To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 352
- compare with another revision
- download diff
- download tarball
- view history from revision 352
- Committer: Teddy Hogeborn
- Date: 2009-08-27 23:06:33 UTC
- Revision ID: teddy@fukt.bsnet.se-20090827230633-eyvww20kpem20il1
* mandos (ClientHandler.handle): Bug fix: add missing right
parenthesis.
parenthesis.
- files modified:
- Makefile
added
removed
mandos
6
6
# This program is partly derived from an example program for an Avahi
7
7
# service publisher, downloaded from
8
8
# <http://avahi.org/wiki/PythonPublishExample>. This includes the
9
# methods "add" and "remove" in the "AvahiService" class, the
10
# "server_state_changed" and "entry_group_state_changed" functions,
11
# and some lines in "main".
9
# methods "add", "remove", "server_state_changed",
10
# "entry_group_state_changed", "cleanup", and "activate" in the
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
14
# Copyright © 2008,2009 Teddy Hogeborn
33
33
34
34
from __future__ import division, with_statement, absolute_import
35
35
36
import SocketServer
36
import SocketServer as socketserver
37
37
import socket
38
38
import optparse
39
39
import datetime
44
44
import gnutls.library.functions
45
45
import gnutls.library.constants
46
46
import gnutls.library.types
47
import ConfigParser
47
import ConfigParser as configparser
48
48
import sys
49
49
import re
50
50
import os
51
51
import signal
52
from sets import Set
53
52
import subprocess
54
53
import atexit
55
54
import stat
57
56
import logging.handlers
58
57
import pwd
59
58
from contextlib import closing
59
import struct
60
import fcntl
61
import functools
60
62
61
63
import dbus
62
64
import dbus.service
72
74
try:
73
75
from IN import SO_BINDTODEVICE
74
76
except ImportError:
75
# From /usr/include/asm/socket.h
76
SO_BINDTODEVICE = 25
77
78
79
version = "1.0.8"
80
81
logger = logging.Logger('mandos')
77
SO_BINDTODEVICE = None
78
79
80
version = "1.0.11"
81
82
logger = logging.Logger(u'mandos')
82
83
syslogger = (logging.handlers.SysLogHandler
83
84
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
84
85
address = "/dev/log"))
85
86
syslogger.setFormatter(logging.Formatter
86
('Mandos [%(process)d]: %(levelname)s:'
87
' %(message)s'))
87
(u'Mandos [%(process)d]: %(levelname)s:'
88
u' %(message)s'))
88
89
logger.addHandler(syslogger)
89
90
90
91
console = logging.StreamHandler()
91
console.setFormatter(logging.Formatter('%(name)s [%(process)d]:'
92
' %(levelname)s: %(message)s'))
92
console.setFormatter(logging.Formatter(u'%(name)s [%(process)d]:'
93
u' %(levelname)s:'
94
u' %(message)s'))
93
95
logger.addHandler(console)
94
96
95
97
class AvahiError(Exception):
112
114
Attributes:
113
115
interface: integer; avahi.IF_UNSPEC or an interface index.
114
116
Used to optionally bind to the specified interface.
115
name: string; Example: 'Mandos'
116
type: string; Example: '_mandos._tcp'.
117
name: string; Example: u'Mandos'
118
type: string; Example: u'_mandos._tcp'.
117
119
See <http://www.dns-sd.org/ServiceTypes.html>
118
120
port: integer; what port to announce
119
121
TXT: list of strings; TXT record for the service
122
124
max_renames: integer; maximum number of renames
123
125
rename_count: integer; counter so we only rename after collisions
124
126
a sensible number of times
127
group: D-Bus Entry Group
128
server: D-Bus Server
129
bus: dbus.SystemBus()
125
130
"""
126
131
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
127
132
servicetype = None, port = None, TXT = None,
128
domain = "", host = "", max_renames = 32768,
129
protocol = avahi.PROTO_UNSPEC):
133
domain = u"", host = u"", max_renames = 32768,
134
protocol = avahi.PROTO_UNSPEC, bus = None):
130
135
self.interface = interface
131
136
self.name = name
132
137
self.type = servicetype
137
142
self.rename_count = 0
138
143
self.max_renames = max_renames
139
144
self.protocol = protocol
145
self.group = None # our entry group
146
self.server = None
147
self.bus = bus
140
148
def rename(self):
141
149
"""Derived from the Avahi example code"""
142
150
if self.rename_count >= self.max_renames:
144
152
u" after %i retries, exiting.",
145
153
self.rename_count)
146
154
raise AvahiServiceError(u"Too many renames")
147
self.name = server.GetAlternativeServiceName(self.name)
155
self.name = self.server.GetAlternativeServiceName(self.name)
148
156
logger.info(u"Changing Zeroconf service name to %r ...",
149
str(self.name))
157
unicode(self.name))
150
158
syslogger.setFormatter(logging.Formatter
151
('Mandos (%s) [%%(process)d]:'
152
' %%(levelname)s: %%(message)s'
159
(u'Mandos (%s) [%%(process)d]:'
160
u' %%(levelname)s: %%(message)s'
153
161
% self.name))
154
162
self.remove()
155
163
self.add()
156
164
self.rename_count += 1
157
165
def remove(self):
158
166
"""Derived from the Avahi example code"""
159
if group is not None:
160
group.Reset()
167
if self.group is not None:
168
self.group.Reset()
161
169
def add(self):
162
170
"""Derived from the Avahi example code"""
163
global group
164
if group is None:
165
group = dbus.Interface(bus.get_object
166
(avahi.DBUS_NAME,
167
server.EntryGroupNew()),
168
avahi.DBUS_INTERFACE_ENTRY_GROUP)
169
group.connect_to_signal('StateChanged',
170
entry_group_state_changed)
171
if self.group is None:
172
self.group = dbus.Interface(
173
self.bus.get_object(avahi.DBUS_NAME,
174
self.server.EntryGroupNew()),
175
avahi.DBUS_INTERFACE_ENTRY_GROUP)
176
self.group.connect_to_signal('StateChanged',
177
self.entry_group_state_changed)
171
178
logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",
172
service.name, service.type)
173
group.AddService(
174
self.interface, # interface
175
self.protocol, # protocol
176
dbus.UInt32(0), # flags
177
self.name, self.type,
178
self.domain, self.host,
179
dbus.UInt16(self.port),
180
avahi.string_array_to_txt_array(self.TXT))
181
group.Commit()
182
183
# From the Avahi example code:
184
group = None # our entry group
185
# End of Avahi example code
186
187
188
def _datetime_to_dbus(dt, variant_level=0):
189
"""Convert a UTC datetime.datetime() to a D-Bus type."""
190
return dbus.String(dt.isoformat(), variant_level=variant_level)
179
self.name, self.type)
180
self.group.AddService(
181
self.interface,
182
self.protocol,
183
dbus.UInt32(0), # flags
184
self.name, self.type,
185
self.domain, self.host,
186
dbus.UInt16(self.port),
187
avahi.string_array_to_txt_array(self.TXT))
188
self.group.Commit()
189
def entry_group_state_changed(self, state, error):
190
"""Derived from the Avahi example code"""
191
logger.debug(u"Avahi state change: %i", state)
192
193
if state == avahi.ENTRY_GROUP_ESTABLISHED:
194
logger.debug(u"Zeroconf service established.")
