To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 403
- compare with another revision
- download diff
- download tarball
- view history from revision 403
- Committer: Teddy Hogeborn
- Date: 2009-11-05 02:12:57 UTC
- Revision ID: teddy@fukt.bsnet.se-20091105021257-l2b5nb1v4pc2tupw
* mandos (ClientDBus.disable): Bug fix: complete rename of "log" and
"signal" to "quiet".
"signal" to "quiet".
- files removed:
- DBUS-API
- debian/source
- files modified:
- .bzrignore
added
removed
mandos
11
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008-2011 Teddy Hogeborn
15
# Copyright © 2008-2011 Björn Påhlsson
14
# Copyright © 2008,2009 Teddy Hogeborn
15
# Copyright © 2008,2009 Björn Påhlsson
16
16
#
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
28
28
# along with this program. If not, see
29
29
# <http://www.gnu.org/licenses/>.
30
30
#
31
# Contact the authors at <mandos@recompile.se>.
31
# Contact the authors at <mandos@fukt.bsnet.se>.
32
32
#
33
33
34
from __future__ import (division, absolute_import, print_function,
35
unicode_literals)
34
from __future__ import division, with_statement, absolute_import
36
35
37
36
import SocketServer as socketserver
38
37
import socket
39
import argparse
38
import optparse
40
39
import datetime
41
40
import errno
42
41
import gnutls.crypto
56
55
import logging
57
56
import logging.handlers
58
57
import pwd
59
import contextlib
58
from contextlib import closing
60
59
import struct
61
60
import fcntl
62
61
import functools
63
import cPickle as pickle
64
import multiprocessing
65
import types
66
62
67
63
import dbus
68
64
import dbus.service
83
79
SO_BINDTODEVICE = None
84
80
85
81
86
version = "1.4.0"
82
version = "1.0.14"
87
83
88
#logger = logging.getLogger('mandos')
89
logger = logging.Logger('mandos')
84
logger = logging.Logger(u'mandos')
90
85
syslogger = (logging.handlers.SysLogHandler
91
86
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
92
address = str("/dev/log")))
87
address = "/dev/log"))
93
88
syslogger.setFormatter(logging.Formatter
94
('Mandos [%(process)d]: %(levelname)s:'
95
' %(message)s'))
89
(u'Mandos [%(process)d]: %(levelname)s:'
90
u' %(message)s'))
96
91
logger.addHandler(syslogger)
97
92
98
93
console = logging.StreamHandler()
99
console.setFormatter(logging.Formatter('%(name)s [%(process)d]:'
100
' %(levelname)s:'
101
' %(message)s'))
94
console.setFormatter(logging.Formatter(u'%(name)s [%(process)d]:'
95
u' %(levelname)s:'
96
u' %(message)s'))
102
97
logger.addHandler(console)
103
98
104
99
class AvahiError(Exception):
121
116
Attributes:
122
117
interface: integer; avahi.IF_UNSPEC or an interface index.
123
118
Used to optionally bind to the specified interface.
124
name: string; Example: 'Mandos'
125
type: string; Example: '_mandos._tcp'.
119
name: string; Example: u'Mandos'
120
type: string; Example: u'_mandos._tcp'.
126
121
See <http://www.dns-sd.org/ServiceTypes.html>
127
122
port: integer; what port to announce
128
123
TXT: list of strings; TXT record for the service
137
132
"""
138
133
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
139
134
servicetype = None, port = None, TXT = None,
140
domain = "", host = "", max_renames = 32768,
135
domain = u"", host = u"", max_renames = 32768,
141
136
protocol = avahi.PROTO_UNSPEC, bus = None):
142
137
self.interface = interface
143
138
self.name = name
152
147
self.group = None # our entry group
153
148
self.server = None
154
149
self.bus = bus
155
self.entry_group_state_changed_match = None
156
150
def rename(self):
157
151
"""Derived from the Avahi example code"""
158
152
if self.rename_count >= self.max_renames:
159
logger.critical("No suitable Zeroconf service name found"
160
" after %i retries, exiting.",
153
logger.critical(u"No suitable Zeroconf service name found"
154
u" after %i retries, exiting.",
161
155
self.rename_count)
162
raise AvahiServiceError("Too many renames")
163
self.name = unicode(self.server
164
.GetAlternativeServiceName(self.name))
165
logger.info("Changing Zeroconf service name to %r ...",
166
self.name)
156
raise AvahiServiceError(u"Too many renames")
157
self.name = self.server.GetAlternativeServiceName(self.name)
158
logger.info(u"Changing Zeroconf service name to %r ...",
159
unicode(self.name))
167
160
syslogger.setFormatter(logging.Formatter
168
('Mandos (%s) [%%(process)d]:'
169
' %%(levelname)s: %%(message)s'
161
(u'Mandos (%s) [%%(process)d]:'
162
u' %%(levelname)s: %%(message)s'
170
163
% self.name))
171
164
self.remove()
172
try:
173
self.add()
174
except dbus.exceptions.DBusException as error:
175
logger.critical("DBusException: %s", error)
176
self.cleanup()
177
os._exit(1)
165
self.add()
178
166
self.rename_count += 1
179
167
def remove(self):
180
168
"""Derived from the Avahi example code"""
181
if self.entry_group_state_changed_match is not None:
182
self.entry_group_state_changed_match.remove()
183
self.entry_group_state_changed_match = None
184
169
if self.group is not None:
185
170
self.group.Reset()
186
171
def add(self):
187
172
"""Derived from the Avahi example code"""
188
self.remove()
189
173
if self.group is None:
190
174
self.group = dbus.Interface(
191
175
self.bus.get_object(avahi.DBUS_NAME,
192
176
self.server.EntryGroupNew()),
193
177
avahi.DBUS_INTERFACE_ENTRY_GROUP)
194
self.entry_group_state_changed_match = (
195
self.group.connect_to_signal(
196
'StateChanged', self .entry_group_state_changed))
197
logger.debug("Adding Zeroconf service '%s' of type '%s' ...",
178
self.group.connect_to_signal('StateChanged',
179
self
180
.entry_group_state_changed)
181
logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",
198
182
self.name, self.type)
199
183
self.group.AddService(
200
184
self.interface,
207
191
self.group.Commit()
208
192
def entry_group_state_changed(self, state, error):
209
193
"""Derived from the Avahi example code"""
210
logger.debug("Avahi entry group state change: %i", state)
194
logger.debug(u"Avahi state change: %i", state)
211
195
212
196
if state == avahi.ENTRY_GROUP_ESTABLISHED:
213
logger.debug("Zeroconf service established.")
197
logger.debug(u"Zeroconf service established.")
214
198
elif state == avahi.ENTRY_GROUP_COLLISION:
215
logger.info("Zeroconf service name collision.")
199
logger.warning(u"Zeroconf service name collision.")
216
200
self.rename()
217
201
elif state == avahi.ENTRY_GROUP_FAILURE:
218
logger.critical("Avahi: Error in group state changed %s",
202
logger.critical(u"Avahi: Error in group state changed %s",
219
203
unicode(error))
220
raise AvahiGroupError("State changed: %s"
204
raise AvahiGroupError(u"State changed: %s"
221
205
% unicode(error))
222
206
def cleanup(self):
223
207
"""Derived from the Avahi example code"""
224
208
if self.group is not None:
225
try:
226
self.group.Free()
227
except (dbus.exceptions.UnknownMethodException,
228
dbus.exceptions.DBusException) as e:
229
pass
209
self.group.Free()
230
210
self.group = None
231
self.remove()
232
def server_state_changed(self, state, error=None):
211
def server_state_changed(self, state):
233
212
"""Derived from the Avahi example code"""
234
logger.debug("Avahi server state change: %i", state)
235
bad_states = { avahi.SERVER_INVALID:
236
"Zeroconf server invalid",
237
avahi.SERVER_REGISTERING: None,
238
avahi.SERVER_COLLISION:
239
"Zeroconf server name collision",
240
avahi.SERVER_FAILURE:
241
"Zeroconf server failure" }
242
if state in bad_states:
243
if bad_states[state] is not None:
244
if error is None:
245
logger.error(bad_states[state])
246
else:
247
logger.error(bad_states[state] + ": %r", error)
248
self.cleanup()
213
if state == avahi.SERVER_COLLISION:
214
logger.error(u"Zeroconf server name collision")
215
self.remove()
249
216
elif state == avahi.SERVER_RUNNING:
250
217
self.add()
251
else:
252
if error is None:
253
logger.debug("Unknown state: %r", state)
254
else:
255
logger.debug("Unknown state: %r: %r", state, error)
256
218
def activate(self):
257
219
"""Derived from the Avahi example code"""
258
220
if self.server is None:
259
221
self.server = dbus.Interface(
260
222
self.bus.get_object(avahi.DBUS_NAME,
261
avahi.DBUS_PATH_SERVER,
262
follow_name_owner_changes=True),
223
avahi.DBUS_PATH_SERVER),
263
224
avahi.DBUS_INTERFACE_SERVER)
264
self.server.connect_to_signal("StateChanged",
225
self.server.connect_to_signal(u"StateChanged",
265
226
self.server_state_changed)
266
227
self.server_state_changed(self.server.GetState())
267
228
268
229
269
def _timedelta_to_milliseconds(td):
270
"Convert a datetime.timedelta() to milliseconds"
271
return ((td.days * 24 * 60 * 60 * 1000)
272
+ (td.seconds * 1000)
273
+ (td.microseconds // 1000))
274
275
230
class Client(object):
276
231
"""A representation of a client host served by this server.
277
232
278
233
Attributes:
279
_approved: bool(); 'None' if not yet approved/disapproved
280
approval_delay: datetime.timedelta(); Time to wait for approval
281
approval_duration: datetime.timedelta(); Duration of one approval
234
name: string; from the config file, used in log messages and
235
D-Bus identifiers
236
fingerprint: string (40 or 32 hexadecimal digits); used to
237
uniquely identify the client
238
secret: bytestring; sent verbatim (over TLS) to client
239
host: string; available for use by the checker command
240
created: datetime.datetime(); (UTC) object creation
241
last_enabled: datetime.datetime(); (UTC)
242
enabled: bool()
243
last_checked_ok: datetime.datetime(); (UTC) or None
244
timeout: datetime.timedelta(); How long from last_checked_ok
245
until this client is invalid
246
interval: datetime.timedelta(); How often to start a new checker
247
disable_hook: If set, called by disable() as disable_hook(self)
282
248
checker: subprocess.Popen(); a running checker process used
283
249
to see if the client lives.
284
250
'None' if no process is running.
285
checker_callback_tag: a gobject event source tag, or None
286
checker_command: string; External command which is run to check
287
if client lives. %() expansions are done at
251
checker_initiator_tag: a gobject event source tag, or None
252
disable_initiator_tag: - '' -
253
checker_callback_tag: - '' -
254
checker_command: string; External command which is run to check if
255
client lives. %() expansions are done at
288
256
runtime with vars(self) as dict, so that for
289
257
instance %(name)s can be used in the command.
290
checker_initiator_tag: a gobject event source tag, or None
291
created: datetime.datetime(); (UTC) object creation
292
258
current_checker_command: string; current running checker_command
293
disable_hook: If set, called by disable() as disable_hook(self)
294
disable_initiator_tag: a gobject event source tag, or None
295
enabled: bool()
296
fingerprint: string (40 or 32 hexadecimal digits); used to
297
uniquely identify the client
298
host: string; available for use by the checker command
299
interval: datetime.timedelta(); How often to start a new checker
300
last_approval_request: datetime.datetime(); (UTC) or None
301
last_checked_ok: datetime.datetime(); (UTC) or None
302
last_enabled: datetime.datetime(); (UTC)
303
name: string; from the config file, used in log messages and
304
D-Bus identifiers
305
secret: bytestring; sent verbatim (over TLS) to client
306
timeout: datetime.timedelta(); How long from last_checked_ok
307
until this client is disabled
308
extended_timeout: extra long timeout when password has been sent
309
runtime_expansions: Allowed attributes for runtime expansion.
