To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 275
- compare with another revision
- download diff
- download tarball
- view history from revision 275
- Committer: Teddy Hogeborn
- Date: 2009-01-18 00:16:57 UTC
- Revision ID: teddy@fukt.bsnet.se-20090118001657-6mo3ae73ldy5tegf
* debian/mandos-client.postinst: Converted to Bourne shell. Also
minor message change.
* debian/mandos-client.postrm: Minor message change.
* debian/mandos.postinst: Converted to Bourne shell. Also minor
message change.
* debian/mandos.prerm: Minor message change.
minor message change.
* debian/mandos-client.postrm: Minor message change.
* debian/mandos.postinst: Converted to Bourne shell. Also minor
message change.
* debian/mandos.prerm: Minor message change.
- files removed:
- DBUS-API
- debian/source
- files modified:
- .bzrignore
added
removed
mandos
6
6
# This program is partly derived from an example program for an Avahi
7
7
# service publisher, downloaded from
8
8
# <http://avahi.org/wiki/PythonPublishExample>. This includes the
9
# methods "add", "remove", "server_state_changed",
10
# "entry_group_state_changed", "cleanup", and "activate" in the
11
# "AvahiService" class, and some lines in "main".
9
# methods "add" and "remove" in the "AvahiService" class, the
10
# "server_state_changed" and "entry_group_state_changed" functions,
11
# and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008-2011 Teddy Hogeborn
15
# Copyright © 2008-2011 Björn Påhlsson
14
# Copyright © 2008,2009 Teddy Hogeborn
15
# Copyright © 2008,2009 Björn Påhlsson
16
16
#
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
31
31
# Contact the authors at <mandos@fukt.bsnet.se>.
32
32
#
33
33
34
from __future__ import (division, absolute_import, print_function,
35
unicode_literals)
34
from __future__ import division, with_statement, absolute_import
36
35
37
import SocketServer as socketserver
36
import SocketServer
38
37
import socket
39
import argparse
38
import optparse
40
39
import datetime
41
40
import errno
42
41
import gnutls.crypto
45
44
import gnutls.library.functions
46
45
import gnutls.library.constants
47
46
import gnutls.library.types
48
import ConfigParser as configparser
47
import ConfigParser
49
48
import sys
50
49
import re
51
50
import os
52
51
import signal
52
from sets import Set
53
53
import subprocess
54
54
import atexit
55
55
import stat
56
56
import logging
57
57
import logging.handlers
58
58
import pwd
59
import contextlib
60
import struct
61
import fcntl
62
import functools
63
import cPickle as pickle
64
import multiprocessing
59
from contextlib import closing
65
60
66
61
import dbus
67
62
import dbus.service
70
65
from dbus.mainloop.glib import DBusGMainLoop
71
66
import ctypes
72
67
import ctypes.util
73
import xml.dom.minidom
74
import inspect
75
76
try:
77
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
78
except AttributeError:
79
try:
80
from IN import SO_BINDTODEVICE
81
except ImportError:
82
SO_BINDTODEVICE = None
83
84
85
version = "1.3.1"
86
87
#logger = logging.getLogger('mandos')
68
69
version = "1.0.5"
70
88
71
logger = logging.Logger('mandos')
89
72
syslogger = (logging.handlers.SysLogHandler
90
73
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
91
address = str("/dev/log")))
74
address = "/dev/log"))
92
75
syslogger.setFormatter(logging.Formatter
93
('Mandos [%(process)d]: %(levelname)s:'
94
' %(message)s'))
76
('Mandos: %(levelname)s: %(message)s'))
95
77
logger.addHandler(syslogger)
96
78
97
79
console = logging.StreamHandler()
98
console.setFormatter(logging.Formatter('%(name)s [%(process)d]:'
99
' %(levelname)s:'
80
console.setFormatter(logging.Formatter('%(name)s: %(levelname)s:'
100
81
' %(message)s'))
101
82
logger.addHandler(console)
102
83
116
97
117
98
class AvahiService(object):
118
99
"""An Avahi (Zeroconf) service.
119
120
100
Attributes:
121
101
interface: integer; avahi.IF_UNSPEC or an interface index.
122
102
Used to optionally bind to the specified interface.
130
110
max_renames: integer; maximum number of renames
131
111
rename_count: integer; counter so we only rename after collisions
132
112
a sensible number of times
133
group: D-Bus Entry Group
134
server: D-Bus Server
135
bus: dbus.SystemBus()
136
113
"""
137
114
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
138
115
servicetype = None, port = None, TXT = None,
139
domain = "", host = "", max_renames = 32768,
140
protocol = avahi.PROTO_UNSPEC, bus = None):
116
domain = "", host = "", max_renames = 32768):
141
117
self.interface = interface
142
118
self.name = name
143
119
self.type = servicetype
147
123
self.host = host
148
124
self.rename_count = 0
149
125
self.max_renames = max_renames
150
self.protocol = protocol
151
self.group = None # our entry group
152
self.server = None
153
self.bus = bus
154
self.entry_group_state_changed_match = None
155
126
def rename(self):
156
127
"""Derived from the Avahi example code"""
157
128
if self.rename_count >= self.max_renames:
158
logger.critical("No suitable Zeroconf service name found"
159
" after %i retries, exiting.",
129
logger.critical(u"No suitable Zeroconf service name found"
130
u" after %i retries, exiting.",
160
131
self.rename_count)
161
raise AvahiServiceError("Too many renames")
162
self.name = unicode(self.server.GetAlternativeServiceName(self.name))
163
logger.info("Changing Zeroconf service name to %r ...",
164
self.name)
132
raise AvahiServiceError(u"Too many renames")
133
self.name = server.GetAlternativeServiceName(self.name)
134
logger.info(u"Changing Zeroconf service name to %r ...",
135
str(self.name))
165
136
syslogger.setFormatter(logging.Formatter
166
('Mandos (%s) [%%(process)d]:'
167
' %%(levelname)s: %%(message)s'
168
% self.name))
137
('Mandos (%s): %%(levelname)s:'
138
' %%(message)s' % self.name))
169
139
self.remove()
170
try:
171
self.add()
172
except dbus.exceptions.DBusException as error:
173
logger.critical("DBusException: %s", error)
174
self.cleanup()
175
os._exit(1)
140
self.add()
176
141
self.rename_count += 1
177
142
def remove(self):
178
143
"""Derived from the Avahi example code"""
179
if self.entry_group_state_changed_match is not None:
180
self.entry_group_state_changed_match.remove()
181
self.entry_group_state_changed_match = None
182
if self.group is not None:
183
self.group.Reset()
144
if group is not None:
145
group.Reset()
184
146
def add(self):
185
147
"""Derived from the Avahi example code"""
186
self.remove()
187
if self.group is None:
188
self.group = dbus.Interface(
189
self.bus.get_object(avahi.DBUS_NAME,
190
self.server.EntryGroupNew()),
191
avahi.DBUS_INTERFACE_ENTRY_GROUP)
192
self.entry_group_state_changed_match = (
193
self.group.connect_to_signal(
194
'StateChanged', self .entry_group_state_changed))
195
logger.debug("Adding Zeroconf service '%s' of type '%s' ...",
196
self.name, self.type)
197
self.group.AddService(
198
self.interface,
199
self.protocol,
200
dbus.UInt32(0), # flags
201
self.name, self.type,
202
self.domain, self.host,
203
dbus.UInt16(self.port),
204
avahi.string_array_to_txt_array(self.TXT))
205
self.group.Commit()
206
def entry_group_state_changed(self, state, error):
207
"""Derived from the Avahi example code"""
208
logger.debug("Avahi entry group state change: %i", state)
209
210
if state == avahi.ENTRY_GROUP_ESTABLISHED:
211
logger.debug("Zeroconf service established.")
212
elif state == avahi.ENTRY_GROUP_COLLISION:
213
logger.info("Zeroconf service name collision.")
214
self.rename()
215
elif state == avahi.ENTRY_GROUP_FAILURE:
216
logger.critical("Avahi: Error in group state changed %s",
217
unicode(error))
218
raise AvahiGroupError("State changed: %s"
219
% unicode(error))
220
def cleanup(self):
221
"""Derived from the Avahi example code"""
222
if self.group is not None:
223
try:
224
self.group.Free()
225
except (dbus.exceptions.UnknownMethodException,
226
dbus.exceptions.DBusException) as e:
227
pass
228
self.group = None
229
self.remove()
230
def server_state_changed(self, state, error=None):
231
"""Derived from the Avahi example code"""
232
logger.debug("Avahi server state change: %i", state)
233
bad_states = { avahi.SERVER_INVALID:
234
"Zeroconf server invalid",
235
avahi.SERVER_REGISTERING: None,
236
avahi.SERVER_COLLISION:
237
"Zeroconf server name collision",
238
avahi.SERVER_FAILURE:
239
"Zeroconf server failure" }
240
if state in bad_states:
241
if bad_states[state] is not None:
242
if error is None:
243
logger.error(bad_states[state])
244
else:
245
logger.error(bad_states[state] + ": %r", error)
246
self.cleanup()
247
elif state == avahi.SERVER_RUNNING:
248
self.add()
249
else:
250
if error is None:
251
logger.debug("Unknown state: %r", state)
252
else:
253
logger.debug("Unknown state: %r: %r", state, error)
254
def activate(self):
255
"""Derived from the Avahi example code"""
256
if self.server is None:
257
self.server = dbus.Interface(
258
self.bus.get_object(avahi.DBUS_NAME,
259
avahi.DBUS_PATH_SERVER,
260
follow_name_owner_changes=True),
261
avahi.DBUS_INTERFACE_SERVER)
262
self.server.connect_to_signal("StateChanged",
263
self.server_state_changed)
264
self.server_state_changed(self.server.GetState())
265
266
267
def _timedelta_to_milliseconds(td):
268
"Convert a datetime.timedelta() to milliseconds"
269
return ((td.days * 24 * 60 * 60 * 1000)
270
+ (td.seconds * 1000)
271
+ (td.microseconds // 1000))
272
273
class Client(object):
148
global group
149
if group is None:
150
group = dbus.Interface(bus.get_object
151
(avahi.DBUS_NAME,
152
server.EntryGroupNew()),
153
avahi.DBUS_INTERFACE_ENTRY_GROUP)
154
group.connect_to_signal('StateChanged',
155
entry_group_state_changed)
156
logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",
157
service.name, service.type)
158
group.AddService(
159
self.interface, # interface
160
avahi.PROTO_INET6, # protocol
161
dbus.UInt32(0), # flags
162
self.name, self.type,
163
self.domain, self.host,
164
dbus.UInt16(self.port),
165
avahi.string_array_to_txt_array(self.TXT))
166
group.Commit()
167
168
# From the Avahi example code:
169
group = None # our entry group
170
# End of Avahi example code
171
172
173
def _datetime_to_dbus(dt, variant_level=0):
174
"""Convert a UTC datetime.datetime() to a D-Bus type."""
175
return dbus.String(dt.isoformat(), variant_level=variant_level)
176
177
178
class Client(dbus.service.Object):
274
179
"""A representation of a client host served by this server.
275
276
180
Attributes:
277
_approved: bool(); 'None' if not yet approved/disapproved
278
approval_delay: datetime.timedelta(); Time to wait for approval
279
approval_duration: datetime.timedelta(); Duration of one approval
181
name: string; from the config file, used in log messages
182
fingerprint: string (40 or 32 hexadecimal digits); used to
183
uniquely identify the client
184
secret: bytestring; sent verbatim (over TLS) to client
185
host: string; available for use by the checker command
186
created: datetime.datetime(); (UTC) object creation
187
last_enabled: datetime.datetime(); (UTC)
188
enabled: bool()
189
last_checked_ok: datetime.datetime(); (UTC) or None
190
timeout: datetime.timedelta(); How long from last_checked_ok
191
until this client is invalid
192
interval: datetime.timedelta(); How often to start a new checker
193
disable_hook: If set, called by disable() as disable_hook(self)
280
194
checker: subprocess.Popen(); a running checker process used
281
195
to see if the client lives.
282
196
'None' if no process is running.
