To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 24.2.1
- compare with another revision
- download diff
- download tarball
- view history from revision 24.2.1
- Committer: teddy at bsnet
- Date: 2010-08-23 19:23:15 UTC
- mto: (24.1.154 mandos)
- mto: This revision was merged to the branch mainline in revision 421.
- Revision ID: teddy@fukt.bsnet.se-20100823192315-pefgye0l6cavcejs
* debian/control (mandos/Depends): Added "python-urwid".
* mandos (Client.approved_by_default): Changed default to "True".
(Client.approved_delay): Changed default to "0s".
(ClientDBus.GotSecret, ClientDBus.Rejected,
ClientDBus.NeedApproval): Emit "PropertyChanged" signal for the
"approved_pending" property.
* mandos (Client.approved_by_default): Changed default to "True".
(Client.approved_delay): Changed default to "0s".
(ClientDBus.GotSecret, ClientDBus.Rejected,
ClientDBus.NeedApproval): Emit "PropertyChanged" signal for the
"approved_pending" property.
added
removed
mandos
83
83
84
84
version = "1.0.14"
85
85
86
#logger = logging.getLogger(u'mandos')
87
86
logger = logging.Logger(u'mandos')
88
87
syslogger = (logging.handlers.SysLogHandler
89
88
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
99
98
u' %(message)s'))
100
99
logger.addHandler(console)
101
100
101
multiprocessing_manager = multiprocessing.Manager()
102
102
103
class AvahiError(Exception):
103
104
def __init__(self, value, *args, **kwargs):
104
105
self.value = value
157
158
u" after %i retries, exiting.",
158
159
self.rename_count)
159
160
raise AvahiServiceError(u"Too many renames")
160
self.name = unicode(self.server.GetAlternativeServiceName(self.name))
161
self.name = self.server.GetAlternativeServiceName(self.name)
161
162
logger.info(u"Changing Zeroconf service name to %r ...",
162
self.name)
163
unicode(self.name))
163
164
syslogger.setFormatter(logging.Formatter
164
165
(u'Mandos (%s) [%%(process)d]:'
165
166
u' %%(levelname)s: %%(message)s'
166
167
% self.name))
167
168
self.remove()
168
try:
169
self.add()
170
except dbus.exceptions.DBusException, error:
171
logger.critical(u"DBusException: %s", error)
172
self.cleanup()
173
os._exit(1)
169
self.add()
174
170
self.rename_count += 1
175
171
def remove(self):
176
172
"""Derived from the Avahi example code"""
199
195
self.group.Commit()
200
196
def entry_group_state_changed(self, state, error):
201
197
"""Derived from the Avahi example code"""
202
logger.debug(u"Avahi entry group state change: %i", state)
198
logger.debug(u"Avahi state change: %i", state)
203
199
204
200
if state == avahi.ENTRY_GROUP_ESTABLISHED:
205
201
logger.debug(u"Zeroconf service established.")
218
214
self.group = None
219
215
def server_state_changed(self, state):
220
216
"""Derived from the Avahi example code"""
221
logger.debug(u"Avahi server state change: %i", state)
222
217
if state == avahi.SERVER_COLLISION:
223
218
logger.error(u"Zeroconf server name collision")
224
219
self.remove()
240
235
"""A representation of a client host served by this server.
241
236
242
237
Attributes:
243
_approved: bool(); 'None' if not yet approved/disapproved
244
approval_delay: datetime.timedelta(); Time to wait for approval
245
approval_duration: datetime.timedelta(); Duration of one approval
238
name: string; from the config file, used in log messages and
239
D-Bus identifiers
240
fingerprint: string (40 or 32 hexadecimal digits); used to
241
uniquely identify the client
242
secret: bytestring; sent verbatim (over TLS) to client
243
host: string; available for use by the checker command
244
created: datetime.datetime(); (UTC) object creation
245
last_enabled: datetime.datetime(); (UTC)
246
enabled: bool()
247
last_checked_ok: datetime.datetime(); (UTC) or None
248
timeout: datetime.timedelta(); How long from last_checked_ok
249
until this client is disabled
250
interval: datetime.timedelta(); How often to start a new checker
251
disable_hook: If set, called by disable() as disable_hook(self)
246
252
checker: subprocess.Popen(); a running checker process used
247
253
to see if the client lives.
