To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 24.1.57
- compare with another revision
- download diff
- download tarball
- view history from revision 24.1.57
- Committer: Björn Påhlsson
- Date: 2008-08-19 09:41:45 UTC
- mfrom: (89 mandos)
- mto: (24.1.154 mandos) (237.4.3 mandos-release)
- mto: This revision was merged to the branch mainline in revision 94.
- Revision ID: belorn@braxen-20080819094145-zi16kkw5l6t6nrd0
merge
- files added:
- plugins.d/usplash
- files removed:
- .bzr-builddeb
- debian
- debian/po
- debian/source
- files renamed:
- plugins.d/mandos-client.c => plugins.d/password-request.c
- plugins.d/mandos-client.xml => plugins.d/password-request.xml
- files modified:
- Makefile
added
removed
mandos
6
6
# This program is partly derived from an example program for an Avahi
7
7
# service publisher, downloaded from
8
8
# <http://avahi.org/wiki/PythonPublishExample>. This includes the
9
# methods "add", "remove", "server_state_changed",
10
# "entry_group_state_changed", "cleanup", and "activate" in the
11
# "AvahiService" class, and some lines in "main".
9
# methods "add" and "remove" in the "AvahiService" class, the
10
# "server_state_changed" and "entry_group_state_changed" functions,
11
# and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008-2011 Teddy Hogeborn
15
# Copyright © 2008-2011 Björn Påhlsson
14
# Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
16
15
#
17
16
# This program is free software: you can redistribute it and/or modify
18
17
# it under the terms of the GNU General Public License as published by
25
24
# GNU General Public License for more details.
26
25
#
27
26
# You should have received a copy of the GNU General Public License
28
# along with this program. If not, see
29
# <http://www.gnu.org/licenses/>.
30
#
31
# Contact the authors at <mandos@recompile.se>.
32
#
33
34
from __future__ import (division, absolute_import, print_function,
35
unicode_literals)
36
37
import SocketServer as socketserver
27
# along with this program. If not, see <http://www.gnu.org/licenses/>.
28
#
29
# Contact the authors at <mandos@fukt.bsnet.se>.
30
#
31
32
from __future__ import division
33
34
import SocketServer
38
35
import socket
39
import argparse
36
import select
37
from optparse import OptionParser
40
38
import datetime
41
39
import errno
42
40
import gnutls.crypto
45
43
import gnutls.library.functions
46
44
import gnutls.library.constants
47
45
import gnutls.library.types
48
import ConfigParser as configparser
46
import ConfigParser
49
47
import sys
50
48
import re
51
49
import os
52
50
import signal
51
from sets import Set
53
52
import subprocess
54
53
import atexit
55
54
import stat
56
55
import logging
57
56
import logging.handlers
58
import pwd
59
import contextlib
60
import struct
61
import fcntl
62
import functools
63
import cPickle as pickle
64
import multiprocessing
65
import types
66
57
67
58
import dbus
68
import dbus.service
69
59
import gobject
70
60
import avahi
71
61
from dbus.mainloop.glib import DBusGMainLoop
72
62
import ctypes
73
import ctypes.util
74
import xml.dom.minidom
75
import inspect
76
77
try:
78
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
79
except AttributeError:
80
try:
81
from IN import SO_BINDTODEVICE
82
except ImportError:
83
SO_BINDTODEVICE = None
84
85
86
version = "1.4.0"
87
88
#logger = logging.getLogger('mandos')
63
64
version = "1.0"
65
89
66
logger = logging.Logger('mandos')
90
syslogger = (logging.handlers.SysLogHandler
91
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
92
address = str("/dev/log")))
93
syslogger.setFormatter(logging.Formatter
94
('Mandos [%(process)d]: %(levelname)s:'
95
' %(message)s'))
67
syslogger = logging.handlers.SysLogHandler\
68
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
69
address = "/dev/log")
70
syslogger.setFormatter(logging.Formatter\
71
('Mandos: %(levelname)s: %(message)s'))
96
72
logger.addHandler(syslogger)
97
73
98
74
console = logging.StreamHandler()
99
console.setFormatter(logging.Formatter('%(name)s [%(process)d]:'
100
' %(levelname)s:'
75
console.setFormatter(logging.Formatter('%(name)s: %(levelname)s:'
101
76
' %(message)s'))
102
77
logger.addHandler(console)
103
78
104
79
class AvahiError(Exception):
105
def __init__(self, value, *args, **kwargs):
80
def __init__(self, value):
106
81
self.value = value
107
super(AvahiError, self).__init__(value, *args, **kwargs)
108
def __unicode__(self):
109
return unicode(repr(self.value))
82
def __str__(self):
83
return repr(self.value)
110
84
111
85
class AvahiServiceError(AvahiError):
112
86
pass
117
91
118
92
class AvahiService(object):
119
93
"""An Avahi (Zeroconf) service.
120
121
94
Attributes:
122
95
interface: integer; avahi.IF_UNSPEC or an interface index.
123
96
Used to optionally bind to the specified interface.
131
104
max_renames: integer; maximum number of renames
132
105
rename_count: integer; counter so we only rename after collisions
133
106
a sensible number of times
134
group: D-Bus Entry Group
135
server: D-Bus Server
136
bus: dbus.SystemBus()
137
107
"""
138
108
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
139
servicetype = None, port = None, TXT = None,
140
domain = "", host = "", max_renames = 32768,
141
protocol = avahi.PROTO_UNSPEC, bus = None):
109
type = None, port = None, TXT = None, domain = "",
110
host = "", max_renames = 32768):
142
111
self.interface = interface
143
112
self.name = name
144
self.type = servicetype
113
self.type = type
145
114
self.port = port
146
self.TXT = TXT if TXT is not None else []
115
if TXT is None:
116
self.TXT = []
117
else:
118
self.TXT = TXT
147
119
self.domain = domain
148
120
self.host = host
149
121
self.rename_count = 0
150
122
self.max_renames = max_renames
151
self.protocol = protocol
152
self.group = None # our entry group
153
self.server = None
154
self.bus = bus
155
self.entry_group_state_changed_match = None
156
123
def rename(self):
157
124
"""Derived from the Avahi example code"""
158
125
if self.rename_count >= self.max_renames:
159
logger.critical("No suitable Zeroconf service name found"
160
" after %i retries, exiting.",
161
self.rename_count)
126
logger.critical(u"No suitable service name found after %i"
127
u" retries, exiting.", rename_count)
162
128
raise AvahiServiceError("Too many renames")
163
self.name = unicode(self.server
164
.GetAlternativeServiceName(self.name))
165
logger.info("Changing Zeroconf service name to %r ...",
166
self.name)
167
syslogger.setFormatter(logging.Formatter
168
('Mandos (%s) [%%(process)d]:'
169
' %%(levelname)s: %%(message)s'
170
% self.name))
129
self.name = server.GetAlternativeServiceName(self.name)
130
logger.info(u"Changing name to %r ...", str(self.name))
131
syslogger.setFormatter(logging.Formatter\
132
('Mandos (%s): %%(levelname)s:'
133
' %%(message)s' % self.name))
171
134
self.remove()
172
try:
173
self.add()
174
except dbus.exceptions.DBusException as error:
175
logger.critical("DBusException: %s", error)
176
self.cleanup()
177
os._exit(1)
135
self.add()
178
136
self.rename_count += 1
179
137
def remove(self):
180
138
"""Derived from the Avahi example code"""
181
if self.entry_group_state_changed_match is not None:
182
self.entry_group_state_changed_match.remove()
183
self.entry_group_state_changed_match = None
184
if self.group is not None:
185
self.group.Reset()
139
if group is not None:
140
group.Reset()
186
141
def add(self):
187
142
"""Derived from the Avahi example code"""
188
self.remove()
189
if self.group is None:
190
self.group = dbus.Interface(
191
self.bus.get_object(avahi.DBUS_NAME,
192
self.server.EntryGroupNew()),
193
avahi.DBUS_INTERFACE_ENTRY_GROUP)
194
self.entry_group_state_changed_match = (
195
self.group.connect_to_signal(
196
'StateChanged', self .entry_group_state_changed))
197
logger.debug("Adding Zeroconf service '%s' of type '%s' ...",
198
self.name, self.type)
199
self.group.AddService(
200
self.interface,
201
self.protocol,
202
dbus.UInt32(0), # flags
203
self.name, self.type,
204
self.domain, self.host,
205
dbus.UInt16(self.port),
206
avahi.string_array_to_txt_array(self.TXT))
207
self.group.Commit()
208
def entry_group_state_changed(self, state, error):
209
"""Derived from the Avahi example code"""
210
logger.debug("Avahi entry group state change: %i", state)
211
212
if state == avahi.ENTRY_GROUP_ESTABLISHED:
213
logger.debug("Zeroconf service established.")
214
elif state == avahi.ENTRY_GROUP_COLLISION:
215
logger.info("Zeroconf service name collision.")
216
self.rename()
217
elif state == avahi.ENTRY_GROUP_FAILURE:
218
logger.critical("Avahi: Error in group state changed %s",
219
unicode(error))
220
raise AvahiGroupError("State changed: %s"
221
% unicode(error))
222
def cleanup(self):
223
"""Derived from the Avahi example code"""
224
if self.group is not None:
225
try:
226
self.group.Free()
227
except (dbus.exceptions.UnknownMethodException,
228
dbus.exceptions.DBusException) as e:
229
pass
230
self.group = None
231
self.remove()
232
def server_state_changed(self, state, error=None):
233
"""Derived from the Avahi example code"""
234
logger.debug("Avahi server state change: %i", state)
235
bad_states = { avahi.SERVER_INVALID:
236
"Zeroconf server invalid",
237
avahi.SERVER_REGISTERING: None,
238
avahi.SERVER_COLLISION:
239
"Zeroconf server name collision",
240
avahi.SERVER_FAILURE:
241
"Zeroconf server failure" }
242
if state in bad_states:
243
if bad_states[state] is not None:
244
if error is None:
245
logger.error(bad_states[state])
246
else:
247
logger.error(bad_states[state] + ": %r", error)
248
self.cleanup()
249
elif state == avahi.SERVER_RUNNING:
250
self.add()
251
else:
252
if error is None:
253
logger.debug("Unknown state: %r", state)
254
else:
255
logger.debug("Unknown state: %r: %r", state, error)
256
def activate(self):
257
"""Derived from the Avahi example code"""
258
if self.server is None:
259
self.server = dbus.Interface(
260
self.bus.get_object(avahi.DBUS_NAME,
261
avahi.DBUS_PATH_SERVER,
262
follow_name_owner_changes=True),
263
avahi.DBUS_INTERFACE_SERVER)
264
self.server.connect_to_signal("StateChanged",
265
self.server_state_changed)
266
self.server_state_changed(self.server.GetState())
267
268
269
def _timedelta_to_milliseconds(td):
270
"Convert a datetime.timedelta() to milliseconds"
271
return ((td.days * 24 * 60 * 60 * 1000)
272
+ (td.seconds * 1000)
273
+ (td.microseconds // 1000))
274
143
global group
144
if group is None:
145
group = dbus.Interface\
146
(bus.get_object(avahi.DBUS_NAME,
147
server.EntryGroupNew()),
148
avahi.DBUS_INTERFACE_ENTRY_GROUP)
149
group.connect_to_signal('StateChanged',
150
entry_group_state_changed)
151
logger.debug(u"Adding service '%s' of type '%s' ...",
152
service.name, service.type)
153
group.AddService(
154
self.interface, # interface
155
avahi.PROTO_INET6, # protocol
156
dbus.UInt32(0), # flags
157
self.name, self.type,
158
self.domain, self.host,
159
dbus.UInt16(self.port),
160
avahi.string_array_to_txt_array(self.TXT))
161
group.Commit()
162
163
# From the Avahi example code:
164
group = None # our entry group
165
# End of Avahi example code
166
167
275
168
class Client(object):
276
169
"""A representation of a client host served by this server.
277
278
170
Attributes:
279
_approved: bool(); 'None' if not yet approved/disapproved
280
approval_delay: datetime.timedelta(); Time to wait for approval
281
approval_duration: datetime.timedelta(); Duration of one approval
282
checker: subprocess.Popen(); a running checker process used
283
to see if the client lives.
284
'None' if no process is running.
