/mandos/trunk : revision 342

6

# This program is partly derived from an example program for an Avahi

7

# service publisher, downloaded from

8

# <http://avahi.org/wiki/PythonPublishExample>. This includes the

9

# methods "add" and "remove" in the "AvahiService" class, the

10

# "server_state_changed" and "entry_group_state_changed" functions,

11

# and some lines in "main".

9

# methods "add", "remove", "server_state_changed",

10

# "entry_group_state_changed", "cleanup", and "activate" in the

11

# "AvahiService" class, and some lines in "main".

12

#

13

# Everything else is

14

33

34

from __future__ import division, with_statement, absolute_import

35

36

import SocketServer

36

import SocketServer as socketserver

37

import socket

38

import optparse

39

import datetime

44

import gnutls.library.functions

45

import gnutls.library.constants

46

import gnutls.library.types

47

import ConfigParser

47

import ConfigParser as configparser

48

import sys

49

import re

50

import os

51

import signal

52

from sets import Set

53

52

import subprocess

54

53

import atexit

55

54

import stat

57

56

import logging.handlers

58

57

import pwd

59

58

from contextlib import closing

59

import struct

60

import fcntl

61

import functools

60

62

61

63

import dbus

62

64

import dbus.service

72

74

try:

73

75

from IN import SO_BINDTODEVICE

74

76

except ImportError:

75

# From /usr/include/asm/socket.h

76

SO_BINDTODEVICE = 25

77

SO_BINDTODEVICE = None

77

78

79

80

version = "1.0.8"

80

81

logger = logging.Logger('mandos')

82

logger = logging.Logger(u'mandos')

82

83

syslogger = (logging.handlers.SysLogHandler

83

84

(facility = logging.handlers.SysLogHandler.LOG_DAEMON,

84

85

address = "/dev/log"))

85

86

syslogger.setFormatter(logging.Formatter

86

('Mandos [%(process)d]: %(levelname)s:'

87

' %(message)s'))

87

(u'Mandos [%(process)d]: %(levelname)s:'

88

u' %(message)s'))

88

89

logger.addHandler(syslogger)

89

90

91

console = logging.StreamHandler()

91

console.setFormatter(logging.Formatter('%(name)s [%(process)d]:'

92

' %(levelname)s: %(message)s'))

92

console.setFormatter(logging.Formatter(u'%(name)s [%(process)d]:'

93

u' %(levelname)s:'

94

u' %(message)s'))

93

95

logger.addHandler(console)

94

96

95

97

class AvahiError(Exception):

112

114

Attributes:

113

115

interface: integer; avahi.IF_UNSPEC or an interface index.

114

116

Used to optionally bind to the specified interface.

115

name: string; Example: 'Mandos'

116

type: string; Example: '_mandos._tcp'.

117

name: string; Example: u'Mandos'

118

type: string; Example: u'_mandos._tcp'.

117

119

See <http://www.dns-sd.org/ServiceTypes.html>

118

120

port: integer; what port to announce

119

121

TXT: list of strings; TXT record for the service

122

124

max_renames: integer; maximum number of renames

123

125

rename_count: integer; counter so we only rename after collisions

124

126

a sensible number of times

127

group: D-Bus Entry Group

128

server: D-Bus Server

129

bus: dbus.SystemBus()

125

130

"""

126

131

def __init__(self, interface = avahi.IF_UNSPEC, name = None,

127

132

servicetype = None, port = None, TXT = None,

128

domain = "", host = "", max_renames = 32768,

129

protocol = avahi.PROTO_UNSPEC):

133

domain = u"", host = u"", max_renames = 32768,

134

protocol = avahi.PROTO_UNSPEC, bus = None):

130

135

self.interface = interface

131

136

self.name = name

132

137

self.type = servicetype

137

142

self.rename_count = 0

138

143

self.max_renames = max_renames

139

144

self.protocol = protocol

145

self.group = None # our entry group

146

self.server = None

147

self.bus = bus

140

148

def rename(self):

141

149

"""Derived from the Avahi example code"""

142

150

if self.rename_count >= self.max_renames:

144

152

u" after %i retries, exiting.",

145

153

self.rename_count)

146

154

raise AvahiServiceError(u"Too many renames")

147

self.name = server.GetAlternativeServiceName(self.name)

155

self.name = self.server.GetAlternativeServiceName(self.name)

148

156

logger.info(u"Changing Zeroconf service name to %r ...",

149

str(self.name))

157

unicode(self.name))

150

158

syslogger.setFormatter(logging.Formatter

151

('Mandos (%s) [%%(process)d]:'

152

' %%(levelname)s: %%(message)s'

159

(u'Mandos (%s) [%%(process)d]:'

160

u' %%(levelname)s: %%(message)s'

153

161

% self.name))

154

162

self.remove()

155

163

self.add()

156

164

self.rename_count += 1

157

165

def remove(self):

158

166

"""Derived from the Avahi example code"""

159

if group is not None:

160

group.Reset()

167

if self.group is not None:

168

self.group.Reset()

161

169

def add(self):

162

170

"""Derived from the Avahi example code"""

163

global group

164

if group is None:

165

group = dbus.Interface(bus.get_object

166

(avahi.DBUS_NAME,

167

server.EntryGroupNew()),

168

avahi.DBUS_INTERFACE_ENTRY_GROUP)

169

group.connect_to_signal('StateChanged',

170

entry_group_state_changed)

171

if self.group is None:

172

self.group = dbus.Interface(

173

self.bus.get_object(avahi.DBUS_NAME,

174

self.server.EntryGroupNew()),

175

avahi.DBUS_INTERFACE_ENTRY_GROUP)

176

self.group.connect_to_signal('StateChanged',

177

self.entry_group_state_changed)

171

178

logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",

172

service.name, service.type)

173

group.AddService(

174

self.interface, # interface

175

self.protocol, # protocol

176

dbus.UInt32(0), # flags

177

self.name, self.type,

178

self.domain, self.host,

179

dbus.UInt16(self.port),

180

avahi.string_array_to_txt_array(self.TXT))

181

group.Commit()

182

183

# From the Avahi example code:

184

group = None # our entry group

185

# End of Avahi example code

186

187

188

def _datetime_to_dbus(dt, variant_level=0):

189

"""Convert a UTC datetime.datetime() to a D-Bus type."""

190

return dbus.String(dt.isoformat(), variant_level=variant_level)

179

self.name, self.type)

180

self.group.AddService(

181

self.interface,

182

self.protocol,

183

dbus.UInt32(0), # flags

184

self.name, self.type,

185

self.domain, self.host,

186

dbus.UInt16(self.port),

187

avahi.string_array_to_txt_array(self.TXT))

188

self.group.Commit()

189

def entry_group_state_changed(self, state, error):

190

"""Derived from the Avahi example code"""

191

logger.debug(u"Avahi state change: %i", state)

192

193

if state == avahi.ENTRY_GROUP_ESTABLISHED:

194

logger.debug(u"Zeroconf service established.")

195

elif state == avahi.ENTRY_GROUP_COLLISION:

196

logger.warning(u"Zeroconf service name collision.")

