To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 435
- compare with another revision
- download diff
- download tarball
- view history from revision 435
- Committer: teddy at bsnet
- Date: 2010-09-23 20:14:08 UTC
- Revision ID: teddy@fukt.bsnet.se-20100923201408-4vcvjmml000fr8y5
* Makefile (DOCS): Added "plymouth.8mandos".
(install-server): Also install "mandos-monitor.8" and
"mandos-ctl.8".
(install-client-nokey): Also install "plymouth.8mandos".
(uninstall-server): Also remove "mandos-monitor.8" and
"mandos-ctl.8".
(uninstall-client): Also remove "plymouth.8mandos".
* plugins.d/plymouth.xml: New.
(install-server): Also install "mandos-monitor.8" and
"mandos-ctl.8".
(install-client-nokey): Also install "plymouth.8mandos".
(uninstall-server): Also remove "mandos-monitor.8" and
"mandos-ctl.8".
(uninstall-client): Also remove "plymouth.8mandos".
* plugins.d/plymouth.xml: New.
- files added:
- DBUS-API
- files removed:
- plugins.d/plymouth
- files modified:
- Makefile
added
removed
mandos
165
165
u' %%(levelname)s: %%(message)s'
166
166
% self.name))
167
167
self.remove()
168
self.add()
168
try:
169
self.add()
170
except dbus.exceptions.DBusException, error:
171
logger.critical(u"DBusException: %s", error)
172
self.cleanup()
173
os._exit(1)
169
174
self.rename_count += 1
170
175
def remove(self):
171
176
"""Derived from the Avahi example code"""
260
265
runtime with vars(self) as dict, so that for
261
266
instance %(name)s can be used in the command.
262
267
current_checker_command: string; current running checker_command
263
approved_delay: datetime.timedelta(); Time to wait for approval
268
approval_delay: datetime.timedelta(); Time to wait for approval
264
269
_approved: bool(); 'None' if not yet approved/disapproved
265
approved_duration: datetime.timedelta(); Duration of one approval
270
approval_duration: datetime.timedelta(); Duration of one approval
266
271
"""
267
272
268
273
@staticmethod
280
285
"Return the 'interval' attribute in milliseconds"
281
286
return self._timedelta_to_milliseconds(self.interval)
282
287
283
def approved_delay_milliseconds(self):
284
return self._timedelta_to_milliseconds(self.approved_delay)
288
def approval_delay_milliseconds(self):
289
return self._timedelta_to_milliseconds(self.approval_delay)
285
290
286
291
def __init__(self, name = None, disable_hook=None, config=None):
287
292
"""Note: the 'checker' key in 'config' sets the
326
331
self.approved_by_default = config.get(u"approved_by_default",
327
332
True)
328
333
self.approvals_pending = 0
329
self.approved_delay = string_to_delta(
330
config[u"approved_delay"])
331
self.approved_duration = string_to_delta(
332
config[u"approved_duration"])
334
self.approval_delay = string_to_delta(
335
config[u"approval_delay"])
336
self.approval_duration = string_to_delta(
337
config[u"approval_duration"])
333
338
self.changedstate = multiprocessing_manager.Condition(multiprocessing_manager.Lock())
334
339
335
340
def send_changedstate(self):
711
716
+ self.name.replace(u".", u"_")))
712
717
DBusObjectWithProperties.__init__(self, self.bus,
713
718
self.dbus_object_path)
714
719
715
720
def _get_approvals_pending(self):
716
721
return self._approvals_pending
717
722
def _set_approvals_pending(self, value):
721
726
if (hasattr(self, "dbus_object_path")
722
727
and bval is not bool(old_value)):
723
728
dbus_bool = dbus.Boolean(bval, variant_level=1)
724
self.PropertyChanged(dbus.String(u"approved_pending"),
729
self.PropertyChanged(dbus.String(u"ApprovalPending"),
725
730
dbus_bool)
726
731
727
732
approvals_pending = property(_get_approvals_pending,
