151
152
self.group = None # our entry group
152
153
self.server = None
155
self.entry_group_state_changed_match = None
154
156
def rename(self):
155
157
"""Derived from the Avahi example code"""
156
158
if self.rename_count >= self.max_renames:
157
logger.critical(u"No suitable Zeroconf service name found"
158
u" after %i retries, exiting.",
159
logger.critical("No suitable Zeroconf service name found"
160
" after %i retries, exiting.",
159
161
self.rename_count)
160
raise AvahiServiceError(u"Too many renames")
161
self.name = self.server.GetAlternativeServiceName(self.name)
162
logger.info(u"Changing Zeroconf service name to %r ...",
162
raise AvahiServiceError("Too many renames")
163
self.name = unicode(self.server.GetAlternativeServiceName(self.name))
164
logger.info("Changing Zeroconf service name to %r ...",
164
166
syslogger.setFormatter(logging.Formatter
165
(u'Mandos (%s) [%%(process)d]:'
166
u' %%(levelname)s: %%(message)s'
167
('Mandos (%s) [%%(process)d]:'
168
' %%(levelname)s: %%(message)s'
173
except dbus.exceptions.DBusException as error:
174
logger.critical("DBusException: %s", error)
170
177
self.rename_count += 1
171
178
def remove(self):
172
179
"""Derived from the Avahi example code"""
180
if self.entry_group_state_changed_match is not None:
181
self.entry_group_state_changed_match.remove()
182
self.entry_group_state_changed_match = None
173
183
if self.group is not None:
174
184
self.group.Reset()
176
186
"""Derived from the Avahi example code"""
177
188
if self.group is None:
178
189
self.group = dbus.Interface(
179
190
self.bus.get_object(avahi.DBUS_NAME,
180
191
self.server.EntryGroupNew()),
181
192
avahi.DBUS_INTERFACE_ENTRY_GROUP)
182
self.group.connect_to_signal('StateChanged',
184
.entry_group_state_changed)
185
logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",
193
self.entry_group_state_changed_match = (
194
self.group.connect_to_signal(
195
'StateChanged', self .entry_group_state_changed))
196
logger.debug("Adding Zeroconf service '%s' of type '%s' ...",
186
197
self.name, self.type)
187
198
self.group.AddService(
195
206
self.group.Commit()
196
207
def entry_group_state_changed(self, state, error):
197
208
"""Derived from the Avahi example code"""
198
logger.debug(u"Avahi state change: %i", state)
209
logger.debug("Avahi entry group state change: %i", state)
200
211
if state == avahi.ENTRY_GROUP_ESTABLISHED:
201
logger.debug(u"Zeroconf service established.")
212
logger.debug("Zeroconf service established.")
202
213
elif state == avahi.ENTRY_GROUP_COLLISION:
203
logger.warning(u"Zeroconf service name collision.")
214
logger.info("Zeroconf service name collision.")
205
216
elif state == avahi.ENTRY_GROUP_FAILURE:
206
logger.critical(u"Avahi: Error in group state changed %s",
217
logger.critical("Avahi: Error in group state changed %s",
208
raise AvahiGroupError(u"State changed: %s"
219
raise AvahiGroupError("State changed: %s"
209
220
% unicode(error))
210
221
def cleanup(self):
211
222
"""Derived from the Avahi example code"""
212
223
if self.group is not None:
226
except (dbus.exceptions.UnknownMethodException,
227
dbus.exceptions.DBusException) as e:
214
229
self.group = None
215
def server_state_changed(self, state):
231
def server_state_changed(self, state, error=None):
216
232
"""Derived from the Avahi example code"""
217
if state == avahi.SERVER_COLLISION:
218
logger.error(u"Zeroconf server name collision")
233
logger.debug("Avahi server state change: %i", state)
234
bad_states = { avahi.SERVER_INVALID:
235
"Zeroconf server invalid",
236
avahi.SERVER_REGISTERING: None,
237
avahi.SERVER_COLLISION:
238
"Zeroconf server name collision",
239
avahi.SERVER_FAILURE:
240
"Zeroconf server failure" }
241
if state in bad_states:
242
if bad_states[state] is not None:
244
logger.error(bad_states[state])
246
logger.error(bad_states[state] + ": %r", error)
220
248
elif state == avahi.SERVER_RUNNING:
252
logger.debug("Unknown state: %r", state)
254
logger.debug("Unknown state: %r: %r", state, error)
222
255
def activate(self):
223
256
"""Derived from the Avahi example code"""
224
257
if self.server is None:
225
258
self.server = dbus.Interface(
226
259
self.bus.get_object(avahi.DBUS_NAME,
227
avahi.DBUS_PATH_SERVER),
260
avahi.DBUS_PATH_SERVER,
261
follow_name_owner_changes=True),
228
262
avahi.DBUS_INTERFACE_SERVER)
229
self.server.connect_to_signal(u"StateChanged",
263
self.server.connect_to_signal("StateChanged",
230
264
self.server_state_changed)
231
265
self.server_state_changed(self.server.GetState())
268
def _timedelta_to_milliseconds(td):
269
"Convert a datetime.timedelta() to milliseconds"
270
return ((td.days * 24 * 60 * 60 * 1000)
271
+ (td.seconds * 1000)
272
+ (td.microseconds // 1000))
234
274
class Client(object):
235
275
"""A representation of a client host served by this server.
238
name: string; from the config file, used in log messages and
278
_approved: bool(); 'None' if not yet approved/disapproved
279
approval_delay: datetime.timedelta(); Time to wait for approval
280
approval_duration: datetime.timedelta(); Duration of one approval
281
checker: subprocess.Popen(); a running checker process used
282
to see if the client lives.
283
'None' if no process is running.
284
checker_callback_tag: a gobject event source tag, or None
285
checker_command: string; External command which is run to check
286
if client lives. %() expansions are done at
287
runtime with vars(self) as dict, so that for
288
instance %(name)s can be used in the command.
289
checker_initiator_tag: a gobject event source tag, or None
290
created: datetime.datetime(); (UTC) object creation
291
current_checker_command: string; current running checker_command
292
disable_hook: If set, called by disable() as disable_hook(self)
293
disable_initiator_tag: a gobject event source tag, or None
240
295
fingerprint: string (40 or 32 hexadecimal digits); used to
241
296
uniquely identify the client
242
secret: bytestring; sent verbatim (over TLS) to client
243
297
host: string; available for use by the checker command
244
created: datetime.datetime(); (UTC) object creation
298
interval: datetime.timedelta(); How often to start a new checker
299
last_approval_request: datetime.datetime(); (UTC) or None
300
last_checked_ok: datetime.datetime(); (UTC) or None
245
301
last_enabled: datetime.datetime(); (UTC)
247
last_checked_ok: datetime.datetime(); (UTC) or None
302
name: string; from the config file, used in log messages and
304
secret: bytestring; sent verbatim (over TLS) to client
248
305
timeout: datetime.timedelta(); How long from last_checked_ok
249
306
until this client is disabled
250
interval: datetime.timedelta(); How often to start a new checker
251
disable_hook: If set, called by disable() as disable_hook(self)
252
checker: subprocess.Popen(); a running checker process used
253
to see if the client lives.
