

(crt,

278

ctypes.byref(datum),

279

gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)

280

# New buffer for the fingerprint

281

buffer = ctypes.create_string_buffer(20)

282

buffer_length = ctypes.c_size_t()

283

# Get the fingerprint from the certificate into the buffer

284

gnutls.library.functions.gnutls_openpgp_crt_get_fingerprint\

285

(crt, ctypes.byref(buffer), ctypes.byref(buffer_length))

286

# Deinit the certificate

287

gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)

288

# Convert the buffer to a Python bytestring

289

fpr = ctypes.string_at(buffer, buffer_length.value)

290

# Convert the bytestring to hexadecimal notation

291

hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)

292

return hex_fpr

293

294

295

class tcp_handler(SocketServer.BaseRequestHandler, object):

296

"""A TCP request handler class.

297

Instantiated by IPv6_TCPServer for each request to handle it.

695

298

Note: This will run in its own forked process."""

696

299

697

300

def handle(self):

698

logger.info(u"TCP connection from: %s",

699

unicode(self.client_address))

700

logger.debug(u"IPC Pipe FD: %d", self.server.pipe[1])

701

# Open IPC pipe to parent process

702

with closing(os.fdopen(self.server.pipe[1], "w", 1)) as ipc:

703

session = (gnutls.connection

704

.ClientSession(self.request,

705

gnutls.connection

706

.X509Credentials()))

707

708

line = self.request.makefile().readline()

709

logger.debug(u"Protocol version: %r", line)

710

try:

711

if int(line.strip().split()[0]) > 1:

712

raise RuntimeError

713

except (ValueError, IndexError, RuntimeError), error:

714

logger.error(u"Unknown protocol version: %s", error)

715

return

716

717

# Note: gnutls.connection.X509Credentials is really a

718

# generic GnuTLS certificate credentials object so long as

719

# no X.509 keys are added to it. Therefore, we can use it

720

# here despite using OpenPGP certificates.

721

722

#priority = ':'.join(("NONE", "+VERS-TLS1.1",

723

# "+AES-256-CBC", "+SHA1",

724

# "+COMP-NULL", "+CTYPE-OPENPGP",

725

# "+DHE-DSS"))

726

# Use a fallback default, since this MUST be set.

727

priority = self.server.gnutls_priority

728

if priority is None:

729

priority = "NORMAL"

730

(gnutls.library.functions

731

.gnutls_priority_set_direct(session._c_object,

732

priority, None))

733

734

try:

735

session.handshake()

736

except gnutls.errors.GNUTLSError, error:

737

logger.warning(u"Handshake failed: %s", error)

738

# Do not run session.bye() here: the session is not

739

# established. Just abandon the request.

740

return

741

logger.debug(u"Handshake succeeded")

742

try:

743

fpr = self.fingerprint(self.peer_certificate(session))

744

except (TypeError, gnutls.errors.GNUTLSError), error:

745

logger.warning(u"Bad certificate: %s", error)

746

session.bye()

747

return

748

logger.debug(u"Fingerprint: %s", fpr)

749

750

for c in self.server.clients:

751

if c.fingerprint == fpr:

752

client = c

753

break

754

else:

755

ipc.write("NOTFOUND %s\n" % fpr)

756

session.bye()

757

return

758

# Have to check if client.still_valid(), since it is

759

# possible that the client timed out while establishing

760

# the GnuTLS session.

761

if not client.still_valid():

762

ipc.write("INVALID %s\n" % client.name)

763

session.bye()

764

return

765

ipc.write("SENDING %s\n" % client.name)

766

sent_size = 0

767

while sent_size < len(client.secret):

768

sent = session.send(client.secret[sent_size:])

769

logger.debug(u"Sent: %d, remaining: %d",

770

sent, len(client.secret)

771

- (sent_size + sent))

772

sent_size += sent

773

session.bye()

774

775

@staticmethod

776

def peer_certificate(session):

777

"Return the peer's OpenPGP certificate as a bytestring"

778

# If not an OpenPGP certificate...

779

if (gnutls.library.functions

780

.gnutls_certificate_type_get(session._c_object)

781

!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):

782

# ...do the normal thing

783

return session.peer_certificate

784

list_size = ctypes.c_uint(1)

785

cert_list = (gnutls.library.functions

786

.gnutls_certificate_get_peers

787

(session._c_object, ctypes.byref(list_size)))

788

if not bool(cert_list) and list_size.value != 0:

789

raise gnutls.errors.GNUTLSError("error getting peer"

790

" certificate")

791

if list_size.value == 0:

792

return None

793

cert = cert_list[0]

794

return ctypes.string_at(cert.data, cert.size)

795

796

@staticmethod

797

def fingerprint(openpgp):

798

"Convert an OpenPGP bytestring to a hexdigit fingerprint"

