126
148
self.rename_count = 0
127
149
self.max_renames = max_renames
128
150
self.protocol = protocol
151
self.group = None # our entry group
154
self.entry_group_state_changed_match = None
129
155
def rename(self):
130
156
"""Derived from the Avahi example code"""
131
157
if self.rename_count >= self.max_renames:
132
logger.critical(u"No suitable Zeroconf service name found"
133
u" after %i retries, exiting.",
158
logger.critical("No suitable Zeroconf service name found"
159
" after %i retries, exiting.",
134
160
self.rename_count)
135
raise AvahiServiceError(u"Too many renames")
136
self.name = server.GetAlternativeServiceName(self.name)
137
logger.info(u"Changing Zeroconf service name to %r ...",
161
raise AvahiServiceError("Too many renames")
162
self.name = unicode(self.server.GetAlternativeServiceName(self.name))
163
logger.info("Changing Zeroconf service name to %r ...",
139
165
syslogger.setFormatter(logging.Formatter
140
166
('Mandos (%s) [%%(process)d]:'
141
167
' %%(levelname)s: %%(message)s'
172
except dbus.exceptions.DBusException as error:
173
logger.critical("DBusException: %s", error)
145
176
self.rename_count += 1
146
177
def remove(self):
147
178
"""Derived from the Avahi example code"""
148
if group is not None:
179
if self.entry_group_state_changed_match is not None:
180
self.entry_group_state_changed_match.remove()
181
self.entry_group_state_changed_match = None
182
if self.group is not None:
151
185
"""Derived from the Avahi example code"""
154
group = dbus.Interface(bus.get_object
156
server.EntryGroupNew()),
157
avahi.DBUS_INTERFACE_ENTRY_GROUP)
158
group.connect_to_signal('StateChanged',
159
entry_group_state_changed)
160
logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",
161
service.name, service.type)
163
self.interface, # interface
164
self.protocol, # protocol
165
dbus.UInt32(0), # flags
166
self.name, self.type,
167
self.domain, self.host,
168
dbus.UInt16(self.port),
169
avahi.string_array_to_txt_array(self.TXT))
172
# From the Avahi example code:
173
group = None # our entry group
174
# End of Avahi example code
177
def _datetime_to_dbus(dt, variant_level=0):
178
"""Convert a UTC datetime.datetime() to a D-Bus type."""
179
return dbus.String(dt.isoformat(), variant_level=variant_level)
182
class Client(dbus.service.Object):
187
if self.group is None:
188
self.group = dbus.Interface(
189
self.bus.get_object(avahi.DBUS_NAME,
190
self.server.EntryGroupNew()),
191
avahi.DBUS_INTERFACE_ENTRY_GROUP)
192
self.entry_group_state_changed_match = (
193
self.group.connect_to_signal(
194
'StateChanged', self .entry_group_state_changed))
195
logger.debug("Adding Zeroconf service '%s' of type '%s' ...",
196
self.name, self.type)
197
self.group.AddService(
200
dbus.UInt32(0), # flags
201
self.name, self.type,
202
self.domain, self.host,
203
dbus.UInt16(self.port),
204
avahi.string_array_to_txt_array(self.TXT))
206
def entry_group_state_changed(self, state, error):
207
"""Derived from the Avahi example code"""
208
logger.debug("Avahi entry group state change: %i", state)
210
if state == avahi.ENTRY_GROUP_ESTABLISHED:
211
logger.debug("Zeroconf service established.")
212
elif state == avahi.ENTRY_GROUP_COLLISION:
213
logger.info("Zeroconf service name collision.")
215
elif state == avahi.ENTRY_GROUP_FAILURE:
216
logger.critical("Avahi: Error in group state changed %s",
218
raise AvahiGroupError("State changed: %s"
221
"""Derived from the Avahi example code"""
222
if self.group is not None:
225
except (dbus.exceptions.UnknownMethodException,
226
dbus.exceptions.DBusException) as e:
230
def server_state_changed(self, state, error=None):
231
"""Derived from the Avahi example code"""
232
logger.debug("Avahi server state change: %i", state)
233
bad_states = { avahi.SERVER_INVALID:
234
"Zeroconf server invalid",
235
avahi.SERVER_REGISTERING: None,
236
avahi.SERVER_COLLISION:
237
"Zeroconf server name collision",
238
avahi.SERVER_FAILURE:
239
"Zeroconf server failure" }
240
if state in bad_states:
241
if bad_states[state] is not None:
243
logger.error(bad_states[state])
245
logger.error(bad_states[state] + ": %r", error)
247
elif state == avahi.SERVER_RUNNING:
251
logger.debug("Unknown state: %r", state)
253
logger.debug("Unknown state: %r: %r", state, error)
255
"""Derived from the Avahi example code"""
256
if self.server is None:
257
self.server = dbus.Interface(
258
self.bus.get_object(avahi.DBUS_NAME,
259
avahi.DBUS_PATH_SERVER,
260
follow_name_owner_changes=True),
261
avahi.DBUS_INTERFACE_SERVER)
262
self.server.connect_to_signal("StateChanged",
263
self.server_state_changed)
264
self.server_state_changed(self.server.GetState())
267
class Client(object):
183
268
"""A representation of a client host served by this server.
185
name: string; from the config file, used in log messages and
187
fingerprint: string (40 or 32 hexadecimal digits); used to
188
uniquely identify the client
189
secret: bytestring; sent verbatim (over TLS) to client
190
host: string; available for use by the checker command
191
created: datetime.datetime(); (UTC) object creation
192
last_enabled: datetime.datetime(); (UTC)
194
last_checked_ok: datetime.datetime(); (UTC) or None
195
timeout: datetime.timedelta(); How long from last_checked_ok
196
until this client is invalid
197
interval: datetime.timedelta(); How often to start a new checker
198
disable_hook: If set, called by disable() as disable_hook(self)
271
_approved: bool(); 'None' if not yet approved/disapproved
272
approval_delay: datetime.timedelta(); Time to wait for approval
273
approval_duration: datetime.timedelta(); Duration of one approval
199
274
checker: subprocess.Popen(); a running checker process used
200
275
to see if the client lives.
201
276
'None' if no process is running.
202
checker_initiator_tag: a gobject event source tag, or None
203
disable_initiator_tag: - '' -
204
checker_callback_tag: - '' -
205
checker_command: string; External command which is run to check if
206
client lives. %() expansions are done at
277
checker_callback_tag: a gobject event source tag, or None
278
checker_command: string; External command which is run to check
279
if client lives. %() expansions are done at
207
280
runtime with vars(self) as dict, so that for
208
281
instance %(name)s can be used in the command.
282
checker_initiator_tag: a gobject event source tag, or None
283
created: datetime.datetime(); (UTC) object creation
209
284
current_checker_command: string; current running checker_command
210
use_dbus: bool(); Whether to provide D-Bus interface and signals
211
dbus_object_path: dbus.ObjectPath ; only set if self.use_dbus
285
disable_hook: If set, called by disable() as disable_hook(self)
286
disable_initiator_tag: a gobject event source tag, or None
288
fingerprint: string (40 or 32 hexadecimal digits); used to
289
uniquely identify the client
290
host: string; available for use by the checker command
291
interval: datetime.timedelta(); How often to start a new checker
292
last_approval_request: datetime.datetime(); (UTC) or None
293
last_checked_ok: datetime.datetime(); (UTC) or None
294
last_enabled: datetime.datetime(); (UTC)
295
name: string; from the config file, used in log messages and
297
secret: bytestring; sent verbatim (over TLS) to client
298
timeout: datetime.timedelta(); How long from last_checked_ok
299
until this client is disabled
300
extended_timeout: extra long timeout when password has been sent
301
runtime_expansions: Allowed attributes for runtime expansion.
302
expires: datetime.datetime(); time (UTC) when a client will be
306
runtime_expansions = ("approval_delay", "approval_duration",
307
"created", "enabled", "fingerprint",
308
"host", "interval", "last_checked_ok",
309
"last_enabled", "name", "timeout")
312
def _timedelta_to_milliseconds(td):
313
"Convert a datetime.timedelta() to milliseconds"
314
return ((td.days * 24 * 60 * 60 * 1000)
315
+ (td.seconds * 1000)
316
+ (td.microseconds // 1000))
213
318
def timeout_milliseconds(self):
214
319
"Return the 'timeout' attribute in milliseconds"
215
return ((self.timeout.days * 24 * 60 * 60 * 1000)
216
+ (self.timeout.seconds * 1000)
217
+ (self.timeout.microseconds // 1000))
320
return self._timedelta_to_milliseconds(self.timeout)
322
def extended_timeout_milliseconds(self):
323
"Return the 'extended_timeout' attribute in milliseconds"
324
return self._timedelta_to_milliseconds(self.extended_timeout)
219
326
def interval_milliseconds(self):
220
327
"Return the 'interval' attribute in milliseconds"
221
return ((self.interval.days * 24 * 60 * 60 * 1000)
222
+ (self.interval.seconds * 1000)
223
+ (self.interval.microseconds // 1000))
328
return self._timedelta_to_milliseconds(self.interval)
330
def approval_delay_milliseconds(self):
331
return self._timedelta_to_milliseconds(self.approval_delay)
225
def __init__(self, name = None, disable_hook=None, config=None,
333
def __init__(self, name = None, disable_hook=None, config=None):
227
334
"""Note: the 'checker' key in 'config' sets the
228
335
'checker_command' attribute and *not* the 'checker'
231
338
if config is None:
233
logger.debug(u"Creating client %r", self.name)
234
self.use_dbus = False # During __init__
340
logger.debug("Creating client %r", self.name)
235
341
# Uppercase and remove spaces from fingerprint for later
236
342
# comparison purposes with return value from the fingerprint()
238
344
self.fingerprint = (config["fingerprint"].upper()
240
logger.debug(u" Fingerprint: %s", self.fingerprint)
346
logger.debug(" Fingerprint: %s", self.fingerprint)
241
347
if "secret" in config:
242
self.secret = config["secret"].decode(u"base64")
348
self.secret = config["secret"].decode("base64")
243
349
elif "secfile" in config:
244
with closing(open(os.path.expanduser
246
(config["secfile"])))) as secfile:
350
with open(os.path.expanduser(os.path.expandvars
351
(config["secfile"])),
247
353
self.secret = secfile.read()
249
raise TypeError(u"No secret or secfile for client %s"
355
raise TypeError("No secret or secfile for client %s"
251
357
self.host = config.get("host", "")
252
358
self.created = datetime.datetime.utcnow()
253
359
self.enabled = False
360
self.last_approval_request = None
254
361
self.last_enabled = None
255
362
self.last_checked_ok = None
256
363
self.timeout = string_to_delta(config["timeout"])
364
self.extended_timeout = string_to_delta(config["extended_timeout"])
257
365
self.interval = string_to_delta(config["interval"])
258
366
self.disable_hook = disable_hook
259
367
self.checker = None
260
368
self.checker_initiator_tag = None
261
369
self.disable_initiator_tag = None
262
371
self.checker_callback_tag = None
263
372
self.checker_command = config["checker"]
264
373
self.current_checker_command = None
265
374
self.last_connect = None
266
# Only now, when this client is initialized, can it show up on
268
self.use_dbus = use_dbus
270
self.dbus_object_path = (dbus.ObjectPath
272
+ self.name.replace(".", "_")))
273
dbus.service.Object.__init__(self, bus,
274
self.dbus_object_path)
375
self._approved = None
376
self.approved_by_default = config.get("approved_by_default",
378
self.approvals_pending = 0
379
self.approval_delay = string_to_delta(
380
config["approval_delay"])
381
self.approval_duration = string_to_delta(
382
config["approval_duration"])
383
self.changedstate = multiprocessing_manager.Condition(multiprocessing_manager.Lock())
385
def send_changedstate(self):
386
self.changedstate.acquire()
387
self.changedstate.notify_all()
388
self.changedstate.release()
276
390
def enable(self):
277
391
"""Start this client's checker and timeout hooks"""
392
if getattr(self, "enabled", False):
395
self.send_changedstate()
278
396
self.last_enabled = datetime.datetime.utcnow()
279
397
# Schedule a new checker to be started an 'interval' from now,
280
398
# and every interval from then on.
281
399
self.checker_initiator_tag = (gobject.timeout_add
282
400
(self.interval_milliseconds(),
283
401
self.start_checker))
284
# Also start a new checker *right now*.
286
402
# Schedule a disable() when 'timeout' has passed
403
self.expires = datetime.datetime.utcnow() + self.timeout
287
404
self.disable_initiator_tag = (gobject.timeout_add
288
405
(self.timeout_milliseconds(),
290
407
self.enabled = True
293
self.PropertyChanged(dbus.String(u"enabled"),
294
dbus.Boolean(True, variant_level=1))
295
self.PropertyChanged(dbus.String(u"last_enabled"),
296
(_datetime_to_dbus(self.last_enabled,
408
# Also start a new checker *right now*.
411
def disable(self, quiet=True):
300
412
"""Disable this client."""
