To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 24.1.164
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.164
- Committer: Björn Påhlsson
- Date: 2010-09-12 18:23:40 UTC
- mfrom: (426 mandos)
- mto: (237.4.3 mandos-release)
- mto: This revision was merged to the branch mainline in revision 428.
- Revision ID: belorn@fukt.bsnet.se-20100912182340-09gzhdzd2a4zde5y
merge
added
removed
mandos
265
265
runtime with vars(self) as dict, so that for
266
266
instance %(name)s can be used in the command.
267
267
current_checker_command: string; current running checker_command
268
approved_delay: datetime.timedelta(); Time to wait for approval
268
approval_delay: datetime.timedelta(); Time to wait for approval
269
269
_approved: bool(); 'None' if not yet approved/disapproved
270
approved_duration: datetime.timedelta(); Duration of one approval
270
approval_duration: datetime.timedelta(); Duration of one approval
271
271
"""
272
272
273
273
@staticmethod
285
285
"Return the 'interval' attribute in milliseconds"
286
286
return self._timedelta_to_milliseconds(self.interval)
287
287
288
def approved_delay_milliseconds(self):
289
return self._timedelta_to_milliseconds(self.approved_delay)
288
def approval_delay_milliseconds(self):
289
return self._timedelta_to_milliseconds(self.approval_delay)
290
290
291
291
def __init__(self, name = None, disable_hook=None, config=None):
292
292
"""Note: the 'checker' key in 'config' sets the
331
331
self.approved_by_default = config.get(u"approved_by_default",
332
332
True)
333
333
self.approvals_pending = 0
334
self.approved_delay = string_to_delta(
335
config[u"approved_delay"])
336
self.approved_duration = string_to_delta(
337
config[u"approved_duration"])
334
self.approval_delay = string_to_delta(
335
config[u"approval_delay"])
336
self.approval_duration = string_to_delta(
337
config[u"approval_duration"])
338
338
self.changedstate = multiprocessing_manager.Condition(multiprocessing_manager.Lock())
339
339
340
340
def send_changedstate(self):
716
716
+ self.name.replace(u".", u"_")))
717
717
DBusObjectWithProperties.__init__(self, self.bus,
718
718
self.dbus_object_path)
719
719
720
720
def _get_approvals_pending(self):
721
721
return self._approvals_pending
722
722
def _set_approvals_pending(self, value):
726
726
if (hasattr(self, "dbus_object_path")
727
727
and bval is not bool(old_value)):
728
728
dbus_bool = dbus.Boolean(bval, variant_level=1)
729
self.PropertyChanged(dbus.String(u"approved_pending"),
729
self.PropertyChanged(dbus.String(u"ApprovalPending"),
730
730
dbus_bool)
731
731
732
732
approvals_pending = property(_get_approvals_pending,
744
744
r = Client.enable(self)
745
745
if oldstate != self.enabled:
746
746
# Emit D-Bus signals
747
self.PropertyChanged(dbus.String(u"enabled"),
747
self.PropertyChanged(dbus.String(u"Enabled"),
748
748
dbus.Boolean(True, variant_level=1))
749
749
self.PropertyChanged(
750
dbus.String(u"last_enabled"),
750
dbus.String(u"LastEnabled"),
751
751
self._datetime_to_dbus(self.last_enabled,
752
752
variant_level=1))
753
753
return r
757
757
r = Client.disable(self, quiet=quiet)
758
758
if not quiet and oldstate != self.enabled:
759
759
# Emit D-Bus signal
760
self.PropertyChanged(dbus.String(u"enabled"),
760
self.PropertyChanged(dbus.String(u"Enabled"),
761
761
dbus.Boolean(False, variant_level=1))
762
762
return r
763
763
775
775
self.checker_callback_tag = None
776
776
self.checker = None
777
777
# Emit D-Bus signal
778
self.PropertyChanged(dbus.String(u"checker_running"),
778
self.PropertyChanged(dbus.String(u"CheckerRunning"),
779
779
dbus.Boolean(False, variant_level=1))
780
780
if os.WIFEXITED(condition):
781
781
exitstatus = os.WEXITSTATUS(condition)
796
796
r = Client.checked_ok(self, *args, **kwargs)
797
797
# Emit D-Bus signal
798
798
self.PropertyChanged(
799
dbus.String(u"last_checked_ok"),
799
dbus.String(u"LastCheckedOK"),
800
800
(self._datetime_to_dbus(self.last_checked_ok,
801
801
variant_level=1)))
802
802
return r