254
'None' if no process is running.
255
checker_initiator_tag: a gobject event source tag, or None
256
disable_initiator_tag: - '' -
257
checker_callback_tag: - '' -
258
checker_command: string; External command which is run to check if
259
client lives. %() expansions are done at
260
runtime with vars(self) as dict, so that for
261
instance %(name)s can be used in the command.
262
current_checker_command: string; current running checker_command
263
approved_delay: datetime.timedelta(); Time to wait for approval
264
_approved: bool(); 'None' if not yet approved/disapproved
265
approved_duration: datetime.timedelta(); Duration of one approval
307
extended_timeout: extra long timeout when password has been sent
308
runtime_expansions: Allowed attributes for runtime expansion.
309
expires: datetime.datetime(); time (UTC) when a client will be
269
def _timedelta_to_milliseconds(td):
270
"Convert a datetime.timedelta() to milliseconds"
271
return ((td.days * 24 * 60 * 60 * 1000)
272
+ (td.seconds * 1000)
273
+ (td.microseconds // 1000))
313
runtime_expansions = ("approval_delay", "approval_duration",
314
"created", "enabled", "fingerprint",
315
"host", "interval", "last_checked_ok",
316
"last_enabled", "name", "timeout")
275
318
def timeout_milliseconds(self):
276
319
"Return the 'timeout' attribute in milliseconds"
277
return self._timedelta_to_milliseconds(self.timeout)
320
return _timedelta_to_milliseconds(self.timeout)
322
def extended_timeout_milliseconds(self):
323
"Return the 'extended_timeout' attribute in milliseconds"
324
return _timedelta_to_milliseconds(self.extended_timeout)
279
326
def interval_milliseconds(self):
280
327
"Return the 'interval' attribute in milliseconds"
281
return self._timedelta_to_milliseconds(self.interval)
283
def approved_delay_milliseconds(self):
284
return self._timedelta_to_milliseconds(self.approved_delay)
328
return _timedelta_to_milliseconds(self.interval)
330
def approval_delay_milliseconds(self):
331
return _timedelta_to_milliseconds(self.approval_delay)
286
333
def __init__(self, name = None, disable_hook=None, config=None):
287
334
"""Note: the 'checker' key in 'config' sets the
291
338
if config is None:
293
logger.debug(u"Creating client %r", self.name)
340
logger.debug("Creating client %r", self.name)
294
341
# Uppercase and remove spaces from fingerprint for later
295
342
# comparison purposes with return value from the fingerprint()
297
self.fingerprint = (config[u"fingerprint"].upper()
299
logger.debug(u" Fingerprint: %s", self.fingerprint)
300
if u"secret" in config:
301
self.secret = config[u"secret"].decode(u"base64")
302
elif u"secfile" in config:
344
self.fingerprint = (config["fingerprint"].upper()
346
logger.debug(" Fingerprint: %s", self.fingerprint)
347
if "secret" in config:
348
self.secret = config["secret"].decode("base64")
349
elif "secfile" in config:
303
350
with open(os.path.expanduser(os.path.expandvars
304
(config[u"secfile"])),
351
(config["secfile"])),
305
352
"rb") as secfile:
306
353
self.secret = secfile.read()
308
#XXX Need to allow secret on demand!
309
raise TypeError(u"No secret or secfile for client %s"
355
raise TypeError("No secret or secfile for client %s"
311
self.host = config.get(u"host", u"")
357
self.host = config.get("host", "")
312
358
self.created = datetime.datetime.utcnow()
313
359
self.enabled = False
360
self.last_approval_request = None
314
361
self.last_enabled = None
315
362
self.last_checked_ok = None
316
self.timeout = string_to_delta(config[u"timeout"])
317
self.interval = string_to_delta(config[u"interval"])
363
self.timeout = string_to_delta(config["timeout"])
364
self.extended_timeout = string_to_delta(config["extended_timeout"])
365
self.interval = string_to_delta(config["interval"])
318
366
self.disable_hook = disable_hook
319
367
self.checker = None
320
368
self.checker_initiator_tag = None
321
369
self.disable_initiator_tag = None
322
371
self.checker_callback_tag = None
323
self.checker_command = config[u"checker"]
372
self.checker_command = config["checker"]
324
373
self.current_checker_command = None
325
374
self.last_connect = None
375
self._approved = None
376
self.approved_by_default = config.get("approved_by_default",
326
378
self.approvals_pending = 0
327
self._approved = None
328
self.approved_by_default = config.get(u"approved_by_default",
330
self.approved_delay = string_to_delta(
331
config[u"approved_delay"])
332
self.approved_duration = string_to_delta(
333
config[u"approved_duration"])
379
self.approval_delay = string_to_delta(
380
config["approval_delay"])
381
self.approval_duration = string_to_delta(
382
config["approval_duration"])
334
383
self.changedstate = multiprocessing_manager.Condition(multiprocessing_manager.Lock())
336
385
def send_changedstate(self):
337
386
self.changedstate.acquire()
338
387
self.changedstate.notify_all()
564
624
def _is_dbus_property(obj):
565
return getattr(obj, u"_dbus_is_property", False)
625
return getattr(obj, "_dbus_is_property", False)
567
627
def _get_all_dbus_properties(self):
568
628
"""Returns a generator of (name, attribute) pairs
570
return ((prop._dbus_name, prop)
572
inspect.getmembers(self, self._is_dbus_property))
630
return ((prop.__get__(self)._dbus_name, prop.__get__(self))
631
for cls in self.__class__.__mro__
632
for name, prop in inspect.getmembers(cls, self._is_dbus_property))
574
634
def _get_dbus_property(self, interface_name, property_name):
575
635
"""Returns a bound method if one exists which is a D-Bus
576
636
property with the specified name and interface.
578
for name in (property_name,
579
property_name + u"_dbus_property"):
580
prop = getattr(self, name, None)
582
or not self._is_dbus_property(prop)
583
or prop._dbus_name != property_name
584
or (interface_name and prop._dbus_interface
585
and interface_name != prop._dbus_interface)):
638
for cls in self.__class__.__mro__:
639
for name, value in inspect.getmembers(cls, self._is_dbus_property):
640
if value._dbus_name == property_name and value._dbus_interface == interface_name:
641
return value.__get__(self)
588
643
# No such property
589
raise DBusPropertyNotFound(self.dbus_object_path + u":"
590
+ interface_name + u"."
644
raise DBusPropertyNotFound(self.dbus_object_path + ":"
645
+ interface_name + "."
593
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"ss",
648
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
595
650
def Get(self, interface_name, property_name):
596
651
"""Standard D-Bus property Get() method, see D-Bus standard.
598
653
prop = self._get_dbus_property(interface_name, property_name)
599
if prop._dbus_access == u"write":
654
if prop._dbus_access == "write":
600
655
raise DBusPropertyAccessException(property_name)
602
if not hasattr(value, u"variant_level"):
657
if not hasattr(value, "variant_level"):
604
659
return type(value)(value, variant_level=value.variant_level+1)
606
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"ssv")
661
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ssv")
607
662
def Set(self, interface_name, property_name, value):
608
663
"""Standard D-Bus property Set() method, see D-Bus standard.
