126
149
self.rename_count = 0
127
150
self.max_renames = max_renames
128
151
self.protocol = protocol
152
self.group = None # our entry group
155
self.entry_group_state_changed_match = None
129
156
def rename(self):
130
157
"""Derived from the Avahi example code"""
131
158
if self.rename_count >= self.max_renames:
132
logger.critical(u"No suitable Zeroconf service name found"
133
u" after %i retries, exiting.",
159
logger.critical("No suitable Zeroconf service name found"
160
" after %i retries, exiting.",
134
161
self.rename_count)
135
raise AvahiServiceError(u"Too many renames")
136
self.name = server.GetAlternativeServiceName(self.name)
137
logger.info(u"Changing Zeroconf service name to %r ...",
162
raise AvahiServiceError("Too many renames")
163
self.name = unicode(self.server
164
.GetAlternativeServiceName(self.name))
165
logger.info("Changing Zeroconf service name to %r ...",
139
167
syslogger.setFormatter(logging.Formatter
140
168
('Mandos (%s) [%%(process)d]:'
141
169
' %%(levelname)s: %%(message)s'
174
except dbus.exceptions.DBusException as error:
175
logger.critical("DBusException: %s", error)
145
178
self.rename_count += 1
146
179
def remove(self):
147
180
"""Derived from the Avahi example code"""
148
if group is not None:
181
if self.entry_group_state_changed_match is not None:
182
self.entry_group_state_changed_match.remove()
183
self.entry_group_state_changed_match = None
184
if self.group is not None:
151
187
"""Derived from the Avahi example code"""
154
group = dbus.Interface(bus.get_object
156
server.EntryGroupNew()),
157
avahi.DBUS_INTERFACE_ENTRY_GROUP)
158
group.connect_to_signal('StateChanged',
159
entry_group_state_changed)
160
logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",
161
service.name, service.type)
163
self.interface, # interface
164
self.protocol, # protocol
165
dbus.UInt32(0), # flags
166
self.name, self.type,
167
self.domain, self.host,
168
dbus.UInt16(self.port),
169
avahi.string_array_to_txt_array(self.TXT))
172
# From the Avahi example code:
173
group = None # our entry group
174
# End of Avahi example code
177
def _datetime_to_dbus(dt, variant_level=0):
178
"""Convert a UTC datetime.datetime() to a D-Bus type."""
179
return dbus.String(dt.isoformat(), variant_level=variant_level)
189
if self.group is None:
190
self.group = dbus.Interface(
191
self.bus.get_object(avahi.DBUS_NAME,
192
self.server.EntryGroupNew()),
193
avahi.DBUS_INTERFACE_ENTRY_GROUP)
194
self.entry_group_state_changed_match = (
195
self.group.connect_to_signal(
196
'StateChanged', self .entry_group_state_changed))
197
logger.debug("Adding Zeroconf service '%s' of type '%s' ...",
198
self.name, self.type)
199
self.group.AddService(
202
dbus.UInt32(0), # flags
203
self.name, self.type,
204
self.domain, self.host,
205
dbus.UInt16(self.port),
206
avahi.string_array_to_txt_array(self.TXT))
208
def entry_group_state_changed(self, state, error):
209
"""Derived from the Avahi example code"""
210
logger.debug("Avahi entry group state change: %i", state)
212
if state == avahi.ENTRY_GROUP_ESTABLISHED:
213
logger.debug("Zeroconf service established.")
214
elif state == avahi.ENTRY_GROUP_COLLISION:
215
logger.info("Zeroconf service name collision.")
217
elif state == avahi.ENTRY_GROUP_FAILURE:
218
logger.critical("Avahi: Error in group state changed %s",
220
raise AvahiGroupError("State changed: %s"
223
"""Derived from the Avahi example code"""
224
if self.group is not None:
227
except (dbus.exceptions.UnknownMethodException,
228
dbus.exceptions.DBusException) as e:
232
def server_state_changed(self, state, error=None):
233
"""Derived from the Avahi example code"""
234
logger.debug("Avahi server state change: %i", state)
235
bad_states = { avahi.SERVER_INVALID:
236
"Zeroconf server invalid",
237
avahi.SERVER_REGISTERING: None,
238
avahi.SERVER_COLLISION:
239
"Zeroconf server name collision",
240
avahi.SERVER_FAILURE:
241
"Zeroconf server failure" }
242
if state in bad_states:
243
if bad_states[state] is not None:
245
logger.error(bad_states[state])
247
logger.error(bad_states[state] + ": %r", error)
249
elif state == avahi.SERVER_RUNNING:
253
logger.debug("Unknown state: %r", state)
255
logger.debug("Unknown state: %r: %r", state, error)
257
"""Derived from the Avahi example code"""
258
if self.server is None:
259
self.server = dbus.Interface(
260
self.bus.get_object(avahi.DBUS_NAME,
261
avahi.DBUS_PATH_SERVER,
262
follow_name_owner_changes=True),
263
avahi.DBUS_INTERFACE_SERVER)
264
self.server.connect_to_signal("StateChanged",
265
self.server_state_changed)
266
self.server_state_changed(self.server.GetState())
269
def _timedelta_to_milliseconds(td):
270
"Convert a datetime.timedelta() to milliseconds"
271
return ((td.days * 24 * 60 * 60 * 1000)
272
+ (td.seconds * 1000)
273
+ (td.microseconds // 1000))
182
275
class Client(object):
183
276
"""A representation of a client host served by this server.
185
name: string; from the config file, used in log messages and
187
fingerprint: string (40 or 32 hexadecimal digits); used to
188
uniquely identify the client
189
secret: bytestring; sent verbatim (over TLS) to client
190
host: string; available for use by the checker command
191
created: datetime.datetime(); (UTC) object creation
192
last_enabled: datetime.datetime(); (UTC)
194
last_checked_ok: datetime.datetime(); (UTC) or None
195
timeout: datetime.timedelta(); How long from last_checked_ok
196
until this client is invalid
197
interval: datetime.timedelta(); How often to start a new checker
198
disable_hook: If set, called by disable() as disable_hook(self)
279
_approved: bool(); 'None' if not yet approved/disapproved
280
approval_delay: datetime.timedelta(); Time to wait for approval
281
approval_duration: datetime.timedelta(); Duration of one approval
199
282
checker: subprocess.Popen(); a running checker process used
200
283
to see if the client lives.