310
expires: datetime.datetime(); time (UTC) when a client will be
311
disabled, or None
312
259
"""
313
260
314
runtime_expansions = ("approval_delay", "approval_duration",
315
"created", "enabled", "fingerprint",
316
"host", "interval", "last_checked_ok",
317
"last_enabled", "name", "timeout")
261
@staticmethod
262
def _timedelta_to_milliseconds(td):
263
"Convert a datetime.timedelta() to milliseconds"
264
return ((td.days * 24 * 60 * 60 * 1000)
265
+ (td.seconds * 1000)
266
+ (td.microseconds // 1000))
318
267
319
268
def timeout_milliseconds(self):
320
269
"Return the 'timeout' attribute in milliseconds"
321
return _timedelta_to_milliseconds(self.timeout)
322
323
def extended_timeout_milliseconds(self):
324
"Return the 'extended_timeout' attribute in milliseconds"
325
return _timedelta_to_milliseconds(self.extended_timeout)
270
return self._timedelta_to_milliseconds(self.timeout)
326
271
327
272
def interval_milliseconds(self):
328
273
"Return the 'interval' attribute in milliseconds"
329
return _timedelta_to_milliseconds(self.interval)
330
331
def approval_delay_milliseconds(self):
332
return _timedelta_to_milliseconds(self.approval_delay)
274
return self._timedelta_to_milliseconds(self.interval)
333
275
334
276
def __init__(self, name = None, disable_hook=None, config=None):
335
277
"""Note: the 'checker' key in 'config' sets the
338
280
self.name = name
339
281
if config is None:
340
282
config = {}
341
logger.debug("Creating client %r", self.name)
283
logger.debug(u"Creating client %r", self.name)
342
284
# Uppercase and remove spaces from fingerprint for later
343
285
# comparison purposes with return value from the fingerprint()
344
286
# function
345
self.fingerprint = (config["fingerprint"].upper()
346
.replace(" ", ""))
347
logger.debug(" Fingerprint: %s", self.fingerprint)
348
if "secret" in config:
349
self.secret = config["secret"].decode("base64")
350
elif "secfile" in config:
351
with open(os.path.expanduser(os.path.expandvars
352
(config["secfile"])),
353
"rb") as secfile:
287
self.fingerprint = (config[u"fingerprint"].upper()
288
.replace(u" ", u""))
289
logger.debug(u" Fingerprint: %s", self.fingerprint)
290
if u"secret" in config:
291
self.secret = config[u"secret"].decode(u"base64")
292
elif u"secfile" in config:
293
with closing(open(os.path.expanduser
294
(os.path.expandvars
295
(config[u"secfile"])),
296
"rb")) as secfile:
354
297
self.secret = secfile.read()
355
298
else:
356
raise TypeError("No secret or secfile for client %s"
299
raise TypeError(u"No secret or secfile for client %s"
357
300
% self.name)
358
self.host = config.get("host", "")
301
self.host = config.get(u"host", u"")
359
302
self.created = datetime.datetime.utcnow()
360
303
self.enabled = False
361
self.last_approval_request = None
362
304
self.last_enabled = None
363
305
self.last_checked_ok = None
364
self.timeout = string_to_delta(config["timeout"])
365
self.extended_timeout = string_to_delta(config
366
["extended_timeout"])
367
self.interval = string_to_delta(config["interval"])
306
self.timeout = string_to_delta(config[u"timeout"])
307
self.interval = string_to_delta(config[u"interval"])
368
308
self.disable_hook = disable_hook
369
309
self.checker = None
370
310
self.checker_initiator_tag = None
371
311
self.disable_initiator_tag = None
372
self.expires = None
373
312
self.checker_callback_tag = None
374
self.checker_command = config["checker"]
313
self.checker_command = config[u"checker"]
375
314
self.current_checker_command = None
376
315
self.last_connect = None
377
self._approved = None
378
self.approved_by_default = config.get("approved_by_default",
379
True)
380
self.approvals_pending = 0
381
self.approval_delay = string_to_delta(
382
config["approval_delay"])
383
self.approval_duration = string_to_delta(
384
config["approval_duration"])
385
self.changedstate = (multiprocessing_manager
386
.Condition(multiprocessing_manager
387
.Lock()))
388
389
def send_changedstate(self):
390
self.changedstate.acquire()
391
self.changedstate.notify_all()
392
self.changedstate.release()
393
316
394
317
def enable(self):
395
318
"""Start this client's checker and timeout hooks"""
396
if getattr(self, "enabled", False):
319
if getattr(self, u"enabled", False):
397
320
# Already enabled
398
321
return
399
self.send_changedstate()
322
self.last_enabled = datetime.datetime.utcnow()
400
323
# Schedule a new checker to be started an 'interval' from now,
401
324
# and every interval from then on.
402
325
self.checker_initiator_tag = (gobject.timeout_add
403
326
(self.interval_milliseconds(),
404
327
self.start_checker))
405
328
# Schedule a disable() when 'timeout' has passed
406
self.expires = datetime.datetime.utcnow() + self.timeout
407
329
self.disable_initiator_tag = (gobject.timeout_add
408
330
(self.timeout_milliseconds(),
409
331
self.disable))
410
332
self.enabled = True
411
self.last_enabled = datetime.datetime.utcnow()
412
333
# Also start a new checker *right now*.
413
334
self.start_checker()
414
335
417
338
if not getattr(self, "enabled", False):
418
339
return False
419
340
if not quiet:
420
self.send_changedstate()
421
if not quiet:
422
logger.info("Disabling client %s", self.name)
423
if getattr(self, "disable_initiator_tag", False):
341
logger.info(u"Disabling client %s", self.name)
342
if getattr(self, u"disable_initiator_tag", False):
424
343
gobject.source_remove(self.disable_initiator_tag)
425
344
self.disable_initiator_tag = None
426
self.expires = None
427
if getattr(self, "checker_initiator_tag", False):
345
if getattr(self, u"checker_initiator_tag", False):
428
346
gobject.source_remove(self.checker_initiator_tag)
429
347
self.checker_initiator_tag = None
430
348
self.stop_checker()
445
363
if os.WIFEXITED(condition):
446
364
exitstatus = os.WEXITSTATUS(condition)
447
365
if exitstatus == 0:
448
logger.info("Checker for %(name)s succeeded",
366
logger.info(u"Checker for %(name)s succeeded",
449
367
vars(self))
450
368
self.checked_ok()
451
369
else:
452
logger.info("Checker for %(name)s failed",
370
logger.info(u"Checker for %(name)s failed",
453
371
vars(self))
454
372
else:
455
logger.warning("Checker for %(name)s crashed?",
373
logger.warning(u"Checker for %(name)s crashed?",
456
374
vars(self))
457
375
458
def checked_ok(self, timeout=None):
376
def checked_ok(self):
459
377
"""Bump up the timeout for this client.
460
378
461
379
This should only be called when the client has been seen,
462
380
alive and well.
463
381
"""
464
if timeout is None:
465
timeout = self.timeout
466
382
self.last_checked_ok = datetime.datetime.utcnow()
467
383
gobject.source_remove(self.disable_initiator_tag)
468
384
self.disable_initiator_tag = (gobject.timeout_add
469
(_timedelta_to_milliseconds
470
(timeout), self.disable))
471
self.expires = datetime.datetime.utcnow() + timeout
472
473
def need_approval(self):
474
self.last_approval_request = datetime.datetime.utcnow()
385
(self.timeout_milliseconds(),
386
self.disable))
475
387
476
388
def start_checker(self):
477
389
"""Start a new checker subprocess if one is not running.
484
396
# client would inevitably timeout, since no checker would get
485
397
# a chance to run to completion. If we instead leave running
486
398
# checkers alone, the checker would have to take more time
487
# than 'timeout' for the client to be disabled, which is as it
488
# should be.
399
# than 'timeout' for the client to be declared invalid, which
400
# is as it should be.
489
401
490
402
# If a checker exists, make sure it is not a zombie
491
403
try:
492
404
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
493
except (AttributeError, OSError) as error:
405
except (AttributeError, OSError), error:
494
406
if (isinstance(error, OSError)
495
407
and error.errno != errno.ECHILD):
496
408
raise error
497
409
else:
498
410
if pid:
499
logger.warning("Checker was a zombie")
411
logger.warning(u"Checker was a zombie")
500
412
gobject.source_remove(self.checker_callback_tag)
501
413
self.checker_callback(pid, status,
502
414
self.current_checker_command)
507
419
command = self.checker_command % self.host
508
420
except TypeError:
509
421
# Escape attributes for the shell
510
escaped_attrs = dict(
511
(attr,
512
re.escape(unicode(str(getattr(self, attr, "")),
513
errors=
514
'replace')))
515
for attr in
516
self.runtime_expansions)
517
422
escaped_attrs = dict((key,
423
re.escape(unicode(str(val),
424
errors=
425
u'replace')))
426
for key, val in
427
vars(self).iteritems())
518
428
try:
519
429
command = self.checker_command % escaped_attrs
520
except TypeError as error:
521
logger.error('Could not format string "%s":'
522
' %s', self.checker_command, error)
430
except TypeError, error:
431
logger.error(u'Could not format string "%s":'
432
u' %s', self.checker_command, error)
523
433
return True # Try again later
524
434
self.current_checker_command = command
525
435
try:
526
logger.info("Starting checker %r for %s",
436
logger.info(u"Starting checker %r for %s",
527
437
command, self.name)
528
438
# We don't need to redirect stdout and stderr, since
529
439
# in normal mode, that is already done by daemon(),
531
441
# always replaced by /dev/null.)
532
442
self.checker = subprocess.Popen(command,
533
443
close_fds=True,
534
shell=True, cwd="/")
444
shell=True, cwd=u"/")
535
445
self.checker_callback_tag = (gobject.child_watch_add
536
446
(self.checker.pid,
537
447
self.checker_callback,
542
452
if pid:
543
453
gobject.source_remove(self.checker_callback_tag)
544
454
self.checker_callback(pid, status, command)
545
except OSError as error:
546
logger.error("Failed to start subprocess: %s",
455
except OSError, error:
456
logger.error(u"Failed to start subprocess: %s",
547
457
error)
548
458
# Re-run this periodically if run by gobject.timeout_add
549
459
return True
553
463
if self.checker_callback_tag:
554
464
gobject.source_remove(self.checker_callback_tag)
555
465
self.checker_callback_tag = None
556
if getattr(self, "checker", None) is None:
466
if getattr(self, u"checker", None) is None:
557
467
return
558
logger.debug("Stopping checker for %(name)s", vars(self))
468
logger.debug(u"Stopping checker for %(name)s", vars(self))
559
469
try:
560
470
os.kill(self.checker.pid, signal.SIGTERM)
561
471
#time.sleep(0.5)
562
472
#if self.checker.poll() is None:
563
473
# os.kill(self.checker.pid, signal.SIGKILL)
564
except OSError as error:
474
except OSError, error:
565
475
if error.errno != errno.ESRCH: # No such process
566
476
raise
567
477
self.checker = None
568
569
570
def dbus_service_property(dbus_interface, signature="v",
571
access="readwrite", byte_arrays=False):
478
479
def still_valid(self):
480
"""Has the timeout not yet passed for this client?"""
481
if not getattr(self, u"enabled", False):
482
return False
483
now = datetime.datetime.utcnow()
484
if self.last_checked_ok is None:
485
return now < (self.created + self.timeout)
486
else:
487
return now < (self.last_checked_ok + self.timeout)
488
489
490
def dbus_service_property(dbus_interface, signature=u"v",
491
access=u"readwrite", byte_arrays=False):
572
492
"""Decorators for marking methods of a DBusObjectWithProperties to
573
493
become properties on the D-Bus.
574
494
579
499
dbus.service.method, except there is only "signature", since the
580
500
type from Get() and the type sent to Set() is the same.
581
501
"""
582
# Encoding deeply encoded byte arrays is not supported yet by the
583
# "Set" method, so we fail early here:
584
if byte_arrays and signature != "ay":
585
raise ValueError("Byte arrays not supported for non-'ay'"
586
" signature %r" % signature)
587
502
def decorator(func):
588
503
func._dbus_is_property = True
589
504
func._dbus_interface = dbus_interface
590
505
func._dbus_signature = signature
591
506
func._dbus_access = access
592
507
func._dbus_name = func.__name__
593
if func._dbus_name.endswith("_dbus_property"):
508
if func._dbus_name.endswith(u"_dbus_property"):
594
509
func._dbus_name = func._dbus_name[:-14]
595
func._dbus_get_args_options = {'byte_arrays': byte_arrays }
510
func._dbus_get_args_options = {u'byte_arrays': byte_arrays }
596
511
return func
597
512
return decorator
598
513
618
533
619
534
class DBusObjectWithProperties(dbus.service.Object):
620
535
"""A D-Bus object with properties.
