To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 416.1.2
- compare with another revision
- download diff
- download tarball
- view history from revision 416.1.2
- Committer: Teddy Hogeborn
- Date: 2010-06-19 00:37:04 UTC
- mto: (24.1.149 mandos)
- mto: This revision was merged to the branch mainline in revision 417.
- Revision ID: teddy@fukt.bsnet.se-20100619003704-vpicvssvv1ktg2om
* mandos (ClientHandler.handle): Set up the GnuTLS session object
before reading the protocol number.
(ClientHandler.handle/ProxyObject): New.
before reading the protocol number.
(ClientHandler.handle/ProxyObject): New.
- files removed:
- plugins.d/plymouth
- files modified:
- TODO
added
removed
mandos
60
60
import fcntl
61
61
import functools
62
62
import cPickle as pickle
63
import multiprocessing
63
import select
64
64
65
65
import dbus
66
66
import dbus.service
83
83
84
84
version = "1.0.14"
85
85
86
#logger = logging.getLogger(u'mandos')
87
86
logger = logging.Logger(u'mandos')
88
87
syslogger = (logging.handlers.SysLogHandler
89
88
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
157
156
u" after %i retries, exiting.",
158
157
self.rename_count)
159
158
raise AvahiServiceError(u"Too many renames")
160
self.name = unicode(self.server.GetAlternativeServiceName(self.name))
159
self.name = self.server.GetAlternativeServiceName(self.name)
161
160
logger.info(u"Changing Zeroconf service name to %r ...",
162
self.name)
161
unicode(self.name))
163
162
syslogger.setFormatter(logging.Formatter
164
163
(u'Mandos (%s) [%%(process)d]:'
165
164
u' %%(levelname)s: %%(message)s'
259
258
runtime with vars(self) as dict, so that for
260
259
instance %(name)s can be used in the command.
261
260
current_checker_command: string; current running checker_command
262
approved_delay: datetime.timedelta(); Time to wait for approval
263
_approved: bool(); 'None' if not yet approved/disapproved
264
approved_duration: datetime.timedelta(); Duration of one approval
265
261
"""
266
262
267
263
@staticmethod
278
274
def interval_milliseconds(self):
279
275
"Return the 'interval' attribute in milliseconds"
280
276
return self._timedelta_to_milliseconds(self.interval)
281
282
def approved_delay_milliseconds(self):
283
return self._timedelta_to_milliseconds(self.approved_delay)
284
277
285
278
def __init__(self, name = None, disable_hook=None, config=None):
286
279
"""Note: the 'checker' key in 'config' sets the
321
314
self.checker_command = config[u"checker"]
322
315
self.current_checker_command = None
323
316
self.last_connect = None
324
self._approved = None
325
self.approved_by_default = config.get(u"approved_by_default",
326
True)
327
self.approvals_pending = 0
328
self.approved_delay = string_to_delta(
329
config[u"approved_delay"])
330
self.approved_duration = string_to_delta(
331
config[u"approved_duration"])
332
self.changedstate = multiprocessing_manager.Condition(multiprocessing_manager.Lock())
333
317
334
def send_changedstate(self):
335
self.changedstate.acquire()
336
self.changedstate.notify_all()
337
self.changedstate.release()
338
339
318
def enable(self):
340
319
"""Start this client's checker and timeout hooks"""
341
320
if getattr(self, u"enabled", False):
342
321
# Already enabled
343
322
return
344
self.send_changedstate()
345
323
self.last_enabled = datetime.datetime.utcnow()
346
324
# Schedule a new checker to be started an 'interval' from now,
347
325
# and every interval from then on.
361
339
if not getattr(self, "enabled", False):
362
340
return False
363
341
if not quiet:
364
self.send_changedstate()
365
if not quiet:
366
342
logger.info(u"Disabling client %s", self.name)
367
343
if getattr(self, u"disable_initiator_tag", False):
368
344
gobject.source_remove(self.disable_initiator_tag)
501
477
raise
502
478
self.checker = None
503
479
480
504
481
def dbus_service_property(dbus_interface, signature=u"v",
505
482
access=u"readwrite", byte_arrays=False):