195
elif state == avahi.ENTRY_GROUP_COLLISION:
196
logger.warning(u"Zeroconf service name collision.")
197
self.rename()
198
elif state == avahi.ENTRY_GROUP_FAILURE:
199
logger.critical(u"Avahi: Error in group state changed %s",
200
unicode(error))
201
raise AvahiGroupError(u"State changed: %s"
202
% unicode(error))
203
def cleanup(self):
204
"""Derived from the Avahi example code"""
205
if self.group is not None:
206
self.group.Free()
207
self.group = None
208
def server_state_changed(self, state):
209
"""Derived from the Avahi example code"""
210
if state == avahi.SERVER_COLLISION:
211
logger.error(u"Zeroconf server name collision")
212
self.remove()
213
elif state == avahi.SERVER_RUNNING:
214
self.add()
215
def activate(self):
216
"""Derived from the Avahi example code"""
217
if self.server is None:
218
self.server = dbus.Interface(
219
self.bus.get_object(avahi.DBUS_NAME,
220
avahi.DBUS_PATH_SERVER),
221
avahi.DBUS_INTERFACE_SERVER)
222
self.server.connect_to_signal(u"StateChanged",
223
self.server_state_changed)
224
self.server_state_changed(self.server.GetState())
191
225
192
226
193
227
class Client(object):
220
254
instance %(name)s can be used in the command.
221
255
current_checker_command: string; current running checker_command
222
256
"""
257
258
@staticmethod
259
def _datetime_to_milliseconds(dt):
260
"Convert a datetime.datetime() to milliseconds"
261
return ((dt.days * 24 * 60 * 60 * 1000)
262
+ (dt.seconds * 1000)
263
+ (dt.microseconds // 1000))
264
223
265
def timeout_milliseconds(self):
224
266
"Return the 'timeout' attribute in milliseconds"
225
return ((self.timeout.days * 24 * 60 * 60 * 1000)
226
+ (self.timeout.seconds * 1000)
227
+ (self.timeout.microseconds // 1000))
267
return self._datetime_to_milliseconds(self.timeout)
228
268
229
269
def interval_milliseconds(self):
230
270
"Return the 'interval' attribute in milliseconds"
231
return ((self.interval.days * 24 * 60 * 60 * 1000)
232
+ (self.interval.seconds * 1000)
233
+ (self.interval.microseconds // 1000))
271
return self._datetime_to_milliseconds(self.interval)
234
272
235
273
def __init__(self, name = None, disable_hook=None, config=None):
236
274
"""Note: the 'checker' key in 'config' sets the
243
281
# Uppercase and remove spaces from fingerprint for later
244
282
# comparison purposes with return value from the fingerprint()
245
283
# function
246
self.fingerprint = (config["fingerprint"].upper()
284
self.fingerprint = (config[u"fingerprint"].upper()
247
285
.replace(u" ", u""))
248
286
logger.debug(u" Fingerprint: %s", self.fingerprint)
249
if "secret" in config:
250
self.secret = config["secret"].decode(u"base64")
251
elif "secfile" in config:
287
if u"secret" in config:
288
self.secret = config[u"secret"].decode(u"base64")
289
elif u"secfile" in config:
252
290
with closing(open(os.path.expanduser
253
291
(os.path.expandvars
254
(config["secfile"])))) as secfile:
292
(config[u"secfile"])))) as secfile:
255
293
self.secret = secfile.read()
256
294
else:
257
295
raise TypeError(u"No secret or secfile for client %s"
258
296
% self.name)
259
self.host = config.get("host", "")
297
self.host = config.get(u"host", u"")
260
298
self.created = datetime.datetime.utcnow()
261
299
self.enabled = False
262
300
self.last_enabled = None
263
301
self.last_checked_ok = None
264
self.timeout = string_to_delta(config["timeout"])
265
self.interval = string_to_delta(config["interval"])
302
self.timeout = string_to_delta(config[u"timeout"])
303
self.interval = string_to_delta(config[u"interval"])
266
304
self.disable_hook = disable_hook
267
305
self.checker = None
268
306
self.checker_initiator_tag = None
269
307
self.disable_initiator_tag = None
270
308
self.checker_callback_tag = None
271
self.checker_command = config["checker"]
309
self.checker_command = config[u"checker"]
272
310
self.current_checker_command = None
273
311
self.last_connect = None
274
312
275
313
def enable(self):
276
314
"""Start this client's checker and timeout hooks"""
315
if getattr(self, u"enabled", False):
316
# Already enabled
317
return
277
318
self.last_enabled = datetime.datetime.utcnow()
278
319
# Schedule a new checker to be started an 'interval' from now,
279
320
# and every interval from then on.
293
334
if not getattr(self, "enabled", False):
294
335
return False
295
336
logger.info(u"Disabling client %s", self.name)
296
if getattr(self, "disable_initiator_tag", False):
337
if getattr(self, u"disable_initiator_tag", False):
297
338
gobject.source_remove(self.disable_initiator_tag)
298
339
self.disable_initiator_tag = None
299
if getattr(self, "checker_initiator_tag", False):
340
if getattr(self, u"checker_initiator_tag", False):
300
341
gobject.source_remove(self.checker_initiator_tag)
301
342
self.checker_initiator_tag = None
302
343
self.stop_checker()
357
398
if self.checker is not None:
358
399
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
359
400
if pid:
360
logger.warning("Checker was a zombie")
401
logger.warning(u"Checker was a zombie")
361
402
gobject.source_remove(self.checker_callback_tag)
362
403
self.checker_callback(pid, status,
363
404
self.current_checker_command)
368
409
command = self.checker_command % self.host
369
410
except TypeError:
370
411
# Escape attributes for the shell
371
escaped_attrs = dict((key, re.escape(str(val)))
412
escaped_attrs = dict((key,
413
re.escape(unicode(str(val),
414
errors=
415
u'replace')))
372
416
for key, val in
373
417
vars(self).iteritems())
374
418
try:
387
431
# always replaced by /dev/null.)
388
432
self.checker = subprocess.Popen(command,
389
433
close_fds=True,
390
shell=True, cwd="/")
434
shell=True, cwd=u"/")
391
435
self.checker_callback_tag = (gobject.child_watch_add
392
436
(self.checker.pid,
393
437
self.checker_callback,
409
453
if self.checker_callback_tag:
410
454
gobject.source_remove(self.checker_callback_tag)
411
455
self.checker_callback_tag = None
412
if getattr(self, "checker", None) is None:
456
if getattr(self, u"checker", None) is None:
413
457
return
414
458
logger.debug(u"Stopping checker for %(name)s", vars(self))
415
459
try:
424
468
425
469
def still_valid(self):
426
470
"""Has the timeout not yet passed for this client?"""
