To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 502
- compare with another revision
- download diff
- download tarball
- view history from revision 502
- Committer: Teddy Hogeborn
- Date: 2011-09-26 19:36:18 UTC
- mfrom: (24.1.184 mandos)
- Revision ID: teddy@fukt.bsnet.se-20110926193618-vtj5c9hena1maixx
Merge from Björn
added
removed
mandos
82
82
SO_BINDTODEVICE = None
83
83
84
84
85
version = "1.3.0"
85
version = "1.3.1"
86
86
87
87
#logger = logging.getLogger('mandos')
88
88
logger = logging.Logger('mandos')
176
176
self.rename_count += 1
177
177
def remove(self):
178
178
"""Derived from the Avahi example code"""
179
if self.group is not None:
180
try:
181
self.group.Free()
182
except (dbus.exceptions.UnknownMethodException,
183
dbus.exceptions.DBusException) as e:
184
pass
185
self.group = None
186
179
if self.entry_group_state_changed_match is not None:
187
180
self.entry_group_state_changed_match.remove()
188
181
self.entry_group_state_changed_match = None
182
if self.group is not None:
183
self.group.Reset()
189
184
def add(self):
190
185
"""Derived from the Avahi example code"""
191
186
self.remove()
192
self.group = dbus.Interface(
193
self.bus.get_object(avahi.DBUS_NAME,
194
self.server.EntryGroupNew(),
195
follow_name_owner_changes=True),
196
avahi.DBUS_INTERFACE_ENTRY_GROUP)
187
if self.group is None:
188
self.group = dbus.Interface(
189
self.bus.get_object(avahi.DBUS_NAME,
190
self.server.EntryGroupNew()),
191
avahi.DBUS_INTERFACE_ENTRY_GROUP)
197
192
self.entry_group_state_changed_match = (
198
193
self.group.connect_to_signal(
199
194
'StateChanged', self .entry_group_state_changed))
224
219
% unicode(error))
225
220
def cleanup(self):
226
221
"""Derived from the Avahi example code"""
222
if self.group is not None:
223
try:
224
self.group.Free()
225
except (dbus.exceptions.UnknownMethodException,
226
dbus.exceptions.DBusException) as e:
227
pass
228
self.group = None
227
229
self.remove()
228
230
def server_state_changed(self, state, error=None):
229
231
"""Derived from the Avahi example code"""
236
238
avahi.SERVER_FAILURE:
237
239
"Zeroconf server failure" }
238
240
if state in bad_states:
239
if bad_states[state]:
240
logger.error(bad_states[state])
241
self.remove()
241
if bad_states[state] is not None:
242
if error is None:
243
logger.error(bad_states[state])
244
else:
245
logger.error(bad_states[state] + ": %r", error)
246
self.cleanup()
242
247
elif state == avahi.SERVER_RUNNING:
243
248
self.add()
244
249
else:
245
logger.debug("Unknown state: %r", state)
250
if error is None:
251
logger.debug("Unknown state: %r", state)
252
else:
253
logger.debug("Unknown state: %r: %r", state, error)
246
254
def activate(self):
247
255
"""Derived from the Avahi example code"""
248
256
if self.server is None:
256
264
self.server_state_changed(self.server.GetState())
257
265
258
266
267
def _timedelta_to_milliseconds(td):
268
"Convert a datetime.timedelta() to milliseconds"
269
return ((td.days * 24 * 60 * 60 * 1000)
270
+ (td.seconds * 1000)
271
+ (td.microseconds // 1000))
272
259
273
class Client(object):
260
274
"""A representation of a client host served by this server.
261
275
289
303
secret: bytestring; sent verbatim (over TLS) to client
290
304
timeout: datetime.timedelta(); How long from last_checked_ok
291
305
until this client is disabled
306
extended_timeout: extra long timeout when password has been sent
292
307
runtime_expansions: Allowed attributes for runtime expansion.
