To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 410
- compare with another revision
- download diff
- download tarball
- view history from revision 410
- Committer: Teddy Hogeborn
- Date: 2009-11-19 18:31:28 UTC
- Revision ID: teddy@fukt.bsnet.se-20091119183128-ttstewh61xmtnil1
* Makefile (LINK_FORTIFY_LD): Bug fix: removed "-fPIE".
* mandos-keygen: Bug fix: Fix quoting for the "--password" option.
* mandos-keygen: Bug fix: Fix quoting for the "--password" option.
- files removed:
- DBUS-API
- debian/source
- network-hooks.d
- files modified:
- .bzrignore
added
removed
mandos
11
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008-2012 Teddy Hogeborn
15
# Copyright © 2008-2012 Björn Påhlsson
14
# Copyright © 2008,2009 Teddy Hogeborn
15
# Copyright © 2008,2009 Björn Påhlsson
16
16
#
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
28
28
# along with this program. If not, see
29
29
# <http://www.gnu.org/licenses/>.
30
30
#
31
# Contact the authors at <mandos@recompile.se>.
31
# Contact the authors at <mandos@fukt.bsnet.se>.
32
32
#
33
33
34
from __future__ import (division, absolute_import, print_function,
35
unicode_literals)
36
37
from future_builtins import *
34
from __future__ import division, with_statement, absolute_import
38
35
39
36
import SocketServer as socketserver
40
37
import socket
41
import argparse
38
import optparse
42
39
import datetime
43
40
import errno
44
41
import gnutls.crypto
58
55
import logging
59
56
import logging.handlers
60
57
import pwd
61
import contextlib
58
from contextlib import closing
62
59
import struct
63
60
import fcntl
64
61
import functools
65
import cPickle as pickle
66
import multiprocessing
67
import types
68
import binascii
69
import tempfile
70
import itertools
71
62
72
63
import dbus
73
64
import dbus.service
78
69
import ctypes.util
79
70
import xml.dom.minidom
80
71
import inspect
81
import GnuPGInterface
82
72
83
73
try:
84
74
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
88
78
except ImportError:
89
79
SO_BINDTODEVICE = None
90
80
91
version = "1.5.3"
92
stored_state_file = "clients.pickle"
93
94
logger = logging.getLogger()
81
82
version = "1.0.14"
83
84
logger = logging.Logger(u'mandos')
95
85
syslogger = (logging.handlers.SysLogHandler
96
86
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
97
address = str("/dev/log")))
98
99
try:
100
if_nametoindex = (ctypes.cdll.LoadLibrary
101
(ctypes.util.find_library("c"))
102
.if_nametoindex)
103
except (OSError, AttributeError):
104
def if_nametoindex(interface):
105
"Get an interface index the hard way, i.e. using fcntl()"
106
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
107
with contextlib.closing(socket.socket()) as s:
108
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
109
struct.pack(str("16s16x"),
110
interface))
111
interface_index = struct.unpack(str("I"),
112
ifreq[16:20])[0]
113
return interface_index
114
115
116
def initlogger(debug, level=logging.WARNING):
117
"""init logger and add loglevel"""
118
119
syslogger.setFormatter(logging.Formatter
120
('Mandos [%(process)d]: %(levelname)s:'
121
' %(message)s'))
122
logger.addHandler(syslogger)
123
124
if debug:
125
console = logging.StreamHandler()
126
console.setFormatter(logging.Formatter('%(asctime)s %(name)s'
127
' [%(process)d]:'
128
' %(levelname)s:'
129
' %(message)s'))
130
logger.addHandler(console)
131
logger.setLevel(level)
132
133
134
class PGPError(Exception):
135
"""Exception if encryption/decryption fails"""
136
pass
137
138
139
class PGPEngine(object):
140
"""A simple class for OpenPGP symmetric encryption & decryption"""
141
def __init__(self):
142
self.gnupg = GnuPGInterface.GnuPG()
143
self.tempdir = tempfile.mkdtemp(prefix="mandos-")
144
self.gnupg = GnuPGInterface.GnuPG()
145
self.gnupg.options.meta_interactive = False
146
self.gnupg.options.homedir = self.tempdir
147
self.gnupg.options.extra_args.extend(['--force-mdc',
148
'--quiet',
149
'--no-use-agent'])
150
151
def __enter__(self):
152
return self
153
154
def __exit__ (self, exc_type, exc_value, traceback):
155
self._cleanup()
156
return False
157
158
def __del__(self):
159
self._cleanup()
160
161
def _cleanup(self):
162
if self.tempdir is not None:
163
# Delete contents of tempdir
164
for root, dirs, files in os.walk(self.tempdir,
165
topdown = False):
166
for filename in files:
167
os.remove(os.path.join(root, filename))
168
for dirname in dirs:
169
os.rmdir(os.path.join(root, dirname))
170
# Remove tempdir
171
os.rmdir(self.tempdir)
172
self.tempdir = None
173
174
def password_encode(self, password):
175
# Passphrase can not be empty and can not contain newlines or
176
# NUL bytes. So we prefix it and hex encode it.
177
return b"mandos" + binascii.hexlify(password)
178
179
def encrypt(self, data, password):
180
self.gnupg.passphrase = self.password_encode(password)
181
with open(os.devnull, "w") as devnull:
182
try:
183
proc = self.gnupg.run(['--symmetric'],
184
create_fhs=['stdin', 'stdout'],
185
attach_fhs={'stderr': devnull})
186
with contextlib.closing(proc.handles['stdin']) as f:
187
f.write(data)
188
with contextlib.closing(proc.handles['stdout']) as f:
189
ciphertext = f.read()
190
proc.wait()
191
except IOError as e:
192
raise PGPError(e)
193
self.gnupg.passphrase = None
194
return ciphertext
195
196
def decrypt(self, data, password):
197
self.gnupg.passphrase = self.password_encode(password)
198
with open(os.devnull, "w") as devnull:
199
try:
200
proc = self.gnupg.run(['--decrypt'],
201
create_fhs=['stdin', 'stdout'],
202
attach_fhs={'stderr': devnull})
203
with contextlib.closing(proc.handles['stdin']) as f:
204
f.write(data)
205
with contextlib.closing(proc.handles['stdout']) as f:
206
decrypted_plaintext = f.read()
207
proc.wait()
208
except IOError as e:
209
raise PGPError(e)
210
self.gnupg.passphrase = None
211
return decrypted_plaintext
212
87
address = "/dev/log"))
88
syslogger.setFormatter(logging.Formatter
89
(u'Mandos [%(process)d]: %(levelname)s:'
90
u' %(message)s'))
91
logger.addHandler(syslogger)
92
93
console = logging.StreamHandler()
94
console.setFormatter(logging.Formatter(u'%(name)s [%(process)d]:'
95
u' %(levelname)s:'
96
u' %(message)s'))
97
logger.addHandler(console)
213
98
214
99
class AvahiError(Exception):
215
100
def __init__(self, value, *args, **kwargs):
231
116
Attributes:
232
117
interface: integer; avahi.IF_UNSPEC or an interface index.
233
118
Used to optionally bind to the specified interface.
234
name: string; Example: 'Mandos'
235
type: string; Example: '_mandos._tcp'.
119
name: string; Example: u'Mandos'
120
type: string; Example: u'_mandos._tcp'.
236
121
See <http://www.dns-sd.org/ServiceTypes.html>
237
122
port: integer; what port to announce
238
123
TXT: list of strings; TXT record for the service
245
130
server: D-Bus Server
246
131
bus: dbus.SystemBus()
247
132
"""
248
249
133
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
250
134
servicetype = None, port = None, TXT = None,
251
domain = "", host = "", max_renames = 32768,
135
domain = u"", host = u"", max_renames = 32768,
252
136
protocol = avahi.PROTO_UNSPEC, bus = None):
253
137
self.interface = interface
254
138
self.name = name
263
147
self.group = None # our entry group
264
148
self.server = None
265
149
self.bus = bus
266
self.entry_group_state_changed_match = None
267
268
150
def rename(self):
269
151
"""Derived from the Avahi example code"""
270
152
if self.rename_count >= self.max_renames:
271
logger.critical("No suitable Zeroconf service name found"
272
" after %i retries, exiting.",
153
logger.critical(u"No suitable Zeroconf service name found"
154
u" after %i retries, exiting.",
273
155
self.rename_count)
274
raise AvahiServiceError("Too many renames")
275
self.name = unicode(self.server
276
.GetAlternativeServiceName(self.name))
277
logger.info("Changing Zeroconf service name to %r ...",
278
self.name)
156
raise AvahiServiceError(u"Too many renames")
157
self.name = self.server.GetAlternativeServiceName(self.name)
158
logger.info(u"Changing Zeroconf service name to %r ...",
159
unicode(self.name))
160
syslogger.setFormatter(logging.Formatter
161
(u'Mandos (%s) [%%(process)d]:'
162
u' %%(levelname)s: %%(message)s'
163
% self.name))
279
164
self.remove()
280
try:
281
self.add()
282
except dbus.exceptions.DBusException as error:
283
logger.critical("D-Bus Exception", exc_info=error)
284
self.cleanup()
285
os._exit(1)
165
self.add()
286
166
self.rename_count += 1
287
288
167
def remove(self):
289
168
"""Derived from the Avahi example code"""
290
if self.entry_group_state_changed_match is not None:
291
self.entry_group_state_changed_match.remove()
292
self.entry_group_state_changed_match = None
293
169
if self.group is not None:
294
170
self.group.Reset()
295
296
171
def add(self):
297
172
"""Derived from the Avahi example code"""
298
self.remove()
299
173
if self.group is None:
300
174
self.group = dbus.Interface(
301
175
self.bus.get_object(avahi.DBUS_NAME,
302
176
self.server.EntryGroupNew()),
303
177
avahi.DBUS_INTERFACE_ENTRY_GROUP)
304
self.entry_group_state_changed_match = (
305
self.group.connect_to_signal(
306
'StateChanged', self.entry_group_state_changed))
307
logger.debug("Adding Zeroconf service '%s' of type '%s' ...",
178
self.group.connect_to_signal('StateChanged',
179
self
180
.entry_group_state_changed)
181
logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",
308
182
self.name, self.type)
309
183
self.group.AddService(
310
184
self.interface,
315
189
dbus.UInt16(self.port),
316
190
avahi.string_array_to_txt_array(self.TXT))
317
191
self.group.Commit()
318
319
192
def entry_group_state_changed(self, state, error):
320
193
"""Derived from the Avahi example code"""
321
logger.debug("Avahi entry group state change: %i", state)
194
logger.debug(u"Avahi state change: %i", state)
322
195
323
196
if state == avahi.ENTRY_GROUP_ESTABLISHED:
324
logger.debug("Zeroconf service established.")
197
logger.debug(u"Zeroconf service established.")
325
198
elif state == avahi.ENTRY_GROUP_COLLISION:
326
logger.info("Zeroconf service name collision.")
199
logger.warning(u"Zeroconf service name collision.")
327
200
self.rename()
328
201
elif state == avahi.ENTRY_GROUP_FAILURE:
329
logger.critical("Avahi: Error in group state changed %s",
202
logger.critical(u"Avahi: Error in group state changed %s",
330
203
unicode(error))
331
raise AvahiGroupError("State changed: {0!s}"
332
.format(error))
333
204
raise AvahiGroupError(u"State changed: %s"
205
% unicode(error))
334
206
def cleanup(self):
335
207
"""Derived from the Avahi example code"""
336
208
if self.group is not None:
337
try:
338
self.group.Free()
339
except (dbus.exceptions.UnknownMethodException,
340
dbus.exceptions.DBusException):
341
pass
209
self.group.Free()
342
210
self.group = None
343
self.remove()
344
345
def server_state_changed(self, state, error=None):
211
def server_state_changed(self, state):
346
212
"""Derived from the Avahi example code"""
347
logger.debug("Avahi server state change: %i", state)
348
bad_states = { avahi.SERVER_INVALID:
349
"Zeroconf server invalid",
350
avahi.SERVER_REGISTERING: None,
351
avahi.SERVER_COLLISION:
352
"Zeroconf server name collision",
353
avahi.SERVER_FAILURE:
354
"Zeroconf server failure" }
355
if state in bad_states:
356
if bad_states[state] is not None:
357
if error is None:
358
logger.error(bad_states[state])
359
else:
360
logger.error(bad_states[state] + ": %r", error)
361
self.cleanup()
213
if state == avahi.SERVER_COLLISION:
214
logger.error(u"Zeroconf server name collision")
215
self.remove()
362
216
elif state == avahi.SERVER_RUNNING:
363
217
self.add()
364
else:
365
if error is None:
366
logger.debug("Unknown state: %r", state)
367
else:
368
logger.debug("Unknown state: %r: %r", state, error)
369
370
218
def activate(self):
371
219
"""Derived from the Avahi example code"""
372
220
if self.server is None:
373
221
self.server = dbus.Interface(
374
222
self.bus.get_object(avahi.DBUS_NAME,
375
avahi.DBUS_PATH_SERVER,
376
follow_name_owner_changes=True),
223
avahi.DBUS_PATH_SERVER),
377
224
avahi.DBUS_INTERFACE_SERVER)
378
self.server.connect_to_signal("StateChanged",
225
self.server.connect_to_signal(u"StateChanged",
379
226
self.server_state_changed)
380
227
self.server_state_changed(self.server.GetState())
381
228
382
229
383
class AvahiServiceToSyslog(AvahiService):
384
def rename(self):
385
"""Add the new name to the syslog messages"""
386
ret = AvahiService.rename(self)
387
syslogger.setFormatter(logging.Formatter
388
('Mandos ({0}) [%(process)d]:'
389
' %(levelname)s: %(message)s'
390
.format(self.name)))
391
return ret
392
393
394
def timedelta_to_milliseconds(td):
395
"Convert a datetime.timedelta() to milliseconds"
396
return ((td.days * 24 * 60 * 60 * 1000)
397
+ (td.seconds * 1000)
398
+ (td.microseconds // 1000))
399
400
401
230
class Client(object):
402
231
"""A representation of a client host served by this server.
403
232
404
233
Attributes:
405
approved: bool(); 'None' if not yet approved/disapproved
406
approval_delay: datetime.timedelta(); Time to wait for approval
407
approval_duration: datetime.timedelta(); Duration of one approval
234
name: string; from the config file, used in log messages and
235
D-Bus identifiers
236
fingerprint: string (40 or 32 hexadecimal digits); used to
237
uniquely identify the client
238
secret: bytestring; sent verbatim (over TLS) to client
239
host: string; available for use by the checker command
240
created: datetime.datetime(); (UTC) object creation
241
last_enabled: datetime.datetime(); (UTC)
242
enabled: bool()
243
last_checked_ok: datetime.datetime(); (UTC) or None
244
timeout: datetime.timedelta(); How long from last_checked_ok
245
until this client is invalid
246
interval: datetime.timedelta(); How often to start a new checker
247
disable_hook: If set, called by disable() as disable_hook(self)
408
248
checker: subprocess.Popen(); a running checker process used
409
249
to see if the client lives.
410
250
'None' if no process is running.