427
if not getattr(self, "enabled", False):
471
if not getattr(self, u"enabled", False):
428
472
return False
429
473
now = datetime.datetime.utcnow()
430
474
if self.last_checked_ok is None:
437
481
"""A Client class using D-Bus
438
482
439
483
Attributes:
440
dbus_object_path: dbus.ObjectPath ; only set if self.use_dbus
484
dbus_object_path: dbus.ObjectPath
485
bus: dbus.SystemBus()
441
486
"""
442
487
# dbus.service.Object doesn't use super(), so we can't either.
443
488
444
def __init__(self, *args, **kwargs):
489
def __init__(self, bus = None, *args, **kwargs):
490
self.bus = bus
445
491
Client.__init__(self, *args, **kwargs)
446
492
# Only now, when this client is initialized, can it show up on
447
493
# the D-Bus
448
494
self.dbus_object_path = (dbus.ObjectPath
449
("/clients/"
450
+ self.name.replace(".", "_")))
451
dbus.service.Object.__init__(self, bus,
495
(u"/clients/"
496
+ self.name.replace(u".", u"_")))
497
dbus.service.Object.__init__(self, self.bus,
452
498
self.dbus_object_path)
499
500
@staticmethod
501
def _datetime_to_dbus(dt, variant_level=0):
502
"""Convert a UTC datetime.datetime() to a D-Bus type."""
503
return dbus.String(dt.isoformat(),
504
variant_level=variant_level)
505
453
506
def enable(self):
454
oldstate = getattr(self, "enabled", False)
507
oldstate = getattr(self, u"enabled", False)
455
508
r = Client.enable(self)
456
509
if oldstate != self.enabled:
457
510
# Emit D-Bus signals
458
511
self.PropertyChanged(dbus.String(u"enabled"),
459
512
dbus.Boolean(True, variant_level=1))
460
self.PropertyChanged(dbus.String(u"last_enabled"),
461
(_datetime_to_dbus(self.last_enabled,
462
variant_level=1)))
513
self.PropertyChanged(
514
dbus.String(u"last_enabled"),
515
self._datetime_to_dbus(self.last_enabled,
516
variant_level=1))
463
517
return r
464
518
465
519
def disable(self, signal = True):
466
oldstate = getattr(self, "enabled", False)
520
oldstate = getattr(self, u"enabled", False)
467
521
r = Client.disable(self)
468
522
if signal and oldstate != self.enabled:
469
523
# Emit D-Bus signal
476
530
self.remove_from_connection()
477
531
except LookupError:
478
532
pass
479
if hasattr(dbus.service.Object, "__del__"):
533
if hasattr(dbus.service.Object, u"__del__"):
480
534
dbus.service.Object.__del__(self, *args, **kwargs)
481
535
Client.__del__(self, *args, **kwargs)
482
536
507
561
# Emit D-Bus signal
508
562
self.PropertyChanged(
509
563
dbus.String(u"last_checked_ok"),
510
(_datetime_to_dbus(self.last_checked_ok,
511
variant_level=1)))
564
(self._datetime_to_dbus(self.last_checked_ok,
565
variant_level=1)))
512
566
return r
513
567
514
568
def start_checker(self, *args, **kwargs):
524
578
# Emit D-Bus signal
525
579
self.CheckerStarted(self.current_checker_command)
526
580
self.PropertyChanged(
527
dbus.String("checker_running"),
581
dbus.String(u"checker_running"),
528
582
dbus.Boolean(True, variant_level=1))
529
583
return r
530
584
531
585
def stop_checker(self, *args, **kwargs):
532
old_checker = getattr(self, "checker", None)
586
old_checker = getattr(self, u"checker", None)
533
587
r = Client.stop_checker(self, *args, **kwargs)
534
588
if (old_checker is not None
535
and getattr(self, "checker", None) is None):
589
and getattr(self, u"checker", None) is None):
536
590
self.PropertyChanged(dbus.String(u"checker_running"),
537
591
dbus.Boolean(False, variant_level=1))
538
592
return r
541
595
_interface = u"se.bsnet.fukt.Mandos.Client"
542
596
543
597
# CheckedOK - method
544
CheckedOK = dbus.service.method(_interface)(checked_ok)
545
CheckedOK.__name__ = "CheckedOK"
598
@dbus.service.method(_interface)
599
def CheckedOK(self):
600
return self.checked_ok()
546
601
547
602
# CheckerCompleted - signal
548
@dbus.service.signal(_interface, signature="nxs")
603
@dbus.service.signal(_interface, signature=u"nxs")
549
604
def CheckerCompleted(self, exitcode, waitstatus, command):
550
605
"D-Bus signal"
551
606
pass
552
607
553
608
# CheckerStarted - signal
554
@dbus.service.signal(_interface, signature="s")
609
@dbus.service.signal(_interface, signature=u"s")
555
610
def CheckerStarted(self, command):
556
611
"D-Bus signal"
557
612
pass
558
613
559
614
# GetAllProperties - method
560
@dbus.service.method(_interface, out_signature="a{sv}")
615
@dbus.service.method(_interface, out_signature=u"a{sv}")
561
616
def GetAllProperties(self):
562
617
"D-Bus method"
563
618
return dbus.Dictionary({
564
dbus.String("name"):
619
dbus.String(u"name"):
565
620
dbus.String(self.name, variant_level=1),
566
dbus.String("fingerprint"):
621
dbus.String(u"fingerprint"):
567
622
dbus.String(self.fingerprint, variant_level=1),
568
dbus.String("host"):
623
dbus.String(u"host"):
569
624
dbus.String(self.host, variant_level=1),
570
dbus.String("created"):
571
_datetime_to_dbus(self.created, variant_level=1),
572
dbus.String("last_enabled"):
573
(_datetime_to_dbus(self.last_enabled,
574
variant_level=1)
625
dbus.String(u"created"):
626
self._datetime_to_dbus(self.created,
627
variant_level=1),
628
dbus.String(u"last_enabled"):
629
(self._datetime_to_dbus(self.last_enabled,
630
variant_level=1)
575
631
if self.last_enabled is not None
576
632
else dbus.Boolean(False, variant_level=1)),
577
dbus.String("enabled"):
633
dbus.String(u"enabled"):
578
634
dbus.Boolean(self.enabled, variant_level=1),
579
dbus.String("last_checked_ok"):
580
(_datetime_to_dbus(self.last_checked_ok,
581
variant_level=1)
635
dbus.String(u"last_checked_ok"):
636
(self._datetime_to_dbus(self.last_checked_ok,
637
variant_level=1)
582
638
if self.last_checked_ok is not None
583
639
else dbus.Boolean (False, variant_level=1)),
584
dbus.String("timeout"):
640
dbus.String(u"timeout"):
585
641
dbus.UInt64(self.timeout_milliseconds(),
586
642
variant_level=1),
587
dbus.String("interval"):
643
dbus.String(u"interval"):
588
644
dbus.UInt64(self.interval_milliseconds(),
589
645
variant_level=1),
590
dbus.String("checker"):
646
dbus.String(u"checker"):
591
647
dbus.String(self.checker_command,
592
648
variant_level=1),
593
dbus.String("checker_running"):
649
dbus.String(u"checker_running"):
