/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

  • Committer: Teddy Hogeborn
  • Date: 2009-02-07 04:50:39 UTC
  • Revision ID: teddy@fukt.bsnet.se-20090207045039-xkr6b80vtqwqrq8l
* Makefile (install-client-nokey): Move "initramfs-tools-script" from
                                   "/scripts/local-top/mandos" to
                                   "/scripts/init-premount/mandos".
  (uninstall-client): - '' -
* debian/mandos-client.dirs: - '' -
* initramfs-tools-script (PREREQ): Added "udev".

Show diffs side-by-side

added added

removed removed

Lines of Context:
73
73
             (facility = logging.handlers.SysLogHandler.LOG_DAEMON,
74
74
              address = "/dev/log"))
75
75
syslogger.setFormatter(logging.Formatter
76
 
                       ('Mandos: %(levelname)s: %(message)s'))
 
76
                       ('Mandos [%(process)d]: %(levelname)s:'
 
77
                        ' %(message)s'))
77
78
logger.addHandler(syslogger)
78
79
 
79
80
console = logging.StreamHandler()
80
 
console.setFormatter(logging.Formatter('%(name)s: %(levelname)s:'
81
 
                                       ' %(message)s'))
 
81
console.setFormatter(logging.Formatter('%(name)s [%(process)d]:'
 
82
                                       ' %(levelname)s: %(message)s'))
82
83
logger.addHandler(console)
83
84
 
84
85
class AvahiError(Exception):
329
330
            if exitstatus == 0:
330
331
                logger.info(u"Checker for %(name)s succeeded",
331
332
                            vars(self))
332
 
                self.bump_timeout()
 
333
                self.checked_ok()
333
334
            else:
334
335
                logger.info(u"Checker for %(name)s failed",
335
336
                            vars(self))
347
348
                                      dbus.Int64(condition),
348
349
                                      dbus.String(command))
349
350
    
350
 
    def bump_timeout(self):
 
351
    def checked_ok(self):
351
352
        """Bump up the timeout for this client.
352
353
        This should only be called when the client has been seen,
353
354
        alive and well.
451
452
    ## D-Bus methods & signals
452
453
    _interface = u"se.bsnet.fukt.Mandos.Client"
453
454
    
454
 
    # BumpTimeout - method
455
 
    BumpTimeout = dbus.service.method(_interface)(bump_timeout)
456
 
    BumpTimeout.__name__ = "BumpTimeout"
 
455
    # CheckedOK - method
 
456
    CheckedOK = dbus.service.method(_interface)(checked_ok)
 
457
    CheckedOK.__name__ = "CheckedOK"
457
458
    
458
459
    # CheckerCompleted - signal
459
460
    @dbus.service.signal(_interface, signature="nxs")
595
596
        != gnutls.library.constants.GNUTLS_CRT_OPENPGP):
596
597
        # ...do the normal thing
597
598
        return session.peer_certificate
598
 
    list_size = ctypes.c_uint()
 
599
    list_size = ctypes.c_uint(1)
599
600
    cert_list = (gnutls.library.functions
600
601
                 .gnutls_certificate_get_peers
601
602
                 (session._c_object, ctypes.byref(list_size)))
 
603
    if not bool(cert_list) and list_size.value != 0:
 
604
        raise gnutls.errors.GNUTLSError("error getting peer"
 
605
                                        " certificate")
602
606
    if list_size.value == 0:
603
607
        return None
604
608
    cert = cert_list[0]
673
677
        # using OpenPGP certificates.
674
678
        
675
679
        #priority = ':'.join(("NONE", "+VERS-TLS1.1", "+AES-256-CBC",
676
 
        #                "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",
677
 
        #                "+DHE-DSS"))
 
680
        #                     "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",
 
681
        #                     "+DHE-DSS"))
678
682
        # Use a fallback default, since this MUST be set.
679
683
        priority = self.server.settings.get("priority", "NORMAL")
680
684
        (gnutls.library.functions
688
692
            # Do not run session.bye() here: the session is not
689
693
            # established.  Just abandon the request.
690
694
            return
 
695
        logger.debug(u"Handshake succeeded")
691
696
        try:
692
697
            fpr = fingerprint(peer_certificate(session))
693
698
        except (TypeError, gnutls.errors.GNUTLSError), error:
695
700
            session.bye()
696
701
            return
697
702
        logger.debug(u"Fingerprint: %s", fpr)
 
703
        
698
704
        for c in self.server.clients:
699
705
            if c.fingerprint == fpr:
700
706
                client = c
713
719
            session.bye()
714
720
            return
715
721
        ## This won't work here, since we're in a fork.
716
 