301
413
if not getattr(self, "enabled", False):
303
logger.info(u"Disabling client %s", self.name)
416
self.send_changedstate()
418
logger.info("Disabling client %s", self.name)
304
419
if getattr(self, "disable_initiator_tag", False):
305
420
gobject.source_remove(self.disable_initiator_tag)
306
421
self.disable_initiator_tag = None
307
423
if getattr(self, "checker_initiator_tag", False):
308
424
gobject.source_remove(self.checker_initiator_tag)
309
425
self.checker_initiator_tag = None
447
551
self.checker_callback_tag = None
448
552
if getattr(self, "checker", None) is None:
450
logger.debug(u"Stopping checker for %(name)s", vars(self))
554
logger.debug("Stopping checker for %(name)s", vars(self))
452
556
os.kill(self.checker.pid, signal.SIGTERM)
454
558
#if self.checker.poll() is None:
455
559
# os.kill(self.checker.pid, signal.SIGKILL)
456
except OSError, error:
560
except OSError as error:
457
561
if error.errno != errno.ESRCH: # No such process
459
563
self.checker = None
461
self.PropertyChanged(dbus.String(u"checker_running"),
462
dbus.Boolean(False, variant_level=1))
464
def still_valid(self):
465
"""Has the timeout not yet passed for this client?"""
466
if not getattr(self, "enabled", False):
468
now = datetime.datetime.utcnow()
469
if self.last_checked_ok is None:
470
return now < (self.created + self.timeout)
472
return now < (self.last_checked_ok + self.timeout)
474
## D-Bus methods & signals
475
_interface = u"se.bsnet.fukt.Mandos.Client"
478
CheckedOK = dbus.service.method(_interface)(checked_ok)
479
CheckedOK.__name__ = "CheckedOK"
565
def dbus_service_property(dbus_interface, signature="v",
566
access="readwrite", byte_arrays=False):
567
"""Decorators for marking methods of a DBusObjectWithProperties to
568
become properties on the D-Bus.
570
The decorated method will be called with no arguments by "Get"
571
and with one argument by "Set".
573
The parameters, where they are supported, are the same as
574
dbus.service.method, except there is only "signature", since the
575
type from Get() and the type sent to Set() is the same.
577
# Encoding deeply encoded byte arrays is not supported yet by the
578
# "Set" method, so we fail early here:
579
if byte_arrays and signature != "ay":
580
raise ValueError("Byte arrays not supported for non-'ay'"
581
" signature %r" % signature)
583
func._dbus_is_property = True
584
func._dbus_interface = dbus_interface
585
func._dbus_signature = signature
586
func._dbus_access = access
587
func._dbus_name = func.__name__
588
if func._dbus_name.endswith("_dbus_property"):
589
func._dbus_name = func._dbus_name[:-14]
590
func._dbus_get_args_options = {'byte_arrays': byte_arrays }
595
class DBusPropertyException(dbus.exceptions.DBusException):
596
"""A base class for D-Bus property-related exceptions
598
def __unicode__(self):
599
return unicode(str(self))
602
class DBusPropertyAccessException(DBusPropertyException):
603
"""A property's access permissions disallows an operation.
608
class DBusPropertyNotFound(DBusPropertyException):
609
"""An attempt was made to access a non-existing property.
614
class DBusObjectWithProperties(dbus.service.Object):
615
"""A D-Bus object with properties.
617
Classes inheriting from this can use the dbus_service_property
618
decorator to expose methods as D-Bus properties. It exposes the
619
standard Get(), Set(), and GetAll() methods on the D-Bus.
623
def _is_dbus_property(obj):
624
return getattr(obj, "_dbus_is_property", False)
626
def _get_all_dbus_properties(self):
627
"""Returns a generator of (name, attribute) pairs
629
return ((prop._dbus_name, prop)
631
inspect.getmembers(self, self._is_dbus_property))
633
def _get_dbus_property(self, interface_name, property_name):
634
"""Returns a bound method if one exists which is a D-Bus
635
property with the specified name and interface.
637
for name in (property_name,
638
property_name + "_dbus_property"):
639
prop = getattr(self, name, None)
641
or not self._is_dbus_property(prop)
642
or prop._dbus_name != property_name
643
or (interface_name and prop._dbus_interface
644
and interface_name != prop._dbus_interface)):
648
raise DBusPropertyNotFound(self.dbus_object_path + ":"
649
+ interface_name + "."
652
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
654
def Get(self, interface_name, property_name):
655
"""Standard D-Bus property Get() method, see D-Bus standard.
657
prop = self._get_dbus_property(interface_name, property_name)
658
if prop._dbus_access == "write":
659
raise DBusPropertyAccessException(property_name)
661
if not hasattr(value, "variant_level"):
663
return type(value)(value, variant_level=value.variant_level+1)
665
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ssv")
666
def Set(self, interface_name, property_name, value):
667
"""Standard D-Bus property Set() method, see D-Bus standard.
669
prop = self._get_dbus_property(interface_name, property_name)
670
if prop._dbus_access == "read":
671
raise DBusPropertyAccessException(property_name)
672
if prop._dbus_get_args_options["byte_arrays"]:
673
# The byte_arrays option is not supported yet on
674
# signatures other than "ay".
675
if prop._dbus_signature != "ay":
677
value = dbus.ByteArray(''.join(unichr(byte)
681
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
682
out_signature="a{sv}")
683
def GetAll(self, interface_name):
684
"""Standard D-Bus property GetAll() method, see D-Bus
687
Note: Will not include properties with access="write".
