186
206
self.group.Commit()
187
207
def entry_group_state_changed(self, state, error):
188
208
"""Derived from the Avahi example code"""
189
logger.debug(u"Avahi state change: %i", state)
209
logger.debug("Avahi entry group state change: %i", state)
191
211
if state == avahi.ENTRY_GROUP_ESTABLISHED:
192
logger.debug(u"Zeroconf service established.")
212
logger.debug("Zeroconf service established.")
193
213
elif state == avahi.ENTRY_GROUP_COLLISION:
194
logger.warning(u"Zeroconf service name collision.")
214
logger.info("Zeroconf service name collision.")
196
216
elif state == avahi.ENTRY_GROUP_FAILURE:
197
logger.critical(u"Avahi: Error in group state changed %s",
217
logger.critical("Avahi: Error in group state changed %s",
199
raise AvahiGroupError(u"State changed: %s"
219
raise AvahiGroupError("State changed: %s"
200
220
% unicode(error))
201
221
def cleanup(self):
202
222
"""Derived from the Avahi example code"""
203
223
if self.group is not None:
226
except (dbus.exceptions.UnknownMethodException,
227
dbus.exceptions.DBusException) as e:
205
229
self.group = None
206
def server_state_changed(self, state):
231
def server_state_changed(self, state, error=None):
207
232
"""Derived from the Avahi example code"""
208
if state == avahi.SERVER_COLLISION:
209
logger.error(u"Zeroconf server name collision")
233
logger.debug("Avahi server state change: %i", state)
234
bad_states = { avahi.SERVER_INVALID:
235
"Zeroconf server invalid",
236
avahi.SERVER_REGISTERING: None,
237
avahi.SERVER_COLLISION:
238
"Zeroconf server name collision",
239
avahi.SERVER_FAILURE:
240
"Zeroconf server failure" }
241
if state in bad_states:
242
if bad_states[state] is not None:
244
logger.error(bad_states[state])
246
logger.error(bad_states[state] + ": %r", error)
211
248
elif state == avahi.SERVER_RUNNING:
252
logger.debug("Unknown state: %r", state)
254
logger.debug("Unknown state: %r: %r", state, error)
213
255
def activate(self):
214
256
"""Derived from the Avahi example code"""
215
257
if self.server is None:
216
258
self.server = dbus.Interface(
217
bus.get_object(avahi.DBUS_NAME,
218
avahi.DBUS_PATH_SERVER),
259
self.bus.get_object(avahi.DBUS_NAME,
260
avahi.DBUS_PATH_SERVER,
261
follow_name_owner_changes=True),
219
262
avahi.DBUS_INTERFACE_SERVER)
220
self.server.connect_to_signal(u"StateChanged",
263
self.server.connect_to_signal("StateChanged",
221
264
self.server_state_changed)
222
265
self.server_state_changed(self.server.GetState())
268
def _timedelta_to_milliseconds(td):
269
"Convert a datetime.timedelta() to milliseconds"
270
return ((td.days * 24 * 60 * 60 * 1000)
271
+ (td.seconds * 1000)
272
+ (td.microseconds // 1000))
225
274
class Client(object):
226
275
"""A representation of a client host served by this server.
229
name: string; from the config file, used in log messages and
231
fingerprint: string (40 or 32 hexadecimal digits); used to
232
uniquely identify the client
233
secret: bytestring; sent verbatim (over TLS) to client
234
host: string; available for use by the checker command
235
created: datetime.datetime(); (UTC) object creation
236
last_enabled: datetime.datetime(); (UTC)
238
last_checked_ok: datetime.datetime(); (UTC) or None
239
timeout: datetime.timedelta(); How long from last_checked_ok
240
until this client is invalid
241
interval: datetime.timedelta(); How often to start a new checker
242
disable_hook: If set, called by disable() as disable_hook(self)
278
_approved: bool(); 'None' if not yet approved/disapproved
279
approval_delay: datetime.timedelta(); Time to wait for approval
280
approval_duration: datetime.timedelta(); Duration of one approval
243
281
checker: subprocess.Popen(); a running checker process used
244
282
to see if the client lives.
245
283
'None' if no process is running.
246
checker_initiator_tag: a gobject event source tag, or None
247
disable_initiator_tag: - '' -
248
checker_callback_tag: - '' -
249
checker_command: string; External command which is run to check if
250
client lives. %() expansions are done at
284
checker_callback_tag: a gobject event source tag, or None
285
checker_command: string; External command which is run to check
286
if client lives. %() expansions are done at
251
287
runtime with vars(self) as dict, so that for
252
288
instance %(name)s can be used in the command.
289
checker_initiator_tag: a gobject event source tag, or None
290
created: datetime.datetime(); (UTC) object creation
253
291
current_checker_command: string; current running checker_command
292
disable_hook: If set, called by disable() as disable_hook(self)
293
disable_initiator_tag: a gobject event source tag, or None
295
fingerprint: string (40 or 32 hexadecimal digits); used to
296
uniquely identify the client
297
host: string; available for use by the checker command
298
interval: datetime.timedelta(); How often to start a new checker
299
last_approval_request: datetime.datetime(); (UTC) or None
300
last_checked_ok: datetime.datetime(); (UTC) or None
301
last_enabled: datetime.datetime(); (UTC)
302
name: string; from the config file, used in log messages and
304
secret: bytestring; sent verbatim (over TLS) to client
305
timeout: datetime.timedelta(); How long from last_checked_ok
306
until this client is disabled
307
extended_timeout: extra long timeout when password has been sent
308
runtime_expansions: Allowed attributes for runtime expansion.
