/mandos/trunk : revision 482

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

Committer: Teddy Hogeborn
Date: 2011-04-02 06:37:18 UTC
Revision ID: teddy@fukt.bsnet.se-20110402063718-13ldrcuu0t33sdc4

* mandos: Tolerate restarting Avahi servers.  Also Changed to new
          "except x as y" exception syntax.
  (AvahiService.entry_group_state_changed_match): New; contains the
                                                  SignalMatch object.
  (AvahiService.remove): Really remove the group and the signal
                         connection, if any.
  (AvahiService.add): Always create a new group and signal connection.
  (AvahiService.cleanup): Changed to simply call remove().
  (AvahiService.server_state_changed): Handle and log more bad states.
  (AvahiService.activate): Set "follow_name_owner_changes=True" on the
                           Avahi Server proxy object.
  (ClientDBus.checked_ok): Do not return anything.
  (ClientDBus.CheckedOK): Do not return anything, as documented.
* mandos-monitor: Call D-Bus methods asynchronously.

files removed:
intro.xml

files modified:
DBUS-API

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/control

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos

SO_BINDTODEVICE = None

version = "1.3.1"

version = "1.3.0"

#logger = logging.getLogger('mandos')

logger = logging.Logger('mandos')

176

self.rename_count += 1

177

def remove(self):

178

"""Derived from the Avahi example code"""

179

if self.group is not None:

180

try:

181

self.group.Free()

182

except (dbus.exceptions.UnknownMethodException,

183

dbus.exceptions.DBusException) as e:

184

pass

185

self.group = None

179

186

if self.entry_group_state_changed_match is not None:

180

187

self.entry_group_state_changed_match.remove()

181

188

self.entry_group_state_changed_match = None

182

if self.group is not None:

183

self.group.Reset()

184

189

def add(self):

185

190

"""Derived from the Avahi example code"""

186

191

self.remove()

187

if self.group is None:

188

self.group = dbus.Interface(

189

self.bus.get_object(avahi.DBUS_NAME,

190

self.server.EntryGroupNew()),

191

avahi.DBUS_INTERFACE_ENTRY_GROUP)

192

self.group = dbus.Interface(

193

self.bus.get_object(avahi.DBUS_NAME,

194

self.server.EntryGroupNew(),

195

follow_name_owner_changes=True),

196

avahi.DBUS_INTERFACE_ENTRY_GROUP)

192

197

self.entry_group_state_changed_match = (

193

198

self.group.connect_to_signal(

194

199

'StateChanged', self .entry_group_state_changed))

219

224

% unicode(error))

220

225

def cleanup(self):

221

226

"""Derived from the Avahi example code"""

222

if self.group is not None:

223

try:

224

self.group.Free()

225

except (dbus.exceptions.UnknownMethodException,

226

dbus.exceptions.DBusException) as e:

227

pass

228

self.group = None

229

227

self.remove()

230

228

def server_state_changed(self, state, error=None):

231

229

"""Derived from the Avahi example code"""

238

236

avahi.SERVER_FAILURE:

239

237

"Zeroconf server failure" }

240

238

if state in bad_states:

241

if bad_states[state] is not None:

242

if error is None:

243

logger.error(bad_states[state])

244

else:

245

logger.error(bad_states[state] + ": %r", error)

246

self.cleanup()

239

if bad_states[state]:

240

logger.error(bad_states[state])

241

self.remove()

247

242

elif state == avahi.SERVER_RUNNING:

248

243

self.add()

249

244

else:

250

if error is None:

251

logger.debug("Unknown state: %r", state)

252

else:

253

logger.debug("Unknown state: %r: %r", state, error)

245

logger.debug("Unknown state: %r", state)

254

246

def activate(self):

255

247

"""Derived from the Avahi example code"""

256

248

if self.server is None:

264

256

self.server_state_changed(self.server.GetState())

265

257

266

258

267

def _timedelta_to_milliseconds(td):

268

"Convert a datetime.timedelta() to milliseconds"

269

return ((td.days * 24 * 60 * 60 * 1000)

270

+ (td.seconds * 1000)

271

+ (td.microseconds // 1000))

272

273

259

class Client(object):

274

260

"""A representation of a client host served by this server.

