/mandos/trunk : revision 1201

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

Committer: teddy at recompile
Date: 2020-02-05 21:39:28 UTC
Revision ID: teddy@recompile.se-20200205213928-vpvt0fwfg47ikv6f

Allow users to alter ask-password-mandos.service

If a user uses dracut with systemd and wishes to modify the options
passed to password-agent(8mandos) or mandos-client(8mandos), they
should be able to do so by simply creating a file
/etc/systemd/system/ask-password-mandos.service.d/override.conf,
containing, for instance:

[Service]
Environment=MANDOS_CLIENT_OPTIONS=--debug

Adding PASSWORD_AGENT_OPTIONS should also be possible (but should not
normally be needed).

* dracut-module/ask-password-mandos.service ([Service]/ExecStart): Add
  $PASSWORD_AGENT_OPTIONS before "--" and "$MANDOS_CLIENT_OPTIONS" to
  end of line.
* dracut-module/module-setup.sh (install): Install all files named
  /etc/systemd/system/ask-password-mandos.service.d/*.conf if any
  exists.  Also add --dh-params before $MANDOS_CLIENT_OPTIONS instead
  of at end of line.

Show diffs side-by-side

added added

removed removed

mandos

#!/usr/bin/python

#!/usr/bin/python3 -bI

# -*- mode: python; after-save-hook: (lambda () (let ((command (if (fboundp 'file-local-name) (file-local-name (buffer-file-name)) (or (file-remote-p (buffer-file-name) 'localname) (buffer-file-name))))) (if (= (progn (if (get-buffer "*Test*") (kill-buffer "*Test*")) (process-file-shell-command (format "%s --check" (shell-quote-argument command)) nil "*Test*")) 0) (let ((w (get-buffer-window "*Test*"))) (if w (delete-window w))) (progn (with-current-buffer "*Test*" (compilation-mode)) (display-buffer "*Test*" '(display-buffer-in-side-window)))))); coding: utf-8 -*-

# Mandos server - give out binary blobs to connecting clients.

import collections

import codecs

import unittest

import random

import dbus

import dbus.service

if sys.version_info.major == 2:

__metaclass__ = type

str = unicode

# Show warnings by default

if not sys.warnoptions:

122

124

# No value found

123

125

SO_BINDTODEVICE = None

124

126

125

if sys.version_info.major == 2:

126

str = unicode

127

128

127

if sys.version_info < (3, 2):

129

128

configparser.Configparser = configparser.SafeConfigParser

130

129

131

version = "1.8.8"

130

version = "1.8.9"

132

131

stored_state_file = "clients.pickle"

133

132

134

133

logger = logging.getLogger()

203

202

output = subprocess.check_output(["gpgconf"])

204

203

for line in output.splitlines():

205

204

name, text, path = line.split(b":")

206

if name == "gpg":

205

if name == b"gpg":

207

206

self.gpg = path

208

207

break

209

208

except OSError as e:

214

213

'--force-mdc',

215

214

'--quiet']

216

215

# Only GPG version 1 has the --no-use-agent option.

217

if self.gpg == "gpg" or self.gpg.endswith("/gpg"):

216

if self.gpg == b"gpg" or self.gpg.endswith(b"/gpg"):

218

217

self.gnupgargs.append("--no-use-agent")

219

218

220

219

def __enter__(self):

1037

1036

if self.checker_initiator_tag is not None:

1038

1037

GLib.source_remove(self.checker_initiator_tag)

1039

1038

self.checker_initiator_tag = GLib.timeout_add(

1040

int(self.interval.total_seconds() * 1000),

1039

random.randrange(int(self.interval.total_seconds() * 1000

1040

+ 1)),

1041

self.start_checker)

1042

# Schedule a disable() when 'timeout' has passed

1043

if self.disable_initiator_tag is not None:

1053

# Read return code from connection (see call_pipe)

1054

returncode = connection.recv()

1055

connection.close()

1056

self.checker.join()

1056

if self.checker is not None:

1057

self.checker.join()

1057

1058

self.checker_callback_tag = None

1058

1059

self.checker = None

1059

1060

1412

1413

raise ValueError("Byte arrays not supported for non-"

1413

1414

"'ay' signature {!r}"

1414

1415

.format(prop._dbus_signature))

