To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 446
- compare with another revision
- download diff
- download tarball
- view history from revision 446
- Committer: teddy at bsnet
- Date: 2010-09-27 16:27:13 UTC
- Revision ID: teddy@fukt.bsnet.se-20100927162713-jucnyd63612ximvw
* mandos-monitor: Change key for removing a client from "r" to "R".
- files removed:
- debian/source
- network-hooks.d
- files modified:
- .bzrignore
added
removed
mandos
11
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008-2012 Teddy Hogeborn
15
# Copyright © 2008-2012 Björn Påhlsson
14
# Copyright © 2008-2010 Teddy Hogeborn
15
# Copyright © 2008-2010 Björn Påhlsson
16
16
#
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
28
28
# along with this program. If not, see
29
29
# <http://www.gnu.org/licenses/>.
30
30
#
31
# Contact the authors at <mandos@recompile.se>.
31
# Contact the authors at <mandos@fukt.bsnet.se>.
32
32
#
33
33
34
from __future__ import (division, absolute_import, print_function,
35
unicode_literals)
36
37
from future_builtins import *
34
from __future__ import division, with_statement, absolute_import
38
35
39
36
import SocketServer as socketserver
40
37
import socket
41
import argparse
38
import optparse
42
39
import datetime
43
40
import errno
44
41
import gnutls.crypto
64
61
import functools
65
62
import cPickle as pickle
66
63
import multiprocessing
67
import types
68
import binascii
69
import tempfile
70
import itertools
71
64
72
65
import dbus
73
66
import dbus.service
78
71
import ctypes.util
79
72
import xml.dom.minidom
80
73
import inspect
81
import GnuPGInterface
82
74
83
75
try:
84
76
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
88
80
except ImportError:
89
81
SO_BINDTODEVICE = None
90
82
91
version = "1.5.3"
92
stored_state_file = "clients.pickle"
93
94
logger = logging.getLogger()
83
84
version = "1.0.14"
85
86
#logger = logging.getLogger(u'mandos')
87
logger = logging.Logger(u'mandos')
95
88
syslogger = (logging.handlers.SysLogHandler
96
89
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
97
address = str("/dev/log")))
98
99
try:
100
if_nametoindex = (ctypes.cdll.LoadLibrary
101
(ctypes.util.find_library("c"))
102
.if_nametoindex)
103
except (OSError, AttributeError):
104
def if_nametoindex(interface):
105
"Get an interface index the hard way, i.e. using fcntl()"
106
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
107
with contextlib.closing(socket.socket()) as s:
108
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
109
struct.pack(str("16s16x"),
110
interface))
111
interface_index = struct.unpack(str("I"),
112
ifreq[16:20])[0]
113
return interface_index
114
115
116
def initlogger(debug, level=logging.WARNING):
117
"""init logger and add loglevel"""
118
119
syslogger.setFormatter(logging.Formatter
120
('Mandos [%(process)d]: %(levelname)s:'
121
' %(message)s'))
122
logger.addHandler(syslogger)
123
124
if debug:
125
console = logging.StreamHandler()
126
console.setFormatter(logging.Formatter('%(asctime)s %(name)s'
127
' [%(process)d]:'
128
' %(levelname)s:'
129
' %(message)s'))
130
logger.addHandler(console)
131
logger.setLevel(level)
132
133
134
class PGPError(Exception):
135
"""Exception if encryption/decryption fails"""
136
pass
137
138
139
class PGPEngine(object):
140
"""A simple class for OpenPGP symmetric encryption & decryption"""
141
def __init__(self):
142
self.gnupg = GnuPGInterface.GnuPG()
143
self.tempdir = tempfile.mkdtemp(prefix="mandos-")
144
self.gnupg = GnuPGInterface.GnuPG()
145
self.gnupg.options.meta_interactive = False
146
self.gnupg.options.homedir = self.tempdir
147
self.gnupg.options.extra_args.extend(['--force-mdc',
148
'--quiet',
149
'--no-use-agent'])
150
151
def __enter__(self):
152
return self
153
154
def __exit__ (self, exc_type, exc_value, traceback):
155
self._cleanup()
156
return False
157
158
def __del__(self):
159
self._cleanup()
160
161
def _cleanup(self):
162
if self.tempdir is not None:
163
# Delete contents of tempdir
164
for root, dirs, files in os.walk(self.tempdir,
165
topdown = False):
166
for filename in files:
167
os.remove(os.path.join(root, filename))
168
for dirname in dirs:
169
os.rmdir(os.path.join(root, dirname))
170
# Remove tempdir
171
os.rmdir(self.tempdir)
172
self.tempdir = None
173
174
def password_encode(self, password):
175
# Passphrase can not be empty and can not contain newlines or
176
# NUL bytes. So we prefix it and hex encode it.
177
return b"mandos" + binascii.hexlify(password)
178
179
def encrypt(self, data, password):
180
self.gnupg.passphrase = self.password_encode(password)
181
with open(os.devnull, "w") as devnull:
182
try:
183
proc = self.gnupg.run(['--symmetric'],
184
create_fhs=['stdin', 'stdout'],
185
attach_fhs={'stderr': devnull})
186
with contextlib.closing(proc.handles['stdin']) as f:
187
f.write(data)
188
with contextlib.closing(proc.handles['stdout']) as f:
189
ciphertext = f.read()
190
proc.wait()
191
except IOError as e:
192
raise PGPError(e)
193
self.gnupg.passphrase = None
194
return ciphertext
195
196
def decrypt(self, data, password):
197
self.gnupg.passphrase = self.password_encode(password)
198
with open(os.devnull, "w") as devnull:
199
try:
200
proc = self.gnupg.run(['--decrypt'],
201
create_fhs=['stdin', 'stdout'],
202
attach_fhs={'stderr': devnull})
203
with contextlib.closing(proc.handles['stdin']) as f:
204
f.write(data)
205
with contextlib.closing(proc.handles['stdout']) as f:
206
decrypted_plaintext = f.read()
207
proc.wait()
208
except IOError as e:
209
raise PGPError(e)
210
self.gnupg.passphrase = None
211
return decrypted_plaintext
212
90
address = "/dev/log"))
91
syslogger.setFormatter(logging.Formatter
92
(u'Mandos [%(process)d]: %(levelname)s:'
93
u' %(message)s'))
94
logger.addHandler(syslogger)
95
96
console = logging.StreamHandler()
97
console.setFormatter(logging.Formatter(u'%(name)s [%(process)d]:'
98
u' %(levelname)s:'
99
u' %(message)s'))
100
logger.addHandler(console)
213
101
214
102
class AvahiError(Exception):
215
103
def __init__(self, value, *args, **kwargs):
231
119
Attributes:
232
120
interface: integer; avahi.IF_UNSPEC or an interface index.
233
121
Used to optionally bind to the specified interface.
234
name: string; Example: 'Mandos'
235
type: string; Example: '_mandos._tcp'.
122
name: string; Example: u'Mandos'
123
type: string; Example: u'_mandos._tcp'.
236
124
See <http://www.dns-sd.org/ServiceTypes.html>
237
125
port: integer; what port to announce
238
126
TXT: list of strings; TXT record for the service
245
133
server: D-Bus Server
246
134
bus: dbus.SystemBus()
247
135
"""
248
249
136
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
250
137
servicetype = None, port = None, TXT = None,
251
domain = "", host = "", max_renames = 32768,
138
domain = u"", host = u"", max_renames = 32768,
252
139
protocol = avahi.PROTO_UNSPEC, bus = None):
253
140
self.interface = interface
254
141
self.name = name
263
150
self.group = None # our entry group
264
151
self.server = None
265
152
self.bus = bus
266
self.entry_group_state_changed_match = None
267
268
153
def rename(self):
269
154
"""Derived from the Avahi example code"""
270
155
if self.rename_count >= self.max_renames:
271
logger.critical("No suitable Zeroconf service name found"
272
" after %i retries, exiting.",
156
logger.critical(u"No suitable Zeroconf service name found"
157
u" after %i retries, exiting.",
273
158
self.rename_count)
274
raise AvahiServiceError("Too many renames")
275
self.name = unicode(self.server
276
.GetAlternativeServiceName(self.name))
277
logger.info("Changing Zeroconf service name to %r ...",
159
raise AvahiServiceError(u"Too many renames")
160
self.name = unicode(self.server.GetAlternativeServiceName(self.name))
161
logger.info(u"Changing Zeroconf service name to %r ...",
278
162
self.name)
163
syslogger.setFormatter(logging.Formatter
164
(u'Mandos (%s) [%%(process)d]:'
165
u' %%(levelname)s: %%(message)s'
166
% self.name))
279
167
self.remove()
280
168
try:
281
169
self.add()
282
except dbus.exceptions.DBusException as error:
283
logger.critical("D-Bus Exception", exc_info=error)
170
except dbus.exceptions.DBusException, error:
171
logger.critical(u"DBusException: %s", error)
284
172
self.cleanup()
285
173
os._exit(1)
286
174
self.rename_count += 1
287
288
175
def remove(self):
289
176
"""Derived from the Avahi example code"""
290
if self.entry_group_state_changed_match is not None:
291
self.entry_group_state_changed_match.remove()
292
self.entry_group_state_changed_match = None
293
177
if self.group is not None:
294
178
self.group.Reset()
295
296
179
def add(self):
297
180
"""Derived from the Avahi example code"""
298
self.remove()
299
181
if self.group is None:
300
182
self.group = dbus.Interface(
301
183
self.bus.get_object(avahi.DBUS_NAME,
302
184
self.server.EntryGroupNew()),
303
185
avahi.DBUS_INTERFACE_ENTRY_GROUP)
304
self.entry_group_state_changed_match = (
305
self.group.connect_to_signal(
306
'StateChanged', self.entry_group_state_changed))
307
logger.debug("Adding Zeroconf service '%s' of type '%s' ...",
186
self.group.connect_to_signal('StateChanged',
187
self
188
.entry_group_state_changed)
189
logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",
308
190
self.name, self.type)
309
191
self.group.AddService(
310
192
self.interface,
315
197
dbus.UInt16(self.port),
316
198
avahi.string_array_to_txt_array(self.TXT))
317
199
self.group.Commit()
318
319
200
def entry_group_state_changed(self, state, error):
320
201
"""Derived from the Avahi example code"""
321
logger.debug("Avahi entry group state change: %i", state)
202
logger.debug(u"Avahi entry group state change: %i", state)
322
203
323
204
if state == avahi.ENTRY_GROUP_ESTABLISHED:
324
logger.debug("Zeroconf service established.")
205
logger.debug(u"Zeroconf service established.")
325
206
elif state == avahi.ENTRY_GROUP_COLLISION:
326
logger.info("Zeroconf service name collision.")
207
logger.warning(u"Zeroconf service name collision.")
327
208
self.rename()
328
209
elif state == avahi.ENTRY_GROUP_FAILURE:
329
logger.critical("Avahi: Error in group state changed %s",
210
logger.critical(u"Avahi: Error in group state changed %s",
330
211
unicode(error))
331
raise AvahiGroupError("State changed: {0!s}"
332
.format(error))
333
212
raise AvahiGroupError(u"State changed: %s"
213
% unicode(error))
334
214
def cleanup(self):
335
215
"""Derived from the Avahi example code"""
336
216
if self.group is not None:
337
try:
338
self.group.Free()
339
except (dbus.exceptions.UnknownMethodException,
340
dbus.exceptions.DBusException):
341
pass
217
self.group.Free()
342
218
self.group = None
343
self.remove()
344
345
def server_state_changed(self, state, error=None):
219
def server_state_changed(self, state):
346
220
"""Derived from the Avahi example code"""
347
logger.debug("Avahi server state change: %i", state)
348
bad_states = { avahi.SERVER_INVALID:
349
"Zeroconf server invalid",
350
avahi.SERVER_REGISTERING: None,
351
avahi.SERVER_COLLISION:
352
"Zeroconf server name collision",
353
avahi.SERVER_FAILURE:
354
"Zeroconf server failure" }
355
if state in bad_states:
356
if bad_states[state] is not None:
357
if error is None:
358
logger.error(bad_states[state])
359
else:
360
logger.error(bad_states[state] + ": %r", error)
361
self.cleanup()
221
logger.debug(u"Avahi server state change: %i", state)
222
if state == avahi.SERVER_COLLISION:
223
logger.error(u"Zeroconf server name collision")
224
self.remove()
362
225
elif state == avahi.SERVER_RUNNING:
363
226
self.add()
364
else:
365
if error is None:
366
logger.debug("Unknown state: %r", state)
367
else:
368
logger.debug("Unknown state: %r: %r", state, error)
369
370
227
def activate(self):
371
228
"""Derived from the Avahi example code"""
372
229
if self.server is None:
373
230
self.server = dbus.Interface(
374
231
self.bus.get_object(avahi.DBUS_NAME,
375
avahi.DBUS_PATH_SERVER,
376
follow_name_owner_changes=True),
232
avahi.DBUS_PATH_SERVER),
377
233
avahi.DBUS_INTERFACE_SERVER)
378
self.server.connect_to_signal("StateChanged",
234
self.server.connect_to_signal(u"StateChanged",
379
235
self.server_state_changed)
380
236
self.server_state_changed(self.server.GetState())
381
237
382
238
383
class AvahiServiceToSyslog(AvahiService):
384
def rename(self):
385
"""Add the new name to the syslog messages"""
386
ret = AvahiService.rename(self)
387
syslogger.setFormatter(logging.Formatter
388
('Mandos ({0}) [%(process)d]:'
389
' %(levelname)s: %(message)s'
390
.format(self.name)))
391
return ret
392
393
394
def timedelta_to_milliseconds(td):
395
"Convert a datetime.timedelta() to milliseconds"
396
return ((td.days * 24 * 60 * 60 * 1000)
397
+ (td.seconds * 1000)
398
+ (td.microseconds // 1000))
399
400
401
239
class Client(object):
402
240
"""A representation of a client host served by this server.
403
241
404
242
Attributes:
405
approved: bool(); 'None' if not yet approved/disapproved
243
_approved: bool(); 'None' if not yet approved/disapproved
406
244
approval_delay: datetime.timedelta(); Time to wait for approval
407
245
approval_duration: datetime.timedelta(); Duration of one approval
408
246
checker: subprocess.Popen(); a running checker process used
415
253
instance %(name)s can be used in the command.
416
254
checker_initiator_tag: a gobject event source tag, or None
417
255
created: datetime.datetime(); (UTC) object creation
418
client_structure: Object describing what attributes a client has
419
and is used for storing the client at exit
420
256
current_checker_command: string; current running checker_command
257
disable_hook: If set, called by disable() as disable_hook(self)
421
258
disable_initiator_tag: a gobject event source tag, or None
422
259
enabled: bool()
423
260
fingerprint: string (40 or 32 hexadecimal digits); used to
426
263
interval: datetime.timedelta(); How often to start a new checker
427
264
last_approval_request: datetime.datetime(); (UTC) or None
428
265
last_checked_ok: datetime.datetime(); (UTC) or None
429
last_checker_status: integer between 0 and 255 reflecting exit
430
status of last checker. -1 reflects crashed
431
checker, -2 means no checker completed yet.
