To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 342
- compare with another revision
- download diff
- download tarball
- view history from revision 342
- Committer: Teddy Hogeborn
- Date: 2009-04-17 08:26:17 UTC
- Revision ID: teddy@fukt.bsnet.se-20090417082617-eltetak5lzjyz55o
* initramfs-tools-hook: Bug fix: Add "--userid" and "--groupid" to
start of "plugin-runner.conf" file instead of
appending, to allow any preexisting options to
override.
* plugin-runner.conf: Improved wording.
start of "plugin-runner.conf" file instead of
appending, to allow any preexisting options to
override.
* plugin-runner.conf: Improved wording.
added
removed
mandos
6
6
# This program is partly derived from an example program for an Avahi
7
7
# service publisher, downloaded from
8
8
# <http://avahi.org/wiki/PythonPublishExample>. This includes the
9
# methods "add" and "remove" in the "AvahiService" class, the
10
# "server_state_changed" and "entry_group_state_changed" functions,
11
# and some lines in "main".
9
# methods "add", "remove", "server_state_changed",
10
# "entry_group_state_changed", "cleanup", and "activate" in the
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
14
# Copyright © 2008,2009 Teddy Hogeborn
33
33
34
34
from __future__ import division, with_statement, absolute_import
35
35
36
import SocketServer
36
import SocketServer as socketserver
37
37
import socket
38
38
import optparse
39
39
import datetime
44
44
import gnutls.library.functions
45
45
import gnutls.library.constants
46
46
import gnutls.library.types
47
import ConfigParser
47
import ConfigParser as configparser
48
48
import sys
49
49
import re
50
50
import os
51
51
import signal
52
from sets import Set
53
52
import subprocess
54
53
import atexit
55
54
import stat
57
56
import logging.handlers
58
57
import pwd
59
58
from contextlib import closing
59
import struct
60
import fcntl
61
import functools
60
62
61
63
import dbus
62
64
import dbus.service
66
68
import ctypes
67
69
import ctypes.util
68
70
71
try:
72
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
73
except AttributeError:
74
try:
75
from IN import SO_BINDTODEVICE
76
except ImportError:
77
SO_BINDTODEVICE = None
78
79
69
80
version = "1.0.8"
70
81
71
logger = logging.Logger('mandos')
82
logger = logging.Logger(u'mandos')
72
83
syslogger = (logging.handlers.SysLogHandler
73
84
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
74
85
address = "/dev/log"))
75
86
syslogger.setFormatter(logging.Formatter
76
('Mandos [%(process)d]: %(levelname)s:'
77
' %(message)s'))
87
(u'Mandos [%(process)d]: %(levelname)s:'
88
u' %(message)s'))
78
89
logger.addHandler(syslogger)
79
90
80
91
console = logging.StreamHandler()
81
console.setFormatter(logging.Formatter('%(name)s [%(process)d]:'
82
' %(levelname)s: %(message)s'))
92
console.setFormatter(logging.Formatter(u'%(name)s [%(process)d]:'
93
u' %(levelname)s:'
94
u' %(message)s'))
83
95
logger.addHandler(console)
84
96
85
97
class AvahiError(Exception):
98
110
99
111
class AvahiService(object):
100
112
"""An Avahi (Zeroconf) service.
113
101
114
Attributes:
102
115
interface: integer; avahi.IF_UNSPEC or an interface index.
103
116
Used to optionally bind to the specified interface.
104
name: string; Example: 'Mandos'
105
type: string; Example: '_mandos._tcp'.
117
name: string; Example: u'Mandos'
118
type: string; Example: u'_mandos._tcp'.
106
119
See <http://www.dns-sd.org/ServiceTypes.html>
107
120
port: integer; what port to announce
108
121
TXT: list of strings; TXT record for the service
111
124
max_renames: integer; maximum number of renames
112
125
rename_count: integer; counter so we only rename after collisions
113
126
a sensible number of times
127
group: D-Bus Entry Group
128
server: D-Bus Server
129
bus: dbus.SystemBus()
114
130
"""
115
131
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
116
132
servicetype = None, port = None, TXT = None,
117
domain = "", host = "", max_renames = 32768,
118
protocol = avahi.PROTO_UNSPEC):
133
domain = u"", host = u"", max_renames = 32768,
134
protocol = avahi.PROTO_UNSPEC, bus = None):
119
135
self.interface = interface
120
136
self.name = name
121
137
self.type = servicetype
126
142
self.rename_count = 0
127
143
self.max_renames = max_renames
128
144
self.protocol = protocol
145
self.group = None # our entry group
146
self.server = None
147
self.bus = bus
129
148
def rename(self):
130
149
"""Derived from the Avahi example code"""
131
150
if self.rename_count >= self.max_renames:
133
152
u" after %i retries, exiting.",
134
153
self.rename_count)
135
154
raise AvahiServiceError(u"Too many renames")
136
self.name = server.GetAlternativeServiceName(self.name)
155
self.name = self.server.GetAlternativeServiceName(self.name)
137
156
logger.info(u"Changing Zeroconf service name to %r ...",
138
str(self.name))
157
unicode(self.name))
139
158
syslogger.setFormatter(logging.Formatter
140
('Mandos (%s) [%%(process)d]:'
141
' %%(levelname)s: %%(message)s'
159
(u'Mandos (%s) [%%(process)d]:'
160
u' %%(levelname)s: %%(message)s'
142
161
% self.name))
143
162
self.remove()
144
163
self.add()
145
164
self.rename_count += 1
146
165
def remove(self):
147
166
"""Derived from the Avahi example code"""
148
if group is not None:
149
group.Reset()
167
if self.group is not None:
168
self.group.Reset()
150
169
def add(self):
151
170
"""Derived from the Avahi example code"""
152
global group
153
if group is None:
154
group = dbus.Interface(bus.get_object
155
(avahi.DBUS_NAME,
156
server.EntryGroupNew()),
157
avahi.DBUS_INTERFACE_ENTRY_GROUP)
158
group.connect_to_signal('StateChanged',
159
entry_group_state_changed)
171
if self.group is None:
172
self.group = dbus.Interface(
173
self.bus.get_object(avahi.DBUS_NAME,
174
self.server.EntryGroupNew()),
175
avahi.DBUS_INTERFACE_ENTRY_GROUP)
176
self.group.connect_to_signal('StateChanged',
177
self.entry_group_state_changed)
160
178
logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",
161
service.name, service.type)
162
group.AddService(
163
self.interface, # interface
164
self.protocol, # protocol
165
dbus.UInt32(0), # flags
166
self.name, self.type,
167
self.domain, self.host,
168
dbus.UInt16(self.port),
169
avahi.string_array_to_txt_array(self.TXT))
170
group.Commit()
171
172
# From the Avahi example code:
173
group = None # our entry group
174
# End of Avahi example code
175
176
177
def _datetime_to_dbus(dt, variant_level=0):
178
"""Convert a UTC datetime.datetime() to a D-Bus type."""
179
return dbus.String(dt.isoformat(), variant_level=variant_level)
179
self.name, self.type)
180
self.group.AddService(
181
self.interface,
182
self.protocol,
183
dbus.UInt32(0), # flags
184
self.name, self.type,
185
self.domain, self.host,
186
dbus.UInt16(self.port),
187
avahi.string_array_to_txt_array(self.TXT))
188
self.group.Commit()
189
def entry_group_state_changed(self, state, error):
190
"""Derived from the Avahi example code"""
191
logger.debug(u"Avahi state change: %i", state)
192
193
if state == avahi.ENTRY_GROUP_ESTABLISHED:
194
logger.debug(u"Zeroconf service established.")