197

self.rename()

198

elif state == avahi.ENTRY_GROUP_FAILURE:

199

logger.critical(u"Avahi: Error in group state changed %s",

200

unicode(error))

201

raise AvahiGroupError(u"State changed: %s"

202

% unicode(error))

203

def cleanup(self):

204

"""Derived from the Avahi example code"""

205

if self.group is not None:

206

self.group.Free()

207

self.group = None

208

def server_state_changed(self, state):

209

"""Derived from the Avahi example code"""

210

if state == avahi.SERVER_COLLISION:

211

logger.error(u"Zeroconf server name collision")

212

self.remove()

213

elif state == avahi.SERVER_RUNNING:

214

self.add()

215

def activate(self):

216

"""Derived from the Avahi example code"""

217

if self.server is None:

218

self.server = dbus.Interface(

219

self.bus.get_object(avahi.DBUS_NAME,

220

avahi.DBUS_PATH_SERVER),

221

avahi.DBUS_INTERFACE_SERVER)

222

self.server.connect_to_signal(u"StateChanged",

223

self.server_state_changed)

224

self.server_state_changed(self.server.GetState())

191

225

192

226

193

227

class Client(object):

220

254

instance %(name)s can be used in the command.

221

255

current_checker_command: string; current running checker_command

222

256

"""

257

258

@staticmethod

259

def _datetime_to_milliseconds(dt):

260

"Convert a datetime.datetime() to milliseconds"

261

return ((dt.days * 24 * 60 * 60 * 1000)

262

+ (dt.seconds * 1000)

263

+ (dt.microseconds // 1000))

264

223

265

def timeout_milliseconds(self):

224

266

"Return the 'timeout' attribute in milliseconds"

225

return ((self.timeout.days * 24 * 60 * 60 * 1000)

226

+ (self.timeout.seconds * 1000)

227

+ (self.timeout.microseconds // 1000))

267

return self._datetime_to_milliseconds(self.timeout)

228

268

229

269

def interval_milliseconds(self):

230

270

"Return the 'interval' attribute in milliseconds"

231

return ((self.interval.days * 24 * 60 * 60 * 1000)

232

+ (self.interval.seconds * 1000)

233

+ (self.interval.microseconds // 1000))

271

return self._datetime_to_milliseconds(self.interval)

234

272

235

273

def __init__(self, name = None, disable_hook=None, config=None):

236

274

"""Note: the 'checker' key in 'config' sets the

243

281

# Uppercase and remove spaces from fingerprint for later

244

282

# comparison purposes with return value from the fingerprint()

245

283

# function

246

self.fingerprint = (config["fingerprint"].upper()

284

self.fingerprint = (config[u"fingerprint"].upper()

247

285

.replace(u" ", u""))

248

286

logger.debug(u" Fingerprint: %s", self.fingerprint)

249

if "secret" in config:

250

self.secret = config["secret"].decode(u"base64")

251

elif "secfile" in config:

287

if u"secret" in config:

288

self.secret = config[u"secret"].decode(u"base64")

289

elif u"secfile" in config:

252

290

with closing(open(os.path.expanduser

253

291

(os.path.expandvars

254

(config["secfile"])))) as secfile:

292

(config[u"secfile"])))) as secfile:

255

293

self.secret = secfile.read()

256

294

else:

257

295

raise TypeError(u"No secret or secfile for client %s"

258

296

% self.name)

259

self.host = config.get("host", "")

297

self.host = config.get(u"host", u"")

260

298

self.created = datetime.datetime.utcnow()

261

299

self.enabled = False

262

300

self.last_enabled = None

263

301

self.last_checked_ok = None

264

self.timeout = string_to_delta(config["timeout"])

265

self.interval = string_to_delta(config["interval"])

302

self.timeout = string_to_delta(config[u"timeout"])

303

self.interval = string_to_delta(config[u"interval"])

266

304

self.disable_hook = disable_hook

267

305

self.checker = None

268

306

self.checker_initiator_tag = None

269

307

self.disable_initiator_tag = None

270

308

self.checker_callback_tag = None

271

self.checker_command = config["checker"]

309

self.checker_command = config[u"checker"]

272

310

self.current_checker_command = None

273

311

self.last_connect = None

274

312

275

313

def enable(self):

276

314

"""Start this client's checker and timeout hooks"""

315

if getattr(self, u"enabled", False):

316

# Already enabled

317

return

277

318

self.last_enabled = datetime.datetime.utcnow()

278

319

# Schedule a new checker to be started an 'interval' from now,

279

320

# and every interval from then on.

293

334

if not getattr(self, "enabled", False):

294

335

return False

295

336

logger.info(u"Disabling client %s", self.name)

296

if getattr(self, "disable_initiator_tag", False):

337

if getattr(self, u"disable_initiator_tag", False):

297

338

gobject.source_remove(self.disable_initiator_tag)

298

339

self.disable_initiator_tag = None

299

if getattr(self, "checker_initiator_tag", False):

340

if getattr(self, u"checker_initiator_tag", False):

300

341

gobject.source_remove(self.checker_initiator_tag)

301

342

self.checker_initiator_tag = None

302

343

self.stop_checker()

357

398

if self.checker is not None:

358

399

pid, status = os.waitpid(self.checker.pid, os.WNOHANG)

359

400

if pid:

360

logger.warning("Checker was a zombie")

401

logger.warning(u"Checker was a zombie")

361

402

gobject.source_remove(self.checker_callback_tag)

362

403

self.checker_callback(pid, status,

363

404

self.current_checker_command)

368

409

command = self.checker_command % self.host

369

410

except TypeError:

370

411

# Escape attributes for the shell

371

escaped_attrs = dict((key, re.escape(str(val)))

412

escaped_attrs = dict((key,

413

re.escape(unicode(str(val),

414

errors=

415

u'replace')))

372

416

for key, val in

373

417

vars(self).iteritems())

374

418

try:

387

431

# always replaced by /dev/null.)

388

432

self.checker = subprocess.Popen(command,

389

433

close_fds=True,

390

shell=True, cwd="/")

434

shell=True, cwd=u"/")

391

435

self.checker_callback_tag = (gobject.child_watch_add

392

436

(self.checker.pid,

393

437

self.checker_callback,

409

453

if self.checker_callback_tag:

410

454

gobject.source_remove(self.checker_callback_tag)

411

455

self.checker_callback_tag = None

412

if getattr(self, "checker", None) is None:

456

if getattr(self, u"checker", None) is None:

413

457

return

414

458

logger.debug(u"Stopping checker for %(name)s", vars(self))

415

459

try:

424

468

425

469

def still_valid(self):

426

470

"""Has the timeout not yet passed for this client?"""

