To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 505.3.9
- compare with another revision
- download diff
- download tarball
- view history from revision 505.3.9
- Committer: Teddy Hogeborn
- Date: 2011-11-14 20:55:32 UTC
- mfrom: (505.2.6 mandos-client-network-hooks)
- mto: (505.2.7 mandos-client-network-hooks)
- mto: This revision was merged to the branch mainline in revision 525.
- Revision ID: teddy@recompile.se-20111114205532-vzgr6a301z57guex
* plugins.d/mandos-client.c: Merge unified printing system.
- files added:
- DBUS-API
- debian/source
- files modified:
- .bzrignore
added
removed
mandos
11
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008,2009 Teddy Hogeborn
15
# Copyright © 2008,2009 Björn Påhlsson
14
# Copyright © 2008-2011 Teddy Hogeborn
15
# Copyright © 2008-2011 Björn Påhlsson
16
16
#
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
28
28
# along with this program. If not, see
29
29
# <http://www.gnu.org/licenses/>.
30
30
#
31
# Contact the authors at <mandos@fukt.bsnet.se>.
31
# Contact the authors at <mandos@recompile.se>.
32
32
#
33
33
34
from __future__ import division, with_statement, absolute_import
34
from __future__ import (division, absolute_import, print_function,
35
unicode_literals)
35
36
36
37
import SocketServer as socketserver
37
38
import socket
38
import optparse
39
import argparse
39
40
import datetime
40
41
import errno
41
42
import gnutls.crypto
55
56
import logging
56
57
import logging.handlers
57
58
import pwd
58
from contextlib import closing
59
import contextlib
59
60
import struct
60
61
import fcntl
61
62
import functools
63
import cPickle as pickle
64
import multiprocessing
65
import types
62
66
63
67
import dbus
64
68
import dbus.service
67
71
from dbus.mainloop.glib import DBusGMainLoop
68
72
import ctypes
69
73
import ctypes.util
74
import xml.dom.minidom
75
import inspect
70
76
71
77
try:
72
78
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
77
83
SO_BINDTODEVICE = None
78
84
79
85
80
version = "1.0.11"
86
version = "1.4.1"
81
87
82
logger = logging.Logger(u'mandos')
88
#logger = logging.getLogger('mandos')
89
logger = logging.Logger('mandos')
83
90
syslogger = (logging.handlers.SysLogHandler
84
91
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
85
address = "/dev/log"))
92
address = str("/dev/log")))
86
93
syslogger.setFormatter(logging.Formatter
87
(u'Mandos [%(process)d]: %(levelname)s:'
88
u' %(message)s'))
94
('Mandos [%(process)d]: %(levelname)s:'
95
' %(message)s'))
89
96
logger.addHandler(syslogger)
90
97
91
98
console = logging.StreamHandler()
92
console.setFormatter(logging.Formatter(u'%(name)s [%(process)d]:'
93
u' %(levelname)s:'
94
u' %(message)s'))
99
console.setFormatter(logging.Formatter('%(name)s [%(process)d]:'
100
' %(levelname)s:'
101
' %(message)s'))
95
102
logger.addHandler(console)
96
103
97
104
class AvahiError(Exception):
114
121
Attributes:
115
122
interface: integer; avahi.IF_UNSPEC or an interface index.
116
123
Used to optionally bind to the specified interface.
117
name: string; Example: u'Mandos'
118
type: string; Example: u'_mandos._tcp'.
124
name: string; Example: 'Mandos'
125
type: string; Example: '_mandos._tcp'.
119
126
See <http://www.dns-sd.org/ServiceTypes.html>
120
127
port: integer; what port to announce
121
128
TXT: list of strings; TXT record for the service
130
137
"""
131
138
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
132
139
servicetype = None, port = None, TXT = None,
133
domain = u"", host = u"", max_renames = 32768,
140
domain = "", host = "", max_renames = 32768,
134
141
protocol = avahi.PROTO_UNSPEC, bus = None):
135
142
self.interface = interface
136
143
self.name = name
145
152
self.group = None # our entry group
146
153
self.server = None
147
154
self.bus = bus
155
self.entry_group_state_changed_match = None
148
156
def rename(self):
149
157
"""Derived from the Avahi example code"""
150
158
if self.rename_count >= self.max_renames:
151
logger.critical(u"No suitable Zeroconf service name found"
152
u" after %i retries, exiting.",
159
logger.critical("No suitable Zeroconf service name found"
160
" after %i retries, exiting.",
153
161
self.rename_count)
154
raise AvahiServiceError(u"Too many renames")
155
self.name = self.server.GetAlternativeServiceName(self.name)
156
logger.info(u"Changing Zeroconf service name to %r ...",
157
unicode(self.name))
162
raise AvahiServiceError("Too many renames")
163
self.name = unicode(self.server
164
.GetAlternativeServiceName(self.name))
165
logger.info("Changing Zeroconf service name to %r ...",
166
self.name)
158
167
syslogger.setFormatter(logging.Formatter
159
(u'Mandos (%s) [%%(process)d]:'
160
u' %%(levelname)s: %%(message)s'
168
('Mandos (%s) [%%(process)d]:'
169
' %%(levelname)s: %%(message)s'
161
170
% self.name))
162
171
self.remove()
163
self.add()
172
try:
173
self.add()
174
except dbus.exceptions.DBusException as error:
175
logger.critical("DBusException: %s", error)
176
self.cleanup()
177
os._exit(1)
164
178
self.rename_count += 1
165
179
def remove(self):
166
180
"""Derived from the Avahi example code"""
181
if self.entry_group_state_changed_match is not None:
182
self.entry_group_state_changed_match.remove()
183
self.entry_group_state_changed_match = None
167
184
if self.group is not None:
168
185
self.group.Reset()
169
186
def add(self):
170
187
"""Derived from the Avahi example code"""
188
self.remove()
171
189
if self.group is None:
172
190
self.group = dbus.Interface(
173
191
self.bus.get_object(avahi.DBUS_NAME,
174
192
self.server.EntryGroupNew()),
175
193
avahi.DBUS_INTERFACE_ENTRY_GROUP)
176
self.group.connect_to_signal('StateChanged',
177
self.entry_group_state_changed)
178
logger.debug(u"Adding Zeroconf service '%s' of type '%s' ...",
194
self.entry_group_state_changed_match = (
195
self.group.connect_to_signal(
196
'StateChanged', self .entry_group_state_changed))
197
logger.debug("Adding Zeroconf service '%s' of type '%s' ...",
179
198
self.name, self.type)
180
199
self.group.AddService(
181
200
self.interface,
188
207
self.group.Commit()
189
208
def entry_group_state_changed(self, state, error):
190
209
"""Derived from the Avahi example code"""
191
logger.debug(u"Avahi state change: %i", state)
210
logger.debug("Avahi entry group state change: %i", state)
192
211
193
212
if state == avahi.ENTRY_GROUP_ESTABLISHED:
194
logger.debug(u"Zeroconf service established.")
213
logger.debug("Zeroconf service established.")
195
214
elif state == avahi.ENTRY_GROUP_COLLISION:
196
logger.warning(u"Zeroconf service name collision.")
215
logger.info("Zeroconf service name collision.")
197
216
self.rename()
198
217
elif state == avahi.ENTRY_GROUP_FAILURE:
199
logger.critical(u"Avahi: Error in group state changed %s",
218
logger.critical("Avahi: Error in group state changed %s",
200
219
unicode(error))
201
raise AvahiGroupError(u"State changed: %s"
220
raise AvahiGroupError("State changed: %s"
202
221
% unicode(error))
203
222
def cleanup(self):
204
223
"""Derived from the Avahi example code"""
205
224
if self.group is not None:
206
self.group.Free()
225
try:
226
self.group.Free()
227
except (dbus.exceptions.UnknownMethodException,
228
dbus.exceptions.DBusException) as e:
229
pass
207
230
self.group = None
208
def server_state_changed(self, state):
231
self.remove()
232
def server_state_changed(self, state, error=None):
209
233
"""Derived from the Avahi example code"""
210
if state == avahi.SERVER_COLLISION:
211
logger.error(u"Zeroconf server name collision")
212
self.remove()
234
logger.debug("Avahi server state change: %i", state)
235
bad_states = { avahi.SERVER_INVALID:
236
"Zeroconf server invalid",
237
avahi.SERVER_REGISTERING: None,
238
avahi.SERVER_COLLISION:
239
"Zeroconf server name collision",
240
avahi.SERVER_FAILURE:
241
"Zeroconf server failure" }
242
if state in bad_states:
243
if bad_states[state] is not None:
244
if error is None:
245
logger.error(bad_states[state])
246
else:
247
logger.error(bad_states[state] + ": %r", error)
248
self.cleanup()
213
249
elif state == avahi.SERVER_RUNNING:
214
250
self.add()
251
else:
252
if error is None:
253
logger.debug("Unknown state: %r", state)
254
else:
255
logger.debug("Unknown state: %r: %r", state, error)
215
256
def activate(self):
216
257
"""Derived from the Avahi example code"""
217
258
if self.server is None:
218
259
self.server = dbus.Interface(
219
260
self.bus.get_object(avahi.DBUS_NAME,
220
avahi.DBUS_PATH_SERVER),
261
avahi.DBUS_PATH_SERVER,
262
follow_name_owner_changes=True),
221
263
avahi.DBUS_INTERFACE_SERVER)
222
self.server.connect_to_signal(u"StateChanged",
264
self.server.connect_to_signal("StateChanged",
223
265
self.server_state_changed)
224
266
self.server_state_changed(self.server.GetState())
225
267
226
268
269
def _timedelta_to_milliseconds(td):
270
"Convert a datetime.timedelta() to milliseconds"
271
return ((td.days * 24 * 60 * 60 * 1000)
272
+ (td.seconds * 1000)
273
+ (td.microseconds // 1000))
274
227
275
class Client(object):
228
276
"""A representation of a client host served by this server.
229
277
230
278
Attributes:
231
name: string; from the config file, used in log messages and
232
D-Bus identifiers
233
fingerprint: string (40 or 32 hexadecimal digits); used to
234
uniquely identify the client
235
secret: bytestring; sent verbatim (over TLS) to client
236
host: string; available for use by the checker command
237
created: datetime.datetime(); (UTC) object creation
238
last_enabled: datetime.datetime(); (UTC)
239
enabled: bool()
240
last_checked_ok: datetime.datetime(); (UTC) or None
241
timeout: datetime.timedelta(); How long from last_checked_ok
242
until this client is invalid
243
interval: datetime.timedelta(); How often to start a new checker
244
disable_hook: If set, called by disable() as disable_hook(self)
279
_approved: bool(); 'None' if not yet approved/disapproved
280
approval_delay: datetime.timedelta(); Time to wait for approval
281
approval_duration: datetime.timedelta(); Duration of one approval
245
282
checker: subprocess.Popen(); a running checker process used
246
283
to see if the client lives.
247
284
'None' if no process is running.
248
checker_initiator_tag: a gobject event source tag, or None
249
disable_initiator_tag: - '' -
250
checker_callback_tag: - '' -
251
checker_command: string; External command which is run to check if
252
client lives. %() expansions are done at
285
checker_callback_tag: a gobject event source tag, or None
286
checker_command: string; External command which is run to check
287
if client lives. %() expansions are done at
253
288
runtime with vars(self) as dict, so that for
254
289
instance %(name)s can be used in the command.
290
checker_initiator_tag: a gobject event source tag, or None
291
created: datetime.datetime(); (UTC) object creation
255
292
current_checker_command: string; current running checker_command
293
disable_hook: If set, called by disable() as disable_hook(self)
294
disable_initiator_tag: a gobject event source tag, or None
295
enabled: bool()
296
fingerprint: string (40 or 32 hexadecimal digits); used to
297
uniquely identify the client
298
host: string; available for use by the checker command
299
interval: datetime.timedelta(); How often to start a new checker
300
last_approval_request: datetime.datetime(); (UTC) or None
301
last_checked_ok: datetime.datetime(); (UTC) or None
302
last_enabled: datetime.datetime(); (UTC)
303
name: string; from the config file, used in log messages and
304
D-Bus identifiers
305
secret: bytestring; sent verbatim (over TLS) to client
306
timeout: datetime.timedelta(); How long from last_checked_ok
307
until this client is disabled
308
extended_timeout: extra long timeout when password has been sent
309
runtime_expansions: Allowed attributes for runtime expansion.