799

# New GnuTLS "datum" with the OpenPGP public key

800

datum = (gnutls.library.types

801

.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),

802

ctypes.POINTER

803

(ctypes.c_ubyte)),

804

ctypes.c_uint(len(openpgp))))

805

# New empty GnuTLS certificate

806

crt = gnutls.library.types.gnutls_openpgp_crt_t()

807

(gnutls.library.functions

808

.gnutls_openpgp_crt_init(ctypes.byref(crt)))

809

# Import the OpenPGP public key into the certificate

810

(gnutls.library.functions

811

.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),

812

gnutls.library.constants

813

.GNUTLS_OPENPGP_FMT_RAW))

814

# Verify the self signature in the key

815

crtverify = ctypes.c_uint()

816

(gnutls.library.functions

817

.gnutls_openpgp_crt_verify_self(crt, 0,

818

ctypes.byref(crtverify)))

819

if crtverify.value != 0:

820

gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)

821

raise (gnutls.errors.CertificateSecurityError

822

("Verify failed"))

823

# New buffer for the fingerprint

824

buf = ctypes.create_string_buffer(20)

825

buf_len = ctypes.c_size_t()

826

# Get the fingerprint from the certificate into the buffer

827

(gnutls.library.functions

828

.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),

829

ctypes.byref(buf_len)))

830

# Deinit the certificate

831

gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)

832

# Convert the buffer to a Python bytestring

833

fpr = ctypes.string_at(buf, buf_len.value)

834

# Convert the bytestring to hexadecimal notation

835

hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)

836

return hex_fpr

837

838

839

class ForkingMixInWithPipe(SocketServer.ForkingMixIn, object):

840

"""Like SocketServer.ForkingMixIn, but also pass a pipe.

841

842

Assumes a gobject.MainLoop event loop.

843

"""

844

def process_request(self, request, client_address):

845

"""Overrides and wraps the original process_request().

846

847

This function creates a new pipe in self.pipe

848

"""

849

self.pipe = os.pipe()

850

super(ForkingMixInWithPipe,

851

self).process_request(request, client_address)

852

os.close(self.pipe[1]) # close write end

853

# Call "handle_ipc" for both data and EOF events

854

gobject.io_add_watch(self.pipe[0],

855

gobject.IO_IN | gobject.IO_HUP,

856

self.handle_ipc)

857

def handle_ipc(source, condition):

858

"""Dummy function; override as necessary"""

859

os.close(source)

860

return False

861

862

863

class IPv6_TCPServer(ForkingMixInWithPipe,

864

SocketServer.TCPServer, object):

865

"""IPv6-capable TCP server. Accepts 'None' as address and/or port

866

301

if debug:

302

sys.stderr.write(u"TCP request came\n")

303

sys.stderr.write(u"Request: %s\n" % self.request)

304

sys.stderr.write(u"Client Address: %s\n"

305

% unicode(self.client_address))

306

sys.stderr.write(u"Server: %s\n" % self.server)

307

session = gnutls.connection.ClientSession(self.request,

308

gnutls.connection.\

309

X509Credentials())

310

311

#priority = ':'.join(("NONE", "+VERS-TLS1.1", "+AES-256-CBC",

312

# "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",

313

# "+DHE-DSS"))

314

priority = "SECURE256"

315

316

gnutls.library.functions.gnutls_priority_set_direct\

317

(session._c_object, priority, None);

318

319

try:

320

session.handshake()

321

except gnutls.errors.GNUTLSError, error:

322

if debug:

323

sys.stderr.write(u"Handshake failed: %s\n" % error)

324

# Do not run session.bye() here: the session is not

325

# established. Just abandon the request.

326

return

327

try:

328

fpr = fingerprint(peer_certificate(session))

329

except (TypeError, gnutls.errors.GNUTLSError), error:

330

if debug:

331

sys.stderr.write(u"Bad certificate: %s\n" % error)

332

session.bye()

333

return

334

if debug:

335

sys.stderr.write(u"Fingerprint: %s\n" % fpr)

336

client = None

337

for c in clients:

338

if c.fingerprint == fpr:

339

client = c

340

break

341

# Have to check if client.still_valid(), since it is possible

342

# that the client timed out while establishing the GnuTLS

343

# session.

344

if (not client) or (not client.still_valid()):

345

if debug:

346

if client:

347

sys.stderr.write(u"Client %(name)s is invalid\n"

348

% vars(client))

349

else:

350

sys.stderr.write(u"Client not found for "

351

u"fingerprint: %s\n" % fpr)

352

session.bye()

353

return

354

sent_size = 0

355

while sent_size < len(client.secret):

356

sent = session.send(client.secret[sent_size:])

357

if debug:

358

sys.stderr.write(u"Sent: %d, remaining: %d\n"

359

% (sent, len(client.secret)

360

- (sent_size + sent)))

361

sent_size += sent

362

session.bye()

363

364

365

class IPv6_TCPServer(SocketServer.ForkingTCPServer, object):

366

"""IPv6 TCP server. Accepts 'None' as address and/or port.