195
elif state == avahi.ENTRY_GROUP_COLLISION:
196
logger.warning(u"Zeroconf service name collision.")
197
self.rename()
198
elif state == avahi.ENTRY_GROUP_FAILURE:
199
logger.critical(u"Avahi: Error in group state changed %s",
200
unicode(error))
201
raise AvahiGroupError(u"State changed: %s"
202
% unicode(error))
203
def cleanup(self):
204
"""Derived from the Avahi example code"""
205
if self.group is not None:
206
self.group.Free()
207
self.group = None
208
def server_state_changed(self, state):
209
"""Derived from the Avahi example code"""
210
if state == avahi.SERVER_COLLISION:
211
logger.error(u"Zeroconf server name collision")
212
self.remove()
213
elif state == avahi.SERVER_RUNNING:
214
self.add()
215
def activate(self):
216
"""Derived from the Avahi example code"""
217
if self.server is None:
218
self.server = dbus.Interface(
219
self.bus.get_object(avahi.DBUS_NAME,
220
avahi.DBUS_PATH_SERVER),
221
avahi.DBUS_INTERFACE_SERVER)
222
self.server.connect_to_signal(u"StateChanged",
223
self.server_state_changed)
224
self.server_state_changed(self.server.GetState())
180
225
181
226
182
227
class Client(object):
183
228
"""A representation of a client host served by this server.
229
184
230
Attributes:
185
231
name: string; from the config file, used in log messages and
186
232
D-Bus identifiers
208
254
instance %(name)s can be used in the command.
209
255
current_checker_command: string; current running checker_command
210
256
"""
257
258
@staticmethod
259
def _datetime_to_milliseconds(dt):
260
"Convert a datetime.datetime() to milliseconds"
261
return ((dt.days * 24 * 60 * 60 * 1000)
262
+ (dt.seconds * 1000)
263
+ (dt.microseconds // 1000))
264
211
265
def timeout_milliseconds(self):
212
266
"Return the 'timeout' attribute in milliseconds"
213
return ((self.timeout.days * 24 * 60 * 60 * 1000)
214
+ (self.timeout.seconds * 1000)
215
+ (self.timeout.microseconds // 1000))
267
return self._datetime_to_milliseconds(self.timeout)
216
268
217
269
def interval_milliseconds(self):
218
270
"Return the 'interval' attribute in milliseconds"
219
return ((self.interval.days * 24 * 60 * 60 * 1000)
220
+ (self.interval.seconds * 1000)
221
+ (self.interval.microseconds // 1000))
271
return self._datetime_to_milliseconds(self.interval)
222
272
223
273
def __init__(self, name = None, disable_hook=None, config=None):
224
274
"""Note: the 'checker' key in 'config' sets the
231
281
# Uppercase and remove spaces from fingerprint for later
232
282
# comparison purposes with return value from the fingerprint()
233
283
# function
234
self.fingerprint = (config["fingerprint"].upper()
284
self.fingerprint = (config[u"fingerprint"].upper()
235
285
.replace(u" ", u""))
236
286
logger.debug(u" Fingerprint: %s", self.fingerprint)
237
if "secret" in config:
238
self.secret = config["secret"].decode(u"base64")
239
elif "secfile" in config:
287
if u"secret" in config:
288
self.secret = config[u"secret"].decode(u"base64")
289
elif u"secfile" in config:
240
290
with closing(open(os.path.expanduser
241
291
(os.path.expandvars
242
(config["secfile"])))) as secfile:
292
(config[u"secfile"])))) as secfile:
243
293
self.secret = secfile.read()
244
294
else:
245
295
raise TypeError(u"No secret or secfile for client %s"
246
296
% self.name)
247
self.host = config.get("host", "")
297
self.host = config.get(u"host", u"")
248
298
self.created = datetime.datetime.utcnow()
249
299
self.enabled = False
250
300
self.last_enabled = None
251
301
self.last_checked_ok = None
252
self.timeout = string_to_delta(config["timeout"])
253
self.interval = string_to_delta(config["interval"])
302
self.timeout = string_to_delta(config[u"timeout"])
303
self.interval = string_to_delta(config[u"interval"])
254
304
self.disable_hook = disable_hook
255
305
self.checker = None
256
306
self.checker_initiator_tag = None
257
307
self.disable_initiator_tag = None
258
308
self.checker_callback_tag = None
259
self.checker_command = config["checker"]
309
self.checker_command = config[u"checker"]
260
310
self.current_checker_command = None
261
311
self.last_connect = None
262
312
263
313
def enable(self):
264
314
"""Start this client's checker and timeout hooks"""
315
if getattr(self, u"enabled", False):
316
# Already enabled
317
return
265
318
self.last_enabled = datetime.datetime.utcnow()
266
319
# Schedule a new checker to be started an 'interval' from now,
267
320
# and every interval from then on.
281
334
if not getattr(self, "enabled", False):
282
335
return False
283
336
logger.info(u"Disabling client %s", self.name)
284
if getattr(self, "disable_initiator_tag", False):
337
if getattr(self, u"disable_initiator_tag", False):
285
338
gobject.source_remove(self.disable_initiator_tag)
286
339
self.disable_initiator_tag = None
287
if getattr(self, "checker_initiator_tag", False):
340
if getattr(self, u"checker_initiator_tag", False):
288
341
gobject.source_remove(self.checker_initiator_tag)
289
342
self.checker_initiator_tag = None
290
343
self.stop_checker()
317
370
318
371
def checked_ok(self):
319
372
"""Bump up the timeout for this client.
373
320
374
This should only be called when the client has been seen,
321
375
alive and well.
322
376
"""
328
382
329
383
def start_checker(self):
330
384
"""Start a new checker subprocess if one is not running.
385
331
386
If a checker already exists, leave it running and do
332
387
nothing."""
333
388
# The reason for not killing a running checker is that if we
343
398
if self.checker is not None:
344
399
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
345
400
if pid:
346
logger.warning("Checker was a zombie")
401
logger.warning(u"Checker was a zombie")
347
402
gobject.source_remove(self.checker_callback_tag)
348
403
self.checker_callback(pid, status,
349
404
self.current_checker_command)
354
409
command = self.checker_command % self.host
355
410
except TypeError:
356
411
# Escape attributes for the shell
357
escaped_attrs = dict((key, re.escape(str(val)))
412
escaped_attrs = dict((key,
413
re.escape(unicode(str(val),
414
errors=
415
u'replace')))
358
416
for key, val in
359
417
vars(self).iteritems())
360
418
try:
373
431
# always replaced by /dev/null.)
374
432
self.checker = subprocess.Popen(command,
375
433
close_fds=True,
376
shell=True, cwd="/")
434
shell=True, cwd=u"/")
377
435
self.checker_callback_tag = (gobject.child_watch_add
378
436
(self.checker.pid,
379
437
self.checker_callback,
395
453
if self.checker_callback_tag:
396
454
gobject.source_remove(self.checker_callback_tag)
397
455
self.checker_callback_tag = None
398
if getattr(self, "checker", None) is None:
456
if getattr(self, u"checker", None) is None:
399
457
return
400
458
logger.debug(u"Stopping checker for %(name)s", vars(self))
401
459
try:
410
468
411
469
def still_valid(self):
412
470
"""Has the timeout not yet passed for this client?"""
