189
172
def password_encode(self, password):
190
173
# Passphrase can not be empty and can not contain newlines or
191
174
# NUL bytes. So we prefix it and hex encode it.
192
encoded = b"mandos" + binascii.hexlify(password)
193
if len(encoded) > 2048:
194
# GnuPG can't handle long passwords, so encode differently
195
encoded = (b"mandos" + password.replace(b"\\", b"\\\\")
196
.replace(b"\n", b"\\n")
197
.replace(b"\0", b"\\x00"))
175
return b"mandos" + binascii.hexlify(password)
200
177
def encrypt(self, data, password):
201
passphrase = self.password_encode(password)
202
with tempfile.NamedTemporaryFile(
203
dir=self.tempdir) as passfile:
204
passfile.write(passphrase)
206
proc = subprocess.Popen(['gpg', '--symmetric',
210
stdin = subprocess.PIPE,
211
stdout = subprocess.PIPE,
212
stderr = subprocess.PIPE)
213
ciphertext, err = proc.communicate(input = data)
214
if proc.returncode != 0:
178
self.gnupg.passphrase = self.password_encode(password)
179
with open(os.devnull, "w") as devnull:
181
proc = self.gnupg.run(['--symmetric'],
182
create_fhs=['stdin', 'stdout'],
183
attach_fhs={'stderr': devnull})
184
with contextlib.closing(proc.handles['stdin']) as f:
186
with contextlib.closing(proc.handles['stdout']) as f:
187
ciphertext = f.read()
191
self.gnupg.passphrase = None
216
192
return ciphertext
218
194
def decrypt(self, data, password):
219
passphrase = self.password_encode(password)
220
with tempfile.NamedTemporaryFile(
221
dir = self.tempdir) as passfile:
222
passfile.write(passphrase)
224
proc = subprocess.Popen(['gpg', '--decrypt',
228
stdin = subprocess.PIPE,
229
stdout = subprocess.PIPE,
230
stderr = subprocess.PIPE)
231
decrypted_plaintext, err = proc.communicate(input = data)
232
if proc.returncode != 0:
195
self.gnupg.passphrase = self.password_encode(password)
196
with open(os.devnull, "w") as devnull:
198
proc = self.gnupg.run(['--decrypt'],
199
create_fhs=['stdin', 'stdout'],
200
attach_fhs={'stderr': devnull})
201
with contextlib.closing(proc.handles['stdin']) as f:
203
with contextlib.closing(proc.handles['stdout']) as f:
204
decrypted_plaintext = f.read()
208
self.gnupg.passphrase = None
234
209
return decrypted_plaintext
237
213
class AvahiError(Exception):
238
214
def __init__(self, value, *args, **kwargs):
239
215
self.value = value
240
return super(AvahiError, self).__init__(value, *args,
216
super(AvahiError, self).__init__(value, *args, **kwargs)
217
def __unicode__(self):
218
return unicode(repr(self.value))
244
220
class AvahiServiceError(AvahiError):
248
223
class AvahiGroupError(AvahiError):
488
427
runtime_expansions: Allowed attributes for runtime expansion.
489
428
expires: datetime.datetime(); time (UTC) when a client will be
490
429
disabled, or None
491
server_settings: The server_settings dict from main()
494
432
runtime_expansions = ("approval_delay", "approval_duration",
495
"created", "enabled", "expires",
496
"fingerprint", "host", "interval",
497
"last_approval_request", "last_checked_ok",
433
"created", "enabled", "fingerprint",
434
"host", "interval", "last_checked_ok",
498
435
"last_enabled", "name", "timeout")
501
"extended_timeout": "PT15M",
503
"checker": "fping -q -- %%(host)s",
505
"approval_delay": "PT0S",
506
"approval_duration": "PT1S",
507
"approved_by_default": "True",
436
client_defaults = { "timeout": "5m",
437
"extended_timeout": "15m",
439
"checker": "fping -q -- %%(host)s",
441
"approval_delay": "0s",
442
"approval_duration": "1s",
443
"approved_by_default": "True",
447
def timeout_milliseconds(self):
448
"Return the 'timeout' attribute in milliseconds"
449
return timedelta_to_milliseconds(self.timeout)
451
def extended_timeout_milliseconds(self):
452
"Return the 'extended_timeout' attribute in milliseconds"
453
return timedelta_to_milliseconds(self.extended_timeout)
455
def interval_milliseconds(self):
456
"Return the 'interval' attribute in milliseconds"
457
return timedelta_to_milliseconds(self.interval)
459
def approval_delay_milliseconds(self):
460
return timedelta_to_milliseconds(self.approval_delay)
512
463
def config_parser(config):
513
464
"""Construct a new dict of client settings of this form:
644
599
def init_checker(self):