411
checker_callback_tag: a gobject event source tag, or None
412
checker_command: string; External command which is run to check
413
if client lives. %() expansions are done at
251
checker_initiator_tag: a gobject event source tag, or None
252
disable_initiator_tag: - '' -
253
checker_callback_tag: - '' -
254
checker_command: string; External command which is run to check if
255
client lives. %() expansions are done at
414
256
runtime with vars(self) as dict, so that for
415
257
instance %(name)s can be used in the command.
416
checker_initiator_tag: a gobject event source tag, or None
417
created: datetime.datetime(); (UTC) object creation
418
client_structure: Object describing what attributes a client has
419
and is used for storing the client at exit
420
258
current_checker_command: string; current running checker_command
421
disable_initiator_tag: a gobject event source tag, or None
422
enabled: bool()
423
fingerprint: string (40 or 32 hexadecimal digits); used to
424
uniquely identify the client
425
host: string; available for use by the checker command
426
interval: datetime.timedelta(); How often to start a new checker
427
last_approval_request: datetime.datetime(); (UTC) or None
428
last_checked_ok: datetime.datetime(); (UTC) or None
429
last_checker_status: integer between 0 and 255 reflecting exit
430
status of last checker. -1 reflects crashed
431
checker, -2 means no checker completed yet.
432
last_enabled: datetime.datetime(); (UTC) or None
433
name: string; from the config file, used in log messages and
434
D-Bus identifiers
435
secret: bytestring; sent verbatim (over TLS) to client
436
timeout: datetime.timedelta(); How long from last_checked_ok
437
until this client is disabled
438
extended_timeout: extra long timeout when secret has been sent
439
runtime_expansions: Allowed attributes for runtime expansion.
440
expires: datetime.datetime(); time (UTC) when a client will be
441
disabled, or None
442
259
"""
443
260
444
runtime_expansions = ("approval_delay", "approval_duration",
445
"created", "enabled", "fingerprint",
446
"host", "interval", "last_checked_ok",
447
"last_enabled", "name", "timeout")
448
client_defaults = { "timeout": "5m",
449
"extended_timeout": "15m",
450
"interval": "2m",
451
"checker": "fping -q -- %%(host)s",
452
"host": "",
453
"approval_delay": "0s",
454
"approval_duration": "1s",
455
"approved_by_default": "True",
456
"enabled": "True",
457
}
261
@staticmethod
262
def _timedelta_to_milliseconds(td):
263
"Convert a datetime.timedelta() to milliseconds"
264
return ((td.days * 24 * 60 * 60 * 1000)
265
+ (td.seconds * 1000)
266
+ (td.microseconds // 1000))
458
267
459
268
def timeout_milliseconds(self):
460
269
"Return the 'timeout' attribute in milliseconds"
461
return timedelta_to_milliseconds(self.timeout)
462
463
def extended_timeout_milliseconds(self):
464
"Return the 'extended_timeout' attribute in milliseconds"
465
return timedelta_to_milliseconds(self.extended_timeout)
270
return self._timedelta_to_milliseconds(self.timeout)
466
271
467
272
def interval_milliseconds(self):
468
273
"Return the 'interval' attribute in milliseconds"
469
return timedelta_to_milliseconds(self.interval)
470
471
def approval_delay_milliseconds(self):
472
return timedelta_to_milliseconds(self.approval_delay)
473
474
@staticmethod
475
def config_parser(config):
476
"""Construct a new dict of client settings of this form:
477
{ client_name: {setting_name: value, ...}, ...}
478
with exceptions for any special settings as defined above.
479
NOTE: Must be a pure function. Must return the same result
480
value given the same arguments.
481
"""
482
settings = {}
483
for client_name in config.sections():
484
section = dict(config.items(client_name))
485
client = settings[client_name] = {}
486
487
client["host"] = section["host"]
488
# Reformat values from string types to Python types
489
client["approved_by_default"] = config.getboolean(
490
client_name, "approved_by_default")
491
client["enabled"] = config.getboolean(client_name,
492
"enabled")
493
494
client["fingerprint"] = (section["fingerprint"].upper()
495
.replace(" ", ""))
496
if "secret" in section:
497
client["secret"] = section["secret"].decode("base64")
498
elif "secfile" in section:
499
with open(os.path.expanduser(os.path.expandvars
500
(section["secfile"])),
501
"rb") as secfile:
502
client["secret"] = secfile.read()
503
else:
504
raise TypeError("No secret or secfile for section {0}"
505
.format(section))
506
client["timeout"] = string_to_delta(section["timeout"])
507
client["extended_timeout"] = string_to_delta(
508
section["extended_timeout"])
509
client["interval"] = string_to_delta(section["interval"])
510
client["approval_delay"] = string_to_delta(
511
section["approval_delay"])
512
client["approval_duration"] = string_to_delta(
513
section["approval_duration"])
514
client["checker_command"] = section["checker"]
515
client["last_approval_request"] = None
516
client["last_checked_ok"] = None
517
client["last_checker_status"] = -2
518
519
return settings
520
521
def __init__(self, settings, name = None):
274
return self._timedelta_to_milliseconds(self.interval)
275
276
def __init__(self, name = None, disable_hook=None, config=None):
277
"""Note: the 'checker' key in 'config' sets the
278
'checker_command' attribute and *not* the 'checker'
279
attribute."""
522
280
self.name = name
523
# adding all client settings
524
for setting, value in settings.iteritems():
525
setattr(self, setting, value)
526
527
if self.enabled:
528
if not hasattr(self, "last_enabled"):
529
self.last_enabled = datetime.datetime.utcnow()
530
if not hasattr(self, "expires"):
531
self.expires = (datetime.datetime.utcnow()
532
+ self.timeout)
533
else:
534
self.last_enabled = None
535
self.expires = None
536
537
logger.debug("Creating client %r", self.name)
281
if config is None:
282
config = {}
283
logger.debug(u"Creating client %r", self.name)
538
284
# Uppercase and remove spaces from fingerprint for later
539
285
# comparison purposes with return value from the fingerprint()
540
286
# function
541
logger.debug(" Fingerprint: %s", self.fingerprint)
542
self.created = settings.get("created",
543
datetime.datetime.utcnow())
544
545
# attributes specific for this server instance
287
self.fingerprint = (config[u"fingerprint"].upper()
288
.replace(u" ", u""))
289
logger.debug(u" Fingerprint: %s", self.fingerprint)
290
if u"secret" in config:
291
self.secret = config[u"secret"].decode(u"base64")
292
elif u"secfile" in config:
293
with closing(open(os.path.expanduser
294
(os.path.expandvars
295
(config[u"secfile"])),
296
"rb")) as secfile:
297
self.secret = secfile.read()
298
else:
299
raise TypeError(u"No secret or secfile for client %s"
300
% self.name)
301
self.host = config.get(u"host", u"")
302
self.created = datetime.datetime.utcnow()
303
self.enabled = False
304
self.last_enabled = None
305
self.last_checked_ok = None
306
self.timeout = string_to_delta(config[u"timeout"])
307
self.interval = string_to_delta(config[u"interval"])
308
self.disable_hook = disable_hook
546
309
self.checker = None
547
310
self.checker_initiator_tag = None
548
311
self.disable_initiator_tag = None
549
312
self.checker_callback_tag = None
313
self.checker_command = config[u"checker"]
550
314
self.current_checker_command = None
551
self.approved = None
552
self.approvals_pending = 0
553
self.changedstate = (multiprocessing_manager
554
.Condition(multiprocessing_manager
555
.Lock()))
556
self.client_structure = [attr for attr in
557
self.__dict__.iterkeys()
558
if not attr.startswith("_")]
559
self.client_structure.append("client_structure")
560
561
for name, t in inspect.getmembers(type(self),
562
lambda obj:
563
isinstance(obj,
564
property)):
565
if not name.startswith("_"):
566
self.client_structure.append(name)
567
568
# Send notice to process children that client state has changed
569
def send_changedstate(self):
570
with self.changedstate:
571
self.changedstate.notify_all()
315
self.last_connect = None
572
316
573
317
def enable(self):
574
318
"""Start this client's checker and timeout hooks"""
575
if getattr(self, "enabled", False):
319
if getattr(self, u"enabled", False):
576
320
# Already enabled
577
321
return
578
self.expires = datetime.datetime.utcnow() + self.timeout
579
self.enabled = True
580
322
self.last_enabled = datetime.datetime.utcnow()
581
self.init_checker()
582
self.send_changedstate()
583
584
def disable(self, quiet=True):
585
"""Disable this client."""
586
if not getattr(self, "enabled", False):
587
return False
588
if not quiet:
589
logger.info("Disabling client %s", self.name)
590
if getattr(self, "disable_initiator_tag", None) is not None:
591
gobject.source_remove(self.disable_initiator_tag)
592
self.disable_initiator_tag = None
593
self.expires = None
594
if getattr(self, "checker_initiator_tag", None) is not None:
595
gobject.source_remove(self.checker_initiator_tag)
596
self.checker_initiator_tag = None
597
self.stop_checker()
598
self.enabled = False
599
if not quiet:
600
self.send_changedstate()
601
# Do not run this again if called by a gobject.timeout_add
602
return False
603
604
def __del__(self):
605
self.disable()
606
607
def init_checker(self):
608
323
# Schedule a new checker to be started an 'interval' from now,
609
324
# and every interval from then on.
610
if self.checker_initiator_tag is not None:
611
gobject.source_remove(self.checker_initiator_tag)
612
325
self.checker_initiator_tag = (gobject.timeout_add
613
326
(self.interval_milliseconds(),
614
327
self.start_checker))
615
328
# Schedule a disable() when 'timeout' has passed
616
if self.disable_initiator_tag is not None:
617
gobject.source_remove(self.disable_initiator_tag)
618
329
self.disable_initiator_tag = (gobject.timeout_add
619
330
(self.timeout_milliseconds(),
620
331
self.disable))
332
self.enabled = True
621
333
# Also start a new checker *right now*.
622
334
self.start_checker()
623
335
336
def disable(self, quiet=True):
337
"""Disable this client."""
338
if not getattr(self, "enabled", False):
339
return False
340
if not quiet:
341
logger.info(u"Disabling client %s", self.name)
342
if getattr(self, u"disable_initiator_tag", False):
343
gobject.source_remove(self.disable_initiator_tag)
344
self.disable_initiator_tag = None
345
if getattr(self, u"checker_initiator_tag", False):
346
gobject.source_remove(self.checker_initiator_tag)
347
self.checker_initiator_tag = None
348
self.stop_checker()
349
if self.disable_hook:
350
self.disable_hook(self)
351
self.enabled = False
352
# Do not run this again if called by a gobject.timeout_add
353
return False
354
355
def __del__(self):
356
self.disable_hook = None
357
self.disable()
358
624
359
def checker_callback(self, pid, condition, command):
625
360
"""The checker has completed, so take appropriate actions."""
626
361
self.checker_callback_tag = None
627
362
self.checker = None
628
363
if os.WIFEXITED(condition):
629
self.last_checker_status = os.WEXITSTATUS(condition)
630
if self.last_checker_status == 0:
631
logger.info("Checker for %(name)s succeeded",
364
exitstatus = os.WEXITSTATUS(condition)
365
if exitstatus == 0:
366
logger.info(u"Checker for %(name)s succeeded",
632
367
vars(self))
633
368
self.checked_ok()
634
369
else:
635
logger.info("Checker for %(name)s failed",
370
logger.info(u"Checker for %(name)s failed",
636
371
vars(self))
637
372
else:
638
self.last_checker_status = -1
639
logger.warning("Checker for %(name)s crashed?",
373
logger.warning(u"Checker for %(name)s crashed?",
640
374
vars(self))
641
375
642
376
def checked_ok(self):
643
"""Assert that the client has been seen, alive and well."""
377
"""Bump up the timeout for this client.
378
379
This should only be called when the client has been seen,
380
alive and well.
381
"""
644
382
self.last_checked_ok = datetime.datetime.utcnow()
645
self.last_checker_status = 0
646
self.bump_timeout()
647
648
def bump_timeout(self, timeout=None):
649
"""Bump up the timeout for this client."""
650
if timeout is None:
651
timeout = self.timeout
652
if self.disable_initiator_tag is not None:
653
gobject.source_remove(self.disable_initiator_tag)
654
self.disable_initiator_tag = None
655
if getattr(self, "enabled", False):
656
self.disable_initiator_tag = (gobject.timeout_add
657
(timedelta_to_milliseconds
658
(timeout), self.disable))
659
self.expires = datetime.datetime.utcnow() + timeout
660
661
def need_approval(self):
662
self.last_approval_request = datetime.datetime.utcnow()
383
gobject.source_remove(self.disable_initiator_tag)
384
self.disable_initiator_tag = (gobject.timeout_add
385
(self.timeout_milliseconds(),
386
self.disable))
663
387
664
388
def start_checker(self):
665
389
"""Start a new checker subprocess if one is not running.
667
391
If a checker already exists, leave it running and do
668
392
nothing."""
669
393
# The reason for not killing a running checker is that if we
670
# did that, and if a checker (for some reason) started running
671
# slowly and taking more than 'interval' time, then the client
672
# would inevitably timeout, since no checker would get a
673
# chance to run to completion. If we instead leave running
394
# did that, then if a checker (for some reason) started
395
# running slowly and taking more than 'interval' time, the
396
# client would inevitably timeout, since no checker would get
397
# a chance to run to completion. If we instead leave running
674
398
# checkers alone, the checker would have to take more time
675
# than 'timeout' for the client to be disabled, which is as it
676
# should be.
399
# than 'timeout' for the client to be declared invalid, which
400
# is as it should be.
677
401
678
402
# If a checker exists, make sure it is not a zombie
679
403
try:
680
404
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
681
except (AttributeError, OSError) as error:
405
except (AttributeError, OSError), error:
682
406
if (isinstance(error, OSError)
683
407
and error.errno != errno.ECHILD):
684
408
raise error
685
409
else:
686
410
if pid:
687
logger.warning("Checker was a zombie")
411
logger.warning(u"Checker was a zombie")
688
412
gobject.source_remove(self.checker_callback_tag)
689
413
self.checker_callback(pid, status,
690
414
self.current_checker_command)
691
415
# Start a new checker if needed
692
416
if self.checker is None:
693
# Escape attributes for the shell
694
escaped_attrs = dict(
695
(attr, re.escape(unicode(getattr(self, attr))))
696
for attr in
697
self.runtime_expansions)
698
417
try:
699
command = self.checker_command % escaped_attrs
700
except TypeError as error:
701
logger.error('Could not format string "%s"',
702
self.checker_command, exc_info=error)
703
return True # Try again later
418
# In case checker_command has exactly one % operator
419
command = self.checker_command % self.host
420
except TypeError:
421
# Escape attributes for the shell
422
escaped_attrs = dict((key,
423
re.escape(unicode(str(val),
424
errors=
425
u'replace')))
426
for key, val in
427
vars(self).iteritems())
428
try:
429
command = self.checker_command % escaped_attrs
430
except TypeError, error:
431
logger.error(u'Could not format string "%s":'
432
u' %s', self.checker_command, error)
433
return True # Try again later
704
434
self.current_checker_command = command
705
435
try:
706
logger.info("Starting checker %r for %s",
436
logger.info(u"Starting checker %r for %s",
707
437
command, self.name)
708
438
# We don't need to redirect stdout and stderr, since
709
439
# in normal mode, that is already done by daemon(),
711
441
# always replaced by /dev/null.)
712
442
self.checker = subprocess.Popen(command,
713
443
close_fds=True,
714
shell=True, cwd="/")
715
except OSError as error:
716
logger.error("Failed to start subprocess",
717
exc_info=error)
718
self.checker_callback_tag = (gobject.child_watch_add
719
(self.checker.pid,
720
self.checker_callback,
721
data=command))
722
# The checker may have completed before the gobject
723
# watch was added. Check for this.
724
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
725
if pid:
726
gobject.source_remove(self.checker_callback_tag)
727
self.checker_callback(pid, status, command)
444
shell=True, cwd=u"/")
445
self.checker_callback_tag = (gobject.child_watch_add
446
(self.checker.pid,
447
self.checker_callback,
448
data=command))
449
# The checker may have completed before the gobject
450
# watch was added. Check for this.
451
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
452
if pid:
453
gobject.source_remove(self.checker_callback_tag)
454
self.checker_callback(pid, status, command)
455
except OSError, error:
456
logger.error(u"Failed to start subprocess: %s",
457
error)
728
458
# Re-run this periodically if run by gobject.timeout_add
729
459
return True
730
460
733
463
if self.checker_callback_tag:
734
464
gobject.source_remove(self.checker_callback_tag)
735
465
self.checker_callback_tag = None
736
if getattr(self, "checker", None) is None:
466
if getattr(self, u"checker", None) is None:
737
467
return
738
logger.debug("Stopping checker for %(name)s", vars(self))
468
logger.debug(u"Stopping checker for %(name)s", vars(self))
739
469
try:
740
self.checker.terminate()
470
os.kill(self.checker.pid, signal.SIGTERM)
741
471
#time.sleep(0.5)
742
472
#if self.checker.poll() is None:
743
# self.checker.kill()
744
except OSError as error:
473
# os.kill(self.checker.pid, signal.SIGKILL)
474
except OSError, error:
745
475
if error.errno != errno.ESRCH: # No such process
746
476
raise
747
477
self.checker = None
748
749
750
def dbus_service_property(dbus_interface, signature="v",
751
access="readwrite", byte_arrays=False):
478
479
def still_valid(self):
480
"""Has the timeout not yet passed for this client?"""