1415

value = dbus.ByteArray(b''.join(chr(byte)

1416

for byte in value))

1416

value = dbus.ByteArray(bytes(value))

1417

prop(value)

1418

1419

@dbus.service.method(dbus.PROPERTIES_IFACE,

2765

def rfc3339_duration_to_delta(duration):

2766

"""Parse an RFC 3339 "duration" and return a datetime.timedelta

2767

2768

>>> rfc3339_duration_to_delta("P7D")

2769

datetime.timedelta(7)

2770

>>> rfc3339_duration_to_delta("PT60S")

2771

datetime.timedelta(0, 60)

2772

>>> rfc3339_duration_to_delta("PT60M")

2773

datetime.timedelta(0, 3600)

2774

>>> rfc3339_duration_to_delta("PT24H")

2775

datetime.timedelta(1)

2776

>>> rfc3339_duration_to_delta("P1W")

2777

datetime.timedelta(7)

2778

>>> rfc3339_duration_to_delta("PT5M30S")

2779

datetime.timedelta(0, 330)

2780

>>> rfc3339_duration_to_delta("P1DT3M20S")

2781

datetime.timedelta(1, 200)

2768

>>> rfc3339_duration_to_delta("P7D") == datetime.timedelta(7)

2769

True

2770

>>> rfc3339_duration_to_delta("PT60S") == datetime.timedelta(0, 60)

2771

True

2772

>>> rfc3339_duration_to_delta("PT60M") == datetime.timedelta(0, 3600)

2773

True

2774

>>> rfc3339_duration_to_delta("PT24H") == datetime.timedelta(1)

2775

True

2776

>>> rfc3339_duration_to_delta("P1W") == datetime.timedelta(7)

2777

True

2778

>>> rfc3339_duration_to_delta("PT5M30S") == datetime.timedelta(0, 330)

2779

True

2780

>>> rfc3339_duration_to_delta("P1DT3M20S") == datetime.timedelta(1, 200)

2781

True

2782

"""

2783

2784

# Parsing an RFC 3339 duration with regular expressions is not

2864

def string_to_delta(interval):

2865

"""Parse a string and return a datetime.timedelta

2866

2867

>>> string_to_delta('7d')

2868

datetime.timedelta(7)

2869

>>> string_to_delta('60s')

2870

datetime.timedelta(0, 60)

2871

>>> string_to_delta('60m')

2872

datetime.timedelta(0, 3600)

2873

>>> string_to_delta('24h')

2874

datetime.timedelta(1)

2875

>>> string_to_delta('1w')

2876

datetime.timedelta(7)

2877

>>> string_to_delta('5m 30s')

2878

datetime.timedelta(0, 330)

2867

>>> string_to_delta('7d') == datetime.timedelta(7)

2868

True

2869

>>> string_to_delta('60s') == datetime.timedelta(0, 60)

2870

True

2871

>>> string_to_delta('60m') == datetime.timedelta(0, 3600)

2872

True

2873

>>> string_to_delta('24h') == datetime.timedelta(1)

2874

True

2875

>>> string_to_delta('1w') == datetime.timedelta(7)

2876

True

2877

>>> string_to_delta('5m 30s') == datetime.timedelta(0, 330)

2878

True

2879

"""

2880

2881

try:

3251

if isinstance(s, bytes)

3252

else s) for s in

3253

value["client_structure"]]

3254

# .name & .host

3255

for k in ("name", "host"):

3254

# .name, .host, and .checker_command

3255

for k in ("name", "host", "checker_command"):

3256

if isinstance(value[k], bytes):

3257

value[k] = value[k].decode("utf-8")

3258

if "key_id" not in value:

3268

for key, value in

3269

bytes_old_client_settings.items()}

3270

del bytes_old_client_settings

3271

# .host

3271

# .host and .checker_command

3272

for value in old_client_settings.values():

3273

if isinstance(value["host"], bytes):

3274

value["host"] = (value["host"]

3275

.decode("utf-8"))

3273

for attribute in ("host", "checker_command"):

3274

if isinstance(value[attribute], bytes):

3275

value[attribute] = (value[attribute]

3276

.decode("utf-8"))

3276

3277

os.remove(stored_state_path)

3277

3278

except IOError as e:

3278

3279

if e.errno == errno.ENOENT:

Older »