310
expires: datetime.datetime(); time (UTC) when a client will be
311
disabled, or None
256
312
"""
257
313
258
@staticmethod
259
def _datetime_to_milliseconds(dt):
260
"Convert a datetime.datetime() to milliseconds"
261
return ((dt.days * 24 * 60 * 60 * 1000)
262
+ (dt.seconds * 1000)
263
+ (dt.microseconds // 1000))
314
runtime_expansions = ("approval_delay", "approval_duration",
315
"created", "enabled", "fingerprint",
316
"host", "interval", "last_checked_ok",
317
"last_enabled", "name", "timeout")
264
318
265
319
def timeout_milliseconds(self):
266
320
"Return the 'timeout' attribute in milliseconds"
267
return self._datetime_to_milliseconds(self.timeout)
321
return _timedelta_to_milliseconds(self.timeout)
322
323
def extended_timeout_milliseconds(self):
324
"Return the 'extended_timeout' attribute in milliseconds"
325
return _timedelta_to_milliseconds(self.extended_timeout)
268
326
269
327
def interval_milliseconds(self):
270
328
"Return the 'interval' attribute in milliseconds"
271
return self._datetime_to_milliseconds(self.interval)
329
return _timedelta_to_milliseconds(self.interval)
330
331
def approval_delay_milliseconds(self):
332
return _timedelta_to_milliseconds(self.approval_delay)
272
333
273
334
def __init__(self, name = None, disable_hook=None, config=None):
274
335
"""Note: the 'checker' key in 'config' sets the
277
338
self.name = name
278
339
if config is None:
279
340
config = {}
280
logger.debug(u"Creating client %r", self.name)
341
logger.debug("Creating client %r", self.name)
281
342
# Uppercase and remove spaces from fingerprint for later
282
343
# comparison purposes with return value from the fingerprint()
283
344
# function
284
self.fingerprint = (config[u"fingerprint"].upper()
285
.replace(u" ", u""))
286
logger.debug(u" Fingerprint: %s", self.fingerprint)
287
if u"secret" in config:
288
self.secret = config[u"secret"].decode(u"base64")
289
elif u"secfile" in config:
290
with closing(open(os.path.expanduser
291
(os.path.expandvars
292
(config[u"secfile"])))) as secfile:
345
self.fingerprint = (config["fingerprint"].upper()
346
.replace(" ", ""))
347
logger.debug(" Fingerprint: %s", self.fingerprint)
348
if "secret" in config:
349
self.secret = config["secret"].decode("base64")
350
elif "secfile" in config:
351
with open(os.path.expanduser(os.path.expandvars
352
(config["secfile"])),
353
"rb") as secfile:
293
354
self.secret = secfile.read()
294
355
else:
295
raise TypeError(u"No secret or secfile for client %s"
356
raise TypeError("No secret or secfile for client %s"
296
357
% self.name)
297
self.host = config.get(u"host", u"")
358
self.host = config.get("host", "")
298
359
self.created = datetime.datetime.utcnow()
299
360
self.enabled = False
361
self.last_approval_request = None
300
362
self.last_enabled = None
301
363
self.last_checked_ok = None
302
self.timeout = string_to_delta(config[u"timeout"])
303
self.interval = string_to_delta(config[u"interval"])
364
self.timeout = string_to_delta(config["timeout"])
365
self.extended_timeout = string_to_delta(config
366
["extended_timeout"])
367
self.interval = string_to_delta(config["interval"])
304
368
self.disable_hook = disable_hook
305
369
self.checker = None
306
370
self.checker_initiator_tag = None
307
371
self.disable_initiator_tag = None
372
self.expires = None
308
373
self.checker_callback_tag = None
309
self.checker_command = config[u"checker"]
374
self.checker_command = config["checker"]
310
375
self.current_checker_command = None
311
376
self.last_connect = None
377
self._approved = None
378
self.approved_by_default = config.get("approved_by_default",
379
True)
380
self.approvals_pending = 0
381
self.approval_delay = string_to_delta(
382
config["approval_delay"])
383
self.approval_duration = string_to_delta(
384
config["approval_duration"])
385
self.changedstate = (multiprocessing_manager
386
.Condition(multiprocessing_manager
387
.Lock()))
388
389
def send_changedstate(self):
390
self.changedstate.acquire()
391
self.changedstate.notify_all()
392
self.changedstate.release()
312
393
313
394
def enable(self):
314
395
"""Start this client's checker and timeout hooks"""
315
if getattr(self, u"enabled", False):
396
if getattr(self, "enabled", False):
316
397
# Already enabled
317
398
return
318
self.last_enabled = datetime.datetime.utcnow()
399
self.send_changedstate()
319
400
# Schedule a new checker to be started an 'interval' from now,
320
401
# and every interval from then on.
321
402
self.checker_initiator_tag = (gobject.timeout_add
322
403
(self.interval_milliseconds(),
323
404
self.start_checker))
324
# Also start a new checker *right now*.
325
self.start_checker()
326
405
# Schedule a disable() when 'timeout' has passed
406
self.expires = datetime.datetime.utcnow() + self.timeout
327
407
self.disable_initiator_tag = (gobject.timeout_add
328
408
(self.timeout_milliseconds(),
329
409
self.disable))
330
410
self.enabled = True
411
self.last_enabled = datetime.datetime.utcnow()
412
# Also start a new checker *right now*.
413
self.start_checker()
331
414
332
def disable(self):
415
def disable(self, quiet=True):
333
416
"""Disable this client."""
334
417
if not getattr(self, "enabled", False):
335
418
return False
336
logger.info(u"Disabling client %s", self.name)
337
if getattr(self, u"disable_initiator_tag", False):
419
if not quiet:
420
self.send_changedstate()
421
if not quiet:
422
logger.info("Disabling client %s", self.name)
423
if getattr(self, "disable_initiator_tag", False):
338
424
gobject.source_remove(self.disable_initiator_tag)
339
425
self.disable_initiator_tag = None
340
if getattr(self, u"checker_initiator_tag", False):
426
self.expires = None
427
if getattr(self, "checker_initiator_tag", False):
341
428
gobject.source_remove(self.checker_initiator_tag)
342
429
self.checker_initiator_tag = None
343
430
self.stop_checker()
358
445
if os.WIFEXITED(condition):
359
446
exitstatus = os.WEXITSTATUS(condition)
360
447
if exitstatus == 0:
361
logger.info(u"Checker for %(name)s succeeded",
448
logger.info("Checker for %(name)s succeeded",
362
449
vars(self))
363
450
self.checked_ok()
364
451
else:
365
logger.info(u"Checker for %(name)s failed",
452
logger.info("Checker for %(name)s failed",
366
453
vars(self))
367
454
else:
368
logger.warning(u"Checker for %(name)s crashed?",
455
logger.warning("Checker for %(name)s crashed?",
369
456
vars(self))
370
457
371
def checked_ok(self):
458
def checked_ok(self, timeout=None):
372
459
"""Bump up the timeout for this client.
373
460
374
461
This should only be called when the client has been seen,
375
462
alive and well.
376
463
"""
464
if timeout is None:
465
timeout = self.timeout
377
466
self.last_checked_ok = datetime.datetime.utcnow()
378
gobject.source_remove(self.disable_initiator_tag)
379
self.disable_initiator_tag = (gobject.timeout_add
380
(self.timeout_milliseconds(),
381
self.disable))
467
if self.disable_initiator_tag is not None:
468
gobject.source_remove(self.disable_initiator_tag)
469
if getattr(self, "enabled", False):
470
self.disable_initiator_tag = (gobject.timeout_add
471
(_timedelta_to_milliseconds
472
(timeout), self.disable))
473
self.expires = datetime.datetime.utcnow() + timeout
474
475
def need_approval(self):
476
self.last_approval_request = datetime.datetime.utcnow()
382
477
383
478
def start_checker(self):
384
479
"""Start a new checker subprocess if one is not running.
391
486
# client would inevitably timeout, since no checker would get
392
487
# a chance to run to completion. If we instead leave running
393
488
# checkers alone, the checker would have to take more time
394
# than 'timeout' for the client to be declared invalid, which
395
# is as it should be.
489
# than 'timeout' for the client to be disabled, which is as it
490
# should be.
396
491
397
492
# If a checker exists, make sure it is not a zombie
398
if self.checker is not None:
493
try:
399
494
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
495
except (AttributeError, OSError) as error:
496
if (isinstance(error, OSError)
497
and error.errno != errno.ECHILD):
498
raise error
499
else:
400
500
if pid:
401
logger.warning(u"Checker was a zombie")
501
logger.warning("Checker was a zombie")
402
502
gobject.source_remove(self.checker_callback_tag)
403
503
self.checker_callback(pid, status,
404
504
self.current_checker_command)
409
509
command = self.checker_command % self.host
410
510
except TypeError:
411
511
# Escape attributes for the shell
412
escaped_attrs = dict((key,
413
re.escape(unicode(str(val),
414
errors=
415
u'replace')))
416
for key, val in
417
vars(self).iteritems())
512
escaped_attrs = dict(
513
(attr,
514
re.escape(unicode(str(getattr(self, attr, "")),
515
errors=
516
'replace')))
517
for attr in
518
self.runtime_expansions)
519
418
520
try:
419
521
command = self.checker_command % escaped_attrs
420
except TypeError, error:
421
logger.error(u'Could not format string "%s":'
422
u' %s', self.checker_command, error)
522
except TypeError as error:
523
logger.error('Could not format string "%s":'
524
' %s', self.checker_command, error)
423
525
return True # Try again later
424
526
self.current_checker_command = command
425
527
try:
426
logger.info(u"Starting checker %r for %s",
528
logger.info("Starting checker %r for %s",
427
529
command, self.name)
428
530
# We don't need to redirect stdout and stderr, since
429
531
# in normal mode, that is already done by daemon(),
431
533
# always replaced by /dev/null.)
432
534
self.checker = subprocess.Popen(command,
433
535
close_fds=True,
434
shell=True, cwd=u"/")
536
shell=True, cwd="/")
435
537
self.checker_callback_tag = (gobject.child_watch_add
436
538
(self.checker.pid,
437
539
self.checker_callback,
442
544
if pid:
443
545
gobject.source_remove(self.checker_callback_tag)
444
546
self.checker_callback(pid, status, command)
445
except OSError, error:
446
logger.error(u"Failed to start subprocess: %s",
547
except OSError as error:
548
logger.error("Failed to start subprocess: %s",
447
549
error)
448
550
# Re-run this periodically if run by gobject.timeout_add
449
551
return True
453
555
if self.checker_callback_tag:
454
556
gobject.source_remove(self.checker_callback_tag)
455
557
self.checker_callback_tag = None
456
if getattr(self, u"checker", None) is None:
558
if getattr(self, "checker", None) is None:
457
559
return
458
logger.debug(u"Stopping checker for %(name)s", vars(self))
560
logger.debug("Stopping checker for %(name)s", vars(self))
459
561
try:
460
562
os.kill(self.checker.pid, signal.SIGTERM)
461
#os.sleep(0.5)
563
#time.sleep(0.5)
462
564
#if self.checker.poll() is None:
463
565
# os.kill(self.checker.pid, signal.SIGKILL)
464
except OSError, error:
566
except OSError as error:
465
567
if error.errno != errno.ESRCH: # No such process
466
568
raise
467
569
self.checker = None
468
469
def still_valid(self):
470
"""Has the timeout not yet passed for this client?"""
471
if not getattr(self, u"enabled", False):
472
return False
473
now = datetime.datetime.utcnow()
474
if self.last_checked_ok is None:
475
return now < (self.created + self.timeout)
476
else:
477
return now < (self.last_checked_ok + self.timeout)
478
479
480
class ClientDBus(Client, dbus.service.Object):
570
571
572
def dbus_service_property(dbus_interface, signature="v",
573
access="readwrite", byte_arrays=False):
574
"""Decorators for marking methods of a DBusObjectWithProperties to
575
become properties on the D-Bus.
576
577
The decorated method will be called with no arguments by "Get"
578
and with one argument by "Set".
579
580
The parameters, where they are supported, are the same as
581
dbus.service.method, except there is only "signature", since the
582
type from Get() and the type sent to Set() is the same.