610
665
prop = self._get_dbus_property(interface_name, property_name)
611
if prop._dbus_access == u"read":
666
if prop._dbus_access == "read":
612
667
raise DBusPropertyAccessException(property_name)
613
if prop._dbus_get_args_options[u"byte_arrays"]:
668
if prop._dbus_get_args_options["byte_arrays"]:
614
669
# The byte_arrays option is not supported yet on
615
670
# signatures other than "ay".
616
if prop._dbus_signature != u"ay":
671
if prop._dbus_signature != "ay":
618
673
value = dbus.ByteArray(''.join(unichr(byte)
619
674
for byte in value))
622
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature=u"s",
623
out_signature=u"a{sv}")
677
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
678
out_signature="a{sv}")
624
679
def GetAll(self, interface_name):
625
680
"""Standard D-Bus property GetAll() method, see D-Bus
628
683
Note: Will not include properties with access="write".
657
712
document = xml.dom.minidom.parseString(xmlstring)
658
713
def make_tag(document, name, prop):
659
e = document.createElement(u"property")
660
e.setAttribute(u"name", name)
661
e.setAttribute(u"type", prop._dbus_signature)
662
e.setAttribute(u"access", prop._dbus_access)
714
e = document.createElement("property")
715
e.setAttribute("name", name)
716
e.setAttribute("type", prop._dbus_signature)
717
e.setAttribute("access", prop._dbus_access)
664
for if_tag in document.getElementsByTagName(u"interface"):
719
for if_tag in document.getElementsByTagName("interface"):
665
720
for tag in (make_tag(document, name, prop)
667
722
in self._get_all_dbus_properties()
668
723
if prop._dbus_interface
669
== if_tag.getAttribute(u"name")):
724
== if_tag.getAttribute("name")):
670
725
if_tag.appendChild(tag)
671
726
# Add the names to the return values for the
672
727
# "org.freedesktop.DBus.Properties" methods
673
if (if_tag.getAttribute(u"name")
674
== u"org.freedesktop.DBus.Properties"):
675
for cn in if_tag.getElementsByTagName(u"method"):
676
if cn.getAttribute(u"name") == u"Get":
677
for arg in cn.getElementsByTagName(u"arg"):
678
if (arg.getAttribute(u"direction")
680
arg.setAttribute(u"name", u"value")
681
elif cn.getAttribute(u"name") == u"GetAll":
682
for arg in cn.getElementsByTagName(u"arg"):
683
if (arg.getAttribute(u"direction")
685
arg.setAttribute(u"name", u"props")
686
xmlstring = document.toxml(u"utf-8")
728
if (if_tag.getAttribute("name")
729
== "org.freedesktop.DBus.Properties"):
730
for cn in if_tag.getElementsByTagName("method"):
731
if cn.getAttribute("name") == "Get":
732
for arg in cn.getElementsByTagName("arg"):
733
if (arg.getAttribute("direction")
735
arg.setAttribute("name", "value")
736
elif cn.getAttribute("name") == "GetAll":
737
for arg in cn.getElementsByTagName("arg"):
738
if (arg.getAttribute("direction")
740
arg.setAttribute("name", "props")
741
xmlstring = document.toxml("utf-8")
687
742
document.unlink()
688
743
except (AttributeError, xml.dom.DOMException,
689
xml.parsers.expat.ExpatError), error:
690
logger.error(u"Failed to override Introspection method",
744
xml.parsers.expat.ExpatError) as error:
745
logger.error("Failed to override Introspection method",
750
def datetime_to_dbus (dt, variant_level=0):
751
"""Convert a UTC datetime.datetime() to a D-Bus type."""
753
return dbus.String("", variant_level = variant_level)
754
return dbus.String(dt.isoformat(),
755
variant_level=variant_level)
757
class AlternateDBusNamesMetaclass(DBusObjectWithProperties.__metaclass__):
758
"""Applied to an empty subclass of a D-Bus object, this metaclass
759
will add additional D-Bus attributes matching a certain pattern.
761
def __new__(mcs, name, bases, attr):
762
# Go through all the base classes which could have D-Bus
763
# methods, signals, or properties in them
764
for base in (b for b in bases
765
if issubclass(b, dbus.service.Object)):
766
# Go though all attributes of the base class
767
for attrname, attribute in inspect.getmembers(base):
768
# Ignore non-D-Bus attributes, and D-Bus attributes
769
# with the wrong interface name
770
if (not hasattr(attribute, "_dbus_interface")
771
or not attribute._dbus_interface
772
.startswith("se.recompile.Mandos")):
774
# Create an alternate D-Bus interface name based on
776
alt_interface = (attribute._dbus_interface
777
.replace("se.recompile.Mandos",
778
"se.bsnet.fukt.Mandos"))
779
# Is this a D-Bus signal?
780
if getattr(attribute, "_dbus_is_signal", False):
781
# Extract the original non-method function by
783
nonmethod_func = (dict(
784
zip(attribute.func_code.co_freevars,
785
attribute.__closure__))["func"]
787
# Create a new, but exactly alike, function
788
# object, and decorate it to be a new D-Bus signal
789
# with the alternate D-Bus interface name
790
new_function = (dbus.service.signal
792
attribute._dbus_signature)
794
nonmethod_func.func_code,
795
nonmethod_func.func_globals,
796
nonmethod_func.func_name,
797
nonmethod_func.func_defaults,
798
nonmethod_func.func_closure)))
799
# Define a creator of a function to call both the
800
# old and new functions, so both the old and new
801
# signals gets sent when the function is called
802
def fixscope(func1, func2):
803
"""This function is a scope container to pass
804
func1 and func2 to the "call_both" function
805
outside of its arguments"""
806
def call_both(*args, **kwargs):
807
"""This function will emit two D-Bus
808
signals by calling func1 and func2"""
809
func1(*args, **kwargs)
810
func2(*args, **kwargs)
812
# Create the "call_both" function and add it to
814
attr[attrname] = fixscope(attribute,
816
# Is this a D-Bus method?
817
elif getattr(attribute, "_dbus_is_method", False):
818
# Create a new, but exactly alike, function
819
# object. Decorate it to be a new D-Bus method
820
# with the alternate D-Bus interface name. Add it
822
attr[attrname] = (dbus.service.method
824
attribute._dbus_in_signature,
825
attribute._dbus_out_signature)
827
(attribute.func_code,
828
attribute.func_globals,
830
attribute.func_defaults,
831
attribute.func_closure)))
832
# Is this a D-Bus property?
833
elif getattr(attribute, "_dbus_is_property", False):
834
# Create a new, but exactly alike, function
835
# object, and decorate it to be a new D-Bus
836
# property with the alternate D-Bus interface
837
# name. Add it to the class.
838
attr[attrname] = (dbus_service_property
840
attribute._dbus_signature,
841
attribute._dbus_access,
843
._dbus_get_args_options
846
(attribute.func_code,
847
attribute.func_globals,
849
attribute.func_defaults,
850
attribute.func_closure)))
851
return type.__new__(mcs, name, bases, attr)
695
853
class ClientDBus(Client, DBusObjectWithProperties):
696
854
"""A Client class using D-Bus
699
857
dbus_object_path: dbus.ObjectPath
700
858
bus: dbus.SystemBus()
861
runtime_expansions = (Client.runtime_expansions
862
+ ("dbus_object_path",))
702
864
# dbus.service.Object doesn't use super(), so we can't either.
704
866
def __init__(self, bus = None, *args, **kwargs):
867
self._approvals_pending = 0
706
869
Client.__init__(self, *args, **kwargs)
707
870
# Only now, when this client is initialized, can it show up on
872
client_object_name = unicode(self.name).translate(
709
875
self.dbus_object_path = (dbus.ObjectPath
711
+ self.name.replace(u".", u"_")))
876
("/clients/" + client_object_name))
712
877
DBusObjectWithProperties.__init__(self, self.bus,
713
878
self.dbus_object_path)
716
def _datetime_to_dbus(dt, variant_level=0):
717
"""Convert a UTC datetime.datetime() to a D-Bus type."""