481
if not getattr(self, u"enabled", False):
482
return False
483
now = datetime.datetime.utcnow()
484
if self.last_checked_ok is None:
485
return now < (self.created + self.timeout)
486
else:
487
return now < (self.last_checked_ok + self.timeout)
488
489
490
def dbus_service_property(dbus_interface, signature=u"v",
491
access=u"readwrite", byte_arrays=False):
752
492
"""Decorators for marking methods of a DBusObjectWithProperties to
753
493
become properties on the D-Bus.
754
494
759
499
dbus.service.method, except there is only "signature", since the
760
500
type from Get() and the type sent to Set() is the same.
761
501
"""
762
# Encoding deeply encoded byte arrays is not supported yet by the
763
# "Set" method, so we fail early here:
764
if byte_arrays and signature != "ay":
765
raise ValueError("Byte arrays not supported for non-'ay'"
766
" signature {0!r}".format(signature))
767
502
def decorator(func):
768
503
func._dbus_is_property = True
769
504
func._dbus_interface = dbus_interface
770
505
func._dbus_signature = signature
771
506
func._dbus_access = access
772
507
func._dbus_name = func.__name__
773
if func._dbus_name.endswith("_dbus_property"):
508
if func._dbus_name.endswith(u"_dbus_property"):
774
509
func._dbus_name = func._dbus_name[:-14]
775
func._dbus_get_args_options = {'byte_arrays': byte_arrays }
776
return func
777
return decorator
778
779
780
def dbus_interface_annotations(dbus_interface):
781
"""Decorator for marking functions returning interface annotations
782
783
Usage:
784
785
@dbus_interface_annotations("org.example.Interface")
786
def _foo(self): # Function name does not matter
787
return {"org.freedesktop.DBus.Deprecated": "true",
788
"org.freedesktop.DBus.Property.EmitsChangedSignal":
789
"false"}
790
"""
791
def decorator(func):
792
func._dbus_is_interface = True
793
func._dbus_interface = dbus_interface
794
func._dbus_name = dbus_interface
795
return func
796
return decorator
797
798
799
def dbus_annotations(annotations):
800
"""Decorator to annotate D-Bus methods, signals or properties
801
Usage:
802
803
@dbus_service_property("org.example.Interface", signature="b",
804
access="r")
805
@dbus_annotations({{"org.freedesktop.DBus.Deprecated": "true",
806
"org.freedesktop.DBus.Property."
807
"EmitsChangedSignal": "false"})
808
def Property_dbus_property(self):
809
return dbus.Boolean(False)
810
"""
811
def decorator(func):
812
func._dbus_annotations = annotations
510
func._dbus_get_args_options = {u'byte_arrays': byte_arrays }
813
511
return func
814
512
return decorator
815
513
835
533
836
534
class DBusObjectWithProperties(dbus.service.Object):
837
535
"""A D-Bus object with properties.
838
536
839
537
Classes inheriting from this can use the dbus_service_property
840
538
decorator to expose methods as D-Bus properties. It exposes the
841
539
standard Get(), Set(), and GetAll() methods on the D-Bus.
842
540
"""
843
541
844
542
@staticmethod
845
def _is_dbus_thing(thing):
846
"""Returns a function testing if an attribute is a D-Bus thing
847
848
If called like _is_dbus_thing("method") it returns a function
849
suitable for use as predicate to inspect.getmembers().
850
"""
851
return lambda obj: getattr(obj, "_dbus_is_{0}".format(thing),
852
False)
543
def _is_dbus_property(obj):
544
return getattr(obj, u"_dbus_is_property", False)
853
545
854
def _get_all_dbus_things(self, thing):
546
def _get_all_dbus_properties(self):
855
547
"""Returns a generator of (name, attribute) pairs
856
548
"""
857
return ((getattr(athing.__get__(self), "_dbus_name",
858
name),
859
athing.__get__(self))
860
for cls in self.__class__.__mro__
861
for name, athing in
862
inspect.getmembers(cls,
863
self._is_dbus_thing(thing)))
549
return ((prop._dbus_name, prop)
550
for name, prop in
551
inspect.getmembers(self, self._is_dbus_property))
864
552
865
553
def _get_dbus_property(self, interface_name, property_name):
866
554
"""Returns a bound method if one exists which is a D-Bus
867
555
property with the specified name and interface.
868
556
"""
869
for cls in self.__class__.__mro__:
870
for name, value in (inspect.getmembers
871
(cls,
872
self._is_dbus_thing("property"))):
873
if (value._dbus_name == property_name
874
and value._dbus_interface == interface_name):
875
return value.__get__(self)
876
557
for name in (property_name,
558
property_name + u"_dbus_property"):
559
prop = getattr(self, name, None)
560
if (prop is None
561
or not self._is_dbus_property(prop)
562
or prop._dbus_name != property_name
563
or (interface_name and prop._dbus_interface
564
and interface_name != prop._dbus_interface)):
565
continue
566
return prop
877
567
# No such property
878
raise DBusPropertyNotFound(self.dbus_object_path + ":"
879
+ interface_name + "."
568
raise DBusPropertyNotFound(self.dbus_object_path + u":"
569
+ interface_name + u"."
880
570
+ property_name)
881
571
882
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
883
out_signature="v")
572
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"ss",
573
out_signature=u"v")
884
574
def Get(self, interface_name, property_name):
885
575
"""Standard D-Bus property Get() method, see D-Bus standard.
886
576
"""
887
577
prop = self._get_dbus_property(interface_name, property_name)
888
if prop._dbus_access == "write":
578
if prop._dbus_access == u"write":
889
579
raise DBusPropertyAccessException(property_name)
890
580
value = prop()
891
if not hasattr(value, "variant_level"):
581
if not hasattr(value, u"variant_level"):
892
582
return value
893
583
return type(value)(value, variant_level=value.variant_level+1)
894
584
895
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ssv")
585
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"ssv")
896
586
def Set(self, interface_name, property_name, value):
897
587
"""Standard D-Bus property Set() method, see D-Bus standard.
898
588
"""
899
589
prop = self._get_dbus_property(interface_name, property_name)
900
if prop._dbus_access == "read":
590
if prop._dbus_access == u"read":
901
591
raise DBusPropertyAccessException(property_name)
902
if prop._dbus_get_args_options["byte_arrays"]:
903
# The byte_arrays option is not supported yet on
904
# signatures other than "ay".
905
if prop._dbus_signature != "ay":
906
raise ValueError
907
value = dbus.ByteArray(b''.join(chr(byte)
908
for byte in value))
592
if prop._dbus_get_args_options[u"byte_arrays"]:
593
value = dbus.ByteArray(''.join(unichr(byte)
594
for byte in value))
909
595
prop(value)
910
596
911
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
912
out_signature="a{sv}")
597
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"s",
598
out_signature=u"a{sv}")
913
599
def GetAll(self, interface_name):
914
600
"""Standard D-Bus property GetAll() method, see D-Bus
915
601
standard.
916
602
917
603
Note: Will not include properties with access="write".
918
604
"""
919
properties = {}
920
for name, prop in self._get_all_dbus_things("property"):
605
all = {}
606
for name, prop in self._get_all_dbus_properties():
921
607
if (interface_name
922
608
and interface_name != prop._dbus_interface):
923
609
# Interface non-empty but did not match
924
610
continue
925
611
# Ignore write-only properties
926
if prop._dbus_access == "write":
612
if prop._dbus_access == u"write":
927
613
continue
928
614
value = prop()
929
if not hasattr(value, "variant_level"):
930
properties[name] = value
615
if not hasattr(value, u"variant_level"):
616
all[name] = value
931
617
continue
932
properties[name] = type(value)(value, variant_level=
933
value.variant_level+1)
934
return dbus.Dictionary(properties, signature="sv")
618
all[name] = type(value)(value, variant_level=
619
value.variant_level+1)
620
return dbus.Dictionary(all, signature=u"sv")
935
621
936
622
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
937
out_signature="s",
623
out_signature=u"s",
938
624
path_keyword='object_path',
939
625
connection_keyword='connection')
940
626
def Introspect(self, object_path, connection):
941
"""Overloading of standard D-Bus method.
942
943
Inserts property tags and interface annotation tags.
627
"""Standard D-Bus method, overloaded to insert property tags.
944
628
"""
945
629
xmlstring = dbus.service.Object.Introspect(self, object_path,
946
630
connection)
947
631
try:
948
632
document = xml.dom.minidom.parseString(xmlstring)
949
633
def make_tag(document, name, prop):
950
e = document.createElement("property")
951
e.setAttribute("name", name)
952
e.setAttribute("type", prop._dbus_signature)
953
e.setAttribute("access", prop._dbus_access)
634
e = document.createElement(u"property")
635
e.setAttribute(u"name", name)
636
e.setAttribute(u"type", prop._dbus_signature)
637
e.setAttribute(u"access", prop._dbus_access)
954
638
return e
955
for if_tag in document.getElementsByTagName("interface"):
956
# Add property tags
639
for if_tag in document.getElementsByTagName(u"interface"):
957
640
for tag in (make_tag(document, name, prop)
958
641
for name, prop
959
in self._get_all_dbus_things("property")
642
in self._get_all_dbus_properties()
960
643
if prop._dbus_interface
961
== if_tag.getAttribute("name")):
644
== if_tag.getAttribute(u"name")):
962
645
if_tag.appendChild(tag)
963
# Add annotation tags
964
for typ in ("method", "signal", "property"):
965
for tag in if_tag.getElementsByTagName(typ):
966
annots = dict()
967
for name, prop in (self.
968
_get_all_dbus_things(typ)):
969
if (name == tag.getAttribute("name")
970
and prop._dbus_interface
971
== if_tag.getAttribute("name")):
972
annots.update(getattr
973
(prop,
974
"_dbus_annotations",
975
{}))
976
for name, value in annots.iteritems():
977
ann_tag = document.createElement(
978
"annotation")
979
ann_tag.setAttribute("name", name)
980
ann_tag.setAttribute("value", value)
981
tag.appendChild(ann_tag)
982
# Add interface annotation tags
983
for annotation, value in dict(
984
itertools.chain.from_iterable(
985
annotations().iteritems()
986
for name, annotations in
987
self._get_all_dbus_things("interface")
988
if name == if_tag.getAttribute("name")
989
)).iteritems():
990
ann_tag = document.createElement("annotation")
991
ann_tag.setAttribute("name", annotation)
992
ann_tag.setAttribute("value", value)
993
if_tag.appendChild(ann_tag)
994
646
# Add the names to the return values for the
995
647
# "org.freedesktop.DBus.Properties" methods
996
if (if_tag.getAttribute("name")
997
== "org.freedesktop.DBus.Properties"):
998
for cn in if_tag.getElementsByTagName("method"):
999
if cn.getAttribute("name") == "Get":
1000
for arg in cn.getElementsByTagName("arg"):
1001
if (arg.getAttribute("direction")
1002
== "out"):
1003
arg.setAttribute("name", "value")
1004
elif cn.getAttribute("name") == "GetAll":
1005
for arg in cn.getElementsByTagName("arg"):
1006
if (arg.getAttribute("direction")
1007
== "out"):
1008
arg.setAttribute("name", "props")
1009
xmlstring = document.toxml("utf-8")
648
if (if_tag.getAttribute(u"name")
649
== u"org.freedesktop.DBus.Properties"):
650
for cn in if_tag.getElementsByTagName(u"method"):
651
if cn.getAttribute(u"name") == u"Get":
652
for arg in cn.getElementsByTagName(u"arg"):
653
if (arg.getAttribute(u"direction")
654
== u"out"):
655
arg.setAttribute(u"name", u"value")
656
elif cn.getAttribute(u"name") == u"GetAll":
657
for arg in cn.getElementsByTagName(u"arg"):
658
if (arg.getAttribute(u"direction")
659
== u"out"):
660
arg.setAttribute(u"name", u"props")
661
xmlstring = document.toxml(u"utf-8")
1010
662
document.unlink()
1011
663
except (AttributeError, xml.dom.DOMException,
1012
xml.parsers.expat.ExpatError) as error:
1013
logger.error("Failed to override Introspection method",
1014
exc_info=error)
664
xml.parsers.expat.ExpatError), error:
665
logger.error(u"Failed to override Introspection method",
666
error)
1015
667
return xmlstring
1016
668
1017
669
1018
def datetime_to_dbus (dt, variant_level=0):
1019
"""Convert a UTC datetime.datetime() to a D-Bus type."""
1020
if dt is None:
1021
return dbus.String("", variant_level = variant_level)
1022
return dbus.String(dt.isoformat(),
1023
variant_level=variant_level)
1024
1025
1026
def alternate_dbus_interfaces(alt_interface_names, deprecate=True):
1027
"""A class decorator; applied to a subclass of
1028
dbus.service.Object, it will add alternate D-Bus attributes with
1029
interface names according to the "alt_interface_names" mapping.
1030
Usage:
1031
1032
@alternate_dbus_names({"org.example.Interface":
1033
"net.example.AlternateInterface"})
1034
class SampleDBusObject(dbus.service.Object):
1035
@dbus.service.method("org.example.Interface")
1036
def SampleDBusMethod():
1037
pass
1038
1039
The above "SampleDBusMethod" on "SampleDBusObject" will be
1040
reachable via two interfaces: "org.example.Interface" and
1041
"net.example.AlternateInterface", the latter of which will have
1042
its D-Bus annotation "org.freedesktop.DBus.Deprecated" set to
1043
"true", unless "deprecate" is passed with a False value.