201
284
'None' if no process is running.
202
checker_initiator_tag: a gobject event source tag, or None
203
disable_initiator_tag: - '' -
204
checker_callback_tag: - '' -
205
checker_command: string; External command which is run to check if
206
client lives. %() expansions are done at
285
checker_callback_tag: a gobject event source tag, or None
286
checker_command: string; External command which is run to check
287
if client lives. %() expansions are done at
207
288
runtime with vars(self) as dict, so that for
208
289
instance %(name)s can be used in the command.
290
checker_initiator_tag: a gobject event source tag, or None
291
created: datetime.datetime(); (UTC) object creation
209
292
current_checker_command: string; current running checker_command
293
disable_hook: If set, called by disable() as disable_hook(self)
294
disable_initiator_tag: a gobject event source tag, or None
296
fingerprint: string (40 or 32 hexadecimal digits); used to
297
uniquely identify the client
298
host: string; available for use by the checker command
299
interval: datetime.timedelta(); How often to start a new checker
300
last_approval_request: datetime.datetime(); (UTC) or None
301
last_checked_ok: datetime.datetime(); (UTC) or None
302
last_enabled: datetime.datetime(); (UTC)
303
name: string; from the config file, used in log messages and
305
secret: bytestring; sent verbatim (over TLS) to client
306
timeout: datetime.timedelta(); How long from last_checked_ok
307
until this client is disabled
308
extended_timeout: extra long timeout when password has been sent
309
runtime_expansions: Allowed attributes for runtime expansion.
310
expires: datetime.datetime(); time (UTC) when a client will be
314
runtime_expansions = ("approval_delay", "approval_duration",
315
"created", "enabled", "fingerprint",
316
"host", "interval", "last_checked_ok",
317
"last_enabled", "name", "timeout")
211
319
def timeout_milliseconds(self):
212
320
"Return the 'timeout' attribute in milliseconds"
213
return ((self.timeout.days * 24 * 60 * 60 * 1000)
214
+ (self.timeout.seconds * 1000)
215
+ (self.timeout.microseconds // 1000))
321
return _timedelta_to_milliseconds(self.timeout)
323
def extended_timeout_milliseconds(self):
324
"Return the 'extended_timeout' attribute in milliseconds"
325
return _timedelta_to_milliseconds(self.extended_timeout)
217
327
def interval_milliseconds(self):
218
328
"Return the 'interval' attribute in milliseconds"
219
return ((self.interval.days * 24 * 60 * 60 * 1000)
220
+ (self.interval.seconds * 1000)
221
+ (self.interval.microseconds // 1000))
329
return _timedelta_to_milliseconds(self.interval)
331
def approval_delay_milliseconds(self):
332
return _timedelta_to_milliseconds(self.approval_delay)
223
334
def __init__(self, name = None, disable_hook=None, config=None):
224
335
"""Note: the 'checker' key in 'config' sets the
397
557
self.checker_callback_tag = None
398
558
if getattr(self, "checker", None) is None:
400
logger.debug(u"Stopping checker for %(name)s", vars(self))
560
logger.debug("Stopping checker for %(name)s", vars(self))
402
562
os.kill(self.checker.pid, signal.SIGTERM)
404
564
#if self.checker.poll() is None:
405
565
# os.kill(self.checker.pid, signal.SIGKILL)
406
except OSError, error:
566
except OSError as error:
407
567
if error.errno != errno.ESRCH: # No such process
409
569
self.checker = None
411
def still_valid(self):
412
"""Has the timeout not yet passed for this client?"""
413
if not getattr(self, "enabled", False):
415
now = datetime.datetime.utcnow()
416
if self.last_checked_ok is None:
417
return now < (self.created + self.timeout)
419
return now < (self.last_checked_ok + self.timeout)
422
class ClientDBus(Client, dbus.service.Object):
572
def dbus_service_property(dbus_interface, signature="v",
573
access="readwrite", byte_arrays=False):
574
"""Decorators for marking methods of a DBusObjectWithProperties to
575
become properties on the D-Bus.
577
The decorated method will be called with no arguments by "Get"
578
and with one argument by "Set".
580
The parameters, where they are supported, are the same as
581
dbus.service.method, except there is only "signature", since the
582
type from Get() and the type sent to Set() is the same.
584
# Encoding deeply encoded byte arrays is not supported yet by the
585
# "Set" method, so we fail early here:
586
if byte_arrays and signature != "ay":
587
raise ValueError("Byte arrays not supported for non-'ay'"
588
" signature %r" % signature)
590
func._dbus_is_property = True
591
func._dbus_interface = dbus_interface
592
func._dbus_signature = signature
593
func._dbus_access = access
594
func._dbus_name = func.__name__
595
if func._dbus_name.endswith("_dbus_property"):
596
func._dbus_name = func._dbus_name[:-14]
597
func._dbus_get_args_options = {'byte_arrays': byte_arrays }
602
class DBusPropertyException(dbus.exceptions.DBusException):
603
"""A base class for D-Bus property-related exceptions
605
def __unicode__(self):
606
return unicode(str(self))
609
class DBusPropertyAccessException(DBusPropertyException):
610
"""A property's access permissions disallows an operation.
615
class DBusPropertyNotFound(DBusPropertyException):
616
"""An attempt was made to access a non-existing property.
621
class DBusObjectWithProperties(dbus.service.Object):
622
"""A D-Bus object with properties.
624
Classes inheriting from this can use the dbus_service_property
625
decorator to expose methods as D-Bus properties. It exposes the
626
standard Get(), Set(), and GetAll() methods on the D-Bus.
630
def _is_dbus_property(obj):
631
return getattr(obj, "_dbus_is_property", False)
633
def _get_all_dbus_properties(self):
634
"""Returns a generator of (name, attribute) pairs
636
return ((prop.__get__(self)._dbus_name, prop.__get__(self))
637
for cls in self.__class__.__mro__
639
inspect.getmembers(cls, self._is_dbus_property))
641
def _get_dbus_property(self, interface_name, property_name):
642
"""Returns a bound method if one exists which is a D-Bus
643
property with the specified name and interface.
645
for cls in self.__class__.__mro__:
646
for name, value in (inspect.getmembers
647
(cls, self._is_dbus_property)):
648
if (value._dbus_name == property_name
649
and value._dbus_interface == interface_name):
650
return value.__get__(self)
653
raise DBusPropertyNotFound(self.dbus_object_path + ":"
654
+ interface_name + "."
