/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

  • Committer: Teddy Hogeborn
  • Date: 2011-08-08 21:12:37 UTC
  • Revision ID: teddy@fukt.bsnet.se-20110808211237-jejsz5brjytrjot8
* Makefile (DOCS): Added "intro.8mandos".
  (intro.8mandos, intro.8mandos.xhtml): New.
* README: Replaced text with link, reference and short summary.
* intro.xml: New.
* mandos-clients.conf.xml (SEE ALSO): Added "intro(8mandos)".
* mandos-ctl.xml (SEE ALSO): - '' -
* mandos-keygen.xml (SEE ALSO): - '' -
* mandos-monitor.xml (SEE ALSO): - '' -
* mandos.conf.xml (SEE ALSO): - '' -
* mandos.xml (SEE ALSO): - '' -
* plugin-runner.xml (SEE ALSO): - '' -
* plugins.d/askpass-fifo.xml (SEE ALSO): - '' -
* plugins.d/mandos-client.xml (SEE ALSO): - '' -
* plugins.d/password-prompt.xml (SEE ALSO): - '' -
* plugins.d/plymouth.xml (SEE ALSO): - '' -
* plugins.d/splashy.xml (SEE ALSO): - '' -
* plugins.d/usplash.xml (SEE ALSO): - '' -

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos
297
297
    secret:     bytestring; sent verbatim (over TLS) to client
298
298
    timeout:    datetime.timedelta(); How long from last_checked_ok
299
299
                                      until this client is disabled
300
 
    extended_timeout:   extra long timeout when password has been sent
301
300
    runtime_expansions: Allowed attributes for runtime expansion.
302
 
    expire:     datetime.datetime(); time (UTC) when a client will be
303
 
                disabled, or None
304
301
    """
305
302
    
306
303
    runtime_expansions = ("approval_delay", "approval_duration",
318
315
    def timeout_milliseconds(self):
319
316
        "Return the 'timeout' attribute in milliseconds"
320
317
        return self._timedelta_to_milliseconds(self.timeout)
321
 
 
322
 
    def extended_timeout_milliseconds(self):
323
 
        "Return the 'extended_timeout' attribute in milliseconds"
324
 
        return self._timedelta_to_milliseconds(self.extended_timeout)    
325
318
    
326
319
    def interval_milliseconds(self):
327
320
        "Return the 'interval' attribute in milliseconds"
361
354
        self.last_enabled = None
362
355
        self.last_checked_ok = None
363
356
        self.timeout = string_to_delta(config["timeout"])
364
 
        self.extended_timeout = string_to_delta(config["extended_timeout"])
365
357
        self.interval = string_to_delta(config["interval"])
366
358
        self.disable_hook = disable_hook
367
359
        self.checker = None
368
360
        self.checker_initiator_tag = None
369
361
        self.disable_initiator_tag = None
370
 
        self.expires = None
371
362
        self.checker_callback_tag = None
372
363
        self.checker_command = config["checker"]
373
364
        self.current_checker_command = None
400
391
                                      (self.interval_milliseconds(),
401
392
                                       self.start_checker))
402
393
        # Schedule a disable() when 'timeout' has passed
403
 
        self.expires = datetime.datetime.utcnow() + self.timeout
404
394
        self.disable_initiator_tag = (gobject.timeout_add
405
395
                                   (self.timeout_milliseconds(),
406
396
                                    self.disable))
419
409
        if getattr(self, "disable_initiator_tag", False):
420
410
            gobject.source_remove(self.disable_initiator_tag)
421
411
            self.disable_initiator_tag = None
422
 
        self.expires = None
423
412
        if getattr(self, "checker_initiator_tag", False):
424
413
            gobject.source_remove(self.checker_initiator_tag)
425
414
            self.checker_initiator_tag = None
451
440
            logger.warning("Checker for %(name)s crashed?",
452
441
                           vars(self))
453
442
    
454
 
    def checked_ok(self, timeout=None):
 
