To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 291
- compare with another revision
- download diff
- download tarball
- view history from revision 291
- Committer: Teddy Hogeborn
- Date: 2009-01-31 10:33:17 UTC
- mfrom: (24.1.129 mandos)
- Revision ID: teddy@fukt.bsnet.se-20090131103317-wzqvyr532sjcjt7u
Merge from Björn:
* mandos-ctl: New option "--remove-client". Only default to listing
clients if no clients were given on the command line.
* plugins.d/mandos-client.c: Lower kernel log level while bringing up
network interface. New option "--delay"
to control the maximum delay to wait for
running interface.
* plugins.d/mandos-client.xml (SYNOPSIS, OPTIONS): New option
"--delay".
* mandos-ctl: New option "--remove-client". Only default to listing
clients if no clients were given on the command line.
* plugins.d/mandos-client.c: Lower kernel log level while bringing up
network interface. New option "--delay"
to control the maximum delay to wait for
running interface.
* plugins.d/mandos-client.xml (SYNOPSIS, OPTIONS): New option
"--delay".
- files added:
- debian/watch
- files removed:
- debian/mandos-client.config
- files modified:
- INSTALL
added
removed
mandos
11
11
# and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008 Teddy Hogeborn
15
# Copyright © 2008 Björn Påhlsson
14
# Copyright © 2008,2009 Teddy Hogeborn
15
# Copyright © 2008,2009 Björn Påhlsson
16
16
#
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
35
35
36
36
import SocketServer
37
37
import socket
38
from optparse import OptionParser
38
import optparse
39
39
import datetime
40
40
import errno
41
41
import gnutls.crypto
66
66
import ctypes
67
67
import ctypes.util
68
68
69
version = "1.0.2"
69
version = "1.0.5"
70
70
71
71
logger = logging.Logger('mandos')
72
72
syslogger = (logging.handlers.SysLogHandler
82
82
logger.addHandler(console)
83
83
84
84
class AvahiError(Exception):
85
def __init__(self, value):
85
def __init__(self, value, *args, **kwargs):
86
86
self.value = value
87
super(AvahiError, self).__init__()
88
def __str__(self):
89
return repr(self.value)
87
super(AvahiError, self).__init__(value, *args, **kwargs)
88
def __unicode__(self):
89
return unicode(repr(self.value))
90
90
91
91
class AvahiServiceError(AvahiError):
92
92
pass
129
129
logger.critical(u"No suitable Zeroconf service name found"
130
130
u" after %i retries, exiting.",
131
131
self.rename_count)
132
raise AvahiServiceError("Too many renames")
132
raise AvahiServiceError(u"Too many renames")
133
133
self.name = server.GetAlternativeServiceName(self.name)
134
134
logger.info(u"Changing Zeroconf service name to %r ...",
135
135
str(self.name))
170
170
# End of Avahi example code
171
171
172
172
173
def _datetime_to_dbus_struct(dt, variant_level=0):
174
"""Convert a UTC datetime.datetime() to a D-Bus struct.
175
The format is special to this application, since we could not find
176
any other standard way."""
177
return dbus.Struct((dbus.Int16(dt.year),
178
dbus.Byte(dt.month),
179
dbus.Byte(dt.day),
180
dbus.Byte(dt.hour),
181
dbus.Byte(dt.minute),
182
dbus.Byte(dt.second),
183
dbus.UInt32(dt.microsecond)),
184
signature="nyyyyyu",
185
variant_level=variant_level)
173
def _datetime_to_dbus(dt, variant_level=0):
174
"""Convert a UTC datetime.datetime() to a D-Bus type."""
175
return dbus.String(dt.isoformat(), variant_level=variant_level)
186
176
187
177
188
178
class Client(dbus.service.Object):
189
179
"""A representation of a client host served by this server.
190
180
Attributes:
191
name: string; from the config file, used in log messages
181
name: string; from the config file, used in log messages and
182
D-Bus identifiers
192
183
fingerprint: string (40 or 32 hexadecimal digits); used to
193
184
uniquely identify the client
194
185
secret: bytestring; sent verbatim (over TLS) to client
195
186
host: string; available for use by the checker command
196
187
created: datetime.datetime(); (UTC) object creation
197
last_started: datetime.datetime(); (UTC)
198
started: bool()
188
last_enabled: datetime.datetime(); (UTC)
189
enabled: bool()
199
190
last_checked_ok: datetime.datetime(); (UTC) or None
200
191
timeout: datetime.timedelta(); How long from last_checked_ok
201
192
until this client is invalid
202
193
interval: datetime.timedelta(); How often to start a new checker
203
stop_hook: If set, called by stop() as stop_hook(self)
194
disable_hook: If set, called by disable() as disable_hook(self)
204
195
checker: subprocess.Popen(); a running checker process used
205
196
to see if the client lives.