583
"""
584
# Encoding deeply encoded byte arrays is not supported yet by the
585
# "Set" method, so we fail early here:
586
if byte_arrays and signature != "ay":
587
raise ValueError("Byte arrays not supported for non-'ay'"
588
" signature %r" % signature)
589
def decorator(func):
590
func._dbus_is_property = True
591
func._dbus_interface = dbus_interface
592
func._dbus_signature = signature
593
func._dbus_access = access
594
func._dbus_name = func.__name__
595
if func._dbus_name.endswith("_dbus_property"):
596
func._dbus_name = func._dbus_name[:-14]
597
func._dbus_get_args_options = {'byte_arrays': byte_arrays }
598
return func
599
return decorator
600
601
602
class DBusPropertyException(dbus.exceptions.DBusException):
603
"""A base class for D-Bus property-related exceptions
604
"""
605
def __unicode__(self):
606
return unicode(str(self))
607
608
609
class DBusPropertyAccessException(DBusPropertyException):
610
"""A property's access permissions disallows an operation.
611
"""
612
pass
613
614
615
class DBusPropertyNotFound(DBusPropertyException):
616
"""An attempt was made to access a non-existing property.
617
"""
618
pass
619
620
621
class DBusObjectWithProperties(dbus.service.Object):
622
"""A D-Bus object with properties.
623
624
Classes inheriting from this can use the dbus_service_property
625
decorator to expose methods as D-Bus properties. It exposes the
626
standard Get(), Set(), and GetAll() methods on the D-Bus.
627
"""
628
629
@staticmethod
630
def _is_dbus_property(obj):
631
return getattr(obj, "_dbus_is_property", False)
632
633
def _get_all_dbus_properties(self):
634
"""Returns a generator of (name, attribute) pairs
635
"""
636
return ((prop.__get__(self)._dbus_name, prop.__get__(self))
637
for cls in self.__class__.__mro__
638
for name, prop in
639
inspect.getmembers(cls, self._is_dbus_property))
640
641
def _get_dbus_property(self, interface_name, property_name):
642
"""Returns a bound method if one exists which is a D-Bus
643
property with the specified name and interface.
644
"""
645
for cls in self.__class__.__mro__:
646
for name, value in (inspect.getmembers
647
(cls, self._is_dbus_property)):
648
if (value._dbus_name == property_name
649
and value._dbus_interface == interface_name):
650
return value.__get__(self)
651
652
# No such property
653
raise DBusPropertyNotFound(self.dbus_object_path + ":"
654
+ interface_name + "."
655
+ property_name)
656
657
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
658
out_signature="v")
659
def Get(self, interface_name, property_name):
660
"""Standard D-Bus property Get() method, see D-Bus standard.
661
"""
662
prop = self._get_dbus_property(interface_name, property_name)
663
if prop._dbus_access == "write":
664
raise DBusPropertyAccessException(property_name)
665
value = prop()
666
if not hasattr(value, "variant_level"):
667
return value
668
return type(value)(value, variant_level=value.variant_level+1)
669
670
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ssv")
671
def Set(self, interface_name, property_name, value):
672
"""Standard D-Bus property Set() method, see D-Bus standard.
673
"""
674
prop = self._get_dbus_property(interface_name, property_name)
675
if prop._dbus_access == "read":
676
raise DBusPropertyAccessException(property_name)
677
if prop._dbus_get_args_options["byte_arrays"]:
678
# The byte_arrays option is not supported yet on
679
# signatures other than "ay".
680
if prop._dbus_signature != "ay":
681
raise ValueError
682
value = dbus.ByteArray(''.join(unichr(byte)
683
for byte in value))
684
prop(value)
685
686
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
687
out_signature="a{sv}")
688
def GetAll(self, interface_name):
689
"""Standard D-Bus property GetAll() method, see D-Bus
690
standard.
691
692
Note: Will not include properties with access="write".
693
"""
694
all = {}
695
for name, prop in self._get_all_dbus_properties():
696
if (interface_name
697
and interface_name != prop._dbus_interface):
698
# Interface non-empty but did not match
699
continue
700
# Ignore write-only properties
701
if prop._dbus_access == "write":
702
continue
703
value = prop()
704
if not hasattr(value, "variant_level"):
705
all[name] = value
706
continue
707
all[name] = type(value)(value, variant_level=
708
value.variant_level+1)
709
return dbus.Dictionary(all, signature="sv")
710
711
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
712
out_signature="s",
713
path_keyword='object_path',
714
connection_keyword='connection')
715
def Introspect(self, object_path, connection):
716
"""Standard D-Bus method, overloaded to insert property tags.
717
"""
718
xmlstring = dbus.service.Object.Introspect(self, object_path,
719
connection)
720
try:
721
document = xml.dom.minidom.parseString(xmlstring)
722
def make_tag(document, name, prop):
723
e = document.createElement("property")
724
e.setAttribute("name", name)
725
e.setAttribute("type", prop._dbus_signature)
726
e.setAttribute("access", prop._dbus_access)
727
return e
728
for if_tag in document.getElementsByTagName("interface"):
729
for tag in (make_tag(document, name, prop)
730
for name, prop
731
in self._get_all_dbus_properties()
732
if prop._dbus_interface
733
== if_tag.getAttribute("name")):
734
if_tag.appendChild(tag)
735
# Add the names to the return values for the
736
# "org.freedesktop.DBus.Properties" methods
737
if (if_tag.getAttribute("name")
738
== "org.freedesktop.DBus.Properties"):
739
for cn in if_tag.getElementsByTagName("method"):
740
if cn.getAttribute("name") == "Get":
741
for arg in cn.getElementsByTagName("arg"):
742
if (arg.getAttribute("direction")
743
== "out"):
744
arg.setAttribute("name", "value")
745
elif cn.getAttribute("name") == "GetAll":
746
for arg in cn.getElementsByTagName("arg"):
747
if (arg.getAttribute("direction")
748
== "out"):
749
arg.setAttribute("name", "props")
750
xmlstring = document.toxml("utf-8")
751
document.unlink()
752
except (AttributeError, xml.dom.DOMException,
753
xml.parsers.expat.ExpatError) as error:
754
logger.error("Failed to override Introspection method",
755
error)
756
return xmlstring
757
758
759
def datetime_to_dbus (dt, variant_level=0):
760
"""Convert a UTC datetime.datetime() to a D-Bus type."""
761
if dt is None:
762
return dbus.String("", variant_level = variant_level)
763
return dbus.String(dt.isoformat(),
764
variant_level=variant_level)
765
766
class AlternateDBusNamesMetaclass(DBusObjectWithProperties
767
.__metaclass__):
768
"""Applied to an empty subclass of a D-Bus object, this metaclass
769
will add additional D-Bus attributes matching a certain pattern.
770
"""
771
def __new__(mcs, name, bases, attr):
772
# Go through all the base classes which could have D-Bus
773
# methods, signals, or properties in them
774
for base in (b for b in bases
775
if issubclass(b, dbus.service.Object)):
776
# Go though all attributes of the base class
777
for attrname, attribute in inspect.getmembers(base):
778
# Ignore non-D-Bus attributes, and D-Bus attributes
779
# with the wrong interface name
780
if (not hasattr(attribute, "_dbus_interface")
781
or not attribute._dbus_interface
782
.startswith("se.recompile.Mandos")):
783
continue
784
# Create an alternate D-Bus interface name based on
785
# the current name
786
alt_interface = (attribute._dbus_interface
787
.replace("se.recompile.Mandos",
788
"se.bsnet.fukt.Mandos"))
789
# Is this a D-Bus signal?
790
if getattr(attribute, "_dbus_is_signal", False):
791
# Extract the original non-method function by
792
# black magic
793
nonmethod_func = (dict(
794
zip(attribute.func_code.co_freevars,
795
attribute.__closure__))["func"]
796
.cell_contents)
797
# Create a new, but exactly alike, function
798
# object, and decorate it to be a new D-Bus signal
799
# with the alternate D-Bus interface name
800
new_function = (dbus.service.signal
801
(alt_interface,
802
attribute._dbus_signature)
803
(types.FunctionType(
804
nonmethod_func.func_code,
805
nonmethod_func.func_globals,
806
nonmethod_func.func_name,
807
nonmethod_func.func_defaults,
808
nonmethod_func.func_closure)))
809
# Define a creator of a function to call both the
810
# old and new functions, so both the old and new
811
# signals gets sent when the function is called
812
def fixscope(func1, func2):
813
"""This function is a scope container to pass
814
func1 and func2 to the "call_both" function
815
outside of its arguments"""
816
def call_both(*args, **kwargs):
817
"""This function will emit two D-Bus
818
signals by calling func1 and func2"""
819
func1(*args, **kwargs)
820
func2(*args, **kwargs)
821
return call_both
822
# Create the "call_both" function and add it to
823
# the class
824
attr[attrname] = fixscope(attribute,
825
new_function)
826
# Is this a D-Bus method?
827
elif getattr(attribute, "_dbus_is_method", False):
828
# Create a new, but exactly alike, function
829
# object. Decorate it to be a new D-Bus method
830
# with the alternate D-Bus interface name. Add it
831
# to the class.
832
attr[attrname] = (dbus.service.method
833
(alt_interface,
834
attribute._dbus_in_signature,
835
attribute._dbus_out_signature)
836
(types.FunctionType
837
(attribute.func_code,
838
attribute.func_globals,
839
attribute.func_name,
840
attribute.func_defaults,
841
attribute.func_closure)))
842
# Is this a D-Bus property?
843
elif getattr(attribute, "_dbus_is_property", False):
844
# Create a new, but exactly alike, function
845
# object, and decorate it to be a new D-Bus
846
# property with the alternate D-Bus interface
847
# name. Add it to the class.
848
attr[attrname] = (dbus_service_property
849
(alt_interface,
850
attribute._dbus_signature,
851
attribute._dbus_access,
852
attribute
853
._dbus_get_args_options
854
["byte_arrays"])
855
(types.FunctionType
856
(attribute.func_code,
857
attribute.func_globals,
858
attribute.func_name,
859
attribute.func_defaults,
860
attribute.func_closure)))
861
return type.__new__(mcs, name, bases, attr)
862
863
class ClientDBus(Client, DBusObjectWithProperties):
481
864
"""A Client class using D-Bus
482
865
483
866
Attributes:
484
867
dbus_object_path: dbus.ObjectPath
485
868
bus: dbus.SystemBus()
486
869
"""
870
871
runtime_expansions = (Client.runtime_expansions
872
+ ("dbus_object_path",))
873
487
874
# dbus.service.Object doesn't use super(), so we can't either.
488
875
489
876
def __init__(self, bus = None, *args, **kwargs):
877
self._approvals_pending = 0
490
878
self.bus = bus
491
879
Client.__init__(self, *args, **kwargs)
492
880
# Only now, when this client is initialized, can it show up on
493
881
# the D-Bus
882
client_object_name = unicode(self.name).translate(
883
{ord("."): ord("_"),
884
ord("-"): ord("_")})
494
885
self.dbus_object_path = (dbus.ObjectPath
495
(u"/clients/"
496
+ self.name.replace(u".", u"_")))
497
dbus.service.Object.__init__(self, self.bus,
498
self.dbus_object_path)
499
500
@staticmethod
501
def _datetime_to_dbus(dt, variant_level=0):
502
"""Convert a UTC datetime.datetime() to a D-Bus type."""
503
return dbus.String(dt.isoformat(),
504
variant_level=variant_level)
505
506
def enable(self):
507
oldstate = getattr(self, u"enabled", False)
508
r = Client.enable(self)
509
if oldstate != self.enabled:
510
# Emit D-Bus signals
511
self.PropertyChanged(dbus.String(u"enabled"),
512
dbus.Boolean(True, variant_level=1))
513
self.PropertyChanged(
514
dbus.String(u"last_enabled"),
515
self._datetime_to_dbus(self.last_enabled,
516
variant_level=1))
517
return r
518
519
def disable(self, signal = True):
520
oldstate = getattr(self, u"enabled", False)
521
r = Client.disable(self)
522
if signal and oldstate != self.enabled:
523
# Emit D-Bus signal
524
self.PropertyChanged(dbus.String(u"enabled"),
525
dbus.Boolean(False, variant_level=1))
526
return r
886
("/clients/" + client_object_name))
887
DBusObjectWithProperties.__init__(self, self.bus,
888
self.dbus_object_path)
889
890
def notifychangeproperty(transform_func,
891
dbus_name, type_func=lambda x: x,
892
variant_level=1):
893
""" Modify a variable so that it's a property which announces
894
its changes to DBus.