443
    def checked_ok(self):
455
444
        """Bump up the timeout for this client.
456
445
        
457
446
        This should only be called when the client has been seen,
458
447
        alive and well.
459
448
        """
460
 
        if timeout is None:
461
 
            timeout = self.timeout
462
449
        self.last_checked_ok = datetime.datetime.utcnow()
463
450
        gobject.source_remove(self.disable_initiator_tag)
464
 
        self.expires = datetime.datetime.utcnow() + timeout
465
451
        self.disable_initiator_tag = (gobject.timeout_add
466
 
                                      (self._timedelta_to_milliseconds(timeout),
 
452
                                      (self.timeout_milliseconds(),
467
453
                                       self.disable))
468
454
    
469
455
    def need_approval(self):
777
763
                                 ("/clients/" + client_object_name))
778
764
        DBusObjectWithProperties.__init__(self, self.bus,
779
765
                                          self.dbus_object_path)
780
 
    def _set_expires(self, value):
781
 
        old_value = getattr(self, "_expires", None)
782
 
        self._expires = value
783
 
        if hasattr(self, "dbus_object_path") and old_value != value:
784
 
            dbus_time = (self._datetime_to_dbus(self._expires,
785
 
                                                variant_level=1))
786
 
            self.PropertyChanged(dbus.String("Expires"),
787
 
                                 dbus_time)
788
 
    expires = property(lambda self: self._expires, _set_expires)
789
 
    del _set_expires
790
766
        
791
767
    def _get_approvals_pending(self):
792
768
        return self._approvals_pending
807
783
    @staticmethod
808
784
    def _datetime_to_dbus(dt, variant_level=0):
809
785
        """Convert a UTC datetime.datetime() to a D-Bus type."""
810
 
        if dt is None:
811
 
            return dbus.String("", variant_level = variant_level)
812
786
        return dbus.String(dt.isoformat(),
813
787
                           variant_level=variant_level)
814
788
    
1012
986
    def ApprovedByDefault_dbus_property(self, value=None):
1013
987
        if value is None:       # get
1014
988
            return dbus.Boolean(self.approved_by_default)
1015
 
        old_value = self.approved_by_default
1016
989
        self.approved_by_default = bool(value)
1017
990
        # Emit D-Bus signal
1018
 
        if old_value != self.approved_by_default:
1019
 
            self.PropertyChanged(dbus.String("ApprovedByDefault"),
1020
 
                                 dbus.Boolean(value, variant_level=1))
 
991
        self.PropertyChanged(dbus.String("ApprovedByDefault"),
 
992
                             dbus.Boolean(value, variant_level=1))
1021
993
    
1022
994
    # ApprovalDelay - property
1023
995
    @dbus_service_property(_interface, signature="t",
1025
997
    def ApprovalDelay_dbus_property(self, value=None):
1026
998
        if value is None:       # get
1027
999
            return dbus.UInt64(self.approval_delay_milliseconds())
1028
 
        old_value = self.approval_delay
1029
1000
        self.approval_delay = datetime.timedelta(0, 0, 0, value)
1030
1001
        # Emit D-Bus signal
1031
 
        if old_value != self.approval_delay:
1032
 
            self.PropertyChanged(dbus.String("ApprovalDelay"),
1033
 
                                 dbus.UInt64(value, variant_level=1))
 
1002
        self.PropertyChanged(dbus.String("ApprovalDelay"),
 
1003
                             dbus.UInt64(value, variant_level=1))
1034
1004
    
1035
1005
    # ApprovalDuration - property
1036
1006
    @dbus_service_property(_interface, signature="t",
1039
1009
        if value is None:       # get
1040
1010
            return dbus.UInt64(self._timedelta_to_milliseconds(
1041
1011
                    self.approval_duration))
1042
 
        old_value = self.approval_duration
1043
1012
        self.approval_duration = datetime.timedelta(0, 0, 0, value)
1044
1013
        # Emit D-Bus signal
1045
 
        if old_value != self.approval_duration:
1046
 
            self.PropertyChanged(dbus.String("ApprovalDuration"),
1047
 
                                 dbus.UInt64(value, variant_level=1))
 
