/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

  • Committer: Teddy Hogeborn
  • Date: 2009-12-27 03:35:58 UTC
  • Revision ID: teddy@fukt.bsnet.se-20091227033558-y57wv1u4cls3i8kq
TODO file changes.

Show diffs side-by-side

added added

removed removed

Lines of Context:
6
6
# This program is partly derived from an example program for an Avahi
7
7
# service publisher, downloaded from
8
8
# <http://avahi.org/wiki/PythonPublishExample>.  This includes the
9
 
# methods "add" and "remove" in the "AvahiService" class, the
10
 
# "server_state_changed" and "entry_group_state_changed" functions,
11
 
# and some lines in "main".
 
9
# methods "add", "remove", "server_state_changed",
 
10
# "entry_group_state_changed", "cleanup", and "activate" in the
 
11
# "AvahiService" class, and some lines in "main".
12
12
13
13
# Everything else is
14
14
# Copyright © 2008,2009 Teddy Hogeborn
33
33
 
34
34
from __future__ import division, with_statement, absolute_import
35
35
 
36
 
import SocketServer
 
36
import SocketServer as socketserver
37
37
import socket
38
 
from optparse import OptionParser
 
38
import optparse
39
39
import datetime
40
40
import errno
41
41
import gnutls.crypto
44
44
import gnutls.library.functions
45
45
import gnutls.library.constants
46
46
import gnutls.library.types
47
 
import ConfigParser
 
47
import ConfigParser as configparser
48
48
import sys
49
49
import re
50
50
import os
51
51
import signal
52
 
from sets import Set
53
52
import subprocess
54
53
import atexit
55
54
import stat
56
55
import logging
57
56
import logging.handlers
58
57
import pwd
59
 
from contextlib import closing
 
58
import contextlib
 
59
import struct
 
60
import fcntl
 
61
import functools
 
62
import cPickle as pickle
60
63
 
61
64
import dbus
62
65
import dbus.service
65
68
from dbus.mainloop.glib import DBusGMainLoop
66
69
import ctypes
67
70
import ctypes.util
68
 
 
69
 
version = "1.0.3"
70
 
 
71
 
logger = logging.Logger('mandos')
 
71
import xml.dom.minidom
 
72
import inspect
 
73
 
 
74
try:
 
75
    SO_BINDTODEVICE = socket.SO_BINDTODEVICE
 
76
except AttributeError:
 
77
    try:
 
78
        from IN import SO_BINDTODEVICE
 
79
    except ImportError:
 
80
        SO_BINDTODEVICE = None
 
81
 
 
82
 
 
83
version = "1.0.14"
 
84
 
 
85
logger = logging.Logger(u'mandos')
72
86
syslogger = (logging.handlers.SysLogHandler
73
87
             (facility = logging.handlers.SysLogHandler.LOG_DAEMON,
74
88
              address = "/dev/log"))
75
89
syslogger.setFormatter(logging.Formatter
76
 
                       ('Mandos: %(levelname)s: %(message)s'))
 
90
                       (u'Mandos [%(process)d]: %(levelname)s:'
 
91
                        u' %(message)s'))
77
92
logger.addHandler(syslogger)
78
93
 
79
94
console = logging.StreamHandler()
80
 
console.setFormatter(logging.Formatter('%(name)s: %(levelname)s:'
81
 
                                       ' %(message)s'))
 
95
console.setFormatter(logging.Formatter(u'%(name)s [%(process)d]:'
 
96
                                       u' %(levelname)s:'
 
97
                                       u' %(message)s'))
82
98
logger.addHandler(console)
83
99
 
84
100
class AvahiError(Exception):
97
113
 
98
114
class AvahiService(object):
99
115
    """An Avahi (Zeroconf) service.
 
116
    
100
117
    Attributes:
101
118
    interface: integer; avahi.IF_UNSPEC or an interface index.
102
119
               Used to optionally bind to the specified interface.
103
 
    name: string; Example: 'Mandos'
104
 
    type: string; Example: '_mandos._tcp'.
 
120
    name: string; Example: u'Mandos'
 
121
    type: string; Example: u'_mandos._tcp'.
105
122
                  See <http://www.dns-sd.org/ServiceTypes.html>
106
123
    port: integer; what port to announce
107
124
    TXT: list of strings; TXT record for the service
110
127
    max_renames: integer; maximum number of renames
111
128
    rename_count: integer; counter so we only rename after collisions
112
129
                  a sensible number of times
 
130
    group: D-Bus Entry Group
 
131
    server: D-Bus Server
 
132
    bus: dbus.SystemBus()
113
133
    """
114
134
    def __init__(self, interface = avahi.IF_UNSPEC, name = None,
115
135
                 servicetype = None, port = None, TXT = None,
116
 
                 domain = "", host = "", max_renames = 32768):
 
136
                 domain = u"", host = u"", max_renames = 32768,
 
137
                 protocol = avahi.PROTO_UNSPEC, bus = None):
117
138
        self.interface = interface
118
139
        self.name = name
119
140
        self.type = servicetype
123
144
        self.host = host
124
145
        self.rename_count = 0
125
146
        self.max_renames = max_renames
 
147
        self.protocol = protocol
 
148
        self.group = None       # our entry group
 
149
        self.server = None
 
150
        self.bus = bus
126
151
    def rename(self):
127
152
        """Derived from the Avahi example code"""
128
153
        if self.rename_count >= self.max_renames:
130
155
                            u" after %i retries, exiting.",
131
156
                            self.rename_count)
132
157
            raise AvahiServiceError(u"Too many renames")
133
 
        self.name = server.GetAlternativeServiceName(self.name)
 
158
        self.name = self.server.GetAlternativeServiceName(self.name)
134
159
        logger.info(u"Changing Zeroconf service name to %r ...",
135
 
                    str(self.name))
 
160
                    unicode(self.name))
136
161
        syslogger.setFormatter(logging.Formatter
137
 
                               ('Mandos (%s): %%(levelname)s:'
138
 
                                ' %%(message)s' % self.name))
 
162
                               (u'Mandos (%s) [%%(process)d]:'
 
163
                                u' %%(levelname)s: %%(message)s'
 
164
                                % self.name))
139
165
        self.remove()
140
166
        self.add()
141
167
        self.rename_count += 1
142
168
    def remove(self):
143
169
        """Derived from the Avahi example code"""
144
 
        if group is not None:
145
 
            group.Reset()
 
170
        if self.group is not None:
 
171
            self.group.Reset()
146
172
    def add(self):
147
173
        """Derived from the Avahi example code"""
148
 
        global group
149
 
        if group is None:
150
 
            group = dbus.Interface(bus.get_object
151
 
                                   (avahi.DBUS_NAME,
152
 
                                    server.EntryGroupNew()),
153
 
                                   avahi.DBUS_INTERFACE_ENTRY_GROUP)
154
 
            group.connect_to_signal('StateChanged',
155
 
                                    entry_group_state_changed)
 
174
        if self.group is None:
 
175
            self.group = dbus.Interface(
 
176
                self.bus.get_object(avahi.DBUS_NAME,
 
177
                                    self.server.EntryGroupNew()),
 
178
                avahi.DBUS_INTERFACE_ENTRY_GROUP)
 
179
            self.group.connect_to_signal('StateChanged',
 
180
                                         self
 
181
                                         .entry_group_state_changed)
156
182
        logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",
157
 
                     service.name, service.type)
158
 
        group.AddService(
159
 
                self.interface,         # interface
160
 
                avahi.PROTO_INET6,      # protocol
161
 
                dbus.UInt32(0),         # flags
162
 
                self.name, self.type,
163
 
                self.domain, self.host,
164
 
                dbus.UInt16(self.port),
165
 
                avahi.string_array_to_txt_array(self.TXT))
166
 
        group.Commit()
167
 
 
168
 
# From the Avahi example code:
169
 
group = None                            # our entry group
170
 
# End of Avahi example code
171
 
 
172
 
 
173
 
def _datetime_to_dbus(dt, variant_level=0):
174
 
    """Convert a UTC datetime.datetime() to a D-Bus type."""
175
 
    return dbus.String(dt.isoformat(), variant_level=variant_level)
176
 
 
177
 
 
178
 
class Client(dbus.service.Object):
 
183
                     self.name, self.type)
 
184
        self.group.AddService(
 
185
            self.interface,
 
186
            self.protocol,
 
187
            dbus.UInt32(0),     # flags
 
188
            self.name, self.type,
 
189
            self.domain, self.host,
 
190
            dbus.UInt16(self.port),
 
191
            avahi.string_array_to_txt_array(self.TXT))
 
192
        self.group.Commit()
 
193
    def entry_group_state_changed(self, state, error):
 
194
        """Derived from the Avahi example code"""
 
195
        logger.debug(u"Avahi state change: %i", state)
 
196
        
 
197
        if state == avahi.ENTRY_GROUP_ESTABLISHED:
 
198
            logger.debug(u"Zeroconf service established.")
 
199
        elif state == avahi.ENTRY_GROUP_COLLISION:
 
200
            logger.warning(u"Zeroconf service name collision.")
 
201
            self.rename()
 
202
        elif state == avahi.ENTRY_GROUP_FAILURE:
 
203
            logger.critical(u"Avahi: Error in group state changed %s",
 
204
                            unicode(error))
 
205
            raise AvahiGroupError(u"State changed: %s"
 
206
                                  % unicode(error))
 
207
    def cleanup(self):
 
208
        """Derived from the Avahi example code"""
 
209
        if self.group is not None:
 
210
            self.group.Free()
 
211
            self.group = None
 
212
    def server_state_changed(self, state):
 
213
        """Derived from the Avahi example code"""
 
214
        if state == avahi.SERVER_COLLISION:
 
215
            logger.error(u"Zeroconf server name collision")
 
216
            self.remove()
 
217
        elif state == avahi.SERVER_RUNNING:
 
218
            self.add()
 
219
    def activate(self):
 
220
        """Derived from the Avahi example code"""
 
221
        if self.server is None:
 
222
            self.server = dbus.Interface(
 
223
                self.bus.get_object(avahi.DBUS_NAME,
 
224
                                    avahi.DBUS_PATH_SERVER),
 
225
                avahi.DBUS_INTERFACE_SERVER)
 
226
        self.server.connect_to_signal(u"StateChanged",
 
227
                                 self.server_state_changed)
 
228
        self.server_state_changed(self.server.GetState())
 
229
 
 
230
 
 
231
class Client(object):
179
232
    """A representation of a client host served by this server.
 
233
    
180
234
    Attributes:
181
 
    name:       string; from the config file, used in log messages
 
235
    name:       string; from the config file, used in log messages and
 
236
                        D-Bus identifiers
182
237
    fingerprint: string (40 or 32 hexadecimal digits); used to
183
238
                 uniquely identify the client
184
239
    secret:     bytestring; sent verbatim (over TLS) to client
188
243
    enabled:    bool()
189
244
    last_checked_ok: datetime.datetime(); (UTC) or None
190
245
    timeout:    datetime.timedelta(); How long from last_checked_ok
191
 
                                      until this client is invalid
 
246
                                      until this client is disabled
192
247
    interval:   datetime.timedelta(); How often to start a new checker
193
248
    disable_hook:  If set, called by disable() as disable_hook(self)
194
249
    checker:    subprocess.Popen(); a running checker process used
195
250
                                    to see if the client lives.
196
251
                                    'None' if no process is running.
197
252
    checker_initiator_tag: a gobject event source tag, or None
198
 
    disable_initiator_tag:    - '' -
 
253
    disable_initiator_tag: - '' -
199
254
    checker_callback_tag:  - '' -
200
255
    checker_command: string; External command which is run to check if
201
256
                     client lives.  %() expansions are done at
202
257
                     runtime with vars(self) as dict, so that for
203
258
                     instance %(name)s can be used in the command.
204
 
    use_dbus: bool(); Whether to provide D-Bus interface and signals
205
 
    dbus_object_path: dbus.ObjectPath ; only set if self.use_dbus
 
259
    current_checker_command: string; current running checker_command
206
260
    """
 
261
    
 
262
    @staticmethod
 
263
    def _timedelta_to_milliseconds(td):
 
264
        "Convert a datetime.timedelta() to milliseconds"
 
265
        return ((td.days * 24 * 60 * 60 * 1000)
 
266
                + (td.seconds * 1000)
 
267
                + (td.microseconds // 1000))
 
268
    
207
269
    def timeout_milliseconds(self):
208
270
        "Return the 'timeout' attribute in milliseconds"
209
 
        return ((self.timeout.days * 24 * 60 * 60 * 1000)
210
 
                + (self.timeout.seconds * 1000)
211
 
                + (self.timeout.microseconds // 1000))
 
271
        return self._timedelta_to_milliseconds(self.timeout)
212
272
    
213
273
    def interval_milliseconds(self):
214
274
        "Return the 'interval' attribute in milliseconds"
215
 
        return ((self.interval.days * 24 * 60 * 60 * 1000)
216
 
                + (self.interval.seconds * 1000)
217
 
                + (self.interval.microseconds // 1000))
 