814
814
# Emit D-Bus signal
815
815
self.CheckerStarted(self.current_checker_command)
816
816
self.PropertyChanged(
817
dbus.String(u"checker_running"),
817
dbus.String(u"CheckerRunning"),
818
818
dbus.Boolean(True, variant_level=1))
819
819
return r
820
820
823
823
r = Client.stop_checker(self, *args, **kwargs)
824
824
if (old_checker is not None
825
825
and getattr(self, u"checker", None) is None):
826
self.PropertyChanged(dbus.String(u"checker_running"),
826
self.PropertyChanged(dbus.String(u"CheckerRunning"),
827
827
dbus.Boolean(False, variant_level=1))
828
828
return r
829
829
834
834
def approve(self, value=True):
835
835
self.send_changedstate()
836
836
self._approved = value
837
gobject.timeout_add(self._timedelta_to_milliseconds(self.approved_duration),
837
gobject.timeout_add(self._timedelta_to_milliseconds
838
(self.approval_duration),
838
839
self._reset_approved)
839
840
840
841
877
878
pass
878
879
879
880
# NeedApproval - signal
880
@dbus.service.signal(_interface, signature=u"db")
881
@dbus.service.signal(_interface, signature=u"tb")
881
882
def NeedApproval(self, timeout, default):
882
883
"D-Bus signal"
883
884
pass
919
920
920
921
## Properties
921
922
922
# approved_pending - property
923
# ApprovalPending - property
923
924
@dbus_service_property(_interface, signature=u"b", access=u"read")
924
def approved_pending_dbus_property(self):
925
def ApprovalPending_dbus_property(self):
925
926
return dbus.Boolean(bool(self.approvals_pending))
926
927
927
# approved_by_default - property
928
# ApprovedByDefault - property
928
929
@dbus_service_property(_interface, signature=u"b",
929
930
access=u"readwrite")
930
def approved_by_default_dbus_property(self):
931
return dbus.Boolean(self.approved_by_default)
932
933
# approved_delay - property
934
@dbus_service_property(_interface, signature=u"t",
935
access=u"readwrite")
936
def approved_delay_dbus_property(self):
937
return dbus.UInt64(self.approved_delay_milliseconds())
938
939
# approved_duration - property
940
@dbus_service_property(_interface, signature=u"t",
941
access=u"readwrite")
942
def approved_duration_dbus_property(self):
943
return dbus.UInt64(self._timedelta_to_milliseconds(
944
self.approved_duration))
945
946
# name - property
931
def ApprovedByDefault_dbus_property(self, value=None):
932
if value is None: # get
933
return dbus.Boolean(self.approved_by_default)
934
self.approved_by_default = bool(value)
935
# Emit D-Bus signal
936
self.PropertyChanged(dbus.String(u"ApprovedByDefault"),
937
dbus.Boolean(value, variant_level=1))
938
939
# ApprovalDelay - property
940
@dbus_service_property(_interface, signature=u"t",
941
access=u"readwrite")
942
def ApprovalDelay_dbus_property(self, value=None):
943
if value is None: # get
944
return dbus.UInt64(self.approval_delay_milliseconds())
945
self.approval_delay = datetime.timedelta(0, 0, 0, value)
946
# Emit D-Bus signal
947
self.PropertyChanged(dbus.String(u"ApprovalDelay"),
948
dbus.UInt64(value, variant_level=1))
949
950
# ApprovalDuration - property
951
@dbus_service_property(_interface, signature=u"t",
952
access=u"readwrite")
953
def ApprovalDuration_dbus_property(self, value=None):
954
if value is None: # get
955
return dbus.UInt64(self._timedelta_to_milliseconds(
956
self.approval_duration))
957
self.approval_duration = datetime.timedelta(0, 0, 0, value)
958
# Emit D-Bus signal
959
self.PropertyChanged(dbus.String(u"ApprovalDuration"),
960
dbus.UInt64(value, variant_level=1))
961
962
# Name - property
947
963
@dbus_service_property(_interface, signature=u"s", access=u"read")
948
def name_dbus_property(self):
964
def Name_dbus_property(self):
949
965
return dbus.String(self.name)
950
966
951
# fingerprint - property
967
# Fingerprint - property
952
968
@dbus_service_property(_interface, signature=u"s", access=u"read")
953
def fingerprint_dbus_property(self):
969
def Fingerprint_dbus_property(self):
954
970
return dbus.String(self.fingerprint)
955
971
956
# host - property
972