1014
        self.PropertyChanged(dbus.String("ApprovalDuration"),
 
1015
                             dbus.UInt64(value, variant_level=1))
1048
1016
    
1049
1017
    # Name - property
1050
1018
    @dbus_service_property(_interface, signature="s", access="read")
1062
1030
    def Host_dbus_property(self, value=None):
1063
1031
        if value is None:       # get
1064
1032
            return dbus.String(self.host)
1065
 
        old_value = self.host
1066
1033
        self.host = value
1067
1034
        # Emit D-Bus signal
1068
 
        if old_value != self.host:
1069
 
            self.PropertyChanged(dbus.String("Host"),
1070
 
                                 dbus.String(value, variant_level=1))
 
1035
        self.PropertyChanged(dbus.String("Host"),
 
1036
                             dbus.String(value, variant_level=1))
1071
1037
    
1072
1038
    # Created - property
1073
1039
    @dbus_service_property(_interface, signature="s", access="read")
1077
1043
    # LastEnabled - property
1078
1044
    @dbus_service_property(_interface, signature="s", access="read")
1079
1045
    def LastEnabled_dbus_property(self):
1080
 
        return self._datetime_to_dbus(self.last_enabled)
 
1046
        if self.last_enabled is None:
 
1047
            return dbus.String("")
 
1048
        return dbus.String(self._datetime_to_dbus(self.last_enabled))
1081
1049
    
1082
1050
    # Enabled - property
1083
1051
    @dbus_service_property(_interface, signature="b",
1097
1065
        if value is not None:
1098
1066
            self.checked_ok()
1099
1067
            return
1100
 
        return self._datetime_to_dbus(self.last_checked_ok)
1101
 
    
1102
 
    # Expires - property
1103
 
    @dbus_service_property(_interface, signature="s", access="read")
1104
 
    def Expires_dbus_property(self):
1105
 
        return self._datetime_to_dbus(self.expires)
 
1068
        if self.last_checked_ok is None:
 
1069
            return dbus.String("")
 
1070
        return dbus.String(self._datetime_to_dbus(self
 
1071
                                                  .last_checked_ok))
1106
1072
    
1107
1073
    # LastApprovalRequest - property
1108
1074
    @dbus_service_property(_interface, signature="s", access="read")
1109
1075
    def LastApprovalRequest_dbus_property(self):
1110
 
        return self._datetime_to_dbus(self.last_approval_request)
 
1076
        if self.last_approval_request is None:
 
1077
            return dbus.String("")
 
1078
        return dbus.String(self.
 
1079
                           _datetime_to_dbus(self
 
1080
                                             .last_approval_request))
1111
1081
    
1112
1082
    # Timeout - property
1113
1083
    @dbus_service_property(_interface, signature="t",
1115
1085
    def Timeout_dbus_property(self, value=None):
1116
1086
        if value is None:       # get
1117
1087
            return dbus.UInt64(self.timeout_milliseconds())
1118
 
        old_value = self.timeout
1119
1088
        self.timeout = datetime.timedelta(0, 0, 0, value)
1120
1089
        # Emit D-Bus signal
1121
 
        if old_value != self.timeout:
1122
 
            self.PropertyChanged(dbus.String("Timeout"),
1123
 
                                 dbus.UInt64(value, variant_level=1))
 