275
        return self._timedelta_to_milliseconds(self.interval)
218
276
    
219
 
    def __init__(self, name = None, disable_hook=None, config=None,
220
 
                 use_dbus=True):
 
277
    def __init__(self, name = None, disable_hook=None, config=None):
221
278
        """Note: the 'checker' key in 'config' sets the
222
279
        'checker_command' attribute and *not* the 'checker'
223
280
        attribute."""
225
282
        if config is None:
226
283
            config = {}
227
284
        logger.debug(u"Creating client %r", self.name)
228
 
        self.use_dbus = use_dbus
229
 
        if self.use_dbus:
230
 
            self.dbus_object_path = (dbus.ObjectPath
231
 
                                     ("/Mandos/clients/"
232
 
                                      + self.name.replace(".", "_")))
233
 
            dbus.service.Object.__init__(self, bus,
234
 
                                         self.dbus_object_path)
235
285
        # Uppercase and remove spaces from fingerprint for later
236
286
        # comparison purposes with return value from the fingerprint()
237
287
        # function
238
 
        self.fingerprint = (config["fingerprint"].upper()
 
288
        self.fingerprint = (config[u"fingerprint"].upper()
239
289
                            .replace(u" ", u""))
240
290
        logger.debug(u"  Fingerprint: %s", self.fingerprint)
241
 
        if "secret" in config:
242
 
            self.secret = config["secret"].decode(u"base64")
243
 
        elif "secfile" in config:
244
 
            with closing(open(os.path.expanduser
245
 
                              (os.path.expandvars
246
 
                               (config["secfile"])))) as secfile:
 
291
        if u"secret" in config:
 
292
            self.secret = config[u"secret"].decode(u"base64")
 
293
        elif u"secfile" in config:
 
294
            with open(os.path.expanduser(os.path.expandvars
 
295
                                         (config[u"secfile"])),
 
296
                      "rb") as secfile:
247
297
                self.secret = secfile.read()
248
298
        else:
249
299
            raise TypeError(u"No secret or secfile for client %s"
250
300
                            % self.name)
251
 
        self.host = config.get("host", "")
 
301
        self.host = config.get(u"host", u"")
252
302
        self.created = datetime.datetime.utcnow()
253
303
        self.enabled = False
254
304
        self.last_enabled = None
255
305
        self.last_checked_ok = None
256
 
        self.timeout = string_to_delta(config["timeout"])
257
 
        self.interval = string_to_delta(config["interval"])
 
306
        self.timeout = string_to_delta(config[u"timeout"])
 
307
        self.interval = string_to_delta(config[u"interval"])
258
308
        self.disable_hook = disable_hook
259
309
        self.checker = None
260
310
        self.checker_initiator_tag = None
261
311
        self.disable_initiator_tag = None
262
312
        self.checker_callback_tag = None
263
 
        self.checker_command = config["checker"]
 
313
        self.checker_command = config[u"checker"]
 
314
        self.current_checker_command = None
 
315
        self.last_connect = None
264
316
    
265
317
    def enable(self):
266
318
        """Start this client's checker and timeout hooks"""
 
319
        if getattr(self, u"enabled", False):
 
320
            # Already enabled
 
321
            return
267
322
        self.last_enabled = datetime.datetime.utcnow()
268
323
        # Schedule a new checker to be started an 'interval' from now,
269
324
        # and every interval from then on.
270
325
        self.checker_initiator_tag = (gobject.timeout_add
271
326
                                      (self.interval_milliseconds(),
272
327
                                       self.start_checker))
273
 
        # Also start a new checker *right now*.
274
 
        self.start_checker()
275
328
        # Schedule a disable() when 'timeout' has passed
276
329
        self.disable_initiator_tag = (gobject.timeout_add
277
330
                                   (self.timeout_milliseconds(),
278
331
                                    self.disable))
279
332
        self.enabled = True
280
 
        if self.use_dbus:
281
 
            # Emit D-Bus signals
282
 
            self.PropertyChanged(dbus.String(u"enabled"),
283
 
                                 dbus.Boolean(True, variant_level=1))
284
 
            self.PropertyChanged(dbus.String(u"last_enabled"),
285
 
                                 (_datetime_to_dbus(self.last_enabled,
286
 
                                                    variant_level=1)))
 
333
        # Also start a new checker *right now*.
 
334
        self.start_checker()
287
335
    
288
 
    def disable(self):
 
336
    def disable(self, quiet=True):
289
337
        """Disable this client."""
290
338
        if not getattr(self, "enabled", False):
291
339
            return False
292
 
        logger.info(u"Disabling client %s", self.name)
293
 
        if getattr(self, "disable_initiator_tag", False):
 
340
        if not quiet:
 
341
            logger.info(u"Disabling client %s", self.name)
 
342
        if getattr(self, u"disable_initiator_tag", False):
294
343
            gobject.source_remove(self.disable_initiator_tag)
295
344
            self.disable_initiator_tag = None
296
 
        if getattr(self, "checker_initiator_tag", False):
 
345
        if getattr(self, u"checker_initiator_tag", False):
297
346
            gobject.source_remove(self.checker_initiator_tag)
298
347
            self.checker_initiator_tag = None
299
348
        self.stop_checker()
300
349
        if self.disable_hook:
301
350
            self.disable_hook(self)
302
351
        self.enabled = False
303
 
        if self.use_dbus:
304
 
            # Emit D-Bus signal
305
 
            self.PropertyChanged(dbus.String(u"enabled"),
306
 
                                 dbus.Boolean(False, variant_level=1))
307
352
        # Do not run this again if called by a gobject.timeout_add
308
353
        return False
309
354
    
315
360
        """The checker has completed, so take appropriate actions."""
316
361
        self.checker_callback_tag = None
317
362
        self.checker = None
318
 
        if self.use_dbus:
319
 
            # Emit D-Bus signal
320
 
            self.PropertyChanged(dbus.String(u"checker_running"),
321
 
                                 dbus.Boolean(False, variant_level=1))
322
 
        if (os.WIFEXITED(condition)
323
 
            and (os.WEXITSTATUS(condition) == 0)):
324
 
            logger.info(u"Checker for %(name)s succeeded",
325
 
                        vars(self))
326
 
            if self.use_dbus:
327
 
                # Emit D-Bus signal
328
 
                self.CheckerCompleted(dbus.Boolean(True),
329
 
                                      dbus.UInt16(condition),
330
 
                                      dbus.String(command))
331
 
            self.bump_timeout()
332
 
        elif not os.WIFEXITED(condition):
 
363
        if os.WIFEXITED(condition):
 
364
            exitstatus = os.WEXITSTATUS(condition)
 
365
            if exitstatus == 0:
 
366
                logger.info(u"Checker for %(name)s succeeded",
 
367
                            vars(self))
 
368
                self.checked_ok()
 
369
            else:
 
370
                logger.info(u"Checker for %(name)s failed",
 
371
                            vars(self))
 
372
        else:
333
373
            logger.warning(u"Checker for %(name)s crashed?",
334
374
                           vars(self))
335
 
            if self.use_dbus:
336
 
                # Emit D-Bus signal
337
 
                self.CheckerCompleted(dbus.Boolean(False),
338
 
                                      dbus.UInt16(condition),
339
 
                                      dbus.String(command))
340
 
        else:
341
 
            logger.info(u"Checker for %(name)s failed",
342
 
                        vars(self))
343
 
            if self.use_dbus:
344
 
                # Emit D-Bus signal
345
 
                self.CheckerCompleted(dbus.Boolean(False),
346
 
                                      dbus.UInt16(condition),
347
 
                                      dbus.String(command))
348
375
    
349
 
    def bump_timeout(self):
 
376
    def checked_ok(self):
350
377
        """Bump up the timeout for this client.
 
378
        
351
379
        This should only be called when the client has been seen,
352
380
        alive and well.
353
381
        """
356
384
        self.disable_initiator_tag = (gobject.timeout_add
357
385
                                      (self.timeout_milliseconds(),
358
386
                                       self.disable))
359
 
        if self.use_dbus:
360
 
            # Emit D-Bus signal
361
 
            self.PropertyChanged(
362
 
                dbus.String(u"last_checked_ok"),
363
 
                (_datetime_to_dbus(self.last_checked_ok,
364
 
                                   variant_level=1)))
365
387
    
366
388
    def start_checker(self):
367
389
        """Start a new checker subprocess if one is not running.
 
390
        
368
391
        If a checker already exists, leave it running and do
369
392
        nothing."""
370
393
        # The reason for not killing a running checker is that if we
373
396
        # client would inevitably timeout, since no checker would get
374
397
        # a chance to run to completion.  If we instead leave running
375
398
        # checkers alone, the checker would have to take more time
376
 
        # than 'timeout' for the client to be declared invalid, which
377
 
        # is as it should be.
 
399
        # than 'timeout' for the client to be disabled, which is as it
 
400
        # should be.
 
401
        
 
402
        # If a checker exists, make sure it is not a zombie
 
403
        try:
 
404
            pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
 
405
        except (AttributeError, OSError), error:
 
406
            if (isinstance(error, OSError)
 
407
                and error.errno != errno.ECHILD):
 
408
                raise error
 
409
        else:
 
410
            if pid:
 
411
                logger.warning(u"Checker was a zombie")
 
412
                gobject.source_remove(self.checker_callback_tag)
 
413
                self.checker_callback(pid, status,
 
414
                                      self.current_checker_command)
 
415
        # Start a new checker if needed
378
416
        if self.checker is None:
379
417
            try:
380
418
                # In case checker_command has exactly one % operator
381
419
                command = self.checker_command % self.host
382
420
            except TypeError:
383
421
                # Escape attributes for the shell
384
 
                escaped_attrs = dict((key, re.escape(str(val)))
 
422
                escaped_attrs = dict((key,
 
423
                                      re.escape(unicode(str(val),
 
424
                                                        errors=
 
425
                                                        u'replace')))
385
426
                                     for key, val in
386
427
                                     vars(self).iteritems())
387
428
                try:
390
431
                    logger.error(u'Could not format string "%s":'
391
432
                                 u' %s', self.checker_command, error)
392
433
                    return True # Try again later
 
434
            self.current_checker_command = command
393
435
            try:
394
436
                logger.info(u"Starting checker %r for %s",
395
437
                            command, self.name)
399
441
                # always replaced by /dev/null.)
400
442
                self.checker = subprocess.Popen(command,
401
443
                                                close_fds=True,
402
 
                                                shell=True, cwd="/")
403
 
                if self.use_dbus:
404
 
                    # Emit D-Bus signal
405
 
                    self.CheckerStarted(command)
406
 
                    self.PropertyChanged(
407
 
                        dbus.String("checker_running"),
408
 
                        dbus.Boolean(True, variant_level=1))
 
444
                                                shell=True, cwd=u"/")
409
445
                self.checker_callback_tag = (gobject.child_watch_add
410
446
                                             (self.checker.pid,
411
447
                                              self.checker_callback,
412
448
                                              data=command))
 
449
                # The checker may have completed before the gobject
 
450
                # watch was added.  Check for this.
 
451
                pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
 
452
                if pid:
 
453
                    gobject.source_remove(self.checker_callback_tag)
 
454
                    self.checker_callback(pid, status, command)
413
455
            except OSError, error:
414
456
                logger.error(u"Failed to start subprocess: %s",
415
457
                             error)
421
463
        if self.checker_callback_tag:
422
464
            gobject.source_remove(self.checker_callback_tag)
423
465
            self.checker_callback_tag = None
424
 
        if getattr(self, "checker", None) is None:
 
466
        if getattr(self, u"checker", None) is None:
425
467
            return
426
468
        logger.debug(u"Stopping checker for %(name)s", vars(self))
427
469
        try:
428
470
            os.kill(self.checker.pid, signal.SIGTERM)
429
 
            #os.sleep(0.5)
 
471
            #time.sleep(0.5)
430
472
            #if self.checker.poll() is None:
431
473
            #    os.kill(self.checker.pid, signal.SIGKILL)
432
474
        except OSError, error:
433
475
            if error.errno != errno.ESRCH: # No such process
434
476
                raise
435
477
        self.checker = None
436
 
        if self.use_dbus:
 
478
 
 
479
 
 
480
def dbus_service_property(dbus_interface, signature=u"v",
 
481
                          access=u"readwrite", byte_arrays=False):
 
482
    """Decorators for marking methods of a DBusObjectWithProperties to
 
483
    become properties on the D-Bus.
 
484
    
 
485
    The decorated method will be called with no arguments by "Get"
 
486
    and with one argument by "Set".
 
487
    
 
488
    The parameters, where they are supported, are the same as
 
489
    dbus.service.method, except there is only "signature", since the
 
490
    type from Get() and the type sent to Set() is the same.
 