309
expires: datetime.datetime(); time (UTC) when a client will be
257
def _datetime_to_milliseconds(dt):
258
"Convert a datetime.datetime() to milliseconds"
259
return ((dt.days * 24 * 60 * 60 * 1000)
260
+ (dt.seconds * 1000)
261
+ (dt.microseconds // 1000))
313
runtime_expansions = ("approval_delay", "approval_duration",
314
"created", "enabled", "fingerprint",
315
"host", "interval", "last_checked_ok",
316
"last_enabled", "name", "timeout")
263
318
def timeout_milliseconds(self):
264
319
"Return the 'timeout' attribute in milliseconds"
265
return self._datetime_to_milliseconds(self.timeout)
320
return _timedelta_to_milliseconds(self.timeout)
322
def extended_timeout_milliseconds(self):
323
"Return the 'extended_timeout' attribute in milliseconds"
324
return _timedelta_to_milliseconds(self.extended_timeout)
267
326
def interval_milliseconds(self):
268
327
"Return the 'interval' attribute in milliseconds"
269
return self._datetime_to_milliseconds(self.interval)
328
return _timedelta_to_milliseconds(self.interval)
330
def approval_delay_milliseconds(self):
331
return _timedelta_to_milliseconds(self.approval_delay)
271
333
def __init__(self, name = None, disable_hook=None, config=None):
272
334
"""Note: the 'checker' key in 'config' sets the
276
338
if config is None:
278
logger.debug(u"Creating client %r", self.name)
340
logger.debug("Creating client %r", self.name)
279
341
# Uppercase and remove spaces from fingerprint for later
280
342
# comparison purposes with return value from the fingerprint()
282
self.fingerprint = (config[u"fingerprint"].upper()
284
logger.debug(u" Fingerprint: %s", self.fingerprint)
285
if u"secret" in config:
286
self.secret = config[u"secret"].decode(u"base64")
287
elif u"secfile" in config:
288
with closing(open(os.path.expanduser
290
(config[u"secfile"])))) as secfile:
344
self.fingerprint = (config["fingerprint"].upper()
346
logger.debug(" Fingerprint: %s", self.fingerprint)
347
if "secret" in config:
348
self.secret = config["secret"].decode("base64")
349
elif "secfile" in config:
350
with open(os.path.expanduser(os.path.expandvars
351
(config["secfile"])),
291
353
self.secret = secfile.read()
293
raise TypeError(u"No secret or secfile for client %s"
355
raise TypeError("No secret or secfile for client %s"
295
self.host = config.get(u"host", u"")
357
self.host = config.get("host", "")
296
358
self.created = datetime.datetime.utcnow()
297
359
self.enabled = False
360
self.last_approval_request = None
298
361
self.last_enabled = None
299
362
self.last_checked_ok = None
300
self.timeout = string_to_delta(config[u"timeout"])
301
self.interval = string_to_delta(config[u"interval"])
363
self.timeout = string_to_delta(config["timeout"])
364
self.extended_timeout = string_to_delta(config["extended_timeout"])
365
self.interval = string_to_delta(config["interval"])
302
366
self.disable_hook = disable_hook
303
367
self.checker = None
304
368
self.checker_initiator_tag = None
305
369
self.disable_initiator_tag = None
306
371
self.checker_callback_tag = None
307
self.checker_command = config[u"checker"]
372
self.checker_command = config["checker"]
308
373
self.current_checker_command = None
309
374
self.last_connect = None
375
self._approved = None
376
self.approved_by_default = config.get("approved_by_default",
378
self.approvals_pending = 0
379
self.approval_delay = string_to_delta(
380
config["approval_delay"])
381
self.approval_duration = string_to_delta(
382
config["approval_duration"])
383
self.changedstate = multiprocessing_manager.Condition(multiprocessing_manager.Lock())
385
def send_changedstate(self):
386
self.changedstate.acquire()
387
self.changedstate.notify_all()
388
self.changedstate.release()
311
390
def enable(self):
312
391
"""Start this client's checker and timeout hooks"""
313
self.last_enabled = datetime.datetime.utcnow()
392
if getattr(self, "enabled", False):
395
self.send_changedstate()
314
396
# Schedule a new checker to be started an 'interval' from now,
315
397
# and every interval from then on.
316
398
self.checker_initiator_tag = (gobject.timeout_add
317
399
(self.interval_milliseconds(),
318
400
self.start_checker))
319
# Also start a new checker *right now*.
321
401
# Schedule a disable() when 'timeout' has passed
402
self.expires = datetime.datetime.utcnow() + self.timeout
322
403
self.disable_initiator_tag = (gobject.timeout_add
323
404
(self.timeout_milliseconds(),
325
406
self.enabled = True
407
self.last_enabled = datetime.datetime.utcnow()
408
# Also start a new checker *right now*.
411
def disable(self, quiet=True):
328
412
"""Disable this client."""
329
413
if not getattr(self, "enabled", False):
331
logger.info(u"Disabling client %s", self.name)
332
if getattr(self, u"disable_initiator_tag", False):
416
self.send_changedstate()
418
logger.info("Disabling client %s", self.name)
419
if getattr(self, "disable_initiator_tag", False):
333
420
gobject.source_remove(self.disable_initiator_tag)
334
421
self.disable_initiator_tag = None
335
if getattr(self, u"checker_initiator_tag", False):
423
if getattr(self, "checker_initiator_tag", False):
336
424
gobject.source_remove(self.checker_initiator_tag)
337
425
self.checker_initiator_tag = None
338
426
self.stop_checker()
448
549
if self.checker_callback_tag:
449
550
gobject.source_remove(self.checker_callback_tag)
450
551
self.checker_callback_tag = None
451
if getattr(self, u"checker", None) is None:
552
if getattr(self, "checker", None) is None:
453
logger.debug(u"Stopping checker for %(name)s", vars(self))
554
logger.debug("Stopping checker for %(name)s", vars(self))
455
556
os.kill(self.checker.pid, signal.SIGTERM)
457
558
#if self.checker.poll() is None:
458
559
# os.kill(self.checker.pid, signal.SIGKILL)
459
except OSError, error:
560
except OSError as error:
460
561
if error.errno != errno.ESRCH: # No such process
462
563
self.checker = None
464
def still_valid(self):
465
"""Has the timeout not yet passed for this client?"""
466
if not getattr(self, u"enabled", False):
468
now = datetime.datetime.utcnow()
469
if self.last_checked_ok is None:
470
return now < (self.created + self.timeout)
472
return now < (self.last_checked_ok + self.timeout)
475
class ClientDBus(Client, dbus.service.Object):
566
def dbus_service_property(dbus_interface, signature="v",
567
access="readwrite", byte_arrays=False):
568
"""Decorators for marking methods of a DBusObjectWithProperties to
569
become properties on the D-Bus.
571
The decorated method will be called with no arguments by "Get"
572
and with one argument by "Set".
574
The parameters, where they are supported, are the same as
575
dbus.service.method, except there is only "signature", since the
576
type from Get() and the type sent to Set() is the same.
578
# Encoding deeply encoded byte arrays is not supported yet by the
579
# "Set" method, so we fail early here:
580
if byte_arrays and signature != "ay":
581
raise ValueError("Byte arrays not supported for non-'ay'"
582
" signature %r" % signature)
584
func._dbus_is_property = True
585
func._dbus_interface = dbus_interface
586
func._dbus_signature = signature
587
func._dbus_access = access
588
func._dbus_name = func.__name__
589
if func._dbus_name.endswith("_dbus_property"):
590
func._dbus_name = func._dbus_name[:-14]
591
func._dbus_get_args_options = {'byte_arrays': byte_arrays }
596
class DBusPropertyException(dbus.exceptions.DBusException):
597
"""A base class for D-Bus property-related exceptions
599
def __unicode__(self):
600
return unicode(str(self))
603
class DBusPropertyAccessException(DBusPropertyException):
604
"""A property's access permissions disallows an operation.
609
class DBusPropertyNotFound(DBusPropertyException):
610
"""An attempt was made to access a non-existing property.
615
class DBusObjectWithProperties(dbus.service.Object):
616
"""A D-Bus object with properties.
618
Classes inheriting from this can use the dbus_service_property
619
decorator to expose methods as D-Bus properties. It exposes the
620
standard Get(), Set(), and GetAll() methods on the D-Bus.
624
def _is_dbus_property(obj):
625
return getattr(obj, "_dbus_is_property", False)
627
def _get_all_dbus_properties(self):
628
"""Returns a generator of (name, attribute) pairs
630
return ((prop._dbus_name, prop)
632
inspect.getmembers(self, self._is_dbus_property))
634
# def _get_dbus_property(self, interface_name, property_name):
635
# """Returns a bound method if one exists which is a D-Bus
636
# property with the specified name and interface.
638
# print("get_property({0!r}, {1!r}".format(interface_name, property_name),file=sys.stderr)
639
# print(dir(self), sys.stderr)
640
# for name in (property_name,
641
# property_name + "_dbus_property"):
642
# prop = getattr(self, name, None)
644
# or not self._is_dbus_property(prop)
645
# or prop._dbus_name != property_name
646
# or (interface_name and prop._dbus_interface
647
# and interface_name != prop._dbus_interface)):
651
# raise DBusPropertyNotFound(self.dbus_object_path + ":"
652
# + interface_name + "."
655
def _get_dbus_property(self, interface_name, property_name):
656
"""Returns a bound method if one exists which is a D-Bus
657
property with the specified name and interface.
