70
import cPickle as pickle
63
import cPickle as pickle
73
64
import multiprocessing
82
69
import dbus.service
83
from gi.repository import GLib
84
72
from dbus.mainloop.glib import DBusGMainLoop
87
75
import xml.dom.minidom
77
import Crypto.Cipher.AES
90
# Try to find the value of SO_BINDTODEVICE:
92
# This is where SO_BINDTODEVICE is in Python 3.3 (or 3.4?) and
93
# newer, and it is also the most natural place for it:
94
80
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
95
81
except AttributeError:
97
# This is where SO_BINDTODEVICE was up to and including Python
99
83
from IN import SO_BINDTODEVICE
100
84
except ImportError:
101
# In Python 2.7 it seems to have been removed entirely.
102
# Try running the C preprocessor:
104
cc = subprocess.Popen(["cc", "--language=c", "-E",
106
stdin=subprocess.PIPE,
107
stdout=subprocess.PIPE)
108
stdout = cc.communicate(
109
"#include <sys/socket.h>\nSO_BINDTODEVICE\n")[0]
110
SO_BINDTODEVICE = int(stdout.splitlines()[-1])
111
except (OSError, ValueError, IndexError):
113
SO_BINDTODEVICE = None
115
if sys.version_info.major == 2:
119
stored_state_file = "clients.pickle"
85
SO_BINDTODEVICE = None
121
90
logger = logging.getLogger()
125
if_nametoindex = ctypes.cdll.LoadLibrary(
126
ctypes.util.find_library("c")).if_nametoindex
127
except (OSError, AttributeError):
129
def if_nametoindex(interface):
130
"Get an interface index the hard way, i.e. using fcntl()"
131
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
132
with contextlib.closing(socket.socket()) as s:
133
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
134
struct.pack(b"16s16x", interface))
135
interface_index = struct.unpack("I", ifreq[16:20])[0]
136
return interface_index
139
def copy_function(func):
140
"""Make a copy of a function"""
141
if sys.version_info.major == 2:
142
return types.FunctionType(func.func_code,
148
return types.FunctionType(func.__code__,
155
def initlogger(debug, level=logging.WARNING):
156
"""init logger and add loglevel"""
159
syslogger = (logging.handlers.SysLogHandler(
160
facility=logging.handlers.SysLogHandler.LOG_DAEMON,
162
syslogger.setFormatter(logging.Formatter
163
('Mandos [%(process)d]: %(levelname)s:'
165
logger.addHandler(syslogger)
168
console = logging.StreamHandler()
169
console.setFormatter(logging.Formatter('%(asctime)s %(name)s'
173
logger.addHandler(console)
174
logger.setLevel(level)
177
class PGPError(Exception):
178
"""Exception if encryption/decryption fails"""
182
class PGPEngine(object):
183
"""A simple class for OpenPGP symmetric encryption & decryption"""
186
self.tempdir = tempfile.mkdtemp(prefix="mandos-")
189
output = subprocess.check_output(["gpgconf"])
190
for line in output.splitlines():
191
name, text, path = line.split(b":")
196
if e.errno != errno.ENOENT:
198
self.gnupgargs = ['--batch',
199
'--homedir', self.tempdir,
202
# Only GPG version 1 has the --no-use-agent option.
203
if self.gpg == "gpg" or self.gpg.endswith("/gpg"):
204
self.gnupgargs.append("--no-use-agent")
209
def __exit__(self, exc_type, exc_value, traceback):
217
if self.tempdir is not None:
218
# Delete contents of tempdir
219
for root, dirs, files in os.walk(self.tempdir,
221
for filename in files:
222
os.remove(os.path.join(root, filename))
224
os.rmdir(os.path.join(root, dirname))
226
os.rmdir(self.tempdir)
229
def password_encode(self, password):
230
# Passphrase can not be empty and can not contain newlines or
231
# NUL bytes. So we prefix it and hex encode it.
232
encoded = b"mandos" + binascii.hexlify(password)
233
if len(encoded) > 2048:
234
# GnuPG can't handle long passwords, so encode differently
235
encoded = (b"mandos" + password.replace(b"\\", b"\\\\")
236
.replace(b"\n", b"\\n")
237
.replace(b"\0", b"\\x00"))
240
def encrypt(self, data, password):
241
passphrase = self.password_encode(password)
242
with tempfile.NamedTemporaryFile(
243
dir=self.tempdir) as passfile:
244
passfile.write(passphrase)
246
proc = subprocess.Popen([self.gpg, '--symmetric',
250
stdin=subprocess.PIPE,
251
stdout=subprocess.PIPE,
252
stderr=subprocess.PIPE)
253
ciphertext, err = proc.communicate(input=data)
254
if proc.returncode != 0:
258
def decrypt(self, data, password):
259
passphrase = self.password_encode(password)
260
with tempfile.NamedTemporaryFile(
261
dir=self.tempdir) as passfile:
262
passfile.write(passphrase)
264
proc = subprocess.Popen([self.gpg, '--decrypt',
268
stdin=subprocess.PIPE,
269
stdout=subprocess.PIPE,
270
stderr=subprocess.PIPE)
271
decrypted_plaintext, err = proc.communicate(input=data)
272
if proc.returncode != 0:
274
return decrypted_plaintext
277
# Pretend that we have an Avahi module
279
"""This isn't so much a class as it is a module-like namespace."""
280
IF_UNSPEC = -1 # avahi-common/address.h
281
PROTO_UNSPEC = -1 # avahi-common/address.h
282
PROTO_INET = 0 # avahi-common/address.h
283
PROTO_INET6 = 1 # avahi-common/address.h
284
DBUS_NAME = "org.freedesktop.Avahi"
285
DBUS_INTERFACE_ENTRY_GROUP = DBUS_NAME + ".EntryGroup"
286
DBUS_INTERFACE_SERVER = DBUS_NAME + ".Server"
287
DBUS_PATH_SERVER = "/"
290
def string_array_to_txt_array(t):
291
return dbus.Array((dbus.ByteArray(s.encode("utf-8"))
292
for s in t), signature="ay")
293
ENTRY_GROUP_ESTABLISHED = 2 # avahi-common/defs.h
294
ENTRY_GROUP_COLLISION = 3 # avahi-common/defs.h
295
ENTRY_GROUP_FAILURE = 4 # avahi-common/defs.h
296
SERVER_INVALID = 0 # avahi-common/defs.h
297
SERVER_REGISTERING = 1 # avahi-common/defs.h
298
SERVER_RUNNING = 2 # avahi-common/defs.h
299
SERVER_COLLISION = 3 # avahi-common/defs.h
300
SERVER_FAILURE = 4 # avahi-common/defs.h
91
stored_state_path = "/var/lib/mandos/clients.pickle"
93
syslogger = (logging.handlers.SysLogHandler
94
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
95
address = str("/dev/log")))
96
syslogger.setFormatter(logging.Formatter
97
('Mandos [%(process)d]: %(levelname)s:'
99
logger.addHandler(syslogger)
101
console = logging.StreamHandler()
102
console.setFormatter(logging.Formatter('%(asctime)s %(name)s'
106
logger.addHandler(console)
303
109
class AvahiError(Exception):
304
110
def __init__(self, value, *args, **kwargs):
305
111
self.value = value
306
return super(AvahiError, self).__init__(value, *args,
112
super(AvahiError, self).__init__(value, *args, **kwargs)
113
def __unicode__(self):
114
return unicode(repr(self.value))
310
116
class AvahiServiceError(AvahiError):
314
119
class AvahiGroupError(AvahiError):
318
123
class AvahiService(object):
319
124
"""An Avahi (Zeroconf) service.
322
127
interface: integer; avahi.IF_UNSPEC or an interface index.
323
128
Used to optionally bind to the specified interface.
324
129
name: string; Example: 'Mandos'
325
130
type: string; Example: '_mandos._tcp'.
326
See <https://www.iana.org/assignments/service-names-port-numbers>
131
See <http://www.dns-sd.org/ServiceTypes.html>
327
132
port: integer; what port to announce
328
133
TXT: list of strings; TXT record for the service
329
134
domain: string; Domain to publish on, default to .local if empty.
488
263
follow_name_owner_changes=True),
489
264
avahi.DBUS_INTERFACE_SERVER)
490
265
self.server.connect_to_signal("StateChanged",
491
self.server_state_changed)
266
self.server_state_changed)
492
267
self.server_state_changed(self.server.GetState())
495
269
class AvahiServiceToSyslog(AvahiService):
496
def rename(self, *args, **kwargs):
497
271
"""Add the new name to the syslog messages"""
498
ret = super(AvahiServiceToSyslog, self).rename(*args, **kwargs)
499
syslogger.setFormatter(logging.Formatter(
500
'Mandos ({}) [%(process)d]: %(levelname)s: %(message)s'
272
ret = AvahiService.rename(self)
273
syslogger.setFormatter(logging.Formatter
274
('Mandos (%s) [%%(process)d]:'
275
' %%(levelname)s: %%(message)s'
505
# Pretend that we have a GnuTLS module
506
class gnutls(object):
507
"""This isn't so much a class as it is a module-like namespace."""
509
library = ctypes.util.find_library("gnutls")
511
library = ctypes.util.find_library("gnutls-deb0")
512
_library = ctypes.cdll.LoadLibrary(library)
515
# Unless otherwise indicated, the constants and types below are
516
# all from the gnutls/gnutls.h C header file.
527
E_NO_CERTIFICATE_FOUND = -49
532
KEYID_USE_SHA256 = 1 # gnutls/x509.h
533
OPENPGP_FMT_RAW = 0 # gnutls/openpgp.h
536
class session_int(ctypes.Structure):
538
session_t = ctypes.POINTER(session_int)
540
class certificate_credentials_st(ctypes.Structure):
542
certificate_credentials_t = ctypes.POINTER(
543
certificate_credentials_st)
544
certificate_type_t = ctypes.c_int
546
class datum_t(ctypes.Structure):
547
_fields_ = [('data', ctypes.POINTER(ctypes.c_ubyte)),
548
('size', ctypes.c_uint)]
550
class openpgp_crt_int(ctypes.Structure):
552
openpgp_crt_t = ctypes.POINTER(openpgp_crt_int)
553
openpgp_crt_fmt_t = ctypes.c_int # gnutls/openpgp.h
554
log_func = ctypes.CFUNCTYPE(None, ctypes.c_int, ctypes.c_char_p)
555
credentials_type_t = ctypes.c_int
556
transport_ptr_t = ctypes.c_void_p
557
close_request_t = ctypes.c_int
560
class Error(Exception):
561
def __init__(self, message=None, code=None, args=()):
562
# Default usage is by a message string, but if a return
563
# code is passed, convert it to a string with
566
if message is None and code is not None:
567
message = gnutls.strerror(code)
568
return super(gnutls.Error, self).__init__(
571
class CertificateSecurityError(Error):
575
class Credentials(object):
577
self._c_object = gnutls.certificate_credentials_t()
578
gnutls.certificate_allocate_credentials(
579
ctypes.byref(self._c_object))
580
self.type = gnutls.CRD_CERTIFICATE
583
gnutls.certificate_free_credentials(self._c_object)
585
class ClientSession(object):
586
def __init__(self, socket, credentials=None):
587
self._c_object = gnutls.session_t()
588
gnutls_flags = gnutls.CLIENT
589
if gnutls.check_version("3.5.6"):
590
gnutls_flags |= gnutls.NO_TICKETS
592
gnutls_flags |= gnutls.ENABLE_RAWPK
593
gnutls.init(ctypes.byref(self._c_object), gnutls_flags)
595
gnutls.set_default_priority(self._c_object)
596
gnutls.transport_set_ptr(self._c_object, socket.fileno())
597
gnutls.handshake_set_private_extensions(self._c_object,
600
if credentials is None:
601
credentials = gnutls.Credentials()
602
gnutls.credentials_set(self._c_object, credentials.type,
603
ctypes.cast(credentials._c_object,
605
self.credentials = credentials
608
gnutls.deinit(self._c_object)
611
return gnutls.handshake(self._c_object)
613
def send(self, data):
617
data_len -= gnutls.record_send(self._c_object,
622
return gnutls.bye(self._c_object, gnutls.SHUT_RDWR)
624
# Error handling functions
625
def _error_code(result):
626
"""A function to raise exceptions on errors, suitable
627
for the 'restype' attribute on ctypes functions"""
630
if result == gnutls.E_NO_CERTIFICATE_FOUND:
631
raise gnutls.CertificateSecurityError(code=result)
632
raise gnutls.Error(code=result)
634
def _retry_on_error(result, func, arguments):
635
"""A function to retry on some errors, suitable
636
for the 'errcheck' attribute on ctypes functions"""
638
if result not in (gnutls.E_INTERRUPTED, gnutls.E_AGAIN):
639
return _error_code(result)
640
result = func(*arguments)
643
# Unless otherwise indicated, the function declarations below are
644
# all from the gnutls/gnutls.h C header file.
647
priority_set_direct = _library.gnutls_priority_set_direct
648
priority_set_direct.argtypes = [session_t, ctypes.c_char_p,
649
ctypes.POINTER(ctypes.c_char_p)]
650
priority_set_direct.restype = _error_code
652
init = _library.gnutls_init
653
init.argtypes = [ctypes.POINTER(session_t), ctypes.c_int]
654
init.restype = _error_code
656
set_default_priority = _library.gnutls_set_default_priority
657
set_default_priority.argtypes = [session_t]
658
set_default_priority.restype = _error_code
660
record_send = _library.gnutls_record_send
661
record_send.argtypes = [session_t, ctypes.c_void_p,
663
record_send.restype = ctypes.c_ssize_t
664
record_send.errcheck = _retry_on_error
666
certificate_allocate_credentials = (
667
_library.gnutls_certificate_allocate_credentials)
668
certificate_allocate_credentials.argtypes = [
669
ctypes.POINTER(certificate_credentials_t)]
670
certificate_allocate_credentials.restype = _error_code
672
certificate_free_credentials = (
673
_library.gnutls_certificate_free_credentials)
674
certificate_free_credentials.argtypes = [
675
certificate_credentials_t]
676
certificate_free_credentials.restype = None
678
handshake_set_private_extensions = (
679
_library.gnutls_handshake_set_private_extensions)
680
handshake_set_private_extensions.argtypes = [session_t,
682
handshake_set_private_extensions.restype = None
684
credentials_set = _library.gnutls_credentials_set
685
credentials_set.argtypes = [session_t, credentials_type_t,
687
credentials_set.restype = _error_code
689
strerror = _library.gnutls_strerror
690
strerror.argtypes = [ctypes.c_int]
691
strerror.restype = ctypes.c_char_p
693
certificate_type_get = _library.gnutls_certificate_type_get
694
certificate_type_get.argtypes = [session_t]
695
certificate_type_get.restype = _error_code
697
certificate_get_peers = _library.gnutls_certificate_get_peers
698
certificate_get_peers.argtypes = [session_t,
699
ctypes.POINTER(ctypes.c_uint)]
700
certificate_get_peers.restype = ctypes.POINTER(datum_t)
702
global_set_log_level = _library.gnutls_global_set_log_level
703
global_set_log_level.argtypes = [ctypes.c_int]
704
global_set_log_level.restype = None
706
global_set_log_function = _library.gnutls_global_set_log_function
707
global_set_log_function.argtypes = [log_func]
708
global_set_log_function.restype = None
710
deinit = _library.gnutls_deinit
711
deinit.argtypes = [session_t]
712
deinit.restype = None
714
handshake = _library.gnutls_handshake
715
handshake.argtypes = [session_t]
716
handshake.restype = _error_code
717
handshake.errcheck = _retry_on_error
719
transport_set_ptr = _library.gnutls_transport_set_ptr
720
transport_set_ptr.argtypes = [session_t, transport_ptr_t]
721
transport_set_ptr.restype = None
723
bye = _library.gnutls_bye
724
bye.argtypes = [session_t, close_request_t]
725
bye.restype = _error_code
726
bye.errcheck = _retry_on_error
728
check_version = _library.gnutls_check_version
729
check_version.argtypes = [ctypes.c_char_p]
730
check_version.restype = ctypes.c_char_p
732
_need_version = b"3.3.0"
733
if check_version(_need_version) is None:
734
raise self.Error("Needs GnuTLS {} or later"
735
.format(_need_version))
737
_tls_rawpk_version = b"3.6.6"
738
has_rawpk = bool(check_version(_tls_rawpk_version))
742
class pubkey_st(ctypes.Structure):
744
pubkey_t = ctypes.POINTER(pubkey_st)
746
x509_crt_fmt_t = ctypes.c_int
748
# All the function declarations below are from gnutls/abstract.h
749
pubkey_init = _library.gnutls_pubkey_init
750
pubkey_init.argtypes = [ctypes.POINTER(pubkey_t)]
751
pubkey_init.restype = _error_code
753
pubkey_import = _library.gnutls_pubkey_import
754
pubkey_import.argtypes = [pubkey_t, ctypes.POINTER(datum_t),
756
pubkey_import.restype = _error_code
758
pubkey_get_key_id = _library.gnutls_pubkey_get_key_id
759
pubkey_get_key_id.argtypes = [pubkey_t, ctypes.c_int,
760
ctypes.POINTER(ctypes.c_ubyte),
761
ctypes.POINTER(ctypes.c_size_t)]
762
pubkey_get_key_id.restype = _error_code
764
pubkey_deinit = _library.gnutls_pubkey_deinit
765
pubkey_deinit.argtypes = [pubkey_t]
766
pubkey_deinit.restype = None
768
# All the function declarations below are from gnutls/openpgp.h
770
openpgp_crt_init = _library.gnutls_openpgp_crt_init
771
openpgp_crt_init.argtypes = [ctypes.POINTER(openpgp_crt_t)]
772
openpgp_crt_init.restype = _error_code
774
openpgp_crt_import = _library.gnutls_openpgp_crt_import
775
openpgp_crt_import.argtypes = [openpgp_crt_t,
776
ctypes.POINTER(datum_t),
778
openpgp_crt_import.restype = _error_code
780
openpgp_crt_verify_self = _library.gnutls_openpgp_crt_verify_self
781
openpgp_crt_verify_self.argtypes = [openpgp_crt_t, ctypes.c_uint,
782
ctypes.POINTER(ctypes.c_uint)]
783
openpgp_crt_verify_self.restype = _error_code
785
openpgp_crt_deinit = _library.gnutls_openpgp_crt_deinit
786
openpgp_crt_deinit.argtypes = [openpgp_crt_t]
787
openpgp_crt_deinit.restype = None
789
openpgp_crt_get_fingerprint = (
790
_library.gnutls_openpgp_crt_get_fingerprint)
791
openpgp_crt_get_fingerprint.argtypes = [openpgp_crt_t,
795
openpgp_crt_get_fingerprint.restype = _error_code
797
if check_version("3.6.4"):
798
certificate_type_get2 = _library.gnutls_certificate_type_get2
799
certificate_type_get2.argtypes = [session_t, ctypes.c_int]
800
certificate_type_get2.restype = _error_code
802
# Remove non-public functions
803
del _error_code, _retry_on_error
806
def call_pipe(connection, # : multiprocessing.Connection
807
func, *args, **kwargs):
808
"""This function is meant to be called by multiprocessing.Process
810
This function runs func(*args, **kwargs), and writes the resulting
811
return value on the provided multiprocessing.Connection.
813
connection.send(func(*args, **kwargs))
279
def _timedelta_to_milliseconds(td):
280
"Convert a datetime.timedelta() to milliseconds"
281
return ((td.days * 24 * 60 * 60 * 1000)
282
+ (td.seconds * 1000)
283
+ (td.microseconds // 1000))
817
285
class Client(object):
818
286
"""A representation of a client host served by this server.
821
approved: bool(); 'None' if not yet approved/disapproved
289
_approved: bool(); 'None' if not yet approved/disapproved
822
290
approval_delay: datetime.timedelta(); Time to wait for approval
823
291
approval_duration: datetime.timedelta(); Duration of one approval
824
292
checker: subprocess.Popen(); a running checker process used
825
293
to see if the client lives.
826
294
'None' if no process is running.
827
checker_callback_tag: a GLib event source tag, or None
295
checker_callback_tag: a gobject event source tag, or None
828
296
checker_command: string; External command which is run to check
829
297
if client lives. %() expansions are done at
830
298
runtime with vars(self) as dict, so that for
831
299
instance %(name)s can be used in the command.
832
checker_initiator_tag: a GLib event source tag, or None
300
checker_initiator_tag: a gobject event source tag, or None
833
301
created: datetime.datetime(); (UTC) object creation
834
302
client_structure: Object describing what attributes a client has
835
303
and is used for storing the client at exit
836
304
current_checker_command: string; current running checker_command
837
disable_initiator_tag: a GLib event source tag, or None
305
disable_initiator_tag: a gobject event source tag, or None
839
307
fingerprint: string (40 or 32 hexadecimal digits); used to
840
uniquely identify an OpenPGP client
841
key_id: string (64 hexadecimal digits); used to uniquely identify
842
a client using raw public keys
308
uniquely identify the client
843
309
host: string; available for use by the checker command
844
310
interval: datetime.timedelta(); How often to start a new checker
845
311
last_approval_request: datetime.datetime(); (UTC) or None
846
312
last_checked_ok: datetime.datetime(); (UTC) or None
847
last_checker_status: integer between 0 and 255 reflecting exit
848
status of last checker. -1 reflects crashed
849
checker, -2 means no checker completed yet.
850
last_checker_signal: The signal which killed the last checker, if
851
last_checker_status is -1
852
last_enabled: datetime.datetime(); (UTC) or None
313
last_checker_status: integer between 0 and 255 reflecting exit status
314
of last checker. -1 reflect crashed checker,
316
last_enabled: datetime.datetime(); (UTC)
853
317
name: string; from the config file, used in log messages and
854
318
D-Bus identifiers
855
319
secret: bytestring; sent verbatim (over TLS) to client
856
320
timeout: datetime.timedelta(); How long from last_checked_ok
857
321
until this client is disabled
858
extended_timeout: extra long timeout when secret has been sent
322
extended_timeout: extra long timeout when password has been sent
859
323
runtime_expansions: Allowed attributes for runtime expansion.
860
324
expires: datetime.datetime(); time (UTC) when a client will be
861
325
disabled, or None
862
server_settings: The server_settings dict from main()
865
328
runtime_expansions = ("approval_delay", "approval_duration",
866
"created", "enabled", "expires", "key_id",
867
"fingerprint", "host", "interval",
868
"last_approval_request", "last_checked_ok",
329
"created", "enabled", "fingerprint",
330
"host", "interval", "last_checked_ok",
869
331
"last_enabled", "name", "timeout")
872
"extended_timeout": "PT15M",
874
"checker": "fping -q -- %%(host)s",
876
"approval_delay": "PT0S",
877
"approval_duration": "PT1S",
878
"approved_by_default": "True",
883
def config_parser(config):
884
"""Construct a new dict of client settings of this form:
885
{ client_name: {setting_name: value, ...}, ...}
886
with exceptions for any special settings as defined above.
887
NOTE: Must be a pure function. Must return the same result
888
value given the same arguments.
891
for client_name in config.sections():
892
section = dict(config.items(client_name))
893
client = settings[client_name] = {}
895
client["host"] = section["host"]
896
# Reformat values from string types to Python types
897
client["approved_by_default"] = config.getboolean(
898
client_name, "approved_by_default")
899
client["enabled"] = config.getboolean(client_name,
902
# Uppercase and remove spaces from key_id and fingerprint
903
# for later comparison purposes with return value from the
904
# key_id() and fingerprint() functions
905
client["key_id"] = (section.get("key_id", "").upper()
907
client["fingerprint"] = (section["fingerprint"].upper()
909
if "secret" in section:
910
client["secret"] = codecs.decode(section["secret"]
913
elif "secfile" in section:
914
with open(os.path.expanduser(os.path.expandvars
915
(section["secfile"])),
917
client["secret"] = secfile.read()
919
raise TypeError("No secret or secfile for section {}"
921
client["timeout"] = string_to_delta(section["timeout"])
922
client["extended_timeout"] = string_to_delta(
923
section["extended_timeout"])
924
client["interval"] = string_to_delta(section["interval"])
925
client["approval_delay"] = string_to_delta(
926
section["approval_delay"])
927
client["approval_duration"] = string_to_delta(
928
section["approval_duration"])
929
client["checker_command"] = section["checker"]
930
client["last_approval_request"] = None
931
client["last_checked_ok"] = None
932
client["last_checker_status"] = -2
936
def __init__(self, settings, name=None, server_settings=None):
333
def timeout_milliseconds(self):
334
"Return the 'timeout' attribute in milliseconds"
335
return _timedelta_to_milliseconds(self.timeout)
337
def extended_timeout_milliseconds(self):
338
"Return the 'extended_timeout' attribute in milliseconds"
339
return _timedelta_to_milliseconds(self.extended_timeout)
341
def interval_milliseconds(self):
342
"Return the 'interval' attribute in milliseconds"
343
return _timedelta_to_milliseconds(self.interval)
345
def approval_delay_milliseconds(self):
346
return _timedelta_to_milliseconds(self.approval_delay)
348
def __init__(self, name = None, config=None):
349
"""Note: the 'checker' key in 'config' sets the
350
'checker_command' attribute and *not* the 'checker'
938
if server_settings is None:
940
self.server_settings = server_settings
941
# adding all client settings
942
for setting, value in settings.items():
943
setattr(self, setting, value)
946
if not hasattr(self, "last_enabled"):
947
self.last_enabled = datetime.datetime.utcnow()
948
if not hasattr(self, "expires"):
949
self.expires = (datetime.datetime.utcnow()
952
self.last_enabled = None
955
355
logger.debug("Creating client %r", self.name)
956
logger.debug(" Key ID: %s", self.key_id)
356
# Uppercase and remove spaces from fingerprint for later
357
# comparison purposes with return value from the fingerprint()
359
self.fingerprint = (config["fingerprint"].upper()
957
361
logger.debug(" Fingerprint: %s", self.fingerprint)
958
self.created = settings.get("created",
959
datetime.datetime.utcnow())
961
# attributes specific for this server instance
362
if "secret" in config:
363
self.secret = config["secret"].decode("base64")
364
elif "secfile" in config:
365
with open(os.path.expanduser(os.path.expandvars
366
(config["secfile"])),
368
self.secret = secfile.read()
370
raise TypeError("No secret or secfile for client %s"
372
self.host = config.get("host", "")
373
self.created = datetime.datetime.utcnow()
375
self.last_approval_request = None
376
self.last_enabled = datetime.datetime.utcnow()
377
self.last_checked_ok = None
378
self.last_checker_status = None
379
self.timeout = string_to_delta(config["timeout"])
380
self.extended_timeout = string_to_delta(config
381
["extended_timeout"])
382
self.interval = string_to_delta(config["interval"])
962
383
self.checker = None
963
384
self.checker_initiator_tag = None
964
385
self.disable_initiator_tag = None
386
self.expires = datetime.datetime.utcnow() + self.timeout
965
387
self.checker_callback_tag = None
388
self.checker_command = config["checker"]
966
389
self.current_checker_command = None
390
self._approved = None
391
self.approved_by_default = config.get("approved_by_default",
968
393
self.approvals_pending = 0
969
self.changedstate = multiprocessing_manager.Condition(
970
multiprocessing_manager.Lock())
971
self.client_structure = [attr
972
for attr in self.__dict__.keys()
973
if not attr.startswith("_")]
394
self.approval_delay = string_to_delta(
395
config["approval_delay"])
396
self.approval_duration = string_to_delta(
397
config["approval_duration"])
398
self.changedstate = (multiprocessing_manager
399
.Condition(multiprocessing_manager
401
self.client_structure = [attr for attr in self.__dict__.iterkeys() if not attr.startswith("_")]
974
402
self.client_structure.append("client_structure")
976
for name, t in inspect.getmembers(
977
type(self), lambda obj: isinstance(obj, property)):
405
for name, t in inspect.getmembers(type(self),
406
lambda obj: isinstance(obj, property)):
978
407
if not name.startswith("_"):
979
408
self.client_structure.append(name)
981
410
# Send notice to process children that client state has changed
982
411
def send_changedstate(self):
983
412
with self.changedstate:
984
413
self.changedstate.notify_all()
986
415
def enable(self):
987
416
"""Start this client's checker and timeout hooks"""
988
417
if getattr(self, "enabled", False):
989
418
# Already enabled
420
self.send_changedstate()
991
421
self.expires = datetime.datetime.utcnow() + self.timeout
992
422
self.enabled = True
993
423
self.last_enabled = datetime.datetime.utcnow()
994
424
self.init_checker()
995
self.send_changedstate()
997
426
def disable(self, quiet=True):
998
427
"""Disable this client."""
999
428
if not getattr(self, "enabled", False):
431
self.send_changedstate()
1002
433
logger.info("Disabling client %s", self.name)
1003
if getattr(self, "disable_initiator_tag", None) is not None:
1004
GLib.source_remove(self.disable_initiator_tag)
434
if getattr(self, "disable_initiator_tag", False):
435
gobject.source_remove(self.disable_initiator_tag)
1005
436
self.disable_initiator_tag = None
1006
437
self.expires = None
1007
if getattr(self, "checker_initiator_tag", None) is not None:
1008
GLib.source_remove(self.checker_initiator_tag)
438
if getattr(self, "checker_initiator_tag", False):
439
gobject.source_remove(self.checker_initiator_tag)
1009
440
self.checker_initiator_tag = None
1010
441
self.stop_checker()
1011
442
self.enabled = False
1013
self.send_changedstate()
1014
# Do not run this again if called by a GLib.timeout_add
443
# Do not run this again if called by a gobject.timeout_add
1017
446
def __del__(self):
1020
449
def init_checker(self):
1021
450
# Schedule a new checker to be started an 'interval' from now,
1022
451
# and every interval from then on.
1023
if self.checker_initiator_tag is not None:
1024
GLib.source_remove(self.checker_initiator_tag)
1025
self.checker_initiator_tag = GLib.timeout_add(
1026
int(self.interval.total_seconds() * 1000),
452
self.checker_initiator_tag = (gobject.timeout_add
453
(self.interval_milliseconds(),
1028
455
# Schedule a disable() when 'timeout' has passed
1029
if self.disable_initiator_tag is not None:
1030
GLib.source_remove(self.disable_initiator_tag)
1031
self.disable_initiator_tag = GLib.timeout_add(
1032
int(self.timeout.total_seconds() * 1000), self.disable)
456
self.disable_initiator_tag = (gobject.timeout_add
457
(self.timeout_milliseconds(),
1033
459
# Also start a new checker *right now*.
1034
460
self.start_checker()
1036
def checker_callback(self, source, condition, connection,
463
def checker_callback(self, pid, condition, command):
1038
464
"""The checker has completed, so take appropriate actions."""
1039
465
self.checker_callback_tag = None
1040
466
self.checker = None
1041
# Read return code from connection (see call_pipe)
1042
returncode = connection.recv()
1046
self.last_checker_status = returncode
1047
self.last_checker_signal = None
467
if os.WIFEXITED(condition):
468
self.last_checker_status = os.WEXITSTATUS(condition)
1048
469
if self.last_checker_status == 0:
1049
470
logger.info("Checker for %(name)s succeeded",
1051
472
self.checked_ok()
1053
logger.info("Checker for %(name)s failed", vars(self))
474
logger.info("Checker for %(name)s failed",
1055
477
self.last_checker_status = -1
1056
self.last_checker_signal = -returncode
1057
478
logger.warning("Checker for %(name)s crashed?",
1061
def checked_ok(self):
1062
"""Assert that the client has been seen, alive and well."""
1063
self.last_checked_ok = datetime.datetime.utcnow()
1064
self.last_checker_status = 0
1065
self.last_checker_signal = None
1068
def bump_timeout(self, timeout=None):
1069
"""Bump up the timeout for this client."""
481
def checked_ok(self, timeout=None):
482
"""Bump up the timeout for this client.
484
This should only be called when the client has been seen,
1070
487
if timeout is None:
1071
488
timeout = self.timeout
489
self.last_checked_ok = datetime.datetime.utcnow()
1072
490
if self.disable_initiator_tag is not None:
1073
GLib.source_remove(self.disable_initiator_tag)
1074
self.disable_initiator_tag = None
491
gobject.source_remove(self.disable_initiator_tag)
1075
492
if getattr(self, "enabled", False):
1076
self.disable_initiator_tag = GLib.timeout_add(
1077
int(timeout.total_seconds() * 1000), self.disable)
493
self.disable_initiator_tag = (gobject.timeout_add
494
(_timedelta_to_milliseconds
495
(timeout), self.disable))
1078
496
self.expires = datetime.datetime.utcnow() + timeout
1080
498
def need_approval(self):
1081
499
self.last_approval_request = datetime.datetime.utcnow()
1083
501
def start_checker(self):
1084
502
"""Start a new checker subprocess if one is not running.
1086
504
If a checker already exists, leave it running and do
1088
506
# The reason for not killing a running checker is that if we
1089
# did that, and if a checker (for some reason) started running
1090
# slowly and taking more than 'interval' time, then the client
1091
# would inevitably timeout, since no checker would get a
1092
# chance to run to completion. If we instead leave running
507
# did that, then if a checker (for some reason) started
508
# running slowly and taking more than 'interval' time, the
509
# client would inevitably timeout, since no checker would get
510
# a chance to run to completion. If we instead leave running
1093
511
# checkers alone, the checker would have to take more time
1094
512
# than 'timeout' for the client to be disabled, which is as it
1097
if self.checker is not None and not self.checker.is_alive():
1098
logger.warning("Checker was not alive; joining")
515
# If a checker exists, make sure it is not a zombie
517
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
518
except (AttributeError, OSError) as error:
519
if (isinstance(error, OSError)
520
and error.errno != errno.ECHILD):
524
logger.warning("Checker was a zombie")
525
gobject.source_remove(self.checker_callback_tag)
526
self.checker_callback(pid, status,
527
self.current_checker_command)
1101
528
# Start a new checker if needed
1102
529
if self.checker is None:
1103
# Escape attributes for the shell
1105
attr: re.escape(str(getattr(self, attr)))
1106
for attr in self.runtime_expansions}
1108
command = self.checker_command % escaped_attrs
1109
except TypeError as error:
1110
logger.error('Could not format string "%s"',
1111
self.checker_command,
1113
return True # Try again later
531
# In case checker_command has exactly one % operator
532
command = self.checker_command % self.host
534
# Escape attributes for the shell
535
escaped_attrs = dict(
537
re.escape(unicode(str(getattr(self, attr, "")),
541
self.runtime_expansions)
544
command = self.checker_command % escaped_attrs
545
except TypeError as error:
546
logger.error('Could not format string "%s":'
547
' %s', self.checker_command, error)
548
return True # Try again later
1114
549
self.current_checker_command = command
1115
logger.info("Starting checker %r for %s", command,
1117
# We don't need to redirect stdout and stderr, since
1118
# in normal mode, that is already done by daemon(),
1119
# and in debug mode we don't want to. (Stdin is
1120
# always replaced by /dev/null.)
1121
# The exception is when not debugging but nevertheless
1122
# running in the foreground; use the previously
1124
popen_args = {"close_fds": True,
1127
if (not self.server_settings["debug"]
1128
and self.server_settings["foreground"]):
1129
popen_args.update({"stdout": wnull,
1131
pipe = multiprocessing.Pipe(duplex=False)
1132
self.checker = multiprocessing.Process(
1134
args=(pipe[1], subprocess.call, command),
1136
self.checker.start()
1137
self.checker_callback_tag = GLib.io_add_watch(
1138
pipe[0].fileno(), GLib.IO_IN,
1139
self.checker_callback, pipe[0], command)
1140
# Re-run this periodically if run by GLib.timeout_add
551
logger.info("Starting checker %r for %s",
553
# We don't need to redirect stdout and stderr, since
554
# in normal mode, that is already done by daemon(),
555
# and in debug mode we don't want to. (Stdin is
556
# always replaced by /dev/null.)
557
self.checker = subprocess.Popen(command,
560
self.checker_callback_tag = (gobject.child_watch_add
562
self.checker_callback,
564
# The checker may have completed before the gobject
565
# watch was added. Check for this.
566
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
568
gobject.source_remove(self.checker_callback_tag)
569
self.checker_callback(pid, status, command)
570
except OSError as error:
571
logger.error("Failed to start subprocess: %s",
573
# Re-run this periodically if run by gobject.timeout_add
1143
576
def stop_checker(self):
1144
577
"""Force the checker process, if any, to stop."""
1145
578
if self.checker_callback_tag:
1146
GLib.source_remove(self.checker_callback_tag)
579
gobject.source_remove(self.checker_callback_tag)
1147
580
self.checker_callback_tag = None
1148
581
if getattr(self, "checker", None) is None:
1150
583
logger.debug("Stopping checker for %(name)s", vars(self))
1151
self.checker.terminate()
585
os.kill(self.checker.pid, signal.SIGTERM)
587
#if self.checker.poll() is None:
588
# os.kill(self.checker.pid, signal.SIGKILL)
589
except OSError as error:
590
if error.errno != errno.ESRCH: # No such process
1152
592
self.checker = None
1155
def dbus_service_property(dbus_interface,
594
# Encrypts a client secret and stores it in a varible encrypted_secret
595
def encrypt_secret(self, key):
596
# Encryption-key need to be of a specific size, so we hash inputed key
597
hasheng = hashlib.sha256()
599
encryptionkey = hasheng.digest()
601
# Create validation hash so we know at decryption if it was sucessful
602
hasheng = hashlib.sha256()
603
hasheng.update(self.secret)
604
validationhash = hasheng.digest()
607
iv = os.urandom(Crypto.Cipher.AES.block_size)
608
ciphereng = Crypto.Cipher.AES.new(encryptionkey,
609
Crypto.Cipher.AES.MODE_CFB, iv)
610
ciphertext = ciphereng.encrypt(validationhash+self.secret)
611
self.encrypted_secret = (ciphertext, iv)
613
# Decrypt a encrypted client secret
614
def decrypt_secret(self, key):
615
# Decryption-key need to be of a specific size, so we hash inputed key
616
hasheng = hashlib.sha256()
618
encryptionkey = hasheng.digest()
620
# Decrypt encrypted secret
621
ciphertext, iv = self.encrypted_secret
622
ciphereng = Crypto.Cipher.AES.new(encryptionkey,
623
Crypto.Cipher.AES.MODE_CFB, iv)
624
plain = ciphereng.decrypt(ciphertext)
626
# Validate decrypted secret to know if it was succesful
627
hasheng = hashlib.sha256()
628
validationhash = plain[:hasheng.digest_size]
629
secret = plain[hasheng.digest_size:]
630
hasheng.update(secret)
632
# if validation fails, we use key as new secret. Otherwhise, we use
633
# the decrypted secret
634
if hasheng.digest() == validationhash:
638
del self.encrypted_secret
641
def dbus_service_property(dbus_interface, signature="v",
642
access="readwrite", byte_arrays=False):
1159
643
"""Decorators for marking methods of a DBusObjectWithProperties to
1160
644
become properties on the D-Bus.
1162
646
The decorated method will be called with no arguments by "Get"
1163
647
and with one argument by "Set".
1165
649
The parameters, where they are supported, are the same as
1166
650
dbus.service.method, except there is only "signature", since the
1167
651
type from Get() and the type sent to Set() is the same.
1500
821
except (AttributeError, xml.dom.DOMException,
1501
822
xml.parsers.expat.ExpatError) as error:
1502
823
logger.error("Failed to override Introspection method",
1508
dbus.OBJECT_MANAGER_IFACE
1509
except AttributeError:
1510
dbus.OBJECT_MANAGER_IFACE = "org.freedesktop.DBus.ObjectManager"
1513
class DBusObjectWithObjectManager(DBusObjectWithAnnotations):
1514
"""A D-Bus object with an ObjectManager.
1516
Classes inheriting from this exposes the standard
1517
GetManagedObjects call and the InterfacesAdded and
1518
InterfacesRemoved signals on the standard
1519
"org.freedesktop.DBus.ObjectManager" interface.
1521
Note: No signals are sent automatically; they must be sent
1524
@dbus.service.method(dbus.OBJECT_MANAGER_IFACE,
1525
out_signature="a{oa{sa{sv}}}")
1526
def GetManagedObjects(self):
1527
"""This function must be overridden"""
1528
raise NotImplementedError()
1530
@dbus.service.signal(dbus.OBJECT_MANAGER_IFACE,
1531
signature="oa{sa{sv}}")
1532
def InterfacesAdded(self, object_path, interfaces_and_properties):
1535
@dbus.service.signal(dbus.OBJECT_MANAGER_IFACE, signature="oas")
1536
def InterfacesRemoved(self, object_path, interfaces):
1539
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
1541
path_keyword='object_path',
1542
connection_keyword='connection')
1543
def Introspect(self, object_path, connection):
1544
"""Overloading of standard D-Bus method.
1546
Override return argument name of GetManagedObjects to be
1547
"objpath_interfaces_and_properties"
1549
xmlstring = DBusObjectWithAnnotations.Introspect(self,
1553
document = xml.dom.minidom.parseString(xmlstring)
1555
for if_tag in document.getElementsByTagName("interface"):
1556
# Fix argument name for the GetManagedObjects method
1557
if (if_tag.getAttribute("name")
1558
== dbus.OBJECT_MANAGER_IFACE):
1559
for cn in if_tag.getElementsByTagName("method"):
1560
if (cn.getAttribute("name")
1561
== "GetManagedObjects"):
1562
for arg in cn.getElementsByTagName("arg"):
1563
if (arg.getAttribute("direction")
1567
"objpath_interfaces"
1569
xmlstring = document.toxml("utf-8")
1571
except (AttributeError, xml.dom.DOMException,
1572
xml.parsers.expat.ExpatError) as error:
1573
logger.error("Failed to override Introspection method",
1578
def datetime_to_dbus(dt, variant_level=0):
828
def datetime_to_dbus (dt, variant_level=0):
1579
829
"""Convert a UTC datetime.datetime() to a D-Bus type."""
1581
return dbus.String("", variant_level=variant_level)
1582
return dbus.String(dt.isoformat(), variant_level=variant_level)
1585
def alternate_dbus_interfaces(alt_interface_names, deprecate=True):
1586
"""A class decorator; applied to a subclass of
1587
dbus.service.Object, it will add alternate D-Bus attributes with
1588
interface names according to the "alt_interface_names" mapping.
1591
@alternate_dbus_interfaces({"org.example.Interface":
1592
"net.example.AlternateInterface"})
1593
class SampleDBusObject(dbus.service.Object):
1594
@dbus.service.method("org.example.Interface")
1595
def SampleDBusMethod():
1598
The above "SampleDBusMethod" on "SampleDBusObject" will be
1599
reachable via two interfaces: "org.example.Interface" and
1600
"net.example.AlternateInterface", the latter of which will have
1601
its D-Bus annotation "org.freedesktop.DBus.Deprecated" set to
1602
"true", unless "deprecate" is passed with a False value.
1604
This works for methods and signals, and also for D-Bus properties
1605
(from DBusObjectWithProperties) and interfaces (from the
1606
dbus_interface_annotations decorator).
831
return dbus.String("", variant_level = variant_level)
832
return dbus.String(dt.isoformat(),
833
variant_level=variant_level)
835
class AlternateDBusNamesMetaclass(DBusObjectWithProperties
837
"""Applied to an empty subclass of a D-Bus object, this metaclass
838
will add additional D-Bus attributes matching a certain pattern.
1610
for orig_interface_name, alt_interface_name in (
1611
alt_interface_names.items()):
1613
interface_names = set()
1614
# Go though all attributes of the class
1615
for attrname, attribute in inspect.getmembers(cls):
840
def __new__(mcs, name, bases, attr):
841
# Go through all the base classes which could have D-Bus
842
# methods, signals, or properties in them
843
for base in (b for b in bases
844
if issubclass(b, dbus.service.Object)):
845
# Go though all attributes of the base class
846
for attrname, attribute in inspect.getmembers(base):
1616
847
# Ignore non-D-Bus attributes, and D-Bus attributes
1617
848
# with the wrong interface name
1618
849
if (not hasattr(attribute, "_dbus_interface")
1619
or not attribute._dbus_interface.startswith(
1620
orig_interface_name)):
850
or not attribute._dbus_interface
851
.startswith("se.recompile.Mandos")):
1622
853
# Create an alternate D-Bus interface name based on
1623
854
# the current name
1624
alt_interface = attribute._dbus_interface.replace(
1625
orig_interface_name, alt_interface_name)
1626
interface_names.add(alt_interface)
855
alt_interface = (attribute._dbus_interface
856
.replace("se.recompile.Mandos",
857
"se.bsnet.fukt.Mandos"))
1627
858
# Is this a D-Bus signal?
1628
859
if getattr(attribute, "_dbus_is_signal", False):
1629
# Extract the original non-method undecorated
1630
# function by black magic
1631
if sys.version_info.major == 2:
1632
nonmethod_func = (dict(
860
# Extract the original non-method function by
862
nonmethod_func = (dict(
1633
863
zip(attribute.func_code.co_freevars,
1634
attribute.__closure__))
1635
["func"].cell_contents)
1637
nonmethod_func = (dict(
1638
zip(attribute.__code__.co_freevars,
1639
attribute.__closure__))
1640
["func"].cell_contents)
864
attribute.__closure__))["func"]
1641
866
# Create a new, but exactly alike, function
1642
867
# object, and decorate it to be a new D-Bus signal
1643
868
# with the alternate D-Bus interface name
1644
new_function = copy_function(nonmethod_func)
1645
new_function = (dbus.service.signal(
1647
attribute._dbus_signature)(new_function))
1648
# Copy annotations, if any
1650
new_function._dbus_annotations = dict(
1651
attribute._dbus_annotations)
1652
except AttributeError:
869
new_function = (dbus.service.signal
871
attribute._dbus_signature)
873
nonmethod_func.func_code,
874
nonmethod_func.func_globals,
875
nonmethod_func.func_name,
876
nonmethod_func.func_defaults,
877
nonmethod_func.func_closure)))
1655
878
# Define a creator of a function to call both the
1656
# original and alternate functions, so both the
1657
# original and alternate signals gets sent when
1658
# the function is called
879
# old and new functions, so both the old and new
880
# signals gets sent when the function is called
1659
881
def fixscope(func1, func2):
1660
882
"""This function is a scope container to pass
1661
883
func1 and func2 to the "call_both" function
1662
884
outside of its arguments"""
1664
@functools.wraps(func2)
1665
885
def call_both(*args, **kwargs):
1666
886
"""This function will emit two D-Bus
1667
887
signals by calling func1 and func2"""
1668
888
func1(*args, **kwargs)
1669
889
func2(*args, **kwargs)
1670
# Make wrapper function look like a D-Bus
1672
for name, attr in inspect.getmembers(func2):
1673
if name.startswith("_dbus_"):
1674
setattr(call_both, name, attr)
1676
890
return call_both
1677
891
# Create the "call_both" function and add it to
1679
attr[attrname] = fixscope(attribute, new_function)
893
attr[attrname] = fixscope(attribute,
1680
895
# Is this a D-Bus method?
1681
896
elif getattr(attribute, "_dbus_is_method", False):
1682
897
# Create a new, but exactly alike, function
1683
898
# object. Decorate it to be a new D-Bus method
1684
899
# with the alternate D-Bus interface name. Add it
1687
dbus.service.method(
1689
attribute._dbus_in_signature,
1690
attribute._dbus_out_signature)
1691
(copy_function(attribute)))
1692
# Copy annotations, if any
1694
attr[attrname]._dbus_annotations = dict(
1695
attribute._dbus_annotations)
1696
except AttributeError:
901
attr[attrname] = (dbus.service.method
903
attribute._dbus_in_signature,
904
attribute._dbus_out_signature)
906
(attribute.func_code,
907
attribute.func_globals,
909
attribute.func_defaults,
910
attribute.func_closure)))
1698
911
# Is this a D-Bus property?
1699
912
elif getattr(attribute, "_dbus_is_property", False):
1700
913
# Create a new, but exactly alike, function
1701
914
# object, and decorate it to be a new D-Bus
1702
915
# property with the alternate D-Bus interface
1703
916
# name. Add it to the class.
1704
attr[attrname] = (dbus_service_property(
1705
alt_interface, attribute._dbus_signature,
1706
attribute._dbus_access,
1707
attribute._dbus_get_args_options
1709
(copy_function(attribute)))
1710
# Copy annotations, if any
1712
attr[attrname]._dbus_annotations = dict(
1713
attribute._dbus_annotations)
1714
except AttributeError:
1716
# Is this a D-Bus interface?
1717
elif getattr(attribute, "_dbus_is_interface", False):
1718
# Create a new, but exactly alike, function
1719
# object. Decorate it to be a new D-Bus interface
1720
# with the alternate D-Bus interface name. Add it
1723
dbus_interface_annotations(alt_interface)
1724
(copy_function(attribute)))
1726
# Deprecate all alternate interfaces
1727
iname = "_AlternateDBusNames_interface_annotation{}"
1728
for interface_name in interface_names:
1730
@dbus_interface_annotations(interface_name)
1732
return {"org.freedesktop.DBus.Deprecated":
1734
# Find an unused name
1735
for aname in (iname.format(i)
1736
for i in itertools.count()):
1737
if aname not in attr:
1741
# Replace the class with a new subclass of it with
1742
# methods, signals, etc. as created above.
1743
if sys.version_info.major == 2:
1744
cls = type(b"{}Alternate".format(cls.__name__),
1747
cls = type("{}Alternate".format(cls.__name__),
1754
@alternate_dbus_interfaces({"se.recompile.Mandos":
1755
"se.bsnet.fukt.Mandos"})
917
attr[attrname] = (dbus_service_property
919
attribute._dbus_signature,
920
attribute._dbus_access,
922
._dbus_get_args_options
925
(attribute.func_code,
926
attribute.func_globals,
928
attribute.func_defaults,
929
attribute.func_closure)))
930
return type.__new__(mcs, name, bases, attr)
1756
932
class ClientDBus(Client, DBusObjectWithProperties):
1757
933
"""A Client class using D-Bus
1760
936
dbus_object_path: dbus.ObjectPath
1761
937
bus: dbus.SystemBus()
1764
940
runtime_expansions = (Client.runtime_expansions
1765
+ ("dbus_object_path", ))
1767
_interface = "se.recompile.Mandos.Client"
941
+ ("dbus_object_path",))
1769
943
# dbus.service.Object doesn't use super(), so we can't either.
1771
def __init__(self, bus=None, *args, **kwargs):
945
def __init__(self, bus = None, *args, **kwargs):
1773
947
Client.__init__(self, *args, **kwargs)
949
self._approvals_pending = 0
1774
950
# Only now, when this client is initialized, can it show up on
1776
client_object_name = str(self.name).translate(
952
client_object_name = unicode(self.name).translate(
1777
953
{ord("."): ord("_"),
1778
954
ord("-"): ord("_")})
1779
self.dbus_object_path = dbus.ObjectPath(
1780
"/clients/" + client_object_name)
955
self.dbus_object_path = (dbus.ObjectPath
956
("/clients/" + client_object_name))
1781
957
DBusObjectWithProperties.__init__(self, self.bus,
1782
958
self.dbus_object_path)
1784
def notifychangeproperty(transform_func, dbus_name,
1785
type_func=lambda x: x,
1787
invalidate_only=False,
1788
_interface=_interface):
960
def notifychangeproperty(transform_func,
961
dbus_name, type_func=lambda x: x,
1789
963
""" Modify a variable so that it's a property which announces
1790
964
its changes to DBus.
2185
1324
self.start_checker()
2187
1326
self.stop_checker()
2189
1328
# ObjectPath - property
2191
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const",
2192
"org.freedesktop.DBus.Deprecated": "true"})
2193
1329
@dbus_service_property(_interface, signature="o", access="read")
2194
1330
def ObjectPath_dbus_property(self):
2195
return self.dbus_object_path # is already a dbus.ObjectPath
1331
return self.dbus_object_path # is already a dbus.ObjectPath
2197
1333
# Secret = property
2199
{"org.freedesktop.DBus.Property.EmitsChangedSignal":
2201
@dbus_service_property(_interface,
1334
@dbus_service_property(_interface, signature="ay",
1335
access="write", byte_arrays=True)
2205
1336
def Secret_dbus_property(self, value):
2206
self.secret = bytes(value)
1337
self.secret = str(value)
2211
1342
class ProxyClient(object):
2212
def __init__(self, child_pipe, key_id, fpr, address):
1343
def __init__(self, child_pipe, fpr, address):
2213
1344
self._pipe = child_pipe
2214
self._pipe.send(('init', key_id, fpr, address))
1345
self._pipe.send(('init', fpr, address))
2215
1346
if not self._pipe.recv():
2216
raise KeyError(key_id or fpr)
2218
1349
def __getattribute__(self, name):
1350
if(name == '_pipe'):
2220
1351
return super(ProxyClient, self).__getattribute__(name)
2221
1352
self._pipe.send(('getattr', name))
2222
1353
data = self._pipe.recv()
2223
1354
if data[0] == 'data':
2225
1356
if data[0] == 'function':
2227
1357
def func(*args, **kwargs):
2228
1358
self._pipe.send(('funcall', name, args, kwargs))
2229
1359
return self._pipe.recv()[1]
2233
1362
def __setattr__(self, name, value):
1363
if(name == '_pipe'):
2235
1364
return super(ProxyClient, self).__setattr__(name, value)
2236
1365
self._pipe.send(('setattr', name, value))
1367
class ClientDBusTransitional(ClientDBus):
1368
__metaclass__ = AlternateDBusNamesMetaclass
2239
1370
class ClientHandler(socketserver.BaseRequestHandler, object):
2240
1371
"""A class to handle client connections.
2242
1373
Instantiated once for each connection to handle it.
2243
1374
Note: This will run in its own forked process."""
2245
1376
def handle(self):
2246
1377
with contextlib.closing(self.server.child_pipe) as child_pipe:
2247
1378
logger.info("TCP connection from: %s",
2248
str(self.client_address))
1379
unicode(self.client_address))
2249
1380
logger.debug("Pipe FD: %d",
2250
1381
self.server.child_pipe.fileno())
2252
session = gnutls.ClientSession(self.request)
2254
# priority = ':'.join(("NONE", "+VERS-TLS1.1",
2255
# "+AES-256-CBC", "+SHA1",
2256
# "+COMP-NULL", "+CTYPE-OPENPGP",
1383
session = (gnutls.connection
1384
.ClientSession(self.request,
1386
.X509Credentials()))
1388
# Note: gnutls.connection.X509Credentials is really a
1389
# generic GnuTLS certificate credentials object so long as
1390
# no X.509 keys are added to it. Therefore, we can use it
1391
# here despite using OpenPGP certificates.
1393
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
1394
# "+AES-256-CBC", "+SHA1",
1395
# "+COMP-NULL", "+CTYPE-OPENPGP",
2258
1397
# Use a fallback default, since this MUST be set.
2259
1398
priority = self.server.gnutls_priority
2260
1399
if priority is None:
2261
1400
priority = "NORMAL"
2262
gnutls.priority_set_direct(session._c_object,
2263
priority.encode("utf-8"),
1401
(gnutls.library.functions
1402
.gnutls_priority_set_direct(session._c_object,
2266
1405
# Start communication using the Mandos protocol
2267
1406
# Get protocol number
2268
1407
line = self.request.makefile().readline()
2269
1408
logger.debug("Protocol version: %r", line)
2271
1410
if int(line.strip().split()[0]) > 1:
2272
raise RuntimeError(line)
2273
1412
except (ValueError, IndexError, RuntimeError) as error:
2274
1413
logger.error("Unknown protocol version: %s", error)
2277
1416
# Start GnuTLS connection
2279
1418
session.handshake()
2280
except gnutls.Error as error:
1419
except gnutls.errors.GNUTLSError as error:
2281
1420
logger.warning("Handshake failed: %s", error)
2282
1421
# Do not run session.bye() here: the session is not
2283
1422
# established. Just abandon the request.
2285
1424
logger.debug("Handshake succeeded")
2287
1426
approval_required = False
2289
if gnutls.has_rawpk:
2292
key_id = self.key_id(
2293
self.peer_certificate(session))
2294
except (TypeError, gnutls.Error) as error:
2295
logger.warning("Bad certificate: %s", error)
2297
logger.debug("Key ID: %s", key_id)
2302
fpr = self.fingerprint(
2303
self.peer_certificate(session))
2304
except (TypeError, gnutls.Error) as error:
2305
logger.warning("Bad certificate: %s", error)
2307
logger.debug("Fingerprint: %s", fpr)
2310
client = ProxyClient(child_pipe, key_id, fpr,
1429
fpr = self.fingerprint(self.peer_certificate
1432
gnutls.errors.GNUTLSError) as error:
1433
logger.warning("Bad certificate: %s", error)
1435
logger.debug("Fingerprint: %s", fpr)
1436
if self.server.use_dbus:
1438
client.NewRequest(str(self.client_address))
1441
client = ProxyClient(child_pipe, fpr,
2311
1442
self.client_address)
2312
1443
except KeyError:
2315
1446
if client.approval_delay:
2316
1447
delay = client.approval_delay
2317
1448
client.approvals_pending += 1
2318
1449
approval_required = True
2321
1452
if not client.enabled:
2322
1453
logger.info("Client %s is disabled",
2324
1455
if self.server.use_dbus:
2325
1456
# Emit D-Bus signal
2326
1457
client.Rejected("Disabled")
2329
if client.approved or not client.approval_delay:
2330
# We are approved or approval is disabled
1460
if client._approved or not client.approval_delay:
1461
#We are approved or approval is disabled
2332
elif client.approved is None:
1463
elif client._approved is None:
2333
1464
logger.info("Client %s needs approval",
2335
1466
if self.server.use_dbus:
2336
1467
# Emit D-Bus signal
2337
1468
client.NeedApproval(
2338
client.approval_delay.total_seconds()
2339
* 1000, client.approved_by_default)
1469
client.approval_delay_milliseconds(),
1470
client.approved_by_default)
2341
1472
logger.warning("Client %s was not approved",
2366
1499
delay -= time2 - time
2369
session.send(client.secret)
2370
except gnutls.Error as error:
2371
logger.warning("gnutls send failed",
1502
while sent_size < len(client.secret):
1504
sent = session.send(client.secret[sent_size:])
1505
except gnutls.errors.GNUTLSError as error:
1506
logger.warning("gnutls send failed")
1508
logger.debug("Sent: %d, remaining: %d",
1509
sent, len(client.secret)
1510
- (sent_size + sent))
2375
1513
logger.info("Sending secret to %s", client.name)
2376
1514
# bump the timeout using extended_timeout
2377
client.bump_timeout(client.extended_timeout)
1515
client.checked_ok(client.extended_timeout)
2378
1516
if self.server.use_dbus:
2379
1517
# Emit D-Bus signal
2380
1518
client.GotSecret()
2383
1521
if approval_required:
2384
1522
client.approvals_pending -= 1
2387
except gnutls.Error as error:
2388
logger.warning("GnuTLS bye failed",
1525
except gnutls.errors.GNUTLSError as error:
1526
logger.warning("GnuTLS bye failed")
2392
1529
def peer_certificate(session):
2393
"Return the peer's certificate as a bytestring"
2395
cert_type = gnutls.certificate_type_get2(session._c_object,
2397
except AttributeError:
2398
cert_type = gnutls.certificate_type_get(session._c_object)
2399
if gnutls.has_rawpk:
2400
valid_cert_types = frozenset((gnutls.CRT_RAWPK,))
2402
valid_cert_types = frozenset((gnutls.CRT_OPENPGP,))
2403
# If not a valid certificate type...
2404
if cert_type not in valid_cert_types:
2405
logger.info("Cert type %r not in %r", cert_type,
2407
# ...return invalid data
1530
"Return the peer's OpenPGP certificate as a bytestring"
1531
# If not an OpenPGP certificate...
1532
if (gnutls.library.functions
1533
.gnutls_certificate_type_get(session._c_object)
1534
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
1535
# ...do the normal thing
1536
return session.peer_certificate
2409
1537
list_size = ctypes.c_uint(1)
2410
cert_list = (gnutls.certificate_get_peers
1538
cert_list = (gnutls.library.functions
1539
.gnutls_certificate_get_peers
2411
1540
(session._c_object, ctypes.byref(list_size)))
2412
1541
if not bool(cert_list) and list_size.value != 0:
2413
raise gnutls.Error("error getting peer certificate")
1542
raise gnutls.errors.GNUTLSError("error getting peer"
2414
1544
if list_size.value == 0:
2416
1546
cert = cert_list[0]
2417
1547
return ctypes.string_at(cert.data, cert.size)
2420
def key_id(certificate):
2421
"Convert a certificate bytestring to a hexdigit key ID"
2422
# New GnuTLS "datum" with the public key
2423
datum = gnutls.datum_t(
2424
ctypes.cast(ctypes.c_char_p(certificate),
2425
ctypes.POINTER(ctypes.c_ubyte)),
2426
ctypes.c_uint(len(certificate)))
2427
# XXX all these need to be created in the gnutls "module"
2428
# New empty GnuTLS certificate
2429
pubkey = gnutls.pubkey_t()
2430
gnutls.pubkey_init(ctypes.byref(pubkey))
2431
# Import the raw public key into the certificate
2432
gnutls.pubkey_import(pubkey,
2433
ctypes.byref(datum),
2434
gnutls.X509_FMT_DER)
2435
# New buffer for the key ID
2436
buf = ctypes.create_string_buffer(32)
2437
buf_len = ctypes.c_size_t(len(buf))
2438
# Get the key ID from the raw public key into the buffer
2439
gnutls.pubkey_get_key_id(pubkey,
2440
gnutls.KEYID_USE_SHA256,
2441
ctypes.cast(ctypes.byref(buf),
2442
ctypes.POINTER(ctypes.c_ubyte)),
2443
ctypes.byref(buf_len))
2444
# Deinit the certificate
2445
gnutls.pubkey_deinit(pubkey)
2447
# Convert the buffer to a Python bytestring
2448
key_id = ctypes.string_at(buf, buf_len.value)
2449
# Convert the bytestring to hexadecimal notation
2450
hex_key_id = binascii.hexlify(key_id).upper()
2454
1550
def fingerprint(openpgp):
2455
1551
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
2456
1552
# New GnuTLS "datum" with the OpenPGP public key
2457
datum = gnutls.datum_t(
2458
ctypes.cast(ctypes.c_char_p(openpgp),
2459
ctypes.POINTER(ctypes.c_ubyte)),
2460
ctypes.c_uint(len(openpgp)))
1553
datum = (gnutls.library.types
1554
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
1557
ctypes.c_uint(len(openpgp))))
2461
1558
# New empty GnuTLS certificate
2462
crt = gnutls.openpgp_crt_t()
2463
gnutls.openpgp_crt_init(ctypes.byref(crt))
1559
crt = gnutls.library.types.gnutls_openpgp_crt_t()
1560
(gnutls.library.functions
1561
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
2464
1562
# Import the OpenPGP public key into the certificate
2465
gnutls.openpgp_crt_import(crt, ctypes.byref(datum),
2466
gnutls.OPENPGP_FMT_RAW)
1563
(gnutls.library.functions
1564
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
1565
gnutls.library.constants
1566
.GNUTLS_OPENPGP_FMT_RAW))
2467
1567
# Verify the self signature in the key
2468
1568
crtverify = ctypes.c_uint()
2469
gnutls.openpgp_crt_verify_self(crt, 0,
2470
ctypes.byref(crtverify))
1569
(gnutls.library.functions
1570
.gnutls_openpgp_crt_verify_self(crt, 0,
1571
ctypes.byref(crtverify)))
2471
1572
if crtverify.value != 0:
2472
gnutls.openpgp_crt_deinit(crt)
2473
raise gnutls.CertificateSecurityError(code
1573
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1574
raise (gnutls.errors.CertificateSecurityError
2475
1576
# New buffer for the fingerprint
2476
1577
buf = ctypes.create_string_buffer(20)
2477
1578
buf_len = ctypes.c_size_t()
2478
1579
# Get the fingerprint from the certificate into the buffer
2479
gnutls.openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
2480
ctypes.byref(buf_len))
1580
(gnutls.library.functions
1581
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
1582
ctypes.byref(buf_len)))
2481
1583
# Deinit the certificate
2482
gnutls.openpgp_crt_deinit(crt)
1584
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
2483
1585
# Convert the buffer to a Python bytestring
2484
1586
fpr = ctypes.string_at(buf, buf_len.value)
2485
1587
# Convert the bytestring to hexadecimal notation
2486
hex_fpr = binascii.hexlify(fpr).upper()
1588
hex_fpr = ''.join("%02X" % ord(char) for char in fpr)
2490
1592
class MultiprocessingMixIn(object):
2491
1593
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
2493
1594
def sub_process_main(self, request, address):
2495
1596
self.finish_request(request, address)
2497
1598
self.handle_error(request, address)
2498
1599
self.close_request(request)
2500
1601
def process_request(self, request, address):
2501
1602
"""Start a new process to process the request."""
2502
proc = multiprocessing.Process(target=self.sub_process_main,
2503
args=(request, address))
1603
proc = multiprocessing.Process(target = self.sub_process_main,
2508
1610
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
2509
1611
""" adds a pipe to the MixIn """
2511
1612
def process_request(self, request, client_address):
2512
1613
"""Overrides and wraps the original process_request().
2514
1615
This function creates a new pipe in self.pipe
2516
1617
parent_pipe, self.child_pipe = multiprocessing.Pipe()
2518
1619
proc = MultiprocessingMixIn.process_request(self, request,
2519
1620
client_address)
2520
1621
self.child_pipe.close()
2521
1622
self.add_pipe(parent_pipe, proc)
2523
1624
def add_pipe(self, parent_pipe, proc):
2524
1625
"""Dummy function; override as necessary"""
2525
raise NotImplementedError()
1626
raise NotImplementedError
2528
1629
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
2529
1630
socketserver.TCPServer, object):
2530
1631
"""IPv6-capable TCP server. Accepts 'None' as address and/or port
2533
1634
enabled: Boolean; whether this server is activated yet
2534
1635
interface: None or a network interface name (string)
2535
1636
use_ipv6: Boolean; to use IPv6 or not
2538
1638
def __init__(self, server_address, RequestHandlerClass,
2542
"""If socketfd is set, use that file descriptor instead of
2543
creating a new one with socket.socket().
1639
interface=None, use_ipv6=True):
2545
1640
self.interface = interface
2547
1642
self.address_family = socket.AF_INET6
2548
if socketfd is not None:
2549
# Save the file descriptor
2550
self.socketfd = socketfd
2551
# Save the original socket.socket() function
2552
self.socket_socket = socket.socket
2554
# To implement --socket, we monkey patch socket.socket.
2556
# (When socketserver.TCPServer is a new-style class, we
2557
# could make self.socket into a property instead of monkey
2558
# patching socket.socket.)
2560
# Create a one-time-only replacement for socket.socket()
2561
@functools.wraps(socket.socket)
2562
def socket_wrapper(*args, **kwargs):
2563
# Restore original function so subsequent calls are
2565
socket.socket = self.socket_socket
2566
del self.socket_socket
2567
# This time only, return a new socket object from the
2568
# saved file descriptor.
2569
return socket.fromfd(self.socketfd, *args, **kwargs)
2570
# Replace socket.socket() function with wrapper
2571
socket.socket = socket_wrapper
2572
# The socketserver.TCPServer.__init__ will call
2573
# socket.socket(), which might be our replacement,
2574
# socket_wrapper(), if socketfd was set.
2575
1643
socketserver.TCPServer.__init__(self, server_address,
2576
1644
RequestHandlerClass)
2578
1645
def server_bind(self):
2579
1646
"""This overrides the normal server_bind() function
2580
1647
to bind to an interface if one was specified, and also NOT to
2581
1648
bind to an address or port if they were not specified."""
2582
global SO_BINDTODEVICE
2583
1649
if self.interface is not None:
2584
1650
if SO_BINDTODEVICE is None:
2585
# Fall back to a hard-coded value which seems to be
2587
logger.warning("SO_BINDTODEVICE not found, trying 25")
2588
SO_BINDTODEVICE = 25
2590
self.socket.setsockopt(
2591
socket.SOL_SOCKET, SO_BINDTODEVICE,
2592
(self.interface + "\0").encode("utf-8"))
2593
except socket.error as error:
2594
if error.errno == errno.EPERM:
2595
logger.error("No permission to bind to"
2596
" interface %s", self.interface)
2597
elif error.errno == errno.ENOPROTOOPT:
2598
logger.error("SO_BINDTODEVICE not available;"
2599
" cannot bind to interface %s",
2601
elif error.errno == errno.ENODEV:
2602
logger.error("Interface %s does not exist,"
2603
" cannot bind", self.interface)
1651
logger.error("SO_BINDTODEVICE does not exist;"
1652
" cannot bind to interface %s",
1656
self.socket.setsockopt(socket.SOL_SOCKET,
1660
except socket.error as error:
1661
if error[0] == errno.EPERM:
1662
logger.error("No permission to"
1663
" bind to interface %s",
1665
elif error[0] == errno.ENOPROTOOPT:
1666
logger.error("SO_BINDTODEVICE not available;"
1667
" cannot bind to interface %s",
2606
1671
# Only bind(2) the socket if we really need to.
2607
1672
if self.server_address[0] or self.server_address[1]:
2608
1673
if not self.server_address[0]:
2609
1674
if self.address_family == socket.AF_INET6:
2610
any_address = "::" # in6addr_any
1675
any_address = "::" # in6addr_any
2612
any_address = "0.0.0.0" # INADDR_ANY
1677
any_address = socket.INADDR_ANY
2613
1678
self.server_address = (any_address,
2614
1679
self.server_address[1])
2615
1680
elif not self.server_address[1]:
2616
self.server_address = (self.server_address[0], 0)
1681
self.server_address = (self.server_address[0],
2617
1683
# if self.interface:
2618
1684
# self.server_address = (self.server_address[0],
2946
1930
parser.add_argument("--no-dbus", action="store_false",
2947
1931
dest="use_dbus", help="Do not provide D-Bus"
2948
" system bus interface", default=None)
1932
" system bus interface")
2949
1933
parser.add_argument("--no-ipv6", action="store_false",
2950
dest="use_ipv6", help="Do not use IPv6",
1934
dest="use_ipv6", help="Do not use IPv6")
2952
1935
parser.add_argument("--no-restore", action="store_false",
2953
dest="restore", help="Do not restore stored"
2954
" state", default=None)
2955
parser.add_argument("--socket", type=int,
2956
help="Specify a file descriptor to a network"
2957
" socket to use instead of creating one")
2958
parser.add_argument("--statedir", metavar="DIR",
2959
help="Directory to save/restore state in")
2960
parser.add_argument("--foreground", action="store_true",
2961
help="Run in foreground", default=None)
2962
parser.add_argument("--no-zeroconf", action="store_false",
2963
dest="zeroconf", help="Do not use Zeroconf",
1936
dest="restore", help="Do not restore stored state",
2966
1939
options = parser.parse_args()
2968
1941
if options.check:
2970
fail_count, test_count = doctest.testmod()
2971
sys.exit(os.EX_OK if fail_count == 0 else 1)
2973
1946
# Default values for config file for server-global settings
2974
if gnutls.has_rawpk:
2975
priority = ("SECURE128:!CTYPE-X.509:+CTYPE-RAWPK:!RSA"
2976
":!VERS-ALL:+VERS-TLS1.3:%PROFILE_ULTRA")
2978
priority = ("SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA"
2979
":+SIGN-DSA-SHA256")
2980
server_defaults = {"interface": "",
2984
"priority": priority,
2985
"servicename": "Mandos",
2991
"statedir": "/var/lib/mandos",
2992
"foreground": "False",
1947
server_defaults = { "interface": "",
1952
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
1953
"servicename": "Mandos",
2997
1959
# Parse config file for server-global settings
2998
1960
server_config = configparser.SafeConfigParser(server_defaults)
2999
1961
del server_defaults
3000
server_config.read(os.path.join(options.configdir, "mandos.conf"))
1962
server_config.read(os.path.join(options.configdir,
3001
1964
# Convert the SafeConfigParser object to a dict
3002
1965
server_settings = server_config.defaults()
3003
1966
# Use the appropriate methods on the non-string config options
3004
for option in ("debug", "use_dbus", "use_ipv6", "restore",
3005
"foreground", "zeroconf"):
1967
for option in ("debug", "use_dbus", "use_ipv6"):
3006
1968
server_settings[option] = server_config.getboolean("DEFAULT",
3008
1970
if server_settings["port"]:
3009
1971
server_settings["port"] = server_config.getint("DEFAULT",
3011
if server_settings["socket"]:
3012
server_settings["socket"] = server_config.getint("DEFAULT",
3014
# Later, stdin will, and stdout and stderr might, be dup'ed
3015
# over with an opened os.devnull. But we don't want this to
3016
# happen with a supplied network socket.
3017
if 0 <= server_settings["socket"] <= 2:
3018
server_settings["socket"] = os.dup(server_settings
3020
1973
del server_config
3022
1975
# Override the settings from the config file with command line
3023
1976
# options, if set.
3024
1977
for option in ("interface", "address", "port", "debug",
3025
"priority", "servicename", "configdir", "use_dbus",
3026
"use_ipv6", "debuglevel", "restore", "statedir",
3027
"socket", "foreground", "zeroconf"):
1978
"priority", "servicename", "configdir",
1979
"use_dbus", "use_ipv6", "debuglevel", "restore"):
3028
1980
value = getattr(options, option)
3029
1981
if value is not None:
3030
1982
server_settings[option] = value
3032
1984
# Force all strings to be unicode
3033
1985
for option in server_settings.keys():
3034
if isinstance(server_settings[option], bytes):
3035
server_settings[option] = (server_settings[option]
3037
# Force all boolean options to be boolean
3038
for option in ("debug", "use_dbus", "use_ipv6", "restore",
3039
"foreground", "zeroconf"):
3040
server_settings[option] = bool(server_settings[option])
3041
# Debug implies foreground
3042
if server_settings["debug"]:
3043
server_settings["foreground"] = True
1986
if type(server_settings[option]) is str:
1987
server_settings[option] = unicode(server_settings[option])
3044
1988
# Now we have our good server settings in "server_settings"
3046
1990
##################################################################
3048
if (not server_settings["zeroconf"]
3049
and not (server_settings["port"]
3050
or server_settings["socket"] != "")):
3051
parser.error("Needs port or socket to work without Zeroconf")
3053
1992
# For convenience
3054
1993
debug = server_settings["debug"]
3055
1994
debuglevel = server_settings["debuglevel"]
3056
1995
use_dbus = server_settings["use_dbus"]
3057
1996
use_ipv6 = server_settings["use_ipv6"]
3058
stored_state_path = os.path.join(server_settings["statedir"],
3060
foreground = server_settings["foreground"]
3061
zeroconf = server_settings["zeroconf"]
3064
initlogger(debug, logging.DEBUG)
3069
level = getattr(logging, debuglevel.upper())
3070
initlogger(debug, level)
3072
1998
if server_settings["servicename"] != "Mandos":
3073
syslogger.setFormatter(
3074
logging.Formatter('Mandos ({}) [%(process)d]:'
3075
' %(levelname)s: %(message)s'.format(
3076
server_settings["servicename"])))
1999
syslogger.setFormatter(logging.Formatter
2000
('Mandos (%s) [%%(process)d]:'
2001
' %%(levelname)s: %%(message)s'
2002
% server_settings["servicename"]))
3078
2004
# Parse config file with clients
3079
client_config = configparser.SafeConfigParser(Client
2005
client_defaults = { "timeout": "5m",
2006
"extended_timeout": "15m",
2008
"checker": "fping -q -- %%(host)s",
2010
"approval_delay": "0s",
2011
"approval_duration": "1s",
2013
client_config = configparser.SafeConfigParser(client_defaults)
3081
2014
client_config.read(os.path.join(server_settings["configdir"],
3082
2015
"clients.conf"))
3084
2017
global mandos_dbus_service
3085
2018
mandos_dbus_service = None
3088
if server_settings["socket"] != "":
3089
socketfd = server_settings["socket"]
3090
tcp_server = MandosServer(
3091
(server_settings["address"], server_settings["port"]),
3093
interface=(server_settings["interface"] or None),
3095
gnutls_priority=server_settings["priority"],
3099
pidfilename = "/run/mandos.pid"
3100
if not os.path.isdir("/run/."):
3101
pidfilename = "/var/run/mandos.pid"
3104
pidfile = codecs.open(pidfilename, "w", encoding="utf-8")
3105
except IOError as e:
3106
logger.error("Could not open file %r", pidfilename,
3109
for name, group in (("_mandos", "_mandos"),
3110
("mandos", "mandos"),
3111
("nobody", "nogroup")):
3113
uid = pwd.getpwnam(name).pw_uid
3114
gid = pwd.getpwnam(group).pw_gid
2020
tcp_server = MandosServer((server_settings["address"],
2021
server_settings["port"]),
2023
interface=(server_settings["interface"]
2027
server_settings["priority"],
2030
pidfilename = "/var/run/mandos.pid"
2032
pidfile = open(pidfilename, "w")
2034
logger.error("Could not open file %r", pidfilename)
2037
uid = pwd.getpwnam("_mandos").pw_uid
2038
gid = pwd.getpwnam("_mandos").pw_gid
2041
uid = pwd.getpwnam("mandos").pw_uid
2042
gid = pwd.getpwnam("mandos").pw_gid
3116
2043
except KeyError:
2045
uid = pwd.getpwnam("nobody").pw_uid
2046
gid = pwd.getpwnam("nobody").pw_gid
3125
logger.debug("Did setuid/setgid to {}:{}".format(uid,
3127
2053
except OSError as error:
3128
logger.warning("Failed to setuid/setgid to {}:{}: {}"
3129
.format(uid, gid, os.strerror(error.errno)))
3130
if error.errno != errno.EPERM:
2054
if error[0] != errno.EPERM:
2057
if not debug and not debuglevel:
2058
logger.setLevel(logging.WARNING)
2060
level = getattr(logging, debuglevel.upper())
2061
logger.setLevel(level)
2064
logger.setLevel(logging.DEBUG)
3134
2065
# Enable all possible GnuTLS debugging
3136
2067
# "Use a log level over 10 to enable all debugging options."
3137
2068
# - GnuTLS manual
3138
gnutls.global_set_log_level(11)
2069
gnutls.library.functions.gnutls_global_set_log_level(11)
2071
@gnutls.library.types.gnutls_log_func
3141
2072
def debug_gnutls(level, string):
3142
2073
logger.debug("GnuTLS: %s", string[:-1])
3144
gnutls.global_set_log_function(debug_gnutls)
2075
(gnutls.library.functions
2076
.gnutls_global_set_log_function(debug_gnutls))
3146
2078
# Redirect stdin so all checkers get /dev/null
3147
null = os.open(os.devnull, os.O_NOCTTY | os.O_RDWR)
2079
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
3148
2080
os.dup2(null, sys.stdin.fileno())
2084
# No console logging
2085
logger.removeHandler(console)
3152
2087
# Need to fork before connecting to D-Bus
3154
2089
# Close all input and output, do double fork, etc.
3157
# multiprocessing will use threads, so before we use GLib we need
3158
# to inform GLib that threads will be used.
3161
2092
global main_loop
3162
2093
# From the Avahi example code
3163
DBusGMainLoop(set_as_default=True)
3164
main_loop = GLib.MainLoop()
2094
DBusGMainLoop(set_as_default=True )
2095
main_loop = gobject.MainLoop()
3165
2096
bus = dbus.SystemBus()
3166
2097
# End of Avahi example code
3169
2100
bus_name = dbus.service.BusName("se.recompile.Mandos",
3172
old_bus_name = dbus.service.BusName(
3173
"se.bsnet.fukt.Mandos", bus,
3175
except dbus.exceptions.DBusException as e:
3176
logger.error("Disabling D-Bus:", exc_info=e)
2101
bus, do_not_queue=True)
2102
old_bus_name = (dbus.service.BusName
2103
("se.bsnet.fukt.Mandos", bus,
2105
except dbus.exceptions.NameExistsException as e:
2106
logger.error(unicode(e) + ", disabling D-Bus")
3177
2107
use_dbus = False
3178
2108
server_settings["use_dbus"] = False
3179
2109
tcp_server.use_dbus = False
3181
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
3182
service = AvahiServiceToSyslog(
3183
name=server_settings["servicename"],
3184
servicetype="_mandos._tcp",
3187
if server_settings["interface"]:
3188
service.interface = if_nametoindex(
3189
server_settings["interface"].encode("utf-8"))
2110
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2111
service = AvahiServiceToSyslog(name =
2112
server_settings["servicename"],
2113
servicetype = "_mandos._tcp",
2114
protocol = protocol, bus = bus)
2115
if server_settings["interface"]:
2116
service.interface = (if_nametoindex
2117
(str(server_settings["interface"])))
3191
2119
global multiprocessing_manager
3192
2120
multiprocessing_manager = multiprocessing.Manager()
3194
2122
client_class = Client
3196
client_class = functools.partial(ClientDBus, bus=bus)
3198
client_settings = Client.config_parser(client_config)
2124
client_class = functools.partial(ClientDBusTransitional,
2127
special_settings = {
2128
# Some settings need to be accessd by special methods;
2129
# booleans need .getboolean(), etc. Here is a list of them:
2130
"approved_by_default":
2132
client_config.getboolean(section, "approved_by_default"),
2134
# Construct a new dict of client settings of this form:
2135
# { client_name: {setting_name: value, ...}, ...}
2136
# with exceptions for any special settings as defined above
2137
client_settings = dict((clientname,
2139
(value if setting not in special_settings
2140
else special_settings[setting](clientname)))
2141
for setting, value in client_config.items(clientname)))
2142
for clientname in client_config.sections())
3199
2144
old_client_settings = {}
3202
# This is used to redirect stdout and stderr for checker processes
3204
wnull = open(os.devnull, "w") # A writable /dev/null
3205
# Only used if server is running in foreground but not in debug
3207
if debug or not foreground:
3210
# Get client data and settings from last running state.
2147
# Get client data and settings from last running state.
3211
2148
if server_settings["restore"]:
3213
2150
with open(stored_state_path, "rb") as stored_state:
3214
if sys.version_info.major == 2:
3215
clients_data, old_client_settings = pickle.load(
3218
bytes_clients_data, bytes_old_client_settings = (
3219
pickle.load(stored_state, encoding="bytes"))
3220
# Fix bytes to strings
3223
clients_data = {(key.decode("utf-8")
3224
if isinstance(key, bytes)
3227
bytes_clients_data.items()}
3228
del bytes_clients_data
3229
for key in clients_data:
3230
value = {(k.decode("utf-8")
3231
if isinstance(k, bytes) else k): v
3233
clients_data[key].items()}
3234
clients_data[key] = value
3236
value["client_structure"] = [
3238
if isinstance(s, bytes)
3240
value["client_structure"]]
3242
for k in ("name", "host"):
3243
if isinstance(value[k], bytes):
3244
value[k] = value[k].decode("utf-8")
3245
if not value.has_key("key_id"):
3246
value["key_id"] = ""
3247
elif not value.has_key("fingerprint"):
3248
value["fingerprint"] = ""
3249
# old_client_settings
3251
old_client_settings = {
3252
(key.decode("utf-8")
3253
if isinstance(key, bytes)
3256
bytes_old_client_settings.items()}
3257
del bytes_old_client_settings
3259
for value in old_client_settings.values():
3260
if isinstance(value["host"], bytes):
3261
value["host"] = (value["host"]
2151
clients_data, old_client_settings = pickle.load(stored_state)
3263
2152
os.remove(stored_state_path)
3264
2153
except IOError as e:
3265
if e.errno == errno.ENOENT:
3266
logger.warning("Could not load persistent state:"
3267
" {}".format(os.strerror(e.errno)))
3269
logger.critical("Could not load persistent state:",
2154
logger.warning("Could not load persistant state: {0}".format(e))
2155
if e.errno != errno.ENOENT:
3272
except EOFError as e:
3273
logger.warning("Could not load persistent state: "
3277
with PGPEngine() as pgp:
3278
for client_name, client in clients_data.items():
3279
# Skip removed clients
3280
if client_name not in client_settings:
3283
# Decide which value to use after restoring saved state.
3284
# We have three different values: Old config file,
3285
# new config file, and saved state.
3286
# New config value takes precedence if it differs from old
3287
# config value, otherwise use saved state.
3288
for name, value in client_settings[client_name].items():
3290
# For each value in new config, check if it
3291
# differs from the old config value (Except for
3292
# the "secret" attribute)
3293
if (name != "secret"
3295
old_client_settings[client_name][name])):
3296
client[name] = value
3300
# Clients who has passed its expire date can still be
3301
# enabled if its last checker was successful. A Client
3302
# whose checker succeeded before we stored its state is
3303
# assumed to have successfully run all checkers during
3305
if client["enabled"]:
3306
if datetime.datetime.utcnow() >= client["expires"]:
3307
if not client["last_checked_ok"]:
3309
"disabling client {} - Client never "
3310
"performed a successful checker".format(
3312
client["enabled"] = False
3313
elif client["last_checker_status"] != 0:
3315
"disabling client {} - Client last"
3316
" checker failed with error code"
3319
client["last_checker_status"]))
3320
client["enabled"] = False
3322
client["expires"] = (
3323
datetime.datetime.utcnow()
3324
+ client["timeout"])
3325
logger.debug("Last checker succeeded,"
3326
" keeping {} enabled".format(
2158
for client in clients_data:
2159
client_name = client["name"]
2161
# Decide which value to use after restoring saved state.
2162
# We have three different values: Old config file,
2163
# new config file, and saved state.
2164
# New config value takes precedence if it differs from old
2165
# config value, otherwise use saved state.
2166
for name, value in client_settings[client_name].items():
3329
client["secret"] = pgp.decrypt(
3330
client["encrypted_secret"],
3331
client_settings[client_name]["secret"])
3333
# If decryption fails, we use secret from new settings
3334
logger.debug("Failed to decrypt {} old secret".format(
3336
client["secret"] = (client_settings[client_name]
3339
# Add/remove clients based on new changes made to config
3340
for client_name in (set(old_client_settings)
3341
- set(client_settings)):
3342
del clients_data[client_name]
3343
for client_name in (set(client_settings)
3344
- set(old_client_settings)):
3345
clients_data[client_name] = client_settings[client_name]
3347
# Create all client objects
3348
for client_name, client in clients_data.items():
3349
tcp_server.clients[client_name] = client_class(
3352
server_settings=server_settings)
2168
# For each value in new config, check if it differs
2169
# from the old config value (Except for the "secret"
2171
if name != "secret" and value != old_client_settings[client_name][name]:
2172
setattr(client, name, value)
2176
# Clients who has passed its expire date, can still be enabled if its
2177
# last checker was sucessful. Clients who checkers failed before we
2178
# stored it state is asumed to had failed checker during downtime.
2179
if client["enabled"] and client["last_checked_ok"]:
2180
if ((datetime.datetime.utcnow() - client["last_checked_ok"])
2181
> client["interval"]):
2182
if client["last_checker_status"] != 0:
2183
client["enabled"] = False
2185
client["expires"] = datetime.datetime.utcnow() + client["timeout"]
2187
client["changedstate"] = (multiprocessing_manager
2188
.Condition(multiprocessing_manager
2191
new_client = ClientDBusTransitional.__new__(ClientDBusTransitional)
2192
tcp_server.clients[client_name] = new_client
2193
new_client.bus = bus
2194
for name, value in client.iteritems():
2195
setattr(new_client, name, value)
2196
client_object_name = unicode(client_name).translate(
2197
{ord("."): ord("_"),
2198
ord("-"): ord("_")})
2199
new_client.dbus_object_path = (dbus.ObjectPath
2200
("/clients/" + client_object_name))
2201
DBusObjectWithProperties.__init__(new_client,
2203
new_client.dbus_object_path)
2205
tcp_server.clients[client_name] = Client.__new__(Client)
2206
for name, value in client.iteritems():
2207
setattr(tcp_server.clients[client_name], name, value)
2209
tcp_server.clients[client_name].decrypt_secret(
2210
client_settings[client_name]["secret"])
2212
# Create/remove clients based on new changes made to config
2213
for clientname in set(old_client_settings) - set(client_settings):
2214
del tcp_server.clients[clientname]
2215
for clientname in set(client_settings) - set(old_client_settings):
2216
tcp_server.clients[clientname] = (client_class(name = clientname,
3354
2222
if not tcp_server.clients:
3355
2223
logger.warning("No clients defined")
3358
if pidfile is not None:
3362
print(pid, file=pidfile)
3364
logger.error("Could not write to file %r with PID %d",
2229
pidfile.write(str(pid) + "\n".encode("utf-8"))
2232
logger.error("Could not write to file %r with PID %d",
2235
# "pidfile" was never created
3367
2237
del pidfilename
3369
for termsig in (signal.SIGHUP, signal.SIGTERM):
3370
GLib.unix_signal_add(GLib.PRIORITY_HIGH, termsig,
3371
lambda: main_loop.quit() and False)
2239
signal.signal(signal.SIGINT, signal.SIG_IGN)
2241
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
2242
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
3375
@alternate_dbus_interfaces(
3376
{"se.recompile.Mandos": "se.bsnet.fukt.Mandos"})
3377
class MandosDBusService(DBusObjectWithObjectManager):
2245
class MandosDBusService(dbus.service.Object):
3378
2246
"""A D-Bus proxy object"""
3380
2247
def __init__(self):
3381
2248
dbus.service.Object.__init__(self, bus, "/")
3383
2249
_interface = "se.recompile.Mandos"
3385
2251
@dbus.service.signal(_interface, signature="o")
3386
2252
def ClientAdded(self, objpath):
3390
2256
@dbus.service.signal(_interface, signature="ss")
3391
def ClientNotFound(self, key_id, address):
2257
def ClientNotFound(self, fingerprint, address):
3395
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
3397
2261
@dbus.service.signal(_interface, signature="os")
3398
2262
def ClientRemoved(self, objpath, name):
3402
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
3404
2266
@dbus.service.method(_interface, out_signature="ao")
3405
2267
def GetAllClients(self):
3407
return dbus.Array(c.dbus_object_path for c in
3408
tcp_server.clients.values())
3410
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
2269
return dbus.Array(c.dbus_object_path
2271
tcp_server.clients.itervalues())
3412
2273
@dbus.service.method(_interface,
3413
2274
out_signature="a{oa{sv}}")
3414
2275
def GetAllClientsWithProperties(self):
3416
2277
return dbus.Dictionary(
3417
{c.dbus_object_path: c.GetAll(
3418
"se.recompile.Mandos.Client")
3419
for c in tcp_server.clients.values()},
2278
((c.dbus_object_path, c.GetAll(""))
2279
for c in tcp_server.clients.itervalues()),
3420
2280
signature="oa{sv}")
3422
2282
@dbus.service.method(_interface, in_signature="o")
3423
2283
def RemoveClient(self, object_path):
3425
for c in tcp_server.clients.values():
2285
for c in tcp_server.clients.itervalues():
3426
2286
if c.dbus_object_path == object_path:
3427
2287
del tcp_server.clients[c.name]
3428
2288
c.remove_from_connection()
3429
# Don't signal the disabling
2289
# Don't signal anything except ClientRemoved
3430
2290
c.disable(quiet=True)
3431
# Emit D-Bus signal for removal
3432
self.client_removed_signal(c)
2292
self.ClientRemoved(object_path, c.name)
3434
2294
raise KeyError(object_path)
3438
@dbus.service.method(dbus.OBJECT_MANAGER_IFACE,
3439
out_signature="a{oa{sa{sv}}}")
3440
def GetManagedObjects(self):
3442
return dbus.Dictionary(
3443
{client.dbus_object_path:
3445
{interface: client.GetAll(interface)
3447
client._get_all_interface_names()})
3448
for client in tcp_server.clients.values()})
3450
def client_added_signal(self, client):
3451
"""Send the new standard signal and the old signal"""
3453
# New standard signal
3454
self.InterfacesAdded(
3455
client.dbus_object_path,
3457
{interface: client.GetAll(interface)
3459
client._get_all_interface_names()}))
3461
self.ClientAdded(client.dbus_object_path)
3463
def client_removed_signal(self, client):
3464
"""Send the new standard signal and the old signal"""
3466
# New standard signal
3467
self.InterfacesRemoved(
3468
client.dbus_object_path,
3469
client._get_all_interface_names())
3471
self.ClientRemoved(client.dbus_object_path,
3474
mandos_dbus_service = MandosDBusService()
3476
# Save modules to variables to exempt the modules from being
3477
# unloaded before the function registered with atexit() is run.
3478
mp = multiprocessing
2298
class MandosDBusServiceTransitional(MandosDBusService):
2299
__metaclass__ = AlternateDBusNamesMetaclass
2300
mandos_dbus_service = MandosDBusServiceTransitional()
3482
2303
"Cleanup function; run on exit"
3486
mp.active_children()
2306
multiprocessing.active_children()
3488
2307
if not (tcp_server.clients or client_settings):
3491
# Store client before exiting. Secrets are encrypted with key
3492
# based on what config file has. If config file is
3493
# removed/edited, old secret will thus be unrecovable.
3495
with PGPEngine() as pgp:
3496
for client in tcp_server.clients.values():
3497
key = client_settings[client.name]["secret"]
3498
client.encrypted_secret = pgp.encrypt(client.secret,
3502
# A list of attributes that can not be pickled
3504
exclude = {"bus", "changedstate", "secret",
3505
"checker", "server_settings"}
3506
for name, typ in inspect.getmembers(dbus.service
3510
client_dict["encrypted_secret"] = (client
3512
for attr in client.client_structure:
3513
if attr not in exclude:
3514
client_dict[attr] = getattr(client, attr)
3516
clients[client.name] = client_dict
3517
del client_settings[client.name]["secret"]
2310
# Store client before exiting. Secrets are encrypted with key based
2311
# on what config file has. If config file is removed/edited, old
2312
# secret will thus be unrecovable.
2314
for client in tcp_server.clients.itervalues():
2315
client.encrypt_secret(client_settings[client.name]["secret"])
2319
# A list of attributes that will not be stored when shuting down.
2320
exclude = set(("bus", "changedstate", "secret"))
2321
for name, typ in inspect.getmembers(dbus.service.Object):
2324
client_dict["encrypted_secret"] = client.encrypted_secret
2325
for attr in client.client_structure:
2326
if attr not in exclude:
2327
client_dict[attr] = getattr(client, attr)
2329
clients.append(client_dict)
2330
del client_settings[client.name]["secret"]
3520
with tempfile.NamedTemporaryFile(
3524
dir=os.path.dirname(stored_state_path),
3525
delete=False) as stored_state:
3526
pickle.dump((clients, client_settings), stored_state,
3528
tempname = stored_state.name
3529
os.rename(tempname, stored_state_path)
3530
except (IOError, OSError) as e:
3536
if e.errno in (errno.ENOENT, errno.EACCES, errno.EEXIST):
3537
logger.warning("Could not save persistent state: {}"
3538
.format(os.strerror(e.errno)))
3540
logger.warning("Could not save persistent state:",
2333
with os.fdopen(os.open(stored_state_path, os.O_CREAT|os.O_WRONLY|os.O_TRUNC, 0600), "wb") as stored_state:
2334
pickle.dump((clients, client_settings), stored_state)
2335
except IOError as e:
2336
logger.warning("Could not save persistant state: {0}".format(e))
2337
if e.errno != errno.ENOENT:
3544
2340
# Delete all clients, and settings from config