491
    """
 
492
    # Encoding deeply encoded byte arrays is not supported yet by the
 
493
    # "Set" method, so we fail early here:
 
494
    if byte_arrays and signature != u"ay":
 
495
        raise ValueError(u"Byte arrays not supported for non-'ay'"
 
496
                         u" signature %r" % signature)
 
497
    def decorator(func):
 
498
        func._dbus_is_property = True
 
499
        func._dbus_interface = dbus_interface
 
500
        func._dbus_signature = signature
 
501
        func._dbus_access = access
 
502
        func._dbus_name = func.__name__
 
503
        if func._dbus_name.endswith(u"_dbus_property"):
 
504
            func._dbus_name = func._dbus_name[:-14]
 
505
        func._dbus_get_args_options = {u'byte_arrays': byte_arrays }
 
506
        return func
 
507
    return decorator
 
508
 
 
509
 
 
510
class DBusPropertyException(dbus.exceptions.DBusException):
 
511
    """A base class for D-Bus property-related exceptions
 
512
    """
 
513
    def __unicode__(self):
 
514
        return unicode(str(self))
 
515
 
 
516
 
 
517
class DBusPropertyAccessException(DBusPropertyException):
 
518
    """A property's access permissions disallows an operation.
 
519
    """
 
520
    pass
 
521
 
 
522
 
 
523
class DBusPropertyNotFound(DBusPropertyException):
 
524
    """An attempt was made to access a non-existing property.
 
525
    """
 
526
    pass
 
527
 
 
528
 
 
529
class DBusObjectWithProperties(dbus.service.Object):
 
530
    """A D-Bus object with properties.
 
531
 
 
532
    Classes inheriting from this can use the dbus_service_property
 
533
    decorator to expose methods as D-Bus properties.  It exposes the
 
534
    standard Get(), Set(), and GetAll() methods on the D-Bus.
 
535
    """
 
536
    
 
537
    @staticmethod
 
538
    def _is_dbus_property(obj):
 
539
        return getattr(obj, u"_dbus_is_property", False)
 
540
    
 
541
    def _get_all_dbus_properties(self):
 
542
        """Returns a generator of (name, attribute) pairs
 
543
        """
 
544
        return ((prop._dbus_name, prop)
 
545
                for name, prop in
 
546
                inspect.getmembers(self, self._is_dbus_property))
 
547
    
 
548
    def _get_dbus_property(self, interface_name, property_name):
 
549
        """Returns a bound method if one exists which is a D-Bus
 
550
        property with the specified name and interface.
 
551
        """
 
552
        for name in (property_name,
 
553
                     property_name + u"_dbus_property"):
 
554
            prop = getattr(self, name, None)
 
555
            if (prop is None
 
556
                or not self._is_dbus_property(prop)
 
557
                or prop._dbus_name != property_name
 
558
                or (interface_name and prop._dbus_interface
 
559
                    and interface_name != prop._dbus_interface)):
 
560
                continue
 
561
            return prop
 
562
        # No such property
 
563
        raise DBusPropertyNotFound(self.dbus_object_path + u":"
 
564
                                   + interface_name + u"."
 
565
                                   + property_name)
 
566
    
 
567
    @dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"ss",
 
568
                         out_signature=u"v")
 
569
    def Get(self, interface_name, property_name):
 
570
        """Standard D-Bus property Get() method, see D-Bus standard.
 
571
        """
 
572
        prop = self._get_dbus_property(interface_name, property_name)
 
573
        if prop._dbus_access == u"write":
 
574
            raise DBusPropertyAccessException(property_name)
 
575
        value = prop()
 
576
        if not hasattr(value, u"variant_level"):
 
577
            return value
 
578
        return type(value)(value, variant_level=value.variant_level+1)
 
579
    
 
580
    @dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"ssv")
 
581
    def Set(self, interface_name, property_name, value):
 
582
        """Standard D-Bus property Set() method, see D-Bus standard.
 
583
        """
 
584
        prop = self._get_dbus_property(interface_name, property_name)
 
585
        if prop._dbus_access == u"read":
 
586
            raise DBusPropertyAccessException(property_name)
 
587
        if prop._dbus_get_args_options[u"byte_arrays"]:
 
588
            # The byte_arrays option is not supported yet on
 
589
            # signatures other than "ay".
 
590
            if prop._dbus_signature != u"ay":
 
591
                raise ValueError
 
592
            value = dbus.ByteArray(''.join(unichr(byte)
 
593
                                           for byte in value))
 
594
        prop(value)
 
595
    
 
596
    @dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"s",
 
597
                         out_signature=u"a{sv}")
 
598
    def GetAll(self, interface_name):
 
599
        """Standard D-Bus property GetAll() method, see D-Bus
 
600
        standard.
 
601
 
 
602
        Note: Will not include properties with access="write".
 
603
        """
 
604
        all = {}
 
605
        for name, prop in self._get_all_dbus_properties():
 
606
            if (interface_name
 
607
                and interface_name != prop._dbus_interface):
 
608
                # Interface non-empty but did not match
 
609
                continue
 
610
            # Ignore write-only properties
 
611
            if prop._dbus_access == u"write":
 
612
                continue
 
613
            value = prop()
 
614
            if not hasattr(value, u"variant_level"):
 
615
                all[name] = value
 
616
                continue
 
617
            all[name] = type(value)(value, variant_level=
 
618
                                    value.variant_level+1)
 
619
        return dbus.Dictionary(all, signature=u"sv")
 
620
    
 
621
    @dbus.service.method(dbus.INTROSPECTABLE_IFACE,
 
622
                         out_signature=u"s",
 
623
                         path_keyword='object_path',
 
624
                         connection_keyword='connection')
 
625
    def Introspect(self, object_path, connection):
 
626
        """Standard D-Bus method, overloaded to insert property tags.
 
627
        """
 
628
        xmlstring = dbus.service.Object.Introspect(self, object_path,
 
629
                                                   connection)
 
630
        try:
 
631
            document = xml.dom.minidom.parseString(xmlstring)
 
632
            def make_tag(document, name, prop):
 
633
                e = document.createElement(u"property")
 
634
                e.setAttribute(u"name", name)
 
635
                e.setAttribute(u"type", prop._dbus_signature)
 
636
                e.setAttribute(u"access", prop._dbus_access)
 
637
                return e
 
638
            for if_tag in document.getElementsByTagName(u"interface"):
 
639
                for tag in (make_tag(document, name, prop)
 
640
                            for name, prop
 
641
                            in self._get_all_dbus_properties()
 
642
                            if prop._dbus_interface
 
643
                            == if_tag.getAttribute(u"name")):
 
644
                    if_tag.appendChild(tag)
 
645
                # Add the names to the return values for the
 
646
                # "org.freedesktop.DBus.Properties" methods
 
647
                if (if_tag.getAttribute(u"name")
 
648
                    == u"org.freedesktop.DBus.Properties"):
 
649
                    for cn in if_tag.getElementsByTagName(u"method"):
 
650
                        if cn.getAttribute(u"name") == u"Get":
 
651
                            for arg in cn.getElementsByTagName(u"arg"):
 
652
                                if (arg.getAttribute(u"direction")
 
653
                                    == u"out"):
 
654
                                    arg.setAttribute(u"name", u"value")
 
655
                        elif cn.getAttribute(u"name") == u"GetAll":
 
656
                            for arg in cn.getElementsByTagName(u"arg"):
 
657
                                if (arg.getAttribute(u"direction")
 
658
                                    == u"out"):
 
659
                                    arg.setAttribute(u"name", u"props")
 
660
            xmlstring = document.toxml(u"utf-8")
 
661
            document.unlink()
 
662
        except (AttributeError, xml.dom.DOMException,
 
663
                xml.parsers.expat.ExpatError), error:
 
664
            logger.error(u"Failed to override Introspection method",
 
665
                         error)
 
666
        return xmlstring
 
667
 
 
668
 
 
669
class ClientDBus(Client, DBusObjectWithProperties):
 
670
    """A Client class using D-Bus
 
671
    
 
672
    Attributes:
 
673
    dbus_object_path: dbus.ObjectPath
 
674
    bus: dbus.SystemBus()
 
675
    """
 
676
    # dbus.service.Object doesn't use super(), so we can't either.
 
677
    
 
678
    def __init__(self, bus = None, *args, **kwargs):
 
679
        self.bus = bus
 
680
        Client.__init__(self, *args, **kwargs)
 
681
        # Only now, when this client is initialized, can it show up on
 
682
        # the D-Bus
 
683
        self.dbus_object_path = (dbus.ObjectPath
 
684
                                 (u"/clients/"
 
685
                                  + self.name.replace(u".", u"_")))
 
686
        DBusObjectWithProperties.__init__(self, self.bus,
 
687
                                          self.dbus_object_path)
 
688
    
 
689
    @staticmethod
 
690
    def _datetime_to_dbus(dt, variant_level=0):
 
691
        """Convert a UTC datetime.datetime() to a D-Bus type."""
 
692
        return dbus.String(dt.isoformat(),
 
693
                           variant_level=variant_level)
 
694
    
 
695
    def enable(self):
 
696
        oldstate = getattr(self, u"enabled", False)
 
697
        r = Client.enable(self)
 
698
        if oldstate != self.enabled:
 
699
            # Emit D-Bus signals
 
700
            self.PropertyChanged(dbus.String(u"enabled"),
 
701
                                 dbus.Boolean(True, variant_level=1))
 
702
            self.PropertyChanged(
 
703
                dbus.String(u"last_enabled"),
 
704
                self._datetime_to_dbus(self.last_enabled,
 
705
                                       variant_level=1))
 
706
        return r
 
707
    
 
708
    def disable(self, quiet = False):
 
709
        oldstate = getattr(self, u"enabled", False)
 
710
        r = Client.disable(self, quiet=quiet)
 
711
        if not quiet and oldstate != self.enabled:
 
712
            # Emit D-Bus signal
 
713
            self.PropertyChanged(dbus.String(u"enabled"),
 
714
                                 dbus.Boolean(False, variant_level=1))
 
715
        return r
 
716
    
 
717
    def __del__(self, *args, **kwargs):
 
718
        try:
 
719
            self.remove_from_connection()
 
720
        except LookupError:
 
721
            pass
 
722
        if hasattr(DBusObjectWithProperties, u"__del__"):
 
723
            DBusObjectWithProperties.__del__(self, *args, **kwargs)
 
724
        Client.__del__(self, *args, **kwargs)
 
725
    
 
726
    def checker_callback(self, pid, condition, command,
 
727
                         *args, **kwargs):
 
728
        self.checker_callback_tag = None
 
729
        self.checker = None
 
730
        # Emit D-Bus signal
 
731
        self.PropertyChanged(dbus.String(u"checker_running"),
 
732
                             dbus.Boolean(False, variant_level=1))
 
733
        if os.WIFEXITED(condition):
 
734
            exitstatus = os.WEXITSTATUS(condition)
 
735
            # Emit D-Bus signal
 
736
            self.CheckerCompleted(dbus.Int16(exitstatus),
 
737
                                  dbus.Int64(condition),
 
738
                                  dbus.String(command))
 
739
        else:
 
740
            # Emit D-Bus signal
 
741
            self.CheckerCompleted(dbus.Int16(-1),
 
742
                                  dbus.Int64(condition),
 
743
                                  dbus.String(command))
 
744
        
 
745
        return Client.checker_callback(self, pid, condition, command,
 
746
                                       *args, **kwargs)
 
747
    
 
748
    def checked_ok(self, *args, **kwargs):
 
749
        r = Client.checked_ok(self, *args, **kwargs)
 
750
        # Emit D-Bus signal
 
751
        self.PropertyChanged(
 
752
            dbus.String(u"last_checked_ok"),
 
753
            (self._datetime_to_dbus(self.last_checked_ok,
 
754
                                    variant_level=1)))
 
755
        return r
 
756
    
 
757
    def start_checker(self, *args, **kwargs):
 
758
        old_checker = self.checker
 
759
        if self.checker is not None:
 
760
            old_checker_pid = self.checker.pid
 
761
        else:
 
762
            old_checker_pid = None
 
763
        r = Client.start_checker(self, *args, **kwargs)
 
764
        # Only if new checker process was started
 
765
        if (self.checker is not None
 
766
            and old_checker_pid != self.checker.pid):
 
767
            # Emit D-Bus signal
 
768
            self.CheckerStarted(self.current_checker_command)
 
769
            self.PropertyChanged(
 
770
                dbus.String(u"checker_running"),
 
771
                dbus.Boolean(True, variant_level=1))
 
772
        return r
 
773
    
 
774
    def stop_checker(self, *args, **kwargs):
 
775
        old_checker = getattr(self, u"checker", None)
 
776
        r = Client.stop_checker(self, *args, **kwargs)
 
777
        if (old_checker is not None
 
778
            and getattr(self, u"checker", None) is None):
437
779
            self.PropertyChanged(dbus.String(u"checker_running"),
438
780
                                 dbus.Boolean(False, variant_level=1))
439
 
    
440
 
    def still_valid(self):
441
 
        """Has the timeout not yet passed for this client?"""
442
 
        if not getattr(self, "enabled", False):
443
 
            return False
444
 
        now = datetime.datetime.utcnow()
445
 
        if self.last_checked_ok is None:
446
 
            return now < (self.created + self.timeout)
447
 
        else:
448
 
            return now < (self.last_checked_ok + self.timeout)
 
781
        return r
449
782
    
450
783
    ## D-Bus methods & signals
451
 
    _interface = u"org.mandos_system.Mandos.Client"
 