659
for name, value in inspect.getmembers(self, self._is_dbus_property):
660
if value._dbus_name == property_name and value._dbus_interface == interface_name:
664
raise DBusPropertyNotFound(self.dbus_object_path + ":"
665
+ interface_name + "."
669
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
671
def Get(self, interface_name, property_name):
672
"""Standard D-Bus property Get() method, see D-Bus standard.
674
prop = self._get_dbus_property(interface_name, property_name)
675
if prop._dbus_access == "write":
676
raise DBusPropertyAccessException(property_name)
678
if not hasattr(value, "variant_level"):
680
return type(value)(value, variant_level=value.variant_level+1)
682
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ssv")
683
def Set(self, interface_name, property_name, value):
684
"""Standard D-Bus property Set() method, see D-Bus standard.
686
prop = self._get_dbus_property(interface_name, property_name)
687
if prop._dbus_access == "read":
688
raise DBusPropertyAccessException(property_name)
689
if prop._dbus_get_args_options["byte_arrays"]:
690
# The byte_arrays option is not supported yet on
691
# signatures other than "ay".
692
if prop._dbus_signature != "ay":
694
value = dbus.ByteArray(''.join(unichr(byte)
698
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
699
out_signature="a{sv}")
700
def GetAll(self, interface_name):
701
"""Standard D-Bus property GetAll() method, see D-Bus
704
Note: Will not include properties with access="write".
707
for name, prop in self._get_all_dbus_properties():
709
and interface_name != prop._dbus_interface):
710
# Interface non-empty but did not match
712
# Ignore write-only properties
713
if prop._dbus_access == "write":
716
if not hasattr(value, "variant_level"):
719
all[name] = type(value)(value, variant_level=
720
value.variant_level+1)
721
return dbus.Dictionary(all, signature="sv")
723
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
725
path_keyword='object_path',
726
connection_keyword='connection')
727
def Introspect(self, object_path, connection):
728
"""Standard D-Bus method, overloaded to insert property tags.
730
xmlstring = dbus.service.Object.Introspect(self, object_path,
733
document = xml.dom.minidom.parseString(xmlstring)
734
def make_tag(document, name, prop):
735
e = document.createElement("property")
736
e.setAttribute("name", name)
737
e.setAttribute("type", prop._dbus_signature)
738
e.setAttribute("access", prop._dbus_access)
740
for if_tag in document.getElementsByTagName("interface"):
741
for tag in (make_tag(document, name, prop)
743
in self._get_all_dbus_properties()
744
if prop._dbus_interface
745
== if_tag.getAttribute("name")):
746
if_tag.appendChild(tag)
747
# Add the names to the return values for the
748
# "org.freedesktop.DBus.Properties" methods
749
if (if_tag.getAttribute("name")
750
== "org.freedesktop.DBus.Properties"):
751
for cn in if_tag.getElementsByTagName("method"):
752
if cn.getAttribute("name") == "Get":
753
for arg in cn.getElementsByTagName("arg"):
754
if (arg.getAttribute("direction")
756
arg.setAttribute("name", "value")
757
elif cn.getAttribute("name") == "GetAll":
758
for arg in cn.getElementsByTagName("arg"):
759
if (arg.getAttribute("direction")
761
arg.setAttribute("name", "props")
762
xmlstring = document.toxml("utf-8")
764
except (AttributeError, xml.dom.DOMException,
765
xml.parsers.expat.ExpatError) as error:
766
logger.error("Failed to override Introspection method",
771
def datetime_to_dbus (dt, variant_level=0):
772
"""Convert a UTC datetime.datetime() to a D-Bus type."""
774
return dbus.String("", variant_level = variant_level)
775
return dbus.String(dt.isoformat(),
776
variant_level=variant_level)
778
class transitional_clientdbus(DBusObjectWithProperties.__metaclass__):
779
def __new__(mcs, name, bases, attr):
780
for key, old_dbusobj in attr.items():
781
new_interface = getattr(old_dbusobj, "_dbus_interface", "").replace("se.bsnet.fukt.", "se.recompile.")
782
if getattr(old_dbusobj, "_dbus_is_signal", False):
783
unwrappedfunc = dict(zip(old_dbusobj.func_code.co_freevars,
784
old_dbusobj.__closure__))["func"].cell_contents
785
newfunc = types.FunctionType(unwrappedfunc.func_code,
786
unwrappedfunc.func_globals,
787
unwrappedfunc.func_name,
788
unwrappedfunc.func_defaults,
789
unwrappedfunc.func_closure)
790
new_dbusfunc = dbus.service.signal(
791
new_interface, old_dbusobj._dbus_signature)(newfunc)
792
attr["_transitional_{0}_1".format(key)] = new_dbusfunc
793
attr["_transitional_{0}_0".format(key)] = old_dbusobj
794
def fixscope(func1, func2):
795
def newcall(*args, **kwargs):
796
func1(*args, **kwargs)
797
func2(*args, **kwargs)
800
attr[key] = fixscope(
801
old_dbusobj, attr["_transitional_{0}_1".format(key)])
803
if getattr(old_dbusobj, "_dbus_is_method", False):
804
new_dbusfunc = (dbus.service.method
806
old_dbusobj._dbus_in_signature,
807
old_dbusobj._dbus_out_signature)
809
(old_dbusobj.func_code,
810
old_dbusobj.func_globals,
811
old_dbusobj.func_name,
812
old_dbusobj.func_defaults,
813
old_dbusobj.func_closure)))
815
attr["_transitional_{0}".format(key)] = new_dbusfunc
816
if getattr(old_dbusobj, "_dbus_is_property", False):
817
new_dbusfunc = (dbus_service_property
819
old_dbusobj._dbus_signature,
820
old_dbusobj._dbus_access,
821
old_dbusobj._dbus_get_args_options["byte_arrays"])
823
(old_dbusobj.func_code,
824
old_dbusobj.func_globals,
825
old_dbusobj.func_name,
826
old_dbusobj.func_defaults,
827
old_dbusobj.func_closure)))
829
attr["_transitional_{0}".format(key)] = new_dbusfunc
830
return type.__new__(mcs, name, bases, attr)
832
class ClientDBus(Client, DBusObjectWithProperties):
476
833
"""A Client class using D-Bus
479
dbus_object_path: dbus.ObjectPath ; only set if self.use_dbus
836
dbus_object_path: dbus.ObjectPath
837
bus: dbus.SystemBus()
840
runtime_expansions = (Client.runtime_expansions
841
+ ("dbus_object_path",))
843
__metaclass__ = transitional_clientdbus
481
845
# dbus.service.Object doesn't use super(), so we can't either.
483
def __init__(self, *args, **kwargs):
847
def __init__(self, bus = None, *args, **kwargs):
848
self._approvals_pending = 0
484
850
Client.__init__(self, *args, **kwargs)
485
851
# Only now, when this client is initialized, can it show up on
853
client_object_name = unicode(self.name).translate(
487
856
self.dbus_object_path = (dbus.ObjectPath
489
+ self.name.replace(u".", u"_")))
490
dbus.service.Object.__init__(self, bus,
491
self.dbus_object_path)
494
def _datetime_to_dbus(dt, variant_level=0):
495
"""Convert a UTC datetime.datetime() to a D-Bus type."""
