To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 1242
- compare with another revision
- download diff
- download tarball
- view history from revision 1242
- Committer: Teddy Hogeborn
- Date: 2021-03-21 19:51:15 UTC
- Revision ID: teddy@recompile.se-20210321195115-qe6g0fyj1kabwlav
Fix theoretical GnuTLS bug
Fix "NameError: global name '_error_code' is not defined" error if
GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN was ever returned from
gnutls_record_send().
* mandos (gnutls._retry_on_error): Import "_error_code" from outer
class scope to local function scope via a keyword argument.
Fix "NameError: global name '_error_code' is not defined" error if
GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN was ever returned from
gnutls_record_send().
* mandos (gnutls._retry_on_error): Import "_error_code" from outer
class scope to local function scope via a keyword argument.
- files added:
- debian/po/POTFILES.in
- debian/tests
- dracut-module
- files modified:
- .bzrignore
added
removed
mandos
1
#!/usr/bin/python
2
# -*- mode: python; coding: utf-8 -*-
1
#!/usr/bin/python3 -bI
2
# -*- mode: python; after-save-hook: (lambda () (let ((command (if (fboundp 'file-local-name) (file-local-name (buffer-file-name)) (or (file-remote-p (buffer-file-name) 'localname) (buffer-file-name))))) (if (= (progn (if (get-buffer "*Test*") (kill-buffer "*Test*")) (process-file-shell-command (format "%s --check" (shell-quote-argument command)) nil "*Test*")) 0) (let ((w (get-buffer-window "*Test*"))) (if w (delete-window w))) (progn (with-current-buffer "*Test*" (compilation-mode)) (display-buffer "*Test*" '(display-buffer-in-side-window)))))); coding: utf-8 -*-
3
3
#
4
4
# Mandos server - give out binary blobs to connecting clients.
5
5
#
11
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008-2019 Teddy Hogeborn
15
# Copyright © 2008-2019 Björn Påhlsson
14
# Copyright © 2008-2020 Teddy Hogeborn
15
# Copyright © 2008-2020 Björn Påhlsson
16
16
#
17
17
# This file is part of Mandos.
18
18
#
77
77
import itertools
78
78
import collections
79
79
import codecs
80
import unittest
81
import random
82
import shlex
80
83
81
84
import dbus
82
85
import dbus.service
86
import gi
83
87
from gi.repository import GLib
84
88
from dbus.mainloop.glib import DBusGMainLoop
85
89
import ctypes
87
91
import xml.dom.minidom
88
92
import inspect
89
93
94
if sys.version_info.major == 2:
95
__metaclass__ = type
96
str = unicode
97
98
# Add collections.abc.Callable if it does not exist
99
try:
100
collections.abc.Callable
101
except AttributeError:
102
class abc:
103
Callable = collections.Callable
104
collections.abc = abc
105
del abc
106
107
# Add shlex.quote if it does not exist
108
try:
109
shlex.quote
110
except AttributeError:
111
shlex.quote = re.escape
112
113
# Show warnings by default
114
if not sys.warnoptions:
115
import warnings
116
warnings.simplefilter("default")
117
90
118
# Try to find the value of SO_BINDTODEVICE:
91
119
try:
92
120
# This is where SO_BINDTODEVICE is in Python 3.3 (or 3.4?) and
112
140
# No value found
113
141
SO_BINDTODEVICE = None
114
142
115
if sys.version_info.major == 2:
116
str = unicode
143
if sys.version_info < (3, 2):
144
configparser.Configparser = configparser.SafeConfigParser
117
145
118
version = "1.8.3"
146
version = "1.8.14"
119
147
stored_state_file = "clients.pickle"
120
148
121
149
logger = logging.getLogger()
150
logging.captureWarnings(True) # Show warnings via the logging system
122
151
syslogger = None
123
152
124
153
try:
179
208
pass
180
209
181
210
182
class PGPEngine(object):
211
class PGPEngine:
183
212
"""A simple class for OpenPGP symmetric encryption & decryption"""
184
213
185
214
def __init__(self):
189
218
output = subprocess.check_output(["gpgconf"])
190
219
for line in output.splitlines():
191
220
name, text, path = line.split(b":")
192
if name == "gpg":
221
if name == b"gpg":
193
222
self.gpg = path
194
223
break
195
224
except OSError as e:
200
229
'--force-mdc',
201
230
'--quiet']