594
650
dbus.Boolean(self.checker is not None,
595
651
variant_level=1),
596
dbus.String("object_path"):
652
dbus.String(u"object_path"):
597
653
dbus.ObjectPath(self.dbus_object_path,
598
654
variant_level=1)
599
}, signature="sv")
655
}, signature=u"sv")
600
656
601
657
# IsStillValid - method
602
@dbus.service.method(_interface, out_signature="b")
658
@dbus.service.method(_interface, out_signature=u"b")
603
659
def IsStillValid(self):
604
660
return self.still_valid()
605
661
606
662
# PropertyChanged - signal
607
@dbus.service.signal(_interface, signature="sv")
663
@dbus.service.signal(_interface, signature=u"sv")
608
664
def PropertyChanged(self, property, value):
609
665
"D-Bus signal"
610
666
pass
622
678
pass
623
679
624
680
# SetChecker - method
625
@dbus.service.method(_interface, in_signature="s")
681
@dbus.service.method(_interface, in_signature=u"s")
626
682
def SetChecker(self, checker):
627
683
"D-Bus setter method"
628
684
self.checker_command = checker
632
688
variant_level=1))
633
689
634
690
# SetHost - method
635
@dbus.service.method(_interface, in_signature="s")
691
@dbus.service.method(_interface, in_signature=u"s")
636
692
def SetHost(self, host):
637
693
"D-Bus setter method"
638
694
self.host = host
641
697
dbus.String(self.host, variant_level=1))
642
698
643
699
# SetInterval - method
644
@dbus.service.method(_interface, in_signature="t")
700
@dbus.service.method(_interface, in_signature=u"t")
645
701
def SetInterval(self, milliseconds):
646
702
self.interval = datetime.timedelta(0, 0, 0, milliseconds)
647
703
# Emit D-Bus signal
650
706
variant_level=1)))
651
707
652
708
# SetSecret - method
653
@dbus.service.method(_interface, in_signature="ay",
709
@dbus.service.method(_interface, in_signature=u"ay",
654
710
byte_arrays=True)
655
711
def SetSecret(self, secret):
656
712
"D-Bus setter method"
657
713
self.secret = str(secret)
658
714
659
715
# SetTimeout - method
660
@dbus.service.method(_interface, in_signature="t")
716
@dbus.service.method(_interface, in_signature=u"t")
661
717
def SetTimeout(self, milliseconds):
662
718
self.timeout = datetime.timedelta(0, 0, 0, milliseconds)
663
719
# Emit D-Bus signal
666
722
variant_level=1)))
667
723
668
724
# Enable - method
669
Enable = dbus.service.method(_interface)(enable)
670
Enable.__name__ = "Enable"
725
@dbus.service.method(_interface)
726
def Enable(self):
727
"D-Bus method"
728
self.enable()
671
729
672
730
# StartChecker - method
673
731
@dbus.service.method(_interface)
682
740
self.disable()
683
741
684
742
# StopChecker - method
685
StopChecker = dbus.service.method(_interface)(stop_checker)
686
StopChecker.__name__ = "StopChecker"
743
@dbus.service.method(_interface)
744
def StopChecker(self):
745
self.stop_checker()
687
746
688
747
del _interface
689
748
690
749
691
class ClientHandler(SocketServer.BaseRequestHandler, object):
750
class ClientHandler(socketserver.BaseRequestHandler, object):
692
751
"""A class to handle client connections.
693
752
694
753
Instantiated once for each connection to handle it.
699
758
unicode(self.client_address))
700
759
logger.debug(u"IPC Pipe FD: %d", self.server.pipe[1])
701
760
# Open IPC pipe to parent process
702
with closing(os.fdopen(self.server.pipe[1], "w", 1)) as ipc:
761
with closing(os.fdopen(self.server.pipe[1], u"w", 1)) as ipc:
703
762
session = (gnutls.connection
704
763
.ClientSession(self.request,
705
764
gnutls.connection
719
778
# no X.509 keys are added to it. Therefore, we can use it
720
779
# here despite using OpenPGP certificates.
721
780
722
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
723
# "+AES-256-CBC", "+SHA1",
724
# "+COMP-NULL", "+CTYPE-OPENPGP",
725
# "+DHE-DSS"))
781
#priority = u':'.join((u"NONE", u"+VERS-TLS1.1",
782
# u"+AES-256-CBC", u"+SHA1",
783
# u"+COMP-NULL", u"+CTYPE-OPENPGP",
784
# u"+DHE-DSS"))
726
785
# Use a fallback default, since this MUST be set.
727
786
priority = self.server.gnutls_priority
728
787
if priority is None:
729
priority = "NORMAL"
788
priority = u"NORMAL"
730
789
(gnutls.library.functions
731
790
.gnutls_priority_set_direct(session._c_object,
732
791
priority, None))
752
811
client = c
753
812
break
754
813
else:
755
ipc.write("NOTFOUND %s\n" % fpr)
814
ipc.write(u"NOTFOUND %s %s\n"
815
% (fpr, unicode(self.client_address)))
756
816
session.bye()
757
817
return
758
818
# Have to check if client.still_valid(), since it is
759
819
# possible that the client timed out while establishing
760
820
# the GnuTLS session.
761
821
if not client.still_valid():
762
ipc.write("INVALID %s\n" % client.name)
822
ipc.write(u"INVALID %s\n" % client.name)
763
823
session.bye()
764
824
return
765
ipc.write("SENDING %s\n" % client.name)
825
ipc.write(u"SENDING %s\n" % client.name)
766
826
sent_size = 0
767
827
while sent_size < len(client.secret):
768
828
sent = session.send(client.secret[sent_size:])
786
846
.gnutls_certificate_get_peers
787
847
(session._c_object, ctypes.byref(list_size)))
788
848
if not bool(cert_list) and list_size.value != 0:
789
raise gnutls.errors.GNUTLSError("error getting peer"
790
" certificate")
849
raise gnutls.errors.GNUTLSError(u"error getting peer"
850
u" certificate")
791
851
if list_size.value == 0:
792
852
return None
793
853
cert = cert_list[0]
819
879
if crtverify.value != 0:
820
880
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
821
881
raise (gnutls.errors.CertificateSecurityError
822
("Verify failed"))
882
(u"Verify failed"))
823
883
# New buffer for the fingerprint
824
884
buf = ctypes.create_string_buffer(20)
825
885
buf_len = ctypes.c_size_t()
836
896
return hex_fpr
837
897
838
898
839
class ForkingMixInWithPipe(SocketServer.ForkingMixIn, object):
840
"""Like SocketServer.ForkingMixIn, but also pass a pipe.
841
842
Assumes a gobject.MainLoop event loop.
843
"""
899
class ForkingMixInWithPipe(socketserver.ForkingMixIn, object):
900
"""Like socketserver.ForkingMixIn, but also pass a pipe."""
844
901
def process_request(self, request, client_address):
845
902
"""Overrides and wraps the original process_request().
