240
240
"""A representation of a client host served by this server.
243
name: string; from the config file, used in log messages and
243
_approved: bool(); 'None' if not yet approved/disapproved
244
approval_delay: datetime.timedelta(); Time to wait for approval
245
approval_duration: datetime.timedelta(); Duration of one approval
246
checker: subprocess.Popen(); a running checker process used
247
to see if the client lives.
248
'None' if no process is running.
249
checker_callback_tag: a gobject event source tag, or None
250
checker_command: string; External command which is run to check
251
if client lives. %() expansions are done at
252
runtime with vars(self) as dict, so that for
253
instance %(name)s can be used in the command.
254
checker_initiator_tag: a gobject event source tag, or None
255
created: datetime.datetime(); (UTC) object creation
256
current_checker_command: string; current running checker_command
257
disable_hook: If set, called by disable() as disable_hook(self)
258
disable_initiator_tag: a gobject event source tag, or None
245
260
fingerprint: string (40 or 32 hexadecimal digits); used to
246
261
uniquely identify the client
247
secret: bytestring; sent verbatim (over TLS) to client
248
262
host: string; available for use by the checker command
249
created: datetime.datetime(); (UTC) object creation
263
interval: datetime.timedelta(); How often to start a new checker
264
last_approval_request: datetime.datetime(); (UTC) or None
265
last_checked_ok: datetime.datetime(); (UTC) or None
250
266
last_enabled: datetime.datetime(); (UTC)
252
last_checked_ok: datetime.datetime(); (UTC) or None
267
name: string; from the config file, used in log messages and
269
secret: bytestring; sent verbatim (over TLS) to client
253
270
timeout: datetime.timedelta(); How long from last_checked_ok
254
271
until this client is disabled
255
interval: datetime.timedelta(); How often to start a new checker
256
disable_hook: If set, called by disable() as disable_hook(self)
257
checker: subprocess.Popen(); a running checker process used
258
to see if the client lives.
259
'None' if no process is running.
260
checker_initiator_tag: a gobject event source tag, or None
261
disable_initiator_tag: - '' -
262
checker_callback_tag: - '' -
263
checker_command: string; External command which is run to check if
264
client lives. %() expansions are done at
265
runtime with vars(self) as dict, so that for
266
instance %(name)s can be used in the command.
267
current_checker_command: string; current running checker_command
268
approval_delay: datetime.timedelta(); Time to wait for approval
269
_approved: bool(); 'None' if not yet approved/disapproved
270
approval_duration: datetime.timedelta(); Duration of one approval
272
runtime_expansions: Allowed attributes for runtime expansion.
275
runtime_expansions = (u"approval_delay", u"approval_duration",
276
u"created", u"enabled", u"fingerprint",
277
u"host", u"interval", u"last_checked_ok",
278
u"last_enabled", u"name", u"timeout")
274
281
def _timedelta_to_milliseconds(td):
275
282
"Convert a datetime.timedelta() to milliseconds"
711
728
Client.__init__(self, *args, **kwargs)
712
729
# Only now, when this client is initialized, can it show up on
731
client_object_name = unicode(self.name).translate(
732
{ord(u"."): ord(u"_"),
733
ord(u"-"): ord(u"_")})
714
734
self.dbus_object_path = (dbus.ObjectPath
716
+ self.name.replace(u".", u"_")))
735
(u"/clients/" + client_object_name))
717
736
DBusObjectWithProperties.__init__(self, self.bus,
718
737
self.dbus_object_path)
801
820
variant_level=1)))
823
def need_approval(self, *args, **kwargs):
824
r = Client.need_approval(self, *args, **kwargs)
826
self.PropertyChanged(
827
dbus.String(u"LastApprovalRequest"),
828
(self._datetime_to_dbus(self.last_approval_request,
804
832
def start_checker(self, *args, **kwargs):
805
833
old_checker = self.checker
806
834
if self.checker is not None:
1651
1684
parser.add_option("--debug", action=u"store_true",
1652
1685
help=u"Debug mode; run in foreground and log to"
1654
parser.add_option("--debuglevel", type=u"string", metavar="Level",
1687
parser.add_option("--debuglevel", type=u"string", metavar="LEVEL",
1655
1688
help=u"Debug level for stdout output")
1656
1689
parser.add_option("--priority", type=u"string", help=u"GnuTLS"
1657
1690
u" priority string (see GnuTLS documentation)")
1755
1788
gnutls_priority=
1756
1789
server_settings[u"priority"],
1757
1790
use_dbus=use_dbus)
1758
pidfilename = u"/var/run/mandos.pid"
1760
pidfile = open(pidfilename, u"w")
1762
logger.error(u"Could not open file %r", pidfilename)
1792
pidfilename = u"/var/run/mandos.pid"
1794
pidfile = open(pidfilename, u"w")
1796
logger.error(u"Could not open file %r", pidfilename)
1765
1799
uid = pwd.getpwnam(u"_mandos").pw_uid
1867
1901
if not tcp_server.clients:
1868
1902
logger.warning(u"No clients defined")
1873
pidfile.write(str(pid) + "\n")
1876
logger.error(u"Could not write to file %r with PID %d",
1879
# "pidfile" was never created
1908
pidfile.write(str(pid) + "\n")
1911
logger.error(u"Could not write to file %r with PID %d",
1914
# "pidfile" was never created
1884
1918
signal.signal(signal.SIGINT, signal.SIG_IGN)
1885
1920
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
1886
1921
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())