To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 24.1.163
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.163
- Committer: Björn Påhlsson
- Date: 2010-09-12 18:12:11 UTC
- mto: (237.4.3 mandos-release)
- mto: This revision was merged to the branch mainline in revision 428.
- Revision ID: belorn@fukt.bsnet.se-20100912181211-wvkt0sk37zhx7tws
mandos-client: Added never ending loop for --connect
mandos-ctl: Better option parsing.
mandos-ctl: Better option parsing.
added
removed
mandos
265
265
runtime with vars(self) as dict, so that for
266
266
instance %(name)s can be used in the command.
267
267
current_checker_command: string; current running checker_command
268
approval_delay: datetime.timedelta(); Time to wait for approval
268
approved_delay: datetime.timedelta(); Time to wait for approval
269
269
_approved: bool(); 'None' if not yet approved/disapproved
270
approval_duration: datetime.timedelta(); Duration of one approval
270
approved_duration: datetime.timedelta(); Duration of one approval
271
271
"""
272
272
273
273
@staticmethod
285
285
"Return the 'interval' attribute in milliseconds"
286
286
return self._timedelta_to_milliseconds(self.interval)
287
287
288
def approval_delay_milliseconds(self):
289
return self._timedelta_to_milliseconds(self.approval_delay)
288
def approved_delay_milliseconds(self):
289
return self._timedelta_to_milliseconds(self.approved_delay)
290
290
291
291
def __init__(self, name = None, disable_hook=None, config=None):
292
292
"""Note: the 'checker' key in 'config' sets the
331
331
self.approved_by_default = config.get(u"approved_by_default",
332
332
True)
333
333
self.approvals_pending = 0
334
self.approval_delay = string_to_delta(
335
config[u"approval_delay"])
336
self.approval_duration = string_to_delta(
337
config[u"approval_duration"])
334
self.approved_delay = string_to_delta(
335
config[u"approved_delay"])
336
self.approved_duration = string_to_delta(
337
config[u"approved_duration"])
338
338
self.changedstate = multiprocessing_manager.Condition(multiprocessing_manager.Lock())
339
339
340
340
def send_changedstate(self):
716
716
+ self.name.replace(u".", u"_")))
717
717
DBusObjectWithProperties.__init__(self, self.bus,
718
718
self.dbus_object_path)
719
719
720
720
def _get_approvals_pending(self):
721
721
return self._approvals_pending
722
722
def _set_approvals_pending(self, value):
726
726
if (hasattr(self, "dbus_object_path")
727
727
and bval is not bool(old_value)):
728
728
dbus_bool = dbus.Boolean(bval, variant_level=1)
729
self.PropertyChanged(dbus.String(u"ApprovalPending"),
729
self.PropertyChanged(dbus.String(u"approved_pending"),
730
730
dbus_bool)
731
731
732
732
approvals_pending = property(_get_approvals_pending,
744
744
r = Client.enable(self)
745
745
if oldstate != self.enabled:
746
746
# Emit D-Bus signals
747
self.PropertyChanged(dbus.String(u"Enabled"),
747
self.PropertyChanged(dbus.String(u"enabled"),
748
748
dbus.Boolean(True, variant_level=1))
749
749
self.PropertyChanged(
750
dbus.String(u"LastEnabled"),
750
dbus.String(u"last_enabled"),
751
751
self._datetime_to_dbus(self.last_enabled,
752
752
variant_level=1))
753
753
return r
757
757
r = Client.disable(self, quiet=quiet)
758
758
if not quiet and oldstate != self.enabled:
759
759
# Emit D-Bus signal
760
self.PropertyChanged(dbus.String(u"Enabled"),
760
self.PropertyChanged(dbus.String(u"enabled"),
761
761
dbus.Boolean(False, variant_level=1))
762
762
return r
763
763
775
775
self.checker_callback_tag = None
776
776
self.checker = None
777
777
# Emit D-Bus signal
778
self.PropertyChanged(dbus.String(u"CheckerRunning"),
778
self.PropertyChanged(dbus.String(u"checker_running"),
779
779
dbus.Boolean(False, variant_level=1))
780
780
if os.WIFEXITED(condition):
781
781
exitstatus = os.WEXITSTATUS(condition)
796
796
r = Client.checked_ok(self, *args, **kwargs)
797
797
# Emit D-Bus signal
798
798
self.PropertyChanged(
799
dbus.String(u"LastCheckedOK"),
799
dbus.String(u"last_checked_ok"),
800
800