1044
1045
This works for methods and signals, and also for D-Bus properties
1046
(from DBusObjectWithProperties) and interfaces (from the
1047
dbus_interface_annotations decorator).
1048
"""
1049
def wrapper(cls):
1050
for orig_interface_name, alt_interface_name in (
1051
alt_interface_names.iteritems()):
1052
attr = {}
1053
interface_names = set()
1054
# Go though all attributes of the class
1055
for attrname, attribute in inspect.getmembers(cls):
1056
# Ignore non-D-Bus attributes, and D-Bus attributes
1057
# with the wrong interface name
1058
if (not hasattr(attribute, "_dbus_interface")
1059
or not attribute._dbus_interface
1060
.startswith(orig_interface_name)):
1061
continue
1062
# Create an alternate D-Bus interface name based on
1063
# the current name
1064
alt_interface = (attribute._dbus_interface
1065
.replace(orig_interface_name,
1066
alt_interface_name))
1067
interface_names.add(alt_interface)
1068
# Is this a D-Bus signal?
1069
if getattr(attribute, "_dbus_is_signal", False):
1070
# Extract the original non-method function by
1071
# black magic
1072
nonmethod_func = (dict(
1073
zip(attribute.func_code.co_freevars,
1074
attribute.__closure__))["func"]
1075
.cell_contents)
1076
# Create a new, but exactly alike, function
1077
# object, and decorate it to be a new D-Bus signal
1078
# with the alternate D-Bus interface name
1079
new_function = (dbus.service.signal
1080
(alt_interface,
1081
attribute._dbus_signature)
1082
(types.FunctionType(
1083
nonmethod_func.func_code,
1084
nonmethod_func.func_globals,
1085
nonmethod_func.func_name,
1086
nonmethod_func.func_defaults,
1087
nonmethod_func.func_closure)))
1088
# Copy annotations, if any
1089
try:
1090
new_function._dbus_annotations = (
1091
dict(attribute._dbus_annotations))
1092
except AttributeError:
1093
pass
1094
# Define a creator of a function to call both the
1095
# original and alternate functions, so both the
1096
# original and alternate signals gets sent when
1097
# the function is called
1098
def fixscope(func1, func2):
1099
"""This function is a scope container to pass
1100
func1 and func2 to the "call_both" function
1101
outside of its arguments"""
1102
def call_both(*args, **kwargs):
1103
"""This function will emit two D-Bus
1104
signals by calling func1 and func2"""
1105
func1(*args, **kwargs)
1106
func2(*args, **kwargs)
1107
return call_both
1108
# Create the "call_both" function and add it to
1109
# the class
1110
attr[attrname] = fixscope(attribute, new_function)
1111
# Is this a D-Bus method?
1112
elif getattr(attribute, "_dbus_is_method", False):
1113
# Create a new, but exactly alike, function
1114
# object. Decorate it to be a new D-Bus method
1115
# with the alternate D-Bus interface name. Add it
1116
# to the class.
1117
attr[attrname] = (dbus.service.method
1118
(alt_interface,
1119
attribute._dbus_in_signature,
1120
attribute._dbus_out_signature)
1121
(types.FunctionType
1122
(attribute.func_code,
1123
attribute.func_globals,
1124
attribute.func_name,
1125
attribute.func_defaults,
1126
attribute.func_closure)))
1127
# Copy annotations, if any
1128
try:
1129
attr[attrname]._dbus_annotations = (
1130
dict(attribute._dbus_annotations))
1131
except AttributeError:
1132
pass
1133
# Is this a D-Bus property?
1134
elif getattr(attribute, "_dbus_is_property", False):
1135
# Create a new, but exactly alike, function
1136
# object, and decorate it to be a new D-Bus
1137
# property with the alternate D-Bus interface
1138
# name. Add it to the class.
1139
attr[attrname] = (dbus_service_property
1140
(alt_interface,
1141
attribute._dbus_signature,
1142
attribute._dbus_access,
1143
attribute
1144
._dbus_get_args_options
1145
["byte_arrays"])
1146
(types.FunctionType
1147
(attribute.func_code,
1148
attribute.func_globals,
1149
attribute.func_name,
1150
attribute.func_defaults,
1151
attribute.func_closure)))
1152
# Copy annotations, if any
1153
try:
1154
attr[attrname]._dbus_annotations = (
1155
dict(attribute._dbus_annotations))
1156
except AttributeError:
1157
pass
1158
# Is this a D-Bus interface?
1159
elif getattr(attribute, "_dbus_is_interface", False):
1160
# Create a new, but exactly alike, function
1161
# object. Decorate it to be a new D-Bus interface
1162
# with the alternate D-Bus interface name. Add it
1163
# to the class.
1164
attr[attrname] = (dbus_interface_annotations
1165
(alt_interface)
1166
(types.FunctionType
1167
(attribute.func_code,
1168
attribute.func_globals,
1169
attribute.func_name,
1170
attribute.func_defaults,
1171
attribute.func_closure)))
1172
if deprecate:
1173
# Deprecate all alternate interfaces
1174
iname="_AlternateDBusNames_interface_annotation{0}"
1175
for interface_name in interface_names:
1176
@dbus_interface_annotations(interface_name)
1177
def func(self):
1178
return { "org.freedesktop.DBus.Deprecated":
1179
"true" }
1180
# Find an unused name
1181
for aname in (iname.format(i)
1182
for i in itertools.count()):
1183
if aname not in attr:
1184
attr[aname] = func
1185
break
1186
if interface_names:
1187
# Replace the class with a new subclass of it with
1188
# methods, signals, etc. as created above.
1189
cls = type(b"{0}Alternate".format(cls.__name__),
1190
(cls,), attr)
1191
return cls
1192
return wrapper
1193
1194
1195
@alternate_dbus_interfaces({"se.recompile.Mandos":
1196
"se.bsnet.fukt.Mandos"})
1197
670
class ClientDBus(Client, DBusObjectWithProperties):
1198
671
"""A Client class using D-Bus
1199
672
1201
674
dbus_object_path: dbus.ObjectPath
1202
675
bus: dbus.SystemBus()
1203
676
"""
1204
1205
runtime_expansions = (Client.runtime_expansions
1206
+ ("dbus_object_path",))
1207
1208
677
# dbus.service.Object doesn't use super(), so we can't either.
1209
678
1210
679
def __init__(self, bus = None, *args, **kwargs):
1212
681
Client.__init__(self, *args, **kwargs)
1213
682
# Only now, when this client is initialized, can it show up on
1214
683
# the D-Bus
1215
client_object_name = unicode(self.name).translate(
1216
{ord("."): ord("_"),
1217
ord("-"): ord("_")})
1218
684
self.dbus_object_path = (dbus.ObjectPath
1219
("/clients/" + client_object_name))
685
(u"/clients/"
686
+ self.name.replace(u".", u"_")))
1220
687
DBusObjectWithProperties.__init__(self, self.bus,
1221
688
self.dbus_object_path)
1222
689
1223
def notifychangeproperty(transform_func,
1224
dbus_name, type_func=lambda x: x,
1225
variant_level=1):
1226
""" Modify a variable so that it's a property which announces
1227
its changes to DBus.
1228
1229
transform_fun: Function that takes a value and a variant_level
1230
and transforms it to a D-Bus type.
1231
dbus_name: D-Bus name of the variable
1232
type_func: Function that transform the value before sending it
1233
to the D-Bus. Default: no transform
1234
variant_level: D-Bus variant level. Default: 1
1235
"""
1236
attrname = "_{0}".format(dbus_name)
1237
def setter(self, value):
1238
if hasattr(self, "dbus_object_path"):
1239
if (not hasattr(self, attrname) or
1240
type_func(getattr(self, attrname, None))
1241
!= type_func(value)):
1242
dbus_value = transform_func(type_func(value),
1243
variant_level
1244
=variant_level)
1245
self.PropertyChanged(dbus.String(dbus_name),
1246
dbus_value)
1247
setattr(self, attrname, value)
1248
1249
return property(lambda self: getattr(self, attrname), setter)
1250
1251
expires = notifychangeproperty(datetime_to_dbus, "Expires")
1252
approvals_pending = notifychangeproperty(dbus.Boolean,
1253
"ApprovalPending",
1254
type_func = bool)
1255
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
1256
last_enabled = notifychangeproperty(datetime_to_dbus,
1257
"LastEnabled")
1258
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
1259
type_func = lambda checker:
1260
checker is not None)
1261
last_checked_ok = notifychangeproperty(datetime_to_dbus,
1262
"LastCheckedOK")
1263
last_checker_status = notifychangeproperty(dbus.Int16,
1264
"LastCheckerStatus")
1265
last_approval_request = notifychangeproperty(
1266
datetime_to_dbus, "LastApprovalRequest")
1267
approved_by_default = notifychangeproperty(dbus.Boolean,
1268
"ApprovedByDefault")
1269
approval_delay = notifychangeproperty(dbus.UInt64,
1270
"ApprovalDelay",
1271
type_func =
1272
timedelta_to_milliseconds)
1273
approval_duration = notifychangeproperty(
1274
dbus.UInt64, "ApprovalDuration",
1275
type_func = timedelta_to_milliseconds)
1276
host = notifychangeproperty(dbus.String, "Host")
1277
timeout = notifychangeproperty(dbus.UInt64, "Timeout",
1278
type_func =
1279
timedelta_to_milliseconds)
1280
extended_timeout = notifychangeproperty(
1281
dbus.UInt64, "ExtendedTimeout",
1282
type_func = timedelta_to_milliseconds)
1283
interval = notifychangeproperty(dbus.UInt64,
1284
"Interval",
1285
type_func =
1286
timedelta_to_milliseconds)
1287
checker_command = notifychangeproperty(dbus.String, "Checker")
1288
1289
del notifychangeproperty
690
@staticmethod
691
def _datetime_to_dbus(dt, variant_level=0):
692
"""Convert a UTC datetime.datetime() to a D-Bus type."""
693
return dbus.String(dt.isoformat(),
694
variant_level=variant_level)
695
696
def enable(self):
697
oldstate = getattr(self, u"enabled", False)
698
r = Client.enable(self)
699
if oldstate != self.enabled:
700
# Emit D-Bus signals
701
self.PropertyChanged(dbus.String(u"enabled"),
702
dbus.Boolean(True, variant_level=1))
703
self.PropertyChanged(
704
dbus.String(u"last_enabled"),
705
self._datetime_to_dbus(self.last_enabled,
706
variant_level=1))
707
return r
708
709
def disable(self, quiet = False):
710
oldstate = getattr(self, u"enabled", False)
711
r = Client.disable(self, quiet=quiet)
712
if not quiet and oldstate != self.enabled:
713
# Emit D-Bus signal
714
self.PropertyChanged(dbus.String(u"enabled"),
715
dbus.Boolean(False, variant_level=1))
716
return r
1290
717
1291
718
def __del__(self, *args, **kwargs):
1292
719
try:
1293
720
self.remove_from_connection()
1294
721
except LookupError:
1295
722
pass
1296
if hasattr(DBusObjectWithProperties, "__del__"):
723
if hasattr(DBusObjectWithProperties, u"__del__"):
1297
724
DBusObjectWithProperties.__del__(self, *args, **kwargs)
1298
725
Client.__del__(self, *args, **kwargs)
1299
726
1301
728
*args, **kwargs):
1302
729
self.checker_callback_tag = None
1303
730
self.checker = None
731
# Emit D-Bus signal
732
self.PropertyChanged(dbus.String(u"checker_running"),
733
dbus.Boolean(False, variant_level=1))
1304
734
if os.WIFEXITED(condition):
1305
735
exitstatus = os.WEXITSTATUS(condition)
1306
736
# Emit D-Bus signal
1316
746
return Client.checker_callback(self, pid, condition, command,
1317
747
*args, **kwargs)
1318
748
749
def checked_ok(self, *args, **kwargs):
750
r = Client.checked_ok(self, *args, **kwargs)
751
# Emit D-Bus signal
752
self.PropertyChanged(
753
dbus.String(u"last_checked_ok"),
754
(self._datetime_to_dbus(self.last_checked_ok,
755
variant_level=1)))
756
return r
757
1319
758
def start_checker(self, *args, **kwargs):
1320
759
old_checker = self.checker
1321
760
if self.checker is not None:
1328
767
and old_checker_pid != self.checker.pid):
1329
768
# Emit D-Bus signal
1330
769
self.CheckerStarted(self.current_checker_command)
1331
return r
1332
1333
def _reset_approved(self):
1334
self.approved = None
1335
return False
1336
1337
def approve(self, value=True):
1338
self.approved = value
1339
gobject.timeout_add(timedelta_to_milliseconds
1340
(self.approval_duration),
1341
self._reset_approved)
1342
self.send_changedstate()
1343
1344
## D-Bus methods, signals & properties
1345
_interface = "se.recompile.Mandos.Client"
1346
1347
## Interfaces
1348
1349
@dbus_interface_annotations(_interface)
1350
def _foo(self):
1351
return { "org.freedesktop.DBus.Property.EmitsChangedSignal":
1352
"false"}
1353
1354
## Signals
770
self.PropertyChanged(
771
dbus.String(u"checker_running"),
772
dbus.Boolean(True, variant_level=1))
773
return r
774
775
def stop_checker(self, *args, **kwargs):
776
old_checker = getattr(self, u"checker", None)
777
r = Client.stop_checker(self, *args, **kwargs)
778
if (old_checker is not None
779
and getattr(self, u"checker", None) is None):
780
self.PropertyChanged(dbus.String(u"checker_running"),
781
dbus.Boolean(False, variant_level=1))
782
return r
783
784
## D-Bus methods & signals
785
_interface = u"se.bsnet.fukt.Mandos.Client"
786
787
# CheckedOK - method
788
@dbus.service.method(_interface)
789
def CheckedOK(self):
790
return self.checked_ok()
1355
791
1356
792
# CheckerCompleted - signal
1357
@dbus.service.signal(_interface, signature="nxs")
793
@dbus.service.signal(_interface, signature=u"nxs")
1358
794
def CheckerCompleted(self, exitcode, waitstatus, command):
1359
795
"D-Bus signal"
1360
796
pass
1361
797
1362
798
# CheckerStarted - signal
1363
@dbus.service.signal(_interface, signature="s")
799
@dbus.service.signal(_interface, signature=u"s")
1364
800
def CheckerStarted(self, command):
1365
801
"D-Bus signal"
1366
802
pass
1367
803
1368
804
# PropertyChanged - signal
1369
@dbus.service.signal(_interface, signature="sv")
805
@dbus.service.signal(_interface, signature=u"sv")
1370
806
def PropertyChanged(self, property, value):
1371
807
"D-Bus signal"
1372
808
pass
1374
810
# GotSecret - signal
1375
811
@dbus.service.signal(_interface)
1376
812
def GotSecret(self):
1377
"""D-Bus signal
1378
Is sent after a successful transfer of secret from the Mandos
1379
server to mandos-client
1380
"""
813
"D-Bus signal"
1381
814
pass
1382
815
1383
816
# Rejected - signal
1384
@dbus.service.signal(_interface, signature="s")
1385
def Rejected(self, reason):
817
@dbus.service.signal(_interface)
818
def Rejected(self):
1386
819
"D-Bus signal"
1387
820
pass
1388
821
1389
# NeedApproval - signal
1390
@dbus.service.signal(_interface, signature="tb")
1391
def NeedApproval(self, timeout, default):
1392
"D-Bus signal"
1393
return self.need_approval()
1394
1395
## Methods
1396
1397
# Approve - method
1398