645
600
# Schedule a new checker to be started an 'interval' from now,
646
601
# and every interval from then on.
647
if self.checker_initiator_tag is not None:
648
gobject.source_remove(self.checker_initiator_tag)
649
self.checker_initiator_tag = gobject.timeout_add(
650
int(self.interval.total_seconds() * 1000),
602
self.checker_initiator_tag = (gobject.timeout_add
603
(self.interval_milliseconds(),
652
605
# Schedule a disable() when 'timeout' has passed
653
if self.disable_initiator_tag is not None:
654
gobject.source_remove(self.disable_initiator_tag)
655
self.disable_initiator_tag = gobject.timeout_add(
656
int(self.timeout.total_seconds() * 1000), self.disable)
606
self.disable_initiator_tag = (gobject.timeout_add
607
(self.timeout_milliseconds(),
657
609
# Also start a new checker *right now*.
658
610
self.start_checker()
660
def checker_callback(self, source, condition, connection,
612
def checker_callback(self, pid, condition, command):
662
613
"""The checker has completed, so take appropriate actions."""
663
614
self.checker_callback_tag = None
664
615
self.checker = None
665
# Read return code from connection (see call_pipe)
666
returncode = connection.recv()
670
self.last_checker_status = returncode
671
self.last_checker_signal = None
616
if os.WIFEXITED(condition):
617
self.last_checker_status = os.WEXITSTATUS(condition)
672
618
if self.last_checker_status == 0:
673
619
logger.info("Checker for %(name)s succeeded",
675
621
self.checked_ok()
677
logger.info("Checker for %(name)s failed", vars(self))
623
logger.info("Checker for %(name)s failed",
679
626
self.last_checker_status = -1
680
self.last_checker_signal = -returncode
681
627
logger.warning("Checker for %(name)s crashed?",
685
630
def checked_ok(self):
686
631
"""Assert that the client has been seen, alive and well."""
687
632
self.last_checked_ok = datetime.datetime.utcnow()
688
633
self.last_checker_status = 0
689
self.last_checker_signal = None
690
634
self.bump_timeout()
692
636
def bump_timeout(self, timeout=None):
710
654
If a checker already exists, leave it running and do
712
656
# The reason for not killing a running checker is that if we
713
# did that, and if a checker (for some reason) started running
714
# slowly and taking more than 'interval' time, then the client
715
# would inevitably timeout, since no checker would get a
716
# chance to run to completion. If we instead leave running
657
# did that, then if a checker (for some reason) started
658
# running slowly and taking more than 'interval' time, the
659
# client would inevitably timeout, since no checker would get
660
# a chance to run to completion. If we instead leave running
717
661
# checkers alone, the checker would have to take more time
718
662
# than 'timeout' for the client to be disabled, which is as it
721
if self.checker is not None and not self.checker.is_alive():
722
logger.warning("Checker was not alive; joining")
665
# If a checker exists, make sure it is not a zombie
667
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
668
except (AttributeError, OSError) as error:
669
if (isinstance(error, OSError)
670
and error.errno != errno.ECHILD):
674
logger.warning("Checker was a zombie")
675
gobject.source_remove(self.checker_callback_tag)
676
self.checker_callback(pid, status,
677
self.current_checker_command)
725
678
# Start a new checker if needed
726
679
if self.checker is None:
727
# Escape attributes for the shell
729
attr: re.escape(str(getattr(self, attr)))
730
for attr in self.runtime_expansions }
732
command = self.checker_command % escaped_attrs
733
except TypeError as error:
734
logger.error('Could not format string "%s"',
735
self.checker_command,
681
# In case checker_command has exactly one % operator
682
command = self.checker_command % self.host
684
# Escape attributes for the shell
685
escaped_attrs = dict(
687
re.escape(unicode(str(getattr(self, attr, "")),
691
self.runtime_expansions)
694
command = self.checker_command % escaped_attrs
695
except TypeError as error:
696
logger.error('Could not format string "%s"',
697
self.checker_command, exc_info=error)