(self._datetime_to_dbus(self.last_checked_ok,
801
801
variant_level=1)))
802
802
return r
814
814
# Emit D-Bus signal
815
815
self.CheckerStarted(self.current_checker_command)
816
816
self.PropertyChanged(
817
dbus.String(u"CheckerRunning"),
817
dbus.String(u"checker_running"),
818
818
dbus.Boolean(True, variant_level=1))
819
819
return r
820
820
823
823
r = Client.stop_checker(self, *args, **kwargs)
824
824
if (old_checker is not None
825
825
and getattr(self, u"checker", None) is None):
826
self.PropertyChanged(dbus.String(u"CheckerRunning"),
826
self.PropertyChanged(dbus.String(u"checker_running"),
827
827
dbus.Boolean(False, variant_level=1))
828
828
return r
829
829
834
834
def approve(self, value=True):
835
835
self.send_changedstate()
836
836
self._approved = value
837
gobject.timeout_add(self._timedelta_to_milliseconds
838
(self.approval_duration),
837
gobject.timeout_add(self._timedelta_to_milliseconds(self.approved_duration),
839
838
self._reset_approved)
840
839
841
840
878
877
pass
879
878
880
879
# NeedApproval - signal
881
@dbus.service.signal(_interface, signature=u"tb")
880
@dbus.service.signal(_interface, signature=u"db")
882
881
def NeedApproval(self, timeout, default):
883
882
"D-Bus signal"
884
883
pass
920
919
921
920
## Properties
922
921
923
# ApprovalPending - property
922
# approved_pending - property
924
923
@dbus_service_property(_interface, signature=u"b", access=u"read")
925
def ApprovalPending_dbus_property(self):
924
def approved_pending_dbus_property(self):
926
925
return dbus.Boolean(bool(self.approvals_pending))
927
926
928
# ApprovedByDefault - property
927
# approved_by_default - property
929
928
@dbus_service_property(_interface, signature=u"b",
930
929
access=u"readwrite")
931
def ApprovedByDefault_dbus_property(self, value=None):
932
if value is None: # get
933
return dbus.Boolean(self.approved_by_default)
934
self.approved_by_default = bool(value)
935
# Emit D-Bus signal
936
self.PropertyChanged(dbus.String(u"ApprovedByDefault"),
937
dbus.Boolean(value, variant_level=1))
938
939
# ApprovalDelay - property
940
@dbus_service_property(_interface, signature=u"t",
941
access=u"readwrite")
942
def ApprovalDelay_dbus_property(self, value=None):
943
if value is None: # get
944
return dbus.UInt64(self.approval_delay_milliseconds())
945
self.approval_delay = datetime.timedelta(0, 0, 0, value)
946
# Emit D-Bus signal
947
self.PropertyChanged(dbus.String(u"ApprovalDelay"),
948
dbus.UInt64(value, variant_level=1))
949
950
# ApprovalDuration - property
951
@dbus_service_property(_interface, signature=u"t",
952
access=u"readwrite")
953
def ApprovalDuration_dbus_property(self, value=None):
954
if value is None: # get
955
return dbus.UInt64(self._timedelta_to_milliseconds(
956
self.approval_duration))
957
self.approval_duration = datetime.timedelta(0, 0, 0, value)
958
# Emit D-Bus signal
959
self.PropertyChanged(dbus.String(u"ApprovalDuration"),
960
dbus.UInt64(value, variant_level=1))
961
962
# Name - property
930
def approved_by_default_dbus_property(self):
931
return dbus.Boolean(self.approved_by_default)
932
933
# approved_delay - property
934
@dbus_service_property(_interface, signature=u"t",
935
access=u"readwrite")
936
def approved_delay_dbus_property(self):
937
return dbus.UInt64(self.approved_delay_milliseconds())
938
939
# approved_duration - property
940
@dbus_service_property(_interface, signature=u"t",
941
access=u"readwrite")
942
def approved_duration_dbus_property(self):
943
return dbus.UInt64(self._timedelta_to_milliseconds(
944
self.approved_duration))
945
946
# name - property
963
947
@dbus_service_property(_interface, signature=u"s", access=u"read")
964
def Name_dbus_property(self):
948
def name_dbus_property(self):
965
949
return dbus.String(self.name)
966
950
967
# Fingerprint - property
951
# fingerprint - property
968
952
@dbus_service_property(_interface, signature=u"s", access=u"read")
969
def Fingerprint_dbus_property(self):
953
def fingerprint_dbus_property(self):
970
954
return dbus.String(self.fingerprint)