285
checker_callback_tag: a gobject event source tag, or None
286
checker_command: string; External command which is run to check
287
if client lives. %() expansions are done at
171
name: string; from the config file, used in log messages
172
fingerprint: string (40 or 32 hexadecimal digits); used to
173
uniquely identify the client
174
secret: bytestring; sent verbatim (over TLS) to client
175
host: string; available for use by the checker command
176
created: datetime.datetime(); object creation, not client host
177
last_checked_ok: datetime.datetime() or None if not yet checked OK
178
timeout: datetime.timedelta(); How long from last_checked_ok
179
until this client is invalid
180
interval: datetime.timedelta(); How often to start a new checker
181
stop_hook: If set, called by stop() as stop_hook(self)
182
checker: subprocess.Popen(); a running checker process used
183
to see if the client lives.
184
'None' if no process is running.
185
checker_initiator_tag: a gobject event source tag, or None
186
stop_initiator_tag: - '' -
187
checker_callback_tag: - '' -
188
checker_command: string; External command which is run to check if
189
client lives. %() expansions are done at
288
190
runtime with vars(self) as dict, so that for
289
191
instance %(name)s can be used in the command.
290
checker_initiator_tag: a gobject event source tag, or None
291
created: datetime.datetime(); (UTC) object creation
292
current_checker_command: string; current running checker_command
293
disable_hook: If set, called by disable() as disable_hook(self)
294
disable_initiator_tag: a gobject event source tag, or None
295
enabled: bool()
296
fingerprint: string (40 or 32 hexadecimal digits); used to
297
uniquely identify the client
298
host: string; available for use by the checker command
299
interval: datetime.timedelta(); How often to start a new checker
300
last_approval_request: datetime.datetime(); (UTC) or None
301
last_checked_ok: datetime.datetime(); (UTC) or None
302
last_enabled: datetime.datetime(); (UTC)
303
name: string; from the config file, used in log messages and
304
D-Bus identifiers
305
secret: bytestring; sent verbatim (over TLS) to client
306
timeout: datetime.timedelta(); How long from last_checked_ok
307
until this client is disabled
308
extended_timeout: extra long timeout when password has been sent
309
runtime_expansions: Allowed attributes for runtime expansion.
310
expires: datetime.datetime(); time (UTC) when a client will be
311
disabled, or None
192
Private attibutes:
193
_timeout: Real variable for 'timeout'
194
_interval: Real variable for 'interval'
195
_timeout_milliseconds: Used when calling gobject.timeout_add()
196
_interval_milliseconds: - '' -
312
197
"""
313
314
runtime_expansions = ("approval_delay", "approval_duration",
315
"created", "enabled", "fingerprint",
316
"host", "interval", "last_checked_ok",
317
"last_enabled", "name", "timeout")
318
319
def timeout_milliseconds(self):
320
"Return the 'timeout' attribute in milliseconds"
321
return _timedelta_to_milliseconds(self.timeout)
322
323
def extended_timeout_milliseconds(self):
324
"Return the 'extended_timeout' attribute in milliseconds"
325
return _timedelta_to_milliseconds(self.extended_timeout)
326
327
def interval_milliseconds(self):
328
"Return the 'interval' attribute in milliseconds"
329
return _timedelta_to_milliseconds(self.interval)
330
331
def approval_delay_milliseconds(self):
332
return _timedelta_to_milliseconds(self.approval_delay)
333
334
def __init__(self, name = None, disable_hook=None, config=None):
198
def _set_timeout(self, timeout):
199
"Setter function for 'timeout' attribute"
200
self._timeout = timeout
201
self._timeout_milliseconds = ((self.timeout.days
202
* 24 * 60 * 60 * 1000)
203
+ (self.timeout.seconds * 1000)
204
+ (self.timeout.microseconds
205
// 1000))
206
timeout = property(lambda self: self._timeout,
207
_set_timeout)
208
del _set_timeout
209
def _set_interval(self, interval):
210
"Setter function for 'interval' attribute"
211
self._interval = interval
212
self._interval_milliseconds = ((self.interval.days
213
* 24 * 60 * 60 * 1000)
214
+ (self.interval.seconds
215
* 1000)
216
+ (self.interval.microseconds
217
// 1000))
218
interval = property(lambda self: self._interval,
219
_set_interval)
220
del _set_interval
221
def __init__(self, name = None, stop_hook=None, config={}):
335
222
"""Note: the 'checker' key in 'config' sets the
336
223
'checker_command' attribute and *not* the 'checker'
337
224
attribute."""
338
225
self.name = name
339
if config is None:
340
config = {}
341
logger.debug("Creating client %r", self.name)
226
logger.debug(u"Creating client %r", self.name)
342
227
# Uppercase and remove spaces from fingerprint for later
343
228
# comparison purposes with return value from the fingerprint()
344
229
# function
345
self.fingerprint = (config["fingerprint"].upper()
346
.replace(" ", ""))
347
logger.debug(" Fingerprint: %s", self.fingerprint)
230
self.fingerprint = config["fingerprint"].upper()\
231
.replace(u" ", u"")
232
logger.debug(u" Fingerprint: %s", self.fingerprint)
348
233
if "secret" in config:
349
self.secret = config["secret"].decode("base64")
234
self.secret = config["secret"].decode(u"base64")
350
235
elif "secfile" in config:
351
with open(os.path.expanduser(os.path.expandvars
352
(config["secfile"])),
353
"rb") as secfile:
354
self.secret = secfile.read()
236
sf = open(config["secfile"])
237
self.secret = sf.read()
238
sf.close()
355
239
else:
356
raise TypeError("No secret or secfile for client %s"
240
raise TypeError(u"No secret or secfile for client %s"
357
241
% self.name)
358
242
self.host = config.get("host", "")
359
self.created = datetime.datetime.utcnow()
360
self.enabled = False
361
self.last_approval_request = None
362
self.last_enabled = None
243
self.created = datetime.datetime.now()
363
244
self.last_checked_ok = None
364
245
self.timeout = string_to_delta(config["timeout"])
365
self.extended_timeout = string_to_delta(config
366
["extended_timeout"])
367
246
self.interval = string_to_delta(config["interval"])
368
self.disable_hook = disable_hook
247
self.stop_hook = stop_hook
369
248
self.checker = None
370
249
self.checker_initiator_tag = None
371
self.disable_initiator_tag = None
372
self.expires = None
250
self.stop_initiator_tag = None
373
251
self.checker_callback_tag = None
374
self.checker_command = config["checker"]
375
self.current_checker_command = None
376
self.last_connect = None
377
self._approved = None
378
self.approved_by_default = config.get("approved_by_default",
379
True)
380
self.approvals_pending = 0
381
self.approval_delay = string_to_delta(
382
config["approval_delay"])
383
self.approval_duration = string_to_delta(
384
config["approval_duration"])
385
self.changedstate = (multiprocessing_manager
386
.Condition(multiprocessing_manager
387
.Lock()))
388
389
def send_changedstate(self):
390
self.changedstate.acquire()
391
self.changedstate.notify_all()
392
self.changedstate.release()
393
394
def enable(self):
252
self.check_command = config["checker"]
253
def start(self):
395
254
"""Start this client's checker and timeout hooks"""
396
if getattr(self, "enabled", False):
397
# Already enabled
398
return
399
self.send_changedstate()
400
255
# Schedule a new checker to be started an 'interval' from now,
401
256
# and every interval from then on.
402
self.checker_initiator_tag = (gobject.timeout_add
403
(self.interval_milliseconds(),
404
self.start_checker))
405
# Schedule a disable() when 'timeout' has passed
406
self.expires = datetime.datetime.utcnow() + self.timeout
407
self.disable_initiator_tag = (gobject.timeout_add
408
(self.timeout_milliseconds(),
409
self.disable))
410
self.enabled = True
411
self.last_enabled = datetime.datetime.utcnow()
257
self.checker_initiator_tag = gobject.timeout_add\
258
(self._interval_milliseconds,
259
self.start_checker)
412
260
# Also start a new checker *right now*.
413
261
self.start_checker()
414
415
def disable(self, quiet=True):
416
"""Disable this client."""
417
if not getattr(self, "enabled", False):
262
# Schedule a stop() when 'timeout' has passed
263
self.stop_initiator_tag = gobject.timeout_add\
264
(self._timeout_milliseconds,
265
self.stop)
266
def stop(self):
267
"""Stop this client.
268
The possibility that a client might be restarted is left open,
269
but not currently used."""
270
# If this client doesn't have a secret, it is already stopped.
271
if hasattr(self, "secret") and self.secret:
272
logger.info(u"Stopping client %s", self.name)
273
self.secret = None
274
else:
418
275
return False
419
if not quiet:
420
self.send_changedstate()
421
if not quiet:
422
logger.info("Disabling client %s", self.name)
423
if getattr(self, "disable_initiator_tag", False):
424
gobject.source_remove(self.disable_initiator_tag)
425
self.disable_initiator_tag = None
426
self.expires = None
276
if getattr(self, "stop_initiator_tag", False):
277
gobject.source_remove(self.stop_initiator_tag)
278
self.stop_initiator_tag = None
427
279
if getattr(self, "checker_initiator_tag", False):
428
280
gobject.source_remove(self.checker_initiator_tag)
429
281
self.checker_initiator_tag = None
430
282
self.stop_checker()
431
if self.disable_hook:
432
self.disable_hook(self)
433
self.enabled = False
283
if self.stop_hook:
284
self.stop_hook(self)
434
285
# Do not run this again if called by a gobject.timeout_add
435
286
return False
436
437
287
def __del__(self):
438
self.disable_hook = None
439
self.disable()
440
441
def checker_callback(self, pid, condition, command):
288
self.stop_hook = None
289
self.stop()
290
def checker_callback(self, pid, condition):
442
291
"""The checker has completed, so take appropriate actions."""
292
now = datetime.datetime.now()
443
293
self.checker_callback_tag = None
444
294
self.checker = None
445
if os.WIFEXITED(condition):
446
exitstatus = os.WEXITSTATUS(condition)
447
if exitstatus == 0:
448
logger.info("Checker for %(name)s succeeded",
449
vars(self))
450
self.checked_ok()
451
else:
452
logger.info("Checker for %(name)s failed",
453
vars(self))
454
else:
455
logger.warning("Checker for %(name)s crashed?",
295
if os.WIFEXITED(condition) \
296
and (os.WEXITSTATUS(condition) == 0):
297
logger.info(u"Checker for %(name)s succeeded",
298
vars(self))
299
self.last_checked_ok = now
300
gobject.source_remove(self.stop_initiator_tag)
301
self.stop_initiator_tag = gobject.timeout_add\
302
(self._timeout_milliseconds,
303
self.stop)
304
elif not os.WIFEXITED(condition):
305
logger.warning(u"Checker for %(name)s crashed?",
456
306
vars(self))
457
458
def checked_ok(self, timeout=None):
459
"""Bump up the timeout for this client.
460
461
This should only be called when the client has been seen,
462
alive and well.
463
"""
464
if timeout is None:
465
timeout = self.timeout
466
self.last_checked_ok = datetime.datetime.utcnow()
467
gobject.source_remove(self.disable_initiator_tag)
468
self.disable_initiator_tag = (gobject.timeout_add
469
(_timedelta_to_milliseconds
470
(timeout), self.disable))
471
self.expires = datetime.datetime.utcnow() + timeout
472
473
def need_approval(self):
474
self.last_approval_request = datetime.datetime.utcnow()
475
307
else:
308
logger.info(u"Checker for %(name)s failed",
309
vars(self))
476
310
def start_checker(self):
477
311
"""Start a new checker subprocess if one is not running.
478
479
312
If a checker already exists, leave it running and do
480
313
nothing."""
