/mandos/trunk : revision 505.1.13

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

Committer: Teddy Hogeborn
Date: 2011-10-10 20:29:58 UTC
mto: (505.2.5 mandos-client-network-hooks)
mto: This revision was merged to the branch mainline in revision 515.
Revision ID: teddy@recompile.se-20111010202958-4nasdbwsxbennrwj

Miscellaneous fixes prompted by lintian:

* debian/control (Conflicts): Changed to "Breaks:".
* debian/copyright: Updated format.
* debian/mandos-client.postinst: Use "set -e" instead of "#!/bin/sh -e".
* debian/mandos-client.postrm: - '' -
* debian/mandos.postinst: - '' -
* debian/mandos.prerm: Consistent magic.
* mandos: Small comment change.
* mandos-clients.conf.xml (OPTIONS/extended_timeout): Fix spelling.

Show diffs side-by-side

added added

removed removed

mandos

SO_BINDTODEVICE = None

version = "1.3.1"

version = "1.4.0"

#logger = logging.getLogger('mandos')

logger = logging.Logger('mandos')

160

" after %i retries, exiting.",

161

self.rename_count)

162

raise AvahiServiceError("Too many renames")

163

self.name = unicode(self.server.GetAlternativeServiceName(self.name))

163

self.name = unicode(self.server

164

.GetAlternativeServiceName(self.name))

164

165

logger.info("Changing Zeroconf service name to %r ...",

165

166

self.name)

166

167

syslogger.setFormatter(logging.Formatter

321

322

323

def extended_timeout_milliseconds(self):

323

324

"Return the 'extended_timeout' attribute in milliseconds"

324

return _timedelta_to_milliseconds(self.extended_timeout)

325

return _timedelta_to_milliseconds(self.extended_timeout)

325

326

327

def interval_milliseconds(self):

327

328

"Return the 'interval' attribute in milliseconds"

361

362

self.last_enabled = None

362

363

self.last_checked_ok = None

363

364

self.timeout = string_to_delta(config["timeout"])

364

self.extended_timeout = string_to_delta(config["extended_timeout"])

365

self.extended_timeout = string_to_delta(config

366

["extended_timeout"])

365

367

self.interval = string_to_delta(config["interval"])

366

368

self.disable_hook = disable_hook

367

369

self.checker = None

380

382

config["approval_delay"])

381

383

self.approval_duration = string_to_delta(

382

384

config["approval_duration"])

383

self.changedstate = multiprocessing_manager.Condition(multiprocessing_manager.Lock())

385

self.changedstate = (multiprocessing_manager

386

.Condition(multiprocessing_manager

387

.Lock()))

384

388

385

389

def send_changedstate(self):

386

390

self.changedstate.acquire()

387

391

self.changedstate.notify_all()

388

392

self.changedstate.release()

389

393

390

394

def enable(self):

391

395

"""Start this client's checker and timeout hooks"""

392

396

if getattr(self, "enabled", False):

461

465

timeout = self.timeout

462

466

self.last_checked_ok = datetime.datetime.utcnow()

463

467

gobject.source_remove(self.disable_initiator_tag)

468

self.disable_initiator_tag = (gobject.timeout_add

469

(_timedelta_to_milliseconds

470

(timeout), self.disable))

464

471

self.expires = datetime.datetime.utcnow() + timeout

465

self.disable_initiator_tag = (gobject.timeout_add

466

(_timedelta_to_milliseconds(timeout),

467

self.disable))

468

472

469

473

def need_approval(self):

470

474

self.last_approval_request = datetime.datetime.utcnow()

629

633

"""

630

634

return ((prop.__get__(self)._dbus_name, prop.__get__(self))

631

635

for cls in self.__class__.__mro__

632

for name, prop in inspect.getmembers(cls, self._is_dbus_property))

636

for name, prop in

637

inspect.getmembers(cls, self._is_dbus_property))

633

638

634

639

def _get_dbus_property(self, interface_name, property_name):

635

640

"""Returns a bound method if one exists which is a D-Bus

636

641

property with the specified name and interface.