202
231
# Only GPG version 1 has the --no-use-agent option.
203
if self.gpg == "gpg" or self.gpg.endswith("/gpg"):
232
if self.gpg == b"gpg" or self.gpg.endswith(b"/gpg"):
204
233
self.gnupgargs.append("--no-use-agent")
205
234
206
235
def __enter__(self):
275
304
276
305
277
306
# Pretend that we have an Avahi module
278
class Avahi(object):
279
"""This isn't so much a class as it is a module-like namespace.
280
It is instantiated once, and simulates having an Avahi module."""
307
class avahi:
308
"""This isn't so much a class as it is a module-like namespace."""
281
309
IF_UNSPEC = -1 # avahi-common/address.h
282
310
PROTO_UNSPEC = -1 # avahi-common/address.h
283
311
PROTO_INET = 0 # avahi-common/address.h
287
315
DBUS_INTERFACE_SERVER = DBUS_NAME + ".Server"
288
316
DBUS_PATH_SERVER = "/"
289
317
290
def string_array_to_txt_array(self, t):
318
@staticmethod
319
def string_array_to_txt_array(t):
291
320
return dbus.Array((dbus.ByteArray(s.encode("utf-8"))
292
321
for s in t), signature="ay")
293
322
ENTRY_GROUP_ESTABLISHED = 2 # avahi-common/defs.h
298
327
SERVER_RUNNING = 2 # avahi-common/defs.h
299
328
SERVER_COLLISION = 3 # avahi-common/defs.h
300
329
SERVER_FAILURE = 4 # avahi-common/defs.h
301
avahi = Avahi()
302
330
303
331
304
332
class AvahiError(Exception):
316
344
pass
317
345
318
346
319
class AvahiService(object):
347
class AvahiService:
320
348
"""An Avahi (Zeroconf) service.
321
349
322
350
Attributes:
496
524
class AvahiServiceToSyslog(AvahiService):
497
525
def rename(self, *args, **kwargs):
498
526
"""Add the new name to the syslog messages"""
499
ret = super(AvahiServiceToSyslog, self).rename(*args, **kwargs)
527
ret = super(AvahiServiceToSyslog, self).rename(*args,
528
**kwargs)
500
529
syslogger.setFormatter(logging.Formatter(
501
530
'Mandos ({}) [%(process)d]: %(levelname)s: %(message)s'
502
531
.format(self.name)))
504
533
505
534
506
535
# Pretend that we have a GnuTLS module
507
class GnuTLS(object):
508
"""This isn't so much a class as it is a module-like namespace.
509
It is instantiated once, and simulates having a GnuTLS module."""
536
class gnutls:
537
"""This isn't so much a class as it is a module-like namespace."""
510
538
511
539
library = ctypes.util.find_library("gnutls")
512
540
if library is None:
513
541
library = ctypes.util.find_library("gnutls-deb0")
514
542
_library = ctypes.cdll.LoadLibrary(library)
515
543
del library
516
_need_version = b"3.3.0"
517
_tls_rawpk_version = b"3.6.6"
518
519
def __init__(self):
520
# Need to use "self" here, since this method is called before
521
# the assignment to the "gnutls" global variable happens.
522
if self.check_version(self._need_version) is None:
523
raise self.Error("Needs GnuTLS {} or later"
524
.format(self._need_version))
525
544
526
545
# Unless otherwise indicated, the constants and types below are
527
546
# all from the gnutls/gnutls.h C header file.
569
588
570
589
# Exceptions
571
590
class Error(Exception):