432
last_enabled: datetime.datetime(); (UTC) or None
266
last_enabled: datetime.datetime(); (UTC)
433
267
name: string; from the config file, used in log messages and
434
268
D-Bus identifiers
435
269
secret: bytestring; sent verbatim (over TLS) to client
436
270
timeout: datetime.timedelta(); How long from last_checked_ok
437
271
until this client is disabled
438
extended_timeout: extra long timeout when secret has been sent
439
272
runtime_expansions: Allowed attributes for runtime expansion.
440
expires: datetime.datetime(); time (UTC) when a client will be
441
disabled, or None
442
273
"""
443
274
444
runtime_expansions = ("approval_delay", "approval_duration",
445
"created", "enabled", "fingerprint",
446
"host", "interval", "last_checked_ok",
447
"last_enabled", "name", "timeout")
448
client_defaults = { "timeout": "5m",
449
"extended_timeout": "15m",
450
"interval": "2m",
451
"checker": "fping -q -- %%(host)s",
452
"host": "",
453
"approval_delay": "0s",
454
"approval_duration": "1s",
455
"approved_by_default": "True",
456
"enabled": "True",
457
}
275
runtime_expansions = (u"approval_delay", u"approval_duration",
276
u"created", u"enabled", u"fingerprint",
277
u"host", u"interval", u"last_checked_ok",
278
u"last_enabled", u"name", u"timeout")
279
280
@staticmethod
281
def _timedelta_to_milliseconds(td):
282
"Convert a datetime.timedelta() to milliseconds"
283
return ((td.days * 24 * 60 * 60 * 1000)
284
+ (td.seconds * 1000)
285
+ (td.microseconds // 1000))
458
286
459
287
def timeout_milliseconds(self):
460
288
"Return the 'timeout' attribute in milliseconds"
461
return timedelta_to_milliseconds(self.timeout)
462
463
def extended_timeout_milliseconds(self):
464
"Return the 'extended_timeout' attribute in milliseconds"
465
return timedelta_to_milliseconds(self.extended_timeout)
289
return self._timedelta_to_milliseconds(self.timeout)
466
290
467
291
def interval_milliseconds(self):
468
292
"Return the 'interval' attribute in milliseconds"
469
return timedelta_to_milliseconds(self.interval)
470
293
return self._timedelta_to_milliseconds(self.interval)
294
471
295
def approval_delay_milliseconds(self):
472
return timedelta_to_milliseconds(self.approval_delay)
473
474
@staticmethod
475
def config_parser(config):
476
"""Construct a new dict of client settings of this form:
477
{ client_name: {setting_name: value, ...}, ...}
478
with exceptions for any special settings as defined above.
479
NOTE: Must be a pure function. Must return the same result
480
value given the same arguments.
481
"""
482
settings = {}
483
for client_name in config.sections():
484
section = dict(config.items(client_name))
485
client = settings[client_name] = {}
486
487
client["host"] = section["host"]
488
# Reformat values from string types to Python types
489
client["approved_by_default"] = config.getboolean(
490
client_name, "approved_by_default")
491
client["enabled"] = config.getboolean(client_name,
492
"enabled")
493
494
client["fingerprint"] = (section["fingerprint"].upper()
495
.replace(" ", ""))
496
if "secret" in section:
497
client["secret"] = section["secret"].decode("base64")
498
elif "secfile" in section:
499
with open(os.path.expanduser(os.path.expandvars
500
(section["secfile"])),
501
"rb") as secfile:
502
client["secret"] = secfile.read()
503
else:
504
raise TypeError("No secret or secfile for section {0}"
505
.format(section))
506
client["timeout"] = string_to_delta(section["timeout"])
507
client["extended_timeout"] = string_to_delta(
508
section["extended_timeout"])
509
client["interval"] = string_to_delta(section["interval"])
510
client["approval_delay"] = string_to_delta(
511
section["approval_delay"])
512
client["approval_duration"] = string_to_delta(
513
section["approval_duration"])
514
client["checker_command"] = section["checker"]
515
client["last_approval_request"] = None
516
client["last_checked_ok"] = None
517
client["last_checker_status"] = -2
518
519
return settings
520
521
def __init__(self, settings, name = None):
296
return self._timedelta_to_milliseconds(self.approval_delay)
297
298
def __init__(self, name = None, disable_hook=None, config=None):
299
"""Note: the 'checker' key in 'config' sets the
300
'checker_command' attribute and *not* the 'checker'
301
attribute."""
522
302
self.name = name
523
# adding all client settings
524
for setting, value in settings.iteritems():
525
setattr(self, setting, value)
526
527
if self.enabled:
528
if not hasattr(self, "last_enabled"):
529
self.last_enabled = datetime.datetime.utcnow()
530
if not hasattr(self, "expires"):
531
self.expires = (datetime.datetime.utcnow()
532
+ self.timeout)
533
else:
534
self.last_enabled = None
535
self.expires = None
536
537
logger.debug("Creating client %r", self.name)
303
if config is None:
304
config = {}
305
logger.debug(u"Creating client %r", self.name)
538
306
# Uppercase and remove spaces from fingerprint for later
539
307
# comparison purposes with return value from the fingerprint()
540
308
# function
541
logger.debug(" Fingerprint: %s", self.fingerprint)
542
self.created = settings.get("created",
543
datetime.datetime.utcnow())
544
545
# attributes specific for this server instance
309
self.fingerprint = (config[u"fingerprint"].upper()
310
.replace(u" ", u""))
311
logger.debug(u" Fingerprint: %s", self.fingerprint)
312
if u"secret" in config:
313
self.secret = config[u"secret"].decode(u"base64")
314
elif u"secfile" in config:
315
with open(os.path.expanduser(os.path.expandvars
316
(config[u"secfile"])),
317
"rb") as secfile:
318
self.secret = secfile.read()
319
else:
320
raise TypeError(u"No secret or secfile for client %s"
321
% self.name)
322
self.host = config.get(u"host", u"")
323
self.created = datetime.datetime.utcnow()
324
self.enabled = False
325
self.last_approval_request = None
326
self.last_enabled = None
327
self.last_checked_ok = None
328
self.timeout = string_to_delta(config[u"timeout"])
329
self.interval = string_to_delta(config[u"interval"])
330
self.disable_hook = disable_hook
546
331
self.checker = None
547
332
self.checker_initiator_tag = None
548
333
self.disable_initiator_tag = None
549
334
self.checker_callback_tag = None
335
self.checker_command = config[u"checker"]
550
336
self.current_checker_command = None
551
self.approved = None
337
self.last_connect = None
338
self._approved = None
339
self.approved_by_default = config.get(u"approved_by_default",
340
True)
552
341
self.approvals_pending = 0
553
self.changedstate = (multiprocessing_manager
554
.Condition(multiprocessing_manager
555
.Lock()))
556
self.client_structure = [attr for attr in
557
self.__dict__.iterkeys()
558
if not attr.startswith("_")]
559
self.client_structure.append("client_structure")
560
561
for name, t in inspect.getmembers(type(self),
562
lambda obj:
563
isinstance(obj,
564
property)):
565
if not name.startswith("_"):
566
self.client_structure.append(name)
342
self.approval_delay = string_to_delta(
343
config[u"approval_delay"])
344
self.approval_duration = string_to_delta(
345
config[u"approval_duration"])
346
self.changedstate = multiprocessing_manager.Condition(multiprocessing_manager.Lock())
567
347
568
# Send notice to process children that client state has changed
569
348
def send_changedstate(self):
570
with self.changedstate:
571
self.changedstate.notify_all()
572
349
self.changedstate.acquire()
350
self.changedstate.notify_all()
351
self.changedstate.release()
352
573
353
def enable(self):
574
354
"""Start this client's checker and timeout hooks"""
575
if getattr(self, "enabled", False):
355
if getattr(self, u"enabled", False):
576
356
# Already enabled
577
357
return
578
self.expires = datetime.datetime.utcnow() + self.timeout
579
self.enabled = True
358
self.send_changedstate()
580
359
self.last_enabled = datetime.datetime.utcnow()
581
self.init_checker()
582
self.send_changedstate()
583
584
def disable(self, quiet=True):
585
"""Disable this client."""
586
if not getattr(self, "enabled", False):
587
return False
588
if not quiet:
589
logger.info("Disabling client %s", self.name)
590
if getattr(self, "disable_initiator_tag", None) is not None:
591
gobject.source_remove(self.disable_initiator_tag)
592
self.disable_initiator_tag = None
593
self.expires = None
594
if getattr(self, "checker_initiator_tag", None) is not None:
595
gobject.source_remove(self.checker_initiator_tag)
596
self.checker_initiator_tag = None
597
self.stop_checker()
598
self.enabled = False
599
if not quiet:
600
self.send_changedstate()
601
# Do not run this again if called by a gobject.timeout_add
602
return False
603
604
def __del__(self):
605
self.disable()
606
607
def init_checker(self):
608
360
# Schedule a new checker to be started an 'interval' from now,
609
361
# and every interval from then on.
610
if self.checker_initiator_tag is not None:
611
gobject.source_remove(self.checker_initiator_tag)
612
362
self.checker_initiator_tag = (gobject.timeout_add
613
363
(self.interval_milliseconds(),
614
364
self.start_checker))
615
365
# Schedule a disable() when 'timeout' has passed
616
if self.disable_initiator_tag is not None:
617
gobject.source_remove(self.disable_initiator_tag)
618
366
self.disable_initiator_tag = (gobject.timeout_add
619
367
(self.timeout_milliseconds(),
620
368
self.disable))
369
self.enabled = True
621
370
# Also start a new checker *right now*.
622
371
self.start_checker()
623
372
373
def disable(self, quiet=True):
374
"""Disable this client."""
375
if not getattr(self, "enabled", False):
376
return False
377
if not quiet:
378
self.send_changedstate()
379
if not quiet:
380
logger.info(u"Disabling client %s", self.name)
381
if getattr(self, u"disable_initiator_tag", False):
382
gobject.source_remove(self.disable_initiator_tag)
383
self.disable_initiator_tag = None
384
if getattr(self, u"checker_initiator_tag", False):
385
gobject.source_remove(self.checker_initiator_tag)
386
self.checker_initiator_tag = None
387
self.stop_checker()
388
if self.disable_hook:
389
self.disable_hook(self)
390
self.enabled = False
391
# Do not run this again if called by a gobject.timeout_add
392
return False
393
394
def __del__(self):
395
self.disable_hook = None
396
self.disable()
397
624
398
def checker_callback(self, pid, condition, command):
625
399
"""The checker has completed, so take appropriate actions."""
626
400
self.checker_callback_tag = None
627
401
self.checker = None
628
402
if os.WIFEXITED(condition):
629
self.last_checker_status = os.WEXITSTATUS(condition)
630
if self.last_checker_status == 0:
631
logger.info("Checker for %(name)s succeeded",
403
exitstatus = os.WEXITSTATUS(condition)
404
if exitstatus == 0:
405
logger.info(u"Checker for %(name)s succeeded",
632
406
vars(self))
633
407
self.checked_ok()
634
408
else:
635
logger.info("Checker for %(name)s failed",
409
logger.info(u"Checker for %(name)s failed",
636
410
vars(self))
637
411
else:
638
self.last_checker_status = -1
639
logger.warning("Checker for %(name)s crashed?",
412
logger.warning(u"Checker for %(name)s crashed?",
640
413
vars(self))
641
414
642
415
def checked_ok(self):
643
"""Assert that the client has been seen, alive and well."""
416
"""Bump up the timeout for this client.
417
418
This should only be called when the client has been seen,
419
alive and well.
420
"""
644
421
self.last_checked_ok = datetime.datetime.utcnow()
645
self.last_checker_status = 0
646
self.bump_timeout()
647
648
def bump_timeout(self, timeout=None):
649
"""Bump up the timeout for this client."""
650
if timeout is None:
651
timeout = self.timeout
652
if self.disable_initiator_tag is not None:
653
gobject.source_remove(self.disable_initiator_tag)
654
self.disable_initiator_tag = None
655
if getattr(self, "enabled", False):
656
self.disable_initiator_tag = (gobject.timeout_add
657
(timedelta_to_milliseconds
658
(timeout), self.disable))
659
self.expires = datetime.datetime.utcnow() + timeout
422
gobject.source_remove(self.disable_initiator_tag)
423
self.disable_initiator_tag = (gobject.timeout_add
424
(self.timeout_milliseconds(),
425
self.disable))
660
426
661
427
def need_approval(self):
662
428
self.last_approval_request = datetime.datetime.utcnow()
667
433
If a checker already exists, leave it running and do
668
434
nothing."""
669
435
# The reason for not killing a running checker is that if we
670
# did that, and if a checker (for some reason) started running
671
# slowly and taking more than 'interval' time, then the client
672
# would inevitably timeout, since no checker would get a
673
# chance to run to completion. If we instead leave running
436
# did that, then if a checker (for some reason) started
437
# running slowly and taking more than 'interval' time, the
438
# client would inevitably timeout, since no checker would get
439
# a chance to run to completion. If we instead leave running
674
440
# checkers alone, the checker would have to take more time
675
441
# than 'timeout' for the client to be disabled, which is as it
676
442
# should be.
678
444
# If a checker exists, make sure it is not a zombie
679
445
try:
680
446
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
681
except (AttributeError, OSError) as error:
447
except (AttributeError, OSError), error:
682
448
if (isinstance(error, OSError)
683
449
and error.errno != errno.ECHILD):
684
450
raise error
685
451
else:
686
452
if pid:
687
logger.warning("Checker was a zombie")
453
logger.warning(u"Checker was a zombie")
688
454
gobject.source_remove(self.checker_callback_tag)
689
455
self.checker_callback(pid, status,
690
456
self.current_checker_command)
697
463
# Escape attributes for the shell
698
464
escaped_attrs = dict(
699
465
(attr,
700
re.escape(unicode(str(getattr(self, attr, "")),
466
re.escape(unicode(str(getattr(self, attr, u"")),
701
467
errors=
702
'replace')))
468
u'replace')))
703
469
for attr in
704
470
self.runtime_expansions)
705
471
706
472
try:
707
473
command = self.checker_command % escaped_attrs
708
except TypeError as error:
709
logger.error('Could not format string "%s"',
710
self.checker_command, exc_info=error)
474
except TypeError, error:
475
logger.error(u'Could not format string "%s":'
476
u' %s', self.checker_command, error)
711
477
return True # Try again later
712
478
self.current_checker_command = command
713
479
try:
714
logger.info("Starting checker %r for %s",
480
logger.info(u"Starting checker %r for %s",
715
481
command, self.name)
716
482
# We don't need to redirect stdout and stderr, since
717
483
# in normal mode, that is already done by daemon(),
719
485
# always replaced by /dev/null.)
720
486
self.checker = subprocess.Popen(command,
721
487
close_fds=True,
722
shell=True, cwd="/")
488
shell=True, cwd=u"/")
723
489
self.checker_callback_tag = (gobject.child_watch_add
724
490
(self.checker.pid,
725
491
self.checker_callback,
730
496
if pid:
731
497
gobject.source_remove(self.checker_callback_tag)
732
498
self.checker_callback(pid, status, command)
733
except OSError as error:
734
logger.error("Failed to start subprocess",
735
exc_info=error)
499
except OSError, error:
500
logger.error(u"Failed to start subprocess: %s",
501
error)
736
502
# Re-run this periodically if run by gobject.timeout_add
737
503
return True
738
504
741
507
if self.checker_callback_tag:
742
508
gobject.source_remove(self.checker_callback_tag)
743
509
self.checker_callback_tag = None
744
if getattr(self, "checker", None) is None:
510
if getattr(self, u"checker", None) is None:
745
511
return
746
logger.debug("Stopping checker for %(name)s", vars(self))
512
logger.debug(u"Stopping checker for %(name)s", vars(self))
747
513
try:
748
self.checker.terminate()
514
os.kill(self.checker.pid, signal.SIGTERM)
749
515
#time.sleep(0.5)
750
516
#if self.checker.poll() is None:
751
# self.checker.kill()
752
except OSError as error:
517
# os.kill(self.checker.pid, signal.SIGKILL)
518
except OSError, error:
753
519
if error.errno != errno.ESRCH: # No such process
754
520
raise
755
521
self.checker = None
756
522
757
758
def dbus_service_property(dbus_interface, signature="v",
759
access="readwrite", byte_arrays=False):
523
def dbus_service_property(dbus_interface, signature=u"v",
524
access=u"readwrite", byte_arrays=False):
760
525
"""Decorators for marking methods of a DBusObjectWithProperties to
761
526
become properties on the D-Bus.