698
return True # Try again later
699
self.current_checker_command = command
701
logger.info("Starting checker %r for %s",
703
# We don't need to redirect stdout and stderr, since
704
# in normal mode, that is already done by daemon(),
705
# and in debug mode we don't want to. (Stdin is
706
# always replaced by /dev/null.)
707
self.checker = subprocess.Popen(command,
710
self.checker_callback_tag = (gobject.child_watch_add
712
self.checker_callback,
714
# The checker may have completed before the gobject
715
# watch was added. Check for this.
716
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
718
gobject.source_remove(self.checker_callback_tag)
719
self.checker_callback(pid, status, command)
720
except OSError as error:
721
logger.error("Failed to start subprocess",
737
return True # Try again later
738
self.current_checker_command = command
739
logger.info("Starting checker %r for %s", command,
741
# We don't need to redirect stdout and stderr, since
742
# in normal mode, that is already done by daemon(),
743
# and in debug mode we don't want to. (Stdin is
744
# always replaced by /dev/null.)
745
# The exception is when not debugging but nevertheless
746
# running in the foreground; use the previously
748
popen_args = { "close_fds": True,
751
if (not self.server_settings["debug"]
752
and self.server_settings["foreground"]):
753
popen_args.update({"stdout": wnull,
755
pipe = multiprocessing.Pipe(duplex = False)
756
self.checker = multiprocessing.Process(
758
args = (pipe[1], subprocess.call, command),
761
self.checker_callback_tag = gobject.io_add_watch(
762
pipe[0].fileno(), gobject.IO_IN,
763
self.checker_callback, pipe[0], command)
764
723
# Re-run this periodically if run by gobject.timeout_add
885
843
If called like _is_dbus_thing("method") it returns a function
886
844
suitable for use as predicate to inspect.getmembers().
888
return lambda obj: getattr(obj, "_dbus_is_{}".format(thing),
846
return lambda obj: getattr(obj, "_dbus_is_{0}".format(thing),
891
849
def _get_all_dbus_things(self, thing):
892
850
"""Returns a generator of (name, attribute) pairs
894
return ((getattr(athing.__get__(self), "_dbus_name", name),
852
return ((getattr(athing.__get__(self), "_dbus_name",
895
854
athing.__get__(self))
896
855
for cls in self.__class__.__mro__
897
856
for name, athing in
898
inspect.getmembers(cls, self._is_dbus_thing(thing)))
900
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
902
path_keyword = 'object_path',
903
connection_keyword = 'connection')
904
def Introspect(self, object_path, connection):
905
"""Overloading of standard D-Bus method.
907
Inserts annotation tags on methods and signals.
909
xmlstring = dbus.service.Object.Introspect(self, object_path,
912
document = xml.dom.minidom.parseString(xmlstring)
914
for if_tag in document.getElementsByTagName("interface"):
915
# Add annotation tags
916
for typ in ("method", "signal"):
917
for tag in if_tag.getElementsByTagName(typ):
919
for name, prop in (self.
