/mandos/trunk : revision 518.1.15

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

Committer: Björn Påhlsson
Date: 2011-12-13 17:55:20 UTC
mto: This revision was merged to the branch mainline in revision 524.
Revision ID: belorn@recompile.se-20111213175520-0my4v4nvp2vd8la4

more refactoring in regards to how clients get created

files modified:
mandos

Show diffs side-by-side

added added

removed removed

mandos

467

section = dict(config.items(client_name))

468

client = settings[client_name] = {}

469

470

# Default copying each value from config to new dict

471

for setting, value in section.iteritems():

472

client[setting] = value

473

470

client["host"] = section["host"]

474

471

# Reformat values from string types to Python types

475

472

client["approved_by_default"] = config.getboolean(

476

473

client_name, "approved_by_default")

496

493

section["approval_delay"])

497

494

client["approval_duration"] = string_to_delta(

498

495

section["approval_duration"])

496

client["checker_command"] = section["checker"]

497

client["last_approval_request"] = None

498

client["last_checked_ok"] = None

499

client["last_checker_status"] = None

500

if client["enabled"]:

501

client["last_enabled"] = datetime.datetime.utcnow()

502

client["expires"] = (datetime.datetime.utcnow()

503

+ client["timeout"])

504

else:

505

client["last_enabled"] = None

506

client["expires"] = None

499

507

500

508

return settings

501

509

502

510

503

def __init__(self, config, name = None):

511

def __init__(self, settings, name = None):

504

512

"""Note: the 'checker' key in 'config' sets the

505

513

'checker_command' attribute and *not* the 'checker'

506

514

attribute."""

507

515

self.name = name

516

# adding all client settings

517

for setting, value in settings.iteritems():

518

setattr(self, setting, value)

519

508

520

logger.debug("Creating client %r", self.name)

509

521

# Uppercase and remove spaces from fingerprint for later

510

522

# comparison purposes with return value from the fingerprint()

511

523

# function

512

self.fingerprint = config["fingerprint"]

513

524

logger.debug(" Fingerprint: %s", self.fingerprint)

514

self.secret = config["secret"]

515

self.host = config["host"]

516

self.created = datetime.datetime.utcnow()

517

self.enabled = config["enabled"]

518

self.last_approval_request = None

519

if self.enabled:

520

self.last_enabled = datetime.datetime.utcnow()

521

else:

522

self.last_enabled = None

523

self.last_checked_ok = None

524

self.last_checker_status = None

525

self.timeout = config["timeout"]

526

self.extended_timeout = config["extended_timeout"]

527

self.interval = config["interval"]

525

self.created = settings.get("created", datetime.datetime.utcnow())

526

527

# attributes specific for this server instance

528

self.checker = None

529

self.checker_initiator_tag = None

530

self.disable_initiator_tag = None

531

if self.enabled:

532

self.expires = datetime.datetime.utcnow() + self.timeout

533

else:

534

self.expires = None

535

531

self.checker_callback_tag = None

536

self.checker_command = config["checker"]

537

532

self.current_checker_command = None

538

533

self.approved = None

539

self.approved_by_default = config["approved_by_default"]

540

534

self.approvals_pending = 0

541

self.approval_delay = config["approval_delay"]

542

self.approval_duration = config["approval_duration"]

543

535

self.changedstate = (multiprocessing_manager

544

536

.Condition(multiprocessing_manager

545

537

.Lock()))

2210

2202

2211

2203

client_settings = Client.config_parser(client_config)

2212

2204

old_client_settings = {}

2213

clients_data = []

2205

clients_data = {}

2214

2206

2215

2207

# Get client data and settings from last running state.

2216

2208

if server_settings["restore"]:

2226

2218

raise

2227

2219

2228

2220

with PGPEngine() as pgp:

2229

for client in clients_data:

2230

client_name = client["name"]

2231

2221

for client_name, client in clients_data.iteritems():