248
254
'None' if no process is running.
255
checker_initiator_tag: a gobject event source tag, or None
256
disable_initiator_tag: - '' -
249
257
checker_callback_tag: - '' -
250
checker_command: string; External command which is run to check
251
if client lives. %() expansions are done at
258
checker_command: string; External command which is run to check if
259
client lives. %() expansions are done at
252
260
runtime with vars(self) as dict, so that for
253
261
instance %(name)s can be used in the command.
254
checker_initiator_tag: a gobject event source tag, or None
255
created: datetime.datetime(); (UTC) object creation
256
262
current_checker_command: string; current running checker_command
257
disable_hook: If set, called by disable() as disable_hook(self)
258
disable_initiator_tag: - '' -
259
enabled: bool()
260
fingerprint: string (40 or 32 hexadecimal digits); used to
261
uniquely identify the client
262
host: string; available for use by the checker command
263
interval: datetime.timedelta(); How often to start a new checker
264
last_checked_ok: datetime.datetime(); (UTC) or None
265
last_enabled: datetime.datetime(); (UTC)
266
name: string; from the config file, used in log messages and
267
D-Bus identifiers
268
secret: bytestring; sent verbatim (over TLS) to client
269
timeout: datetime.timedelta(); How long from last_checked_ok
270
until this client is disabled
271
runtime_expansions: Allowed attributes for runtime expansion.
263
approved_delay: datetime.timedelta(); Time to wait for approval
264
_approved: bool(); 'None' if not yet approved/disapproved
265
approved_duration: datetime.timedelta(); Duration of one approval
272
266
"""
273
267
274
runtime_expansions = (u"approval_delay", u"approval_duration",
275
u"created", u"enabled", u"fingerprint",
276
u"host", u"interval", u"last_checked_ok",
277
u"last_enabled", u"name", u"timeout")
278
279
268
@staticmethod
280
269
def _timedelta_to_milliseconds(td):
281
270
"Convert a datetime.timedelta() to milliseconds"
291
280
"Return the 'interval' attribute in milliseconds"
292
281
return self._timedelta_to_milliseconds(self.interval)
293
282
294
def approval_delay_milliseconds(self):
295
return self._timedelta_to_milliseconds(self.approval_delay)
283
def approved_delay_milliseconds(self):
284
return self._timedelta_to_milliseconds(self.approved_delay)
296
285
297
286
def __init__(self, name = None, disable_hook=None, config=None):
298
287
"""Note: the 'checker' key in 'config' sets the
316
305
"rb") as secfile:
317
306
self.secret = secfile.read()
318
307
else:
308
#XXX Need to allow secret on demand!
319
309
raise TypeError(u"No secret or secfile for client %s"
320
310
% self.name)
321
311
self.host = config.get(u"host", u"")
333
323
self.checker_command = config[u"checker"]
334
324
self.current_checker_command = None
335
325
self.last_connect = None
326
self.approvals_pending = 0
336
327
self._approved = None
337
328
self.approved_by_default = config.get(u"approved_by_default",
338
329
True)
339
self.approvals_pending = 0
340
self.approval_delay = string_to_delta(
341
config[u"approval_delay"])
342
self.approval_duration = string_to_delta(
343
config[u"approval_duration"])
330
self.approved_delay = string_to_delta(
331
config[u"approved_delay"])
332
self.approved_duration = string_to_delta(
333
config[u"approved_duration"])
344
334
self.changedstate = multiprocessing_manager.Condition(multiprocessing_manager.Lock())
345
335
346
336
def send_changedstate(self):
347
337
self.changedstate.acquire()
348
338
self.changedstate.notify_all()
456
446
command = self.checker_command % self.host
457
447
except TypeError:
458
448
# Escape attributes for the shell
459
escaped_attrs = dict(
460
(attr,
461
re.escape(unicode(str(getattr(self, attr, u"")),
462
errors=
463
u'replace')))
464
for attr in
465
self.runtime_expansions)
466
449
escaped_attrs = dict((key,
450
re.escape(unicode(str(val),
451
errors=
452
u'replace')))
453
for key, val in
454
vars(self).iteritems())
467
455
try:
468
456
command = self.checker_command % escaped_attrs
469
457
except TypeError, error:
711
699
dbus_object_path: dbus.ObjectPath
712
700
bus: dbus.SystemBus()
713
701
"""
714
715
runtime_expansions = (Client.runtime_expansions
716
+ (u"dbus_object_path",))