718
return dbus.String(dt.isoformat(),
719
variant_level=variant_level)
722
oldstate = getattr(self, u"enabled", False)
723
r = Client.enable(self)
724
if oldstate != self.enabled:
726
self.PropertyChanged(dbus.String(u"enabled"),
727
dbus.Boolean(True, variant_level=1))
728
self.PropertyChanged(
729
dbus.String(u"last_enabled"),
730
self._datetime_to_dbus(self.last_enabled,
734
def disable(self, quiet = False):
735
oldstate = getattr(self, u"enabled", False)
736
r = Client.disable(self, quiet=quiet)
737
if not quiet and oldstate != self.enabled:
739
self.PropertyChanged(dbus.String(u"enabled"),
740
dbus.Boolean(False, variant_level=1))
880
def notifychangeproperty(transform_func,
881
dbus_name, type_func=lambda x: x,
883
""" Modify a variable so that it's a property which announces
886
transform_fun: Function that takes a value and transforms it
888
dbus_name: D-Bus name of the variable
889
type_func: Function that transform the value before sending it
890
to the D-Bus. Default: no transform
891
variant_level: D-Bus variant level. Default: 1
894
def setter(self, value):
895
old_value = real_value[0]
896
real_value[0] = value
897
if hasattr(self, "dbus_object_path"):
898
if type_func(old_value) != type_func(real_value[0]):
899
dbus_value = transform_func(type_func(real_value[0]),
901
self.PropertyChanged(dbus.String(dbus_name),
904
return property(lambda self: real_value[0], setter)
907
expires = notifychangeproperty(datetime_to_dbus, "Expires")
908
approvals_pending = notifychangeproperty(dbus.Boolean,
911
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
912
last_enabled = notifychangeproperty(datetime_to_dbus,
914
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
915
type_func = lambda checker: checker is not None)
916
last_checked_ok = notifychangeproperty(datetime_to_dbus,
918
last_approval_request = notifychangeproperty(datetime_to_dbus,
919
"LastApprovalRequest")
920
approved_by_default = notifychangeproperty(dbus.Boolean,
922
approval_delay = notifychangeproperty(dbus.UInt16, "ApprovalDelay",
923
type_func = _timedelta_to_milliseconds)
924
approval_duration = notifychangeproperty(dbus.UInt16, "ApprovalDuration",
925
type_func = _timedelta_to_milliseconds)
926
host = notifychangeproperty(dbus.String, "Host")
927
timeout = notifychangeproperty(dbus.UInt16, "Timeout",
928
type_func = _timedelta_to_milliseconds)
929
extended_timeout = notifychangeproperty(dbus.UInt16, "ExtendedTimeout",
930
type_func = _timedelta_to_milliseconds)
931
interval = notifychangeproperty(dbus.UInt16, "Interval",
932
type_func = _timedelta_to_milliseconds)
933
checker_command = notifychangeproperty(dbus.String, "Checker")
935
del notifychangeproperty
743
937
def __del__(self, *args, **kwargs):
745
939
self.remove_from_connection()
746
940
except LookupError:
748
if hasattr(DBusObjectWithProperties, u"__del__"):
942
if hasattr(DBusObjectWithProperties, "__del__"):
749
943
DBusObjectWithProperties.__del__(self, *args, **kwargs)
750
944
Client.__del__(self, *args, **kwargs)
792
974
and old_checker_pid != self.checker.pid):
793
975
# Emit D-Bus signal
794
976
self.CheckerStarted(self.current_checker_command)
795
self.PropertyChanged(
796
dbus.String(u"checker_running"),
797
dbus.Boolean(True, variant_level=1))
800
def stop_checker(self, *args, **kwargs):
801
old_checker = getattr(self, u"checker", None)
802
r = Client.stop_checker(self, *args, **kwargs)
803
if (old_checker is not None
804
and getattr(self, u"checker", None) is None):
805
self.PropertyChanged(dbus.String(u"checker_running"),
806
dbus.Boolean(False, variant_level=1))
809
979
def _reset_approved(self):
810
980
self._approved = None
813
983
def approve(self, value=True):
984
self.send_changedstate()
814
985
self._approved = value
815
gobject.timeout_add(self._timedelta_to_milliseconds(self.approved_duration, self._reset_approved))
817
def approved_pending(self):
818
return self.approvals_pending > 0
986
gobject.timeout_add(_timedelta_to_milliseconds
987
(self.approval_duration),
988
self._reset_approved)
821
991
## D-Bus methods, signals & properties
822
_interface = u"se.bsnet.fukt.Mandos.Client"
992
_interface = "se.recompile.Mandos.Client"
826
996
# CheckerCompleted - signal
827
@dbus.service.signal(_interface, signature=u"nxs")
997
@dbus.service.signal(_interface, signature="nxs")
828
998
def CheckerCompleted(self, exitcode, waitstatus, command):
832
1002
# CheckerStarted - signal
833
@dbus.service.signal(_interface, signature=u"s")
1003
@dbus.service.signal(_interface, signature="s")
834
1004
def CheckerStarted(self, command):
838
1008
# PropertyChanged - signal
839
@dbus.service.signal(_interface, signature=u"sv")
1009
@dbus.service.signal(_interface, signature="sv")
840
1010
def PropertyChanged(self, property, value):
844
1014
# GotSecret - signal
845
1015
@dbus.service.signal(_interface)
846
1016
def GotSecret(self):
848
if self.approved_pending():
849
self.PropertyChanged(dbus.String(u"checker_running"),
850
dbus.Boolean(False, variant_level=1))
1018
Is sent after a successful transfer of secret from the Mandos
1019
server to mandos-client
852
1023
# Rejected - signal
853
@dbus.service.signal(_interface, signature=u"s")
1024
@dbus.service.signal(_interface, signature="s")
854
1025
def Rejected(self, reason):
856
if self.approved_pending():
857
self.PropertyChanged(dbus.String(u"checker_running"),
858
dbus.Boolean(False, variant_level=1))
860
1029
# NeedApproval - signal
861
@dbus.service.signal(_interface, signature=u"db")
1030
@dbus.service.signal(_interface, signature="tb")
862
1031
def NeedApproval(self, timeout, default):
864
if not self.approved_pending():
865
self.PropertyChanged(dbus.String(u"approved_pending"),
866
dbus.Boolean(True, variant_level=1))
1033
return self.need_approval()
870
1037
# Approve - method
871
@dbus.service.method(_interface, in_signature=u"b")
1038
@dbus.service.method(_interface, in_signature="b")
872
1039