206
197
'None' if no process is running.
207
198
checker_initiator_tag: a gobject event source tag, or None
208
stop_initiator_tag: - '' -
199
disable_initiator_tag: - '' -
209
200
checker_callback_tag: - '' -
210
201
checker_command: string; External command which is run to check if
211
202
client lives. %() expansions are done at
212
203
runtime with vars(self) as dict, so that for
213
204
instance %(name)s can be used in the command.
214
dbus_object_path: dbus.ObjectPath
215
Private attibutes:
216
_timeout: Real variable for 'timeout'
217
_interval: Real variable for 'interval'
218
_timeout_milliseconds: Used when calling gobject.timeout_add()
219
_interval_milliseconds: - '' -
205
use_dbus: bool(); Whether to provide D-Bus interface and signals
206
dbus_object_path: dbus.ObjectPath ; only set if self.use_dbus
220
207
"""
221
def _set_timeout(self, timeout):
222
"Setter function for the 'timeout' attribute"
223
self._timeout = timeout
224
self._timeout_milliseconds = ((self.timeout.days
225
* 24 * 60 * 60 * 1000)
226
+ (self.timeout.seconds * 1000)
227
+ (self.timeout.microseconds
228
// 1000))
229
# Emit D-Bus signal
230
self.PropertyChanged(dbus.String(u"timeout"),
231
(dbus.UInt64(self._timeout_milliseconds,
232
variant_level=1)))
233
timeout = property(lambda self: self._timeout, _set_timeout)
234
del _set_timeout
235
236
def _set_interval(self, interval):
237
"Setter function for the 'interval' attribute"
238
self._interval = interval
239
self._interval_milliseconds = ((self.interval.days
240
* 24 * 60 * 60 * 1000)
241
+ (self.interval.seconds
242
* 1000)
243
+ (self.interval.microseconds
244
// 1000))
245
# Emit D-Bus signal
246
self.PropertyChanged(dbus.String(u"interval"),
247
(dbus.UInt64(self._interval_milliseconds,
248
variant_level=1)))
249
interval = property(lambda self: self._interval, _set_interval)
250
del _set_interval
251
252
def __init__(self, name = None, stop_hook=None, config=None):
208
def timeout_milliseconds(self):
209
"Return the 'timeout' attribute in milliseconds"
210
return ((self.timeout.days * 24 * 60 * 60 * 1000)
211
+ (self.timeout.seconds * 1000)
212
+ (self.timeout.microseconds // 1000))
213
214
def interval_milliseconds(self):
215
"Return the 'interval' attribute in milliseconds"
216
return ((self.interval.days * 24 * 60 * 60 * 1000)
217
+ (self.interval.seconds * 1000)
218
+ (self.interval.microseconds // 1000))
219
220
def __init__(self, name = None, disable_hook=None, config=None,
221
use_dbus=True):
253
222
"""Note: the 'checker' key in 'config' sets the
254
223
'checker_command' attribute and *not* the 'checker'
255
224
attribute."""