1090
        self.PropertyChanged(dbus.String("Timeout"),
 
1091
                             dbus.UInt64(value, variant_level=1))
1124
1092
        if getattr(self, "disable_initiator_tag", None) is None:
1125
1093
            return
1126
1094
        # Reschedule timeout
1127
1095
        gobject.source_remove(self.disable_initiator_tag)
1128
1096
        self.disable_initiator_tag = None
1129
 
        self.expires = None
1130
1097
        time_to_die = (self.
1131
1098
                       _timedelta_to_milliseconds((self
1132
1099
                                                   .last_checked_ok
1137
1104
            # The timeout has passed
1138
1105
            self.disable()
1139
1106
        else:
1140
 
            self.expires = (datetime.datetime.utcnow()
1141
 
                            + datetime.timedelta(milliseconds = time_to_die))
1142
1107
            self.disable_initiator_tag = (gobject.timeout_add
1143
1108
                                          (time_to_die, self.disable))
1144
 
 
1145
 
    # ExtendedTimeout - property
1146
 
    @dbus_service_property(_interface, signature="t",
1147
 
                           access="readwrite")
1148
 
    def ExtendedTimeout_dbus_property(self, value=None):
1149
 
        if value is None:       # get
1150
 
            return dbus.UInt64(self.extended_timeout_milliseconds())
1151
 
        old_value = self.extended_timeout
1152
 
        self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1153
 
        # Emit D-Bus signal
1154
 
        if old_value != self.extended_timeout:
1155
 
            self.PropertyChanged(dbus.String("ExtendedTimeout"),
1156
 
                                 dbus.UInt64(value, variant_level=1))
1157
 
 
 
1109
    
1158
1110
    # Interval - property
1159
1111
    @dbus_service_property(_interface, signature="t",
1160
1112
                           access="readwrite")
1161
1113
    def Interval_dbus_property(self, value=None):
1162
1114
        if value is None:       # get
1163
1115
            return dbus.UInt64(self.interval_milliseconds())
1164
 
        old_value = self.interval
1165
1116
        self.interval = datetime.timedelta(0, 0, 0, value)
1166
1117
        # Emit D-Bus signal
1167
 
        if old_value != self.interval:
1168
 
            self.PropertyChanged(dbus.String("Interval"),
1169
 
                                 dbus.UInt64(value, variant_level=1))
 
1118
        self.PropertyChanged(dbus.String("Interval"),
 
1119
                             dbus.UInt64(value, variant_level=1))
1170
1120
        if getattr(self, "checker_initiator_tag", None) is None:
1171
1121
            return
1172
1122
        # Reschedule checker run
1181
1131
    def Checker_dbus_property(self, value=None):
1182
1132
        if value is None:       # get
1183
1133
            return dbus.String(self.checker_command)
1184
 
        old_value = self.checker_command
1185
1134
        self.checker_command = value
1186
1135
        # Emit D-Bus signal
1187
 
        if old_value != self.checker_command:
1188
 
            self.PropertyChanged(dbus.String("Checker"),
1189
 
                                 dbus.String(self.checker_command,
1190
 
                                             variant_level=1))
 
1136
        self.PropertyChanged(dbus.String("Checker"),
 
1137
                             dbus.String(self.checker_command,
 
1138
                                         variant_level=1))
1191
1139
    
1192
1140
    # CheckerRunning - property
1193
1141
    @dbus_service_property(_interface, signature="b",
1381
1329
 
1382
1330
                logger.info("Sending secret to %s", client.name)
1383
1331
                # bump the timeout as if seen
1384
 
                client.checked_ok(client.extended_timeout)
 
1332
                client.checked_ok()
1385
1333
                if self.server.use_dbus:
1386
1334
                    # Emit D-Bus signal
1387
1335
                    client.GotSecret()
1848
1796
                                % server_settings["servicename"]))
1849
1797
    
1850
1798
    # Parse config file with clients
1851
 
    client_defaults = { "timeout": "5m",
1852
 
                        "extended_timeout": "15m",
1853
 
                        "interval": "2m",
 
1799
    client_defaults = { "timeout": "1h",
 
1800
                        "interval": "5m",
1854
1801
                        "checker": "fping -q -- %%(host)s",
1855
1802
                        "host": "",
1856
1803
                        "approval_delay": "0s",