690
for name, prop in self._get_all_dbus_properties():
692
and interface_name != prop._dbus_interface):
693
# Interface non-empty but did not match
695
# Ignore write-only properties
696
if prop._dbus_access == "write":
699
if not hasattr(value, "variant_level"):
702
all[name] = type(value)(value, variant_level=
703
value.variant_level+1)
704
return dbus.Dictionary(all, signature="sv")
706
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
708
path_keyword='object_path',
709
connection_keyword='connection')
710
def Introspect(self, object_path, connection):
711
"""Standard D-Bus method, overloaded to insert property tags.
713
xmlstring = dbus.service.Object.Introspect(self, object_path,
716
document = xml.dom.minidom.parseString(xmlstring)
717
def make_tag(document, name, prop):
718
e = document.createElement("property")
719
e.setAttribute("name", name)
720
e.setAttribute("type", prop._dbus_signature)
721
e.setAttribute("access", prop._dbus_access)
723
for if_tag in document.getElementsByTagName("interface"):
724
for tag in (make_tag(document, name, prop)
726
in self._get_all_dbus_properties()
727
if prop._dbus_interface
728
== if_tag.getAttribute("name")):
729
if_tag.appendChild(tag)
730
# Add the names to the return values for the
731
# "org.freedesktop.DBus.Properties" methods
732
if (if_tag.getAttribute("name")
733
== "org.freedesktop.DBus.Properties"):
734
for cn in if_tag.getElementsByTagName("method"):
735
if cn.getAttribute("name") == "Get":
736
for arg in cn.getElementsByTagName("arg"):
737
if (arg.getAttribute("direction")
739
arg.setAttribute("name", "value")
740
elif cn.getAttribute("name") == "GetAll":
741
for arg in cn.getElementsByTagName("arg"):
742
if (arg.getAttribute("direction")
744
arg.setAttribute("name", "props")
745
xmlstring = document.toxml("utf-8")
747
except (AttributeError, xml.dom.DOMException,
748
xml.parsers.expat.ExpatError) as error:
749
logger.error("Failed to override Introspection method",
754
class ClientDBus(Client, DBusObjectWithProperties):
755
"""A Client class using D-Bus
758
dbus_object_path: dbus.ObjectPath
759
bus: dbus.SystemBus()
762
runtime_expansions = (Client.runtime_expansions
763
+ ("dbus_object_path",))
765
# dbus.service.Object doesn't use super(), so we can't either.
767
def __init__(self, bus = None, *args, **kwargs):
768
self._approvals_pending = 0
770
Client.__init__(self, *args, **kwargs)
771
# Only now, when this client is initialized, can it show up on
773
client_object_name = unicode(self.name).translate(
776
self.dbus_object_path = (dbus.ObjectPath
777
("/clients/" + client_object_name))
778
DBusObjectWithProperties.__init__(self, self.bus,
779
self.dbus_object_path)
780
def _set_expires(self, value):
781
old_value = getattr(self, "_expires", None)
782
self._expires = value
783
if hasattr(self, "dbus_object_path") and old_value != value:
784
dbus_time = (self._datetime_to_dbus(self._expires,
786
self.PropertyChanged(dbus.String("Expires"),
788
expires = property(lambda self: self._expires, _set_expires)
791
def _get_approvals_pending(self):
792
return self._approvals_pending
793
def _set_approvals_pending(self, value):
794
old_value = self._approvals_pending
795
self._approvals_pending = value
797
if (hasattr(self, "dbus_object_path")
798
and bval is not bool(old_value)):
799
dbus_bool = dbus.Boolean(bval, variant_level=1)
800
self.PropertyChanged(dbus.String("ApprovalPending"),
803
approvals_pending = property(_get_approvals_pending,
804
_set_approvals_pending)
805
del _get_approvals_pending, _set_approvals_pending
808
def _datetime_to_dbus(dt, variant_level=0):
809
"""Convert a UTC datetime.datetime() to a D-Bus type."""
811
return dbus.String("", variant_level = variant_level)
812
return dbus.String(dt.isoformat(),
813
variant_level=variant_level)
816
oldstate = getattr(self, "enabled", False)
817
r = Client.enable(self)
818
if oldstate != self.enabled:
820
self.PropertyChanged(dbus.String("Enabled"),
821
dbus.Boolean(True, variant_level=1))
822
self.PropertyChanged(
823
dbus.String("LastEnabled"),
824
self._datetime_to_dbus(self.last_enabled,
828
def disable(self, quiet = False):
829
oldstate = getattr(self, "enabled", False)
830
r = Client.disable(self, quiet=quiet)
831
if not quiet and oldstate != self.enabled:
833
self.PropertyChanged(dbus.String("Enabled"),
834
dbus.Boolean(False, variant_level=1))
837
def __del__(self, *args, **kwargs):
839
self.remove_from_connection()
842
if hasattr(DBusObjectWithProperties, "__del__"):
843
DBusObjectWithProperties.__del__(self, *args, **kwargs)
844
Client.__del__(self, *args, **kwargs)
846
def checker_callback(self, pid, condition, command,
848
self.checker_callback_tag = None
851
self.PropertyChanged(dbus.String("CheckerRunning"),
852
dbus.Boolean(False, variant_level=1))
853
if os.WIFEXITED(condition):
854
exitstatus = os.WEXITSTATUS(condition)
856
self.CheckerCompleted(dbus.Int16(exitstatus),
857
dbus.Int64(condition),
858
dbus.String(command))
861
self.CheckerCompleted(dbus.Int16(-1),
862
dbus.Int64(condition),
863
dbus.String(command))
865
return Client.checker_callback(self, pid, condition, command,
868
def checked_ok(self, *args, **kwargs):
869
Client.checked_ok(self, *args, **kwargs)
871
self.PropertyChanged(
872
dbus.String("LastCheckedOK"),
873
(self._datetime_to_dbus(self.last_checked_ok,
876
def need_approval(self, *args, **kwargs):
877
r = Client.need_approval(self, *args, **kwargs)
879
self.PropertyChanged(
880
dbus.String("LastApprovalRequest"),
881
(self._datetime_to_dbus(self.last_approval_request,
885
def start_checker(self, *args, **kwargs):
