To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 24.1.154
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.154
- Committer: Björn Påhlsson
- Date: 2010-09-04 13:31:36 UTC
- mfrom: (24.2.5 mandos-multiprocessing)
- mto: (237.4.3 mandos-release)
- mto: This revision was merged to the branch mainline in revision 421.
- Revision ID: belorn@fukt.bsnet.se-20100904133136-vhn6gxmunefopx3c
merge
new approve/deny functionallity in mandos-monitor
new approve/deny functionallity in mandos-monitor
added
removed
mandos
157
157
u" after %i retries, exiting.",
158
158
self.rename_count)
159
159
raise AvahiServiceError(u"Too many renames")
160
self.name = unicode(self.server.GetAlternativeServiceName(self.name))
160
self.name = self.server.GetAlternativeServiceName(self.name)
161
161
logger.info(u"Changing Zeroconf service name to %r ...",
162
self.name)
162
unicode(self.name))
163
163
syslogger.setFormatter(logging.Formatter
164
164
(u'Mandos (%s) [%%(process)d]:'
165
165
u' %%(levelname)s: %%(message)s'
166
166
% self.name))
167
167
self.remove()
168
try:
169
self.add()
170
except dbus.exceptions.DBusException, error:
171
logger.critical(u"DBusException: %s", error)
172
self.cleanup()
173
os._exit(1)
168
self.add()
174
169
self.rename_count += 1
175
170
def remove(self):
176
171
"""Derived from the Avahi example code"""
199
194
self.group.Commit()
200
195
def entry_group_state_changed(self, state, error):
201
196
"""Derived from the Avahi example code"""
202
logger.debug(u"Avahi entry group state change: %i", state)
197
logger.debug(u"Avahi state change: %i", state)
203
198
204
199
if state == avahi.ENTRY_GROUP_ESTABLISHED:
205
200
logger.debug(u"Zeroconf service established.")
218
213
self.group = None
219
214
def server_state_changed(self, state):
220
215
"""Derived from the Avahi example code"""
221
logger.debug(u"Avahi server state change: %i", state)
222
216
if state == avahi.SERVER_COLLISION:
223
217
logger.error(u"Zeroconf server name collision")
224
218
self.remove()
310
304
"rb") as secfile:
311
305
self.secret = secfile.read()
312
306
else:
307
#XXX Need to allow secret on demand!
313
308
raise TypeError(u"No secret or secfile for client %s"
314
309
% self.name)
315
310
self.host = config.get(u"host", u"")
717
712
DBusObjectWithProperties.__init__(self, self.bus,
718
713
self.dbus_object_path)
719
714
715
#Could possible return a bool(self._approvals_pending),
716
#but this could mess up approvals_pending += 1 XXX
720
717
def _get_approvals_pending(self):
721
718
return self._approvals_pending
722
719
def _set_approvals_pending(self, value):
862
859
pass
863
860
864
861
# GotSecret - signal
862
# XXXTEDDY Is sent after succesfull transfer of secret from mandos-server to mandos-client
865
863
@dbus.service.signal(_interface)
866
864
def GotSecret(self):
867
"""D-Bus signal
868
Is sent after a successful transfer of secret from the Mandos
869
server to mandos-client
870
"""
865
"D-Bus signal"
871
866
pass
872
867
873
868
# Rejected - signal
1236
1231
1237
1232
sent_size = 0
1238
1233
while sent_size < len(client.secret):
1239
try:
1240
sent = session.send(client.secret[sent_size:])
1241
except (gnutls.errors.GNUTLSError), error:
1242
logger.warning("gnutls send failed")
1243
return
1234
# XXX handle session exception
1235
sent = session.send(client.secret[sent_size:])
1244
1236
logger.debug(u"Sent: %d, remaining: %d",
1245
1237
sent, len(client.secret)
1246
1238
- (sent_size + sent))
1256
1248
finally:
1257
1249
if approval_required:
1258
1250
client.approvals_pending -= 1
1259
try:
1260
session.bye()
1261
except (gnutls.errors.GNUTLSError), error:
1262
logger.warning("gnutls bye failed")
1251
session.bye()
1263
1252
1264
1253
@staticmethod
1265
1254
def peer_certificate(session):
1474
1463
logger.debug(u"Handling IPC: FD = %d, condition = %s", source,
1475
1464
conditions_string)
1476
1465
1477
# error or the other end of multiprocessing.Pipe has closed
1478
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
1466
# XXXTEDDY error or the other end of multiprocessing.Pipe has closed
1467
if condition & gobject.IO_HUP or condition & gobject.IO_ERR:
1479
1468
return False
1480
1469
1481
1470
# Read a request from the child
1635
1624
parser.add_option("--debug", action=u"store_true",
1636
1625
help=u"Debug mode; run in foreground and log to"
1637
1626
u" terminal")
1638
parser.add_option("--debuglevel", type=u"string", metavar="Level",
1639
help=u"Debug level for stdout output")
1640
1627
parser.add_option("--priority", type=u"string", help=u"GnuTLS"
1641
1628
u" priority string (see GnuTLS documentation)")