def Approve(self, value):
873
1040
self.approve(value)
875
1042
# CheckedOK - method
876
1043
@dbus.service.method(_interface)
877
1044
def CheckedOK(self):
878
return self.checked_ok()
880
1047
# Enable - method
881
1048
@dbus.service.method(_interface)
905
# approved_pending - property
906
@dbus_service_property(_interface, signature=u"b", access=u"read")
907
def approved_pending_dbus_property(self):
908
return dbus.Boolean(self.approved_pending())
910
# approved_by_default - property
911
@dbus_service_property(_interface, signature=u"b",
913
def approved_by_default_dbus_property(self):
914
return dbus.Boolean(self.approved_by_default)
916
# approved_delay - property
917
@dbus_service_property(_interface, signature=u"t",
919
def approved_delay_dbus_property(self):
920
return dbus.UInt64(self.approved_delay_milliseconds())
922
# approved_duration - property
923
@dbus_service_property(_interface, signature=u"t",
925
def approved_duration_dbus_property(self):
926
return dbus.UInt64(self._timedelta_to_milliseconds(
927
self.approved_duration))
930
@dbus_service_property(_interface, signature=u"s", access=u"read")
931
def name_dbus_property(self):
1072
# ApprovalPending - property
1073
@dbus_service_property(_interface, signature="b", access="read")
1074
def ApprovalPending_dbus_property(self):
1075
return dbus.Boolean(bool(self.approvals_pending))
1077
# ApprovedByDefault - property
1078
@dbus_service_property(_interface, signature="b",
1080
def ApprovedByDefault_dbus_property(self, value=None):
1081
if value is None: # get
1082
return dbus.Boolean(self.approved_by_default)
1083
self.approved_by_default = bool(value)
1085
# ApprovalDelay - property
1086
@dbus_service_property(_interface, signature="t",
1088
def ApprovalDelay_dbus_property(self, value=None):
1089
if value is None: # get
1090
return dbus.UInt64(self.approval_delay_milliseconds())
1091
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1093
# ApprovalDuration - property
1094
@dbus_service_property(_interface, signature="t",
1096
def ApprovalDuration_dbus_property(self, value=None):
1097
if value is None: # get
1098
return dbus.UInt64(_timedelta_to_milliseconds(
1099
self.approval_duration))
1100
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1103
@dbus_service_property(_interface, signature="s", access="read")
1104
def Name_dbus_property(self):
932
1105
return dbus.String(self.name)
934
# fingerprint - property
935
@dbus_service_property(_interface, signature=u"s", access=u"read")
936
def fingerprint_dbus_property(self):
1107
# Fingerprint - property
1108
@dbus_service_property(_interface, signature="s", access="read")
1109
def Fingerprint_dbus_property(self):
937
1110
return dbus.String(self.fingerprint)
940
@dbus_service_property(_interface, signature=u"s",
942
def host_dbus_property(self, value=None):
1113
@dbus_service_property(_interface, signature="s",
1115
def Host_dbus_property(self, value=None):
943
1116
if value is None: # get
944
1117
return dbus.String(self.host)
945
1118
self.host = value
947
self.PropertyChanged(dbus.String(u"host"),
948
dbus.String(value, variant_level=1))
951
@dbus_service_property(_interface, signature=u"s", access=u"read")
952
def created_dbus_property(self):
953
return dbus.String(self._datetime_to_dbus(self.created))
955
# last_enabled - property
956
@dbus_service_property(_interface, signature=u"s", access=u"read")
957
def last_enabled_dbus_property(self):
958
if self.last_enabled is None:
959
return dbus.String(u"")
960
return dbus.String(self._datetime_to_dbus(self.last_enabled))
963
@dbus_service_property(_interface, signature=u"b",
965
def enabled_dbus_property(self, value=None):
1120
# Created - property
1121
@dbus_service_property(_interface, signature="s", access="read")
1122
def Created_dbus_property(self):
1123
return dbus.String(datetime_to_dbus(self.created))
1125
# LastEnabled - property
1126
@dbus_service_property(_interface, signature="s", access="read")
1127
def LastEnabled_dbus_property(self):
1128
return datetime_to_dbus(self.last_enabled)
1130
# Enabled - property
1131
@dbus_service_property(_interface, signature="b",
1133
def Enabled_dbus_property(self, value=None):
966
1134
if value is None: # get
967
1135
return dbus.Boolean(self.enabled)
973
# last_checked_ok - property
974
@dbus_service_property(_interface, signature=u"s",
976
def last_checked_ok_dbus_property(self, value=None):
1141
# LastCheckedOK - property
1142
@dbus_service_property(_interface, signature="s",
1144
def LastCheckedOK_dbus_property(self, value=None):
977
1145
if value is not None:
978
1146
self.checked_ok()
980
if self.last_checked_ok is None:
981
return dbus.String(u"")
982
return dbus.String(self._datetime_to_dbus(self
986
@dbus_service_property(_interface, signature=u"t",
988
def timeout_dbus_property(self, value=None):
1148
return datetime_to_dbus(self.last_checked_ok)
1150
# Expires - property
1151
@dbus_service_property(_interface, signature="s", access="read")
1152
def Expires_dbus_property(self):
1153
return datetime_to_dbus(self.expires)
1155
# LastApprovalRequest - property
1156
@dbus_service_property(_interface, signature="s", access="read")
1157
def LastApprovalRequest_dbus_property(self):
1158
return datetime_to_dbus(self.last_approval_request)
1160
# Timeout - property
1161
@dbus_service_property(_interface, signature="t",
1163
def Timeout_dbus_property(self, value=None):
989
1164
if value is None: # get
990
1165
return dbus.UInt64(self.timeout_milliseconds())
991
1166
self.timeout = datetime.timedelta(0, 0, 0, value)
993
self.PropertyChanged(dbus.String(u"timeout"),
994
dbus.UInt64(value, variant_level=1))
995
if getattr(self, u"disable_initiator_tag", None) is None:
1167
if getattr(self, "disable_initiator_tag", None) is None:
997
1169
# Reschedule timeout
998
1170
gobject.source_remove(self.disable_initiator_tag)
999
1171
self.disable_initiator_tag = None
1000
1173
time_to_die = (self.