481
314
# The reason for not killing a running checker is that if we
484
317
# client would inevitably timeout, since no checker would get
485
318
# a chance to run to completion. If we instead leave running
486
319
# checkers alone, the checker would have to take more time
487
# than 'timeout' for the client to be disabled, which is as it
488
# should be.
489
490
# If a checker exists, make sure it is not a zombie
491
try:
492
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
493
except (AttributeError, OSError) as error:
494
if (isinstance(error, OSError)
495
and error.errno != errno.ECHILD):
496
raise error
497
else:
498
if pid:
499
logger.warning("Checker was a zombie")
500
gobject.source_remove(self.checker_callback_tag)
501
self.checker_callback(pid, status,
502
self.current_checker_command)
503
# Start a new checker if needed
320
# than 'timeout' for the client to be declared invalid, which
321
# is as it should be.
504
322
if self.checker is None:
505
323
try:
506
# In case checker_command has exactly one % operator
507
command = self.checker_command % self.host
324
# In case check_command has exactly one % operator
325
command = self.check_command % self.host
508
326
except TypeError:
509
327
# Escape attributes for the shell
510
escaped_attrs = dict(
511
(attr,
512
re.escape(unicode(str(getattr(self, attr, "")),
513
errors=
514
'replace')))
515
for attr in
516
self.runtime_expansions)
517
328
escaped_attrs = dict((key, re.escape(str(val)))
329
for key, val in
330
vars(self).iteritems())
518
331
try:
519
command = self.checker_command % escaped_attrs
520
except TypeError as error:
521
logger.error('Could not format string "%s":'
522
' %s', self.checker_command, error)
332
command = self.check_command % escaped_attrs
333
except TypeError, error:
334
logger.error(u'Could not format string "%s":'
335
u' %s', self.check_command, error)
523
336
return True # Try again later
524
self.current_checker_command = command
525
337
try:
526
logger.info("Starting checker %r for %s",
338
logger.info(u"Starting checker %r for %s",
527
339
command, self.name)
528
# We don't need to redirect stdout and stderr, since
529
# in normal mode, that is already done by daemon(),
530
# and in debug mode we don't want to. (Stdin is
531
# always replaced by /dev/null.)
532
340
self.checker = subprocess.Popen(command,
533
341
close_fds=True,
534
342
shell=True, cwd="/")
535
self.checker_callback_tag = (gobject.child_watch_add
536
(self.checker.pid,
537
self.checker_callback,
538
data=command))
539
# The checker may have completed before the gobject
540
# watch was added. Check for this.
541
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
542
if pid:
543
gobject.source_remove(self.checker_callback_tag)
544
self.checker_callback(pid, status, command)
545
except OSError as error:
546
logger.error("Failed to start subprocess: %s",
343
self.checker_callback_tag = gobject.child_watch_add\
344
(self.checker.pid,
345
self.checker_callback)
346
except subprocess.OSError, error:
347
logger.error(u"Failed to start subprocess: %s",
547
348
error)
548
349
# Re-run this periodically if run by gobject.timeout_add
549
350
return True
550
551
351
def stop_checker(self):
552
352
"""Force the checker process, if any, to stop."""
553
353
if self.checker_callback_tag:
555
355
self.checker_callback_tag = None
556
356
if getattr(self, "checker", None) is None:
557
357
return
558
logger.debug("Stopping checker for %(name)s", vars(self))
358
logger.debug(u"Stopping checker for %(name)s", vars(self))
559
359
try:
560
360
os.kill(self.checker.pid, signal.SIGTERM)
561
#time.sleep(0.5)
361
#os.sleep(0.5)
562
362
#if self.checker.poll() is None:
563
363
# os.kill(self.checker.pid, signal.SIGKILL)
564
except OSError as error:
364
except OSError, error:
565
365
if error.errno != errno.ESRCH: # No such process
566
366
raise
567
367
self.checker = None
568
569
570
def dbus_service_property(dbus_interface, signature="v",
571
access="readwrite", byte_arrays=False):
572
"""Decorators for marking methods of a DBusObjectWithProperties to
573
become properties on the D-Bus.
574
575
The decorated method will be called with no arguments by "Get"
576
and with one argument by "Set".
577
578
The parameters, where they are supported, are the same as
579
dbus.service.method, except there is only "signature", since the
580
type from Get() and the type sent to Set() is the same.
581
"""
582
# Encoding deeply encoded byte arrays is not supported yet by the
583
# "Set" method, so we fail early here:
584
if byte_arrays and signature != "ay":
585
raise ValueError("Byte arrays not supported for non-'ay'"
586
" signature %r" % signature)
587
def decorator(func):
588
func._dbus_is_property = True
589
func._dbus_interface = dbus_interface
590
func._dbus_signature = signature
591
func._dbus_access = access
592
func._dbus_name = func.__name__
593
if func._dbus_name.endswith("_dbus_property"):
594
func._dbus_name = func._dbus_name[:-14]
595
func._dbus_get_args_options = {'byte_arrays': byte_arrays }
596
return func
597
return decorator
598
599
600
class DBusPropertyException(dbus.exceptions.DBusException):
601
"""A base class for D-Bus property-related exceptions
602
"""
603
def __unicode__(self):
604
return unicode(str(self))
605
606
607
class DBusPropertyAccessException(DBusPropertyException):
608
"""A property's access permissions disallows an operation.
609
"""
610
pass
611
612
613
class DBusPropertyNotFound(DBusPropertyException):
614
"""An attempt was made to access a non-existing property.
615
"""
616
pass
617
618
619
class DBusObjectWithProperties(dbus.service.Object):
620
"""A D-Bus object with properties.
621
622
Classes inheriting from this can use the dbus_service_property
623
decorator to expose methods as D-Bus properties. It exposes the
624
standard Get(), Set(), and GetAll() methods on the D-Bus.
625
"""
626
627
@staticmethod
628
def _is_dbus_property(obj):
629
return getattr(obj, "_dbus_is_property", False)
630
631
def _get_all_dbus_properties(self):
632
"""Returns a generator of (name, attribute) pairs
633
"""
634
return ((prop.__get__(self)._dbus_name, prop.__get__(self))
635
for cls in self.__class__.__mro__
636
for name, prop in
637
inspect.getmembers(cls, self._is_dbus_property))
638
639
def _get_dbus_property(self, interface_name, property_name):
640
"""Returns a bound method if one exists which is a D-Bus
641
property with the specified name and interface.
642
"""
643
for cls in self.__class__.__mro__:
644
for name, value in (inspect.getmembers
645
(cls, self._is_dbus_property)):
646
if (value._dbus_name == property_name
647
and value._dbus_interface == interface_name):
648
return value.__get__(self)
649
650
# No such property
651
raise DBusPropertyNotFound(self.dbus_object_path + ":"
652
+ interface_name + "."
653
+ property_name)
654
655
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
656
out_signature="v")
657
def Get(self, interface_name, property_name):
658
"""Standard D-Bus property Get() method, see D-Bus standard.
659
"""
660
prop = self._get_dbus_property(interface_name, property_name)
661
if prop._dbus_access == "write":
662
raise DBusPropertyAccessException(property_name)
663
value = prop()
664
if not hasattr(value, "variant_level"):
665
return value
666
return type(value)(value, variant_level=value.variant_level+1)
667
668
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ssv")
669
def Set(self, interface_name, property_name, value):
670
"""Standard D-Bus property Set() method, see D-Bus standard.
671
"""
672
prop = self._get_dbus_property(interface_name, property_name)
673
if prop._dbus_access == "read":
674
raise DBusPropertyAccessException(property_name)
675
if prop._dbus_get_args_options["byte_arrays"]:
676
# The byte_arrays option is not supported yet on
677
# signatures other than "ay".
678
if prop._dbus_signature != "ay":
679
raise ValueError
680
value = dbus.ByteArray(''.join(unichr(byte)
681
for byte in value))
682
prop(value)
683
684
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
685
out_signature="a{sv}")
686
def GetAll(self, interface_name):
687
"""Standard D-Bus property GetAll() method, see D-Bus
688
standard.
689
690
Note: Will not include properties with access="write".
691
"""
692
all = {}
693
for name, prop in self._get_all_dbus_properties():
694
if (interface_name
695
and interface_name != prop._dbus_interface):
696
# Interface non-empty but did not match
697
continue
698
# Ignore write-only properties
699
if prop._dbus_access == "write":
700
continue
701
value = prop()
702
if not hasattr(value, "variant_level"):
703
all[name] = value
704
continue
705
all[name] = type(value)(value, variant_level=
706
value.variant_level+1)
707
return dbus.Dictionary(all, signature="sv")
708
709
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
710
out_signature="s",
711
path_keyword='object_path',
712
connection_keyword='connection')
713
def Introspect(self, object_path, connection):
714
"""Standard D-Bus method, overloaded to insert property tags.
715
"""
716
xmlstring = dbus.service.Object.Introspect(self, object_path,
717
connection)
718
try:
719
document = xml.dom.minidom.parseString(xmlstring)
720
def make_tag(document, name, prop):
721
e = document.createElement("property")
722
e.setAttribute("name", name)
723
e.setAttribute("type", prop._dbus_signature)
724
e.setAttribute("access", prop._dbus_access)
725
return e
726
for if_tag in document.getElementsByTagName("interface"):
727
for tag in (make_tag(document, name, prop)
728
for name, prop
729
in self._get_all_dbus_properties()
730
if prop._dbus_interface
731
== if_tag.getAttribute("name")):
732
if_tag.appendChild(tag)
733
# Add the names to the return values for the
734
# "org.freedesktop.DBus.Properties" methods
735
if (if_tag.getAttribute("name")
736
== "org.freedesktop.DBus.Properties"):
737
for cn in if_tag.getElementsByTagName("method"):
738
if cn.getAttribute("name") == "Get":
739
for arg in cn.getElementsByTagName("arg"):
740
if (arg.getAttribute("direction")
741
== "out"):
742
arg.setAttribute("name", "value")
743
elif cn.getAttribute("name") == "GetAll":
744
for arg in cn.getElementsByTagName("arg"):
745
if (arg.getAttribute("direction")
746
== "out"):
747
arg.setAttribute("name", "props")
748
xmlstring = document.toxml("utf-8")
749
document.unlink()
750
except (AttributeError, xml.dom.DOMException,
751
xml.parsers.expat.ExpatError) as error:
752
logger.error("Failed to override Introspection method",
753
error)
754
return xmlstring
755
756
757
def datetime_to_dbus (dt, variant_level=0):
758
"""Convert a UTC datetime.datetime() to a D-Bus type."""
759
if dt is None:
760
return dbus.String("", variant_level = variant_level)
761
return dbus.String(dt.isoformat(),
762
variant_level=variant_level)
763
764
class AlternateDBusNamesMetaclass(DBusObjectWithProperties
765
.__metaclass__):
766
"""Applied to an empty subclass of a D-Bus object, this metaclass
767
will add additional D-Bus attributes matching a certain pattern.
768
"""
769
def __new__(mcs, name, bases, attr):
770
# Go through all the base classes which could have D-Bus
771
# methods, signals, or properties in them
772
for base in (b for b in bases
773
if issubclass(b, dbus.service.Object)):
774
# Go though all attributes of the base class
775
for attrname, attribute in inspect.getmembers(base):
776
# Ignore non-D-Bus attributes, and D-Bus attributes
777
# with the wrong interface name
778
if (not hasattr(attribute, "_dbus_interface")
779
or not attribute._dbus_interface
780
.startswith("se.recompile.Mandos")):
781
continue
782
# Create an alternate D-Bus interface name based on
783
# the current name
784
alt_interface = (attribute._dbus_interface
785
.replace("se.recompile.Mandos",
786
"se.bsnet.fukt.Mandos"))
787
# Is this a D-Bus signal?
788
if getattr(attribute, "_dbus_is_signal", False):
789
# Extract the original non-method function by
790
# black magic
791
nonmethod_func = (dict(
792
zip(attribute.func_code.co_freevars,
793
attribute.__closure__))["func"]
794
.cell_contents)
795
# Create a new, but exactly alike, function
796
# object, and decorate it to be a new D-Bus signal
797
# with the alternate D-Bus interface name
798
new_function = (dbus.service.signal
799
(alt_interface,
800
attribute._dbus_signature)
801
(types.FunctionType(
802
nonmethod_func.func_code,
803
nonmethod_func.func_globals,
804
nonmethod_func.func_name,
805
nonmethod_func.func_defaults,
806
nonmethod_func.func_closure)))
807
# Define a creator of a function to call both the
808
# old and new functions, so both the old and new
809
# signals gets sent when the function is called
810
def fixscope(func1, func2):
811
"""This function is a scope container to pass
812
func1 and func2 to the "call_both" function
813
outside of its arguments"""
814
def call_both(*args, **kwargs):
815
"""This function will emit two D-Bus
816
signals by calling func1 and func2"""
817
func1(*args, **kwargs)
818
func2(*args, **kwargs)
819
return call_both
820
# Create the "call_both" function and add it to
821
# the class
822
attr[attrname] = fixscope(attribute,
823
new_function)
