/mandos/trunk : revision 176

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

Committer: Teddy Hogeborn
Date: 2008-09-07 01:44:44 UTC
mfrom: (24.1.93 mandos)
Revision ID: teddy@fukt.bsnet.se-20080907014444-cf4ilzndc0tbn8va

Merge & resolve.

files added:
.bzrignore

COPYING

README

default-mandos

etc-plugins.d-README

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/usplash

files removed:
ca.pem

cert.pem

client-cert.pem

client-key.pem

client.cpp

crl.pem

key.pem

files renamed:
mandos-clients.conf => clients.conf

server.py => mandos

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

mandos

#!/usr/bin/python

# -*- mode: python; coding: utf-8 -*-

# Mandos server - give out binary blobs to connecting clients.

# This program is partly derived from an example program for an Avahi

# service publisher, downloaded from

# <http://avahi.org/wiki/PythonPublishExample>. This includes the

# methods "add" and "remove" in the "AvahiService" class, the

# "server_state_changed" and "entry_group_state_changed" functions,

# and some lines in "main".

# Everything else is

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License

# along with this program. If not, see

# <http://www.gnu.org/licenses/>.

# Contact the authors at <mandos@fukt.bsnet.se>.

from __future__ import division

import SocketServer

import socket

import gnutls.crypto

import gnutls.connection

import gnutls.errors

import gnutls.library.functions

import gnutls.library.constants

import gnutls.library.types

import ConfigParser

import sys

import re

import os

import signal

from sets import Set

import subprocess

import atexit

import stat

import logging

import logging.handlers

import pwd

import dbus

import gobject

import avahi

from dbus.mainloop.glib import DBusGMainLoop

import ctypes

version = "1.0"

logger = logging.Logger('mandos')

syslogger = logging.handlers.SysLogHandler\

(facility = logging.handlers.SysLogHandler.LOG_DAEMON,

address = "/dev/log")

syslogger.setFormatter(logging.Formatter\

('Mandos: %(levelname)s: %(message)s'))

logger.addHandler(syslogger)

console = logging.StreamHandler()

console.setFormatter(logging.Formatter('%(name)s: %(levelname)s:'

' %(message)s'))

logger.addHandler(console)

class AvahiError(Exception):

def __init__(self, value):

self.value = value

def __str__(self):

return repr(self.value)

class AvahiServiceError(AvahiError):

pass

class AvahiGroupError(AvahiError):

pass

class AvahiService(object):

"""An Avahi (Zeroconf) service.

Attributes:

interface: integer; avahi.IF_UNSPEC or an interface index.

Used to optionally bind to the specified interface.

name: string; Example: 'Mandos'

100

type: string; Example: '_mandos._tcp'.

101

See <http://www.dns-sd.org/ServiceTypes.html>

102

port: integer; what port to announce

103

TXT: list of strings; TXT record for the service

104

domain: string; Domain to publish on, default to .local if empty.

105

host: string; Host to publish records for, default is localhost

106

max_renames: integer; maximum number of renames

107

rename_count: integer; counter so we only rename after collisions

108

a sensible number of times

109

"""

110

def __init__(self, interface = avahi.IF_UNSPEC, name = None,

111

type = None, port = None, TXT = None, domain = "",

112

host = "", max_renames = 32768):

113

self.interface = interface

114

self.name = name

115

self.type = type

116

self.port = port

117

if TXT is None:

118

self.TXT = []

119

else:

120

self.TXT = TXT

121

self.domain = domain

122

self.host = host

123

self.rename_count = 0

124

self.max_renames = max_renames

125

def rename(self):

126

"""Derived from the Avahi example code"""

127

if self.rename_count >= self.max_renames:

128

logger.critical(u"No suitable Zeroconf service name found"

129

u" after %i retries, exiting.",

130

rename_count)

131

raise AvahiServiceError("Too many renames")

132

self.name = server.GetAlternativeServiceName(self.name)

133

logger.info(u"Changing Zeroconf service name to %r ...",

134

str(self.name))

135

syslogger.setFormatter(logging.Formatter\

136

('Mandos (%s): %%(levelname)s:'

137

' %%(message)s' % self.name))

138

self.remove()

139

self.add()

140

self.rename_count += 1

141

def remove(self):

142

"""Derived from the Avahi example code"""

143

if group is not None:

144

group.Reset()

145

def add(self):

146

"""Derived from the Avahi example code"""

147

global group

148

if group is None:

149

group = dbus.Interface\

150

(bus.get_object(avahi.DBUS_NAME,

151

server.EntryGroupNew()),

152

avahi.DBUS_INTERFACE_ENTRY_GROUP)

153

group.connect_to_signal('StateChanged',

154

entry_group_state_changed)

155

logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",

156

service.name, service.type)

157

group.AddService(

158

self.interface, # interface

159

avahi.PROTO_INET6, # protocol

160

dbus.UInt32(0), # flags

161

self.name, self.type,

162

self.domain, self.host,

163

dbus.UInt16(self.port),

164

avahi.string_array_to_txt_array(self.TXT))

165

group.Commit()

166

167

# From the Avahi example code:

168

group = None # our entry group

169

# End of Avahi example code

170

171

172

class Client(object):

def __init__(self, name=None, options=None, dn=None,

password=None, passfile=None, fqdn=None,

timeout=None, interval=-1):

173

"""A representation of a client host served by this server.