895
896
transform_fun: Function that takes a value and a variant_level
897
and transforms it to a D-Bus type.
898
dbus_name: D-Bus name of the variable
899
type_func: Function that transform the value before sending it
900
to the D-Bus. Default: no transform
901
variant_level: D-Bus variant level. Default: 1
902
"""
903
attrname = "_{0}".format(dbus_name)
904
def setter(self, value):
905
if hasattr(self, "dbus_object_path"):
906
if (not hasattr(self, attrname) or
907
type_func(getattr(self, attrname, None))
908
!= type_func(value)):
909
dbus_value = transform_func(type_func(value),
910
variant_level
911
=variant_level)
912
self.PropertyChanged(dbus.String(dbus_name),
913
dbus_value)
914
setattr(self, attrname, value)
915
916
return property(lambda self: getattr(self, attrname), setter)
917
918
919
expires = notifychangeproperty(datetime_to_dbus, "Expires")
920
approvals_pending = notifychangeproperty(dbus.Boolean,
921
"ApprovalPending",
922
type_func = bool)
923
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
924
last_enabled = notifychangeproperty(datetime_to_dbus,
925
"LastEnabled")
926
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
927
type_func = lambda checker:
928
checker is not None)
929
last_checked_ok = notifychangeproperty(datetime_to_dbus,
930
"LastCheckedOK")
931
last_approval_request = notifychangeproperty(
932
datetime_to_dbus, "LastApprovalRequest")
933
approved_by_default = notifychangeproperty(dbus.Boolean,
934
"ApprovedByDefault")
935
approval_delay = notifychangeproperty(dbus.UInt16,
936
"ApprovalDelay",
937
type_func =
938
_timedelta_to_milliseconds)
939
approval_duration = notifychangeproperty(
940
dbus.UInt16, "ApprovalDuration",
941
type_func = _timedelta_to_milliseconds)
942
host = notifychangeproperty(dbus.String, "Host")
943
timeout = notifychangeproperty(dbus.UInt16, "Timeout",
944
type_func =
945
_timedelta_to_milliseconds)
946
extended_timeout = notifychangeproperty(
947
dbus.UInt16, "ExtendedTimeout",
948
type_func = _timedelta_to_milliseconds)
949
interval = notifychangeproperty(dbus.UInt16,
950
"Interval",
951
type_func =
952
_timedelta_to_milliseconds)
953
checker_command = notifychangeproperty(dbus.String, "Checker")
954
955
del notifychangeproperty
527
956
528
957
def __del__(self, *args, **kwargs):
529
958
try:
530
959
self.remove_from_connection()
531
960
except LookupError:
532
961
pass
533
if hasattr(dbus.service.Object, u"__del__"):
534
dbus.service.Object.__del__(self, *args, **kwargs)
962
if hasattr(DBusObjectWithProperties, "__del__"):
963
DBusObjectWithProperties.__del__(self, *args, **kwargs)
535
964
Client.__del__(self, *args, **kwargs)
536
965
537
966
def checker_callback(self, pid, condition, command,
538
967
*args, **kwargs):
539
968
self.checker_callback_tag = None
540
969
self.checker = None
541
# Emit D-Bus signal
542
self.PropertyChanged(dbus.String(u"checker_running"),
543
dbus.Boolean(False, variant_level=1))
544
970
if os.WIFEXITED(condition):
545
971
exitstatus = os.WEXITSTATUS(condition)
546
972
# Emit D-Bus signal
556
982
return Client.checker_callback(self, pid, condition, command,
557
983
*args, **kwargs)
558
984
559
def checked_ok(self, *args, **kwargs):
560
r = Client.checked_ok(self, *args, **kwargs)
561
# Emit D-Bus signal
562
self.PropertyChanged(
563
dbus.String(u"last_checked_ok"),
564
(self._datetime_to_dbus(self.last_checked_ok,
565
variant_level=1)))
566
return r
567
568
985
def start_checker(self, *args, **kwargs):
569
986
old_checker = self.checker
570
987
if self.checker is not None:
577
994
and old_checker_pid != self.checker.pid):
578
995
# Emit D-Bus signal
579
996
self.CheckerStarted(self.current_checker_command)
580
self.PropertyChanged(
581
dbus.String(u"checker_running"),
582
dbus.Boolean(True, variant_level=1))
583
return r
584
585
def stop_checker(self, *args, **kwargs):
586
old_checker = getattr(self, u"checker", None)
587
r = Client.stop_checker(self, *args, **kwargs)
588
if (old_checker is not None
589
and getattr(self, u"checker", None) is None):
590
self.PropertyChanged(dbus.String(u"checker_running"),
591
dbus.Boolean(False, variant_level=1))
592
return r
593
594
## D-Bus methods & signals
595
_interface = u"se.bsnet.fukt.Mandos.Client"
596
597
# CheckedOK - method
598
@dbus.service.method(_interface)
599
def CheckedOK(self):
600
return self.checked_ok()
997
return r
998
999
def _reset_approved(self):
1000
self._approved = None
1001
return False
1002
1003
def approve(self, value=True):
1004
self.send_changedstate()
1005
self._approved = value
1006
gobject.timeout_add(_timedelta_to_milliseconds
1007
(self.approval_duration),
1008
self._reset_approved)
1009
1010
1011
## D-Bus methods, signals & properties
1012
_interface = "se.recompile.Mandos.Client"
1013
1014
## Signals
601
1015
602
1016
# CheckerCompleted - signal
603
@dbus.service.signal(_interface, signature=u"nxs")
1017
@dbus.service.signal(_interface, signature="nxs")
604
1018
def CheckerCompleted(self, exitcode, waitstatus, command):
605
1019
"D-Bus signal"
606
1020
pass
607
1021
608
1022
# CheckerStarted - signal
609
@dbus.service.signal(_interface, signature=u"s")
1023
@dbus.service.signal(_interface, signature="s")
610
1024
def CheckerStarted(self, command):
611
1025
"D-Bus signal"
612
1026
pass
613
1027
614
# GetAllProperties - method
615
@dbus.service.method(_interface, out_signature=u"a{sv}")
616
def GetAllProperties(self):
617
"D-Bus method"
618
return dbus.Dictionary({
619
dbus.String(u"name"):
620
dbus.String(self.name, variant_level=1),
621
dbus.String(u"fingerprint"):
622
dbus.String(self.fingerprint, variant_level=1),
623
dbus.String(u"host"):
624
dbus.String(self.host, variant_level=1),
625
dbus.String(u"created"):
626
self._datetime_to_dbus(self.created,
627
variant_level=1),
628
dbus.String(u"last_enabled"):
629
(self._datetime_to_dbus(self.last_enabled,
630
variant_level=1)
631
if self.last_enabled is not None
632
else dbus.Boolean(False, variant_level=1)),
633
dbus.String(u"enabled"):
634
dbus.Boolean(self.enabled, variant_level=1),
635
dbus.String(u"last_checked_ok"):
636
(self._datetime_to_dbus(self.last_checked_ok,
637
variant_level=1)
638
if self.last_checked_ok is not None
639
else dbus.Boolean (False, variant_level=1)),
640
dbus.String(u"timeout"):
641
dbus.UInt64(self.timeout_milliseconds(),
642
variant_level=1),
643
dbus.String(u"interval"):
644
dbus.UInt64(self.interval_milliseconds(),
645
variant_level=1),
646
dbus.String(u"checker"):
647
dbus.String(self.checker_command,
648
variant_level=1),
649
dbus.String(u"checker_running"):
650
dbus.Boolean(self.checker is not None,
651
variant_level=1),
652
dbus.String(u"object_path"):
653
dbus.ObjectPath(self.dbus_object_path,
654
variant_level=1)
655
}, signature=u"sv")
656
657
# IsStillValid - method
658
@dbus.service.method(_interface, out_signature=u"b")
659
def IsStillValid(self):
660
return self.still_valid()
661
662
1028
# PropertyChanged - signal
663
@dbus.service.signal(_interface, signature=u"sv")
1029
@dbus.service.signal(_interface, signature="sv")
664
1030
def PropertyChanged(self, property, value):
665
1031
"D-Bus signal"
666
1032
pass
667
1033
668
# ReceivedSecret - signal
1034
# GotSecret - signal
669
1035
@dbus.service.signal(_interface)
670
def ReceivedSecret(self):
671
"D-Bus signal"
1036
def GotSecret(self):
1037
"""D-Bus signal
1038
Is sent after a successful transfer of secret from the Mandos
1039
server to mandos-client
1040
"""
672
1041
pass
673
1042
674
1043
# Rejected - signal
675
@dbus.service.signal(_interface)
676
def Rejected(self):
1044
@dbus.service.signal(_interface, signature="s")
1045
def Rejected(self, reason):
677
1046
"D-Bus signal"
678
1047
pass
679
1048
680
# SetChecker - method
681
@dbus.service.method(_interface, in_signature=u"s")
682
def SetChecker(self, checker):
683
"D-Bus setter method"
684
self.checker_command = checker
685
# Emit D-Bus signal
686
self.PropertyChanged(dbus.String(u"checker"),
687
dbus.String(self.checker_command,
688
variant_level=1))
689
690
# SetHost - method
691
@dbus.service.method(_interface, in_signature=u"s")
692
def SetHost(self, host):
693
"D-Bus setter method"
694
self.host = host
695
# Emit D-Bus signal
696
self.PropertyChanged(dbus.String(u"host"),
697
dbus.String(self.host, variant_level=1))
698
699
# SetInterval - method
700
@dbus.service.method(_interface, in_signature=u"t")
701
def SetInterval(self, milliseconds):
702
self.interval = datetime.timedelta(0, 0, 0, milliseconds)
703
# Emit D-Bus signal
704
self.PropertyChanged(dbus.String(u"interval"),
705
(dbus.UInt64(self.interval_milliseconds(),
706
variant_level=1)))
707
708
# SetSecret - method
709
@dbus.service.method(_interface, in_signature=u"ay",
710
byte_arrays=True)
711
def SetSecret(self, secret):
712
"D-Bus setter method"
713
self.secret = str(secret)
714
715
# SetTimeout - method
716
@dbus.service.method(_interface, in_signature=u"t")
717
def SetTimeout(self, milliseconds):
718
self.timeout = datetime.timedelta(0, 0, 0, milliseconds)
719
# Emit D-Bus signal
720
self.PropertyChanged(dbus.String(u"timeout"),
721
(dbus.UInt64(self.timeout_milliseconds(),
722
variant_level=1)))
1049
# NeedApproval - signal
1050
@dbus.service.signal(_interface, signature="tb")
1051
def NeedApproval(self, timeout, default):
1052
"D-Bus signal"
1053
return self.need_approval()
1054
1055
## Methods
1056
1057
# Approve - method
1058
@dbus.service.method(_interface, in_signature="b")
1059
def Approve(self, value):
1060
self.approve(value)
1061
1062
# CheckedOK - method
1063
@dbus.service.method(_interface)
1064
def CheckedOK(self):
1065
self.checked_ok()
723
1066
724
1067
# Enable - method
725
1068
@dbus.service.method(_interface)
744
1087
def StopChecker(self):
745
1088
self.stop_checker()
746
1089
1090
## Properties
1091
1092
# ApprovalPending - property
1093
@dbus_service_property(_interface, signature="b", access="read")
1094
def ApprovalPending_dbus_property(self):
1095
return dbus.Boolean(bool(self.approvals_pending))
1096
1097
# ApprovedByDefault - property
1098
@dbus_service_property(_interface, signature="b",
1099
access="readwrite")
1100
def ApprovedByDefault_dbus_property(self, value=None):
1101
if value is None: # get
1102
return dbus.Boolean(self.approved_by_default)
1103
self.approved_by_default = bool(value)
1104
1105
# ApprovalDelay - property
1106
@dbus_service_property(_interface, signature="t",
1107
access="readwrite")
1108
def ApprovalDelay_dbus_property(self, value=None):
1109
if value is None: # get
1110
return dbus.UInt64(self.approval_delay_milliseconds())
1111
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1112
1113
# ApprovalDuration - property
1114
@dbus_service_property(_interface, signature="t",
1115
access="readwrite")
1116
def ApprovalDuration_dbus_property(self, value=None):
1117
if value is None: # get
1118
return dbus.UInt64(_timedelta_to_milliseconds(
1119
self.approval_duration))
1120
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1121
1122
# Name - property
1123
@dbus_service_property(_interface, signature="s", access="read")
1124
def Name_dbus_property(self):
1125
return dbus.String(self.name)
1126
1127
# Fingerprint - property
1128
@dbus_service_property(_interface, signature="s", access="read")
1129
def Fingerprint_dbus_property(self):
1130
return dbus.String(self.fingerprint)