762
527
769
534
"""
770
535
# Encoding deeply encoded byte arrays is not supported yet by the
771
536
# "Set" method, so we fail early here:
772
if byte_arrays and signature != "ay":
773
raise ValueError("Byte arrays not supported for non-'ay'"
774
" signature {0!r}".format(signature))
537
if byte_arrays and signature != u"ay":
538
raise ValueError(u"Byte arrays not supported for non-'ay'"
539
u" signature %r" % signature)
775
540
def decorator(func):
776
541
func._dbus_is_property = True
777
542
func._dbus_interface = dbus_interface
778
543
func._dbus_signature = signature
779
544
func._dbus_access = access
780
545
func._dbus_name = func.__name__
781
if func._dbus_name.endswith("_dbus_property"):
546
if func._dbus_name.endswith(u"_dbus_property"):
782
547
func._dbus_name = func._dbus_name[:-14]
783
func._dbus_get_args_options = {'byte_arrays': byte_arrays }
784
return func
785
return decorator
786
787
788
def dbus_interface_annotations(dbus_interface):
789
"""Decorator for marking functions returning interface annotations
790
791
Usage:
792
793
@dbus_interface_annotations("org.example.Interface")
794
def _foo(self): # Function name does not matter
795
return {"org.freedesktop.DBus.Deprecated": "true",
796
"org.freedesktop.DBus.Property.EmitsChangedSignal":
797
"false"}
798
"""
799
def decorator(func):
800
func._dbus_is_interface = True
801
func._dbus_interface = dbus_interface
802
func._dbus_name = dbus_interface
803
return func
804
return decorator
805
806
807
def dbus_annotations(annotations):
808
"""Decorator to annotate D-Bus methods, signals or properties
809
Usage:
810
811
@dbus_service_property("org.example.Interface", signature="b",
812
access="r")
813
@dbus_annotations({{"org.freedesktop.DBus.Deprecated": "true",
814
"org.freedesktop.DBus.Property."
815
"EmitsChangedSignal": "false"})
816
def Property_dbus_property(self):
817
return dbus.Boolean(False)
818
"""
819
def decorator(func):
820
func._dbus_annotations = annotations
548
func._dbus_get_args_options = {u'byte_arrays': byte_arrays }
821
549
return func
822
550
return decorator
823
551
843
571
844
572
class DBusObjectWithProperties(dbus.service.Object):
845
573
"""A D-Bus object with properties.
846
574
847
575
Classes inheriting from this can use the dbus_service_property
848
576
decorator to expose methods as D-Bus properties. It exposes the
849
577
standard Get(), Set(), and GetAll() methods on the D-Bus.
850
578
"""
851
579
852
580
@staticmethod
853
def _is_dbus_thing(thing):
854
"""Returns a function testing if an attribute is a D-Bus thing
855
856
If called like _is_dbus_thing("method") it returns a function
857
suitable for use as predicate to inspect.getmembers().
858
"""
859
return lambda obj: getattr(obj, "_dbus_is_{0}".format(thing),
860
False)
581
def _is_dbus_property(obj):
582
return getattr(obj, u"_dbus_is_property", False)
861
583
862
def _get_all_dbus_things(self, thing):
584
def _get_all_dbus_properties(self):
863
585
"""Returns a generator of (name, attribute) pairs
864
586
"""
865
return ((getattr(athing.__get__(self), "_dbus_name",
866
name),
867
athing.__get__(self))
868
for cls in self.__class__.__mro__
869
for name, athing in
870
inspect.getmembers(cls,
871
self._is_dbus_thing(thing)))
587
return ((prop._dbus_name, prop)
588
for name, prop in
589
inspect.getmembers(self, self._is_dbus_property))
872
590
873
591
def _get_dbus_property(self, interface_name, property_name):
874
592
"""Returns a bound method if one exists which is a D-Bus
875
593
property with the specified name and interface.
876
594
"""
877
for cls in self.__class__.__mro__:
878
for name, value in (inspect.getmembers
879
(cls,
880
self._is_dbus_thing("property"))):
881
if (value._dbus_name == property_name
882
and value._dbus_interface == interface_name):
883
return value.__get__(self)
884
595
for name in (property_name,
596
property_name + u"_dbus_property"):
597
prop = getattr(self, name, None)
598
if (prop is None
599
or not self._is_dbus_property(prop)
600
or prop._dbus_name != property_name
601
or (interface_name and prop._dbus_interface
602
and interface_name != prop._dbus_interface)):
603
continue
604
return prop
885
605
# No such property
886
raise DBusPropertyNotFound(self.dbus_object_path + ":"
887
+ interface_name + "."
606
raise DBusPropertyNotFound(self.dbus_object_path + u":"
607
+ interface_name + u"."
888
608
+ property_name)
889
609
890
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
891
out_signature="v")
610
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"ss",
611
out_signature=u"v")
892
612
def Get(self, interface_name, property_name):
893
613
"""Standard D-Bus property Get() method, see D-Bus standard.
894
614
"""
895
615
prop = self._get_dbus_property(interface_name, property_name)
896
if prop._dbus_access == "write":
616
if prop._dbus_access == u"write":
897
617
raise DBusPropertyAccessException(property_name)
898
618
value = prop()
899
if not hasattr(value, "variant_level"):
619
if not hasattr(value, u"variant_level"):
900
620
return value
901
621
return type(value)(value, variant_level=value.variant_level+1)
902
622
903
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ssv")
623
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"ssv")
904
624
def Set(self, interface_name, property_name, value):
905
625
"""Standard D-Bus property Set() method, see D-Bus standard.
906
626
"""
907
627
prop = self._get_dbus_property(interface_name, property_name)
908
if prop._dbus_access == "read":
628
if prop._dbus_access == u"read":
909
629
raise DBusPropertyAccessException(property_name)
910
if prop._dbus_get_args_options["byte_arrays"]:
630
if prop._dbus_get_args_options[u"byte_arrays"]:
911
631
# The byte_arrays option is not supported yet on
912
632
# signatures other than "ay".
913
if prop._dbus_signature != "ay":
633
if prop._dbus_signature != u"ay":
914
634
raise ValueError
915
value = dbus.ByteArray(b''.join(chr(byte)
916
for byte in value))
635
value = dbus.ByteArray(''.join(unichr(byte)
636
for byte in value))
917
637
prop(value)
918
638
919
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
920
out_signature="a{sv}")
639
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"s",
640
out_signature=u"a{sv}")
921
641
def GetAll(self, interface_name):
922
642
"""Standard D-Bus property GetAll() method, see D-Bus
923
643
standard.
924
644
925
645
Note: Will not include properties with access="write".
926
646
"""
927
properties = {}
928
for name, prop in self._get_all_dbus_things("property"):
647
all = {}
648
for name, prop in self._get_all_dbus_properties():
929
649
if (interface_name
930
650
and interface_name != prop._dbus_interface):
931
651
# Interface non-empty but did not match
932
652
continue
933
653
# Ignore write-only properties
934
if prop._dbus_access == "write":
654
if prop._dbus_access == u"write":
935
655
continue
936
656
value = prop()
937
if not hasattr(value, "variant_level"):
938
properties[name] = value
657
if not hasattr(value, u"variant_level"):
658
all[name] = value
939
659
continue
940
properties[name] = type(value)(value, variant_level=
941
value.variant_level+1)
942
return dbus.Dictionary(properties, signature="sv")
660
all[name] = type(value)(value, variant_level=
661
value.variant_level+1)
662
return dbus.Dictionary(all, signature=u"sv")
943
663
944
664
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
945
out_signature="s",
665
out_signature=u"s",
946
666
path_keyword='object_path',
947
667
connection_keyword='connection')
948
668
def Introspect(self, object_path, connection):
949
"""Overloading of standard D-Bus method.
950
951
Inserts property tags and interface annotation tags.
669
"""Standard D-Bus method, overloaded to insert property tags.
952
670
"""
953
671
xmlstring = dbus.service.Object.Introspect(self, object_path,
954
672
connection)
955
673
try:
956
674
document = xml.dom.minidom.parseString(xmlstring)
957
675
def make_tag(document, name, prop):
958
e = document.createElement("property")
959
e.setAttribute("name", name)
960
e.setAttribute("type", prop._dbus_signature)
961
e.setAttribute("access", prop._dbus_access)
676
e = document.createElement(u"property")
677
e.setAttribute(u"name", name)
678
e.setAttribute(u"type", prop._dbus_signature)
679
e.setAttribute(u"access", prop._dbus_access)
962
680
return e
963
for if_tag in document.getElementsByTagName("interface"):
964
# Add property tags
681
for if_tag in document.getElementsByTagName(u"interface"):
965
682
for tag in (make_tag(document, name, prop)
966
683
for name, prop
967
in self._get_all_dbus_things("property")
684
in self._get_all_dbus_properties()
968
685
if prop._dbus_interface
969
== if_tag.getAttribute("name")):
686
== if_tag.getAttribute(u"name")):
970
687
if_tag.appendChild(tag)
971
# Add annotation tags
972
for typ in ("method", "signal", "property"):
973
for tag in if_tag.getElementsByTagName(typ):
974
annots = dict()
975
for name, prop in (self.
976
_get_all_dbus_things(typ)):
977
if (name == tag.getAttribute("name")
978
and prop._dbus_interface
979
== if_tag.getAttribute("name")):
980
annots.update(getattr
981
(prop,
982
"_dbus_annotations",
983
{}))
984
for name, value in annots.iteritems():
985
ann_tag = document.createElement(
986
"annotation")
987
ann_tag.setAttribute("name", name)
988
ann_tag.setAttribute("value", value)
989
tag.appendChild(ann_tag)
990
# Add interface annotation tags
991
for annotation, value in dict(
992
itertools.chain.from_iterable(
993
annotations().iteritems()
994
for name, annotations in
995
self._get_all_dbus_things("interface")
996
if name == if_tag.getAttribute("name")
997
)).iteritems():
998
ann_tag = document.createElement("annotation")
999
ann_tag.setAttribute("name", annotation)
1000
ann_tag.setAttribute("value", value)
1001
if_tag.appendChild(ann_tag)
1002
688
# Add the names to the return values for the
1003
689
# "org.freedesktop.DBus.Properties" methods
1004
if (if_tag.getAttribute("name")
1005
== "org.freedesktop.DBus.Properties"):
1006
for cn in if_tag.getElementsByTagName("method"):
1007
if cn.getAttribute("name") == "Get":
1008
for arg in cn.getElementsByTagName("arg"):
1009
if (arg.getAttribute("direction")
1010
== "out"):
1011
arg.setAttribute("name", "value")
1012
elif cn.getAttribute("name") == "GetAll":
1013
for arg in cn.getElementsByTagName("arg"):
1014
if (arg.getAttribute("direction")
1015
== "out"):
1016
arg.setAttribute("name", "props")
1017
xmlstring = document.toxml("utf-8")
690
if (if_tag.getAttribute(u"name")
691
== u"org.freedesktop.DBus.Properties"):
692
for cn in if_tag.getElementsByTagName(u"method"):
693
if cn.getAttribute(u"name") == u"Get":
694
for arg in cn.getElementsByTagName(u"arg"):
695
if (arg.getAttribute(u"direction")
696
== u"out"):
697
arg.setAttribute(u"name", u"value")
698
elif cn.getAttribute(u"name") == u"GetAll":
699
for arg in cn.getElementsByTagName(u"arg"):
700
if (arg.getAttribute(u"direction")
701
== u"out"):
702
arg.setAttribute(u"name", u"props")
703
xmlstring = document.toxml(u"utf-8")
1018
704
document.unlink()
1019
705
except (AttributeError, xml.dom.DOMException,
1020
xml.parsers.expat.ExpatError) as error:
1021
logger.error("Failed to override Introspection method",
1022
exc_info=error)
706
xml.parsers.expat.ExpatError), error:
707
logger.error(u"Failed to override Introspection method",
708
error)
1023
709
return xmlstring
1024
710
1025
711
1026
def datetime_to_dbus (dt, variant_level=0):
1027
"""Convert a UTC datetime.datetime() to a D-Bus type."""
1028
if dt is None:
1029
return dbus.String("", variant_level = variant_level)
1030
return dbus.String(dt.isoformat(),
1031
variant_level=variant_level)
1032
1033
1034
def alternate_dbus_interfaces(alt_interface_names, deprecate=True):
1035
"""A class decorator; applied to a subclass of
1036
dbus.service.Object, it will add alternate D-Bus attributes with
1037
interface names according to the "alt_interface_names" mapping.
1038
Usage:
1039
1040
@alternate_dbus_names({"org.example.Interface":
1041
"net.example.AlternateInterface"})
1042
class SampleDBusObject(dbus.service.Object):
1043
@dbus.service.method("org.example.Interface")
1044
def SampleDBusMethod():
1045
pass
1046
1047
The above "SampleDBusMethod" on "SampleDBusObject" will be
1048
reachable via two interfaces: "org.example.Interface" and
1049
"net.example.AlternateInterface", the latter of which will have
1050
its D-Bus annotation "org.freedesktop.DBus.Deprecated" set to
1051
"true", unless "deprecate" is passed with a False value.
1052
1053
This works for methods and signals, and also for D-Bus properties
1054
(from DBusObjectWithProperties) and interfaces (from the
1055
dbus_interface_annotations decorator).