496
return dbus.String(dt.isoformat(),
497
variant_level=variant_level)
500
oldstate = getattr(self, u"enabled", False)
501
r = Client.enable(self)
502
if oldstate != self.enabled:
504
self.PropertyChanged(dbus.String(u"enabled"),
505
dbus.Boolean(True, variant_level=1))
506
self.PropertyChanged(
507
dbus.String(u"last_enabled"),
508
self._datetime_to_dbus(self.last_enabled,
512
def disable(self, signal = True):
513
oldstate = getattr(self, u"enabled", False)
514
r = Client.disable(self)
515
if signal and oldstate != self.enabled:
517
self.PropertyChanged(dbus.String(u"enabled"),
518
dbus.Boolean(False, variant_level=1))
857
("/clients/" + client_object_name))
858
DBusObjectWithProperties.__init__(self, self.bus,
859
self.dbus_object_path)
861
def notifychangeproperty(transform_func,
862
dbus_name, type_func=lambda x: x,
864
""" Modify a variable so that its a property that announce its
866
transform_fun: Function that takes a value and transform it to
868
dbus_name: DBus name of the variable
869
type_func: Function that transform the value before sending it
871
variant_level: DBus variant level. default: 1
874
def setter(self, value):
875
old_value = real_value[0]
876
real_value[0] = value
877
if hasattr(self, "dbus_object_path"):
878
if type_func(old_value) != type_func(real_value[0]):
879
dbus_value = transform_func(type_func(real_value[0]),
881
self.PropertyChanged(dbus.String(dbus_name),
884
return property(lambda self: real_value[0], setter)
887
expires = notifychangeproperty(datetime_to_dbus, "Expires")
888
approvals_pending = notifychangeproperty(dbus.Boolean,
891
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
892
last_enabled = notifychangeproperty(datetime_to_dbus,
894
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
895
type_func = lambda checker: checker is not None)
896
last_checked_ok = notifychangeproperty(datetime_to_dbus,
898
last_approval_request = notifychangeproperty(datetime_to_dbus,
899
"LastApprovalRequest")
900
approved_by_default = notifychangeproperty(dbus.Boolean,
902
approval_delay = notifychangeproperty(dbus.UInt16, "ApprovalDelay",
903
type_func = _timedelta_to_milliseconds)
904
approval_duration = notifychangeproperty(dbus.UInt16, "ApprovalDuration",
905
type_func = _timedelta_to_milliseconds)
906
host = notifychangeproperty(dbus.String, "Host")
907
timeout = notifychangeproperty(dbus.UInt16, "Timeout",
908
type_func = _timedelta_to_milliseconds)
909
extended_timeout = notifychangeproperty(dbus.UInt16, "ExtendedTimeout",
910
type_func = _timedelta_to_milliseconds)
911
interval = notifychangeproperty(dbus.UInt16, "Interval",
912
type_func = _timedelta_to_milliseconds)
913
checker_command = notifychangeproperty(dbus.String, "Checker")
915
del notifychangeproperty
521
917
def __del__(self, *args, **kwargs):
523
919
self.remove_from_connection()
524
920
except LookupError:
526
if hasattr(dbus.service.Object, u"__del__"):
527
dbus.service.Object.__del__(self, *args, **kwargs)
922
if hasattr(DBusObjectWithProperties, "__del__"):
923
DBusObjectWithProperties.__del__(self, *args, **kwargs)
528
924
Client.__del__(self, *args, **kwargs)
530
926
def checker_callback(self, pid, condition, command,
531
927
*args, **kwargs):
532
928
self.checker_callback_tag = None
533
929
self.checker = None
535
self.PropertyChanged(dbus.String(u"checker_running"),
536
dbus.Boolean(False, variant_level=1))
537
930
if os.WIFEXITED(condition):
538
931
exitstatus = os.WEXITSTATUS(condition)
539
932
# Emit D-Bus signal
570
954
and old_checker_pid != self.checker.pid):
571
955
# Emit D-Bus signal
572
956
self.CheckerStarted(self.current_checker_command)
573
self.PropertyChanged(
574
dbus.String(u"checker_running"),
575
dbus.Boolean(True, variant_level=1))
578
def stop_checker(self, *args, **kwargs):
579
old_checker = getattr(self, u"checker", None)
580
r = Client.stop_checker(self, *args, **kwargs)
581
if (old_checker is not None
582
and getattr(self, u"checker", None) is None):
583
self.PropertyChanged(dbus.String(u"checker_running"),
584
dbus.Boolean(False, variant_level=1))
587
## D-Bus methods & signals
588
_interface = u"se.bsnet.fukt.Mandos.Client"
591
@dbus.service.method(_interface)
593
return self.checked_ok()
959
def _reset_approved(self):
960
self._approved = None
963
def approve(self, value=True):
964
self.send_changedstate()
965
self._approved = value
966
gobject.timeout_add(_timedelta_to_milliseconds
967
(self.approval_duration),
968
self._reset_approved)
971
## D-Bus methods, signals & properties
972
_interface = "se.bsnet.fukt.Mandos.Client"
595
976
# CheckerCompleted - signal
596
@dbus.service.signal(_interface, signature=u"nxs")
977
@dbus.service.signal(_interface, signature="nxs")
597
978
def CheckerCompleted(self, exitcode, waitstatus, command):
601
982
# CheckerStarted - signal
602
@dbus.service.signal(_interface, signature=u"s")
983
@dbus.service.signal(_interface, signature="s")
603
984
def CheckerStarted(self, command):
607
# GetAllProperties - method
608
@dbus.service.method(_interface, out_signature=u"a{sv}")
609
def GetAllProperties(self):
611
return dbus.Dictionary({
612
dbus.String(u"name"):
613
dbus.String(self.name, variant_level=1),
614
dbus.String(u"fingerprint"):
615
dbus.String(self.fingerprint, variant_level=1),
616
dbus.String(u"host"):
617
dbus.String(self.host, variant_level=1),
618
dbus.String(u"created"):
619
self._datetime_to_dbus(self.created,
621
dbus.String(u"last_enabled"):
622
(self._datetime_to_dbus(self.last_enabled,
624
if self.last_enabled is not None
625
else dbus.Boolean(False, variant_level=1)),
626
dbus.String(u"enabled"):
627
dbus.Boolean(self.enabled, variant_level=1),
628
dbus.String(u"last_checked_ok"):
629
(self._datetime_to_dbus(self.last_checked_ok,
631
if self.last_checked_ok is not None
632
else dbus.Boolean (False, variant_level=1)),
633
dbus.String(u"timeout"):
634
dbus.UInt64(self.timeout_milliseconds(),