# Host - property
957
973
@dbus_service_property(_interface, signature=u"s",
958
974
access=u"readwrite")
959
def host_dbus_property(self, value=None):
975
def Host_dbus_property(self, value=None):
960
976
if value is None: # get
961
977
return dbus.String(self.host)
962
978
self.host = value
963
979
# Emit D-Bus signal
964
self.PropertyChanged(dbus.String(u"host"),
980
self.PropertyChanged(dbus.String(u"Host"),
965
981
dbus.String(value, variant_level=1))
966
982
967
# created - property
983
# Created - property
968
984
@dbus_service_property(_interface, signature=u"s", access=u"read")
969
def created_dbus_property(self):
985
def Created_dbus_property(self):
970
986
return dbus.String(self._datetime_to_dbus(self.created))
971
987
972
# last_enabled - property
988
# LastEnabled - property
973
989
@dbus_service_property(_interface, signature=u"s", access=u"read")
974
def last_enabled_dbus_property(self):
990
def LastEnabled_dbus_property(self):
975
991
if self.last_enabled is None:
976
992
return dbus.String(u"")
977
993
return dbus.String(self._datetime_to_dbus(self.last_enabled))
978
994
979
# enabled - property
995
# Enabled - property
980
996
@dbus_service_property(_interface, signature=u"b",
981
997
access=u"readwrite")
982
def enabled_dbus_property(self, value=None):
998
def Enabled_dbus_property(self, value=None):
983
999
if value is None: # get
984
1000
return dbus.Boolean(self.enabled)
985
1001
if value:
987
1003
else:
988
1004
self.disable()
989
1005
990
# last_checked_ok - property
1006
# LastCheckedOK - property
991
1007
@dbus_service_property(_interface, signature=u"s",
992
1008
access=u"readwrite")
993
def last_checked_ok_dbus_property(self, value=None):
1009
def LastCheckedOK_dbus_property(self, value=None):
994
1010
if value is not None:
995
1011
self.checked_ok()
996
1012
return
999
1015
return dbus.String(self._datetime_to_dbus(self
1000
1016
.last_checked_ok))
1001
1017
1002
# timeout - property
1018
# Timeout - property
1003
1019
@dbus_service_property(_interface, signature=u"t",
1004
1020
access=u"readwrite")
1005
def timeout_dbus_property(self, value=None):
1021
def Timeout_dbus_property(self, value=None):
1006
1022
if value is None: # get
1007
1023
return dbus.UInt64(self.timeout_milliseconds())
1008
1024
self.timeout = datetime.timedelta(0, 0, 0, value)
1009
1025
# Emit D-Bus signal
1010
self.PropertyChanged(dbus.String(u"timeout"),
1026
self.PropertyChanged(dbus.String(u"Timeout"),
1011
1027
dbus.UInt64(value, variant_level=1))
1012
1028
if getattr(self, u"disable_initiator_tag", None) is None:
1013
1029
return
1027
1043
self.disable_initiator_tag = (gobject.timeout_add
1028
1044
(time_to_die, self.disable))
1029
1045
1030
# interval - property
1046
# Interval - property
1031
1047
@dbus_service_property(_interface, signature=u"t",
1032
1048
access=u"readwrite")
1033
def interval_dbus_property(self, value=None):
1049
def Interval_dbus_property(self, value=None):
1034
1050
if value is None: # get
1035
1051
return dbus.UInt64(self.interval_milliseconds())
1036
1052
self.interval = datetime.timedelta(0, 0, 0, value)
1037
1053
# Emit D-Bus signal
1038
self.PropertyChanged(dbus.String(u"interval"),
1054
self.PropertyChanged(dbus.String(u"Interval"),
1039
1055
dbus.UInt64(value, variant_level=1))
1040
1056
if getattr(self, u"checker_initiator_tag", None) is None:
1041
1057
return
1045
1061
(value, self.start_checker))
1046
1062
self.start_checker() # Start one now, too
1047
1063
1048
# checker - property
1064
# Checker - property
1049
1065
@dbus_service_property(_interface, signature=u"s",
1050
1066
access=u"readwrite")
1051
def checker_dbus_property(self, value=None):
1067
def Checker_dbus_property(self, value=None):
1052
1068
if value is None: # get
1053
1069
return dbus.String(self.checker_command)
1054
1070
self.checker_command = value
1055
1071
# Emit D-Bus signal
1056
self.PropertyChanged(dbus.String(u"checker"),
1072
self.PropertyChanged(dbus.String(u"Checker"),
1057
1073