867

367

Attributes:

868

enabled: Boolean; whether this server is activated yet

869

interface: None or a network interface name (string)

870

use_ipv6: Boolean; to use IPv6 or not

871

----

368

options: Command line options

872

369

clients: Set() of Client objects

873

gnutls_priority GnuTLS priority string

874

use_dbus: Boolean; to emit D-Bus signals or not

875

370

"""

876

def __init__(self, server_address, RequestHandlerClass,

877

interface=None, use_ipv6=True, clients=None,

878

gnutls_priority=None, use_dbus=True):

879

self.enabled = False

880

self.interface = interface

881

if use_ipv6:

882

self.address_family = socket.AF_INET6

883

self.clients = clients

884

self.use_dbus = use_dbus

885

self.gnutls_priority = gnutls_priority

886

SocketServer.TCPServer.__init__(self, server_address,

887

RequestHandlerClass)

371

address_family = socket.AF_INET6

372

def __init__(self, *args, **kwargs):

373

if "options" in kwargs:

374

self.options = kwargs["options"]

375

del kwargs["options"]

376

if "clients" in kwargs:

377

self.clients = kwargs["clients"]

378

del kwargs["clients"]

379

return super(type(self), self).__init__(*args, **kwargs)

888

380

def server_bind(self):

889

381

"""This overrides the normal server_bind() function

890

382

to bind to an interface if one was specified, and also NOT to

891

383

bind to an address or port if they were not specified."""

892

if self.interface is not None:

384

if self.options.interface:

385

if not hasattr(socket, "SO_BINDTODEVICE"):

386

# From /usr/include/asm-i486/socket.h

387

socket.SO_BINDTODEVICE = 25

893

388

try:

894

389

self.socket.setsockopt(socket.SOL_SOCKET,

895

SO_BINDTODEVICE,

896

self.interface + '\0')

390

socket.SO_BINDTODEVICE,

391

self.options.interface)

897

392

except socket.error, error:

898

393

if error[0] == errno.EPERM:

899

logger.error(u"No permission to"

900

u" bind to interface %s",

901

self.interface)

394

sys.stderr.write(u"Warning: No permission to" \

395

u" bind to interface %s\n"

396

% self.options.interface)

902

397

else:

903

raise

398

raise error

904

399

# Only bind(2) the socket if we really need to.

905

400

if self.server_address[0] or self.server_address[1]:

906

401

if not self.server_address[0]:

907

if self.address_family == socket.AF_INET6:

908

any_address = "::" # in6addr_any

909

else:

910

any_address = socket.INADDR_ANY

911

self.server_address = (any_address,

402

in6addr_any = "::"

403

self.server_address = (in6addr_any,

912

404

self.server_address[1])

913

elif not self.server_address[1]:

405

elif self.server_address[1] is None:

914

406

self.server_address = (self.server_address[0],

915

407

916

# if self.interface:

917

# self.server_address = (self.server_address[0],

918

# 0, # port

919

# 0, # flowinfo

920

# if_nametoindex

921

# (self.interface))

922

return SocketServer.TCPServer.server_bind(self)

923

def server_activate(self):

924

if self.enabled:

925

return SocketServer.TCPServer.server_activate(self)

926

def enable(self):

927

self.enabled = True

928

def handle_ipc(self, source, condition, file_objects={}):

929

condition_names = {

930

gobject.IO_IN: "IN", # There is data to read.

931

gobject.IO_OUT: "OUT", # Data can be written (without

932

# blocking).

933

gobject.IO_PRI: "PRI", # There is urgent data to read.

934

gobject.IO_ERR: "ERR", # Error condition.

935

gobject.IO_HUP: "HUP" # Hung up (the connection has been

936

# broken, usually for pipes and

937

# sockets).

938

}

939

conditions_string = ' | '.join(name

940

for cond, name in

941

condition_names.iteritems()

942

if cond & condition)

943

logger.debug("Handling IPC: FD = %d, condition = %s", source,

944

conditions_string)

945

946

# Turn the pipe file descriptor into a Python file object

947

if source not in file_objects:

948

file_objects[source] = os.fdopen(source, "r", 1)

949

950

# Read a line from the file object

951

cmdline = file_objects[source].readline()

952

if not cmdline: # Empty line means end of file

953

# close the IPC pipe

954

file_objects[source].close()

955

del file_objects[source]

956

957

# Stop calling this function

958

return False

959

960

logger.debug("IPC command: %r", cmdline)

961

962

# Parse and act on command

963

cmd, args = cmdline.rstrip("\r\n").split(None, 1)

964

965

if cmd == "NOTFOUND":