636
dbus.String(u"interval"):
637
dbus.UInt64(self.interval_milliseconds(),
639
dbus.String(u"checker"):
640
dbus.String(self.checker_command,
642
dbus.String(u"checker_running"):
643
dbus.Boolean(self.checker is not None,
645
dbus.String(u"object_path"):
646
dbus.ObjectPath(self.dbus_object_path,
650
# IsStillValid - method
651
@dbus.service.method(_interface, out_signature=u"b")
652
def IsStillValid(self):
653
return self.still_valid()
655
988
# PropertyChanged - signal
656
@dbus.service.signal(_interface, signature=u"sv")
989
@dbus.service.signal(_interface, signature="sv")
657
990
def PropertyChanged(self, property, value):
661
# ReceivedSecret - signal
662
995
@dbus.service.signal(_interface)
663
def ReceivedSecret(self):
998
Is sent after a successful transfer of secret from the Mandos
999
server to mandos-client
667
1003
# Rejected - signal
668
@dbus.service.signal(_interface)
1004
@dbus.service.signal(_interface, signature="s")
1005
def Rejected(self, reason):
673
# SetChecker - method
674
@dbus.service.method(_interface, in_signature=u"s")
675
def SetChecker(self, checker):
676
"D-Bus setter method"
677
self.checker_command = checker
679
self.PropertyChanged(dbus.String(u"checker"),
680
dbus.String(self.checker_command,
684
@dbus.service.method(_interface, in_signature=u"s")
685
def SetHost(self, host):
686
"D-Bus setter method"
689
self.PropertyChanged(dbus.String(u"host"),
690
dbus.String(self.host, variant_level=1))
692
# SetInterval - method
693
@dbus.service.method(_interface, in_signature=u"t")
694
def SetInterval(self, milliseconds):
695
self.interval = datetime.timedelta(0, 0, 0, milliseconds)
697
self.PropertyChanged(dbus.String(u"interval"),
698
(dbus.UInt64(self.interval_milliseconds(),
702
@dbus.service.method(_interface, in_signature=u"ay",
704
def SetSecret(self, secret):
705
"D-Bus setter method"
706
self.secret = str(secret)
708
# SetTimeout - method
709
@dbus.service.method(_interface, in_signature=u"t")
710
def SetTimeout(self, milliseconds):
711
self.timeout = datetime.timedelta(0, 0, 0, milliseconds)
713
self.PropertyChanged(dbus.String(u"timeout"),
714
(dbus.UInt64(self.timeout_milliseconds(),
1009
# NeedApproval - signal
1010
@dbus.service.signal(_interface, signature="tb")
1011
def NeedApproval(self, timeout, default):
1013
return self.need_approval()
1018
@dbus.service.method(_interface, in_signature="b")
1019
def Approve(self, value):
1022
# CheckedOK - method
1023
@dbus.service.method(_interface)
1024
def CheckedOK(self):
717
1027
# Enable - method
718
1028
@dbus.service.method(_interface)
737
1047
def StopChecker(self):
738
1048
self.stop_checker()
1052
# ApprovalPending - property
1053
@dbus_service_property(_interface, signature="b", access="read")
1054
def ApprovalPending_dbus_property(self):
1055
return dbus.Boolean(bool(self.approvals_pending))
1057
# ApprovedByDefault - property
1058
@dbus_service_property(_interface, signature="b",
1060
def ApprovedByDefault_dbus_property(self, value=None):
1061
if value is None: # get
1062
return dbus.Boolean(self.approved_by_default)
1063
self.approved_by_default = bool(value)
1065
# ApprovalDelay - property
1066
@dbus_service_property(_interface, signature="t",
1068
def ApprovalDelay_dbus_property(self, value=None):
1069
if value is None: # get
1070
return dbus.UInt64(self.approval_delay_milliseconds())
1071
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1073
# ApprovalDuration - property
1074
@dbus_service_property(_interface, signature="t",
1076
def ApprovalDuration_dbus_property(self, value=None):
1077
if value is None: # get
1078
return dbus.UInt64(_timedelta_to_milliseconds(
1079
self.approval_duration))
1080
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1083
@dbus_service_property(_interface, signature="s", access="read")
1084
def Name_dbus_property(self):
1085
return dbus.String(self.name)
1087
# Fingerprint - property
1088
@dbus_service_property(_interface, signature="s", access="read")
1089
def Fingerprint_dbus_property(self):
1090
return dbus.String(self.fingerprint)
1093
@dbus_service_property(_interface, signature="s",
1095
def Host_dbus_property(self, value=None):
1096
if value is None: # get
1097
return dbus.String(self.host)
1100
# Created - property
1101
@dbus_service_property(_interface, signature="s", access="read")
1102
def Created_dbus_property(self):
1103
return dbus.String(datetime_to_dbus(self.created))
1105
# LastEnabled - property
1106
@dbus_service_property(_interface, signature="s", access="read")
1107
def LastEnabled_dbus_property(self):
1108
return datetime_to_dbus(self.last_enabled)
1110
# Enabled - property
1111
@dbus_service_property(_interface, signature="b",
1113
def Enabled_dbus_property(self, value=None):
1114
if value is None: # get
1115
return dbus.Boolean(self.enabled)
1121
# LastCheckedOK - property
1122
@dbus_service_property(_interface, signature="s",
1124
def LastCheckedOK_dbus_property(self, value=None):
1125
if value is not None:
1128
return datetime_to_dbus(self.last_checked_ok)
1130
# Expires - property
1131
@dbus_service_property(_interface, signature="s", access="read")
1132
def Expires_dbus_property(self):
1133
return datetime_to_dbus(self.expires)
1135
# LastApprovalRequest - property
1136
@dbus_service_property(_interface, signature="s", access="read")
1137
def LastApprovalRequest_dbus_property(self):
1138
return datetime_to_dbus(self.last_approval_request)
1140
# Timeout - property
1141
@dbus_service_property(_interface, signature="t",
1143
def Timeout_dbus_property(self, value=None):
1144
if value is None: # get
1145
return dbus.UInt64(self.timeout_milliseconds())
1146
self.timeout = datetime.timedelta(0, 0, 0, value)
1147
if getattr(self, "disable_initiator_tag", None) is None:
1149
# Reschedule timeout
1150
gobject.source_remove(self.disable_initiator_tag)
1151
self.disable_initiator_tag = None
1153
time_to_die = (self.