846
903
850
907
super(ForkingMixInWithPipe,
851
908
self).process_request(request, client_address)
852
909
os.close(self.pipe[1]) # close write end
853
# Call "handle_ipc" for both data and EOF events
854
gobject.io_add_watch(self.pipe[0],
855
gobject.IO_IN | gobject.IO_HUP,
856
self.handle_ipc)
857
def handle_ipc(source, condition):
910
self.add_pipe(self.pipe[0])
911
def add_pipe(self, pipe):
858
912
"""Dummy function; override as necessary"""
859
os.close(source)
860
return False
913
os.close(pipe)
861
914
862
915
863
916
class IPv6_TCPServer(ForkingMixInWithPipe,
864
SocketServer.TCPServer, object):
917
socketserver.TCPServer, object):
865
918
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
866
919
867
920
Attributes:
868
921
enabled: Boolean; whether this server is activated yet
869
922
interface: None or a network interface name (string)
870
923
use_ipv6: Boolean; to use IPv6 or not
871
----
872
clients: Set() of Client objects
873
gnutls_priority GnuTLS priority string
874
use_dbus: Boolean; to emit D-Bus signals or not
875
924
"""
876
925
def __init__(self, server_address, RequestHandlerClass,
877
interface=None, use_ipv6=True, clients=None,
878
gnutls_priority=None, use_dbus=True):
879
self.enabled = False
926
interface=None, use_ipv6=True):
880
927
self.interface = interface
881
928
if use_ipv6:
882
929
self.address_family = socket.AF_INET6
883
self.clients = clients
884
self.use_dbus = use_dbus
885
self.gnutls_priority = gnutls_priority
886
SocketServer.TCPServer.__init__(self, server_address,
930
socketserver.TCPServer.__init__(self, server_address,
887
931
RequestHandlerClass)
888
932
def server_bind(self):
889
933
"""This overrides the normal server_bind() function
890
934
to bind to an interface if one was specified, and also NOT to
891
935
bind to an address or port if they were not specified."""
892
936
if self.interface is not None:
893
try:
894
self.socket.setsockopt(socket.SOL_SOCKET,
895
SO_BINDTODEVICE,
896
self.interface + '\0')
897
except socket.error, error:
898
if error[0] == errno.EPERM:
899
logger.error(u"No permission to"
900
u" bind to interface %s",
901
self.interface)
902
else:
903
raise
937
if SO_BINDTODEVICE is None:
938
logger.error(u"SO_BINDTODEVICE does not exist;"
939
u" cannot bind to interface %s",
940
self.interface)
941
else:
942
try:
943
self.socket.setsockopt(socket.SOL_SOCKET,
944
SO_BINDTODEVICE,
945
str(self.interface
946
+ u'\0'))
947
except socket.error, error:
948
if error[0] == errno.EPERM:
949
logger.error(u"No permission to"
950
u" bind to interface %s",
951
self.interface)
952
elif error[0] == errno.ENOPROTOOPT:
953
logger.error(u"SO_BINDTODEVICE not available;"
954
u" cannot bind to interface %s",
955
self.interface)
956
else:
957
raise
904
958
# Only bind(2) the socket if we really need to.
905
959
if self.server_address[0] or self.server_address[1]:
906
960
if not self.server_address[0]:
907
961
if self.address_family == socket.AF_INET6:
908
any_address = "::" # in6addr_any
962
any_address = u"::" # in6addr_any
909
963
else:
910
964
any_address = socket.INADDR_ANY
911
965
self.server_address = (any_address,
919
973
# 0, # flowinfo
920
974
# if_nametoindex
921
975
# (self.interface))
922
return SocketServer.TCPServer.server_bind(self)
976
return socketserver.TCPServer.server_bind(self)
977
978
979
class MandosServer(IPv6_TCPServer):
980
"""Mandos server.
981
982
Attributes:
983
clients: set of Client objects
984
gnutls_priority GnuTLS priority string
985
use_dbus: Boolean; to emit D-Bus signals or not
986
clients: set of Client objects
987
gnutls_priority GnuTLS priority string
988
use_dbus: Boolean; to emit D-Bus signals or not
989
990
Assumes a gobject.MainLoop event loop.
991
"""
992
def __init__(self, server_address, RequestHandlerClass,
993
interface=None, use_ipv6=True, clients=None,
994
gnutls_priority=None, use_dbus=True):
995
self.enabled = False
996
self.clients = clients
997
if self.clients is None:
998
self.clients = set()
999
self.use_dbus = use_dbus
1000
self.gnutls_priority = gnutls_priority
1001
IPv6_TCPServer.__init__(self, server_address,
1002
RequestHandlerClass,
1003
interface = interface,
1004
use_ipv6 = use_ipv6)
923
1005
def server_activate(self):
924
1006
if self.enabled:
925
return SocketServer.TCPServer.server_activate(self)
1007
return socketserver.TCPServer.server_activate(self)
926
1008
def enable(self):
927
1009
self.enabled = True
1010
def add_pipe(self, pipe):
1011
# Call "handle_ipc" for both data and EOF events
1012
gobject.io_add_watch(pipe, gobject.IO_IN | gobject.IO_HUP,
1013
self.handle_ipc)
928
1014
def handle_ipc(self, source, condition, file_objects={}):
929
1015
condition_names = {
930
gobject.IO_IN: "IN", # There is data to read.
931
gobject.IO_OUT: "OUT", # Data can be written (without
932
# blocking).
933
gobject.IO_PRI: "PRI", # There is urgent data to read.
934
gobject.IO_ERR: "ERR", # Error condition.
935
gobject.IO_HUP: "HUP" # Hung up (the connection has been
936
# broken, usually for pipes and
937
# sockets).
1016
gobject.IO_IN: u"IN", # There is data to read.
1017
gobject.IO_OUT: u"OUT", # Data can be written (without
1018
# blocking).
1019
gobject.IO_PRI: u"PRI", # There is urgent data to read.
1020
gobject.IO_ERR: u"ERR", # Error condition.