dbus.String(self.checker_command,
1058
1074
variant_level=1))
1059
1075
1060
# checker_running - property
1076
# CheckerRunning - property
1061
1077
@dbus_service_property(_interface, signature=u"b",
1062
1078
access=u"readwrite")
1063
def checker_running_dbus_property(self, value=None):
1079
def CheckerRunning_dbus_property(self, value=None):
1064
1080
if value is None: # get
1065
1081
return dbus.Boolean(self.checker is not None)
1066
1082
if value:
1068
1084
else:
1069
1085
self.stop_checker()
1070
1086
1071
# object_path - property
1087
# ObjectPath - property
1072
1088
@dbus_service_property(_interface, signature=u"o", access=u"read")
1073
def object_path_dbus_property(self):
1089
def ObjectPath_dbus_property(self):
1074
1090
return self.dbus_object_path # is already a dbus.ObjectPath
1075
1091
1076
# secret = property
1092
# Secret = property
1077
1093
@dbus_service_property(_interface, signature=u"ay",
1078
1094
access=u"write", byte_arrays=True)
1079
def secret_dbus_property(self, value):
1095
def Secret_dbus_property(self, value):
1080
1096
self.secret = str(value)
1081
1097
1082
1098
del _interface
1180
1196
except KeyError:
1181
1197
return
1182
1198
1183
if client.approved_delay:
1184
delay = client.approved_delay
1199
if client.approval_delay:
1200
delay = client.approval_delay
1185
1201
client.approvals_pending += 1
1186
1202
approval_required = True
1187
1203
1194
1210
client.Rejected("Disabled")
1195
1211
return
1196
1212
1197
if client._approved or not client.approved_delay:
1213
if client._approved or not client.approval_delay:
1198
1214
#We are approved or approval is disabled
1199
1215
break
1200
1216
elif client._approved is None:
1201
logger.info(u"Client %s need approval",
1217
logger.info(u"Client %s needs approval",
1202
1218
client.name)
1203
1219
if self.server.use_dbus:
1204
1220
# Emit D-Bus signal
1205
1221
client.NeedApproval(
1206
client.approved_delay_milliseconds(),
1222
client.approval_delay_milliseconds(),
1207
1223
client.approved_by_default)
1208
1224
else:
1209
1225
logger.warning(u"Client %s was not approved",
1210
1226
client.name)
1211
1227
if self.server.use_dbus:
1212
1228
# Emit D-Bus signal
1213
client.Rejected("Disapproved")
1229
client.Rejected("Denied")
1214
1230
return
1215
1231
1216
1232
#wait until timeout or approved
1259
1275
try:
1260
1276
session.bye()
1261
1277
except (gnutls.errors.GNUTLSError), error:
1262
logger.warning("gnutls bye failed")
1278
logger.warning("GnuTLS bye failed")
1263
1279
1264
1280
@staticmethod
1265
1281
def peer_certificate(session):
1716
1732
u"interval": u"5m",
1717
1733
u"checker": u"fping -q -- %%(host)s",
1718
1734
u"host": u"",
1719
u"approved_delay": u"0s",
1720
u"approved_duration": u"1s",
1735
u"approval_delay": u"0s",
1736
u"approval_duration": u"1s",
1721
1737
}
1722
1738
client_config = configparser.SafeConfigParser(client_defaults)
1723
1739
client_config.read(os.path.join(server_settings[u"configdir"],
1762
1778
if error[0] != errno.EPERM:
1763
1779
raise error
1764
1780
1765
# Enable all possible GnuTLS debugging
1766
1767
1768
1781
if not debug and not debuglevel:
1769
1782
syslogger.setLevel(logging.WARNING)
1770
1783
console.setLevel(logging.WARNING)
1774
1787
console.setLevel(level)
1775
1788
1776
1789
if debug:
1790
# Enable all possible GnuTLS debugging
1791
1777
1792
# "Use a log level over 10 to enable all debugging options."
1778
1793
# - GnuTLS manual
1779
1794
gnutls.library.functions.gnutls_global_set_log_level(11)
1784
1799
1785
1800
(gnutls.library.functions
1786
1801
.gnutls_global_set_log_function(debug_gnutls))
1787
1802
1788
1803
# Redirect stdin so all checkers get /dev/null
1789
1804
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1790
1805
os.dup2(null, sys.stdin.fileno())
1793
1808
else:
1794
1809
# No console logging
1795
1810
logger.removeHandler(console)
1796
1811
1797
1812
1798
1813
global main_loop
1799
1814
# From the Avahi example code
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0