1154
_timedelta_to_milliseconds((self
1159
if time_to_die <= 0:
1160
# The timeout has passed
1163
self.expires = (datetime.datetime.utcnow()
1164
+ datetime.timedelta(milliseconds = time_to_die))
1165
self.disable_initiator_tag = (gobject.timeout_add
1166
(time_to_die, self.disable))
1168
# ExtendedTimeout - property
1169
@dbus_service_property(_interface, signature="t",
1171
def ExtendedTimeout_dbus_property(self, value=None):
1172
if value is None: # get
1173
return dbus.UInt64(self.extended_timeout_milliseconds())
1174
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1176
# Interval - property
1177
@dbus_service_property(_interface, signature="t",
1179
def Interval_dbus_property(self, value=None):
1180
if value is None: # get
1181
return dbus.UInt64(self.interval_milliseconds())
1182
self.interval = datetime.timedelta(0, 0, 0, value)
1183
if getattr(self, "checker_initiator_tag", None) is None:
1185
# Reschedule checker run
1186
gobject.source_remove(self.checker_initiator_tag)
1187
self.checker_initiator_tag = (gobject.timeout_add
1188
(value, self.start_checker))
1189
self.start_checker() # Start one now, too
1191
# Checker - property
1192
@dbus_service_property(_interface, signature="s",
1194
def Checker_dbus_property(self, value=None):
1195
if value is None: # get
1196
return dbus.String(self.checker_command)
1197
self.checker_command = value
1199
# CheckerRunning - property
1200
@dbus_service_property(_interface, signature="b",
1202
def CheckerRunning_dbus_property(self, value=None):
1203
if value is None: # get
1204
return dbus.Boolean(self.checker is not None)
1206
self.start_checker()
1210
# ObjectPath - property
1211
@dbus_service_property(_interface, signature="o", access="read")
1212
def ObjectPath_dbus_property(self):
1213
return self.dbus_object_path # is already a dbus.ObjectPath
1216
@dbus_service_property(_interface, signature="ay",
1217
access="write", byte_arrays=True)
1218
def Secret_dbus_property(self, value):
1219
self.secret = str(value)
1224
class ProxyClient(object):
1225
def __init__(self, child_pipe, fpr, address):
1226
self._pipe = child_pipe
1227
self._pipe.send(('init', fpr, address))
1228
if not self._pipe.recv():
1231
def __getattribute__(self, name):
1232
if(name == '_pipe'):
1233
return super(ProxyClient, self).__getattribute__(name)
1234
self._pipe.send(('getattr', name))
1235
data = self._pipe.recv()
1236
if data[0] == 'data':
1238
if data[0] == 'function':
1239
def func(*args, **kwargs):
1240
self._pipe.send(('funcall', name, args, kwargs))
1241
return self._pipe.recv()[1]
1244
def __setattr__(self, name, value):
1245
if(name == '_pipe'):
1246
return super(ProxyClient, self).__setattr__(name, value)
1247
self._pipe.send(('setattr', name, value))
743
1250
class ClientHandler(socketserver.BaseRequestHandler, object):
744
1251
"""A class to handle client connections.
747
1254
Note: This will run in its own forked process."""
749
1256
def handle(self):
750
logger.info(u"TCP connection from: %s",
751
unicode(self.client_address))
752
logger.debug(u"IPC Pipe FD: %d", self.server.pipe[1])
753
# Open IPC pipe to parent process
754
with closing(os.fdopen(self.server.pipe[1], u"w", 1)) as ipc:
1257
with contextlib.closing(self.server.child_pipe) as child_pipe:
1258
logger.info("TCP connection from: %s",
1259
unicode(self.client_address))
1260
logger.debug("Pipe FD: %d",
1261
self.server.child_pipe.fileno())
755
1263
session = (gnutls.connection
756
1264
.ClientSession(self.request,
757
1265
gnutls.connection
758
1266
.X509Credentials()))
760
line = self.request.makefile().readline()
761
logger.debug(u"Protocol version: %r", line)
763
if int(line.strip().split()[0]) > 1:
765
except (ValueError, IndexError, RuntimeError), error:
766
logger.error(u"Unknown protocol version: %s", error)
769
1268
# Note: gnutls.connection.X509Credentials is really a
770
1269
# generic GnuTLS certificate credentials object so long as
771
1270
# no X.509 keys are added to it. Therefore, we can use it
772
1271
# here despite using OpenPGP certificates.
774
#priority = u':'.join((u"NONE", u"+VERS-TLS1.1",
775
# u"+AES-256-CBC", u"+SHA1",
776
# u"+COMP-NULL", u"+CTYPE-OPENPGP",
1273
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
1274
# "+AES-256-CBC", "+SHA1",
1275
# "+COMP-NULL", "+CTYPE-OPENPGP",
778
1277
# Use a fallback default, since this MUST be set.
779
1278
priority = self.server.gnutls_priority
780
1279
if priority is None:
782
1281
(gnutls.library.functions
783
1282
.gnutls_priority_set_direct(session._c_object,
784
1283
priority, None))
1285
# Start communication using the Mandos protocol
1286
# Get protocol number
1287
line = self.request.makefile().readline()
1288
logger.debug("Protocol version: %r", line)
1290
if int(line.strip().split()[0]) > 1:
1292
except (ValueError, IndexError, RuntimeError) as error:
1293
logger.error("Unknown protocol version: %s", error)
1296
# Start GnuTLS connection
787
1298
session.handshake()
788
except gnutls.errors.GNUTLSError, error:
789
logger.warning(u"Handshake failed: %s", error)
1299
except gnutls.errors.GNUTLSError as error:
1300
logger.warning("Handshake failed: %s", error)
790
1301
# Do not run session.bye() here: the session is not
791
1302
# established. Just abandon the request.
793
logger.debug(u"Handshake succeeded")
1304
logger.debug("Handshake succeeded")
1306
approval_required = False
795
fpr = self.fingerprint(self.peer_certificate(session))
796
except (TypeError, gnutls.errors.GNUTLSError), error:
797
logger.warning(u"Bad certificate: %s", error)
800
logger.debug(u"Fingerprint: %s", fpr)
1309
fpr = self.fingerprint(self.peer_certificate
1312
gnutls.errors.GNUTLSError) as error:
1313
logger.warning("Bad certificate: %s", error)
1315
logger.debug("Fingerprint: %s", fpr)
1318
client = ProxyClient(child_pipe, fpr,
1319
self.client_address)
1323
if client.approval_delay:
1324
delay = client.approval_delay
1325
client.approvals_pending += 1
1326
approval_required = True
1329
if not client.enabled:
1330
logger.info("Client %s is disabled",
1332
if self.server.use_dbus:
1334
client.Rejected("Disabled")
1337
if client._approved or not client.approval_delay:
1338
#We are approved or approval is disabled
1340
elif client._approved is None:
1341
logger.info("Client %s needs approval",
1343
if self.server.use_dbus:
1345
client.NeedApproval(
1346
client.approval_delay_milliseconds(),
1347
client.approved_by_default)
1349
logger.warning("Client %s was not approved",
1351
if self.server.use_dbus:
1353
client.Rejected("Denied")
1356
#wait until timeout or approved
1357
#x = float(client._timedelta_to_milliseconds(delay))
1358
time = datetime.datetime.now()
1359
client.changedstate.acquire()
1360
client.changedstate.wait(float(client._timedelta_to_milliseconds(delay) / 1000))
1361
client.changedstate.release()
1362
time2 = datetime.datetime.now()
1363
if (time2 - time) >= delay:
1364
if not client.approved_by_default:
1365
logger.warning("Client %s timed out while"
1366
" waiting for approval",
1368
if self.server.use_dbus:
1370
client.Rejected("Approval timed out")
1375
delay -= time2 - time
1378
while sent_size < len(client.secret):
1380
sent = session.send(client.secret[sent_size:])
1381
except gnutls.errors.GNUTLSError as error:
1382
logger.warning("gnutls send failed")
1384
logger.debug("Sent: %d, remaining: %d",
1385
sent, len(client.secret)
1386
- (sent_size + sent))
1389
logger.info("Sending secret to %s", client.name)
1390
# bump the timeout as if seen
1391
client.checked_ok(client.extended_timeout)
1392
if self.server.use_dbus:
802
for c in self.server.clients:
803
if c.fingerprint == fpr:
807
ipc.write(u"NOTFOUND %s\n" % fpr)