1021
gobject.IO_HUP: u"HUP" # Hung up (the connection has been
1022
# broken, usually for pipes and
1023
# sockets).
938
1024
}
939
1025
conditions_string = ' | '.join(name
940
1026
for cond, name in
941
1027
condition_names.iteritems()
942
1028
if cond & condition)
943
logger.debug("Handling IPC: FD = %d, condition = %s", source,
1029
logger.debug(u"Handling IPC: FD = %d, condition = %s", source,
944
1030
conditions_string)
945
1031
946
1032
# Turn the pipe file descriptor into a Python file object
947
1033
if source not in file_objects:
948
file_objects[source] = os.fdopen(source, "r", 1)
1034
file_objects[source] = os.fdopen(source, u"r", 1)
949
1035
950
1036
# Read a line from the file object
951
1037
cmdline = file_objects[source].readline()
957
1043
# Stop calling this function
958
1044
return False
959
1045
960
logger.debug("IPC command: %r", cmdline)
1046
logger.debug(u"IPC command: %r", cmdline)
961
1047
962
1048
# Parse and act on command
963
cmd, args = cmdline.rstrip("\r\n").split(None, 1)
1049
cmd, args = cmdline.rstrip(u"\r\n").split(None, 1)
964
1050
965
if cmd == "NOTFOUND":
1051
if cmd == u"NOTFOUND":
966
1052
logger.warning(u"Client not found for fingerprint: %s",
967
1053
args)
968
1054
if self.use_dbus:
969
1055
# Emit D-Bus signal
970
1056
mandos_dbus_service.ClientNotFound(args)
971
elif cmd == "INVALID":
1057
elif cmd == u"INVALID":
972
1058
for client in self.clients:
973
1059
if client.name == args:
974
1060
logger.warning(u"Client %s is invalid", args)
978
1064
break
979
1065
else:
980
1066
logger.error(u"Unknown client %s is invalid", args)
981
elif cmd == "SENDING":
1067
elif cmd == u"SENDING":
982
1068
for client in self.clients:
983
1069
if client.name == args:
984
1070
logger.info(u"Sending secret to %s", client.name)
991
1077
logger.error(u"Sending secret to unknown client %s",
992
1078
args)
993
1079
else:
994
logger.error("Unknown IPC command: %r", cmdline)
1080
logger.error(u"Unknown IPC command: %r", cmdline)
995
1081
996
1082
# Keep calling this function
997
1083
return True
1000
1086
def string_to_delta(interval):
1001
1087
"""Parse a string and return a datetime.timedelta
1002
1088
1003
>>> string_to_delta('7d')
1089
>>> string_to_delta(u'7d')
1004
1090
datetime.timedelta(7)
1005
>>> string_to_delta('60s')
1091
>>> string_to_delta(u'60s')
1006
1092
datetime.timedelta(0, 60)
1007
>>> string_to_delta('60m')
1093
>>> string_to_delta(u'60m')
1008
1094
datetime.timedelta(0, 3600)
1009
>>> string_to_delta('24h')
1095
>>> string_to_delta(u'24h')
1010
1096
datetime.timedelta(1)
1011
1097
>>> string_to_delta(u'1w')
1012
1098
datetime.timedelta(7)
1013
>>> string_to_delta('5m 30s')
1099
>>> string_to_delta(u'5m 30s')
1014
1100
datetime.timedelta(0, 330)
1015
1101
"""
1016
1102
timevalue = datetime.timedelta(0)
1036
1122
return timevalue
1037
1123
1038
1124
1039
def server_state_changed(state):
1040
"""Derived from the Avahi example code"""
1041
if state == avahi.SERVER_COLLISION:
1042
logger.error(u"Zeroconf server name collision")
1043
service.remove()
1044
elif state == avahi.SERVER_RUNNING:
1045
service.add()
1046
1047
1048
def entry_group_state_changed(state, error):
1049
"""Derived from the Avahi example code"""
1050
logger.debug(u"Avahi state change: %i", state)
1051
1052
if state == avahi.ENTRY_GROUP_ESTABLISHED:
1053
logger.debug(u"Zeroconf service established.")
1054
elif state == avahi.ENTRY_GROUP_COLLISION:
1055
logger.warning(u"Zeroconf service name collision.")
1056
service.rename()
1057
elif state == avahi.ENTRY_GROUP_FAILURE:
1058
logger.critical(u"Avahi: Error in group state changed %s",
1059
unicode(error))
1060
raise AvahiGroupError(u"State changed: %s" % unicode(error))
1061
1062
1125
def if_nametoindex(interface):
1063
"""Call the C function if_nametoindex(), or equivalent"""
1126
"""Call the C function if_nametoindex(), or equivalent
1127
1128
Note: This function cannot accept a unicode string."""
1064
1129
global if_nametoindex
1065
1130
try:
1066
1131
if_nametoindex = (ctypes.cdll.LoadLibrary
1067
(ctypes.util.find_library("c"))
1132
(ctypes.util.find_library(u"c"))
1068
1133
.if_nametoindex)
1069
1134
except (OSError, AttributeError):
1070
if "struct" not in sys.modules:
1071
import struct
1072
if "fcntl" not in sys.modules:
1073
import fcntl
1135
logger.warning(u"Doing if_nametoindex the hard way")
1074
1136
def if_nametoindex(interface):
1075
1137
"Get an interface index the hard way, i.e. using fcntl()"
1076
1138
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
1077
1139
with closing(socket.socket()) as s:
1078
1140
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
1079
struct.pack("16s16x", interface))
1080
interface_index = struct.unpack("I", ifreq[16:20])[0]
1141
struct.pack(str(u"16s16x"),
1142
interface))
1143
interface_index = struct.unpack(str(u"I"),
1144
ifreq[16:20])[0]
1081
1145
return interface_index
1082
1146
return if_nametoindex(interface)
1083
1147
1090
1154
sys.exit()
1091
1155
os.setsid()
1092
1156
if not nochdir:
1093
os.chdir("/")
1157
os.chdir(u"/")
1094
1158
if os.fork():
1095
1159
sys.exit()
1096
1160
if not noclose:
1098
1162
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1099
1163
if not stat.S_ISCHR(os.fstat(null).st_mode):
1100
1164
raise OSError(errno.ENODEV,
1101
"/dev/null not a character device")
1165
u"/dev/null not a character device")
1102
1166
os.dup2(null, sys.stdin.fileno())
1103
1167
os.dup2(null, sys.stdout.fileno())
1104
1168
os.dup2(null, sys.stderr.fileno())
1112
1176
# Parsing of options, both command line and config file
1113
1177
1114
1178
parser = optparse.OptionParser(version = "%%prog %s" % version)
1115
parser.add_option("-i", "--interface", type="string",
1116
metavar="IF", help="Bind to interface IF")
1117
parser.add_option("-a", "--address", type="string",
1118
help="Address to listen for requests on")
1119
parser.add_option("-p", "--port", type="int",
1120
help="Port number to receive requests on")
1121
parser.add_option("--check", action="store_true",
1122
help="Run self-test")
1123
parser.add_option("--debug", action="store_true",
1124
help="Debug mode; run in foreground and log to"
1125
" terminal")
1126
parser.add_option("--priority", type="string", help="GnuTLS"
1127
" priority string (see GnuTLS documentation)")
1128
parser.add_option("--servicename", type="string", metavar="NAME",
1129
help="Zeroconf service name")
1130
parser.add_option("--configdir", type="string",
1131
default="/etc/mandos", metavar="DIR",
