To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 416.1.2
- compare with another revision
- compare with revision 291
- download diff
- download tarball
- view history from revision 416.1.2
- Committer: Teddy Hogeborn
- Date: 2010-06-19 00:37:04 UTC
- mto: (24.1.149 mandos)
- mto: This revision was merged to the branch mainline in revision 417.
- Revision ID: teddy@fukt.bsnet.se-20100619003704-vpicvssvv1ktg2om
* mandos (ClientHandler.handle): Set up the GnuTLS session object
before reading the protocol number.
(ClientHandler.handle/ProxyObject): New.
before reading the protocol number.
(ClientHandler.handle/ProxyObject): New.
added
removed
mandos
60
60
import fcntl
61
61
import functools
62
62
import cPickle as pickle
63
import select
63
64
64
65
import dbus
65
66
import dbus.service
1006
1007
gnutls.connection
1007
1008
.X509Credentials()))
1008
1009
1009
line = self.request.makefile().readline()
1010
logger.debug(u"Protocol version: %r", line)
1011
try:
1012
if int(line.strip().split()[0]) > 1:
1013
raise RuntimeError
1014
except (ValueError, IndexError, RuntimeError), error:
1015
logger.error(u"Unknown protocol version: %s", error)
1016
return
1017
1018
1010
# Note: gnutls.connection.X509Credentials is really a
1019
1011
# generic GnuTLS certificate credentials object so long as
1020
1012
# no X.509 keys are added to it. Therefore, we can use it
1032
1024
.gnutls_priority_set_direct(session._c_object,
1033
1025
priority, None))
1034
1026
1027
# Start communication using the Mandos protocol
1028
# Get protocol number
1029
line = self.request.makefile().readline()
1030
logger.debug(u"Protocol version: %r", line)
1031
try:
1032
if int(line.strip().split()[0]) > 1:
1033
raise RuntimeError
1034
except (ValueError, IndexError, RuntimeError), error:
1035
logger.error(u"Unknown protocol version: %s", error)
1036
return
1037
1038
# Start GnuTLS connection
1035
1039
try:
1036
1040
session.handshake()
1037
1041
except gnutls.errors.GNUTLSError, error:
1057
1061
ipc.write(u"NOTFOUND %s %s\n"
1058
1062
% (fpr, unicode(self.client_address)))
1059
1063
return
1064
1065
class ClientProxy(object):
1066
"""Client proxy object. Not for calling methods."""
1067
def __init__(self, client):
1068
self.client = client
1069
def __getattr__(self, name):
1070
if name.startswith("ipc_"):
1071
def tempfunc():
1072
ipc.write("%s %s\n" % (name[4:].upper(),
1073
self.client.name))
1074
return tempfunc
1075
if not hasattr(self.client, name):
1076
raise AttributeError
1077
ipc.write(u"GETATTR %s %s\n"
1078
% (name, self.client.fingerprint))
1079
return pickle.load(ipc_return)
1080
clientproxy = ClientProxy(client)
1060
1081
# Have to check if client.enabled, since it is
1061
1082
# possible that the client was disabled since the
1062
1083
# GnuTLS session was established.
1063
ipc.write(u"GETATTR enabled %s\n" % fpr)
1064
enabled = pickle.load(ipc_return)
1065
if not enabled:
1066
ipc.write(u"DISABLED %s\n" % client.name)
1084
if not clientproxy.enabled:
1085
clientproxy.ipc_disabled()
1067
1086
return
1068
# Send "NEED_APPROVAL" here and hang waiting
1069
# for response? Leave timeout to parent process?
1070
ipc.write(u"SENDING %s\n" % client.name)
1087
1088
clientproxy.ipc_sending()
1071
1089
sent_size = 0
1072
1090
while sent_size < len(client.secret):
1073
1091
sent = session.send(client.secret[sent_size:])
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0