810
# Have to check if client.still_valid(), since it is
811
# possible that the client timed out while establishing
812
# the GnuTLS session.
813
if not client.still_valid():
814
ipc.write(u"INVALID %s\n" % client.name)
817
ipc.write(u"SENDING %s\n" % client.name)
819
while sent_size < len(client.secret):
820
sent = session.send(client.secret[sent_size:])
821
logger.debug(u"Sent: %d, remaining: %d",
822
sent, len(client.secret)
823
- (sent_size + sent))
1397
if approval_required:
1398
client.approvals_pending -= 1
1401
except gnutls.errors.GNUTLSError as error:
1402
logger.warning("GnuTLS bye failed")
828
1405
def peer_certificate(session):
992
1613
for cond, name in
993
1614
condition_names.iteritems()
994
1615
if cond & condition)
995
logger.debug(u"Handling IPC: FD = %d, condition = %s", source,
998
# Turn the pipe file descriptor into a Python file object
999
if source not in file_objects:
1000
file_objects[source] = os.fdopen(source, u"r", 1)
1002
# Read a line from the file object
1003
cmdline = file_objects[source].readline()
1004
if not cmdline: # Empty line means end of file
1005
# close the IPC pipe
1006
file_objects[source].close()
1007
del file_objects[source]
1009
# Stop calling this function
1012
logger.debug(u"IPC command: %r", cmdline)
1014
# Parse and act on command
1015
cmd, args = cmdline.rstrip(u"\r\n").split(None, 1)
1017
if cmd == u"NOTFOUND":
1018
logger.warning(u"Client not found for fingerprint: %s",
1022
mandos_dbus_service.ClientNotFound(args)
1023
elif cmd == u"INVALID":
1024
for client in self.clients:
1025
if client.name == args:
1026
logger.warning(u"Client %s is invalid", args)
1032
logger.error(u"Unknown client %s is invalid", args)
1033
elif cmd == u"SENDING":
1034
for client in self.clients:
1035
if client.name == args:
1036
logger.info(u"Sending secret to %s", client.name)
1040
client.ReceivedSecret()
1043
logger.error(u"Sending secret to unknown client %s",
1046
logger.error(u"Unknown IPC command: %r", cmdline)
1048
# Keep calling this function
1616
# error or the other end of multiprocessing.Pipe has closed
1617
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
1620
# Read a request from the child
1621
request = parent_pipe.recv()
1622
command = request[0]
1624
if command == 'init':
1626
address = request[2]
1628
for c in self.clients:
1629
if c.fingerprint == fpr:
1633
logger.info("Client not found for fingerprint: %s, ad"
1634
"dress: %s", fpr, address)
1637
mandos_dbus_service.ClientNotFound(fpr, address[0])
1638
parent_pipe.send(False)
1641
gobject.io_add_watch(parent_pipe.fileno(),
1642
gobject.IO_IN | gobject.IO_HUP,
1643
functools.partial(self.handle_ipc,
1644
parent_pipe = parent_pipe,
1645
client_object = client))
1646
parent_pipe.send(True)
1647
# remove the old hook in favor of the new above hook on same fileno
1649
if command == 'funcall':
1650
funcname = request[1]
1654
parent_pipe.send(('data', getattr(client_object, funcname)(*args, **kwargs)))
1656
if command == 'getattr':
1657
attrname = request[1]
1658
if callable(client_object.__getattribute__(attrname)):
1659
parent_pipe.send(('function',))
1661
parent_pipe.send(('data', client_object.__getattribute__(attrname)))
1663
if command == 'setattr':
1664
attrname = request[1]
1666
setattr(client_object, attrname, value)
1052
1671
def string_to_delta(interval):
1053
1672
"""Parse a string and return a datetime.timedelta
1055
>>> string_to_delta(u'7d')
1674
>>> string_to_delta('7d')
1056
1675
datetime.timedelta(7)
1057
>>> string_to_delta(u'60s')
1676
>>> string_to_delta('60s')
1058
1677
datetime.timedelta(0, 60)
1059
>>> string_to_delta(u'60m')
1678
>>> string_to_delta('60m')
1060
1679
datetime.timedelta(0, 3600)
1061
>>> string_to_delta(u'24h')
1680
>>> string_to_delta('24h')
1062
1681
datetime.timedelta(1)
1063
>>> string_to_delta(u'1w')
1682
>>> string_to_delta('1w')
1064
1683
datetime.timedelta(7)
1065
>>> string_to_delta(u'5m 30s')
1684
>>> string_to_delta('5m 30s')
1066
1685
datetime.timedelta(0, 330)
1068
1687
timevalue = datetime.timedelta(0)
1141
######################################################################
1761
##################################################################
1142
1762
# Parsing of options, both command line and config file
1144
parser = optparse.OptionParser(version = "%%prog %s" % version)
1145
parser.add_option("-i", u"--interface", type=u"string",
1146
metavar="IF", help=u"Bind to interface IF")
1147
parser.add_option("-a", u"--address", type=u"string",
1148
help=u"Address to listen for requests on")
1149
parser.add_option("-p", u"--port", type=u"int",
1150
help=u"Port number to receive requests on")
1151
parser.add_option("--check", action=u"store_true",
1152
help=u"Run self-test")
1153
parser.add_option("--debug", action=u"store_true",
1154
help=u"Debug mode; run in foreground and log to"
1156
parser.add_option("--priority", type=u"string", help=u"GnuTLS"
1157
u" priority string (see GnuTLS documentation)")
1158
parser.add_option("--servicename", type=u"string",
1159
metavar=u"NAME", help=u"Zeroconf service name")
1160
parser.add_option("--configdir", type=u"string",
1161
default=u"/etc/mandos", metavar=u"DIR",
1162
help=u"Directory to search for configuration"
1164
parser.add_option("--no-dbus", action=u"store_false",
1165
dest=u"use_dbus", help=u"Do not provide D-Bus"
1166
u" system bus interface")
1167
parser.add_option("--no-ipv6", action=u"store_false",
1168
dest=u"use_ipv6", help=u"Do not use IPv6")
1169
options = parser.parse_args()[0]
1764
parser = argparse.ArgumentParser()
1765
parser.add_argument("-v", "--version", action="version",
1766
version = "%%(prog)s %s" % version,
1767
help="show version number and exit")
1768
parser.add_argument("-i", "--interface", metavar="IF",
1769
help="Bind to interface IF")
1770
parser.add_argument("-a", "--address",
1771
help="Address to listen for requests on")
1772
parser.add_argument("-p", "--port", type=int,
1773
help="Port number to receive requests on")
1774
parser.add_argument("--check", action="store_true",
1775
help="Run self-test")
1776
parser.add_argument("--debug", action="store_true",
1777
help="Debug mode; run in foreground and log"
1779
parser.add_argument("--debuglevel", metavar="LEVEL",
1780
help="Debug level for stdout output")
1781
parser.add_argument("--priority", help="GnuTLS"
1782
" priority string (see GnuTLS documentation)")
1783
parser.add_argument("--servicename",
1784
metavar="NAME", help="Zeroconf service name")
1785
parser.add_argument("--configdir",
1786
default="/etc/mandos", metavar="DIR",
1787
help="Directory to search for configuration"
1789
parser.add_argument("--no-dbus", action="store_false",
1790
dest="use_dbus", help="Do not provide D-Bus"
1791
" system bus interface")
1792
parser.add_argument("--no-ipv6", action="store_false",
1793
dest="use_ipv6", help="Do not use IPv6")
1794
options = parser.parse_args()