427

if not getattr(self, "enabled", False):

471

if not getattr(self, u"enabled", False):

428

472

return False

429

473

now = datetime.datetime.utcnow()

430

474

if self.last_checked_ok is None:

437

481

"""A Client class using D-Bus

438

482

439

483

Attributes:

440

dbus_object_path: dbus.ObjectPath ; only set if self.use_dbus

484

dbus_object_path: dbus.ObjectPath

485

bus: dbus.SystemBus()

441

486

"""

442

487

# dbus.service.Object doesn't use super(), so we can't either.

443

488

444

def __init__(self, *args, **kwargs):

489

def __init__(self, bus = None, *args, **kwargs):

490

self.bus = bus

445

491

Client.__init__(self, *args, **kwargs)

446

492

# Only now, when this client is initialized, can it show up on

447

493

# the D-Bus

448

494

self.dbus_object_path = (dbus.ObjectPath

449

("/clients/"

450

+ self.name.replace(".", "_")))

451

dbus.service.Object.__init__(self, bus,

495

(u"/clients/"

496

+ self.name.replace(u".", u"_")))

497

dbus.service.Object.__init__(self, self.bus,

452

498

self.dbus_object_path)

499

500

@staticmethod

501

def _datetime_to_dbus(dt, variant_level=0):

502

"""Convert a UTC datetime.datetime() to a D-Bus type."""

503

return dbus.String(dt.isoformat(),

504

variant_level=variant_level)

505

453

506

def enable(self):

454

oldstate = getattr(self, "enabled", False)

507

oldstate = getattr(self, u"enabled", False)

455

508

r = Client.enable(self)

456

509

if oldstate != self.enabled:

457

510

# Emit D-Bus signals

458

511

self.PropertyChanged(dbus.String(u"enabled"),

459

512

dbus.Boolean(True, variant_level=1))

460

self.PropertyChanged(dbus.String(u"last_enabled"),

461

(_datetime_to_dbus(self.last_enabled,

462

variant_level=1)))

513

self.PropertyChanged(

514

dbus.String(u"last_enabled"),

515

self._datetime_to_dbus(self.last_enabled,

516

variant_level=1))

463

517

return r

464

518

465

519

def disable(self, signal = True):

466

oldstate = getattr(self, "enabled", False)

520

oldstate = getattr(self, u"enabled", False)

467

521

r = Client.disable(self)

468

522

if signal and oldstate != self.enabled:

469

523

# Emit D-Bus signal

476

530

self.remove_from_connection()

477

531

except LookupError:

478

532

pass

479

if hasattr(dbus.service.Object, "__del__"):

533

if hasattr(dbus.service.Object, u"__del__"):

480

534

dbus.service.Object.__del__(self, *args, **kwargs)

481

535

Client.__del__(self, *args, **kwargs)

482

536

507

561

# Emit D-Bus signal

508

562

self.PropertyChanged(

509

563

dbus.String(u"last_checked_ok"),

510

(_datetime_to_dbus(self.last_checked_ok,

511

variant_level=1)))

564

(self._datetime_to_dbus(self.last_checked_ok,

565

variant_level=1)))

512

566

return r

513

567

514

568

def start_checker(self, *args, **kwargs):

524

578

# Emit D-Bus signal

525

579

self.CheckerStarted(self.current_checker_command)

526

580

self.PropertyChanged(

527

dbus.String("checker_running"),

581

dbus.String(u"checker_running"),

528

582

dbus.Boolean(True, variant_level=1))

529

583

return r

530

584

531

585

def stop_checker(self, *args, **kwargs):

532

old_checker = getattr(self, "checker", None)

586

old_checker = getattr(self, u"checker", None)

533

587

r = Client.stop_checker(self, *args, **kwargs)

534

588

if (old_checker is not None

535

and getattr(self, "checker", None) is None):

589

and getattr(self, u"checker", None) is None):

536

590

self.PropertyChanged(dbus.String(u"checker_running"),

537

591

dbus.Boolean(False, variant_level=1))

538

592

return r

541

595

_interface = u"se.bsnet.fukt.Mandos.Client"

542

596

543

597

# CheckedOK - method

544

CheckedOK = dbus.service.method(_interface)(checked_ok)

545

CheckedOK.__name__ = "CheckedOK"

598

@dbus.service.method(_interface)

599

def CheckedOK(self):

600

return self.checked_ok()

546

601

547

602

# CheckerCompleted - signal

548

@dbus.service.signal(_interface, signature="nxs")

603

@dbus.service.signal(_interface, signature=u"nxs")

549

604

def CheckerCompleted(self, exitcode, waitstatus, command):

550

605

"D-Bus signal"

551

606

pass

552

607

553

608

# CheckerStarted - signal

554

@dbus.service.signal(_interface, signature="s")

609

@dbus.service.signal(_interface, signature=u"s")

555

610

def CheckerStarted(self, command):

556

611

"D-Bus signal"

557

612

pass

558

613

559

614

# GetAllProperties - method

560

@dbus.service.method(_interface, out_signature="a{sv}")

615

@dbus.service.method(_interface, out_signature=u"a{sv}")

561

616

def GetAllProperties(self):

562

617

"D-Bus method"

563

618

return dbus.Dictionary({

564

dbus.String("name"):

619

dbus.String(u"name"):

565

620

dbus.String(self.name, variant_level=1),

566

dbus.String("fingerprint"):

621

dbus.String(u"fingerprint"):

567

622

dbus.String(self.fingerprint, variant_level=1),

568

dbus.String("host"):

623

dbus.String(u"host"):

569

624

dbus.String(self.host, variant_level=1),

570

dbus.String("created"):

571

_datetime_to_dbus(self.created, variant_level=1),

572

dbus.String("last_enabled"):

573

(_datetime_to_dbus(self.last_enabled,

574

variant_level=1)

625

dbus.String(u"created"):

626

self._datetime_to_dbus(self.created,

627

variant_level=1),

628

dbus.String(u"last_enabled"):

629

(self._datetime_to_dbus(self.last_enabled,

630

variant_level=1)

575

631

if self.last_enabled is not None

576

632

else dbus.Boolean(False, variant_level=1)),

577

dbus.String("enabled"):

633

dbus.String(u"enabled"):

578

634

dbus.Boolean(self.enabled, variant_level=1),

579

dbus.String("last_checked_ok"):

580

(_datetime_to_dbus(self.last_checked_ok,

581

variant_level=1)

635

dbus.String(u"last_checked_ok"):

636

(self._datetime_to_dbus(self.last_checked_ok,

637

variant_level=1)

582

638

if self.last_checked_ok is not None

583

639

else dbus.Boolean (False, variant_level=1)),

584

dbus.String("timeout"):

640

dbus.String(u"timeout"):

585

641

dbus.UInt64(self.timeout_milliseconds(),

586

642

variant_level=1),

587

dbus.String("interval"):

643

dbus.String(u"interval"):

588

644

dbus.UInt64(self.interval_milliseconds(),

589

645

variant_level=1),

590

dbus.String("checker"):

646

dbus.String(u"checker"):

591

647

dbus.String(self.checker_command,

592

648

variant_level=1),

593

dbus.String("checker_running"):

649

dbus.String(u"checker_running"):

594

650

dbus.Boolean(self.checker is not None,

595

651

variant_level=1),

596

dbus.String("object_path"):

652

dbus.String(u"object_path"):

597

653

dbus.ObjectPath(self.dbus_object_path,

598

654

variant_level=1)