572
# We need to use the class name "GnuTLS" here, since this
573
# exception might be raised from within GnuTLS.__init__,
574
# which is called before the assignment to the "gnutls"
575
# global variable has happened.
576
591
def __init__(self, message=None, code=None, args=()):
577
592
# Default usage is by a message string, but if a return
578
593
# code is passed, convert it to a string with
579
594
# gnutls.strerror()
580
595
self.code = code
581
596
if message is None and code is not None:
582
message = GnuTLS.strerror(code)
583
return super(GnuTLS.Error, self).__init__(
597
message = gnutls.strerror(code)
598
return super(gnutls.Error, self).__init__(
584
599
message, *args)
585
600
586
601
class CertificateSecurityError(Error):
587
602
pass
588
603
589
604
# Classes
590
class Credentials(object):
605
class Credentials:
591
606
def __init__(self):
592
607
self._c_object = gnutls.certificate_credentials_t()
593
608
gnutls.certificate_allocate_credentials(
597
612
def __del__(self):
598
613
gnutls.certificate_free_credentials(self._c_object)
599
614
600
class ClientSession(object):
615
class ClientSession:
601
616
def __init__(self, socket, credentials=None):
602
617
self._c_object = gnutls.session_t()
603
618
gnutls_flags = gnutls.CLIENT
604
if gnutls.check_version("3.5.6"):
619
if gnutls.check_version(b"3.5.6"):
605
620
gnutls_flags |= gnutls.NO_TICKETS
606
621
if gnutls.has_rawpk:
607
622
gnutls_flags |= gnutls.ENABLE_RAWPK
646
661
raise gnutls.CertificateSecurityError(code=result)
647
662
raise gnutls.Error(code=result)
648
663
649
def _retry_on_error(result, func, arguments):
664
def _retry_on_error(result, func, arguments,
665
_error_code=_error_code):
650
666
"""A function to retry on some errors, suitable
651
667
for the 'errcheck' attribute on ctypes functions"""
652
668
while result < 0:
744
760
check_version.argtypes = [ctypes.c_char_p]
745
761
check_version.restype = ctypes.c_char_p
746
762
763
_need_version = b"3.3.0"
764
if check_version(_need_version) is None:
765
raise self.Error("Needs GnuTLS {} or later"
766
.format(_need_version))
767
768
_tls_rawpk_version = b"3.6.6"
747
769
has_rawpk = bool(check_version(_tls_rawpk_version))
748
770
749
771
if has_rawpk:
754
776
755
777
x509_crt_fmt_t = ctypes.c_int
756
778
757
# All the function declarations below are from gnutls/abstract.h
779
# All the function declarations below are from
780
# gnutls/abstract.h
758
781
pubkey_init = _library.gnutls_pubkey_init
759
782
pubkey_init.argtypes = [ctypes.POINTER(pubkey_t)]
760
783
pubkey_init.restype = _error_code
774
797
pubkey_deinit.argtypes = [pubkey_t]
775
798
pubkey_deinit.restype = None
776
799
else:
777
# All the function declarations below are from gnutls/openpgp.h
800
# All the function declarations below are from
801
# gnutls/openpgp.h
778
802
779
803
openpgp_crt_init = _library.gnutls_openpgp_crt_init
780
804
openpgp_crt_init.argtypes = [ctypes.POINTER(openpgp_crt_t)]
786
810
openpgp_crt_fmt_t]
787
811
openpgp_crt_import.restype = _error_code
788
812
789
openpgp_crt_verify_self = _library.gnutls_openpgp_crt_verify_self
790
openpgp_crt_verify_self.argtypes = [openpgp_crt_t, ctypes.c_uint,
791
ctypes.POINTER(ctypes.c_uint)]
813
openpgp_crt_verify_self = \
814
_library.gnutls_openpgp_crt_verify_self
815
openpgp_crt_verify_self.argtypes = [
816
openpgp_crt_t,
817
ctypes.c_uint,
818
ctypes.POINTER(ctypes.c_uint),
819
]
792
820
openpgp_crt_verify_self.restype = _error_code
793
821
794
822
openpgp_crt_deinit = _library.gnutls_openpgp_crt_deinit
803
831
ctypes.c_size_t)]
804
832
openpgp_crt_get_fingerprint.restype = _error_code
805
833
806
if check_version("3.6.4"):
834
if check_version(b"3.6.4"):
807
835
certificate_type_get2 = _library.gnutls_certificate_type_get2
808
836
certificate_type_get2.argtypes = [session_t, ctypes.c_int]
809
837
certificate_type_get2.restype = _error_code
810
838
811
839
# Remove non-public functions
812
840
del _error_code, _retry_on_error
813
# Create the global "gnutls" object, simulating a module
814
gnutls = GnuTLS()
815
841
816
842
817
843
def call_pipe(connection, # : multiprocessing.Connection
825
851
connection.close()
826
852
827
853
828
class Client(object):
854
class Client:
829
855
"""A representation of a client host served by this server.