886
old_checker = self.checker
887
if self.checker is not None:
888
old_checker_pid = self.checker.pid
890
old_checker_pid = None
891
r = Client.start_checker(self, *args, **kwargs)
892
# Only if new checker process was started
893
if (self.checker is not None
894
and old_checker_pid != self.checker.pid):
896
self.CheckerStarted(self.current_checker_command)
897
self.PropertyChanged(
898
dbus.String("CheckerRunning"),
899
dbus.Boolean(True, variant_level=1))
902
def stop_checker(self, *args, **kwargs):
903
old_checker = getattr(self, "checker", None)
904
r = Client.stop_checker(self, *args, **kwargs)
905
if (old_checker is not None
906
and getattr(self, "checker", None) is None):
907
self.PropertyChanged(dbus.String("CheckerRunning"),
908
dbus.Boolean(False, variant_level=1))
911
def _reset_approved(self):
912
self._approved = None
915
def approve(self, value=True):
916
self.send_changedstate()
917
self._approved = value
918
gobject.timeout_add(self._timedelta_to_milliseconds
919
(self.approval_duration),
920
self._reset_approved)
923
## D-Bus methods, signals & properties
924
_interface = "se.bsnet.fukt.Mandos.Client"
481
928
# CheckerCompleted - signal
482
929
@dbus.service.signal(_interface, signature="nxs")
618
997
# StopChecker - method
619
StopChecker = dbus.service.method(_interface)(stop_checker)
620
StopChecker.__name__ = "StopChecker"
998
@dbus.service.method(_interface)
999
def StopChecker(self):
1004
# ApprovalPending - property
1005
@dbus_service_property(_interface, signature="b", access="read")
1006
def ApprovalPending_dbus_property(self):
1007
return dbus.Boolean(bool(self.approvals_pending))
1009
# ApprovedByDefault - property
1010
@dbus_service_property(_interface, signature="b",
1012
def ApprovedByDefault_dbus_property(self, value=None):
1013
if value is None: # get
1014
return dbus.Boolean(self.approved_by_default)
1015
old_value = self.approved_by_default
1016
self.approved_by_default = bool(value)
1018
if old_value != self.approved_by_default:
1019
self.PropertyChanged(dbus.String("ApprovedByDefault"),
1020
dbus.Boolean(value, variant_level=1))
1022
# ApprovalDelay - property
1023
@dbus_service_property(_interface, signature="t",
1025
def ApprovalDelay_dbus_property(self, value=None):
1026
if value is None: # get
1027
return dbus.UInt64(self.approval_delay_milliseconds())
1028
old_value = self.approval_delay
1029
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1031
if old_value != self.approval_delay:
1032
self.PropertyChanged(dbus.String("ApprovalDelay"),
1033
dbus.UInt64(value, variant_level=1))
1035
# ApprovalDuration - property
1036
@dbus_service_property(_interface, signature="t",
1038
def ApprovalDuration_dbus_property(self, value=None):
1039
if value is None: # get
1040
return dbus.UInt64(self._timedelta_to_milliseconds(
1041
self.approval_duration))
1042
old_value = self.approval_duration
1043
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1045
if old_value != self.approval_duration:
1046
self.PropertyChanged(dbus.String("ApprovalDuration"),
1047
dbus.UInt64(value, variant_level=1))
1050
@dbus_service_property(_interface, signature="s", access="read")
1051
def Name_dbus_property(self):
1052
return dbus.String(self.name)
1054
# Fingerprint - property
1055
@dbus_service_property(_interface, signature="s", access="read")
1056
def Fingerprint_dbus_property(self):
1057
return dbus.String(self.fingerprint)
1060
@dbus_service_property(_interface, signature="s",
1062
def Host_dbus_property(self, value=None):
1063
if value is None: # get
1064
return dbus.String(self.host)
1065
old_value = self.host
1068
if old_value != self.host:
1069
self.PropertyChanged(dbus.String("Host"),
1070
dbus.String(value, variant_level=1))
1072
# Created - property
1073
@dbus_service_property(_interface, signature="s", access="read")
1074
def Created_dbus_property(self):
1075
return dbus.String(self._datetime_to_dbus(self.created))
1077
# LastEnabled - property
1078
@dbus_service_property(_interface, signature="s", access="read")
1079
def LastEnabled_dbus_property(self):
1080
return self._datetime_to_dbus(self.last_enabled)
1082
# Enabled - property
1083
@dbus_service_property(_interface, signature="b",
1085
def Enabled_dbus_property(self, value=None):
1086
if value is None: # get
1087
return dbus.Boolean(self.enabled)
1093
# LastCheckedOK - property
1094
@dbus_service_property(_interface, signature="s",
1096
def LastCheckedOK_dbus_property(self, value=None):
1097
if value is not None:
1100
return self._datetime_to_dbus(self.last_checked_ok)
1102
# Expires - property
1103
@dbus_service_property(_interface, signature="s", access="read")
1104
def Expires_dbus_property(self):
1105
return self._datetime_to_dbus(self.expires)
1107
# LastApprovalRequest - property
1108
@dbus_service_property(_interface, signature="s", access="read")
1109
def LastApprovalRequest_dbus_property(self):
1110
return self._datetime_to_dbus(self.last_approval_request)
1112
# Timeout - property
1113
@dbus_service_property(_interface, signature="t",
1115
def Timeout_dbus_property(self, value=None):
1116
if value is None: # get
1117
return dbus.UInt64(self.timeout_milliseconds())
1118
old_value = self.timeout
1119
self.timeout = datetime.timedelta(0, 0, 0, value)
1121
if old_value != self.timeout:
1122
self.PropertyChanged(dbus.String("Timeout"),
1123
dbus.UInt64(value, variant_level=1))
1124
if getattr(self, "disable_initiator_tag", None) is None:
1126
# Reschedule timeout
1127
gobject.source_remove(self.disable_initiator_tag)
1128
self.disable_initiator_tag = None
1130
time_to_die = (self.