283
checker_callback_tag: a gobject event source tag, or None
284
checker_command: string; External command which is run to check
285
if client lives. %() expansions are done at
197
checker_initiator_tag: a gobject event source tag, or None
198
disable_initiator_tag: - '' -
199
checker_callback_tag: - '' -
200
checker_command: string; External command which is run to check if
201
client lives. %() expansions are done at
286
202
runtime with vars(self) as dict, so that for
287
203
instance %(name)s can be used in the command.
288
checker_initiator_tag: a gobject event source tag, or None
289
created: datetime.datetime(); (UTC) object creation
290
current_checker_command: string; current running checker_command
291
disable_hook: If set, called by disable() as disable_hook(self)
292
disable_initiator_tag: a gobject event source tag, or None
293
enabled: bool()
294
fingerprint: string (40 or 32 hexadecimal digits); used to
295
uniquely identify the client
296
host: string; available for use by the checker command
297
interval: datetime.timedelta(); How often to start a new checker
298
last_approval_request: datetime.datetime(); (UTC) or None
299
last_checked_ok: datetime.datetime(); (UTC) or None
300
last_enabled: datetime.datetime(); (UTC)
301
name: string; from the config file, used in log messages and
302
D-Bus identifiers
303
secret: bytestring; sent verbatim (over TLS) to client
304
timeout: datetime.timedelta(); How long from last_checked_ok
305
until this client is disabled
306
extended_timeout: extra long timeout when password has been sent
307
runtime_expansions: Allowed attributes for runtime expansion.
308
expires: datetime.datetime(); time (UTC) when a client will be
309
disabled, or None
204
use_dbus: bool(); Whether to provide D-Bus interface and signals
205
dbus_object_path: dbus.ObjectPath ; only set if self.use_dbus
310
206
"""
311
312
runtime_expansions = ("approval_delay", "approval_duration",
313
"created", "enabled", "fingerprint",
314
"host", "interval", "last_checked_ok",
315
"last_enabled", "name", "timeout")
316
317
207
def timeout_milliseconds(self):
318
208
"Return the 'timeout' attribute in milliseconds"
319
return _timedelta_to_milliseconds(self.timeout)
320
321
def extended_timeout_milliseconds(self):
322
"Return the 'extended_timeout' attribute in milliseconds"
323
return _timedelta_to_milliseconds(self.extended_timeout)
209
return ((self.timeout.days * 24 * 60 * 60 * 1000)
210
+ (self.timeout.seconds * 1000)
211
+ (self.timeout.microseconds // 1000))
324
212
325
213
def interval_milliseconds(self):
326
214
"Return the 'interval' attribute in milliseconds"
327
return _timedelta_to_milliseconds(self.interval)
328
329
def approval_delay_milliseconds(self):
330
return _timedelta_to_milliseconds(self.approval_delay)
331
332
def __init__(self, name = None, disable_hook=None, config=None):
215
return ((self.interval.days * 24 * 60 * 60 * 1000)
216
+ (self.interval.seconds * 1000)
217
+ (self.interval.microseconds // 1000))
218
219
def __init__(self, name = None, disable_hook=None, config=None,
220
use_dbus=True):
333
221
"""Note: the 'checker' key in 'config' sets the
334
222
'checker_command' attribute and *not* the 'checker'
335
223
attribute."""
336
224
self.name = name
337
225
if config is None:
338
226
config = {}
339
logger.debug("Creating client %r", self.name)
227
logger.debug(u"Creating client %r", self.name)
228
self.use_dbus = use_dbus
229
if self.use_dbus:
230
self.dbus_object_path = (dbus.ObjectPath
231
("/Mandos/clients/"
232
+ self.name.replace(".", "_")))
233
dbus.service.Object.__init__(self, bus,
234
self.dbus_object_path)
340
235
# Uppercase and remove spaces from fingerprint for later
341
236
# comparison purposes with return value from the fingerprint()
342
237
# function
343
238
self.fingerprint = (config["fingerprint"].upper()
344
.replace(" ", ""))
345
logger.debug(" Fingerprint: %s", self.fingerprint)
239
.replace(u" ", u""))
240
logger.debug(u" Fingerprint: %s", self.fingerprint)
346
241
if "secret" in config:
347
self.secret = config["secret"].decode("base64")
242
self.secret = config["secret"].decode(u"base64")
348
243
elif "secfile" in config:
349
with open(os.path.expanduser(os.path.expandvars
350
(config["secfile"])),
351
"rb") as secfile:
244
with closing(open(os.path.expanduser
245
(os.path.expandvars
246
(config["secfile"])))) as secfile:
352
247
self.secret = secfile.read()
353
248
else:
354
raise TypeError("No secret or secfile for client %s"
249
raise TypeError(u"No secret or secfile for client %s"
355
250
% self.name)
356
251
self.host = config.get("host", "")
357
252
self.created = datetime.datetime.utcnow()
358
253
self.enabled = False
359
self.last_approval_request = None
360
254
self.last_enabled = None
361
255
self.last_checked_ok = None
362
256
self.timeout = string_to_delta(config["timeout"])
363
self.extended_timeout = string_to_delta(config["extended_timeout"])
364
257
self.interval = string_to_delta(config["interval"])
365
258
self.disable_hook = disable_hook
366
259
self.checker = None
367
260
self.checker_initiator_tag = None
368
261
self.disable_initiator_tag = None
369
self.expires = None
370
262
self.checker_callback_tag = None
371
263
self.checker_command = config["checker"]
372
self.current_checker_command = None
373
self.last_connect = None
374
self._approved = None
375
self.approved_by_default = config.get("approved_by_default",
376
True)
377
self.approvals_pending = 0
378
self.approval_delay = string_to_delta(
379
config["approval_delay"])
380
self.approval_duration = string_to_delta(
381
config["approval_duration"])
382
self.changedstate = multiprocessing_manager.Condition(multiprocessing_manager.Lock())
383
264
384
def send_changedstate(self):
385
self.changedstate.acquire()
386
self.changedstate.notify_all()
387
self.changedstate.release()
388
389
265
def enable(self):
390
266
"""Start this client's checker and timeout hooks"""
391
if getattr(self, "enabled", False):
392
# Already enabled
393
return
394
self.send_changedstate()
267
self.last_enabled = datetime.datetime.utcnow()
395
268
# Schedule a new checker to be started an 'interval' from now,
396
269
# and every interval from then on.
397
270
self.checker_initiator_tag = (gobject.timeout_add
398
271
(self.interval_milliseconds(),
399
272
self.start_checker))
273
# Also start a new checker *right now*.
274
self.start_checker()
400
275
# Schedule a disable() when 'timeout' has passed
401
self.expires = datetime.datetime.utcnow() + self.timeout
402
276
self.disable_initiator_tag = (gobject.timeout_add
403
277
(self.timeout_milliseconds(),
404
278
self.disable))
405
279
self.enabled = True
406
self.last_enabled = datetime.datetime.utcnow()
407
# Also start a new checker *right now*.
408
self.start_checker()
280
if self.use_dbus:
281
# Emit D-Bus signals
282
self.PropertyChanged(dbus.String(u"enabled"),
283
dbus.Boolean(True, variant_level=1))
284
self.PropertyChanged(dbus.String(u"last_enabled"),
285
(_datetime_to_dbus(self.last_enabled,
286
variant_level=1)))
409
287
410
def disable(self, quiet=True):
288
def disable(self):
411
289
"""Disable this client."""
412
290
if not getattr(self, "enabled", False):
413
291
return False
414
if not quiet:
415
self.send_changedstate()
416
if not quiet:
417
logger.info("Disabling client %s", self.name)
292
logger.info(u"Disabling client %s", self.name)
418
293
if getattr(self, "disable_initiator_tag", False):
419
294
gobject.source_remove(self.disable_initiator_tag)
420
295
self.disable_initiator_tag = None
421
self.expires = None
422
296
if getattr(self, "checker_initiator_tag", False):
423
297
gobject.source_remove(self.checker_initiator_tag)
424
298
self.checker_initiator_tag = None
426
300
if self.disable_hook:
427
301
self.disable_hook(self)
428
302
self.enabled = False
303
if self.use_dbus:
304
# Emit D-Bus signal
305
self.PropertyChanged(dbus.String(u"enabled"),
306
dbus.Boolean(False, variant_level=1))
429
307
# Do not run this again if called by a gobject.timeout_add
430
308
return False
431
309
437
315
"""The checker has completed, so take appropriate actions."""
438
316
self.checker_callback_tag = None
439
317
self.checker = None
440
if os.WIFEXITED(condition):
441
exitstatus = os.WEXITSTATUS(condition)
442
if exitstatus == 0:
443
logger.info("Checker for %(name)s succeeded",
444
vars(self))
445
self.checked_ok()
446
else:
447
logger.info("Checker for %(name)s failed",
448
vars(self))
449
else:
450
logger.warning("Checker for %(name)s crashed?",
318
if self.use_dbus:
319
# Emit D-Bus signal
320
self.PropertyChanged(dbus.String(u"checker_running"),
321
dbus.Boolean(False, variant_level=1))
322
if (os.WIFEXITED(condition)
323
and (os.WEXITSTATUS(condition) == 0)):
324
logger.info(u"Checker for %(name)s succeeded",
325
vars(self))
326
if self.use_dbus:
327
# Emit D-Bus signal
328
self.CheckerCompleted(dbus.Boolean(True),
329
dbus.UInt16(condition),
330
dbus.String(command))
331
self.bump_timeout()
332
elif not os.WIFEXITED(condition):
333
logger.warning(u"Checker for %(name)s crashed?",
451
334
vars(self))
335
if self.use_dbus:
336
# Emit D-Bus signal
337
self.CheckerCompleted(dbus.Boolean(False),
338
dbus.UInt16(condition),
339
dbus.String(command))
340
else:
341
logger.info(u"Checker for %(name)s failed",
342
vars(self))
343
if self.use_dbus:
344
# Emit D-Bus signal
345
self.CheckerCompleted(dbus.Boolean(False),
346
dbus.UInt16(condition),
347
dbus.String(command))
452
348
453
def checked_ok(self, timeout=None):
349
def bump_timeout(self):
454
350
"""Bump up the timeout for this client.
455
456
351
This should only be called when the client has been seen,
457
352
alive and well.
458
353
"""
459
if timeout is None:
460
timeout = self.timeout
461
354
self.last_checked_ok = datetime.datetime.utcnow()
462
355
gobject.source_remove(self.disable_initiator_tag)
463
self.expires = datetime.datetime.utcnow() + timeout
464
356
self.disable_initiator_tag = (gobject.timeout_add
465
(_timedelta_to_milliseconds(timeout),
357
(self.timeout_milliseconds(),
466
358
self.disable))
467
468
def need_approval(self):
469
self.last_approval_request = datetime.datetime.utcnow()
359
if self.use_dbus:
360
# Emit D-Bus signal
361
self.PropertyChanged(
362
dbus.String(u"last_checked_ok"),
363
(_datetime_to_dbus(self.last_checked_ok,
364
variant_level=1)))
470
365
471
366
def start_checker(self):
472
367
"""Start a new checker subprocess if one is not running.
473
474
368
If a checker already exists, leave it running and do
475
369
nothing."""