657
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
659
def Get(self, interface_name, property_name):
660
"""Standard D-Bus property Get() method, see D-Bus standard.
662
prop = self._get_dbus_property(interface_name, property_name)
663
if prop._dbus_access == "write":
664
raise DBusPropertyAccessException(property_name)
666
if not hasattr(value, "variant_level"):
668
return type(value)(value, variant_level=value.variant_level+1)
670
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ssv")
671
def Set(self, interface_name, property_name, value):
672
"""Standard D-Bus property Set() method, see D-Bus standard.
674
prop = self._get_dbus_property(interface_name, property_name)
675
if prop._dbus_access == "read":
676
raise DBusPropertyAccessException(property_name)
677
if prop._dbus_get_args_options["byte_arrays"]:
678
# The byte_arrays option is not supported yet on
679
# signatures other than "ay".
680
if prop._dbus_signature != "ay":
682
value = dbus.ByteArray(''.join(unichr(byte)
686
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
687
out_signature="a{sv}")
688
def GetAll(self, interface_name):
689
"""Standard D-Bus property GetAll() method, see D-Bus
692
Note: Will not include properties with access="write".
695
for name, prop in self._get_all_dbus_properties():
697
and interface_name != prop._dbus_interface):
698
# Interface non-empty but did not match
700
# Ignore write-only properties
701
if prop._dbus_access == "write":
704
if not hasattr(value, "variant_level"):
707
all[name] = type(value)(value, variant_level=
708
value.variant_level+1)
709
return dbus.Dictionary(all, signature="sv")
711
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
713
path_keyword='object_path',
714
connection_keyword='connection')
715
def Introspect(self, object_path, connection):
716
"""Standard D-Bus method, overloaded to insert property tags.
718
xmlstring = dbus.service.Object.Introspect(self, object_path,
721
document = xml.dom.minidom.parseString(xmlstring)
722
def make_tag(document, name, prop):
723
e = document.createElement("property")
724
e.setAttribute("name", name)
725
e.setAttribute("type", prop._dbus_signature)
726
e.setAttribute("access", prop._dbus_access)
728
for if_tag in document.getElementsByTagName("interface"):
729
for tag in (make_tag(document, name, prop)
731
in self._get_all_dbus_properties()
732
if prop._dbus_interface
733
== if_tag.getAttribute("name")):
734
if_tag.appendChild(tag)
735
# Add the names to the return values for the
736
# "org.freedesktop.DBus.Properties" methods
737
if (if_tag.getAttribute("name")
738
== "org.freedesktop.DBus.Properties"):
739
for cn in if_tag.getElementsByTagName("method"):
740
if cn.getAttribute("name") == "Get":
741
for arg in cn.getElementsByTagName("arg"):
742
if (arg.getAttribute("direction")
744
arg.setAttribute("name", "value")
745
elif cn.getAttribute("name") == "GetAll":
746
for arg in cn.getElementsByTagName("arg"):
747
if (arg.getAttribute("direction")
749
arg.setAttribute("name", "props")
750
xmlstring = document.toxml("utf-8")
752
except (AttributeError, xml.dom.DOMException,
753
xml.parsers.expat.ExpatError) as error:
754
logger.error("Failed to override Introspection method",
759
def datetime_to_dbus (dt, variant_level=0):
760
"""Convert a UTC datetime.datetime() to a D-Bus type."""
762
return dbus.String("", variant_level = variant_level)
763
return dbus.String(dt.isoformat(),
764
variant_level=variant_level)
766
class AlternateDBusNamesMetaclass(DBusObjectWithProperties
768
"""Applied to an empty subclass of a D-Bus object, this metaclass
769
will add additional D-Bus attributes matching a certain pattern.
771
def __new__(mcs, name, bases, attr):
772
# Go through all the base classes which could have D-Bus
773
# methods, signals, or properties in them
774
for base in (b for b in bases
775
if issubclass(b, dbus.service.Object)):
776
# Go though all attributes of the base class
777
for attrname, attribute in inspect.getmembers(base):
778
# Ignore non-D-Bus attributes, and D-Bus attributes
779
# with the wrong interface name
780
if (not hasattr(attribute, "_dbus_interface")
781
or not attribute._dbus_interface
782
.startswith("se.recompile.Mandos")):
784
# Create an alternate D-Bus interface name based on
786
alt_interface = (attribute._dbus_interface
787
.replace("se.recompile.Mandos",
788
"se.bsnet.fukt.Mandos"))
789
# Is this a D-Bus signal?
790
if getattr(attribute, "_dbus_is_signal", False):
791
# Extract the original non-method function by
793
nonmethod_func = (dict(
794
zip(attribute.func_code.co_freevars,
795
attribute.__closure__))["func"]
797
# Create a new, but exactly alike, function
798
# object, and decorate it to be a new D-Bus signal
799
# with the alternate D-Bus interface name
800
new_function = (dbus.service.signal
802
attribute._dbus_signature)
804
nonmethod_func.func_code,
805
nonmethod_func.func_globals,
806
nonmethod_func.func_name,
807
nonmethod_func.func_defaults,
808
nonmethod_func.func_closure)))
809
# Define a creator of a function to call both the
810
# old and new functions, so both the old and new
811
# signals gets sent when the function is called
812
def fixscope(func1, func2):
813
"""This function is a scope container to pass
814
func1 and func2 to the "call_both" function
815
outside of its arguments"""
816
def call_both(*args, **kwargs):
817
"""This function will emit two D-Bus
818
signals by calling func1 and func2"""
819
func1(*args, **kwargs)
820
func2(*args, **kwargs)
822
# Create the "call_both" function and add it to
824
attr[attrname] = fixscope(attribute,
826
# Is this a D-Bus method?
827
elif getattr(attribute, "_dbus_is_method", False):
828
# Create a new, but exactly alike, function
829
# object. Decorate it to be a new D-Bus method
830
# with the alternate D-Bus interface name. Add it
832
attr[attrname] = (dbus.service.method
834
attribute._dbus_in_signature,
835
attribute._dbus_out_signature)
837
(attribute.func_code,
838
attribute.func_globals,
840
attribute.func_defaults,
841
attribute.func_closure)))
842
# Is this a D-Bus property?
843
elif getattr(attribute, "_dbus_is_property", False):