830
856
831
857
Attributes:
832
858
approved: bool(); 'None' if not yet approved/disapproved
833
859
approval_delay: datetime.timedelta(); Time to wait for approval
834
860
approval_duration: datetime.timedelta(); Duration of one approval
835
checker: subprocess.Popen(); a running checker process used
836
to see if the client lives.
837
'None' if no process is running.
861
checker: multiprocessing.Process(); a running checker process used
862
to see if the client lives. 'None' if no process is
863
running.
838
864
checker_callback_tag: a GLib event source tag, or None
839
865
checker_command: string; External command which is run to check
840
866
if client lives. %() expansions are done at
1034
1060
if self.checker_initiator_tag is not None:
1035
1061
GLib.source_remove(self.checker_initiator_tag)
1036
1062
self.checker_initiator_tag = GLib.timeout_add(
1037
int(self.interval.total_seconds() * 1000),
1063
random.randrange(int(self.interval.total_seconds() * 1000
1064
+ 1)),
1038
1065
self.start_checker)
1039
1066
# Schedule a disable() when 'timeout' has passed
1040
1067
if self.disable_initiator_tag is not None:
1047
1074
def checker_callback(self, source, condition, connection,
1048
1075
command):
1049
1076
"""The checker has completed, so take appropriate actions."""
1050
self.checker_callback_tag = None
1051
self.checker = None
1052
1077
# Read return code from connection (see call_pipe)
1053
1078
returncode = connection.recv()
1054
1079
connection.close()
1080
if self.checker is not None:
1081
self.checker.join()
1082
self.checker_callback_tag = None
1083
self.checker = None
1055
1084
1056
1085
if returncode >= 0:
1057
1086
self.last_checker_status = returncode
1113
1142
if self.checker is None:
1114
1143
# Escape attributes for the shell
1115
1144
escaped_attrs = {
1116
attr: re.escape(str(getattr(self, attr)))
1145
attr: shlex.quote(str(getattr(self, attr)))
1117
1146
for attr in self.runtime_expansions}
1118
1147
try:
1119
1148
command = self.checker_command % escaped_attrs
1146
1175
kwargs=popen_args)
1147
1176
self.checker.start()
1148
1177
self.checker_callback_tag = GLib.io_add_watch(
1149
pipe[0].fileno(), GLib.IO_IN,
1178
GLib.IOChannel.unix_new(pipe[0].fileno()),
1179
GLib.PRIORITY_DEFAULT, GLib.IO_IN,
1150
1180
self.checker_callback, pipe[0], command)
1151
1181
# Re-run this periodically if run by GLib.timeout_add
1152
1182
return True
1407
1437
raise ValueError("Byte arrays not supported for non-"
1408
1438
"'ay' signature {!r}"
1409
1439
.format(prop._dbus_signature))
1410
value = dbus.ByteArray(b''.join(chr(byte)
1411
for byte in value))
1440
value = dbus.ByteArray(bytes(value))
1412
1441
prop(value)
1413
1442
1414
1443
@dbus.service.method(dbus.PROPERTIES_IFACE,
2219
2248
del _interface
2220
2249
2221
2250
2222
class ProxyClient(object):
2251
class ProxyClient:
2223
2252
def __init__(self, child_pipe, key_id, fpr, address):
2224
2253
self._pipe = child_pipe
2225
2254
self._pipe.send(('init', key_id, fpr, address))
2298
2327
approval_required = False
2299
2328
try:
2300
2329
if gnutls.has_rawpk:
2301
fpr = ""
2330
fpr = b""
2302
2331
try:
2303
2332
key_id = self.key_id(
2304
2333
self.peer_certificate(session))
2308
2337
logger.debug("Key ID: %s", key_id)
2309
2338
2310
2339
else:
2311
key_id = ""
2340
key_id = b""
2312
2341
try:
2313
2342
fpr = self.fingerprint(
2314
2343