1131
1132
# Host - property
1133
@dbus_service_property(_interface, signature="s",
1134
access="readwrite")
1135
def Host_dbus_property(self, value=None):
1136
if value is None: # get
1137
return dbus.String(self.host)
1138
self.host = value
1139
1140
# Created - property
1141
@dbus_service_property(_interface, signature="s", access="read")
1142
def Created_dbus_property(self):
1143
return dbus.String(datetime_to_dbus(self.created))
1144
1145
# LastEnabled - property
1146
@dbus_service_property(_interface, signature="s", access="read")
1147
def LastEnabled_dbus_property(self):
1148
return datetime_to_dbus(self.last_enabled)
1149
1150
# Enabled - property
1151
@dbus_service_property(_interface, signature="b",
1152
access="readwrite")
1153
def Enabled_dbus_property(self, value=None):
1154
if value is None: # get
1155
return dbus.Boolean(self.enabled)
1156
if value:
1157
self.enable()
1158
else:
1159
self.disable()
1160
1161
# LastCheckedOK - property
1162
@dbus_service_property(_interface, signature="s",
1163
access="readwrite")
1164
def LastCheckedOK_dbus_property(self, value=None):
1165
if value is not None:
1166
self.checked_ok()
1167
return
1168
return datetime_to_dbus(self.last_checked_ok)
1169
1170
# Expires - property
1171
@dbus_service_property(_interface, signature="s", access="read")
1172
def Expires_dbus_property(self):
1173
return datetime_to_dbus(self.expires)
1174
1175
# LastApprovalRequest - property
1176
@dbus_service_property(_interface, signature="s", access="read")
1177
def LastApprovalRequest_dbus_property(self):
1178
return datetime_to_dbus(self.last_approval_request)
1179
1180
# Timeout - property
1181
@dbus_service_property(_interface, signature="t",
1182
access="readwrite")
1183
def Timeout_dbus_property(self, value=None):
1184
if value is None: # get
1185
return dbus.UInt64(self.timeout_milliseconds())
1186
self.timeout = datetime.timedelta(0, 0, 0, value)
1187
if getattr(self, "disable_initiator_tag", None) is None:
1188
return
1189
# Reschedule timeout
1190
gobject.source_remove(self.disable_initiator_tag)
1191
self.disable_initiator_tag = None
1192
self.expires = None
1193
time_to_die = _timedelta_to_milliseconds((self
1194
.last_checked_ok
1195
+ self.timeout)
1196
- datetime.datetime
1197
.utcnow())
1198
if time_to_die <= 0:
1199
# The timeout has passed
1200
self.disable()
1201
else:
1202
self.expires = (datetime.datetime.utcnow()
1203
+ datetime.timedelta(milliseconds =
1204
time_to_die))
1205
self.disable_initiator_tag = (gobject.timeout_add
1206
(time_to_die, self.disable))
1207
1208
# ExtendedTimeout - property
1209
@dbus_service_property(_interface, signature="t",
1210
access="readwrite")
1211
def ExtendedTimeout_dbus_property(self, value=None):
1212
if value is None: # get
1213
return dbus.UInt64(self.extended_timeout_milliseconds())
1214
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1215
1216
# Interval - property
1217
@dbus_service_property(_interface, signature="t",
1218
access="readwrite")
1219
def Interval_dbus_property(self, value=None):
1220
if value is None: # get
1221
return dbus.UInt64(self.interval_milliseconds())
1222
self.interval = datetime.timedelta(0, 0, 0, value)
1223
if getattr(self, "checker_initiator_tag", None) is None:
1224
return
1225
# Reschedule checker run
1226
gobject.source_remove(self.checker_initiator_tag)
1227
self.checker_initiator_tag = (gobject.timeout_add
1228
(value, self.start_checker))
1229
self.start_checker() # Start one now, too
1230
1231
# Checker - property
1232
@dbus_service_property(_interface, signature="s",
1233
access="readwrite")
1234
def Checker_dbus_property(self, value=None):
1235
if value is None: # get
1236
return dbus.String(self.checker_command)
1237
self.checker_command = value
1238
1239
# CheckerRunning - property
1240
@dbus_service_property(_interface, signature="b",
1241
access="readwrite")
1242
def CheckerRunning_dbus_property(self, value=None):
1243
if value is None: # get
1244
return dbus.Boolean(self.checker is not None)
1245
if value:
1246
self.start_checker()
1247
else:
1248
self.stop_checker()
1249
1250
# ObjectPath - property
1251
@dbus_service_property(_interface, signature="o", access="read")
1252
def ObjectPath_dbus_property(self):
1253
return self.dbus_object_path # is already a dbus.ObjectPath
1254
1255
# Secret = property
1256
@dbus_service_property(_interface, signature="ay",
1257
access="write", byte_arrays=True)
1258
def Secret_dbus_property(self, value):
1259
self.secret = str(value)
1260
747
1261
del _interface
748
1262
749
1263
1264
class ProxyClient(object):
1265
def __init__(self, child_pipe, fpr, address):
1266
self._pipe = child_pipe
1267
self._pipe.send(('init', fpr, address))
1268
if not self._pipe.recv():
1269
raise KeyError()
1270
1271
def __getattribute__(self, name):
1272
if(name == '_pipe'):
1273
return super(ProxyClient, self).__getattribute__(name)
1274
self._pipe.send(('getattr', name))
1275
data = self._pipe.recv()
1276
if data[0] == 'data':
1277
return data[1]
1278
if data[0] == 'function':
1279
def func(*args, **kwargs):
1280
self._pipe.send(('funcall', name, args, kwargs))
1281
return self._pipe.recv()[1]
1282
return func
1283
1284
def __setattr__(self, name, value):
1285
if(name == '_pipe'):
1286
return super(ProxyClient, self).__setattr__(name, value)
1287
self._pipe.send(('setattr', name, value))
1288
1289
class ClientDBusTransitional(ClientDBus):
1290
__metaclass__ = AlternateDBusNamesMetaclass
1291
750
1292
class ClientHandler(socketserver.BaseRequestHandler, object):
751
1293
"""A class to handle client connections.
752
1294
754
1296
Note: This will run in its own forked process."""
755
1297
756
1298
def handle(self):
757
logger.info(u"TCP connection from: %s",
758
unicode(self.client_address))
759
logger.debug(u"IPC Pipe FD: %d", self.server.pipe[1])
760
# Open IPC pipe to parent process
761
with closing(os.fdopen(self.server.pipe[1], u"w", 1)) as ipc:
1299
with contextlib.closing(self.server.child_pipe) as child_pipe:
1300
logger.info("TCP connection from: %s",
1301
unicode(self.client_address))
1302
logger.debug("Pipe FD: %d",
1303
self.server.child_pipe.fileno())
1304
762
1305
session = (gnutls.connection
763
1306
.ClientSession(self.request,
764
1307
gnutls.connection
765
1308
.X509Credentials()))
766
1309
767
line = self.request.makefile().readline()
768
logger.debug(u"Protocol version: %r", line)
769
try:
770
if int(line.strip().split()[0]) > 1:
771
raise RuntimeError
772
except (ValueError, IndexError, RuntimeError), error:
773
logger.error(u"Unknown protocol version: %s", error)
774
return
775
776
1310
# Note: gnutls.connection.X509Credentials is really a
777
1311
# generic GnuTLS certificate credentials object so long as
778
1312
# no X.509 keys are added to it. Therefore, we can use it
779
1313
# here despite using OpenPGP certificates.
780
1314
781
#priority = u':'.join((u"NONE", u"+VERS-TLS1.1",
782
# u"+AES-256-CBC", u"+SHA1",
783
# u"+COMP-NULL", u"+CTYPE-OPENPGP",
784
# u"+DHE-DSS"))
1315
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
1316
# "+AES-256-CBC", "+SHA1",
1317
# "+COMP-NULL", "+CTYPE-OPENPGP",
1318
# "+DHE-DSS"))
785
1319
# Use a fallback default, since this MUST be set.
786
1320
priority = self.server.gnutls_priority
787
1321
if priority is None:
788
priority = u"NORMAL"
1322
priority = "NORMAL"
789
1323
(gnutls.library.functions
790
1324
.gnutls_priority_set_direct(session._c_object,
791
1325
priority, None))
792
1326
1327
# Start communication using the Mandos protocol
1328
# Get protocol number
1329
line = self.request.makefile().readline()
1330
logger.debug("Protocol version: %r", line)
1331
try:
1332
if int(line.strip().split()[0]) > 1:
1333
raise RuntimeError
1334
except (ValueError, IndexError, RuntimeError) as error:
1335
logger.error("Unknown protocol version: %s", error)
1336
return
1337
1338
# Start GnuTLS connection
793
1339
try:
794
1340
session.handshake()
795
except gnutls.errors.GNUTLSError, error:
796
logger.warning(u"Handshake failed: %s", error)
1341
except gnutls.errors.GNUTLSError as error:
1342
logger.warning("Handshake failed: %s", error)
797
1343
# Do not run session.bye() here: the session is not
798
1344
# established. Just abandon the request.
799
1345
return
800
logger.debug(u"Handshake succeeded")
1346
logger.debug("Handshake succeeded")
1347
1348
approval_required = False
801
1349
try:
802
fpr = self.fingerprint(self.peer_certificate(session))
803
except (TypeError, gnutls.errors.GNUTLSError), error:
804
logger.warning(u"Bad certificate: %s", error)
805
session.bye()
806
return
807
logger.debug(u"Fingerprint: %s", fpr)
1350
try:
1351
fpr = self.fingerprint(self.peer_certificate
1352
(session))
1353
except (TypeError,
1354
gnutls.errors.GNUTLSError) as error:
1355
logger.warning("Bad certificate: %s", error)
1356
return
1357
logger.debug("Fingerprint: %s", fpr)
1358
1359
try:
1360
client = ProxyClient(child_pipe, fpr,
1361
self.client_address)
1362
except KeyError:
1363
return
1364
1365
if client.approval_delay:
1366
delay = client.approval_delay
1367
client.approvals_pending += 1
1368
approval_required = True
1369
1370
while True:
1371
if not client.enabled:
1372
logger.info("Client %s is disabled",
1373
client.name)
1374
if self.server.use_dbus:
1375
# Emit D-Bus signal
1376
client.Rejected("Disabled")
1377
return
1378
1379
if client._approved or not client.approval_delay:
1380
#We are approved or approval is disabled
1381
break
1382
elif client._approved is None:
1383
logger.info("Client %s needs approval",
1384
client.name)
1385
if self.server.use_dbus:
1386
# Emit D-Bus signal
1387
client.NeedApproval(
1388
client.approval_delay_milliseconds(),
1389
client.approved_by_default)
1390
else:
1391
logger.warning("Client %s was not approved",
1392
client.name)
1393
if self.server.use_dbus:
1394
# Emit D-Bus signal
1395
client.Rejected("Denied")
1396
return
1397
1398
#wait until timeout or approved
1399
time = datetime.datetime.now()
1400
client.changedstate.acquire()
1401
(client.changedstate.wait
1402
(float(client._timedelta_to_milliseconds(delay)
1403
/ 1000)))
1404
client.changedstate.release()
1405
time2 = datetime.datetime.now()
1406
if (time2 - time) >= delay:
1407
if not client.approved_by_default:
1408
logger.warning("Client %s timed out while"
1409
" waiting for approval",
1410
client.name)
1411
if self.server.use_dbus:
1412
# Emit D-Bus signal
1413
client.Rejected("Approval timed out")
1414
return
1415
else:
1416
break
1417
else:
1418
delay -= time2 - time
1419
1420
sent_size = 0
1421
while sent_size < len(client.secret):
1422
try:
1423
sent = session.send(client.secret[sent_size:])
1424
except gnutls.errors.GNUTLSError as error:
1425
logger.warning("gnutls send failed")
1426
return
1427
logger.debug("Sent: %d, remaining: %d",
1428
sent, len(client.secret)
1429
- (sent_size + sent))
1430
sent_size += sent
1431
1432
logger.info("Sending secret to %s", client.name)
1433
# bump the timeout using extended_timeout
1434
client.checked_ok(client.extended_timeout)
1435
if self.server.use_dbus:
1436
# Emit D-Bus signal
1437
client.GotSecret()
808
1438
809
for c in self.server.clients:
810
if c.fingerprint == fpr:
811
client = c
812
break
813
else:
814
ipc.write(u"NOTFOUND %s %s\n"
815
% (fpr, unicode(self.client_address)))
816
session.bye()