506
483
"""Decorators for marking methods of a DBusObjectWithProperties to
700
677
# dbus.service.Object doesn't use super(), so we can't either.
701
678
702
679
def __init__(self, bus = None, *args, **kwargs):
703
self._approvals_pending = 0
704
680
self.bus = bus
705
681
Client.__init__(self, *args, **kwargs)
706
682
# Only now, when this client is initialized, can it show up on
710
686
+ self.name.replace(u".", u"_")))
711
687
DBusObjectWithProperties.__init__(self, self.bus,
712
688
self.dbus_object_path)
713
714
def _get_approvals_pending(self):
715
return self._approvals_pending
716
def _set_approvals_pending(self, value):
717
old_value = self._approvals_pending
718
self._approvals_pending = value
719
bval = bool(value)
720
if (hasattr(self, "dbus_object_path")
721
and bval is not bool(old_value)):
722
dbus_bool = dbus.Boolean(bval, variant_level=1)
723
self.PropertyChanged(dbus.String(u"approved_pending"),
724
dbus_bool)
725
726
approvals_pending = property(_get_approvals_pending,
727
_set_approvals_pending)
728
del _get_approvals_pending, _set_approvals_pending
729
689
730
690
@staticmethod
731
691
def _datetime_to_dbus(dt, variant_level=0):
820
780
self.PropertyChanged(dbus.String(u"checker_running"),
821
781
dbus.Boolean(False, variant_level=1))
822
782
return r
823
824
def _reset_approved(self):
825
self._approved = None
826
return False
827
828
def approve(self, value=True):
829
self.send_changedstate()
830
self._approved = value
831
gobject.timeout_add(self._timedelta_to_milliseconds(self.approved_duration),
832
self._reset_approved)
833
834
783
835
784
## D-Bus methods, signals & properties
836
785
_interface = u"se.bsnet.fukt.Mandos.Client"
858
807
# GotSecret - signal
859
808
@dbus.service.signal(_interface)
860
809
def GotSecret(self):
861
"""D-Bus signal
862
Is sent after a successful transfer of secret from the Mandos
863
server to mandos-client
864
"""
810
"D-Bus signal"
865
811
pass
866
812
867
813
# Rejected - signal
868
@dbus.service.signal(_interface, signature=u"s")
869
def Rejected(self, reason):
870
"D-Bus signal"
871
pass
872
873
# NeedApproval - signal
874
@dbus.service.signal(_interface, signature=u"db")
875
def NeedApproval(self, timeout, default):
814
@dbus.service.signal(_interface)
815
def Rejected(self):
876
816
"D-Bus signal"
877
817
pass
878
818
879
819
## Methods
880
881
# Approve - method
882
@dbus.service.method(_interface, in_signature=u"b")
883
def Approve(self, value):
884
self.approve(value)
885
820
886
821
# CheckedOK - method
887
822
@dbus.service.method(_interface)
888
823
def CheckedOK(self):
913
848
914
849
## Properties
915
850
916
# approved_pending - property
917
@dbus_service_property(_interface, signature=u"b", access=u"read")
918
def approved_pending_dbus_property(self):
919
return dbus.Boolean(bool(self.approvals_pending))
920
921
# approved_by_default - property
922
@dbus_service_property(_interface, signature=u"b",
923
access=u"readwrite")
924
def approved_by_default_dbus_property(self):
925
return dbus.Boolean(self.approved_by_default)
926
927
# approved_delay - property
928
@dbus_service_property(_interface, signature=u"t",
929
access=u"readwrite")
930
def approved_delay_dbus_property(self):
931
return dbus.UInt64(self.approved_delay_milliseconds())
932
933
# approved_duration - property
934
@dbus_service_property(_interface, signature=u"t",
935
access=u"readwrite")
936
def approved_duration_dbus_property(self):
937
return dbus.UInt64(self._timedelta_to_milliseconds(
938
self.approved_duration))
939
940
851
# name - property
941
852
@dbus_service_property(_interface, signature=u"s", access=u"read")
942
853
def name_dbus_property(self):
1076
987
del _interface
1077
988
1078
989
1079
class ProxyClient(object):
1080
def __init__(self, child_pipe, fpr, address):
1081
self._pipe = child_pipe
1082
self._pipe.send(('init', fpr, address))
1083
if not self._pipe.recv():
1084
raise KeyError()
1085
1086
def __getattribute__(self, name):
1087
if(name == '_pipe'):
1088
return super(ProxyClient, self).__getattribute__(name)
1089
self._pipe.send(('getattr', name))
1090
data = self._pipe.recv()
1091
if data[0] == 'data':
1092
return data[1]
1093
if data[0] == 'function':
1094
def func(*args, **kwargs):
1095
self._pipe.send(('funcall', name, args, kwargs))
1096
return self._pipe.recv()[1]
1097
return func
1098
1099
def __setattr__(self, name, value):
1100
if(name == '_pipe'):
1101
return super(ProxyClient, self).__setattr__(name, value)
1102
self._pipe.send(('setattr', name, value))
1103
1104
1105
990
class ClientHandler(socketserver.BaseRequestHandler, object):
1106
991
"""A class to handle client connections.