self.peer_certificate(session))
2447
2476
buf = ctypes.create_string_buffer(32)
2448
2477
buf_len = ctypes.c_size_t(len(buf))
2449
2478
# Get the key ID from the raw public key into the buffer
2450
gnutls.pubkey_get_key_id(pubkey,
2451
gnutls.KEYID_USE_SHA256,
2452
ctypes.cast(ctypes.byref(buf),
2453
ctypes.POINTER(ctypes.c_ubyte)),
2454
ctypes.byref(buf_len))
2479
gnutls.pubkey_get_key_id(
2480
pubkey,
2481
gnutls.KEYID_USE_SHA256,
2482
ctypes.cast(ctypes.byref(buf),
2483
ctypes.POINTER(ctypes.c_ubyte)),
2484
ctypes.byref(buf_len))
2455
2485
# Deinit the certificate
2456
2486
gnutls.pubkey_deinit(pubkey)
2457
2487
2498
2528
return hex_fpr
2499
2529
2500
2530
2501
class MultiprocessingMixIn(object):
2531
class MultiprocessingMixIn:
2502
2532
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
2503
2533
2504
2534
def sub_process_main(self, request, address):
2516
2546
return proc
2517
2547
2518
2548
2519
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
2549
class MultiprocessingMixInWithPipe(MultiprocessingMixIn):
2520
2550
""" adds a pipe to the MixIn """
2521
2551
2522
2552
def process_request(self, request, client_address):
2537
2567
2538
2568
2539
2569
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
2540
socketserver.TCPServer, object):
2570
socketserver.TCPServer):
2541
2571
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
2542
2572
2543
2573
Attributes:
2616
2646
raise
2617
2647
# Only bind(2) the socket if we really need to.
2618
2648
if self.server_address[0] or self.server_address[1]:
2649
if self.server_address[1]:
2650
self.allow_reuse_address = True
2619
2651
if not self.server_address[0]:
2620
2652
if self.address_family == socket.AF_INET6:
2621
2653
any_address = "::" # in6addr_any
2674
2706
def add_pipe(self, parent_pipe, proc):
2675
2707
# Call "handle_ipc" for both data and EOF events
2676
2708
GLib.io_add_watch(
2677
parent_pipe.fileno(),
2678
GLib.IO_IN | GLib.IO_HUP,
2709
GLib.IOChannel.unix_new(parent_pipe.fileno()),
2710
GLib.PRIORITY_DEFAULT, GLib.IO_IN | GLib.IO_HUP,
2679
2711
functools.partial(self.handle_ipc,
2680
2712
parent_pipe=parent_pipe,
2681
2713
proc=proc))
2700
2732
address = request[3]
2701
2733
2702
2734
for c in self.clients.values():
2703
if key_id == "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855":
2735
if key_id == ("E3B0C44298FC1C149AFBF4C8996FB924"
2736
"27AE41E4649B934CA495991B7852B855"):
2704
2737
continue
2705
2738
if key_id and c.key_id == key_id:
2706
2739
client = c
2719
2752
return False
2720
2753
2721
2754
GLib.io_add_watch(
2722
parent_pipe.fileno(),
2723
GLib.IO_IN | GLib.IO_HUP,
2755
GLib.IOChannel.unix_new(parent_pipe.fileno()),
2756
GLib.PRIORITY_DEFAULT, GLib.IO_IN | GLib.IO_HUP,
2724
2757
functools.partial(self.handle_ipc,
2725
2758
parent_pipe=parent_pipe,
2726
2759
proc=proc,
2741
2774
if command == 'getattr':
2742
2775
attrname = request[1]
2743
2776
if isinstance(client_object.__getattribute__(attrname),
2744
collections.Callable):
2777
collections.abc.Callable):
2745
2778
parent_pipe.send(('function', ))
2746
2779
else:
2747
2780
parent_pipe.send((
2758
2791
def rfc3339_duration_to_delta(duration):
2759
2792
"""Parse an RFC 3339 "duration" and return a datetime.timedelta
2760
2793
2761
>>> rfc3339_duration_to_delta("P7D")
2762
datetime.timedelta(7)
2763
>>> rfc3339_duration_to_delta("PT60S")
2764
datetime.timedelta(0, 60)
2765
>>> rfc3339_duration_to_delta("PT60M")
2766
datetime.timedelta(0, 3600)
2767
>>> rfc3339_duration_to_delta("PT24H")
2768
datetime.timedelta(1)
2769
>>> rfc3339_duration_to_delta("P1W")
2770
datetime.timedelta(7)
2771
>>> rfc3339_duration_to_delta("PT5M30S")
2772
datetime.timedelta(0, 330)
2773
>>> rfc3339_duration_to_delta("P1DT3M20S")
2774
datetime.timedelta(1, 200)
2794
>>> timedelta = datetime.timedelta
2795
>>> rfc3339_duration_to_delta("P7D") == timedelta(7)
2796
True
2797
>>> rfc3339_duration_to_delta("PT60S") == timedelta(0, 60)
2798
True
2799
>>> rfc3339_duration_to_delta("PT60M") == timedelta(0, 3600)
2800
True
2801
>>> rfc3339_duration_to_delta("PT24H") == timedelta(1)
2802
True
2803
>>> rfc3339_duration_to_delta("P1W") == timedelta(7)
2804
True
2805
>>> rfc3339_duration_to_delta("PT5M30S") == timedelta(0, 330)
2806
True
2807
>>> rfc3339_duration_to_delta("P1DT3M20S") == timedelta(1, 200)
2808
True
2809
>>> del timedelta
2775
2810
"""
2776
2811
2777
2812
# Parsing an RFC 3339 duration with regular expressions is not
2857
2892
def string_to_delta(interval):
2858
2893
"""Parse a string and return a datetime.timedelta
2859
2894
2860
>>> string_to_delta('7d')
2861
datetime.timedelta(7)
2862
>>> string_to_delta('60s')
2863
datetime.timedelta(0, 60)
2864
>>> string_to_delta('60m')
2865
datetime.timedelta(0, 3600)
2866
>>> string_to_delta('24h')
2867
datetime.timedelta(1)
2868
>>> string_to_delta('1w')
2869
datetime.timedelta(7)
2870
>>> string_to_delta('5m 30s')
2871
datetime.timedelta(0, 330)
2895
>>> string_to_delta('7d') == datetime.timedelta(7)
2896
True
2897
>>> string_to_delta('60s') == datetime.timedelta(0, 60)
2898
True
2899
>>> string_to_delta('60m') == datetime.timedelta(0, 3600)
2900
True
2901
>>> string_to_delta('24h') == datetime.timedelta(1)
2902
True
2903
>>> string_to_delta('1w') == datetime.timedelta(7)
2904
True
2905
>>> string_to_delta('5m 30s') == datetime.timedelta(0, 330)
2906
True
2872
2907
"""
2873
2908
2874
2909
try:
2976
3011
2977
3012
options = parser.parse_args()
2978
3013
2979
if options.check:
2980
import doctest
2981
fail_count, test_count = doctest.testmod()
2982
sys.exit(os.EX_OK if fail_count == 0 else 1)
2983
2984
3014
# Default values for config file for server-global settings
2985
3015
if gnutls.has_rawpk:
2986
3016
priority = ("SECURE128:!CTYPE-X.509:+CTYPE-RAWPK:!RSA"
3006
3036
del priority
3007
3037
3008
3038
# Parse config file for server-global settings
3009
server_config = configparser.SafeConfigParser(server_defaults)
3039
server_config = configparser.ConfigParser(server_defaults)
3010
3040
del server_defaults
3011
3041
server_config.read(os.path.join(options.configdir, "mandos.conf"))
3012
# Convert the SafeConfigParser object to a dict
3042
# Convert the ConfigParser object to a dict
3013
3043
server_settings = server_config.defaults()
3014
3044
# Use the appropriate methods on the non-string config options
3015
3045
for option in ("debug", "use_dbus", "use_ipv6", "restore",
3087
3117
server_settings["servicename"])))
3088
3118
3089
3119
# Parse config file with clients
3090
client_config = configparser.SafeConfigParser(Client
3091
.client_defaults)
3120
client_config = configparser.ConfigParser(Client.client_defaults)
3092
3121
client_config.read(os.path.join(server_settings["configdir"],
3093
3122
"clients.conf"))
3094
3123
3165
3194
# Close all input and output, do double fork, etc.
3166
3195
daemon()
3167
3196
3168
# multiprocessing will use threads, so before we use GLib we need
3169
# to inform GLib that threads will be used.
3170
GLib.threads_init()
3197
if gi.version_info < (3, 10, 2):
3198
# multiprocessing will use threads, so before we use GLib we
3199
# need to inform GLib that threads will be used.
3200
GLib.threads_init()
3171
3201
3172
3202
global main_loop
3173
3203
# From the Avahi example code
3249
3279
if isinstance(s, bytes)
3250
3280
else s) for s in
3251
3281
value["client_structure"]]
3252
# .name & .host
3253
for k in ("name", "host"):
3282
# .name, .host, and .checker_command
3283
for k in ("name", "host", "checker_command"):
3254
3284
if isinstance(value[k], bytes):
3255
3285
value[k] = value[k].decode("utf-8")
3256
if not value.has_key("key_id"):
3286
if "key_id" not in value:
3257
3287
value["key_id"] = ""
3258
elif not value.has_key("fingerprint"):
3288
elif "fingerprint" not in value:
3259
3289
value["fingerprint"] = ""
3260
3290
# old_client_settings
3261
3291
# .keys()
3266
3296
for key, value in
3267
3297
bytes_old_client_settings.items()}
3268
3298
del bytes_old_client_settings
3269
# .host
3299
# .host and .checker_command
3270
3300
for value in old_client_settings.values():
3271
if isinstance(value["host"], bytes):
3272
value["host"] = (value["host"]
3273
.decode("utf-8"))
3301
for attribute in ("host", "checker_command"):
3302
if isinstance(value[attribute], bytes):
3303
value[attribute] = (value[attribute]
3304
.decode("utf-8"))
3274
3305
os.remove(stored_state_path)
3275
3306
except IOError as e:
3276
3307
if e.errno == errno.ENOENT:
3601
3632
sys.exit(1)
3602
3633
# End of Avahi example code
3603
3634
3604
GLib.io_add_watch(tcp_server.fileno(), GLib.IO_IN,
3605
lambda *args, **kwargs:
3606
(tcp_server.handle_request
3607
(*args[2:], **kwargs) or True))
3635
GLib.io_add_watch(
3636
GLib.IOChannel.unix_new(tcp_server.fileno()),
3637
GLib.PRIORITY_DEFAULT, GLib.IO_IN,
3638
lambda *args, **kwargs: (tcp_server.handle_request
3639
(*args[2:], **kwargs) or True))
3608
3640
3609
3641
logger.debug("Starting main loop")
3610
3642
main_loop.run()
3620
3652
# Must run before the D-Bus bus name gets deregistered
3621
3653
cleanup()
3622
3654
3655
3656
def should_only_run_tests():
3657
parser = argparse.ArgumentParser(add_help=False)
3658
parser.add_argument("--check", action='store_true')
3659
args, unknown_args = parser.parse_known_args()
3660
run_tests = args.check
3661
if run_tests:
3662
# Remove --check argument from sys.argv
3663
sys.argv[1:] = unknown_args
3664
return run_tests
3665
3666
# Add all tests from doctest strings
3667
def load_tests(loader, tests, none):
3668
import doctest
3669
tests.addTests(doctest.DocTestSuite())
3670
return tests
3623
3671
3624
3672
if __name__ == '__main__':
3625
main()
3673
try:
3674
if should_only_run_tests():
3675
# Call using ./mandos --check [--verbose]
3676
unittest.main()
3677
else:
3678
main()
3679
finally:
3680
logging.shutdown()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0