1642
1629
parser.add_option("--servicename", type=u"string",
1667
1654
u"servicename": u"Mandos",
1668
1655
u"use_dbus": u"True",
1669
1656
u"use_ipv6": u"True",
1670
u"debuglevel": u"",
1671
1657
}
1672
1658
1673
1659
# Parse config file for server-global settings
1690
1676
# options, if set.
1691
1677
for option in (u"interface", u"address", u"port", u"debug",
1692
1678
u"priority", u"servicename", u"configdir",
1693
u"use_dbus", u"use_ipv6", u"debuglevel"):
1679
u"use_dbus", u"use_ipv6"):
1694
1680
value = getattr(options, option)
1695
1681
if value is not None:
1696
1682
server_settings[option] = value
1705
1691
1706
1692
# For convenience
1707
1693
debug = server_settings[u"debug"]
1708
debuglevel = server_settings[u"debuglevel"]
1709
1694
use_dbus = server_settings[u"use_dbus"]
1710
1695
use_ipv6 = server_settings[u"use_ipv6"]
1711
1696
1697
if not debug:
1698
syslogger.setLevel(logging.WARNING)
1699
console.setLevel(logging.WARNING)
1700
1712
1701
if server_settings[u"servicename"] != u"Mandos":
1713
1702
syslogger.setFormatter(logging.Formatter
1714
1703
(u'Mandos (%s) [%%(process)d]:'
1733
1722
tcp_server = MandosServer((server_settings[u"address"],
1734
1723
server_settings[u"port"]),
1735
1724
ClientHandler,
1736
interface=(server_settings[u"interface"]
1737
or None),
1725
interface=server_settings[u"interface"],
1738
1726
use_ipv6=use_ipv6,
1739
1727
gnutls_priority=
1740
1728
server_settings[u"priority"],
1767
1755
raise error
1768
1756
1769
1757
# Enable all possible GnuTLS debugging
1770
1771
1772
if not debug and not debuglevel:
1773
syslogger.setLevel(logging.WARNING)
1774
console.setLevel(logging.WARNING)
1775
if debuglevel:
1776
level = getattr(logging, debuglevel.upper())
1777
syslogger.setLevel(level)
1778
console.setLevel(level)
1779
1780
1758
if debug:
1781
1759
# "Use a log level over 10 to enable all debugging options."
1782
1760
# - GnuTLS manual
1788
1766
1789
1767
(gnutls.library.functions
1790
1768
.gnutls_global_set_log_function(debug_gnutls))
1791
1792
# Redirect stdin so all checkers get /dev/null
1793
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1794
os.dup2(null, sys.stdin.fileno())
1795
if null > 2:
1796
os.close(null)
1797
else:
1798
# No console logging
1799
logger.removeHandler(console)
1800
1801
1769
1802
1770
global main_loop
1803
1771
# From the Avahi example code
1822
1790
service.interface = (if_nametoindex
1823
1791
(str(server_settings[u"interface"])))
1824
1792
1825
if not debug:
1826
# Close all input and output, do double fork, etc.
1827
daemon()
1828
1829
1793
global multiprocessing_manager
1830
1794
multiprocessing_manager = multiprocessing.Manager()
1831
1795
1851
1815
for section in client_config.sections()))
1852
1816
if not tcp_server.clients:
1853
1817
logger.warning(u"No clients defined")
1854
1818
1819
if debug:
1820
# Redirect stdin so all checkers get /dev/null
1821
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1822
os.dup2(null, sys.stdin.fileno())
1823
if null > 2:
1824
os.close(null)
1825
else:
1826
# No console logging
1827
logger.removeHandler(console)
1828
# Close all input and output, do double fork, etc.
1829
daemon()
1830
1855
1831
try:
1856
1832
with pidfile:
1857
1833
pid = os.getpid()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0