1107
992
1109
994
Note: This will run in its own forked process."""
1110
995
1111
996
def handle(self):
1112
with contextlib.closing(self.server.child_pipe) as child_pipe:
1113
logger.info(u"TCP connection from: %s",
1114
unicode(self.client_address))
1115
logger.debug(u"Pipe FD: %d",
1116
self.server.child_pipe.fileno())
1117
997
logger.info(u"TCP connection from: %s",
998
unicode(self.client_address))
999
logger.debug(u"IPC Pipe FD: %d",
1000
self.server.child_pipe[1].fileno())
1001
# Open IPC pipe to parent process
1002
with contextlib.nested(self.server.child_pipe[1],
1003
self.server.parent_pipe[0]
1004
) as (ipc, ipc_return):
1118
1005
session = (gnutls.connection
1119
1006
.ClientSession(self.request,
1120
1007
gnutls.connection
1121
1008
.X509Credentials()))
1122
1009
1123
1010
# Note: gnutls.connection.X509Credentials is really a
1124
1011
# generic GnuTLS certificate credentials object so long as
1125
1012
# no X.509 keys are added to it. Therefore, we can use it
1126
1013
# here despite using OpenPGP certificates.
1127
1014
1128
1015
#priority = u':'.join((u"NONE", u"+VERS-TLS1.1",
1129
1016
# u"+AES-256-CBC", u"+SHA1",
1130
1017
# u"+COMP-NULL", u"+CTYPE-OPENPGP",
1136
1023
(gnutls.library.functions
1137
1024
.gnutls_priority_set_direct(session._c_object,
1138
1025
priority, None))
1139
1026
1140
1027
# Start communication using the Mandos protocol
1141
1028
# Get protocol number
1142
1029
line = self.request.makefile().readline()
1147
1034
except (ValueError, IndexError, RuntimeError), error:
1148
1035
logger.error(u"Unknown protocol version: %s", error)
1149
1036
return
1150
1037
1151
1038
# Start GnuTLS connection
1152
1039
try:
1153
1040
session.handshake()