824
# Is this a D-Bus method?
825
elif getattr(attribute, "_dbus_is_method", False):
826
# Create a new, but exactly alike, function
827
# object. Decorate it to be a new D-Bus method
828
# with the alternate D-Bus interface name. Add it
829
# to the class.
830
attr[attrname] = (dbus.service.method
831
(alt_interface,
832
attribute._dbus_in_signature,
833
attribute._dbus_out_signature)
834
(types.FunctionType
835
(attribute.func_code,
836
attribute.func_globals,
837
attribute.func_name,
838
attribute.func_defaults,
839
attribute.func_closure)))
840
# Is this a D-Bus property?
841
elif getattr(attribute, "_dbus_is_property", False):
842
# Create a new, but exactly alike, function
843
# object, and decorate it to be a new D-Bus
844
# property with the alternate D-Bus interface
845
# name. Add it to the class.
846
attr[attrname] = (dbus_service_property
847
(alt_interface,
848
attribute._dbus_signature,
849
attribute._dbus_access,
850
attribute
851
._dbus_get_args_options
852
["byte_arrays"])
853
(types.FunctionType
854
(attribute.func_code,
855
attribute.func_globals,
856
attribute.func_name,
857
attribute.func_defaults,
858
attribute.func_closure)))
859
return type.__new__(mcs, name, bases, attr)
860
861
class ClientDBus(Client, DBusObjectWithProperties):
862
"""A Client class using D-Bus
863
864
Attributes:
865
dbus_object_path: dbus.ObjectPath
866
bus: dbus.SystemBus()
867
"""
868
869
runtime_expansions = (Client.runtime_expansions
870
+ ("dbus_object_path",))
871
872
# dbus.service.Object doesn't use super(), so we can't either.
873
874
def __init__(self, bus = None, *args, **kwargs):
875
self._approvals_pending = 0
876
self.bus = bus
877
Client.__init__(self, *args, **kwargs)
878
# Only now, when this client is initialized, can it show up on
879
# the D-Bus
880
client_object_name = unicode(self.name).translate(
881
{ord("."): ord("_"),
882
ord("-"): ord("_")})
883
self.dbus_object_path = (dbus.ObjectPath
884
("/clients/" + client_object_name))
885
DBusObjectWithProperties.__init__(self, self.bus,
886
self.dbus_object_path)
887
888
def notifychangeproperty(transform_func,
889
dbus_name, type_func=lambda x: x,
890
variant_level=1):
891
""" Modify a variable so that it's a property which announces
892
its changes to DBus.
893
894
transform_fun: Function that takes a value and transforms it
895
to a D-Bus type.
896
dbus_name: D-Bus name of the variable
897
type_func: Function that transform the value before sending it
898
to the D-Bus. Default: no transform
899
variant_level: D-Bus variant level. Default: 1
900
"""
901
attrname = "_{0}".format(dbus_name)
902
def setter(self, value):
903
if hasattr(self, "dbus_object_path"):
904
if (not hasattr(self, attrname) or
905
type_func(getattr(self, attrname, None))
906
!= type_func(value)):
907
dbus_value = transform_func(type_func(value),
908
variant_level)
909
self.PropertyChanged(dbus.String(dbus_name),
910
dbus_value)
911
setattr(self, attrname, value)
912
913
return property(lambda self: getattr(self, attrname), setter)
914
915
916
expires = notifychangeproperty(datetime_to_dbus, "Expires")
917
approvals_pending = notifychangeproperty(dbus.Boolean,
918
"ApprovalPending",
919
type_func = bool)
920
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
921
last_enabled = notifychangeproperty(datetime_to_dbus,
922
"LastEnabled")
923
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
924
type_func = lambda checker:
925
checker is not None)
926
last_checked_ok = notifychangeproperty(datetime_to_dbus,
927
"LastCheckedOK")
928
last_approval_request = notifychangeproperty(
929
datetime_to_dbus, "LastApprovalRequest")
930
approved_by_default = notifychangeproperty(dbus.Boolean,
931
"ApprovedByDefault")
932
approval_delay = notifychangeproperty(dbus.UInt16,
933
"ApprovalDelay",
934
type_func =
935
_timedelta_to_milliseconds)
936
approval_duration = notifychangeproperty(
937
dbus.UInt16, "ApprovalDuration",
938
type_func = _timedelta_to_milliseconds)
939
host = notifychangeproperty(dbus.String, "Host")
940
timeout = notifychangeproperty(dbus.UInt16, "Timeout",
941
type_func =
942
_timedelta_to_milliseconds)
943
extended_timeout = notifychangeproperty(
944
dbus.UInt16, "ExtendedTimeout",
945
type_func = _timedelta_to_milliseconds)
946
interval = notifychangeproperty(dbus.UInt16,
947
"Interval",
948
type_func =
949
_timedelta_to_milliseconds)
950
checker_command = notifychangeproperty(dbus.String, "Checker")
951
952
del notifychangeproperty
953
954
def __del__(self, *args, **kwargs):
955
try:
956
self.remove_from_connection()
957
except LookupError:
958
pass
959
if hasattr(DBusObjectWithProperties, "__del__"):
960
DBusObjectWithProperties.__del__(self, *args, **kwargs)
961
Client.__del__(self, *args, **kwargs)
962
963
def checker_callback(self, pid, condition, command,
964
*args, **kwargs):
965
self.checker_callback_tag = None
966
self.checker = None
967
if os.WIFEXITED(condition):
968
exitstatus = os.WEXITSTATUS(condition)
969
# Emit D-Bus signal
970
self.CheckerCompleted(dbus.Int16(exitstatus),
971
dbus.Int64(condition),
972
dbus.String(command))
973
else:
974
# Emit D-Bus signal
975
self.CheckerCompleted(dbus.Int16(-1),
976
dbus.Int64(condition),
977
dbus.String(command))
978
979
return Client.checker_callback(self, pid, condition, command,
980
*args, **kwargs)
981
982
def start_checker(self, *args, **kwargs):
983
old_checker = self.checker
984
if self.checker is not None:
985
old_checker_pid = self.checker.pid
986
else:
987
old_checker_pid = None
988
r = Client.start_checker(self, *args, **kwargs)
989
# Only if new checker process was started
990
if (self.checker is not None
991
and old_checker_pid != self.checker.pid):
992
# Emit D-Bus signal
993
self.CheckerStarted(self.current_checker_command)
994
return r
995
996
def _reset_approved(self):
997
self._approved = None
998
return False
999
1000
def approve(self, value=True):
1001
self.send_changedstate()
1002
self._approved = value
1003
gobject.timeout_add(_timedelta_to_milliseconds
1004
(self.approval_duration),
1005
self._reset_approved)
1006
1007
1008
## D-Bus methods, signals & properties
1009
_interface = "se.recompile.Mandos.Client"
1010
1011
## Signals
1012
1013
# CheckerCompleted - signal
1014
@dbus.service.signal(_interface, signature="nxs")
1015
def CheckerCompleted(self, exitcode, waitstatus, command):
1016
"D-Bus signal"
1017
pass
1018
1019
# CheckerStarted - signal
1020
@dbus.service.signal(_interface, signature="s")
1021
def CheckerStarted(self, command):
1022
"D-Bus signal"
1023
pass
1024
1025
# PropertyChanged - signal
1026
@dbus.service.signal(_interface, signature="sv")
1027
def PropertyChanged(self, property, value):
1028
"D-Bus signal"
1029
pass
1030
1031
# GotSecret - signal
1032
@dbus.service.signal(_interface)
1033
def GotSecret(self):
1034
"""D-Bus signal
1035
Is sent after a successful transfer of secret from the Mandos
1036
server to mandos-client
1037
"""
1038
pass
1039
1040
# Rejected - signal
1041
@dbus.service.signal(_interface, signature="s")
1042
def Rejected(self, reason):
1043
"D-Bus signal"
1044
pass
1045
1046
# NeedApproval - signal
1047
@dbus.service.signal(_interface, signature="tb")
1048
def NeedApproval(self, timeout, default):
1049
"D-Bus signal"
1050
return self.need_approval()
1051
1052
## Methods
1053
1054
# Approve - method
1055
@dbus.service.method(_interface, in_signature="b")
1056
def Approve(self, value):
1057
self.approve(value)
1058
1059
# CheckedOK - method
1060
@dbus.service.method(_interface)
1061
def CheckedOK(self):
1062
self.checked_ok()
1063
1064
# Enable - method
1065
@dbus.service.method(_interface)
1066
def Enable(self):
1067
"D-Bus method"
1068
self.enable()
1069
1070
# StartChecker - method
1071
@dbus.service.method(_interface)
1072
def StartChecker(self):
1073
"D-Bus method"
1074
self.start_checker()
1075
1076
# Disable - method
1077
@dbus.service.method(_interface)
1078
def Disable(self):
1079
"D-Bus method"
1080
self.disable()
1081
1082
# StopChecker - method
1083
@dbus.service.method(_interface)
1084
def StopChecker(self):
1085
self.stop_checker()
1086
1087
## Properties
1088
1089
# ApprovalPending - property
1090
@dbus_service_property(_interface, signature="b", access="read")
1091
def ApprovalPending_dbus_property(self):
1092
return dbus.Boolean(bool(self.approvals_pending))
1093
1094
# ApprovedByDefault - property
1095
@dbus_service_property(_interface, signature="b",
1096
access="readwrite")
1097
def ApprovedByDefault_dbus_property(self, value=None):
1098
if value is None: # get
1099
return dbus.Boolean(self.approved_by_default)
1100
self.approved_by_default = bool(value)
1101
1102
# ApprovalDelay - property
1103
@dbus_service_property(_interface, signature="t",
1104
access="readwrite")
1105
def ApprovalDelay_dbus_property(self, value=None):
1106
if value is None: # get
1107
return dbus.UInt64(self.approval_delay_milliseconds())
1108
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1109
1110
# ApprovalDuration - property
1111
@dbus_service_property(_interface, signature="t",
1112
access="readwrite")
1113
def ApprovalDuration_dbus_property(self, value=None):
1114
if value is None: # get
1115
return dbus.UInt64(_timedelta_to_milliseconds(
1116
self.approval_duration))
1117
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1118
1119
# Name - property
1120
@dbus_service_property(_interface, signature="s", access="read")
1121
def Name_dbus_property(self):
1122
return dbus.String(self.name)
1123
1124
# Fingerprint - property
1125
@dbus_service_property(_interface, signature="s", access="read")
1126
def Fingerprint_dbus_property(self):
1127
return dbus.String(self.fingerprint)
1128
1129
# Host - property
1130
@dbus_service_property(_interface, signature="s",
1131
access="readwrite")
1132
def Host_dbus_property(self, value=None):
1133
if value is None: # get
1134
return dbus.String(self.host)
1135
self.host = value
1136
1137
# Created - property
1138
@dbus_service_property(_interface, signature="s", access="read")
1139
def Created_dbus_property(self):
1140
return dbus.String(datetime_to_dbus(self.created))
1141
1142
# LastEnabled - property
1143
@dbus_service_property(_interface, signature="s", access="read")
1144
def LastEnabled_dbus_property(self):
1145
return datetime_to_dbus(self.last_enabled)
1146
1147
# Enabled - property
1148
@dbus_service_property(_interface, signature="b",
1149
access="readwrite")
1150
def Enabled_dbus_property(self, value=None):
1151
if value is None: # get
1152
return dbus.Boolean(self.enabled)
1153
if value:
1154
self.enable()
1155
else:
1156
self.disable()
1157
1158
# LastCheckedOK - property
1159
@dbus_service_property(_interface, signature="s",
1160
access="readwrite")
1161
def LastCheckedOK_dbus_property(self, value=None):
1162
if value is not None:
1163
self.checked_ok()
1164
return
1165
return datetime_to_dbus(self.last_checked_ok)
1166
1167
# Expires - property
1168
@dbus_service_property(_interface, signature="s", access="read")
1169
def Expires_dbus_property(self):
1170
return datetime_to_dbus(self.expires)
1171
1172
# LastApprovalRequest - property
1173
@dbus_service_property(_interface, signature="s", access="read")
1174
def LastApprovalRequest_dbus_property(self):
1175
return datetime_to_dbus(self.last_approval_request)
1176
1177
# Timeout - property
1178
@dbus_service_property(_interface, signature="t",
1179
access="readwrite")
1180
def Timeout_dbus_property(self, value=None):
1181
if value is None: # get
1182
return dbus.UInt64(self.timeout_milliseconds())
1183
self.timeout = datetime.timedelta(0, 0, 0, value)
1184
if getattr(self, "disable_initiator_tag", None) is None:
1185
return
1186
# Reschedule timeout
1187
gobject.source_remove(self.disable_initiator_tag)
1188
self.disable_initiator_tag = None
1189
self.expires = None
1190
time_to_die = (self.