1056
"""
1057
def wrapper(cls):
1058
for orig_interface_name, alt_interface_name in (
1059
alt_interface_names.iteritems()):
1060
attr = {}
1061
interface_names = set()
1062
# Go though all attributes of the class
1063
for attrname, attribute in inspect.getmembers(cls):
1064
# Ignore non-D-Bus attributes, and D-Bus attributes
1065
# with the wrong interface name
1066
if (not hasattr(attribute, "_dbus_interface")
1067
or not attribute._dbus_interface
1068
.startswith(orig_interface_name)):
1069
continue
1070
# Create an alternate D-Bus interface name based on
1071
# the current name
1072
alt_interface = (attribute._dbus_interface
1073
.replace(orig_interface_name,
1074
alt_interface_name))
1075
interface_names.add(alt_interface)
1076
# Is this a D-Bus signal?
1077
if getattr(attribute, "_dbus_is_signal", False):
1078
# Extract the original non-method function by
1079
# black magic
1080
nonmethod_func = (dict(
1081
zip(attribute.func_code.co_freevars,
1082
attribute.__closure__))["func"]
1083
.cell_contents)
1084
# Create a new, but exactly alike, function
1085
# object, and decorate it to be a new D-Bus signal
1086
# with the alternate D-Bus interface name
1087
new_function = (dbus.service.signal
1088
(alt_interface,
1089
attribute._dbus_signature)
1090
(types.FunctionType(
1091
nonmethod_func.func_code,
1092
nonmethod_func.func_globals,
1093
nonmethod_func.func_name,
1094
nonmethod_func.func_defaults,
1095
nonmethod_func.func_closure)))
1096
# Copy annotations, if any
1097
try:
1098
new_function._dbus_annotations = (
1099
dict(attribute._dbus_annotations))
1100
except AttributeError:
1101
pass
1102
# Define a creator of a function to call both the
1103
# original and alternate functions, so both the
1104
# original and alternate signals gets sent when
1105
# the function is called
1106
def fixscope(func1, func2):
1107
"""This function is a scope container to pass
1108
func1 and func2 to the "call_both" function
1109
outside of its arguments"""
1110
def call_both(*args, **kwargs):
1111
"""This function will emit two D-Bus
1112
signals by calling func1 and func2"""
1113
func1(*args, **kwargs)
1114
func2(*args, **kwargs)
1115
return call_both
1116
# Create the "call_both" function and add it to
1117
# the class
1118
attr[attrname] = fixscope(attribute, new_function)
1119
# Is this a D-Bus method?
1120
elif getattr(attribute, "_dbus_is_method", False):
1121
# Create a new, but exactly alike, function
1122
# object. Decorate it to be a new D-Bus method
1123
# with the alternate D-Bus interface name. Add it
1124
# to the class.
1125
attr[attrname] = (dbus.service.method
1126
(alt_interface,
1127
attribute._dbus_in_signature,
1128
attribute._dbus_out_signature)
1129
(types.FunctionType
1130
(attribute.func_code,
1131
attribute.func_globals,
1132
attribute.func_name,
1133
attribute.func_defaults,
1134
attribute.func_closure)))
1135
# Copy annotations, if any
1136
try:
1137
attr[attrname]._dbus_annotations = (
1138
dict(attribute._dbus_annotations))
1139
except AttributeError:
1140
pass
1141
# Is this a D-Bus property?
1142
elif getattr(attribute, "_dbus_is_property", False):
1143
# Create a new, but exactly alike, function
1144
# object, and decorate it to be a new D-Bus
1145
# property with the alternate D-Bus interface
1146
# name. Add it to the class.
1147
attr[attrname] = (dbus_service_property
1148
(alt_interface,
1149
attribute._dbus_signature,
1150
attribute._dbus_access,
1151
attribute
1152
._dbus_get_args_options
1153
["byte_arrays"])
1154
(types.FunctionType
1155
(attribute.func_code,
1156
attribute.func_globals,
1157
attribute.func_name,
1158
attribute.func_defaults,
1159
attribute.func_closure)))
1160
# Copy annotations, if any
1161
try:
1162
attr[attrname]._dbus_annotations = (
1163
dict(attribute._dbus_annotations))
1164
except AttributeError:
1165
pass
1166
# Is this a D-Bus interface?
1167
elif getattr(attribute, "_dbus_is_interface", False):
1168
# Create a new, but exactly alike, function
1169
# object. Decorate it to be a new D-Bus interface
1170
# with the alternate D-Bus interface name. Add it
1171
# to the class.
1172
attr[attrname] = (dbus_interface_annotations
1173
(alt_interface)
1174
(types.FunctionType
1175
(attribute.func_code,
1176
attribute.func_globals,
1177
attribute.func_name,
1178
attribute.func_defaults,
1179
attribute.func_closure)))
1180
if deprecate:
1181
# Deprecate all alternate interfaces
1182
iname="_AlternateDBusNames_interface_annotation{0}"
1183
for interface_name in interface_names:
1184
@dbus_interface_annotations(interface_name)
1185
def func(self):
1186
return { "org.freedesktop.DBus.Deprecated":
1187
"true" }
1188
# Find an unused name
1189
for aname in (iname.format(i)
1190
for i in itertools.count()):
1191
if aname not in attr:
1192
attr[aname] = func
1193
break
1194
if interface_names:
1195
# Replace the class with a new subclass of it with
1196
# methods, signals, etc. as created above.
1197
cls = type(b"{0}Alternate".format(cls.__name__),
1198
(cls,), attr)
1199
return cls
1200
return wrapper
1201
1202
1203
@alternate_dbus_interfaces({"se.recompile.Mandos":
1204
"se.bsnet.fukt.Mandos"})
1205
712
class ClientDBus(Client, DBusObjectWithProperties):
1206
713
"""A Client class using D-Bus
1207
714
1211
718
"""
1212
719
1213
720
runtime_expansions = (Client.runtime_expansions
1214
+ ("dbus_object_path",))
721
+ (u"dbus_object_path",))
1215
722
1216
723
# dbus.service.Object doesn't use super(), so we can't either.
1217
724
1218
725
def __init__(self, bus = None, *args, **kwargs):
726
self._approvals_pending = 0
1219
727
self.bus = bus
1220
728
Client.__init__(self, *args, **kwargs)
1221
729
# Only now, when this client is initialized, can it show up on
1222
730
# the D-Bus
1223
731
client_object_name = unicode(self.name).translate(
1224
{ord("."): ord("_"),
1225
ord("-"): ord("_")})
732
{ord(u"."): ord(u"_"),
733
ord(u"-"): ord(u"_")})
1226
734
self.dbus_object_path = (dbus.ObjectPath
1227
("/clients/" + client_object_name))
735
(u"/clients/" + client_object_name))
1228
736
DBusObjectWithProperties.__init__(self, self.bus,
1229
737
self.dbus_object_path)
1230
1231
def notifychangeproperty(transform_func,
1232
dbus_name, type_func=lambda x: x,
1233
variant_level=1):
1234
""" Modify a variable so that it's a property which announces
1235
its changes to DBus.
1236
1237
transform_fun: Function that takes a value and a variant_level
1238
and transforms it to a D-Bus type.
1239
dbus_name: D-Bus name of the variable
1240
type_func: Function that transform the value before sending it
1241
to the D-Bus. Default: no transform
1242
variant_level: D-Bus variant level. Default: 1
1243
"""
1244
attrname = "_{0}".format(dbus_name)
1245
def setter(self, value):
1246
if hasattr(self, "dbus_object_path"):
1247
if (not hasattr(self, attrname) or
1248
type_func(getattr(self, attrname, None))
1249
!= type_func(value)):
1250
dbus_value = transform_func(type_func(value),
1251
variant_level
1252
=variant_level)
1253
self.PropertyChanged(dbus.String(dbus_name),
1254
dbus_value)
1255
setattr(self, attrname, value)
1256
1257
return property(lambda self: getattr(self, attrname), setter)
1258
1259
expires = notifychangeproperty(datetime_to_dbus, "Expires")
1260
approvals_pending = notifychangeproperty(dbus.Boolean,
1261
"ApprovalPending",
1262
type_func = bool)
1263
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
1264
last_enabled = notifychangeproperty(datetime_to_dbus,
1265
"LastEnabled")
1266
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
1267
type_func = lambda checker:
1268
checker is not None)
1269
last_checked_ok = notifychangeproperty(datetime_to_dbus,
1270
"LastCheckedOK")
1271
last_checker_status = notifychangeproperty(dbus.Int16,
1272
"LastCheckerStatus")
1273
last_approval_request = notifychangeproperty(
1274
datetime_to_dbus, "LastApprovalRequest")
1275
approved_by_default = notifychangeproperty(dbus.Boolean,
1276
"ApprovedByDefault")
1277
approval_delay = notifychangeproperty(dbus.UInt64,
1278
"ApprovalDelay",
1279
type_func =
1280
timedelta_to_milliseconds)
1281
approval_duration = notifychangeproperty(
1282
dbus.UInt64, "ApprovalDuration",
1283
type_func = timedelta_to_milliseconds)
1284
host = notifychangeproperty(dbus.String, "Host")
1285
timeout = notifychangeproperty(dbus.UInt64, "Timeout",
1286
type_func =
1287
timedelta_to_milliseconds)
1288
extended_timeout = notifychangeproperty(
1289
dbus.UInt64, "ExtendedTimeout",
1290
type_func = timedelta_to_milliseconds)
1291
interval = notifychangeproperty(dbus.UInt64,
1292
"Interval",
1293
type_func =
1294
timedelta_to_milliseconds)
1295
checker_command = notifychangeproperty(dbus.String, "Checker")
1296
1297
del notifychangeproperty
738
739
def _get_approvals_pending(self):
740
return self._approvals_pending
741
def _set_approvals_pending(self, value):
742
old_value = self._approvals_pending
743
self._approvals_pending = value
744
bval = bool(value)
745
if (hasattr(self, "dbus_object_path")
746
and bval is not bool(old_value)):
747
dbus_bool = dbus.Boolean(bval, variant_level=1)
748
self.PropertyChanged(dbus.String(u"ApprovalPending"),
749
dbus_bool)
750
751
approvals_pending = property(_get_approvals_pending,
752
_set_approvals_pending)
753
del _get_approvals_pending, _set_approvals_pending
754
755
@staticmethod
756
def _datetime_to_dbus(dt, variant_level=0):
757
"""Convert a UTC datetime.datetime() to a D-Bus type."""
758
return dbus.String(dt.isoformat(),
759
variant_level=variant_level)
760
761
def enable(self):
762
oldstate = getattr(self, u"enabled", False)
763
r = Client.enable(self)
764
if oldstate != self.enabled:
765
# Emit D-Bus signals
766
self.PropertyChanged(dbus.String(u"Enabled"),
767
dbus.Boolean(True, variant_level=1))
768
self.PropertyChanged(
769
dbus.String(u"LastEnabled"),
770
self._datetime_to_dbus(self.last_enabled,
771
variant_level=1))
772
return r
773
774
def disable(self, quiet = False):
775
oldstate = getattr(self, u"enabled", False)
776
r = Client.disable(self, quiet=quiet)
777
if not quiet and oldstate != self.enabled:
778
# Emit D-Bus signal
779
self.PropertyChanged(dbus.String(u"Enabled"),
780
dbus.Boolean(False, variant_level=1))
781
return r
1298
782
1299
783
def __del__(self, *args, **kwargs):
1300
784
try:
1301
785
self.remove_from_connection()
1302
786
except LookupError:
1303
787
pass
1304
if hasattr(DBusObjectWithProperties, "__del__"):
788
if hasattr(DBusObjectWithProperties, u"__del__"):
1305
789
DBusObjectWithProperties.__del__(self, *args, **kwargs)
1306
790
Client.__del__(self, *args, **kwargs)
1307
791
1309
793
*args, **kwargs):
1310
794
self.checker_callback_tag = None
1311
795
self.checker = None
796
# Emit D-Bus signal
797
self.PropertyChanged(dbus.String(u"CheckerRunning"),
798
dbus.Boolean(False, variant_level=1))
1312
799
if os.WIFEXITED(condition):
1313
800
exitstatus = os.WEXITSTATUS(condition)
1314
801
# Emit D-Bus signal
1324
811
return Client.checker_callback(self, pid, condition, command,
1325
812
*args, **kwargs)
1326
813
814
def checked_ok(self, *args, **kwargs):
815
r = Client.checked_ok(self, *args, **kwargs)
816
# Emit D-Bus signal
817
self.PropertyChanged(
818
dbus.String(u"LastCheckedOK"),
819
(self._datetime_to_dbus(self.last_checked_ok,
820
variant_level=1)))
821
return r
822
823
def need_approval(self, *args, **kwargs):
824
r = Client.need_approval(self, *args, **kwargs)
825
# Emit D-Bus signal
826
self.PropertyChanged(
827
dbus.String(u"LastApprovalRequest"),
828
(self._datetime_to_dbus(self.last_approval_request,
829
variant_level=1)))
830
return r
831
1327
832
def start_checker(self, *args, **kwargs):
1328
833
old_checker = self.checker
1329
834
if self.checker is not None:
1336
841
and old_checker_pid != self.checker.pid):
1337
842
# Emit D-Bus signal
1338
843
self.CheckerStarted(self.current_checker_command)
844
self.PropertyChanged(
845
dbus.String(u"CheckerRunning"),
846
dbus.Boolean(True, variant_level=1))
1339
847
return r
1340
848
849
def stop_checker(self, *args, **kwargs):
850
old_checker = getattr(self, u"checker", None)
851
r = Client.stop_checker(self, *args, **kwargs)
852
if (old_checker is not None
853
and getattr(self, u"checker", None) is None):
854
self.PropertyChanged(dbus.String(u"CheckerRunning"),
855
dbus.Boolean(False, variant_level=1))
856
return r
857
1341
858
def _reset_approved(self):
1342
self.approved = None
859
self._approved = None
1343
860
return False
1344
861
1345
862
def approve(self, value=True):
1346
self.approved = value
1347
gobject.timeout_add(timedelta_to_milliseconds
863
self.send_changedstate()
864
self._approved = value
865
gobject.timeout_add(self._timedelta_to_milliseconds
1348
866
(self.approval_duration),
1349
867
self._reset_approved)
1350
self.send_changedstate()
868
1351
869
1352
870
## D-Bus methods, signals & properties
1353
_interface = "se.recompile.Mandos.Client"
1354
1355
## Interfaces
1356
1357
@dbus_interface_annotations(_interface)
1358
def _foo(self):
1359
return { "org.freedesktop.DBus.Property.EmitsChangedSignal":
1360
"false"}
871
_interface = u"se.bsnet.fukt.Mandos.Client"
1361
872
1362
873
## Signals
1363
874
1364
875
