/mandos/trunk : revision 552

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

Committer: teddy at recompile
Date: 2012-01-02 01:58:41 UTC
Revision ID: teddy@recompile.se-20120102015841-2krpl2epdhishtpg

* mandos: Consistent terminology; use the term "secret" for the
          client's stored data.
  (ClientDBus.__init__): Removed dead code.
  (Clienthandler.handle): Bug fix: send NewRequest signal with only IP
                          address, not str() of address tuple.

files modified:
mandos

Show diffs side-by-side

added added

removed removed

mandos

422

secret: bytestring; sent verbatim (over TLS) to client

423

timeout: datetime.timedelta(); How long from last_checked_ok

424

until this client is disabled

425

extended_timeout: extra long timeout when password has been sent

425

extended_timeout: extra long timeout when secret has been sent

426

runtime_expansions: Allowed attributes for runtime expansion.

427

expires: datetime.datetime(); time (UTC) when a client will be

428

disabled, or None

1049

def __init__(self, bus = None, *args, **kwargs):

1050

self.bus = bus

1051

Client.__init__(self, *args, **kwargs)

1052

self._approvals_pending = 0

1053

1054

self._approvals_pending = 0

1055

1052

# Only now, when this client is initialized, can it show up on

1056

1053

# the D-Bus

1057

1054

client_object_name = unicode(self.name).translate(

1227

1224

"D-Bus signal"

1228

1225

return self.need_approval()

1229

1226

1230

# NeRwequest - signal

1227

# NewRequest - signal

1231

1228

@dbus.service.signal(_interface, signature="s")

1232

1229

def NewRequest(self, ip):

1233

1230

"""D-Bus signal

1234

Is sent after a client request a password.

1231

Is sent after a client request a secret.

1235

1232

"""

1236

1233

pass

1237

1234

1549

1546

1550

1547

if self.server.use_dbus:

1551

1548

# Emit D-Bus signal

1552

client.NewRequest(str(self.client_address))

1549

client.NewRequest(unicode(self.client_address)[0])

1553

1550

1554

1551

if client.approval_delay:

1555

1552

delay = client.approval_delay

2250

2247

2251

2248

# Clients who has passed its expire date can still be

2252

2249

# enabled if its last checker was successful. Clients

2253

# whose checker failed before we stored its state is

2254

# assumed to have failed all checkers during downtime.

2250

# whose checker succeeded before we stored its state is

2251

# assumed to have successfully run all checkers during

2252

# downtime.

2255

2253

if client["enabled"]:

2256

2254

if datetime.datetime.utcnow() >= client["expires"]:

2257

2255

if not client["last_checked_ok"]:

2258

2256

logger.warning(

2259

2257

"disabling client {0} - Client never "

2260

"performed a successfull checker"

2261

.format(client["name"]))

2258

"performed a successful checker"

2259

.format(client_name))

2262

2260

client["enabled"] = False

2263

2261

elif client["last_checker_status"] != 0:

2264

2262

logger.warning(

2265

2263

"disabling client {0} - Client "

2266

2264

"last checker failed with error code {1}"

2267

.format(client["name"],

2265

.format(client_name,

2268

2266

client["last_checker_status"]))

2269

2267

client["enabled"] = False

2270

2268

else:

2273

2271

+ client["timeout"])

2274

2272

logger.debug("Last checker succeeded,"

2275

2273

" keeping {0} enabled"

2276

.format(client["name"]))

2274

.format(client_name))

2277

2275

try:

2278

2276

client["secret"] = (

2279

2277

pgp.decrypt(client["encrypted_secret"],

2295

2293

- set(old_client_settings)):

2296

2294

clients_data[client_name] = client_settings[client_name]

2297

2295

2298

# Create clients all clients

2296

# Create all client objects

2299

2297

for client_name, client in clients_data.iteritems():

2300

2298

tcp_server.clients[client_name] = client_class(

2301

2299

name = client_name, settings = client)

Older »