844
# Create a new, but exactly alike, function
845
# object, and decorate it to be a new D-Bus
846
# property with the alternate D-Bus interface
847
# name. Add it to the class.
848
attr[attrname] = (dbus_service_property
850
attribute._dbus_signature,
851
attribute._dbus_access,
853
._dbus_get_args_options
856
(attribute.func_code,
857
attribute.func_globals,
859
attribute.func_defaults,
860
attribute.func_closure)))
861
return type.__new__(mcs, name, bases, attr)
863
class ClientDBus(Client, DBusObjectWithProperties):
423
864
"""A Client class using D-Bus
425
dbus_object_path: dbus.ObjectPath ; only set if self.use_dbus
867
dbus_object_path: dbus.ObjectPath
868
bus: dbus.SystemBus()
871
runtime_expansions = (Client.runtime_expansions
872
+ ("dbus_object_path",))
427
874
# dbus.service.Object doesn't use super(), so we can't either.
429
def __init__(self, *args, **kwargs):
876
def __init__(self, bus = None, *args, **kwargs):
877
self._approvals_pending = 0
430
879
Client.__init__(self, *args, **kwargs)
431
880
# Only now, when this client is initialized, can it show up on
882
client_object_name = unicode(self.name).translate(
433
885
self.dbus_object_path = (dbus.ObjectPath
435
+ self.name.replace(".", "_")))
436
dbus.service.Object.__init__(self, bus,
437
self.dbus_object_path)
439
oldstate = getattr(self, "enabled", False)
440
r = Client.enable(self)
441
if oldstate != self.enabled:
443
self.PropertyChanged(dbus.String(u"enabled"),
444
dbus.Boolean(True, variant_level=1))
445
self.PropertyChanged(dbus.String(u"last_enabled"),
446
(_datetime_to_dbus(self.last_enabled,
450
def disable(self, signal = True):
451
oldstate = getattr(self, "enabled", False)
452
r = Client.disable(self)
453
if signal and oldstate != self.enabled:
455
self.PropertyChanged(dbus.String(u"enabled"),
456
dbus.Boolean(False, variant_level=1))
886
("/clients/" + client_object_name))
887
DBusObjectWithProperties.__init__(self, self.bus,
888
self.dbus_object_path)
890
def notifychangeproperty(transform_func,
891
dbus_name, type_func=lambda x: x,
893
""" Modify a variable so that it's a property which announces
896
transform_fun: Function that takes a value and a variant_level
897
and transforms it to a D-Bus type.
898
dbus_name: D-Bus name of the variable
899
type_func: Function that transform the value before sending it
900
to the D-Bus. Default: no transform
901
variant_level: D-Bus variant level. Default: 1
903
attrname = "_{0}".format(dbus_name)
904
def setter(self, value):
905
if hasattr(self, "dbus_object_path"):
906
if (not hasattr(self, attrname) or
907
type_func(getattr(self, attrname, None))
908
!= type_func(value)):
909
dbus_value = transform_func(type_func(value),
912
self.PropertyChanged(dbus.String(dbus_name),
914
setattr(self, attrname, value)
916
return property(lambda self: getattr(self, attrname), setter)
919
expires = notifychangeproperty(datetime_to_dbus, "Expires")
920
approvals_pending = notifychangeproperty(dbus.Boolean,
923
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
924
last_enabled = notifychangeproperty(datetime_to_dbus,
926
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
927
type_func = lambda checker:
929
last_checked_ok = notifychangeproperty(datetime_to_dbus,
931
last_approval_request = notifychangeproperty(
932
datetime_to_dbus, "LastApprovalRequest")
933
approved_by_default = notifychangeproperty(dbus.Boolean,
935
approval_delay = notifychangeproperty(dbus.UInt16,
938
_timedelta_to_milliseconds)
939
approval_duration = notifychangeproperty(
940
dbus.UInt16, "ApprovalDuration",
941
type_func = _timedelta_to_milliseconds)
942
host = notifychangeproperty(dbus.String, "Host")
943
timeout = notifychangeproperty(dbus.UInt16, "Timeout",
945
_timedelta_to_milliseconds)
946
extended_timeout = notifychangeproperty(
947
dbus.UInt16, "ExtendedTimeout",
948
type_func = _timedelta_to_milliseconds)
949
interval = notifychangeproperty(dbus.UInt16,
952
_timedelta_to_milliseconds)
953
checker_command = notifychangeproperty(dbus.String, "Checker")
955
del notifychangeproperty
459
957
def __del__(self, *args, **kwargs):
461
959
self.remove_from_connection()
462
except org.freedesktop.DBus.Python.LookupError:
464
dbus.service.Object.__del__(self, *args, **kwargs)
962
if hasattr(DBusObjectWithProperties, "__del__"):
963
DBusObjectWithProperties.__del__(self, *args, **kwargs)
465
964
Client.__del__(self, *args, **kwargs)
467
966
def checker_callback(self, pid, condition, command,
468
967
*args, **kwargs):
469
968
self.checker_callback_tag = None
470
969
self.checker = None
472
self.PropertyChanged(dbus.String(u"checker_running"),
473
dbus.Boolean(False, variant_level=1))
474
970
if os.WIFEXITED(condition):
475
971
exitstatus = os.WEXITSTATUS(condition)
476
972
# Emit D-Bus signal
668
1085
# StopChecker - method
669
StopChecker = dbus.service.method(_interface)(stop_checker)
670
StopChecker.__name__ = "StopChecker"
1086
@dbus.service.method(_interface)
1087
def StopChecker(self):
1092
# ApprovalPending - property
1093
@dbus_service_property(_interface, signature="b", access="read")
1094
def ApprovalPending_dbus_property(self):
1095
return dbus.Boolean(bool(self.approvals_pending))
1097
# ApprovedByDefault - property
1098
@dbus_service_property(_interface, signature="b",
1100
def ApprovedByDefault_dbus_property(self, value=None):
1101
if value is None: # get
1102
return dbus.Boolean(self.approved_by_default)
1103
self.approved_by_default = bool(value)
1105
# ApprovalDelay - property
1106
@dbus_service_property(_interface, signature="t",
1108
def ApprovalDelay_dbus_property(self, value=None):
1109
if value is None: # get
1110
return dbus.UInt64(self.approval_delay_milliseconds())
1111
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1113
# ApprovalDuration - property
1114
@dbus_service_property(_interface, signature="t",
1116
def ApprovalDuration_dbus_property(self, value=None):
1117
if value is None: # get
1118
return dbus.UInt64(_timedelta_to_milliseconds(
1119
self.approval_duration))
1120
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1123
@dbus_service_property(_interface, signature="s", access="read")
1124
def Name_dbus_property(self):
1125
return dbus.String(self.name)
1127
# Fingerprint - property
1128
@dbus_service_property(_interface, signature="s", access="read")