599

}, signature="sv")

655

}, signature=u"sv")

600

656

601

657

# IsStillValid - method

602

@dbus.service.method(_interface, out_signature="b")

658

@dbus.service.method(_interface, out_signature=u"b")

603

659

def IsStillValid(self):

604

660

return self.still_valid()

605

661

606

662

# PropertyChanged - signal

607

@dbus.service.signal(_interface, signature="sv")

663

@dbus.service.signal(_interface, signature=u"sv")

608

664

def PropertyChanged(self, property, value):

609

665

"D-Bus signal"

610

666

pass

622

678

pass

623

679

624

680

# SetChecker - method

625

@dbus.service.method(_interface, in_signature="s")

681

@dbus.service.method(_interface, in_signature=u"s")

626

682

def SetChecker(self, checker):

627

683

"D-Bus setter method"

628

684

self.checker_command = checker

632

688

variant_level=1))

633

689

634

690

# SetHost - method

635

@dbus.service.method(_interface, in_signature="s")

691

@dbus.service.method(_interface, in_signature=u"s")

636

692

def SetHost(self, host):

637

693

"D-Bus setter method"

638

694

self.host = host

641

697

dbus.String(self.host, variant_level=1))

642

698

643

699

# SetInterval - method

644

@dbus.service.method(_interface, in_signature="t")

700

@dbus.service.method(_interface, in_signature=u"t")

645

701

def SetInterval(self, milliseconds):

646

702

self.interval = datetime.timedelta(0, 0, 0, milliseconds)

647

703

# Emit D-Bus signal

650

706

variant_level=1)))

651

707

652

708

# SetSecret - method

653

@dbus.service.method(_interface, in_signature="ay",

709

@dbus.service.method(_interface, in_signature=u"ay",

654

710

byte_arrays=True)

655

711

def SetSecret(self, secret):

656

712

"D-Bus setter method"

657

713

self.secret = str(secret)

658

714

659

715

# SetTimeout - method

660

@dbus.service.method(_interface, in_signature="t")

716

@dbus.service.method(_interface, in_signature=u"t")

661

717

def SetTimeout(self, milliseconds):

662

718

self.timeout = datetime.timedelta(0, 0, 0, milliseconds)

663

719

# Emit D-Bus signal

666

722

variant_level=1)))

667

723

668

724

# Enable - method

669

Enable = dbus.service.method(_interface)(enable)

670

Enable.__name__ = "Enable"

725

@dbus.service.method(_interface)

726

def Enable(self):

727

"D-Bus method"

728

self.enable()

671

729

672

730

# StartChecker - method

673

731

@dbus.service.method(_interface)

682

740

self.disable()

683

741

684

742

# StopChecker - method

685

StopChecker = dbus.service.method(_interface)(stop_checker)

686

StopChecker.__name__ = "StopChecker"

743

@dbus.service.method(_interface)

744

def StopChecker(self):

745

self.stop_checker()

687

746

688

747

del _interface

689

748

690

749

691

class ClientHandler(SocketServer.BaseRequestHandler, object):

750

class ClientHandler(socketserver.BaseRequestHandler, object):

692

751

"""A class to handle client connections.

693

752

694

753

Instantiated once for each connection to handle it.

699

758

unicode(self.client_address))

700

759

logger.debug(u"IPC Pipe FD: %d", self.server.pipe[1])

701

760

# Open IPC pipe to parent process

702

with closing(os.fdopen(self.server.pipe[1], "w", 1)) as ipc:

761

with closing(os.fdopen(self.server.pipe[1], u"w", 1)) as ipc:

703

762

session = (gnutls.connection

704

763

.ClientSession(self.request,

705

764

gnutls.connection

719

778

# no X.509 keys are added to it. Therefore, we can use it

720

779

# here despite using OpenPGP certificates.

721

780

722

#priority = ':'.join(("NONE", "+VERS-TLS1.1",

723

# "+AES-256-CBC", "+SHA1",

724

# "+COMP-NULL", "+CTYPE-OPENPGP",

725

# "+DHE-DSS"))

781

#priority = u':'.join((u"NONE", u"+VERS-TLS1.1",

782

# u"+AES-256-CBC", u"+SHA1",

783

# u"+COMP-NULL", u"+CTYPE-OPENPGP",

784

# u"+DHE-DSS"))

726

785

# Use a fallback default, since this MUST be set.

727

786

priority = self.server.gnutls_priority

728

787

if priority is None:

729

priority = "NORMAL"

788

priority = u"NORMAL"

730

789

(gnutls.library.functions

731

790

.gnutls_priority_set_direct(session._c_object,

732

791

priority, None))

752

811

client = c

753

812

break

754

813

else:

755

ipc.write("NOTFOUND %s\n" % fpr)

814

ipc.write(u"NOTFOUND %s\n" % fpr)

756

815

session.bye()

757

816

return

758

817

# Have to check if client.still_valid(), since it is

759

818

# possible that the client timed out while establishing

760

819

# the GnuTLS session.

761

820

if not client.still_valid():

762

ipc.write("INVALID %s\n" % client.name)

821

ipc.write(u"INVALID %s\n" % client.name)

763

822

session.bye()

764

823

return

765

ipc.write("SENDING %s\n" % client.name)

824

ipc.write(u"SENDING %s\n" % client.name)

766

825

sent_size = 0

767

826

while sent_size < len(client.secret):

768

827

sent = session.send(client.secret[sent_size:])

786

845

.gnutls_certificate_get_peers

787

846

(session._c_object, ctypes.byref(list_size)))

788

847

if not bool(cert_list) and list_size.value != 0:

789

raise gnutls.errors.GNUTLSError("error getting peer"

790

" certificate")

848

raise gnutls.errors.GNUTLSError(u"error getting peer"

849

u" certificate")

791

850

if list_size.value == 0:

792

851

return None

793

852

cert = cert_list[0]

819

878

if crtverify.value != 0:

820

879

gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)

821

880

raise (gnutls.errors.CertificateSecurityError

822

("Verify failed"))

881

(u"Verify failed"))

823

882

# New buffer for the fingerprint

824

883

buf = ctypes.create_string_buffer(20)

825

884

buf_len = ctypes.c_size_t()

836

895

return hex_fpr

837

896

838

897

839

class ForkingMixInWithPipe(SocketServer.ForkingMixIn, object):

840

"""Like SocketServer.ForkingMixIn, but also pass a pipe.

841

842

Assumes a gobject.MainLoop event loop.

843

"""

898

class ForkingMixInWithPipe(socketserver.ForkingMixIn, object):

899

"""Like socketserver.ForkingMixIn, but also pass a pipe."""

844

900

def process_request(self, request, client_address):

845

901

"""Overrides and wraps the original process_request().