1191
_timedelta_to_milliseconds((self
1192
.last_checked_ok
1193
+ self.timeout)
1194
- datetime.datetime
1195
.utcnow()))
1196
if time_to_die <= 0:
1197
# The timeout has passed
1198
self.disable()
1199
else:
1200
self.expires = (datetime.datetime.utcnow()
1201
+ datetime.timedelta(milliseconds =
1202
time_to_die))
1203
self.disable_initiator_tag = (gobject.timeout_add
1204
(time_to_die, self.disable))
1205
1206
# ExtendedTimeout - property
1207
@dbus_service_property(_interface, signature="t",
1208
access="readwrite")
1209
def ExtendedTimeout_dbus_property(self, value=None):
1210
if value is None: # get
1211
return dbus.UInt64(self.extended_timeout_milliseconds())
1212
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1213
1214
# Interval - property
1215
@dbus_service_property(_interface, signature="t",
1216
access="readwrite")
1217
def Interval_dbus_property(self, value=None):
1218
if value is None: # get
1219
return dbus.UInt64(self.interval_milliseconds())
1220
self.interval = datetime.timedelta(0, 0, 0, value)
1221
if getattr(self, "checker_initiator_tag", None) is None:
1222
return
1223
# Reschedule checker run
1224
gobject.source_remove(self.checker_initiator_tag)
1225
self.checker_initiator_tag = (gobject.timeout_add
1226
(value, self.start_checker))
1227
self.start_checker() # Start one now, too
1228
1229
# Checker - property
1230
@dbus_service_property(_interface, signature="s",
1231
access="readwrite")
1232
def Checker_dbus_property(self, value=None):
1233
if value is None: # get
1234
return dbus.String(self.checker_command)
1235
self.checker_command = value
1236
1237
# CheckerRunning - property
1238
@dbus_service_property(_interface, signature="b",
1239
access="readwrite")
1240
def CheckerRunning_dbus_property(self, value=None):
1241
if value is None: # get
1242
return dbus.Boolean(self.checker is not None)
1243
if value:
1244
self.start_checker()
1245
else:
1246
self.stop_checker()
1247
1248
# ObjectPath - property
1249
@dbus_service_property(_interface, signature="o", access="read")
1250
def ObjectPath_dbus_property(self):
1251
return self.dbus_object_path # is already a dbus.ObjectPath
1252
1253
# Secret = property
1254
@dbus_service_property(_interface, signature="ay",
1255
access="write", byte_arrays=True)
1256
def Secret_dbus_property(self, value):
1257
self.secret = str(value)
1258
1259
del _interface
1260
1261
1262
class ProxyClient(object):
1263
def __init__(self, child_pipe, fpr, address):
1264
self._pipe = child_pipe
1265
self._pipe.send(('init', fpr, address))
1266
if not self._pipe.recv():
1267
raise KeyError()
1268
1269
def __getattribute__(self, name):
1270
if(name == '_pipe'):
1271
return super(ProxyClient, self).__getattribute__(name)
1272
self._pipe.send(('getattr', name))
1273
data = self._pipe.recv()
1274
if data[0] == 'data':
1275
return data[1]
1276
if data[0] == 'function':
1277
def func(*args, **kwargs):
1278
self._pipe.send(('funcall', name, args, kwargs))
1279
return self._pipe.recv()[1]
1280
return func
1281
1282
def __setattr__(self, name, value):
1283
if(name == '_pipe'):
1284
return super(ProxyClient, self).__setattr__(name, value)
1285
self._pipe.send(('setattr', name, value))
1286
1287
class ClientDBusTransitional(ClientDBus):
1288
__metaclass__ = AlternateDBusNamesMetaclass
1289
1290
class ClientHandler(socketserver.BaseRequestHandler, object):
1291
"""A class to handle client connections.
1292
1293
Instantiated once for each connection to handle it.
368
def still_valid(self):
369
"""Has the timeout not yet passed for this client?"""
370
now = datetime.datetime.now()
371
if self.last_checked_ok is None:
372
return now < (self.created + self.timeout)
373
else:
374
return now < (self.last_checked_ok + self.timeout)
375
376
377
def peer_certificate(session):
378
"Return the peer's OpenPGP certificate as a bytestring"
379
# If not an OpenPGP certificate...
380
if gnutls.library.functions.gnutls_certificate_type_get\
381
(session._c_object) \
382
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP:
383
# ...do the normal thing
384
return session.peer_certificate
385
list_size = ctypes.c_uint()
386
cert_list = gnutls.library.functions.gnutls_certificate_get_peers\
387
(session._c_object, ctypes.byref(list_size))
388
if list_size.value == 0:
389
return None
390
cert = cert_list[0]
391
return ctypes.string_at(cert.data, cert.size)
392
393
394
def fingerprint(openpgp):
395
"Convert an OpenPGP bytestring to a hexdigit fingerprint string"
396
# New GnuTLS "datum" with the OpenPGP public key
397
datum = gnutls.library.types.gnutls_datum_t\
398
(ctypes.cast(ctypes.c_char_p(openpgp),
399
ctypes.POINTER(ctypes.c_ubyte)),
400
ctypes.c_uint(len(openpgp)))
401
# New empty GnuTLS certificate
402
crt = gnutls.library.types.gnutls_openpgp_crt_t()
403
gnutls.library.functions.gnutls_openpgp_crt_init\
404
(ctypes.byref(crt))
405
# Import the OpenPGP public key into the certificate
406
gnutls.library.functions.gnutls_openpgp_crt_import\
407
(crt, ctypes.byref(datum),
408
gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)
409
# New buffer for the fingerprint
410
buffer = ctypes.create_string_buffer(20)
411
buffer_length = ctypes.c_size_t()
412
# Get the fingerprint from the certificate into the buffer
413
gnutls.library.functions.gnutls_openpgp_crt_get_fingerprint\
414
(crt, ctypes.byref(buffer), ctypes.byref(buffer_length))
415
# Deinit the certificate
416
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
417
# Convert the buffer to a Python bytestring
418
fpr = ctypes.string_at(buffer, buffer_length.value)
419
# Convert the bytestring to hexadecimal notation
420
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
421
return hex_fpr
422
423
424
class tcp_handler(SocketServer.BaseRequestHandler, object):
425
"""A TCP request handler class.
426
Instantiated by IPv6_TCPServer for each request to handle it.
1294
427
Note: This will run in its own forked process."""
1295
428
1296
429
def handle(self):
1297
with contextlib.closing(self.server.child_pipe) as child_pipe:
1298
logger.info("TCP connection from: %s",
1299
unicode(self.client_address))
1300
logger.debug("Pipe FD: %d",
1301
self.server.child_pipe.fileno())
1302
1303
session = (gnutls.connection
1304
.ClientSession(self.request,
1305
gnutls.connection
1306
.X509Credentials()))
1307
1308
# Note: gnutls.connection.X509Credentials is really a
1309
# generic GnuTLS certificate credentials object so long as
1310
# no X.509 keys are added to it. Therefore, we can use it
1311
# here despite using OpenPGP certificates.
1312
1313
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
1314
# "+AES-256-CBC", "+SHA1",
1315
# "+COMP-NULL", "+CTYPE-OPENPGP",
1316
# "+DHE-DSS"))
1317
# Use a fallback default, since this MUST be set.
1318
priority = self.server.gnutls_priority
1319
if priority is None:
1320
priority = "NORMAL"
1321
(gnutls.library.functions
1322
.gnutls_priority_set_direct(session._c_object,
1323
priority, None))
1324
1325
# Start communication using the Mandos protocol
1326
# Get protocol number
1327
line = self.request.makefile().readline()
1328
logger.debug("Protocol version: %r", line)
1329
try:
1330
if int(line.strip().split()[0]) > 1:
1331
raise RuntimeError
1332
except (ValueError, IndexError, RuntimeError) as error:
1333
logger.error("Unknown protocol version: %s", error)
1334
return
1335
1336
# Start GnuTLS connection
1337
try:
1338
session.handshake()
1339
except gnutls.errors.GNUTLSError as error:
1340
logger.warning("Handshake failed: %s", error)
1341
# Do not run session.bye() here: the session is not
1342
# established. Just abandon the request.
1343
return
1344
logger.debug("Handshake succeeded")
1345
1346
approval_required = False
1347
try:
1348
try:
1349
fpr = self.fingerprint(self.peer_certificate
1350
(session))
1351
except (TypeError,
1352
gnutls.errors.GNUTLSError) as error:
1353
logger.warning("Bad certificate: %s", error)
1354
return
1355
logger.debug("Fingerprint: %s", fpr)
1356
1357
try:
1358
client = ProxyClient(child_pipe, fpr,
1359
self.client_address)
1360
except KeyError:
1361
return
1362
1363
if client.approval_delay:
1364
delay = client.approval_delay
1365
client.approvals_pending += 1
1366
approval_required = True
1367
1368
while True:
1369
if not client.enabled:
1370
logger.info("Client %s is disabled",
1371
client.name)
1372
if self.server.use_dbus:
1373
# Emit D-Bus signal
1374
client.Rejected("Disabled")
1375
return
1376
1377
if client._approved or not client.approval_delay:
1378
#We are approved or approval is disabled
1379
break
1380
elif client._approved is None:
1381
logger.info("Client %s needs approval",
1382
client.name)
1383
if self.server.use_dbus:
1384
# Emit D-Bus signal
1385
client.NeedApproval(
1386
client.approval_delay_milliseconds(),
1387
client.approved_by_default)
1388
else:
1389
logger.warning("Client %s was not approved",
1390
client.name)
1391
if self.server.use_dbus:
1392
# Emit D-Bus signal
1393
client.Rejected("Denied")
1394
return
1395
1396
#wait until timeout or approved
1397
time = datetime.datetime.now()
1398
client.changedstate.acquire()
1399
(client.changedstate.wait
1400
(float(client._timedelta_to_milliseconds(delay)
1401
/ 1000)))
1402
client.changedstate.release()
1403
time2 = datetime.datetime.now()
1404
if (time2 - time) >= delay:
1405
if not client.approved_by_default:
1406
logger.warning("Client %s timed out while"
1407
" waiting for approval",
1408
client.name)
1409
if self.server.use_dbus:
1410
# Emit D-Bus signal
1411
client.Rejected("Approval timed out")
1412
return
1413
else:
1414
break
1415
else:
1416
delay -= time2 - time
1417
1418
sent_size = 0
1419
while sent_size < len(client.secret):
1420
try:
1421
sent = session.send(client.secret[sent_size:])
1422
except gnutls.errors.GNUTLSError as error:
1423
logger.warning("gnutls send failed")
1424
return
1425
logger.debug("Sent: %d, remaining: %d",
1426
sent, len(client.secret)
1427
- (sent_size + sent))
1428
sent_size += sent
1429
1430
logger.info("Sending secret to %s", client.name)
1431
# bump the timeout as if seen
1432
client.checked_ok(client.extended_timeout)
1433
if self.server.use_dbus:
1434
# Emit D-Bus signal
1435
client.GotSecret()
1436
1437
finally:
1438
if approval_required:
1439
client.approvals_pending -= 1
1440
try:
1441
session.bye()
1442
except gnutls.errors.GNUTLSError as error:
1443
logger.warning("GnuTLS bye failed")
1444
1445
@staticmethod
1446
def peer_certificate(session):
1447
"Return the peer's OpenPGP certificate as a bytestring"