@dbus.service.method(_interface, in_signature="b")
1399
def Approve(self, value):
1400
self.approve(value)
1401
1402
# CheckedOK - method
1403
@dbus.service.method(_interface)
1404
def CheckedOK(self):
1405
self.checked_ok()
1406
1407
822
# Enable - method
1408
823
@dbus.service.method(_interface)
1409
824
def Enable(self):
1427
842
def StopChecker(self):
1428
843
self.stop_checker()
1429
844
1430
## Properties
1431
1432
# ApprovalPending - property
1433
@dbus_service_property(_interface, signature="b", access="read")
1434
def ApprovalPending_dbus_property(self):
1435
return dbus.Boolean(bool(self.approvals_pending))
1436
1437
# ApprovedByDefault - property
1438
@dbus_service_property(_interface, signature="b",
1439
access="readwrite")
1440
def ApprovedByDefault_dbus_property(self, value=None):
1441
if value is None: # get
1442
return dbus.Boolean(self.approved_by_default)
1443
self.approved_by_default = bool(value)
1444
1445
# ApprovalDelay - property
1446
@dbus_service_property(_interface, signature="t",
1447
access="readwrite")
1448
def ApprovalDelay_dbus_property(self, value=None):
1449
if value is None: # get
1450
return dbus.UInt64(self.approval_delay_milliseconds())
1451
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1452
1453
# ApprovalDuration - property
1454
@dbus_service_property(_interface, signature="t",
1455
access="readwrite")
1456
def ApprovalDuration_dbus_property(self, value=None):
1457
if value is None: # get
1458
return dbus.UInt64(timedelta_to_milliseconds(
1459
self.approval_duration))
1460
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1461
1462
# Name - property
1463
@dbus_service_property(_interface, signature="s", access="read")
1464
def Name_dbus_property(self):
845
# name - property
846
@dbus_service_property(_interface, signature=u"s", access=u"read")
847
def name_dbus_property(self):
1465
848
return dbus.String(self.name)
1466
849
1467
# Fingerprint - property
1468
@dbus_service_property(_interface, signature="s", access="read")
1469
def Fingerprint_dbus_property(self):
850
# fingerprint - property
851
@dbus_service_property(_interface, signature=u"s", access=u"read")
852
def fingerprint_dbus_property(self):
1470
853
return dbus.String(self.fingerprint)
1471
854
1472
# Host - property
1473
@dbus_service_property(_interface, signature="s",
1474
access="readwrite")
1475
def Host_dbus_property(self, value=None):
855
# host - property
856
@dbus_service_property(_interface, signature=u"s",
857
access=u"readwrite")
858
def host_dbus_property(self, value=None):
1476
859
if value is None: # get
1477
860
return dbus.String(self.host)
1478
self.host = unicode(value)
1479
1480
# Created - property
1481
@dbus_service_property(_interface, signature="s", access="read")
1482
def Created_dbus_property(self):
1483
return datetime_to_dbus(self.created)
1484
1485
# LastEnabled - property
1486
@dbus_service_property(_interface, signature="s", access="read")
1487
def LastEnabled_dbus_property(self):
1488
return datetime_to_dbus(self.last_enabled)
1489
1490
# Enabled - property
1491
@dbus_service_property(_interface, signature="b",
1492
access="readwrite")
1493
def Enabled_dbus_property(self, value=None):
861
self.host = value
862
# Emit D-Bus signal
863
self.PropertyChanged(dbus.String(u"host"),
864
dbus.String(value, variant_level=1))
865
866
# created - property
867
@dbus_service_property(_interface, signature=u"s", access=u"read")
868
def created_dbus_property(self):
869
return dbus.String(self._datetime_to_dbus(self.created))
870
871
# last_enabled - property
872
@dbus_service_property(_interface, signature=u"s", access=u"read")
873
def last_enabled_dbus_property(self):
874
if self.last_enabled is None:
875
return dbus.String(u"")
876
return dbus.String(self._datetime_to_dbus(self.last_enabled))
877
878
# enabled - property
879
@dbus_service_property(_interface, signature=u"b",
880
access=u"readwrite")
881
def enabled_dbus_property(self, value=None):
1494
882
if value is None: # get
1495
883
return dbus.Boolean(self.enabled)
1496
884
if value:
1498
886
else:
1499
887
self.disable()
1500
888
1501
# LastCheckedOK - property
1502
@dbus_service_property(_interface, signature="s",
1503
access="readwrite")
1504
def LastCheckedOK_dbus_property(self, value=None):
889
# last_checked_ok - property
890
@dbus_service_property(_interface, signature=u"s",
891
access=u"readwrite")
892
def last_checked_ok_dbus_property(self, value=None):
1505
893
if value is not None:
1506
894
self.checked_ok()
1507
895
return
1508
return datetime_to_dbus(self.last_checked_ok)
1509
1510
# LastCheckerStatus - property
1511
@dbus_service_property(_interface, signature="n",
1512
access="read")
1513
def LastCheckerStatus_dbus_property(self):
1514
return dbus.Int16(self.last_checker_status)
1515
1516
# Expires - property
1517
@dbus_service_property(_interface, signature="s", access="read")
1518
def Expires_dbus_property(self):
1519
return datetime_to_dbus(self.expires)
1520
1521
# LastApprovalRequest - property
1522
@dbus_service_property(_interface, signature="s", access="read")
1523
def LastApprovalRequest_dbus_property(self):
1524
return datetime_to_dbus(self.last_approval_request)
1525
1526
# Timeout - property
1527
@dbus_service_property(_interface, signature="t",
1528
access="readwrite")
1529
def Timeout_dbus_property(self, value=None):
896
if self.last_checked_ok is None:
897
return dbus.String(u"")
898
return dbus.String(self._datetime_to_dbus(self
899
.last_checked_ok))
900
901
# timeout - property
902
@dbus_service_property(_interface, signature=u"t",
903
access=u"readwrite")
904
def timeout_dbus_property(self, value=None):
1530
905
if value is None: # get
1531
906
return dbus.UInt64(self.timeout_milliseconds())
1532
old_timeout = self.timeout
1533
907
self.timeout = datetime.timedelta(0, 0, 0, value)
1534
# Reschedule disabling
1535
if self.enabled:
1536
now = datetime.datetime.utcnow()
1537
self.expires += self.timeout - old_timeout
1538
if self.expires <= now:
1539
# The timeout has passed
1540
self.disable()
1541
else:
1542
if (getattr(self, "disable_initiator_tag", None)
1543
is None):
1544
return
1545
gobject.source_remove(self.disable_initiator_tag)
1546
self.disable_initiator_tag = (
1547
gobject.timeout_add(
1548
timedelta_to_milliseconds(self.expires - now),
1549
self.disable))
1550
1551
# ExtendedTimeout - property
1552
@dbus_service_property(_interface, signature="t",
1553
access="readwrite")
1554
def ExtendedTimeout_dbus_property(self, value=None):
1555
if value is None: # get
1556
return dbus.UInt64(self.extended_timeout_milliseconds())
1557
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1558
1559
# Interval - property
1560
@dbus_service_property(_interface, signature="t",
1561
access="readwrite")
1562
def Interval_dbus_property(self, value=None):
908
# Emit D-Bus signal
909
self.PropertyChanged(dbus.String(u"timeout"),
910
dbus.UInt64(value, variant_level=1))
911
if getattr(self, u"disable_initiator_tag", None) is None:
912
return
913
# Reschedule timeout
914
gobject.source_remove(self.disable_initiator_tag)
915
self.disable_initiator_tag = None
916
time_to_die = (self.
917
_timedelta_to_milliseconds((self
918
.last_checked_ok
919
+ self.timeout)
920
- datetime.datetime
921
.utcnow()))
922
if time_to_die <= 0:
923
# The timeout has passed
924
self.disable()
925
else:
926
self.disable_initiator_tag = (gobject.timeout_add
927
(time_to_die, self.disable))
928
929
# interval - property
930
@dbus_service_property(_interface, signature=u"t",
931
access=u"readwrite")
932
def interval_dbus_property(self, value=None):
1563
933
if value is None: # get
1564
934
return dbus.UInt64(self.interval_milliseconds())
1565
935
self.interval = datetime.timedelta(0, 0, 0, value)
1566
if getattr(self, "checker_initiator_tag", None) is None:
936
# Emit D-Bus signal
937
self.PropertyChanged(dbus.String(u"interval"),
938
dbus.UInt64(value, variant_level=1))
939
if getattr(self, u"checker_initiator_tag", None) is None:
1567
940
return
1568
if self.enabled:
1569
# Reschedule checker run
1570
gobject.source_remove(self.checker_initiator_tag)
1571
self.checker_initiator_tag = (gobject.timeout_add
1572
(value, self.start_checker))
1573
self.start_checker() # Start one now, too
1574
1575
# Checker - property
1576
@dbus_service_property(_interface, signature="s",
1577
access="readwrite")
1578
def Checker_dbus_property(self, value=None):
941
# Reschedule checker run
942
gobject.source_remove(self.checker_initiator_tag)
943
self.checker_initiator_tag = (gobject.timeout_add
944
(value, self.start_checker))
945
self.start_checker() # Start one now, too
946
947
# checker - property
948
@dbus_service_property(_interface, signature=u"s",
949
access=u"readwrite")
950
def checker_dbus_property(self, value=None):
1579
951
if value is None: # get
1580
952
return dbus.String(self.checker_command)
1581
self.checker_command = unicode(value)
953
self.checker_command = value
954
# Emit D-Bus signal
955
self.PropertyChanged(dbus.String(u"checker"),
956
dbus.String(self.checker_command,
957
variant_level=1))
1582
958
1583
# CheckerRunning - property
1584
@dbus_service_property(_interface, signature="b",
1585
access="readwrite")
1586
def CheckerRunning_dbus_property(self, value=None):
959
# checker_running - property
960
@dbus_service_property(_interface, signature=u"b",
961
access=u"readwrite")
962
def checker_running_dbus_property(self, value=None):
1587
963
if value is None: # get
1588
964
return dbus.Boolean(self.checker is not None)
1589
965
if value:
1591
967
else:
1592
968
self.stop_checker()
1593
969
1594
# ObjectPath - property
1595
@dbus_service_property(_interface, signature="o", access="read")
1596
def ObjectPath_dbus_property(self):
970
# object_path - property
971
@dbus_service_property(_interface, signature=u"o", access=u"read")
972
def object_path_dbus_property(self):
1597
973
return self.dbus_object_path # is already a dbus.ObjectPath
1598
974
1599
# Secret = property
1600
@dbus_service_property(_interface, signature="ay",
1601
access="write", byte_arrays=True)
1602
def Secret_dbus_property(self, value):
975
# secret = property
976
@dbus_service_property(_interface, signature=u"ay",
977
access=u"write", byte_arrays=True)
978
def secret_dbus_property(self, value):
1603
979
self.secret = str(value)
1604
980
1605
981
del _interface
1606
982
1607
983
1608
class ProxyClient(object):
1609
def __init__(self, child_pipe, fpr, address):
1610
self._pipe = child_pipe
1611
self._pipe.send(('init', fpr, address))
1612
if not self._pipe.recv():
1613
raise KeyError()
1614
1615
def __getattribute__(self, name):
1616
if name == '_pipe':
1617
return super(ProxyClient, self).__getattribute__(name)
1618
self._pipe.send(('getattr', name))
1619
data = self._pipe.recv()
1620
if data[0] == 'data':
1621
return data[1]
1622
if data[0] == 'function':
1623
def func(*args, **kwargs):
1624
self._pipe.send(('funcall', name, args, kwargs))
1625
return self._pipe.recv()[1]
1626
return func
1627
1628
def __setattr__(self, name, value):
1629
if name == '_pipe':
1630
return super(ProxyClient, self).__setattr__(name, value)
1631
self._pipe.send(('setattr', name, value))
1632
1633
1634
984
class ClientHandler(socketserver.BaseRequestHandler, object):
1635
985
"""A class to handle client connections.
1636
986
1638
988
Note: This will run in its own forked process."""
1639
989
1640
990
def handle(self):
1641
with contextlib.closing(self.server.child_pipe) as child_pipe:
1642
logger.info("TCP connection from: %s",
1643
unicode(self.client_address))
1644
logger.debug("Pipe FD: %d",
1645
self.server.child_pipe.fileno())
1646
991
logger.info(u"TCP connection from: %s",
992
unicode(self.client_address))
993
logger.debug(u"IPC Pipe FD: %d", self.server.pipe[1])
994
# Open IPC pipe to parent process
995
with closing(os.fdopen(self.server.pipe[1], u"w", 1)) as ipc:
1647
996
session = (gnutls.connection
1648
997
.ClientSession(self.request,
1649
998
gnutls.connection
1650
999
.X509Credentials()))
1651
1000
1001
line = self.request.makefile().readline()
1002
logger.debug(u"Protocol version: %r", line)
1003
try:
1004
if int(line.strip().split()[0]) > 1:
1005
raise RuntimeError
1006
except (ValueError, IndexError, RuntimeError), error:
1007
logger.error(u"Unknown protocol version: %s", error)
1008
return
1009
1652
1010
# Note: gnutls.connection.X509Credentials is really a
1653
1011
# generic GnuTLS certificate credentials object so long as
1654
1012
# no X.509 keys are added to it. Therefore, we can use it
1655
1013
# here despite using OpenPGP certificates.
1656
1014
1657
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
1658
# "+AES-256-CBC", "+SHA1",
1659
# "+COMP-NULL", "+CTYPE-OPENPGP",
1660
# "+DHE-DSS"))
1015
#priority = u':'.join((u"NONE", u"+VERS-TLS1.1",
1016
# u"+AES-256-CBC", u"+SHA1",
1017
# u"+COMP-NULL", u"+CTYPE-OPENPGP",
1018
# u"+DHE-DSS"))
1661
1019
# Use a fallback default, since this MUST be set.
1662
1020
priority = self.server.gnutls_priority
1663
1021
if priority is None:
1664
priority = "NORMAL"
1022
priority = u"NORMAL"
1665
1023
(gnutls.library.functions
1666
1024
.gnutls_priority_set_direct(session._c_object,
1667
1025
priority, None))
1668
1026
1669
# Start communication using the Mandos protocol
1670
# Get protocol number
1671
line = self.request.makefile().readline()
1672
logger.debug("Protocol version: %r", line)
1673
try:
1674
if int(line.strip().split()[0]) > 1:
1675
raise RuntimeError
1676
except (ValueError, IndexError, RuntimeError) as error:
1677
logger.error("Unknown protocol version: %s", error)
1678
return
1679
1680
# Start GnuTLS connection
1681
1027
try:
1682
1028
session.handshake()
1683
except gnutls.errors.GNUTLSError as error:
1684
logger.warning("Handshake failed: %s", error)
1029
except gnutls.errors.GNUTLSError, error:
1030
logger.warning(u"Handshake failed: %s", error)