739
744
r = Client.enable(self)
740
745
if oldstate != self.enabled:
741
746
# Emit D-Bus signals
742
self.PropertyChanged(dbus.String(u"enabled"),
747
self.PropertyChanged(dbus.String(u"Enabled"),
743
748
dbus.Boolean(True, variant_level=1))
744
749
self.PropertyChanged(
745
dbus.String(u"last_enabled"),
750
dbus.String(u"LastEnabled"),
746
751
self._datetime_to_dbus(self.last_enabled,
747
752
variant_level=1))
748
753
return r
752
757
r = Client.disable(self, quiet=quiet)
753
758
if not quiet and oldstate != self.enabled:
754
759
# Emit D-Bus signal
755
self.PropertyChanged(dbus.String(u"enabled"),
760
self.PropertyChanged(dbus.String(u"Enabled"),
756
761
dbus.Boolean(False, variant_level=1))
757
762
return r
758
763
770
775
self.checker_callback_tag = None
771
776
self.checker = None
772
777
# Emit D-Bus signal
773
self.PropertyChanged(dbus.String(u"checker_running"),
778
self.PropertyChanged(dbus.String(u"CheckerRunning"),
774
779
dbus.Boolean(False, variant_level=1))
775
780
if os.WIFEXITED(condition):
776
781
exitstatus = os.WEXITSTATUS(condition)
791
796
r = Client.checked_ok(self, *args, **kwargs)
792
797
# Emit D-Bus signal
793
798
self.PropertyChanged(
794
dbus.String(u"last_checked_ok"),
799
dbus.String(u"LastCheckedOK"),
795
800
(self._datetime_to_dbus(self.last_checked_ok,
796
801
variant_level=1)))
797
802
return r
809
814
# Emit D-Bus signal
810
815
self.CheckerStarted(self.current_checker_command)
811
816
self.PropertyChanged(
812
dbus.String(u"checker_running"),
817
dbus.String(u"CheckerRunning"),
813
818
dbus.Boolean(True, variant_level=1))
814
819
return r
815
820
818
823
r = Client.stop_checker(self, *args, **kwargs)
819
824
if (old_checker is not None
820
825
and getattr(self, u"checker", None) is None):
821
self.PropertyChanged(dbus.String(u"checker_running"),
826
self.PropertyChanged(dbus.String(u"CheckerRunning"),
822
827
dbus.Boolean(False, variant_level=1))
823
828
return r
824
829
829
834
def approve(self, value=True):
830
835
self.send_changedstate()
831
836
self._approved = value
832
gobject.timeout_add(self._timedelta_to_milliseconds(self.approved_duration),
837
gobject.timeout_add(self._timedelta_to_milliseconds
838
(self.approval_duration),
833
839
self._reset_approved)
834
840
835
841
872
878
pass
873
879
874
880
# NeedApproval - signal
875
@dbus.service.signal(_interface, signature=u"db")
881
@dbus.service.signal(_interface, signature=u"tb")
876
882
def NeedApproval(self, timeout, default):
877
883
"D-Bus signal"
878
884
pass
914
920
915
921
## Properties
916
922
917
# approved_pending - property
923
# ApprovalPending - property
918
924
@dbus_service_property(_interface, signature=u"b", access=u"read")
919
def approved_pending_dbus_property(self):
925
def ApprovalPending_dbus_property(self):
920
926
return dbus.Boolean(bool(self.approvals_pending))
921
927
922
# approved_by_default - property
928
# ApprovedByDefault - property
923
929
@dbus_service_property(_interface, signature=u"b",
924
930
access=u"readwrite")
925
def approved_by_default_dbus_property(self):
926
return dbus.Boolean(self.approved_by_default)
927
928
# approved_delay - property
929
@dbus_service_property(_interface, signature=u"t",
930
access=u"readwrite")
931
def approved_delay_dbus_property(self):
932
return dbus.UInt64(self.approved_delay_milliseconds())
933
934
# approved_duration - property
935
@dbus_service_property(_interface, signature=u"t",
936
access=u"readwrite")
937
def approved_duration_dbus_property(self):
938
return dbus.UInt64(self._timedelta_to_milliseconds(
939
self.approved_duration))
940
941
# name - property
931