275

261

303

289

secret: bytestring; sent verbatim (over TLS) to client

304

290

timeout: datetime.timedelta(); How long from last_checked_ok

305

291

until this client is disabled

306

extended_timeout: extra long timeout when password has been sent

307

292

runtime_expansions: Allowed attributes for runtime expansion.

308

expires: datetime.datetime(); time (UTC) when a client will be

309

disabled, or None

310

293

"""

311

294

312

295

runtime_expansions = ("approval_delay", "approval_duration",

314

297

"host", "interval", "last_checked_ok",

315

298

"last_enabled", "name", "timeout")

316

299

300

@staticmethod

301

def _timedelta_to_milliseconds(td):

302

"Convert a datetime.timedelta() to milliseconds"

303

return ((td.days * 24 * 60 * 60 * 1000)

304

+ (td.seconds * 1000)

305

+ (td.microseconds // 1000))

306

317

307

def timeout_milliseconds(self):

318

308

"Return the 'timeout' attribute in milliseconds"

319

return _timedelta_to_milliseconds(self.timeout)

320

321

def extended_timeout_milliseconds(self):

322

"Return the 'extended_timeout' attribute in milliseconds"

323

return _timedelta_to_milliseconds(self.extended_timeout)

309

return self._timedelta_to_milliseconds(self.timeout)

324

310

325

311

def interval_milliseconds(self):

326

312

"Return the 'interval' attribute in milliseconds"

327

return _timedelta_to_milliseconds(self.interval)

328

313

return self._timedelta_to_milliseconds(self.interval)

314

329

315

def approval_delay_milliseconds(self):

330

return _timedelta_to_milliseconds(self.approval_delay)

316

return self._timedelta_to_milliseconds(self.approval_delay)

331

317

332

318

def __init__(self, name = None, disable_hook=None, config=None):

333

319

"""Note: the 'checker' key in 'config' sets the

360

346

self.last_enabled = None

361

347

self.last_checked_ok = None

362

348

self.timeout = string_to_delta(config["timeout"])

363

self.extended_timeout = string_to_delta(config["extended_timeout"])

364

349

self.interval = string_to_delta(config["interval"])

365

350

self.disable_hook = disable_hook

366

351

self.checker = None

367

352

self.checker_initiator_tag = None

368

353

self.disable_initiator_tag = None

369

self.expires = None

370

354

self.checker_callback_tag = None

371

355

self.checker_command = config["checker"]

372

356

self.current_checker_command = None

392

376

# Already enabled

393

377

return

394

378

self.send_changedstate()

379

self.last_enabled = datetime.datetime.utcnow()

395

380

# Schedule a new checker to be started an 'interval' from now,

396

381

# and every interval from then on.

397

382

self.checker_initiator_tag = (gobject.timeout_add

398

383

(self.interval_milliseconds(),

399

384

self.start_checker))

400

385

# Schedule a disable() when 'timeout' has passed

401

self.expires = datetime.datetime.utcnow() + self.timeout

402

386

self.disable_initiator_tag = (gobject.timeout_add

403

387

(self.timeout_milliseconds(),

404

388

self.disable))

405

389

self.enabled = True

406

self.last_enabled = datetime.datetime.utcnow()

407

390

# Also start a new checker *right now*.

408

391

self.start_checker()

409

392

418

401

if getattr(self, "disable_initiator_tag", False):

419

402

gobject.source_remove(self.disable_initiator_tag)

420

403

self.disable_initiator_tag = None

421

self.expires = None

422

404

if getattr(self, "checker_initiator_tag", False):

423

405

gobject.source_remove(self.checker_initiator_tag)

424

406

self.checker_initiator_tag = None

450

432

logger.warning("Checker for %(name)s crashed?",

451

433

vars(self))

452

434

453

def checked_ok(self, timeout=None):

435

def checked_ok(self):

454

436

"""Bump up the timeout for this client.

455

437

456

438

This should only be called when the client has been seen,

457

439

alive and well.

458

440

"""

459

if timeout is None:

460

timeout = self.timeout

461

441

self.last_checked_ok = datetime.datetime.utcnow()

462

442

gobject.source_remove(self.disable_initiator_tag)

463

self.expires = datetime.datetime.utcnow() + timeout

464

443

self.disable_initiator_tag = (gobject.timeout_add

465

(_timedelta_to_milliseconds(timeout),

444

(self.timeout_milliseconds(),

466

445

self.disable))

467

446

468

447

def need_approval(self):

509

488

'replace')))

510

489

for attr in

511

490

self.runtime_expansions)

512

491

513

492

try:

514

493

command = self.checker_command % escaped_attrs

515

494

except TypeError as error:

561

540

raise

562

541

self.checker = None

563

542

564

565

543

def dbus_service_property(dbus_interface, signature="v",

566

544

access="readwrite", byte_arrays=False):

567

545

"""Decorators for marking methods of a DBusObjectWithProperties to

613

591

614

592

class DBusObjectWithProperties(dbus.service.Object):

615

593

"""A D-Bus object with properties.

616

594

617

595

Classes inheriting from this can use the dbus_service_property

618

596

decorator to expose methods as D-Bus properties. It exposes the

619

597

standard Get(), Set(), and GetAll() methods on the D-Bus.

683

661

def GetAll(self, interface_name):

684

662

"""Standard D-Bus property GetAll() method, see D-Bus

685

663

standard.

686

664

687

665

Note: Will not include properties with access="write".

688

666

"""

689

667

all = {}

751

729

return xmlstring

752

730

753

731

754

def datetime_to_dbus (dt, variant_level=0):

755

"""Convert a UTC datetime.datetime() to a D-Bus type."""

756

if dt is None:

757

return dbus.String("", variant_level = variant_level)

758

return dbus.String(dt.isoformat(),

759

variant_level=variant_level)

760

761

762

732

class ClientDBus(Client, DBusObjectWithProperties):

763

733

"""A Client class using D-Bus

764

734

786

756

DBusObjectWithProperties.__init__(self, self.bus,

787

757

self.dbus_object_path)

788

758

789

def notifychangeproperty(transform_func,

790

dbus_name, type_func=lambda x: x,

791

variant_level=1):

792

""" Modify a variable so that its a property that announce its

793

changes to DBus.

794

transform_fun: Function that takes a value and transform it to

795

DBus type.

796

dbus_name: DBus name of the variable

797

type_func: Function that transform the value before sending it

798

to DBus

799

variant_level: DBus variant level. default: 1

800

"""

801

real_value = [None,]

802

def setter(self, value):

803

old_value = real_value[0]

804

real_value[0] = value

805

if hasattr(self, "dbus_object_path"):

806

if type_func(old_value) != type_func(real_value[0]):

807

dbus_value = transform_func(type_func(real_value[0]),

808

variant_level)

809

self.PropertyChanged(dbus.String(dbus_name),

810

dbus_value)

811

812

return property(lambda self: real_value[0], setter)

813

814

815

expires = notifychangeproperty(datetime_to_dbus, "Expires")

816

approvals_pending = notifychangeproperty(dbus.Boolean,

817

"ApprovalPending",

818

type_func = bool)

819

enabled = notifychangeproperty(dbus.Boolean, "Enabled")

820

last_enabled = notifychangeproperty(datetime_to_dbus,

821

"LastEnabled")

822

checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",

823

type_func = lambda checker: checker is not None)

824

last_checked_ok = notifychangeproperty(datetime_to_dbus,

825

"LastCheckedOK")

826

last_approval_request = notifychangeproperty(datetime_to_dbus,

827

"LastApprovalRequest")

828

approved_by_default = notifychangeproperty(dbus.Boolean,

829

"ApprovedByDefault")

830

approval_delay = notifychangeproperty(dbus.UInt16, "ApprovalDelay",

831