To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 441
- compare with another revision
- download diff
- download tarball
- view history from revision 441
- Committer: Teddy Hogeborn
- Date: 2010-09-25 23:52:17 UTC
- Revision ID: teddy@fukt.bsnet.se-20100925235217-4hhqfryz1ste6uw3
* mandos (ClientDBus.__init__): Bug fix: Translate "-" in client names
to "_" in D-Bus object paths.
(MandosServer.handle_ipc): Bug fix: Send only address string to
D-Bus signal, not whole tuple.
* mandos-ctl: New options "--approve-by-default", "--deny-by-default",
"--approval-delay", and "--approval-duration".
* mandos-ctl.xml (SYNOPSIS, OPTIONS): Document new options.
* mandos-monitor (MandosClientWidget.update): Fix spelling.
to "_" in D-Bus object paths.
(MandosServer.handle_ipc): Bug fix: Send only address string to
D-Bus signal, not whole tuple.
* mandos-ctl: New options "--approve-by-default", "--deny-by-default",
"--approval-delay", and "--approval-duration".
* mandos-ctl.xml (SYNOPSIS, OPTIONS): Document new options.
* mandos-monitor (MandosClientWidget.update): Fix spelling.
added
removed
mandos
240
240
"""A representation of a client host served by this server.
241
241
242
242
Attributes:
243
name: string; from the config file, used in log messages and
244
D-Bus identifiers
245
fingerprint: string (40 or 32 hexadecimal digits); used to
246
uniquely identify the client
247
secret: bytestring; sent verbatim (over TLS) to client
248
host: string; available for use by the checker command
249
created: datetime.datetime(); (UTC) object creation
250
last_enabled: datetime.datetime(); (UTC)
251
enabled: bool()
252
last_checked_ok: datetime.datetime(); (UTC) or None
253
timeout: datetime.timedelta(); How long from last_checked_ok
254
until this client is disabled
255
interval: datetime.timedelta(); How often to start a new checker
256
disable_hook: If set, called by disable() as disable_hook(self)
243
_approved: bool(); 'None' if not yet approved/disapproved
244
approval_delay: datetime.timedelta(); Time to wait for approval
245
approval_duration: datetime.timedelta(); Duration of one approval
257
246
checker: subprocess.Popen(); a running checker process used
258
247
to see if the client lives.
259
248
'None' if no process is running.
260
checker_initiator_tag: a gobject event source tag, or None
261
disable_initiator_tag: - '' -
262
249
checker_callback_tag: - '' -
263
checker_command: string; External command which is run to check if
264
client lives. %() expansions are done at
250
checker_command: string; External command which is run to check
251
if client lives. %() expansions are done at
265
252
runtime with vars(self) as dict, so that for
266
253
instance %(name)s can be used in the command.
254
checker_initiator_tag: a gobject event source tag, or None
255
created: datetime.datetime(); (UTC) object creation
267
256
current_checker_command: string; current running checker_command
268
approval_delay: datetime.timedelta(); Time to wait for approval
269
_approved: bool(); 'None' if not yet approved/disapproved
270
approval_duration: datetime.timedelta(); Duration of one approval
257
disable_hook: If set, called by disable() as disable_hook(self)
258
disable_initiator_tag: - '' -
259
enabled: bool()
260
fingerprint: string (40 or 32 hexadecimal digits); used to
261
uniquely identify the client
262
host: string; available for use by the checker command
263
interval: datetime.timedelta(); How often to start a new checker
264
last_checked_ok: datetime.datetime(); (UTC) or None
265
last_enabled: datetime.datetime(); (UTC)
266
name: string; from the config file, used in log messages and
267
D-Bus identifiers
268
secret: bytestring; sent verbatim (over TLS) to client
269
timeout: datetime.timedelta(); How long from last_checked_ok
270
until this client is disabled
271
runtime_expansions: Allowed attributes for runtime expansion.