def ApprovedByDefault_dbus_property(self, value=None):
932
if value is None: # get
933
return dbus.Boolean(self.approved_by_default)
934
self.approved_by_default = bool(value)
935
# Emit D-Bus signal
936
self.PropertyChanged(dbus.String(u"ApprovedByDefault"),
937
dbus.Boolean(value, variant_level=1))
938
939
# ApprovalDelay - property
940
@dbus_service_property(_interface, signature=u"t",
941
access=u"readwrite")
942
def ApprovalDelay_dbus_property(self, value=None):
943
if value is None: # get
944
return dbus.UInt64(self.approval_delay_milliseconds())
945
self.approval_delay = datetime.timedelta(0, 0, 0, value)
946
# Emit D-Bus signal
947
self.PropertyChanged(dbus.String(u"ApprovalDelay"),
948
dbus.UInt64(value, variant_level=1))
949
950
# ApprovalDuration - property
951
@dbus_service_property(_interface, signature=u"t",
952
access=u"readwrite")
953
def ApprovalDuration_dbus_property(self, value=None):
954
if value is None: # get
955
return dbus.UInt64(self._timedelta_to_milliseconds(
956
self.approval_duration))
957
self.approval_duration = datetime.timedelta(0, 0, 0, value)
958
# Emit D-Bus signal
959
self.PropertyChanged(dbus.String(u"ApprovalDuration"),
960
dbus.UInt64(value, variant_level=1))
961
962
# Name - property
942
963
@dbus_service_property(_interface, signature=u"s", access=u"read")
943
def name_dbus_property(self):
964
def Name_dbus_property(self):
944
965
return dbus.String(self.name)
945
966
946
# fingerprint - property
967
# Fingerprint - property
947
968
@dbus_service_property(_interface, signature=u"s", access=u"read")
948
def fingerprint_dbus_property(self):
969
def Fingerprint_dbus_property(self):
949
970
return dbus.String(self.fingerprint)
950
971
951
# host - property
972
# Host - property
952
973
@dbus_service_property(_interface, signature=u"s",
953
974
access=u"readwrite")
954
def host_dbus_property(self, value=None):
975
def Host_dbus_property(self, value=None):
955
976
if value is None: # get
956
977
return dbus.String(self.host)
957
978
self.host = value
958
979
# Emit D-Bus signal
959
self.PropertyChanged(dbus.String(u"host"),
980
self.PropertyChanged(dbus.String(u"Host"),
960
981
dbus.String(value, variant_level=1))
961
982
962
# created - property
983
# Created - property
963
984
@dbus_service_property(_interface, signature=u"s", access=u"read")
964
def created_dbus_property(self):
985
def Created_dbus_property(self):
965
986
return dbus.String(self._datetime_to_dbus(self.created))
966
987
967
# last_enabled - property
988
# LastEnabled - property
968
989
@dbus_service_property(_interface, signature=u"s", access=u"read")
969
def last_enabled_dbus_property(self):
990
def LastEnabled_dbus_property(self):
970
991
if self.last_enabled is None:
971
992
return dbus.String(u"")
972
993
return dbus.String(self._datetime_to_dbus(self.last_enabled))
973
994
974
# enabled - property
995
# Enabled - property
975
996
@dbus_service_property(_interface, signature=u"b",
976
997
access=u"readwrite")
977
def enabled_dbus_property(self, value=None):
998
def Enabled_dbus_property(self, value=None):
978
999
if value is None: # get
979
1000
return dbus.Boolean(self.enabled)
980
1001
if value:
982
1003
else:
983
1004
self.disable()
984
1005
985
# last_checked_ok - property
1006
# LastCheckedOK - property
986
1007
@dbus_service_property(_interface, signature=u"s",
987
1008
access=u"readwrite")
988
def last_checked_ok_dbus_property(self, value=None):
1009
def LastCheckedOK_dbus_property(self, value=None):
989
1010
if value is not None:
990
1011
self.checked_ok()
991
1012
return
994
1015
return dbus.String(self._datetime_to_dbus(self