1685
1031
# Do not run session.bye() here: the session is not
1686
1032
# established. Just abandon the request.
1687
1033
return
1688
logger.debug("Handshake succeeded")
1689
1690
approval_required = False
1034
logger.debug(u"Handshake succeeded")
1691
1035
try:
1692
try:
1693
fpr = self.fingerprint(self.peer_certificate
1694
(session))
1695
except (TypeError,
1696
gnutls.errors.GNUTLSError) as error:
1697
logger.warning("Bad certificate: %s", error)
1698
return
1699
logger.debug("Fingerprint: %s", fpr)
1700
1701
try:
1702
client = ProxyClient(child_pipe, fpr,
1703
self.client_address)
1704
except KeyError:
1705
return
1706
1707
if client.approval_delay:
1708
delay = client.approval_delay
1709
client.approvals_pending += 1
1710
approval_required = True
1711
1712
while True:
1713
if not client.enabled:
1714
logger.info("Client %s is disabled",
1715
client.name)
1716
if self.server.use_dbus:
1717
# Emit D-Bus signal
1718
client.Rejected("Disabled")
1719
return
1720
1721
if client.approved or not client.approval_delay:
1722
#We are approved or approval is disabled
1723
break
1724
elif client.approved is None:
1725
logger.info("Client %s needs approval",
1726
client.name)
1727
if self.server.use_dbus:
1728
# Emit D-Bus signal
1729
client.NeedApproval(
1730
client.approval_delay_milliseconds(),
1731
client.approved_by_default)
1732
else:
1733
logger.warning("Client %s was not approved",
1734
client.name)
1735
if self.server.use_dbus:
1736
# Emit D-Bus signal
1737
client.Rejected("Denied")
1738
return
1739
1740
#wait until timeout or approved
1741
time = datetime.datetime.now()
1742
client.changedstate.acquire()
1743
client.changedstate.wait(
1744
float(timedelta_to_milliseconds(delay)
1745
/ 1000))
1746
client.changedstate.release()
1747
time2 = datetime.datetime.now()
1748
if (time2 - time) >= delay:
1749
if not client.approved_by_default:
1750
logger.warning("Client %s timed out while"
1751
" waiting for approval",
1752
client.name)
1753
if self.server.use_dbus:
1754
# Emit D-Bus signal
1755
client.Rejected("Approval timed out")
1756
return
1757
else:
1758
break
1759
else:
1760
delay -= time2 - time
1761
1762
sent_size = 0
1763
while sent_size < len(client.secret):
1764
try:
1765
sent = session.send(client.secret[sent_size:])
1766
except gnutls.errors.GNUTLSError as error:
1767
logger.warning("gnutls send failed",
1768
exc_info=error)
1769
return
1770
logger.debug("Sent: %d, remaining: %d",
1771
sent, len(client.secret)
1772
- (sent_size + sent))
1773
sent_size += sent
1774
1775
logger.info("Sending secret to %s", client.name)
1776
# bump the timeout using extended_timeout
1777
client.bump_timeout(client.extended_timeout)
1778
if self.server.use_dbus:
1779
# Emit D-Bus signal
1780
client.GotSecret()
1036
fpr = self.fingerprint(self.peer_certificate(session))
1037
except (TypeError, gnutls.errors.GNUTLSError), error:
1038
logger.warning(u"Bad certificate: %s", error)
1039
session.bye()
1040
return
1041
logger.debug(u"Fingerprint: %s", fpr)
1781
1042
1782
finally:
1783
if approval_required:
1784
client.approvals_pending -= 1
1785
try:
1786
session.bye()
1787
except gnutls.errors.GNUTLSError as error:
1788
logger.warning("GnuTLS bye failed",
1789
exc_info=error)
1043
for c in self.server.clients:
1044
if c.fingerprint == fpr:
1045
client = c
1046
break
1047
else:
1048
ipc.write(u"NOTFOUND %s %s\n"
1049
% (fpr, unicode(self.client_address)))
1050
session.bye()
1051
return
1052
# Have to check if client.still_valid(), since it is
1053
# possible that the client timed out while establishing
1054
# the GnuTLS session.
1055
if not client.still_valid():
1056
ipc.write(u"INVALID %s\n" % client.name)
1057
session.bye()
1058
return
1059
ipc.write(u"SENDING %s\n" % client.name)
1060
sent_size = 0
1061
while sent_size < len(client.secret):
1062
sent = session.send(client.secret[sent_size:])
1063
logger.debug(u"Sent: %d, remaining: %d",
1064
sent, len(client.secret)
1065
- (sent_size + sent))
1066
sent_size += sent
1067
session.bye()
1790
1068
1791
1069
@staticmethod
1792
1070
def peer_certificate(session):
1802
1080
.gnutls_certificate_get_peers
1803
1081
(session._c_object, ctypes.byref(list_size)))
1804
1082
if not bool(cert_list) and list_size.value != 0:
1805
raise gnutls.errors.GNUTLSError("error getting peer"
1806
" certificate")
1083
raise gnutls.errors.GNUTLSError(u"error getting peer"
1084
u" certificate")
1807
1085
if list_size.value == 0:
1808
1086
return None
1809
1087
cert = cert_list[0]
1835
1113
if crtverify.value != 0:
1836
1114
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1837
1115
raise (gnutls.errors.CertificateSecurityError
1838
("Verify failed"))
1116
(u"Verify failed"))
1839
1117
# New buffer for the fingerprint
1840
1118
buf = ctypes.create_string_buffer(20)
1841
1119
buf_len = ctypes.c_size_t()
1848
1126
# Convert the buffer to a Python bytestring
1849
1127
fpr = ctypes.string_at(buf, buf_len.value)
1850
1128
# Convert the bytestring to hexadecimal notation
1851
hex_fpr = binascii.hexlify(fpr).upper()
1129
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
1852
1130
return hex_fpr
1853
1131
1854
1132
1855
class MultiprocessingMixIn(object):
1856
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
1857
def sub_process_main(self, request, address):
1858
try:
1859
self.finish_request(request, address)
1860
except Exception:
1861
self.handle_error(request, address)
1862
self.close_request(request)
1863
1864
def process_request(self, request, address):
1865
"""Start a new process to process the request."""
1866
proc = multiprocessing.Process(target = self.sub_process_main,
1867
args = (request, address))
1868
proc.start()
1869
return proc
1870
1871
1872
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
1873
""" adds a pipe to the MixIn """
1133
class ForkingMixInWithPipe(socketserver.ForkingMixIn, object):
1134
"""Like socketserver.ForkingMixIn, but also pass a pipe."""
1874
1135
def process_request(self, request, client_address):
1875
1136
"""Overrides and wraps the original process_request().
1876
1137
1877
1138
This function creates a new pipe in self.pipe
1878
1139
"""
1879
parent_pipe, self.child_pipe = multiprocessing.Pipe()
1880
1881
proc = MultiprocessingMixIn.process_request(self, request,
1882
client_address)
1883
self.child_pipe.close()
1884
self.add_pipe(parent_pipe, proc)
1885
1886
def add_pipe(self, parent_pipe, proc):
1140
self.pipe = os.pipe()
1141
super(ForkingMixInWithPipe,
1142
self).process_request(request, client_address)
1143
os.close(self.pipe[1]) # close write end
1144
self.add_pipe(self.pipe[0])
1145
def add_pipe(self, pipe):
1887
1146
"""Dummy function; override as necessary"""
1888
raise NotImplementedError
1889
1890
1891
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
1147
os.close(pipe)
1148
1149
1150
class IPv6_TCPServer(ForkingMixInWithPipe,
1892
1151
socketserver.TCPServer, object):
1893
1152
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
1894
1153
1910
1169
bind to an address or port if they were not specified."""
1911
1170
if self.interface is not None:
1912
1171
if SO_BINDTODEVICE is None:
1913
logger.error("SO_BINDTODEVICE does not exist;"
1914
" cannot bind to interface %s",
1172
logger.error(u"SO_BINDTODEVICE does not exist;"
1173
u" cannot bind to interface %s",
1915
1174
self.interface)
1916
1175
else:
1917
1176
try:
1918
1177
self.socket.setsockopt(socket.SOL_SOCKET,
1919
1178
SO_BINDTODEVICE,
1920
1179
str(self.interface
1921
+ '\0'))
1922
except socket.error as error:
1923
if error.errno == errno.EPERM:
1924
logger.error("No permission to"
1925
" bind to interface %s",
1926
self.interface)
1927
elif error.errno == errno.ENOPROTOOPT:
1928
logger.error("SO_BINDTODEVICE not available;"
1929
" cannot bind to interface %s",
1930
self.interface)
1931
elif error.errno == errno.ENODEV:
1932
logger.error("Interface %s does not"
1933
" exist, cannot bind",
1180
+ u'\0'))
1181
except socket.error, error:
1182
if error[0] == errno.EPERM:
1183
logger.error(u"No permission to"
1184
u" bind to interface %s",
1185
self.interface)
1186
elif error[0] == errno.ENOPROTOOPT:
1187
logger.error(u"SO_BINDTODEVICE not available;"
1188
u" cannot bind to interface %s",
1934
1189
self.interface)
1935
1190
else:
1936
1191
raise
1938
1193
if self.server_address[0] or self.server_address[1]:
1939
1194
if not self.server_address[0]:
1940
1195
if self.address_family == socket.AF_INET6:
1941
any_address = "::" # in6addr_any
1196
any_address = u"::" # in6addr_any
1942
1197
else:
1943
1198
any_address = socket.INADDR_ANY
1944
1199
self.server_address = (any_address,
1971
1226
self.enabled = False
1972
1227
self.clients = clients
1973
1228
if self.clients is None:
1974
self.clients = {}
1229
self.clients = set()
1975
1230
self.use_dbus = use_dbus
1976
1231
self.gnutls_priority = gnutls_priority
1977
1232
IPv6_TCPServer.__init__(self, server_address,
1981
1236
def server_activate(self):
1982
1237
if self.enabled:
1983
1238
return socketserver.TCPServer.server_activate(self)
1984
1985
1239
def enable(self):
1986
1240
self.enabled = True
1987
1988
def add_pipe(self, parent_pipe, proc):
1241
def add_pipe(self, pipe):
1989
1242
# Call "handle_ipc" for both data and EOF events
1990
gobject.io_add_watch(parent_pipe.fileno(),
1991
gobject.IO_IN | gobject.IO_HUP,
1992
functools.partial(self.handle_ipc,
1993
parent_pipe =
1994
parent_pipe,
1995
proc = proc))
1996
1997
def handle_ipc(self, source, condition, parent_pipe=None,
1998
proc = None, client_object=None):
1999
# error, or the other end of multiprocessing.Pipe has closed
2000
if condition & (gobject.IO_ERR | gobject.IO_HUP):
2001
# Wait for other process to exit
2002
proc.join()
2003
return False
2004
2005
# Read a request from the child
2006
request = parent_pipe.recv()
2007
command = request[0]
2008
2009
if command == 'init':
2010
fpr = request[1]
2011
address = request[2]
2012
2013
for c in self.clients.itervalues():
2014
if c.fingerprint == fpr:
2015
client = c
2016
break
2017
else:
2018
logger.info("Client not found for fingerprint: %s, ad"
2019
"dress: %s", fpr, address)
2020
if self.use_dbus:
2021
# Emit D-Bus signal
2022
mandos_dbus_service.ClientNotFound(fpr,
2023
address[0])
2024
parent_pipe.send(False)
2025
return False
2026
2027
gobject.io_add_watch(parent_pipe.fileno(),
2028
gobject.IO_IN | gobject.IO_HUP,
2029
functools.partial(self.handle_ipc,
2030
parent_pipe =
2031
parent_pipe,
2032
proc = proc,
2033
client_object =
2034
client))
2035
parent_pipe.send(True)
2036
# remove the old hook in favor of the new above hook on
2037
# same fileno
2038
return False
2039
if command == 'funcall':
2040
funcname = request[1]
2041
args = request[2]
2042
kwargs = request[3]
2043
2044
parent_pipe.send(('data', getattr(client_object,
2045
funcname)(*args,
2046
**kwargs)))
2047
2048
if command == 'getattr':
2049
attrname = request[1]
2050
if callable(client_object.__getattribute__(attrname)):
2051
parent_pipe.send(('function',))
2052
else:
2053
parent_pipe.send(('data', client_object
2054
.__getattribute__(attrname)))
2055
2056
if command == 'setattr':
2057
attrname = request[1]
2058
value = request[2]
2059
setattr(client_object, attrname, value)
2060
1243
gobject.io_add_watch(pipe, gobject.IO_IN | gobject.IO_HUP,
1244
self.handle_ipc)
1245
def handle_ipc(self, source, condition, file_objects={}):
1246
condition_names = {
1247
gobject.IO_IN: u"IN", # There is data to read.
1248
gobject.IO_OUT: u"OUT", # Data can be written (without
1249
# blocking).
1250
gobject.IO_PRI: u"PRI", # There is urgent data to read.
1251
gobject.IO_ERR: u"ERR", # Error condition.