784
    _interface = u"se.bsnet.fukt.Mandos.Client"
452
785
    
453
 
    # BumpTimeout - method
454
 
    BumpTimeout = dbus.service.method(_interface)(bump_timeout)
455
 
    BumpTimeout.__name__ = "BumpTimeout"
 
786
    # CheckedOK - method
 
787
    @dbus.service.method(_interface)
 
788
    def CheckedOK(self):
 
789
        return self.checked_ok()
456
790
    
457
791
    # CheckerCompleted - signal
458
 
    @dbus.service.signal(_interface, signature="bqs")
459
 
    def CheckerCompleted(self, success, condition, command):
 
792
    @dbus.service.signal(_interface, signature=u"nxs")
 
793
    def CheckerCompleted(self, exitcode, waitstatus, command):
460
794
        "D-Bus signal"
461
795
        pass
462
796
    
463
797
    # CheckerStarted - signal
464
 
    @dbus.service.signal(_interface, signature="s")
 
798
    @dbus.service.signal(_interface, signature=u"s")
465
799
    def CheckerStarted(self, command):
466
800
        "D-Bus signal"
467
801
        pass
468
802
    
469
 
    # GetAllProperties - method
470
 
    @dbus.service.method(_interface, out_signature="a{sv}")
471
 
    def GetAllProperties(self):
472
 
        "D-Bus method"
473
 
        return dbus.Dictionary({
474
 
                dbus.String("name"):
475
 
                    dbus.String(self.name, variant_level=1),
476
 
                dbus.String("fingerprint"):
477
 
                    dbus.String(self.fingerprint, variant_level=1),
478
 
                dbus.String("host"):
479
 
                    dbus.String(self.host, variant_level=1),
480
 
                dbus.String("created"):
481
 
                    _datetime_to_dbus(self.created, variant_level=1),
482
 
                dbus.String("last_enabled"):
483
 
                    (_datetime_to_dbus(self.last_enabled,
484
 
                                       variant_level=1)
485
 
                     if self.last_enabled is not None
486
 
                     else dbus.Boolean(False, variant_level=1)),
487
 
                dbus.String("enabled"):
488
 
                    dbus.Boolean(self.enabled, variant_level=1),
489
 
                dbus.String("last_checked_ok"):
490
 
                    (_datetime_to_dbus(self.last_checked_ok,
491
 
                                       variant_level=1)
492
 
                     if self.last_checked_ok is not None
493
 
                     else dbus.Boolean (False, variant_level=1)),
494
 
                dbus.String("timeout"):
495
 
                    dbus.UInt64(self.timeout_milliseconds(),
496
 
                                variant_level=1),
497
 
                dbus.String("interval"):
498
 
                    dbus.UInt64(self.interval_milliseconds(),
499
 
                                variant_level=1),
500
 
                dbus.String("checker"):
501
 
                    dbus.String(self.checker_command,
502
 
                                variant_level=1),
503
 
                dbus.String("checker_running"):
504
 
                    dbus.Boolean(self.checker is not None,
505
 
                                 variant_level=1),
506
 
                }, signature="sv")
507
 
    
508
 
    # IsStillValid - method
509
 
    IsStillValid = (dbus.service.method(_interface, out_signature="b")
510
 
                    (still_valid))
511
 
    IsStillValid.__name__ = "IsStillValid"
512
 
    
513
803
    # PropertyChanged - signal
514
 
    @dbus.service.signal(_interface, signature="sv")
 
804
    @dbus.service.signal(_interface, signature=u"sv")
515
805
    def PropertyChanged(self, property, value):
516
806
        "D-Bus signal"
517
807
        pass
518
808
    
519
 
    # SetChecker - method
520
 
    @dbus.service.method(_interface, in_signature="s")
521
 
    def SetChecker(self, checker):
522
 
        "D-Bus setter method"
523
 
        self.checker_command = checker
524
 
        # Emit D-Bus signal
525
 
        self.PropertyChanged(dbus.String(u"checker"),
526
 
                             dbus.String(self.checker_command,
527
 
                                         variant_level=1))
528
 
    
529
 
    # SetHost - method
530
 
    @dbus.service.method(_interface, in_signature="s")
531
 
    def SetHost(self, host):
532
 
        "D-Bus setter method"
533
 
        self.host = host
534
 
        # Emit D-Bus signal
535
 
        self.PropertyChanged(dbus.String(u"host"),
536
 
                             dbus.String(self.host, variant_level=1))
537
 
    
538
 
    # SetInterval - method
539
 
    @dbus.service.method(_interface, in_signature="t")
540
 
    def SetInterval(self, milliseconds):
541
 
        self.interval = datetime.timedelta(0, 0, 0, milliseconds)
542
 
        # Emit D-Bus signal
543
 
        self.PropertyChanged(dbus.String(u"interval"),
544
 
                             (dbus.UInt64(self.interval_milliseconds(),
545
 
                                          variant_level=1)))
546
 
    
547
 
    # SetSecret - method
548
 
    @dbus.service.method(_interface, in_signature="ay",
549
 
                         byte_arrays=True)
550
 
    def SetSecret(self, secret):
551
 
        "D-Bus setter method"
552
 
        self.secret = str(secret)
553
 
    
554
 
    # SetTimeout - method
555
 
    @dbus.service.method(_interface, in_signature="t")
556
 
    def SetTimeout(self, milliseconds):
557
 
        self.timeout = datetime.timedelta(0, 0, 0, milliseconds)
558
 
        # Emit D-Bus signal
559
 
        self.PropertyChanged(dbus.String(u"timeout"),
560
 
                             (dbus.UInt64(self.timeout_milliseconds(),
561
 
                                          variant_level=1)))
 
809
    # GotSecret - signal
 
810
    @dbus.service.signal(_interface)
 
811
    def GotSecret(self):
 
812
        "D-Bus signal"
 
813
        pass
 
814
    
 
815
    # Rejected - signal
 
816
    @dbus.service.signal(_interface)
 
817
    def Rejected(self):
 
818
        "D-Bus signal"
 
819
        pass
562
820
    
563
821
    # Enable - method
564
 
    Enable = dbus.service.method(_interface)(enable)
565
 
    Enable.__name__ = "Enable"
 
822
    @dbus.service.method(_interface)
 
823
    def Enable(self):
 
824
        "D-Bus method"
 
825
        self.enable()
566
826
    
567
827
    # StartChecker - method
568
828
    @dbus.service.method(_interface)
577
837
        self.disable()
578
838
    
579
839
    # StopChecker - method
580
 
    StopChecker = dbus.service.method(_interface)(stop_checker)
581
 
    StopChecker.__name__ = "StopChecker"
 
840
    @dbus.service.method(_interface)
 
841
    def StopChecker(self):
 
842
        self.stop_checker()
 
843
    
 
844
    # name - property
 
845
    @dbus_service_property(_interface, signature=u"s", access=u"read")
 
846
    def name_dbus_property(self):
 
847
        return dbus.String(self.name)
 
848
    
 
849
    # fingerprint - property
 
850
    @dbus_service_property(_interface, signature=u"s", access=u"read")
 
851
    def fingerprint_dbus_property(self):
 
852
        return dbus.String(self.fingerprint)
 
853
    
 
854
    # host - property
 
855
    @dbus_service_property(_interface, signature=u"s",
 
856
                           access=u"readwrite")
 
857
    def host_dbus_property(self, value=None):
 
858
        if value is None:       # get
 
859
            return dbus.String(self.host)
 
860
        self.host = value
 
861
        # Emit D-Bus signal
 
862
        self.PropertyChanged(dbus.String(u"host"),
 
863
                             dbus.String(value, variant_level=1))
 
864
    
 
865
    # created - property
 
866
    @dbus_service_property(_interface, signature=u"s", access=u"read")
 
867
    def created_dbus_property(self):
 
868
        return dbus.String(self._datetime_to_dbus(self.created))
 
869
    
 
870
    # last_enabled - property
 
871
    @dbus_service_property(_interface, signature=u"s", access=u"read")
 
872
    def last_enabled_dbus_property(self):
 
873
        if self.last_enabled is None:
 
874
            return dbus.String(u"")
 
875
        return dbus.String(self._datetime_to_dbus(self.last_enabled))
 
876
    
 
877
    # enabled - property
 
878
    @dbus_service_property(_interface, signature=u"b",
 
879
                           access=u"readwrite")
 
880
    def enabled_dbus_property(self, value=None):
 
881
        if value is None:       # get
 
882
            return dbus.Boolean(self.enabled)
 
883
        if value:
 
884
            self.enable()
 
885
        else:
 
886
            self.disable()
 
887
    
 
888
    # last_checked_ok - property
 
889
    @dbus_service_property(_interface, signature=u"s",
 
890
                           access=u"readwrite")
 
891
    def last_checked_ok_dbus_property(self, value=None):
 
892
        if value is not None:
 
893
            self.checked_ok()
 
894
            return
 
895
        if self.last_checked_ok is None:
 
896
            return dbus.String(u"")
 
897
        return dbus.String(self._datetime_to_dbus(self
 
898
                                                  .last_checked_ok))
 
899
    
 
900
    # timeout - property
 
901
    @dbus_service_property(_interface, signature=u"t",
 
902
                           access=u"readwrite")
 
903
    def timeout_dbus_property(self, value=None):
 
904
        if value is None:       # get
 
905
            return dbus.UInt64(self.timeout_milliseconds())
 
906
        self.timeout = datetime.timedelta(0, 0, 0, value)
 
907
        # Emit D-Bus signal
 
908
        self.PropertyChanged(dbus.String(u"timeout"),
 
909
                             dbus.UInt64(value, variant_level=1))
 
910
        if getattr(self, u"disable_initiator_tag", None) is None:
 
911
            return
 
912
        # Reschedule timeout
 
913
        gobject.source_remove(self.disable_initiator_tag)
 
914
        self.disable_initiator_tag = None
 
915
        time_to_die = (self.
 
916
                       _timedelta_to_milliseconds((self
 
917
                                                   .last_checked_ok
 
918
                                                   + self.timeout)
 
919
                                                  - datetime.datetime
 
920
                                                  .utcnow()))
 
921
        if time_to_die <= 0:
 
922
            # The timeout has passed
 
923
            self.disable()
 
924
        else:
 
925
            self.disable_initiator_tag = (gobject.timeout_add
 
926
                                          (time_to_die, self.disable))
 
927
    
 
928
    # interval - property
 
929
    @dbus_service_property(_interface, signature=u"t",
 
930
                           access=u"readwrite")
 
931
    def interval_dbus_property(self, value=None):
 
932
        if value is None:       # get
 
933
            return dbus.UInt64(self.interval_milliseconds())
 
934
        self.interval = datetime.timedelta(0, 0, 0, value)
 
935
        # Emit D-Bus signal
 
936
        self.PropertyChanged(dbus.String(u"interval"),
 
937
                             dbus.UInt64(value, variant_level=1))
 
938
        if getattr(self, u"checker_initiator_tag", None) is None:
 
939
            return
 
940
        # Reschedule checker run
 
941
        gobject.source_remove(self.checker_initiator_tag)
 
942
        self.checker_initiator_tag = (gobject.timeout_add
 
943
                                      (value, self.start_checker))
 
944
        self.start_checker()    # Start one now, too
 
945
 
 
946
    # checker - property
 
947
    @dbus_service_property(_interface, signature=u"s",
 
948
                           access=u"readwrite")
 
949
    def checker_dbus_property(self, value=None):
 
950
        if value is None:       # get
 
951
            return dbus.String(self.checker_command)
 
952
        self.checker_command = value
 
953
        # Emit D-Bus signal
 
954
        self.PropertyChanged(dbus.String(u"checker"),
 
955
                             dbus.String(self.checker_command,
 
956
                                         variant_level=1))
 
957
    
 
958
    # checker_running - property
 
959
    @dbus_service_property(_interface, signature=u"b",
 
960
                           access=u"readwrite")
 
961
    def checker_running_dbus_property(self, value=None):
 
962
        if value is None:       # get
 
963
            return dbus.Boolean(self.checker is not None)
 
964
        if value:
 
965
            self.start_checker()
 
966
        else:
 
967
            self.stop_checker()
 
968
    
 
969
    # object_path - property
 
970
    @dbus_service_property(_interface, signature=u"o", access=u"read")
 
971
    def object_path_dbus_property(self):
 
972
        return self.dbus_object_path # is already a dbus.ObjectPath
 
973
    
 
974
    # secret = property
 
975
    @dbus_service_property(_interface, signature=u"ay",
 
976
                           access=u"write", byte_arrays=True)
 
977
    def secret_dbus_property(self, value):
 