717
718
702
# dbus.service.Object doesn't use super(), so we can't either.
719
703
720
704
def __init__(self, bus = None, *args, **kwargs):
721
self._approvals_pending = 0
722
705
self.bus = bus
723
706
Client.__init__(self, *args, **kwargs)
724
707
# Only now, when this client is initialized, can it show up on
725
708
# the D-Bus
726
client_object_name = unicode(self.name).translate(
727
{ord(u"."): ord(u"_"),
728
ord(u"-"): ord(u"_")})
729
709
self.dbus_object_path = (dbus.ObjectPath
730
(u"/clients/" + client_object_name))
710
(u"/clients/"
711
+ self.name.replace(u".", u"_")))
731
712
DBusObjectWithProperties.__init__(self, self.bus,
732
713
self.dbus_object_path)
733
734
def _get_approvals_pending(self):
735
return self._approvals_pending
736
def _set_approvals_pending(self, value):
737
old_value = self._approvals_pending
738
self._approvals_pending = value
739
bval = bool(value)
740
if (hasattr(self, "dbus_object_path")
741
and bval is not bool(old_value)):
742
dbus_bool = dbus.Boolean(bval, variant_level=1)
743
self.PropertyChanged(dbus.String(u"ApprovalPending"),
744
dbus_bool)
745
746
approvals_pending = property(_get_approvals_pending,
747
_set_approvals_pending)
748
del _get_approvals_pending, _set_approvals_pending
749
714
750
715
@staticmethod
751
716
def _datetime_to_dbus(dt, variant_level=0):
758
723
r = Client.enable(self)
759
724
if oldstate != self.enabled:
760
725
# Emit D-Bus signals
761
self.PropertyChanged(dbus.String(u"Enabled"),
726
self.PropertyChanged(dbus.String(u"enabled"),
762
727
dbus.Boolean(True, variant_level=1))
763
728
self.PropertyChanged(
764
dbus.String(u"LastEnabled"),
729
dbus.String(u"last_enabled"),
765
730
self._datetime_to_dbus(self.last_enabled,
766
731
variant_level=1))
767
732
return r
771
736
r = Client.disable(self, quiet=quiet)
772
737
if not quiet and oldstate != self.enabled:
773
738
# Emit D-Bus signal
774
self.PropertyChanged(dbus.String(u"Enabled"),
739
self.PropertyChanged(dbus.String(u"enabled"),
775
740
dbus.Boolean(False, variant_level=1))
776
741
return r
777
742
789
754
self.checker_callback_tag = None
790
755
self.checker = None
791
756
# Emit D-Bus signal
792
self.PropertyChanged(dbus.String(u"CheckerRunning"),
757
self.PropertyChanged(dbus.String(u"checker_running"),
793
758
dbus.Boolean(False, variant_level=1))
794
759
if os.WIFEXITED(condition):
795
760
exitstatus = os.WEXITSTATUS(condition)
810
775
r = Client.checked_ok(self, *args, **kwargs)
811
776
# Emit D-Bus signal
812
777
self.PropertyChanged(
813
dbus.String(u"LastCheckedOK"),
778
dbus.String(u"last_checked_ok"),
814
779
(self._datetime_to_dbus(self.last_checked_ok,
815
780
variant_level=1)))
816
781
return r
828
793
# Emit D-Bus signal
829
794
self.CheckerStarted(self.current_checker_command)
830
795
self.PropertyChanged(
831
dbus.String(u"CheckerRunning"),
796
dbus.String(u"checker_running"),
832
797
dbus.Boolean(True, variant_level=1))
833
798
return r
834
799
837
802
r = Client.stop_checker(self, *args, **kwargs)
838
803
if (old_checker is not None
839
804
and getattr(self, u"checker", None) is None):
840
self.PropertyChanged(dbus.String(u"CheckerRunning"),
805
self.PropertyChanged(dbus.String(u"checker_running"),
841
806
dbus.Boolean(False, variant_level=1))
842
807
return r
843
808
846
811
return False
847
812
848
813
def approve(self, value=True):
849
self.send_changedstate()
850
814
self._approved = value
851
gobject.timeout_add(self._timedelta_to_milliseconds
852
(self.approval_duration),
853
self._reset_approved)
815
gobject.timeout_add(self._timedelta_to_milliseconds(self.approved_duration, self._reset_approved))
816
817