846

902

850

906

super(ForkingMixInWithPipe,

851

907

self).process_request(request, client_address)

852

908

os.close(self.pipe[1]) # close write end

853

# Call "handle_ipc" for both data and EOF events

854

gobject.io_add_watch(self.pipe[0],

855

gobject.IO_IN | gobject.IO_HUP,

856

self.handle_ipc)

857

def handle_ipc(source, condition):

909

self.add_pipe(self.pipe[0])

910

def add_pipe(self, pipe):

858

911

"""Dummy function; override as necessary"""

859

os.close(source)

860

return False

912

os.close(pipe)

861

913

862

914

863

915

class IPv6_TCPServer(ForkingMixInWithPipe,

864

SocketServer.TCPServer, object):

916

socketserver.TCPServer, object):

865

917

"""IPv6-capable TCP server. Accepts 'None' as address and/or port

866

918

867

919

Attributes:

868

920

enabled: Boolean; whether this server is activated yet

869

921

interface: None or a network interface name (string)

870

922

use_ipv6: Boolean; to use IPv6 or not

871

----

872

clients: Set() of Client objects

873

gnutls_priority GnuTLS priority string

874

use_dbus: Boolean; to emit D-Bus signals or not

875

923

"""

876

924

def __init__(self, server_address, RequestHandlerClass,

877

interface=None, use_ipv6=True, clients=None,

878

gnutls_priority=None, use_dbus=True):

879

self.enabled = False

925

interface=None, use_ipv6=True):

880

926

self.interface = interface

881

927

if use_ipv6:

882

928

self.address_family = socket.AF_INET6

883

self.clients = clients

884

self.use_dbus = use_dbus

885

self.gnutls_priority = gnutls_priority

886

SocketServer.TCPServer.__init__(self, server_address,

929

socketserver.TCPServer.__init__(self, server_address,

887

930

RequestHandlerClass)

888

931

def server_bind(self):

889

932

"""This overrides the normal server_bind() function

890

933

to bind to an interface if one was specified, and also NOT to

891

934

bind to an address or port if they were not specified."""

892

935

if self.interface is not None:

893

try:

894

self.socket.setsockopt(socket.SOL_SOCKET,

895

SO_BINDTODEVICE,

896

self.interface + '\0')

897

except socket.error, error:

898

if error[0] == errno.EPERM:

899

logger.error(u"No permission to"

900

u" bind to interface %s",

901

self.interface)

902

else:

903

raise

936

if SO_BINDTODEVICE is None:

937

logger.error(u"SO_BINDTODEVICE does not exist;"

938

u" cannot bind to interface %s",

939

self.interface)

940

else:

941

try:

942

self.socket.setsockopt(socket.SOL_SOCKET,

943

SO_BINDTODEVICE,

944

str(self.interface

945

+ u'\0'))

946

except socket.error, error:

947

if error[0] == errno.EPERM:

948

logger.error(u"No permission to"

949

u" bind to interface %s",

950

self.interface)

951

elif error[0] == errno.ENOPROTOOPT:

952

logger.error(u"SO_BINDTODEVICE not available;"

953

u" cannot bind to interface %s",

954

self.interface)

955

else:

956

raise

904

957

# Only bind(2) the socket if we really need to.

905

958

if self.server_address[0] or self.server_address[1]:

906

959

if not self.server_address[0]:

907

960

if self.address_family == socket.AF_INET6:

908

any_address = "::" # in6addr_any

961

any_address = u"::" # in6addr_any

909

962

else:

910

963

any_address = socket.INADDR_ANY

911

964

self.server_address = (any_address,

919

972

# 0, # flowinfo

920

973

# if_nametoindex

921

974

# (self.interface))

922

return SocketServer.TCPServer.server_bind(self)

975

return socketserver.TCPServer.server_bind(self)

976

977

978

class MandosServer(IPv6_TCPServer):

979

"""Mandos server.

980

981

Attributes:

982

clients: set of Client objects

983

gnutls_priority GnuTLS priority string

984

use_dbus: Boolean; to emit D-Bus signals or not

985

clients: set of Client objects

986

gnutls_priority GnuTLS priority string

987

use_dbus: Boolean; to emit D-Bus signals or not

988

989

Assumes a gobject.MainLoop event loop.

990

"""

991

def __init__(self, server_address, RequestHandlerClass,

992

interface=None, use_ipv6=True, clients=None,

993

gnutls_priority=None, use_dbus=True):

994

self.enabled = False

995

self.clients = clients

996

if self.clients is None:

997

self.clients = set()

998

self.use_dbus = use_dbus

999

self.gnutls_priority = gnutls_priority

1000

IPv6_TCPServer.__init__(self, server_address,

1001

RequestHandlerClass,

1002

interface = interface,

1003

use_ipv6 = use_ipv6)

923

1004

def server_activate(self):

924

1005

if self.enabled:

925

return SocketServer.TCPServer.server_activate(self)

1006

return socketserver.TCPServer.server_activate(self)

926

1007

def enable(self):

927

1008

self.enabled = True

1009

def add_pipe(self, pipe):

1010

# Call "handle_ipc" for both data and EOF events

1011

gobject.io_add_watch(pipe, gobject.IO_IN | gobject.IO_HUP,

1012

self.handle_ipc)

928

1013

def handle_ipc(self, source, condition, file_objects={}):

929

1014

condition_names = {

930

gobject.IO_IN: "IN", # There is data to read.

931

gobject.IO_OUT: "OUT", # Data can be written (without

932

# blocking).

933

gobject.IO_PRI: "PRI", # There is urgent data to read.

934

gobject.IO_ERR: "ERR", # Error condition.

935

gobject.IO_HUP: "HUP" # Hung up (the connection has been

936

# broken, usually for pipes and

937

# sockets).

1015

gobject.IO_IN: u"IN", # There is data to read.

1016

gobject.IO_OUT: u"OUT", # Data can be written (without

1017

# blocking).

1018

gobject.IO_PRI: u"PRI", # There is urgent data to read.

1019

gobject.IO_ERR: u"ERR", # Error condition.

1020

gobject.IO_HUP: u"HUP" # Hung up (the connection has been

1021

# broken, usually for pipes and

1022

# sockets).

938

1023

}

939

1024

conditions_string = ' | '.join(name

940

1025

for cond, name in

941

1026

condition_names.iteritems()

942

1027

if cond & condition)

943

logger.debug("Handling IPC: FD = %d, condition = %s", source,

1028

logger.debug(u"Handling IPC: FD = %d, condition = %s", source,

944

1029

conditions_string)

945

1030

946

1031

# Turn the pipe file descriptor into a Python file object

947

1032

if source not in file_objects:

948

file_objects[source] = os.fdopen(source, "r", 1)

1033

file_objects[source] = os.fdopen(source, u"r", 1)

949

1034

950

1035

# Read a line from the file object

951

1036

cmdline = file_objects[source].readline()

957

1042

# Stop calling this function

958

1043

return False

959

1044

960

logger.debug("IPC command: %r", cmdline)

1045

logger.debug(u"IPC command: %r", cmdline)

961

1046

962

1047

# Parse and act on command

963

cmd, args = cmdline.rstrip("\r\n").split(None, 1)

1048

cmd, args = cmdline.rstrip(u"\r\n").split(None, 1)

964

1049

965

if cmd == "NOTFOUND":

1050

if cmd == u"NOTFOUND":

966

1051

logger.warning(u"Client not found for fingerprint: %s",

967

1052

args)