1131
_timedelta_to_milliseconds((self
1136
if time_to_die <= 0:
1137
# The timeout has passed
1140
self.expires = (datetime.datetime.utcnow()
1141
+ datetime.timedelta(milliseconds = time_to_die))
1142
self.disable_initiator_tag = (gobject.timeout_add
1143
(time_to_die, self.disable))
1145
# ExtendedTimeout - property
1146
@dbus_service_property(_interface, signature="t",
1148
def ExtendedTimeout_dbus_property(self, value=None):
1149
if value is None: # get
1150
return dbus.UInt64(self.extended_timeout_milliseconds())
1151
old_value = self.extended_timeout
1152
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1154
if old_value != self.extended_timeout:
1155
self.PropertyChanged(dbus.String("ExtendedTimeout"),
1156
dbus.UInt64(value, variant_level=1))
1158
# Interval - property
1159
@dbus_service_property(_interface, signature="t",
1161
def Interval_dbus_property(self, value=None):
1162
if value is None: # get
1163
return dbus.UInt64(self.interval_milliseconds())
1164
old_value = self.interval
1165
self.interval = datetime.timedelta(0, 0, 0, value)
1167
if old_value != self.interval:
1168
self.PropertyChanged(dbus.String("Interval"),
1169
dbus.UInt64(value, variant_level=1))
1170
if getattr(self, "checker_initiator_tag", None) is None:
1172
# Reschedule checker run
1173
gobject.source_remove(self.checker_initiator_tag)
1174
self.checker_initiator_tag = (gobject.timeout_add
1175
(value, self.start_checker))
1176
self.start_checker() # Start one now, too
1178
# Checker - property
1179
@dbus_service_property(_interface, signature="s",
1181
def Checker_dbus_property(self, value=None):
1182
if value is None: # get
1183
return dbus.String(self.checker_command)
1184
old_value = self.checker_command
1185
self.checker_command = value
1187
if old_value != self.checker_command:
1188
self.PropertyChanged(dbus.String("Checker"),
1189
dbus.String(self.checker_command,
1192
# CheckerRunning - property
1193
@dbus_service_property(_interface, signature="b",
1195
def CheckerRunning_dbus_property(self, value=None):
1196
if value is None: # get
1197
return dbus.Boolean(self.checker is not None)
1199
self.start_checker()
1203
# ObjectPath - property
1204
@dbus_service_property(_interface, signature="o", access="read")
1205
def ObjectPath_dbus_property(self):
1206
return self.dbus_object_path # is already a dbus.ObjectPath
1209
@dbus_service_property(_interface, signature="ay",
1210
access="write", byte_arrays=True)
1211
def Secret_dbus_property(self, value):
1212
self.secret = str(value)
625
def peer_certificate(session):
626
"Return the peer's OpenPGP certificate as a bytestring"
627
# If not an OpenPGP certificate...
628
if (gnutls.library.functions
629
.gnutls_certificate_type_get(session._c_object)
630
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
631
# ...do the normal thing
632
return session.peer_certificate
633
list_size = ctypes.c_uint(1)
634
cert_list = (gnutls.library.functions
635
.gnutls_certificate_get_peers
636
(session._c_object, ctypes.byref(list_size)))
637
if not bool(cert_list) and list_size.value != 0:
638
raise gnutls.errors.GNUTLSError("error getting peer"
640
if list_size.value == 0:
643
return ctypes.string_at(cert.data, cert.size)
646
def fingerprint(openpgp):
647
"Convert an OpenPGP bytestring to a hexdigit fingerprint string"
648
# New GnuTLS "datum" with the OpenPGP public key
649
datum = (gnutls.library.types
650
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
653
ctypes.c_uint(len(openpgp))))
654
# New empty GnuTLS certificate
655
crt = gnutls.library.types.gnutls_openpgp_crt_t()
656
(gnutls.library.functions
657
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
658
# Import the OpenPGP public key into the certificate
659
(gnutls.library.functions
660
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
661
gnutls.library.constants
662
.GNUTLS_OPENPGP_FMT_RAW))
663
# Verify the self signature in the key
664
crtverify = ctypes.c_uint()
665
(gnutls.library.functions
666
.gnutls_openpgp_crt_verify_self(crt, 0, ctypes.byref(crtverify)))
667
if crtverify.value != 0:
668
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
669
raise gnutls.errors.CertificateSecurityError("Verify failed")
670
# New buffer for the fingerprint
671
buf = ctypes.create_string_buffer(20)
672
buf_len = ctypes.c_size_t()
673
# Get the fingerprint from the certificate into the buffer
674
(gnutls.library.functions
675
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
676
ctypes.byref(buf_len)))
677
# Deinit the certificate
678
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
679
# Convert the buffer to a Python bytestring
680
fpr = ctypes.string_at(buf, buf_len.value)
681
# Convert the bytestring to hexadecimal notation
682
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
686
class TCP_handler(SocketServer.BaseRequestHandler, object):
687
"""A TCP request handler class.
688
Instantiated by IPv6_TCPServer for each request to handle it.
1217
class ProxyClient(object):
1218
def __init__(self, child_pipe, fpr, address):
1219
self._pipe = child_pipe
1220
self._pipe.send(('init', fpr, address))
1221
if not self._pipe.recv():
1224
def __getattribute__(self, name):
1225
if(name == '_pipe'):
1226
return super(ProxyClient, self).__getattribute__(name)
1227
self._pipe.send(('getattr', name))
1228
data = self._pipe.recv()
1229
if data[0] == 'data':
1231
if data[0] == 'function':
1232
def func(*args, **kwargs):
1233
self._pipe.send(('funcall', name, args, kwargs))
1234
return self._pipe.recv()[1]
1237
def __setattr__(self, name, value):
1238
if(name == '_pipe'):
1239
return super(ProxyClient, self).__setattr__(name, value)
1240
self._pipe.send(('setattr', name, value))
1243
class ClientHandler(socketserver.BaseRequestHandler, object):
1244
"""A class to handle client connections.
1246
Instantiated once for each connection to handle it.
689
1247
Note: This will run in its own forked process."""