def approved_pending(self):
818
return self.approvals_pending > 0
854
819
855
820
856
821
## D-Bus methods, signals & properties
879
844
# GotSecret - signal
880
845
@dbus.service.signal(_interface)
881
846
def GotSecret(self):
882
"""D-Bus signal
883
Is sent after a successful transfer of secret from the Mandos
884
server to mandos-client
885
"""
886
pass
847
"D-Bus signal"
848
if self.approved_pending():
849
self.PropertyChanged(dbus.String(u"checker_running"),
850
dbus.Boolean(False, variant_level=1))
887
851
888
852
# Rejected - signal
889
853
@dbus.service.signal(_interface, signature=u"s")
890
854
def Rejected(self, reason):
891
855
"D-Bus signal"
892
pass
856
if self.approved_pending():
857
self.PropertyChanged(dbus.String(u"checker_running"),
858
dbus.Boolean(False, variant_level=1))
893
859
894
860
# NeedApproval - signal
895
@dbus.service.signal(_interface, signature=u"tb")
861
@dbus.service.signal(_interface, signature=u"db")
896
862
def NeedApproval(self, timeout, default):
897
863
"D-Bus signal"
898
pass
864
if not self.approved_pending():
865
self.PropertyChanged(dbus.String(u"approved_pending"),
866
dbus.Boolean(True, variant_level=1))
899
867
900
868
## Methods
901
869
934
902
935
903
## Properties
936
904
937
# ApprovalPending - property
905
# approved_pending - property
938
906
@dbus_service_property(_interface, signature=u"b", access=u"read")
939
def ApprovalPending_dbus_property(self):
940
return dbus.Boolean(bool(self.approvals_pending))
907
def approved_pending_dbus_property(self):
908
return dbus.Boolean(self.approved_pending())
941
909
942
# ApprovedByDefault - property
910
# approved_by_default - property
943
911
@dbus_service_property(_interface, signature=u"b",
944
912
access=u"readwrite")
945
def ApprovedByDefault_dbus_property(self, value=None):
946
if value is None: # get
947
return dbus.Boolean(self.approved_by_default)
948
self.approved_by_default = bool(value)
949
# Emit D-Bus signal
950
self.PropertyChanged(dbus.String(u"ApprovedByDefault"),
951
dbus.Boolean(value, variant_level=1))
952
953
# ApprovalDelay - property
954
@dbus_service_property(_interface, signature=u"t",
955
access=u"readwrite")
956
def ApprovalDelay_dbus_property(self, value=None):
957
if value is None: # get
958
return dbus.UInt64(self.approval_delay_milliseconds())
959
self.approval_delay = datetime.timedelta(0, 0, 0, value)
960
# Emit D-Bus signal
961
self.PropertyChanged(dbus.String(u"ApprovalDelay"),
962
dbus.UInt64(value, variant_level=1))
963
964
# ApprovalDuration - property
965
@dbus_service_property(_interface, signature=u"t",
966
access=u"readwrite")
967
def ApprovalDuration_dbus_property(self, value=None):
968
if value is None: # get
969
return dbus.UInt64(self._timedelta_to_milliseconds(
970
self.approval_duration))
971
self.approval_duration = datetime.timedelta(0, 0, 0, value)
972
# Emit D-Bus signal
973
self.PropertyChanged(dbus.String(u"ApprovalDuration"),
974
dbus.UInt64(value, variant_level=1))
975
976
# Name - property
913
def approved_by_default_dbus_property(self):
914
return dbus.Boolean(self.approved_by_default)
915
916
# approved_delay - property
917
@dbus_service_property(_interface, signature=u"t",
918
access=u"readwrite")
919
def approved_delay_dbus_property(self):
920
return dbus.UInt64(self.approved_delay_milliseconds())
921
922
# approved_duration - property
923
@dbus_service_property(_interface, signature=u"t",
924
access=u"readwrite")
925
def approved_duration_dbus_property(self):
926
return dbus.UInt64(self._timedelta_to_milliseconds(
927
self.approved_duration))
928
929
# name - property
977
930
@dbus_service_property(_interface, signature=u"s", access=u"read")
978
def Name_dbus_property(self):
931
def name_dbus_property(self):
979
932
return dbus.String(self.name)
980
933
981
# Fingerprint - property
934
# fingerprint - property
982
935
@dbus_service_property(_interface, signature=u"s", access=u"read")
983
def Fingerprint_dbus_property(self):
936
def fingerprint_dbus_property(self):
984
937
return dbus.String(self.fingerprint)
985
938
986
# Host - property
939
# host - property
987
940
@dbus_service_property(_interface, signature=u"s",
988
941
access=u"readwrite")
989
def Host_dbus_property(self, value=None):
942
def host_dbus_property(self, value=None):
990
943
if value is None: # get
991
944
return dbus.String(self.host)
992
945
self.host = value
993
946
# Emit D-Bus signal
994
self.PropertyChanged(dbus.String(u"Host"),
947
self.PropertyChanged(dbus.String(u"host"),
995
948
dbus.String(value, variant_level=1))
996
949
997
# Created - property
950
# created - property
998
951
@dbus_service_property(_interface, signature=u"s", access=u"read")
999
def Created_dbus_property(self):
952
def created_dbus_property(self):
1000
953
return dbus.String(self._datetime_to_dbus(self.created))
1001
954
1002
# LastEnabled - property
955
# last_enabled - property
1003
956
@dbus_service_property(_interface, signature=u"s", access=u"read")
1004
def LastEnabled_dbus_property(self):
957
def last_enabled_dbus_property(self):
1005
958
if self.last_enabled is None:
1006
959
return dbus.String(u"")
1007
960
return dbus.String(self._datetime_to_dbus(self.last_enabled))
1008
961
1009
# Enabled - property
962
# enabled - property
1010
963
@dbus_service_property(_interface, signature=u"b",
1011
964
access=u"readwrite")
1012
def Enabled_dbus_property(self, value=None):
965
def enabled_dbus_property(self, value=None):
1013
966
if value is None: # get
1014
967
return dbus.Boolean(self.enabled)
1015
968
if value:
1017
970
else:
1018
971
self.disable()
1019
972
1020
# LastCheckedOK - property
973
# last_checked_ok - property
1021
974
@dbus_service_property(_interface, signature=u"s",
1022
975
access=u"readwrite")
1023
def LastCheckedOK_dbus_property(self, value=None):
976
def last_checked_ok_dbus_property(self, value=None):
1024
977
if value is not None:
1025
978
self.checked_ok()
1026
979
return
1029
982
return dbus.String(self._datetime_to_dbus(self
1030
983
.last_checked_ok))
1031
984
1032
# Timeout - property
985
# timeout - property
1033
986
@dbus_service_property(_interface, signature=u"t",
1034
987
access=u"readwrite")
1035
def Timeout_dbus_property(self, value=None):
988
def timeout_dbus_property(self, value=None):
1036
989
if value is None: # get
1037
990
return dbus.UInt64(self.timeout_milliseconds())
1038
991
self.timeout = datetime.timedelta(0, 0, 0, value)
1039
992
# Emit D-Bus signal
1040
self.PropertyChanged(dbus.String(u"Timeout"),
993
self.PropertyChanged(dbus.String(u"timeout"),
1041
994
dbus.UInt64(value, variant_level=1))
1042
995
if getattr(self, u"disable_initiator_tag", None) is None:
1043
996
return
1057
1010
self.disable_initiator_tag = (gobject.timeout_add
1058
1011
(time_to_die, self.disable))
1059
1012
1060
# Interval - property
1013
# interval - property
1061
1014
@dbus_service_property(_interface, signature=u"t",
1062
1015
access=u"readwrite")
1063
def Interval_dbus_property(self, value=None):
1016
def interval_dbus_property(self, value=None):
1064
1017
if value is None: # get
1065
1018
return dbus.UInt64(self.interval_milliseconds())
1066
1019
self.interval = datetime.timedelta(0, 0, 0, value)
1067
1020
# Emit D-Bus signal
1068
self.PropertyChanged(dbus.String(u"Interval"),
1021
self.PropertyChanged(dbus.String(u"interval"),
1069
1022
dbus.UInt64(value, variant_level=1))
1070
1023
if getattr(self, u"checker_initiator_tag", None) is None:
1071
1024
return
1075
1028
(value, self.start_checker))
1076
1029
self.start_checker() # Start one now, too
1077
1030
1078
# Checker - property
1031
# checker - property
1079
1032
@dbus_service_property(_interface, signature=u"s",
1080
1033
access=u"readwrite")
1081
def Checker_dbus_property(self, value=None):
1034
def checker_dbus_property(self, value=None):
1082
1035
if value is None: # get
1083
1036
return dbus.String(self.checker_command)
1084
1037
self.checker_command = value
1085
1038
# Emit D-Bus signal
1086
self.PropertyChanged(dbus.String(u"Checker"),
1039
self.PropertyChanged(dbus.String(u"checker"),
1087
1040
dbus.String(self.checker_command,
1088
1041
variant_level=1))
1089
1042
1090
# CheckerRunning - property
1043
# checker_running - property
1091
1044
@dbus_service_property(_interface, signature=u"b",
1092
1045
access=u"readwrite")
1093
def CheckerRunning_dbus_property(self, value=None):
1046
def checker_running_dbus_property(self, value=None):
1094
1047
if value is None: # get
1095
1048
return dbus.Boolean(self.checker is not None)
1096
1049
if value:
1098
1051
else:
1099
1052
self.stop_checker()
1100
1053
1101
# ObjectPath - property
1054
# object_path - property
1102
1055
@dbus_service_property(_interface, signature=u"o", access=u"read")
1103
def ObjectPath_dbus_property(self):
1056
def object_path_dbus_property(self):
1104
1057
return self.dbus_object_path # is already a dbus.ObjectPath
1105
1058
1106
# Secret = property
1059
# secret = property
1107
1060
@dbus_service_property(_interface, signature=u"ay",
1108
1061
access=u"write", byte_arrays=True)
1109
def Secret_dbus_property(self, value):
1062
def secret_dbus_property(self, value):
1110
1063
self.secret = str(value)
1111
1064
1112
1065
del _interface
1210
1163
except KeyError:
1211
1164
return
1212
1165
1213
if client.approval_delay:
1214
delay = client.approval_delay
1166
if client.approved_delay:
1167
delay = client.approved_delay
1215
1168
client.approvals_pending += 1
1216
1169
approval_required = True
1217
1170
1224
1177
client.Rejected("Disabled")
1225
1178
return
1226
1179
1227
if client._approved or not client.approval_delay:
1180
if client._approved or not client.approved_delay:
1228
1181
#We are approved or approval is disabled
1229
1182
break
1230
1183
elif client._approved is None:
1231
logger.info(u"Client %s needs approval",
1184
logger.info(u"Client %s need approval",
1232
1185
client.name)
1233
1186
if self.server.use_dbus:
1234
1187
# Emit D-Bus signal
1235
1188
client.NeedApproval(
1236
client.approval_delay_milliseconds(),
1189
client.approved_delay_milliseconds(),
1237
1190
client.approved_by_default)
1238
1191
else:
1239
1192
logger.warning(u"Client %s was not approved",
1240
1193
client.name)
1241
1194
if self.server.use_dbus:
1242
1195
# Emit D-Bus signal
1243
client.Rejected("Denied")
1196
client.Rejected("Disapproved")
1244
1197
return
1245
1198
1246
1199
#wait until timeout or approved
1257
1210
client.name)
1258
1211
if self.server.use_dbus:
1259
1212
# Emit D-Bus signal
1260
client.Rejected("Approval timed out")
1213
client.Rejected("Time out")
1261
1214
return
1262
1215
else:
1263
1216
break
1266
1219
1267
1220
sent_size = 0
1268
1221
while sent_size < len(client.secret):
1269
try:
1270
sent = session.send(client.secret[sent_size:])
1271
except (gnutls.errors.GNUTLSError), error:
1272
logger.warning("gnutls send failed")
1273
return
1222
# XXX handle session exception
1223
sent = session.send(client.secret[sent_size:])
1274
1224
logger.debug(u"Sent: %d, remaining: %d",
1275
1225
sent, len(client.secret)
1276
1226
- (sent_size + sent))
1286
1236
finally:
1287
1237
if approval_required:
1288
1238
client.approvals_pending -= 1
1289
try:
1290
session.bye()
1291
except (gnutls.errors.GNUTLSError), error:
1292
logger.warning("GnuTLS bye failed")
1239
session.bye()
1293
1240
1294
1241
@staticmethod
1295
1242
def peer_certificate(session):
1380
1327
1381
1328
super(MultiprocessingMixInWithPipe,
1382
1329
self).process_request(request, client_address)
1383
self.child_pipe.close()
1384
1330
self.add_pipe(parent_pipe)
1385
1386
1331
def add_pipe(self, parent_pipe):
1387
1332
"""Dummy function; override as necessary"""
1388
1333
pass
1501
1446
for cond, name in
1502
1447
condition_names.iteritems()
1503
1448
if cond & condition)
1504
# error or the other end of multiprocessing.Pipe has closed
1505
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
1506
return False
1449
logger.debug(u"Handling IPC: FD = %d, condition = %s", source,
1450
conditions_string)
1507
1451
1508
1452
# Read a request from the child
1509
1453
request = parent_pipe.recv()
1522
1466
u"dress: %s", fpr, address)
1523
1467
if self.use_dbus:
1524
1468
# Emit D-Bus signal
1525
mandos_dbus_service.ClientNotFound(fpr, address[0])
1469
mandos_dbus_service.ClientNotFound(fpr, address)
1526
1470
parent_pipe.send(False)
1527
1471
return False
1528
1472
1547
1491
parent_pipe.send(('function',))
1548
1492
else:
1549
1493
parent_pipe.send(('data', client_object.__getattribute__(attrname)))
1550
1494
1551
1495
if command == 'setattr':
1552
1496
attrname = request[1]
1553
1497
value = request[2]
1554
1498
setattr(client_object, attrname, value)
1555
1499
1556
1500
return True
1557
1501
1558
1502
1661
1605
parser.add_option("--debug", action=u"store_true",
1662
1606
help=u"Debug mode; run in foreground and log to"
1663
1607
u" terminal")
1664
parser.add_option("--debuglevel", type=u"string", metavar="Level",
1665
help=u"Debug level for stdout output")
1666
1608
parser.add_option("--priority", type=u"string", help=u"GnuTLS"
1667
1609
u" priority string (see GnuTLS documentation)")
1668
1610
parser.add_option("--servicename", type=u"string",
1693
1635
u"servicename": u"Mandos",
1694
1636
u"use_dbus": u"True",
1695
1637
u"use_ipv6": u"True",
1696
u"debuglevel": u"",
1697
1638
}
1698
1639
1699
1640
# Parse config file for server-global settings
1716
1657
# options, if set.
1717
1658
for option in (u"interface", u"address", u"port", u"debug",
1718
1659
u"priority", u"servicename", u"configdir",
1719
u"use_dbus", u"use_ipv6", u"debuglevel"):
1660
u"use_dbus", u"use_ipv6"):
1720
1661
value = getattr(options, option)
1721
1662
if value is not None:
1722
1663
server_settings[option] = value
1731
1672
1732
1673
# For convenience
1733
1674
debug = server_settings[u"debug"]
1734
debuglevel = server_settings[u"debuglevel"]
1735
1675
use_dbus = server_settings[u"use_dbus"]
1736
1676
use_ipv6 = server_settings[u"use_ipv6"]
1737
1677
1678
if not debug:
1679
syslogger.setLevel(logging.WARNING)
1680
console.setLevel(logging.WARNING)
1681
1738
1682
if server_settings[u"servicename"] != u"Mandos":
1739
1683
syslogger.setFormatter(logging.Formatter
1740
1684
(u'Mandos (%s) [%%(process)d]:'
1746
1690
u"interval": u"5m",
1747
1691
u"checker": u"fping -q -- %%(host)s",
1748
1692
u"host": u"",
1749
u"approval_delay": u"0s",
1750
u"approval_duration": u"1s",
1693
u"approved_delay": u"0s",
1694
u"approved_duration": u"1s",
1751
1695
}
1752
1696
client_config = configparser.SafeConfigParser(client_defaults)
1753
1697
client_config.read(os.path.join(server_settings[u"configdir"],