476
370
# The reason for not killing a running checker is that if we
479
373
# client would inevitably timeout, since no checker would get
480
374
# a chance to run to completion. If we instead leave running
481
375
# checkers alone, the checker would have to take more time
482
# than 'timeout' for the client to be disabled, which is as it
483
# should be.
484
485
# If a checker exists, make sure it is not a zombie
486
try:
487
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
488
except (AttributeError, OSError) as error:
489
if (isinstance(error, OSError)
490
and error.errno != errno.ECHILD):
491
raise error
492
else:
493
if pid:
494
logger.warning("Checker was a zombie")
495
gobject.source_remove(self.checker_callback_tag)
496
self.checker_callback(pid, status,
497
self.current_checker_command)
498
# Start a new checker if needed
376
# than 'timeout' for the client to be declared invalid, which
377
# is as it should be.
499
378
if self.checker is None:
500
379
try:
501
380
# In case checker_command has exactly one % operator
502
381
command = self.checker_command % self.host
503
382
except TypeError:
504
383
# Escape attributes for the shell
505
escaped_attrs = dict(
506
(attr,
507
re.escape(unicode(str(getattr(self, attr, "")),
508
errors=
509
'replace')))
510
for attr in
511
self.runtime_expansions)
512
384
escaped_attrs = dict((key, re.escape(str(val)))
385
for key, val in
386
vars(self).iteritems())
513
387
try:
514
388
command = self.checker_command % escaped_attrs
515
except TypeError as error:
516
logger.error('Could not format string "%s":'
517
' %s', self.checker_command, error)
389
except TypeError, error:
390
logger.error(u'Could not format string "%s":'
391
u' %s', self.checker_command, error)
518
392
return True # Try again later
519
self.current_checker_command = command
520
393
try:
521
logger.info("Starting checker %r for %s",
394
logger.info(u"Starting checker %r for %s",
522
395
command, self.name)
523
396
# We don't need to redirect stdout and stderr, since
524
397
# in normal mode, that is already done by daemon(),
527
400
self.checker = subprocess.Popen(command,
528
401
close_fds=True,
529
402
shell=True, cwd="/")
403
if self.use_dbus:
404
# Emit D-Bus signal
405
self.CheckerStarted(command)
406
self.PropertyChanged(
407
dbus.String("checker_running"),
408
dbus.Boolean(True, variant_level=1))
530
409
self.checker_callback_tag = (gobject.child_watch_add
531
410
(self.checker.pid,
532
411
self.checker_callback,
533
412
data=command))
534
# The checker may have completed before the gobject
535
# watch was added. Check for this.
536
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
537
if pid:
538
gobject.source_remove(self.checker_callback_tag)
539
self.checker_callback(pid, status, command)
540
except OSError as error:
541
logger.error("Failed to start subprocess: %s",
413
except OSError, error:
414
logger.error(u"Failed to start subprocess: %s",
542
415
error)
543
416
# Re-run this periodically if run by gobject.timeout_add
544
417
return True
550
423
self.checker_callback_tag = None
551
424
if getattr(self, "checker", None) is None:
552
425
return
553
logger.debug("Stopping checker for %(name)s", vars(self))
426
logger.debug(u"Stopping checker for %(name)s", vars(self))
554
427
try:
555
428
os.kill(self.checker.pid, signal.SIGTERM)
556
#time.sleep(0.5)
429
#os.sleep(0.5)
557
430
#if self.checker.poll() is None:
558
431
# os.kill(self.checker.pid, signal.SIGKILL)
559
except OSError as error:
432
except OSError, error:
560
433
if error.errno != errno.ESRCH: # No such process
561
434
raise
562
435
self.checker = None
563
564
565
def dbus_service_property(dbus_interface, signature="v",
566
access="readwrite", byte_arrays=False):
567
"""Decorators for marking methods of a DBusObjectWithProperties to
568
become properties on the D-Bus.
569
570
The decorated method will be called with no arguments by "Get"
571
and with one argument by "Set".
572
573
The parameters, where they are supported, are the same as
574
dbus.service.method, except there is only "signature", since the
575
type from Get() and the type sent to Set() is the same.
576
"""
577
# Encoding deeply encoded byte arrays is not supported yet by the
578
# "Set" method, so we fail early here:
579
if byte_arrays and signature != "ay":
580
raise ValueError("Byte arrays not supported for non-'ay'"
581
" signature %r" % signature)
582
def decorator(func):
583
func._dbus_is_property = True
584
func._dbus_interface = dbus_interface
585
func._dbus_signature = signature
586
func._dbus_access = access
587
func._dbus_name = func.__name__
588
if func._dbus_name.endswith("_dbus_property"):
589
func._dbus_name = func._dbus_name[:-14]
590
func._dbus_get_args_options = {'byte_arrays': byte_arrays }
591
return func
592
return decorator
593
594
595
class DBusPropertyException(dbus.exceptions.DBusException):
596
"""A base class for D-Bus property-related exceptions
597
"""
598
def __unicode__(self):
599
return unicode(str(self))
600
601
602
class DBusPropertyAccessException(DBusPropertyException):
603
"""A property's access permissions disallows an operation.
604
"""
605
pass
606
607
608
class DBusPropertyNotFound(DBusPropertyException):
609
"""An attempt was made to access a non-existing property.
610
"""
611
pass
612
613
614
class DBusObjectWithProperties(dbus.service.Object):
615
"""A D-Bus object with properties.
616
617
Classes inheriting from this can use the dbus_service_property
618
decorator to expose methods as D-Bus properties. It exposes the
619
standard Get(), Set(), and GetAll() methods on the D-Bus.
620
"""
621
622
@staticmethod
623
def _is_dbus_property(obj):
624
return getattr(obj, "_dbus_is_property", False)
625
626
def _get_all_dbus_properties(self):
627
"""Returns a generator of (name, attribute) pairs
628
"""
629
return ((prop._dbus_name, prop)
630
for name, prop in
631
inspect.getmembers(self, self._is_dbus_property))
632
633
def _get_dbus_property(self, interface_name, property_name):
634
"""Returns a bound method if one exists which is a D-Bus
635
property with the specified name and interface.
636
"""
637
for name in (property_name,
638
property_name + "_dbus_property"):
639
prop = getattr(self, name, None)
640
if (prop is None
641
or not self._is_dbus_property(prop)
642
or prop._dbus_name != property_name
643
or (interface_name and prop._dbus_interface
644
and interface_name != prop._dbus_interface)):
645
continue
646
return prop
647
# No such property
648
raise DBusPropertyNotFound(self.dbus_object_path + ":"
649
+ interface_name + "."
650
+ property_name)
651
652
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
653
out_signature="v")
654
def Get(self, interface_name, property_name):
655
"""Standard D-Bus property Get() method, see D-Bus standard.
656
"""
657
prop = self._get_dbus_property(interface_name, property_name)
658
if prop._dbus_access == "write":
659
raise DBusPropertyAccessException(property_name)
660
value = prop()
661
if not hasattr(value, "variant_level"):
662
return value
663
return type(value)(value, variant_level=value.variant_level+1)
664
665
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ssv")
666
def Set(self, interface_name, property_name, value):
667
"""Standard D-Bus property Set() method, see D-Bus standard.
668
"""
669
prop = self._get_dbus_property(interface_name, property_name)
670
if prop._dbus_access == "read":
671
raise DBusPropertyAccessException(property_name)
672
if prop._dbus_get_args_options["byte_arrays"]:
673
# The byte_arrays option is not supported yet on
674
# signatures other than "ay".
675
if prop._dbus_signature != "ay":
676
raise ValueError
677
value = dbus.ByteArray(''.join(unichr(byte)
678
for byte in value))
679
prop(value)
680
681
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
682
out_signature="a{sv}")
683
def GetAll(self, interface_name):
684
"""Standard D-Bus property GetAll() method, see D-Bus
685
standard.
686
687
Note: Will not include properties with access="write".
688
"""
689
all = {}
690
for name, prop in self._get_all_dbus_properties():
691
if (interface_name
692
and interface_name != prop._dbus_interface):
693
# Interface non-empty but did not match
694
continue
695
# Ignore write-only properties
696
if prop._dbus_access == "write":
697
continue
698
value = prop()
699
if not hasattr(value, "variant_level"):
700
all[name] = value
701
continue
702
all[name] = type(value)(value, variant_level=
703
value.variant_level+1)
704
return dbus.Dictionary(all, signature="sv")
705
706
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
707
out_signature="s",
708
path_keyword='object_path',
709
connection_keyword='connection')
710
def Introspect(self, object_path, connection):
711
"""Standard D-Bus method, overloaded to insert property tags.
712
"""
713
xmlstring = dbus.service.Object.Introspect(self, object_path,
714
connection)
715
try:
716
document = xml.dom.minidom.parseString(xmlstring)
717
def make_tag(document, name, prop):
718
e = document.createElement("property")
719
e.setAttribute("name", name)
720
e.setAttribute("type", prop._dbus_signature)
721
e.setAttribute("access", prop._dbus_access)
722
return e
723
for if_tag in document.getElementsByTagName("interface"):
724
for tag in (make_tag(document, name, prop)
725
for name, prop
726
in self._get_all_dbus_properties()
727
if prop._dbus_interface
728
== if_tag.getAttribute("name")):
729
if_tag.appendChild(tag)
730
# Add the names to the return values for the
731
# "org.freedesktop.DBus.Properties" methods
732
if (if_tag.getAttribute("name")
733
== "org.freedesktop.DBus.Properties"):
734
for cn in if_tag.getElementsByTagName("method"):
735
if cn.getAttribute("name") == "Get":
736
for arg in cn.getElementsByTagName("arg"):
737
if (arg.getAttribute("direction")
738
== "out"):
739
arg.setAttribute("name", "value")
740
elif cn.getAttribute("name") == "GetAll":
741
for arg in cn.getElementsByTagName("arg"):
742
if (arg.getAttribute("direction")
743
== "out"):
744
arg.setAttribute("name", "props")
745
xmlstring = document.toxml("utf-8")
746
document.unlink()
747
except (AttributeError, xml.dom.DOMException,
748
xml.parsers.expat.ExpatError) as error:
749
logger.error("Failed to override Introspection method",
750
error)
751
return xmlstring
752
753
754
def datetime_to_dbus (dt, variant_level=0):
755
"""Convert a UTC datetime.datetime() to a D-Bus type."""
756
if dt is None:
757
return dbus.String("", variant_level = variant_level)
758
return dbus.String(dt.isoformat(),
759
variant_level=variant_level)
760
761
762
class ClientDBus(Client, DBusObjectWithProperties):
763
"""A Client class using D-Bus
764
765
Attributes:
766
dbus_object_path: dbus.ObjectPath
767
bus: dbus.SystemBus()
768
"""
769
770
runtime_expansions = (Client.runtime_expansions
771
+ ("dbus_object_path",))
772
773
# dbus.service.Object doesn't use super(), so we can't either.
774
775
def __init__(self, bus = None, *args, **kwargs):
776
self._approvals_pending = 0
777
self.bus = bus
778
Client.__init__(self, *args, **kwargs)
779
# Only now, when this client is initialized, can it show up on
780
# the D-Bus
781
client_object_name = unicode(self.name).translate(
782
{ord("."): ord("_"),
783
ord("-"): ord("_")})
784
self.dbus_object_path = (dbus.ObjectPath
785
("/clients/" + client_object_name))
786
DBusObjectWithProperties.__init__(self, self.bus,
787
self.dbus_object_path)
788
789
def notifychangeproperty(transform_func,
790
dbus_name, type_func=lambda x: x,
791
variant_level=1):
792
""" Modify a variable so that its a property that announce its
793
changes to DBus.
794
transform_fun: Function that takes a value and transform it to
795
DBus type.
796
dbus_name: DBus name of the variable
797
type_func: Function that transform the value before sending it
798
to DBus
799
variant_level: DBus variant level. default: 1
800
"""
801
real_value = [None,]
802
def setter(self, value):
803
old_value = real_value[0]
804
real_value[0] = value
805
if hasattr(self, "dbus_object_path"):
806
if type_func(old_value) != type_func(real_value[0]):
807
dbus_value = transform_func(type_func(real_value[0]),
808
variant_level)
809
self.PropertyChanged(dbus.String(dbus_name),
810
dbus_value)
811
812
return property(lambda self: real_value[0], setter)
813
814
815
expires = notifychangeproperty(datetime_to_dbus, "Expires")
816
approvals_pending = notifychangeproperty(dbus.Boolean,
817
"ApprovalPending",
818
type_func = bool)
819
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
820
last_enabled = notifychangeproperty(datetime_to_dbus,
821
"LastEnabled")
822
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
823
type_func = lambda checker: checker is not None)
824
last_checked_ok = notifychangeproperty(datetime_to_dbus,
825
"LastCheckedOK")
826
last_approval_request = notifychangeproperty(datetime_to_dbus,
827
"LastApprovalRequest")
828
approved_by_default = notifychangeproperty(dbus.Boolean,
829
"ApprovedByDefault")
830
approval_delay = notifychangeproperty(dbus.UInt16, "ApprovalDelay",
831
type_func = _timedelta_to_milliseconds)
832
approval_duration = notifychangeproperty(dbus.UInt16, "ApprovalDuration",
833
type_func = _timedelta_to_milliseconds)
834
host = notifychangeproperty(dbus.String, "Host")
835
timeout = notifychangeproperty(dbus.UInt16, "Timeout",
836
type_func = _timedelta_to_milliseconds)
837
extended_timeout = notifychangeproperty(dbus.UInt16, "ExtendedTimeout",
838
type_func = _timedelta_to_milliseconds)
839
interval = notifychangeproperty(dbus.UInt16, "Interval",
840
type_func = _timedelta_to_milliseconds)
841
checker_command = notifychangeproperty(dbus.String, "Checker")
842
843
del notifychangeproperty
844
845
def __del__(self, *args, **kwargs):
846
try:
847
self.remove_from_connection()
848
except LookupError:
849
pass
850
if hasattr(DBusObjectWithProperties, "__del__"):
851
DBusObjectWithProperties.__del__(self, *args, **kwargs)
852
Client.__del__(self, *args, **kwargs)
853
854
def checker_callback(self, pid, condition, command,
855
*args, **kwargs):
856
self.checker_callback_tag = None
857
self.checker = None
858
if os.WIFEXITED(condition):
859
exitstatus = os.WEXITSTATUS(condition)
860
# Emit D-Bus signal
861
self.CheckerCompleted(dbus.Int16(exitstatus),
862
dbus.Int64(condition),
863
dbus.String(command))
864
else:
865
# Emit D-Bus signal
866
self.CheckerCompleted(dbus.Int16(-1),
867
dbus.Int64(condition),
868
dbus.String(command))
869
870
return Client.checker_callback(self, pid, condition, command,
871
*args, **kwargs)
872
873
def start_checker(self, *args, **kwargs):
874
old_checker = self.checker
875
if self.checker is not None:
876
old_checker_pid = self.checker.pid
877
else:
878
old_checker_pid = None
879
r = Client.start_checker(self, *args, **kwargs)
880
# Only if new checker process was started
881
if (self.checker is not None
882
and old_checker_pid != self.checker.pid):
883
# Emit D-Bus signal
884
self.CheckerStarted(self.current_checker_command)
885
return r
886
887
def _reset_approved(self):
888
self._approved = None
889
return False
890
891
def approve(self, value=True):
892
self.send_changedstate()
893
self._approved = value
894
gobject.timeout_add(_timedelta_to_milliseconds
895
(self.approval_duration),
896
self._reset_approved)
897
898
899
## D-Bus methods, signals & properties
900
_interface = "se.bsnet.fukt.Mandos.Client"
901
902
## Signals
436
if self.use_dbus:
437
self.PropertyChanged(dbus.String(u"checker_running"),
438
dbus.Boolean(False, variant_level=1))
439
440
def still_valid(self):
441
"""Has the timeout not yet passed for this client?"""
442
if not getattr(self, "enabled", False):
443
return False
444
now = datetime.datetime.utcnow()
445
if self.last_checked_ok is None:
446
return now < (self.created + self.timeout)
447
else:
448
return now < (self.last_checked_ok + self.timeout)
449
450
## D-Bus methods & signals
451
_interface = u"org.mandos_system.Mandos.Client"
452
453
# BumpTimeout - method
454
BumpTimeout = dbus.service.method(_interface)(bump_timeout)
455
BumpTimeout.__name__ = "BumpTimeout"
903
456
904
457
# CheckerCompleted - signal
905
@dbus.service.signal(_interface, signature="nxs")
906
def CheckerCompleted(self, exitcode, waitstatus, command):
458
@dbus.service.signal(_interface, signature="bqs")
459
def CheckerCompleted(self, success, condition, command):
907
460
"D-Bus signal"
908
461
pass
909
462
913
466
"D-Bus signal"
914
467
pass
915
468
469
# GetAllProperties - method
470
@dbus.service.method(_interface, out_signature="a{sv}")
471
def GetAllProperties(self):
472
"D-Bus method"
473
return dbus.Dictionary({
474
dbus.String("name"):
475
dbus.String(self.name, variant_level=1),
476
dbus.String("fingerprint"):
477
dbus.String(self.fingerprint, variant_level=1),
478
dbus.String("host"):
479
dbus.String(self.host, variant_level=1),
480
dbus.String("created"):
481
_datetime_to_dbus(self.created, variant_level=1),
482
dbus.String("last_enabled"):
483
(_datetime_to_dbus(self.last_enabled,
484
variant_level=1)
485
if self.last_enabled is not None
486
else dbus.Boolean(False, variant_level=1)),
487
dbus.String("enabled"):
488
dbus.Boolean(self.enabled, variant_level=1),
489
dbus.String("last_checked_ok"):
490
(_datetime_to_dbus(self.last_checked_ok,
491
variant_level=1)
492
if self.last_checked_ok is not None
493
else dbus.Boolean (False, variant_level=1)),
494
dbus.String("timeout"):
495
dbus.UInt64(self.timeout_milliseconds(),
496
variant_level=1),
497
dbus.String("interval"):
498
dbus.UInt64(self.interval_milliseconds(),
499
variant_level=1),
500
dbus.String("checker"):
501
dbus.String(self.checker_command,
502
variant_level=1),
503
dbus.String("checker_running"):
504
dbus.Boolean(self.checker is not None,
505
variant_level=1),
506
}, signature="sv")
507
508
# IsStillValid - method
509
IsStillValid = (dbus.service.method(_interface, out_signature="b")
510
(still_valid))
511
IsStillValid.__name__ = "IsStillValid"
512
916
513
# PropertyChanged - signal
917
514
@dbus.service.signal(_interface, signature="sv")
918
515
def PropertyChanged(self, property, value):
919
516
"D-Bus signal"
920
517
pass
921
518
922
# GotSecret - signal
923
@dbus.service.signal(_interface)
924
def GotSecret(self):
925
"""D-Bus signal
926
Is sent after a successful transfer of secret from the Mandos
927
server to mandos-client
928
"""
929
pass
930
931
# Rejected - signal
932
@dbus.service.signal(_interface, signature="s")
933
def Rejected(self, reason):
934
"D-Bus signal"
935
pass
936
937
# NeedApproval - signal
938
@dbus.service.signal(_interface, signature="tb")
939
def NeedApproval(self, timeout, default):
940
"D-Bus signal"
941
return self.need_approval()
942
943
## Methods
944
945
# Approve - method
946
@dbus.service.method(_interface, in_signature="b")
947
def Approve(self, value):
948
self.approve(value)
949
950
# CheckedOK - method
951
@dbus.service.method(_interface)
952
def CheckedOK(self):
953
self.checked_ok()
519
# SetChecker - method
520
@dbus.service.method(_interface, in_signature="s")
521
def SetChecker(self, checker):
522
"D-Bus setter method"
523
self.checker_command = checker
524
# Emit D-Bus signal
525
self.PropertyChanged(dbus.String(u"checker"),
526
dbus.String(self.checker_command,
527
variant_level=1))
528
529
# SetHost - method
530
@dbus.service.method(_interface, in_signature="s")
531
def SetHost(self, host):
532
"D-Bus setter method"
533
self.host = host
534
# Emit D-Bus signal
535
self.PropertyChanged(dbus.String(u"host"),
536
dbus.String(self.host, variant_level=1))
537
538
# SetInterval - method
539
@dbus.service.method(_interface, in_signature="t")
540
def SetInterval(self, milliseconds):
541
self.interval = datetime.timedelta(0, 0, 0, milliseconds)
542
# Emit D-Bus signal
543
self.PropertyChanged(dbus.String(u"interval"),
544
(dbus.UInt64(self.interval_milliseconds(),
545
variant_level=1)))
546
547
# SetSecret - method
548
@dbus.service.method(_interface, in_signature="ay",
549
byte_arrays=True)
550
def SetSecret(self, secret):
551
"D-Bus setter method"
552
self.secret = str(secret)
553
554
# SetTimeout - method
555
@dbus.service.method(_interface, in_signature="t")
556
def SetTimeout(self, milliseconds):
557
self.timeout = datetime.timedelta(0, 0, 0, milliseconds)
558
# Emit D-Bus signal
559
self.PropertyChanged(dbus.String(u"timeout"),
560
(dbus.UInt64(self.timeout_milliseconds(),
561
variant_level=1)))
954
562
955
563
# Enable - method
956
@dbus.service.method(_interface)
957
def Enable(self):
958
"D-Bus method"
959
self.enable()
564
Enable = dbus.service.method(_interface)(enable)
565
Enable.__name__ = "Enable"
960
566
961
567
# StartChecker - method
962
568
@dbus.service.method(_interface)
971
577
self.disable()
972
578
973
579
# StopChecker - method
974
@dbus.service.method(_interface)
975
def StopChecker(self):
976
self.stop_checker()
977
978
## Properties
979
980
# ApprovalPending - property
981
@dbus_service_property(_interface, signature="b", access="read")
982
def ApprovalPending_dbus_property(self):
983
return dbus.Boolean(bool(self.approvals_pending))
984
985
# ApprovedByDefault - property
986
@dbus_service_property(_interface, signature="b",
987
access="readwrite")
988
def ApprovedByDefault_dbus_property(self, value=None):
989
if value is None: # get
990
return dbus.Boolean(self.approved_by_default)
991
self.approved_by_default = bool(value)
992
993
# ApprovalDelay - property
994
@dbus_service_property(_interface, signature="t",
995
access="readwrite")
996
def ApprovalDelay_dbus_property(self, value=None):
997
if value is None: # get
998
return dbus.UInt64(self.approval_delay_milliseconds())
999
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1000
1001
# ApprovalDuration - property
1002
@dbus_service_property(_interface, signature="t",
1003
access="readwrite")
1004
def ApprovalDuration_dbus_property(self, value=None):
1005
if value is None: # get
1006
return dbus.UInt64(_timedelta_to_milliseconds(
1007
self.approval_duration))
1008
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1009
1010
# Name - property
1011
@dbus_service_property(_interface, signature="s", access="read")
1012
def Name_dbus_property(self):
1013
return dbus.String(self.name)
1014
1015
# Fingerprint - property
1016
@dbus_service_property(_interface, signature="s", access="read")
1017
def Fingerprint_dbus_property(self):
1018
return dbus.String(self.fingerprint)
1019
1020
# Host - property
1021
@dbus_service_property(_interface, signature="s",
1022
access="readwrite")
1023
def Host_dbus_property(self, value=None):
1024
if value is None: # get
1025
return dbus.String(self.host)
1026
self.host = value
1027
1028
# Created - property
1029
@dbus_service_property(_interface, signature="s", access="read")
1030
def Created_dbus_property(self):
1031
return dbus.String(datetime_to_dbus(self.created))
1032
1033
# LastEnabled - property
1034
@dbus_service_property(_interface, signature="s", access="read")
1035
def LastEnabled_dbus_property(self):
1036
return datetime_to_dbus(self.last_enabled)
1037
1038
# Enabled - property
1039
@dbus_service_property(_interface, signature="b",
1040
access="readwrite")
1041
def Enabled_dbus_property(self, value=None):
1042
if value is None: # get
1043
return dbus.Boolean(self.enabled)
1044
if value:
1045
self.enable()
1046
else:
1047
self.disable()
1048
1049
# LastCheckedOK - property
1050
@dbus_service_property(_interface, signature="s",
1051
access="readwrite")
1052
def LastCheckedOK_dbus_property(self, value=None):
1053
if value is not None:
1054
self.checked_ok()
1055
return
1056
return datetime_to_dbus(self.last_checked_ok)
1057
1058
# Expires - property
1059
@dbus_service_property(_interface, signature="s", access="read")
1060
def Expires_dbus_property(self):
1061
return datetime_to_dbus(self.expires)
1062
1063
# LastApprovalRequest - property
1064
@dbus_service_property(_interface, signature="s", access="read")
1065
def LastApprovalRequest_dbus_property(self):
1066
return datetime_to_dbus(self.last_approval_request)
1067
1068
# Timeout - property
1069
@dbus_service_property(_interface, signature="t",
1070
access="readwrite")
1071
def Timeout_dbus_property(self, value=None):
1072
if value is None: # get
1073
return dbus.UInt64(self.timeout_milliseconds())
1074
self.timeout = datetime.timedelta(0, 0, 0, value)
1075
if getattr(self, "disable_initiator_tag", None) is None:
1076
return
1077
# Reschedule timeout
1078
gobject.source_remove(self.disable_initiator_tag)
1079
self.disable_initiator_tag = None
1080
self.expires = None
1081
time_to_die = (self.
1082
_timedelta_to_milliseconds((self
1083
.last_checked_ok
1084
+ self.timeout)
1085
- datetime.datetime
1086
.utcnow()))
1087
if time_to_die <= 0:
1088
# The timeout has passed
1089
self.disable()
1090
else:
1091
self.expires = (datetime.datetime.utcnow()
1092
+ datetime.timedelta(milliseconds = time_to_die))
1093
self.disable_initiator_tag = (gobject.timeout_add
1094
(time_to_die, self.disable))
1095
1096
# ExtendedTimeout - property
1097
@dbus_service_property(_interface, signature="t",
1098
access="readwrite")
1099
def ExtendedTimeout_dbus_property(self, value=None):
1100
if value is None: # get
1101
return dbus.UInt64(self.extended_timeout_milliseconds())
1102
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1103
1104
# Interval - property
1105
@dbus_service_property(_interface, signature="t",
1106
access="readwrite")
1107
def Interval_dbus_property(self, value=None):
1108
if value is None: # get
1109
return dbus.UInt64(self.interval_milliseconds())
1110
self.interval = datetime.timedelta(0, 0, 0, value)
1111
if getattr(self, "checker_initiator_tag", None) is None:
1112
return
1113
# Reschedule checker run
1114
gobject.source_remove(self.checker_initiator_tag)
1115
self.checker_initiator_tag = (gobject.timeout_add
1116
(value, self.start_checker))
1117
self.start_checker() # Start one now, too
1118
1119
# Checker - property
1120
@dbus_service_property(_interface, signature="s",
1121
access="readwrite")
1122
def Checker_dbus_property(self, value=None):
1123
if value is None: # get
1124
return dbus.String(self.checker_command)
1125
self.checker_command = value
1126
1127
# CheckerRunning - property
1128
@dbus_service_property(_interface, signature="b",
1129
access="readwrite")
1130
def CheckerRunning_dbus_property(self, value=None):
1131
if value is None: # get
1132
return dbus.Boolean(self.checker is not None)
1133
if value:
1134
self.start_checker()
1135
else:
1136
self.stop_checker()
1137
1138
# ObjectPath - property
1139
@dbus_service_property(_interface, signature="o", access="read")
1140
def ObjectPath_dbus_property(self):
1141
return self.dbus_object_path # is already a dbus.ObjectPath
1142
1143
# Secret = property
1144
@dbus_service_property(_interface, signature="ay",
1145
access="write", byte_arrays=True)
1146
def Secret_dbus_property(self, value):
1147
self.secret = str(value)
580
StopChecker = dbus.service.method(_interface)(stop_checker)
581
StopChecker.__name__ = "StopChecker"
1148
582
1149
583
del _interface
1150
584
1151
585
1152
class ProxyClient(object):
1153
def __init__(self, child_pipe, fpr, address):
1154
self._pipe = child_pipe
1155
self._pipe.send(('init', fpr, address))
1156
if not self._pipe.recv():
1157
raise KeyError()
1158
1159
def __getattribute__(self, name):
1160
if(name == '_pipe'):
1161
return super(ProxyClient, self).__getattribute__(name)
1162
self._pipe.send(('getattr', name))
1163
data = self._pipe.recv()
1164
if data[0] == 'data':
1165
return data[1]
1166
if data[0] == 'function':
1167
def func(*args, **kwargs):
1168
self._pipe.send(('funcall', name, args, kwargs))
1169
return self._pipe.recv()[1]
1170
return func
1171
1172
def __setattr__(self, name, value):
1173
if(name == '_pipe'):
1174
return super(ProxyClient, self).__setattr__(name, value)
1175
self._pipe.send(('setattr', name, value))
1176
1177
1178
class ClientHandler(socketserver.BaseRequestHandler, object):
1179
"""A class to handle client connections.
1180
1181
Instantiated once for each connection to handle it.
586
def peer_certificate(session):
587
"Return the peer's OpenPGP certificate as a bytestring"
588
# If not an OpenPGP certificate...
589
if (gnutls.library.functions
590
.gnutls_certificate_type_get(session._c_object)
591
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
592
# ...do the normal thing
593
return session.peer_certificate
594
list_size = ctypes.c_uint()
595
cert_list = (gnutls.library.functions
596
.gnutls_certificate_get_peers
597
(session._c_object, ctypes.byref(list_size)))
598
if list_size.value == 0:
599
return None
600
cert = cert_list[0]
601
return ctypes.string_at(cert.data, cert.size)
602
603
604
def fingerprint(openpgp):
605
"Convert an OpenPGP bytestring to a hexdigit fingerprint string"
606
# New GnuTLS "datum" with the OpenPGP public key
607
datum = (gnutls.library.types
608
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
609
ctypes.POINTER
610
(ctypes.c_ubyte)),
611
ctypes.c_uint(len(openpgp))))
612
# New empty GnuTLS certificate
613
crt = gnutls.library.types.gnutls_openpgp_crt_t()
614
(gnutls.library.functions
615
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
616
# Import the OpenPGP public key into the certificate
617
(gnutls.library.functions
618
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
619
gnutls.library.constants
620
.GNUTLS_OPENPGP_FMT_RAW))
621
# Verify the self signature in the key
622
crtverify = ctypes.c_uint()
623
(gnutls.library.functions
624
.gnutls_openpgp_crt_verify_self(crt, 0, ctypes.byref(crtverify)))
625
if crtverify.value != 0:
626
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
627
raise gnutls.errors.CertificateSecurityError("Verify failed")
628
# New buffer for the fingerprint
629
buf = ctypes.create_string_buffer(20)
630
buf_len = ctypes.c_size_t()
631
# Get the fingerprint from the certificate into the buffer
632
(gnutls.library.functions
633
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
634
ctypes.byref(buf_len)))
635
# Deinit the certificate
636
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
637
# Convert the buffer to a Python bytestring
638
fpr = ctypes.string_at(buf, buf_len.value)
639
# Convert the bytestring to hexadecimal notation
640
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
641
return hex_fpr
642
643
644
class TCP_handler(SocketServer.BaseRequestHandler, object):
645
"""A TCP request handler class.
646
Instantiated by IPv6_TCPServer for each request to handle it.
1182
647
Note: This will run in its own forked process."""
1183
648
1184
649
def handle(self):
1185
with contextlib.closing(self.server.child_pipe) as child_pipe:
1186
logger.info("TCP connection from: %s",
1187
unicode(self.client_address))
1188
logger.debug("Pipe FD: %d",
1189
self.server.child_pipe.fileno())
1190
1191
session = (gnutls.connection
1192
.ClientSession(self.request,
1193
gnutls.connection
1194
.X509Credentials()))
1195
1196
# Note: gnutls.connection.X509Credentials is really a
1197
# generic GnuTLS certificate credentials object so long as
1198
# no X.509 keys are added to it. Therefore, we can use it
1199
# here despite using OpenPGP certificates.
1200
1201
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
1202
# "+AES-256-CBC", "+SHA1",
1203
# "+COMP-NULL", "+CTYPE-OPENPGP",
1204
# "+DHE-DSS"))
1205
# Use a fallback default, since this MUST be set.
1206
priority = self.server.gnutls_priority
1207
if priority is None:
1208
priority = "NORMAL"
1209
(gnutls.library.functions
1210
.gnutls_priority_set_direct(session._c_object,
1211
priority, None))
1212
1213
# Start communication using the Mandos protocol
1214
# Get protocol number
1215
line = self.request.makefile().readline()
1216
logger.debug("Protocol version: %r", line)
1217
try:
1218
if int(line.strip().split()[0]) > 1:
1219
raise RuntimeError
1220
except (ValueError, IndexError, RuntimeError) as error:
1221
logger.error("Unknown protocol version: %s", error)
1222
return
1223
1224
# Start GnuTLS connection
1225
try:
1226
session.handshake()
1227
except gnutls.errors.GNUTLSError as error:
1228
logger.warning("Handshake failed: %s", error)
1229
# Do not run session.bye() here: the session is not
1230
# established. Just abandon the request.
1231
return
1232
logger.debug("Handshake succeeded")
1233
1234
approval_required = False
1235
try:
1236
try:
1237
fpr = self.fingerprint(self.peer_certificate
1238
(session))
1239
except (TypeError,
1240
gnutls.errors.GNUTLSError) as error:
1241
logger.warning("Bad certificate: %s", error)
1242
return
1243
logger.debug("Fingerprint: %s", fpr)
1244
1245
try:
1246
client = ProxyClient(child_pipe, fpr,
1247
self.client_address)
1248
except KeyError:
1249
return
1250
1251
if client.approval_delay:
1252
delay = client.approval_delay
1253
client.approvals_pending += 1
1254
approval_required = True
1255
1256
while True:
1257
if not client.enabled:
1258
logger.info("Client %s is disabled",
1259
client.name)
1260
if self.server.use_dbus:
1261
# Emit D-Bus signal
1262
client.Rejected("Disabled")
1263
return
1264
1265
if client._approved or not client.approval_delay:
1266
#We are approved or approval is disabled
1267
break
1268
elif client._approved is None:
1269
logger.info("Client %s needs approval",
1270
client.name)
1271
if self.server.use_dbus:
1272
# Emit D-Bus signal
1273
client.NeedApproval(
1274
client.approval_delay_milliseconds(),
1275
client.approved_by_default)
1276
else:
1277
logger.warning("Client %s was not approved",
1278
client.name)
1279
if self.server.use_dbus:
1280
# Emit D-Bus signal
1281
client.Rejected("Denied")
1282
return
1283
1284
#wait until timeout or approved
1285
#x = float(client._timedelta_to_milliseconds(delay))
1286
time = datetime.datetime.now()
1287
client.changedstate.acquire()
1288
client.changedstate.wait(float(client._timedelta_to_milliseconds(delay) / 1000))
1289
client.changedstate.release()
1290
time2 = datetime.datetime.now()
1291
if (time2 - time) >= delay:
1292
if not client.approved_by_default:
1293
logger.warning("Client %s timed out while"
1294
" waiting for approval",
1295
client.name)
1296
if self.server.use_dbus:
1297
# Emit D-Bus signal
1298
client.Rejected("Approval timed out")
1299
return
1300
else:
1301
break
1302
else:
1303
delay -= time2 - time
1304
1305
sent_size = 0
1306
while sent_size < len(client.secret):
1307
try:
1308
sent = session.send(client.secret[sent_size:])
1309
except gnutls.errors.GNUTLSError as error:
1310
logger.warning("gnutls send failed")
1311
return
1312
logger.debug("Sent: %d, remaining: %d",
1313
sent, len(client.secret)
1314
- (sent_size + sent))
1315
sent_size += sent
1316
1317
logger.info("Sending secret to %s", client.name)
1318
# bump the timeout as if seen
1319
client.checked_ok(client.extended_timeout)
1320
if self.server.use_dbus:
1321
# Emit D-Bus signal
1322
client.GotSecret()
1323
1324
finally:
1325
if approval_required:
1326
client.approvals_pending -= 1
1327
try:
1328
session.bye()
1329
except gnutls.errors.GNUTLSError as error:
1330
logger.warning("GnuTLS bye failed")
1331
1332
@staticmethod
1333
def peer_certificate(session):
1334
"Return the peer's OpenPGP certificate as a bytestring"
1335
# If not an OpenPGP certificate...
1336
if (gnutls.library.functions
1337
.gnutls_certificate_type_get(session._c_object)
1338
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
1339
# ...do the normal thing
1340
return session.peer_certificate
1341
list_size = ctypes.c_uint(1)
1342
cert_list = (gnutls.library.functions
1343
.gnutls_certificate_get_peers
1344
(session._c_object, ctypes.byref(list_size)))
1345
if not bool(cert_list) and list_size.value != 0:
1346
raise gnutls.errors.GNUTLSError("error getting peer"
1347
" certificate")
1348
if list_size.value == 0:
1349
return None
1350
cert = cert_list[0]
1351
return ctypes.string_at(cert.data, cert.size)
1352
1353
@staticmethod
1354
def fingerprint(openpgp):
1355
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
1356
# New GnuTLS "datum" with the OpenPGP public key
1357
datum = (gnutls.library.types
1358
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
1359
ctypes.POINTER
1360
(ctypes.c_ubyte)),
1361
ctypes.c_uint(len(openpgp))))
1362
# New empty GnuTLS certificate
1363
crt = gnutls.library.types.gnutls_openpgp_crt_t()
1364
(gnutls.library.functions
1365
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
1366
# Import the OpenPGP public key into the certificate
1367
(gnutls.library.functions
1368
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
1369
gnutls.library.constants
1370
.GNUTLS_OPENPGP_FMT_RAW))
1371
# Verify the self signature in the key
1372
crtverify = ctypes.c_uint()
1373
(gnutls.library.functions
1374
.gnutls_openpgp_crt_verify_self(crt, 0,
1375
ctypes.byref(crtverify)))
1376
if crtverify.value != 0:
1377
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1378
raise (gnutls.errors.CertificateSecurityError
1379
("Verify failed"))
1380
# New buffer for the fingerprint
1381
buf = ctypes.create_string_buffer(20)
1382
buf_len = ctypes.c_size_t()
1383
# Get the fingerprint from the certificate into the buffer
1384
(gnutls.library.functions
1385
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
1386
ctypes.byref(buf_len)))
1387
# Deinit the certificate
1388
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1389
# Convert the buffer to a Python bytestring
1390
fpr = ctypes.string_at(buf, buf_len.value)
1391
# Convert the bytestring to hexadecimal notation
1392
hex_fpr = ''.join("%02X" % ord(char) for char in fpr)
1393
return hex_fpr
1394
1395
1396
class MultiprocessingMixIn(object):
1397
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
1398
def sub_process_main(self, request, address):
1399
try:
1400
self.finish_request(request, address)
1401
except:
1402
self.handle_error(request, address)
1403
self.close_request(request)
1404
1405
def process_request(self, request, address):
1406
"""Start a new process to process the request."""
1407
multiprocessing.Process(target = self.sub_process_main,
1408
args = (request, address)).start()
1409
1410
1411
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
1412
""" adds a pipe to the MixIn """
1413
def process_request(self, request, client_address):
1414
"""Overrides and wraps the original process_request().
1415
1416
This function creates a new pipe in self.pipe
1417
"""
1418
parent_pipe, self.child_pipe = multiprocessing.Pipe()
1419
1420
super(MultiprocessingMixInWithPipe,
1421
self).process_request(request, client_address)
1422
self.child_pipe.close()
1423
self.add_pipe(parent_pipe)
1424
1425
def add_pipe(self, parent_pipe):
1426
"""Dummy function; override as necessary"""
1427
raise NotImplementedError
1428
1429
1430
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
1431
socketserver.TCPServer, object):
1432
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
1433
650
logger.info(u"TCP connection from: %s",
651
unicode(self.client_address))
652
session = (gnutls.connection
653
.ClientSession(self.request,
654
gnutls.connection
655
.X509Credentials()))
656
657
line = self.request.makefile().readline()
658
logger.debug(u"Protocol version: %r", line)
659
try:
660
if int(line.strip().split()[0]) > 1:
661
raise RuntimeError
662
except (ValueError, IndexError, RuntimeError), error:
663
logger.error(u"Unknown protocol version: %s", error)
664
return
665
666
# Note: gnutls.connection.X509Credentials is really a generic
667
# GnuTLS certificate credentials object so long as no X.509
668
# keys are added to it. Therefore, we can use it here despite
669
# using OpenPGP certificates.
670
671
#priority = ':'.join(("NONE", "+VERS-TLS1.1", "+AES-256-CBC",
672
# "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",
673
# "+DHE-DSS"))
674
# Use a fallback default, since this MUST be set.
675
priority = self.server.settings.get("priority", "NORMAL")
676
(gnutls.library.functions
677
.gnutls_priority_set_direct(session._c_object,
678
priority, None))
679
680
try:
681
session.handshake()
682
except gnutls.errors.GNUTLSError, error:
683
logger.warning(u"Handshake failed: %s", error)
684
# Do not run session.bye() here: the session is not
685
# established. Just abandon the request.
686
return
687
try:
688
fpr = fingerprint(peer_certificate(session))
689
except (TypeError, gnutls.errors.GNUTLSError), error:
690
logger.warning(u"Bad certificate: %s", error)
691
session.bye()
692
return
693
logger.debug(u"Fingerprint: %s", fpr)
694
for c in self.server.clients:
695
if c.fingerprint == fpr:
696
client = c
697
break
698
else:
699
logger.warning(u"Client not found for fingerprint: %s",
700
fpr)
701
session.bye()
702
return
703
# Have to check if client.still_valid(), since it is possible
704
# that the client timed out while establishing the GnuTLS
705
# session.
706
if not client.still_valid():
707
logger.warning(u"Client %(name)s is invalid",
708
vars(client))
709
session.bye()
710
return
711
## This won't work here, since we're in a fork.
712
# client.bump_timeout()
713
sent_size = 0
714
while sent_size < len(client.secret):
715
sent = session.send(client.secret[sent_size:])
716
logger.debug(u"Sent: %d, remaining: %d",
717
sent, len(client.secret)
718
- (sent_size + sent))
719
sent_size += sent
720
session.bye()
721
722
723
class IPv6_TCPServer(SocketServer.ForkingMixIn,
724
SocketServer.TCPServer, object):
725
"""IPv6 TCP server. Accepts 'None' as address and/or port.
1434
726
Attributes:
727
settings: Server settings
728
clients: Set() of Client objects
1435
729
enabled: Boolean; whether this server is activated yet
1436
interface: None or a network interface name (string)
1437
use_ipv6: Boolean; to use IPv6 or not
1438
730
"""
1439
def __init__(self, server_address, RequestHandlerClass,
1440
interface=None, use_ipv6=True):
1441
self.interface = interface
1442
if use_ipv6:
1443
self.address_family = socket.AF_INET6
1444
socketserver.TCPServer.__init__(self, server_address,
1445
RequestHandlerClass)
731
address_family = socket.AF_INET6
732
def __init__(self, *args, **kwargs):
733
if "settings" in kwargs:
734
self.settings = kwargs["settings"]
735
del kwargs["settings"]
736
if "clients" in kwargs:
737
self.clients = kwargs["clients"]
738
del kwargs["clients"]
739
self.enabled = False
740
super(IPv6_TCPServer, self).__init__(*args, **kwargs)
1446
741
def server_bind(self):
1447
742
"""This overrides the normal server_bind() function
1448
743
to bind to an interface if one was specified, and also NOT to
1449
744
bind to an address or port if they were not specified."""
1450
if self.interface is not None:
1451
if SO_BINDTODEVICE is None:
1452
logger.error("SO_BINDTODEVICE does not exist;"
1453
" cannot bind to interface %s",
1454
self.interface)
1455
else:
1456
try:
1457
self.socket.setsockopt(socket.SOL_SOCKET,
1458
SO_BINDTODEVICE,
1459
str(self.interface
1460
+ '\0'))
1461
except socket.error as error:
1462
if error[0] == errno.EPERM:
1463
logger.error("No permission to"
1464
" bind to interface %s",
1465
self.interface)
1466
elif error[0] == errno.ENOPROTOOPT:
1467
logger.error("SO_BINDTODEVICE not available;"
1468
" cannot bind to interface %s",
1469
self.interface)
1470
else:
1471
raise
745
if self.settings["interface"]:
746
# 25 is from /usr/include/asm-i486/socket.h
747
SO_BINDTODEVICE = getattr(socket, "SO_BINDTODEVICE", 25)
748
try:
749
self.socket.setsockopt(socket.SOL_SOCKET,
750
SO_BINDTODEVICE,
751
self.settings["interface"])
752
except socket.error, error:
753
if error[0] == errno.EPERM:
754
logger.error(u"No permission to"
755
u" bind to interface %s",
756
self.settings["interface"])
757
else:
758
raise error
1472
759
# Only bind(2) the socket if we really need to.
1473
760
if self.server_address[0] or self.server_address[1]:
1474
761
if not self.server_address[0]:
1475
if self.address_family == socket.AF_INET6:
1476
any_address = "::" # in6addr_any
1477
else:
1478
any_address = socket.INADDR_ANY
1479
self.server_address = (any_address,
762
in6addr_any = "::"
763
self.server_address = (in6addr_any,
1480
764
self.server_address[1])
1481
765
elif not self.server_address[1]:
1482
766
self.server_address = (self.server_address[0],
1483
767
0)
1484
# if self.interface:
768
# if self.settings["interface"]:
1485
769
# self.server_address = (self.server_address[0],
1486
770
# 0, # port
1487
771
# 0, # flowinfo
1488
772
# if_nametoindex
1489
# (self.interface))
1490
return socketserver.TCPServer.server_bind(self)
1491
1492
1493
class MandosServer(IPv6_TCPServer):
1494
"""Mandos server.
1495
1496
Attributes:
1497
clients: set of Client objects
1498
gnutls_priority GnuTLS priority string
1499
use_dbus: Boolean; to emit D-Bus signals or not
1500
1501
Assumes a gobject.MainLoop event loop.
1502
"""
1503
def __init__(self, server_address, RequestHandlerClass,
1504
interface=None, use_ipv6=True, clients=None,
1505
gnutls_priority=None, use_dbus=True):
1506
self.enabled = False
1507
self.clients = clients
1508
if self.clients is None:
1509
self.clients = set()
1510
self.use_dbus = use_dbus
1511
self.gnutls_priority = gnutls_priority
1512
IPv6_TCPServer.__init__(self, server_address,
1513
RequestHandlerClass,
1514
interface = interface,
1515
use_ipv6 = use_ipv6)
773
# (self.settings
774
# ["interface"]))
775
return super(IPv6_TCPServer, self).server_bind()
1516
776
def server_activate(self):
1517
777
if self.enabled:
1518
return socketserver.TCPServer.server_activate(self)
778
return super(IPv6_TCPServer, self).server_activate()
1519
779
def enable(self):
1520
780
self.enabled = True
1521
def add_pipe(self, parent_pipe):
1522
# Call "handle_ipc" for both data and EOF events
1523
gobject.io_add_watch(parent_pipe.fileno(),
1524
gobject.IO_IN | gobject.IO_HUP,
1525
functools.partial(self.handle_ipc,
1526
parent_pipe = parent_pipe))
1527
1528
def handle_ipc(self, source, condition, parent_pipe=None,
1529
client_object=None):
1530
condition_names = {
1531
gobject.IO_IN: "IN", # There is data to read.
1532
gobject.IO_OUT: "OUT", # Data can be written (without
1533
# blocking).
1534
gobject.IO_PRI: "PRI", # There is urgent data to read.
1535
gobject.IO_ERR: "ERR", # Error condition.
1536
gobject.IO_HUP: "HUP" # Hung up (the connection has been
1537
# broken, usually for pipes and
1538
# sockets).
1539
}
1540
conditions_string = ' | '.join(name
1541
for cond, name in
1542
condition_names.iteritems()
1543
if cond & condition)
1544
# error or the other end of multiprocessing.Pipe has closed
1545
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
1546
return False
1547
1548
# Read a request from the child
1549
request = parent_pipe.recv()
1550
command = request[0]
1551
1552
if command == 'init':
1553
fpr = request[1]
1554
address = request[2]
1555
1556
for c in self.clients:
1557
if c.fingerprint == fpr:
1558
client = c
1559
break
1560
else:
1561
logger.info("Client not found for fingerprint: %s, ad"
1562
"dress: %s", fpr, address)
1563
if self.use_dbus:
1564
# Emit D-Bus signal
1565
mandos_dbus_service.ClientNotFound(fpr, address[0])
1566
parent_pipe.send(False)
1567
return False
1568
1569
gobject.io_add_watch(parent_pipe.fileno(),
1570
gobject.IO_IN | gobject.IO_HUP,
1571
functools.partial(self.handle_ipc,
1572
parent_pipe = parent_pipe,
1573
client_object = client))
1574
parent_pipe.send(True)
1575
# remove the old hook in favor of the new above hook on same fileno
1576
return False
1577
if command == 'funcall':
1578
funcname = request[1]
1579
args = request[2]
1580
kwargs = request[3]
1581
1582
parent_pipe.send(('data', getattr(client_object, funcname)(*args, **kwargs)))
1583
1584
if command == 'getattr':
1585
attrname = request[1]
1586
if callable(client_object.__getattribute__(attrname)):
1587
parent_pipe.send(('function',))
1588
else:
1589
parent_pipe.send(('data', client_object.__getattribute__(attrname)))
1590
1591
if command == 'setattr':
1592
attrname = request[1]
1593
value = request[2]
1594
setattr(client_object, attrname, value)
1595
1596
return True
1597
781
1598
782
1599
783
def string_to_delta(interval):
1600
784
"""Parse a string and return a datetime.timedelta
1601
785
1602
786
>>> string_to_delta('7d')
1603
787
datetime.timedelta(7)
1604
788
>>> string_to_delta('60s')
1607
791
datetime.timedelta(0, 3600)
1608
792
>>> string_to_delta('24h')
1609
793
datetime.timedelta(1)
1610
>>> string_to_delta('1w')
794
>>> string_to_delta(u'1w')
1611
795
datetime.timedelta(7)
1612
796
>>> string_to_delta('5m 30s')
1613
797
datetime.timedelta(0, 330)
1617
801
try:
1618
802
suffix = unicode(s[-1])
1619
803
value = int(s[:-1])
1620
if suffix == "d":
804
if suffix == u"d":
1621
805
delta = datetime.timedelta(value)
1622
elif suffix == "s":
806
elif suffix == u"s":
1623
807
delta = datetime.timedelta(0, value)
1624
elif suffix == "m":
808
elif suffix == u"m":
1625
809
delta = datetime.timedelta(0, 0, 0, 0, value)
1626
elif suffix == "h":
810
elif suffix == u"h":
1627
811
delta = datetime.timedelta(0, 0, 0, 0, 0, value)
1628
elif suffix == "w":
812
elif suffix == u"w":
1629
813
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
1630
814
else:
1631
raise ValueError("Unknown suffix %r" % suffix)
1632
except (ValueError, IndexError) as e:
1633
raise ValueError(*(e.args))
815
raise ValueError
816
except (ValueError, IndexError):
817
raise ValueError
1634
818
timevalue += delta
1635
819
return timevalue
1636
820
1637
821
822
def server_state_changed(state):
823
"""Derived from the Avahi example code"""
824
if state == avahi.SERVER_COLLISION:
825
logger.error(u"Zeroconf server name collision")
826
service.remove()
827
elif state == avahi.SERVER_RUNNING:
828
service.add()
829
830
831
def entry_group_state_changed(state, error):
832
"""Derived from the Avahi example code"""
833
logger.debug(u"Avahi state change: %i", state)
834
835
if state == avahi.ENTRY_GROUP_ESTABLISHED:
836
logger.debug(u"Zeroconf service established.")
837
elif state == avahi.ENTRY_GROUP_COLLISION:
838
logger.warning(u"Zeroconf service name collision.")
839
service.rename()
840
elif state == avahi.ENTRY_GROUP_FAILURE:
841
logger.critical(u"Avahi: Error in group state changed %s",
842
unicode(error))
843
raise AvahiGroupError(u"State changed: %s" % unicode(error))
844
1638
845
def if_nametoindex(interface):
1639
"""Call the C function if_nametoindex(), or equivalent
1640
1641
Note: This function cannot accept a unicode string."""
846
"""Call the C function if_nametoindex(), or equivalent"""
1642
847
global if_nametoindex
1643
848
try:
1644
849
if_nametoindex = (ctypes.cdll.LoadLibrary
1645
850
(ctypes.util.find_library("c"))
1646
851
.if_nametoindex)
1647
852
except (OSError, AttributeError):
1648
logger.warning("Doing if_nametoindex the hard way")
853
if "struct" not in sys.modules:
854
import struct
855
if "fcntl" not in sys.modules:
856
import fcntl
1649
857
def if_nametoindex(interface):
1650
858
"Get an interface index the hard way, i.e. using fcntl()"
1651
859
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
1652
with contextlib.closing(socket.socket()) as s:
860
with closing(socket.socket()) as s:
1653
861
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
1654
struct.pack(str("16s16x"),
1655
interface))
1656
interface_index = struct.unpack(str("I"),
1657
ifreq[16:20])[0]
862
struct.pack("16s16x", interface))
863
interface_index = struct.unpack("I", ifreq[16:20])[0]
1658
864
return interface_index
1659
865
return if_nametoindex(interface)
1660
866
1661
867
1662
868
def daemon(nochdir = False, noclose = False):
1663
869
"""See daemon(3). Standard BSD Unix function.
1664
1665
870
This should really exist as os.daemon, but it doesn't (yet)."""
1666
871
if os.fork():
1667
872
sys.exit()
1675
880
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1676
881
if not stat.S_ISCHR(os.fstat(null).st_mode):
1677
882
raise OSError(errno.ENODEV,
1678
"%s not a character device"
1679
% os.path.devnull)
883
"/dev/null not a character device")
1680
884
os.dup2(null, sys.stdin.fileno())
1681
885
os.dup2(null, sys.stdout.fileno())
1682
886
os.dup2(null, sys.stderr.fileno())
1685
889
1686
890
1687
891
def main():
1688
1689
##################################################################
1690
# Parsing of options, both command line and config file
1691
1692
parser = argparse.ArgumentParser()
1693
parser.add_argument("-v", "--version", action="version",
1694
version = "%%(prog)s %s" % version,
1695
help="show version number and exit")
1696
parser.add_argument("-i", "--interface", metavar="IF",
1697
help="Bind to interface IF")
1698
parser.add_argument("-a", "--address",
1699
help="Address to listen for requests on")
1700
parser.add_argument("-p", "--port", type=int,
1701
help="Port number to receive requests on")
1702
parser.add_argument("--check", action="store_true",
1703
help="Run self-test")
1704
parser.add_argument("--debug", action="store_true",
1705
help="Debug mode; run in foreground and log"
1706
" to terminal")
1707
parser.add_argument("--debuglevel", metavar="LEVEL",
1708
help="Debug level for stdout output")
1709
parser.add_argument("--priority", help="GnuTLS"
1710
" priority string (see GnuTLS documentation)")
1711
parser.add_argument("--servicename",
1712
metavar="NAME", help="Zeroconf service name")
1713
parser.add_argument("--configdir",
1714
default="/etc/mandos", metavar="DIR",
1715
help="Directory to search for configuration"
1716
" files")
1717
parser.add_argument("--no-dbus", action="store_false",
1718
dest="use_dbus", help="Do not provide D-Bus"
1719
" system bus interface")
1720
parser.add_argument("--no-ipv6", action="store_false",
1721
dest="use_ipv6", help="Do not use IPv6")
1722
options = parser.parse_args()
892
parser = optparse.OptionParser(version = "%%prog %s" % version)
893
parser.add_option("-i", "--interface", type="string",
894
metavar="IF", help="Bind to interface IF")
895
parser.add_option("-a", "--address", type="string",
896
help="Address to listen for requests on")
897
parser.add_option("-p", "--port", type="int",
898
help="Port number to receive requests on")
899
parser.add_option("--check", action="store_true",
900
help="Run self-test")
901
parser.add_option("--debug", action="store_true",
902
help="Debug mode; run in foreground and log to"
903
" terminal")
904
parser.add_option("--priority", type="string", help="GnuTLS"
905
" priority string (see GnuTLS documentation)")
906
parser.add_option("--servicename", type="string", metavar="NAME",
907
help="Zeroconf service name")
908
parser.add_option("--configdir", type="string",
909
default="/etc/mandos", metavar="DIR",
910
help="Directory to search for configuration"
911
" files")
912
parser.add_option("--no-dbus", action="store_false",
913
dest="use_dbus",
914
help="Do not provide D-Bus system bus"
915
" interface")
916
options = parser.parse_args()[0]
1723
917
1724
918
if options.check:
1725
919
import doctest
1735
929
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1736
930
"servicename": "Mandos",
1737
931
"use_dbus": "True",
1738
"use_ipv6": "True",
1739
"debuglevel": "",
1740
932
}
1741
933
1742
934
# Parse config file for server-global settings
1743
server_config = configparser.SafeConfigParser(server_defaults)
935
server_config = ConfigParser.SafeConfigParser(server_defaults)
1744
936
del server_defaults
1745
server_config.read(os.path.join(options.configdir,
1746
"mandos.conf"))
937
server_config.read(os.path.join(options.configdir, "mandos.conf"))
1747
938
# Convert the SafeConfigParser object to a dict
1748
939
server_settings = server_config.defaults()
1749
# Use the appropriate methods on the non-string config options
1750
for option in ("debug", "use_dbus", "use_ipv6"):
1751
server_settings[option] = server_config.getboolean("DEFAULT",
1752
option)
1753
if server_settings["port"]:
1754
server_settings["port"] = server_config.getint("DEFAULT",
1755
"port")
940
# Use getboolean on the boolean config options
941
server_settings["debug"] = (server_config.getboolean
942
("DEFAULT", "debug"))
943
server_settings["use_dbus"] = (server_config.getboolean
944
("DEFAULT", "use_dbus"))
1756
945
del server_config
1757
946
1758
947
# Override the settings from the config file with command line
1759
948
# options, if set.
1760
949
for option in ("interface", "address", "port", "debug",
1761
950
"priority", "servicename", "configdir",
1762
"use_dbus", "use_ipv6", "debuglevel"):
951
"use_dbus"):
1763
952
value = getattr(options, option)
1764
953
if value is not None:
1765
954
server_settings[option] = value
1766
955
del options
1767
# Force all strings to be unicode
1768
for option in server_settings.keys():
1769
if type(server_settings[option]) is str:
1770
server_settings[option] = unicode(server_settings[option])
1771
956
# Now we have our good server settings in "server_settings"
1772
957
1773
##################################################################
1774
1775
958
# For convenience
1776
959
debug = server_settings["debug"]
1777
debuglevel = server_settings["debuglevel"]
1778
960
use_dbus = server_settings["use_dbus"]
1779
use_ipv6 = server_settings["use_ipv6"]
961
962
if not debug:
963
syslogger.setLevel(logging.WARNING)
964
console.setLevel(logging.WARNING)
1780
965
1781
966
if server_settings["servicename"] != "Mandos":
1782
967
syslogger.setFormatter(logging.Formatter
1783
('Mandos (%s) [%%(process)d]:'
1784
' %%(levelname)s: %%(message)s'
968
('Mandos (%s): %%(levelname)s:'
969
' %%(message)s'
1785
970
% server_settings["servicename"]))
1786
971
1787
972
# Parse config file with clients
1788
client_defaults = { "timeout": "5m",
1789
"extended_timeout": "15m",
1790
"interval": "2m",
973
client_defaults = { "timeout": "1h",
974
"interval": "5m",
1791
975
"checker": "fping -q -- %%(host)s",
1792
976
"host": "",
1793
"approval_delay": "0s",
1794
"approval_duration": "1s",
1795
977
}
1796
client_config = configparser.SafeConfigParser(client_defaults)
978
client_config = ConfigParser.SafeConfigParser(client_defaults)
1797
979
client_config.read(os.path.join(server_settings["configdir"],
1798
980
"clients.conf"))
1799
981
1800
global mandos_dbus_service
1801
mandos_dbus_service = None
1802
1803
tcp_server = MandosServer((server_settings["address"],
1804
server_settings["port"]),
1805
ClientHandler,
1806
interface=(server_settings["interface"]
1807
or None),
1808
use_ipv6=use_ipv6,
1809
gnutls_priority=
1810
server_settings["priority"],
1811
use_dbus=use_dbus)
1812
if not debug:
1813
pidfilename = "/var/run/mandos.pid"
1814
try:
1815
pidfile = open(pidfilename, "w")
1816
except IOError:
1817
logger.error("Could not open file %r", pidfilename)
982
clients = Set()
983
tcp_server = IPv6_TCPServer((server_settings["address"],
984
server_settings["port"]),
985
TCP_handler,
986
settings=server_settings,
987
clients=clients)
988
pidfilename = "/var/run/mandos.pid"
989
try:
990
pidfile = open(pidfilename, "w")
991
except IOError, error:
992
logger.error("Could not open file %r", pidfilename)
1818
993
1819
994
try:
1820
995
uid = pwd.getpwnam("_mandos").pw_uid
1826
1001
except KeyError:
1827
1002
try:
1828
1003
uid = pwd.getpwnam("nobody").pw_uid
1829
gid = pwd.getpwnam("nobody").pw_gid
1004
gid = pwd.getpwnam("nogroup").pw_gid
1830
1005
except KeyError:
1831
1006
uid = 65534
1832
1007
gid = 65534
1833
1008
try:
1009
os.setuid(uid)
1834
1010
os.setgid(gid)
1835
os.setuid(uid)
1836
except OSError as error:
1011
except OSError, error:
1837
1012
if error[0] != errno.EPERM:
1838
1013
raise error
1839
1014
1840
if not debug and not debuglevel:
1841
syslogger.setLevel(logging.WARNING)
1842
console.setLevel(logging.WARNING)
1843
if debuglevel:
1844
level = getattr(logging, debuglevel.upper())
1845
syslogger.setLevel(level)
1846
console.setLevel(level)
1015
global service
1016
service = AvahiService(name = server_settings["servicename"],
1017
servicetype = "_mandos._tcp", )
1018
if server_settings["interface"]:
1019
service.interface = (if_nametoindex
1020
(server_settings["interface"]))
1021
1022
global main_loop
1023
global bus
1024
global server
1025
# From the Avahi example code
1026
DBusGMainLoop(set_as_default=True )
1027
main_loop = gobject.MainLoop()
1028
bus = dbus.SystemBus()
1029
server = dbus.Interface(bus.get_object(avahi.DBUS_NAME,
1030
avahi.DBUS_PATH_SERVER),
1031
avahi.DBUS_INTERFACE_SERVER)
1032
# End of Avahi example code
1033
if use_dbus:
1034
bus_name = dbus.service.BusName(u"org.mandos-system.Mandos",
1035
bus)
1036
1037
clients.update(Set(Client(name = section,
1038
config
1039
= dict(client_config.items(section)),
1040
use_dbus = use_dbus)
1041
for section in client_config.sections()))
1042
if not clients:
1043
logger.warning(u"No clients defined")
1847
1044
1848
1045
if debug:
1849
# Enable all possible GnuTLS debugging
1850
1851
# "Use a log level over 10 to enable all debugging options."
1852
# - GnuTLS manual
1853
gnutls.library.functions.gnutls_global_set_log_level(11)
1854
1855
@gnutls.library.types.gnutls_log_func
1856
def debug_gnutls(level, string):
1857
logger.debug("GnuTLS: %s", string[:-1])
1858
1859
(gnutls.library.functions
1860
.gnutls_global_set_log_function(debug_gnutls))
1861
1862
1046
# Redirect stdin so all checkers get /dev/null
1863
1047
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1864
1048
os.dup2(null, sys.stdin.fileno())
1867
1051
else:
1868
1052
# No console logging
1869
1053
logger.removeHandler(console)
1870
1871
# Need to fork before connecting to D-Bus
1872
if not debug:
1873
1054
# Close all input and output, do double fork, etc.
1874
1055
daemon()
1875
1056
1876
global main_loop
1877
# From the Avahi example code
1878
DBusGMainLoop(set_as_default=True )
1879
main_loop = gobject.MainLoop()
1880
bus = dbus.SystemBus()
1881
# End of Avahi example code
1882
if use_dbus:
1883
try:
1884
bus_name = dbus.service.BusName("se.bsnet.fukt.Mandos",
1885
bus, do_not_queue=True)
1886
except dbus.exceptions.NameExistsException as e:
1887
logger.error(unicode(e) + ", disabling D-Bus")
1888
use_dbus = False
1889
server_settings["use_dbus"] = False
1890
tcp_server.use_dbus = False
1891
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
1892
service = AvahiService(name = server_settings["servicename"],
1893
servicetype = "_mandos._tcp",
1894
protocol = protocol, bus = bus)
1895
if server_settings["interface"]:
1896
service.interface = (if_nametoindex
1897
(str(server_settings["interface"])))
1898
1899
global multiprocessing_manager
1900
multiprocessing_manager = multiprocessing.Manager()
1901
1902
client_class = Client
1903
if use_dbus:
1904
client_class = functools.partial(ClientDBus, bus = bus)
1905
def client_config_items(config, section):
1906
special_settings = {
1907
"approved_by_default":
1908
lambda: config.getboolean(section,
1909
"approved_by_default"),
1910
}
1911
for name, value in config.items(section):
1912
try:
1913
yield (name, special_settings[name]())
1914
except KeyError:
1915
yield (name, value)
1916
1917
tcp_server.clients.update(set(
1918
client_class(name = section,
1919
config= dict(client_config_items(
1920
client_config, section)))
1921
for section in client_config.sections()))
1922
if not tcp_server.clients:
1923
logger.warning("No clients defined")
1057
try:
1058
pid = os.getpid()
1059
pidfile.write(str(pid) + "\n")
1060
pidfile.close()
1061
del pidfile
1062
except IOError:
1063
logger.error(u"Could not write to file %r with PID %d",
1064
pidfilename, pid)
1065
except NameError:
1066
# "pidfile" was never created
1067
pass
1068
del pidfilename
1069
1070
def cleanup():
1071
"Cleanup function; run on exit"
1072
global group
1073
# From the Avahi example code
1074
if not group is None:
1075
group.Free()
1076
group = None
1077
# End of Avahi example code
1924
1078
1079
while clients:
1080
client = clients.pop()
1081
client.disable_hook = None
1082
client.disable()
1083
1084
atexit.register(cleanup)
1085
1925
1086
if not debug:
1926
try:
1927
with pidfile:
1928
pid = os.getpid()
1929
pidfile.write(str(pid) + "\n".encode("utf-8"))
1930
del pidfile
1931
except IOError:
1932
logger.error("Could not write to file %r with PID %d",
1933
pidfilename, pid)
1934
except NameError:
1935
# "pidfile" was never created
1936
pass
1937
del pidfilename
1938
1939
1087
signal.signal(signal.SIGINT, signal.SIG_IGN)
1940
1941
1088
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
1942
1089
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
1943
1090
1944
1091
if use_dbus:
1945
class MandosDBusService(dbus.service.Object):
1092
class MandosServer(dbus.service.Object):
1946
1093
"""A D-Bus proxy object"""
1947
1094
def __init__(self):
1948
dbus.service.Object.__init__(self, bus, "/")
1949
_interface = "se.bsnet.fukt.Mandos"
1950
1095
dbus.service.Object.__init__(self, bus,
1096
"/Mandos")
1097
_interface = u"org.mandos_system.Mandos"
1098
1099
@dbus.service.signal(_interface, signature="oa{sv}")
1100
def ClientAdded(self, objpath, properties):
1101
"D-Bus signal"
1102
pass
1103
1951
1104
@dbus.service.signal(_interface, signature="o")
1952
def ClientAdded(self, objpath):
1953
"D-Bus signal"
1954
pass
1955
1956
@dbus.service.signal(_interface, signature="ss")
1957
def ClientNotFound(self, fingerprint, address):
1958
"D-Bus signal"
1959
pass
1960
1961
@dbus.service.signal(_interface, signature="os")
1962
def ClientRemoved(self, objpath, name):
1963
"D-Bus signal"
1964
pass
1965
1105
def ClientRemoved(self, objpath):
1106
"D-Bus signal"
1107
pass
1108
1966
1109
@dbus.service.method(_interface, out_signature="ao")
1967
1110
def GetAllClients(self):
1968
"D-Bus method"
1969
return dbus.Array(c.dbus_object_path
1970
for c in tcp_server.clients)
1971
1972
@dbus.service.method(_interface,
1973
out_signature="a{oa{sv}}")
1111
return dbus.Array(c.dbus_object_path for c in clients)
1112
1113
@dbus.service.method(_interface, out_signature="a{oa{sv}}")
1974
1114
def GetAllClientsWithProperties(self):
1975
"D-Bus method"
1976
1115
return dbus.Dictionary(
1977
((c.dbus_object_path, c.GetAll(""))
1978
for c in tcp_server.clients),
1116
((c.dbus_object_path, c.GetAllProperties())
1117
for c in clients),
1979
1118
signature="oa{sv}")
1980
1119
1981
1120
@dbus.service.method(_interface, in_signature="o")
1982
1121
def RemoveClient(self, object_path):
1983
"D-Bus method"
1984
for c in tcp_server.clients:
1122
for c in clients:
1985
1123
if c.dbus_object_path == object_path:
1986
tcp_server.clients.remove(c)
1987
c.remove_from_connection()
1124
clients.remove(c)
1988
1125
# Don't signal anything except ClientRemoved
1989
c.disable(quiet=True)
1126
c.use_dbus = False
1127
c.disable()
1990
1128
# Emit D-Bus signal
1991
self.ClientRemoved(object_path, c.name)
1129
self.ClientRemoved(object_path)
1992
1130
return
1993
raise KeyError(object_path)
1994
1131
raise KeyError
1132
@dbus.service.method(_interface)
1133
def Quit(self):
1134
main_loop.quit()
1135
1995
1136
del _interface
1996
1997
mandos_dbus_service = MandosDBusService()
1998
1999
def cleanup():
2000
"Cleanup function; run on exit"
2001
service.cleanup()
2002
2003
while tcp_server.clients:
2004
client = tcp_server.clients.pop()
2005
if use_dbus:
2006
client.remove_from_connection()
2007
client.disable_hook = None
2008
# Don't signal anything except ClientRemoved
2009
client.disable(quiet=True)
2010
if use_dbus:
2011
# Emit D-Bus signal
2012
mandos_dbus_service.ClientRemoved(client.dbus_object_path,
2013
client.name)
2014
2015
atexit.register(cleanup)
2016
2017
for client in tcp_server.clients:
1137
1138
mandos_server = MandosServer()
1139
1140
for client in clients:
2018
1141
if use_dbus:
2019
1142
# Emit D-Bus signal
2020
mandos_dbus_service.ClientAdded(client.dbus_object_path)
1143
mandos_server.ClientAdded(client.dbus_object_path,
1144
client.GetAllProperties())
2021
1145
client.enable()
2022
1146
2023
1147
tcp_server.enable()
2025
1149
2026
1150
# Find out what port we got
2027
1151
service.port = tcp_server.socket.getsockname()[1]
2028
if use_ipv6:
2029
logger.info("Now listening on address %r, port %d,"
2030
" flowinfo %d, scope_id %d"
2031
% tcp_server.socket.getsockname())
2032
else: # IPv4
2033
logger.info("Now listening on address %r, port %d"
2034
% tcp_server.socket.getsockname())
1152
logger.info(u"Now listening on address %r, port %d, flowinfo %d,"
1153
u" scope_id %d" % tcp_server.socket.getsockname())
2035
1154
2036
1155
#service.interface = tcp_server.socket.getsockname()[3]
2037
1156
2038
1157
try:
2039
1158
# From the Avahi example code
1159
server.connect_to_signal("StateChanged", server_state_changed)
2040
1160
try:
2041
service.activate()
2042
except dbus.exceptions.DBusException as error:
2043
logger.critical("DBusException: %s", error)
2044
cleanup()
1161
server_state_changed(server.GetState())
1162
except dbus.exceptions.DBusException, error:
1163
logger.critical(u"DBusException: %s", error)
2045
1164
sys.exit(1)
2046
1165
# End of Avahi example code
2047
1166
2050
1169
(tcp_server.handle_request
2051
1170
(*args[2:], **kwargs) or True))
2052
1171
2053
logger.debug("Starting main loop")
1172
logger.debug(u"Starting main loop")
2054
1173
main_loop.run()
2055
except AvahiError as error:
2056
logger.critical("AvahiError: %s", error)
2057
cleanup()
1174
except AvahiError, error:
1175
logger.critical(u"AvahiError: %s", error)
2058
1176
sys.exit(1)
2059
1177
except KeyboardInterrupt:
2060
1178
if debug:
2061
print("", file=sys.stderr)
2062
logger.debug("Server received KeyboardInterrupt")
2063
logger.debug("Server exiting")
2064
# Must run before the D-Bus bus name gets deregistered
2065
cleanup()
2066
1179
print
2067
1180
2068
1181
if __name__ == '__main__':
2069
1182
main()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0