621
536
622
537
Classes inheriting from this can use the dbus_service_property
623
538
decorator to expose methods as D-Bus properties. It exposes the
624
539
standard Get(), Set(), and GetAll() methods on the D-Bus.
626
541
627
542
@staticmethod
628
543
def _is_dbus_property(obj):
629
return getattr(obj, "_dbus_is_property", False)
544
return getattr(obj, u"_dbus_is_property", False)
630
545
631
546
def _get_all_dbus_properties(self):
632
547
"""Returns a generator of (name, attribute) pairs
633
548
"""
634
return ((prop.__get__(self)._dbus_name, prop.__get__(self))
635
for cls in self.__class__.__mro__
549
return ((prop._dbus_name, prop)
636
550
for name, prop in
637
inspect.getmembers(cls, self._is_dbus_property))
551
inspect.getmembers(self, self._is_dbus_property))
638
552
639
553
def _get_dbus_property(self, interface_name, property_name):
640
554
"""Returns a bound method if one exists which is a D-Bus
641
555
property with the specified name and interface.
642
556
"""
643
for cls in self.__class__.__mro__:
644
for name, value in (inspect.getmembers
645
(cls, self._is_dbus_property)):
646
if (value._dbus_name == property_name
647
and value._dbus_interface == interface_name):
648
return value.__get__(self)
649
557
for name in (property_name,
558
property_name + u"_dbus_property"):
559
prop = getattr(self, name, None)
560
if (prop is None
561
or not self._is_dbus_property(prop)
562
or prop._dbus_name != property_name
563
or (interface_name and prop._dbus_interface
564
and interface_name != prop._dbus_interface)):
565
continue
566
return prop
650
567
# No such property
651
raise DBusPropertyNotFound(self.dbus_object_path + ":"
652
+ interface_name + "."
568
raise DBusPropertyNotFound(self.dbus_object_path + u":"
569
+ interface_name + u"."
653
570
+ property_name)
654
571
655
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
656
out_signature="v")
572
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"ss",
573
out_signature=u"v")
657
574
def Get(self, interface_name, property_name):
658
575
"""Standard D-Bus property Get() method, see D-Bus standard.
659
576
"""
660
577
prop = self._get_dbus_property(interface_name, property_name)
661
if prop._dbus_access == "write":
578
if prop._dbus_access == u"write":
662
579
raise DBusPropertyAccessException(property_name)
663
580
value = prop()
664
if not hasattr(value, "variant_level"):
581
if not hasattr(value, u"variant_level"):
665
582
return value
666
583
return type(value)(value, variant_level=value.variant_level+1)
667
584
668
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ssv")
585
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"ssv")
669
586
def Set(self, interface_name, property_name, value):
670
587
"""Standard D-Bus property Set() method, see D-Bus standard.
671
588
"""
672
589
prop = self._get_dbus_property(interface_name, property_name)
673
if prop._dbus_access == "read":
590
if prop._dbus_access == u"read":
674
591
raise DBusPropertyAccessException(property_name)
675
if prop._dbus_get_args_options["byte_arrays"]:
676
# The byte_arrays option is not supported yet on
677
# signatures other than "ay".
678
if prop._dbus_signature != "ay":
679
raise ValueError
592
if prop._dbus_get_args_options[u"byte_arrays"]:
680
593
value = dbus.ByteArray(''.join(unichr(byte)
681
594
for byte in value))
682
595
prop(value)
683
596
684
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
685
out_signature="a{sv}")
597
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"s",
598
out_signature=u"a{sv}")
686
599
def GetAll(self, interface_name):
687
600
"""Standard D-Bus property GetAll() method, see D-Bus
688
601
standard.
689
602
690
603
Note: Will not include properties with access="write".
691
604
"""
692
605
all = {}
696
609
# Interface non-empty but did not match
697
610
continue
698
611
# Ignore write-only properties
699
if prop._dbus_access == "write":
612
if prop._dbus_access == u"write":
700
613
continue
701
614
value = prop()
702
if not hasattr(value, "variant_level"):
615
if not hasattr(value, u"variant_level"):
703
616
all[name] = value
704
617
continue
705
618
all[name] = type(value)(value, variant_level=
706
619
value.variant_level+1)
707
return dbus.Dictionary(all, signature="sv")
620
return dbus.Dictionary(all, signature=u"sv")
708
621
709
622
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
710
out_signature="s",
623
out_signature=u"s",
711
624
path_keyword='object_path',
712
625
connection_keyword='connection')
713
626
def Introspect(self, object_path, connection):
718
631
try:
719
632
document = xml.dom.minidom.parseString(xmlstring)
720
633
def make_tag(document, name, prop):
721
e = document.createElement("property")
722
e.setAttribute("name", name)
723
e.setAttribute("type", prop._dbus_signature)
724
e.setAttribute("access", prop._dbus_access)
634
e = document.createElement(u"property")
635
e.setAttribute(u"name", name)
636
e.setAttribute(u"type", prop._dbus_signature)
637
e.setAttribute(u"access", prop._dbus_access)
725
638
return e
726
for if_tag in document.getElementsByTagName("interface"):
639
for if_tag in document.getElementsByTagName(u"interface"):
727
640
for tag in (make_tag(document, name, prop)
728
641
for name, prop
729
642
in self._get_all_dbus_properties()
730
643
if prop._dbus_interface
731
== if_tag.getAttribute("name")):
644
== if_tag.getAttribute(u"name")):
732
645
if_tag.appendChild(tag)
733
646
# Add the names to the return values for the
734
647
# "org.freedesktop.DBus.Properties" methods
735
if (if_tag.getAttribute("name")
736
== "org.freedesktop.DBus.Properties"):
737
for cn in if_tag.getElementsByTagName("method"):
738
if cn.getAttribute("name") == "Get":
739
for arg in cn.getElementsByTagName("arg"):
740
if (arg.getAttribute("direction")
741
== "out"):
742
arg.setAttribute("name", "value")
743
elif cn.getAttribute("name") == "GetAll":
744
for arg in cn.getElementsByTagName("arg"):
745
if (arg.getAttribute("direction")
746
== "out"):
747
arg.setAttribute("name", "props")
748
xmlstring = document.toxml("utf-8")
648
if (if_tag.getAttribute(u"name")
649
== u"org.freedesktop.DBus.Properties"):
650
for cn in if_tag.getElementsByTagName(u"method"):
651
if cn.getAttribute(u"name") == u"Get":
652
for arg in cn.getElementsByTagName(u"arg"):
653
if (arg.getAttribute(u"direction")
654
== u"out"):
655
arg.setAttribute(u"name", u"value")
656
elif cn.getAttribute(u"name") == u"GetAll":
657
for arg in cn.getElementsByTagName(u"arg"):
658
if (arg.getAttribute(u"direction")
659
== u"out"):
660
arg.setAttribute(u"name", u"props")
661
xmlstring = document.toxml(u"utf-8")
749
662
document.unlink()
750
663
except (AttributeError, xml.dom.DOMException,
751
xml.parsers.expat.ExpatError) as error:
752
logger.error("Failed to override Introspection method",
664
xml.parsers.expat.ExpatError), error:
665
logger.error(u"Failed to override Introspection method",
753
666
error)
754
667
return xmlstring
755
668
756
669
757
def datetime_to_dbus (dt, variant_level=0):
758
"""Convert a UTC datetime.datetime() to a D-Bus type."""
759
if dt is None:
760
return dbus.String("", variant_level = variant_level)
761
return dbus.String(dt.isoformat(),
762
variant_level=variant_level)
763
764
class AlternateDBusNamesMetaclass(DBusObjectWithProperties
765
.__metaclass__):
766
"""Applied to an empty subclass of a D-Bus object, this metaclass
767
will add additional D-Bus attributes matching a certain pattern.
768
"""
769
def __new__(mcs, name, bases, attr):
770
# Go through all the base classes which could have D-Bus
771
# methods, signals, or properties in them
772
for base in (b for b in bases
773
if issubclass(b, dbus.service.Object)):
774
# Go though all attributes of the base class
775
for attrname, attribute in inspect.getmembers(base):
776
# Ignore non-D-Bus attributes, and D-Bus attributes
777
# with the wrong interface name
778
if (not hasattr(attribute, "_dbus_interface")
779
or not attribute._dbus_interface
780
.startswith("se.recompile.Mandos")):
781
continue
782
# Create an alternate D-Bus interface name based on
783
# the current name
784
alt_interface = (attribute._dbus_interface
785
.replace("se.recompile.Mandos",
786
"se.bsnet.fukt.Mandos"))
787
# Is this a D-Bus signal?
788
if getattr(attribute, "_dbus_is_signal", False):
789
# Extract the original non-method function by
790
# black magic
791
nonmethod_func = (dict(
792
zip(attribute.func_code.co_freevars,
793
attribute.__closure__))["func"]
794
.cell_contents)
795
# Create a new, but exactly alike, function
796
# object, and decorate it to be a new D-Bus signal
797
# with the alternate D-Bus interface name
798
new_function = (dbus.service.signal
799
(alt_interface,
800
attribute._dbus_signature)
801
(types.FunctionType(
802
nonmethod_func.func_code,
803
nonmethod_func.func_globals,
804
nonmethod_func.func_name,
805
nonmethod_func.func_defaults,
806
nonmethod_func.func_closure)))
807
# Define a creator of a function to call both the
808
# old and new functions, so both the old and new
809
# signals gets sent when the function is called
810
def fixscope(func1, func2):
811
"""This function is a scope container to pass
812
func1 and func2 to the "call_both" function
813
outside of its arguments"""
814
def call_both(*args, **kwargs):
815
"""This function will emit two D-Bus
816
signals by calling func1 and func2"""
817
func1(*args, **kwargs)
818
func2(*args, **kwargs)
819
return call_both
820
# Create the "call_both" function and add it to
821
# the class
822
attr[attrname] = fixscope(attribute,
823
new_function)
824
# Is this a D-Bus method?
825
elif getattr(attribute, "_dbus_is_method", False):
826
# Create a new, but exactly alike, function
827
# object. Decorate it to be a new D-Bus method
828
# with the alternate D-Bus interface name. Add it
829
# to the class.
830
attr[attrname] = (dbus.service.method
831
(alt_interface,
832
attribute._dbus_in_signature,
833
attribute._dbus_out_signature)
834
(types.FunctionType
835
(attribute.func_code,
836
attribute.func_globals,
837
attribute.func_name,
838
attribute.func_defaults,
839
attribute.func_closure)))
840
# Is this a D-Bus property?
841
elif getattr(attribute, "_dbus_is_property", False):
842
# Create a new, but exactly alike, function
843
# object, and decorate it to be a new D-Bus
844
# property with the alternate D-Bus interface
845
# name. Add it to the class.
846
attr[attrname] = (dbus_service_property
847
(alt_interface,
848
attribute._dbus_signature,
849
attribute._dbus_access,
850
attribute
851
._dbus_get_args_options
852
["byte_arrays"])
853
(types.FunctionType
854
(attribute.func_code,
855
attribute.func_globals,
856
attribute.func_name,
857
attribute.func_defaults,
858
attribute.func_closure)))
859
return type.__new__(mcs, name, bases, attr)
860
861
670
class ClientDBus(Client, DBusObjectWithProperties):
862
671
"""A Client class using D-Bus
863
672
865
674
dbus_object_path: dbus.ObjectPath
866
675
bus: dbus.SystemBus()
867
676
"""
868
869
runtime_expansions = (Client.runtime_expansions
870
+ ("dbus_object_path",))
871
872
677
# dbus.service.Object doesn't use super(), so we can't either.
873
678
874
679
def __init__(self, bus = None, *args, **kwargs):
875
self._approvals_pending = 0
876
680
self.bus = bus
877
681
Client.__init__(self, *args, **kwargs)
878
682
# Only now, when this client is initialized, can it show up on
879
683
# the D-Bus
880
client_object_name = unicode(self.name).translate(
881
{ord("."): ord("_"),
882
ord("-"): ord("_")})
883
684
self.dbus_object_path = (dbus.ObjectPath
884
("/clients/" + client_object_name))
685
(u"/clients/"
686
+ self.name.replace(u".", u"_")))
885
687
DBusObjectWithProperties.__init__(self, self.bus,
886
688
self.dbus_object_path)
887
888
def notifychangeproperty(transform_func,
889
dbus_name, type_func=lambda x: x,
890
variant_level=1):
891
""" Modify a variable so that it's a property which announces
892
its changes to DBus.