1448
# If not an OpenPGP certificate...
1449
if (gnutls.library.functions
1450
.gnutls_certificate_type_get(session._c_object)
1451
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
1452
# ...do the normal thing
1453
return session.peer_certificate
1454
list_size = ctypes.c_uint(1)
1455
cert_list = (gnutls.library.functions
1456
.gnutls_certificate_get_peers
1457
(session._c_object, ctypes.byref(list_size)))
1458
if not bool(cert_list) and list_size.value != 0:
1459
raise gnutls.errors.GNUTLSError("error getting peer"
1460
" certificate")
1461
if list_size.value == 0:
1462
return None
1463
cert = cert_list[0]
1464
return ctypes.string_at(cert.data, cert.size)
1465
1466
@staticmethod
1467
def fingerprint(openpgp):
1468
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
1469
# New GnuTLS "datum" with the OpenPGP public key
1470
datum = (gnutls.library.types
1471
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
1472
ctypes.POINTER
1473
(ctypes.c_ubyte)),
1474
ctypes.c_uint(len(openpgp))))
1475
# New empty GnuTLS certificate
1476
crt = gnutls.library.types.gnutls_openpgp_crt_t()
1477
(gnutls.library.functions
1478
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
1479
# Import the OpenPGP public key into the certificate
1480
(gnutls.library.functions
1481
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
1482
gnutls.library.constants
1483
.GNUTLS_OPENPGP_FMT_RAW))
1484
# Verify the self signature in the key
1485
crtverify = ctypes.c_uint()
1486
(gnutls.library.functions
1487
.gnutls_openpgp_crt_verify_self(crt, 0,
1488
ctypes.byref(crtverify)))
1489
if crtverify.value != 0:
1490
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1491
raise (gnutls.errors.CertificateSecurityError
1492
("Verify failed"))
1493
# New buffer for the fingerprint
1494
buf = ctypes.create_string_buffer(20)
1495
buf_len = ctypes.c_size_t()
1496
# Get the fingerprint from the certificate into the buffer
1497
(gnutls.library.functions
1498
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
1499
ctypes.byref(buf_len)))
1500
# Deinit the certificate
1501
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1502
# Convert the buffer to a Python bytestring
1503
fpr = ctypes.string_at(buf, buf_len.value)
1504
# Convert the bytestring to hexadecimal notation
1505
hex_fpr = ''.join("%02X" % ord(char) for char in fpr)
1506
return hex_fpr
1507
1508
1509
class MultiprocessingMixIn(object):
1510
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
1511
def sub_process_main(self, request, address):
1512
try:
1513
self.finish_request(request, address)
1514
except:
1515
self.handle_error(request, address)
1516
self.close_request(request)
1517
1518
def process_request(self, request, address):
1519
"""Start a new process to process the request."""
1520
proc = multiprocessing.Process(target = self.sub_process_main,
1521
args = (request,
1522
address))
1523
proc.start()
1524
return proc
1525
1526
1527
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
1528
""" adds a pipe to the MixIn """
1529
def process_request(self, request, client_address):
1530
"""Overrides and wraps the original process_request().
1531
1532
This function creates a new pipe in self.pipe
1533
"""
1534
parent_pipe, self.child_pipe = multiprocessing.Pipe()
1535
1536
proc = MultiprocessingMixIn.process_request(self, request,
1537
client_address)
1538
self.child_pipe.close()
1539
self.add_pipe(parent_pipe, proc)
1540
1541
def add_pipe(self, parent_pipe, proc):
1542
"""Dummy function; override as necessary"""
1543
raise NotImplementedError
1544
1545
1546
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
1547
socketserver.TCPServer, object):
1548
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
1549
430
logger.info(u"TCP connection from: %s",
431
unicode(self.client_address))
432
session = gnutls.connection.ClientSession\
433
(self.request, gnutls.connection.X509Credentials())
434
435
line = self.request.makefile().readline()
436
logger.debug(u"Protocol version: %r", line)
437
try:
438
if int(line.strip().split()[0]) > 1:
439
raise RuntimeError
440
except (ValueError, IndexError, RuntimeError), error:
441
logger.error(u"Unknown protocol version: %s", error)
442
return
443
444
# Note: gnutls.connection.X509Credentials is really a generic
445
# GnuTLS certificate credentials object so long as no X.509
446
# keys are added to it. Therefore, we can use it here despite
447
# using OpenPGP certificates.
448
449
#priority = ':'.join(("NONE", "+VERS-TLS1.1", "+AES-256-CBC",
450
# "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",
451
# "+DHE-DSS"))
452
priority = "NORMAL" # Fallback default, since this
453
# MUST be set.
454
if self.server.settings["priority"]:
455
priority = self.server.settings["priority"]
456
gnutls.library.functions.gnutls_priority_set_direct\
457
(session._c_object, priority, None);
458
459
try:
460
session.handshake()
461
except gnutls.errors.GNUTLSError, error:
462
logger.warning(u"Handshake failed: %s", error)
463
# Do not run session.bye() here: the session is not
464
# established. Just abandon the request.
465
return
466
try:
467
fpr = fingerprint(peer_certificate(session))
468
except (TypeError, gnutls.errors.GNUTLSError), error:
469
logger.warning(u"Bad certificate: %s", error)
470
session.bye()
471
return
472
logger.debug(u"Fingerprint: %s", fpr)
473
client = None
474
for c in self.server.clients:
475
if c.fingerprint == fpr:
476
client = c
477
break
478
if not client:
479
logger.warning(u"Client not found for fingerprint: %s",
480
fpr)
481
session.bye()
482
return
483
# Have to check if client.still_valid(), since it is possible
484
# that the client timed out while establishing the GnuTLS
485
# session.
486
if not client.still_valid():
487
logger.warning(u"Client %(name)s is invalid",
488
vars(client))
489
session.bye()
490
return
491
sent_size = 0
492
while sent_size < len(client.secret):
493
sent = session.send(client.secret[sent_size:])
494
logger.debug(u"Sent: %d, remaining: %d",
495
sent, len(client.secret)
496
- (sent_size + sent))
497
sent_size += sent
498
session.bye()
499
500
501
class IPv6_TCPServer(SocketServer.ForkingTCPServer, object):
502
"""IPv6 TCP server. Accepts 'None' as address and/or port.
1550
503
Attributes:
1551
enabled: Boolean; whether this server is activated yet
1552
interface: None or a network interface name (string)
1553
use_ipv6: Boolean; to use IPv6 or not
504
settings: Server settings
505
clients: Set() of Client objects
1554
506
"""
1555
def __init__(self, server_address, RequestHandlerClass,
1556
interface=None, use_ipv6=True):
1557
self.interface = interface
1558
if use_ipv6:
1559
self.address_family = socket.AF_INET6
1560
socketserver.TCPServer.__init__(self, server_address,
1561
RequestHandlerClass)
507
address_family = socket.AF_INET6
508
def __init__(self, *args, **kwargs):
509
if "settings" in kwargs:
510
self.settings = kwargs["settings"]
511
del kwargs["settings"]
512
if "clients" in kwargs:
513
self.clients = kwargs["clients"]
514
del kwargs["clients"]
515
return super(type(self), self).__init__(*args, **kwargs)
1562
516
def server_bind(self):
1563
517
"""This overrides the normal server_bind() function
1564
518
to bind to an interface if one was specified, and also NOT to
1565
519
bind to an address or port if they were not specified."""
1566
if self.interface is not None:
1567
if SO_BINDTODEVICE is None:
1568
logger.error("SO_BINDTODEVICE does not exist;"
1569
" cannot bind to interface %s",
1570
self.interface)
1571
else:
1572
try:
1573
self.socket.setsockopt(socket.SOL_SOCKET,
1574
SO_BINDTODEVICE,
1575
str(self.interface
1576
+ '\0'))
1577
except socket.error as error:
1578
if error[0] == errno.EPERM:
1579
logger.error("No permission to"
1580
" bind to interface %s",
1581
self.interface)
1582
elif error[0] == errno.ENOPROTOOPT:
1583
logger.error("SO_BINDTODEVICE not available;"
1584
" cannot bind to interface %s",
1585
self.interface)
1586
else:
1587
raise
520
if self.settings["interface"]:
521
# 25 is from /usr/include/asm-i486/socket.h
522
SO_BINDTODEVICE = getattr(socket, "SO_BINDTODEVICE", 25)
523
try:
524
self.socket.setsockopt(socket.SOL_SOCKET,
525
SO_BINDTODEVICE,
526
self.settings["interface"])
527
except socket.error, error:
528
if error[0] == errno.EPERM:
529
logger.error(u"No permission to"
530
u" bind to interface %s",
531
self.settings["interface"])
532
else:
533
raise error
1588
534
# Only bind(2) the socket if we really need to.
1589
535
if self.server_address[0] or self.server_address[1]:
1590
536
if not self.server_address[0]:
1591
if self.address_family == socket.AF_INET6:
1592
any_address = "::" # in6addr_any
1593
else:
1594
any_address = socket.INADDR_ANY
1595
self.server_address = (any_address,
537
in6addr_any = "::"
538
self.server_address = (in6addr_any,
1596
539
self.server_address[1])
1597
540
elif not self.server_address[1]:
1598
541
self.server_address = (self.server_address[0],
1599
542
0)
1600
# if self.interface:
543
# if self.settings["interface"]:
1601
544
# self.server_address = (self.server_address[0],
1602
545
# 0, # port
1603
546
# 0, # flowinfo
1604
547
# if_nametoindex
1605
# (self.interface))
1606
return socketserver.TCPServer.server_bind(self)
1607
1608
1609
class MandosServer(IPv6_TCPServer):
1610
"""Mandos server.
1611
1612
Attributes:
1613
clients: set of Client objects
1614
gnutls_priority GnuTLS priority string
1615
use_dbus: Boolean; to emit D-Bus signals or not
1616
1617
Assumes a gobject.MainLoop event loop.
1618
"""
1619
def __init__(self, server_address, RequestHandlerClass,
1620
interface=None, use_ipv6=True, clients=None,
1621
gnutls_priority=None, use_dbus=True):
1622
self.enabled = False
1623
self.clients = clients
1624
if self.clients is None:
1625
self.clients = set()
1626
self.use_dbus = use_dbus
1627
self.gnutls_priority = gnutls_priority
1628
IPv6_TCPServer.__init__(self, server_address,
1629
RequestHandlerClass,
1630
interface = interface,
1631
use_ipv6 = use_ipv6)
1632
def server_activate(self):
1633
if self.enabled:
1634
return socketserver.TCPServer.server_activate(self)
1635
1636
def enable(self):
1637
self.enabled = True
1638
1639
def add_pipe(self, parent_pipe, proc):
1640
# Call "handle_ipc" for both data and EOF events
1641
gobject.io_add_watch(parent_pipe.fileno(),
1642
gobject.IO_IN | gobject.IO_HUP,
1643
functools.partial(self.handle_ipc,
1644
parent_pipe =
1645
parent_pipe,
1646
proc = proc))
1647
1648
def handle_ipc(self, source, condition, parent_pipe=None,
1649
proc = None, client_object=None):
1650
condition_names = {
1651
gobject.IO_IN: "IN", # There is data to read.
1652
gobject.IO_OUT: "OUT", # Data can be written (without
1653
# blocking).
1654
gobject.IO_PRI: "PRI", # There is urgent data to read.
1655
gobject.IO_ERR: "ERR", # Error condition.