1157
1044
# established. Just abandon the request.
1158
1045
return
1159
1046
logger.debug(u"Handshake succeeded")
1160
1161
approval_required = False
1162
1047
try:
1163
1048
try:
1164
1049
fpr = self.fingerprint(self.peer_certificate
1168
1053
return
1169
1054
logger.debug(u"Fingerprint: %s", fpr)
1170
1055
1171
try:
1172
client = ProxyClient(child_pipe, fpr,
1173
self.client_address)
1174
except KeyError:
1175
return
1176
1177
if client.approved_delay:
1178
delay = client.approved_delay
1179
client.approvals_pending += 1
1180
approval_required = True
1181
1182
while True:
1183
if not client.enabled:
1184
logger.warning(u"Client %s is disabled",
1185
client.name)
1186
if self.server.use_dbus:
1187
# Emit D-Bus signal
1188
client.Rejected("Disabled")
1189
return
1190
1191
if client._approved or not client.approved_delay:
1192
#We are approved or approval is disabled
1056
for c in self.server.clients:
1057
if c.fingerprint == fpr:
1058
client = c
1193
1059
break
1194
elif client._approved is None:
1195
logger.info(u"Client %s need approval",
1196
client.name)
1197
if self.server.use_dbus:
1198
# Emit D-Bus signal
1199
client.NeedApproval(
1200
client.approved_delay_milliseconds(),
1201
client.approved_by_default)
1202
else:
1203
logger.warning(u"Client %s was not approved",
1204
client.name)
1205
if self.server.use_dbus:
1206
# Emit D-Bus signal
1207
client.Rejected("Disapproved")
1208
return
1209
1210
#wait until timeout or approved
1211
#x = float(client._timedelta_to_milliseconds(delay))
1212
time = datetime.datetime.now()
1213
client.changedstate.acquire()
1214
client.changedstate.wait(float(client._timedelta_to_milliseconds(delay) / 1000))
1215
client.changedstate.release()
1216
time2 = datetime.datetime.now()
1217
if (time2 - time) >= delay:
1218
if not client.approved_by_default:
1219
logger.warning("Client %s timed out while"
1220
" waiting for approval",
1221
client.name)
1222
if self.server.use_dbus:
1223
# Emit D-Bus signal
1224
client.Rejected("Time out")
1225
return
1226
else:
1227
break
1228
else:
1229
delay -= time2 - time
1230
1060
else:
1061
ipc.write(u"NOTFOUND %s %s\n"
1062
% (fpr, unicode(self.client_address)))
1063
return
1064
1065
class ClientProxy(object):
1066
"""Client proxy object. Not for calling methods."""
1067
def __init__(self, client):
1068
self.client = client
1069
def __getattr__(self, name):
1070
if name.startswith("ipc_"):
1071
def tempfunc():
1072
ipc.write("%s %s\n" % (name[4:].upper(),
1073
self.client.name))
1074
return tempfunc
1075
if not hasattr(self.client, name):
1076
raise AttributeError
1077
ipc.write(u"GETATTR %s %s\n"
1078
% (name, self.client.fingerprint))
1079
return pickle.load(ipc_return)
1080
clientproxy = ClientProxy(client)
1081
# Have to check if client.enabled, since it is
1082
# possible that the client was disabled since the
1083
# GnuTLS session was established.
1084
if not clientproxy.enabled:
1085
clientproxy.ipc_disabled()
1086
return
1087
1088
clientproxy.ipc_sending()
1231
1089
sent_size = 0
1232
1090
while sent_size < len(client.secret):
1233
try:
1234
sent = session.send(client.secret[sent_size:])
1235
except (gnutls.errors.GNUTLSError), error:
1236
logger.warning("gnutls send failed")
1237
return
1091
sent = session.send(client.secret[sent_size:])
1238
1092
logger.debug(u"Sent: %d, remaining: %d",
1239
1093
sent, len(client.secret)
1240
1094
- (sent_size + sent))
1241
1095
sent_size += sent
1242
1243
logger.info(u"Sending secret to %s", client.name)
1244
# bump the timeout as if seen
1245
client.checked_ok()
1246
if self.server.use_dbus:
1247
# Emit D-Bus signal
1248
client.GotSecret()
1249
1250
1096
finally:
1251
if approval_required:
1252
client.approvals_pending -= 1
1253
try:
1254
session.bye()
1255
except (gnutls.errors.GNUTLSError), error:
1256
logger.warning("gnutls bye failed")
1097
session.bye()
1257
1098
1258
1099
@staticmethod
1259
1100
def peer_certificate(session):
1319
1160
return hex_fpr
1320
1161
1321
1162
1322
class MultiprocessingMixIn(object):
1323
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
1324
def sub_process_main(self, request, address):
1325
try:
1326
self.finish_request(request, address)
1327
except:
1328
self.handle_error(request, address)
1329
self.close_request(request)
1330
1331
def process_request(self, request, address):
1332
"""Start a new process to process the request."""