978
        self.secret = str(value)
582
979
    
583
980
    del _interface
584
981
 
585
982
 
586
 
def peer_certificate(session):
587
 
    "Return the peer's OpenPGP certificate as a bytestring"
588
 
    # If not an OpenPGP certificate...
589
 
    if (gnutls.library.functions
590
 
        .gnutls_certificate_type_get(session._c_object)
591
 
        != gnutls.library.constants.GNUTLS_CRT_OPENPGP):
592
 
        # ...do the normal thing
593
 
        return session.peer_certificate
594
 
    list_size = ctypes.c_uint()
595
 
    cert_list = (gnutls.library.functions
596
 
                 .gnutls_certificate_get_peers
597
 
                 (session._c_object, ctypes.byref(list_size)))
598
 
    if list_size.value == 0:
599
 
        return None
600
 
    cert = cert_list[0]
601
 
    return ctypes.string_at(cert.data, cert.size)
602
 
 
603
 
 
604
 
def fingerprint(openpgp):
605
 
    "Convert an OpenPGP bytestring to a hexdigit fingerprint string"
606
 
    # New GnuTLS "datum" with the OpenPGP public key
607
 
    datum = (gnutls.library.types
608
 
             .gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
609
 
                                         ctypes.POINTER
610
 
                                         (ctypes.c_ubyte)),
611
 
                             ctypes.c_uint(len(openpgp))))
612
 
    # New empty GnuTLS certificate
613
 
    crt = gnutls.library.types.gnutls_openpgp_crt_t()
614
 
    (gnutls.library.functions
615
 
     .gnutls_openpgp_crt_init(ctypes.byref(crt)))
616
 
    # Import the OpenPGP public key into the certificate
617
 
    (gnutls.library.functions
618
 
     .gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
619
 
                                gnutls.library.constants
620
 
                                .GNUTLS_OPENPGP_FMT_RAW))
621
 
    # Verify the self signature in the key
622
 
    crtverify = ctypes.c_uint()
623
 
    (gnutls.library.functions
624
 
     .gnutls_openpgp_crt_verify_self(crt, 0, ctypes.byref(crtverify)))
625
 
    if crtverify.value != 0:
626
 
        gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
627
 
        raise gnutls.errors.CertificateSecurityError("Verify failed")
628
 
    # New buffer for the fingerprint
629
 
    buf = ctypes.create_string_buffer(20)
630
 
    buf_len = ctypes.c_size_t()
631
 
    # Get the fingerprint from the certificate into the buffer
632
 
    (gnutls.library.functions
633
 
     .gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
634
 
                                         ctypes.byref(buf_len)))
635
 
    # Deinit the certificate
636
 
    gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
637
 
    # Convert the buffer to a Python bytestring
638
 
    fpr = ctypes.string_at(buf, buf_len.value)
639
 
    # Convert the bytestring to hexadecimal notation
640
 
    hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
641
 
    return hex_fpr
642
 
 
643
 
 
644
 
class TCP_handler(SocketServer.BaseRequestHandler, object):
645
 
    """A TCP request handler class.
646
 
    Instantiated by IPv6_TCPServer for each request to handle it.
 
983
class ClientHandler(socketserver.BaseRequestHandler, object):
 
984
    """A class to handle client connections.
 
985
    
 
986
    Instantiated once for each connection to handle it.
647
987
    Note: This will run in its own forked process."""
648
988
    
649
989
    def handle(self):
650
990
        logger.info(u"TCP connection from: %s",
651
991
                    unicode(self.client_address))
652
 
        session = (gnutls.connection
653
 
                   .ClientSession(self.request,
654
 
                                  gnutls.connection
655
 
                                  .X509Credentials()))
656
 
        
657
 
        line = self.request.makefile().readline()
658
 
        logger.debug(u"Protocol version: %r", line)
659
 
        try:
660
 
            if int(line.strip().split()[0]) > 1:
661
 
                raise RuntimeError
662
 
        except (ValueError, IndexError, RuntimeError), error:
663
 
            logger.error(u"Unknown protocol version: %s", error)
664
 
            return
665
 
        
666
 
        # Note: gnutls.connection.X509Credentials is really a generic
667
 
        # GnuTLS certificate credentials object so long as no X.509
668
 
        # keys are added to it.  Therefore, we can use it here despite
669
 
        # using OpenPGP certificates.
670
 
        
671
 
        #priority = ':'.join(("NONE", "+VERS-TLS1.1", "+AES-256-CBC",
672
 
        #                "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",
673
 
        #                "+DHE-DSS"))
674
 
        # Use a fallback default, since this MUST be set.
675
 
        priority = self.server.settings.get("priority", "NORMAL")
676
 
        (gnutls.library.functions
677
 
         .gnutls_priority_set_direct(session._c_object,
678
 
                                     priority, None))
679
 
        
680
 
        try:
681
 
            session.handshake()
682
 
        except gnutls.errors.GNUTLSError, error:
683
 
            logger.warning(u"Handshake failed: %s", error)
684
 
            # Do not run session.bye() here: the session is not
685
 
            # established.  Just abandon the request.
686
 
            return
687
 
        try:
688
 
            fpr = fingerprint(peer_certificate(session))
689
 
        except (TypeError, gnutls.errors.GNUTLSError), error:
690
 
            logger.warning(u"Bad certificate: %s", error)
691
 
            session.bye()
692
 
            return
693
 
        logger.debug(u"Fingerprint: %s", fpr)
694
 
        for c in self.server.clients:
695
 
            if c.fingerprint == fpr:
696
 
                client = c
697
 
                break
698
 
        else:
699
 
            logger.warning(u"Client not found for fingerprint: %s",
700
 
                           fpr)
701
 
            session.bye()
702
 
            return
703
 
        # Have to check if client.still_valid(), since it is possible
704
 
        # that the client timed out while establishing the GnuTLS
705
 
        # session.
706
 
        if not client.still_valid():
707
 
            logger.warning(u"Client %(name)s is invalid",
708
 
                           vars(client))
709
 
            session.bye()
710
 
            return
711
 
        ## This won't work here, since we're in a fork.
712
 
        # client.bump_timeout()
713
 
        sent_size = 0
714
 
        while sent_size < len(client.secret):
715
 
            sent = session.send(client.secret[sent_size:])
716
 
            logger.debug(u"Sent: %d, remaining: %d",
717
 
                         sent, len(client.secret)
718
 
                         - (sent_size + sent))
719
 
            sent_size += sent
720
 
        session.bye()
721
 
 
722
 
 
723
 
class IPv6_TCPServer(SocketServer.ForkingMixIn,
724
 
                     SocketServer.TCPServer, object):
725
 
    """IPv6 TCP server.  Accepts 'None' as address and/or port.
 
992
        logger.debug(u"IPC Pipe FD: %d", self.server.child_pipe[1])
 
993
        # Open IPC pipe to parent process
 
994
        with contextlib.nested(os.fdopen(self.server.child_pipe[1],
 
995
                                         u"w", 1),
 
996
                               os.fdopen(self.server.parent_pipe[0],
 
997
                                         u"r", 0)) as (ipc,
 
998
                                                       ipc_return):
 
999
            session = (gnutls.connection
 
1000
                       .ClientSession(self.request,
 
1001
                                      gnutls.connection
 
1002
                                      .X509Credentials()))
 
1003
            
 
1004
            line = self.request.makefile().readline()
 
1005
            logger.debug(u"Protocol version: %r", line)
 
1006
            try:
 
1007
                if int(line.strip().split()[0]) > 1:
 
1008
                    raise RuntimeError
 
1009
            except (ValueError, IndexError, RuntimeError), error:
 
1010
                logger.error(u"Unknown protocol version: %s", error)
 
1011
                return
 
1012
            
 
1013
            # Note: gnutls.connection.X509Credentials is really a
 
1014
            # generic GnuTLS certificate credentials object so long as
 
1015
            # no X.509 keys are added to it.  Therefore, we can use it
 
1016
            # here despite using OpenPGP certificates.
 
1017
            
 
1018
            #priority = u':'.join((u"NONE", u"+VERS-TLS1.1",
 
1019
            #                      u"+AES-256-CBC", u"+SHA1",
 
1020
            #                      u"+COMP-NULL", u"+CTYPE-OPENPGP",
 
1021
            #                      u"+DHE-DSS"))
 
1022
            # Use a fallback default, since this MUST be set.
 
1023
            priority = self.server.gnutls_priority
 
1024
            if priority is None:
 
1025
                priority = u"NORMAL"
 
1026
            (gnutls.library.functions
 
1027
             .gnutls_priority_set_direct(session._c_object,
 
1028
                                         priority, None))
 
1029
            
 
1030
            try:
 
1031
                session.handshake()
 
1032
            except gnutls.errors.GNUTLSError, error:
 
1033
                logger.warning(u"Handshake failed: %s", error)
 
1034
                # Do not run session.bye() here: the session is not
 
1035
                # established.  Just abandon the request.
 
1036
                return
 
1037
            logger.debug(u"Handshake succeeded")
 
1038
            try:
 
1039
                try:
 
1040
                    fpr = self.fingerprint(self.peer_certificate
 
1041
                                           (session))
 
1042
                except (TypeError, gnutls.errors.GNUTLSError), error:
 
1043
                    logger.warning(u"Bad certificate: %s", error)
 
1044
                    return
 
1045
                logger.debug(u"Fingerprint: %s", fpr)
 
1046
 
 
1047
                for c in self.server.clients:
 
1048
                    if c.fingerprint == fpr:
 
1049
                        client = c
 
1050
                        break
 
1051
                else:
 
1052
                    ipc.write(u"NOTFOUND %s %s\n"
 
1053
                              % (fpr, unicode(self.client_address)))
 
1054
                    return
 
1055
                # Have to check if client.enabled, since it is
 
1056
                # possible that the client was disabled since the
 
1057
                # GnuTLS session was established.
 
1058
                ipc.write(u"GETATTR enabled %s\n" % fpr)
 
1059
                enabled = pickle.load(ipc_return)
 
1060
                if not enabled:
 
1061
                    ipc.write(u"DISABLED %s\n" % client.name)
 
1062
                    return
 
1063
                ipc.write(u"SENDING %s\n" % client.name)
 
1064
                sent_size = 0
 
1065
                while sent_size < len(client.secret):
 
1066
                    sent = session.send(client.secret[sent_size:])
 
1067
                    logger.debug(u"Sent: %d, remaining: %d",
 
1068
                                 sent, len(client.secret)
 
1069
                                 - (sent_size + sent))
 
1070
                    sent_size += sent
 
1071
            finally:
 
1072
                session.bye()
 
1073
    
 
1074
    @staticmethod
 
1075
    def peer_certificate(session):
 
1076
        "Return the peer's OpenPGP certificate as a bytestring"
 
1077
        # If not an OpenPGP certificate...
 
1078
        if (gnutls.library.functions
 
1079
            .gnutls_certificate_type_get(session._c_object)
 
1080
            != gnutls.library.constants.GNUTLS_CRT_OPENPGP):
 
1081
            # ...do the normal thing
 
1082
            return session.peer_certificate
 
1083
        list_size = ctypes.c_uint(1)
 
1084
        cert_list = (gnutls.library.functions
 
1085
                     .gnutls_certificate_get_peers
 
1086
                     (session._c_object, ctypes.byref(list_size)))
 
1087
        if not bool(cert_list) and list_size.value != 0:
 
1088
            raise gnutls.errors.GNUTLSError(u"error getting peer"
 
1089
                                            u" certificate")
 
1090
        if list_size.value == 0:
 
1091
            return None
 
1092
        cert = cert_list[0]
 
1093
        return ctypes.string_at(cert.data, cert.size)
 
1094
    
 
1095
    @staticmethod
 
1096
    def fingerprint(openpgp):
 
1097
        "Convert an OpenPGP bytestring to a hexdigit fingerprint"
 
1098
        # New GnuTLS "datum" with the OpenPGP public key
 
1099
        datum = (gnutls.library.types
 
1100
                 .gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
 
1101
                                             ctypes.POINTER
 
1102
                                             (ctypes.c_ubyte)),
 
1103
                                 ctypes.c_uint(len(openpgp))))
 
1104
        # New empty GnuTLS certificate
 
1105
        crt = gnutls.library.types.gnutls_openpgp_crt_t()
 
1106
        (gnutls.library.functions
 
1107
         .gnutls_openpgp_crt_init(ctypes.byref(crt)))
 
1108
        # Import the OpenPGP public key into the certificate
 
1109
        (gnutls.library.functions
 
1110
         .gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
 
1111
                                    gnutls.library.constants
 
1112
                                    .GNUTLS_OPENPGP_FMT_RAW))
 
1113
        # Verify the self signature in the key
 
1114
        crtverify = ctypes.c_uint()
 
1115
        (gnutls.library.functions
 
1116
         .gnutls_openpgp_crt_verify_self(crt, 0,
 
1117
                                         ctypes.byref(crtverify)))
 
1118
        if crtverify.value != 0:
 
1119
            gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
 
1120
            raise (gnutls.errors.CertificateSecurityError
 
1121
                   (u"Verify failed"))
 
1122
        # New buffer for the fingerprint
 
1123
        buf = ctypes.create_string_buffer(20)
 
1124
        buf_len = ctypes.c_size_t()
 
1125
        # Get the fingerprint from the certificate into the buffer
 
1126
        (gnutls.library.functions
 
1127
         .gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
 
1128
                                             ctypes.byref(buf_len)))
 
1129
        # Deinit the certificate
 
1130
        gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
 
1131
        # Convert the buffer to a Python bytestring
 
1132
        fpr = ctypes.string_at(buf, buf_len.value)
 
1133
        # Convert the bytestring to hexadecimal notation
 
1134
        hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
 
1135
        return hex_fpr
 
1136
 
 
1137
 
 
1138
class ForkingMixInWithPipes(socketserver.ForkingMixIn, object):
 
1139
    """Like socketserver.ForkingMixIn, but also pass a pipe pair."""
 