413
if not getattr(self, "enabled", False):
471
if not getattr(self, u"enabled", False):
414
472
return False
415
473
now = datetime.datetime.utcnow()
416
474
if self.last_checked_ok is None:
421
479
422
480
class ClientDBus(Client, dbus.service.Object):
423
481
"""A Client class using D-Bus
482
424
483
Attributes:
425
dbus_object_path: dbus.ObjectPath ; only set if self.use_dbus
484
dbus_object_path: dbus.ObjectPath
485
bus: dbus.SystemBus()
426
486
"""
427
487
# dbus.service.Object doesn't use super(), so we can't either.
428
488
429
def __init__(self, *args, **kwargs):
489
def __init__(self, bus = None, *args, **kwargs):
490
self.bus = bus
430
491
Client.__init__(self, *args, **kwargs)
431
492
# Only now, when this client is initialized, can it show up on
432
493
# the D-Bus
433
494
self.dbus_object_path = (dbus.ObjectPath
434
("/clients/"
435
+ self.name.replace(".", "_")))
436
dbus.service.Object.__init__(self, bus,
495
(u"/clients/"
496
+ self.name.replace(u".", u"_")))
497
dbus.service.Object.__init__(self, self.bus,
437
498
self.dbus_object_path)
499
500
@staticmethod
501
def _datetime_to_dbus(dt, variant_level=0):
502
"""Convert a UTC datetime.datetime() to a D-Bus type."""
503
return dbus.String(dt.isoformat(),
504
variant_level=variant_level)
505
438
506
def enable(self):
439
oldstate = getattr(self, "enabled", False)
507
oldstate = getattr(self, u"enabled", False)
440
508
r = Client.enable(self)
441
509
if oldstate != self.enabled:
442
510
# Emit D-Bus signals
443
511
self.PropertyChanged(dbus.String(u"enabled"),
444
512
dbus.Boolean(True, variant_level=1))
445
self.PropertyChanged(dbus.String(u"last_enabled"),
446
(_datetime_to_dbus(self.last_enabled,
447
variant_level=1)))
513
self.PropertyChanged(
514
dbus.String(u"last_enabled"),
515
self._datetime_to_dbus(self.last_enabled,
516
variant_level=1))
448
517
return r
449
518
450
519
def disable(self, signal = True):
451
oldstate = getattr(self, "enabled", False)
520
oldstate = getattr(self, u"enabled", False)
452
521
r = Client.disable(self)
453
522
if signal and oldstate != self.enabled:
454
523
# Emit D-Bus signal
461
530
self.remove_from_connection()
462
531
except LookupError:
463
532
pass
464
if hasattr(dbus.service.Object, "__del__"):
533
if hasattr(dbus.service.Object, u"__del__"):
465
534
dbus.service.Object.__del__(self, *args, **kwargs)
466
535
Client.__del__(self, *args, **kwargs)
467
536
492
561
# Emit D-Bus signal
493
562
self.PropertyChanged(
494
563
dbus.String(u"last_checked_ok"),
495
(_datetime_to_dbus(self.last_checked_ok,
496
variant_level=1)))
564
(self._datetime_to_dbus(self.last_checked_ok,
565
variant_level=1)))
497
566
return r
498
567
499
568
def start_checker(self, *args, **kwargs):
509
578
# Emit D-Bus signal
510
579
self.CheckerStarted(self.current_checker_command)
511
580
self.PropertyChanged(
512
dbus.String("checker_running"),
581
dbus.String(u"checker_running"),
513
582
dbus.Boolean(True, variant_level=1))
514
583
return r
515
584
516
585
def stop_checker(self, *args, **kwargs):
517
old_checker = getattr(self, "checker", None)
586
old_checker = getattr(self, u"checker", None)
518
587
r = Client.stop_checker(self, *args, **kwargs)
519
588
if (old_checker is not None
520
and getattr(self, "checker", None) is None):
589
and getattr(self, u"checker", None) is None):
521
590
self.PropertyChanged(dbus.String(u"checker_running"),
522
591
dbus.Boolean(False, variant_level=1))
523
592
return r
526
595
_interface = u"se.bsnet.fukt.Mandos.Client"
527
596
528
597
# CheckedOK - method
529
CheckedOK = dbus.service.method(_interface)(checked_ok)
530
CheckedOK.__name__ = "CheckedOK"
598
@dbus.service.method(_interface)
599
def CheckedOK(self):
600
return self.checked_ok()
531
601
532
602
# CheckerCompleted - signal
533
@dbus.service.signal(_interface, signature="nxs")
603
@dbus.service.signal(_interface, signature=u"nxs")
534
604
def CheckerCompleted(self, exitcode, waitstatus, command):
535
605
"D-Bus signal"
536
606
pass
537
607
538
608
# CheckerStarted - signal
539
@dbus.service.signal(_interface, signature="s")
609
@dbus.service.signal(_interface, signature=u"s")
540
610
def CheckerStarted(self, command):
541
611
"D-Bus signal"
542
612
pass
543
613
544
614
# GetAllProperties - method
545
@dbus.service.method(_interface, out_signature="a{sv}")
615
@dbus.service.method(_interface, out_signature=u"a{sv}")
546
616
def GetAllProperties(self):
547
617
"D-Bus method"
548
618
return dbus.Dictionary({
549
dbus.String("name"):
619
dbus.String(u"name"):
550
620
dbus.String(self.name, variant_level=1),
551
dbus.String("fingerprint"):
621
dbus.String(u"fingerprint"):
552
622
dbus.String(self.fingerprint, variant_level=1),
553
dbus.String("host"):
623
dbus.String(u"host"):
554
624
dbus.String(self.host, variant_level=1),
555
dbus.String("created"):
556
_datetime_to_dbus(self.created, variant_level=1),
557
dbus.String("last_enabled"):
558
(_datetime_to_dbus(self.last_enabled,
559
variant_level=1)
625
dbus.String(u"created"):
626
self._datetime_to_dbus(self.created,
627
variant_level=1),
628
dbus.String(u"last_enabled"):
629
(self._datetime_to_dbus(self.last_enabled,
630
variant_level=1)
560
631
if self.last_enabled is not None
561
632
else dbus.Boolean(False, variant_level=1)),
562
dbus.String("enabled"):
633
dbus.String(u"enabled"):
563
634
dbus.Boolean(self.enabled, variant_level=1),
564
dbus.String("last_checked_ok"):
565
(_datetime_to_dbus(self.last_checked_ok,
566
variant_level=1)
635
dbus.String(u"last_checked_ok"):
636
(self._datetime_to_dbus(self.last_checked_ok,
637
variant_level=1)
567
638
if self.last_checked_ok is not None
568
639
else dbus.Boolean (False, variant_level=1)),
569
dbus.String("timeout"):
640
dbus.String(u"timeout"):
570
641
dbus.UInt64(self.timeout_milliseconds(),
571
642
variant_level=1),
572
dbus.String("interval"):
643
dbus.String(u"interval"):
573
644
dbus.UInt64(self.interval_milliseconds(),
574
645
variant_level=1),
575
dbus.String("checker"):
646
dbus.String(u"checker"):
576
647
dbus.String(self.checker_command,
577
648
variant_level=1),
578
dbus.String("checker_running"):
649
dbus.String(u"checker_running"):
579
650
dbus.Boolean(self.checker is not None,
580
651
variant_level=1),