1333
multiprocessing.Process(target = self.sub_process_main,
1334
args = (request, address)).start()
1335
1336
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
1337
""" adds a pipe to the MixIn """
1163
class ForkingMixInWithPipes(socketserver.ForkingMixIn, object):
1164
"""Like socketserver.ForkingMixIn, but also pass a pipe pair."""
1338
1165
def process_request(self, request, client_address):
1339
1166
"""Overrides and wraps the original process_request().
1340
1167
1341
1168
This function creates a new pipe in self.pipe
1342
1169
"""
1343
parent_pipe, self.child_pipe = multiprocessing.Pipe()
1344
1345
super(MultiprocessingMixInWithPipe,
1170
# Child writes to child_pipe
1171
self.child_pipe = map(os.fdopen, os.pipe(), u"rw", (1, 0))
1172
# Parent writes to parent_pipe
1173
self.parent_pipe = map(os.fdopen, os.pipe(), u"rw", (1, 0))
1174
super(ForkingMixInWithPipes,
1346
1175
self).process_request(request, client_address)
1347
self.child_pipe.close()
1348
self.add_pipe(parent_pipe)
1349
1350
def add_pipe(self, parent_pipe):
1176
# Close unused ends for parent
1177
self.parent_pipe[0].close() # close read end
1178
self.child_pipe[1].close() # close write end
1179
self.add_pipe_fds(self.child_pipe[0], self.parent_pipe[1])
1180
def add_pipe_fds(self, child_pipe_fd, parent_pipe_fd):
1351
1181
"""Dummy function; override as necessary"""
1352
pass
1353
1354
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
1182
child_pipe_fd.close()
1183
parent_pipe_fd.close()
1184
1185
1186
class IPv6_TCPServer(ForkingMixInWithPipes,
1355
1187
socketserver.TCPServer, object):
1356
1188
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
1357
1189
1442
1274
return socketserver.TCPServer.server_activate(self)
1443
1275
def enable(self):
1444
1276
self.enabled = True
1445
def add_pipe(self, parent_pipe):
1277
def add_pipe_fds(self, child_pipe_fd, parent_pipe_fd):
1446
1278
# Call "handle_ipc" for both data and EOF events
1447
gobject.io_add_watch(parent_pipe.fileno(),
1279
gobject.io_add_watch(child_pipe_fd.fileno(),
1448
1280
gobject.IO_IN | gobject.IO_HUP,
1449
1281
functools.partial(self.handle_ipc,
1450
parent_pipe = parent_pipe))
1451
1452
def handle_ipc(self, source, condition, parent_pipe=None,
1453
client_object=None):
1282
reply = parent_pipe_fd,
1283
sender= child_pipe_fd))
1284
def handle_ipc(self, source, condition, reply=None, sender=None):
1454
1285
condition_names = {
1455
1286
gobject.IO_IN: u"IN", # There is data to read.