1252
gobject.IO_HUP: u"HUP" # Hung up (the connection has been
1253
# broken, usually for pipes and
1254
# sockets).
1255
}
1256
conditions_string = ' | '.join(name
1257
for cond, name in
1258
condition_names.iteritems()
1259
if cond & condition)
1260
logger.debug(u"Handling IPC: FD = %d, condition = %s", source,
1261
conditions_string)
1262
1263
# Turn the pipe file descriptor into a Python file object
1264
if source not in file_objects:
1265
file_objects[source] = os.fdopen(source, u"r", 1)
1266
1267
# Read a line from the file object
1268
cmdline = file_objects[source].readline()
1269
if not cmdline: # Empty line means end of file
1270
# close the IPC pipe
1271
file_objects[source].close()
1272
del file_objects[source]
1273
1274
# Stop calling this function
1275
return False
1276
1277
logger.debug(u"IPC command: %r", cmdline)
1278
1279
# Parse and act on command
1280
cmd, args = cmdline.rstrip(u"\r\n").split(None, 1)
1281
1282
if cmd == u"NOTFOUND":
1283
fpr, address = args.split(None, 1)
1284
logger.warning(u"Client not found for fingerprint: %s, ad"
1285
u"dress: %s", fpr, address)
1286
if self.use_dbus:
1287
# Emit D-Bus signal
1288
mandos_dbus_service.ClientNotFound(fpr, address)
1289
elif cmd == u"INVALID":
1290
for client in self.clients:
1291
if client.name == args:
1292
logger.warning(u"Client %s is invalid", args)
1293
if self.use_dbus:
1294
# Emit D-Bus signal
1295
client.Rejected()
1296
break
1297
else:
1298
logger.error(u"Unknown client %s is invalid", args)
1299
elif cmd == u"SENDING":
1300
for client in self.clients:
1301
if client.name == args:
1302
logger.info(u"Sending secret to %s", client.name)
1303
client.checked_ok()
1304
if self.use_dbus:
1305
# Emit D-Bus signal
1306
client.GotSecret()
1307
break
1308
else:
1309
logger.error(u"Sending secret to unknown client %s",
1310
args)
1311
else:
1312
logger.error(u"Unknown IPC command: %r", cmdline)
1313
1314
# Keep calling this function
2061
1315
return True
2062
1316
2063
1317
2064
1318
def string_to_delta(interval):
2065
1319
"""Parse a string and return a datetime.timedelta
2066
1320
2067
>>> string_to_delta('7d')
1321
>>> string_to_delta(u'7d')
2068
1322
datetime.timedelta(7)
2069
>>> string_to_delta('60s')
1323
>>> string_to_delta(u'60s')
2070
1324
datetime.timedelta(0, 60)
2071
>>> string_to_delta('60m')
1325
>>> string_to_delta(u'60m')
2072
1326
datetime.timedelta(0, 3600)
2073
>>> string_to_delta('24h')
1327
>>> string_to_delta(u'24h')
2074
1328
datetime.timedelta(1)
2075
>>> string_to_delta('1w')
1329
>>> string_to_delta(u'1w')
2076
1330
datetime.timedelta(7)
2077
>>> string_to_delta('5m 30s')
1331
>>> string_to_delta(u'5m 30s')
2078
1332
datetime.timedelta(0, 330)
2079
1333
"""
2080
1334
timevalue = datetime.timedelta(0)
2082
1336
try:
2083
1337
suffix = unicode(s[-1])
2084
1338
value = int(s[:-1])
2085
if suffix == "d":
1339
if suffix == u"d":
2086
1340
delta = datetime.timedelta(value)
2087
elif suffix == "s":
1341
elif suffix == u"s":
2088
1342
delta = datetime.timedelta(0, value)
2089
elif suffix == "m":
1343
elif suffix == u"m":
2090
1344
delta = datetime.timedelta(0, 0, 0, 0, value)
2091
elif suffix == "h":
1345
elif suffix == u"h":
2092
1346
delta = datetime.timedelta(0, 0, 0, 0, 0, value)
2093
elif suffix == "w":
1347
elif suffix == u"w":
2094
1348
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
2095
1349
else:
2096
raise ValueError("Unknown suffix {0!r}"
2097
.format(suffix))
2098
except (ValueError, IndexError) as e:
2099
raise ValueError(*(e.args))
1350
raise ValueError(u"Unknown suffix %r" % suffix)
1351
except (ValueError, IndexError), e:
1352
raise ValueError(e.message)
2100
1353
timevalue += delta
2101
1354
return timevalue
2102
1355
2103
1356
1357
def if_nametoindex(interface):
1358
"""Call the C function if_nametoindex(), or equivalent
1359
1360
Note: This function cannot accept a unicode string."""
1361
global if_nametoindex
1362
try:
1363
if_nametoindex = (ctypes.cdll.LoadLibrary
1364
(ctypes.util.find_library(u"c"))
1365
.if_nametoindex)
1366
except (OSError, AttributeError):
1367
logger.warning(u"Doing if_nametoindex the hard way")
1368
def if_nametoindex(interface):
1369
"Get an interface index the hard way, i.e. using fcntl()"
1370
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
1371
with closing(socket.socket()) as s:
1372
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
1373
struct.pack(str(u"16s16x"),
1374
interface))
1375
interface_index = struct.unpack(str(u"I"),
1376
ifreq[16:20])[0]
1377
return interface_index
1378
return if_nametoindex(interface)
1379
1380
2104
1381
def daemon(nochdir = False, noclose = False):
2105
1382
"""See daemon(3). Standard BSD Unix function.
2106
1383
2109
1386
sys.exit()
2110
1387
os.setsid()
2111
1388
if not nochdir:
2112
os.chdir("/")
1389
os.chdir(u"/")
2113
1390
if os.fork():
2114
1391
sys.exit()
2115
1392
if not noclose:
2116
1393
# Close all standard open file descriptors
2117
null = os.open(os.devnull, os.O_NOCTTY | os.O_RDWR)
1394
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
2118
1395
if not stat.S_ISCHR(os.fstat(null).st_mode):
2119
1396
raise OSError(errno.ENODEV,
2120
"{0} not a character device"
2121
.format(os.devnull))
1397
u"%s not a character device"
1398
% os.path.devnull)
2122
1399
os.dup2(null, sys.stdin.fileno())
2123
1400
os.dup2(null, sys.stdout.fileno())
2124
1401
os.dup2(null, sys.stderr.fileno())
2131
1408
##################################################################
2132
1409
# Parsing of options, both command line and config file
2133
1410
2134
parser = argparse.ArgumentParser()
2135
parser.add_argument("-v", "--version", action="version",
2136
version = "%(prog)s {0}".format(version),
2137
help="show version number and exit")
2138
parser.add_argument("-i", "--interface", metavar="IF",
2139
help="Bind to interface IF")
2140
parser.add_argument("-a", "--address",
2141
help="Address to listen for requests on")
2142
parser.add_argument("-p", "--port", type=int,
2143
help="Port number to receive requests on")
2144
parser.add_argument("--check", action="store_true",
2145
help="Run self-test")
2146
parser.add_argument("--debug", action="store_true",
2147
help="Debug mode; run in foreground and log"
2148
" to terminal")
2149
parser.add_argument("--debuglevel", metavar="LEVEL",
2150
help="Debug level for stdout output")
2151
parser.add_argument("--priority", help="GnuTLS"
2152
" priority string (see GnuTLS documentation)")
2153
parser.add_argument("--servicename",
2154
metavar="NAME", help="Zeroconf service name")
2155
parser.add_argument("--configdir",
2156
default="/etc/mandos", metavar="DIR",
2157
help="Directory to search for configuration"
2158
" files")
2159
parser.add_argument("--no-dbus", action="store_false",
2160
dest="use_dbus", help="Do not provide D-Bus"
2161
" system bus interface")
2162
parser.add_argument("--no-ipv6", action="store_false",
2163
dest="use_ipv6", help="Do not use IPv6")
2164
parser.add_argument("--no-restore", action="store_false",
2165
dest="restore", help="Do not restore stored"
2166
" state")
2167
parser.add_argument("--statedir", metavar="DIR",
2168
help="Directory to save/restore state in")
2169
2170
options = parser.parse_args()
1411
parser = optparse.OptionParser(version = "%%prog %s" % version)
1412
parser.add_option("-i", u"--interface", type=u"string",
1413
metavar="IF", help=u"Bind to interface IF")
1414
parser.add_option("-a", u"--address", type=u"string",
1415
help=u"Address to listen for requests on")
1416
parser.add_option("-p", u"--port", type=u"int",
1417
help=u"Port number to receive requests on")
1418
parser.add_option("--check", action=u"store_true",
1419
help=u"Run self-test")
1420
parser.add_option("--debug", action=u"store_true",
1421
help=u"Debug mode; run in foreground and log to"
1422
u" terminal")
1423
parser.add_option("--priority", type=u"string", help=u"GnuTLS"
1424
u" priority string (see GnuTLS documentation)")
1425
parser.add_option("--servicename", type=u"string",
1426
metavar=u"NAME", help=u"Zeroconf service name")
1427
parser.add_option("--configdir", type=u"string",
1428
default=u"/etc/mandos", metavar=u"DIR",
1429
help=u"Directory to search for configuration"
1430
u" files")
1431
parser.add_option("--no-dbus", action=u"store_false",
1432
dest=u"use_dbus", help=u"Do not provide D-Bus"
1433
u" system bus interface")
1434
parser.add_option("--no-ipv6", action=u"store_false",
1435
dest=u"use_ipv6", help=u"Do not use IPv6")
1436
options = parser.parse_args()[0]
2171
1437
2172
1438
if options.check:
2173
1439
import doctest
2175
1441
sys.exit()
2176
1442
2177
1443
# Default values for config file for server-global settings
2178
server_defaults = { "interface": "",
2179
"address": "",
2180
"port": "",
2181
"debug": "False",
2182
"priority":
2183
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
2184
"servicename": "Mandos",
2185
"use_dbus": "True",
2186
"use_ipv6": "True",
2187
"debuglevel": "",
2188
"restore": "True",
2189
"statedir": "/var/lib/mandos"
1444
server_defaults = { u"interface": u"",
1445
u"address": u"",
1446
u"port": u"",
1447
u"debug": u"False",
1448
u"priority":
1449
u"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1450
u"servicename": u"Mandos",
1451
u"use_dbus": u"True",
1452
u"use_ipv6": u"True",
2190
1453
}
2191
1454
2192
1455
# Parse config file for server-global settings
2193
1456
server_config = configparser.SafeConfigParser(server_defaults)
2194
1457
del server_defaults
2195
1458
server_config.read(os.path.join(options.configdir,
2196
"mandos.conf"))
1459
u"mandos.conf"))
2197
1460
# Convert the SafeConfigParser object to a dict
2198
1461
server_settings = server_config.defaults()
2199
1462
# Use the appropriate methods on the non-string config options
2200
for option in ("debug", "use_dbus", "use_ipv6"):
2201
server_settings[option] = server_config.getboolean("DEFAULT",
1463
for option in (u"debug", u"use_dbus", u"use_ipv6"):
1464
server_settings[option] = server_config.getboolean(u"DEFAULT",
2202
1465
option)
2203
1466
if server_settings["port"]:
2204
server_settings["port"] = server_config.getint("DEFAULT",
2205
"port")
1467
server_settings["port"] = server_config.getint(u"DEFAULT",
1468
u"port")
2206
1469
del server_config
2207
1470
2208
1471
# Override the settings from the config file with command line
2209
1472
# options, if set.
2210
for option in ("interface", "address", "port", "debug",
2211
"priority", "servicename", "configdir",
2212
"use_dbus", "use_ipv6", "debuglevel", "restore",
2213
"statedir"):
1473
for option in (u"interface", u"address", u"port", u"debug",
1474
u"priority", u"servicename", u"configdir",
1475
u"use_dbus", u"use_ipv6"):
2214
1476
value = getattr(options, option)
2215
1477
if value is not None:
2216
1478
server_settings[option] = value
2224
1486
##################################################################
2225
1487
2226
1488
# For convenience
2227
debug = server_settings["debug"]
2228
debuglevel = server_settings["debuglevel"]
2229
use_dbus = server_settings["use_dbus"]
2230
use_ipv6 = server_settings["use_ipv6"]
2231
stored_state_path = os.path.join(server_settings["statedir"],
2232
stored_state_file)
2233
2234
if debug:
2235
initlogger(debug, logging.DEBUG)
2236
else:
2237
if not debuglevel:
2238
initlogger(debug)
2239
else:
2240
level = getattr(logging, debuglevel.upper())
2241
initlogger(debug, level)
2242
2243
if server_settings["servicename"] != "Mandos":
1489
debug = server_settings[u"debug"]
1490
use_dbus = server_settings[u"use_dbus"]
1491
use_ipv6 = server_settings[u"use_ipv6"]
1492
1493
if not debug:
1494
syslogger.setLevel(logging.WARNING)
1495
console.setLevel(logging.WARNING)
1496
1497
if server_settings[u"servicename"] != u"Mandos":
2244
1498
syslogger.setFormatter(logging.Formatter
2245
('Mandos ({0}) [%(process)d]:'
2246
' %(levelname)s: %(message)s'
2247
.format(server_settings
2248
["servicename"])))
1499
(u'Mandos (%s) [%%(process)d]:'
1500
u' %%(levelname)s: %%(message)s'
1501
% server_settings[u"servicename"]))
2249
1502
2250
1503
# Parse config file with clients
2251
client_config = configparser.SafeConfigParser(Client
2252
.client_defaults)
2253
client_config.read(os.path.join(server_settings["configdir"],
2254
"clients.conf"))
1504
client_defaults = { u"timeout": u"1h",
1505
u"interval": u"5m",
1506
u"checker": u"fping -q -- %%(host)s",
1507
u"host": u"",
1508
}
1509
client_config = configparser.SafeConfigParser(client_defaults)
1510
client_config.read(os.path.join(server_settings[u"configdir"],
1511
u"clients.conf"))
2255
1512
2256
1513
global mandos_dbus_service
2257
1514
mandos_dbus_service = None
2258
1515
2259
tcp_server = MandosServer((server_settings["address"],
2260
server_settings["port"]),
1516
tcp_server = MandosServer((server_settings[u"address"],
1517
server_settings[u"port"]),
2261
1518
ClientHandler,
2262
interface=(server_settings["interface"]
2263
or None),
1519
interface=server_settings[u"interface"],
2264
1520
use_ipv6=use_ipv6,
2265
1521
gnutls_priority=
2266
server_settings["priority"],
1522
server_settings[u"priority"],
2267
1523
use_dbus=use_dbus)
2268
if not debug:
2269
pidfilename = "/var/run/mandos.pid"
2270
try:
2271
pidfile = open(pidfilename, "w")
2272
except IOError as e:
2273
logger.error("Could not open file %r", pidfilename,
2274
exc_info=e)
1524
pidfilename = u"/var/run/mandos.pid"
1525
try:
1526
pidfile = open(pidfilename, u"w")
1527
except IOError:
1528
logger.error(u"Could not open file %r", pidfilename)
2275
1529
2276
for name in ("_mandos", "mandos", "nobody"):
1530
try:
1531
uid = pwd.getpwnam(u"_mandos").pw_uid
1532
gid = pwd.getpwnam(u"_mandos").pw_gid
1533
except KeyError:
2277
1534
try:
2278
uid = pwd.getpwnam(name).pw_uid
2279
gid = pwd.getpwnam(name).pw_gid
2280
break
1535
uid = pwd.getpwnam(u"mandos").pw_uid
1536
gid = pwd.getpwnam(u"mandos").pw_gid
2281
1537
except KeyError:
2282
continue
2283
else:
2284
uid = 65534
2285
gid = 65534
1538
try:
1539
uid = pwd.getpwnam(u"nobody").pw_uid
1540
gid = pwd.getpwnam(u"nobody").pw_gid
1541
except KeyError:
1542
uid = 65534
1543
gid = 65534
2286
1544
try:
2287
1545
os.setgid(gid)
2288
1546
os.setuid(uid)
2289
except OSError as error:
2290
if error.errno != errno.EPERM:
1547
except OSError, error:
1548
if error[0] != errno.EPERM:
2291
1549
raise error
2292
1550
1551
# Enable all possible GnuTLS debugging
2293
1552
if debug:
2294
# Enable all possible GnuTLS debugging
2295
2296
1553
# "Use a log level over 10 to enable all debugging options."
2297
1554
# - GnuTLS manual
2298
1555
gnutls.library.functions.gnutls_global_set_log_level(11)
2299
1556
2300
1557
@gnutls.library.types.gnutls_log_func
2301
1558
def debug_gnutls(level, string):
2302
logger.debug("GnuTLS: %s", string[:-1])
1559
logger.debug(u"GnuTLS: %s", string[:-1])
2303
1560
2304
1561
(gnutls.library.functions
2305
1562
.gnutls_global_set_log_function(debug_gnutls))
2306
2307
# Redirect stdin so all checkers get /dev/null
2308
null = os.open(os.devnull, os.O_NOCTTY | os.O_RDWR)
2309
os.dup2(null, sys.stdin.fileno())
2310
if null > 2:
2311
os.close(null)
2312
2313
# Need to fork before connecting to D-Bus
2314
if not debug:
2315
# Close all input and output, do double fork, etc.
2316
daemon()
2317
2318
gobject.threads_init()
2319
1563
2320
1564
global main_loop
2321
1565
# From the Avahi example code
2322
DBusGMainLoop(set_as_default=True)
1566
DBusGMainLoop(set_as_default=True )
2323
1567
main_loop = gobject.MainLoop()
2324
1568
bus = dbus.SystemBus()
2325
1569
# End of Avahi example code
2326
1570
if use_dbus:
2327
1571
try:
2328
bus_name = dbus.service.BusName("se.recompile.Mandos",
1572
bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos",
2329
1573
bus, do_not_queue=True)
2330
old_bus_name = (dbus.service.BusName
2331
("se.bsnet.fukt.Mandos", bus,
2332
do_not_queue=True))
2333
except dbus.exceptions.NameExistsException as e:
2334
logger.error("Disabling D-Bus:", exc_info=e)
1574
except dbus.exceptions.NameExistsException, e:
1575
logger.error(unicode(e) + u", disabling D-Bus")
2335
1576
use_dbus = False
2336
server_settings["use_dbus"] = False
1577
server_settings[u"use_dbus"] = False
2337
1578
tcp_server.use_dbus = False
2338
1579
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2339
service = AvahiServiceToSyslog(name =
2340
server_settings["servicename"],
2341
servicetype = "_mandos._tcp",
2342
protocol = protocol, bus = bus)
1580
service = AvahiService(name = server_settings[u"servicename"],
1581
servicetype = u"_mandos._tcp",
1582
protocol = protocol, bus = bus)
2343
1583
if server_settings["interface"]:
2344
1584
service.interface = (if_nametoindex
2345
(str(server_settings["interface"])))
2346
2347
global multiprocessing_manager
2348
multiprocessing_manager = multiprocessing.Manager()
1585
(str(server_settings[u"interface"])))
2349
1586
2350
1587
client_class = Client
2351
1588
if use_dbus:
2352
1589
client_class = functools.partial(ClientDBus, bus = bus)
2353
2354
client_settings = Client.config_parser(client_config)
2355
old_client_settings = {}
2356
clients_data = {}
2357
2358
# Get client data and settings from last running state.
2359
if server_settings["restore"]:
2360
try:
2361
with open(stored_state_path, "rb") as stored_state:
2362
clients_data, old_client_settings = (pickle.load
2363
(stored_state))
2364
os.remove(stored_state_path)
2365
except IOError as e:
2366
if e.errno == errno.ENOENT:
2367
logger.warning("Could not load persistent state: {0}"
2368
.format(os.strerror(e.errno)))
2369
else:
2370
logger.critical("Could not load persistent state:",
2371
exc_info=e)
2372
raise
2373
except EOFError as e:
2374
logger.warning("Could not load persistent state: "
2375
"EOFError:", exc_info=e)
2376
2377
with PGPEngine() as pgp:
2378
for client_name, client in clients_data.iteritems():
2379
# Decide which value to use after restoring saved state.
2380
# We have three different values: Old config file,
2381
# new config file, and saved state.
2382
# New config value takes precedence if it differs from old
2383
# config value, otherwise use saved state.
2384
for name, value in client_settings[client_name].items():
2385
try:
2386
# For each value in new config, check if it
2387
# differs from the old config value (Except for
2388
# the "secret" attribute)
2389
if (name != "secret" and
2390
value != old_client_settings[client_name]
2391
[name]):
2392
client[name] = value
2393
except KeyError:
2394
pass
2395
2396
# Clients who has passed its expire date can still be
2397
# enabled if its last checker was successful. Clients
2398
# whose checker succeeded before we stored its state is
2399
# assumed to have successfully run all checkers during
2400
# downtime.
2401
if client["enabled"]:
2402
if datetime.datetime.utcnow() >= client["expires"]:
2403
if not client["last_checked_ok"]:
2404
logger.warning(
2405
"disabling client {0} - Client never "
2406
"performed a successful checker"
2407
.format(client_name))
2408
client["enabled"] = False
2409
elif client["last_checker_status"] != 0:
2410
logger.warning(
2411
"disabling client {0} - Client "
2412
"last checker failed with error code {1}"
2413
.format(client_name,
2414
client["last_checker_status"]))
2415
client["enabled"] = False
2416
else:
2417
client["expires"] = (datetime.datetime
2418
.utcnow()
2419
+ client["timeout"])
2420
logger.debug("Last checker succeeded,"
2421
" keeping {0} enabled"
2422
.format(client_name))
2423
try:
2424
client["secret"] = (
2425
pgp.decrypt(client["encrypted_secret"],
2426
client_settings[client_name]
2427
["secret"]))
2428
except PGPError:
2429
# If decryption fails, we use secret from new settings
2430
logger.debug("Failed to decrypt {0} old secret"
2431
.format(client_name))
2432
client["secret"] = (
2433
client_settings[client_name]["secret"])
2434
2435
# Add/remove clients based on new changes made to config
2436
for client_name in (set(old_client_settings)
2437
- set(client_settings)):
2438
del clients_data[client_name]
2439
for client_name in (set(client_settings)
2440
- set(old_client_settings)):
2441
clients_data[client_name] = client_settings[client_name]
2442
2443
# Create all client objects
2444
for client_name, client in clients_data.iteritems():
2445
tcp_server.clients[client_name] = client_class(
2446
name = client_name, settings = client)
2447
1590
tcp_server.clients.update(set(
1591
client_class(name = section,
1592
config= dict(client_config.items(section)))
1593
for section in client_config.sections()))
2448
1594
if not tcp_server.clients:
2449
logger.warning("No clients defined")
1595
logger.warning(u"No clients defined")
1596
1597
if debug:
1598
# Redirect stdin so all checkers get /dev/null
1599
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1600
os.dup2(null, sys.stdin.fileno())
1601
if null > 2:
1602
os.close(null)
1603
else:
1604
# No console logging
1605
logger.removeHandler(console)
1606
# Close all input and output, do double fork, etc.
1607
daemon()
1608
1609
try:
1610
with closing(pidfile):
1611
pid = os.getpid()
1612
pidfile.write(str(pid) + "\n")
1613
del pidfile
1614
except IOError:
1615
logger.error(u"Could not write to file %r with PID %d",
1616
pidfilename, pid)
1617
except NameError:
1618
# "pidfile" was never created
1619
pass
1620
del pidfilename
2450
1621
2451
1622
if not debug:
2452
try:
2453
with pidfile:
2454
pid = os.getpid()
2455
pidfile.write(str(pid) + "\n".encode("utf-8"))
2456
del pidfile
2457
except IOError:
2458
logger.error("Could not write to file %r with PID %d",
2459
pidfilename, pid)
2460
except NameError:
2461
# "pidfile" was never created
2462
pass
2463
del pidfilename
2464
1623
signal.signal(signal.SIGINT, signal.SIG_IGN)
2465
2466
1624
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
2467
1625
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
2468
1626
2469
1627
if use_dbus:
2470
@alternate_dbus_interfaces({"se.recompile.Mandos":
2471
"se.bsnet.fukt.Mandos"})
2472
class MandosDBusService(DBusObjectWithProperties):
1628
class MandosDBusService(dbus.service.Object):
2473
1629
"""A D-Bus proxy object"""
2474
1630
def __init__(self):
2475
dbus.service.Object.__init__(self, bus, "/")
2476
_interface = "se.recompile.Mandos"
2477
2478
@dbus_interface_annotations(_interface)
2479
def _foo(self):
2480
return { "org.freedesktop.DBus.Property"
2481
".EmitsChangedSignal":
2482
"false"}
2483
2484
@dbus.service.signal(_interface, signature="o")
2485
def ClientAdded(self, objpath):
1631
dbus.service.Object.__init__(self, bus, u"/")
1632
_interface = u"se.bsnet.fukt.Mandos"
1633
1634
@dbus.service.signal(_interface, signature=u"oa{sv}")
1635
def ClientAdded(self, objpath, properties):
2486
1636
"D-Bus signal"
2487
1637
pass
2488
1638
2489
@dbus.service.signal(_interface, signature="ss")
1639
@dbus.service.signal(_interface, signature=u"ss")
2490
1640
def ClientNotFound(self, fingerprint, address):
2491
1641
"D-Bus signal"
2492
1642
pass
2493
1643
2494
@dbus.service.signal(_interface, signature="os")
1644
@dbus.service.signal(_interface, signature=u"os")
2495
1645
def ClientRemoved(self, objpath, name):
2496
1646
"D-Bus signal"
2497
1647
pass
2498
1648
2499
@dbus.service.method(_interface, out_signature="ao")
1649
@dbus.service.method(_interface, out_signature=u"ao")
2500
1650
def GetAllClients(self):
2501
1651
"D-Bus method"
2502
1652
return dbus.Array(c.dbus_object_path
2503
for c in
2504
tcp_server.clients.itervalues())
1653
for c in tcp_server.clients)
2505
1654
2506
1655
@dbus.service.method(_interface,
2507
out_signature="a{oa{sv}}")
1656
out_signature=u"a{oa{sv}}")
2508
1657
def GetAllClientsWithProperties(self):
2509
1658
"D-Bus method"
2510
1659
return dbus.Dictionary(
2511
((c.dbus_object_path, c.GetAll(""))
2512
for c in tcp_server.clients.itervalues()),
2513
signature="oa{sv}")
1660
((c.dbus_object_path, c.GetAll(u""))
1661
for c in tcp_server.clients),
1662
signature=u"oa{sv}")
2514
1663
2515
@dbus.service.method(_interface, in_signature="o")
1664
@dbus.service.method(_interface, in_signature=u"o")
2516
1665
def RemoveClient(self, object_path):
2517
1666
"D-Bus method"
2518
for c in tcp_server.clients.itervalues():
1667
for c in tcp_server.clients:
2519
1668
if c.dbus_object_path == object_path:
2520
del tcp_server.clients[c.name]
1669
tcp_server.clients.remove(c)
2521
1670
c.remove_from_connection()
2522
1671
# Don't signal anything except ClientRemoved
2523
1672
c.disable(quiet=True)
2534
1683
"Cleanup function; run on exit"
2535
1684
service.cleanup()
2536
1685
2537
multiprocessing.active_children()
2538
if not (tcp_server.clients or client_settings):
2539
return
2540
2541
# Store client before exiting. Secrets are encrypted with key
2542
# based on what config file has. If config file is
2543
# removed/edited, old secret will thus be unrecovable.
2544
clients = {}
2545
with PGPEngine() as pgp:
2546
for client in tcp_server.clients.itervalues():
2547
key = client_settings[client.name]["secret"]
2548
client.encrypted_secret = pgp.encrypt(client.secret,
2549
key)
2550
client_dict = {}
2551
2552
# A list of attributes that can not be pickled
2553
# + secret.
2554
exclude = set(("bus", "changedstate", "secret",
2555
"checker"))
2556
for name, typ in (inspect.getmembers
2557
(dbus.service.Object)):
2558
exclude.add(name)
2559
2560
client_dict["encrypted_secret"] = (client
2561
.encrypted_secret)
2562
for attr in client.client_structure:
2563
if attr not in exclude:
2564
client_dict[attr] = getattr(client, attr)
2565
2566
clients[client.name] = client_dict
2567
del client_settings[client.name]["secret"]
2568
2569
try:
2570
with (tempfile.NamedTemporaryFile
2571
(mode='wb', suffix=".pickle", prefix='clients-',
2572
dir=os.path.dirname(stored_state_path),
2573
delete=False)) as stored_state:
2574
pickle.dump((clients, client_settings), stored_state)
2575
tempname=stored_state.name
2576
os.rename(tempname, stored_state_path)
2577
except (IOError, OSError) as e:
2578
if not debug:
2579
try:
2580
os.remove(tempname)
2581
except NameError:
2582
pass
2583
if e.errno in (errno.ENOENT, errno.EACCES, errno.EEXIST):
2584
logger.warning("Could not save persistent state: {0}"
2585
.format(os.strerror(e.errno)))
2586
else:
2587
logger.warning("Could not save persistent state:",
2588
exc_info=e)
2589
raise e
2590
2591
# Delete all clients, and settings from config
2592
1686
while tcp_server.clients:
2593
name, client = tcp_server.clients.popitem()
1687
client = tcp_server.clients.pop()
2594
1688
if use_dbus:
2595
1689
client.remove_from_connection()
1690
client.disable_hook = None
2596
1691
# Don't signal anything except ClientRemoved
2597
1692
client.disable(quiet=True)
2598
1693
if use_dbus:
2599
1694
# Emit D-Bus signal
2600
mandos_dbus_service.ClientRemoved(client
2601
.dbus_object_path,
1695
mandos_dbus_service.ClientRemoved(client.dbus_object_path,
2602
1696
client.name)
2603
client_settings.clear()
2604
1697
2605
1698
atexit.register(cleanup)
2606
1699
2607
for client in tcp_server.clients.itervalues():
1700
for client in tcp_server.clients:
2608
1701
if use_dbus:
2609
1702
# Emit D-Bus signal
2610
mandos_dbus_service.ClientAdded(client.dbus_object_path)
2611
# Need to initiate checking of clients
2612
if client.enabled:
2613
client.init_checker()
1703
mandos_dbus_service.ClientAdded(client.dbus_object_path,
1704
client.GetAll(u""))
1705
client.enable()
2614
1706
2615
1707
tcp_server.enable()
2616
1708
tcp_server.server_activate()
2618
1710
# Find out what port we got
2619
1711
service.port = tcp_server.socket.getsockname()[1]
2620
1712
if use_ipv6:
2621
logger.info("Now listening on address %r, port %d,"
2622
" flowinfo %d, scope_id %d",
2623
*tcp_server.socket.getsockname())
1713
logger.info(u"Now listening on address %r, port %d,"
1714
" flowinfo %d, scope_id %d"
1715
% tcp_server.socket.getsockname())
2624
1716
else: # IPv4
2625
logger.info("Now listening on address %r, port %d",
2626
*tcp_server.socket.getsockname())
1717
logger.info(u"Now listening on address %r, port %d"
1718
% tcp_server.socket.getsockname())
2627
1719
2628
1720
#service.interface = tcp_server.socket.getsockname()[3]
2629
1721
2631
1723
# From the Avahi example code
2632
1724
try:
2633
1725
service.activate()
2634
except dbus.exceptions.DBusException as error:
2635
logger.critical("D-Bus Exception", exc_info=error)
1726
except dbus.exceptions.DBusException, error:
1727
logger.critical(u"DBusException: %s", error)
2636
1728
cleanup()
2637
1729
sys.exit(1)
2638
1730
# End of Avahi example code
2642
1734
(tcp_server.handle_request
2643
1735
(*args[2:], **kwargs) or True))
2644
1736
2645
logger.debug("Starting main loop")
1737
logger.debug(u"Starting main loop")
2646
1738
main_loop.run()
2647
except AvahiError as error:
2648
logger.critical("Avahi Error", exc_info=error)
1739
except AvahiError, error:
1740
logger.critical(u"AvahiError: %s", error)
2649
1741
cleanup()
2650
1742
sys.exit(1)
2651
1743
except KeyboardInterrupt:
2652
1744
if debug:
2653
print("", file=sys.stderr)
2654
logger.debug("Server received KeyboardInterrupt")
2655
logger.debug("Server exiting")
1745
print >> sys.stderr
1746
logger.debug(u"Server received KeyboardInterrupt")
1747
logger.debug(u"Server exiting")
2656
1748
# Must run before the D-Bus bus name gets deregistered
2657
1749
cleanup()
2658
1750
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0