581
dbus.String("object_path"):
652
dbus.String(u"object_path"):
582
653
dbus.ObjectPath(self.dbus_object_path,
583
654
variant_level=1)
584
}, signature="sv")
655
}, signature=u"sv")
585
656
586
657
# IsStillValid - method
587
@dbus.service.method(_interface, out_signature="b")
658
@dbus.service.method(_interface, out_signature=u"b")
588
659
def IsStillValid(self):
589
660
return self.still_valid()
590
661
591
662
# PropertyChanged - signal
592
@dbus.service.signal(_interface, signature="sv")
663
@dbus.service.signal(_interface, signature=u"sv")
593
664
def PropertyChanged(self, property, value):
594
665
"D-Bus signal"
595
666
pass
607
678
pass
608
679
609
680
# SetChecker - method
610
@dbus.service.method(_interface, in_signature="s")
681
@dbus.service.method(_interface, in_signature=u"s")
611
682
def SetChecker(self, checker):
612
683
"D-Bus setter method"
613
684
self.checker_command = checker
617
688
variant_level=1))
618
689
619
690
# SetHost - method
620
@dbus.service.method(_interface, in_signature="s")
691
@dbus.service.method(_interface, in_signature=u"s")
621
692
def SetHost(self, host):
622
693
"D-Bus setter method"
623
694
self.host = host
626
697
dbus.String(self.host, variant_level=1))
627
698
628
699
# SetInterval - method
629
@dbus.service.method(_interface, in_signature="t")
700
@dbus.service.method(_interface, in_signature=u"t")
630
701
def SetInterval(self, milliseconds):
631
702
self.interval = datetime.timedelta(0, 0, 0, milliseconds)
632
703
# Emit D-Bus signal
635
706
variant_level=1)))
636
707
637
708
# SetSecret - method
638
@dbus.service.method(_interface, in_signature="ay",
709
@dbus.service.method(_interface, in_signature=u"ay",
639
710
byte_arrays=True)
640
711
def SetSecret(self, secret):
641
712
"D-Bus setter method"
642
713
self.secret = str(secret)
643
714
644
715
# SetTimeout - method
645
@dbus.service.method(_interface, in_signature="t")
716
@dbus.service.method(_interface, in_signature=u"t")
646
717
def SetTimeout(self, milliseconds):
647
718
self.timeout = datetime.timedelta(0, 0, 0, milliseconds)
648
719
# Emit D-Bus signal
651
722
variant_level=1)))
652
723
653
724
# Enable - method
654
Enable = dbus.service.method(_interface)(enable)
655
Enable.__name__ = "Enable"
725
@dbus.service.method(_interface)
726
def Enable(self):
727
"D-Bus method"
728
self.enable()
656
729
657
730
# StartChecker - method
658
731
@dbus.service.method(_interface)
667
740
self.disable()
668
741
669
742
# StopChecker - method
670
StopChecker = dbus.service.method(_interface)(stop_checker)
671
StopChecker.__name__ = "StopChecker"
743
@dbus.service.method(_interface)
744
def StopChecker(self):
745
self.stop_checker()
672
746
673
747
del _interface
674
748
675
749
676
class TCP_handler(SocketServer.BaseRequestHandler, object):
677
"""A TCP request handler class.
678
Instantiated by IPv6_TCPServer for each request to handle it.
750
class ClientHandler(socketserver.BaseRequestHandler, object):
751
"""A class to handle client connections.
752
753
Instantiated once for each connection to handle it.
679
754
Note: This will run in its own forked process."""
680
755
681
756
def handle(self):
683
758
unicode(self.client_address))
684
759
logger.debug(u"IPC Pipe FD: %d", self.server.pipe[1])
685
760
# Open IPC pipe to parent process
686
with closing(os.fdopen(self.server.pipe[1], "w", 1)) as ipc:
761
with closing(os.fdopen(self.server.pipe[1], u"w", 1)) as ipc:
687
762
session = (gnutls.connection
688
763
.ClientSession(self.request,
689
764
gnutls.connection
703
778
# no X.509 keys are added to it. Therefore, we can use it
704
779
# here despite using OpenPGP certificates.
705
780
706
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
707
# "+AES-256-CBC", "+SHA1",
708
# "+COMP-NULL", "+CTYPE-OPENPGP",
709
# "+DHE-DSS"))
781
#priority = u':'.join((u"NONE", u"+VERS-TLS1.1",
782
# u"+AES-256-CBC", u"+SHA1",
783
# u"+COMP-NULL", u"+CTYPE-OPENPGP",
784
# u"+DHE-DSS"))
710
785
# Use a fallback default, since this MUST be set.
711
priority = self.server.settings.get("priority", "NORMAL")
786
priority = self.server.gnutls_priority
787
if priority is None:
788
priority = u"NORMAL"
712
789
(gnutls.library.functions
713
790
.gnutls_priority_set_direct(session._c_object,
714
791
priority, None))
734
811
client = c
735
812
break
736
813
else:
737
ipc.write("NOTFOUND %s\n" % fpr)
814
ipc.write(u"NOTFOUND %s\n" % fpr)
738
815
session.bye()
739
816
return
740
817
# Have to check if client.still_valid(), since it is
741
818
# possible that the client timed out while establishing
742
819
# the GnuTLS session.
743
820
if not client.still_valid():
744
ipc.write("INVALID %s\n" % client.name)
821
ipc.write(u"INVALID %s\n" % client.name)
745
822
session.bye()
746
823
return
747
ipc.write("SENDING %s\n" % client.name)
824
ipc.write(u"SENDING %s\n" % client.name)
748
825
sent_size = 0
749
826
while sent_size < len(client.secret):
750
827
sent = session.send(client.secret[sent_size:])
768
845
.gnutls_certificate_get_peers
769
846
(session._c_object, ctypes.byref(list_size)))
770
847
if not bool(cert_list) and list_size.value != 0:
771
raise gnutls.errors.GNUTLSError("error getting peer"
772
" certificate")
848
raise gnutls.errors.GNUTLSError(u"error getting peer"
849
u" certificate")
773
850
if list_size.value == 0:
774
851
return None
775
852
cert = cert_list[0]
801
878
if crtverify.value != 0:
802
879
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
803
880
raise (gnutls.errors.CertificateSecurityError
804
("Verify failed"))
881
(u"Verify failed"))
805
882
# New buffer for the fingerprint
806
883
buf = ctypes.create_string_buffer(20)
807
884
buf_len = ctypes.c_size_t()
818
895
return hex_fpr
819
896
820
897
821
class ForkingMixInWithPipe(SocketServer.ForkingMixIn, object):
822
"""Like SocketServer.ForkingMixIn, but also pass a pipe.
823
Assumes a gobject.MainLoop event loop.
824
"""
898
class ForkingMixInWithPipe(socketserver.ForkingMixIn, object):
899
"""Like socketserver.ForkingMixIn, but also pass a pipe."""
825
900
def process_request(self, request, client_address):
826
"""This overrides and wraps the original process_request().
901
"""Overrides and wraps the original process_request().
