To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 423
- compare with another revision
- download diff
- download tarball
- view history from revision 423
- Committer: Teddy Hogeborn
- Date: 2010-09-12 03:00:40 UTC
- Revision ID: teddy@fukt.bsnet.se-20100912030040-b0uopyennste9fdh
Documentation changes:
* DBUS-API: New file documenting the server D-Bus interface.
* clients.conf: Add examples of new approval settings.
* debian/mandos.docs: Added "DBUS-API".
* mandos-clients.conf.xml (OPTIONS): Added "approved_by_default",
"approval_delay", and
"approval_duration".
* mandos.xml (D-BUS INTERFACE): Refer to the "DBUS-API" file.
(BUGS): Remove mention of lack of a remote query interface.
* DBUS-API: New file documenting the server D-Bus interface.
* clients.conf: Add examples of new approval settings.
* debian/mandos.docs: Added "DBUS-API".
* mandos-clients.conf.xml (OPTIONS): Added "approved_by_default",
"approval_delay", and
"approval_duration".
* mandos.xml (D-BUS INTERFACE): Refer to the "DBUS-API" file.
(BUGS): Remove mention of lack of a remote query interface.
added
removed
mandos
240
240
"""A representation of a client host served by this server.
241
241
242
242
Attributes:
243
_approved: bool(); 'None' if not yet approved/disapproved
244
approval_delay: datetime.timedelta(); Time to wait for approval
245
approval_duration: datetime.timedelta(); Duration of one approval
243
name: string; from the config file, used in log messages and
244
D-Bus identifiers
245
fingerprint: string (40 or 32 hexadecimal digits); used to
246
uniquely identify the client
247
secret: bytestring; sent verbatim (over TLS) to client
248
host: string; available for use by the checker command
249
created: datetime.datetime(); (UTC) object creation
250
last_enabled: datetime.datetime(); (UTC)
251
enabled: bool()
252
last_checked_ok: datetime.datetime(); (UTC) or None
253
timeout: datetime.timedelta(); How long from last_checked_ok
254
until this client is disabled
255
interval: datetime.timedelta(); How often to start a new checker
256
disable_hook: If set, called by disable() as disable_hook(self)
246
257
checker: subprocess.Popen(); a running checker process used
247
258
to see if the client lives.
248
259
'None' if no process is running.
260
checker_initiator_tag: a gobject event source tag, or None
261
disable_initiator_tag: - '' -
249
262
checker_callback_tag: - '' -
250
checker_command: string; External command which is run to check
251
if client lives. %() expansions are done at
263
checker_command: string; External command which is run to check if
264
client lives. %() expansions are done at
252
265
runtime with vars(self) as dict, so that for
253
266
instance %(name)s can be used in the command.
254
checker_initiator_tag: a gobject event source tag, or None
255
created: datetime.datetime(); (UTC) object creation
256
267
current_checker_command: string; current running checker_command
257
disable_hook: If set, called by disable() as disable_hook(self)
258
disable_initiator_tag: - '' -
259
enabled: bool()
260
fingerprint: string (40 or 32 hexadecimal digits); used to
261
uniquely identify the client
262
host: string; available for use by the checker command
263
interval: datetime.timedelta(); How often to start a new checker
264
last_checked_ok: datetime.datetime(); (UTC) or None
265
last_enabled: datetime.datetime(); (UTC)
266
name: string; from the config file, used in log messages and
267
D-Bus identifiers
268
secret: bytestring; sent verbatim (over TLS) to client
269
timeout: datetime.timedelta(); How long from last_checked_ok
270
until this client is disabled
271
runtime_expansions: Allowed attributes for runtime expansion.