893
894
transform_fun: Function that takes a value and transforms it
895
to a D-Bus type.
896
dbus_name: D-Bus name of the variable
897
type_func: Function that transform the value before sending it
898
to the D-Bus. Default: no transform
899
variant_level: D-Bus variant level. Default: 1
900
"""
901
attrname = "_{0}".format(dbus_name)
902
def setter(self, value):
903
if hasattr(self, "dbus_object_path"):
904
if (not hasattr(self, attrname) or
905
type_func(getattr(self, attrname, None))
906
!= type_func(value)):
907
dbus_value = transform_func(type_func(value),
908
variant_level)
909
self.PropertyChanged(dbus.String(dbus_name),
910
dbus_value)
911
setattr(self, attrname, value)
912
913
return property(lambda self: getattr(self, attrname), setter)
914
915
916
expires = notifychangeproperty(datetime_to_dbus, "Expires")
917
approvals_pending = notifychangeproperty(dbus.Boolean,
918
"ApprovalPending",
919
type_func = bool)
920
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
921
last_enabled = notifychangeproperty(datetime_to_dbus,
922
"LastEnabled")
923
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
924
type_func = lambda checker:
925
checker is not None)
926
last_checked_ok = notifychangeproperty(datetime_to_dbus,
927
"LastCheckedOK")
928
last_approval_request = notifychangeproperty(
929
datetime_to_dbus, "LastApprovalRequest")
930
approved_by_default = notifychangeproperty(dbus.Boolean,
931
"ApprovedByDefault")
932
approval_delay = notifychangeproperty(dbus.UInt16,
933
"ApprovalDelay",
934
type_func =
935
_timedelta_to_milliseconds)
936
approval_duration = notifychangeproperty(
937
dbus.UInt16, "ApprovalDuration",
938
type_func = _timedelta_to_milliseconds)
939
host = notifychangeproperty(dbus.String, "Host")
940
timeout = notifychangeproperty(dbus.UInt16, "Timeout",
941
type_func =
942
_timedelta_to_milliseconds)
943
extended_timeout = notifychangeproperty(
944
dbus.UInt16, "ExtendedTimeout",
945
type_func = _timedelta_to_milliseconds)
946
interval = notifychangeproperty(dbus.UInt16,
947
"Interval",
948
type_func =
949
_timedelta_to_milliseconds)
950
checker_command = notifychangeproperty(dbus.String, "Checker")
951
952
del notifychangeproperty
689
690
@staticmethod
691
def _datetime_to_dbus(dt, variant_level=0):
692
"""Convert a UTC datetime.datetime() to a D-Bus type."""
693
return dbus.String(dt.isoformat(),
694
variant_level=variant_level)
695
696
def enable(self):
697
oldstate = getattr(self, u"enabled", False)
698
r = Client.enable(self)
699
if oldstate != self.enabled:
700
# Emit D-Bus signals
701
self.PropertyChanged(dbus.String(u"enabled"),
702
dbus.Boolean(True, variant_level=1))
703
self.PropertyChanged(
704
dbus.String(u"last_enabled"),
705
self._datetime_to_dbus(self.last_enabled,
706
variant_level=1))
707
return r
708
709
def disable(self, quiet = False):
710
oldstate = getattr(self, u"enabled", False)
711
r = Client.disable(self, quiet=quiet)
712
if not quiet and oldstate != self.enabled:
713
# Emit D-Bus signal
714
self.PropertyChanged(dbus.String(u"enabled"),
715
dbus.Boolean(False, variant_level=1))
716
return r
953
717
954
718
def __del__(self, *args, **kwargs):
955
719
try:
956
720
self.remove_from_connection()
957
721
except LookupError:
958
722
pass
959
if hasattr(DBusObjectWithProperties, "__del__"):
723
if hasattr(DBusObjectWithProperties, u"__del__"):
960
724
DBusObjectWithProperties.__del__(self, *args, **kwargs)
961
725
Client.__del__(self, *args, **kwargs)
962
726
964
728
*args, **kwargs):
965
729
self.checker_callback_tag = None
966
730
self.checker = None
731
# Emit D-Bus signal
732
self.PropertyChanged(dbus.String(u"checker_running"),
733
dbus.Boolean(False, variant_level=1))
967
734
if os.WIFEXITED(condition):
968
735
exitstatus = os.WEXITSTATUS(condition)
969
736
# Emit D-Bus signal
979
746
return Client.checker_callback(self, pid, condition, command,
980
747
*args, **kwargs)
981
748
749
def checked_ok(self, *args, **kwargs):
750
r = Client.checked_ok(self, *args, **kwargs)
751
# Emit D-Bus signal
752
self.PropertyChanged(
753
dbus.String(u"last_checked_ok"),
754
(self._datetime_to_dbus(self.last_checked_ok,
755
variant_level=1)))
756
return r
757
982
758
def start_checker(self, *args, **kwargs):
983
759
old_checker = self.checker
984
760
if self.checker is not None:
991
767
and old_checker_pid != self.checker.pid):
992
768
# Emit D-Bus signal
993
769
self.CheckerStarted(self.current_checker_command)
994
return r
995
996
def _reset_approved(self):
997
self._approved = None
998
return False
999
1000
def approve(self, value=True):
1001
self.send_changedstate()
1002
self._approved = value
1003
gobject.timeout_add(_timedelta_to_milliseconds
1004
(self.approval_duration),
1005
self._reset_approved)
1006
1007
1008
## D-Bus methods, signals & properties
1009
_interface = "se.recompile.Mandos.Client"
1010
1011
## Signals
770
self.PropertyChanged(
771
dbus.String(u"checker_running"),
772
dbus.Boolean(True, variant_level=1))
773
return r
774
775
def stop_checker(self, *args, **kwargs):
776
old_checker = getattr(self, u"checker", None)
777
r = Client.stop_checker(self, *args, **kwargs)
778
if (old_checker is not None
779
and getattr(self, u"checker", None) is None):
780
self.PropertyChanged(dbus.String(u"checker_running"),
781
dbus.Boolean(False, variant_level=1))
782
return r
783
784
## D-Bus methods & signals
785
_interface = u"se.bsnet.fukt.Mandos.Client"
786
787
# CheckedOK - method
788
@dbus.service.method(_interface)
789
def CheckedOK(self):
790
return self.checked_ok()
1012
791
1013
792
# CheckerCompleted - signal
1014
@dbus.service.signal(_interface, signature="nxs")
793
@dbus.service.signal(_interface, signature=u"nxs")
1015
794
def CheckerCompleted(self, exitcode, waitstatus, command):
1016
795
"D-Bus signal"
1017
796
pass
1018
797
1019
798
# CheckerStarted - signal
1020
@dbus.service.signal(_interface, signature="s")
799
@dbus.service.signal(_interface, signature=u"s")
1021
800
def CheckerStarted(self, command):
1022
801
"D-Bus signal"
1023
802
pass
1024
803
1025
804
# PropertyChanged - signal
1026
@dbus.service.signal(_interface, signature="sv")
805
@dbus.service.signal(_interface, signature=u"sv")
1027
806
def PropertyChanged(self, property, value):
1028
807
"D-Bus signal"
1029
808
pass
1031
810
# GotSecret - signal
1032
811
@dbus.service.signal(_interface)
1033
812
def GotSecret(self):
1034
"""D-Bus signal
1035
Is sent after a successful transfer of secret from the Mandos
1036
server to mandos-client
1037
"""
813
"D-Bus signal"
1038
814
pass
1039
815
1040
816
# Rejected - signal
1041
@dbus.service.signal(_interface, signature="s")
1042
def Rejected(self, reason):
817
@dbus.service.signal(_interface)
818
def Rejected(self):
1043
819
"D-Bus signal"
1044
820
pass
1045
821
1046
# NeedApproval - signal
1047
@dbus.service.signal(_interface, signature="tb")
1048
def NeedApproval(self, timeout, default):
1049
"D-Bus signal"
1050
return self.need_approval()
1051
1052
## Methods
1053
1054
# Approve - method
1055
@dbus.service.method(_interface, in_signature="b")
1056
def Approve(self, value):
1057
self.approve(value)
1058
1059
# CheckedOK - method
1060
@dbus.service.method(_interface)
1061
def CheckedOK(self):
1062
self.checked_ok()
1063
1064
822
# Enable - method
1065
823
@dbus.service.method(_interface)
1066
824
def Enable(self):
1084
842
def StopChecker(self):
1085
843
self.stop_checker()
1086
844
1087
## Properties
1088
1089
# ApprovalPending - property
1090
@dbus_service_property(_interface, signature="b", access="read")
1091
def ApprovalPending_dbus_property(self):
1092
return dbus.Boolean(bool(self.approvals_pending))
1093
1094
# ApprovedByDefault - property
1095
@dbus_service_property(_interface, signature="b",
1096
access="readwrite")
1097
def ApprovedByDefault_dbus_property(self, value=None):
1098
if value is None: # get
1099
return dbus.Boolean(self.approved_by_default)
1100
self.approved_by_default = bool(value)
1101
1102
# ApprovalDelay - property
1103
@dbus_service_property(_interface, signature="t",
1104
access="readwrite")
1105
def ApprovalDelay_dbus_property(self, value=None):
1106
if value is None: # get
1107
return dbus.UInt64(self.approval_delay_milliseconds())
1108
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1109
1110
# ApprovalDuration - property
1111
@dbus_service_property(_interface, signature="t",
1112
access="readwrite")
1113
def ApprovalDuration_dbus_property(self, value=None):
1114
if value is None: # get
1115
return dbus.UInt64(_timedelta_to_milliseconds(
1116
self.approval_duration))
1117
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1118
1119
# Name - property
1120
@dbus_service_property(_interface, signature="s", access="read")
1121
def Name_dbus_property(self):
845
# name - property
846
@dbus_service_property(_interface, signature=u"s", access=u"read")
847
def name_dbus_property(self):
1122
848
return dbus.String(self.name)
1123
849
1124
# Fingerprint - property
1125
@dbus_service_property(_interface, signature="s", access="read")
1126
def Fingerprint_dbus_property(self):
850
# fingerprint - property
851
@dbus_service_property(_interface, signature=u"s", access=u"read")
852
def fingerprint_dbus_property(self):
1127
853
return dbus.String(self.fingerprint)
1128
854
1129
# Host - property
1130
@dbus_service_property(_interface, signature="s",
1131
access="readwrite")
1132
def Host_dbus_property(self, value=None):
855
# host - property
856
@dbus_service_property(_interface, signature=u"s",
857
access=u"readwrite")
858
def host_dbus_property(self, value=None):
1133
859
if value is None: # get
1134
860
return dbus.String(self.host)
1135
861
self.host = value
1136
1137
# Created - property
1138
@dbus_service_property(_interface, signature="s", access="read")
1139
def Created_dbus_property(self):
1140
return dbus.String(datetime_to_dbus(self.created))
1141
1142
# LastEnabled - property
1143
@dbus_service_property(_interface, signature="s", access="read")
1144
def LastEnabled_dbus_property(self):
1145
return datetime_to_dbus(self.last_enabled)
1146
1147
# Enabled - property
1148
@dbus_service_property(_interface, signature="b",
1149
access="readwrite")
1150
def Enabled_dbus_property(self, value=None):
862
# Emit D-Bus signal
863
self.PropertyChanged(dbus.String(u"host"),
864
dbus.String(value, variant_level=1))
865
866
# created - property
867
@dbus_service_property(_interface, signature=u"s", access=u"read")
868
def created_dbus_property(self):
869
return dbus.String(self._datetime_to_dbus(self.created))
870
871
# last_enabled - property
872
@dbus_service_property(_interface, signature=u"s", access=u"read")
873
def last_enabled_dbus_property(self):
874
if self.last_enabled is None:
875
return dbus.String(u"")
876
return dbus.String(self._datetime_to_dbus(self.last_enabled))
877
878
# enabled - property
879
@dbus_service_property(_interface, signature=u"b",
880
access=u"readwrite")
881
def enabled_dbus_property(self, value=None):
1151
882
if value is None: # get
1152
883
return dbus.Boolean(self.enabled)
1153
884
if value:
1155
886
else:
1156
887
self.disable()
1157
888
1158
# LastCheckedOK - property
1159
@dbus_service_property(_interface, signature="s",
1160
access="readwrite")
1161
def LastCheckedOK_dbus_property(self, value=None):
889
# last_checked_ok - property
890
@dbus_service_property(_interface, signature=u"s",
891
access=u"readwrite")
892
def last_checked_ok_dbus_property(self, value=None):
1162
893
if value is not None:
1163
894
self.checked_ok()
1164
895
return
1165
return datetime_to_dbus(self.last_checked_ok)
1166
1167
# Expires - property
1168
@dbus_service_property(_interface, signature="s", access="read")
1169
def Expires_dbus_property(self):
1170
return datetime_to_dbus(self.expires)
1171
1172
# LastApprovalRequest - property
1173
@dbus_service_property(_interface, signature="s", access="read")
1174
def LastApprovalRequest_dbus_property(self):
1175
return datetime_to_dbus(self.last_approval_request)
1176
1177
# Timeout - property
1178
@dbus_service_property(_interface, signature="t",
1179
access="readwrite")
1180
def Timeout_dbus_property(self, value=None):
896
if self.last_checked_ok is None:
897
return dbus.String(u"")
898
return dbus.String(self._datetime_to_dbus(self
899
.last_checked_ok))
900
901
# timeout - property
902
@dbus_service_property(_interface, signature=u"t",
903
access=u"readwrite")
904
def timeout_dbus_property(self, value=None):
1181
905
if value is None: # get
1182
906
return dbus.UInt64(self.timeout_milliseconds())
1183
907
self.timeout = datetime.timedelta(0, 0, 0, value)
1184
if getattr(self, "disable_initiator_tag", None) is None:
908
# Emit D-Bus signal
909
self.PropertyChanged(dbus.String(u"timeout"),
910
dbus.UInt64(value, variant_level=1))
911
if getattr(self, u"disable_initiator_tag", None) is None:
1185
912
return
1186
913
# Reschedule timeout
1187
914
gobject.source_remove(self.disable_initiator_tag)
1188
915
self.disable_initiator_tag = None
1189
self.expires = None
1190
916
time_to_die = (self.
1191
917
_timedelta_to_milliseconds((self
1192
918
.last_checked_ok
1197
923
# The timeout has passed
1198
924
self.disable()
1199
925
else:
1200
self.expires = (datetime.datetime.utcnow()
1201
+ datetime.timedelta(milliseconds =
1202
time_to_die))
1203
926
self.disable_initiator_tag = (gobject.timeout_add
1204
927
(time_to_die, self.disable))
1205
928
1206
# ExtendedTimeout - property
1207
@dbus_service_property(_interface, signature="t",
1208
access="readwrite")
1209
def ExtendedTimeout_dbus_property(self, value=None):
1210
if value is None: # get
1211
return dbus.UInt64(self.extended_timeout_milliseconds())
1212
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1213
1214
# Interval - property
1215
@dbus_service_property(_interface, signature="t",
1216
access="readwrite")
1217
def Interval_dbus_property(self, value=None):
929
# interval - property
930
@dbus_service_property(_interface, signature=u"t",
931
access=u"readwrite")
932
def interval_dbus_property(self, value=None):
1218
933
if value is None: # get
1219
934
return dbus.UInt64(self.interval_milliseconds())
1220
935
self.interval = datetime.timedelta(0, 0, 0, value)
1221
if getattr(self, "checker_initiator_tag", None) is None:
936
# Emit D-Bus signal
937
self.PropertyChanged(dbus.String(u"interval"),
938
dbus.UInt64(value, variant_level=1))
939
if getattr(self, u"checker_initiator_tag", None) is None:
1222
940
return
1223
941
# Reschedule checker run
1224
942
gobject.source_remove(self.checker_initiator_tag)
1225
943
self.checker_initiator_tag = (gobject.timeout_add
1226
944
(value, self.start_checker))
1227
945
self.start_checker() # Start one now, too
1228
1229
# Checker - property
1230
@dbus_service_property(_interface, signature="s",
1231
access="readwrite")
1232
def Checker_dbus_property(self, value=None):
946
947
# checker - property
948
@dbus_service_property(_interface, signature=u"s",
949
access=u"readwrite")
950
def checker_dbus_property(self, value=None):
1233
951
if value is None: # get
1234
952
return dbus.String(self.checker_command)
1235
953
self.checker_command = value
954
# Emit D-Bus signal
955
self.PropertyChanged(dbus.String(u"checker"),
956
dbus.String(self.checker_command,
957
variant_level=1))
1236
958
1237
# CheckerRunning - property
1238
@dbus_service_property(_interface, signature="b",
1239
access="readwrite")
1240
def CheckerRunning_dbus_property(self, value=None):
959
# checker_running - property
960
@dbus_service_property(_interface, signature=u"b",
961
access=u"readwrite")
962
def checker_running_dbus_property(self, value=None):
1241
963
if value is None: # get
1242
964
return dbus.Boolean(self.checker is not None)
1243
965
if value:
1245
967
else:
1246
968
self.stop_checker()
1247
969
1248
# ObjectPath - property
1249
@dbus_service_property(_interface, signature="o", access="read")
1250
def ObjectPath_dbus_property(self):
970
# object_path - property
971
@dbus_service_property(_interface, signature=u"o", access=u"read")
972
def object_path_dbus_property(self):
1251
973
return self.dbus_object_path # is already a dbus.ObjectPath
1252
974
1253
# Secret = property
1254
@dbus_service_property(_interface, signature="ay",
1255
access="write", byte_arrays=True)
1256
def Secret_dbus_property(self, value):
975
# secret = property
976
@dbus_service_property(_interface, signature=u"ay",
977
access=u"write", byte_arrays=True)
978
def secret_dbus_property(self, value):
1257
979
self.secret = str(value)
1258
980
1259
981
del _interface
1260
982
1261
983
1262
class ProxyClient(object):
1263
def __init__(self, child_pipe, fpr, address):
1264
self._pipe = child_pipe
1265
self._pipe.send(('init', fpr, address))
1266
if not self._pipe.recv():
1267
raise KeyError()
1268
1269
def __getattribute__(self, name):
1270
if(name == '_pipe'):
1271
return super(ProxyClient, self).__getattribute__(name)
1272
self._pipe.send(('getattr', name))
1273
data = self._pipe.recv()
1274
if data[0] == 'data':
1275
return data[1]
1276
if data[0] == 'function':
1277
def func(*args, **kwargs):
1278
self._pipe.send(('funcall', name, args, kwargs))
1279
return self._pipe.recv()[1]
1280
return func
1281
1282
def __setattr__(self, name, value):
1283
if(name == '_pipe'):
1284
return super(ProxyClient, self).__setattr__(name, value)
1285
self._pipe.send(('setattr', name, value))
1286
1287
class ClientDBusTransitional(ClientDBus):
1288
__metaclass__ = AlternateDBusNamesMetaclass
1289
1290
984
class ClientHandler(socketserver.BaseRequestHandler, object):
1291
985
"""A class to handle client connections.
1292
986
1294
988
Note: This will run in its own forked process."""
1295
989
1296
990
def handle(self):
1297
with contextlib.closing(self.server.child_pipe) as child_pipe:
1298
logger.info("TCP connection from: %s",
1299
unicode(self.client_address))
1300
logger.debug("Pipe FD: %d",
1301
self.server.child_pipe.fileno())
1302
991
logger.info(u"TCP connection from: %s",
992
unicode(self.client_address))
993
logger.debug(u"IPC Pipe FD: %d", self.server.pipe[1])
994
# Open IPC pipe to parent process
995
with closing(os.fdopen(self.server.pipe[1], u"w", 1)) as ipc:
1303
996
session = (gnutls.connection
1304
997
.ClientSession(self.request,
1305
998
gnutls.connection
1306
999
.X509Credentials()))
1307
1000
1001
line = self.request.makefile().readline()
1002
logger.debug(u"Protocol version: %r", line)
1003
try:
1004
if int(line.strip().split()[0]) > 1:
1005
raise RuntimeError
1006
except (ValueError, IndexError, RuntimeError), error:
1007
logger.error(u"Unknown protocol version: %s", error)
1008
return
1009
1308
1010
# Note: gnutls.connection.X509Credentials is really a
1309
1011
# generic GnuTLS certificate credentials object so long as
1310
1012
# no X.509 keys are added to it. Therefore, we can use it
1311
1013
# here despite using OpenPGP certificates.
1312
1014
1313
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
1314
# "+AES-256-CBC", "+SHA1",
1315
# "+COMP-NULL", "+CTYPE-OPENPGP",
1316
# "+DHE-DSS"))
1015
#priority = u':'.join((u"NONE", u"+VERS-TLS1.1",
1016
# u"+AES-256-CBC", u"+SHA1",
1017
# u"+COMP-NULL", u"+CTYPE-OPENPGP",
1018
# u"+DHE-DSS"))
1317
1019
# Use a fallback default, since this MUST be set.
1318
1020
priority = self.server.gnutls_priority
1319
1021
if priority is None:
1320
priority = "NORMAL"
1022
priority = u"NORMAL"
1321
1023
(gnutls.library.functions
1322
1024
.gnutls_priority_set_direct(session._c_object,
1323
1025
priority, None))
1324
1026
1325
# Start communication using the Mandos protocol
1326
# Get protocol number
1327
line = self.request.makefile().readline()
1328
logger.debug("Protocol version: %r", line)
1329
try:
1330
if int(line.strip().split()[0]) > 1:
1331
raise RuntimeError
1332
except (ValueError, IndexError, RuntimeError) as error:
1333
logger.error("Unknown protocol version: %s", error)
1334
return
1335
1336
# Start GnuTLS connection
1337
1027
try:
1338
1028
session.handshake()
1339
except gnutls.errors.GNUTLSError as error:
1340
logger.warning("Handshake failed: %s", error)
1029
except gnutls.errors.GNUTLSError, error:
1030
logger.warning(u"Handshake failed: %s", error)
1341
1031
# Do not run session.bye() here: the session is not
1342
1032
# established. Just abandon the request.
1343
1033
return
1344
logger.debug("Handshake succeeded")
1345
1346
approval_required = False
1034
logger.debug(u"Handshake succeeded")
1347
1035
try:
1348
try:
1349
fpr = self.fingerprint(self.peer_certificate
1350
(session))
1351
except (TypeError,
1352
gnutls.errors.GNUTLSError) as error:
1353
logger.warning("Bad certificate: %s", error)
1354
return
1355
logger.debug("Fingerprint: %s", fpr)
1356
1357
try:
1358
client = ProxyClient(child_pipe, fpr,
1359
self.client_address)
1360
except KeyError:
1361
return
1362
1363
if client.approval_delay:
1364
delay = client.approval_delay
1365
client.approvals_pending += 1
1366
approval_required = True
1367
1368
while True:
1369
if not client.enabled:
1370
logger.info("Client %s is disabled",
1371
client.name)
1372
if self.server.use_dbus:
1373
# Emit D-Bus signal
1374
client.Rejected("Disabled")
1375
return
1376
1377
if client._approved or not client.approval_delay:
1378
#We are approved or approval is disabled
1379
break
1380
elif client._approved is None:
1381
logger.info("Client %s needs approval",
1382
client.name)
1383
if self.server.use_dbus:
1384
# Emit D-Bus signal
1385
client.NeedApproval(
1386
client.approval_delay_milliseconds(),
1387
client.approved_by_default)
1388
else:
1389
logger.warning("Client %s was not approved",
1390
client.name)
1391
if self.server.use_dbus:
1392
# Emit D-Bus signal
1393
client.Rejected("Denied")
1394
return
1395
1396
#wait until timeout or approved
1397
time = datetime.datetime.now()
1398
client.changedstate.acquire()
1399
(client.changedstate.wait
1400
(float(client._timedelta_to_milliseconds(delay)
1401
/ 1000)))
1402
client.changedstate.release()
1403
time2 = datetime.datetime.now()
1404
if (time2 - time) >= delay:
1405
if not client.approved_by_default:
1406
logger.warning("Client %s timed out while"
1407
" waiting for approval",
1408
client.name)
1409
if self.server.use_dbus:
1410
# Emit D-Bus signal
1411
client.Rejected("Approval timed out")
1412
return
1413
else:
1414
break
1415
else:
1416
delay -= time2 - time
1417
1418
sent_size = 0
1419
while sent_size < len(client.secret):
1420
try:
1421
sent = session.send(client.secret[sent_size:])
1422
except gnutls.errors.GNUTLSError as error:
1423
logger.warning("gnutls send failed")
1424
return
1425
logger.debug("Sent: %d, remaining: %d",
1426
sent, len(client.secret)
1427
- (sent_size + sent))
1428
sent_size += sent
1429
1430
logger.info("Sending secret to %s", client.name)
1431
# bump the timeout using extended_timeout
1432
client.checked_ok(client.extended_timeout)
1433
if self.server.use_dbus:
1434
# Emit D-Bus signal
1435
client.GotSecret()
1036
fpr = self.fingerprint(self.peer_certificate(session))
1037
except (TypeError, gnutls.errors.GNUTLSError), error:
1038
logger.warning(u"Bad certificate: %s", error)
1039
session.bye()
1040
return
1041
logger.debug(u"Fingerprint: %s", fpr)
1436
1042
1437
finally:
1438
if approval_required:
1439
client.approvals_pending -= 1
1440
try:
1441
session.bye()
1442
except gnutls.errors.GNUTLSError as error:
1443
logger.warning("GnuTLS bye failed")
1043
for c in self.server.clients:
1044
if c.fingerprint == fpr:
1045
client = c
1046
break
1047
else:
1048
ipc.write(u"NOTFOUND %s %s\n"
1049
% (fpr, unicode(self.client_address)))
1050
session.bye()
1051
return
1052
# Have to check if client.still_valid(), since it is
1053
# possible that the client timed out while establishing
1054
# the GnuTLS session.
1055
if not client.still_valid():
1056
ipc.write(u"INVALID %s\n" % client.name)
1057
session.bye()
1058
return
1059
ipc.write(u"SENDING %s\n" % client.name)
1060
sent_size = 0
1061
while sent_size < len(client.secret):
1062
sent = session.send(client.secret[sent_size:])
1063
logger.debug(u"Sent: %d, remaining: %d",
1064
sent, len(client.secret)
1065
- (sent_size + sent))
1066
sent_size += sent
1067
session.bye()
1444
1068
1445
1069
@staticmethod
1446
1070
def peer_certificate(session):
1456
1080
.gnutls_certificate_get_peers
1457
1081
(session._c_object, ctypes.byref(list_size)))
1458
1082
if not bool(cert_list) and list_size.value != 0:
1459
raise gnutls.errors.GNUTLSError("error getting peer"
1460
" certificate")
1083
raise gnutls.errors.GNUTLSError(u"error getting peer"
1084
u" certificate")
1461
1085
if list_size.value == 0:
1462
1086
return None
1463
1087
cert = cert_list[0]
1489
1113
if crtverify.value != 0:
1490
1114
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1491
1115
raise (gnutls.errors.CertificateSecurityError
1492
("Verify failed"))
1116
(u"Verify failed"))
1493
1117
# New buffer for the fingerprint
1494
1118
buf = ctypes.create_string_buffer(20)
1495
1119
buf_len = ctypes.c_size_t()
1502
1126
# Convert the buffer to a Python bytestring
1503
1127
fpr = ctypes.string_at(buf, buf_len.value)
1504
1128
# Convert the bytestring to hexadecimal notation
1505
hex_fpr = ''.join("%02X" % ord(char) for char in fpr)
1129
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
1506
1130
return hex_fpr
1507
1131
1508
1132
1509
class MultiprocessingMixIn(object):
1510
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
1511
def sub_process_main(self, request, address):
1512
try:
1513
self.finish_request(request, address)
1514
except:
1515
self.handle_error(request, address)
1516
self.close_request(request)
1517
1518
def process_request(self, request, address):
1519
"""Start a new process to process the request."""
1520
proc = multiprocessing.Process(target = self.sub_process_main,
1521
args = (request,
1522
address))
1523
proc.start()
1524
return proc
1525
1526
1527
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
1528
""" adds a pipe to the MixIn """
1133
class ForkingMixInWithPipe(socketserver.ForkingMixIn, object):
1134
"""Like socketserver.ForkingMixIn, but also pass a pipe."""
1529
1135
def process_request(self, request, client_address):
1530
1136
"""Overrides and wraps the original process_request().
1531
1137
1532
1138
This function creates a new pipe in self.pipe
1533
1139
"""
1534
parent_pipe, self.child_pipe = multiprocessing.Pipe()
1535
1536
proc = MultiprocessingMixIn.process_request(self, request,
1537
client_address)
1538
self.child_pipe.close()
1539
self.add_pipe(parent_pipe, proc)
1540
1541
def add_pipe(self, parent_pipe, proc):
1140
self.pipe = os.pipe()
1141
super(ForkingMixInWithPipe,
1142
self).process_request(request, client_address)
1143
os.close(self.pipe[1]) # close write end
1144
self.add_pipe(self.pipe[0])
1145
def add_pipe(self, pipe):
1542
1146
"""Dummy function; override as necessary"""
1543
raise NotImplementedError
1544
1545
1546
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
1147
os.close(pipe)
1148
1149
1150
class IPv6_TCPServer(ForkingMixInWithPipe,
1547
1151
socketserver.TCPServer, object):
1548
1152
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
1549
1153
1565
1169
bind to an address or port if they were not specified."""
1566
1170
if self.interface is not None:
1567
1171
if SO_BINDTODEVICE is None:
1568
logger.error("SO_BINDTODEVICE does not exist;"
1569
" cannot bind to interface %s",
1172
logger.error(u"SO_BINDTODEVICE does not exist;"
1173
u" cannot bind to interface %s",
1570
1174
self.interface)
1571
1175
else:
1572
1176
try:
1573
1177
self.socket.setsockopt(socket.SOL_SOCKET,
1574
1178
SO_BINDTODEVICE,
1575
1179
str(self.interface
1576
+ '\0'))
1577
except socket.error as error:
1180
+ u'\0'))
1181
except socket.error, error:
1578
1182
if error[0] == errno.EPERM:
1579
logger.error("No permission to"
1580
" bind to interface %s",
1183
logger.error(u"No permission to"
1184
u" bind to interface %s",
1581
1185
self.interface)
1582
1186
elif error[0] == errno.ENOPROTOOPT:
1583
logger.error("SO_BINDTODEVICE not available;"
1584
" cannot bind to interface %s",
1187
logger.error(u"SO_BINDTODEVICE not available;"
1188
u" cannot bind to interface %s",
1585
1189
self.interface)
1586
1190
else:
1587
1191
raise
1589
1193
if self.server_address[0] or self.server_address[1]:
1590
1194
if not self.server_address[0]:
1591
1195
if self.address_family == socket.AF_INET6:
1592
any_address = "::" # in6addr_any
1196
any_address = u"::" # in6addr_any
1593
1197
else:
1594
1198
any_address = socket.INADDR_ANY
1595
1199
self.server_address = (any_address,
1632
1236
def server_activate(self):
1633
1237
if self.enabled:
1634
1238
return socketserver.TCPServer.server_activate(self)
1635
1636
1239
def enable(self):
1637
1240
self.enabled = True
1638
1639
def add_pipe(self, parent_pipe, proc):
1241
def add_pipe(self, pipe):
1640
1242
# Call "handle_ipc" for both data and EOF events
1641
gobject.io_add_watch(parent_pipe.fileno(),
1642
gobject.IO_IN | gobject.IO_HUP,
1643
functools.partial(self.handle_ipc,
1644
parent_pipe =
1645
parent_pipe,
1646
proc = proc))
1647
1648
def handle_ipc(self, source, condition, parent_pipe=None,
1649
proc = None, client_object=None):
1243
gobject.io_add_watch(pipe, gobject.IO_IN | gobject.IO_HUP,
1244
self.handle_ipc)
1245
def handle_ipc(self, source, condition, file_objects={}):
1650
1246
condition_names = {
1651
gobject.IO_IN: "IN", # There is data to read.
1652
gobject.IO_OUT: "OUT", # Data can be written (without
1247
gobject.IO_IN: u"IN", # There is data to read.
1248
gobject.IO_OUT: u"OUT", # Data can be written (without
1653
1249
# blocking).
1654
gobject.IO_PRI: "PRI", # There is urgent data to read.
1655
gobject.IO_ERR: "ERR", # Error condition.
1656
gobject.IO_HUP: "HUP" # Hung up (the connection has been
1250
gobject.IO_PRI: u"PRI", # There is urgent data to read.
1251
gobject.IO_ERR: u"ERR", # Error condition.