902
827
903
This function creates a new pipe in self.pipe
828
904
"""
829
905
self.pipe = os.pipe()
830
906
super(ForkingMixInWithPipe,
831
907
self).process_request(request, client_address)
832
908
os.close(self.pipe[1]) # close write end
833
# Call "handle_ipc" for both data and EOF events
834
gobject.io_add_watch(self.pipe[0],
835
gobject.IO_IN | gobject.IO_HUP,
836
self.handle_ipc)
837
def handle_ipc(source, condition):
909
self.add_pipe(self.pipe[0])
910
def add_pipe(self, pipe):
838
911
"""Dummy function; override as necessary"""
839
os.close(source)
840
return False
912
os.close(pipe)
841
913
842
914
843
915
class IPv6_TCPServer(ForkingMixInWithPipe,
844
SocketServer.TCPServer, object):
916
socketserver.TCPServer, object):
845
917
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
918
846
919
Attributes:
847
settings: Server settings
848
clients: Set() of Client objects
849
920
enabled: Boolean; whether this server is activated yet
921
interface: None or a network interface name (string)
922
use_ipv6: Boolean; to use IPv6 or not
850
923
"""
851
address_family = socket.AF_INET6
852
def __init__(self, *args, **kwargs):
853
if "settings" in kwargs:
854
self.settings = kwargs["settings"]
855
del kwargs["settings"]
856
if "clients" in kwargs:
857
self.clients = kwargs["clients"]
858
del kwargs["clients"]
859
if "use_ipv6" in kwargs:
860
if not kwargs["use_ipv6"]:
861
self.address_family = socket.AF_INET
862
del kwargs["use_ipv6"]
863
self.enabled = False
864
super(IPv6_TCPServer, self).__init__(*args, **kwargs)
924
def __init__(self, server_address, RequestHandlerClass,
925
interface=None, use_ipv6=True):
926
self.interface = interface
927
if use_ipv6:
928
self.address_family = socket.AF_INET6
929
socketserver.TCPServer.__init__(self, server_address,
930
RequestHandlerClass)
865
931
def server_bind(self):
866
932
"""This overrides the normal server_bind() function
867
933
to bind to an interface if one was specified, and also NOT to
868
934
bind to an address or port if they were not specified."""
869
if self.settings["interface"]:
870
# 25 is from /usr/include/asm-i486/socket.h
871
SO_BINDTODEVICE = getattr(socket, "SO_BINDTODEVICE", 25)
872
try:
873
self.socket.setsockopt(socket.SOL_SOCKET,
874
SO_BINDTODEVICE,
875
self.settings["interface"])
876
except socket.error, error:
877
if error[0] == errno.EPERM:
878
logger.error(u"No permission to"
879
u" bind to interface %s",
880
self.settings["interface"])
881
else:
882
raise
935
if self.interface is not None:
936
if SO_BINDTODEVICE is None:
937
logger.error(u"SO_BINDTODEVICE does not exist;"
938
u" cannot bind to interface %s",
939
self.interface)
940
else:
941
try:
942
self.socket.setsockopt(socket.SOL_SOCKET,
943
SO_BINDTODEVICE,
944
str(self.interface
945
+ u'\0'))
946
except socket.error, error:
947
if error[0] == errno.EPERM:
948
logger.error(u"No permission to"
949
u" bind to interface %s",
950
self.interface)
951
elif error[0] == errno.ENOPROTOOPT:
952
logger.error(u"SO_BINDTODEVICE not available;"
953
u" cannot bind to interface %s",
954
self.interface)
955
else:
956
raise
883
957
# Only bind(2) the socket if we really need to.
884
958
if self.server_address[0] or self.server_address[1]:
885
959
if not self.server_address[0]:
886
960
if self.address_family == socket.AF_INET6:
887
any_address = "::" # in6addr_any
961
any_address = u"::" # in6addr_any
888
962
else:
889
963
any_address = socket.INADDR_ANY
890
964
self.server_address = (any_address,
892
966
elif not self.server_address[1]:
893
967
self.server_address = (self.server_address[0],
894
968
0)
895
# if self.settings["interface"]:
969
# if self.interface:
896
970
# self.server_address = (self.server_address[0],
897
971
# 0, # port
898
972
# 0, # flowinfo
899
973
# if_nametoindex
900
# (self.settings
901
# ["interface"]))
902
return super(IPv6_TCPServer, self).server_bind()
974
# (self.interface))
975
return socketserver.TCPServer.server_bind(self)
976
977
978
class MandosServer(IPv6_TCPServer):
979
"""Mandos server.
980
981
Attributes:
982
clients: set of Client objects
983
gnutls_priority GnuTLS priority string
984
use_dbus: Boolean; to emit D-Bus signals or not
985
clients: set of Client objects
986
gnutls_priority GnuTLS priority string
987
use_dbus: Boolean; to emit D-Bus signals or not
988
989
Assumes a gobject.MainLoop event loop.
990
"""
991
def __init__(self, server_address, RequestHandlerClass,
992
interface=None, use_ipv6=True, clients=None,
993
gnutls_priority=None, use_dbus=True):
994
self.enabled = False
995
self.clients = clients
996
if self.clients is None:
997
self.clients = set()
998
self.use_dbus = use_dbus
999
self.gnutls_priority = gnutls_priority
1000
IPv6_TCPServer.__init__(self, server_address,
1001
RequestHandlerClass,
1002
interface = interface,
1003
use_ipv6 = use_ipv6)
903
1004
def server_activate(self):
904
1005
if self.enabled:
905
return super(IPv6_TCPServer, self).server_activate()
1006
return socketserver.TCPServer.server_activate(self)
906
1007
def enable(self):
907
1008
self.enabled = True
1009
def add_pipe(self, pipe):
1010
# Call "handle_ipc" for both data and EOF events
1011
gobject.io_add_watch(pipe, gobject.IO_IN | gobject.IO_HUP,
1012
self.handle_ipc)
908
1013
def handle_ipc(self, source, condition, file_objects={}):
909
1014
condition_names = {
910
gobject.IO_IN: "IN", # There is data to read.
911
gobject.IO_OUT: "OUT", # Data can be written (without
912
# blocking).
913
gobject.IO_PRI: "PRI", # There is urgent data to read.
914
gobject.IO_ERR: "ERR", # Error condition.
915
gobject.IO_HUP: "HUP" # Hung up (the connection has been
916
# broken, usually for pipes and
917
# sockets).
1015
gobject.IO_IN: u"IN", # There is data to read.
1016
gobject.IO_OUT: u"OUT", # Data can be written (without
1017
# blocking).
1018
gobject.IO_PRI: u"PRI", # There is urgent data to read.
1019
gobject.IO_ERR: u"ERR", # Error condition.