1129
def Fingerprint_dbus_property(self):
1130
return dbus.String(self.fingerprint)
1133
@dbus_service_property(_interface, signature="s",
1135
def Host_dbus_property(self, value=None):
1136
if value is None: # get
1137
return dbus.String(self.host)
1140
# Created - property
1141
@dbus_service_property(_interface, signature="s", access="read")
1142
def Created_dbus_property(self):
1143
return dbus.String(datetime_to_dbus(self.created))
1145
# LastEnabled - property
1146
@dbus_service_property(_interface, signature="s", access="read")
1147
def LastEnabled_dbus_property(self):
1148
return datetime_to_dbus(self.last_enabled)
1150
# Enabled - property
1151
@dbus_service_property(_interface, signature="b",
1153
def Enabled_dbus_property(self, value=None):
1154
if value is None: # get
1155
return dbus.Boolean(self.enabled)
1161
# LastCheckedOK - property
1162
@dbus_service_property(_interface, signature="s",
1164
def LastCheckedOK_dbus_property(self, value=None):
1165
if value is not None:
1168
return datetime_to_dbus(self.last_checked_ok)
1170
# Expires - property
1171
@dbus_service_property(_interface, signature="s", access="read")
1172
def Expires_dbus_property(self):
1173
return datetime_to_dbus(self.expires)
1175
# LastApprovalRequest - property
1176
@dbus_service_property(_interface, signature="s", access="read")
1177
def LastApprovalRequest_dbus_property(self):
1178
return datetime_to_dbus(self.last_approval_request)
1180
# Timeout - property
1181
@dbus_service_property(_interface, signature="t",
1183
def Timeout_dbus_property(self, value=None):
1184
if value is None: # get
1185
return dbus.UInt64(self.timeout_milliseconds())
1186
self.timeout = datetime.timedelta(0, 0, 0, value)
1187
if getattr(self, "disable_initiator_tag", None) is None:
1189
# Reschedule timeout
1190
gobject.source_remove(self.disable_initiator_tag)
1191
self.disable_initiator_tag = None
1193
time_to_die = _timedelta_to_milliseconds((self
1198
if time_to_die <= 0:
1199
# The timeout has passed
1202
self.expires = (datetime.datetime.utcnow()
1203
+ datetime.timedelta(milliseconds =
1205
self.disable_initiator_tag = (gobject.timeout_add
1206
(time_to_die, self.disable))
1208
# ExtendedTimeout - property
1209
@dbus_service_property(_interface, signature="t",
1211
def ExtendedTimeout_dbus_property(self, value=None):
1212
if value is None: # get
1213
return dbus.UInt64(self.extended_timeout_milliseconds())
1214
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1216
# Interval - property
1217
@dbus_service_property(_interface, signature="t",
1219
def Interval_dbus_property(self, value=None):
1220
if value is None: # get
1221
return dbus.UInt64(self.interval_milliseconds())
1222
self.interval = datetime.timedelta(0, 0, 0, value)
1223
if getattr(self, "checker_initiator_tag", None) is None:
1225
# Reschedule checker run
1226
gobject.source_remove(self.checker_initiator_tag)
1227
self.checker_initiator_tag = (gobject.timeout_add
1228
(value, self.start_checker))
1229
self.start_checker() # Start one now, too
1231
# Checker - property
1232
@dbus_service_property(_interface, signature="s",
1234
def Checker_dbus_property(self, value=None):
1235
if value is None: # get
1236
return dbus.String(self.checker_command)
1237
self.checker_command = value
1239
# CheckerRunning - property
1240
@dbus_service_property(_interface, signature="b",
1242
def CheckerRunning_dbus_property(self, value=None):
1243
if value is None: # get
1244
return dbus.Boolean(self.checker is not None)
1246
self.start_checker()
1250
# ObjectPath - property
1251
@dbus_service_property(_interface, signature="o", access="read")
1252
def ObjectPath_dbus_property(self):
1253
return self.dbus_object_path # is already a dbus.ObjectPath
1256
@dbus_service_property(_interface, signature="ay",
1257
access="write", byte_arrays=True)
1258
def Secret_dbus_property(self, value):
1259
self.secret = str(value)
675
def peer_certificate(session):
676
"Return the peer's OpenPGP certificate as a bytestring"
677
# If not an OpenPGP certificate...
678
if (gnutls.library.functions
679
.gnutls_certificate_type_get(session._c_object)
680
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
681
# ...do the normal thing
682
return session.peer_certificate
683
list_size = ctypes.c_uint(1)
684
cert_list = (gnutls.library.functions
685
.gnutls_certificate_get_peers
686
(session._c_object, ctypes.byref(list_size)))
687
if not bool(cert_list) and list_size.value != 0:
688
raise gnutls.errors.GNUTLSError("error getting peer"
690
if list_size.value == 0:
693
return ctypes.string_at(cert.data, cert.size)
696
def fingerprint(openpgp):
697
"Convert an OpenPGP bytestring to a hexdigit fingerprint string"
698
# New GnuTLS "datum" with the OpenPGP public key
699
datum = (gnutls.library.types
700
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
703
ctypes.c_uint(len(openpgp))))
704
# New empty GnuTLS certificate
705
crt = gnutls.library.types.gnutls_openpgp_crt_t()
706
(gnutls.library.functions
707
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
708
# Import the OpenPGP public key into the certificate
709
(gnutls.library.functions
710
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
711
gnutls.library.constants
712
.GNUTLS_OPENPGP_FMT_RAW))
713
# Verify the self signature in the key
714
crtverify = ctypes.c_uint()
715
(gnutls.library.functions
716
.gnutls_openpgp_crt_verify_self(crt, 0, ctypes.byref(crtverify)))
717
if crtverify.value != 0:
718
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
719
raise gnutls.errors.CertificateSecurityError("Verify failed")
720
# New buffer for the fingerprint
721
buf = ctypes.create_string_buffer(20)
722
buf_len = ctypes.c_size_t()
723
# Get the fingerprint from the certificate into the buffer
724
(gnutls.library.functions
725
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
726
ctypes.byref(buf_len)))
727
# Deinit the certificate
728
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
729
# Convert the buffer to a Python bytestring
730
fpr = ctypes.string_at(buf, buf_len.value)
731
# Convert the bytestring to hexadecimal notation
732
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
736
class TCP_handler(SocketServer.BaseRequestHandler, object):
737
"""A TCP request handler class.