920
_get_all_dbus_things(typ)):
921
if (name == tag.getAttribute("name")
922
and prop._dbus_interface
923
== if_tag.getAttribute("name")):
924
annots.update(getattr(
925
prop, "_dbus_annotations", {}))
926
for name, value in annots.items():
927
ann_tag = document.createElement(
929
ann_tag.setAttribute("name", name)
930
ann_tag.setAttribute("value", value)
931
tag.appendChild(ann_tag)
932
# Add interface annotation tags
933
for annotation, value in dict(
934
itertools.chain.from_iterable(
935
annotations().items()
936
for name, annotations
937
in self._get_all_dbus_things("interface")
938
if name == if_tag.getAttribute("name")
940
ann_tag = document.createElement("annotation")
941
ann_tag.setAttribute("name", annotation)
942
ann_tag.setAttribute("value", value)
943
if_tag.appendChild(ann_tag)
944
# Fix argument name for the Introspect method itself
945
if (if_tag.getAttribute("name")
946
== dbus.INTROSPECTABLE_IFACE):
947
for cn in if_tag.getElementsByTagName("method"):
948
if cn.getAttribute("name") == "Introspect":
949
for arg in cn.getElementsByTagName("arg"):
950
if (arg.getAttribute("direction")
952
arg.setAttribute("name",
954
xmlstring = document.toxml("utf-8")
956
except (AttributeError, xml.dom.DOMException,
957
xml.parsers.expat.ExpatError) as error:
958
logger.error("Failed to override Introspection method",
963
class DBusObjectWithProperties(DBusObjectWithAnnotations):
964
"""A D-Bus object with properties.
966
Classes inheriting from this can use the dbus_service_property
967
decorator to expose methods as D-Bus properties. It exposes the
968
standard Get(), Set(), and GetAll() methods on the D-Bus.
857
inspect.getmembers(cls,
858
self._is_dbus_thing(thing)))
971
860
def _get_dbus_property(self, interface_name, property_name):
972
861
"""Returns a bound method if one exists which is a D-Bus
973
862
property with the specified name and interface.
975
for cls in self.__class__.__mro__:
976
for name, value in inspect.getmembers(
977
cls, self._is_dbus_thing("property")):
864
for cls in self.__class__.__mro__:
865
for name, value in (inspect.getmembers
867
self._is_dbus_thing("property"))):
978
868
if (value._dbus_name == property_name
979
869
and value._dbus_interface == interface_name):
980
870
return value.__get__(self)
982
872
# No such property
983
raise DBusPropertyNotFound("{}:{}.{}".format(
984
self.dbus_object_path, interface_name, property_name))
987
def _get_all_interface_names(cls):
988
"""Get a sequence of all interfaces supported by an object"""
989
return (name for name in set(getattr(getattr(x, attr),
990
"_dbus_interface", None)
991
for x in (inspect.getmro(cls))
995
@dbus.service.method(dbus.PROPERTIES_IFACE,
873
raise DBusPropertyNotFound(self.dbus_object_path + ":"
874
+ interface_name + "."
877
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
997
878
out_signature="v")
998
879
def Get(self, interface_name, property_name):
999
880
"""Standard D-Bus property Get() method, see D-Bus standard.
1088
955
if prop._dbus_interface
1089
956
== if_tag.getAttribute("name")):
1090
957
if_tag.appendChild(tag)
1091
# Add annotation tags for properties
1092
for tag in if_tag.getElementsByTagName("property"):
1094
for name, prop in self._get_all_dbus_things(
1096
if (name == tag.getAttribute("name")
1097
and prop._dbus_interface
1098
== if_tag.getAttribute("name")):
1099
annots.update(getattr(
1100
prop, "_dbus_annotations", {}))
1101
for name, value in annots.items():
1102
ann_tag = document.createElement(
1104
ann_tag.setAttribute("name", name)
1105
ann_tag.setAttribute("value", value)
1106
tag.appendChild(ann_tag)
958
# Add annotation tags
959
for typ in ("method", "signal", "property"):
960
for tag in if_tag.getElementsByTagName(typ):
962
for name, prop in (self.