1020
gobject.IO_HUP: u"HUP" # Hung up (the connection has been
1021
# broken, usually for pipes and
1022
# sockets).
918
1023
}
919
1024
conditions_string = ' | '.join(name
920
1025
for cond, name in
921
1026
condition_names.iteritems()
922
1027
if cond & condition)
923
logger.debug("Handling IPC: FD = %d, condition = %s", source,
1028
logger.debug(u"Handling IPC: FD = %d, condition = %s", source,
924
1029
conditions_string)
925
1030
926
1031
# Turn the pipe file descriptor into a Python file object
927
1032
if source not in file_objects:
928
file_objects[source] = os.fdopen(source, "r", 1)
1033
file_objects[source] = os.fdopen(source, u"r", 1)
929
1034
930
1035
# Read a line from the file object
931
1036
cmdline = file_objects[source].readline()
937
1042
# Stop calling this function
938
1043
return False
939
1044
940
logger.debug("IPC command: %r", cmdline)
1045
logger.debug(u"IPC command: %r", cmdline)
941
1046
942
1047
# Parse and act on command
943
cmd, args = cmdline.rstrip("\r\n").split(None, 1)
1048
cmd, args = cmdline.rstrip(u"\r\n").split(None, 1)
944
1049
945
if cmd == "NOTFOUND":
1050
if cmd == u"NOTFOUND":
946
1051
logger.warning(u"Client not found for fingerprint: %s",
947
1052
args)
948
if self.settings["use_dbus"]:
1053
if self.use_dbus:
949
1054
# Emit D-Bus signal
950
1055
mandos_dbus_service.ClientNotFound(args)
951
elif cmd == "INVALID":
1056
elif cmd == u"INVALID":
952
1057
for client in self.clients:
953
1058
if client.name == args:
954
1059
logger.warning(u"Client %s is invalid", args)
955
if self.settings["use_dbus"]:
1060
if self.use_dbus:
956
1061
# Emit D-Bus signal
957
1062
client.Rejected()
958
1063
break
959
1064
else:
960
1065
logger.error(u"Unknown client %s is invalid", args)
961
elif cmd == "SENDING":
1066
elif cmd == u"SENDING":
962
1067
for client in self.clients:
963
1068
if client.name == args:
964
1069
logger.info(u"Sending secret to %s", client.name)
965
1070
client.checked_ok()
966
if self.settings["use_dbus"]:
1071
if self.use_dbus:
967
1072
# Emit D-Bus signal
968
1073
client.ReceivedSecret()
969
1074
break
971
1076
logger.error(u"Sending secret to unknown client %s",
972
1077
args)
973
1078
else:
974
logger.error("Unknown IPC command: %r", cmdline)
1079
logger.error(u"Unknown IPC command: %r", cmdline)
975
1080
976
1081
# Keep calling this function
977
1082
return True
980
1085
def string_to_delta(interval):
981
1086
"""Parse a string and return a datetime.timedelta
982
1087
983
>>> string_to_delta('7d')
1088
>>> string_to_delta(u'7d')
984
1089
datetime.timedelta(7)
985
>>> string_to_delta('60s')
1090
>>> string_to_delta(u'60s')
986
1091
datetime.timedelta(0, 60)
987
>>> string_to_delta('60m')
1092
>>> string_to_delta(u'60m')
988
1093
datetime.timedelta(0, 3600)
989
>>> string_to_delta('24h')
1094
>>> string_to_delta(u'24h')
990
1095
datetime.timedelta(1)
991
1096
>>> string_to_delta(u'1w')
992
1097
datetime.timedelta(7)
993
>>> string_to_delta('5m 30s')
1098
>>> string_to_delta(u'5m 30s')
994
1099
datetime.timedelta(0, 330)
995
1100
"""
996
1101
timevalue = datetime.timedelta(0)
1016
1121
return timevalue
1017
1122
1018
1123
1019
def server_state_changed(state):
1020
"""Derived from the Avahi example code"""
1021
if state == avahi.SERVER_COLLISION:
1022
logger.error(u"Zeroconf server name collision")
1023
service.remove()
1024
elif state == avahi.SERVER_RUNNING:
1025
service.add()
1026
1027
1028
def entry_group_state_changed(state, error):
1029
"""Derived from the Avahi example code"""
1030
logger.debug(u"Avahi state change: %i", state)
1031
1032
if state == avahi.ENTRY_GROUP_ESTABLISHED:
1033
logger.debug(u"Zeroconf service established.")
1034
elif state == avahi.ENTRY_GROUP_COLLISION:
1035
logger.warning(u"Zeroconf service name collision.")
1036
service.rename()
1037
elif state == avahi.ENTRY_GROUP_FAILURE:
1038
logger.critical(u"Avahi: Error in group state changed %s",
1039
unicode(error))
1040
raise AvahiGroupError(u"State changed: %s" % unicode(error))
1041
1042
1124
def if_nametoindex(interface):
1043
"""Call the C function if_nametoindex(), or equivalent"""
1125
"""Call the C function if_nametoindex(), or equivalent
1126
1127
Note: This function cannot accept a unicode string."""
1044
1128
global if_nametoindex
1045
1129
try:
1046
1130
if_nametoindex = (ctypes.cdll.LoadLibrary
1047
(ctypes.util.find_library("c"))
1131
(ctypes.util.find_library(u"c"))
1048
1132
.if_nametoindex)
1049
1133
except (OSError, AttributeError):
1050
if "struct" not in sys.modules:
1051
import struct
1052
if "fcntl" not in sys.modules:
1053
import fcntl
1134
logger.warning(u"Doing if_nametoindex the hard way")
1054
1135
def if_nametoindex(interface):
1055
1136
"Get an interface index the hard way, i.e. using fcntl()"
1056
1137
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
1057
1138
with closing(socket.socket()) as s:
1058
1139
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
1059
struct.pack("16s16x", interface))
1060
interface_index = struct.unpack("I", ifreq[16:20])[0]
1140
struct.pack(str(u"16s16x"),
1141
interface))
1142
interface_index = struct.unpack(str(u"I"),
1143
ifreq[16:20])[0]
1061
1144
return interface_index
1062
1145
return if_nametoindex(interface)
1063
1146
1064
1147
1065
1148
def daemon(nochdir = False, noclose = False):
1066
1149
"""See daemon(3). Standard BSD Unix function.
1150
1067
1151
This should really exist as os.daemon, but it doesn't (yet)."""