738
Instantiated by IPv6_TCPServer for each request to handle it.
1264
class ProxyClient(object):
1265
def __init__(self, child_pipe, fpr, address):
1266
self._pipe = child_pipe
1267
self._pipe.send(('init', fpr, address))
1268
if not self._pipe.recv():
1271
def __getattribute__(self, name):
1272
if(name == '_pipe'):
1273
return super(ProxyClient, self).__getattribute__(name)
1274
self._pipe.send(('getattr', name))
1275
data = self._pipe.recv()
1276
if data[0] == 'data':
1278
if data[0] == 'function':
1279
def func(*args, **kwargs):
1280
self._pipe.send(('funcall', name, args, kwargs))
1281
return self._pipe.recv()[1]
1284
def __setattr__(self, name, value):
1285
if(name == '_pipe'):
1286
return super(ProxyClient, self).__setattr__(name, value)
1287
self._pipe.send(('setattr', name, value))
1289
class ClientDBusTransitional(ClientDBus):
1290
__metaclass__ = AlternateDBusNamesMetaclass
1292
class ClientHandler(socketserver.BaseRequestHandler, object):
1293
"""A class to handle client connections.
1295
Instantiated once for each connection to handle it.
739
1296
Note: This will run in its own forked process."""
741
1298
def handle(self):
742
logger.info(u"TCP connection from: %s",
743
unicode(self.client_address))
744
logger.debug(u"IPC Pipe FD: %d", self.server.pipe[1])
745
# Open IPC pipe to parent process
746
with closing(os.fdopen(self.server.pipe[1], "w", 1)) as ipc:
1299
with contextlib.closing(self.server.child_pipe) as child_pipe:
1300
logger.info("TCP connection from: %s",
1301
unicode(self.client_address))
1302
logger.debug("Pipe FD: %d",
1303
self.server.child_pipe.fileno())
747
1305
session = (gnutls.connection
748
1306
.ClientSession(self.request,
749
1307
gnutls.connection
750
1308
.X509Credentials()))
752
line = self.request.makefile().readline()
753
logger.debug(u"Protocol version: %r", line)
755
if int(line.strip().split()[0]) > 1:
757
except (ValueError, IndexError, RuntimeError), error:
758
logger.error(u"Unknown protocol version: %s", error)
761
1310
# Note: gnutls.connection.X509Credentials is really a
762
1311
# generic GnuTLS certificate credentials object so long as
763
1312
# no X.509 keys are added to it. Therefore, we can use it
764
1313
# here despite using OpenPGP certificates.
766
1315
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
767
# "+AES-256-CBC", "+SHA1",
768
# "+COMP-NULL", "+CTYPE-OPENPGP",
1316
# "+AES-256-CBC", "+SHA1",
1317
# "+COMP-NULL", "+CTYPE-OPENPGP",
770
1319
# Use a fallback default, since this MUST be set.
771
priority = self.server.settings.get("priority", "NORMAL")
1320
priority = self.server.gnutls_priority
1321
if priority is None:
772
1323
(gnutls.library.functions
773
1324
.gnutls_priority_set_direct(session._c_object,
774
1325
priority, None))
1327
# Start communication using the Mandos protocol
1328
# Get protocol number
1329
line = self.request.makefile().readline()
1330
logger.debug("Protocol version: %r", line)
1332
if int(line.strip().split()[0]) > 1:
1334
except (ValueError, IndexError, RuntimeError) as error:
1335
logger.error("Unknown protocol version: %s", error)
1338
# Start GnuTLS connection
777
1340
session.handshake()
778
except gnutls.errors.GNUTLSError, error:
779
logger.warning(u"Handshake failed: %s", error)
1341
except gnutls.errors.GNUTLSError as error:
1342
logger.warning("Handshake failed: %s", error)
780
1343
# Do not run session.bye() here: the session is not
781
1344
# established. Just abandon the request.
783
logger.debug(u"Handshake succeeded")
1346
logger.debug("Handshake succeeded")
1348
approval_required = False
785
fpr = fingerprint(peer_certificate(session))
786
except (TypeError, gnutls.errors.GNUTLSError), error:
787
logger.warning(u"Bad certificate: %s", error)
790
logger.debug(u"Fingerprint: %s", fpr)
1351
fpr = self.fingerprint(self.peer_certificate
1354
gnutls.errors.GNUTLSError) as error:
1355
logger.warning("Bad certificate: %s", error)
1357
logger.debug("Fingerprint: %s", fpr)
1360
client = ProxyClient(child_pipe, fpr,
1361
self.client_address)
1365
if client.approval_delay:
1366
delay = client.approval_delay
1367
client.approvals_pending += 1
1368
approval_required = True
1371
if not client.enabled:
1372
logger.info("Client %s is disabled",
1374
if self.server.use_dbus:
1376
client.Rejected("Disabled")
1379
if client._approved or not client.approval_delay:
1380
#We are approved or approval is disabled
1382
elif client._approved is None:
1383
logger.info("Client %s needs approval",
1385
if self.server.use_dbus:
1387
client.NeedApproval(
1388
client.approval_delay_milliseconds(),
1389
client.approved_by_default)
1391
logger.warning("Client %s was not approved",
1393
if self.server.use_dbus:
1395
client.Rejected("Denied")
1398
#wait until timeout or approved
1399
time = datetime.datetime.now()
1400
client.changedstate.acquire()
1401
(client.changedstate.wait
1402
(float(client._timedelta_to_milliseconds(delay)
1404
client.changedstate.release()
1405
time2 = datetime.datetime.now()
1406
if (time2 - time) >= delay:
1407
if not client.approved_by_default:
1408
logger.warning("Client %s timed out while"
1409
" waiting for approval",
1411
if self.server.use_dbus:
1413
client.Rejected("Approval timed out")
1418
delay -= time2 - time
1421
while sent_size < len(client.secret):
1423
sent = session.send(client.secret[sent_size:])
1424
except gnutls.errors.GNUTLSError as error:
1425
logger.warning("gnutls send failed")
1427
logger.debug("Sent: %d, remaining: %d",
1428
sent, len(client.secret)
1429
- (sent_size + sent))
1432
logger.info("Sending secret to %s", client.name)
1433
# bump the timeout using extended_timeout
1434
client.checked_ok(client.extended_timeout)
1435
if self.server.use_dbus:
792
for c in self.server.clients:
793
if c.fingerprint == fpr:
797
logger.warning(u"Client not found for fingerprint: %s",
799
ipc.write("NOTFOUND %s\n" % fpr)