963
_get_all_dbus_things(typ)):
964
if (name == tag.getAttribute("name")
965
and prop._dbus_interface
966
== if_tag.getAttribute("name")):
967
annots.update(getattr
971
for name, value in annots.iteritems():
972
ann_tag = document.createElement(
974
ann_tag.setAttribute("name", name)
975
ann_tag.setAttribute("value", value)
976
tag.appendChild(ann_tag)
977
# Add interface annotation tags
978
for annotation, value in dict(
980
*(annotations().iteritems()
981
for name, annotations in
982
self._get_all_dbus_things("interface")
983
if name == if_tag.getAttribute("name")
985
ann_tag = document.createElement("annotation")
986
ann_tag.setAttribute("name", annotation)
987
ann_tag.setAttribute("value", value)
988
if_tag.appendChild(ann_tag)
1107
989
# Add the names to the return values for the
1108
990
# "org.freedesktop.DBus.Properties" methods
1109
991
if (if_tag.getAttribute("name")
1127
1009
exc_info=error)
1128
1010
return xmlstring
1131
dbus.OBJECT_MANAGER_IFACE
1132
except AttributeError:
1133
dbus.OBJECT_MANAGER_IFACE = "org.freedesktop.DBus.ObjectManager"
1135
class DBusObjectWithObjectManager(DBusObjectWithAnnotations):
1136
"""A D-Bus object with an ObjectManager.
1138
Classes inheriting from this exposes the standard
1139
GetManagedObjects call and the InterfacesAdded and
1140
InterfacesRemoved signals on the standard
1141
"org.freedesktop.DBus.ObjectManager" interface.
1143
Note: No signals are sent automatically; they must be sent
1146
@dbus.service.method(dbus.OBJECT_MANAGER_IFACE,
1147
out_signature = "a{oa{sa{sv}}}")
1148
def GetManagedObjects(self):
1149
"""This function must be overridden"""
1150
raise NotImplementedError()
1152
@dbus.service.signal(dbus.OBJECT_MANAGER_IFACE,
1153
signature = "oa{sa{sv}}")
1154
def InterfacesAdded(self, object_path, interfaces_and_properties):
1157
@dbus.service.signal(dbus.OBJECT_MANAGER_IFACE, signature = "oas")
1158
def InterfacesRemoved(self, object_path, interfaces):
1161
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
1162
out_signature = "s",
1163
path_keyword = 'object_path',
1164
connection_keyword = 'connection')
1165
def Introspect(self, object_path, connection):
1166
"""Overloading of standard D-Bus method.
1168
Override return argument name of GetManagedObjects to be
1169
"objpath_interfaces_and_properties"
1171
xmlstring = DBusObjectWithAnnotations.Introspect(self,
1175
document = xml.dom.minidom.parseString(xmlstring)
1177
for if_tag in document.getElementsByTagName("interface"):
1178
# Fix argument name for the GetManagedObjects method
1179
if (if_tag.getAttribute("name")
1180
== dbus.OBJECT_MANAGER_IFACE):
1181
for cn in if_tag.getElementsByTagName("method"):
1182
if (cn.getAttribute("name")
1183
== "GetManagedObjects"):
1184
for arg in cn.getElementsByTagName("arg"):
1185
if (arg.getAttribute("direction")
1189
"objpath_interfaces"
1191
xmlstring = document.toxml("utf-8")
1193
except (AttributeError, xml.dom.DOMException,
1194
xml.parsers.expat.ExpatError) as error:
1195
logger.error("Failed to override Introspection method",
1199
def datetime_to_dbus(dt, variant_level=0):
1013
def datetime_to_dbus (dt, variant_level=0):
1200
1014
"""Convert a UTC datetime.datetime() to a D-Bus type."""
1202
1016
return dbus.String("", variant_level = variant_level)
1203
return dbus.String(dt.isoformat(), variant_level=variant_level)
1206
def alternate_dbus_interfaces(alt_interface_names, deprecate=True):
1207
"""A class decorator; applied to a subclass of
1208
dbus.service.Object, it will add alternate D-Bus attributes with
1209
interface names according to the "alt_interface_names" mapping.