968

1053

if self.use_dbus:

969

1054

# Emit D-Bus signal

970

1055

mandos_dbus_service.ClientNotFound(args)

971

elif cmd == "INVALID":

1056

elif cmd == u"INVALID":

972

1057

for client in self.clients:

973

1058

if client.name == args:

974

1059

logger.warning(u"Client %s is invalid", args)

978

1063

break

979

1064

else:

980

1065

logger.error(u"Unknown client %s is invalid", args)

981

elif cmd == "SENDING":

1066

elif cmd == u"SENDING":

982

1067

for client in self.clients:

983

1068

if client.name == args:

984

1069

logger.info(u"Sending secret to %s", client.name)

991

1076

logger.error(u"Sending secret to unknown client %s",

992

1077

args)

993

1078

else:

994

logger.error("Unknown IPC command: %r", cmdline)

1079

logger.error(u"Unknown IPC command: %r", cmdline)

995

1080

996

1081

# Keep calling this function

997

1082

return True

1000

1085

def string_to_delta(interval):

1001

1086

"""Parse a string and return a datetime.timedelta

1002

1087

1003

>>> string_to_delta('7d')

1088

>>> string_to_delta(u'7d')

1004

1089

datetime.timedelta(7)

1005

>>> string_to_delta('60s')

1090

>>> string_to_delta(u'60s')

1006

1091

datetime.timedelta(0, 60)

1007

>>> string_to_delta('60m')

1092

>>> string_to_delta(u'60m')

1008

1093

datetime.timedelta(0, 3600)

1009

>>> string_to_delta('24h')

1094

>>> string_to_delta(u'24h')

1010

1095

datetime.timedelta(1)

1011

1096

>>> string_to_delta(u'1w')

1012

1097

datetime.timedelta(7)

1013

>>> string_to_delta('5m 30s')

1098

>>> string_to_delta(u'5m 30s')

1014

1099

datetime.timedelta(0, 330)

1015

1100

"""

1016

1101

timevalue = datetime.timedelta(0)

1036

1121

return timevalue

1037

1122

1038

1123

1039

def server_state_changed(state):

1040

"""Derived from the Avahi example code"""

1041

if state == avahi.SERVER_COLLISION:

1042

logger.error(u"Zeroconf server name collision")

1043

service.remove()

1044

elif state == avahi.SERVER_RUNNING:

1045

service.add()

1046

1047

1048

def entry_group_state_changed(state, error):

1049

"""Derived from the Avahi example code"""

1050

logger.debug(u"Avahi state change: %i", state)

1051

1052

if state == avahi.ENTRY_GROUP_ESTABLISHED:

1053

logger.debug(u"Zeroconf service established.")

1054

elif state == avahi.ENTRY_GROUP_COLLISION:

1055

logger.warning(u"Zeroconf service name collision.")

1056

service.rename()

1057

elif state == avahi.ENTRY_GROUP_FAILURE:

1058

logger.critical(u"Avahi: Error in group state changed %s",

1059

unicode(error))

1060

raise AvahiGroupError(u"State changed: %s" % unicode(error))

1061

1062

1124

def if_nametoindex(interface):

1063

"""Call the C function if_nametoindex(), or equivalent"""

1125

"""Call the C function if_nametoindex(), or equivalent

1126

1127

Note: This function cannot accept a unicode string."""

1064

1128

global if_nametoindex

1065

1129

try:

1066

1130

if_nametoindex = (ctypes.cdll.LoadLibrary

1067

(ctypes.util.find_library("c"))

1131

(ctypes.util.find_library(u"c"))

1068

1132

.if_nametoindex)

1069

1133

except (OSError, AttributeError):

1070

if "struct" not in sys.modules:

1071

import struct

1072

if "fcntl" not in sys.modules:

1073

import fcntl

1134

logger.warning(u"Doing if_nametoindex the hard way")

1074

1135

def if_nametoindex(interface):

1075

1136

"Get an interface index the hard way, i.e. using fcntl()"

1076

1137

SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h

1077

1138

with closing(socket.socket()) as s:

1078

1139

ifreq = fcntl.ioctl(s, SIOCGIFINDEX,

1079

struct.pack("16s16x", interface))

1080

interface_index = struct.unpack("I", ifreq[16:20])[0]

1140

struct.pack(str(u"16s16x"),

1141

interface))

1142

interface_index = struct.unpack(str(u"I"),

1143

ifreq[16:20])[0]

1081

1144

return interface_index

1082

1145

return if_nametoindex(interface)

1083

1146

1090

1153

sys.exit()

1091

1154

os.setsid()

1092

1155

if not nochdir:

1093

os.chdir("/")

1156

os.chdir(u"/")

1094

1157

if os.fork():

1095

1158

sys.exit()

1096

1159

if not noclose:

1098

1161

null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)

1099

1162

if not stat.S_ISCHR(os.fstat(null).st_mode):

1100

1163

raise OSError(errno.ENODEV,

1101

"/dev/null not a character device")

1164

u"/dev/null not a character device")

1102

1165

os.dup2(null, sys.stdin.fileno())

1103

1166

os.dup2(null, sys.stdout.fileno())

1104

1167

os.dup2(null, sys.stderr.fileno())

1112

1175

# Parsing of options, both command line and config file

1113

1176

1114

1177

parser = optparse.OptionParser(version = "%%prog %s" % version)

1115

parser.add_option("-i", "--interface", type="string",

1116

metavar="IF", help="Bind to interface IF")

1117

parser.add_option("-a", "--address", type="string",

1118

help="Address to listen for requests on")

1119

parser.add_option("-p", "--port", type="int",

1120

help="Port number to receive requests on")

1121

parser.add_option("--check", action="store_true",

1122

help="Run self-test")

1123

parser.add_option("--debug", action="store_true",

1124

help="Debug mode; run in foreground and log to"

1125

" terminal")

1126

parser.add_option("--priority", type="string", help="GnuTLS"

1127

" priority string (see GnuTLS documentation)")

1128

parser.add_option("--servicename", type="string", metavar="NAME",

1129

help="Zeroconf service name")

1130

parser.add_option("--configdir", type="string",

1131

default="/etc/mandos", metavar="DIR",

1132

help="Directory to search for configuration"

1133

" files")

1134

parser.add_option("--no-dbus", action="store_false",

1135

dest="use_dbus",

1136

help="Do not provide D-Bus system bus"

1137

" interface")

1138

parser.add_option("--no-ipv6", action="store_false",

1139

dest="use_ipv6", help="Do not use IPv6")

1178

parser.add_option("-i", u"--interface", type=u"string",

1179

metavar="IF", help=u"Bind to interface IF")

1180

parser.add_option("-a", u"--address", type=u"string",

1181

help=u"Address to listen for requests on")

1182

parser.add_option("-p", u"--port", type=u"int",

1183

help=u"Port number to receive requests on")

1184

parser.add_option("--check", action=u"store_true",

1185

help=u"Run self-test")

1186

parser.add_option("--debug", action=u"store_true",

1187

help=u"Debug mode; run in foreground and log to"