268
approval_delay: datetime.timedelta(); Time to wait for approval
269
_approved: bool(); 'None' if not yet approved/disapproved
270
approval_duration: datetime.timedelta(); Duration of one approval
272
271
"""
273
272
274
runtime_expansions = (u"approval_delay", u"approval_duration",
275
u"created", u"enabled", u"fingerprint",
276
u"host", u"interval", u"last_checked_ok",
277
u"last_enabled", u"name", u"timeout")
278
279
273
@staticmethod
280
274
def _timedelta_to_milliseconds(td):
281
275
"Convert a datetime.timedelta() to milliseconds"
456
450
command = self.checker_command % self.host
457
451
except TypeError:
458
452
# Escape attributes for the shell
459
escaped_attrs = dict(
460
(attr,
461
re.escape(unicode(str(getattr(self, attr, u"")),
462
errors=
463
u'replace')))
464
for attr in
465
self.runtime_expansions)
466
453
escaped_attrs = dict((key,
454
re.escape(unicode(str(val),
455
errors=
456
u'replace')))
457
for key, val in
458
vars(self).iteritems())
467
459
try:
468
460
command = self.checker_command % escaped_attrs
469
461
except TypeError, error:
711
703
dbus_object_path: dbus.ObjectPath
712
704
bus: dbus.SystemBus()
713
705
"""
714
715
runtime_expansions = (Client.runtime_expansions
716
+ (u"dbus_object_path",))
717
718
706
# dbus.service.Object doesn't use super(), so we can't either.
719
707
720
708
def __init__(self, bus = None, *args, **kwargs):
723
711
Client.__init__(self, *args, **kwargs)
724
712
# Only now, when this client is initialized, can it show up on
725
713
# the D-Bus
726
client_object_name = unicode(self.name).translate(
727
{ord(u"."): ord(u"_"),
728
ord(u"-"): ord(u"_")})
729
714
self.dbus_object_path = (dbus.ObjectPath
730
(u"/clients/" + client_object_name))
715
(u"/clients/"
716
+ self.name.replace(u".", u"_")))
731
717
DBusObjectWithProperties.__init__(self, self.bus,
732
718
self.dbus_object_path)
733
719
1257
1243
client.name)
1258
1244
if self.server.use_dbus:
1259
1245
# Emit D-Bus signal
1260
client.Rejected("Approval timed out")
1246
client.Rejected("Timed out")
1261
1247
return
1262
1248
else:
1263
1249
break
1501
1487
for cond, name in
1502
1488
condition_names.iteritems()
1503
1489
if cond & condition)
1490
logger.debug(u"Handling IPC: FD = %d, condition = %s", source,
1491
conditions_string)
1492
1504
1493
# error or the other end of multiprocessing.Pipe has closed
1505
1494
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
1506
1495
return False
1507
1496
1508
1497
# Read a request from the child
1509
1498
request = parent_pipe.recv()
1499
logger.debug(u"IPC request: %s", repr(request))
1510
1500
command = request[0]
1511
1501
1512
1502
if command == 'init':
1522
1512
u"dress: %s", fpr, address)
1523
1513
if self.use_dbus:
1524
1514
# Emit D-Bus signal
1525
mandos_dbus_service.ClientNotFound(fpr, address[0])
1515
mandos_dbus_service.ClientNotFound(fpr, address)
1526
1516
parent_pipe.send(False)
1527
1517
return False
1528
1518
1765
1755
gnutls_priority=
1766
1756
server_settings[u"priority"],
1767
1757
use_dbus=use_dbus)
1768
if not debug:
1769
pidfilename = u"/var/run/mandos.pid"
1770
try:
1771
pidfile = open(pidfilename, u"w")
1772
except IOError:
1773
logger.error(u"Could not open file %r", pidfilename)
1758
pidfilename = u"/var/run/mandos.pid"
1759
try:
1760
pidfile = open(pidfilename, u"w")
1761
except IOError:
1762
logger.error(u"Could not open file %r", pidfilename)
1774
1763
1775
1764
try:
1776
1765
uid = pwd.getpwnam(u"_mandos").pw_uid
1878
1867
if not tcp_server.clients:
1879
1868
logger.warning(u"No clients defined")
1880
1869
1870
try:
1871
with pidfile:
1872
pid = os.getpid()
1873
pidfile.write(str(pid) + "\n")
1874
del pidfile
1875
except IOError:
1876
logger.error(u"Could not write to file %r with PID %d",
1877
pidfilename, pid)
1878
except NameError:
1879
# "pidfile" was never created
1880
pass
1881
del pidfilename
1882
1881
1883
if not debug:
1882
try:
1883
with pidfile:
1884
pid = os.getpid()
1885
pidfile.write(str(pid) + "\n")
1886
del pidfile
1887
except IOError:
1888
logger.error(u"Could not write to file %r with PID %d",
1889
pidfilename, pid)
1890
except NameError:
1891
# "pidfile" was never created
1892
pass
1893
del pidfilename
1894
1895
1884
signal.signal(signal.SIGINT, signal.SIG_IGN)
1896
1897
1885
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
1898
1886
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
1899
1887
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0