966

logger.warning(u"Client not found for fingerprint: %s",

967

args)

968

if self.use_dbus:

969

# Emit D-Bus signal

970

mandos_dbus_service.ClientNotFound(args)

971

elif cmd == "INVALID":

972

for client in self.clients:

973

if client.name == args:

974

logger.warning(u"Client %s is invalid", args)

975

if self.use_dbus:

976

# Emit D-Bus signal

977

client.Rejected()

978

break

979

else:

980

logger.error(u"Unknown client %s is invalid", args)

981

elif cmd == "SENDING":

982

for client in self.clients:

983

if client.name == args:

984

logger.info(u"Sending secret to %s", client.name)

985

client.checked_ok()

986

if self.use_dbus:

987

# Emit D-Bus signal

988

client.ReceivedSecret()

989

break

990

else:

991

logger.error(u"Sending secret to unknown client %s",

992

args)

993

else:

994

logger.error("Unknown IPC command: %r", cmdline)

995

996

# Keep calling this function

997

return True

408

return super(type(self), self).server_bind()

998

409

999

410

1000

411

def string_to_delta(interval):

1001

412

"""Parse a string and return a datetime.timedelta

1002

413

1003

414

>>> string_to_delta('7d')

1004

415

datetime.timedelta(7)

1005

416

>>> string_to_delta('60s')

1010

421

datetime.timedelta(1)

1011

422

>>> string_to_delta(u'1w')

1012

423

datetime.timedelta(7)

1013

>>> string_to_delta('5m 30s')

1014

datetime.timedelta(0, 330)

1015

424

"""

1016

timevalue = datetime.timedelta(0)

1017

for s in interval.split():

1018

try:

1019

suffix = unicode(s[-1])

1020

value = int(s[:-1])

1021

if suffix == u"d":

1022

delta = datetime.timedelta(value)

1023

elif suffix == u"s":

1024

delta = datetime.timedelta(0, value)

1025

elif suffix == u"m":

1026

delta = datetime.timedelta(0, 0, 0, 0, value)

1027

elif suffix == u"h":

1028

delta = datetime.timedelta(0, 0, 0, 0, 0, value)

1029

elif suffix == u"w":

1030

delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)

1031

else:

1032

raise ValueError

1033

except (ValueError, IndexError):

425

try:

426

suffix=unicode(interval[-1])

427

value=int(interval[:-1])

428

if suffix == u"d":

429

delta = datetime.timedelta(value)

430

elif suffix == u"s":

431

delta = datetime.timedelta(0, value)

432

elif suffix == u"m":

433

delta = datetime.timedelta(0, 0, 0, 0, value)

434

elif suffix == u"h":

435

delta = datetime.timedelta(0, 0, 0, 0, 0, value)

436

elif suffix == u"w":

437

delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)

438

else:

1034

439

raise ValueError

1035

timevalue += delta

1036

return timevalue

440

except (ValueError, IndexError):

441

raise ValueError

442

return delta

443

444

445

def add_service():

446

"""From the Avahi server example code"""

447

global group, serviceName, serviceType, servicePort, serviceTXT, \

448

domain, host

449

if group is None:

450

group = dbus.Interface(

451

bus.get_object( avahi.DBUS_NAME,

452

server.EntryGroupNew()),

453

avahi.DBUS_INTERFACE_ENTRY_GROUP)

454

group.connect_to_signal('StateChanged',

455

entry_group_state_changed)

456

if debug:

457

sys.stderr.write(u"Adding service '%s' of type '%s' ...\n"

458

% (serviceName, serviceType))

459

460

group.AddService(

461

serviceInterface, # interface

462

avahi.PROTO_INET6, # protocol

463

dbus.UInt32(0), # flags

464

serviceName, serviceType,

465

domain, host,

466

dbus.UInt16(servicePort),

467

avahi.string_array_to_txt_array(serviceTXT))

468

group.Commit()

469

470

471

def remove_service():

472

"""From the Avahi server example code"""

473

global group

474

475

if not group is None:

476

group.Reset()

1037

477

1038

478

1039

479

def server_state_changed(state):

1040

"""Derived from the Avahi example code"""

480

"""From the Avahi server example code"""

1041

481

if state == avahi.SERVER_COLLISION:

1042

logger.error(u"Zeroconf server name collision")

1043

service.remove()

482

sys.stderr.write(u"WARNING: Server name collision\n")

483

remove_service()

1044

484

elif state == avahi.SERVER_RUNNING:

1045

service.add()

485

add_service()

1046

486

1047

487

1048

488

def entry_group_state_changed(state, error):

1049

"""Derived from the Avahi example code"""

1050

logger.debug(u"Avahi state change: %i", state)

489

"""From the Avahi server example code"""

490

global serviceName, server, rename_count

491

492

if debug:

493

sys.stderr.write(u"state change: %i\n" % state)

1051

494

1052

495

if state == avahi.ENTRY_GROUP_ESTABLISHED:

1053

logger.debug(u"Zeroconf service established.")