1140
    def process_request(self, request, client_address):
 
1141
        """Overrides and wraps the original process_request().
 
1142
        
 
1143
        This function creates a new pipe in self.pipe
 
1144
        """
 
1145
        self.child_pipe = os.pipe() # Child writes here
 
1146
        self.parent_pipe = os.pipe() # Parent writes here
 
1147
        super(ForkingMixInWithPipes,
 
1148
              self).process_request(request, client_address)
 
1149
        # Close unused ends for parent
 
1150
        os.close(self.parent_pipe[0]) # close read end
 
1151
        os.close(self.child_pipe[1])  # close write end
 
1152
        self.add_pipe_fds(self.child_pipe[0], self.parent_pipe[1])
 
1153
    def add_pipe_fds(self, child_pipe_fd, parent_pipe_fd):
 
1154
        """Dummy function; override as necessary"""
 
1155
        os.close(child_pipe_fd)
 
1156
        os.close(parent_pipe_fd)
 
1157
 
 
1158
 
 
1159
class IPv6_TCPServer(ForkingMixInWithPipes,
 
1160
                     socketserver.TCPServer, object):
 
1161
    """IPv6-capable TCP server.  Accepts 'None' as address and/or port
 
1162
    
726
1163
    Attributes:
727
 
        settings:       Server settings
728
 
        clients:        Set() of Client objects
729
1164
        enabled:        Boolean; whether this server is activated yet
 
1165
        interface:      None or a network interface name (string)
 
1166
        use_ipv6:       Boolean; to use IPv6 or not
730
1167
    """
731
 
    address_family = socket.AF_INET6
732
 
    def __init__(self, *args, **kwargs):
733
 
        if "settings" in kwargs:
734
 
            self.settings = kwargs["settings"]
735
 
            del kwargs["settings"]
736
 
        if "clients" in kwargs:
737
 
            self.clients = kwargs["clients"]
738
 
            del kwargs["clients"]
739
 
        self.enabled = False
740
 
        super(IPv6_TCPServer, self).__init__(*args, **kwargs)
 
1168
    def __init__(self, server_address, RequestHandlerClass,
 
1169
                 interface=None, use_ipv6=True):
 
1170
        self.interface = interface
 
1171
        if use_ipv6:
 
1172
            self.address_family = socket.AF_INET6
 
1173
        socketserver.TCPServer.__init__(self, server_address,
 
1174
                                        RequestHandlerClass)
741
1175
    def server_bind(self):
742
1176
        """This overrides the normal server_bind() function
743
1177
        to bind to an interface if one was specified, and also NOT to
744
1178
        bind to an address or port if they were not specified."""
745
 
        if self.settings["interface"]:
746
 
            # 25 is from /usr/include/asm-i486/socket.h
747
 
            SO_BINDTODEVICE = getattr(socket, "SO_BINDTODEVICE", 25)
748
 
            try:
749
 
                self.socket.setsockopt(socket.SOL_SOCKET,
750
 
                                       SO_BINDTODEVICE,
751
 
                                       self.settings["interface"])
752
 
            except socket.error, error:
753
 
                if error[0] == errno.EPERM:
754
 
                    logger.error(u"No permission to"
755
 
                                 u" bind to interface %s",
756
 
                                 self.settings["interface"])
757
 
                else:
758
 
                    raise error
 
1179
        if self.interface is not None:
 
1180
            if SO_BINDTODEVICE is None:
 
1181
                logger.error(u"SO_BINDTODEVICE does not exist;"
 
1182
                             u" cannot bind to interface %s",
 
1183
                             self.interface)
 
1184
            else:
 
1185
                try:
 
1186
                    self.socket.setsockopt(socket.SOL_SOCKET,
 
1187
                                           SO_BINDTODEVICE,
 
1188
                                           str(self.interface
 
1189
                                               + u'\0'))
 
1190
                except socket.error, error:
 
1191
                    if error[0] == errno.EPERM:
 
1192
                        logger.error(u"No permission to"
 
1193
                                     u" bind to interface %s",
 
1194
                                     self.interface)
 
1195
                    elif error[0] == errno.ENOPROTOOPT:
 
1196
                        logger.error(u"SO_BINDTODEVICE not available;"
 
1197
                                     u" cannot bind to interface %s",
 
1198
                                     self.interface)
 
1199
                    else:
 
1200
                        raise
759
1201
        # Only bind(2) the socket if we really need to.
760
1202
        if self.server_address[0] or self.server_address[1]:
761
1203
            if not self.server_address[0]:
762
 
                in6addr_any = "::"
763
 
                self.server_address = (in6addr_any,
 
1204
                if self.address_family == socket.AF_INET6:
 
1205
                    any_address = u"::" # in6addr_any
 
1206
                else:
 
1207
                    any_address = socket.INADDR_ANY
 
1208
                self.server_address = (any_address,
764
1209
                                       self.server_address[1])
765
1210
            elif not self.server_address[1]:
766
1211
                self.server_address = (self.server_address[0],
767
1212
                                       0)
768
 
#                 if self.settings["interface"]:
 
1213
#                 if self.interface:
769
1214
#                     self.server_address = (self.server_address[0],
770
1215
#                                            0, # port
771
1216
#                                            0, # flowinfo
772
1217
#                                            if_nametoindex
773
 
#                                            (self.settings
774
 
#                                             ["interface"]))
775
 
            return super(IPv6_TCPServer, self).server_bind()
 
1218
#                                            (self.interface))
 
1219
            return socketserver.TCPServer.server_bind(self)
 
1220
 
 
1221
 
 
1222
class MandosServer(IPv6_TCPServer):
 
1223
    """Mandos server.
 
1224
    
 
1225
    Attributes:
 
1226
        clients:        set of Client objects
 
1227
        gnutls_priority GnuTLS priority string
 
1228
        use_dbus:       Boolean; to emit D-Bus signals or not
 
1229
    
 
1230
    Assumes a gobject.MainLoop event loop.
 
1231
    """
 
1232
    def __init__(self, server_address, RequestHandlerClass,
 
1233
                 interface=None, use_ipv6=True, clients=None,
 
1234
                 gnutls_priority=None, use_dbus=True):
 
1235
        self.enabled = False
 
1236
        self.clients = clients
 
1237
        if self.clients is None:
 
1238
            self.clients = set()
 
1239
        self.use_dbus = use_dbus
 
1240
        self.gnutls_priority = gnutls_priority
 
1241
        IPv6_TCPServer.__init__(self, server_address,
 
1242
                                RequestHandlerClass,
 
1243
                                interface = interface,
 
1244
                                use_ipv6 = use_ipv6)
776
1245
    def server_activate(self):
777
1246
        if self.enabled:
778
 
            return super(IPv6_TCPServer, self).server_activate()
 
1247
            return socketserver.TCPServer.server_activate(self)
779
1248
    def enable(self):
780
1249
        self.enabled = True
 
1250
    def add_pipe_fds(self, child_pipe_fd, parent_pipe_fd):
 
1251
        # Call "handle_ipc" for both data and EOF events
 
1252
        gobject.io_add_watch(child_pipe_fd,
 
1253
                             gobject.IO_IN | gobject.IO_HUP,
 
1254
                             functools.partial(self.handle_ipc,
 
1255
                                               reply_fd
 
1256
                                               =parent_pipe_fd))
 
1257
    def handle_ipc(self, source, condition, reply_fd=None,
 
1258
                   file_objects={}):
 
1259
        condition_names = {
 
1260
            gobject.IO_IN: u"IN",   # There is data to read.
 
1261
            gobject.IO_OUT: u"OUT", # Data can be written (without
 
1262
                                    # blocking).
 
1263
            gobject.IO_PRI: u"PRI", # There is urgent data to read.
 
1264
            gobject.IO_ERR: u"ERR", # Error condition.
 
1265
            gobject.IO_HUP: u"HUP"  # Hung up (the connection has been
 
1266
                                    # broken, usually for pipes and
 
1267
                                    # sockets).
 
1268
            }
 
1269
        conditions_string = ' | '.join(name
 
1270
                                       for cond, name in
 
1271
                                       condition_names.iteritems()
 
1272
                                       if cond & condition)
 
1273
        logger.debug(u"Handling IPC: FD = %d, condition = %s", source,
 
1274
                     conditions_string)
 
1275
        
 
1276
        # Turn the pipe file descriptors into Python file objects
 
1277
        if source not in file_objects:
 
1278
            file_objects[source] = os.fdopen(source, u"r", 1)
 
1279
        if reply_fd not in file_objects:
 
1280
            file_objects[reply_fd] = os.fdopen(reply_fd, u"w", 0)
 
1281
        
 
1282
        # Read a line from the file object
 
1283
        cmdline = file_objects[source].readline()
 
1284
        if not cmdline:             # Empty line means end of file
 
1285
            # close the IPC pipes
 
1286
            file_objects[source].close()
 
1287
            del file_objects[source]
 
1288
            file_objects[reply_fd].close()
 
1289
            del file_objects[reply_fd]
 
1290
            
 
1291
            # Stop calling this function
 
1292
            return False
 
1293
        
 
1294
        logger.debug(u"IPC command: %r", cmdline)
 
1295
        
 
1296
        # Parse and act on command
 
1297
        cmd, args = cmdline.rstrip(u"\r\n").split(None, 1)
 
1298
        
 
1299
        if cmd == u"NOTFOUND":
 
1300
            fpr, address = args.split(None, 1)
 
1301
            logger.warning(u"Client not found for fingerprint: %s, ad"
 
1302
                           u"dress: %s", fpr, address)
 
1303
            if self.use_dbus:
 
1304
                # Emit D-Bus signal
 
1305
                mandos_dbus_service.ClientNotFound(fpr, address)
 
1306
        elif cmd == u"DISABLED":
 
1307
            for client in self.clients:
 
1308
                if client.name == args:
 
1309
                    logger.warning(u"Client %s is disabled", args)
 
1310
                    if self.use_dbus:
 
1311
                        # Emit D-Bus signal
 
1312
                        client.Rejected()
 
1313
                    break
 
1314
            else:
 
1315
                logger.error(u"Unknown client %s is disabled", args)
 
1316
        elif cmd == u"SENDING":
 
1317
            for client in self.clients:
 
1318
                if client.name == args:
 
1319
                    logger.info(u"Sending secret to %s", client.name)
 
1320
                    client.checked_ok()
 
1321
                    if self.use_dbus:
 
1322
                        # Emit D-Bus signal
 
1323
                        client.GotSecret()
 
1324
                    break
 
1325
            else:
 
1326
                logger.error(u"Sending secret to unknown client %s",
 
1327
                             args)
 
1328
        elif cmd == u"GETATTR":
 
1329
            attr_name, fpr = args.split(None, 1)
 
1330
            for client in self.clients:
 
1331
                if client.fingerprint == fpr:
 
1332
                    attr_value = getattr(client, attr_name, None)
 
1333
                    logger.debug("IPC reply: %r", attr_value)
 
1334
                    pickle.dump(attr_value, file_objects[reply_fd])
 
1335
                    break
 
1336
            else:
 
1337
                logger.error(u"Client %s on address %s requesting "
 
1338
                             u"attribute %s not found", fpr, address,
 
1339
                             attr_name)
 
1340
                pickle.dump(None, file_objects[reply_fd])
 
1341
        else:
 
1342
            logger.error(u"Unknown IPC command: %r", cmdline)
 
1343
        
 
1344
        # Keep calling this function
 
1345
        return True
781
1346
 
782
1347
 
783
1348
def string_to_delta(interval):
784
1349
    """Parse a string and return a datetime.timedelta
785
 
 
786
 
    >>> string_to_delta('7d')
 
1350
    
 
1351
    >>> string_to_delta(u'7d')
787
1352
    datetime.timedelta(7)
788
 
    >>> string_to_delta('60s')
 
1353
    >>> string_to_delta(u'60s')
789
1354
    datetime.timedelta(0, 60)
790
 
    >>> string_to_delta('60m')
 
1355
    >>> string_to_delta(u'60m')
791
1356
    datetime.timedelta(0, 3600)
792
 
    >>> string_to_delta('24h')
 
1357
    >>> string_to_delta(u'24h')
793
1358
    datetime.timedelta(1)
794
1359
    >>> string_to_delta(u'1w')
795
1360
    datetime.timedelta(7)
796
 
    >>> string_to_delta('5m 30s')
 
1361
    >>> string_to_delta(u'5m 30s')
797
1362
    datetime.timedelta(0, 330)
798
1363
    """
799
1364
    timevalue = datetime.timedelta(0)
812
1377
            elif suffix == u"w":
813
1378
                delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
814
1379
            else:
815
 
                raise ValueError
816
 
        except (ValueError, IndexError):
817
 
            raise ValueError
 
1380
                raise ValueError(u"Unknown suffix %r" % suffix)
 
1381
        except (ValueError, IndexError), e:
 