256
self.dbus_object_path = (dbus.ObjectPath
257
("/Mandos/clients/"
258
+ name.replace(".", "_")))
259
dbus.service.Object.__init__(self, bus,
260
self.dbus_object_path)
225
self.name = name
261
226
if config is None:
262
227
config = {}
263
self.name = name
264
228
logger.debug(u"Creating client %r", self.name)
229
self.use_dbus = False # During __init__
265
230
# Uppercase and remove spaces from fingerprint for later
266
231
# comparison purposes with return value from the fingerprint()
267
232
# function
280
245
% self.name)
281
246
self.host = config.get("host", "")
282
247
self.created = datetime.datetime.utcnow()
283
self.started = False
284
self.last_started = None
248
self.enabled = False
249
self.last_enabled = None
285
250
self.last_checked_ok = None
286
251
self.timeout = string_to_delta(config["timeout"])
287
252
self.interval = string_to_delta(config["interval"])
288
self.stop_hook = stop_hook
253
self.disable_hook = disable_hook
289
254
self.checker = None
290
255
self.checker_initiator_tag = None
291
self.stop_initiator_tag = None
256
self.disable_initiator_tag = None
292
257
self.checker_callback_tag = None
293
258
self.checker_command = config["checker"]
259
self.last_connect = None
260
# Only now, when this client is initialized, can it show up on
261
# the D-Bus
262
self.use_dbus = use_dbus
263
if self.use_dbus:
264
self.dbus_object_path = (dbus.ObjectPath
265
("/clients/"
266
+ self.name.replace(".", "_")))
267
dbus.service.Object.__init__(self, bus,
268
self.dbus_object_path)
294
269
295
def start(self):
270
def enable(self):
296
271
"""Start this client's checker and timeout hooks"""
297
self.last_started = datetime.datetime.utcnow()
272
self.last_enabled = datetime.datetime.utcnow()
298
273
# Schedule a new checker to be started an 'interval' from now,
299
274
# and every interval from then on.
300
275
self.checker_initiator_tag = (gobject.timeout_add
301
(self._interval_milliseconds,
276
(self.interval_milliseconds(),
302
277
self.start_checker))
303
278
# Also start a new checker *right now*.
304
279
self.start_checker()
305
# Schedule a stop() when 'timeout' has passed
306
self.stop_initiator_tag = (gobject.timeout_add
307
(self._timeout_milliseconds,
308
self.stop))
309
self.started = True
310
# Emit D-Bus signal
311
self.PropertyChanged(dbus.String(u"started"),
312
dbus.Boolean(True, variant_level=1))
313
self.PropertyChanged(dbus.String(u"last_started"),
314
(_datetime_to_dbus_struct
315
(self.last_started, variant_level=1)))
280
# Schedule a disable() when 'timeout' has passed
281
self.disable_initiator_tag = (gobject.timeout_add
282
(self.timeout_milliseconds(),
283
self.disable))
284
self.enabled = True
285
if self.use_dbus:
286
# Emit D-Bus signals
287
self.PropertyChanged(dbus.String(u"enabled"),
288
dbus.Boolean(True, variant_level=1))
289
self.PropertyChanged(dbus.String(u"last_enabled"),
290
(_datetime_to_dbus(self.last_enabled,
291
variant_level=1)))
316
292
317
def stop(self):
318
"""Stop this client."""
319
if not getattr(self, "started", False):
293
def disable(self):
294
"""Disable this client."""
295
if not getattr(self, "enabled", False):
320
296
return False
321
logger.info(u"Stopping client %s", self.name)
322
if getattr(self, "stop_initiator_tag", False):
323
gobject.source_remove(self.stop_initiator_tag)
324
self.stop_initiator_tag = None
297
logger.info(u"Disabling client %s", self.name)
298
if getattr(self, "disable_initiator_tag", False):
299
gobject.source_remove(self.disable_initiator_tag)
300
self.disable_initiator_tag = None
325
301
if getattr(self, "checker_initiator_tag", False):
326
302
gobject.source_remove(self.checker_initiator_tag)
327
303
self.checker_initiator_tag = None
328
304
self.stop_checker()
329
if self.stop_hook:
330
self.stop_hook(self)
331
self.started = False
332
# Emit D-Bus signal
333
self.PropertyChanged(dbus.String(u"started"),
334
dbus.Boolean(False, variant_level=1))
305
if self.disable_hook:
306
self.disable_hook(self)
307
self.enabled = False
308
if self.use_dbus:
309
# Emit D-Bus signal
310
self.PropertyChanged(dbus.String(u"enabled"),
311
dbus.Boolean(False, variant_level=1))
335
312
# Do not run this again if called by a gobject.timeout_add
336
313
return False
337
314
338
315
def __del__(self):
339
self.stop_hook = None
340
self.stop()
316
self.disable_hook = None
317
self.disable()
341
318
342
319
def checker_callback(self, pid, condition, command):
343
320
"""The checker has completed, so take appropriate actions."""
344
321
self.checker_callback_tag = None
345
322
self.checker = None
346
# Emit D-Bus signal
347
self.PropertyChanged(dbus.String(u"checker_running"),
348
dbus.Boolean(False, variant_level=1))
349
if (os.WIFEXITED(condition)
350
and (os.WEXITSTATUS(condition) == 0)):
351
logger.info(u"Checker for %(name)s succeeded",
352
vars(self))
323
if self.use_dbus:
353
324
# Emit D-Bus signal
354
self.CheckerCompleted(dbus.Boolean(True),
355
dbus.UInt16(condition),
356
dbus.String(command))
357
self.bump_timeout()
358
elif not os.WIFEXITED(condition):
325
self.PropertyChanged(dbus.String(u"checker_running"),
326
dbus.Boolean(False, variant_level=1))
327
if os.WIFEXITED(condition):
328
exitstatus = os.WEXITSTATUS(condition)
329
if exitstatus == 0:
330
logger.info(u"Checker for %(name)s succeeded",
331
vars(self))
332
self.checked_ok()
333
else:
334
logger.info(u"Checker for %(name)s failed",
335
vars(self))
336
if self.use_dbus:
337
# Emit D-Bus signal
338
self.CheckerCompleted(dbus.Int16(exitstatus),
339
dbus.Int64(condition),
340
dbus.String(command))
341
else:
359
342
logger.warning(u"Checker for %(name)s crashed?",
360
343
vars(self))
361
# Emit D-Bus signal
362
self.CheckerCompleted(dbus.Boolean(False),
363
dbus.UInt16(condition),
364
dbus.String(command))
365
else:
366
logger.info(u"Checker for %(name)s failed",
367
vars(self))
368
# Emit D-Bus signal
369
self.CheckerCompleted(dbus.Boolean(False),
370
dbus.UInt16(condition),
371
dbus.String(command))
344
if self.use_dbus:
345
# Emit D-Bus signal
346
self.CheckerCompleted(dbus.Int16(-1),
347
dbus.Int64(condition),
348
dbus.String(command))
372
349
373
def bump_timeout(self):
350
def checked_ok(self):
374
351
"""Bump up the timeout for this client.
375
352
This should only be called when the client has been seen,
376
353
alive and well.
377
354
"""
378
355
self.last_checked_ok = datetime.datetime.utcnow()
379
gobject.source_remove(self.stop_initiator_tag)
380
self.stop_initiator_tag = (gobject.timeout_add
381
(self._timeout_milliseconds,
382
self.stop))
383
self.PropertyChanged(dbus.String(u"last_checked_ok"),
384
(_datetime_to_dbus_struct
385
(self.last_checked_ok,
386
variant_level=1)))
356
gobject.source_remove(self.disable_initiator_tag)
357
self.disable_initiator_tag = (gobject.timeout_add
358
(self.timeout_milliseconds(),
359
self.disable))
360
if self.use_dbus:
361
# Emit D-Bus signal
362
self.PropertyChanged(
363
dbus.String(u"last_checked_ok"),
364
(_datetime_to_dbus(self.last_checked_ok,
365
variant_level=1)))
387
366
388
367
def start_checker(self):
389
368
"""Start a new checker subprocess if one is not running.
422
401
self.checker = subprocess.Popen(command,
423
402
close_fds=True,
424
403
shell=True, cwd="/")
425
# Emit D-Bus signal
426
self.CheckerStarted(command)
427
self.PropertyChanged(dbus.String("checker_running"),
428
dbus.Boolean(True, variant_level=1))
404
if self.use_dbus:
405
# Emit D-Bus signal
406
self.CheckerStarted(command)
407
self.PropertyChanged(
408
dbus.String("checker_running"),
409
dbus.Boolean(True, variant_level=1))
429
410
self.checker_callback_tag = (gobject.child_watch_add
430
411
(self.checker.pid,
431
412
self.checker_callback,
453
434
if error.errno != errno.ESRCH: # No such process
454
435
raise
455
436
self.checker = None
456
self.PropertyChanged(dbus.String(u"checker_running"),
457
dbus.Boolean(False, variant_level=1))
437
if self.use_dbus:
438
self.PropertyChanged(dbus.String(u"checker_running"),
439
dbus.Boolean(False, variant_level=1))
458
440
459
441
def still_valid(self):
460
442
"""Has the timeout not yet passed for this client?"""