1656
gobject.IO_HUP: "HUP" # Hung up (the connection has been
1657
# broken, usually for pipes and
1658
# sockets).
1659
}
1660
conditions_string = ' | '.join(name
1661
for cond, name in
1662
condition_names.iteritems()
1663
if cond & condition)
1664
# error or the other end of multiprocessing.Pipe has closed
1665
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
1666
proc.join()
1667
return False
1668
1669
# Read a request from the child
1670
request = parent_pipe.recv()
1671
command = request[0]
1672
1673
if command == 'init':
1674
fpr = request[1]
1675
address = request[2]
1676
1677
for c in self.clients:
1678
if c.fingerprint == fpr:
1679
client = c
1680
break
1681
else:
1682
logger.info("Client not found for fingerprint: %s, ad"
1683
"dress: %s", fpr, address)
1684
if self.use_dbus:
1685
# Emit D-Bus signal
1686
mandos_dbus_service.ClientNotFound(fpr,
1687
address[0])
1688
parent_pipe.send(False)
1689
return False
1690
1691
gobject.io_add_watch(parent_pipe.fileno(),
1692
gobject.IO_IN | gobject.IO_HUP,
1693
functools.partial(self.handle_ipc,
1694
parent_pipe =
1695
parent_pipe,
1696
proc = proc,
1697
client_object =
1698
client))
1699
parent_pipe.send(True)
1700
# remove the old hook in favor of the new above hook on
1701
# same fileno
1702
return False
1703
if command == 'funcall':
1704
funcname = request[1]
1705
args = request[2]
1706
kwargs = request[3]
1707
1708
parent_pipe.send(('data', getattr(client_object,
1709
funcname)(*args,
1710
**kwargs)))
1711
1712
if command == 'getattr':
1713
attrname = request[1]
1714
if callable(client_object.__getattribute__(attrname)):
1715
parent_pipe.send(('function',))
1716
else:
1717
parent_pipe.send(('data', client_object
1718
.__getattribute__(attrname)))
1719
1720
if command == 'setattr':
1721
attrname = request[1]
1722
value = request[2]
1723
setattr(client_object, attrname, value)
1724
1725
return True
548
# (self.settings
549
# ["interface"]))
550
return super(type(self), self).server_bind()
1726
551
1727
552
1728
553
def string_to_delta(interval):
1729
554
"""Parse a string and return a datetime.timedelta
1730
555
1731
556
>>> string_to_delta('7d')
1732
557
datetime.timedelta(7)
1733
558
>>> string_to_delta('60s')
1736
561
datetime.timedelta(0, 3600)
1737
562
>>> string_to_delta('24h')
1738
563
datetime.timedelta(1)
1739
>>> string_to_delta('1w')
564
>>> string_to_delta(u'1w')
1740
565
datetime.timedelta(7)
1741
>>> string_to_delta('5m 30s')
1742
datetime.timedelta(0, 330)
1743
566
"""
1744
timevalue = datetime.timedelta(0)
1745
for s in interval.split():
1746
try:
1747
suffix = unicode(s[-1])
1748
value = int(s[:-1])
1749
if suffix == "d":
1750
delta = datetime.timedelta(value)
1751
elif suffix == "s":
1752
delta = datetime.timedelta(0, value)
1753
elif suffix == "m":
1754
delta = datetime.timedelta(0, 0, 0, 0, value)
1755
elif suffix == "h":
1756
delta = datetime.timedelta(0, 0, 0, 0, 0, value)
1757
elif suffix == "w":
1758
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
1759
else:
1760
raise ValueError("Unknown suffix %r" % suffix)
1761
except (ValueError, IndexError) as e:
1762
raise ValueError(*(e.args))
1763
timevalue += delta
1764
return timevalue
1765
567
try:
568
suffix=unicode(interval[-1])
569
value=int(interval[:-1])
570
if suffix == u"d":
571
delta = datetime.timedelta(value)
572
elif suffix == u"s":
573
delta = datetime.timedelta(0, value)
574
elif suffix == u"m":
575
delta = datetime.timedelta(0, 0, 0, 0, value)
576
elif suffix == u"h":
577
delta = datetime.timedelta(0, 0, 0, 0, 0, value)
578
elif suffix == u"w":
579
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
580
else:
581
raise ValueError
582
except (ValueError, IndexError):
583
raise ValueError
584
return delta
585
586
587
def server_state_changed(state):
588
"""Derived from the Avahi example code"""
589
if state == avahi.SERVER_COLLISION:
590
logger.error(u"Server name collision")
591
service.remove()
592
elif state == avahi.SERVER_RUNNING:
593
service.add()
594
595
596
def entry_group_state_changed(state, error):
597
"""Derived from the Avahi example code"""
598
logger.debug(u"state change: %i", state)
599
600
if state == avahi.ENTRY_GROUP_ESTABLISHED:
601
logger.debug(u"Service established.")
602
elif state == avahi.ENTRY_GROUP_COLLISION:
603
logger.warning(u"Service name collision.")
604
service.rename()
605
elif state == avahi.ENTRY_GROUP_FAILURE:
606
logger.critical(u"Error in group state changed %s",
607
unicode(error))
608
raise AvahiGroupError("State changed: %s", str(error))
1766
609
1767
610
def if_nametoindex(interface):
1768
"""Call the C function if_nametoindex(), or equivalent
1769
1770
Note: This function cannot accept a unicode string."""
611
"""Call the C function if_nametoindex(), or equivalent"""
1771
612
global if_nametoindex
1772
613
try:
1773
if_nametoindex = (ctypes.cdll.LoadLibrary
1774
(ctypes.util.find_library("c"))
1775
.if_nametoindex)
614
if "ctypes.util" not in sys.modules:
615
import ctypes.util
616
if_nametoindex = ctypes.cdll.LoadLibrary\
617
(ctypes.util.find_library("c")).if_nametoindex
1776
618
except (OSError, AttributeError):
1777
logger.warning("Doing if_nametoindex the hard way")
619
if "struct" not in sys.modules:
620
import struct
621
if "fcntl" not in sys.modules:
622
import fcntl
1778
623
def if_nametoindex(interface):
1779
624
"Get an interface index the hard way, i.e. using fcntl()"
1780
625
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
1781
with contextlib.closing(socket.socket()) as s:
1782
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
1783
struct.pack(str("16s16x"),
1784
interface))
1785
interface_index = struct.unpack(str("I"),
1786
ifreq[16:20])[0]
626
s = socket.socket()
627
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
628
struct.pack("16s16x", interface))
629
s.close()
630
interface_index = struct.unpack("I", ifreq[16:20])[0]
1787
631
return interface_index
1788
632
return if_nametoindex(interface)
1789
633
1790
634
1791
635
def daemon(nochdir = False, noclose = False):
1792
636
"""See daemon(3). Standard BSD Unix function.
1793
1794
637
This should really exist as os.daemon, but it doesn't (yet)."""
1795
638
if os.fork():
1796
639
sys.exit()
1804
647
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1805
648
if not stat.S_ISCHR(os.fstat(null).st_mode):
1806
649
raise OSError(errno.ENODEV,
1807
"%s not a character device"
1808
% os.path.devnull)
650
"/dev/null not a character device")
1809
651
os.dup2(null, sys.stdin.fileno())
1810
652
os.dup2(null, sys.stdout.fileno())
1811
653
os.dup2(null, sys.stderr.fileno())
1814
656
1815
657
1816
658
def main():
1817
1818
##################################################################
1819
# Parsing of options, both command line and config file
1820
1821
parser = argparse.ArgumentParser()
1822
parser.add_argument("-v", "--version", action="version",
1823
version = "%%(prog)s %s" % version,
1824
help="show version number and exit")
1825
parser.add_argument("-i", "--interface", metavar="IF",
1826
help="Bind to interface IF")
1827
parser.add_argument("-a", "--address",
1828
help="Address to listen for requests on")
1829
parser.add_argument("-p", "--port", type=int,
1830
help="Port number to receive requests on")
1831
parser.add_argument("--check", action="store_true",
1832
help="Run self-test")
1833
parser.add_argument("--debug", action="store_true",
1834
help="Debug mode; run in foreground and log"
1835
" to terminal")
1836
parser.add_argument("--debuglevel", metavar="LEVEL",
1837
help="Debug level for stdout output")
1838
parser.add_argument("--priority", help="GnuTLS"
1839
" priority string (see GnuTLS documentation)")
1840
parser.add_argument("--servicename",
1841
metavar="NAME", help="Zeroconf service name")
1842
parser.add_argument("--configdir",
1843
default="/etc/mandos", metavar="DIR",
1844
help="Directory to search for configuration"
1845
" files")
1846
parser.add_argument("--no-dbus", action="store_false",
1847
dest="use_dbus", help="Do not provide D-Bus"
1848
" system bus interface")
1849
parser.add_argument("--no-ipv6", action="store_false",
1850
dest="use_ipv6", help="Do not use IPv6")
1851
options = parser.parse_args()
659
global main_loop_started
660
main_loop_started = False
661
662
parser = OptionParser(version = "%%prog %s" % version)
663
parser.add_option("-i", "--interface", type="string",
664
metavar="IF", help="Bind to interface IF")
665
parser.add_option("-a", "--address", type="string",
666
help="Address to listen for requests on")
667
parser.add_option("-p", "--port", type="int",
668
help="Port number to receive requests on")
669
parser.add_option("--check", action="store_true", default=False,
670
help="Run self-test")
671
parser.add_option("--debug", action="store_true",
672
help="Debug mode; run in foreground and log to"
673
" terminal")
674
parser.add_option("--priority", type="string", help="GnuTLS"
675
" priority string (see GnuTLS documentation)")
676
parser.add_option("--servicename", type="string", metavar="NAME",
677
help="Zeroconf service name")
678
parser.add_option("--configdir", type="string",
679
default="/etc/mandos", metavar="DIR",
680
help="Directory to search for configuration"
681
" files")
682
(options, args) = parser.parse_args()
1852
683
1853
684
if options.check:
1854
685
import doctest
1863
694
"priority":
1864
695
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1865
696
"servicename": "Mandos",
1866
"use_dbus": "True",
1867
"use_ipv6": "True",
1868
"debuglevel": "",
1869
697
}
1870
698
1871
699
# Parse config file for server-global settings
1872
server_config = configparser.SafeConfigParser(server_defaults)
700
server_config = ConfigParser.SafeConfigParser(server_defaults)
1873
701
del server_defaults
1874
server_config.read(os.path.join(options.configdir,
1875
"mandos.conf"))
702
server_config.read(os.path.join(options.configdir, "mandos.conf"))
1876
703
# Convert the SafeConfigParser object to a dict
1877
704
server_settings = server_config.defaults()
1878
# Use the appropriate methods on the non-string config options
1879
for option in ("debug", "use_dbus", "use_ipv6"):
1880
server_settings[option] = server_config.getboolean("DEFAULT",
1881
option)
1882
if server_settings["port"]:
1883
server_settings["port"] = server_config.getint("DEFAULT",
1884
"port")
705
# Use getboolean on the boolean config option
706
server_settings["debug"] = server_config.getboolean\
707
("DEFAULT", "debug")