995
1016
.last_checked_ok))
996
1017
997
# timeout - property
1018
# Timeout - property
998
1019
@dbus_service_property(_interface, signature=u"t",
999
1020
access=u"readwrite")
1000
def timeout_dbus_property(self, value=None):
1021
def Timeout_dbus_property(self, value=None):
1001
1022
if value is None: # get
1002
1023
return dbus.UInt64(self.timeout_milliseconds())
1003
1024
self.timeout = datetime.timedelta(0, 0, 0, value)
1004
1025
# Emit D-Bus signal
1005
self.PropertyChanged(dbus.String(u"timeout"),
1026
self.PropertyChanged(dbus.String(u"Timeout"),
1006
1027
dbus.UInt64(value, variant_level=1))
1007
1028
if getattr(self, u"disable_initiator_tag", None) is None:
1008
1029
return
1022
1043
self.disable_initiator_tag = (gobject.timeout_add
1023
1044
(time_to_die, self.disable))
1024
1045
1025
# interval - property
1046
# Interval - property
1026
1047
@dbus_service_property(_interface, signature=u"t",
1027
1048
access=u"readwrite")
1028
def interval_dbus_property(self, value=None):
1049
def Interval_dbus_property(self, value=None):
1029
1050
if value is None: # get
1030
1051
return dbus.UInt64(self.interval_milliseconds())
1031
1052
self.interval = datetime.timedelta(0, 0, 0, value)
1032
1053
# Emit D-Bus signal
1033
self.PropertyChanged(dbus.String(u"interval"),
1054
self.PropertyChanged(dbus.String(u"Interval"),
1034
1055
dbus.UInt64(value, variant_level=1))
1035
1056
if getattr(self, u"checker_initiator_tag", None) is None:
1036
1057
return
1040
1061
(value, self.start_checker))
1041
1062
self.start_checker() # Start one now, too
1042
1063
1043
# checker - property
1064
# Checker - property
1044
1065
@dbus_service_property(_interface, signature=u"s",
1045
1066
access=u"readwrite")
1046
def checker_dbus_property(self, value=None):
1067
def Checker_dbus_property(self, value=None):
1047
1068
if value is None: # get
1048
1069
return dbus.String(self.checker_command)
1049
1070
self.checker_command = value
1050
1071
# Emit D-Bus signal
1051
self.PropertyChanged(dbus.String(u"checker"),
1072
self.PropertyChanged(dbus.String(u"Checker"),
1052
1073
dbus.String(self.checker_command,
1053
1074
variant_level=1))
1054
1075
1055
# checker_running - property
1076
# CheckerRunning - property
1056
1077
@dbus_service_property(_interface, signature=u"b",
1057
1078
access=u"readwrite")
1058
def checker_running_dbus_property(self, value=None):
1079
def CheckerRunning_dbus_property(self, value=None):
1059
1080
if value is None: # get
1060
1081
return dbus.Boolean(self.checker is not None)
1061
1082
if value:
1063
1084
else:
1064
1085
self.stop_checker()
1065
1086
1066
# object_path - property
1087
# ObjectPath - property
1067
1088
@dbus_service_property(_interface, signature=u"o", access=u"read")
1068
def object_path_dbus_property(self):
1089
def ObjectPath_dbus_property(self):
1069
1090
return self.dbus_object_path # is already a dbus.ObjectPath
1070
1091
1071
# secret = property
1092
# Secret = property
1072
1093
@dbus_service_property(_interface, signature=u"ay",
1073
1094
access=u"write", byte_arrays=True)
1074
def secret_dbus_property(self, value):
1095
def Secret_dbus_property(self, value):
1075
1096
self.secret = str(value)
1076
1097
1077
1098
del _interface
1175
1196
except KeyError:
1176
1197
return
1177
1198
1178
if client.approved_delay:
1179
delay = client.approved_delay
1199
if client.approval_delay:
1200
delay = client.approval_delay
1180
1201
client.approvals_pending += 1
1181
1202
approval_required = True
1182
1203
1189
1210
client.Rejected("Disabled")
1190
1211
return
1191
1212
1192
if client._approved or not client.approved_delay:
1213
if client._approved or not client.approval_delay:
1193
1214
#We are approved or approval is disabled
1194
1215
break
1195
1216
elif client._approved is None:
1196
logger.info(u"Client %s need approval",
1217
logger.info(u"Client %s needs approval",
1197
1218
client.name)
1198
1219
if self.server.use_dbus:
1199
1220
# Emit D-Bus signal
1200
1221
client.NeedApproval(
1201
client.approved_delay_milliseconds(),
1222
client.approval_delay_milliseconds(),
1202
1223
client.approved_by_default)
1203
1224
else:
1204
1225
logger.warning(u"Client %s was not approved",
1205
1226
client.name)
1206
1227
if self.server.use_dbus:
1207
1228
# Emit D-Bus signal
1208
client.Rejected("Disapproved")
1229
client.Rejected("Denied")
1209
1230
return
1210
1231
1211
1232
#wait until timeout or approved
1222
1243
client.name)
1223
1244
if self.server.use_dbus:
1224
1245
# Emit D-Bus signal
1225
client.Rejected("Time out")
1246
client.Rejected("Approval timed out")
1226
1247
return
1227
1248
else:
1228
1249
break
1254
1275
try:
1255
1276
session.bye()
1256
1277
except (gnutls.errors.GNUTLSError), error:
1257
logger.warning("gnutls bye failed")
1278
logger.warning("GnuTLS bye failed")
1258
1279
1259
1280
@staticmethod
1260
1281
def peer_certificate(session):
1466
1487
for cond, name in
1467
1488
condition_names.iteritems()
1468
1489
if cond & condition)
1469
logger.debug(u"Handling IPC: FD = %d, condition = %s", source,
1470
conditions_string)
1471
1472
1490
# error or the other end of multiprocessing.Pipe has closed
1473
1491
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
1474
1492
return False
1475
1493
1476
1494
# Read a request from the child
1477
1495
request = parent_pipe.recv()
1478
logger.debug(u"IPC request: %s", repr(request))
1479
1496
command = request[0]
1480
1497
1481
1498
if command == 'init':
1715
1732
u"interval": u"5m",
1716
1733
u"checker": u"fping -q -- %%(host)s",
1717
1734
u"host": u"",
1718
u"approved_delay": u"0s",
1719
u"approved_duration": u"1s",
1735
u"approval_delay": u"0s",
1736
u"approval_duration": u"1s",
1720
1737
}
1721
1738
client_config = configparser.SafeConfigParser(client_defaults)
1722
1739
client_config.read(os.path.join(server_settings[u"configdir"],
1728
1745
tcp_server = MandosServer((server_settings[u"address"],
1729
1746
server_settings[u"port"]),
1730
1747
ClientHandler,
1731
interface=server_settings[u"interface"],
1748
interface=(server_settings[u"interface"]
1749
or None),
1732
1750
use_ipv6=use_ipv6,
1733
1751
gnutls_priority=
1734
1752
server_settings[u"priority"],
1760
1778
if error[0] != errno.EPERM:
1761
1779
raise error
1762
1780
1763
# Enable all possible GnuTLS debugging
1764
1765
1766
1781
if not debug and not debuglevel:
1767
1782
syslogger.setLevel(logging.WARNING)
1768
1783
console.setLevel(logging.WARNING)
1772
1787
console.setLevel(level)
1773
1788
1774
1789
if debug:
1790
# Enable all possible GnuTLS debugging
1791
1775
1792
# "Use a log level over 10 to enable all debugging options."
1776
1793
# - GnuTLS manual
1777
1794
gnutls.library.functions.gnutls_global_set_log_level(11)
1782
1799
1783
1800
(gnutls.library.functions
1784
1801
.gnutls_global_set_log_function(debug_gnutls))
1785
1802
1786
1803
# Redirect stdin so all checkers get /dev/null
1787
1804
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1788
1805
os.dup2(null, sys.stdin.fileno())
1791
1808
else:
1792
1809
# No console logging
1793
1810
logger.removeHandler(console)
1794
1811
1795
1812
1796
1813
global main_loop
1797
1814
# From the Avahi example code
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0