1171
1796
if options.check:
1219
1845
##################################################################
1221
1847
# For convenience
1222
debug = server_settings[u"debug"]
1223
use_dbus = server_settings[u"use_dbus"]
1224
use_ipv6 = server_settings[u"use_ipv6"]
1227
syslogger.setLevel(logging.WARNING)
1228
console.setLevel(logging.WARNING)
1230
if server_settings[u"servicename"] != u"Mandos":
1848
debug = server_settings["debug"]
1849
debuglevel = server_settings["debuglevel"]
1850
use_dbus = server_settings["use_dbus"]
1851
use_ipv6 = server_settings["use_ipv6"]
1853
if server_settings["servicename"] != "Mandos":
1231
1854
syslogger.setFormatter(logging.Formatter
1232
(u'Mandos (%s) [%%(process)d]:'
1233
u' %%(levelname)s: %%(message)s'
1234
% server_settings[u"servicename"]))
1855
('Mandos (%s) [%%(process)d]:'
1856
' %%(levelname)s: %%(message)s'
1857
% server_settings["servicename"]))
1236
1859
# Parse config file with clients
1237
client_defaults = { u"timeout": u"1h",
1239
u"checker": u"fping -q -- %%(host)s",
1860
client_defaults = { "timeout": "5m",
1861
"extended_timeout": "15m",
1863
"checker": "fping -q -- %%(host)s",
1865
"approval_delay": "0s",
1866
"approval_duration": "1s",
1242
1868
client_config = configparser.SafeConfigParser(client_defaults)
1243
client_config.read(os.path.join(server_settings[u"configdir"],
1869
client_config.read(os.path.join(server_settings["configdir"],
1246
1872
global mandos_dbus_service
1247
1873
mandos_dbus_service = None
1250
tcp_server = IPv6_TCPServer((server_settings[u"address"],
1251
server_settings[u"port"]),
1254
server_settings[u"interface"],
1258
server_settings[u"priority"],
1260
pidfilename = u"/var/run/mandos.pid"
1262
pidfile = open(pidfilename, u"w")
1264
logger.error(u"Could not open file %r", pidfilename)
1875
tcp_server = MandosServer((server_settings["address"],
1876
server_settings["port"]),
1878
interface=(server_settings["interface"]
1882
server_settings["priority"],
1885
pidfilename = "/var/run/mandos.pid"
1887
pidfile = open(pidfilename, "w")
1889
logger.error("Could not open file %r", pidfilename)
1267
uid = pwd.getpwnam(u"_mandos").pw_uid
1268
gid = pwd.getpwnam(u"_mandos").pw_gid
1892
uid = pwd.getpwnam("_mandos").pw_uid
1893
gid = pwd.getpwnam("_mandos").pw_gid
1269
1894
except KeyError:
1271
uid = pwd.getpwnam(u"mandos").pw_uid
1272
gid = pwd.getpwnam(u"mandos").pw_gid
1896
uid = pwd.getpwnam("mandos").pw_uid
1897
gid = pwd.getpwnam("mandos").pw_gid
1273
1898
except KeyError:
1275
uid = pwd.getpwnam(u"nobody").pw_uid
1276
gid = pwd.getpwnam(u"nobody").pw_gid
1900
uid = pwd.getpwnam("nobody").pw_uid
1901
gid = pwd.getpwnam("nobody").pw_gid
1277
1902
except KeyError:
1283
except OSError, error:
1908
except OSError as error:
1284
1909
if error[0] != errno.EPERM:
1287
# Enable all possible GnuTLS debugging
1912
if not debug and not debuglevel:
1913
syslogger.setLevel(logging.WARNING)
1914
console.setLevel(logging.WARNING)
1916
level = getattr(logging, debuglevel.upper())
1917
syslogger.setLevel(level)
1918
console.setLevel(level)
1921
# Enable all possible GnuTLS debugging
1289
1923
# "Use a log level over 10 to enable all debugging options."
1290
1924
# - GnuTLS manual
1291
1925
gnutls.library.functions.gnutls_global_set_log_level(11)
1293
1927
@gnutls.library.types.gnutls_log_func
1294
1928
def debug_gnutls(level, string):
1295
logger.debug(u"GnuTLS: %s", string[:-1])
1929
logger.debug("GnuTLS: %s", string[:-1])
1297
1931
(gnutls.library.functions
1298
1932
.gnutls_global_set_log_function(debug_gnutls))
1934
# Redirect stdin so all checkers get /dev/null
1935
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1936
os.dup2(null, sys.stdin.fileno())
1940
# No console logging
1941
logger.removeHandler(console)
1301
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
1302
service = AvahiService(name = server_settings[u"servicename"],
1303
servicetype = u"_mandos._tcp",
1304
protocol = protocol)
1305
if server_settings["interface"]:
1306
service.interface = (if_nametoindex
1307
(str(server_settings[u"interface"])))
1943
# Need to fork before connecting to D-Bus
1945
# Close all input and output, do double fork, etc.
1309
1948
global main_loop
1311
1949
# From the Avahi example code
1312
1950
DBusGMainLoop(set_as_default=True )
1313
1951
main_loop = gobject.MainLoop()
1314
1952
bus = dbus.SystemBus()
1315
1953
# End of Avahi example code
1317
bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos", bus)
1956
bus_name = dbus.service.BusName("se.bsnet.fukt.Mandos",
1957
bus, do_not_queue=True)
1958
bus_name2 = dbus.service.BusName("se.recompile.Mandos",
1959
bus, do_not_queue=True)
1960
except dbus.exceptions.NameExistsException as e:
1961
logger.error(unicode(e) + ", disabling D-Bus")
1963
server_settings["use_dbus"] = False
1964
tcp_server.use_dbus = False
1965
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
1966
service = AvahiService(name = server_settings["servicename"],
1967
servicetype = "_mandos._tcp",
1968
protocol = protocol, bus = bus)
1969
if server_settings["interface"]:
1970
service.interface = (if_nametoindex
1971
(str(server_settings["interface"])))
1973
global multiprocessing_manager
1974
multiprocessing_manager = multiprocessing.Manager()
1319
1976
client_class = Client
1321
client_class = ClientDBus
1978
client_class = functools.partial(ClientDBus, bus = bus)
1979
def client_config_items(config, section):
1980
special_settings = {
1981
"approved_by_default":
1982
lambda: config.getboolean(section,
1983
"approved_by_default"),
1985
for name, value in config.items(section):
1987
yield (name, special_settings[name]())
1991
tcp_server.clients.update(set(
1323
1992
client_class(name = section,
1324
config= dict(client_config.items(section)))
1993
config= dict(client_config_items(
1994
client_config, section)))
1325
1995
for section in client_config.sections()))
1327
logger.warning(u"No clients defined")
1330
# Redirect stdin so all checkers get /dev/null
1331
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1332
os.dup2(null, sys.stdin.fileno())
1336
# No console logging
1337
logger.removeHandler(console)
1338
# Close all input and output, do double fork, etc.
1342
with closing(pidfile):
1344
pidfile.write(str(pid) + "\n")
1347
logger.error(u"Could not write to file %r with PID %d",
1350
# "pidfile" was never created
1355
"Cleanup function; run on exit"
1996
if not tcp_server.clients:
1997
logger.warning("No clients defined")
1359
client = clients.pop()
1360
client.disable_hook = None
1363
atexit.register(cleanup)
2003
pidfile.write(str(pid) + "\n".encode("utf-8"))
2006
logger.error("Could not write to file %r with PID %d",
2009
# "pidfile" was never created
1366
2013
signal.signal(signal.SIGINT, signal.SIG_IGN)
1367
2015
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
1368
2016
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())