174

Attributes:

175

name: string; from the config file, used in log messages

176

fingerprint: string (40 or 32 hexadecimal digits); used to

177

uniquely identify the client

178

secret: bytestring; sent verbatim (over TLS) to client

179

host: string; available for use by the checker command

180

created: datetime.datetime(); object creation, not client host

181

last_checked_ok: datetime.datetime() or None if not yet checked OK

182

timeout: datetime.timedelta(); How long from last_checked_ok

183

until this client is invalid

184

interval: datetime.timedelta(); How often to start a new checker

185

stop_hook: If set, called by stop() as stop_hook(self)

186

checker: subprocess.Popen(); a running checker process used

187

to see if the client lives.

188

'None' if no process is running.

189

checker_initiator_tag: a gobject event source tag, or None

190

stop_initiator_tag: - '' -

191

checker_callback_tag: - '' -

192

checker_command: string; External command which is run to check if

193

client lives. %() expansions are done at

194

runtime with vars(self) as dict, so that for

195

instance %(name)s can be used in the command.

196

Private attibutes:

197

_timeout: Real variable for 'timeout'

198

_interval: Real variable for 'interval'

199

_timeout_milliseconds: Used when calling gobject.timeout_add()

200

_interval_milliseconds: - '' -

201

"""

202

def _set_timeout(self, timeout):

203

"Setter function for 'timeout' attribute"

204

self._timeout = timeout

205

self._timeout_milliseconds = ((self.timeout.days

206

* 24 * 60 * 60 * 1000)

207

+ (self.timeout.seconds * 1000)

208

+ (self.timeout.microseconds

209

// 1000))

210

timeout = property(lambda self: self._timeout,

211

_set_timeout)

212

del _set_timeout

213

def _set_interval(self, interval):

214

"Setter function for 'interval' attribute"

215

self._interval = interval

216

self._interval_milliseconds = ((self.interval.days

217

* 24 * 60 * 60 * 1000)

218

+ (self.interval.seconds

219

* 1000)

220

+ (self.interval.microseconds

221

// 1000))

222

interval = property(lambda self: self._interval,

223

_set_interval)

224

del _set_interval

225

def __init__(self, name = None, stop_hook=None, config={}):

226

"""Note: the 'checker' key in 'config' sets the

227

'checker_command' attribute and *not* the 'checker'

228

attribute."""

229

self.name = name

self.dn = dn

if password:

self.password = password

elif passfile:

self.password = open(passfile).readall()

230

logger.debug(u"Creating client %r", self.name)

231

# Uppercase and remove spaces from fingerprint for later

232

# comparison purposes with return value from the fingerprint()

233

# function

234

self.fingerprint = config["fingerprint"].upper()\

235

.replace(u" ", u"")

236

logger.debug(u" Fingerprint: %s", self.fingerprint)

237

if "secret" in config:

238

self.secret = config["secret"].decode(u"base64")

239

elif "secfile" in config:

240

sf = open(config["secfile"])

241

self.secret = sf.read()

242

sf.close()

243

else:

print "No Password or Passfile in client config file"

# raise RuntimeError XXX

self.password = "gazonk"

self.fqdn = fqdn # string

244

raise TypeError(u"No secret or secfile for client %s"

245

% self.name)

246

self.host = config.get("host", "")

247

self.created = datetime.datetime.now()

self.last_seen = None # datetime.datetime()

if timeout is None:

timeout = options.timeout

self.timeout = timeout # datetime.timedelta()

if interval == -1:

interval = options.interval

self.interval = interval # datetime.timedelta()

self.next_check = datetime.datetime.now() # datetime.datetime()

self.checker = None # or a subprocess.Popen()

def check_action(self, now=None):

"""The checker said something and might have completed.

Check if is has, and take appropriate actions."""

if self.checker.poll() is None:

# False alarm, no result yet

#self.checker.read()

return

if now is None:

now = datetime.datetime.now()

if self.checker.returncode == 0:

self.last_seen = now

while self.next_check <= now:

self.next_check += self.interval

handle_request = check_action

248

self.last_checked_ok = None

249

self.timeout = string_to_delta(config["timeout"])

250

self.interval = string_to_delta(config["interval"])

251

self.stop_hook = stop_hook

252

self.checker = None

253

self.checker_initiator_tag = None

254

self.stop_initiator_tag = None

255

self.checker_callback_tag = None

256

self.check_command = config["checker"]

257

def start(self):

258

"""Start this client's checker and timeout hooks"""

259

# Schedule a new checker to be started an 'interval' from now,

260

# and every interval from then on.

261

self.checker_initiator_tag = gobject.timeout_add\

262

(self._interval_milliseconds,

263

self.start_checker)

264

# Also start a new checker *right now*.

265

self.start_checker()

266

# Schedule a stop() when 'timeout' has passed

267

self.stop_initiator_tag = gobject.timeout_add\

268

(self._timeout_milliseconds,

269

self.stop)

270

def stop(self):

271

"""Stop this client.

272

The possibility that a client might be restarted is left open,

273

but not currently used."""

274

# If this client doesn't have a secret, it is already stopped.

275

if hasattr(self, "secret") and self.secret:

276

logger.info(u"Stopping client %s", self.name)

277

self.secret = None

278

else:

279

return False

280

if getattr(self, "stop_initiator_tag", False):

281

gobject.source_remove(self.stop_initiator_tag)

282

self.stop_initiator_tag = None

283

if getattr(self, "checker_initiator_tag", False):

284

gobject.source_remove(self.checker_initiator_tag)

285

self.checker_initiator_tag = None

286

self.stop_checker()

287

if self.stop_hook:

288

self.stop_hook(self)

289

# Do not run this again if called by a gobject.timeout_add

290

return False

291

def __del__(self):

292

self.stop_hook = None

293

self.stop()

294

def checker_callback(self, pid, condition):

295

"""The checker has completed, so take appropriate actions."""

296

now = datetime.datetime.now()

297

self.checker_callback_tag = None

298

self.checker = None

299

if os.WIFEXITED(condition) \

300

and (os.WEXITSTATUS(condition) == 0):

301

logger.info(u"Checker for %(name)s succeeded",

302

vars(self))

303

self.last_checked_ok = now

304

gobject.source_remove(self.stop_initiator_tag)

305

self.stop_initiator_tag = gobject.timeout_add\

306

(self._timeout_milliseconds,

307

self.stop)

308

elif not os.WIFEXITED(condition):

309

logger.warning(u"Checker for %(name)s crashed?",

310

vars(self))

311

else:

312

logger.info(u"Checker for %(name)s failed",

313

vars(self))

314

def start_checker(self):

self.stop_checker()

try:

self.checker = subprocess.Popen("sleep 1; fping -q -- %s"

% re.escape(self.fqdn),

stdout=subprocess.PIPE,

close_fds=True,

shell=True, cwd="/")

except subprocess.OSError, e:

print "Failed to start subprocess:", e

315

"""Start a new checker subprocess if one is not running.

316

If a checker already exists, leave it running and do

317

nothing."""

318

# The reason for not killing a running checker is that if we

319

# did that, then if a checker (for some reason) started

320

# running slowly and taking more than 'interval' time, the

321

# client would inevitably timeout, since no checker would get

322

# a chance to run to completion. If we instead leave running

323

# checkers alone, the checker would have to take more time

324

# than 'timeout' for the client to be declared invalid, which

325

# is as it should be.

326

if self.checker is None:

327

try:

328

# In case check_command has exactly one % operator

329

command = self.check_command % self.host

330

except TypeError:

331

# Escape attributes for the shell

332

escaped_attrs = dict((key, re.escape(str(val)))

333

for key, val in

334

vars(self).iteritems())

335

try:

336

command = self.check_command % escaped_attrs

337

except TypeError, error:

338

logger.error(u'Could not format string "%s":'

339

u' %s', self.check_command, error)

340

return True # Try again later

341

try:

342

logger.info(u"Starting checker %r for %s",

343

command, self.name)

344

# We don't need to redirect stdout and stderr, since

345

# in normal mode, that is already done by daemon(),

346

# and in debug mode we don't want to. (Stdin is

347

# always replaced by /dev/null.)

348

self.checker = subprocess.Popen(command,

349

close_fds=True,

350

shell=True, cwd="/")

351

self.checker_callback_tag = gobject.child_watch_add\

352

(self.checker.pid,

353

self.checker_callback)

354

except OSError, error:

355

logger.error(u"Failed to start subprocess: %s",

356

error)

357

# Re-run this periodically if run by gobject.timeout_add

358

return True

359

def stop_checker(self):

if self.checker is None:

360

"""Force the checker process, if any, to stop."""

361

if self.checker_callback_tag:

362

gobject.source_remove(self.checker_callback_tag)

363

self.checker_callback_tag = None

364

if getattr(self, "checker", None) is None:

365

return

os.kill(self.checker.pid, signal.SIGTERM)

if self.checker.poll() is None:

os.kill(self.checker.pid, signal.SIGKILL)

366

logger.debug(u"Stopping checker for %(name)s", vars(self))

367

try:

368

os.kill(self.checker.pid, signal.SIGTERM)

369

#os.sleep(0.5)

370

#if self.checker.poll() is None:

371

# os.kill(self.checker.pid, signal.SIGKILL)

372

except OSError, error:

373

if error.errno != errno.ESRCH: # No such process

374

raise

375

self.checker = None

__del__ = stop_checker

def fileno(self):

if self.checker is None:

return None

return self.checker.stdout.fileno()

def next_stop(self):

"""The time when something must be done about this client"""

return min(self.last_seen + self.timeout, self.next_check)

def still_valid(self, now=None):