1132
help="Directory to search for configuration"
1133
" files")
1134
parser.add_option("--no-dbus", action="store_false",
1135
dest="use_dbus",
1136
help="Do not provide D-Bus system bus"
1137
" interface")
1138
parser.add_option("--no-ipv6", action="store_false",
1139
dest="use_ipv6", help="Do not use IPv6")
1179
parser.add_option("-i", u"--interface", type=u"string",
1180
metavar="IF", help=u"Bind to interface IF")
1181
parser.add_option("-a", u"--address", type=u"string",
1182
help=u"Address to listen for requests on")
1183
parser.add_option("-p", u"--port", type=u"int",
1184
help=u"Port number to receive requests on")
1185
parser.add_option("--check", action=u"store_true",
1186
help=u"Run self-test")
1187
parser.add_option("--debug", action=u"store_true",
1188
help=u"Debug mode; run in foreground and log to"
1189
u" terminal")
1190
parser.add_option("--priority", type=u"string", help=u"GnuTLS"
1191
u" priority string (see GnuTLS documentation)")
1192
parser.add_option("--servicename", type=u"string",
1193
metavar=u"NAME", help=u"Zeroconf service name")
1194
parser.add_option("--configdir", type=u"string",
1195
default=u"/etc/mandos", metavar=u"DIR",
1196
help=u"Directory to search for configuration"
1197
u" files")
1198
parser.add_option("--no-dbus", action=u"store_false",
1199
dest=u"use_dbus", help=u"Do not provide D-Bus"
1200
u" system bus interface")
1201
parser.add_option("--no-ipv6", action=u"store_false",
1202
dest=u"use_ipv6", help=u"Do not use IPv6")
1140
1203
options = parser.parse_args()[0]
1141
1204
1142
1205
if options.check:
1145
1208
sys.exit()
1146
1209
1147
1210
# Default values for config file for server-global settings
1148
server_defaults = { "interface": "",
1149
"address": "",
1150
"port": "",
1151
"debug": "False",
1152
"priority":
1153
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1154
"servicename": "Mandos",
1155
"use_dbus": "True",
1156
"use_ipv6": "True",
1211
server_defaults = { u"interface": u"",
1212
u"address": u"",
1213
u"port": u"",
1214
u"debug": u"False",
1215
u"priority":
1216
u"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1217
u"servicename": u"Mandos",
1218
u"use_dbus": u"True",
1219
u"use_ipv6": u"True",
1157
1220
}
1158
1221
1159
1222
# Parse config file for server-global settings
1160
server_config = ConfigParser.SafeConfigParser(server_defaults)
1223
server_config = configparser.SafeConfigParser(server_defaults)
1161
1224
del server_defaults
1162
server_config.read(os.path.join(options.configdir, "mandos.conf"))
1225
server_config.read(os.path.join(options.configdir,
1226
u"mandos.conf"))
1163
1227
# Convert the SafeConfigParser object to a dict
1164
1228
server_settings = server_config.defaults()
1165
1229
# Use the appropriate methods on the non-string config options
1166
server_settings["debug"] = server_config.getboolean("DEFAULT",
1167
"debug")
1168
server_settings["use_dbus"] = server_config.getboolean("DEFAULT",
1169
"use_dbus")
1170
server_settings["use_ipv6"] = server_config.getboolean("DEFAULT",
1171
"use_ipv6")
1230
for option in (u"debug", u"use_dbus", u"use_ipv6"):
1231
server_settings[option] = server_config.getboolean(u"DEFAULT",
1232
option)
1172
1233
if server_settings["port"]:
1173
server_settings["port"] = server_config.getint("DEFAULT",
1174
"port")
1234
server_settings["port"] = server_config.getint(u"DEFAULT",
1235
u"port")
1175
1236
del server_config
1176
1237
1177
1238
# Override the settings from the config file with command line
1178
1239
# options, if set.
1179
for option in ("interface", "address", "port", "debug",
1180
"priority", "servicename", "configdir",
1181
"use_dbus", "use_ipv6"):
1240
for option in (u"interface", u"address", u"port", u"debug",
1241
u"priority", u"servicename", u"configdir",
1242
u"use_dbus", u"use_ipv6"):
1182
1243
value = getattr(options, option)
1183
1244
if value is not None:
1184
1245
server_settings[option] = value
1185
1246
del options
1247
# Force all strings to be unicode
1248
for option in server_settings.keys():
1249
if type(server_settings[option]) is str:
1250
server_settings[option] = unicode(server_settings[option])
1186
1251
# Now we have our good server settings in "server_settings"
1187
1252
1188
1253
##################################################################
1189
1254
1190
1255
# For convenience
1191
debug = server_settings["debug"]
1192
use_dbus = server_settings["use_dbus"]
1193
use_ipv6 = server_settings["use_ipv6"]
1256
debug = server_settings[u"debug"]
1257
use_dbus = server_settings[u"use_dbus"]
1258
use_ipv6 = server_settings[u"use_ipv6"]
1194
1259
1195
1260
if not debug:
1196
1261
syslogger.setLevel(logging.WARNING)
1197
1262
console.setLevel(logging.WARNING)
1198
1263
1199
if server_settings["servicename"] != "Mandos":
1264
if server_settings[u"servicename"] != u"Mandos":
1200
1265
syslogger.setFormatter(logging.Formatter
1201
('Mandos (%s) [%%(process)d]:'
1202
' %%(levelname)s: %%(message)s'
1203
% server_settings["servicename"]))
1266
(u'Mandos (%s) [%%(process)d]:'
1267
u' %%(levelname)s: %%(message)s'
1268
% server_settings[u"servicename"]))
1204
1269
1205
1270
# Parse config file with clients
1206
client_defaults = { "timeout": "1h",
1207
"interval": "5m",
1208
"checker": "fping -q -- %%(host)s",
1209
"host": "",
1271
client_defaults = { u"timeout": u"1h",
1272
u"interval": u"5m",
1273
u"checker": u"fping -q -- %%(host)s",
1274
u"host": u"",
1210
1275
}
1211
client_config = ConfigParser.SafeConfigParser(client_defaults)
1212
client_config.read(os.path.join(server_settings["configdir"],
1213
"clients.conf"))
1214
1276
client_config = configparser.SafeConfigParser(client_defaults)
1277
client_config.read(os.path.join(server_settings[u"configdir"],
1278
u"clients.conf"))
1279
1215
1280
global mandos_dbus_service
1216
1281
mandos_dbus_service = None
1217
1282
1218
clients = Set()
1219
tcp_server = IPv6_TCPServer((server_settings["address"],
1220
server_settings["port"]),
1221
ClientHandler,
1222
interface=
1223
server_settings["interface"],
1224
use_ipv6=use_ipv6,
1225
clients=clients,
1226
gnutls_priority=
1227
server_settings["priority"],
1228
use_dbus=use_dbus)
1229
pidfilename = "/var/run/mandos.pid"
1283
tcp_server = MandosServer((server_settings[u"address"],
1284
server_settings[u"port"]),
1285
ClientHandler,
1286
interface=server_settings[u"interface"],
1287
use_ipv6=use_ipv6,
1288
gnutls_priority=
1289
server_settings[u"priority"],
1290
use_dbus=use_dbus)
1291