1188

u" terminal")

1189

parser.add_option("--priority", type=u"string", help=u"GnuTLS"

1190

u" priority string (see GnuTLS documentation)")

1191

parser.add_option("--servicename", type=u"string",

1192

metavar=u"NAME", help=u"Zeroconf service name")

1193

parser.add_option("--configdir", type=u"string",

1194

default=u"/etc/mandos", metavar=u"DIR",

1195

help=u"Directory to search for configuration"

1196

u" files")

1197

parser.add_option("--no-dbus", action=u"store_false",

1198

dest=u"use_dbus", help=u"Do not provide D-Bus"

1199

u" system bus interface")

1200

parser.add_option("--no-ipv6", action=u"store_false",

1201

dest=u"use_ipv6", help=u"Do not use IPv6")

1140

1202

options = parser.parse_args()[0]

1141

1203

1142

1204

if options.check:

1145

1207

sys.exit()

1146

1208

1147

1209

# Default values for config file for server-global settings

1148

server_defaults = { "interface": "",

1149

"address": "",

1150

"port": "",

1151

"debug": "False",

1152

"priority":

1153

"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",

1154

"servicename": "Mandos",

1155

"use_dbus": "True",

1156

"use_ipv6": "True",

1210

server_defaults = { u"interface": u"",

1211

u"address": u"",

1212

u"port": u"",

1213

u"debug": u"False",

1214

u"priority":

1215

u"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",

1216

u"servicename": u"Mandos",

1217

u"use_dbus": u"True",

1218

u"use_ipv6": u"True",

1157

1219

}

1158

1220

1159

1221

# Parse config file for server-global settings

1160

server_config = ConfigParser.SafeConfigParser(server_defaults)

1222

server_config = configparser.SafeConfigParser(server_defaults)

1161

1223

del server_defaults

1162

server_config.read(os.path.join(options.configdir, "mandos.conf"))

1224

server_config.read(os.path.join(options.configdir,

1225

u"mandos.conf"))

1163

1226

# Convert the SafeConfigParser object to a dict

1164

1227

server_settings = server_config.defaults()

1165

1228

# Use the appropriate methods on the non-string config options

1166

server_settings["debug"] = server_config.getboolean("DEFAULT",

1167

"debug")

1168

server_settings["use_dbus"] = server_config.getboolean("DEFAULT",

1169

"use_dbus")

1170

server_settings["use_ipv6"] = server_config.getboolean("DEFAULT",

1171

"use_ipv6")

1229

for option in (u"debug", u"use_dbus", u"use_ipv6"):

1230

server_settings[option] = server_config.getboolean(u"DEFAULT",

1231

option)

1172

1232

if server_settings["port"]:

1173

server_settings["port"] = server_config.getint("DEFAULT",

1174

"port")

1233

server_settings["port"] = server_config.getint(u"DEFAULT",

1234

u"port")

1175

1235

del server_config

1176

1236

1177

1237

# Override the settings from the config file with command line

1178

1238

# options, if set.

1179

for option in ("interface", "address", "port", "debug",

1180

"priority", "servicename", "configdir",

1181

"use_dbus", "use_ipv6"):

1239

for option in (u"interface", u"address", u"port", u"debug",

1240

u"priority", u"servicename", u"configdir",

1241

u"use_dbus", u"use_ipv6"):

1182

1242

value = getattr(options, option)

1183

1243

if value is not None:

1184

1244

server_settings[option] = value

1185

1245

del options

1246

# Force all strings to be unicode

1247

for option in server_settings.keys():

1248

if type(server_settings[option]) is str:

1249

server_settings[option] = unicode(server_settings[option])

1186

1250

# Now we have our good server settings in "server_settings"

1187

1251

1188

1252

##################################################################

1189

1253

1190

1254

# For convenience

1191

debug = server_settings["debug"]

1192

use_dbus = server_settings["use_dbus"]

1193

use_ipv6 = server_settings["use_ipv6"]

1255

debug = server_settings[u"debug"]

1256

use_dbus = server_settings[u"use_dbus"]

1257

use_ipv6 = server_settings[u"use_ipv6"]

1194

1258

1195

1259

if not debug:

1196

1260

syslogger.setLevel(logging.WARNING)

1197

1261

console.setLevel(logging.WARNING)

1198

1262

1199

if server_settings["servicename"] != "Mandos":

1263

if server_settings[u"servicename"] != u"Mandos":

1200

1264

syslogger.setFormatter(logging.Formatter

1201

('Mandos (%s) [%%(process)d]:'

1202

' %%(levelname)s: %%(message)s'

1203

% server_settings["servicename"]))

1265

(u'Mandos (%s) [%%(process)d]:'

1266

u' %%(levelname)s: %%(message)s'

1267

% server_settings[u"servicename"]))

1204

1268

1205

1269

# Parse config file with clients

1206

client_defaults = { "timeout": "1h",

1207

"interval": "5m",

1208

"checker": "fping -q -- %%(host)s",

1209

"host": "",

1270

client_defaults = { u"timeout": u"1h",

1271

u"interval": u"5m",

1272

u"checker": u"fping -q -- %%(host)s",

1273

u"host": u"",

1210

1274

}

1211

client_config = ConfigParser.SafeConfigParser(client_defaults)

1212

client_config.read(os.path.join(server_settings["configdir"],

1213

"clients.conf"))

1214

1275

client_config = configparser.SafeConfigParser(client_defaults)

1276

client_config.read(os.path.join(server_settings[u"configdir"],

1277

u"clients.conf"))

1278

1215

1279

global mandos_dbus_service

1216

1280

mandos_dbus_service = None

1217

1281

1218

clients = Set()

1219

tcp_server = IPv6_TCPServer((server_settings["address"],

1220

server_settings["port"]),

1221

ClientHandler,

1222

interface=

1223

server_settings["interface"],

1224

use_ipv6=use_ipv6,

1225

clients=clients,

1226

gnutls_priority=

1227

server_settings["priority"],

1228

use_dbus=use_dbus)

1229

pidfilename = "/var/run/mandos.pid"

1282

tcp_server = MandosServer((server_settings[u"address"],

1283

server_settings[u"port"]),

1284

ClientHandler,

1285

interface=server_settings[u"interface"],

1286

use_ipv6=use_ipv6,

1287

gnutls_priority=

1288

server_settings[u"priority"],

1289

use_dbus=use_dbus)

1290

pidfilename = u"/var/run/mandos.pid"

1230

1291

try:

1231

pidfile = open(pidfilename, "w")

1292

pidfile = open(pidfilename, u"w")

1232

1293

except IOError:

1233

logger.error("Could not open file %r", pidfilename)

1294

logger.error(u"Could not open file %r", pidfilename)

1234

1295

1235

1296

try:

1236

uid = pwd.getpwnam("_mandos").pw_uid

1237

gid = pwd.getpwnam("_mandos").pw_gid

1297

uid = pwd.getpwnam(u"_mandos").pw_uid

1298

gid = pwd.getpwnam(u"_mandos").pw_gid

1238

1299

except KeyError:

1239

1300

try:

1240

uid = pwd.getpwnam("mandos").pw_uid

1241

gid = pwd.getpwnam("mandos").pw_gid

1301

uid = pwd.getpwnam(u"mandos").pw_uid

1302

gid = pwd.getpwnam(u"mandos").pw_gid

1242

1303

except KeyError:

1243

1304

try:

1244

uid = pwd.getpwnam("nobody").pw_uid

1245

gid = pwd.getpwnam("nogroup").pw_gid

1305

uid = pwd.getpwnam(u"nobody").pw_uid

1306

gid = pwd.getpwnam(u"nobody").pw_gid

1246

1307

except KeyError:

1247

1308

uid = 65534

1248

1309

gid = 65534

1261

1322

1262

1323

@gnutls.library.types.gnutls_log_func

1263

1324

def debug_gnutls(level, string):

1264

logger.debug("GnuTLS: %s", string[:-1])

1325

logger.debug(u"GnuTLS: %s", string[:-1])

1265

1326

1266

1327

(gnutls.library.functions

1267

1328

.gnutls_global_set_log_function(debug_gnutls))

1268

1329

1269

global service

1270

protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET

1271

service = AvahiService(name = server_settings["servicename"],

1272

servicetype = "_mandos._tcp",

1273

protocol = protocol)

1274

if server_settings["interface"]:

1275

service.interface = (if_nametoindex

1276

(server_settings["interface"]))

1277

1278

1330

global main_loop

1279

global bus

1280

global server

1281

1331

# From the Avahi example code

1282

1332

DBusGMainLoop(set_as_default=True )

1283

1333

main_loop = gobject.MainLoop()

1284

1334

bus = dbus.SystemBus()

1285

server = dbus.Interface(bus.get_object(avahi.DBUS_NAME,

1286

avahi.DBUS_PATH_SERVER),

1287

avahi.DBUS_INTERFACE_SERVER)

1288

1335

# End of Avahi example code

1289

1336

if use_dbus:

1290

1337

bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos", bus)

1338

protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET

1339

service = AvahiService(name = server_settings[u"servicename"],

1340

servicetype = u"_mandos._tcp",

1341

protocol = protocol, bus = bus)

1342

if server_settings["interface"]:

1343

service.interface = (if_nametoindex

1344

(str(server_settings[u"interface"])))

1291

1345

1292

1346

client_class = Client

1293

1347

if use_dbus:

1294

client_class = ClientDBus

1295

clients.update(Set(

1348

client_class = functools.partial(ClientDBus, bus = bus)

1349

tcp_server.clients.update(set(

1296

1350

client_class(name = section,

1297

1351

config= dict(client_config.items(section)))

1298

1352

for section in client_config.sections()))

1299

if not clients:

1353

if not tcp_server.clients:

1300

1354

logger.warning(u"No clients defined")

1301

1355

1302

1356

if debug:

1326

1380

1327

1381

def cleanup():

1328

1382

"Cleanup function; run on exit"

1329

global group

1330

# From the Avahi example code

1331

if not group is None:

1332

group.Free()

1333

group = None

1334

# End of Avahi example code

1383

service.cleanup()

1335

1384

1336

while clients:

1337

client = clients.pop()

1385

while tcp_server.clients:

1386

client = tcp_server.clients.pop()

1338

1387

client.disable_hook = None

1339

1388

client.disable()

1340

1389

1349

1398

class MandosDBusService(dbus.service.Object):

1350

1399

"""A D-Bus proxy object"""

1351

1400

def __init__(self):

1352

dbus.service.Object.__init__(self, bus, "/")

1401

dbus.service.Object.__init__(self, bus, u"/")

1353

1402

_interface = u"se.bsnet.fukt.Mandos"

1354

1403

1355

@dbus.service.signal(_interface, signature="oa{sv}")

1404

@dbus.service.signal(_interface, signature=u"oa{sv}")

1356

1405

def ClientAdded(self, objpath, properties):

1357

1406

"D-Bus signal"

1358

1407

pass

1359

1408

1360

@dbus.service.signal(_interface, signature="s")

1409

@dbus.service.signal(_interface, signature=u"s")

1361

1410

def ClientNotFound(self, fingerprint):

1362

1411

"D-Bus signal"

1363

1412

pass

1364

1413

1365

@dbus.service.signal(_interface, signature="os")

1414

@dbus.service.signal(_interface, signature=u"os")

1366

1415

def ClientRemoved(self, objpath, name):

1367

1416

"D-Bus signal"

1368

1417

pass

1369

1418

1370

@dbus.service.method(_interface, out_signature="ao")

1419

@dbus.service.method(_interface, out_signature=u"ao")

1371

1420

def GetAllClients(self):

1372

1421

"D-Bus method"

1373

return dbus.Array(c.dbus_object_path for c in clients)

1422

return dbus.Array(c.dbus_object_path

1423

for c in tcp_server.clients)

1374

1424

1375

@dbus.service.method(_interface, out_signature="a{oa{sv}}")

1425

@dbus.service.method(_interface,

1426

out_signature=u"a{oa{sv}}")

1376

1427

def GetAllClientsWithProperties(self):

1377

1428

"D-Bus method"

1378

1429

return dbus.Dictionary(

1379

1430

((c.dbus_object_path, c.GetAllProperties())

1380

for c in clients),

1381

signature="oa{sv}")

1431

for c in tcp_server.clients),

1432

signature=u"oa{sv}")

1382

1433

1383

@dbus.service.method(_interface, in_signature="o")

1434

@dbus.service.method(_interface, in_signature=u"o")

1384

1435

def RemoveClient(self, object_path):

1385

1436

"D-Bus method"

1386

for c in clients:

1437

for c in tcp_server.clients:

1387

1438

if c.dbus_object_path == object_path:

1388

clients.remove(c)

1439

tcp_server.clients.remove(c)

1389

1440

c.remove_from_connection()

1390

1441

# Don't signal anything except ClientRemoved

1391

1442

c.disable(signal=False)

1398

1449

1399

1450

mandos_dbus_service = MandosDBusService()

1400

1451

1401

for client in clients:

1452

for client in tcp_server.clients:

1402

1453

if use_dbus:

1403

1454

# Emit D-Bus signal

1404

1455

mandos_dbus_service.ClientAdded(client.dbus_object_path,

1422

1473

1423

1474

try:

1424

1475

# From the Avahi example code

1425

server.connect_to_signal("StateChanged", server_state_changed)

1426

1476

try:

1427

server_state_changed(server.GetState())

1477

service.activate()

1428

1478

except dbus.exceptions.DBusException, error:

1429

1479

logger.critical(u"DBusException: %s", error)

1430

1480

sys.exit(1)

1443

1493

except KeyboardInterrupt:

1444

1494

if debug:

1445

1495

print >> sys.stderr

1446

logger.debug("Server received KeyboardInterrupt")

1447

logger.debug("Server exiting")

1496

logger.debug(u"Server received KeyboardInterrupt")

1497

logger.debug(u"Server exiting")

1448

1498

1449

1499

if __name__ == '__main__':

1450

1500

main()