971
955
972
# Host - property
956
# host - property
973
957
@dbus_service_property(_interface, signature=u"s",
974
958
access=u"readwrite")
975
def Host_dbus_property(self, value=None):
959
def host_dbus_property(self, value=None):
976
960
if value is None: # get
977
961
return dbus.String(self.host)
978
962
self.host = value
979
963
# Emit D-Bus signal
980
self.PropertyChanged(dbus.String(u"Host"),
964
self.PropertyChanged(dbus.String(u"host"),
981
965
dbus.String(value, variant_level=1))
982
966
983
# Created - property
967
# created - property
984
968
@dbus_service_property(_interface, signature=u"s", access=u"read")
985
def Created_dbus_property(self):
969
def created_dbus_property(self):
986
970
return dbus.String(self._datetime_to_dbus(self.created))
987
971
988
# LastEnabled - property
972
# last_enabled - property
989
973
@dbus_service_property(_interface, signature=u"s", access=u"read")
990
def LastEnabled_dbus_property(self):
974
def last_enabled_dbus_property(self):
991
975
if self.last_enabled is None:
992
976
return dbus.String(u"")
993
977
return dbus.String(self._datetime_to_dbus(self.last_enabled))
994
978
995
# Enabled - property
979
# enabled - property
996
980
@dbus_service_property(_interface, signature=u"b",
997
981
access=u"readwrite")
998
def Enabled_dbus_property(self, value=None):
982
def enabled_dbus_property(self, value=None):
999
983
if value is None: # get
1000
984
return dbus.Boolean(self.enabled)
1001
985
if value:
1003
987
else:
1004
988
self.disable()
1005
989
1006
# LastCheckedOK - property
990
# last_checked_ok - property
1007
991
@dbus_service_property(_interface, signature=u"s",
1008
992
access=u"readwrite")
1009
def LastCheckedOK_dbus_property(self, value=None):
993
def last_checked_ok_dbus_property(self, value=None):
1010
994
if value is not None:
1011
995
self.checked_ok()
1012
996
return
1015
999
return dbus.String(self._datetime_to_dbus(self
1016
1000
.last_checked_ok))
1017
1001
1018
# Timeout - property
1002
# timeout - property
1019
1003
@dbus_service_property(_interface, signature=u"t",
1020
1004
access=u"readwrite")
1021
def Timeout_dbus_property(self, value=None):
1005
def timeout_dbus_property(self, value=None):
1022
1006
if value is None: # get
1023
1007
return dbus.UInt64(self.timeout_milliseconds())
1024
1008
self.timeout = datetime.timedelta(0, 0, 0, value)
1025
1009
# Emit D-Bus signal
1026
self.PropertyChanged(dbus.String(u"Timeout"),
1010
self.PropertyChanged(dbus.String(u"timeout"),
1027
1011
dbus.UInt64(value, variant_level=1))
1028
1012
if getattr(self, u"disable_initiator_tag", None) is None:
1029
1013
return
1043
1027
self.disable_initiator_tag = (gobject.timeout_add
1044
1028
(time_to_die, self.disable))
1045
1029
1046
# Interval - property
1030
# interval - property
1047
1031
@dbus_service_property(_interface, signature=u"t",
1048
1032
access=u"readwrite")
1049
def Interval_dbus_property(self, value=None):
1033
def interval_dbus_property(self, value=None):
1050
1034
if value is None: # get
1051
1035
return dbus.UInt64(self.interval_milliseconds())
1052
1036
self.interval = datetime.timedelta(0, 0, 0, value)
1053
1037
# Emit D-Bus signal
1054
self.PropertyChanged(dbus.String(u"Interval"),
1038
self.PropertyChanged(dbus.String(u"interval"),
1055
1039
dbus.UInt64(value, variant_level=1))
1056
1040
if getattr(self, u"checker_initiator_tag", None) is None:
1057
1041
return
1061
1045
(value, self.start_checker))
1062
1046
self.start_checker() # Start one now, too
1063
1047
1064
# Checker - property
1048
# checker - property
1065
1049
@dbus_service_property(_interface, signature=u"s",
1066
1050
access=u"readwrite")
1067
def Checker_dbus_property(self, value=None):
1051
def checker_dbus_property(self, value=None):
1068
1052
if value is None: # get
1069
1053
return dbus.String(self.checker_command)
1070
1054
self.checker_command = value
1071
1055
# Emit D-Bus signal
1072
self.PropertyChanged(dbus.String(u"Checker"),
1056
self.PropertyChanged(dbus.String(u"checker"),