817
return
818
# Have to check if client.still_valid(), since it is
819
# possible that the client timed out while establishing
820
# the GnuTLS session.
821
if not client.still_valid():
822
ipc.write(u"INVALID %s\n" % client.name)
823
session.bye()
824
return
825
ipc.write(u"SENDING %s\n" % client.name)
826
sent_size = 0
827
while sent_size < len(client.secret):
828
sent = session.send(client.secret[sent_size:])
829
logger.debug(u"Sent: %d, remaining: %d",
830
sent, len(client.secret)
831
- (sent_size + sent))
832
sent_size += sent
833
session.bye()
1439
finally:
1440
if approval_required:
1441
client.approvals_pending -= 1
1442
try:
1443
session.bye()
1444
except gnutls.errors.GNUTLSError as error:
1445
logger.warning("GnuTLS bye failed")
834
1446
835
1447
@staticmethod
836
1448
def peer_certificate(session):
846
1458
.gnutls_certificate_get_peers
847
1459
(session._c_object, ctypes.byref(list_size)))
848
1460
if not bool(cert_list) and list_size.value != 0:
849
raise gnutls.errors.GNUTLSError(u"error getting peer"
850
u" certificate")
1461
raise gnutls.errors.GNUTLSError("error getting peer"
1462
" certificate")
851
1463
if list_size.value == 0:
852
1464
return None
853
1465
cert = cert_list[0]
879
1491
if crtverify.value != 0:
880
1492
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
881
1493
raise (gnutls.errors.CertificateSecurityError
882
(u"Verify failed"))
1494
("Verify failed"))
883
1495
# New buffer for the fingerprint
884
1496
buf = ctypes.create_string_buffer(20)
885
1497
buf_len = ctypes.c_size_t()
892
1504
# Convert the buffer to a Python bytestring
893
1505
fpr = ctypes.string_at(buf, buf_len.value)
894
1506
# Convert the bytestring to hexadecimal notation
895
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
1507
hex_fpr = ''.join("%02X" % ord(char) for char in fpr)
896
1508
return hex_fpr
897
1509
898
1510
899
class ForkingMixInWithPipe(socketserver.ForkingMixIn, object):
900
"""Like socketserver.ForkingMixIn, but also pass a pipe."""
1511
class MultiprocessingMixIn(object):
1512
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
1513
def sub_process_main(self, request, address):
1514
try:
1515
self.finish_request(request, address)
1516
except:
1517
self.handle_error(request, address)
1518
self.close_request(request)
1519
1520
def process_request(self, request, address):
1521
"""Start a new process to process the request."""
1522
proc = multiprocessing.Process(target = self.sub_process_main,
1523
args = (request,
1524
address))
1525
proc.start()
1526
return proc
1527
1528
1529
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
1530
""" adds a pipe to the MixIn """
901
1531
def process_request(self, request, client_address):
902
1532
"""Overrides and wraps the original process_request().
903
1533
904
1534
This function creates a new pipe in self.pipe
905
1535
"""
906
self.pipe = os.pipe()
907
super(ForkingMixInWithPipe,
908
self).process_request(request, client_address)
909
os.close(self.pipe[1]) # close write end
910
self.add_pipe(self.pipe[0])
911
def add_pipe(self, pipe):
1536
parent_pipe, self.child_pipe = multiprocessing.Pipe()
1537
1538
proc = MultiprocessingMixIn.process_request(self, request,
1539
client_address)
1540
self.child_pipe.close()
1541
self.add_pipe(parent_pipe, proc)
1542
1543
def add_pipe(self, parent_pipe, proc):
912
1544
"""Dummy function; override as necessary"""
913
os.close(pipe)
914
915
916
class IPv6_TCPServer(ForkingMixInWithPipe,
1545
raise NotImplementedError
1546
1547
1548
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
917
1549
socketserver.TCPServer, object):
918
1550
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
919
1551
935
1567
bind to an address or port if they were not specified."""
936
1568
if self.interface is not None:
937
1569
if SO_BINDTODEVICE is None:
938
logger.error(u"SO_BINDTODEVICE does not exist;"
939
u" cannot bind to interface %s",
1570
logger.error("SO_BINDTODEVICE does not exist;"
1571
" cannot bind to interface %s",
940
1572
self.interface)
941
1573
else:
942
1574
try:
943
1575
self.socket.setsockopt(socket.SOL_SOCKET,
944
1576
SO_BINDTODEVICE,
945
1577
str(self.interface
946
+ u'\0'))
947
except socket.error, error:
1578
+ '\0'))
1579
except socket.error as error:
948
1580
if error[0] == errno.EPERM:
949
logger.error(u"No permission to"
950
u" bind to interface %s",
1581
logger.error("No permission to"
1582
" bind to interface %s",
951
1583
self.interface)
952
1584
elif error[0] == errno.ENOPROTOOPT:
953
logger.error(u"SO_BINDTODEVICE not available;"
954
u" cannot bind to interface %s",
1585
logger.error("SO_BINDTODEVICE not available;"
1586
" cannot bind to interface %s",
955
1587
self.interface)
956
1588
else:
957
1589
raise
959
1591
if self.server_address[0] or self.server_address[1]:
960
1592
if not self.server_address[0]:
961
1593
if self.address_family == socket.AF_INET6:
962
any_address = u"::" # in6addr_any
1594
any_address = "::" # in6addr_any
963
1595
else:
964
1596
any_address = socket.INADDR_ANY
965
1597
self.server_address = (any_address,
983
1615
clients: set of Client objects
984
1616
gnutls_priority GnuTLS priority string
985
1617
use_dbus: Boolean; to emit D-Bus signals or not
986
clients: set of Client objects
987
gnutls_priority GnuTLS priority string
988
use_dbus: Boolean; to emit D-Bus signals or not
989
1618
990
1619
Assumes a gobject.MainLoop event loop.
991
1620
"""
1005
1634
def server_activate(self):
1006
1635
if self.enabled:
1007
1636
return socketserver.TCPServer.server_activate(self)
1637
1008
1638
def enable(self):
1009
1639
self.enabled = True
1010
def add_pipe(self, pipe):
1640
1641
def add_pipe(self, parent_pipe, proc):
1011
1642
# Call "handle_ipc" for both data and EOF events
1012
gobject.io_add_watch(pipe, gobject.IO_IN | gobject.IO_HUP,
1013
self.handle_ipc)
1014
def handle_ipc(self, source, condition, file_objects={}):
1643
gobject.io_add_watch(parent_pipe.fileno(),
1644
gobject.IO_IN | gobject.IO_HUP,
1645
functools.partial(self.handle_ipc,
1646
parent_pipe =
1647
parent_pipe,
1648
proc = proc))
1649
1650
def handle_ipc(self, source, condition, parent_pipe=None,
1651
proc = None, client_object=None):
1015
1652
condition_names = {
1016
gobject.IO_IN: u"IN", # There is data to read.
1017
gobject.IO_OUT: u"OUT", # Data can be written (without
1653
gobject.IO_IN: "IN", # There is data to read.
1654
gobject.IO_OUT: "OUT", # Data can be written (without
1018
1655
# blocking).
1019
gobject.IO_PRI: u"PRI", # There is urgent data to read.
1020
gobject.IO_ERR: u"ERR", # Error condition.
1021
gobject.IO_HUP: u"HUP" # Hung up (the connection has been
1656
gobject.IO_PRI: "PRI", # There is urgent data to read.
1657
gobject.IO_ERR: "ERR", # Error condition.
1658
gobject.IO_HUP: "HUP" # Hung up (the connection has been
1022
1659
# broken, usually for pipes and
1023
1660
# sockets).
1024
1661
}
1026
1663
for cond, name in
1027
1664
condition_names.iteritems()
1028
1665
if cond & condition)
1029
logger.debug(u"Handling IPC: FD = %d, condition = %s", source,
1030
conditions_string)
1031
1032
# Turn the pipe file descriptor into a Python file object
1033
if source not in file_objects:
1034
file_objects[source] = os.fdopen(source, u"r", 1)
1035
1036
# Read a line from the file object
1037
cmdline = file_objects[source].readline()
1038
if not cmdline: # Empty line means end of file
1039
# close the IPC pipe
1040
file_objects[source].close()
1041
del file_objects[source]
1042
1043
# Stop calling this function
1044
return False
1045
1046
logger.debug(u"IPC command: %r", cmdline)
1047
1048
# Parse and act on command
1049
cmd, args = cmdline.rstrip(u"\r\n").split(None, 1)
1050
1051
if cmd == u"NOTFOUND":
1052
logger.warning(u"Client not found for fingerprint: %s",
1053
args)
1054
if self.use_dbus:
1055
# Emit D-Bus signal
1056
mandos_dbus_service.ClientNotFound(args)
1057
elif cmd == u"INVALID":
1058
for client in self.clients:
1059
if client.name == args:
1060
logger.warning(u"Client %s is invalid", args)
1061
if self.use_dbus:
1062
# Emit D-Bus signal
1063
client.Rejected()
1064
break
1065
else:
1066
logger.error(u"Unknown client %s is invalid", args)
1067
elif cmd == u"SENDING":
1068
for client in self.clients:
1069
if client.name == args:
1070
logger.info(u"Sending secret to %s", client.name)
1071
client.checked_ok()
1072
if self.use_dbus:
1073
# Emit D-Bus signal
1074
client.ReceivedSecret()
1075
break
1076
else:
1077
logger.error(u"Sending secret to unknown client %s",
1078
args)
1079
else:
1080
logger.error(u"Unknown IPC command: %r", cmdline)
1081
1082
# Keep calling this function
1666
# error, or the other end of multiprocessing.Pipe has closed
1667
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
1668
# Wait for other process to exit
1669
proc.join()
1670
return False
1671
1672
# Read a request from the child
1673
request = parent_pipe.recv()
1674
command = request[0]
1675
1676
if command == 'init':
1677
fpr = request[1]
1678
address = request[2]
1679
1680
for c in self.clients:
1681
if c.fingerprint == fpr:
1682
client = c
1683
break
1684
else:
1685
logger.info("Client not found for fingerprint: %s, ad"
1686
"dress: %s", fpr, address)
1687
if self.use_dbus:
1688
# Emit D-Bus signal
1689
mandos_dbus_service.ClientNotFound(fpr,
1690
address[0])
1691
parent_pipe.send(False)
1692
return False
1693
1694
gobject.io_add_watch(parent_pipe.fileno(),
1695
gobject.IO_IN | gobject.IO_HUP,
1696
functools.partial(self.handle_ipc,
1697
parent_pipe =
1698
parent_pipe,
1699
proc = proc,
1700
client_object =
1701
client))
1702
parent_pipe.send(True)
1703
# remove the old hook in favor of the new above hook on
1704
# same fileno
1705
return False
1706
if command == 'funcall':
1707
funcname = request[1]
1708
args = request[2]
1709
kwargs = request[3]
1710
1711
parent_pipe.send(('data', getattr(client_object,
1712
funcname)(*args,
1713
**kwargs)))
1714
1715
if command == 'getattr':
1716
attrname = request[1]
1717
if callable(client_object.__getattribute__(attrname)):
1718
parent_pipe.send(('function',))
1719
else:
1720
parent_pipe.send(('data', client_object
1721
.__getattribute__(attrname)))
1722
1723
if command == 'setattr':
1724
attrname = request[1]
1725
value = request[2]
1726
setattr(client_object, attrname, value)
1727
1083
1728
return True
1084
1729
1085
1730
1086
1731
def string_to_delta(interval):
1087
1732
"""Parse a string and return a datetime.timedelta
1088
1733
1089
>>> string_to_delta(u'7d')
1734
>>> string_to_delta('7d')
1090
1735
datetime.timedelta(7)
1091
>>> string_to_delta(u'60s')
1736
>>> string_to_delta('60s')
1092
1737
datetime.timedelta(0, 60)
1093
>>> string_to_delta(u'60m')
1738
>>> string_to_delta('60m')
1094
1739
datetime.timedelta(0, 3600)
1095
>>> string_to_delta(u'24h')
1740
>>> string_to_delta('24h')
1096
1741
datetime.timedelta(1)
1097
>>> string_to_delta(u'1w')
1742
>>> string_to_delta('1w')
1098
1743
datetime.timedelta(7)
1099
>>> string_to_delta(u'5m 30s')
1744
>>> string_to_delta('5m 30s')
1100
1745
datetime.timedelta(0, 330)
1101
1746
"""
1102
1747
timevalue = datetime.timedelta(0)
1104
1749
try:
1105
1750
suffix = unicode(s[-1])
1106
1751
value = int(s[:-1])
1107
if suffix == u"d":
1752
if suffix == "d":