308
expires: datetime.datetime(); time (UTC) when a client will be
309
disabled, or None
293
310
"""
294
311
295
312
runtime_expansions = ("approval_delay", "approval_duration",
296
313
"created", "enabled", "fingerprint",
297
314
"host", "interval", "last_checked_ok",
298
315
"last_enabled", "name", "timeout")
299
300
@staticmethod
301
def _timedelta_to_milliseconds(td):
302
"Convert a datetime.timedelta() to milliseconds"
303
return ((td.days * 24 * 60 * 60 * 1000)
304
+ (td.seconds * 1000)
305
+ (td.microseconds // 1000))
306
316
307
317
def timeout_milliseconds(self):
308
318
"Return the 'timeout' attribute in milliseconds"
309
return self._timedelta_to_milliseconds(self.timeout)
319
return _timedelta_to_milliseconds(self.timeout)
320
321
def extended_timeout_milliseconds(self):
322
"Return the 'extended_timeout' attribute in milliseconds"
323
return _timedelta_to_milliseconds(self.extended_timeout)
310
324
311
325
def interval_milliseconds(self):
312
326
"Return the 'interval' attribute in milliseconds"
313
return self._timedelta_to_milliseconds(self.interval)
327
return _timedelta_to_milliseconds(self.interval)
314
328
315
329
def approval_delay_milliseconds(self):
316
return self._timedelta_to_milliseconds(self.approval_delay)
330
return _timedelta_to_milliseconds(self.approval_delay)
317
331
318
332
def __init__(self, name = None, disable_hook=None, config=None):
319
333
"""Note: the 'checker' key in 'config' sets the
346
360
self.last_enabled = None
347
361
self.last_checked_ok = None
348
362
self.timeout = string_to_delta(config["timeout"])
363
self.extended_timeout = string_to_delta(config["extended_timeout"])
349
364
self.interval = string_to_delta(config["interval"])
350
365
self.disable_hook = disable_hook
351
366
self.checker = None
352
367
self.checker_initiator_tag = None
353
368
self.disable_initiator_tag = None
369
self.expires = None
354
370
self.checker_callback_tag = None
355
371
self.checker_command = config["checker"]
356
372
self.current_checker_command = None
376
392
# Already enabled
377
393
return
378
394
self.send_changedstate()
379
self.last_enabled = datetime.datetime.utcnow()
380
395
# Schedule a new checker to be started an 'interval' from now,
381
396
# and every interval from then on.
382
397
self.checker_initiator_tag = (gobject.timeout_add
383
398
(self.interval_milliseconds(),
384
399
self.start_checker))
385
400
# Schedule a disable() when 'timeout' has passed
401
self.expires = datetime.datetime.utcnow() + self.timeout
386
402
self.disable_initiator_tag = (gobject.timeout_add
387
403
(self.timeout_milliseconds(),
388
404
self.disable))
389
405
self.enabled = True
406
self.last_enabled = datetime.datetime.utcnow()
390
407
# Also start a new checker *right now*.
391
408
self.start_checker()
392
409
401
418
if getattr(self, "disable_initiator_tag", False):
402
419
gobject.source_remove(self.disable_initiator_tag)
403
420
self.disable_initiator_tag = None
421
self.expires = None
404
422
if getattr(self, "checker_initiator_tag", False):
405
423
gobject.source_remove(self.checker_initiator_tag)
406
424
self.checker_initiator_tag = None
432
450
logger.warning("Checker for %(name)s crashed?",
433
451
vars(self))
434
452
435
def checked_ok(self):
453
def checked_ok(self, timeout=None):
436
454
"""Bump up the timeout for this client.
437
455
438
456
This should only be called when the client has been seen,
439
457
alive and well.
440
458
"""
459
if timeout is None:
460
timeout = self.timeout
441
461
self.last_checked_ok = datetime.datetime.utcnow()
442
462
gobject.source_remove(self.disable_initiator_tag)
463
self.expires = datetime.datetime.utcnow() + timeout
443
464
self.disable_initiator_tag = (gobject.timeout_add
444
(self.timeout_milliseconds(),
465
(_timedelta_to_milliseconds(timeout),
445
466
self.disable))
446
467
447
468
def need_approval(self):
729
750
return xmlstring
730
751
731
752
753
def datetime_to_dbus (dt, variant_level=0):
754
"""Convert a UTC datetime.datetime() to a D-Bus type."""
755
if dt is None:
756
return dbus.String("", variant_level = variant_level)
757
return dbus.String(dt.isoformat(),
758
variant_level=variant_level)
759
732
760
class ClientDBus(Client, DBusObjectWithProperties):
733
761
"""A Client class using D-Bus
734
762
756
784
DBusObjectWithProperties.__init__(self, self.bus,
757
785
self.dbus_object_path)
758
786
759
def _get_approvals_pending(self):
760
return self._approvals_pending
761
def _set_approvals_pending(self, value):
762
old_value = self._approvals_pending
763
self._approvals_pending = value
764
bval = bool(value)
765
if (hasattr(self, "dbus_object_path")
766
and bval is not bool(old_value)):
767
dbus_bool = dbus.Boolean(bval, variant_level=1)
768
self.PropertyChanged(dbus.String("ApprovalPending"),
769
dbus_bool)
770
771
approvals_pending = property(_get_approvals_pending,
772
_set_approvals_pending)
773
del _get_approvals_pending, _set_approvals_pending
774
775
@staticmethod
776
def _datetime_to_dbus(dt, variant_level=0):
777
"""Convert a UTC datetime.datetime() to a D-Bus type."""
778
return dbus.String(dt.isoformat(),
779
variant_level=variant_level)
780
781
def enable(self):
782
oldstate = getattr(self, "enabled", False)
783
r = Client.enable(self)
784
if oldstate != self.enabled:
785
# Emit D-Bus signals
786
self.PropertyChanged(dbus.String("Enabled"),
787
dbus.Boolean(True, variant_level=1))
788
self.PropertyChanged(
789
dbus.String("LastEnabled"),
790
self._datetime_to_dbus(self.last_enabled,
791
variant_level=1))
792
return r
793
794
def disable(self, quiet = False):
795
oldstate = getattr(self, "enabled", False)
796
r = Client.disable(self, quiet=quiet)
797
if not quiet and oldstate != self.enabled:
798
# Emit D-Bus signal
799
self.PropertyChanged(dbus.String("Enabled"),
800
dbus.Boolean(False, variant_level=1))
801
return r
787
def notifychangeproperty(transform_func,
788
dbus_name, type_func=lambda x: x,
789
variant_level=1):
790
""" Modify a variable so that its a property that announce its
791
changes to DBus.
792
transform_fun: Function that takes a value and transform it to
793
DBus type.
794
dbus_name: DBus name of the variable
795
type_func: Function that transform the value before sending it
796
to DBus
797
variant_level: DBus variant level. default: 1
798
"""
799
real_value = [None,]
800
def setter(self, value):
801
old_value = real_value[0]
802
real_value[0] = value
803
if hasattr(self, "dbus_object_path"):
804
if type_func(old_value) != type_func(real_value[0]):
805
dbus_value = transform_func(type_func(real_value[0]),
806
variant_level)
807
self.PropertyChanged(dbus.String(dbus_name),
808
dbus_value)
809
810
return property(lambda self: real_value[0], setter)
811
812
813
expires = notifychangeproperty(datetime_to_dbus, "Expires")
814
approvals_pending = notifychangeproperty(dbus.Boolean,
815
"ApprovalPending",
816
type_func = bool)
817
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
818
last_enabled = notifychangeproperty(datetime_to_dbus,
819
"LastEnabled")
820
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
821
type_func = lambda checker: checker is not None)
822
last_checked_ok = notifychangeproperty(datetime_to_dbus,
823
"LastCheckedOK")
824
last_approval_request = notifychangeproperty(datetime_to_dbus,
825
"LastApprovalRequest")
826
approved_by_default = notifychangeproperty(dbus.Boolean,
827
"ApprovedByDefault")
828
approval_delay = notifychangeproperty(dbus.UInt16, "ApprovalDelay",
829
type_func = _timedelta_to_milliseconds)
830
approval_duration = notifychangeproperty(dbus.UInt16, "ApprovalDuration",
831
type_func = _timedelta_to_milliseconds)
832
host = notifychangeproperty(dbus.String, "Host")
833
timeout = notifychangeproperty(dbus.UInt16, "Timeout",
834
type_func = _timedelta_to_milliseconds)
835
extended_timeout = notifychangeproperty(dbus.UInt16, "ExtendedTimeout",
836
type_func = _timedelta_to_milliseconds)
837
interval = notifychangeproperty(dbus.UInt16, "Interval",
838
type_func = _timedelta_to_milliseconds)
839
checker_command = notifychangeproperty(dbus.String, "Checker")
840
841
del notifychangeproperty
802
842
803
843
def __del__(self, *args, **kwargs):
804
844
try:
813
853
*args, **kwargs):
814
854
self.checker_callback_tag = None
815
855
self.checker = None
816
# Emit D-Bus signal
817
self.PropertyChanged(dbus.String("CheckerRunning"),
818
dbus.Boolean(False, variant_level=1))
819
856
if os.WIFEXITED(condition):
820
857
exitstatus = os.WEXITSTATUS(condition)
821
858
# Emit D-Bus signal
830
867
831
868
return Client.checker_callback(self, pid, condition, command,
832
869
*args, **kwargs)
833
834
def checked_ok(self, *args, **kwargs):
835
Client.checked_ok(self, *args, **kwargs)
836
# Emit D-Bus signal
837
self.PropertyChanged(
838
dbus.String("LastCheckedOK"),
839
(self._datetime_to_dbus(self.last_checked_ok,
840
variant_level=1)))
841
842
def need_approval(self, *args, **kwargs):
843
r = Client.need_approval(self, *args, **kwargs)
844
# Emit D-Bus signal
845
self.PropertyChanged(
846
dbus.String("LastApprovalRequest"),
847
(self._datetime_to_dbus(self.last_approval_request,
848
variant_level=1)))
849
return r
850
870
851
871
def start_checker(self, *args, **kwargs):
852
872
old_checker = self.checker
853
873
if self.checker is not None:
860
880
and old_checker_pid != self.checker.pid):
861
881
# Emit D-Bus signal
862
882
self.CheckerStarted(self.current_checker_command)
863
self.PropertyChanged(
864
dbus.String("CheckerRunning"),
865
dbus.Boolean(True, variant_level=1))
866
883
return r
867
884
868
def stop_checker(self, *args, **kwargs):
869
old_checker = getattr(self, "checker", None)
870
r = Client.stop_checker(self, *args, **kwargs)
871
if (old_checker is not None
872
and getattr(self, "checker", None) is None):
873
self.PropertyChanged(dbus.String("CheckerRunning"),
874
dbus.Boolean(False, variant_level=1))
875
return r
876
877
885
def _reset_approved(self):
878
886
self._approved = None
879
887
return False
881
889
def approve(self, value=True):
882
890
self.send_changedstate()
883
891
self._approved = value
884
gobject.timeout_add(self._timedelta_to_milliseconds
892
gobject.timeout_add(_timedelta_to_milliseconds
885
893
(self.approval_duration),
886
894
self._reset_approved)
887
895
979
987
if value is None: # get
980
988
return dbus.Boolean(self.approved_by_default)
981
989
self.approved_by_default = bool(value)
982
# Emit D-Bus signal
983
self.PropertyChanged(dbus.String("ApprovedByDefault"),
984
dbus.Boolean(value, variant_level=1))
985
990
986
991
# ApprovalDelay - property
987
992
@dbus_service_property(_interface, signature="t",
990
995
if value is None: # get
991
996
return dbus.UInt64(self.approval_delay_milliseconds())
992
997
self.approval_delay = datetime.timedelta(0, 0, 0, value)
993
# Emit D-Bus signal
994
self.PropertyChanged(dbus.String("ApprovalDelay"),
995
dbus.UInt64(value, variant_level=1))
996
998
997
999
# ApprovalDuration - property
998
1000
@dbus_service_property(_interface, signature="t",
999
1001
access="readwrite")
1000
1002
def ApprovalDuration_dbus_property(self, value=None):
1001
1003
if value is None: # get
1002
return dbus.UInt64(self._timedelta_to_milliseconds(
1004
return dbus.UInt64(_timedelta_to_milliseconds(
1003
1005
self.approval_duration))
1004
1006
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1005
# Emit D-Bus signal
1006
self.PropertyChanged(dbus.String("ApprovalDuration"),
1007
dbus.UInt64(value, variant_level=1))
1008
1007
1009
1008
# Name - property
1010
1009
@dbus_service_property(_interface, signature="s", access="read")
1023
1022
if value is None: # get
1024
1023
return dbus.String(self.host)
1025
1024
self.host = value
1026
# Emit D-Bus signal
1027
self.PropertyChanged(dbus.String("Host"),
1028
dbus.String(value, variant_level=1))
1029
1025
1030
1026
# Created - property
1031
1027
@dbus_service_property(_interface, signature="s", access="read")
1032
1028
def Created_dbus_property(self):
1033
return dbus.String(self._datetime_to_dbus(self.created))
1029
return dbus.String(datetime_to_dbus(self.created))
1034
1030
1035
1031
# LastEnabled - property
1036
1032
@dbus_service_property(_interface, signature="s", access="read")
1037
1033
def LastEnabled_dbus_property(self):
1038
if self.last_enabled is None:
1039
return dbus.String("")
1040
return dbus.String(self._datetime_to_dbus(self.last_enabled))
1034
return datetime_to_dbus(self.last_enabled)
1041
1035
1042
1036
# Enabled - property
1043
1037
@dbus_service_property(_interface, signature="b",
1057
1051
if value is not None:
1058
1052
self.checked_ok()
1059
1053
return
1060
if self.last_checked_ok is None:
1061
return dbus.String("")
1062
return dbus.String(self._datetime_to_dbus(self
1063
.last_checked_ok))
1054
return datetime_to_dbus(self.last_checked_ok)
1055
1056
# Expires - property
1057
@dbus_service_property(_interface, signature="s", access="read")
1058
def Expires_dbus_property(self):
1059
return datetime_to_dbus(self.expires)
1064
1060
1065
1061
# LastApprovalRequest - property
1066
1062
@dbus_service_property(_interface, signature="s", access="read")
1067
1063
def LastApprovalRequest_dbus_property(self):
1068
if self.last_approval_request is None:
1069
return dbus.String("")
1070
return dbus.String(self.
1071
_datetime_to_dbus(self
1072
.last_approval_request))
1064
return datetime_to_dbus(self.last_approval_request)
1073
1065
1074
1066
# Timeout - property
1075
1067
@dbus_service_property(_interface, signature="t",
1078
1070
if value is None: # get
1079
1071
return dbus.UInt64(self.timeout_milliseconds())
1080
1072
self.timeout = datetime.timedelta(0, 0, 0, value)
1081
# Emit D-Bus signal
1082
self.PropertyChanged(dbus.String("Timeout"),
1083
dbus.UInt64(value, variant_level=1))
1084
1073
if getattr(self, "disable_initiator_tag", None) is None:
1085
1074
return
1086
1075
# Reschedule timeout
1087
1076
gobject.source_remove(self.disable_initiator_tag)
1088
1077
self.disable_initiator_tag = None
1078
self.expires = None
1089
1079
time_to_die = (self.
1090
1080
_timedelta_to_milliseconds((self
1091
1081
.last_checked_ok
1096
1086
# The timeout has passed
1097
1087
self.disable()
1098
1088
else:
1089
self.expires = (datetime.datetime.utcnow()
1090
+ datetime.timedelta(milliseconds = time_to_die))
1099
1091
self.disable_initiator_tag = (gobject.timeout_add
1100
1092
(time_to_die, self.disable))
1101
1093
1094
# ExtendedTimeout - property
1095
@dbus_service_property(_interface, signature="t",
1096
access="readwrite")
1097
def ExtendedTimeout_dbus_property(self, value=None):
1098
if value is None: # get
1099
return dbus.UInt64(self.extended_timeout_milliseconds())
1100
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1101
1102
1102
# Interval - property
1103
1103
@dbus_service_property(_interface, signature="t",
1104
1104
access="readwrite")
1106
1106
if value is None: # get
1107
1107
return dbus.UInt64(self.interval_milliseconds())
1108
1108
self.interval = datetime.timedelta(0, 0, 0, value)
1109
# Emit D-Bus signal
1110
self.PropertyChanged(dbus.String("Interval"),
1111
dbus.UInt64(value, variant_level=1))
1112
1109
if getattr(self, "checker_initiator_tag", None) is None:
1113
1110
return
1114
1111
# Reschedule checker run
1124
1121
if value is None: # get
1125
1122
return dbus.String(self.checker_command)
1126
1123
self.checker_command = value
1127
# Emit D-Bus signal
1128
self.PropertyChanged(dbus.String("Checker"),
1129
dbus.String(self.checker_command,
1130
variant_level=1))
1131
1124
1132
1125
# CheckerRunning - property
1133
1126
@dbus_service_property(_interface, signature="b",
1260
1253
1261
1254
while True:
1262
1255
if not client.enabled:
1263
logger.warning("Client %s is disabled",
1256
logger.info("Client %s is disabled",
1264
1257
client.name)
1265
1258
if self.server.use_dbus:
1266
1259
# Emit D-Bus signal
1321
1314
1322
1315
logger.info("Sending secret to %s", client.name)
1323
1316
# bump the timeout as if seen
1324
client.checked_ok()
1317
client.checked_ok(client.extended_timeout)
1325
1318
if self.server.use_dbus:
1326
1319
# Emit D-Bus signal
1327
1320
client.GotSecret()
1561
1554
client = c
1562
1555
break
1563
1556
else:
1564
logger.warning("Client not found for fingerprint: %s, ad"
1565
"dress: %s", fpr, address)
1557
logger.info("Client not found for fingerprint: %s, ad"
1558
"dress: %s", fpr, address)
1566
1559
if self.use_dbus:
1567
1560
# Emit D-Bus signal
1568
1561
mandos_dbus_service.ClientNotFound(fpr, address[0])
1788
1781
% server_settings["servicename"]))
1789
1782
1790
1783
# Parse config file with clients
1791
client_defaults = { "timeout": "1h",
1792
"interval": "5m",
1784
client_defaults = { "timeout": "5m",
1785
"extended_timeout": "15m",
1786
"interval": "2m",
1793
1787
"checker": "fping -q -- %%(host)s",
1794
1788
"host": "",
1795
1789
"approval_delay": "0s",
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0