1068
1152
if os.fork():
1069
1153
sys.exit()
1070
1154
os.setsid()
1071
1155
if not nochdir:
1072
os.chdir("/")
1156
os.chdir(u"/")
1073
1157
if os.fork():
1074
1158
sys.exit()
1075
1159
if not noclose:
1077
1161
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1078
1162
if not stat.S_ISCHR(os.fstat(null).st_mode):
1079
1163
raise OSError(errno.ENODEV,
1080
"/dev/null not a character device")
1164
u"/dev/null not a character device")
1081
1165
os.dup2(null, sys.stdin.fileno())
1082
1166
os.dup2(null, sys.stdout.fileno())
1083
1167
os.dup2(null, sys.stderr.fileno())
1091
1175
# Parsing of options, both command line and config file
1092
1176
1093
1177
parser = optparse.OptionParser(version = "%%prog %s" % version)
1094
parser.add_option("-i", "--interface", type="string",
1095
metavar="IF", help="Bind to interface IF")
1096
parser.add_option("-a", "--address", type="string",
1097
help="Address to listen for requests on")
1098
parser.add_option("-p", "--port", type="int",
1099
help="Port number to receive requests on")
1100
parser.add_option("--check", action="store_true",
1101
help="Run self-test")
1102
parser.add_option("--debug", action="store_true",
1103
help="Debug mode; run in foreground and log to"
1104
" terminal")
1105
parser.add_option("--priority", type="string", help="GnuTLS"
1106
" priority string (see GnuTLS documentation)")
1107
parser.add_option("--servicename", type="string", metavar="NAME",
1108
help="Zeroconf service name")
1109
parser.add_option("--configdir", type="string",
1110
default="/etc/mandos", metavar="DIR",
1111
help="Directory to search for configuration"
1112
" files")
1113
parser.add_option("--no-dbus", action="store_false",
1114
dest="use_dbus",
1115
help="Do not provide D-Bus system bus"
1116
" interface")
1117
parser.add_option("--no-ipv6", action="store_false",
1118
dest="use_ipv6", help="Do not use IPv6")
1178
parser.add_option("-i", u"--interface", type=u"string",
1179
metavar="IF", help=u"Bind to interface IF")
1180
parser.add_option("-a", u"--address", type=u"string",
1181
help=u"Address to listen for requests on")
1182
parser.add_option("-p", u"--port", type=u"int",
1183
help=u"Port number to receive requests on")
1184
parser.add_option("--check", action=u"store_true",
1185
help=u"Run self-test")
1186
parser.add_option("--debug", action=u"store_true",
1187
help=u"Debug mode; run in foreground and log to"
1188
u" terminal")
1189
parser.add_option("--priority", type=u"string", help=u"GnuTLS"
1190
u" priority string (see GnuTLS documentation)")
1191
parser.add_option("--servicename", type=u"string",
1192
metavar=u"NAME", help=u"Zeroconf service name")
1193
parser.add_option("--configdir", type=u"string",
1194
default=u"/etc/mandos", metavar=u"DIR",
1195
help=u"Directory to search for configuration"
1196
u" files")
1197
parser.add_option("--no-dbus", action=u"store_false",
1198
dest=u"use_dbus", help=u"Do not provide D-Bus"
1199
u" system bus interface")
1200
parser.add_option("--no-ipv6", action=u"store_false",
1201
dest=u"use_ipv6", help=u"Do not use IPv6")
1119
1202
options = parser.parse_args()[0]
1120
1203
1121
1204
if options.check:
1124
1207
sys.exit()
1125
1208
1126
1209
# Default values for config file for server-global settings
1127
server_defaults = { "interface": "",
1128
"address": "",
1129
"port": "",
1130
"debug": "False",
1131
"priority":
1132
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1133
"servicename": "Mandos",
1134
"use_dbus": "True",
1135
"use_ipv6": "True",
1210
server_defaults = { u"interface": u"",
1211
u"address": u"",
1212
u"port": u"",
1213
u"debug": u"False",
1214
u"priority":
1215
u"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1216
u"servicename": u"Mandos",
1217
u"use_dbus": u"True",
1218
u"use_ipv6": u"True",
1136
1219
}
1137
1220
1138
1221
# Parse config file for server-global settings
1139
server_config = ConfigParser.SafeConfigParser(server_defaults)
1222
server_config = configparser.SafeConfigParser(server_defaults)
1140
1223
del server_defaults
1141
server_config.read(os.path.join(options.configdir, "mandos.conf"))
1224
server_config.read(os.path.join(options.configdir,
1225
u"mandos.conf"))
1142
1226
# Convert the SafeConfigParser object to a dict
1143
1227
server_settings = server_config.defaults()
1144
1228
# Use the appropriate methods on the non-string config options
1145
server_settings["debug"] = server_config.getboolean("DEFAULT",
1146
"debug")
1147
server_settings["use_dbus"] = server_config.getboolean("DEFAULT",
1148
"use_dbus")
1149
server_settings["use_ipv6"] = server_config.getboolean("DEFAULT",
1150
"use_ipv6")
1229
for option in (u"debug", u"use_dbus", u"use_ipv6"):
1230
server_settings[option] = server_config.getboolean(u"DEFAULT",
1231
option)
1151
1232
if server_settings["port"]:
1152
server_settings["port"] = server_config.getint("DEFAULT",
1153
"port")
1233
server_settings["port"] = server_config.getint(u"DEFAULT",
1234
u"port")
1154
1235
del server_config
1155
1236
1156
1237
# Override the settings from the config file with command line
1157
1238
# options, if set.
1158
for option in ("interface", "address", "port", "debug",
1159
"priority", "servicename", "configdir",
1160
"use_dbus", "use_ipv6"):
1239
for option in (u"interface", u"address", u"port", u"debug",
1240
u"priority", u"servicename", u"configdir",
1241
u"use_dbus", u"use_ipv6"):
1161
1242
value = getattr(options, option)
1162
1243
if value is not None:
1163
1244
server_settings[option] = value
1164
1245
del options
1246
# Force all strings to be unicode
1247
for option in server_settings.keys():
1248
if type(server_settings[option]) is str:
1249
server_settings[option] = unicode(server_settings[option])
1165
1250
# Now we have our good server settings in "server_settings"
1166
1251
1167
1252
##################################################################
1168
1253
1169
1254
# For convenience
1170
debug = server_settings["debug"]
1171
use_dbus = server_settings["use_dbus"]
1172
use_ipv6 = server_settings["use_ipv6"]
1255
debug = server_settings[u"debug"]
1256
use_dbus = server_settings[u"use_dbus"]
1257
use_ipv6 = server_settings[u"use_ipv6"]
1173
1258
1174
1259
if not debug:
1175
1260
syslogger.setLevel(logging.WARNING)
1176
1261
console.setLevel(logging.WARNING)
1177
1262
1178
if server_settings["servicename"] != "Mandos":
1263
if server_settings[u"servicename"] != u"Mandos":
1179
1264
syslogger.setFormatter(logging.Formatter
1180
('Mandos (%s) [%%(process)d]:'
1181
' %%(levelname)s: %%(message)s'
1182
% server_settings["servicename"]))
1265
(u'Mandos (%s) [%%(process)d]:'
1266
u' %%(levelname)s: %%(message)s'
1267
% server_settings[u"servicename"]))
1183
1268
1184
1269
# Parse config file with clients
1185
client_defaults = { "timeout": "1h",
1186
"interval": "5m",
1187
"checker": "fping -q -- %%(host)s",
1188
"host": "",
1270
client_defaults = { u"timeout": u"1h",
1271
u"interval": u"5m",
1272
u"checker": u"fping -q -- %%(host)s",
1273
u"host": u"",
1189
1274
}
1190
client_config = ConfigParser.SafeConfigParser(client_defaults)
1191
client_config.read(os.path.join(server_settings["configdir"],
1192
"clients.conf"))
1193
1275
client_config = configparser.SafeConfigParser(client_defaults)