461
if not getattr(self, "started", False):
443
if not getattr(self, "enabled", False):
462
444
return False
463
445
now = datetime.datetime.utcnow()
464
446
if self.last_checked_ok is None:
467
449
return now < (self.last_checked_ok + self.timeout)
468
450
469
451
## D-Bus methods & signals
470
_interface = u"org.mandos_system.Mandos.Client"
452
_interface = u"se.bsnet.fukt.Mandos.Client"
471
453
472
# BumpTimeout - method
473
BumpTimeout = dbus.service.method(_interface)(bump_timeout)
474
BumpTimeout.__name__ = "BumpTimeout"
454
# CheckedOK - method
455
CheckedOK = dbus.service.method(_interface)(checked_ok)
456
CheckedOK.__name__ = "CheckedOK"
475
457
476
458
# CheckerCompleted - signal
477
@dbus.service.signal(_interface, signature="bqs")
478
def CheckerCompleted(self, success, condition, command):
459
@dbus.service.signal(_interface, signature="nxs")
460
def CheckerCompleted(self, exitcode, waitstatus, command):
479
461
"D-Bus signal"
480
462
pass
481
463
497
479
dbus.String("host"):
498
480
dbus.String(self.host, variant_level=1),
499
481
dbus.String("created"):
500
_datetime_to_dbus_struct(self.created,
501
variant_level=1),
502
dbus.String("last_started"):
503
(_datetime_to_dbus_struct(self.last_started,
504
variant_level=1)
505
if self.last_started is not None
482
_datetime_to_dbus(self.created, variant_level=1),
483
dbus.String("last_enabled"):
484
(_datetime_to_dbus(self.last_enabled,
485
variant_level=1)
486
if self.last_enabled is not None
506
487
else dbus.Boolean(False, variant_level=1)),
507
dbus.String("started"):
508
dbus.Boolean(self.started, variant_level=1),
488
dbus.String("enabled"):
489
dbus.Boolean(self.enabled, variant_level=1),
509
490
dbus.String("last_checked_ok"):
510
(_datetime_to_dbus_struct(self.last_checked_ok,
511
variant_level=1)
491
(_datetime_to_dbus(self.last_checked_ok,
492
variant_level=1)
512
493
if self.last_checked_ok is not None
513
494
else dbus.Boolean (False, variant_level=1)),
514
495
dbus.String("timeout"):
515
dbus.UInt64(self._timeout_milliseconds,
496
dbus.UInt64(self.timeout_milliseconds(),
516
497
variant_level=1),
517
498
dbus.String("interval"):
518
dbus.UInt64(self._interval_milliseconds,
499
dbus.UInt64(self.interval_milliseconds(),
519
500
variant_level=1),
520
501
dbus.String("checker"):
521
502
dbus.String(self.checker_command,
523
504
dbus.String("checker_running"):
524
505
dbus.Boolean(self.checker is not None,
525
506
variant_level=1),
507
dbus.String("object_path"):
508
dbus.ObjectPath(self.dbus_object_path,
509
variant_level=1)
526
510
}, signature="sv")
527
511
528
512
# IsStillValid - method
541
525
def SetChecker(self, checker):
542
526
"D-Bus setter method"
543
527
self.checker_command = checker
528
# Emit D-Bus signal
529
self.PropertyChanged(dbus.String(u"checker"),
530
dbus.String(self.checker_command,
531
variant_level=1))
544
532
545
533
# SetHost - method
546
534
@dbus.service.method(_interface, in_signature="s")
547
535
def SetHost(self, host):
548
536
"D-Bus setter method"
549
537
self.host = host
538
# Emit D-Bus signal
539
self.PropertyChanged(dbus.String(u"host"),
540
dbus.String(self.host, variant_level=1))
550
541
551
542
# SetInterval - method
552
543
@dbus.service.method(_interface, in_signature="t")
553
544
def SetInterval(self, milliseconds):
554
self.interval = datetime.timdeelta(0, 0, 0, milliseconds)
545
self.interval = datetime.timedelta(0, 0, 0, milliseconds)
546
# Emit D-Bus signal
547
self.PropertyChanged(dbus.String(u"interval"),
548
(dbus.UInt64(self.interval_milliseconds(),
549
variant_level=1)))
555
550
556
551
# SetSecret - method
557
552
@dbus.service.method(_interface, in_signature="ay",
564
559
@dbus.service.method(_interface, in_signature="t")
565
560
def SetTimeout(self, milliseconds):
566
561
self.timeout = datetime.timedelta(0, 0, 0, milliseconds)
562
# Emit D-Bus signal
563
self.PropertyChanged(dbus.String(u"timeout"),
564
(dbus.UInt64(self.timeout_milliseconds(),
565
variant_level=1)))
567
566
568
# Start - method
569
Start = dbus.service.method(_interface)(start)
570
Start.__name__ = "Start"
567
# Enable - method
568
Enable = dbus.service.method(_interface)(enable)
569
Enable.__name__ = "Enable"
571
570
572
571
# StartChecker - method
573