1073
1057
dbus.String(self.checker_command,
1074
1058
variant_level=1))
1075
1059
1076
# CheckerRunning - property
1060
# checker_running - property
1077
1061
@dbus_service_property(_interface, signature=u"b",
1078
1062
access=u"readwrite")
1079
def CheckerRunning_dbus_property(self, value=None):
1063
def checker_running_dbus_property(self, value=None):
1080
1064
if value is None: # get
1081
1065
return dbus.Boolean(self.checker is not None)
1082
1066
if value:
1084
1068
else:
1085
1069
self.stop_checker()
1086
1070
1087
# ObjectPath - property
1071
# object_path - property
1088
1072
@dbus_service_property(_interface, signature=u"o", access=u"read")
1089
def ObjectPath_dbus_property(self):
1073
def object_path_dbus_property(self):
1090
1074
return self.dbus_object_path # is already a dbus.ObjectPath
1091
1075
1092
# Secret = property
1076
# secret = property
1093
1077
@dbus_service_property(_interface, signature=u"ay",
1094
1078
access=u"write", byte_arrays=True)
1095
def Secret_dbus_property(self, value):
1079
def secret_dbus_property(self, value):
1096
1080
self.secret = str(value)
1097
1081
1098
1082
del _interface
1196
1180
except KeyError:
1197
1181
return
1198
1182
1199
if client.approval_delay:
1200
delay = client.approval_delay
1183
if client.approved_delay:
1184
delay = client.approved_delay
1201
1185
client.approvals_pending += 1
1202
1186
approval_required = True
1203
1187
1210
1194
client.Rejected("Disabled")
1211
1195
return
1212
1196
1213
if client._approved or not client.approval_delay:
1197
if client._approved or not client.approved_delay:
1214
1198
#We are approved or approval is disabled
1215
1199
break
1216
1200
elif client._approved is None:
1217
logger.info(u"Client %s needs approval",
1201
logger.info(u"Client %s need approval",
1218
1202
client.name)
1219
1203
if self.server.use_dbus:
1220
1204
# Emit D-Bus signal
1221
1205
client.NeedApproval(
1222
client.approval_delay_milliseconds(),
1206
client.approved_delay_milliseconds(),
1223
1207
client.approved_by_default)
1224
1208
else:
1225
1209
logger.warning(u"Client %s was not approved",
1226
1210
client.name)
1227
1211
if self.server.use_dbus:
1228
1212
# Emit D-Bus signal
1229
client.Rejected("Denied")
1213
client.Rejected("Disapproved")
1230
1214
return
1231
1215
1232
1216
#wait until timeout or approved
1275
1259
try:
1276
1260
session.bye()
1277
1261
except (gnutls.errors.GNUTLSError), error:
1278
logger.warning("GnuTLS bye failed")
1262
logger.warning("gnutls bye failed")
1279
1263
1280
1264
@staticmethod
1281
1265
def peer_certificate(session):
1732
1716
u"interval": u"5m",
1733
1717
u"checker": u"fping -q -- %%(host)s",
1734
1718
u"host": u"",
1735
u"approval_delay": u"0s",
1736
u"approval_duration": u"1s",
1719
u"approved_delay": u"0s",
1720
u"approved_duration": u"1s",
1737
1721
}
1738
1722
client_config = configparser.SafeConfigParser(client_defaults)
1739
1723
client_config.read(os.path.join(server_settings[u"configdir"],
1778
1762
if error[0] != errno.EPERM:
1779
1763
raise error
1780
1764
1765
# Enable all possible GnuTLS debugging
1766
1767
1781
1768
if not debug and not debuglevel:
1782
1769
syslogger.setLevel(logging.WARNING)
1783
1770
console.setLevel(logging.WARNING)
1787
1774
console.setLevel(level)
1788
1775
1789
1776
if debug:
1790
# Enable all possible GnuTLS debugging
1791
1792
1777
# "Use a log level over 10 to enable all debugging options."
1793
1778
# - GnuTLS manual
1794
1779
gnutls.library.functions.gnutls_global_set_log_level(11)
1799
1784
1800
1785
(gnutls.library.functions
1801
1786
.gnutls_global_set_log_function(debug_gnutls))
1802
1787
1803
1788
# Redirect stdin so all checkers get /dev/null
1804
1789
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1805
1790
os.dup2(null, sys.stdin.fileno())
1808
1793
else:
1809
1794
# No console logging
1810
1795
logger.removeHandler(console)
1811
1796
1812
1797
1813
1798
global main_loop
1814
1799
# From the Avahi example code
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0