1001
1174
_timedelta_to_milliseconds((self
1002
1175
.last_checked_ok
1007
1180
# The timeout has passed
1183
self.expires = (datetime.datetime.utcnow()
1184
+ datetime.timedelta(milliseconds = time_to_die))
1010
1185
self.disable_initiator_tag = (gobject.timeout_add
1011
1186
(time_to_die, self.disable))
1013
# interval - property
1014
@dbus_service_property(_interface, signature=u"t",
1015
access=u"readwrite")
1016
def interval_dbus_property(self, value=None):
1188
# ExtendedTimeout - property
1189
@dbus_service_property(_interface, signature="t",
1191
def ExtendedTimeout_dbus_property(self, value=None):
1192
if value is None: # get
1193
return dbus.UInt64(self.extended_timeout_milliseconds())
1194
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1196
# Interval - property
1197
@dbus_service_property(_interface, signature="t",
1199
def Interval_dbus_property(self, value=None):
1017
1200
if value is None: # get
1018
1201
return dbus.UInt64(self.interval_milliseconds())
1019
1202
self.interval = datetime.timedelta(0, 0, 0, value)
1021
self.PropertyChanged(dbus.String(u"interval"),
1022
dbus.UInt64(value, variant_level=1))
1023
if getattr(self, u"checker_initiator_tag", None) is None:
1203
if getattr(self, "checker_initiator_tag", None) is None:
1025
1205
# Reschedule checker run
1026
1206
gobject.source_remove(self.checker_initiator_tag)
1027
1207
self.checker_initiator_tag = (gobject.timeout_add
1028
1208
(value, self.start_checker))
1029
1209
self.start_checker() # Start one now, too
1031
# checker - property
1032
@dbus_service_property(_interface, signature=u"s",
1033
access=u"readwrite")
1034
def checker_dbus_property(self, value=None):
1211
# Checker - property
1212
@dbus_service_property(_interface, signature="s",
1214
def Checker_dbus_property(self, value=None):
1035
1215
if value is None: # get
1036
1216
return dbus.String(self.checker_command)
1037
1217
self.checker_command = value
1039
self.PropertyChanged(dbus.String(u"checker"),
1040
dbus.String(self.checker_command,
1043
# checker_running - property
1044
@dbus_service_property(_interface, signature=u"b",
1045
access=u"readwrite")
1046
def checker_running_dbus_property(self, value=None):
1219
# CheckerRunning - property
1220
@dbus_service_property(_interface, signature="b",
1222
def CheckerRunning_dbus_property(self, value=None):
1047
1223
if value is None: # get
1048
1224
return dbus.Boolean(self.checker is not None)
1100
1278
def handle(self):
1101
1279
with contextlib.closing(self.server.child_pipe) as child_pipe:
1102
logger.info(u"TCP connection from: %s",
1280
logger.info("TCP connection from: %s",
1103
1281
unicode(self.client_address))
1104
logger.debug(u"Pipe FD: %d",
1282
logger.debug("Pipe FD: %d",
1105
1283
self.server.child_pipe.fileno())
1107
1285
session = (gnutls.connection
1108
1286
.ClientSession(self.request,
1109
1287
gnutls.connection
1110
1288
.X509Credentials()))
1112
1290
# Note: gnutls.connection.X509Credentials is really a
1113
1291
# generic GnuTLS certificate credentials object so long as
1114
1292
# no X.509 keys are added to it. Therefore, we can use it
1115
1293
# here despite using OpenPGP certificates.
1117
#priority = u':'.join((u"NONE", u"+VERS-TLS1.1",
1118
# u"+AES-256-CBC", u"+SHA1",
1119
# u"+COMP-NULL", u"+CTYPE-OPENPGP",
1295
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
1296
# "+AES-256-CBC", "+SHA1",
1297
# "+COMP-NULL", "+CTYPE-OPENPGP",
1121
1299
# Use a fallback default, since this MUST be set.
1122
1300
priority = self.server.gnutls_priority
1123
1301
if priority is None:
1124
priority = u"NORMAL"
1125
1303
(gnutls.library.functions
1126
1304
.gnutls_priority_set_direct(session._c_object,
1127
1305
priority, None))
1129
1307
# Start communication using the Mandos protocol
1130
1308
# Get protocol number
1131
1309
line = self.request.makefile().readline()
1132
logger.debug(u"Protocol version: %r", line)
1310
logger.debug("Protocol version: %r", line)
1134
1312
if int(line.strip().split()[0]) > 1:
1135
1313
raise RuntimeError
1136
except (ValueError, IndexError, RuntimeError), error:
1137
logger.error(u"Unknown protocol version: %s", error)
1314
except (ValueError, IndexError, RuntimeError) as error:
1315
logger.error("Unknown protocol version: %s", error)
1140
1318
# Start GnuTLS connection
1142
1320
session.handshake()
1143
except gnutls.errors.GNUTLSError, error:
1144
logger.warning(u"Handshake failed: %s", error)
1321
except gnutls.errors.GNUTLSError as error:
1322
logger.warning("Handshake failed: %s", error)
1145
1323
# Do not run session.bye() here: the session is not
1146
1324
# established. Just abandon the request.
1148
logger.debug(u"Handshake succeeded")
1326
logger.debug("Handshake succeeded")
1150
1328
approval_required = False
1153
1331
fpr = self.fingerprint(self.peer_certificate
1155
except (TypeError, gnutls.errors.GNUTLSError), error:
1156
logger.warning(u"Bad certificate: %s", error)
1334
gnutls.errors.GNUTLSError) as error:
1335
logger.warning("Bad certificate: %s", error)
1158
logger.debug(u"Fingerprint: %s", fpr)
1337
logger.debug("Fingerprint: %s", fpr)
1161
1340
client = ProxyClient(child_pipe, fpr,
1162
1341
self.client_address)
1163
1342
except KeyError:
1166
if client.approved_delay:
1167
delay = client.approved_delay
1345
if client.approval_delay:
1346
delay = client.approval_delay
1168
1347
client.approvals_pending += 1
1169
1348
approval_required = True
1172
1351
if not client.enabled:
1173
logger.warning(u"Client %s is disabled",
1352
logger.info("Client %s is disabled",
1175
1354
if self.server.use_dbus:
1176
1355
# Emit D-Bus signal
1177
1356
client.Rejected("Disabled")
1180
if client._approved or not client.approved_delay:
1359
if client._approved or not client.approval_delay:
1181
1360
#We are approved or approval is disabled