        # client.bump_timeout()
 
722
        # client.checked_ok()
717
723
        sent_size = 0
718
724
        while sent_size < len(client.secret):
719
725
            sent = session.send(client.secret[sent_size:])
759
765
                                 u" bind to interface %s",
760
766
                                 self.settings["interface"])
761
767
                else:
762
 
                    raise error
 
768
                    raise
763
769
        # Only bind(2) the socket if we really need to.
764
770
        if self.server_address[0] or self.server_address[1]:
765
771
            if not self.server_address[0]:
786
792
 
787
793
def string_to_delta(interval):
788
794
    """Parse a string and return a datetime.timedelta
789
 
 
 
795
    
790
796
    >>> string_to_delta('7d')
791
797
    datetime.timedelta(7)
792
798
    >>> string_to_delta('60s')
941
947
    server_config.read(os.path.join(options.configdir, "mandos.conf"))
942
948
    # Convert the SafeConfigParser object to a dict
943
949
    server_settings = server_config.defaults()
944
 
    # Use getboolean on the boolean config options
945
 
    server_settings["debug"] = (server_config.getboolean
946
 
                                ("DEFAULT", "debug"))
947
 
    server_settings["use_dbus"] = (server_config.getboolean
948
 
                                   ("DEFAULT", "use_dbus"))
 
950
    # Use the appropriate methods on the non-string config options
 
951
    server_settings["debug"] = server_config.getboolean("DEFAULT",
 
952
                                                        "debug")
 
953
    server_settings["use_dbus"] = server_config.getboolean("DEFAULT",
 
954
                                                           "use_dbus")
 
955
    if server_settings["port"]:
 
956
        server_settings["port"] = server_config.getint("DEFAULT",
 
957
                                                       "port")
949
958
    del server_config
950
959
    
951
960
    # Override the settings from the config file with command line
992
1001
    pidfilename = "/var/run/mandos.pid"
993
1002
    try:
994
1003
        pidfile = open(pidfilename, "w")
995
 
    except IOError, error:
 
1004
    except IOError:
996
1005
        logger.error("Could not open file %r", pidfilename)
997
1006
    
998
1007
    try:
1010
1019
                uid = 65534
1011
1020
                gid = 65534
1012
1021
    try:
 
1022
        os.setgid(gid)
1013
1023
        os.setuid(uid)
1014
 
        os.setgid(gid)
1015
1024
    except OSError, error:
1016
1025
        if error[0] != errno.EPERM:
1017
1026
            raise error
1018
1027
    
 
1028
    # Enable all possible GnuTLS debugging
 
1029
    if debug:
 
1030
        # "Use a log level over 10 to enable all debugging options."
 
1031
        # - GnuTLS manual
 
1032
        gnutls.library.functions.gnutls_global_set_log_level(11)
 
1033
        
 
1034
        @gnutls.library.types.gnutls_log_func
 
1035
        def debug_gnutls(level, string):
 
1036
            logger.debug("GnuTLS: %s", string[:-1])
 
1037
        
 
1038
        (gnutls.library.functions
 
1039
         .gnutls_global_set_log_function(debug_gnutls))
 
1040
    
1019
1041
    global service
1020
1042
    service = AvahiService(name = server_settings["servicename"],
1021
1043
                           servicetype = "_mandos._tcp", )
1110
1132
            
1111
1133
            @dbus.service.method(_interface, out_signature="ao")
1112
1134
            def GetAllClients(self):
 
1135
                "D-Bus method"
1113
1136
                return dbus.Array(c.dbus_object_path for c in clients)
1114
1137
            
1115
1138
            @dbus.service.method(_interface, out_signature="a{oa{sv}}")
1116
1139
            def GetAllClientsWithProperties(self):
 
1140
                "D-Bus method"
1117
1141
                return dbus.Dictionary(
1118
1142
                    ((c.dbus_object_path, c.GetAllProperties())
1119
1143
                     for c in clients),
1121
1145
            
1122
1146
            @dbus.service.method(_interface, in_signature="o")
1123
1147
            def RemoveClient(self, object_path):
 
1148
                "D-Bus method"
1124
1149
                for c in clients:
1125
1150
                    if c.dbus_object_path == object_path:
1126
1151
                        clients.remove(c)
1175
1200
        sys.exit(1)
1176
1201
    except KeyboardInterrupt:
1177
1202
        if debug:
1178
 
            print
 
1203
            print >> sys.stderr
 
1204
        logger.debug("Server received KeyboardInterrupt")
 
1205
    logger.debug("Server exiting")
1179
1206
 
1180
1207
if __name__ == '__main__':
1181
1208
    main()