496

if debug:

497

sys.stderr.write(u"Service established.\n")

1054

498

elif state == avahi.ENTRY_GROUP_COLLISION:

1055

logger.warning(u"Zeroconf service name collision.")

1056

service.rename()

499

500

rename_count = rename_count - 1

501

if rename_count > 0:

502

name = server.GetAlternativeServiceName(name)

503

sys.stderr.write(u"WARNING: Service name collision, "

504

u"changing name to '%s' ...\n" % name)

505

remove_service()

506

add_service()

507

508

else:

509

sys.stderr.write(u"ERROR: No suitable service name found "

510

u"after %i retries, exiting.\n"

511

% n_rename)

512

main_loop.quit()

1057

513

elif state == avahi.ENTRY_GROUP_FAILURE:

1058

logger.critical(u"Avahi: Error in group state changed %s",

1059

unicode(error))

1060

raise AvahiGroupError(u"State changed: %s" % unicode(error))

514

sys.stderr.write(u"Error in group state changed %s\n"

515

% unicode(error))

516

main_loop.quit()

517

return

518

1061

519

1062

520

def if_nametoindex(interface):

1063

"""Call the C function if_nametoindex(), or equivalent"""

1064

global if_nametoindex

521

"""Call the C function if_nametoindex()"""

1065

522

try:

1066

if_nametoindex = (ctypes.cdll.LoadLibrary

1067

(ctypes.util.find_library("c"))

1068

.if_nametoindex)

523

libc = ctypes.cdll.LoadLibrary("libc.so.6")

524

return libc.if_nametoindex(interface)

1069

525

except (OSError, AttributeError):

1070

526

if "struct" not in sys.modules:

1071

527

import struct

1072

528

if "fcntl" not in sys.modules:

1073

529

import fcntl

1074

def if_nametoindex(interface):

1075

"Get an interface index the hard way, i.e. using fcntl()"

1076

SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h

1077

with closing(socket.socket()) as s:

1078

ifreq = fcntl.ioctl(s, SIOCGIFINDEX,

1079

struct.pack("16s16x", interface))

1080

interface_index = struct.unpack("I", ifreq[16:20])[0]

1081

return interface_index

1082

return if_nametoindex(interface)

1083

1084

1085

def daemon(nochdir = False, noclose = False):

1086

"""See daemon(3). Standard BSD Unix function.

1087

1088

This should really exist as os.daemon, but it doesn't (yet)."""

1089

if os.fork():

1090

sys.exit()

1091

os.setsid()

1092

if not nochdir:

1093

os.chdir("/")

1094

if os.fork():

1095

sys.exit()

1096

if not noclose:

1097

# Close all standard open file descriptors

1098

null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)

1099

if not stat.S_ISCHR(os.fstat(null).st_mode):

1100

raise OSError(errno.ENODEV,

1101

"/dev/null not a character device")

1102

os.dup2(null, sys.stdin.fileno())

1103

os.dup2(null, sys.stdout.fileno())

1104

os.dup2(null, sys.stderr.fileno())

1105

if null > 2:

1106

os.close(null)

1107

1108

1109

def main():

1110

1111

######################################################################

1112

# Parsing of options, both command line and config file

1113

1114

parser = optparse.OptionParser(version = "%%prog %s" % version)

530

SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h

531

s = socket.socket()

532

ifreq = fcntl.ioctl(s, SIOCGIFINDEX,

533

struct.pack("16s16x", interface))

534

s.close()

535

interface_index = struct.unpack("I", ifreq[16:20])[0]

536

return interface_index

537

538

539

if __name__ == '__main__':

540

parser = OptionParser()

1115

541

parser.add_option("-i", "--interface", type="string",

1116

metavar="IF", help="Bind to interface IF")

1117

parser.add_option("-a", "--address", type="string",

1118

help="Address to listen for requests on")

1119

parser.add_option("-p", "--port", type="int",

542

default=None, metavar="IF",

543

help="Bind to interface IF")

544

parser.add_option("--cert", type="string", default="cert.pem",

545

metavar="FILE",

546

help="Public key certificate PEM file to use")

547

parser.add_option("--key", type="string", default="key.pem",

548

metavar="FILE",

549

help="Private key PEM file to use")

550

parser.add_option("--ca", type="string", default="ca.pem",

551

metavar="FILE",

552

help="Certificate Authority certificate PEM file to use")

553

parser.add_option("--crl", type="string", default="crl.pem",

554

metavar="FILE",

555

help="Certificate Revokation List PEM file to use")

556

parser.add_option("-p", "--port", type="int", default=None,

1120

557

help="Port number to receive requests on")