637

642

"""

638

643

for cls in self.__class__.__mro__:

639

for name, value in inspect.getmembers(cls, self._is_dbus_property):

640

if value._dbus_name == property_name and value._dbus_interface == interface_name:

644

for name, value in (inspect.getmembers

645

(cls, self._is_dbus_property)):

646

if (value._dbus_name == property_name

647

and value._dbus_interface == interface_name):

641

648

return value.__get__(self)

642

649

643

650

# No such property

754

761

return dbus.String(dt.isoformat(),

755

762

variant_level=variant_level)

756

763

757

class AlternateDBusNamesMetaclass(DBusObjectWithProperties.__metaclass__):

764

class AlternateDBusNamesMetaclass(DBusObjectWithProperties

765

.__metaclass__):

758

766

"""Applied to an empty subclass of a D-Bus object, this metaclass

759

767

will add additional D-Bus attributes matching a certain pattern.

760

768

"""

890

898

to the D-Bus. Default: no transform

891

899

variant_level: D-Bus variant level. Default: 1

892

900

"""

893

real_value = [None,]

901

attrname = "_{0}".format(dbus_name)

894

902

def setter(self, value):

895

old_value = real_value[0]

896

real_value[0] = value

897

903

if hasattr(self, "dbus_object_path"):

898

if type_func(old_value) != type_func(real_value[0]):

899

dbus_value = transform_func(type_func(real_value[0]),

904

if (not hasattr(self, attrname) or

905

type_func(getattr(self, attrname, None))

906

!= type_func(value)):

907

dbus_value = transform_func(type_func(value),

900

908

variant_level)

901

909

self.PropertyChanged(dbus.String(dbus_name),

902

910

dbus_value)

911

setattr(self, attrname, value)

903

912

904

return property(lambda self: real_value[0], setter)

913

return property(lambda self: getattr(self, attrname), setter)

905

914

906

915

907

916

expires = notifychangeproperty(datetime_to_dbus, "Expires")

912

921

last_enabled = notifychangeproperty(datetime_to_dbus,

913

922

"LastEnabled")

914

923

checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",

915

type_func = lambda checker: checker is not None)

924

type_func = lambda checker:

925

checker is not None)

916

926

last_checked_ok = notifychangeproperty(datetime_to_dbus,

917

927

"LastCheckedOK")

918

last_approval_request = notifychangeproperty(datetime_to_dbus,

919

"LastApprovalRequest")

928

last_approval_request = notifychangeproperty(

929

datetime_to_dbus, "LastApprovalRequest")

920

930

approved_by_default = notifychangeproperty(dbus.Boolean,

921

931

"ApprovedByDefault")

922

approval_delay = notifychangeproperty(dbus.UInt16, "ApprovalDelay",

923

type_func = _timedelta_to_milliseconds)

924

approval_duration = notifychangeproperty(dbus.UInt16, "ApprovalDuration",

925

type_func = _timedelta_to_milliseconds)

932

approval_delay = notifychangeproperty(dbus.UInt16,

933

"ApprovalDelay",

934

type_func =

935

_timedelta_to_milliseconds)

936

approval_duration = notifychangeproperty(

937

dbus.UInt16, "ApprovalDuration",

938

type_func = _timedelta_to_milliseconds)

926

939

host = notifychangeproperty(dbus.String, "Host")

927

940

timeout = notifychangeproperty(dbus.UInt16, "Timeout",

928

type_func = _timedelta_to_milliseconds)

929

extended_timeout = notifychangeproperty(dbus.UInt16, "ExtendedTimeout",

930

type_func = _timedelta_to_milliseconds)

931

interval = notifychangeproperty(dbus.UInt16, "Interval",

932

type_func = _timedelta_to_milliseconds)

941

type_func =

942

_timedelta_to_milliseconds)

943

extended_timeout = notifychangeproperty(

944

dbus.UInt16, "ExtendedTimeout",

945

type_func = _timedelta_to_milliseconds)