1759
1703
tcp_server = MandosServer((server_settings[u"address"],
1760
1704
server_settings[u"port"]),
1761
1705
ClientHandler,
1762
interface=(server_settings[u"interface"]
1763
or None),
1706
interface=server_settings[u"interface"],
1764
1707
use_ipv6=use_ipv6,
1765
1708
gnutls_priority=
1766
1709
server_settings[u"priority"],
1767
1710
use_dbus=use_dbus)
1768
if not debug:
1769
pidfilename = u"/var/run/mandos.pid"
1770
try:
1771
pidfile = open(pidfilename, u"w")
1772
except IOError:
1773
logger.error(u"Could not open file %r", pidfilename)
1711
pidfilename = u"/var/run/mandos.pid"
1712
try:
1713
pidfile = open(pidfilename, u"w")
1714
except IOError:
1715
logger.error(u"Could not open file %r", pidfilename)
1774
1716
1775
1717
try:
1776
1718
uid = pwd.getpwnam(u"_mandos").pw_uid
1793
1735
if error[0] != errno.EPERM:
1794
1736
raise error
1795
1737
1796
if not debug and not debuglevel:
1797
syslogger.setLevel(logging.WARNING)
1798
console.setLevel(logging.WARNING)
1799
if debuglevel:
1800
level = getattr(logging, debuglevel.upper())
1801
syslogger.setLevel(level)
1802
console.setLevel(level)
1803
1738
# Enable all possible GnuTLS debugging
1804
1739
if debug:
1805
# Enable all possible GnuTLS debugging
1806
1807
1740
# "Use a log level over 10 to enable all debugging options."
1808
1741
# - GnuTLS manual
1809
1742
gnutls.library.functions.gnutls_global_set_log_level(11)
1814
1747
1815
1748
(gnutls.library.functions
1816
1749
.gnutls_global_set_log_function(debug_gnutls))
1817
1818
# Redirect stdin so all checkers get /dev/null
1819
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1820
os.dup2(null, sys.stdin.fileno())
1821
if null > 2:
1822
os.close(null)
1823
else:
1824
# No console logging
1825
logger.removeHandler(console)
1826
1827
1750
1828
1751
global main_loop
1829
1752
# From the Avahi example code
1847
1770
if server_settings["interface"]:
1848
1771
service.interface = (if_nametoindex
1849
1772
(str(server_settings[u"interface"])))
1850
1851
if not debug:
1852
# Close all input and output, do double fork, etc.
1853
daemon()
1854
1855
global multiprocessing_manager
1856
multiprocessing_manager = multiprocessing.Manager()
1857
1773
1858
1774
client_class = Client
1859
1775
if use_dbus:
1877
1793
for section in client_config.sections()))
1878
1794
if not tcp_server.clients:
1879
1795
logger.warning(u"No clients defined")
1880
1796
1797
if debug:
1798
# Redirect stdin so all checkers get /dev/null
1799
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1800
os.dup2(null, sys.stdin.fileno())
1801
if null > 2:
1802
os.close(null)
1803
else:
1804
# No console logging
1805
logger.removeHandler(console)
1806
# Close all input and output, do double fork, etc.
1807
daemon()
1808
1809
try:
1810
with pidfile:
1811
pid = os.getpid()
1812
pidfile.write(str(pid) + "\n")
1813
del pidfile
1814
except IOError:
1815
logger.error(u"Could not write to file %r with PID %d",
1816
pidfilename, pid)
1817
except NameError:
1818
# "pidfile" was never created
1819
pass
1820
del pidfilename
1821
1881
1822
if not debug:
1882
try:
1883
with pidfile:
1884
pid = os.getpid()
1885
pidfile.write(str(pid) + "\n")
1886
del pidfile
1887
except IOError:
1888
logger.error(u"Could not write to file %r with PID %d",
1889
pidfilename, pid)
1890
except NameError:
1891
# "pidfile" was never created
1892
pass
1893
del pidfilename
1894
1895
1823
signal.signal(signal.SIGINT, signal.SIG_IGN)
1896
1897
1824
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
1898
1825
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
1899
1826
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0