/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

  • Committer: Teddy Hogeborn
  • Date: 2009-01-31 10:33:17 UTC
  • mfrom: (24.1.129 mandos)
  • Revision ID: teddy@fukt.bsnet.se-20090131103317-wzqvyr532sjcjt7u
Merge from Björn:

* mandos-ctl: New option "--remove-client".  Only default to listing
              clients if no clients were given on the command line.
* plugins.d/mandos-client.c: Lower kernel log level while bringing up
                             network interface.  New option "--delay"
                             to control the maximum delay to wait for
                             running interface.
* plugins.d/mandos-client.xml (SYNOPSIS, OPTIONS): New option
                                                   "--delay".

Show diffs side-by-side

added added

removed removed

Lines of Context:
73
73
             (facility = logging.handlers.SysLogHandler.LOG_DAEMON,
74
74
              address = "/dev/log"))
75
75
syslogger.setFormatter(logging.Formatter
76
 
                       ('Mandos [%(process)d]: %(levelname)s:'
77
 
                        ' %(message)s'))
 
76
                       ('Mandos: %(levelname)s: %(message)s'))
78
77
logger.addHandler(syslogger)
79
78
 
80
79
console = logging.StreamHandler()
81
 
console.setFormatter(logging.Formatter('%(name)s [%(process)d]:'
82
 
                                       ' %(levelname)s: %(message)s'))
 
80
console.setFormatter(logging.Formatter('%(name)s: %(levelname)s:'
 
81
                                       ' %(message)s'))
83
82
logger.addHandler(console)
84
83
 
85
84
class AvahiError(Exception):
114
113
    """
115
114
    def __init__(self, interface = avahi.IF_UNSPEC, name = None,
116
115
                 servicetype = None, port = None, TXT = None,
117
 
                 domain = "", host = "", max_renames = 32768,
118
 
                 protocol = avahi.PROTO_UNSPEC):
 
116
                 domain = "", host = "", max_renames = 32768):
119
117
        self.interface = interface
120
118
        self.name = name
121
119
        self.type = servicetype
125
123
        self.host = host
126
124
        self.rename_count = 0
127
125
        self.max_renames = max_renames
128
 
        self.protocol = protocol
129
126
    def rename(self):
130
127
        """Derived from the Avahi example code"""
131
128
        if self.rename_count >= self.max_renames:
160
157
                     service.name, service.type)
161
158
        group.AddService(
162
159
                self.interface,         # interface
163
 
                self.protocol,          # protocol
 
160
                avahi.PROTO_INET6,      # protocol
164
161
                dbus.UInt32(0),         # flags
165
162
                self.name, self.type,
166
163
                self.domain, self.host,
414
411
                                             (self.checker.pid,
415
412
                                              self.checker_callback,
416
413
                                              data=command))
417
 
                # The checker may have completed before the gobject
418
 
                # watch was added.  Check for this.
419
 
                pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
420
 
                if pid:
421
 
                    gobject.source_remove(self.checker_callback_tag)
422
 
                    self.checker_callback(pid, status, command)
423
414
            except OSError, error:
424
415
                logger.error(u"Failed to start subprocess: %s",
425
416
                             error)
685
676
        # using OpenPGP certificates.
686
677
        
687
678
        #priority = ':'.join(("NONE", "+VERS-TLS1.1", "+AES-256-CBC",
688
 
        #                     "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",
689
 
        #                     "+DHE-DSS"))
 
679
        #                "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",
 
680
        #                "+DHE-DSS"))
690
681
        # Use a fallback default, since this MUST be set.
691
682
        priority = self.server.settings.get("priority", "NORMAL")
692
683
        (gnutls.library.functions
740
731
 
741
732
class IPv6_TCPServer(SocketServer.ForkingMixIn,
742
733
                     SocketServer.TCPServer, object):
743
 
    """IPv6-capable TCP server.  Accepts 'None' as address and/or port.
 
734
    """IPv6 TCP server.  Accepts 'None' as address and/or port.
744
735
    Attributes:
745
736
        settings:       Server settings
746
737
        clients:        Set() of Client objects
754
745
        if "clients" in kwargs:
755
746
            self.clients = kwargs["clients"]
756
747
            del kwargs["clients"]
757
 
        if "use_ipv6" in kwargs:
758
 
            if not kwargs["use_ipv6"]:
759
 
                self.address_family = socket.AF_INET
760
 
            del kwargs["use_ipv6"]
761
748
        self.enabled = False
762
749
        super(IPv6_TCPServer, self).__init__(*args, **kwargs)
763
750
    def server_bind(self):
777
764
                                 u" bind to interface %s",
778
765
                                 self.settings["interface"])
779
766
                else:
780
 
                    raise
 
767
                    raise error
781
768
        # Only bind(2) the socket if we really need to.
782
769
        if self.server_address[0] or self.server_address[1]:
783
770
            if not self.server_address[0]:
784
 
                if self.address_family == socket.AF_INET6:
785
 
                    any_address = "::" # in6addr_any
786
 
                else:
787
 
                    any_address = socket.INADDR_ANY
788
 
                self.server_address = (any_address,
 
771
                in6addr_any = "::"
 
772
                self.server_address = (in6addr_any,
789
773
                                       self.server_address[1])
790
774
            elif not self.server_address[1]:
791
775
                self.server_address = (self.server_address[0],
938
922
                      dest="use_dbus",
939
923
                      help="Do not provide D-Bus system bus"
940
924
                      " interface")
941
 
    parser.add_option("--no-ipv6", action="store_false",
942
 
                      dest="use_ipv6", help="Do not use IPv6")
943
925
    options = parser.parse_args()[0]
944
926
    
945
927
    if options.check:
956
938
                        "SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
957
939
                        "servicename": "Mandos",
958
940
                        "use_dbus": "True",
959
 
                        "use_ipv6": "True",
960
941
                        }
961
942
    
962
943
    # Parse config file for server-global settings
970
951
                                                        "debug")
971
952
    server_settings["use_dbus"] = server_config.getboolean("DEFAULT",
972
953
                                                           "use_dbus")
973
 
    server_settings["use_ipv6"] = server_config.getboolean("DEFAULT",
974
 
                                                           "use_ipv6")
975
954
    if server_settings["port"]:
976
955
        server_settings["port"] = server_config.getint("DEFAULT",
977
956
                                                       "port")
981
960
    # options, if set.
982
961
    for option in ("interface", "address", "port", "debug",
983
962
                   "priority", "servicename", "configdir",
984
 
                   "use_dbus", "use_ipv6"):
 
963
                   "use_dbus"):
985
964
        value = getattr(options, option)
986
965
        if value is not None:
987
966
            server_settings[option] = value
991
970
    # For convenience
992
971
    debug = server_settings["debug"]
993
972
    use_dbus = server_settings["use_dbus"]
994
 
    use_ipv6 = server_settings["use_ipv6"]
 
973
 
 
974
    def sigsegvhandler(signum, frame):
 
975
        raise RuntimeError('Segmentation fault')
995
976
    
996
977
    if not debug:
997
978
        syslogger.setLevel(logging.WARNING)
998
979
        console.setLevel(logging.WARNING)
 
980
    else:
 
981
        signal.signal(signal.SIGSEGV, sigsegvhandler)
999
982
    
1000
983
    if server_settings["servicename"] != "Mandos":
1001
984
        syslogger.setFormatter(logging.Formatter
1018
1001
                                 server_settings["port"]),
1019
1002
                                TCP_handler,
1020
1003
                                settings=server_settings,
1021
 
                                clients=clients, use_ipv6=use_ipv6)
 
1004
                                clients=clients)
1022
1005
    pidfilename = "/var/run/mandos.pid"
1023
1006
    try:
1024
1007
        pidfile = open(pidfilename, "w")
1025
 
    except IOError:
 
1008
    except IOError, error:
1026
1009
        logger.error("Could not open file %r", pidfilename)
1027
1010
    
1028
1011
    try:
1060
1043
         .gnutls_global_set_log_function(debug_gnutls))
1061
1044
    
1062
1045
    global service
1063
 
    protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
1064
1046
    service = AvahiService(name = server_settings["servicename"],
1065
 
                           servicetype = "_mandos._tcp",
1066
 
                           protocol = protocol)
 
1047
                           servicetype = "_mandos._tcp", )
1067
1048
    if server_settings["interface"]:
1068
1049
        service.interface = (if_nametoindex
1069
1050
                             (server_settings["interface"]))
1196
1177
    
1197
1178
    # Find out what port we got
1198
1179
    service.port = tcp_server.socket.getsockname()[1]
1199
 
    if use_ipv6:
1200
 
        logger.info(u"Now listening on address %r, port %d,"
1201
 
                    " flowinfo %d, scope_id %d"
1202
 
                    % tcp_server.socket.getsockname())
1203
 
    else:                       # IPv4
1204
 
        logger.info(u"Now listening on address %r, port %d"
1205
 
                    % tcp_server.socket.getsockname())
 
1180
    logger.info(u"Now listening on address %r, port %d, flowinfo %d,"
 
1181
                u" scope_id %d" % tcp_server.socket.getsockname())
1206
1182
    
1207
1183
    #service.interface = tcp_server.socket.getsockname()[3]
1208
1184
    
1228
1204
        sys.exit(1)
1229
1205
    except KeyboardInterrupt:
1230
1206
        if debug:
1231
 
            print >> sys.stderr
1232
 
        logger.debug("Server received KeyboardInterrupt")
1233
 
    logger.debug("Server exiting")
 
1207
            print
1234
1208
 
1235
1209
if __name__ == '__main__':
1236
1210
    main()