2232

2222

# Decide which value to use after restoring saved state.

2233

2223

# We have three different values: Old config file,

2234

2224

# new config file, and saved state.

2269

2259

client["expires"] = (datetime.datetime

2270

2260

.utcnow()

2271

2261

+ client["timeout"])

2272

2273

client["changedstate"] = (multiprocessing_manager

2274

.Condition

2275

(multiprocessing_manager

2276

.Lock()))

2277

client["checker"] = None

2278

if use_dbus:

2279

new_client = (ClientDBusTransitional.__new__

2280

(ClientDBusTransitional))

2281

tcp_server.clients[client_name] = new_client

2282

new_client.bus = bus

2283

for name, value in client.iteritems():

2284

setattr(new_client, name, value)

2285

client_object_name = unicode(client_name).translate(

2286

{ord("."): ord("_"),

2287

ord("-"): ord("_")})

2288

new_client.dbus_object_path = (dbus.ObjectPath

2289

("/clients/"

2290

+ client_object_name))

2291

DBusObjectWithProperties.__init__(new_client,

2292

new_client.bus,

2293

new_client

2294

.dbus_object_path)

2295

else:

2296

tcp_server.clients[client_name] = (Client.__new__

2297

(Client))

2298

for name, value in client.iteritems():

2299

setattr(tcp_server.clients[client_name],

2300

name, value)

2301

2262

2302

2263

try:

2303

tcp_server.clients[client_name].secret = (

2304

pgp.decrypt(tcp_server.clients[client_name]

2305

.encrypted_secret,

2264

client["secret"] = (

2265

pgp.decrypt(client["encrypted_secret"],

2306

2266

client_settings[client_name]

2307

2267

["secret"]))

2308

2268

except PGPError:

2309

2269

# If decryption fails, we use secret from new settings

2310

2270

logger.debug("Failed to decrypt {0} old secret"

2311

2271

.format(client_name))

2312

tcp_server.clients[client_name].secret = (

2272

client["secret"] = (

2313

2273

client_settings[client_name]["secret"])

2274

2314

2275

2315

# Create/remove clients based on new changes made to config

2316

for clientname in set(old_client_settings) - set(client_settings):

2317

del tcp_server.clients[clientname]

2318

for clientname in set(client_settings) - set(old_client_settings):

2319

tcp_server.clients[clientname] = (client_class(name = clientname,

2320

config =

2321

client_settings

2322

[clientname]))

2276

# Add/remove clients based on new changes made to config

2277

for client_name in set(old_client_settings) - set(client_settings):

2278

del clients_data[client_name]

2279

for client_name in set(client_settings) - set(old_client_settings):

2280

clients_data[client_name] = client_settings[client_name]

2281

2282

# Create clients all clients

2283

for client_name, client in clients_data.iteritems():

2284

tcp_server.clients[client_name] = client_class(

2285

name = client_name, settings = client)

2323

2286

2324

2287

if not tcp_server.clients:

2325

2288

logger.warning("No clients defined")

2411

2374

# Store client before exiting. Secrets are encrypted with key

2412

2375

# based on what config file has. If config file is

2413

2376

# removed/edited, old secret will thus be unrecovable.

2414

clients = []

2377

clients = {}

2415

2378

with PGPEngine() as pgp:

2416

2379

for client in tcp_server.clients.itervalues():

2417

2380

key = client_settings[client.name]["secret"]

2419

2382

key)

2420

2383

client_dict = {}

2421

2384

2422

# A list of attributes that will not be stored when

2423

# shutting down.

2385

# A list of attributes that can not be pickled

2386

# + secret.

2424

2387

exclude = set(("bus", "changedstate", "secret",

2425

2388

"checker"))

2426

2389

for name, typ in (inspect.getmembers

2433

2396

if attr not in exclude:

2434

2397

client_dict[attr] = getattr(client, attr)

2435

2398

2436

clients.append(client_dict)

2399

clients[client.name] = client_dict

2437

2400

del client_settings[client.name]["secret"]

2438

2401

2439

2402

try:

Older »