1183
1362
elif client._approved is None:
1184
logger.info(u"Client %s need approval",
1363
logger.info("Client %s needs approval",
1186
1365
if self.server.use_dbus:
1187
1366
# Emit D-Bus signal
1188
1367
client.NeedApproval(
1189
client.approved_delay_milliseconds(),
1368
client.approval_delay_milliseconds(),
1190
1369
client.approved_by_default)
1192
logger.warning(u"Client %s was not approved",
1371
logger.warning("Client %s was not approved",
1194
1373
if self.server.use_dbus:
1195
1374
# Emit D-Bus signal
1196
client.Rejected("Disapproved")
1375
client.Rejected("Denied")
1199
1378
#wait until timeout or approved
1484
1674
kwargs = request[3]
1486
1676
parent_pipe.send(('data', getattr(client_object, funcname)(*args, **kwargs)))
1488
1678
if command == 'getattr':
1489
1679
attrname = request[1]
1490
1680
if callable(client_object.__getattribute__(attrname)):
1491
1681
parent_pipe.send(('function',))
1493
1683
parent_pipe.send(('data', client_object.__getattribute__(attrname)))
1495
1685
if command == 'setattr':
1496
1686
attrname = request[1]
1497
1687
value = request[2]
1498
1688
setattr(client_object, attrname, value)
1503
1693
def string_to_delta(interval):
1504
1694
"""Parse a string and return a datetime.timedelta
1506
>>> string_to_delta(u'7d')
1696
>>> string_to_delta('7d')
1507
1697
datetime.timedelta(7)
1508
>>> string_to_delta(u'60s')
1698
>>> string_to_delta('60s')
1509
1699
datetime.timedelta(0, 60)
1510
>>> string_to_delta(u'60m')
1700
>>> string_to_delta('60m')
1511
1701
datetime.timedelta(0, 3600)
1512
>>> string_to_delta(u'24h')
1702
>>> string_to_delta('24h')
1513
1703
datetime.timedelta(1)
1514
>>> string_to_delta(u'1w')
1704
>>> string_to_delta('1w')
1515
1705
datetime.timedelta(7)
1516
>>> string_to_delta(u'5m 30s')
1706
>>> string_to_delta('5m 30s')
1517
1707
datetime.timedelta(0, 330)
1519
1709
timevalue = datetime.timedelta(0)
1593
1783
##################################################################
1594
1784
# Parsing of options, both command line and config file
1596
parser = optparse.OptionParser(version = "%%prog %s" % version)
1597
parser.add_option("-i", u"--interface", type=u"string",
1598
metavar="IF", help=u"Bind to interface IF")
1599
parser.add_option("-a", u"--address", type=u"string",
1600
help=u"Address to listen for requests on")
1601
parser.add_option("-p", u"--port", type=u"int",
1602
help=u"Port number to receive requests on")
1603
parser.add_option("--check", action=u"store_true",
1604
help=u"Run self-test")
1605
parser.add_option("--debug", action=u"store_true",
1606
help=u"Debug mode; run in foreground and log to"
1608
parser.add_option("--priority", type=u"string", help=u"GnuTLS"
1609
u" priority string (see GnuTLS documentation)")
1610
parser.add_option("--servicename", type=u"string",
1611
metavar=u"NAME", help=u"Zeroconf service name")
1612
parser.add_option("--configdir", type=u"string",
1613
default=u"/etc/mandos", metavar=u"DIR",
1614
help=u"Directory to search for configuration"
1616
parser.add_option("--no-dbus", action=u"store_false",
1617
dest=u"use_dbus", help=u"Do not provide D-Bus"
1618
u" system bus interface")
1619
parser.add_option("--no-ipv6", action=u"store_false",
1620
dest=u"use_ipv6", help=u"Do not use IPv6")
1621
options = parser.parse_args()[0]
1786
parser = argparse.ArgumentParser()
1787
parser.add_argument("-v", "--version", action="version",
1788
version = "%%(prog)s %s" % version,
1789
help="show version number and exit")
1790
parser.add_argument("-i", "--interface", metavar="IF",
1791
help="Bind to interface IF")
1792
parser.add_argument("-a", "--address",
1793
help="Address to listen for requests on")
1794
parser.add_argument("-p", "--port", type=int,
1795
help="Port number to receive requests on")
1796
parser.add_argument("--check", action="store_true",
1797
help="Run self-test")
1798
parser.add_argument("--debug", action="store_true",
1799
help="Debug mode; run in foreground and log"
1801
parser.add_argument("--debuglevel", metavar="LEVEL",
1802
help="Debug level for stdout output")
1803
parser.add_argument("--priority", help="GnuTLS"
1804
" priority string (see GnuTLS documentation)")
1805
parser.add_argument("--servicename",
1806
metavar="NAME", help="Zeroconf service name")
1807
parser.add_argument("--configdir",
1808
default="/etc/mandos", metavar="DIR",
1809
help="Directory to search for configuration"
1811
parser.add_argument("--no-dbus", action="store_false",
1812
dest="use_dbus", help="Do not provide D-Bus"
1813
" system bus interface")
1814
parser.add_argument("--no-ipv6", action="store_false",
1815
dest="use_ipv6", help="Do not use IPv6")
1816
options = parser.parse_args()
1623
1818
if options.check:
1628
1823
# Default values for config file for server-global settings
1629
server_defaults = { u"interface": u"",
1634
u"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1635
u"servicename": u"Mandos",
1636
u"use_dbus": u"True",
1637
u"use_ipv6": u"True",
1824
server_defaults = { "interface": "",
1829
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1830
"servicename": "Mandos",
1640
1836
# Parse config file for server-global settings
1641
1837
server_config = configparser.SafeConfigParser(server_defaults)
1642
1838
del server_defaults
1643
1839
server_config.read(os.path.join(options.configdir,
1645
1841
# Convert the SafeConfigParser object to a dict
1646
1842
server_settings = server_config.defaults()
1647
1843
# Use the appropriate methods on the non-string config options
1648
for option in (u"debug", u"use_dbus", u"use_ipv6"):
1649
server_settings[option] = server_config.getboolean(u"DEFAULT",
1844
for option in ("debug", "use_dbus", "use_ipv6"):
1845
server_settings[option] = server_config.getboolean("DEFAULT",
1651
1847
if server_settings["port"]:
1652
server_settings["port"] = server_config.getint(u"DEFAULT",
1848
server_settings["port"] = server_config.getint("DEFAULT",
1654
1850
del server_config
1656
1852
# Override the settings from the config file with command line
1657
1853
# options, if set.
1658
for option in (u"interface", u"address", u"port", u"debug",
1659
u"priority", u"servicename", u"configdir",
1660
u"use_dbus", u"use_ipv6"):
1854
for option in ("interface", "address", "port", "debug",
1855
"priority", "servicename", "configdir",
1856
"use_dbus", "use_ipv6", "debuglevel"):
1661
1857
value = getattr(options, option)
1662
1858
if value is not None:
1663
1859
server_settings[option] = value
1671
1867
##################################################################
1673
1869
# For convenience
1674
debug = server_settings[u"debug"]
1675
use_dbus = server_settings[u"use_dbus"]
1676
use_ipv6 = server_settings[u"use_ipv6"]
1679
syslogger.setLevel(logging.WARNING)
1680
console.setLevel(logging.WARNING)
1682
if server_settings[u"servicename"] != u"Mandos":
1870
debug = server_settings["debug"]
1871
debuglevel = server_settings["debuglevel"]
1872
use_dbus = server_settings["use_dbus"]
1873
use_ipv6 = server_settings["use_ipv6"]
1875
if server_settings["servicename"] != "Mandos":
1683
1876
syslogger.setFormatter(logging.Formatter
1684
(u'Mandos (%s) [%%(process)d]:'
1685
u' %%(levelname)s: %%(message)s'
1686
% server_settings[u"servicename"]))
1877
('Mandos (%s) [%%(process)d]:'
1878
' %%(levelname)s: %%(message)s'
1879
% server_settings["servicename"]))
1688
1881
# Parse config file with clients
1689
client_defaults = { u"timeout": u"1h",
1691
u"checker": u"fping -q -- %%(host)s",
1693
u"approved_delay": u"0s",
1694
u"approved_duration": u"1s",
1882
client_defaults = { "timeout": "5m",
1883
"extended_timeout": "15m",
1885
"checker": "fping -q -- %%(host)s",
1887
"approval_delay": "0s",
1888
"approval_duration": "1s",
1696
1890
client_config = configparser.SafeConfigParser(client_defaults)
1697
client_config.read(os.path.join(server_settings[u"configdir"],
1891
client_config.read(os.path.join(server_settings["configdir"],
1700
1894
global mandos_dbus_service
1701
1895
mandos_dbus_service = None
1703
tcp_server = MandosServer((server_settings[u"address"],
1704
server_settings[u"port"]),
1897
tcp_server = MandosServer((server_settings["address"],
1898
server_settings["port"]),
1706
interface=server_settings[u"interface"],
1900
interface=(server_settings["interface"]
1707
1902
use_ipv6=use_ipv6,
1708
1903
gnutls_priority=
1709
server_settings[u"priority"],
1904
server_settings["priority"],
1710
1905
use_dbus=use_dbus)
1711
pidfilename = u"/var/run/mandos.pid"
1713
pidfile = open(pidfilename, u"w")
1715
logger.error(u"Could not open file %r", pidfilename)
1907
pidfilename = "/var/run/mandos.pid"
1909
pidfile = open(pidfilename, "w")
1911
logger.error("Could not open file %r", pidfilename)
1718
uid = pwd.getpwnam(u"_mandos").pw_uid
1719
gid = pwd.getpwnam(u"_mandos").pw_gid
1914
uid = pwd.getpwnam("_mandos").pw_uid
1915
gid = pwd.getpwnam("_mandos").pw_gid
1720
1916
except KeyError:
1722
uid = pwd.getpwnam(u"mandos").pw_uid
1723
gid = pwd.getpwnam(u"mandos").pw_gid
1918
uid = pwd.getpwnam("mandos").pw_uid
1919
gid = pwd.getpwnam("mandos").pw_gid
1724
1920
except KeyError:
1726
uid = pwd.getpwnam(u"nobody").pw_uid
1727
gid = pwd.getpwnam(u"nobody").pw_gid
1922
uid = pwd.getpwnam("nobody").pw_uid
1923
gid = pwd.getpwnam("nobody").pw_gid
1728
1924
except KeyError:
1734
except OSError, error:
1930
except OSError as error:
1735
1931
if error[0] != errno.EPERM:
1738
# Enable all possible GnuTLS debugging
1934
if not debug and not debuglevel:
1935
syslogger.setLevel(logging.WARNING)
1936
console.setLevel(logging.WARNING)
1938
level = getattr(logging, debuglevel.upper())
1939
syslogger.setLevel(level)
1940
console.setLevel(level)
1943
# Enable all possible GnuTLS debugging
1740
1945
# "Use a log level over 10 to enable all debugging options."
1741
1946
# - GnuTLS manual
1742
1947
gnutls.library.functions.gnutls_global_set_log_level(11)
1744
1949
@gnutls.library.types.gnutls_log_func
1745
1950
def debug_gnutls(level, string):
1746
logger.debug(u"GnuTLS: %s", string[:-1])
1951
logger.debug("GnuTLS: %s", string[:-1])
1748
1953
(gnutls.library.functions
1749
1954
.gnutls_global_set_log_function(debug_gnutls))
1956
# Redirect stdin so all checkers get /dev/null
1957
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1958
os.dup2(null, sys.stdin.fileno())
1962
# No console logging
1963
logger.removeHandler(console)
1965
# Need to fork before connecting to D-Bus
1967
# Close all input and output, do double fork, etc.
1751
1970
global main_loop
1752
1971
# From the Avahi example code
1756
1975
# End of Avahi example code
1759
bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos",
1978
bus_name = dbus.service.BusName("se.recompile.Mandos",
1760
1979
bus, do_not_queue=True)
1761
except dbus.exceptions.NameExistsException, e:
1762
logger.error(unicode(e) + u", disabling D-Bus")
1980
old_bus_name = dbus.service.BusName("se.bsnet.fukt.Mandos",
1981
bus, do_not_queue=True)
1982
except dbus.exceptions.NameExistsException as e:
1983
logger.error(unicode(e) + ", disabling D-Bus")
1763
1984
use_dbus = False
1764
server_settings[u"use_dbus"] = False
1985
server_settings["use_dbus"] = False
1765
1986
tcp_server.use_dbus = False
1766
1987
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
1767
service = AvahiService(name = server_settings[u"servicename"],
1768
servicetype = u"_mandos._tcp",
1988
service = AvahiService(name = server_settings["servicename"],
1989
servicetype = "_mandos._tcp",
1769
1990
protocol = protocol, bus = bus)
1770
1991
if server_settings["interface"]:
1771
1992
service.interface = (if_nametoindex
1772
(str(server_settings[u"interface"])))
1993
(str(server_settings["interface"])))
1995
global multiprocessing_manager
1996
multiprocessing_manager = multiprocessing.Manager()
1774
1998
client_class = Client
1776
client_class = functools.partial(ClientDBus, bus = bus)
2000
client_class = functools.partial(ClientDBusTransitional, bus = bus)
1777
2001
def client_config_items(config, section):
1778
2002
special_settings = {
1779
2003
"approved_by_default":
1828
2041
class MandosDBusService(dbus.service.Object):
1829
2042
"""A D-Bus proxy object"""
1830
2043
def __init__(self):
1831
dbus.service.Object.__init__(self, bus, u"/")
1832
_interface = u"se.bsnet.fukt.Mandos"
2044
dbus.service.Object.__init__(self, bus, "/")
2045
_interface = "se.recompile.Mandos"
1834
@dbus.service.signal(_interface, signature=u"o")
2047
@dbus.service.signal(_interface, signature="o")
1835
2048
def ClientAdded(self, objpath):
1839
@dbus.service.signal(_interface, signature=u"ss")
2052
@dbus.service.signal(_interface, signature="ss")
1840
2053
def ClientNotFound(self, fingerprint, address):
1844
@dbus.service.signal(_interface, signature=u"os")
2057
@dbus.service.signal(_interface, signature="os")
1845
2058
def ClientRemoved(self, objpath, name):
1849
@dbus.service.method(_interface, out_signature=u"ao")
2062
@dbus.service.method(_interface, out_signature="ao")
1850
2063
def GetAllClients(self):
1852
2065
return dbus.Array(c.dbus_object_path
1853
2066
for c in tcp_server.clients)
1855
2068
@dbus.service.method(_interface,
1856
out_signature=u"a{oa{sv}}")
2069
out_signature="a{oa{sv}}")
1857
2070
def GetAllClientsWithProperties(self):
1859
2072
return dbus.Dictionary(
1860
((c.dbus_object_path, c.GetAll(u""))
2073
((c.dbus_object_path, c.GetAll(""))
1861
2074
for c in tcp_server.clients),
1862
signature=u"oa{sv}")
1864
@dbus.service.method(_interface, in_signature=u"o")
2077
@dbus.service.method(_interface, in_signature="o")
1865
2078
def RemoveClient(self, object_path):
1867
2080
for c in tcp_server.clients: