To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 237.4.29
- compare with another revision
- download diff
- download tarball
- view history from revision 237.4.29
- Committer: Teddy Hogeborn
- Date: 2012-02-21 21:27:14 UTC
- mfrom: (237.6.1 nmu)
- mto: (237.4.31 release)
- mto: This revision was merged to the branch mainline in revision 560.
- Revision ID: teddy@recompile.se-20120221212714-40iub281d4yvrk9r
Tags: version-1.5.3-1.1
Merge NMU change.
added
removed
mandos
85
85
except ImportError:
86
86
SO_BINDTODEVICE = None
87
87
88
version = "1.5.0"
88
version = "1.5.3"
89
89
stored_state_file = "clients.pickle"
90
90
91
91
logger = logging.getLogger()
415
415
last_checked_ok: datetime.datetime(); (UTC) or None
416
416
last_checker_status: integer between 0 and 255 reflecting exit
417
417
status of last checker. -1 reflects crashed
418
checker, or None.
418
checker, -2 means no checker completed yet.
419
419
last_enabled: datetime.datetime(); (UTC) or None
420
420
name: string; from the config file, used in log messages and
421
421
D-Bus identifiers
422
422
secret: bytestring; sent verbatim (over TLS) to client
423
423
timeout: datetime.timedelta(); How long from last_checked_ok
424
424
until this client is disabled
425
extended_timeout: extra long timeout when password has been sent
425
extended_timeout: extra long timeout when secret has been sent
426
426
runtime_expansions: Allowed attributes for runtime expansion.
427
427
expires: datetime.datetime(); time (UTC) when a client will be
428
428
disabled, or None
501
501
client["checker_command"] = section["checker"]
502
502
client["last_approval_request"] = None
503
503
client["last_checked_ok"] = None
504
client["last_checker_status"] = None
504
client["last_checker_status"] = -2
505
505
506
506
return settings
507
507
626
626
logger.warning("Checker for %(name)s crashed?",
627
627
vars(self))
628
628
629
def checked_ok(self, timeout=None):
630
"""Bump up the timeout for this client.
631
632
This should only be called when the client has been seen,
633
alive and well.
634
"""
629
def checked_ok(self):
630
"""Assert that the client has been seen, alive and well."""
631
self.last_checked_ok = datetime.datetime.utcnow()
632
self.last_checker_status = 0
633
self.bump_timeout()
634
635
def bump_timeout(self, timeout=None):
636
"""Bump up the timeout for this client."""
635
637
if timeout is None:
636
638
timeout = self.timeout
637
self.last_checked_ok = datetime.datetime.utcnow()
638
639
if self.disable_initiator_tag is not None:
639
640
gobject.source_remove(self.disable_initiator_tag)
640
641
if getattr(self, "enabled", False):
1049
1050
def __init__(self, bus = None, *args, **kwargs):
1050
1051
self.bus = bus
1051
1052
Client.__init__(self, *args, **kwargs)
1052
self._approvals_pending = 0
1053
1054
self._approvals_pending = 0
1055
1053
# Only now, when this client is initialized, can it show up on
1056
1054
# the D-Bus
1057
1055
client_object_name = unicode(self.name).translate(
1103
1101
checker is not None)
1104
1102
last_checked_ok = notifychangeproperty(datetime_to_dbus,
1105
1103
"LastCheckedOK")
1104
last_checker_status = notifychangeproperty(dbus.Int16,
1105
"LastCheckerStatus")
1106
1106
last_approval_request = notifychangeproperty(
1107
1107
datetime_to_dbus, "LastApprovalRequest")
1108
1108
approved_by_default = notifychangeproperty(dbus.Boolean,
1227
1227
"D-Bus signal"
1228
1228
return self.need_approval()
1229
1229
1230
# NeRwequest - signal
1231
@dbus.service.signal(_interface, signature="s")
1232
def NewRequest(self, ip):
1233
"""D-Bus signal
1234
Is sent after a client request a password.
1235
"""
1236
pass
1237
1238
1230
## Methods
1239
1231
1240
1232
# Approve - method
1350
1342
return
1351
1343
return datetime_to_dbus(self.last_checked_ok)
1352
1344
1345
# LastCheckerStatus - property
1346
@dbus_service_property(_interface, signature="n",
1347
access="read")
1348
def LastCheckerStatus_dbus_property(self):
1349
return dbus.Int16(self.last_checker_status)
1350
1353
1351
# Expires - property
1354
1352
@dbus_service_property(_interface, signature="s", access="read")
1355
1353
def Expires_dbus_property(self):
1547
1545
except KeyError:
1548
1546
return
1549
1547
1550
if self.server.use_dbus:
1551
# Emit D-Bus signal
1552
client.NewRequest(str(self.client_address))
1553
1554
1548
if client.approval_delay:
1555
1549
delay = client.approval_delay
1556
1550
client.approvals_pending += 1
1620
1614
1621
1615
logger.info("Sending secret to %s", client.name)
1622
1616
# bump the timeout using extended_timeout
1623
client.checked_ok(client.extended_timeout)
1617
client.bump_timeout(client.extended_timeout)
1624
1618
if self.server.use_dbus:
1625
1619
# Emit D-Bus signal
1626
1620
client.GotSecret()
2250
2244
2251
2245
# Clients who has passed its expire date can still be
2252
2246
# enabled if its last checker was successful. Clients
2253
# whose checker failed before we stored its state is
2254
# assumed to have failed all checkers during downtime.
2247
# whose checker succeeded before we stored its state is
2248
# assumed to have successfully run all checkers during
2249
# downtime.
2255
2250
if client["enabled"]:
2256
2251
if datetime.datetime.utcnow() >= client["expires"]:
2257
2252
if not client["last_checked_ok"]:
2258
2253
logger.warning(
2259
2254
"disabling client {0} - Client never "
2260
"performed a successfull checker"
2261
.format(client["name"]))
2255
"performed a successful checker"
2256
.format(client_name))
2262
2257
client["enabled"] = False
2263
2258
elif client["last_checker_status"] != 0:
2264
2259
logger.warning(
2265
2260
"disabling client {0} - Client "
2266
2261
"last checker failed with error code {1}"
2267
.format(client["name"],
2262
.format(client_name,
2268
2263
client["last_checker_status"]))
2269
2264
client["enabled"] = False
2270
2265
else:
2273
2268
+ client["timeout"])
2274
2269
logger.debug("Last checker succeeded,"
2275
2270
" keeping {0} enabled"
2276
.format(client["name"]))
2271
.format(client_name))
2277
2272
try:
2278
2273
client["secret"] = (
2279
2274
pgp.decrypt(client["encrypted_secret"],
2295
2290
- set(old_client_settings)):
2296
2291
clients_data[client_name] = client_settings[client_name]
2297
2292
2298
# Create clients all clients
2293
# Create all client objects
2299
2294
for client_name, client in clients_data.iteritems():
2300
2295
tcp_server.clients[client_name] = client_class(
2301
2296
name = client_name, settings = client)
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0