1885
708
del server_config
1886
709
1887
710
# Override the settings from the config file with command line
1888
711
# options, if set.
1889
712
for option in ("interface", "address", "port", "debug",
1890
"priority", "servicename", "configdir",
1891
"use_dbus", "use_ipv6", "debuglevel"):
713
"priority", "servicename", "configdir"):
1892
714
value = getattr(options, option)
1893
715
if value is not None:
1894
716
server_settings[option] = value
1895
717
del options
1896
# Force all strings to be unicode
1897
for option in server_settings.keys():
1898
if type(server_settings[option]) is str:
1899
server_settings[option] = unicode(server_settings[option])
1900
718
# Now we have our good server settings in "server_settings"
1901
719
1902
##################################################################
1903
1904
# For convenience
1905
720
debug = server_settings["debug"]
1906
debuglevel = server_settings["debuglevel"]
1907
use_dbus = server_settings["use_dbus"]
1908
use_ipv6 = server_settings["use_ipv6"]
721
722
if not debug:
723
syslogger.setLevel(logging.WARNING)
724
console.setLevel(logging.WARNING)
1909
725
1910
726
if server_settings["servicename"] != "Mandos":
1911
syslogger.setFormatter(logging.Formatter
1912
('Mandos (%s) [%%(process)d]:'
1913
' %%(levelname)s: %%(message)s'
727
syslogger.setFormatter(logging.Formatter\
728
('Mandos (%s): %%(levelname)s:'
729
' %%(message)s'
1914
730
% server_settings["servicename"]))
1915
731
1916
732
# Parse config file with clients
1917
client_defaults = { "timeout": "5m",
1918
"extended_timeout": "15m",
1919
"interval": "2m",
733
client_defaults = { "timeout": "1h",
734
"interval": "5m",
1920
735
"checker": "fping -q -- %%(host)s",
1921
"host": "",
1922
"approval_delay": "0s",
1923
"approval_duration": "1s",
1924
736
}
1925
client_config = configparser.SafeConfigParser(client_defaults)
737
client_config = ConfigParser.SafeConfigParser(client_defaults)
1926
738
client_config.read(os.path.join(server_settings["configdir"],
1927
739
"clients.conf"))
1928
740
1929
global mandos_dbus_service
1930
mandos_dbus_service = None
1931
1932
tcp_server = MandosServer((server_settings["address"],
1933
server_settings["port"]),
1934
ClientHandler,
1935
interface=(server_settings["interface"]
1936
or None),
1937
use_ipv6=use_ipv6,
1938
gnutls_priority=
1939
server_settings["priority"],
1940
use_dbus=use_dbus)
1941
if not debug:
1942
pidfilename = "/var/run/mandos.pid"
1943
try:
1944
pidfile = open(pidfilename, "w")
1945
except IOError:
1946
logger.error("Could not open file %r", pidfilename)
1947
1948
try:
1949
uid = pwd.getpwnam("_mandos").pw_uid
1950
gid = pwd.getpwnam("_mandos").pw_gid
1951
except KeyError:
1952
try:
1953
uid = pwd.getpwnam("mandos").pw_uid
1954
gid = pwd.getpwnam("mandos").pw_gid
1955
except KeyError:
1956
try:
1957
uid = pwd.getpwnam("nobody").pw_uid
1958
gid = pwd.getpwnam("nobody").pw_gid
1959
except KeyError:
1960
uid = 65534
1961
gid = 65534
1962
try:
1963
os.setgid(gid)
1964
os.setuid(uid)
1965
except OSError as error:
1966
if error[0] != errno.EPERM:
1967
raise error
1968
1969
if not debug and not debuglevel:
1970
syslogger.setLevel(logging.WARNING)
1971
console.setLevel(logging.WARNING)
1972
if debuglevel:
1973
level = getattr(logging, debuglevel.upper())
1974
syslogger.setLevel(level)
1975
console.setLevel(level)
1976
1977
if debug:
1978
# Enable all possible GnuTLS debugging
1979
1980
# "Use a log level over 10 to enable all debugging options."
1981
# - GnuTLS manual
1982
gnutls.library.functions.gnutls_global_set_log_level(11)
1983
1984
@gnutls.library.types.gnutls_log_func
1985
def debug_gnutls(level, string):
1986
logger.debug("GnuTLS: %s", string[:-1])
1987
1988
(gnutls.library.functions
1989
.gnutls_global_set_log_function(debug_gnutls))
1990
1991
# Redirect stdin so all checkers get /dev/null
1992
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1993
os.dup2(null, sys.stdin.fileno())
1994
if null > 2:
1995
os.close(null)
1996
else:
1997
# No console logging
1998
logger.removeHandler(console)
1999
2000
# Need to fork before connecting to D-Bus
2001
if not debug:
2002
# Close all input and output, do double fork, etc.
2003
daemon()
741
global service
742
service = AvahiService(name = server_settings["servicename"],
743
type = "_mandos._tcp", );
744
if server_settings["interface"]:
745
service.interface = if_nametoindex(server_settings["interface"])
2004
746
2005
747
global main_loop
748
global bus
749
global server
2006
750
# From the Avahi example code
2007
751
DBusGMainLoop(set_as_default=True )
2008
752
main_loop = gobject.MainLoop()
2009
753
bus = dbus.SystemBus()
754
server = dbus.Interface(
755
bus.get_object( avahi.DBUS_NAME, avahi.DBUS_PATH_SERVER ),
756
avahi.DBUS_INTERFACE_SERVER )
2010
757
# End of Avahi example code
2011
if use_dbus:
2012
try:
2013
bus_name = dbus.service.BusName("se.recompile.Mandos",
2014
bus, do_not_queue=True)
2015
old_bus_name = (dbus.service.BusName
2016
("se.bsnet.fukt.Mandos", bus,
2017
do_not_queue=True))
2018
except dbus.exceptions.NameExistsException as e:
2019
logger.error(unicode(e) + ", disabling D-Bus")
2020
use_dbus = False
2021
server_settings["use_dbus"] = False
2022
tcp_server.use_dbus = False
2023
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2024
service = AvahiService(name = server_settings["servicename"],
2025
servicetype = "_mandos._tcp",
2026
protocol = protocol, bus = bus)
2027
if server_settings["interface"]:
2028
service.interface = (if_nametoindex
2029
(str(server_settings["interface"])))
2030
2031
global multiprocessing_manager
2032
multiprocessing_manager = multiprocessing.Manager()
2033
2034
client_class = Client
2035
if use_dbus:
2036
client_class = functools.partial(ClientDBusTransitional,
2037
bus = bus)
2038
def client_config_items(config, section):
2039
special_settings = {
2040
"approved_by_default":
2041
lambda: config.getboolean(section,
2042
"approved_by_default"),
2043
}
2044
for name, value in config.items(section):
2045
try:
2046
yield (name, special_settings[name]())
2047
except KeyError:
2048
yield (name, value)
2049
2050
tcp_server.clients.update(set(
2051
client_class(name = section,
2052
config= dict(client_config_items(
2053
client_config, section)))
2054
for section in client_config.sections()))
2055
if not tcp_server.clients:
2056
logger.warning("No clients defined")
2057
2058
if not debug:
2059
try:
2060
with pidfile:
2061
pid = os.getpid()
2062
pidfile.write(str(pid) + "\n".encode("utf-8"))
2063
del pidfile
2064
except IOError:
2065
logger.error("Could not write to file %r with PID %d",
2066
pidfilename, pid)
2067
except NameError:
2068
# "pidfile" was never created
2069
pass
2070
del pidfilename
2071
758
759
clients = Set()
760
def remove_from_clients(client):
761
clients.remove(client)
762
if not clients:
763
logger.critical(u"No clients left, exiting")
764
sys.exit()
765
766
clients.update(Set(Client(name = section,
767
stop_hook = remove_from_clients,
768
config
769
= dict(client_config.items(section)))
770
for section in client_config.sections()))
771
if not clients:
772
logger.critical(u"No clients defined")
773
sys.exit(1)
774
775
if not debug:
776
logger.removeHandler(console)
777
daemon()
778
779
pidfilename = "/var/run/mandos/mandos.pid"
780
pid = os.getpid()
781
try:
782
pidfile = open(pidfilename, "w")
783
pidfile.write(str(pid) + "\n")
784
pidfile.close()
785
del pidfile
786
except IOError, err:
787
logger.error(u"Could not write %s file with PID %d",
788
pidfilename, os.getpid())
789
790
def cleanup():
791
"Cleanup function; run on exit"
792
global group
793
# From the Avahi example code
794
if not group is None:
795
group.Free()
796
group = None
797
# End of Avahi example code
798
799
while clients:
800
client = clients.pop()
801
client.stop_hook = None
802
client.stop()
803
804
atexit.register(cleanup)
805
806
if not debug:
2072
807
signal.signal(signal.SIGINT, signal.SIG_IGN)
2073
2074
808
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
2075
809
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
2076
810
2077
if use_dbus:
2078
class MandosDBusService(dbus.service.Object):
2079
"""A D-Bus proxy object"""
2080
def __init__(self):
2081
dbus.service.Object.__init__(self, bus, "/")
2082
_interface = "se.recompile.Mandos"
2083
2084
@dbus.service.signal(_interface, signature="o")
2085
def ClientAdded(self, objpath):
2086
"D-Bus signal"
2087
pass
2088
2089
@dbus.service.signal(_interface, signature="ss")
2090
def ClientNotFound(self, fingerprint, address):
2091
"D-Bus signal"
2092
pass
2093
2094
@dbus.service.signal(_interface, signature="os")
2095
def ClientRemoved(self, objpath, name):
2096
"D-Bus signal"
2097
pass
2098
2099
@dbus.service.method(_interface, out_signature="ao")
2100
def GetAllClients(self):
2101
"D-Bus method"
2102
return dbus.Array(c.dbus_object_path
2103
for c in tcp_server.clients)
2104
2105
@dbus.service.method(_interface,
2106
out_signature="a{oa{sv}}")
2107
def GetAllClientsWithProperties(self):
2108
"D-Bus method"
2109
return dbus.Dictionary(
2110
((c.dbus_object_path, c.GetAll(""))
2111
for c in tcp_server.clients),
2112
signature="oa{sv}")
2113
2114
@dbus.service.method(_interface, in_signature="o")
2115
def RemoveClient(self, object_path):
2116
"D-Bus method"
2117
for c in tcp_server.clients:
2118
if c.dbus_object_path == object_path:
2119
tcp_server.clients.remove(c)
2120
c.remove_from_connection()
2121
# Don't signal anything except ClientRemoved
2122
c.disable(quiet=True)
2123
# Emit D-Bus signal
2124
self.ClientRemoved(object_path, c.name)
2125
return
2126
raise KeyError(object_path)
2127
2128
del _interface
2129
2130
class MandosDBusServiceTransitional(MandosDBusService):
2131
__metaclass__ = AlternateDBusNamesMetaclass
2132
mandos_dbus_service = MandosDBusServiceTransitional()
2133
2134
def cleanup():
2135
"Cleanup function; run on exit"
2136
service.cleanup()
2137
2138
multiprocessing.active_children()
2139
while tcp_server.clients:
2140
client = tcp_server.clients.pop()
2141
if use_dbus:
2142
client.remove_from_connection()
2143
client.disable_hook = None
2144
# Don't signal anything except ClientRemoved
2145
client.disable(quiet=True)
2146
if use_dbus:
2147
# Emit D-Bus signal
2148
mandos_dbus_service.ClientRemoved(client
2149
.dbus_object_path,
2150
client.name)
2151
2152
atexit.register(cleanup)
2153
2154
for client in tcp_server.clients:
2155
if use_dbus:
2156
# Emit D-Bus signal
2157
mandos_dbus_service.ClientAdded(client.dbus_object_path)
2158
client.enable()
2159
2160
tcp_server.enable()
2161
tcp_server.server_activate()
2162
811
for client in clients:
812
client.start()
813
814
tcp_server = IPv6_TCPServer((server_settings["address"],
815
server_settings["port"]),
816
tcp_handler,
817
settings=server_settings,
818
clients=clients)
2163
819
# Find out what port we got
2164
820
service.port = tcp_server.socket.getsockname()[1]
2165
if use_ipv6:
2166
logger.info("Now listening on address %r, port %d,"
2167
" flowinfo %d, scope_id %d"
2168
% tcp_server.socket.getsockname())
2169
else: # IPv4
2170
logger.info("Now listening on address %r, port %d"
2171
% tcp_server.socket.getsockname())
821
logger.info(u"Now listening on address %r, port %d, flowinfo %d,"
822
u" scope_id %d" % tcp_server.socket.getsockname())
2172
823
2173
824
#service.interface = tcp_server.socket.getsockname()[3]
2174
825
2175
826
try:
2176
827
# From the Avahi example code
828
server.connect_to_signal("StateChanged", server_state_changed)
2177
829
try:
2178
service.activate()
2179
except dbus.exceptions.DBusException as error:
2180
logger.critical("DBusException: %s", error)
2181
cleanup()
830
server_state_changed(server.GetState())
831
except dbus.exceptions.DBusException, error:
832
logger.critical(u"DBusException: %s", error)
2182
833
sys.exit(1)
2183
834
# End of Avahi example code
2184
835
2185
836
gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,
2186
837
lambda *args, **kwargs:
2187
(tcp_server.handle_request
2188
(*args[2:], **kwargs) or True))
838
tcp_server.handle_request\
839
(*args[2:], **kwargs) or True)
2189
840
2190
logger.debug("Starting main loop")
841
logger.debug(u"Starting main loop")
842
main_loop_started = True
2191
843
main_loop.run()
2192
except AvahiError as error:
2193
logger.critical("AvahiError: %s", error)
2194
cleanup()
844
except AvahiError, error:
845
logger.critical(u"AvahiError: %s" + unicode(error))
2195
846
sys.exit(1)
2196
847
except KeyboardInterrupt:
2197
848
if debug:
2198
print("", file=sys.stderr)
2199
logger.debug("Server received KeyboardInterrupt")
2200
logger.debug("Server exiting")
2201
# Must run before the D-Bus bus name gets deregistered
2202
cleanup()
2203
849
print
2204
850
2205
851
if __name__ == '__main__':
2206
852
main()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0