1456
1287
gobject.IO_OUT: u"OUT", # Data can be written (without
1467
1298
if cond & condition)
1468
1299
logger.debug(u"Handling IPC: FD = %d, condition = %s", source,
1469
1300
conditions_string)
1470
1471
# error or the other end of multiprocessing.Pipe has closed
1472
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
1473
return False
1474
1475
# Read a request from the child
1476
request = parent_pipe.recv()
1477
logger.debug(u"IPC request: %s", repr(request))
1478
command = request[0]
1479
1480
if command == 'init':
1481
fpr = request[1]
1482
address = request[2]
1483
1484
for c in self.clients:
1485
if c.fingerprint == fpr:
1486
client = c
1487
break
1488
else:
1489
logger.warning(u"Client not found for fingerprint: %s, ad"
1490
u"dress: %s", fpr, address)
1491
if self.use_dbus:
1492
# Emit D-Bus signal
1493
mandos_dbus_service.ClientNotFound(fpr, address)
1494
parent_pipe.send(False)
1495
return False
1496
1497
gobject.io_add_watch(parent_pipe.fileno(),
1498
gobject.IO_IN | gobject.IO_HUP,
1499
functools.partial(self.handle_ipc,
1500
parent_pipe = parent_pipe,
1501
client_object = client))
1502
parent_pipe.send(True)
1503
# remove the old hook in favor of the new above hook on same fileno
1504
return False
1505
if command == 'funcall':
1506
funcname = request[1]
1507
args = request[2]
1508
kwargs = request[3]
1509
1510
parent_pipe.send(('data', getattr(client_object, funcname)(*args, **kwargs)))
1511
1512
if command == 'getattr':
1513
attrname = request[1]
1514
if callable(client_object.__getattribute__(attrname)):
1515
parent_pipe.send(('function',))
1516
else:
1517
parent_pipe.send(('data', client_object.__getattribute__(attrname)))
1518
1519
if command == 'setattr':
1520
attrname = request[1]
1521
value = request[2]
1522
setattr(client_object, attrname, value)
1523
1301
1302
# Read a line from the file object
1303
cmdline = sender.readline()
1304
if not cmdline: # Empty line means end of file
1305
# close the IPC pipes
1306
sender.close()
1307
reply.close()
1308
1309
# Stop calling this function
1310
return False
1311
1312
logger.debug(u"IPC command: %r", cmdline)
1313
1314
# Parse and act on command
1315
cmd, args = cmdline.rstrip(u"\r\n").split(None, 1)
1316
1317
if cmd == u"NOTFOUND":
1318
fpr, address = args.split(None, 1)
1319
logger.warning(u"Client not found for fingerprint: %s, ad"
1320
u"dress: %s", fpr, address)
1321
if self.use_dbus:
1322
# Emit D-Bus signal
1323
mandos_dbus_service.ClientNotFound(fpr, address)
1324
elif cmd == u"DISABLED":
1325
for client in self.clients:
1326
if client.name == args:
1327
logger.warning(u"Client %s is disabled", args)
1328
if self.use_dbus:
1329
# Emit D-Bus signal
1330
client.Rejected()
1331
break
1332
else:
1333
logger.error(u"Unknown client %s is disabled", args)
1334
elif cmd == u"SENDING":
1335
for client in self.clients:
1336
if client.name == args:
1337
logger.info(u"Sending secret to %s", client.name)
1338
client.checked_ok()
1339
if self.use_dbus:
1340
# Emit D-Bus signal
1341
client.GotSecret()
1342
break
1343
else:
1344
logger.error(u"Sending secret to unknown client %s",
1345
args)
1346
elif cmd == u"GETATTR":
1347
attr_name, fpr = args.split(None, 1)
1348
for client in self.clients:
1349
if client.fingerprint == fpr:
1350
attr_value = getattr(client, attr_name, None)
1351
logger.debug("IPC reply: %r", attr_value)
1352
pickle.dump(attr_value, reply)
1353
break
1354
else:
1355
logger.error(u"Client %s on address %s requesting "
1356
u"attribute %s not found", fpr, address,
1357
attr_name)
1358
pickle.dump(None, reply)
1359
else:
1360
logger.error(u"Unknown IPC command: %r", cmdline)
1361
1362
# Keep calling this function
1524
1363
return True
1525
1364
1526
1365
1629
1468
parser.add_option("--debug", action=u"store_true",
1630
1469
help=u"Debug mode; run in foreground and log to"
1631
1470
u" terminal")
1632
parser.add_option("--debuglevel", type=u"string", metavar="Level",
1633
help=u"Debug level for stdout output")
1634
1471
parser.add_option("--priority", type=u"string", help=u"GnuTLS"
1635
1472
u" priority string (see GnuTLS documentation)")