# CheckerCompleted - signal
1365
@dbus.service.signal(_interface, signature="nxs")
876
@dbus.service.signal(_interface, signature=u"nxs")
1366
877
def CheckerCompleted(self, exitcode, waitstatus, command):
1367
878
"D-Bus signal"
1368
879
pass
1369
880
1370
881
# CheckerStarted - signal
1371
@dbus.service.signal(_interface, signature="s")
882
@dbus.service.signal(_interface, signature=u"s")
1372
883
def CheckerStarted(self, command):
1373
884
"D-Bus signal"
1374
885
pass
1375
886
1376
887
# PropertyChanged - signal
1377
@dbus.service.signal(_interface, signature="sv")
888
@dbus.service.signal(_interface, signature=u"sv")
1378
889
def PropertyChanged(self, property, value):
1379
890
"D-Bus signal"
1380
891
pass
1389
900
pass
1390
901
1391
902
# Rejected - signal
1392
@dbus.service.signal(_interface, signature="s")
903
@dbus.service.signal(_interface, signature=u"s")
1393
904
def Rejected(self, reason):
1394
905
"D-Bus signal"
1395
906
pass
1396
907
1397
908
# NeedApproval - signal
1398
@dbus.service.signal(_interface, signature="tb")
909
@dbus.service.signal(_interface, signature=u"tb")
1399
910
def NeedApproval(self, timeout, default):
1400
911
"D-Bus signal"
1401
912
return self.need_approval()
1403
914
## Methods
1404
915
1405
916
# Approve - method
1406
@dbus.service.method(_interface, in_signature="b")
917
@dbus.service.method(_interface, in_signature=u"b")
1407
918
def Approve(self, value):
1408
919
self.approve(value)
1409
920
1410
921
# CheckedOK - method
1411
922
@dbus.service.method(_interface)
1412
923
def CheckedOK(self):
1413
self.checked_ok()
924
return self.checked_ok()
1414
925
1415
926
# Enable - method
1416
927
@dbus.service.method(_interface)
1438
949
## Properties
1439
950
1440
951
# ApprovalPending - property
1441
@dbus_service_property(_interface, signature="b", access="read")
952
@dbus_service_property(_interface, signature=u"b", access=u"read")
1442
953
def ApprovalPending_dbus_property(self):
1443
954
return dbus.Boolean(bool(self.approvals_pending))
1444
955
1445
956
# ApprovedByDefault - property
1446
@dbus_service_property(_interface, signature="b",
1447
access="readwrite")
957
@dbus_service_property(_interface, signature=u"b",
958
access=u"readwrite")
1448
959
def ApprovedByDefault_dbus_property(self, value=None):
1449
960
if value is None: # get
1450
961
return dbus.Boolean(self.approved_by_default)
1451
962
self.approved_by_default = bool(value)
963
# Emit D-Bus signal
964
self.PropertyChanged(dbus.String(u"ApprovedByDefault"),
965
dbus.Boolean(value, variant_level=1))
1452
966
1453
967
# ApprovalDelay - property
1454
@dbus_service_property(_interface, signature="t",
1455
access="readwrite")
968
@dbus_service_property(_interface, signature=u"t",
969
access=u"readwrite")
1456
970
def ApprovalDelay_dbus_property(self, value=None):
1457
971
if value is None: # get
1458
972
return dbus.UInt64(self.approval_delay_milliseconds())
1459
973
self.approval_delay = datetime.timedelta(0, 0, 0, value)
974
# Emit D-Bus signal
975
self.PropertyChanged(dbus.String(u"ApprovalDelay"),
976
dbus.UInt64(value, variant_level=1))
1460
977
1461
978
# ApprovalDuration - property
1462
@dbus_service_property(_interface, signature="t",
1463
access="readwrite")
979
@dbus_service_property(_interface, signature=u"t",
980
access=u"readwrite")
1464
981
def ApprovalDuration_dbus_property(self, value=None):
1465
982
if value is None: # get
1466
return dbus.UInt64(timedelta_to_milliseconds(
983
return dbus.UInt64(self._timedelta_to_milliseconds(
1467
984
self.approval_duration))
1468
985
self.approval_duration = datetime.timedelta(0, 0, 0, value)
986
# Emit D-Bus signal
987
self.PropertyChanged(dbus.String(u"ApprovalDuration"),
988
dbus.UInt64(value, variant_level=1))
1469
989
1470
990
# Name - property
1471
@dbus_service_property(_interface, signature="s", access="read")
991
@dbus_service_property(_interface, signature=u"s", access=u"read")
1472
992
def Name_dbus_property(self):
1473
993
return dbus.String(self.name)
1474
994
1475
995
# Fingerprint - property
1476
@dbus_service_property(_interface, signature="s", access="read")
996
@dbus_service_property(_interface, signature=u"s", access=u"read")
1477
997
def Fingerprint_dbus_property(self):
1478
998
return dbus.String(self.fingerprint)
1479
999
1480
1000
# Host - property
1481
@dbus_service_property(_interface, signature="s",
1482
access="readwrite")
1001
@dbus_service_property(_interface, signature=u"s",
1002
access=u"readwrite")
1483
1003
def Host_dbus_property(self, value=None):
1484
1004
if value is None: # get
1485
1005
return dbus.String(self.host)
1486
self.host = unicode(value)
1006
self.host = value
1007
# Emit D-Bus signal
1008
self.PropertyChanged(dbus.String(u"Host"),
1009
dbus.String(value, variant_level=1))
1487
1010
1488
1011
# Created - property
1489
@dbus_service_property(_interface, signature="s", access="read")
1012
@dbus_service_property(_interface, signature=u"s", access=u"read")
1490
1013
def Created_dbus_property(self):
1491
return datetime_to_dbus(self.created)
1014
return dbus.String(self._datetime_to_dbus(self.created))
1492
1015
1493
1016
# LastEnabled - property
1494
@dbus_service_property(_interface, signature="s", access="read")
1017
@dbus_service_property(_interface, signature=u"s", access=u"read")
1495
1018
def LastEnabled_dbus_property(self):
1496
return datetime_to_dbus(self.last_enabled)
1019
if self.last_enabled is None:
1020
return dbus.String(u"")
1021
return dbus.String(self._datetime_to_dbus(self.last_enabled))
1497
1022
1498
1023
# Enabled - property
1499
@dbus_service_property(_interface, signature="b",
1500
access="readwrite")
1024
@dbus_service_property(_interface, signature=u"b",
1025
access=u"readwrite")
1501
1026
def Enabled_dbus_property(self, value=None):
1502
1027
if value is None: # get
1503
1028
return dbus.Boolean(self.enabled)
1507
1032
self.disable()
1508
1033
1509
1034
# LastCheckedOK - property
1510
@dbus_service_property(_interface, signature="s",
1511
access="readwrite")
1035
@dbus_service_property(_interface, signature=u"s",
1036
access=u"readwrite")
1512
1037
def LastCheckedOK_dbus_property(self, value=None):
1513
1038
if value is not None:
1514
1039
self.checked_ok()
1515
1040
return
1516
return datetime_to_dbus(self.last_checked_ok)
1517
1518
# LastCheckerStatus - property
1519
@dbus_service_property(_interface, signature="n",
1520
access="read")
1521
def LastCheckerStatus_dbus_property(self):
1522
return dbus.Int16(self.last_checker_status)
1523
1524
# Expires - property
1525
@dbus_service_property(_interface, signature="s", access="read")
1526
def Expires_dbus_property(self):
1527
return datetime_to_dbus(self.expires)
1041
if self.last_checked_ok is None:
1042
return dbus.String(u"")
1043
return dbus.String(self._datetime_to_dbus(self
1044
.last_checked_ok))
1528
1045
1529
1046
# LastApprovalRequest - property
1530
@dbus_service_property(_interface, signature="s", access="read")
1047
@dbus_service_property(_interface, signature=u"s", access=u"read")
1531
1048
def LastApprovalRequest_dbus_property(self):
1532
return datetime_to_dbus(self.last_approval_request)
1049
if self.last_approval_request is None:
1050
return dbus.String(u"")
1051
return dbus.String(self.
1052
_datetime_to_dbus(self
1053
.last_approval_request))
1533
1054
1534
1055
# Timeout - property
1535
@dbus_service_property(_interface, signature="t",
1536
access="readwrite")
1056
@dbus_service_property(_interface, signature=u"t",
1057
access=u"readwrite")
1537
1058
def Timeout_dbus_property(self, value=None):
1538
1059
if value is None: # get
1539
1060
return dbus.UInt64(self.timeout_milliseconds())
1540
old_timeout = self.timeout
1541
1061
self.timeout = datetime.timedelta(0, 0, 0, value)
1542
# Reschedule disabling
1543
if self.enabled:
1544
now = datetime.datetime.utcnow()
1545
self.expires += self.timeout - old_timeout
1546
if self.expires <= now:
1547
# The timeout has passed
1548
self.disable()
1549
else:
1550
if (getattr(self, "disable_initiator_tag", None)
1551
is None):
1552
return
1553
gobject.source_remove(self.disable_initiator_tag)
1554
self.disable_initiator_tag = (
1555
gobject.timeout_add(
1556
timedelta_to_milliseconds(self.expires - now),
1557
self.disable))
1558
1559
# ExtendedTimeout - property
1560
@dbus_service_property(_interface, signature="t",
1561
access="readwrite")
1562
def ExtendedTimeout_dbus_property(self, value=None):
1563
if value is None: # get
1564
return dbus.UInt64(self.extended_timeout_milliseconds())
1565
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1062
# Emit D-Bus signal
1063
self.PropertyChanged(dbus.String(u"Timeout"),
1064
dbus.UInt64(value, variant_level=1))
1065
if getattr(self, u"disable_initiator_tag", None) is None:
1066
return
1067
# Reschedule timeout
1068
gobject.source_remove(self.disable_initiator_tag)
1069
self.disable_initiator_tag = None
1070
time_to_die = (self.
1071
_timedelta_to_milliseconds((self
1072
.last_checked_ok
1073
+ self.timeout)
1074
- datetime.datetime
1075
.utcnow()))
1076
if time_to_die <= 0:
1077
# The timeout has passed
1078
self.disable()
1079
else:
1080
self.disable_initiator_tag = (gobject.timeout_add
1081
(time_to_die, self.disable))
1566
1082
1567
1083
# Interval - property
1568
@dbus_service_property(_interface, signature="t",
1569
access="readwrite")
1084
@dbus_service_property(_interface, signature=u"t",
1085
access=u"readwrite")
1570
1086
def Interval_dbus_property(self, value=None):
1571
1087
if value is None: # get
1572
1088
return dbus.UInt64(self.interval_milliseconds())
1573
1089
self.interval = datetime.timedelta(0, 0, 0, value)
1574
if getattr(self, "checker_initiator_tag", None) is None:
1090
# Emit D-Bus signal
1091
self.PropertyChanged(dbus.String(u"Interval"),
1092
dbus.UInt64(value, variant_level=1))
1093
if getattr(self, u"checker_initiator_tag", None) is None:
1575
1094
return
1576
if self.enabled:
1577
# Reschedule checker run
1578
gobject.source_remove(self.checker_initiator_tag)
1579
self.checker_initiator_tag = (gobject.timeout_add
1580
(value, self.start_checker))
1581
self.start_checker() # Start one now, too
1582
1095
# Reschedule checker run
1096
gobject.source_remove(self.checker_initiator_tag)
1097
self.checker_initiator_tag = (gobject.timeout_add
1098
(value, self.start_checker))
1099
self.start_checker() # Start one now, too
1100
1583
1101
# Checker - property
1584
@dbus_service_property(_interface, signature="s",
1585
access="readwrite")
1102
@dbus_service_property(_interface, signature=u"s",
1103
access=u"readwrite")
1586
1104
def Checker_dbus_property(self, value=None):
1587
1105
if value is None: # get
1588
1106
return dbus.String(self.checker_command)
1589
self.checker_command = unicode(value)
1107
self.checker_command = value
1108
# Emit D-Bus signal
1109
self.PropertyChanged(dbus.String(u"Checker"),
1110
dbus.String(self.checker_command,
1111
variant_level=1))
1590
1112
1591
1113
# CheckerRunning - property
1592
@dbus_service_property(_interface, signature="b",
1593
access="readwrite")
1114
@dbus_service_property(_interface, signature=u"b",
1115
access=u"readwrite")
1594
1116
def CheckerRunning_dbus_property(self, value=None):
1595
1117
if value is None: # get
1596
1118
return dbus.Boolean(self.checker is not None)
1600
1122
self.stop_checker()
1601
1123
1602
1124
# ObjectPath - property
1603
@dbus_service_property(_interface, signature="o", access="read")
1125
@dbus_service_property(_interface, signature=u"o", access=u"read")
1604
1126
def ObjectPath_dbus_property(self):
1605
1127
return self.dbus_object_path # is already a dbus.ObjectPath
1606
1128
1607
1129
# Secret = property
1608
@dbus_service_property(_interface, signature="ay",
1609
access="write", byte_arrays=True)
1130
@dbus_service_property(_interface, signature=u"ay",
1131
access=u"write", byte_arrays=True)
1610
1132
def Secret_dbus_property(self, value):
1611
1133
self.secret = str(value)
1612
1134
1619
1141
self._pipe.send(('init', fpr, address))
1620
1142
if not self._pipe.recv():
1621
1143
raise KeyError()
1622
1144
1623
1145
def __getattribute__(self, name):
1624
if name == '_pipe':
1146
if(name == '_pipe'):
1625
1147
return super(ProxyClient, self).__getattribute__(name)
1626
1148
self._pipe.send(('getattr', name))
1627
1149
data = self._pipe.recv()
1632
1154
self._pipe.send(('funcall', name, args, kwargs))
1633
1155
return self._pipe.recv()[1]
1634
1156
return func
1635
1157
1636
1158
def __setattr__(self, name, value):
1637
if name == '_pipe':
1159
if(name == '_pipe'):
1638
1160
return super(ProxyClient, self).__setattr__(name, value)
1639
1161
self._pipe.send(('setattr', name, value))
1640
1162
1647
1169
1648
1170
def handle(self):
1649
1171
with contextlib.closing(self.server.child_pipe) as child_pipe:
1650
logger.info("TCP connection from: %s",
1172
logger.info(u"TCP connection from: %s",
1651
1173
unicode(self.client_address))
1652
logger.debug("Pipe FD: %d",
1174
logger.debug(u"Pipe FD: %d",
1653
1175
self.server.child_pipe.fileno())
1654
1176
1655
1177
session = (gnutls.connection
1656
1178
.ClientSession(self.request,
1657
1179
gnutls.connection
1658
1180
.X509Credentials()))
1659
1181
1660
1182
# Note: gnutls.connection.X509Credentials is really a
1661
1183
# generic GnuTLS certificate credentials object so long as
1662
1184
# no X.509 keys are added to it. Therefore, we can use it
1663
1185
# here despite using OpenPGP certificates.
1664
1665
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
1666
# "+AES-256-CBC", "+SHA1",
1667
# "+COMP-NULL", "+CTYPE-OPENPGP",
1668
# "+DHE-DSS"))
1186
1187
#priority = u':'.join((u"NONE", u"+VERS-TLS1.1",
1188
# u"+AES-256-CBC", u"+SHA1",
1189
# u"+COMP-NULL", u"+CTYPE-OPENPGP",
1190
# u"+DHE-DSS"))
1669
1191
# Use a fallback default, since this MUST be set.
1670
1192
priority = self.server.gnutls_priority
1671
1193
if priority is None:
1672
priority = "NORMAL"
1194
priority = u"NORMAL"
1673
1195
(gnutls.library.functions
1674
1196
.gnutls_priority_set_direct(session._c_object,
1675
1197
priority, None))
1676
1198
1677
1199
# Start communication using the Mandos protocol
1678
1200
# Get protocol number
1679
1201
line = self.request.makefile().readline()
1680
logger.debug("Protocol version: %r", line)
1202
logger.debug(u"Protocol version: %r", line)
1681
1203
try:
1682
1204
if int(line.strip().split()[0]) > 1:
1683
1205
raise RuntimeError
1684
except (ValueError, IndexError, RuntimeError) as error:
1685
logger.error("Unknown protocol version: %s", error)
1206
except (ValueError, IndexError, RuntimeError), error:
1207
logger.error(u"Unknown protocol version: %s", error)
1686
1208
return
1687
1209
1688
1210
# Start GnuTLS connection
1689
1211
try:
1690
1212
session.handshake()
1691
except gnutls.errors.GNUTLSError as error:
1692
logger.warning("Handshake failed: %s", error)
1213
except gnutls.errors.GNUTLSError, error:
1214
logger.warning(u"Handshake failed: %s", error)
1693
1215
# Do not run session.bye() here: the session is not
1694
1216
# established. Just abandon the request.
1695
1217
return
1696
logger.debug("Handshake succeeded")
1697
1218
logger.debug(u"Handshake succeeded")
1219
1698
1220
approval_required = False
1699
1221
try:
1700
1222
try:
1701
1223
fpr = self.fingerprint(self.peer_certificate
1702
1224
(session))
1703
except (TypeError,
1704
gnutls.errors.GNUTLSError) as error:
1705
logger.warning("Bad certificate: %s", error)
1225
except (TypeError, gnutls.errors.GNUTLSError), error:
1226
logger.warning(u"Bad certificate: %s", error)
1706
1227
return
1707
logger.debug("Fingerprint: %s", fpr)
1708
1228
logger.debug(u"Fingerprint: %s", fpr)
1229
1709
1230
try:
1710
1231
client = ProxyClient(child_pipe, fpr,
1711
1232
self.client_address)
1719
1240
1720
1241
while True:
1721
1242
if not client.enabled:
1722
logger.info("Client %s is disabled",
1243
logger.warning(u"Client %s is disabled",
1723
1244
client.name)
1724
1245
if self.server.use_dbus:
1725
1246
# Emit D-Bus signal
1726
client.Rejected("Disabled")
1247
client.Rejected("Disabled")
1727
1248
return
1728
1249
1729
if client.approved or not client.approval_delay:
1250
if client._approved or not client.approval_delay:
1730
1251
#We are approved or approval is disabled
1731
1252
break
1732
elif client.approved is None:
1733
logger.info("Client %s needs approval",
1253
elif client._approved is None:
1254
logger.info(u"Client %s needs approval",
1734
1255
client.name)
1735
1256
if self.server.use_dbus:
1736
1257
# Emit D-Bus signal
1738
1259
client.approval_delay_milliseconds(),
1739
1260
client.approved_by_default)
1740
1261
else:
1741
logger.warning("Client %s was not approved",
1262
logger.warning(u"Client %s was not approved",
1742
1263
client.name)
1743
1264
if self.server.use_dbus:
1744
1265
# Emit D-Bus signal
1746
1267
return
1747
1268
1748
1269
#wait until timeout or approved
1270
#x = float(client._timedelta_to_milliseconds(delay))
1749
1271
time = datetime.datetime.now()
1750
1272
client.changedstate.acquire()
1751
client.changedstate.wait(
1752
float(timedelta_to_milliseconds(delay)
1753
/ 1000))
1273
client.changedstate.wait(float(client._timedelta_to_milliseconds(delay) / 1000))
1754
1274
client.changedstate.release()
1755
1275
time2 = datetime.datetime.now()
1756
1276
if (time2 - time) >= delay:
1771
1291
while sent_size < len(client.secret):
1772
1292
try:
1773
1293
sent = session.send(client.secret[sent_size:])
1774
except gnutls.errors.GNUTLSError as error:
1775
logger.warning("gnutls send failed",
1776
exc_info=error)
1294
except (gnutls.errors.GNUTLSError), error:
1295
logger.warning("gnutls send failed")
1777
1296
return
1778
logger.debug("Sent: %d, remaining: %d",
1297
logger.debug(u"Sent: %d, remaining: %d",
1779
1298
sent, len(client.secret)
1780
1299
- (sent_size + sent))
1781
1300
sent_size += sent
1782
1783
logger.info("Sending secret to %s", client.name)
1784
# bump the timeout using extended_timeout
1785
client.bump_timeout(client.extended_timeout)
1301
1302
logger.info(u"Sending secret to %s", client.name)
1303
# bump the timeout as if seen
1304
client.checked_ok()
1786
1305
if self.server.use_dbus:
1787
1306
# Emit D-Bus signal
1788
1307
client.GotSecret()
1792
1311
client.approvals_pending -= 1
1793
1312
try:
1794
1313
session.bye()
1795
except gnutls.errors.GNUTLSError as error:
1796
logger.warning("GnuTLS bye failed",
1797
exc_info=error)
1314
except (gnutls.errors.GNUTLSError), error:
1315
logger.warning("GnuTLS bye failed")
1798
1316
1799
1317
@staticmethod
1800
1318
def peer_certificate(session):
1810
1328
.gnutls_certificate_get_peers
1811
1329
(session._c_object, ctypes.byref(list_size)))
1812
1330
if not bool(cert_list) and list_size.value != 0:
1813
raise gnutls.errors.GNUTLSError("error getting peer"
1814
" certificate")
1331
raise gnutls.errors.GNUTLSError(u"error getting peer"
1332
u" certificate")
1815
1333
if list_size.value == 0:
1816
1334
return None
1817
1335
cert = cert_list[0]
1843
1361
if crtverify.value != 0:
1844
1362
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1845
1363
raise (gnutls.errors.CertificateSecurityError
1846
("Verify failed"))
1364
(u"Verify failed"))
1847
1365
# New buffer for the fingerprint
1848
1366
buf = ctypes.create_string_buffer(20)
1849
1367
buf_len = ctypes.c_size_t()
1856
1374
# Convert the buffer to a Python bytestring
1857
1375
fpr = ctypes.string_at(buf, buf_len.value)
1858
1376
# Convert the bytestring to hexadecimal notation
1859
hex_fpr = binascii.hexlify(fpr).upper()
1377
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
1860
1378
return hex_fpr
1861
1379
1862
1380
1865
1383
def sub_process_main(self, request, address):
1866
1384
try:
1867
1385
self.finish_request(request, address)
1868
except Exception:
1386
except:
1869
1387
self.handle_error(request, address)
1870
1388
self.close_request(request)
1871
1389
1872
1390
def process_request(self, request, address):
1873
1391
"""Start a new process to process the request."""
1874
proc = multiprocessing.Process(target = self.sub_process_main,
1875
args = (request, address))
1876
proc.start()
1877
return proc
1878
1392
multiprocessing.Process(target = self.sub_process_main,
1393
args = (request, address)).start()
1879
1394
1880
1395
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
1881
1396
""" adds a pipe to the MixIn """
1885
1400
This function creates a new pipe in self.pipe
1886
1401
"""
1887
1402
parent_pipe, self.child_pipe = multiprocessing.Pipe()
1888
1889
proc = MultiprocessingMixIn.process_request(self, request,
1890
client_address)
1403
1404
super(MultiprocessingMixInWithPipe,
1405
self).process_request(request, client_address)
1891
1406
self.child_pipe.close()
1892
self.add_pipe(parent_pipe, proc)
1893
1894
def add_pipe(self, parent_pipe, proc):
1407
self.add_pipe(parent_pipe)
1408
1409
def add_pipe(self, parent_pipe):
1895
1410
"""Dummy function; override as necessary"""
1896
raise NotImplementedError
1897
1411
pass
1898
1412
1899
1413
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
1900
1414
socketserver.TCPServer, object):
1918
1432
bind to an address or port if they were not specified."""
1919
1433
if self.interface is not None:
1920
1434
if SO_BINDTODEVICE is None:
1921
logger.error("SO_BINDTODEVICE does not exist;"
1922
" cannot bind to interface %s",
1435
logger.error(u"SO_BINDTODEVICE does not exist;"
1436
u" cannot bind to interface %s",
1923
1437
self.interface)
1924
1438
else:
1925
1439
try:
1926
1440
self.socket.setsockopt(socket.SOL_SOCKET,
1927
1441
SO_BINDTODEVICE,
1928
1442
str(self.interface
1929
+ '\0'))
1930
except socket.error as error:
1931
if error.errno == errno.EPERM:
1932
logger.error("No permission to"
1933
" bind to interface %s",
1934
self.interface)
1935
elif error.errno == errno.ENOPROTOOPT:
1936
logger.error("SO_BINDTODEVICE not available;"
1937
" cannot bind to interface %s",
1938
self.interface)
1939
elif error.errno == errno.ENODEV:
1940
logger.error("Interface %s does not"
1941
" exist, cannot bind",
1443
+ u'\0'))
1444
except socket.error, error:
1445
if error[0] == errno.EPERM:
1446
logger.error(u"No permission to"
1447
u" bind to interface %s",
1448
self.interface)
1449
elif error[0] == errno.ENOPROTOOPT:
1450
logger.error(u"SO_BINDTODEVICE not available;"
1451
u" cannot bind to interface %s",
1942
1452
self.interface)
1943
1453
else:
1944
1454
raise
1946
1456
if self.server_address[0] or self.server_address[1]:
1947
1457
if not self.server_address[0]:
1948
1458
if self.address_family == socket.AF_INET6:
1949
any_address = "::" # in6addr_any
1459
any_address = u"::" # in6addr_any
1950
1460
else:
1951
1461
any_address = socket.INADDR_ANY
1952
1462
self.server_address = (any_address,
1979
1489
self.enabled = False
1980
1490
self.clients = clients
1981
1491
if self.clients is None:
1982
self.clients = {}
1492
self.clients = set()
1983
1493
self.use_dbus = use_dbus
1984
1494
self.gnutls_priority = gnutls_priority
1985
1495
IPv6_TCPServer.__init__(self, server_address,
1989
1499
def server_activate(self):
1990
1500
if self.enabled:
1991
1501
return socketserver.TCPServer.server_activate(self)
1992
1993
1502
def enable(self):
1994
1503
self.enabled = True
1995
1996
def add_pipe(self, parent_pipe, proc):
1504
def add_pipe(self, parent_pipe):
1997
1505
# Call "handle_ipc" for both data and EOF events
1998
1506
gobject.io_add_watch(parent_pipe.fileno(),
1999
1507
gobject.IO_IN | gobject.IO_HUP,
2000
1508
functools.partial(self.handle_ipc,
2001
parent_pipe =
2002
parent_pipe,
2003
proc = proc))
2004
1509
parent_pipe = parent_pipe))
1510
2005
1511
def handle_ipc(self, source, condition, parent_pipe=None,
2006
proc = None, client_object=None):
2007
# error, or the other end of multiprocessing.Pipe has closed
2008
if condition & (gobject.IO_ERR | gobject.IO_HUP):
2009
# Wait for other process to exit
2010
proc.join()
1512
client_object=None):
1513
condition_names = {
1514
gobject.IO_IN: u"IN", # There is data to read.
1515
gobject.IO_OUT: u"OUT", # Data can be written (without
1516
# blocking).
1517
gobject.IO_PRI: u"PRI", # There is urgent data to read.
1518
gobject.IO_ERR: u"ERR", # Error condition.
1519
gobject.IO_HUP: u"HUP" # Hung up (the connection has been
1520
# broken, usually for pipes and
1521
# sockets).
1522
}
1523
conditions_string = ' | '.join(name
1524
for cond, name in
1525
condition_names.iteritems()
1526
if cond & condition)
1527
# error or the other end of multiprocessing.Pipe has closed
1528
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
2011
1529
return False
2012
1530
2013
1531
# Read a request from the child
2018
1536
fpr = request[1]
2019
1537
address = request[2]
2020
1538
2021
for c in self.clients.itervalues():
1539
for c in self.clients:
2022
1540
if c.fingerprint == fpr:
2023
1541
client = c
2024
1542
break
2025
1543
else:
2026
logger.info("Client not found for fingerprint: %s, ad"
2027
"dress: %s", fpr, address)
1544
logger.warning(u"Client not found for fingerprint: %s, ad"
1545
u"dress: %s", fpr, address)
2028
1546
if self.use_dbus:
2029
1547
# Emit D-Bus signal
2030
mandos_dbus_service.ClientNotFound(fpr,
2031
address[0])
1548
mandos_dbus_service.ClientNotFound(fpr, address[0])
2032
1549
parent_pipe.send(False)
2033
1550
return False
2034
1551
2035
1552
gobject.io_add_watch(parent_pipe.fileno(),
2036
1553
gobject.IO_IN | gobject.IO_HUP,
2037
1554
functools.partial(self.handle_ipc,
2038
parent_pipe =
2039
parent_pipe,
2040
proc = proc,
2041
client_object =
2042
client))
1555
parent_pipe = parent_pipe,
1556
client_object = client))
2043
1557
parent_pipe.send(True)
2044
# remove the old hook in favor of the new above hook on
2045
# same fileno
1558
# remove the old hook in favor of the new above hook on same fileno
2046
1559
return False
2047
1560
if command == 'funcall':
2048
1561
funcname = request[1]
2049
1562
args = request[2]
2050
1563
kwargs = request[3]
2051
1564
2052
parent_pipe.send(('data', getattr(client_object,
2053
funcname)(*args,
2054
**kwargs)))
2055
1565
parent_pipe.send(('data', getattr(client_object, funcname)(*args, **kwargs)))
1566
2056
1567
if command == 'getattr':
2057
1568
attrname = request[1]
2058
1569
if callable(client_object.__getattribute__(attrname)):
2059
1570
parent_pipe.send(('function',))
2060
1571
else:
2061
parent_pipe.send(('data', client_object
2062
.__getattribute__(attrname)))
1572
parent_pipe.send(('data', client_object.__getattribute__(attrname)))
2063
1573
2064
1574
if command == 'setattr':
2065
1575
attrname = request[1]
2066
1576
value = request[2]
2067
1577
setattr(client_object, attrname, value)
2068
1578
2069
1579
return True
2070
1580
2071
1581
2072
1582
def string_to_delta(interval):
2073
1583
"""Parse a string and return a datetime.timedelta
2074
1584
2075
>>> string_to_delta('7d')
1585
>>> string_to_delta(u'7d')
2076
1586
datetime.timedelta(7)
2077
>>> string_to_delta('60s')
1587
>>> string_to_delta(u'60s')
2078
1588
datetime.timedelta(0, 60)
2079
>>> string_to_delta('60m')
1589
>>> string_to_delta(u'60m')
2080
1590
datetime.timedelta(0, 3600)
2081
>>> string_to_delta('24h')
1591
>>> string_to_delta(u'24h')
2082
1592
datetime.timedelta(1)
2083
>>> string_to_delta('1w')
1593
>>> string_to_delta(u'1w')
2084
1594
datetime.timedelta(7)
2085
>>> string_to_delta('5m 30s')
1595
>>> string_to_delta(u'5m 30s')
2086
1596
datetime.timedelta(0, 330)
2087
1597
"""
2088
1598
timevalue = datetime.timedelta(0)
2090
1600
try:
2091
1601
suffix = unicode(s[-1])
2092
1602
value = int(s[:-1])
2093
if suffix == "d":
1603
if suffix == u"d":
2094
1604
delta = datetime.timedelta(value)
2095
elif suffix == "s":
1605
elif suffix == u"s":
2096
1606
delta = datetime.timedelta(0, value)
2097
elif suffix == "m":
1607
elif suffix == u"m":
2098
1608
delta = datetime.timedelta(0, 0, 0, 0, value)
2099
elif suffix == "h":
1609
elif suffix == u"h":
2100
1610
delta = datetime.timedelta(0, 0, 0, 0, 0, value)
2101
elif suffix == "w":
1611
elif suffix == u"w":
2102
1612
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
2103
1613
else:
2104
raise ValueError("Unknown suffix {0!r}"
2105
.format(suffix))
2106
except (ValueError, IndexError) as e:
2107
raise ValueError(*(e.args))
1614
raise ValueError(u"Unknown suffix %r" % suffix)
1615
except (ValueError, IndexError), e:
1616
raise ValueError(e.message)
2108
1617
timevalue += delta
2109
1618
return timevalue
2110
1619
2111
1620
1621
def if_nametoindex(interface):
1622
"""Call the C function if_nametoindex(), or equivalent
1623
1624
Note: This function cannot accept a unicode string."""