691
1249
def handle(self):
692
logger.info(u"TCP connection from: %s",
693
unicode(self.client_address))
694
logger.debug(u"IPC Pipe FD: %d", self.server.pipe[1])
695
# Open IPC pipe to parent process
696
with closing(os.fdopen(self.server.pipe[1], "w", 1)) as ipc:
1250
with contextlib.closing(self.server.child_pipe) as child_pipe:
1251
logger.info("TCP connection from: %s",
1252
unicode(self.client_address))
1253
logger.debug("Pipe FD: %d",
1254
self.server.child_pipe.fileno())
697
1256
session = (gnutls.connection
698
1257
.ClientSession(self.request,
699
1258
gnutls.connection
700
1259
.X509Credentials()))
702
line = self.request.makefile().readline()
703
logger.debug(u"Protocol version: %r", line)
705
if int(line.strip().split()[0]) > 1:
707
except (ValueError, IndexError, RuntimeError), error:
708
logger.error(u"Unknown protocol version: %s", error)
711
1261
# Note: gnutls.connection.X509Credentials is really a
712
1262
# generic GnuTLS certificate credentials object so long as
713
1263
# no X.509 keys are added to it. Therefore, we can use it
714
1264
# here despite using OpenPGP certificates.
716
1266
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
717
# "+AES-256-CBC", "+SHA1",
718
# "+COMP-NULL", "+CTYPE-OPENPGP",
1267
# "+AES-256-CBC", "+SHA1",
1268
# "+COMP-NULL", "+CTYPE-OPENPGP",
720
1270
# Use a fallback default, since this MUST be set.
721
priority = self.server.settings.get("priority", "NORMAL")
1271
priority = self.server.gnutls_priority
1272
if priority is None:
722
1274
(gnutls.library.functions
723
1275
.gnutls_priority_set_direct(session._c_object,
724
1276
priority, None))
1278
# Start communication using the Mandos protocol
1279
# Get protocol number
1280
line = self.request.makefile().readline()
1281
logger.debug("Protocol version: %r", line)
1283
if int(line.strip().split()[0]) > 1:
1285
except (ValueError, IndexError, RuntimeError) as error:
1286
logger.error("Unknown protocol version: %s", error)
1289
# Start GnuTLS connection
727
1291
session.handshake()
728
except gnutls.errors.GNUTLSError, error:
729
logger.warning(u"Handshake failed: %s", error)
1292
except gnutls.errors.GNUTLSError as error:
1293
logger.warning("Handshake failed: %s", error)
730
1294
# Do not run session.bye() here: the session is not
731
1295
# established. Just abandon the request.
733
logger.debug(u"Handshake succeeded")
1297
logger.debug("Handshake succeeded")
1299
approval_required = False
735
fpr = fingerprint(peer_certificate(session))
736
except (TypeError, gnutls.errors.GNUTLSError), error:
737
logger.warning(u"Bad certificate: %s", error)
740
logger.debug(u"Fingerprint: %s", fpr)
742
for c in self.server.clients:
743
if c.fingerprint == fpr:
747
logger.warning(u"Client not found for fingerprint: %s",
749
ipc.write("NOTFOUND %s\n" % fpr)
752
# Have to check if client.still_valid(), since it is
753
# possible that the client timed out while establishing
754
# the GnuTLS session.
755
if not client.still_valid():
756
logger.warning(u"Client %(name)s is invalid",
758
ipc.write("INVALID %s\n" % client.name)
761
ipc.write("SENDING %s\n" % client.name)
763
while sent_size < len(client.secret):
764
sent = session.send(client.secret[sent_size:])
765
logger.debug(u"Sent: %d, remaining: %d",
766
sent, len(client.secret)
767
- (sent_size + sent))
772
class ForkingMixInWithPipe(SocketServer.ForkingMixIn, object):
773
"""Like SocketServer.ForkingMixIn, but also pass a pipe.
774
Assumes a gobject.MainLoop event loop.
1302
fpr = self.fingerprint(self.peer_certificate
1305
gnutls.errors.GNUTLSError) as error:
1306
logger.warning("Bad certificate: %s", error)
1308
logger.debug("Fingerprint: %s", fpr)
1311
client = ProxyClient(child_pipe, fpr,
1312
self.client_address)
1316
if client.approval_delay:
1317
delay = client.approval_delay
1318
client.approvals_pending += 1
1319
approval_required = True
1322
if not client.enabled:
1323
logger.info("Client %s is disabled",
1325
if self.server.use_dbus:
1327
client.Rejected("Disabled")
1330
if client._approved or not client.approval_delay:
1331
#We are approved or approval is disabled
1333
elif client._approved is None:
1334
logger.info("Client %s needs approval",
1336
if self.server.use_dbus:
1338
client.NeedApproval(
1339
client.approval_delay_milliseconds(),
1340
client.approved_by_default)
1342
logger.warning("Client %s was not approved",
1344
if self.server.use_dbus:
1346
client.Rejected("Denied")
1349
#wait until timeout or approved
1350
#x = float(client._timedelta_to_milliseconds(delay))
1351
time = datetime.datetime.now()
1352
client.changedstate.acquire()
1353
client.changedstate.wait(float(client._timedelta_to_milliseconds(delay) / 1000))
1354
client.changedstate.release()
1355
time2 = datetime.datetime.now()
1356
if (time2 - time) >= delay:
1357
if not client.approved_by_default:
1358
logger.warning("Client %s timed out while"
1359
" waiting for approval",
1361
if self.server.use_dbus:
1363
client.Rejected("Approval timed out")
1368
delay -= time2 - time
1371
while sent_size < len(client.secret):
1373
sent = session.send(client.secret[sent_size:])
1374
except gnutls.errors.GNUTLSError as error:
1375
logger.warning("gnutls send failed")
1377
logger.debug("Sent: %d, remaining: %d",
1378
sent, len(client.secret)
1379
- (sent_size + sent))
1382
logger.info("Sending secret to %s", client.name)
1383
# bump the timeout as if seen
1384
client.checked_ok(client.extended_timeout)
1385
if self.server.use_dbus:
1390
if approval_required:
1391
client.approvals_pending -= 1
1394
except gnutls.errors.GNUTLSError as error:
1395
logger.warning("GnuTLS bye failed")
1398
def peer_certificate(session):
1399
"Return the peer's OpenPGP certificate as a bytestring"
1400
# If not an OpenPGP certificate...
1401
if (gnutls.library.functions
1402
.gnutls_certificate_type_get(session._c_object)
1403
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
1404
# ...do the normal thing
1405
return session.peer_certificate
1406
list_size = ctypes.c_uint(1)
1407
cert_list = (gnutls.library.functions
1408
.gnutls_certificate_get_peers
1409
(session._c_object, ctypes.byref(list_size)))
1410
if not bool(cert_list) and list_size.value != 0:
1411
raise gnutls.errors.GNUTLSError("error getting peer"
1413
if list_size.value == 0:
1416
return ctypes.string_at(cert.data, cert.size)
1419
def fingerprint(openpgp):
1420
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
1421
# New GnuTLS "datum" with the OpenPGP public key
1422
datum = (gnutls.library.types
1423
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
1426
ctypes.c_uint(len(openpgp))))
1427
# New empty GnuTLS certificate
1428
crt = gnutls.library.types.gnutls_openpgp_crt_t()
1429
(gnutls.library.functions
1430
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
1431
# Import the OpenPGP public key into the certificate
1432
(gnutls.library.functions
1433
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
1434
gnutls.library.constants
1435
.GNUTLS_OPENPGP_FMT_RAW))
1436
# Verify the self signature in the key
1437
crtverify = ctypes.c_uint()
1438
(gnutls.library.functions
1439
.gnutls_openpgp_crt_verify_self(crt, 0,
1440
ctypes.byref(crtverify)))
1441
if crtverify.value != 0:
1442
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1443
raise (gnutls.errors.CertificateSecurityError
1445
# New buffer for the fingerprint
1446
buf = ctypes.create_string_buffer(20)
1447
buf_len = ctypes.c_size_t()
1448
# Get the fingerprint from the certificate into the buffer
1449
(gnutls.library.functions
1450
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
1451
ctypes.byref(buf_len)))
1452
# Deinit the certificate
1453
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1454
# Convert the buffer to a Python bytestring
1455
fpr = ctypes.string_at(buf, buf_len.value)
1456
# Convert the bytestring to hexadecimal notation
1457
hex_fpr = ''.join("%02X" % ord(char) for char in fpr)
1461
class MultiprocessingMixIn(object):
1462
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
1463
def sub_process_main(self, request, address):
1465
self.finish_request(request, address)
1467
self.handle_error(request, address)
1468
self.close_request(request)
1470
def process_request(self, request, address):
1471
"""Start a new process to process the request."""
1472
multiprocessing.Process(target = self.sub_process_main,
1473
args = (request, address)).start()
1475
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
1476
""" adds a pipe to the MixIn """
776
1477
def process_request(self, request, client_address):
777
"""This overrides and wraps the original process_request().
778
This function creates a new pipe in self.pipe
1478
"""Overrides and wraps the original process_request().
1480
This function creates a new pipe in self.pipe
780
self.pipe = os.pipe()
781
super(ForkingMixInWithPipe,
1482
parent_pipe, self.child_pipe = multiprocessing.Pipe()
1484
super(MultiprocessingMixInWithPipe,
782
1485
self).process_request(request, client_address)
783
os.close(self.pipe[1]) # close write end
784
# Call "handle_ipc" for both data and EOF events
785
gobject.io_add_watch(self.pipe[0],
786
gobject.IO_IN | gobject.IO_HUP,
788
def handle_ipc(source, condition):
1486
self.child_pipe.close()
1487
self.add_pipe(parent_pipe)
1489
def add_pipe(self, parent_pipe):
789
1490
"""Dummy function; override as necessary"""
794
class IPv6_TCPServer(ForkingMixInWithPipe,
795
SocketServer.TCPServer, object):
1491
raise NotImplementedError
1493
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
1494
socketserver.TCPServer, object):
796
1495
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
798
settings: Server settings
799
clients: Set() of Client objects
800
1498
enabled: Boolean; whether this server is activated yet
1499
interface: None or a network interface name (string)
1500
use_ipv6: Boolean; to use IPv6 or not
802
address_family = socket.AF_INET6
803
def __init__(self, *args, **kwargs):
804
if "settings" in kwargs:
805
self.settings = kwargs["settings"]
806
del kwargs["settings"]
807
if "clients" in kwargs:
808
self.clients = kwargs["clients"]
809
del kwargs["clients"]
810
if "use_ipv6" in kwargs:
811
if not kwargs["use_ipv6"]:
812
self.address_family = socket.AF_INET
813
del kwargs["use_ipv6"]
815
super(IPv6_TCPServer, self).__init__(*args, **kwargs)
1502
def __init__(self, server_address, RequestHandlerClass,
1503
interface=None, use_ipv6=True):
1504
self.interface = interface
1506
self.address_family = socket.AF_INET6
1507
socketserver.TCPServer.__init__(self, server_address,
1508
RequestHandlerClass)
816
1509
def server_bind(self):
817
1510
"""This overrides the normal server_bind() function
818
1511
to bind to an interface if one was specified, and also NOT to
819
1512
bind to an address or port if they were not specified."""
820
if self.settings["interface"]:
821
# 25 is from /usr/include/asm-i486/socket.h
822
SO_BINDTODEVICE = getattr(socket, "SO_BINDTODEVICE", 25)
824
self.socket.setsockopt(socket.SOL_SOCKET,
826
self.settings["interface"])
827
except socket.error, error:
828
if error[0] == errno.EPERM:
829
logger.error(u"No permission to"
830
u" bind to interface %s",
831
self.settings["interface"])
1513
if self.interface is not None:
1514
if SO_BINDTODEVICE is None:
1515
logger.error("SO_BINDTODEVICE does not exist;"
1516
" cannot bind to interface %s",
1520
self.socket.setsockopt(socket.SOL_SOCKET,
1524
except socket.error as error:
1525
if error[0] == errno.EPERM:
1526
logger.error("No permission to"
1527
" bind to interface %s",
1529
elif error[0] == errno.ENOPROTOOPT:
1530
logger.error("SO_BINDTODEVICE not available;"
1531
" cannot bind to interface %s",
834
1535
# Only bind(2) the socket if we really need to.
835
1536
if self.server_address[0] or self.server_address[1]:
836
1537
if not self.server_address[0]: