/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

  • Committer: Teddy Hogeborn
  • Date: 2011-04-02 06:37:18 UTC
  • Revision ID: teddy@fukt.bsnet.se-20110402063718-13ldrcuu0t33sdc4
* mandos: Tolerate restarting Avahi servers.  Also Changed to new
          "except x as y" exception syntax.
  (AvahiService.entry_group_state_changed_match): New; contains the
                                                  SignalMatch object.
  (AvahiService.remove): Really remove the group and the signal
                         connection, if any.
  (AvahiService.add): Always create a new group and signal connection.
  (AvahiService.cleanup): Changed to simply call remove().
  (AvahiService.server_state_changed): Handle and log more bad states.
  (AvahiService.activate): Set "follow_name_owner_changes=True" on the
                           Avahi Server proxy object.
  (ClientDBus.checked_ok): Do not return anything.
  (ClientDBus.CheckedOK): Do not return anything, as documented.
* mandos-monitor: Call D-Bus methods asynchronously.

Show diffs side-by-side

added added

removed removed

Lines of Context:
36
36
 
37
37
import SocketServer as socketserver
38
38
import socket
39
 
import optparse
 
39
import argparse
40
40
import datetime
41
41
import errno
42
42
import gnutls.crypto
82
82
        SO_BINDTODEVICE = None
83
83
 
84
84
 
85
 
version = "1.2.3"
 
85
version = "1.3.0"
86
86
 
87
87
#logger = logging.getLogger('mandos')
88
88
logger = logging.Logger('mandos')
151
151
        self.group = None       # our entry group
152
152
        self.server = None
153
153
        self.bus = bus
 
154
        self.entry_group_state_changed_match = None
154
155
    def rename(self):
155
156
        """Derived from the Avahi example code"""
156
157
        if self.rename_count >= self.max_renames:
168
169
        self.remove()
169
170
        try:
170
171
            self.add()
171
 
        except dbus.exceptions.DBusException, error:
 
172
        except dbus.exceptions.DBusException as error:
172
173
            logger.critical("DBusException: %s", error)
173
174
            self.cleanup()
174
175
            os._exit(1)
176
177
    def remove(self):
177
178
        """Derived from the Avahi example code"""
178
179
        if self.group is not None:
179
 
            self.group.Reset()
 
180
            try:
 
181
                self.group.Free()
 
182
            except (dbus.exceptions.UnknownMethodException,
 
183
                    dbus.exceptions.DBusException) as e:
 
184
                pass
 
185
            self.group = None
 
186
        if self.entry_group_state_changed_match is not None:
 
187
            self.entry_group_state_changed_match.remove()
 
188
            self.entry_group_state_changed_match = None
180
189
    def add(self):
181
190
        """Derived from the Avahi example code"""
182
 
        if self.group is None:
183
 
            self.group = dbus.Interface(
184
 
                self.bus.get_object(avahi.DBUS_NAME,
185
 
                                    self.server.EntryGroupNew()),
186
 
                avahi.DBUS_INTERFACE_ENTRY_GROUP)
187
 
            self.group.connect_to_signal('StateChanged',
188
 
                                         self
189
 
                                         .entry_group_state_changed)
 
191
        self.remove()
 
192
        self.group = dbus.Interface(
 
193
            self.bus.get_object(avahi.DBUS_NAME,
 
194
                                self.server.EntryGroupNew(),
 
195
                                follow_name_owner_changes=True),
 
196
            avahi.DBUS_INTERFACE_ENTRY_GROUP)
 
197
        self.entry_group_state_changed_match = (
 
198
            self.group.connect_to_signal(
 
199
                'StateChanged', self .entry_group_state_changed))
190
200
        logger.debug("Adding Zeroconf service '%s' of type '%s' ...",
191
201
                     self.name, self.type)
192
202
        self.group.AddService(
214
224
                                  % unicode(error))
215
225
    def cleanup(self):
216
226
        """Derived from the Avahi example code"""
217
 
        if self.group is not None:
218
 
            self.group.Free()
219
 
            self.group = None
220
 
    def server_state_changed(self, state):
 
227
        self.remove()
 
228
    def server_state_changed(self, state, error=None):
221
229
        """Derived from the Avahi example code"""
222
230
        logger.debug("Avahi server state change: %i", state)
223
 
        if state == avahi.SERVER_COLLISION:
224
 
            logger.error("Zeroconf server name collision")
 
231
        bad_states = { avahi.SERVER_INVALID:
 
232
                           "Zeroconf server invalid",
 
233
                       avahi.SERVER_REGISTERING: None,
 
234
                       avahi.SERVER_COLLISION:
 
235
                           "Zeroconf server name collision",
 
236
                       avahi.SERVER_FAILURE:
 
237
                           "Zeroconf server failure" }
 
238
        if state in bad_states:
 
239
            if bad_states[state]:
 
240
                logger.error(bad_states[state])
225
241
            self.remove()
226
242
        elif state == avahi.SERVER_RUNNING:
227
243
            self.add()
 
244
        else:
 
245
            logger.debug("Unknown state: %r", state)
228
246
    def activate(self):
229
247
        """Derived from the Avahi example code"""
230
248
        if self.server is None:
231
249
            self.server = dbus.Interface(
232
250
                self.bus.get_object(avahi.DBUS_NAME,
233
 
                                    avahi.DBUS_PATH_SERVER),
 
251
                                    avahi.DBUS_PATH_SERVER,
 
252
                                    follow_name_owner_changes=True),
234
253
                avahi.DBUS_INTERFACE_SERVER)
235
254
        self.server.connect_to_signal("StateChanged",
236
255
                                 self.server_state_changed)
445
464
        # If a checker exists, make sure it is not a zombie
446
465
        try:
447
466
            pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
448
 
        except (AttributeError, OSError), error:
 
467
        except (AttributeError, OSError) as error:
449
468
            if (isinstance(error, OSError)
450
469
                and error.errno != errno.ECHILD):
451
470
                raise error
472
491
 
473
492
                try:
474
493
                    command = self.checker_command % escaped_attrs
475
 
                except TypeError, error:
 
494
                except TypeError as error:
476
495
                    logger.error('Could not format string "%s":'
477
496
                                 ' %s', self.checker_command, error)
478
497
                    return True # Try again later
497
516
                if pid:
498
517
                    gobject.source_remove(self.checker_callback_tag)
499
518
                    self.checker_callback(pid, status, command)
500
 
            except OSError, error:
 
519
            except OSError as error:
501
520
                logger.error("Failed to start subprocess: %s",
502
521
                             error)
503
522
        # Re-run this periodically if run by gobject.timeout_add
516
535
            #time.sleep(0.5)
517
536
            #if self.checker.poll() is None:
518
537
            #    os.kill(self.checker.pid, signal.SIGKILL)
519
 
        except OSError, error:
 
538
        except OSError as error:
520
539
            if error.errno != errno.ESRCH: # No such process
521
540
                raise
522
541
        self.checker = None
704
723
            xmlstring = document.toxml("utf-8")
705
724
            document.unlink()
706
725
        except (AttributeError, xml.dom.DOMException,
707
 
                xml.parsers.expat.ExpatError), error:
 
726
                xml.parsers.expat.ExpatError) as error:
708
727
            logger.error("Failed to override Introspection method",
709
728
                         error)
710
729
        return xmlstring
813
832
                                       *args, **kwargs)
814
833
    
815
834
    def checked_ok(self, *args, **kwargs):
816
 
        r = Client.checked_ok(self, *args, **kwargs)
 
835
        Client.checked_ok(self, *args, **kwargs)
817
836
        # Emit D-Bus signal
818
837
        self.PropertyChanged(
819
838
            dbus.String("LastCheckedOK"),
820
839
            (self._datetime_to_dbus(self.last_checked_ok,
821
840
                                    variant_level=1)))
822
 
        return r
823
841
    
824
842
    def need_approval(self, *args, **kwargs):
825
843
        r = Client.need_approval(self, *args, **kwargs)
922
940
    # CheckedOK - method
923
941
    @dbus.service.method(_interface)
924
942
    def CheckedOK(self):
925
 
        return self.checked_ok()
 
943
        self.checked_ok()
926
944
    
927
945
    # Enable - method
928
946
    @dbus.service.method(_interface)
1204
1222
            try:
1205
1223
                if int(line.strip().split()[0]) > 1:
1206
1224
                    raise RuntimeError
1207
 
            except (ValueError, IndexError, RuntimeError), error:
 
1225
            except (ValueError, IndexError, RuntimeError) as error:
1208
1226
                logger.error("Unknown protocol version: %s", error)
1209
1227
                return
1210
1228
 
1211
1229
            # Start GnuTLS connection
1212
1230
            try:
1213
1231
                session.handshake()
1214
 
            except gnutls.errors.GNUTLSError, error:
 
1232
            except gnutls.errors.GNUTLSError as error:
1215
1233
                logger.warning("Handshake failed: %s", error)
1216
1234
                # Do not run session.bye() here: the session is not
1217
1235
                # established.  Just abandon the request.
1223
1241
                try:
1224
1242
                    fpr = self.fingerprint(self.peer_certificate
1225
1243
                                           (session))
1226
 
                except (TypeError, gnutls.errors.GNUTLSError), error:
 
1244
                except (TypeError,
 
1245
                        gnutls.errors.GNUTLSError) as error:
1227
1246
                    logger.warning("Bad certificate: %s", error)
1228
1247
                    return
1229
1248
                logger.debug("Fingerprint: %s", fpr)
1292
1311
                while sent_size < len(client.secret):
1293
1312
                    try:
1294
1313
                        sent = session.send(client.secret[sent_size:])
1295
 
                    except (gnutls.errors.GNUTLSError), error:
 
1314
                    except gnutls.errors.GNUTLSError as error:
1296
1315
                        logger.warning("gnutls send failed")
1297
1316
                        return
1298
1317
                    logger.debug("Sent: %d, remaining: %d",
1312
1331
                    client.approvals_pending -= 1
1313
1332
                try:
1314
1333
                    session.bye()
1315
 
                except (gnutls.errors.GNUTLSError), error:
 
1334
                except gnutls.errors.GNUTLSError as error:
1316
1335
                    logger.warning("GnuTLS bye failed")
1317
1336
    
1318
1337
    @staticmethod
1442
1461
                                           SO_BINDTODEVICE,
1443
1462
                                           str(self.interface
1444
1463
                                               + '\0'))
1445
 
                except socket.error, error:
 
1464
                except socket.error as error:
1446
1465
                    if error[0] == errno.EPERM:
1447
1466
                        logger.error("No permission to"
1448
1467
                                     " bind to interface %s",
1613
1632
                delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
1614
1633
            else:
1615
1634
                raise ValueError("Unknown suffix %r" % suffix)
1616
 
        except (ValueError, IndexError), e:
 
1635
        except (ValueError, IndexError) as e:
1617
1636
            raise ValueError(*(e.args))
1618
1637
        timevalue += delta
1619
1638
    return timevalue
1673
1692
    ##################################################################
1674
1693
    # Parsing of options, both command line and config file
1675
1694
    
1676
 
    parser = optparse.OptionParser(version = "%%prog %s" % version)
1677
 
    parser.add_option("-i", "--interface", type="string",
1678
 
                      metavar="IF", help="Bind to interface IF")
1679
 
    parser.add_option("-a", "--address", type="string",
1680
 
                      help="Address to listen for requests on")
1681
 
    parser.add_option("-p", "--port", type="int",
1682
 
                      help="Port number to receive requests on")
1683
 
    parser.add_option("--check", action="store_true",
1684
 
                      help="Run self-test")
1685
 
    parser.add_option("--debug", action="store_true",
1686
 
                      help="Debug mode; run in foreground and log to"
1687
 
                      " terminal")
1688
 
    parser.add_option("--debuglevel", type="string", metavar="LEVEL",
1689
 
                      help="Debug level for stdout output")
1690
 
    parser.add_option("--priority", type="string", help="GnuTLS"
1691
 
                      " priority string (see GnuTLS documentation)")
1692
 
    parser.add_option("--servicename", type="string",
1693
 
                      metavar="NAME", help="Zeroconf service name")
1694
 
    parser.add_option("--configdir", type="string",
1695
 
                      default="/etc/mandos", metavar="DIR",
1696
 
                      help="Directory to search for configuration"
1697
 
                      " files")
1698
 
    parser.add_option("--no-dbus", action="store_false",
1699
 
                      dest="use_dbus", help="Do not provide D-Bus"
1700
 
                      " system bus interface")
1701
 
    parser.add_option("--no-ipv6", action="store_false",
1702
 
                      dest="use_ipv6", help="Do not use IPv6")
1703
 
    options = parser.parse_args()[0]
 
1695
    parser = argparse.ArgumentParser()
 
1696
    parser.add_argument("-v", "--version", action="version",
 
1697
                        version = "%%(prog)s %s" % version,
 
1698
                        help="show version number and exit")
 
1699
    parser.add_argument("-i", "--interface", metavar="IF",
 
1700
                        help="Bind to interface IF")
 
1701
    parser.add_argument("-a", "--address",
 
1702
                        help="Address to listen for requests on")
 
1703
    parser.add_argument("-p", "--port", type=int,
 
1704
                        help="Port number to receive requests on")
 
1705
    parser.add_argument("--check", action="store_true",
 
1706
                        help="Run self-test")
 
1707
    parser.add_argument("--debug", action="store_true",
 
1708
                        help="Debug mode; run in foreground and log"
 
1709
                        " to terminal")
 
1710
    parser.add_argument("--debuglevel", metavar="LEVEL",
 
1711
                        help="Debug level for stdout output")
 
1712
    parser.add_argument("--priority", help="GnuTLS"
 
1713
                        " priority string (see GnuTLS documentation)")
 
1714
    parser.add_argument("--servicename",
 
1715
                        metavar="NAME", help="Zeroconf service name")
 
1716
    parser.add_argument("--configdir",
 
1717
                        default="/etc/mandos", metavar="DIR",
 
1718
                        help="Directory to search for configuration"
 
1719
                        " files")
 
1720
    parser.add_argument("--no-dbus", action="store_false",
 
1721
                        dest="use_dbus", help="Do not provide D-Bus"
 
1722
                        " system bus interface")
 
1723
    parser.add_argument("--no-ipv6", action="store_false",
 
1724
                        dest="use_ipv6", help="Do not use IPv6")
 
1725
    options = parser.parse_args()
1704
1726
    
1705
1727
    if options.check:
1706
1728
        import doctest
1813
1835
    try:
1814
1836
        os.setgid(gid)
1815
1837
        os.setuid(uid)
1816
 
    except OSError, error:
 
1838
    except OSError as error:
1817
1839
        if error[0] != errno.EPERM:
1818
1840
            raise error
1819
1841
    
1863
1885
        try:
1864
1886
            bus_name = dbus.service.BusName("se.bsnet.fukt.Mandos",
1865
1887
                                            bus, do_not_queue=True)
1866
 
        except dbus.exceptions.NameExistsException, e:
 
1888
        except dbus.exceptions.NameExistsException as e:
1867
1889
            logger.error(unicode(e) + ", disabling D-Bus")
1868
1890
            use_dbus = False
1869
1891
            server_settings["use_dbus"] = False
2019
2041
        # From the Avahi example code
2020
2042
        try:
2021
2043
            service.activate()
2022
 
        except dbus.exceptions.DBusException, error:
 
2044
        except dbus.exceptions.DBusException as error:
2023
2045
            logger.critical("DBusException: %s", error)
2024
2046
            cleanup()
2025
2047
            sys.exit(1)
2032
2054
        
2033
2055
        logger.debug("Starting main loop")
2034
2056
        main_loop.run()
2035
 
    except AvahiError, error:
 
2057
    except AvahiError as error:
2036
2058
        logger.critical("AvahiError: %s", error)
2037
2059
        cleanup()
2038
2060
        sys.exit(1)