1636
1473
parser.add_option("--servicename", type=u"string",
1661
1498
u"servicename": u"Mandos",
1662
1499
u"use_dbus": u"True",
1663
1500
u"use_ipv6": u"True",
1664
u"debuglevel": u"",
1665
1501
}
1666
1502
1667
1503
# Parse config file for server-global settings
1684
1520
# options, if set.
1685
1521
for option in (u"interface", u"address", u"port", u"debug",
1686
1522
u"priority", u"servicename", u"configdir",
1687
u"use_dbus", u"use_ipv6", u"debuglevel"):
1523
u"use_dbus", u"use_ipv6"):
1688
1524
value = getattr(options, option)
1689
1525
if value is not None:
1690
1526
server_settings[option] = value
1699
1535
1700
1536
# For convenience
1701
1537
debug = server_settings[u"debug"]
1702
debuglevel = server_settings[u"debuglevel"]
1703
1538
use_dbus = server_settings[u"use_dbus"]
1704
1539
use_ipv6 = server_settings[u"use_ipv6"]
1705
1540
1541
if not debug:
1542
syslogger.setLevel(logging.WARNING)
1543
console.setLevel(logging.WARNING)
1544
1706
1545
if server_settings[u"servicename"] != u"Mandos":
1707
1546
syslogger.setFormatter(logging.Formatter
1708
1547
(u'Mandos (%s) [%%(process)d]:'
1714
1553
u"interval": u"5m",
1715
1554
u"checker": u"fping -q -- %%(host)s",
1716
1555
u"host": u"",
1717
u"approved_delay": u"0s",
1718
u"approved_duration": u"1s",
1719
1556
}
1720
1557
client_config = configparser.SafeConfigParser(client_defaults)
1721
1558
client_config.read(os.path.join(server_settings[u"configdir"],
1760
1597
raise error
1761
1598
1762
1599
# Enable all possible GnuTLS debugging
1763
1764
1765
if not debug and not debuglevel:
1766
syslogger.setLevel(logging.WARNING)
1767
console.setLevel(logging.WARNING)
1768
if debuglevel:
1769
level = getattr(logging, debuglevel.upper())
1770
syslogger.setLevel(level)
1771
console.setLevel(level)
1772
1773
1600
if debug:
1774
1601
# "Use a log level over 10 to enable all debugging options."
1775
1602
# - GnuTLS manual
1781
1608
1782
1609
(gnutls.library.functions
1783
1610
.gnutls_global_set_log_function(debug_gnutls))
1784
1785
# Redirect stdin so all checkers get /dev/null
1786
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1787
os.dup2(null, sys.stdin.fileno())
1788
if null > 2:
1789
os.close(null)
1790
else:
1791
# No console logging
1792
logger.removeHandler(console)
1793
1794
1611
1795
1612
global main_loop
1796
1613
# From the Avahi example code
1814
1631
if server_settings["interface"]:
1815
1632
service.interface = (if_nametoindex
1816
1633
(str(server_settings[u"interface"])))
1817
1818
if not debug:
1819
# Close all input and output, do double fork, etc.
1820
daemon()
1821
1822
global multiprocessing_manager
1823
multiprocessing_manager = multiprocessing.Manager()
1824
1634
1825
1635
client_class = Client
1826
1636
if use_dbus:
1827
1637
client_class = functools.partial(ClientDBus, bus = bus)
1828
def client_config_items(config, section):
1829
special_settings = {
1830
"approved_by_default":
1831
lambda: config.getboolean(section,
1832
"approved_by_default"),
1833
}
1834
for name, value in config.items(section):
1835
try:
1836
yield (name, special_settings[name]())
1837
except KeyError:
1838
yield (name, value)
1839
1840
1638
tcp_server.clients.update(set(
1841
1639
client_class(name = section,
1842
config= dict(client_config_items(
1843
client_config, section)))
1640
config= dict(client_config.items(section)))
1844
1641
for section in client_config.sections()))
1845
1642
if not tcp_server.clients:
1846
1643
logger.warning(u"No clients defined")
1847
1644
1645
if debug:
1646
# Redirect stdin so all checkers get /dev/null
1647
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1648
os.dup2(null, sys.stdin.fileno())
1649
if null > 2:
1650
os.close(null)
1651
else:
1652
# No console logging
1653
logger.removeHandler(console)
1654
# Close all input and output, do double fork, etc.
1655
daemon()
1656
1848
1657
try:
1849
1658
with pidfile:
1850
1659
pid = os.getpid()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0