1382
            raise ValueError(e.message)
818
1383
        timevalue += delta
819
1384
    return timevalue
820
1385
 
821
1386
 
822
 
def server_state_changed(state):
823
 
    """Derived from the Avahi example code"""
824
 
    if state == avahi.SERVER_COLLISION:
825
 
        logger.error(u"Zeroconf server name collision")
826
 
        service.remove()
827
 
    elif state == avahi.SERVER_RUNNING:
828
 
        service.add()
829
 
 
830
 
 
831
 
def entry_group_state_changed(state, error):
832
 
    """Derived from the Avahi example code"""
833
 
    logger.debug(u"Avahi state change: %i", state)
834
 
    
835
 
    if state == avahi.ENTRY_GROUP_ESTABLISHED:
836
 
        logger.debug(u"Zeroconf service established.")
837
 
    elif state == avahi.ENTRY_GROUP_COLLISION:
838
 
        logger.warning(u"Zeroconf service name collision.")
839
 
        service.rename()
840
 
    elif state == avahi.ENTRY_GROUP_FAILURE:
841
 
        logger.critical(u"Avahi: Error in group state changed %s",
842
 
                        unicode(error))
843
 
        raise AvahiGroupError(u"State changed: %s" % unicode(error))
844
 
 
845
1387
def if_nametoindex(interface):
846
 
    """Call the C function if_nametoindex(), or equivalent"""
 
1388
    """Call the C function if_nametoindex(), or equivalent
 
1389
    
 
1390
    Note: This function cannot accept a unicode string."""
847
1391
    global if_nametoindex
848
1392
    try:
849
1393
        if_nametoindex = (ctypes.cdll.LoadLibrary
850
 
                          (ctypes.util.find_library("c"))
 
1394
                          (ctypes.util.find_library(u"c"))
851
1395
                          .if_nametoindex)
852
1396
    except (OSError, AttributeError):
853
 
        if "struct" not in sys.modules:
854
 
            import struct
855
 
        if "fcntl" not in sys.modules:
856
 
            import fcntl
 
1397
        logger.warning(u"Doing if_nametoindex the hard way")
857
1398
        def if_nametoindex(interface):
858
1399
            "Get an interface index the hard way, i.e. using fcntl()"
859
1400
            SIOCGIFINDEX = 0x8933  # From /usr/include/linux/sockios.h
860
 
            with closing(socket.socket()) as s:
 
1401
            with contextlib.closing(socket.socket()) as s:
861
1402
                ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
862
 
                                    struct.pack("16s16x", interface))
863
 
            interface_index = struct.unpack("I", ifreq[16:20])[0]
 
1403
                                    struct.pack(str(u"16s16x"),
 
1404
                                                interface))
 
1405
            interface_index = struct.unpack(str(u"I"),
 
1406
                                            ifreq[16:20])[0]
864
1407
            return interface_index
865
1408
    return if_nametoindex(interface)
866
1409
 
867
1410
 
868
1411
def daemon(nochdir = False, noclose = False):
869
1412
    """See daemon(3).  Standard BSD Unix function.
 
1413
    
870
1414
    This should really exist as os.daemon, but it doesn't (yet)."""
871
1415
    if os.fork():
872
1416
        sys.exit()
873
1417
    os.setsid()
874
1418
    if not nochdir:
875
 
        os.chdir("/")
 
1419
        os.chdir(u"/")
876
1420
    if os.fork():
877
1421
        sys.exit()
878
1422
    if not noclose:
880
1424
        null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
881
1425
        if not stat.S_ISCHR(os.fstat(null).st_mode):
882
1426
            raise OSError(errno.ENODEV,
883
 
                          "/dev/null not a character device")
 
1427
                          u"%s not a character device"
 
1428
                          % os.path.devnull)
884
1429
        os.dup2(null, sys.stdin.fileno())
885
1430
        os.dup2(null, sys.stdout.fileno())
886
1431
        os.dup2(null, sys.stderr.fileno())
889
1434
 
890
1435
 
891
1436
def main():
892
 
    parser = OptionParser(version = "%%prog %s" % version)
893
 
    parser.add_option("-i", "--interface", type="string",
894
 
                      metavar="IF", help="Bind to interface IF")
895
 
    parser.add_option("-a", "--address", type="string",
896
 
                      help="Address to listen for requests on")
897
 
    parser.add_option("-p", "--port", type="int",
898
 
                      help="Port number to receive requests on")
899
 
    parser.add_option("--check", action="store_true",
900
 
                      help="Run self-test")
901
 
    parser.add_option("--debug", action="store_true",
902
 
                      help="Debug mode; run in foreground and log to"
903
 
                      " terminal")
904
 
    parser.add_option("--priority", type="string", help="GnuTLS"
905
 
                      " priority string (see GnuTLS documentation)")
906
 
    parser.add_option("--servicename", type="string", metavar="NAME",
907
 
                      help="Zeroconf service name")
908
 
    parser.add_option("--configdir", type="string",
909
 
                      default="/etc/mandos", metavar="DIR",
910
 
                      help="Directory to search for configuration"
911
 
                      " files")
912
 
    parser.add_option("--no-dbus", action="store_false",
913
 
                      dest="use_dbus",
914
 
                      help="Do not provide D-Bus system bus"
915
 
                      " interface")
 
1437
    
 
1438
    ##################################################################
 
1439
    # Parsing of options, both command line and config file
 
1440
    
 
1441
    parser = optparse.OptionParser(version = "%%prog %s" % version)
 
1442
    parser.add_option("-i", u"--interface", type=u"string",
 
1443
                      metavar="IF", help=u"Bind to interface IF")
 
1444
    parser.add_option("-a", u"--address", type=u"string",
 
1445
                      help=u"Address to listen for requests on")
 
1446
    parser.add_option("-p", u"--port", type=u"int",
 
1447
                      help=u"Port number to receive requests on")
 
1448
    parser.add_option("--check", action=u"store_true",
 
1449
                      help=u"Run self-test")
 
1450
    parser.add_option("--debug", action=u"store_true",
 
1451
                      help=u"Debug mode; run in foreground and log to"
 
1452
                      u" terminal")
 
1453
    parser.add_option("--priority", type=u"string", help=u"GnuTLS"
 
1454
                      u" priority string (see GnuTLS documentation)")
 
1455
    parser.add_option("--servicename", type=u"string",
 
1456
                      metavar=u"NAME", help=u"Zeroconf service name")
 
1457
    parser.add_option("--configdir", type=u"string",
 
1458
                      default=u"/etc/mandos", metavar=u"DIR",
 
1459
                      help=u"Directory to search for configuration"
 
1460
                      u" files")
 
1461
    parser.add_option("--no-dbus", action=u"store_false",
 
1462
                      dest=u"use_dbus", help=u"Do not provide D-Bus"
 
1463
                      u" system bus interface")
 
1464
    parser.add_option("--no-ipv6", action=u"store_false",
 
1465
                      dest=u"use_ipv6", help=u"Do not use IPv6")
916
1466
    options = parser.parse_args()[0]
917
1467
    
918
1468
    if options.check:
921
1471
        sys.exit()
922
1472
    
923
1473
    # Default values for config file for server-global settings
924
 
    server_defaults = { "interface": "",
925
 
                        "address": "",
926
 
                        "port": "",
927
 
                        "debug": "False",
928
 
                        "priority":
929
 
                        "SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
930
 
                        "servicename": "Mandos",
931
 
                        "use_dbus": "True",
 
1474
    server_defaults = { u"interface": u"",
 
1475
                        u"address": u"",
 
1476
                        u"port": u"",
 
1477
                        u"debug": u"False",
 
1478
                        u"priority":
 
1479
                        u"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
 
1480
                        u"servicename": u"Mandos",
 
1481
                        u"use_dbus": u"True",
 
1482
                        u"use_ipv6": u"True",
932
1483
                        }
933
1484
    
934
1485
    # Parse config file for server-global settings
935
 
    server_config = ConfigParser.SafeConfigParser(server_defaults)
 
1486
    server_config = configparser.SafeConfigParser(server_defaults)
936
1487
    del server_defaults
937
 
    server_config.read(os.path.join(options.configdir, "mandos.conf"))
 
1488
    server_config.read(os.path.join(options.configdir,
 
1489
                                    u"mandos.conf"))
938
1490
    # Convert the SafeConfigParser object to a dict
939
1491
    server_settings = server_config.defaults()
940
 
    # Use getboolean on the boolean config options
941
 
    server_settings["debug"] = (server_config.getboolean
942
 
                                ("DEFAULT", "debug"))
943
 
    server_settings["use_dbus"] = (server_config.getboolean
944
 
                                   ("DEFAULT", "use_dbus"))
 
1492
    # Use the appropriate methods on the non-string config options
 
1493
    for option in (u"debug", u"use_dbus", u"use_ipv6"):
 
1494
        server_settings[option] = server_config.getboolean(u"DEFAULT",
 
1495
                                                           option)
 
1496
    if server_settings["port"]:
 
1497
        server_settings["port"] = server_config.getint(u"DEFAULT",
 
1498
                                                       u"port")
945
1499
    del server_config
946
1500
    
947
1501
    # Override the settings from the config file with command line
948
1502
    # options, if set.
949
 
    for option in ("interface", "address", "port", "debug",
950
 
                   "priority", "servicename", "configdir",
951
 
                   "use_dbus"):
 
1503
    for option in (u"interface", u"address", u"port", u"debug",
 
1504
                   u"priority", u"servicename", u"configdir",
 
1505
                   u"use_dbus", u"use_ipv6"):
952
1506
        value = getattr(options, option)
953
1507
        if value is not None:
954
1508
            server_settings[option] = value
955
1509
    del options
 
1510
    # Force all strings to be unicode
 
1511
    for option in server_settings.keys():
 
1512
        if type(server_settings[option]) is str:
 
1513
            server_settings[option] = unicode(server_settings[option])
956
1514
    # Now we have our good server settings in "server_settings"
957
1515
    
 
1516
    ##################################################################
 
1517
    
958
1518
    # For convenience
959
 
    debug = server_settings["debug"]
960
 
    use_dbus = server_settings["use_dbus"]
 
1519
    debug = server_settings[u"debug"]
 
1520
    use_dbus = server_settings[u"use_dbus"]
 
1521
    use_ipv6 = server_settings[u"use_ipv6"]
961
1522
    
962
1523
    if not debug:
963
1524
        syslogger.setLevel(logging.WARNING)
964
1525
        console.setLevel(logging.WARNING)
965
1526
    
966
 
    if server_settings["servicename"] != "Mandos":
 
1527
    if server_settings[u"servicename"] != u"Mandos":
967
1528
        syslogger.setFormatter(logging.Formatter
968
 
                               ('Mandos (%s): %%(levelname)s:'
969
 
                                ' %%(message)s'
970
 
                                % server_settings["servicename"]))
 
1529
                               (u'Mandos (%s) [%%(process)d]:'
 
1530
                                u' %%(levelname)s: %%(message)s'
 
1531
                                % server_settings[u"servicename"]))
971
1532
    
972
1533
    # Parse config file with clients
973
 
    client_defaults = { "timeout": "1h",
974
 
                        "interval": "5m",
975
 
                        "checker": "fping -q -- %(host)s",
976
 
                        "host": "",
 
1534
    client_defaults = { u"timeout": u"1h",
 
1535
                        u"interval": u"5m",
 
1536
                        u"checker": u"fping -q -- %%(host)s",
 
1537
                        u"host": u"",
977
1538
                        }
978
 
    client_config = ConfigParser.SafeConfigParser(client_defaults)
979
 
    client_config.read(os.path.join(server_settings["configdir"],
980
 
                                    "clients.conf"))
981
 
    
982
 
    clients = Set()
983
 
    tcp_server = IPv6_TCPServer((server_settings["address"],
984
 
                                 server_settings["port"]),
985
 
                                TCP_handler,
986
 
                                settings=server_settings,
987
 
                                clients=clients)
988
 
    pidfilename = "/var/run/mandos.pid"
989
 
    try:
990
 
        pidfile = open(pidfilename, "w")
991
 
    except IOError, error:
992
 
        logger.error("Could not open file %r", pidfilename)
993
 
    
994
 
    try:
995
 
        uid = pwd.getpwnam("_mandos").pw_uid
 
1539
    client_config = configparser.SafeConfigParser(client_defaults)
 
1540
    client_config.read(os.path.join(server_settings[u"configdir"],
 
1541
                                    u"clients.conf"))
 
1542
    
 
1543
    global mandos_dbus_service
 
1544
    mandos_dbus_service = None
 
1545
    
 
1546
    tcp_server = MandosServer((server_settings[u"address"],
 
1547
                               server_settings[u"port"]),
 
1548
                              ClientHandler,
 
1549
                              interface=server_settings[u"interface"],
 
1550
                              use_ipv6=use_ipv6,
 
1551
                              gnutls_priority=
 
1552
                              server_settings[u"priority"],
 
1553
                              use_dbus=use_dbus)
 
1554
    pidfilename = u"/var/run/mandos.pid"
 
1555
    try:
 
1556
        pidfile = open(pidfilename, u"w")
 
1557
    except IOError:
 