946

interval = notifychangeproperty(dbus.UInt16,

947

"Interval",

948

type_func =

949

_timedelta_to_milliseconds)

933

950

checker_command = notifychangeproperty(dbus.String, "Checker")

934

951

935

952

del notifychangeproperty

1181

1198

self.disable()

1182

1199

else:

1183

1200

self.expires = (datetime.datetime.utcnow()

1184

+ datetime.timedelta(milliseconds = time_to_die))

1201

+ datetime.timedelta(milliseconds =

1202

time_to_die))

1185

1203

self.disable_initiator_tag = (gobject.timeout_add

1186

1204

(time_to_die, self.disable))

1187

1205

1353

1371

client.name)

1354

1372

if self.server.use_dbus:

1355

1373

# Emit D-Bus signal

1356

client.Rejected("Disabled")

1374

client.Rejected("Disabled")

1357

1375

return

1358

1376

1359

1377

if client._approved or not client.approval_delay:

1376

1394

return

1377

1395

1378

1396

#wait until timeout or approved

1379

#x = float(client._timedelta_to_milliseconds(delay))

1380

1397

time = datetime.datetime.now()

1381

1398

client.changedstate.acquire()

1382

client.changedstate.wait(float(client._timedelta_to_milliseconds(delay) / 1000))

1399

(client.changedstate.wait

1400

(float(client._timedelta_to_milliseconds(delay)

1401

/ 1000)))

1383

1402

client.changedstate.release()

1384

1403

time2 = datetime.datetime.now()

1385

1404

if (time2 - time) >= delay:

1409

1428

sent_size += sent

1410

1429

1411

1430

logger.info("Sending secret to %s", client.name)

1412

# bump the timeout as if seen

1431

# bump the timeout using extended_timeout

1413

1432

client.checked_ok(client.extended_timeout)

1414

1433

if self.server.use_dbus:

1415

1434

# Emit D-Bus signal

1495

1514

except:

1496

1515

self.handle_error(request, address)

1497

1516

self.close_request(request)

1498

1517

1499

1518

def process_request(self, request, address):

1500

1519

"""Start a new process to process the request."""

1501

multiprocessing.Process(target = self.sub_process_main,

1502

args = (request, address)).start()

1520

proc = multiprocessing.Process(target = self.sub_process_main,

1521

args = (request,

1522

address))

1523

proc.start()

1524

return proc

1503

1525

1504

1526

1505

1527

class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):

1511

1533

"""

1512

1534

parent_pipe, self.child_pipe = multiprocessing.Pipe()

1513

1535

1514

super(MultiprocessingMixInWithPipe,

1515

self).process_request(request, client_address)

1536

proc = MultiprocessingMixIn.process_request(self, request,

1537

client_address)

1516

1538

self.child_pipe.close()

1517

self.add_pipe(parent_pipe)

1539

self.add_pipe(parent_pipe, proc)

1518

1540

1519

def add_pipe(self, parent_pipe):

1541

def add_pipe(self, parent_pipe, proc):

1520

1542

"""Dummy function; override as necessary"""

1521

1543

raise NotImplementedError

1522

1544

1610

1632

def server_activate(self):

1611

1633

if self.enabled:

1612

1634

return socketserver.TCPServer.server_activate(self)

1635

1613

1636

def enable(self):

1614

1637

self.enabled = True

1615

def add_pipe(self, parent_pipe):

1638

1639

def add_pipe(self, parent_pipe, proc):

1616

1640

# Call "handle_ipc" for both data and EOF events

1617

1641

gobject.io_add_watch(parent_pipe.fileno(),

1618

1642

gobject.IO_IN | gobject.IO_HUP,

1619

1643

functools.partial(self.handle_ipc,

1620

parent_pipe = parent_pipe))

1621

1644

parent_pipe =

1645

parent_pipe,

1646

proc = proc))

1647

1622

1648

def handle_ipc(self, source, condition, parent_pipe=None,

1623

client_object=None):

1649

proc = None, client_object=None):

1624

1650

condition_names = {

1625

1651

gobject.IO_IN: "IN", # There is data to read.

