/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

  • Committer: Teddy Hogeborn
  • Date: 2012-01-01 04:02:00 UTC
  • Revision ID: teddy@recompile.se-20120101040200-8wgma707v4gi7hxn
* debian/rules (binary-common): Exclude network-hooks.d from
                                dh_fixperms.
* mandos (DBusObjectWithProperties.Set): Bug fix: handle byte arrays.
* mandos-clients.conf.xml (DESCRIPTION): Add reference to persistent
                                         state.
* mandos-options.xml (restore): Adjust wording slightly.
* mandos.xml (OPTIONS/--no-restore): Refer to "PERSISTENT STATE"
                                     section.
  (PERSISTENT STATE): New section.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos
85
85
    except ImportError:
86
86
        SO_BINDTODEVICE = None
87
87
 
88
 
version = "1.5.2"
 
88
version = "1.4.1"
89
89
stored_state_file = "clients.pickle"
90
90
 
91
91
logger = logging.getLogger()
422
422
    secret:     bytestring; sent verbatim (over TLS) to client
423
423
    timeout:    datetime.timedelta(); How long from last_checked_ok
424
424
                                      until this client is disabled
425
 
    extended_timeout:   extra long timeout when secret has been sent
 
425
    extended_timeout:   extra long timeout when password has been sent
426
426
    runtime_expansions: Allowed attributes for runtime expansion.
427
427
    expires:    datetime.datetime(); time (UTC) when a client will be
428
428
                disabled, or None
1049
1049
    def __init__(self, bus = None, *args, **kwargs):
1050
1050
        self.bus = bus
1051
1051
        Client.__init__(self, *args, **kwargs)
 
1052
        self._approvals_pending = 0
 
1053
        
 
1054
        self._approvals_pending = 0
1052
1055
        # Only now, when this client is initialized, can it show up on
1053
1056
        # the D-Bus
1054
1057
        client_object_name = unicode(self.name).translate(
1224
1227
        "D-Bus signal"
1225
1228
        return self.need_approval()
1226
1229
    
 
1230
    # NeRwequest - signal
 
1231
    @dbus.service.signal(_interface, signature="s")
 
1232
    def NewRequest(self, ip):
 
1233
        """D-Bus signal
 
1234
        Is sent after a client request a password.
 
1235
        """
 
1236
        pass
 
1237
    
1227
1238
    ## Methods
1228
1239
    
1229
1240
    # Approve - method
1536
1547
                except KeyError:
1537
1548
                    return
1538
1549
                
 
1550
                if self.server.use_dbus:
 
1551
                    # Emit D-Bus signal
 
1552
                    client.NewRequest(str(self.client_address))
 
1553
                
1539
1554
                if client.approval_delay:
1540
1555
                    delay = client.approval_delay
1541
1556
                    client.approvals_pending += 1
2235
2250
            
2236
2251
            # Clients who has passed its expire date can still be
2237
2252
            # enabled if its last checker was successful.  Clients
2238
 
            # whose checker succeeded before we stored its state is
2239
 
            # assumed to have successfully run all checkers during
2240
 
            # downtime.
 
2253
            # whose checker failed before we stored its state is
 
2254
            # assumed to have failed all checkers during downtime.
2241
2255
            if client["enabled"]:
2242
2256
                if datetime.datetime.utcnow() >= client["expires"]:
2243
2257
                    if not client["last_checked_ok"]:
2244
2258
                        logger.warning(
2245
2259
                            "disabling client {0} - Client never "
2246
 
                            "performed a successful checker"
2247
 
                            .format(client_name))
 
2260
                            "performed a successfull checker"
 
2261
                            .format(client["name"]))
2248
2262
                        client["enabled"] = False
2249
2263
                    elif client["last_checker_status"] != 0:
2250
2264
                        logger.warning(
2251
2265
                            "disabling client {0} - Client "
2252
2266
                            "last checker failed with error code {1}"
2253
 
                            .format(client_name,
 
2267
                            .format(client["name"],
2254
2268
                                    client["last_checker_status"]))
2255
2269
                        client["enabled"] = False
2256
2270
                    else:
2259
2273
                                             + client["timeout"])
2260
2274
                        logger.debug("Last checker succeeded,"
2261
2275
                                     " keeping {0} enabled"
2262
 
                                     .format(client_name))
 
2276
                                     .format(client["name"]))
2263
2277
            try:
2264
2278
                client["secret"] = (
2265
2279
                    pgp.decrypt(client["encrypted_secret"],
2281
2295
                        - set(old_client_settings)):
2282
2296
        clients_data[client_name] = client_settings[client_name]
2283
2297
 
2284
 
    # Create all client objects
 
2298
    # Create clients all clients
2285
2299
    for client_name, client in clients_data.iteritems():
2286
2300
        tcp_server.clients[client_name] = client_class(
2287
2301
            name = client_name, settings = client)