271
272
"""
272
273
274
runtime_expansions = (u"approval_delay", u"approval_duration",
275
u"created", u"enabled", u"fingerprint",
276
u"host", u"interval", u"last_checked_ok",
277
u"last_enabled", u"name", u"timeout")
278
273
279
@staticmethod
274
280
def _timedelta_to_milliseconds(td):
275
281
"Convert a datetime.timedelta() to milliseconds"
450
456
command = self.checker_command % self.host
451
457
except TypeError:
452
458
# Escape attributes for the shell
453
escaped_attrs = dict((key,
454
re.escape(unicode(str(val),
455
errors=
456
u'replace')))
457
for key, val in
458
vars(self).iteritems())
459
escaped_attrs = dict(
460
(attr,
461
re.escape(unicode(str(getattr(self, attr, u"")),
462
errors=
463
u'replace')))
464
for attr in
465
self.runtime_expansions)
466
459
467
try:
460
468
command = self.checker_command % escaped_attrs
461
469
except TypeError, error:
703
711
dbus_object_path: dbus.ObjectPath
704
712
bus: dbus.SystemBus()
705
713
"""
714
715
runtime_expansions = (Client.runtime_expansions
716
+ (u"dbus_object_path",))
717
706
718
# dbus.service.Object doesn't use super(), so we can't either.
707
719
708
720
def __init__(self, bus = None, *args, **kwargs):
711
723
Client.__init__(self, *args, **kwargs)
712
724
# Only now, when this client is initialized, can it show up on
713
725
# the D-Bus
726
client_object_name = unicode(self.name).translate(
727
{ord(u"."): ord(u"_"),
728
ord(u"-"): ord(u"_")})
714
729
self.dbus_object_path = (dbus.ObjectPath
715
(u"/clients/"
716
+ self.name.replace(u".", u"_")))
730
(u"/clients/" + client_object_name))
717
731
DBusObjectWithProperties.__init__(self, self.bus,
718
732
self.dbus_object_path)
719
733
1243
1257
client.name)
1244
1258
if self.server.use_dbus:
1245
1259
# Emit D-Bus signal
1246
client.Rejected("Timed out")
1260
client.Rejected("Approval timed out")
1247
1261
return
1248
1262
else:
1249
1263
break
1487
1501
for cond, name in
1488
1502
condition_names.iteritems()
1489
1503
if cond & condition)
1490
logger.debug(u"Handling IPC: FD = %d, condition = %s", source,
1491
conditions_string)
1492
1493
1504
# error or the other end of multiprocessing.Pipe has closed
1494
1505
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
1495
1506
return False
1496
1507
1497
1508
# Read a request from the child
1498
1509
request = parent_pipe.recv()
1499
logger.debug(u"IPC request: %s", repr(request))
1500
1510
command = request[0]
1501
1511
1502
1512
if command == 'init':
1512
1522
u"dress: %s", fpr, address)
1513
1523
if self.use_dbus:
1514
1524
# Emit D-Bus signal
1515
mandos_dbus_service.ClientNotFound(fpr, address)
1525
mandos_dbus_service.ClientNotFound(fpr, address[0])
1516
1526
parent_pipe.send(False)
1517
1527
return False
1518
1528
1755
1765
gnutls_priority=
1756
1766
server_settings[u"priority"],
1757
1767
use_dbus=use_dbus)
1758
pidfilename = u"/var/run/mandos.pid"
1759
try:
1760
pidfile = open(pidfilename, u"w")
1761
except IOError:
1762
logger.error(u"Could not open file %r", pidfilename)
1768
if not debug:
1769
pidfilename = u"/var/run/mandos.pid"
1770
try:
1771
pidfile = open(pidfilename, u"w")
1772
except IOError:
1773
logger.error(u"Could not open file %r", pidfilename)
1763
1774
1764
1775
try:
1765
1776
uid = pwd.getpwnam(u"_mandos").pw_uid
1867
1878
if not tcp_server.clients:
1868
1879
logger.warning(u"No clients defined")
1869
1880
1870
try:
1871
with pidfile:
1872
pid = os.getpid()
1873
pidfile.write(str(pid) + "\n")
1874
del pidfile
1875
except IOError:
1876
logger.error(u"Could not write to file %r with PID %d",
1877
pidfilename, pid)
1878
except NameError:
1879
# "pidfile" was never created
1880
pass
1881
del pidfilename
1882
1883
1881
if not debug:
1882
try:
1883
with pidfile:
1884
pid = os.getpid()
1885
pidfile.write(str(pid) + "\n")
1886
del pidfile
1887
except IOError:
1888
logger.error(u"Could not write to file %r with PID %d",
1889
pidfilename, pid)
1890
except NameError:
1891
# "pidfile" was never created
1892
pass
1893
del pidfilename
1894
1884
1895
signal.signal(signal.SIGINT, signal.SIG_IGN)
1896
1885
1897
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
1886
1898
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
1887
1899
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0