1276
client_config.read(os.path.join(server_settings[u"configdir"],
1277
u"clients.conf"))
1278
1194
1279
global mandos_dbus_service
1195
1280
mandos_dbus_service = None
1196
1281
1197
clients = Set()
1198
tcp_server = IPv6_TCPServer((server_settings["address"],
1199
server_settings["port"]),
1200
TCP_handler,
1201
settings=server_settings,
1202
clients=clients, use_ipv6=use_ipv6)
1203
pidfilename = "/var/run/mandos.pid"
1282
tcp_server = MandosServer((server_settings[u"address"],
1283
server_settings[u"port"]),
1284
ClientHandler,
1285
interface=server_settings[u"interface"],
1286
use_ipv6=use_ipv6,
1287
gnutls_priority=
1288
server_settings[u"priority"],
1289
use_dbus=use_dbus)
1290
pidfilename = u"/var/run/mandos.pid"
1204
1291
try:
1205
pidfile = open(pidfilename, "w")
1292
pidfile = open(pidfilename, u"w")
1206
1293
except IOError:
1207
logger.error("Could not open file %r", pidfilename)
1294
logger.error(u"Could not open file %r", pidfilename)
1208
1295
1209
1296
try:
1210
uid = pwd.getpwnam("_mandos").pw_uid
1211
gid = pwd.getpwnam("_mandos").pw_gid
1297
uid = pwd.getpwnam(u"_mandos").pw_uid
1298
gid = pwd.getpwnam(u"_mandos").pw_gid
1212
1299
except KeyError:
1213
1300
try:
1214
uid = pwd.getpwnam("mandos").pw_uid
1215
gid = pwd.getpwnam("mandos").pw_gid
1301
uid = pwd.getpwnam(u"mandos").pw_uid
1302
gid = pwd.getpwnam(u"mandos").pw_gid
1216
1303
except KeyError:
1217
1304
try:
1218
uid = pwd.getpwnam("nobody").pw_uid
1219
gid = pwd.getpwnam("nogroup").pw_gid
1305
uid = pwd.getpwnam(u"nobody").pw_uid
1306
gid = pwd.getpwnam(u"nobody").pw_gid
1220
1307
except KeyError:
1221
1308
uid = 65534
1222
1309
gid = 65534
1235
1322
1236
1323
@gnutls.library.types.gnutls_log_func
1237
1324
def debug_gnutls(level, string):
1238
logger.debug("GnuTLS: %s", string[:-1])
1325
logger.debug(u"GnuTLS: %s", string[:-1])
1239
1326
1240
1327
(gnutls.library.functions
1241
1328
.gnutls_global_set_log_function(debug_gnutls))
1242
1329
1243
global service
1244
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
1245
service = AvahiService(name = server_settings["servicename"],
1246
servicetype = "_mandos._tcp",
1247
protocol = protocol)
1248
if server_settings["interface"]:
1249
service.interface = (if_nametoindex
1250
(server_settings["interface"]))
1251
1252
1330
global main_loop
1253
global bus
1254
global server
1255
1331
# From the Avahi example code
1256
1332
DBusGMainLoop(set_as_default=True )
1257
1333
main_loop = gobject.MainLoop()
1258
1334
bus = dbus.SystemBus()
1259
server = dbus.Interface(bus.get_object(avahi.DBUS_NAME,
1260
avahi.DBUS_PATH_SERVER),
1261
avahi.DBUS_INTERFACE_SERVER)
1262
1335
# End of Avahi example code
1263
1336
if use_dbus:
1264
1337
bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos", bus)
1338
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
1339
service = AvahiService(name = server_settings[u"servicename"],
1340
servicetype = u"_mandos._tcp",
1341
protocol = protocol, bus = bus)
1342
if server_settings["interface"]:
1343
service.interface = (if_nametoindex
1344
(str(server_settings[u"interface"])))
1265
1345
1266
1346
client_class = Client
1267
1347
if use_dbus:
1268
client_class = ClientDBus
1269
clients.update(Set(
1348
client_class = functools.partial(ClientDBus, bus = bus)
1349
tcp_server.clients.update(set(
1270
1350
client_class(name = section,
1271
1351
config= dict(client_config.items(section)))
1272
1352
for section in client_config.sections()))
1273
if not clients:
1353
if not tcp_server.clients:
1274
1354
logger.warning(u"No clients defined")
1275
1355
1276
1356
if debug:
1300
1380
1301
1381
def cleanup():
1302
1382
"Cleanup function; run on exit"
1303
global group
1304
# From the Avahi example code
1305
if not group is None:
1306
group.Free()
1307
group = None
1308
# End of Avahi example code
1383
service.cleanup()
1309
1384
1310
while clients:
1311
client = clients.pop()
1385
while tcp_server.clients:
1386
client = tcp_server.clients.pop()
1312
1387
client.disable_hook = None
1313
1388
client.disable()
1314
1389
1323
1398
class MandosDBusService(dbus.service.Object):
1324
1399
"""A D-Bus proxy object"""
1325
1400
def __init__(self):
1326
dbus.service.Object.__init__(self, bus, "/")
1401
dbus.service.Object.__init__(self, bus, u"/")
1327
1402
_interface = u"se.bsnet.fukt.Mandos"
1328
1403
1329
@dbus.service.signal(_interface, signature="oa{sv}")
1404
@dbus.service.signal(_interface, signature=u"oa{sv}")
1330
1405
def ClientAdded(self, objpath, properties):
1331
1406
"D-Bus signal"
1332
1407
pass
1333
1408
1334
@dbus.service.signal(_interface, signature="s")
1409
@dbus.service.signal(_interface, signature=u"s")
1335
1410
def ClientNotFound(self, fingerprint):
1336
1411
"D-Bus signal"
1337
1412
pass
1338
1413
1339
@dbus.service.signal(_interface, signature="os")
1414
@dbus.service.signal(_interface, signature=u"os")
1340
1415
def ClientRemoved(self, objpath, name):
1341
1416
"D-Bus signal"
1342
1417
pass
1343
1418
1344
@dbus.service.method(_interface, out_signature="ao")
1419
@dbus.service.method(_interface, out_signature=u"ao")
1345
1420
def GetAllClients(self):
1346
1421
"D-Bus method"
1347
return dbus.Array(c.dbus_object_path for c in clients)
1422
return dbus.Array(c.dbus_object_path
1423
for c in tcp_server.clients)
1348
1424
1349
@dbus.service.method(_interface, out_signature="a{oa{sv}}")
1425
@dbus.service.method(_interface,
1426
out_signature=u"a{oa{sv}}")
1350
1427
def GetAllClientsWithProperties(self):
1351
1428
"D-Bus method"
1352
1429
return dbus.Dictionary(
1353
1430
((c.dbus_object_path, c.GetAllProperties())
1354
for c in clients),
1355
signature="oa{sv}")
1431
for c in tcp_server.clients),
1432
signature=u"oa{sv}")
1356
1433
1357
@dbus.service.method(_interface, in_signature="o")
1434
@dbus.service.method(_interface, in_signature=u"o")
1358
1435
def RemoveClient(self, object_path):
1359
1436
"D-Bus method"
1360
for c in clients:
1437
for c in tcp_server.clients:
1361
1438
if c.dbus_object_path == object_path:
1362
clients.remove(c)
1439
tcp_server.clients.remove(c)
1363
1440
c.remove_from_connection()
1364
1441
# Don't signal anything except ClientRemoved
1365
1442
c.disable(signal=False)
1372
1449
1373
1450
mandos_dbus_service = MandosDBusService()
1374
1451
1375
for client in clients:
1452
for client in tcp_server.clients:
1376
1453
if use_dbus:
1377
1454
# Emit D-Bus signal
1378
1455
mandos_dbus_service.ClientAdded(client.dbus_object_path,
1396
1473
1397
1474
try:
1398
1475
# From the Avahi example code
1399
server.connect_to_signal("StateChanged", server_state_changed)
1400
1476
try:
1401
server_state_changed(server.GetState())
1477
service.activate()
1402
1478
except dbus.exceptions.DBusException, error:
1403
1479
logger.critical(u"DBusException: %s", error)
1404
1480
sys.exit(1)
1417
1493
except KeyboardInterrupt:
1418
1494
if debug:
1419
1495
print >> sys.stderr
1420
logger.debug("Server received KeyboardInterrupt")
1421
logger.debug("Server exiting")
1496
logger.debug(u"Server received KeyboardInterrupt")
1497
logger.debug(u"Server exiting")
1422
1498
1423
1499
if __name__ == '__main__':
1424
1500
main()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0