1252
gobject.IO_HUP: u"HUP" # Hung up (the connection has been
1657
1253
# broken, usually for pipes and
1658
1254
# sockets).
1659
1255
}
1661
1257
for cond, name in
1662
1258
condition_names.iteritems()
1663
1259
if cond & condition)
1664
# error, or the other end of multiprocessing.Pipe has closed
1665
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
1666
# Wait for other process to exit
1667
proc.join()
1668
return False
1669
1670
# Read a request from the child
1671
request = parent_pipe.recv()
1672
command = request[0]
1673
1674
if command == 'init':
1675
fpr = request[1]
1676
address = request[2]
1677
1678
for c in self.clients:
1679
if c.fingerprint == fpr:
1680
client = c
1681
break
1682
else:
1683
logger.info("Client not found for fingerprint: %s, ad"
1684
"dress: %s", fpr, address)
1685
if self.use_dbus:
1686
# Emit D-Bus signal
1687
mandos_dbus_service.ClientNotFound(fpr,
1688
address[0])
1689
parent_pipe.send(False)
1690
return False
1691
1692
gobject.io_add_watch(parent_pipe.fileno(),
1693
gobject.IO_IN | gobject.IO_HUP,
1694
functools.partial(self.handle_ipc,
1695
parent_pipe =
1696
parent_pipe,
1697
proc = proc,
1698
client_object =
1699
client))
1700
parent_pipe.send(True)
1701
# remove the old hook in favor of the new above hook on
1702
# same fileno
1703
return False
1704
if command == 'funcall':
1705
funcname = request[1]
1706
args = request[2]
1707
kwargs = request[3]
1708
1709
parent_pipe.send(('data', getattr(client_object,
1710
funcname)(*args,
1711
**kwargs)))
1712
1713
if command == 'getattr':
1714
attrname = request[1]
1715
if callable(client_object.__getattribute__(attrname)):
1716
parent_pipe.send(('function',))
1717
else:
1718
parent_pipe.send(('data', client_object
1719
.__getattribute__(attrname)))
1720
1721
if command == 'setattr':
1722
attrname = request[1]
1723
value = request[2]
1724
setattr(client_object, attrname, value)
1725
1260
logger.debug(u"Handling IPC: FD = %d, condition = %s", source,
1261
conditions_string)
1262
1263
# Turn the pipe file descriptor into a Python file object
1264
if source not in file_objects:
1265
file_objects[source] = os.fdopen(source, u"r", 1)
1266
1267
# Read a line from the file object
1268
cmdline = file_objects[source].readline()
1269
if not cmdline: # Empty line means end of file
1270
# close the IPC pipe
1271
file_objects[source].close()
1272
del file_objects[source]
1273
1274
# Stop calling this function
1275
return False
1276
1277
logger.debug(u"IPC command: %r", cmdline)
1278
1279
# Parse and act on command
1280
cmd, args = cmdline.rstrip(u"\r\n").split(None, 1)
1281
1282
if cmd == u"NOTFOUND":
1283
logger.warning(u"Client not found for fingerprint: %s",
1284
args)
1285
if self.use_dbus:
1286
# Emit D-Bus signal
1287
mandos_dbus_service.ClientNotFound(args)
1288
elif cmd == u"INVALID":
1289
for client in self.clients:
1290
if client.name == args:
1291
logger.warning(u"Client %s is invalid", args)
1292
if self.use_dbus:
1293
# Emit D-Bus signal
1294
client.Rejected()
1295
break
1296
else:
1297
logger.error(u"Unknown client %s is invalid", args)
1298
elif cmd == u"SENDING":
1299
for client in self.clients:
1300
if client.name == args:
1301
logger.info(u"Sending secret to %s", client.name)
1302
client.checked_ok()
1303
if self.use_dbus:
1304
# Emit D-Bus signal
1305
client.GotSecret()
1306
break
1307
else:
1308
logger.error(u"Sending secret to unknown client %s",
1309
args)
1310
else:
1311
logger.error(u"Unknown IPC command: %r", cmdline)
1312
1313
# Keep calling this function
1726
1314
return True
1727
1315
1728
1316
1729
1317
def string_to_delta(interval):
1730
1318
"""Parse a string and return a datetime.timedelta
1731
1319
1732
>>> string_to_delta('7d')
1320
>>> string_to_delta(u'7d')
1733
1321
datetime.timedelta(7)
1734
>>> string_to_delta('60s')
1322
>>> string_to_delta(u'60s')
1735
1323
datetime.timedelta(0, 60)
1736
>>> string_to_delta('60m')
1324
>>> string_to_delta(u'60m')
1737
1325
datetime.timedelta(0, 3600)
1738
>>> string_to_delta('24h')
1326
>>> string_to_delta(u'24h')
1739
1327
datetime.timedelta(1)
1740
>>> string_to_delta('1w')
1328
>>> string_to_delta(u'1w')
1741
1329
datetime.timedelta(7)
1742
>>> string_to_delta('5m 30s')
1330
>>> string_to_delta(u'5m 30s')
1743
1331
datetime.timedelta(0, 330)
1744
1332
"""
1745
1333
timevalue = datetime.timedelta(0)
1747
1335
try:
1748
1336
suffix = unicode(s[-1])
1749
1337
value = int(s[:-1])
1750
if suffix == "d":
1338
if suffix == u"d":
1751
1339
delta = datetime.timedelta(value)
1752
elif suffix == "s":
1340
elif suffix == u"s":
1753
1341
delta = datetime.timedelta(0, value)
1754
elif suffix == "m":
1342
elif suffix == u"m":
1755
1343
delta = datetime.timedelta(0, 0, 0, 0, value)
1756
elif suffix == "h":
1344
elif suffix == u"h":
1757
1345
delta = datetime.timedelta(0, 0, 0, 0, 0, value)
1758
elif suffix == "w":
1346
elif suffix == u"w":
1759
1347
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
1760
1348
else:
1761
raise ValueError("Unknown suffix %r" % suffix)
1762
except (ValueError, IndexError) as e:
1763
raise ValueError(*(e.args))
1349
raise ValueError(u"Unknown suffix %r" % suffix)
1350
except (ValueError, IndexError), e:
1351
raise ValueError(e.message)
1764
1352
timevalue += delta
1765
1353
return timevalue
1766
1354
1772
1360
global if_nametoindex
1773
1361
try:
1774
1362
if_nametoindex = (ctypes.cdll.LoadLibrary
1775
(ctypes.util.find_library("c"))
1363
(ctypes.util.find_library(u"c"))
1776
1364
.if_nametoindex)
1777
1365
except (OSError, AttributeError):
1778
logger.warning("Doing if_nametoindex the hard way")
1366
logger.warning(u"Doing if_nametoindex the hard way")
1779
1367
def if_nametoindex(interface):
1780
1368
"Get an interface index the hard way, i.e. using fcntl()"
1781
1369
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
1782
with contextlib.closing(socket.socket()) as s:
1370
with closing(socket.socket()) as s:
1783
1371
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
1784
struct.pack(str("16s16x"),
1372
struct.pack(str(u"16s16x"),
1785
1373
interface))
1786
interface_index = struct.unpack(str("I"),
1374
interface_index = struct.unpack(str(u"I"),
1787
1375
ifreq[16:20])[0]
1788
1376
return interface_index
1789
1377
return if_nametoindex(interface)
1797
1385
sys.exit()
1798
1386
os.setsid()
1799
1387
if not nochdir:
1800
os.chdir("/")
1388
os.chdir(u"/")
1801
1389
if os.fork():
1802
1390
sys.exit()
1803
1391
if not noclose:
1805
1393
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1806
1394
if not stat.S_ISCHR(os.fstat(null).st_mode):
1807
1395
raise OSError(errno.ENODEV,
1808
"%s not a character device"
1396
u"%s not a character device"
1809
1397
% os.path.devnull)
1810
1398
os.dup2(null, sys.stdin.fileno())
1811
1399
os.dup2(null, sys.stdout.fileno())
1819
1407
##################################################################
1820
1408
# Parsing of options, both command line and config file
1821
1409
1822
parser = argparse.ArgumentParser()
1823
parser.add_argument("-v", "--version", action="version",
1824
version = "%%(prog)s %s" % version,
1825
help="show version number and exit")
1826
parser.add_argument("-i", "--interface", metavar="IF",
1827
help="Bind to interface IF")
1828
parser.add_argument("-a", "--address",
1829
help="Address to listen for requests on")
1830
parser.add_argument("-p", "--port", type=int,
1831
help="Port number to receive requests on")
1832
parser.add_argument("--check", action="store_true",
1833
help="Run self-test")
1834
parser.add_argument("--debug", action="store_true",
1835
help="Debug mode; run in foreground and log"
1836
" to terminal")
1837
parser.add_argument("--debuglevel", metavar="LEVEL",
1838
help="Debug level for stdout output")
1839
parser.add_argument("--priority", help="GnuTLS"
1840
" priority string (see GnuTLS documentation)")
1841
parser.add_argument("--servicename",
1842
metavar="NAME", help="Zeroconf service name")
1843
parser.add_argument("--configdir",
1844
default="/etc/mandos", metavar="DIR",
1845
help="Directory to search for configuration"
1846
" files")
1847
parser.add_argument("--no-dbus", action="store_false",
1848
dest="use_dbus", help="Do not provide D-Bus"
1849
" system bus interface")
1850
parser.add_argument("--no-ipv6", action="store_false",
1851
dest="use_ipv6", help="Do not use IPv6")
1852
options = parser.parse_args()
1410
parser = optparse.OptionParser(version = "%%prog %s" % version)
1411
parser.add_option("-i", u"--interface", type=u"string",
1412
metavar="IF", help=u"Bind to interface IF")
1413
parser.add_option("-a", u"--address", type=u"string",
1414
help=u"Address to listen for requests on")
1415
parser.add_option("-p", u"--port", type=u"int",
1416
help=u"Port number to receive requests on")
1417
parser.add_option("--check", action=u"store_true",
1418
help=u"Run self-test")
1419
parser.add_option("--debug", action=u"store_true",
1420
help=u"Debug mode; run in foreground and log to"
1421
u" terminal")
1422
parser.add_option("--priority", type=u"string", help=u"GnuTLS"
1423
u" priority string (see GnuTLS documentation)")
1424
parser.add_option("--servicename", type=u"string",
1425
metavar=u"NAME", help=u"Zeroconf service name")
1426
parser.add_option("--configdir", type=u"string",
1427
default=u"/etc/mandos", metavar=u"DIR",
1428
help=u"Directory to search for configuration"
1429
u" files")
1430
parser.add_option("--no-dbus", action=u"store_false",
1431
dest=u"use_dbus", help=u"Do not provide D-Bus"
1432
u" system bus interface")
1433
parser.add_option("--no-ipv6", action=u"store_false",
1434
dest=u"use_ipv6", help=u"Do not use IPv6")
1435
options = parser.parse_args()[0]
1853
1436
1854
1437
if options.check:
1855
1438
import doctest
1857
1440
sys.exit()
1858
1441
1859
1442
# Default values for config file for server-global settings
1860
server_defaults = { "interface": "",
1861
"address": "",
1862
"port": "",
1863
"debug": "False",
1864
"priority":
1865
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1866
"servicename": "Mandos",
1867
"use_dbus": "True",
1868
"use_ipv6": "True",
1869
"debuglevel": "",
1443
server_defaults = { u"interface": u"",
1444
u"address": u"",
1445
u"port": u"",
1446
u"debug": u"False",
1447
u"priority":
1448
u"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1449
u"servicename": u"Mandos",
1450
u"use_dbus": u"True",
1451
u"use_ipv6": u"True",
1870
1452
}
1871
1453
1872
1454
# Parse config file for server-global settings
1873
1455
server_config = configparser.SafeConfigParser(server_defaults)
1874
1456
del server_defaults
1875
1457
server_config.read(os.path.join(options.configdir,
1876
"mandos.conf"))
1458
u"mandos.conf"))
1877
1459
# Convert the SafeConfigParser object to a dict
1878
1460
server_settings = server_config.defaults()
1879
1461
# Use the appropriate methods on the non-string config options
1880
for option in ("debug", "use_dbus", "use_ipv6"):
1881
server_settings[option] = server_config.getboolean("DEFAULT",
1462
for option in (u"debug", u"use_dbus", u"use_ipv6"):
1463
server_settings[option] = server_config.getboolean(u"DEFAULT",
1882
1464
option)
1883
1465
if server_settings["port"]:
1884
server_settings["port"] = server_config.getint("DEFAULT",
1885
"port")
1466
server_settings["port"] = server_config.getint(u"DEFAULT",
1467
u"port")
1886
1468
del server_config
1887
1469
1888
1470
# Override the settings from the config file with command line
1889
1471
# options, if set.
1890
for option in ("interface", "address", "port", "debug",
1891
"priority", "servicename", "configdir",
1892
"use_dbus", "use_ipv6", "debuglevel"):
1472
for option in (u"interface", u"address", u"port", u"debug",
1473
u"priority", u"servicename", u"configdir",
1474
u"use_dbus", u"use_ipv6"):
1893
1475
value = getattr(options, option)
1894
1476
if value is not None:
1895
1477
server_settings[option] = value
1903
1485
##################################################################
1904
1486
1905
1487
# For convenience
1906
debug = server_settings["debug"]
1907
debuglevel = server_settings["debuglevel"]
1908
use_dbus = server_settings["use_dbus"]
1909
use_ipv6 = server_settings["use_ipv6"]
1910
1911
if server_settings["servicename"] != "Mandos":
1488
debug = server_settings[u"debug"]
1489
use_dbus = server_settings[u"use_dbus"]
1490
use_ipv6 = server_settings[u"use_ipv6"]
1491
1492
if not debug:
1493
syslogger.setLevel(logging.WARNING)
1494
console.setLevel(logging.WARNING)
1495
1496
if server_settings[u"servicename"] != u"Mandos":
1912
1497
syslogger.setFormatter(logging.Formatter
1913
('Mandos (%s) [%%(process)d]:'
1914
' %%(levelname)s: %%(message)s'
1915
% server_settings["servicename"]))
1498
(u'Mandos (%s) [%%(process)d]:'
1499
u' %%(levelname)s: %%(message)s'
1500
% server_settings[u"servicename"]))
1916
1501
1917
1502
# Parse config file with clients
1918
client_defaults = { "timeout": "5m",
1919
"extended_timeout": "15m",
1920
"interval": "2m",
1921
"checker": "fping -q -- %%(host)s",
1922
"host": "",
1923
"approval_delay": "0s",
1924
"approval_duration": "1s",
1503
client_defaults = { u"timeout": u"1h",
1504
u"interval": u"5m",
1505
u"checker": u"fping -q -- %%(host)s",
1506
u"host": u"",
1925
1507
}
1926
1508
client_config = configparser.SafeConfigParser(client_defaults)
1927
client_config.read(os.path.join(server_settings["configdir"],
1928
"clients.conf"))
1509
client_config.read(os.path.join(server_settings[u"configdir"],
1510
u"clients.conf"))
1929
1511
1930
1512
global mandos_dbus_service
1931
1513
mandos_dbus_service = None
1932
1514
1933
tcp_server = MandosServer((server_settings["address"],
1934
server_settings["port"]),
1515
tcp_server = MandosServer((server_settings[u"address"],
1516
server_settings[u"port"]),
1935
1517
ClientHandler,
1936
interface=(server_settings["interface"]
1937
or None),
1518
interface=server_settings[u"interface"],
1938
1519
use_ipv6=use_ipv6,
1939
1520
gnutls_priority=
1940
server_settings["priority"],
1521
server_settings[u"priority"],
1941
1522
use_dbus=use_dbus)
1942
if not debug:
1943
pidfilename = "/var/run/mandos.pid"
1944
try:
1945
pidfile = open(pidfilename, "w")
1946
except IOError:
1947
logger.error("Could not open file %r", pidfilename)
1523
pidfilename = u"/var/run/mandos.pid"
1524
try:
1525
pidfile = open(pidfilename, u"w")
1526
except IOError:
1527
logger.error(u"Could not open file %r", pidfilename)
1948
1528
1949
1529
try:
1950
uid = pwd.getpwnam("_mandos").pw_uid
1951
gid = pwd.getpwnam("_mandos").pw_gid
1530
uid = pwd.getpwnam(u"_mandos").pw_uid
1531
gid = pwd.getpwnam(u"_mandos").pw_gid
1952
1532
except KeyError:
1953
1533
try:
1954
uid = pwd.getpwnam("mandos").pw_uid
1955
gid = pwd.getpwnam("mandos").pw_gid
1534
uid = pwd.getpwnam(u"mandos").pw_uid
1535
gid = pwd.getpwnam(u"mandos").pw_gid
1956
1536
except KeyError:
1957
1537
try:
1958
uid = pwd.getpwnam("nobody").pw_uid
1959
gid = pwd.getpwnam("nobody").pw_gid
1538
uid = pwd.getpwnam(u"nobody").pw_uid
1539
gid = pwd.getpwnam(u"nobody").pw_gid
1960
1540
except KeyError:
1961
1541
uid = 65534
1962
1542
gid = 65534
1963
1543
try:
1964
1544
os.setgid(gid)
1965
1545
os.setuid(uid)
1966
except OSError as error:
1546
except OSError, error:
1967
1547
if error[0] != errno.EPERM:
1968
1548
raise error
1969
1549
1970
if not debug and not debuglevel:
1971
syslogger.setLevel(logging.WARNING)
1972
console.setLevel(logging.WARNING)
1973
if debuglevel:
1974
level = getattr(logging, debuglevel.upper())
1975
syslogger.setLevel(level)
1976
console.setLevel(level)
1977
1550
# Enable all possible GnuTLS debugging
1978
1551
if debug:
1979
# Enable all possible GnuTLS debugging
1980
1981
1552
# "Use a log level over 10 to enable all debugging options."
1982
1553
# - GnuTLS manual
1983
1554
gnutls.library.functions.gnutls_global_set_log_level(11)
1984
1555
1985
1556
@gnutls.library.types.gnutls_log_func
1986
1557
def debug_gnutls(level, string):
1987
logger.debug("GnuTLS: %s", string[:-1])
1558
logger.debug(u"GnuTLS: %s", string[:-1])
1988
1559
1989
1560
(gnutls.library.functions
1990
1561
.gnutls_global_set_log_function(debug_gnutls))
1991
1992
# Redirect stdin so all checkers get /dev/null
1993
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1994
os.dup2(null, sys.stdin.fileno())
1995
if null > 2:
1996
os.close(null)
1997
else:
1998
# No console logging
1999
logger.removeHandler(console)
2000
2001
# Need to fork before connecting to D-Bus
2002
if not debug:
2003
# Close all input and output, do double fork, etc.
2004
daemon()
2005
1562
2006
1563
global main_loop
2007
1564
# From the Avahi example code
2011
1568
# End of Avahi example code
2012
1569
if use_dbus:
2013
1570
try:
2014
bus_name = dbus.service.BusName("se.recompile.Mandos",
1571
bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos",
2015
1572
bus, do_not_queue=True)
2016
old_bus_name = (dbus.service.BusName
2017
("se.bsnet.fukt.Mandos", bus,
2018
do_not_queue=True))
2019
except dbus.exceptions.NameExistsException as e:
2020
logger.error(unicode(e) + ", disabling D-Bus")
1573
except dbus.exceptions.NameExistsException, e:
1574
logger.error(unicode(e) + u", disabling D-Bus")
2021
1575
use_dbus = False
2022
server_settings["use_dbus"] = False
1576
server_settings[u"use_dbus"] = False
2023
1577
tcp_server.use_dbus = False
2024
1578
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2025
service = AvahiService(name = server_settings["servicename"],
2026
servicetype = "_mandos._tcp",
1579
service = AvahiService(name = server_settings[u"servicename"],
1580
servicetype = u"_mandos._tcp",
2027
1581
protocol = protocol, bus = bus)
2028
1582
if server_settings["interface"]:
2029
1583
service.interface = (if_nametoindex
2030
(str(server_settings["interface"])))
2031
2032
global multiprocessing_manager
2033
multiprocessing_manager = multiprocessing.Manager()
1584
(str(server_settings[u"interface"])))
2034
1585
2035
1586
client_class = Client
2036
1587
if use_dbus:
2037
client_class = functools.partial(ClientDBusTransitional,
2038
bus = bus)
2039
def client_config_items(config, section):
2040
special_settings = {
2041
"approved_by_default":
2042
lambda: config.getboolean(section,
2043
"approved_by_default"),
2044
}
2045
for name, value in config.items(section):
2046
try:
2047
yield (name, special_settings[name]())
2048
except KeyError:
2049
yield (name, value)
2050
1588
client_class = functools.partial(ClientDBus, bus = bus)
2051
1589
tcp_server.clients.update(set(
2052
1590
client_class(name = section,
2053
config= dict(client_config_items(
2054
client_config, section)))
1591
config= dict(client_config.items(section)))
2055
1592
for section in client_config.sections()))
2056
1593
if not tcp_server.clients:
2057
logger.warning("No clients defined")
2058
1594
logger.warning(u"No clients defined")
1595
1596
if debug:
1597
# Redirect stdin so all checkers get /dev/null
1598
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1599
os.dup2(null, sys.stdin.fileno())
1600
if null > 2:
1601
os.close(null)
1602
else:
1603
# No console logging
1604
logger.removeHandler(console)
1605
# Close all input and output, do double fork, etc.
1606
daemon()
1607
1608
try:
1609
with closing(pidfile):
1610
pid = os.getpid()
1611
pidfile.write(str(pid) + "\n")
1612
del pidfile
1613
except IOError:
1614
logger.error(u"Could not write to file %r with PID %d",
1615
pidfilename, pid)
1616
except NameError:
1617
# "pidfile" was never created
1618
pass
1619
del pidfilename
1620
2059
1621
if not debug:
2060
try:
2061
with pidfile:
2062
pid = os.getpid()
2063
pidfile.write(str(pid) + "\n".encode("utf-8"))
2064
del pidfile
2065
except IOError:
2066
logger.error("Could not write to file %r with PID %d",
2067
pidfilename, pid)
2068
except NameError:
2069
# "pidfile" was never created
2070
pass
2071
del pidfilename
2072
2073
1622
signal.signal(signal.SIGINT, signal.SIG_IGN)
2074
2075
1623
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
2076
1624
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
2077
1625
2079
1627
class MandosDBusService(dbus.service.Object):
2080
1628
"""A D-Bus proxy object"""
2081
1629
def __init__(self):
2082
dbus.service.Object.__init__(self, bus, "/")
2083
_interface = "se.recompile.Mandos"
2084
2085
@dbus.service.signal(_interface, signature="o")
2086
def ClientAdded(self, objpath):
2087
"D-Bus signal"
2088
pass
2089
2090
@dbus.service.signal(_interface, signature="ss")
2091
def ClientNotFound(self, fingerprint, address):
2092
"D-Bus signal"
2093
pass
2094
2095
@dbus.service.signal(_interface, signature="os")
1630
dbus.service.Object.__init__(self, bus, u"/")
1631
_interface = u"se.bsnet.fukt.Mandos"
1632
1633
@dbus.service.signal(_interface, signature=u"oa{sv}")
1634
def ClientAdded(self, objpath, properties):
1635
"D-Bus signal"
1636
pass
1637
1638
@dbus.service.signal(_interface, signature=u"s")
1639
def ClientNotFound(self, fingerprint):
1640
"D-Bus signal"
1641
pass
1642
1643
@dbus.service.signal(_interface, signature=u"os")
2096
1644
def ClientRemoved(self, objpath, name):
2097
1645
"D-Bus signal"
2098
1646
pass
2099
1647
2100
@dbus.service.method(_interface, out_signature="ao")
1648
@dbus.service.method(_interface, out_signature=u"ao")
2101
1649
def GetAllClients(self):
2102
1650
"D-Bus method"
2103
1651
return dbus.Array(c.dbus_object_path
2104
1652
for c in tcp_server.clients)
2105
1653
2106
1654
@dbus.service.method(_interface,
2107
out_signature="a{oa{sv}}")
1655
out_signature=u"a{oa{sv}}")
2108
1656
def GetAllClientsWithProperties(self):
2109
1657
"D-Bus method"
2110
1658
return dbus.Dictionary(
2111
((c.dbus_object_path, c.GetAll(""))
1659
((c.dbus_object_path, c.GetAll(u""))
2112
1660
for c in tcp_server.clients),
2113
signature="oa{sv}")
1661
signature=u"oa{sv}")
2114
1662
2115
@dbus.service.method(_interface, in_signature="o")
1663
@dbus.service.method(_interface, in_signature=u"o")
2116
1664
def RemoveClient(self, object_path):
2117
1665
"D-Bus method"
2118
1666
for c in tcp_server.clients:
2128
1676
2129
1677
del _interface
2130
1678
2131
class MandosDBusServiceTransitional(MandosDBusService):
2132
__metaclass__ = AlternateDBusNamesMetaclass
2133
mandos_dbus_service = MandosDBusServiceTransitional()
1679
mandos_dbus_service = MandosDBusService()
2134
1680
2135
1681
def cleanup():
2136
1682
"Cleanup function; run on exit"
2137
1683
service.cleanup()
2138
1684
2139
multiprocessing.active_children()
2140
1685
while tcp_server.clients:
2141
1686
client = tcp_server.clients.pop()
2142
1687
if use_dbus:
2146
1691
client.disable(quiet=True)
2147
1692
if use_dbus:
2148
1693
# Emit D-Bus signal
2149
mandos_dbus_service.ClientRemoved(client
2150
.dbus_object_path,
1694
mandos_dbus_service.ClientRemoved(client.dbus_object_path,
2151
1695
client.name)
2152
1696
2153
1697
atexit.register(cleanup)
2155
1699
for client in tcp_server.clients:
2156
1700
if use_dbus:
2157
1701
# Emit D-Bus signal
2158
mandos_dbus_service.ClientAdded(client.dbus_object_path)
1702
mandos_dbus_service.ClientAdded(client.dbus_object_path,
1703
client.GetAll(u""))
2159
1704
client.enable()
2160
1705
2161
1706
tcp_server.enable()
2164
1709
# Find out what port we got
2165
1710
service.port = tcp_server.socket.getsockname()[1]
2166
1711
if use_ipv6:
2167
logger.info("Now listening on address %r, port %d,"
1712
logger.info(u"Now listening on address %r, port %d,"
2168
1713
" flowinfo %d, scope_id %d"
2169
1714
% tcp_server.socket.getsockname())
2170
1715
else: # IPv4
2171
logger.info("Now listening on address %r, port %d"
1716
logger.info(u"Now listening on address %r, port %d"
2172
1717
% tcp_server.socket.getsockname())
2173
1718
2174
1719
#service.interface = tcp_server.socket.getsockname()[3]
2177
1722
# From the Avahi example code
2178
1723
try:
2179
1724
service.activate()
2180
except dbus.exceptions.DBusException as error:
2181
logger.critical("DBusException: %s", error)
1725
except dbus.exceptions.DBusException, error:
1726
logger.critical(u"DBusException: %s", error)
2182
1727
cleanup()
2183
1728
sys.exit(1)
2184
1729
# End of Avahi example code
2188
1733
(tcp_server.handle_request
2189
1734
(*args[2:], **kwargs) or True))
2190
1735
2191
logger.debug("Starting main loop")
1736
logger.debug(u"Starting main loop")
2192
1737
main_loop.run()
2193
except AvahiError as error:
2194
logger.critical("AvahiError: %s", error)
1738
except AvahiError, error:
1739
logger.critical(u"AvahiError: %s", error)
2195
1740
cleanup()
2196
1741
sys.exit(1)
2197
1742
except KeyboardInterrupt:
2198
1743
if debug:
2199
print("", file=sys.stderr)
2200
logger.debug("Server received KeyboardInterrupt")
2201
logger.debug("Server exiting")
1744
print >> sys.stderr
1745
logger.debug(u"Server received KeyboardInterrupt")
1746
logger.debug(u"Server exiting")
2202
1747
# Must run before the D-Bus bus name gets deregistered
2203
1748
cleanup()
2204
1749
2205
2206
1750
if __name__ == '__main__':
2207
1751
main()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0