572
@dbus.service.method(_interface)
575
574
"D-Bus method"
576
575
self.start_checker()
577
576
578
# Stop - method
577
# Disable - method
579
578
@dbus.service.method(_interface)
580
def Stop(self):
579
def Disable(self):
581
580
"D-Bus method"
582
self.stop()
581
self.disable()
583
582
584
583
# StopChecker - method
585
584
StopChecker = dbus.service.method(_interface)(stop_checker)
596
595
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
597
596
# ...do the normal thing
598
597
return session.peer_certificate
599
list_size = ctypes.c_uint()
598
list_size = ctypes.c_uint(1)
600
599
cert_list = (gnutls.library.functions
601
600
.gnutls_certificate_get_peers
602
601
(session._c_object, ctypes.byref(list_size)))
602
if not bool(cert_list) and list_size.value != 0:
603
raise gnutls.errors.GNUTLSError("error getting peer"
604
" certificate")
603
605
if list_size.value == 0:
604
606
return None
605
607
cert = cert_list[0]
689
691
# Do not run session.bye() here: the session is not
690
692
# established. Just abandon the request.
691
693
return
694
logger.debug(u"Handshake succeeded")
692
695
try:
693
696
fpr = fingerprint(peer_certificate(session))
694
697
except (TypeError, gnutls.errors.GNUTLSError), error:
696
699
session.bye()
697
700
return
698
701
logger.debug(u"Fingerprint: %s", fpr)
702
699
703
for c in self.server.clients:
700
704
if c.fingerprint == fpr:
701
705
client = c
714
718
session.bye()
715
719
return
716
720
## This won't work here, since we're in a fork.
717
# client.bump_timeout()
721
# client.checked_ok()
718
722
sent_size = 0
719
723
while sent_size < len(client.secret):
720
724
sent = session.send(client.secret[sent_size:])
787
791
788
792
def string_to_delta(interval):
789
793
"""Parse a string and return a datetime.timedelta
790
794
791
795
>>> string_to_delta('7d')
792
796
datetime.timedelta(7)
793
797
>>> string_to_delta('60s')
845
849
elif state == avahi.ENTRY_GROUP_FAILURE:
846
850
logger.critical(u"Avahi: Error in group state changed %s",
847
851
unicode(error))
848
raise AvahiGroupError("State changed: %s", str(error))
852
raise AvahiGroupError(u"State changed: %s" % unicode(error))
849
853
850
854
def if_nametoindex(interface):
851
855
"""Call the C function if_nametoindex(), or equivalent"""
894
898
895
899
896
900
def main():
897
parser = OptionParser(version = "%%prog %s" % version)
901
parser = optparse.OptionParser(version = "%%prog %s" % version)
898
902
parser.add_option("-i", "--interface", type="string",
899
903
metavar="IF", help="Bind to interface IF")
900
904
parser.add_option("-a", "--address", type="string",
901
905
help="Address to listen for requests on")
902
906
parser.add_option("-p", "--port", type="int",
903
907
help="Port number to receive requests on")
904
parser.add_option("--check", action="store_true", default=False,
908
parser.add_option("--check", action="store_true",
905
909
help="Run self-test")
906
910
parser.add_option("--debug", action="store_true",
907
911
help="Debug mode; run in foreground and log to"
914
918
default="/etc/mandos", metavar="DIR",
915
919
help="Directory to search for configuration"
916
920
" files")
921
parser.add_option("--no-dbus", action="store_false",
922
dest="use_dbus",
923
help="Do not provide D-Bus system bus"
924
" interface")
917
925
options = parser.parse_args()[0]
918
926
919
927
if options.check:
929
937
"priority":
930
938
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
931
939
"servicename": "Mandos",
940
"use_dbus": "True",
932
941
}
933
942
934
943
# Parse config file for server-global settings
937
946
server_config.read(os.path.join(options.configdir, "mandos.conf"))
938
947
# Convert the SafeConfigParser object to a dict
939
948
server_settings = server_config.defaults()
940
# Use getboolean on the boolean config option
941
server_settings["debug"] = (server_config.getboolean
942
("DEFAULT", "debug"))
949
# Use the appropriate methods on the non-string config options
950
server_settings["debug"] = server_config.getboolean("DEFAULT",
951
"debug")
952
server_settings["use_dbus"] = server_config.getboolean("DEFAULT",
953
"use_dbus")
954
if server_settings["port"]:
955
server_settings["port"] = server_config.getint("DEFAULT",
956
"port")