802
# Have to check if client.still_valid(), since it is
803
# possible that the client timed out while establishing
804
# the GnuTLS session.
805
if not client.still_valid():
806
logger.warning(u"Client %(name)s is invalid",
808
ipc.write("INVALID %s\n" % client.name)
811
ipc.write("SENDING %s\n" % client.name)
813
while sent_size < len(client.secret):
814
sent = session.send(client.secret[sent_size:])
815
logger.debug(u"Sent: %d, remaining: %d",
816
sent, len(client.secret)
817
- (sent_size + sent))
822
class ForkingMixInWithPipe(SocketServer.ForkingMixIn, object):
823
"""Like SocketServer.ForkingMixIn, but also pass a pipe.
824
Assumes a gobject.MainLoop event loop.
1440
if approval_required:
1441
client.approvals_pending -= 1
1444
except gnutls.errors.GNUTLSError as error:
1445
logger.warning("GnuTLS bye failed")
1448
def peer_certificate(session):
1449
"Return the peer's OpenPGP certificate as a bytestring"
1450
# If not an OpenPGP certificate...
1451
if (gnutls.library.functions
1452
.gnutls_certificate_type_get(session._c_object)
1453
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
1454
# ...do the normal thing
1455
return session.peer_certificate
1456
list_size = ctypes.c_uint(1)
1457
cert_list = (gnutls.library.functions
1458
.gnutls_certificate_get_peers
1459
(session._c_object, ctypes.byref(list_size)))
1460
if not bool(cert_list) and list_size.value != 0:
1461
raise gnutls.errors.GNUTLSError("error getting peer"
1463
if list_size.value == 0:
1466
return ctypes.string_at(cert.data, cert.size)
1469
def fingerprint(openpgp):
1470
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
1471
# New GnuTLS "datum" with the OpenPGP public key
1472
datum = (gnutls.library.types
1473
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
1476
ctypes.c_uint(len(openpgp))))
1477
# New empty GnuTLS certificate
1478
crt = gnutls.library.types.gnutls_openpgp_crt_t()
1479
(gnutls.library.functions
1480
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
1481
# Import the OpenPGP public key into the certificate
1482
(gnutls.library.functions
1483
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
1484
gnutls.library.constants
1485
.GNUTLS_OPENPGP_FMT_RAW))
1486
# Verify the self signature in the key
1487
crtverify = ctypes.c_uint()
1488
(gnutls.library.functions
1489
.gnutls_openpgp_crt_verify_self(crt, 0,
1490
ctypes.byref(crtverify)))
1491
if crtverify.value != 0:
1492
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1493
raise (gnutls.errors.CertificateSecurityError
1495
# New buffer for the fingerprint
1496
buf = ctypes.create_string_buffer(20)
1497
buf_len = ctypes.c_size_t()
1498
# Get the fingerprint from the certificate into the buffer
1499
(gnutls.library.functions
1500
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
1501
ctypes.byref(buf_len)))
1502
# Deinit the certificate
1503
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1504
# Convert the buffer to a Python bytestring
1505
fpr = ctypes.string_at(buf, buf_len.value)
1506
# Convert the bytestring to hexadecimal notation
1507
hex_fpr = ''.join("%02X" % ord(char) for char in fpr)
1511
class MultiprocessingMixIn(object):
1512
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
1513
def sub_process_main(self, request, address):
1515
self.finish_request(request, address)
1517
self.handle_error(request, address)
1518
self.close_request(request)
1520
def process_request(self, request, address):
1521
"""Start a new process to process the request."""
1522
proc = multiprocessing.Process(target = self.sub_process_main,
1529
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
1530
""" adds a pipe to the MixIn """
826
1531
def process_request(self, request, client_address):
827
"""This overrides and wraps the original process_request().
828
This function creates a new pipe in self.pipe
1532
"""Overrides and wraps the original process_request().
1534
This function creates a new pipe in self.pipe
830
self.pipe = os.pipe()
831
super(ForkingMixInWithPipe,
832
self).process_request(request, client_address)
833
os.close(self.pipe[1]) # close write end
834
# Call "handle_ipc" for both data and EOF events
835
gobject.io_add_watch(self.pipe[0],
836
gobject.IO_IN | gobject.IO_HUP,
838
def handle_ipc(source, condition):
1536
parent_pipe, self.child_pipe = multiprocessing.Pipe()
1538
proc = MultiprocessingMixIn.process_request(self, request,
1540
self.child_pipe.close()
1541
self.add_pipe(parent_pipe, proc)
1543
def add_pipe(self, parent_pipe, proc):
839
1544
"""Dummy function; override as necessary"""
844
class IPv6_TCPServer(ForkingMixInWithPipe,
845
SocketServer.TCPServer, object):
1545
raise NotImplementedError
1548
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
1549
socketserver.TCPServer, object):
846
1550
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
848
settings: Server settings
849
clients: Set() of Client objects
850
1553
enabled: Boolean; whether this server is activated yet
1554
interface: None or a network interface name (string)
1555
use_ipv6: Boolean; to use IPv6 or not
852
address_family = socket.AF_INET6
853
def __init__(self, *args, **kwargs):
854
if "settings" in kwargs:
855
self.settings = kwargs["settings"]
856
del kwargs["settings"]
857
if "clients" in kwargs:
858
self.clients = kwargs["clients"]
859
del kwargs["clients"]
860
if "use_ipv6" in kwargs:
861
if not kwargs["use_ipv6"]:
862
self.address_family = socket.AF_INET
863
del kwargs["use_ipv6"]
865
super(IPv6_TCPServer, self).__init__(*args, **kwargs)
1557
def __init__(self, server_address, RequestHandlerClass,
1558
interface=None, use_ipv6=True):
1559
self.interface = interface
1561
self.address_family = socket.AF_INET6
1562
socketserver.TCPServer.__init__(self, server_address,
1563
RequestHandlerClass)
866
1564
def server_bind(self):
867
1565
"""This overrides the normal server_bind() function
868
1566
to bind to an interface if one was specified, and also NOT to
869
1567
bind to an address or port if they were not specified."""
870
if self.settings["interface"]:
871
# 25 is from /usr/include/asm-i486/socket.h
872
SO_BINDTODEVICE = getattr(socket, "SO_BINDTODEVICE", 25)
874
self.socket.setsockopt(socket.SOL_SOCKET,
876
self.settings["interface"])
877
except socket.error, error:
878
if error[0] == errno.EPERM:
879
logger.error(u"No permission to"
880
u" bind to interface %s",
881
self.settings["interface"])
1568
if self.interface is not None:
1569
if SO_BINDTODEVICE is None:
1570
logger.error("SO_BINDTODEVICE does not exist;"
1571
" cannot bind to interface %s",
1575
self.socket.setsockopt(socket.SOL_SOCKET,
1579
except socket.error as error:
1580
if error[0] == errno.EPERM:
1581
logger.error("No permission to"
1582
" bind to interface %s",
1584
elif error[0] == errno.ENOPROTOOPT:
1585
logger.error("SO_BINDTODEVICE not available;"
1586
" cannot bind to interface %s",
884
1590
# Only bind(2) the socket if we really need to.
885
1591
if self.server_address[0] or self.server_address[1]:
886
1592
if not self.server_address[0]:
893
1599
elif not self.server_address[1]:
894
1600
self.server_address = (self.server_address[0],
896
# if self.settings["interface"]:
1602
# if self.interface:
897
1603
# self.server_address = (self.server_address[0],
900
1606
# if_nametoindex
903
return super(IPv6_TCPServer, self).server_bind()
1608
return socketserver.TCPServer.server_bind(self)
1611
class MandosServer(IPv6_TCPServer):
1615
clients: set of Client objects
1616
gnutls_priority GnuTLS priority string
1617
use_dbus: Boolean; to emit D-Bus signals or not
1619
Assumes a gobject.MainLoop event loop.
1621
def __init__(self, server_address, RequestHandlerClass,
1622
interface=None, use_ipv6=True, clients=None,
1623
gnutls_priority=None, use_dbus=True):
1624
self.enabled = False
1625
self.clients = clients
1626
if self.clients is None:
1627
self.clients = set()
1628
self.use_dbus = use_dbus
1629
self.gnutls_priority = gnutls_priority
1630
IPv6_TCPServer.__init__(self, server_address,
1631
RequestHandlerClass,
1632
interface = interface,
1633
use_ipv6 = use_ipv6)
904
1634
def server_activate(self):
905
1635
if self.enabled:
906
return super(IPv6_TCPServer, self).server_activate()
1636
return socketserver.TCPServer.server_activate(self)
907
1638
def enable(self):
908
1639
self.enabled = True
909
def handle_ipc(self, source, condition, file_objects={}):
1641
def add_pipe(self, parent_pipe, proc):
1642
# Call "handle_ipc" for both data and EOF events
1643
gobject.io_add_watch(parent_pipe.fileno(),
1644
gobject.IO_IN | gobject.IO_HUP,
1645
functools.partial(self.handle_ipc,
1650
def handle_ipc(self, source, condition, parent_pipe=None,
1651
proc = None, client_object=None):
910
1652
condition_names = {
911
gobject.IO_IN: "IN", # There is data to read.
1653
gobject.IO_IN: "IN", # There is data to read.
912
1654
gobject.IO_OUT: "OUT", # Data can be written (without
914
1656
gobject.IO_PRI: "PRI", # There is urgent data to read.
915
1657
gobject.IO_ERR: "ERR", # Error condition.
916
1658
gobject.IO_HUP: "HUP" # Hung up (the connection has been
917
# broken, usually for pipes and
1659
# broken, usually for pipes and
920
1662
conditions_string = ' | '.join(name
921
1663
for cond, name in
922
1664
condition_names.iteritems()
923
1665
if cond & condition)
924
logger.debug("Handling IPC: FD = %d, condition = %s", source,
927
# Turn the pipe file descriptor into a Python file object
928
if source not in file_objects:
929
file_objects[source] = os.fdopen(source, "r", 1)
931
# Read a line from the file object
932
cmdline = file_objects[source].readline()
933
if not cmdline: # Empty line means end of file
935
file_objects[source].close()
936
del file_objects[source]
1666
# error, or the other end of multiprocessing.Pipe has closed
1667
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
1668
# Wait for other process to exit
1672
# Read a request from the child
1673
request = parent_pipe.recv()
1674
command = request[0]
1676
if command == 'init':
1678
address = request[2]
938
# Stop calling this function
941
logger.debug("IPC command: %r\n" % cmdline)
943
# Parse and act on command
944
cmd, args = cmdline.split(None, 1)
945
if cmd == "NOTFOUND":
946
if self.settings["use_dbus"]:
948
mandos_dbus_service.ClientNotFound(args)
949
elif cmd == "INVALID":
950
if self.settings["use_dbus"]:
951
for client in self.clients:
952
if client.name == args:
956
elif cmd == "SENDING":
957
for client in self.clients:
958
if client.name == args:
960
if self.settings["use_dbus"]:
962
client.ReceivedSecret()
1680
for c in self.clients:
1681
if c.fingerprint == fpr:
965
logger.error("Unknown IPC command: %r", cmdline)
967
# Keep calling this function
1685
logger.info("Client not found for fingerprint: %s, ad"
1686
"dress: %s", fpr, address)
1689
mandos_dbus_service.ClientNotFound(fpr,
1691
parent_pipe.send(False)
1694
gobject.io_add_watch(parent_pipe.fileno(),
1695
gobject.IO_IN | gobject.IO_HUP,
1696
functools.partial(self.handle_ipc,
1702
parent_pipe.send(True)
1703
# remove the old hook in favor of the new above hook on
1706
if command == 'funcall':
1707
funcname = request[1]
1711
parent_pipe.send(('data', getattr(client_object,
1715
if command == 'getattr':
1716
attrname = request[1]
1717
if callable(client_object.__getattribute__(attrname)):
1718
parent_pipe.send(('function',))
1720
parent_pipe.send(('data', client_object
1721
.__getattribute__(attrname)))
1723
if command == 'setattr':
1724
attrname = request[1]
1726
setattr(client_object, attrname, value)