1626

1652

gobject.IO_OUT: "OUT", # Data can be written (without

1635

1661

for cond, name in

1636

1662

condition_names.iteritems()

1637

1663

if cond & condition)

1638

# error or the other end of multiprocessing.Pipe has closed

1664

# error, or the other end of multiprocessing.Pipe has closed

1639

1665

if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):

1666

# Wait for other process to exit

1667

proc.join()

1640

1668

return False

1641

1669

1642

1670

# Read a request from the child

1656

1684

"dress: %s", fpr, address)

1657

1685

if self.use_dbus:

1658

1686

# Emit D-Bus signal

1659

mandos_dbus_service.ClientNotFound(fpr, address[0])

1687

mandos_dbus_service.ClientNotFound(fpr,

1688

address[0])

1660

1689

parent_pipe.send(False)

1661

1690

return False

1662

1691

1663

1692

gobject.io_add_watch(parent_pipe.fileno(),

1664

1693

gobject.IO_IN | gobject.IO_HUP,

1665

1694

functools.partial(self.handle_ipc,

1666

parent_pipe = parent_pipe,

1667

client_object = client))

1695

parent_pipe =

1696

parent_pipe,

1697

proc = proc,

1698

client_object =

1699

client))

1668

1700

parent_pipe.send(True)

1669

# remove the old hook in favor of the new above hook on same fileno

1701

# remove the old hook in favor of the new above hook on

1702

# same fileno

1670

1703

return False

1671

1704

if command == 'funcall':

1672

1705

funcname = request[1]

1673

1706

args = request[2]

1674

1707

kwargs = request[3]

1675

1708

1676

parent_pipe.send(('data', getattr(client_object, funcname)(*args, **kwargs)))

1709

parent_pipe.send(('data', getattr(client_object,

1710

funcname)(*args,

1711

**kwargs)))

1677

1712

1678

1713

if command == 'getattr':

1679

1714

attrname = request[1]

1680

1715

if callable(client_object.__getattribute__(attrname)):

1681

1716

parent_pipe.send(('function',))

1682

1717

else:

1683

parent_pipe.send(('data', client_object.__getattribute__(attrname)))

1718

parent_pipe.send(('data', client_object

1719

.__getattribute__(attrname)))

1684

1720

1685

1721

if command == 'setattr':

1686

1722

attrname = request[1]

1977

2013

try:

1978

2014

bus_name = dbus.service.BusName("se.recompile.Mandos",

1979

2015

bus, do_not_queue=True)

1980

old_bus_name = dbus.service.BusName("se.bsnet.fukt.Mandos",

1981

bus, do_not_queue=True)

2016

old_bus_name = (dbus.service.BusName

2017

("se.bsnet.fukt.Mandos", bus,

2018

do_not_queue=True))

1982

2019

except dbus.exceptions.NameExistsException as e:

1983

2020

logger.error(unicode(e) + ", disabling D-Bus")

1984

2021

use_dbus = False

1997

2034

1998

2035

client_class = Client

1999

2036

if use_dbus:

2000

client_class = functools.partial(ClientDBusTransitional, bus = bus)

2037

client_class = functools.partial(ClientDBusTransitional,

2038

bus = bus)

2001

2039

def client_config_items(config, section):

2002

2040

special_settings = {

2003

2041

"approved_by_default":

2098

2136

"Cleanup function; run on exit"

2099

2137

service.cleanup()

2100

2138

2139

multiprocessing.active_children()

2101

2140

while tcp_server.clients:

2102

2141

client = tcp_server.clients.pop()

2103

2142

if use_dbus:

2107

2146

client.disable(quiet=True)

2108

2147

if use_dbus:

2109

2148

# Emit D-Bus signal

2110

mandos_dbus_service.ClientRemoved(client.dbus_object_path,

2149

mandos_dbus_service.ClientRemoved(client

2150

.dbus_object_path,

2111

2151

client.name)

2112

2152

2113

2153

atexit.register(cleanup)

Older »