943
957
del server_config
944
958
945
959
# Override the settings from the config file with command line
946
960
# options, if set.
947
961
for option in ("interface", "address", "port", "debug",
948
"priority", "servicename", "configdir"):
962
"priority", "servicename", "configdir",
963
"use_dbus"):
949
964
value = getattr(options, option)
950
965
if value is not None:
951
966
server_settings[option] = value
952
967
del options
953
968
# Now we have our good server settings in "server_settings"
954
969
970
# For convenience
955
971
debug = server_settings["debug"]
972
use_dbus = server_settings["use_dbus"]
973
974
def sigsegvhandler(signum, frame):
975
raise RuntimeError('Segmentation fault')
956
976
957
977
if not debug:
958
978
syslogger.setLevel(logging.WARNING)
959
979
console.setLevel(logging.WARNING)
980
else:
981
signal.signal(signal.SIGSEGV, sigsegvhandler)
960
982
961
983
if server_settings["servicename"] != "Mandos":
962
984
syslogger.setFormatter(logging.Formatter
967
989
# Parse config file with clients
968
990
client_defaults = { "timeout": "1h",
969
991
"interval": "5m",
970
"checker": "fping -q -- %(host)s",
992
"checker": "fping -q -- %%(host)s",
971
993
"host": "",
972
994
}
973
995
client_config = ConfigParser.SafeConfigParser(client_defaults)
988
1010
989
1011
try:
990
1012
uid = pwd.getpwnam("_mandos").pw_uid
1013
gid = pwd.getpwnam("_mandos").pw_gid
991
1014
except KeyError:
992
1015
try:
993
1016
uid = pwd.getpwnam("mandos").pw_uid
1017
gid = pwd.getpwnam("mandos").pw_gid
994
1018
except KeyError:
995
1019
try:
996
1020
uid = pwd.getpwnam("nobody").pw_uid
1021
gid = pwd.getpwnam("nogroup").pw_gid
997
1022
except KeyError:
998
1023
uid = 65534
999
try:
1000
gid = pwd.getpwnam("_mandos").pw_gid
1001
except KeyError:
1002
try:
1003
gid = pwd.getpwnam("mandos").pw_gid
1004
except KeyError:
1005
try:
1006
gid = pwd.getpwnam("nogroup").pw_gid
1007
except KeyError:
1008
1024
gid = 65534
1009
1025
try:
1026
os.setgid(gid)
1010
1027
os.setuid(uid)
1011
os.setgid(gid)
1012
1028
except OSError, error:
1013
1029
if error[0] != errno.EPERM:
1014
1030
raise error
1015
1031
1032
# Enable all possible GnuTLS debugging
1033
if debug:
1034
# "Use a log level over 10 to enable all debugging options."
1035
# - GnuTLS manual
1036
gnutls.library.functions.gnutls_global_set_log_level(11)
1037
1038
@gnutls.library.types.gnutls_log_func
1039
def debug_gnutls(level, string):
1040
logger.debug("GnuTLS: %s", string[:-1])
1041
1042
(gnutls.library.functions
1043
.gnutls_global_set_log_function(debug_gnutls))
1044
1016
1045
global service
1017
1046
service = AvahiService(name = server_settings["servicename"],
1018
1047
servicetype = "_mandos._tcp", )
1031
1060
avahi.DBUS_PATH_SERVER),
1032
1061
avahi.DBUS_INTERFACE_SERVER)
1033
1062
# End of Avahi example code
1034
bus_name = dbus.service.BusName(u"org.mandos-system.Mandos", bus)
1063
if use_dbus:
1064
bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos", bus)
1035
1065
1036
1066
clients.update(Set(Client(name = section,
1037
1067
config
1038
= dict(client_config.items(section)))
1068
= dict(client_config.items(section)),
1069
use_dbus = use_dbus)
1039
1070
for section in client_config.sections()))
1040
1071
if not clients:
1041
logger.critical(u"No clients defined")
1042
sys.exit(1)
1072
logger.warning(u"No clients defined")
1043
1073
1044
1074
if debug:
1045
1075
# Redirect stdin so all checkers get /dev/null
1077
1107
1078
1108
while clients:
1079
1109
client = clients.pop()
1080
client.stop_hook = None
1081
client.stop()
1110
client.disable_hook = None
1111
client.disable()
1082
1112
1083
1113
atexit.register(cleanup)
1084
1114
1087
1117
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
1088
1118
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
1089
1119
1090
class MandosServer(dbus.service.Object):
1091
"""A D-Bus proxy object"""
1092
def __init__(self):
1093
dbus.service.Object.__init__(self, bus,
1094
"/Mandos")
1095
_interface = u"org.mandos_system.Mandos"
1096
1097
@dbus.service.signal(_interface, signature="oa{sv}")
1098
def ClientAdded(self, objpath, properties):
1099
"D-Bus signal"
1100
pass
1101
1102
@dbus.service.signal(_interface, signature="o")
1103
def ClientRemoved(self, objpath):
1104
"D-Bus signal"
1105
pass
1106
1107
@dbus.service.method(_interface, out_signature="ao")
1108
def GetAllClients(self):
1109
return dbus.Array(c.dbus_object_path for c in clients)
1110
1111
@dbus.service.method(_interface, out_signature="a{oa{sv}}")
1112
def GetAllClientsWithProperties(self):
1113
return dbus.Dictionary(
1114
((c.dbus_object_path, c.GetAllProperties())
1115
for c in clients),
1116
signature="oa{sv}")
1117
1118
@dbus.service.method(_interface, in_signature="o")
1119
def RemoveClient(self, object_path):
1120
for c in clients:
1121
if c.dbus_object_path == object_path:
1122
c.stop()
1123
clients.remove(c)
1124
return
1125
raise KeyError
1126
1127
del _interface
1128
1129
mandos_server = MandosServer()
1120
if use_dbus:
1121
class MandosServer(dbus.service.Object):
1122
"""A D-Bus proxy object"""
1123
def __init__(self):
1124
dbus.service.Object.__init__(self, bus, "/")
1125
_interface = u"se.bsnet.fukt.Mandos"
1126
1127
@dbus.service.signal(_interface, signature="oa{sv}")
1128
def ClientAdded(self, objpath, properties):
1129
"D-Bus signal"
1130
pass
1131
1132
@dbus.service.signal(_interface, signature="os")
1133
def ClientRemoved(self, objpath, name):
1134
"D-Bus signal"
1135
pass
1136
1137
@dbus.service.method(_interface, out_signature="ao")
1138
def GetAllClients(self):
1139
"D-Bus method"
1140
return dbus.Array(c.dbus_object_path for c in clients)
1141
1142
@dbus.service.method(_interface, out_signature="a{oa{sv}}")
1143
def GetAllClientsWithProperties(self):
1144
"D-Bus method"
1145
return dbus.Dictionary(
1146
((c.dbus_object_path, c.GetAllProperties())
1147
for c in clients),
1148
signature="oa{sv}")
1149
1150
@dbus.service.method(_interface, in_signature="o")
1151
def RemoveClient(self, object_path):
1152
"D-Bus method"
1153
for c in clients:
1154
if c.dbus_object_path == object_path:
1155
clients.remove(c)
1156
# Don't signal anything except ClientRemoved
1157
c.use_dbus = False
1158
c.disable()
1159
# Emit D-Bus signal
1160
self.ClientRemoved(object_path, c.name)
1161
return
1162
raise KeyError
1163
1164
del _interface
1165
1166
mandos_server = MandosServer()
1130
1167
1131
1168
for client in clients:
1132
# Emit D-Bus signal
1133
mandos_server.ClientAdded(client.dbus_object_path,
1134
client.GetAllProperties())
1135
client.start()
1169
if use_dbus:
1170
# Emit D-Bus signal
1171
mandos_server.ClientAdded(client.dbus_object_path,
1172
client.GetAllProperties())
1173
client.enable()
1136
1174
1137
1175
tcp_server.enable()
1138
1176
tcp_server.server_activate()
1162
1200
logger.debug(u"Starting main loop")
1163
1201
main_loop.run()
1164
1202
except AvahiError, error:
1165
logger.critical(u"AvahiError: %s" + unicode(error))
1203
logger.critical(u"AvahiError: %s", error)
1166
1204
sys.exit(1)
1167
1205
except KeyboardInterrupt:
1168
1206
if debug:
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0