1108
1753
delta = datetime.timedelta(value)
1109
elif suffix == u"s":
1754
elif suffix == "s":
1110
1755
delta = datetime.timedelta(0, value)
1111
elif suffix == u"m":
1756
elif suffix == "m":
1112
1757
delta = datetime.timedelta(0, 0, 0, 0, value)
1113
elif suffix == u"h":
1758
elif suffix == "h":
1114
1759
delta = datetime.timedelta(0, 0, 0, 0, 0, value)
1115
elif suffix == u"w":
1760
elif suffix == "w":
1116
1761
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
1117
1762
else:
1118
raise ValueError
1119
except (ValueError, IndexError):
1120
raise ValueError
1763
raise ValueError("Unknown suffix %r" % suffix)
1764
except (ValueError, IndexError) as e:
1765
raise ValueError(*(e.args))
1121
1766
timevalue += delta
1122
1767
return timevalue
1123
1768
1129
1774
global if_nametoindex
1130
1775
try:
1131
1776
if_nametoindex = (ctypes.cdll.LoadLibrary
1132
(ctypes.util.find_library(u"c"))
1777
(ctypes.util.find_library("c"))
1133
1778
.if_nametoindex)
1134
1779
except (OSError, AttributeError):
1135
logger.warning(u"Doing if_nametoindex the hard way")
1780
logger.warning("Doing if_nametoindex the hard way")
1136
1781
def if_nametoindex(interface):
1137
1782
"Get an interface index the hard way, i.e. using fcntl()"
1138
1783
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
1139
with closing(socket.socket()) as s:
1784
with contextlib.closing(socket.socket()) as s:
1140
1785
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
1141
struct.pack(str(u"16s16x"),
1786
struct.pack(str("16s16x"),
1142
1787
interface))
1143
interface_index = struct.unpack(str(u"I"),
1788
interface_index = struct.unpack(str("I"),
1144
1789
ifreq[16:20])[0]
1145
1790
return interface_index
1146
1791
return if_nametoindex(interface)
1154
1799
sys.exit()
1155
1800
os.setsid()
1156
1801
if not nochdir:
1157
os.chdir(u"/")
1802
os.chdir("/")
1158
1803
if os.fork():
1159
1804
sys.exit()
1160
1805
if not noclose:
1162
1807
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1163
1808
if not stat.S_ISCHR(os.fstat(null).st_mode):
1164
1809
raise OSError(errno.ENODEV,
1165
u"/dev/null not a character device")
1810
"%s not a character device"
1811
% os.path.devnull)
1166
1812
os.dup2(null, sys.stdin.fileno())
1167
1813
os.dup2(null, sys.stdout.fileno())
1168
1814
os.dup2(null, sys.stderr.fileno())
1172
1818
1173
1819
def main():
1174
1820
1175
######################################################################
1821
##################################################################
1176
1822
# Parsing of options, both command line and config file
1177
1823
1178
parser = optparse.OptionParser(version = "%%prog %s" % version)
1179
parser.add_option("-i", u"--interface", type=u"string",
1180
metavar="IF", help=u"Bind to interface IF")
1181
parser.add_option("-a", u"--address", type=u"string",
1182
help=u"Address to listen for requests on")
1183
parser.add_option("-p", u"--port", type=u"int",
1184
help=u"Port number to receive requests on")
1185
parser.add_option("--check", action=u"store_true",
1186
help=u"Run self-test")
1187
parser.add_option("--debug", action=u"store_true",
1188
help=u"Debug mode; run in foreground and log to"
1189
u" terminal")
1190
parser.add_option("--priority", type=u"string", help=u"GnuTLS"
1191
u" priority string (see GnuTLS documentation)")
1192
parser.add_option("--servicename", type=u"string",
1193
metavar=u"NAME", help=u"Zeroconf service name")
1194
parser.add_option("--configdir", type=u"string",
1195
default=u"/etc/mandos", metavar=u"DIR",
1196
help=u"Directory to search for configuration"
1197
u" files")
1198
parser.add_option("--no-dbus", action=u"store_false",
1199
dest=u"use_dbus", help=u"Do not provide D-Bus"
1200
u" system bus interface")
1201
parser.add_option("--no-ipv6", action=u"store_false",
1202
dest=u"use_ipv6", help=u"Do not use IPv6")
1203
options = parser.parse_args()[0]
1824
parser = argparse.ArgumentParser()
1825
parser.add_argument("-v", "--version", action="version",
1826
version = "%%(prog)s %s" % version,
1827
help="show version number and exit")
1828
parser.add_argument("-i", "--interface", metavar="IF",
1829
help="Bind to interface IF")
1830
parser.add_argument("-a", "--address",
1831
help="Address to listen for requests on")
1832
parser.add_argument("-p", "--port", type=int,
1833
help="Port number to receive requests on")
1834
parser.add_argument("--check", action="store_true",
1835
help="Run self-test")
1836
parser.add_argument("--debug", action="store_true",
1837
help="Debug mode; run in foreground and log"
1838
" to terminal")
1839
parser.add_argument("--debuglevel", metavar="LEVEL",
1840
help="Debug level for stdout output")
1841
parser.add_argument("--priority", help="GnuTLS"
1842
" priority string (see GnuTLS documentation)")
1843
parser.add_argument("--servicename",
1844
metavar="NAME", help="Zeroconf service name")
1845
parser.add_argument("--configdir",
1846
default="/etc/mandos", metavar="DIR",
1847
help="Directory to search for configuration"
1848
" files")
1849
parser.add_argument("--no-dbus", action="store_false",
1850
dest="use_dbus", help="Do not provide D-Bus"
1851
" system bus interface")
1852
parser.add_argument("--no-ipv6", action="store_false",
1853
dest="use_ipv6", help="Do not use IPv6")
1854
options = parser.parse_args()
1204
1855
1205
1856
if options.check:
1206
1857
import doctest
1208
1859
sys.exit()
1209
1860
1210
1861
# Default values for config file for server-global settings
1211
server_defaults = { u"interface": u"",
1212
u"address": u"",
1213
u"port": u"",
1214
u"debug": u"False",
1215
u"priority":
1216
u"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1217
u"servicename": u"Mandos",
1218
u"use_dbus": u"True",
1219
u"use_ipv6": u"True",
1862
server_defaults = { "interface": "",
1863
"address": "",
1864
"port": "",
1865
"debug": "False",
1866
"priority":
1867
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1868
"servicename": "Mandos",
1869
"use_dbus": "True",
1870
"use_ipv6": "True",
1871
"debuglevel": "",
1220
1872
}
1221
1873
1222
1874
# Parse config file for server-global settings
1223
1875
server_config = configparser.SafeConfigParser(server_defaults)
1224
1876
del server_defaults
1225
1877
server_config.read(os.path.join(options.configdir,
1226
u"mandos.conf"))
1878
"mandos.conf"))
1227
1879
# Convert the SafeConfigParser object to a dict
1228
1880
server_settings = server_config.defaults()
1229
1881
# Use the appropriate methods on the non-string config options
1230
for option in (u"debug", u"use_dbus", u"use_ipv6"):
1231
server_settings[option] = server_config.getboolean(u"DEFAULT",
1882
for option in ("debug", "use_dbus", "use_ipv6"):
1883
server_settings[option] = server_config.getboolean("DEFAULT",
1232
1884
option)
1233
1885
if server_settings["port"]:
1234
server_settings["port"] = server_config.getint(u"DEFAULT",
1235
u"port")
1886
server_settings["port"] = server_config.getint("DEFAULT",
1887
"port")
1236
1888
del server_config
1237
1889
1238
1890
# Override the settings from the config file with command line
1239
1891
# options, if set.
1240
for option in (u"interface", u"address", u"port", u"debug",
1241
u"priority", u"servicename", u"configdir",
1242
u"use_dbus", u"use_ipv6"):
1892
for option in ("interface", "address", "port", "debug",
1893
"priority", "servicename", "configdir",
1894
"use_dbus", "use_ipv6", "debuglevel"):
1243
1895
value = getattr(options, option)
1244
1896
if value is not None:
1245
1897
server_settings[option] = value
1253
1905
##################################################################
1254
1906
1255
1907
# For convenience
1256
debug = server_settings[u"debug"]
1257
use_dbus = server_settings[u"use_dbus"]
1258
use_ipv6 = server_settings[u"use_ipv6"]
1259
1260
if not debug:
1261
syslogger.setLevel(logging.WARNING)
1262
console.setLevel(logging.WARNING)
1263
1264
if server_settings[u"servicename"] != u"Mandos":
1908
debug = server_settings["debug"]
1909
debuglevel = server_settings["debuglevel"]
1910
use_dbus = server_settings["use_dbus"]
1911
use_ipv6 = server_settings["use_ipv6"]
1912
1913
if server_settings["servicename"] != "Mandos":
1265
1914
syslogger.setFormatter(logging.Formatter
1266
(u'Mandos (%s) [%%(process)d]:'
1267
u' %%(levelname)s: %%(message)s'
1268
% server_settings[u"servicename"]))
1915
('Mandos (%s) [%%(process)d]:'
1916
' %%(levelname)s: %%(message)s'
1917
% server_settings["servicename"]))
1269
1918
1270
1919
# Parse config file with clients
1271
client_defaults = { u"timeout": u"1h",
1272
u"interval": u"5m",
1273
u"checker": u"fping -q -- %%(host)s",
1274
u"host": u"",
1920
client_defaults = { "timeout": "5m",
1921
"extended_timeout": "15m",
1922
"interval": "2m",
1923
"checker": "fping -q -- %%(host)s",
1924
"host": "",
1925
"approval_delay": "0s",
1926
"approval_duration": "1s",
1275
1927
}
1276
1928
client_config = configparser.SafeConfigParser(client_defaults)
1277
client_config.read(os.path.join(server_settings[u"configdir"],
1278
u"clients.conf"))
1929
client_config.read(os.path.join(server_settings["configdir"],
1930
"clients.conf"))
1279
1931
1280
1932
global mandos_dbus_service
1281
1933
mandos_dbus_service = None
1282
1934
1283
tcp_server = MandosServer((server_settings[u"address"],
1284
server_settings[u"port"]),
1935
tcp_server = MandosServer((server_settings["address"],
1936
server_settings["port"]),
1285
1937
ClientHandler,
1286
interface=server_settings[u"interface"],
1938
interface=(server_settings["interface"]
1939
or None),
1287
1940
use_ipv6=use_ipv6,
1288
1941
gnutls_priority=
1289
server_settings[u"priority"],
1942
server_settings["priority"],
1290
1943
use_dbus=use_dbus)
1291
pidfilename = u"/var/run/mandos.pid"
1292
try:
1293
pidfile = open(pidfilename, u"w")
1294
except IOError:
1295
logger.error(u"Could not open file %r", pidfilename)
1944
if not debug:
1945
pidfilename = "/var/run/mandos.pid"
1946
try:
1947
pidfile = open(pidfilename, "w")
1948
except IOError:
1949
logger.error("Could not open file %r", pidfilename)
1296
1950
1297
1951
try:
1298
uid = pwd.getpwnam(u"_mandos").pw_uid
1299
gid = pwd.getpwnam(u"_mandos").pw_gid
1952
uid = pwd.getpwnam("_mandos").pw_uid
1953
gid = pwd.getpwnam("_mandos").pw_gid
1300
1954
except KeyError:
1301
1955
try:
1302
uid = pwd.getpwnam(u"mandos").pw_uid
1303
gid = pwd.getpwnam(u"mandos").pw_gid
1956
uid = pwd.getpwnam("mandos").pw_uid
1957
gid = pwd.getpwnam("mandos").pw_gid
1304
1958
except KeyError:
1305
1959
try:
1306
uid = pwd.getpwnam(u"nobody").pw_uid
1307
gid = pwd.getpwnam(u"nobody").pw_gid
1960
uid = pwd.getpwnam("nobody").pw_uid
1961
gid = pwd.getpwnam("nobody").pw_gid
1308
1962
except KeyError:
1309
1963
uid = 65534
1310
1964
gid = 65534
1311
1965
try:
1312
1966
os.setgid(gid)
1313
1967
os.setuid(uid)
1314
except OSError, error:
1968
except OSError as error:
1315
1969
if error[0] != errno.EPERM:
1316
1970
raise error
1317
1971
1318
# Enable all possible GnuTLS debugging
1972
if not debug and not debuglevel:
1973
syslogger.setLevel(logging.WARNING)
1974
console.setLevel(logging.WARNING)
1975
if debuglevel:
1976
level = getattr(logging, debuglevel.upper())
1977
syslogger.setLevel(level)
1978
console.setLevel(level)
1979
1319
1980
if debug:
1981
# Enable all possible GnuTLS debugging
1982
1320
1983
# "Use a log level over 10 to enable all debugging options."
1321
1984
# - GnuTLS manual
1322
1985
gnutls.library.functions.gnutls_global_set_log_level(11)
1323
1986
1324
1987
@gnutls.library.types.gnutls_log_func
1325
1988
def debug_gnutls(level, string):
1326
logger.debug(u"GnuTLS: %s", string[:-1])
1989
logger.debug("GnuTLS: %s", string[:-1])
1327
1990
1328
1991
(gnutls.library.functions
1329
1992
.gnutls_global_set_log_function(debug_gnutls))
1993
1994
# Redirect stdin so all checkers get /dev/null
1995
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1996
os.dup2(null, sys.stdin.fileno())
1997
if null > 2:
1998
os.close(null)
1999
else:
2000
# No console logging
2001
logger.removeHandler(console)
2002
2003
# Need to fork before connecting to D-Bus
2004
if not debug:
2005
# Close all input and output, do double fork, etc.
2006
daemon()
1330
2007
1331
2008
global main_loop
1332
2009
# From the Avahi example code
1335
2012
bus = dbus.SystemBus()
1336
2013
# End of Avahi example code
1337
2014
if use_dbus:
1338
bus_name = dbus.service.BusName(u"se.bsnet.fukt.Mandos", bus)
2015
try:
2016
bus_name = dbus.service.BusName("se.recompile.Mandos",
2017
bus, do_not_queue=True)
2018
old_bus_name = (dbus.service.BusName
2019
("se.bsnet.fukt.Mandos", bus,
2020
do_not_queue=True))
2021
except dbus.exceptions.NameExistsException as e:
2022
logger.error(unicode(e) + ", disabling D-Bus")
2023
use_dbus = False
2024
server_settings["use_dbus"] = False
2025
tcp_server.use_dbus = False
1339
2026
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
1340
service = AvahiService(name = server_settings[u"servicename"],
1341
servicetype = u"_mandos._tcp",
2027
service = AvahiService(name = server_settings["servicename"],
2028
servicetype = "_mandos._tcp",
1342
2029
protocol = protocol, bus = bus)
1343
2030
if server_settings["interface"]:
1344
2031
service.interface = (if_nametoindex
1345
(str(server_settings[u"interface"])))
2032
(str(server_settings["interface"])))
2033
2034
global multiprocessing_manager
2035
multiprocessing_manager = multiprocessing.Manager()
1346
2036
1347
2037
client_class = Client
1348
2038
if use_dbus:
1349
client_class = functools.partial(ClientDBus, bus = bus)
2039
client_class = functools.partial(ClientDBusTransitional,
2040
bus = bus)
2041
def client_config_items(config, section):
2042
special_settings = {
2043
"approved_by_default":
2044
lambda: config.getboolean(section,
2045
"approved_by_default"),
2046
}
2047
for name, value in config.items(section):
2048
try:
2049
yield (name, special_settings[name]())
2050
except KeyError:
2051
yield (name, value)
2052
1350
2053
tcp_server.clients.update(set(
1351
2054
client_class(name = section,
1352
config= dict(client_config.items(section)))
2055
config= dict(client_config_items(
2056
client_config, section)))
1353
2057
for section in client_config.sections()))
1354
2058
if not tcp_server.clients:
1355
logger.warning(u"No clients defined")
1356
1357
if debug:
1358
# Redirect stdin so all checkers get /dev/null
1359
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
1360
os.dup2(null, sys.stdin.fileno())
1361
if null > 2:
1362
os.close(null)
1363
else:
1364
# No console logging
1365
logger.removeHandler(console)
1366
# Close all input and output, do double fork, etc.
1367
daemon()
1368
1369
try:
1370
with closing(pidfile):
1371
pid = os.getpid()
1372
pidfile.write(str(pid) + "\n")
1373
del pidfile
1374
except IOError:
1375
logger.error(u"Could not write to file %r with PID %d",
1376
pidfilename, pid)
1377
except NameError:
1378
# "pidfile" was never created
1379
pass
1380
del pidfilename
1381
1382
def cleanup():
1383
"Cleanup function; run on exit"
1384
service.cleanup()
2059
logger.warning("No clients defined")
1385
2060
1386
while tcp_server.clients:
1387
client = tcp_server.clients.pop()
1388
client.disable_hook = None
1389
client.disable()
1390
1391
atexit.register(cleanup)
1392
1393
2061
if not debug:
2062
try:
2063
with pidfile:
2064
pid = os.getpid()
2065
pidfile.write(str(pid) + "\n".encode("utf-8"))
2066
del pidfile
2067
except IOError:
2068
logger.error("Could not write to file %r with PID %d",
2069
pidfilename, pid)
2070
except NameError:
2071
# "pidfile" was never created
2072
pass
2073
del pidfilename
2074
1394
2075
signal.signal(signal.SIGINT, signal.SIG_IGN)
2076
1395
2077
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
1396
2078
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
1397
2079
1399
2081
class MandosDBusService(dbus.service.Object):
1400
2082
"""A D-Bus proxy object"""
1401
2083
def __init__(self):
1402
dbus.service.Object.__init__(self, bus, u"/")
1403
_interface = u"se.bsnet.fukt.Mandos"
1404
1405
@dbus.service.signal(_interface, signature=u"oa{sv}")
1406
def ClientAdded(self, objpath, properties):
1407
"D-Bus signal"
1408
pass
1409
1410
@dbus.service.signal(_interface, signature=u"s")
1411
def ClientNotFound(self, fingerprint):
1412
"D-Bus signal"
1413
pass
1414
1415
@dbus.service.signal(_interface, signature=u"os")
2084
dbus.service.Object.__init__(self, bus, "/")
2085
_interface = "se.recompile.Mandos"
2086
2087
@dbus.service.signal(_interface, signature="o")
2088
def ClientAdded(self, objpath):
2089
"D-Bus signal"
2090
pass
2091
2092
@dbus.service.signal(_interface, signature="ss")
2093
def ClientNotFound(self, fingerprint, address):
2094
"D-Bus signal"
2095
pass
2096
2097
@dbus.service.signal(_interface, signature="os")
1416
2098
def ClientRemoved(self, objpath, name):
1417
2099
"D-Bus signal"
1418
2100
pass
1419
2101
1420
@dbus.service.method(_interface, out_signature=u"ao")
2102
@dbus.service.method(_interface, out_signature="ao")
1421
2103
def GetAllClients(self):
1422
2104
"D-Bus method"
1423
2105
return dbus.Array(c.dbus_object_path
1424
2106
for c in tcp_server.clients)
1425
2107
1426
2108
@dbus.service.method(_interface,
1427
out_signature=u"a{oa{sv}}")
2109
out_signature="a{oa{sv}}")
1428
2110
def GetAllClientsWithProperties(self):
1429
2111
"D-Bus method"
1430
2112
return dbus.Dictionary(
1431
((c.dbus_object_path, c.GetAllProperties())
2113
((c.dbus_object_path, c.GetAll(""))
1432
2114
for c in tcp_server.clients),
1433
signature=u"oa{sv}")
2115
signature="oa{sv}")
1434
2116
1435
@dbus.service.method(_interface, in_signature=u"o")
2117
@dbus.service.method(_interface, in_signature="o")
1436
2118
def RemoveClient(self, object_path):
1437
2119
"D-Bus method"
1438
2120
for c in tcp_server.clients:
1440
2122
tcp_server.clients.remove(c)
1441
2123
c.remove_from_connection()
1442
2124
# Don't signal anything except ClientRemoved
1443
c.disable(signal=False)
2125
c.disable(quiet=True)
1444
2126
# Emit D-Bus signal
1445
2127
self.ClientRemoved(object_path, c.name)
1446
2128
return
1447
raise KeyError
2129
raise KeyError(object_path)
1448
2130
1449
2131
del _interface
1450
2132
1451
mandos_dbus_service = MandosDBusService()
2133
class MandosDBusServiceTransitional(MandosDBusService):
2134
__metaclass__ = AlternateDBusNamesMetaclass
2135
mandos_dbus_service = MandosDBusServiceTransitional()
2136
2137
def cleanup():
2138
"Cleanup function; run on exit"
2139
service.cleanup()
2140
2141
multiprocessing.active_children()
2142
while tcp_server.clients:
2143
client = tcp_server.clients.pop()
2144
if use_dbus:
2145
client.remove_from_connection()
2146
client.disable_hook = None
2147
# Don't signal anything except ClientRemoved
2148
client.disable(quiet=True)
2149
if use_dbus:
2150
# Emit D-Bus signal
2151
mandos_dbus_service.ClientRemoved(client
2152
.dbus_object_path,
2153
client.name)
2154
2155
atexit.register(cleanup)
1452
2156
1453
2157
for client in tcp_server.clients:
1454
2158
if use_dbus:
1455
2159
# Emit D-Bus signal
1456
mandos_dbus_service.ClientAdded(client.dbus_object_path,
1457
client.GetAllProperties())
2160
mandos_dbus_service.ClientAdded(client.dbus_object_path)
1458
2161
client.enable()
1459
2162
1460
2163
tcp_server.enable()
1463
2166
# Find out what port we got
1464
2167
service.port = tcp_server.socket.getsockname()[1]
1465
2168
if use_ipv6:
1466
logger.info(u"Now listening on address %r, port %d,"
2169
logger.info("Now listening on address %r, port %d,"
1467
2170
" flowinfo %d, scope_id %d"
1468
2171
% tcp_server.socket.getsockname())
1469
2172
else: # IPv4
1470
logger.info(u"Now listening on address %r, port %d"
2173
logger.info("Now listening on address %r, port %d"
1471
2174
% tcp_server.socket.getsockname())
1472
2175
1473
2176
#service.interface = tcp_server.socket.getsockname()[3]
1476
2179
# From the Avahi example code
1477
2180
try:
1478
2181
service.activate()
1479
except dbus.exceptions.DBusException, error:
1480
logger.critical(u"DBusException: %s", error)
2182
except dbus.exceptions.DBusException as error:
2183
logger.critical("DBusException: %s", error)
2184
cleanup()
1481
2185
sys.exit(1)
1482
2186
# End of Avahi example code
1483
2187
1486
2190
(tcp_server.handle_request
1487
2191
(*args[2:], **kwargs) or True))
1488
2192
1489
logger.debug(u"Starting main loop")
2193
logger.debug("Starting main loop")
1490
2194
main_loop.run()
1491
except AvahiError, error:
1492
logger.critical(u"AvahiError: %s", error)
2195
except AvahiError as error:
2196
logger.critical("AvahiError: %s", error)
2197
cleanup()
1493
2198
sys.exit(1)
1494
2199
except KeyboardInterrupt:
1495
2200
if debug:
1496
print >> sys.stderr
1497
logger.debug(u"Server received KeyboardInterrupt")
1498
logger.debug(u"Server exiting")
2201
print("", file=sys.stderr)
2202
logger.debug("Server received KeyboardInterrupt")
2203
logger.debug("Server exiting")
2204
# Must run before the D-Bus bus name gets deregistered
2205
cleanup()
2206
1499
2207
1500
2208
if __name__ == '__main__':
1501
2209
main()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0