"""Has this client's timeout not passed?"""

if now is None:

now = datetime.datetime.now()

return now < (self.last_seen + timeout)

def it_is_time_to_check(self, now=None):

if now is None:

now = datetime.datetime.now()

return self.next_check <= now

class server_metaclass(type):

"Common behavior for the UDP and TCP server classes"

def __new__(cls, name, bases, attrs):

attrs["address_family"] = socket.AF_INET6

attrs["allow_reuse_address"] = True

def server_bind(self):

if self.options.interface:

100

if not hasattr(socket, "SO_BINDTODEVICE"):

101

# From /usr/include/asm-i486/socket.h

102

socket.SO_BINDTODEVICE = 25

103

try:

104

self.socket.setsockopt(socket.SOL_SOCKET,

105

socket.SO_BINDTODEVICE,

106

self.options.interface)

107

except socket.error, error:

108

if error[0] == errno.EPERM:

109

print "Warning: No permission to bind to interface", \

110

self.options.interface

111

else:

112

raise error

113

return super(type(self), self).server_bind()

114

attrs["server_bind"] = server_bind

115

def init(self, *args, **kwargs):

116

if "options" in kwargs:

117

self.options = kwargs["options"]

118

del kwargs["options"]

119

if "clients" in kwargs:

120

self.clients = kwargs["clients"]

121

del kwargs["clients"]

122

if "credentials" in kwargs:

123

self.credentials = kwargs["credentials"]

124

del kwargs["credentials"]

125

return super(type(self), self).__init__(*args, **kwargs)

126

attrs["__init__"] = init

127

return type.__new__(cls, name, bases, attrs)

128

129

130

class udp_handler(SocketServer.DatagramRequestHandler, object):

131

def handle(self):

132

self.wfile.write("Polo")

133

print "UDP request answered"

134

135

136

class IPv6_UDPServer(SocketServer.UDPServer, object):

137

__metaclass__ = server_metaclass

138

def verify_request(self, request, client_address):

139

print "UDP request came"

140

return request[0] == "Marco"

376

def still_valid(self):

377

"""Has the timeout not yet passed for this client?"""

378

now = datetime.datetime.now()

379

if self.last_checked_ok is None:

380

return now < (self.created + self.timeout)

381

else:

382

return now < (self.last_checked_ok + self.timeout)

383

384

385

def peer_certificate(session):

386

"Return the peer's OpenPGP certificate as a bytestring"

387

# If not an OpenPGP certificate...

388

if gnutls.library.functions.gnutls_certificate_type_get\

389

(session._c_object) \

390

!= gnutls.library.constants.GNUTLS_CRT_OPENPGP:

391

# ...do the normal thing

392

return session.peer_certificate

393

list_size = ctypes.c_uint()

394

cert_list = gnutls.library.functions.gnutls_certificate_get_peers\

395

(session._c_object, ctypes.byref(list_size))

396

if list_size.value == 0:

397

return None

398

cert = cert_list[0]

399

return ctypes.string_at(cert.data, cert.size)

400

401

402

def fingerprint(openpgp):

403

"Convert an OpenPGP bytestring to a hexdigit fingerprint string"

404

# New GnuTLS "datum" with the OpenPGP public key

405

datum = gnutls.library.types.gnutls_datum_t\

406

(ctypes.cast(ctypes.c_char_p(openpgp),

407

ctypes.POINTER(ctypes.c_ubyte)),

408

ctypes.c_uint(len(openpgp)))

409

# New empty GnuTLS certificate

410

crt = gnutls.library.types.gnutls_openpgp_crt_t()

411

gnutls.library.functions.gnutls_openpgp_crt_init\

412

(ctypes.byref(crt))

413

# Import the OpenPGP public key into the certificate

414

gnutls.library.functions.gnutls_openpgp_crt_import\

415

(crt, ctypes.byref(datum),

416

gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)

417

# Verify the self signature in the key

418

crtverify = ctypes.c_uint();

419

gnutls.library.functions.gnutls_openpgp_crt_verify_self\

420

(crt, 0, ctypes.byref(crtverify))

421

if crtverify.value != 0:

422

gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)

423

raise gnutls.errors.CertificateSecurityError("Verify failed")

424

# New buffer for the fingerprint

425

buffer = ctypes.create_string_buffer(20)

426

buffer_length = ctypes.c_size_t()

427

# Get the fingerprint from the certificate into the buffer

428

gnutls.library.functions.gnutls_openpgp_crt_get_fingerprint\

429

(crt, ctypes.byref(buffer), ctypes.byref(buffer_length))

430

# Deinit the certificate

431

gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)

432

# Convert the buffer to a Python bytestring

433

fpr = ctypes.string_at(buffer, buffer_length.value)

434

# Convert the bytestring to hexadecimal notation

435

hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)

436

return hex_fpr

141

437

142

438

143

439

class tcp_handler(SocketServer.BaseRequestHandler, object):

440

"""A TCP request handler class.

441

Instantiated by IPv6_TCPServer for each request to handle it.

442

Note: This will run in its own forked process."""

443

144

444

def handle(self):

145

print "TCP request came"

146

print "Request:", self.request

147

print "Client Address:", self.client_address

148

print "Server:", self.server

149

session = gnutls.connection.ServerSession(self.request,

150

self.server.credentials)

151

session.handshake()

152

if session.peer_certificate:

153

print "DN:", session.peer_certificate.subject

154

try:

155

session.verify_peer()

156

except gnutls.errors.CertificateError, error:

157

print "Verify failed", error

158

session.bye()

159

return

160

try:

161

session.send(dict((client.dn, client.password)

162

for client in self.server.clients)

163

[session.peer_certificate.subject])

164

except KeyError:

165

session.send("gazonk")

166

# Log maybe? XXX

445

logger.info(u"TCP connection from: %s",

446

unicode(self.client_address))

447

session = gnutls.connection.ClientSession\

448

(self.request, gnutls.connection.X509Credentials())

449

450

line = self.request.makefile().readline()

451

logger.debug(u"Protocol version: %r", line)

452

try:

453

if int(line.strip().split()[0]) > 1:

454

raise RuntimeError

455

except (ValueError, IndexError, RuntimeError), error:

456

logger.error(u"Unknown protocol version: %s", error)

457

return

458

459

# Note: gnutls.connection.X509Credentials is really a generic

460

# GnuTLS certificate credentials object so long as no X.509

461

# keys are added to it. Therefore, we can use it here despite

462

# using OpenPGP certificates.

463

464

#priority = ':'.join(("NONE", "+VERS-TLS1.1", "+AES-256-CBC",

465

# "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",

466

# "+DHE-DSS"))

467

priority = "NORMAL" # Fallback default, since this

468

# MUST be set.

469

if self.server.settings["priority"]:

470

priority = self.server.settings["priority"]

471

gnutls.library.functions.gnutls_priority_set_direct\

472

(session._c_object, priority, None);

473

474

try:

475

session.handshake()

476

except gnutls.errors.GNUTLSError, error:

477

logger.warning(u"Handshake failed: %s", error)

478

# Do not run session.bye() here: the session is not

479

# established. Just abandon the request.

480

return

481

try:

482

fpr = fingerprint(peer_certificate(session))

483

except (TypeError, gnutls.errors.GNUTLSError), error:

484

logger.warning(u"Bad certificate: %s", error)

485

session.bye()

486

return

487

logger.debug(u"Fingerprint: %s", fpr)

488

client = None

489

for c in self.server.clients:

490

if c.fingerprint == fpr:

491

client = c

492

break

493

if not client:

494

logger.warning(u"Client not found for fingerprint: %s",

495

fpr)

496

session.bye()

497

return

498

# Have to check if client.still_valid(), since it is possible

499

# that the client timed out while establishing the GnuTLS

500

# session.

501

if not client.still_valid():

502

logger.warning(u"Client %(name)s is invalid",

503

vars(client))

504

session.bye()

505

return

506

sent_size = 0

507

while sent_size < len(client.secret):

508

sent = session.send(client.secret[sent_size:])

509

logger.debug(u"Sent: %d, remaining: %d",

510

sent, len(client.secret)

511

- (sent_size + sent))

512

sent_size += sent

167

513

session.bye()

168

514

169

515

170

516

class IPv6_TCPServer(SocketServer.ForkingTCPServer, object):

171

__metaclass__ = server_metaclass

172

request_queue_size = 1024

173

174

175

in6addr_any = "::"

517

"""IPv6 TCP server. Accepts 'None' as address and/or port.

518

Attributes:

519

settings: Server settings

520

clients: Set() of Client objects

521

enabled: Boolean; whether this server is activated yet

522

"""

523

address_family = socket.AF_INET6

524

def __init__(self, *args, **kwargs):

525

if "settings" in kwargs:

526

self.settings = kwargs["settings"]

527

del kwargs["settings"]

528

if "clients" in kwargs:

529

self.clients = kwargs["clients"]

530

del kwargs["clients"]

531

self.enabled = False

532

return super(type(self), self).__init__(*args, **kwargs)

533

def server_bind(self):

534

"""This overrides the normal server_bind() function

535

to bind to an interface if one was specified, and also NOT to

536

bind to an address or port if they were not specified."""

537

if self.settings["interface"]:

538

# 25 is from /usr/include/asm-i486/socket.h

539

SO_BINDTODEVICE = getattr(socket, "SO_BINDTODEVICE", 25)

540

try:

541

self.socket.setsockopt(socket.SOL_SOCKET,

542

SO_BINDTODEVICE,

543

self.settings["interface"])

544

except socket.error, error:

545

if error[0] == errno.EPERM:

546

logger.error(u"No permission to"

547

u" bind to interface %s",

548

self.settings["interface"])

549

else:

550

raise error

551

# Only bind(2) the socket if we really need to.

552

if self.server_address[0] or self.server_address[1]:

553

if not self.server_address[0]:

554

in6addr_any = "::"

555

self.server_address = (in6addr_any,

556

self.server_address[1])

557

elif not self.server_address[1]:

558

self.server_address = (self.server_address[0],

559

560

# if self.settings["interface"]:

561

# self.server_address = (self.server_address[0],

562

# 0, # port

563

# 0, # flowinfo

564

# if_nametoindex

565

# (self.settings

566

# ["interface"]))

567

return super(type(self), self).server_bind()

568

def server_activate(self):

569

if self.enabled:

570

return super(type(self), self).server_activate()

571

def enable(self):

572

self.enabled = True

573

176

574

177

575

def string_to_delta(interval):

178

576

"""Parse a string and return a datetime.timedelta

187

585

datetime.timedelta(1)

188

586

>>> string_to_delta(u'1w')

189

587

datetime.timedelta(7)

588

>>> string_to_delta('5m 30s')

589

datetime.timedelta(0, 330)

190

590

"""

191

try:

192

suffix=unicode(interval[-1])

193

value=int(interval[:-1])

194

if suffix == u"d":

195

delta = datetime.timedelta(value)

196

elif suffix == u"s":

197

delta = datetime.timedelta(0, value)

198

elif suffix == u"m":

199

delta = datetime.timedelta(0, 0, 0, 0, value)

200

elif suffix == u"h":

201

delta = datetime.timedelta(0, 0, 0, 0, 0, value)

202

elif suffix == u"w":

203

delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)

204

else:

591

timevalue = datetime.timedelta(0)

592

for s in interval.split():

593

try:

594

suffix=unicode(s[-1])

595

value=int(s[:-1])

596

if suffix == u"d":

597

delta = datetime.timedelta(value)

598

elif suffix == u"s":

599

delta = datetime.timedelta(0, value)

600

elif suffix == u"m":

601

delta = datetime.timedelta(0, 0, 0, 0, value)

602

elif suffix == u"h":

603

delta = datetime.timedelta(0, 0, 0, 0, 0, value)

604

elif suffix == u"w":

605

delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)

606

else:

607

raise ValueError

608

except (ValueError, IndexError):

205

609

raise ValueError

206

except (ValueError, IndexError):

207

raise ValueError

208

return delta

610

timevalue += delta

611

return timevalue

612

613

614

def server_state_changed(state):

615

"""Derived from the Avahi example code"""

616

if state == avahi.SERVER_COLLISION:

617

logger.error(u"Zeroconf server name collision")

618

service.remove()

619

elif state == avahi.SERVER_RUNNING:

620

service.add()

621

622

623

def entry_group_state_changed(state, error):

624

"""Derived from the Avahi example code"""

625

logger.debug(u"Avahi state change: %i", state)

626

627

if state == avahi.ENTRY_GROUP_ESTABLISHED:

628

logger.debug(u"Zeroconf service established.")

629

elif state == avahi.ENTRY_GROUP_COLLISION:

630

logger.warning(u"Zeroconf service name collision.")

631

service.rename()

632

elif state == avahi.ENTRY_GROUP_FAILURE:

633

logger.critical(u"Avahi: Error in group state changed %s",

634

unicode(error))

635

raise AvahiGroupError("State changed: %s", str(error))

636

637

def if_nametoindex(interface):

638

"""Call the C function if_nametoindex(), or equivalent"""

639

global if_nametoindex

640

try:

641

if "ctypes.util" not in sys.modules:

642

import ctypes.util

643

if_nametoindex = ctypes.cdll.LoadLibrary\

644

(ctypes.util.find_library("c")).if_nametoindex

645

except (OSError, AttributeError):

646

if "struct" not in sys.modules:

647

import struct

648

if "fcntl" not in sys.modules:

649

import fcntl

650

def if_nametoindex(interface):

651

"Get an interface index the hard way, i.e. using fcntl()"

652

SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h

653

s = socket.socket()

654

ifreq = fcntl.ioctl(s, SIOCGIFINDEX,

655

struct.pack("16s16x", interface))

656

s.close()

657

interface_index = struct.unpack("I", ifreq[16:20])[0]

658

return interface_index

659

return if_nametoindex(interface)

660

661

662

def daemon(nochdir = False, noclose = False):

663

"""See daemon(3). Standard BSD Unix function.

664

This should really exist as os.daemon, but it doesn't (yet)."""

665

if os.fork():

666

sys.exit()

667

os.setsid()

668

if not nochdir:

669

os.chdir("/")

670

if os.fork():

671

sys.exit()

672

if not noclose:

673

# Close all standard open file descriptors

674

null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)

675

if not stat.S_ISCHR(os.fstat(null).st_mode):

676

raise OSError(errno.ENODEV,

677

"/dev/null not a character device")

678

os.dup2(null, sys.stdin.fileno())

679

os.dup2(null, sys.stdout.fileno())

680

os.dup2(null, sys.stderr.fileno())

681

if null > 2:

682

os.close(null)

209

683

210

684

211

685

def main():

212

parser = OptionParser()

686

global main_loop_started

687

main_loop_started = False

688

689

parser = OptionParser(version = "%%prog %s" % version)

213

690

parser.add_option("-i", "--interface", type="string",

214

default="eth0", metavar="IF",

215

help="Interface to bind to")

216

parser.add_option("--cert", type="string", default="cert.pem",

217

metavar="FILE",

218

help="Public key certificate to use")

219

parser.add_option("--key", type="string", default="key.pem",

220

metavar="FILE",

221

help="Private key to use")

222

parser.add_option("--ca", type="string", default="ca.pem",

223

metavar="FILE",

224

help="Certificate Authority certificate to use")

225

parser.add_option("--crl", type="string", default="crl.pem",

226

metavar="FILE",

227

help="Certificate Revokation List to use")

228

parser.add_option("-p", "--port", type="int", default=49001,

691

metavar="IF", help="Bind to interface IF")

692

parser.add_option("-a", "--address", type="string",

693

help="Address to listen for requests on")

694

parser.add_option("-p", "--port", type="int",

229

695

help="Port number to receive requests on")

230

parser.add_option("--dh", type="int", metavar="BITS",

231

help="DH group to use")

232

parser.add_option("-t", "--timeout", type="string", # Parsed later

233

default="15m",

234

help="Amount of downtime allowed for clients")

235

parser.add_option("--interval", type="string", # Parsed later

236

default="5m",

237

help="How often to check that a client is up")

238

696

parser.add_option("--check", action="store_true", default=False,

239

697

help="Run self-test")

698

parser.add_option("--debug", action="store_true",

699

help="Debug mode; run in foreground and log to"

700

" terminal")

701

parser.add_option("--priority", type="string", help="GnuTLS"

702

" priority string (see GnuTLS documentation)")

703

parser.add_option("--servicename", type="string", metavar="NAME",

704

help="Zeroconf service name")

705

parser.add_option("--configdir", type="string",

706

default="/etc/mandos", metavar="DIR",

707

help="Directory to search for configuration"

708

" files")

240

709

(options, args) = parser.parse_args()

241

710

242

711

if options.check:

243

712

import doctest

244

713

doctest.testmod()

245

714

sys.exit()

246

715

247

# Parse the time arguments

248

try:

249

options.timeout = string_to_delta(options.timeout)

250

except ValueError:

251

parser.error("option --timeout: Unparseable time")

252

253

try:

254

options.interval = string_to_delta(options.interval)

255

except ValueError:

256

parser.error("option --interval: Unparseable time")

257

258

cert = gnutls.crypto.X509Certificate(open(options.cert).read())

259

key = gnutls.crypto.X509PrivateKey(open(options.key).read())

260

ca = gnutls.crypto.X509Certificate(open(options.ca).read())

261

crl = gnutls.crypto.X509CRL(open(options.crl).read())

262

cred = gnutls.connection.X509Credentials(cert, key, [ca], [crl])

263

264

# Parse config file

265

defaults = {}

266

client_config_object = ConfigParser.SafeConfigParser(defaults)

267

client_config_object.read("mandos-clients.conf")

268

clients = [Client(name=section, options=options,

269

**(dict(client_config_object.items(section))))

270

for section in client_config_object.sections()]

271

272

udp_server = IPv6_UDPServer((in6addr_any, options.port),

273

udp_handler,

274

options=options)

275

276

tcp_server = IPv6_TCPServer((in6addr_any, options.port),

716

# Default values for config file for server-global settings

717

server_defaults = { "interface": "",

718

"address": "",

719

"port": "",

720

"debug": "False",

721

"priority":

722

"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",

723

"servicename": "Mandos",

724

}

725

726

# Parse config file for server-global settings

727

server_config = ConfigParser.SafeConfigParser(server_defaults)

728

del server_defaults

729

server_config.read(os.path.join(options.configdir, "mandos.conf"))

730

# Convert the SafeConfigParser object to a dict

731

server_settings = server_config.defaults()

732

# Use getboolean on the boolean config option

733

server_settings["debug"] = server_config.getboolean\

734

("DEFAULT", "debug")

735

del server_config

736

737

# Override the settings from the config file with command line

738

# options, if set.

739

for option in ("interface", "address", "port", "debug",

740

"priority", "servicename", "configdir"):

741

value = getattr(options, option)

742

if value is not None:

743

server_settings[option] = value

744

del options

745

# Now we have our good server settings in "server_settings"

746

747

debug = server_settings["debug"]

748

749

if not debug:

750

syslogger.setLevel(logging.WARNING)

751

console.setLevel(logging.WARNING)

752

753

if server_settings["servicename"] != "Mandos":

754

syslogger.setFormatter(logging.Formatter\

755

('Mandos (%s): %%(levelname)s:'

756

' %%(message)s'

757

% server_settings["servicename"]))

758

759

# Parse config file with clients

760

client_defaults = { "timeout": "1h",

761

"interval": "5m",

762

"checker": "fping -q -- %(host)s",

763

"host": "",

764

}

765

client_config = ConfigParser.SafeConfigParser(client_defaults)

766

client_config.read(os.path.join(server_settings["configdir"],

767

"clients.conf"))

768

769

clients = Set()

770

tcp_server = IPv6_TCPServer((server_settings["address"],

771

server_settings["port"]),

277

772

tcp_handler,

278

options=options,

279

clients=clients,

280

credentials=cred)

281

282

while True:

283

try:

284

input, out, err = select.select((udp_server,

285

tcp_server), (), ())

286

if not input:

287

pass

288

else:

289

for obj in input:

290

obj.handle_request()

291

except KeyboardInterrupt:

292

break

293

294

# Cleanup here

773

settings=server_settings,

774

clients=clients)

775

pidfilename = "/var/run/mandos.pid"

776

try:

777

pidfile = open(pidfilename, "w")

778

except IOError, error:

779

logger.error("Could not open file %r", pidfilename)

780

781

uid = 65534

782

gid = 65534

783

try:

784

uid = pwd.getpwnam("mandos").pw_uid

785

except KeyError:

786

try:

787

uid = pwd.getpwnam("nobody").pw_uid

788

except KeyError:

789

pass

790

try:

791

gid = pwd.getpwnam("mandos").pw_gid

792

except KeyError:

793

try:

794

gid = pwd.getpwnam("nogroup").pw_gid

795

except KeyError:

796

pass

797

try:

798

os.setuid(uid)

799

os.setgid(gid)

800

except OSError, error:

801

if error[0] != errno.EPERM:

802

raise error

803

804

global service

805

service = AvahiService(name = server_settings["servicename"],

806

type = "_mandos._tcp", );

807

if server_settings["interface"]:

808

service.interface = if_nametoindex\

809

(server_settings["interface"])

810

811

global main_loop

812

global bus

813

global server

814

# From the Avahi example code

815

DBusGMainLoop(set_as_default=True )

816

main_loop = gobject.MainLoop()

817

bus = dbus.SystemBus()

818

server = dbus.Interface(bus.get_object(avahi.DBUS_NAME,

819

avahi.DBUS_PATH_SERVER),

820

avahi.DBUS_INTERFACE_SERVER)

821

# End of Avahi example code

822

823

def remove_from_clients(client):

824

clients.remove(client)

825

if not clients:

826

logger.critical(u"No clients left, exiting")

827

sys.exit()

828

829

clients.update(Set(Client(name = section,

830

stop_hook = remove_from_clients,

831

config

832

= dict(client_config.items(section)))

833

for section in client_config.sections()))

834

if not clients:

835

logger.critical(u"No clients defined")

836

sys.exit(1)

837

838

if debug:

839

# Redirect stdin so all checkers get /dev/null

840

null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)

841

os.dup2(null, sys.stdin.fileno())

842

if null > 2:

843

os.close(null)

844

else:

845

# No console logging

846

logger.removeHandler(console)

847

# Close all input and output, do double fork, etc.

848

daemon()

849

850

try:

851

pid = os.getpid()

852

pidfile.write(str(pid) + "\n")

853

pidfile.close()

854

del pidfile

855

except IOError, err:

856

logger.error(u"Could not write to file %r with PID %d",

857

pidfilename, pid)

858

except NameError:

859

# "pidfile" was never created

860

pass

861

del pidfilename

862

863

def cleanup():

864

"Cleanup function; run on exit"

865

global group

866

# From the Avahi example code

867

if not group is None:

868

group.Free()

869

group = None

870

# End of Avahi example code

871

872

while clients:

873

client = clients.pop()

874

client.stop_hook = None

875

client.stop()

876

877

atexit.register(cleanup)

878

879

if not debug:

880

signal.signal(signal.SIGINT, signal.SIG_IGN)

881

signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())

882

signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())

883

295

884

for client in clients:

296

client.stop_checker()

297

298

299

if __name__ == "__main__":

885

client.start()

886

887

tcp_server.enable()

888

tcp_server.server_activate()

889

890

# Find out what port we got

891

service.port = tcp_server.socket.getsockname()[1]

892

logger.info(u"Now listening on address %r, port %d, flowinfo %d,"

893

u" scope_id %d" % tcp_server.socket.getsockname())

894

895

#service.interface = tcp_server.socket.getsockname()[3]

896

897

try:

898

# From the Avahi example code

899

server.connect_to_signal("StateChanged", server_state_changed)

900

try:

901

server_state_changed(server.GetState())

902

except dbus.exceptions.DBusException, error:

903

logger.critical(u"DBusException: %s", error)

904

sys.exit(1)

905

# End of Avahi example code

906

907

gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,

908

lambda *args, **kwargs:

909

tcp_server.handle_request\

910

(*args[2:], **kwargs) or True)

911

912

logger.debug(u"Starting main loop")

913

main_loop_started = True

914

main_loop.run()

915

except AvahiError, error:

916

logger.critical(u"AvahiError: %s" + unicode(error))

917

sys.exit(1)

918

except KeyboardInterrupt:

919

if debug:

920

921

922

if __name__ == '__main__':

300

923

main()

301

Older »