pidfilename = u"/var/run/mandos.pid"
1230
1292
try:
1231
pidfile = open(pidfilename, "w")
1293
pidfile = open(pidfilename, u"w")
1232
1294
except IOError:
1233
logger.error("Could not open file %r", pidfilename)
1295
logger.error(u"Could not open file %r", pidfilename)
1234
1296
1235
1297
try:
1236
uid = pwd.getpwnam("_mandos").pw_uid
1237
gid = pwd.getpwnam("_mandos").pw_gid
1298
uid = pwd.getpwnam(u"_mandos").pw_uid
1299
gid = pwd.getpwnam(u"_mandos").pw_gid
1238
1300
except KeyError:
1239
1301
try:
1240
uid = pwd.getpwnam("mandos").pw_uid
1241
gid = pwd.getpwnam("mandos").pw_gid
1302
uid = pwd.getpwnam(u"mandos").pw_uid
1303
gid = pwd.getpwnam(u"mandos").pw_gid
1242
1304
except KeyError:
1243
1305
try:
1244
uid = pwd.getpwnam("nobody").pw_uid
1245
gid = pwd.getpwnam("nogroup").pw_gid
1306
uid = pwd.getpwnam(u"nobody").pw_uid
1307
gid = pwd.getpwnam(u"nobody").pw_gid
1246
1308
except KeyError:
1247
1309
uid = 65534
1248
1310
gid = 65534
1261
1323
1262
1324
@gnutls.library.types.gnutls_log_func
1263
1325
def debug_gnutls(level, string):
1264
logger.debug("GnuTLS: %s", string[:-1])
1326
logger.debug(u"GnuTLS: %s", string[:-1])
1265
1327
1266
1328
(gnutls.library.functions
1267
1329
.gnutls_global_set_log_function(debug_gnutls))
1268
1330
1269
global service
1270
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
1271
service = AvahiService(name = server_settings["servicename"],
1272
servicetype = "_mandos._tcp",
1273
protocol = protocol)
1274
if server_settings["interface"]:
1275
service.interface = (if_nametoindex
1276
(server_settings["interface"]))
1277
1278
1331
global main_loop
1279
global bus
1280
global server
1281
1332
# From the Avahi example code
1282
1333
DBusGMainLoop(set_as_default=True )
1283
1334
main_loop = gobject.MainLoop()
1284
1335
bus = dbus.SystemBus()
1285
server = dbus.Interface(bus.get_object(avahi.DBUS_NAME,
1286
avahi.DBUS_PATH_SERVER),
1287
avahi.DBUS_INTERFACE_SERVER)
1288
1336
# End of Avahi example code
1289
1337
if use_dbus:
1290
1338
bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos", bus)
1339
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
1340
service = AvahiService(name = server_settings[u"servicename"],
1341
servicetype = u"_mandos._tcp",
1342
protocol = protocol, bus = bus)
1343
if server_settings["interface"]:
1344
service.interface = (if_nametoindex
1345
(str(server_settings[u"interface"])))
1291
1346
1292
1347
client_class = Client
1293
1348
if use_dbus:
1294
client_class = ClientDBus
1295
clients.update(Set(
1349
client_class = functools.partial(ClientDBus, bus = bus)
1350
tcp_server.clients.update(set(
1296
1351
client_class(name = section,
1297
1352
config= dict(client_config.items(section)))
1298
1353
for section in client_config.sections()))
1299
if not clients:
1354
if not tcp_server.clients:
1300
1355
logger.warning(u"No clients defined")
1301
1356
1302
1357
if debug:
1326
1381
1327
1382
def cleanup():
1328
1383
"Cleanup function; run on exit"
1329
global group
1330
# From the Avahi example code
1331
if not group is None:
1332
group.Free()
1333
group = None
1334
# End of Avahi example code
1384
service.cleanup()
1335
1385
1336
while clients:
1337
client = clients.pop()
1386
while tcp_server.clients:
1387
client = tcp_server.clients.pop()
1338
1388
client.disable_hook = None
1339
1389
client.disable()
1340
1390
1349
1399
class MandosDBusService(dbus.service.Object):
1350
1400
"""A D-Bus proxy object"""
1351
1401
def __init__(self):
1352
dbus.service.Object.__init__(self, bus, "/")
1402
dbus.service.Object.__init__(self, bus, u"/")
1353
1403
_interface = u"se.bsnet.fukt.Mandos"
1354
1404
1355
@dbus.service.signal(_interface, signature="oa{sv}")
1405
@dbus.service.signal(_interface, signature=u"oa{sv}")
1356
1406
def ClientAdded(self, objpath, properties):
1357
1407
"D-Bus signal"
1358
1408
pass
1359
1409
1360
@dbus.service.signal(_interface, signature="s")
1410
@dbus.service.signal(_interface, signature=u"s")
1361
1411
def ClientNotFound(self, fingerprint):
1362
1412
"D-Bus signal"
1363
1413
pass
1364
1414
1365
@dbus.service.signal(_interface, signature="os")
1415
@dbus.service.signal(_interface, signature=u"os")
1366
1416
def ClientRemoved(self, objpath, name):
1367
1417
"D-Bus signal"
1368
1418
pass
1369
1419
1370
@dbus.service.method(_interface, out_signature="ao")
1420
@dbus.service.method(_interface, out_signature=u"ao")
1371
1421
def GetAllClients(self):
1372
1422
"D-Bus method"
1373
return dbus.Array(c.dbus_object_path for c in clients)
1423
return dbus.Array(c.dbus_object_path
1424
for c in tcp_server.clients)
1374
1425
1375
@dbus.service.method(_interface, out_signature="a{oa{sv}}")
1426
@dbus.service.method(_interface,
1427
out_signature=u"a{oa{sv}}")
1376
1428
def GetAllClientsWithProperties(self):
1377
1429
"D-Bus method"
1378
1430
return dbus.Dictionary(
1379
1431
((c.dbus_object_path, c.GetAllProperties())
1380
for c in clients),
1381
signature="oa{sv}")
1432
for c in tcp_server.clients),
1433
signature=u"oa{sv}")
1382
1434
1383
@dbus.service.method(_interface, in_signature="o")
1435
@dbus.service.method(_interface, in_signature=u"o")
1384
1436
def RemoveClient(self, object_path):
1385
1437
"D-Bus method"
1386
for c in clients:
1438
for c in tcp_server.clients:
1387
1439
if c.dbus_object_path == object_path:
1388
clients.remove(c)
1440
tcp_server.clients.remove(c)
1389
1441
c.remove_from_connection()
1390
1442
# Don't signal anything except ClientRemoved
1391
1443
c.disable(signal=False)
1398
1450
1399
1451
mandos_dbus_service = MandosDBusService()
1400
1452
1401
for client in clients:
1453
for client in tcp_server.clients:
1402
1454
if use_dbus:
1403
1455
# Emit D-Bus signal
1404
1456
mandos_dbus_service.ClientAdded(client.dbus_object_path,
1422
1474
1423
1475
try:
1424
1476
# From the Avahi example code
1425
server.connect_to_signal("StateChanged", server_state_changed)
1426
1477
try:
1427
server_state_changed(server.GetState())
1478
service.activate()
1428
1479
except dbus.exceptions.DBusException, error:
1429
1480
logger.critical(u"DBusException: %s", error)
1430
1481
sys.exit(1)
1443
1494
except KeyboardInterrupt:
1444
1495
if debug:
1445
1496
print >> sys.stderr
1446
logger.debug("Server received KeyboardInterrupt")
1447
logger.debug("Server exiting")
1497
logger.debug(u"Server received KeyboardInterrupt")
1498
logger.debug(u"Server exiting")
1448
1499
1449
1500
if __name__ == '__main__':
1450
1501
main()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0