1121

parser.add_option("--check", action="store_true",

558

parser.add_option("--timeout", type="string", # Parsed later

559

default="1h",

560

help="Amount of downtime allowed for clients")

561

parser.add_option("--interval", type="string", # Parsed later

562

default="5m",

563

help="How often to check that a client is up")

564

parser.add_option("--check", action="store_true", default=False,

1122

565

help="Run self-test")

1123

parser.add_option("--debug", action="store_true",

1124

help="Debug mode; run in foreground and log to"

1125

" terminal")

1126

parser.add_option("--priority", type="string", help="GnuTLS"

1127

" priority string (see GnuTLS documentation)")

1128

parser.add_option("--servicename", type="string", metavar="NAME",

1129

help="Zeroconf service name")

1130

parser.add_option("--configdir", type="string",

1131

default="/etc/mandos", metavar="DIR",

1132

help="Directory to search for configuration"

1133

" files")

1134

parser.add_option("--no-dbus", action="store_false",

1135

dest="use_dbus",

1136

help="Do not provide D-Bus system bus"

1137

" interface")

1138

parser.add_option("--no-ipv6", action="store_false",

1139

dest="use_ipv6", help="Do not use IPv6")

1140

options = parser.parse_args()[0]

566

parser.add_option("--debug", action="store_true", default=False,

567

help="Debug mode")

568

(options, args) = parser.parse_args()

1141

569

1142

570

if options.check:

1143

571

import doctest

1144

572

doctest.testmod()

1145

573

sys.exit()

1146

574

1147

# Default values for config file for server-global settings

1148

server_defaults = { "interface": "",

1149

"address": "",

1150

"port": "",

1151

"debug": "False",

1152

"priority":

1153

"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",

1154

"servicename": "Mandos",

1155

"use_dbus": "True",

1156

"use_ipv6": "True",

1157

}

1158

1159

# Parse config file for server-global settings

1160

server_config = ConfigParser.SafeConfigParser(server_defaults)

1161

del server_defaults

1162

server_config.read(os.path.join(options.configdir, "mandos.conf"))

1163

# Convert the SafeConfigParser object to a dict

1164

server_settings = server_config.defaults()

1165

# Use the appropriate methods on the non-string config options

1166

server_settings["debug"] = server_config.getboolean("DEFAULT",

1167

"debug")

1168

server_settings["use_dbus"] = server_config.getboolean("DEFAULT",

1169

"use_dbus")

1170

server_settings["use_ipv6"] = server_config.getboolean("DEFAULT",

1171

"use_ipv6")

1172

if server_settings["port"]:

1173

server_settings["port"] = server_config.getint("DEFAULT",

1174

"port")

1175

del server_config

1176

1177

# Override the settings from the config file with command line

1178

# options, if set.

1179

for option in ("interface", "address", "port", "debug",

1180

"priority", "servicename", "configdir",

1181

"use_dbus", "use_ipv6"):

1182

value = getattr(options, option)

1183

if value is not None:

1184

server_settings[option] = value

1185

del options

1186

# Now we have our good server settings in "server_settings"

1187

1188

##################################################################

1189

1190

# For convenience

1191

debug = server_settings["debug"]

1192

use_dbus = server_settings["use_dbus"]

1193

use_ipv6 = server_settings["use_ipv6"]

1194

1195

if not debug:

1196

syslogger.setLevel(logging.WARNING)

1197

console.setLevel(logging.WARNING)

1198

1199

if server_settings["servicename"] != "Mandos":

1200

syslogger.setFormatter(logging.Formatter

1201

('Mandos (%s) [%%(process)d]:'

1202

' %%(levelname)s: %%(message)s'

1203

% server_settings["servicename"]))

1204

1205

# Parse config file with clients

1206

client_defaults = { "timeout": "1h",

1207

"interval": "5m",

1208

"checker": "fping -q -- %%(host)s",

1209

"host": "",

1210

}

1211

client_config = ConfigParser.SafeConfigParser(client_defaults)

1212

client_config.read(os.path.join(server_settings["configdir"],

1213

"clients.conf"))

1214

1215

global mandos_dbus_service

1216

mandos_dbus_service = None

1217

1218

clients = Set()

1219

tcp_server = IPv6_TCPServer((server_settings["address"],

1220

server_settings["port"]),

1221

ClientHandler,

1222

interface=

1223

server_settings["interface"],

1224

use_ipv6=use_ipv6,

1225

clients=clients,

1226

gnutls_priority=

1227

server_settings["priority"],

1228

use_dbus=use_dbus)

1229

pidfilename = "/var/run/mandos.pid"

1230

try:

1231

pidfile = open(pidfilename, "w")

1232

except IOError:

1233

logger.error("Could not open file %r", pidfilename)

1234

1235

try:

1236

uid = pwd.getpwnam("_mandos").pw_uid

1237

gid = pwd.getpwnam("_mandos").pw_gid

1238

except KeyError:

1239

try:

1240

uid = pwd.getpwnam("mandos").pw_uid

1241

gid = pwd.getpwnam("mandos").pw_gid

1242

except KeyError:

1243

try:

1244

uid = pwd.getpwnam("nobody").pw_uid

1245

gid = pwd.getpwnam("nogroup").pw_gid

1246

except KeyError:

1247

uid = 65534

1248

gid = 65534

1249

try:

1250

os.setgid(gid)

1251

os.setuid(uid)

1252

except OSError, error:

1253

if error[0] != errno.EPERM:

1254

raise error

1255

1256

# Enable all possible GnuTLS debugging

1257

if debug:

1258

# "Use a log level over 10 to enable all debugging options."

1259

# - GnuTLS manual

1260

gnutls.library.functions.gnutls_global_set_log_level(11)

1261

1262

@gnutls.library.types.gnutls_log_func

1263

def debug_gnutls(level, string):

1264

logger.debug("GnuTLS: %s", string[:-1])

1265

1266

(gnutls.library.functions

1267

.gnutls_global_set_log_function(debug_gnutls))

1268

1269

global service

1270

protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET

1271

service = AvahiService(name = server_settings["servicename"],

1272

servicetype = "_mandos._tcp",

1273

protocol = protocol)

1274

if server_settings["interface"]:

1275

service.interface = (if_nametoindex

1276

(server_settings["interface"]))

1277

1278

global main_loop

1279

global bus

1280

global server

1281

# From the Avahi example code

575

# Parse the time arguments

576

try:

577

options.timeout = string_to_delta(options.timeout)

578

except ValueError:

579

parser.error("option --timeout: Unparseable time")

580

try:

581

options.interval = string_to_delta(options.interval)

582

except ValueError:

583

parser.error("option --interval: Unparseable time")

584

585

# Parse config file

586

defaults = { "checker": "sleep 1; fping -q -- %%(fqdn)s" }

587

client_config = ConfigParser.SafeConfigParser(defaults)

588

#client_config.readfp(open("secrets.conf"), "secrets.conf")

589

client_config.read("mandos-clients.conf")

590

591

# From the Avahi server example code

1282

592

DBusGMainLoop(set_as_default=True )

1283

593

main_loop = gobject.MainLoop()

1284

594

bus = dbus.SystemBus()

1285

server = dbus.Interface(bus.get_object(avahi.DBUS_NAME,

1286

avahi.DBUS_PATH_SERVER),

1287

avahi.DBUS_INTERFACE_SERVER)

595

server = dbus.Interface(

596

bus.get_object( avahi.DBUS_NAME, avahi.DBUS_PATH_SERVER ),

597

avahi.DBUS_INTERFACE_SERVER )

1288

598

# End of Avahi example code

1289

if use_dbus:

1290

bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos", bus)

1291

1292

client_class = Client

1293

if use_dbus:

1294

client_class = ClientDBus

1295

clients.update(Set(

1296

client_class(name = section,

1297

config= dict(client_config.items(section)))

1298

for section in client_config.sections()))

1299

if not clients:

1300

logger.warning(u"No clients defined")

1301

599

600

debug = options.debug

601

602

clients = Set()

603

def remove_from_clients(client):

604

clients.remove(client)

605

if not clients:

606

if debug:

607

sys.stderr.write(u"No clients left, exiting\n")

608

main_loop.quit()

609

610

clients.update(Set(Client(name=section, options=options,

611

stop_hook = remove_from_clients,

612

**(dict(client_config\

613

.items(section))))

614

for section in client_config.sections()))

615

for client in clients:

616

client.start()

617

618

tcp_server = IPv6_TCPServer((None, options.port),

619

tcp_handler,

620

options=options,

621

clients=clients)

622

# Find out what random port we got

623

servicePort = tcp_server.socket.getsockname()[1]

1302

624

if debug:

1303

# Redirect stdin so all checkers get /dev/null

1304

null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)

1305

os.dup2(null, sys.stdin.fileno())

1306

if null > 2:

1307

os.close(null)

1308

else:

1309

# No console logging

1310

logger.removeHandler(console)

1311

# Close all input and output, do double fork, etc.

1312

daemon()

1313

1314

try:

1315

with closing(pidfile):

1316

pid = os.getpid()

1317

pidfile.write(str(pid) + "\n")

1318

del pidfile

1319

except IOError:

1320

logger.error(u"Could not write to file %r with PID %d",

1321

pidfilename, pid)

1322

except NameError:

1323

# "pidfile" was never created

1324

pass

1325

del pidfilename

1326

1327

def cleanup():

1328

"Cleanup function; run on exit"

1329

global group

1330

# From the Avahi example code

1331

if not group is None:

1332

group.Free()

1333

group = None

1334

# End of Avahi example code

1335

1336

while clients:

1337

client = clients.pop()

1338

client.disable_hook = None

1339

client.disable()

1340

1341

atexit.register(cleanup)

1342

1343

if not debug:

1344

signal.signal(signal.SIGINT, signal.SIG_IGN)

1345

signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())

1346

signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())

1347

1348

if use_dbus:

1349

class MandosDBusService(dbus.service.Object):

1350

"""A D-Bus proxy object"""

1351

def __init__(self):

1352

dbus.service.Object.__init__(self, bus, "/")

1353

_interface = u"se.bsnet.fukt.Mandos"

1354

1355

@dbus.service.signal(_interface, signature="oa{sv}")

1356

def ClientAdded(self, objpath, properties):

1357

"D-Bus signal"

1358

pass

1359

1360

@dbus.service.signal(_interface, signature="s")

1361

def ClientNotFound(self, fingerprint):

1362

"D-Bus signal"

1363

pass

1364

1365

@dbus.service.signal(_interface, signature="os")

1366

def ClientRemoved(self, objpath, name):

1367

"D-Bus signal"

1368

pass

1369

1370

@dbus.service.method(_interface, out_signature="ao")

1371

def GetAllClients(self):

1372

"D-Bus method"

1373

return dbus.Array(c.dbus_object_path for c in clients)

1374

1375

@dbus.service.method(_interface, out_signature="a{oa{sv}}")

1376

def GetAllClientsWithProperties(self):

1377

"D-Bus method"

1378

return dbus.Dictionary(

1379

((c.dbus_object_path, c.GetAllProperties())

1380

for c in clients),

1381

signature="oa{sv}")

1382

1383

@dbus.service.method(_interface, in_signature="o")

1384

def RemoveClient(self, object_path):

1385

"D-Bus method"

1386

for c in clients:

1387

if c.dbus_object_path == object_path:

1388

clients.remove(c)

1389

c.remove_from_connection()

1390

# Don't signal anything except ClientRemoved

1391

c.disable(signal=False)

1392

# Emit D-Bus signal

1393

self.ClientRemoved(object_path, c.name)

1394

return

1395

raise KeyError

1396

1397

del _interface

1398

1399

mandos_dbus_service = MandosDBusService()

1400

1401

for client in clients:

1402

if use_dbus:

1403

# Emit D-Bus signal

1404

mandos_dbus_service.ClientAdded(client.dbus_object_path,

1405

client.GetAllProperties())

1406

client.enable()

1407

1408

tcp_server.enable()

1409

tcp_server.server_activate()

1410

1411

# Find out what port we got

1412

service.port = tcp_server.socket.getsockname()[1]

1413

if use_ipv6:

1414

logger.info(u"Now listening on address %r, port %d,"

1415

" flowinfo %d, scope_id %d"

1416

% tcp_server.socket.getsockname())

1417

else: # IPv4

1418

logger.info(u"Now listening on address %r, port %d"

1419

% tcp_server.socket.getsockname())

1420

1421

#service.interface = tcp_server.socket.getsockname()[3]

1422

1423

try:

1424

# From the Avahi example code

1425

server.connect_to_signal("StateChanged", server_state_changed)

1426

try:

1427

server_state_changed(server.GetState())

1428

except dbus.exceptions.DBusException, error:

1429

logger.critical(u"DBusException: %s", error)

1430

sys.exit(1)

1431

# End of Avahi example code

1432

1433

gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,

1434

lambda *args, **kwargs:

1435

(tcp_server.handle_request

1436

(*args[2:], **kwargs) or True))

1437

1438

logger.debug(u"Starting main loop")

625

sys.stderr.write(u"Now listening on port %d\n" % servicePort)

626

627

if options.interface is not None:

628

serviceInterface = if_nametoindex(options.interface)

629

630

# From the Avahi server example code

631

server.connect_to_signal("StateChanged", server_state_changed)

632

server_state_changed(server.GetState())

633

# End of Avahi example code

634

635

gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,

636

lambda *args, **kwargs:

637

tcp_server.handle_request(*args[2:],

638

**kwargs) or True)

639

try:

1439

640

main_loop.run()

1440

except AvahiError, error:

1441

logger.critical(u"AvahiError: %s", error)

1442

sys.exit(1)

1443

641

except KeyboardInterrupt:

1444

if debug:

1445

print >> sys.stderr

1446

logger.debug("Server received KeyboardInterrupt")

1447

logger.debug("Server exiting")

642

643

644

# Cleanup here

1448

645

1449

if __name__ == '__main__':

1450

main()

646

# From the Avahi server example code

647

if not group is None:

648

group.Free()

649

# End of Avahi example code

650

651

for client in clients:

652

client.stop_hook = None

653

client.stop()

Older »