1625
global if_nametoindex
1626
try:
1627
if_nametoindex = (ctypes.cdll.LoadLibrary
1628
(ctypes.util.find_library(u"c"))
1629
.if_nametoindex)
1630
except (OSError, AttributeError):
1631
logger.warning(u"Doing if_nametoindex the hard way")
1632
def if_nametoindex(interface):
1633
"Get an interface index the hard way, i.e. using fcntl()"
1634
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
1635
with contextlib.closing(socket.socket()) as s:
1636
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
1637
struct.pack(str(u"16s16x"),
1638
interface))
1639
interface_index = struct.unpack(str(u"I"),
1640
ifreq[16:20])[0]
1641
return interface_index
1642
return if_nametoindex(interface)
1643
1644
2112
1645
def daemon(nochdir = False, noclose = False):
2113
1646
"""See daemon(3). Standard BSD Unix function.
2114
1647
2117
1650
sys.exit()
2118
1651
os.setsid()
2119
1652
if not nochdir:
2120
os.chdir("/")
1653
os.chdir(u"/")
2121
1654
if os.fork():
2122
1655
sys.exit()
2123
1656
if not noclose:
2124
1657
# Close all standard open file descriptors
2125
null = os.open(os.devnull, os.O_NOCTTY | os.O_RDWR)
1658
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
2126
1659
if not stat.S_ISCHR(os.fstat(null).st_mode):
2127
1660
raise OSError(errno.ENODEV,
2128
"{0} not a character device"
2129
.format(os.devnull))
1661
u"%s not a character device"
1662
% os.path.devnull)
2130
1663
os.dup2(null, sys.stdin.fileno())
2131
1664
os.dup2(null, sys.stdout.fileno())
2132
1665
os.dup2(null, sys.stderr.fileno())
2139
1672
##################################################################
2140
1673
# Parsing of options, both command line and config file
2141
1674
2142
parser = argparse.ArgumentParser()
2143
parser.add_argument("-v", "--version", action="version",
2144
version = "%(prog)s {0}".format(version),
2145
help="show version number and exit")
2146
parser.add_argument("-i", "--interface", metavar="IF",
2147
help="Bind to interface IF")
2148
parser.add_argument("-a", "--address",
2149
help="Address to listen for requests on")
2150
parser.add_argument("-p", "--port", type=int,
2151
help="Port number to receive requests on")
2152
parser.add_argument("--check", action="store_true",
2153
help="Run self-test")
2154
parser.add_argument("--debug", action="store_true",
2155
help="Debug mode; run in foreground and log"
2156
" to terminal")
2157
parser.add_argument("--debuglevel", metavar="LEVEL",
2158
help="Debug level for stdout output")
2159
parser.add_argument("--priority", help="GnuTLS"
2160
" priority string (see GnuTLS documentation)")
2161
parser.add_argument("--servicename",
2162
metavar="NAME", help="Zeroconf service name")
2163
parser.add_argument("--configdir",
2164
default="/etc/mandos", metavar="DIR",
2165
help="Directory to search for configuration"
2166
" files")
2167
parser.add_argument("--no-dbus", action="store_false",
2168
dest="use_dbus", help="Do not provide D-Bus"
2169
" system bus interface")
2170
parser.add_argument("--no-ipv6", action="store_false",
2171
dest="use_ipv6", help="Do not use IPv6")
2172
parser.add_argument("--no-restore", action="store_false",
2173
dest="restore", help="Do not restore stored"
2174
" state")
2175
parser.add_argument("--statedir", metavar="DIR",
2176
help="Directory to save/restore state in")
2177
2178
options = parser.parse_args()
1675
parser = optparse.OptionParser(version = "%%prog %s" % version)
1676
parser.add_option("-i", u"--interface", type=u"string",
1677
metavar="IF", help=u"Bind to interface IF")
1678
parser.add_option("-a", u"--address", type=u"string",
1679
help=u"Address to listen for requests on")
1680
parser.add_option("-p", u"--port", type=u"int",
1681
help=u"Port number to receive requests on")
1682
parser.add_option("--check", action=u"store_true",
1683
help=u"Run self-test")
1684
parser.add_option("--debug", action=u"store_true",
1685
help=u"Debug mode; run in foreground and log to"
1686
u" terminal")
1687
parser.add_option("--debuglevel", type=u"string", metavar="Level",
1688
help=u"Debug level for stdout output")
1689
parser.add_option("--priority", type=u"string", help=u"GnuTLS"
1690
u" priority string (see GnuTLS documentation)")
1691
parser.add_option("--servicename", type=u"string",
1692
metavar=u"NAME", help=u"Zeroconf service name")
1693
parser.add_option("--configdir", type=u"string",
1694
default=u"/etc/mandos", metavar=u"DIR",
1695
help=u"Directory to search for configuration"
1696
u" files")
1697
parser.add_option("--no-dbus", action=u"store_false",
1698
dest=u"use_dbus", help=u"Do not provide D-Bus"
1699
u" system bus interface")
1700
parser.add_option("--no-ipv6", action=u"store_false",
1701
dest=u"use_ipv6", help=u"Do not use IPv6")
1702
options = parser.parse_args()[0]
2179
1703
2180
1704
if options.check:
2181
1705
import doctest
2183
1707
sys.exit()
2184
1708
2185
1709
# Default values for config file for server-global settings
2186
server_defaults = { "interface": "",
2187
"address": "",
2188
"port": "",
2189
"debug": "False",
2190
"priority":
2191
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
2192
"servicename": "Mandos",
2193
"use_dbus": "True",
2194
"use_ipv6": "True",
2195
"debuglevel": "",
2196
"restore": "True",
2197
"statedir": "/var/lib/mandos"
1710
server_defaults = { u"interface": u"",
1711
u"address": u"",
1712
u"port": u"",
1713
u"debug": u"False",
1714
u"priority":
1715
u"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1716
u"servicename": u"Mandos",
1717
u"use_dbus": u"True",
1718
u"use_ipv6": u"True",
1719
u"debuglevel": u"",
2198
1720
}
2199
1721
2200
1722
# Parse config file for server-global settings
2201
1723
server_config = configparser.SafeConfigParser(server_defaults)
2202
1724
del server_defaults
2203
1725
server_config.read(os.path.join(options.configdir,
2204
"mandos.conf"))
1726
u"mandos.conf"))
2205
1727
# Convert the SafeConfigParser object to a dict
2206
1728
server_settings = server_config.defaults()
2207
1729
# Use the appropriate methods on the non-string config options
2208
for option in ("debug", "use_dbus", "use_ipv6"):
2209
server_settings[option] = server_config.getboolean("DEFAULT",
1730
for option in (u"debug", u"use_dbus", u"use_ipv6"):
1731
server_settings[option] = server_config.getboolean(u"DEFAULT",
2210
1732
option)
2211
1733
if server_settings["port"]:
2212
server_settings["port"] = server_config.getint("DEFAULT",
2213
"port")
1734
server_settings["port"] = server_config.getint(u"DEFAULT",
1735
u"port")
2214
1736
del server_config
2215
1737
2216
1738
# Override the settings from the config file with command line
2217
1739
# options, if set.
2218
for option in ("interface", "address", "port", "debug",
2219
"priority", "servicename", "configdir",
2220
"use_dbus", "use_ipv6", "debuglevel", "restore",
2221
"statedir"):
1740
for option in (u"interface", u"address", u"port", u"debug",
1741
u"priority", u"servicename", u"configdir",
1742
u"use_dbus", u"use_ipv6", u"debuglevel"):
2222
1743
value = getattr(options, option)
2223
1744
if value is not None:
2224
1745
server_settings[option] = value
2232
1753
##################################################################
2233
1754
2234
1755
# For convenience
2235
debug = server_settings["debug"]
2236
debuglevel = server_settings["debuglevel"]
2237
use_dbus = server_settings["use_dbus"]
2238
use_ipv6 = server_settings["use_ipv6"]
2239
stored_state_path = os.path.join(server_settings["statedir"],
2240
stored_state_file)
2241
2242
if debug:
2243
initlogger(debug, logging.DEBUG)
2244
else:
2245
if not debuglevel:
2246
initlogger(debug)
2247
else:
2248
level = getattr(logging, debuglevel.upper())
2249
initlogger(debug, level)
2250
2251
if server_settings["servicename"] != "Mandos":
1756
debug = server_settings[u"debug"]
1757
debuglevel = server_settings[u"debuglevel"]
1758
use_dbus = server_settings[u"use_dbus"]
1759
use_ipv6 = server_settings[u"use_ipv6"]
1760
1761
if server_settings[u"servicename"] != u"Mandos":
2252
1762
syslogger.setFormatter(logging.Formatter
2253
('Mandos ({0}) [%(process)d]:'
2254
' %(levelname)s: %(message)s'
2255
.format(server_settings
2256
["servicename"])))
1763
(u'Mandos (%s) [%%(process)d]:'
1764
u' %%(levelname)s: %%(message)s'
1765
% server_settings[u"servicename"]))
2257
1766
2258
1767
# Parse config file with clients
2259
client_config = configparser.SafeConfigParser(Client
2260
.client_defaults)
2261
client_config.read(os.path.join(server_settings["configdir"],
2262
"clients.conf"))
1768
client_defaults = { u"timeout": u"1h",
1769
u"interval": u"5m",
1770
u"checker": u"fping -q -- %%(host)s",
1771
u"host": u"",
1772
u"approval_delay": u"0s",
1773
u"approval_duration": u"1s",
1774
}
1775
client_config = configparser.SafeConfigParser(client_defaults)
1776
client_config.read(os.path.join(server_settings[u"configdir"],
1777
u"clients.conf"))
2263
1778
2264
1779
global mandos_dbus_service
2265
1780
mandos_dbus_service = None
2266
1781
2267
tcp_server = MandosServer((server_settings["address"],
2268
server_settings["port"]),
1782
tcp_server = MandosServer((server_settings[u"address"],
1783
server_settings[u"port"]),
2269
1784
ClientHandler,
2270
interface=(server_settings["interface"]
1785
interface=(server_settings[u"interface"]
2271
1786
or None),
2272
1787
use_ipv6=use_ipv6,
2273
1788
gnutls_priority=
2274
server_settings["priority"],
1789
server_settings[u"priority"],
2275
1790
use_dbus=use_dbus)
2276
1791
if not debug:
2277
pidfilename = "/var/run/mandos.pid"
1792
pidfilename = u"/var/run/mandos.pid"
2278
1793
try:
2279
pidfile = open(pidfilename, "w")
2280
except IOError as e:
2281
logger.error("Could not open file %r", pidfilename,
2282
exc_info=e)
1794
pidfile = open(pidfilename, u"w")
1795
except IOError:
1796
logger.error(u"Could not open file %r", pidfilename)
2283
1797
2284
for name in ("_mandos", "mandos", "nobody"):
1798
try:
1799
uid = pwd.getpwnam(u"_mandos").pw_uid
1800
gid = pwd.getpwnam(u"_mandos").pw_gid
1801
except KeyError:
2285
1802
try:
2286
uid = pwd.getpwnam(name).pw_uid
2287
gid = pwd.getpwnam(name).pw_gid
2288
break
1803
uid = pwd.getpwnam(u"mandos").pw_uid
1804
gid = pwd.getpwnam(u"mandos").pw_gid
2289
1805
except KeyError:
2290
continue
2291
else:
2292
uid = 65534
2293
gid = 65534
1806
try:
1807
uid = pwd.getpwnam(u"nobody").pw_uid
1808
gid = pwd.getpwnam(u"nobody").pw_gid
1809
except KeyError:
1810
uid = 65534
1811
gid = 65534
2294
1812
try:
2295
1813
os.setgid(gid)
2296
1814
os.setuid(uid)
2297
except OSError as error:
1815
except OSError, error:
2298
1816
if error[0] != errno.EPERM:
2299
1817
raise error
2300
1818
1819
if not debug and not debuglevel:
1820
syslogger.setLevel(logging.WARNING)
1821
console.setLevel(logging.WARNING)
1822
if debuglevel:
1823
level = getattr(logging, debuglevel.upper())
1824
syslogger.setLevel(level)
1825
console.setLevel(level)
1826
2301
1827
if debug:
2302
1828
# Enable all possible GnuTLS debugging
2303
1829
2307
1833
2308
1834
@gnutls.library.types.gnutls_log_func
2309
1835
def debug_gnutls(level, string):
2310
logger.debug("GnuTLS: %s", string[:-1])
1836
logger.debug(u"GnuTLS: %s", string[:-1])
2311
1837
2312
1838
(gnutls.library.functions
2313
1839
.gnutls_global_set_log_function(debug_gnutls))
2314
1840
2315
1841
# Redirect stdin so all checkers get /dev/null
2316
null = os.open(os.devnull, os.O_NOCTTY | os.O_RDWR)
1842
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
2317
1843
os.dup2(null, sys.stdin.fileno())
2318
1844
if null > 2:
2319
1845
os.close(null)
2320
2321
# Need to fork before connecting to D-Bus
2322
if not debug:
2323
# Close all input and output, do double fork, etc.
2324
daemon()
2325
2326
gobject.threads_init()
1846
else:
1847
# No console logging
1848
logger.removeHandler(console)
1849
2327
1850
2328
1851
global main_loop
2329
1852
# From the Avahi example code
2330
DBusGMainLoop(set_as_default=True)
1853
DBusGMainLoop(set_as_default=True )
2331
1854
main_loop = gobject.MainLoop()
2332
1855
bus = dbus.SystemBus()
2333
1856
# End of Avahi example code
2334
1857
if use_dbus:
2335
1858
try:
2336
bus_name = dbus.service.BusName("se.recompile.Mandos",
1859
bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos",
2337
1860
bus, do_not_queue=True)
2338
old_bus_name = (dbus.service.BusName
2339
("se.bsnet.fukt.Mandos", bus,
2340
do_not_queue=True))
2341
except dbus.exceptions.NameExistsException as e:
2342
logger.error("Disabling D-Bus:", exc_info=e)
1861
except dbus.exceptions.NameExistsException, e:
1862
logger.error(unicode(e) + u", disabling D-Bus")
2343
1863
use_dbus = False
2344
server_settings["use_dbus"] = False
1864
server_settings[u"use_dbus"] = False
2345
1865
tcp_server.use_dbus = False
2346
1866
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2347
service = AvahiServiceToSyslog(name =
2348
server_settings["servicename"],
2349
servicetype = "_mandos._tcp",
2350
protocol = protocol, bus = bus)
1867
service = AvahiService(name = server_settings[u"servicename"],
1868
servicetype = u"_mandos._tcp",
1869
protocol = protocol, bus = bus)
2351
1870
if server_settings["interface"]:
2352
1871
service.interface = (if_nametoindex
2353
(str(server_settings["interface"])))
2354
1872
(str(server_settings[u"interface"])))
1873
1874
if not debug:
1875
# Close all input and output, do double fork, etc.
1876
daemon()
1877
2355
1878
global multiprocessing_manager
2356
1879
multiprocessing_manager = multiprocessing.Manager()
2357
1880
2358
1881
client_class = Client
2359
1882
if use_dbus:
2360
1883
client_class = functools.partial(ClientDBus, bus = bus)
2361
2362
client_settings = Client.config_parser(client_config)
2363
old_client_settings = {}
2364
clients_data = {}
2365
2366
# Get client data and settings from last running state.
2367
if server_settings["restore"]:
2368
try:
2369
with open(stored_state_path, "rb") as stored_state:
2370
clients_data, old_client_settings = (pickle.load
2371
(stored_state))
2372
os.remove(stored_state_path)
2373
except IOError as e:
2374
if e.errno == errno.ENOENT:
2375
logger.warning("Could not load persistent state: {0}"
2376
.format(os.strerror(e.errno)))
2377
else:
2378
logger.critical("Could not load persistent state:",
2379
exc_info=e)
2380
raise
2381
except EOFError as e:
2382
logger.warning("Could not load persistent state: "
2383
"EOFError:", exc_info=e)
2384
2385
with PGPEngine() as pgp:
2386
for client_name, client in clients_data.iteritems():
2387
# Decide which value to use after restoring saved state.
2388
# We have three different values: Old config file,
2389
# new config file, and saved state.
2390
# New config value takes precedence if it differs from old
2391
# config value, otherwise use saved state.
2392
for name, value in client_settings[client_name].items():
2393
try:
2394
# For each value in new config, check if it
2395
# differs from the old config value (Except for
2396
# the "secret" attribute)
2397
if (name != "secret" and
2398
value != old_client_settings[client_name]
2399
[name]):
2400
client[name] = value
2401
except KeyError:
2402
pass
2403
2404
# Clients who has passed its expire date can still be
2405
# enabled if its last checker was successful. Clients
2406
# whose checker succeeded before we stored its state is
2407
# assumed to have successfully run all checkers during
2408
# downtime.
2409
if client["enabled"]:
2410
if datetime.datetime.utcnow() >= client["expires"]:
2411
if not client["last_checked_ok"]:
2412
logger.warning(
2413
"disabling client {0} - Client never "
2414
"performed a successful checker"
2415
.format(client_name))
2416
client["enabled"] = False
2417
elif client["last_checker_status"] != 0:
2418
logger.warning(
2419
"disabling client {0} - Client "
2420
"last checker failed with error code {1}"
2421
.format(client_name,
2422
client["last_checker_status"]))
2423
client["enabled"] = False
2424
else:
2425
client["expires"] = (datetime.datetime
2426
.utcnow()
2427
+ client["timeout"])
2428
logger.debug("Last checker succeeded,"
2429
" keeping {0} enabled"
2430
.format(client_name))
1884
def client_config_items(config, section):
1885
special_settings = {
1886
"approved_by_default":
1887
lambda: config.getboolean(section,
1888
"approved_by_default"),
1889
}
1890
for name, value in config.items(section):
2431
1891
try:
2432
client["secret"] = (
2433
pgp.decrypt(client["encrypted_secret"],
2434
client_settings[client_name]
2435
["secret"]))
2436
except PGPError:
2437
# If decryption fails, we use secret from new settings
2438
logger.debug("Failed to decrypt {0} old secret"
2439
.format(client_name))
2440
client["secret"] = (
2441
client_settings[client_name]["secret"])
2442
2443
# Add/remove clients based on new changes made to config
2444
for client_name in (set(old_client_settings)
2445
- set(client_settings)):
2446
del clients_data[client_name]
2447
for client_name in (set(client_settings)
2448
- set(old_client_settings)):
2449
clients_data[client_name] = client_settings[client_name]
2450
2451
# Create all client objects
2452
for client_name, client in clients_data.iteritems():
2453
tcp_server.clients[client_name] = client_class(
2454
name = client_name, settings = client)
2455
1892
yield (name, special_settings[name]())
1893
except KeyError:
1894
yield (name, value)
1895
1896
tcp_server.clients.update(set(
1897
client_class(name = section,
1898
config= dict(client_config_items(
1899
client_config, section)))
1900
for section in client_config.sections()))
2456
1901
if not tcp_server.clients:
2457
logger.warning("No clients defined")
2458
1902
logger.warning(u"No clients defined")
1903
2459
1904
if not debug:
2460
1905
try:
2461
1906
with pidfile:
2462
1907
pid = os.getpid()
2463
pidfile.write(str(pid) + "\n".encode("utf-8"))
1908
pidfile.write(str(pid) + "\n")
2464
1909
del pidfile
2465
1910
except IOError:
2466
logger.error("Could not write to file %r with PID %d",
1911
logger.error(u"Could not write to file %r with PID %d",
2467
1912
pidfilename, pid)
2468
1913
except NameError:
2469
1914
# "pidfile" was never created
2470
1915
pass
2471
1916
del pidfilename
1917
2472
1918
signal.signal(signal.SIGINT, signal.SIG_IGN)
2473
1919
2474
1920
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
2475
1921
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
2476
1922
2477
1923
if use_dbus:
2478
@alternate_dbus_interfaces({"se.recompile.Mandos":
2479
"se.bsnet.fukt.Mandos"})
2480
class MandosDBusService(DBusObjectWithProperties):
1924
class MandosDBusService(dbus.service.Object):
2481
1925
"""A D-Bus proxy object"""
2482
1926
def __init__(self):
2483
dbus.service.Object.__init__(self, bus, "/")
2484
_interface = "se.recompile.Mandos"
2485
2486
@dbus_interface_annotations(_interface)
2487
def _foo(self):
2488
return { "org.freedesktop.DBus.Property"
2489
".EmitsChangedSignal":
2490
"false"}
2491
2492
@dbus.service.signal(_interface, signature="o")
1927
dbus.service.Object.__init__(self, bus, u"/")
1928
_interface = u"se.bsnet.fukt.Mandos"
1929
1930
@dbus.service.signal(_interface, signature=u"o")
2493
1931
def ClientAdded(self, objpath):
2494
1932
"D-Bus signal"
2495
1933
pass
2496
1934
2497
@dbus.service.signal(_interface, signature="ss")
1935
@dbus.service.signal(_interface, signature=u"ss")
2498
1936
def ClientNotFound(self, fingerprint, address):
2499
1937
"D-Bus signal"
2500
1938
pass
2501
1939
2502
@dbus.service.signal(_interface, signature="os")
1940
@dbus.service.signal(_interface, signature=u"os")
2503
1941
def ClientRemoved(self, objpath, name):
2504
1942
"D-Bus signal"
2505
1943
pass
2506
1944
2507
@dbus.service.method(_interface, out_signature="ao")
1945
@dbus.service.method(_interface, out_signature=u"ao")
2508
1946
def GetAllClients(self):
2509
1947
"D-Bus method"
2510
1948
return dbus.Array(c.dbus_object_path
2511
for c in
2512
tcp_server.clients.itervalues())
1949
for c in tcp_server.clients)
2513
1950
2514
1951
@dbus.service.method(_interface,
2515
out_signature="a{oa{sv}}")
1952
out_signature=u"a{oa{sv}}")
2516
1953
def GetAllClientsWithProperties(self):
2517
1954
"D-Bus method"
2518
1955
return dbus.Dictionary(
2519
((c.dbus_object_path, c.GetAll(""))
2520
for c in tcp_server.clients.itervalues()),
2521
signature="oa{sv}")
1956
((c.dbus_object_path, c.GetAll(u""))
1957
for c in tcp_server.clients),
1958
signature=u"oa{sv}")
2522
1959
2523
@dbus.service.method(_interface, in_signature="o")
1960
@dbus.service.method(_interface, in_signature=u"o")
2524
1961
def RemoveClient(self, object_path):
2525
1962
"D-Bus method"
2526
for c in tcp_server.clients.itervalues():
1963
for c in tcp_server.clients:
2527
1964
if c.dbus_object_path == object_path:
2528
del tcp_server.clients[c.name]
1965
tcp_server.clients.remove(c)
2529
1966
c.remove_from_connection()
2530
1967
# Don't signal anything except ClientRemoved
2531
1968
c.disable(quiet=True)
2542
1979
"Cleanup function; run on exit"
2543
1980
service.cleanup()
2544
1981
2545
multiprocessing.active_children()
2546
if not (tcp_server.clients or client_settings):
2547
return
2548
2549
# Store client before exiting. Secrets are encrypted with key
2550
# based on what config file has. If config file is
2551
# removed/edited, old secret will thus be unrecovable.
2552
clients = {}
2553
with PGPEngine() as pgp:
2554
for client in tcp_server.clients.itervalues():
2555
key = client_settings[client.name]["secret"]
2556
client.encrypted_secret = pgp.encrypt(client.secret,
2557
key)
2558
client_dict = {}
2559
2560
# A list of attributes that can not be pickled
2561
# + secret.
2562
exclude = set(("bus", "changedstate", "secret",
2563
"checker"))
2564
for name, typ in (inspect.getmembers
2565
(dbus.service.Object)):
2566
exclude.add(name)
2567
2568
client_dict["encrypted_secret"] = (client
2569
.encrypted_secret)
2570
for attr in client.client_structure:
2571
if attr not in exclude:
2572
client_dict[attr] = getattr(client, attr)
2573
2574
clients[client.name] = client_dict
2575
del client_settings[client.name]["secret"]
2576
2577
try:
2578
with (tempfile.NamedTemporaryFile
2579
(mode='wb', suffix=".pickle", prefix='clients-',
2580
dir=os.path.dirname(stored_state_path),
2581
delete=False)) as stored_state:
2582
pickle.dump((clients, client_settings), stored_state)
2583
tempname=stored_state.name
2584
os.rename(tempname, stored_state_path)
2585
except (IOError, OSError) as e:
2586
if not debug:
2587
try:
2588
os.remove(tempname)
2589
except NameError:
2590
pass
2591
if e.errno in (errno.ENOENT, errno.EACCES, errno.EEXIST):
2592
logger.warning("Could not save persistent state: {0}"
2593
.format(os.strerror(e.errno)))
2594
else:
2595
logger.warning("Could not save persistent state:",
2596
exc_info=e)
2597
raise e
2598
2599
# Delete all clients, and settings from config
2600
1982
while tcp_server.clients:
2601
name, client = tcp_server.clients.popitem()
1983
client = tcp_server.clients.pop()
2602
1984
if use_dbus:
2603
1985
client.remove_from_connection()
1986
client.disable_hook = None
2604
1987
# Don't signal anything except ClientRemoved
2605
1988
client.disable(quiet=True)
2606
1989
if use_dbus:
2607
1990
# Emit D-Bus signal
2608
mandos_dbus_service.ClientRemoved(client
2609
.dbus_object_path,
1991
mandos_dbus_service.ClientRemoved(client.dbus_object_path,
2610
1992
client.name)
2611
client_settings.clear()
2612
1993
2613
1994
atexit.register(cleanup)
2614
1995
2615
for client in tcp_server.clients.itervalues():
1996
for client in tcp_server.clients:
2616
1997
if use_dbus:
2617
1998
# Emit D-Bus signal
2618
1999
mandos_dbus_service.ClientAdded(client.dbus_object_path)
2619
# Need to initiate checking of clients
2620
if client.enabled:
2621
client.init_checker()
2000
client.enable()
2622
2001
2623
2002
tcp_server.enable()
2624
2003
tcp_server.server_activate()
2626
2005
# Find out what port we got
2627
2006
service.port = tcp_server.socket.getsockname()[1]
2628
2007
if use_ipv6:
2629
logger.info("Now listening on address %r, port %d,"
2630
" flowinfo %d, scope_id %d",
2631
*tcp_server.socket.getsockname())
2008
logger.info(u"Now listening on address %r, port %d,"
2009
" flowinfo %d, scope_id %d"
2010
% tcp_server.socket.getsockname())
2632
2011
else: # IPv4
2633
logger.info("Now listening on address %r, port %d",
2634
*tcp_server.socket.getsockname())
2012
logger.info(u"Now listening on address %r, port %d"
2013
% tcp_server.socket.getsockname())
2635
2014
2636
2015
#service.interface = tcp_server.socket.getsockname()[3]
2637
2016
2639
2018
# From the Avahi example code
2640
2019
try:
2641
2020
service.activate()
2642
except dbus.exceptions.DBusException as error:
2643
logger.critical("D-Bus Exception", exc_info=error)
2021
except dbus.exceptions.DBusException, error:
2022
logger.critical(u"DBusException: %s", error)
2644
2023
cleanup()
2645
2024
sys.exit(1)
2646
2025
# End of Avahi example code
2650
2029
(tcp_server.handle_request
2651
2030
(*args[2:], **kwargs) or True))
2652
2031
2653
logger.debug("Starting main loop")
2032
logger.debug(u"Starting main loop")
2654
2033
main_loop.run()
2655
except AvahiError as error:
2656
logger.critical("Avahi Error", exc_info=error)
2034
except AvahiError, error:
2035
logger.critical(u"AvahiError: %s", error)
2657
2036
cleanup()
2658
2037
sys.exit(1)
2659
2038
except KeyboardInterrupt:
2660
2039
if debug:
2661
print("", file=sys.stderr)
2662
logger.debug("Server received KeyboardInterrupt")
2663
logger.debug("Server exiting")
2040
print >> sys.stderr
2041
logger.debug(u"Server received KeyboardInterrupt")
2042
logger.debug(u"Server exiting")
2664
2043
# Must run before the D-Bus bus name gets deregistered
2665
2044
cleanup()
2666
2045
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0