1558
        logger.error(u"Could not open file %r", pidfilename)
 
1559
    
 
1560
    try:
 
1561
        uid = pwd.getpwnam(u"_mandos").pw_uid
 
1562
        gid = pwd.getpwnam(u"_mandos").pw_gid
996
1563
    except KeyError:
997
1564
        try:
998
 
            uid = pwd.getpwnam("mandos").pw_uid
 
1565
            uid = pwd.getpwnam(u"mandos").pw_uid
 
1566
            gid = pwd.getpwnam(u"mandos").pw_gid
999
1567
        except KeyError:
1000
1568
            try:
1001
 
                uid = pwd.getpwnam("nobody").pw_uid
 
1569
                uid = pwd.getpwnam(u"nobody").pw_uid
 
1570
                gid = pwd.getpwnam(u"nobody").pw_gid
1002
1571
            except KeyError:
1003
1572
                uid = 65534
1004
 
    try:
1005
 
        gid = pwd.getpwnam("_mandos").pw_gid
1006
 
    except KeyError:
1007
 
        try:
1008
 
            gid = pwd.getpwnam("mandos").pw_gid
1009
 
        except KeyError:
1010
 
            try:
1011
 
                gid = pwd.getpwnam("nogroup").pw_gid
1012
 
            except KeyError:
1013
1573
                gid = 65534
1014
1574
    try:
 
1575
        os.setgid(gid)
1015
1576
        os.setuid(uid)
1016
 
        os.setgid(gid)
1017
1577
    except OSError, error:
1018
1578
        if error[0] != errno.EPERM:
1019
1579
            raise error
1020
1580
    
1021
 
    global service
1022
 
    service = AvahiService(name = server_settings["servicename"],
1023
 
                           servicetype = "_mandos._tcp", )
1024
 
    if server_settings["interface"]:
1025
 
        service.interface = (if_nametoindex
1026
 
                             (server_settings["interface"]))
 
1581
    # Enable all possible GnuTLS debugging
 
1582
    if debug:
 
1583
        # "Use a log level over 10 to enable all debugging options."
 
1584
        # - GnuTLS manual
 
1585
        gnutls.library.functions.gnutls_global_set_log_level(11)
 
1586
        
 
1587
        @gnutls.library.types.gnutls_log_func
 
1588
        def debug_gnutls(level, string):
 
1589
            logger.debug(u"GnuTLS: %s", string[:-1])
 
1590
        
 
1591
        (gnutls.library.functions
 
1592
         .gnutls_global_set_log_function(debug_gnutls))
1027
1593
    
1028
1594
    global main_loop
1029
 
    global bus
1030
 
    global server
1031
1595
    # From the Avahi example code
1032
1596
    DBusGMainLoop(set_as_default=True )
1033
1597
    main_loop = gobject.MainLoop()
1034
1598
    bus = dbus.SystemBus()
1035
 
    server = dbus.Interface(bus.get_object(avahi.DBUS_NAME,
1036
 
                                           avahi.DBUS_PATH_SERVER),
1037
 
                            avahi.DBUS_INTERFACE_SERVER)
1038
1599
    # End of Avahi example code
1039
1600
    if use_dbus:
1040
 
        bus_name = dbus.service.BusName(u"org.mandos-system.Mandos",
1041
 
                                        bus)
 
1601
        try:
 
1602
            bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos",
 
1603
                                            bus, do_not_queue=True)
 
1604
        except dbus.exceptions.NameExistsException, e:
 
1605
            logger.error(unicode(e) + u", disabling D-Bus")
 
1606
            use_dbus = False
 
1607
            server_settings[u"use_dbus"] = False
 
1608
            tcp_server.use_dbus = False
 
1609
    protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
 
1610
    service = AvahiService(name = server_settings[u"servicename"],
 
1611
                           servicetype = u"_mandos._tcp",
 
1612
                           protocol = protocol, bus = bus)
 
1613
    if server_settings["interface"]:
 
1614
        service.interface = (if_nametoindex
 
1615
                             (str(server_settings[u"interface"])))
1042
1616
    
1043
 
    clients.update(Set(Client(name = section,
1044
 
                              config
1045
 
                              = dict(client_config.items(section)),
1046
 
                              use_dbus = use_dbus)
1047
 
                       for section in client_config.sections()))
1048
 
    if not clients:
 
1617
    client_class = Client
 
1618
    if use_dbus:
 
1619
        client_class = functools.partial(ClientDBus, bus = bus)
 
1620
    tcp_server.clients.update(set(
 
1621
            client_class(name = section,
 
1622
                         config= dict(client_config.items(section)))
 
1623
            for section in client_config.sections()))
 
1624
    if not tcp_server.clients:
1049
1625
        logger.warning(u"No clients defined")
1050
1626
    
1051
1627
    if debug:
1061
1637
        daemon()
1062
1638
    
1063
1639
    try:
1064
 
        pid = os.getpid()
1065
 
        pidfile.write(str(pid) + "\n")
1066
 
        pidfile.close()
 
1640
        with pidfile:
 
1641
            pid = os.getpid()
 
1642
            pidfile.write(str(pid) + "\n")
1067
1643
        del pidfile
1068
1644
    except IOError:
1069
1645
        logger.error(u"Could not write to file %r with PID %d",
1073
1649
        pass
1074
1650
    del pidfilename
1075
1651
    
1076
 
    def cleanup():
1077
 
        "Cleanup function; run on exit"
1078
 
        global group
1079
 
        # From the Avahi example code
1080
 
        if not group is None:
1081
 
            group.Free()
1082
 
            group = None
1083
 
        # End of Avahi example code
1084
 
        
1085
 
        while clients:
1086
 
            client = clients.pop()
1087
 
            client.disable_hook = None
1088
 
            client.disable()
1089
 
    
1090
 
    atexit.register(cleanup)
1091
 
    
1092
1652
    if not debug:
1093
1653
        signal.signal(signal.SIGINT, signal.SIG_IGN)
1094
1654
    signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
1095
1655
    signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
1096
1656
    
1097
1657
    if use_dbus:
1098
 
        class MandosServer(dbus.service.Object):
 
1658
        class MandosDBusService(dbus.service.Object):
1099
1659
            """A D-Bus proxy object"""
1100
1660
            def __init__(self):
1101
 
                dbus.service.Object.__init__(self, bus,
1102
 
                                             "/Mandos")
1103
 
            _interface = u"org.mandos_system.Mandos"
1104
 
 
1105
 
            @dbus.service.signal(_interface, signature="oa{sv}")
1106
 
            def ClientAdded(self, objpath, properties):
1107
 
                "D-Bus signal"
1108
 
                pass
1109
 
 
1110
 
            @dbus.service.signal(_interface, signature="o")
1111
 
            def ClientRemoved(self, objpath):
1112
 
                "D-Bus signal"
1113
 
                pass
1114
 
 
1115
 
            @dbus.service.method(_interface, out_signature="ao")
 
1661
                dbus.service.Object.__init__(self, bus, u"/")
 
1662
            _interface = u"se.bsnet.fukt.Mandos"
 
1663
            
 
1664
            @dbus.service.signal(_interface, signature=u"o")
 
1665
            def ClientAdded(self, objpath):
 
1666
                "D-Bus signal"
 
1667
                pass
 
1668
            
 
1669
            @dbus.service.signal(_interface, signature=u"ss")
 
1670
            def ClientNotFound(self, fingerprint, address):
 
1671
                "D-Bus signal"
 
1672
                pass
 
1673
            
 
1674
            @dbus.service.signal(_interface, signature=u"os")
 
1675
            def ClientRemoved(self, objpath, name):
 
1676
                "D-Bus signal"
 
1677
                pass
 
1678
            
 
1679
            @dbus.service.method(_interface, out_signature=u"ao")
1116
1680
            def GetAllClients(self):
1117
 
                return dbus.Array(c.dbus_object_path for c in clients)
1118
 
 
1119
 
            @dbus.service.method(_interface, out_signature="a{oa{sv}}")
 
1681
                "D-Bus method"
 
1682
                return dbus.Array(c.dbus_object_path
 
1683
                                  for c in tcp_server.clients)
 
1684
            
 
1685
            @dbus.service.method(_interface,
 
1686
                                 out_signature=u"a{oa{sv}}")
1120
1687
            def GetAllClientsWithProperties(self):
 
1688
                "D-Bus method"
1121
1689
                return dbus.Dictionary(
1122
 
                    ((c.dbus_object_path, c.GetAllProperties())
1123
 
                     for c in clients),
1124
 
                    signature="oa{sv}")
1125
 
 
1126
 
            @dbus.service.method(_interface, in_signature="o")
 
1690
                    ((c.dbus_object_path, c.GetAll(u""))
 
1691
                     for c in tcp_server.clients),
 
1692
                    signature=u"oa{sv}")
 
1693
            
 
1694
            @dbus.service.method(_interface, in_signature=u"o")
1127
1695
            def RemoveClient(self, object_path):
1128
 
                for c in clients:
 
1696
                "D-Bus method"
 
1697
                for c in tcp_server.clients:
1129
1698
                    if c.dbus_object_path == object_path:
1130
 
                        clients.remove(c)
 
1699
                        tcp_server.clients.remove(c)
 
1700
                        c.remove_from_connection()
1131
1701
                        # Don't signal anything except ClientRemoved
1132
 
                        c.use_dbus = False
1133
 
                        c.disable()
 
1702
                        c.disable(quiet=True)
1134
1703
                        # Emit D-Bus signal
1135
 
                        self.ClientRemoved(object_path)
 
1704
                        self.ClientRemoved(object_path, c.name)
1136
1705
                        return
1137
 
                raise KeyError
1138
 
            @dbus.service.method(_interface)
1139
 
            def Quit(self):
1140
 
                main_loop.quit()
1141
 
 
 
1706
                raise KeyError(object_path)
 
1707
            
1142
1708
            del _interface
1143
 
    
1144
 
        mandos_server = MandosServer()
1145
 
    
1146
 
    for client in clients:
 
1709
        
 
1710
        mandos_dbus_service = MandosDBusService()
 
1711
    
 
1712
    def cleanup():
 
1713
        "Cleanup function; run on exit"
 
1714
        service.cleanup()
 
1715
        
 
1716
        while tcp_server.clients:
 
1717
            client = tcp_server.clients.pop()
 
1718
            if use_dbus:
 
1719
                client.remove_from_connection()
 
1720
            client.disable_hook = None
 
1721
            # Don't signal anything except ClientRemoved
 
1722
            client.disable(quiet=True)
 
1723
            if use_dbus:
 
1724
                # Emit D-Bus signal
 
1725
                mandos_dbus_service.ClientRemoved(client.dbus_object_path,
 
1726
                                                  client.name)
 
1727
    
 
1728
    atexit.register(cleanup)
 
1729
    
 
1730
    for client in tcp_server.clients:
1147
1731
        if use_dbus:
1148
1732
            # Emit D-Bus signal
1149
 
            mandos_server.ClientAdded(client.dbus_object_path,
1150
 
                                      client.GetAllProperties())
 
1733
            mandos_dbus_service.ClientAdded(client.dbus_object_path)
1151
1734
        client.enable()
1152
1735
    
1153
1736
    tcp_server.enable()
1155
1738
    
1156
1739
    # Find out what port we got
1157
1740
    service.port = tcp_server.socket.getsockname()[1]
1158
 
    logger.info(u"Now listening on address %r, port %d, flowinfo %d,"
1159
 
                u" scope_id %d" % tcp_server.socket.getsockname())
 
1741
    if use_ipv6:
 
1742
        logger.info(u"Now listening on address %r, port %d,"
 
1743
                    " flowinfo %d, scope_id %d"
 
1744
                    % tcp_server.socket.getsockname())
 
1745
    else:                       # IPv4
 
1746
        logger.info(u"Now listening on address %r, port %d"
 
1747
                    % tcp_server.socket.getsockname())
1160
1748
    
1161
1749
    #service.interface = tcp_server.socket.getsockname()[3]
1162
1750
    
1163
1751
    try:
1164
1752
        # From the Avahi example code
1165
 
        server.connect_to_signal("StateChanged", server_state_changed)
1166
1753
        try:
1167
 
            server_state_changed(server.GetState())
 
1754
            service.activate()
1168
1755
        except dbus.exceptions.DBusException, error:
1169
1756
            logger.critical(u"DBusException: %s", error)
 
1757
            cleanup()
1170
1758
            sys.exit(1)
1171
1759
        # End of Avahi example code
1172
1760
        
1179
1767
        main_loop.run()
1180
1768
    except AvahiError, error:
1181
1769
        logger.critical(u"AvahiError: %s", error)
 
1770
        cleanup()
1182
1771
        sys.exit(1)
1183
1772
    except KeyboardInterrupt:
1184
1773
        if debug:
1185
 
            print
 
1774
            print >> sys.stderr
 
1775
        logger.debug(u"Server received KeyboardInterrupt")
 
1776
    logger.debug(u"Server exiting")
 
1777
    # Must run before the D-Bus bus name gets deregistered
 
1778
    cleanup()
1186
1779
 
1187
1780
if __name__ == '__main__':
1188
1781
    main()