1212
@alternate_dbus_interfaces({"org.example.Interface":
1213
"net.example.AlternateInterface"})
1214
class SampleDBusObject(dbus.service.Object):
1215
@dbus.service.method("org.example.Interface")
1216
def SampleDBusMethod():
1219
The above "SampleDBusMethod" on "SampleDBusObject" will be
1220
reachable via two interfaces: "org.example.Interface" and
1221
"net.example.AlternateInterface", the latter of which will have
1222
its D-Bus annotation "org.freedesktop.DBus.Deprecated" set to
1223
"true", unless "deprecate" is passed with a False value.
1225
This works for methods and signals, and also for D-Bus properties
1226
(from DBusObjectWithProperties) and interfaces (from the
1227
dbus_interface_annotations decorator).
1017
return dbus.String(dt.isoformat(),
1018
variant_level=variant_level)
1021
class AlternateDBusNamesMetaclass(DBusObjectWithProperties
1023
"""Applied to an empty subclass of a D-Bus object, this metaclass
1024
will add additional D-Bus attributes matching a certain pattern.
1231
for orig_interface_name, alt_interface_name in (
1232
alt_interface_names.items()):
1234
interface_names = set()
1235
# Go though all attributes of the class
1236
for attrname, attribute in inspect.getmembers(cls):
1026
def __new__(mcs, name, bases, attr):
1027
# Go through all the base classes which could have D-Bus
1028
# methods, signals, or properties in them
1029
old_interface_names = []
1030
for base in (b for b in bases
1031
if issubclass(b, dbus.service.Object)):
1032
# Go though all attributes of the base class
1033
for attrname, attribute in inspect.getmembers(base):
1237
1034
# Ignore non-D-Bus attributes, and D-Bus attributes
1238
1035
# with the wrong interface name
1239
1036
if (not hasattr(attribute, "_dbus_interface")
1240
or not attribute._dbus_interface.startswith(
1241
orig_interface_name)):
1037
or not attribute._dbus_interface
1038
.startswith("se.recompile.Mandos")):
1243
1040
# Create an alternate D-Bus interface name based on
1244
1041
# the current name
1245
alt_interface = attribute._dbus_interface.replace(
1246
orig_interface_name, alt_interface_name)
1247
interface_names.add(alt_interface)
1042
alt_interface = (attribute._dbus_interface
1043
.replace("se.recompile.Mandos",
1044
"se.bsnet.fukt.Mandos"))
1045
if alt_interface != attribute._dbus_interface:
1046
old_interface_names.append(alt_interface)
1248
1047
# Is this a D-Bus signal?
1249
1048
if getattr(attribute, "_dbus_is_signal", False):
1250
if sys.version_info.major == 2:
1251
# Extract the original non-method undecorated
1252
# function by black magic
1253
nonmethod_func = (dict(
1049
# Extract the original non-method function by
1051
nonmethod_func = (dict(
1254
1052
zip(attribute.func_code.co_freevars,
1255
attribute.__closure__))
1256
["func"].cell_contents)
1258
nonmethod_func = attribute
1053
attribute.__closure__))["func"]
1259
1055
# Create a new, but exactly alike, function
1260
1056
# object, and decorate it to be a new D-Bus signal
1261
1057
# with the alternate D-Bus interface name
1262
if sys.version_info.major == 2:
1263
new_function = types.FunctionType(
1264
nonmethod_func.func_code,
1265
nonmethod_func.func_globals,
1266
nonmethod_func.func_name,
1267
nonmethod_func.func_defaults,
1268
nonmethod_func.func_closure)
1270
new_function = types.FunctionType(
1271
nonmethod_func.__code__,
1272
nonmethod_func.__globals__,
1273
nonmethod_func.__name__,
1274
nonmethod_func.__defaults__,
1275
nonmethod_func.__closure__)
1276
new_function = (dbus.service.signal(
1278
attribute._dbus_signature)(new_function))
1058
new_function = (dbus.service.signal
1060
attribute._dbus_signature)
1061
(types.FunctionType(
1062
nonmethod_func.func_code,
1063
nonmethod_func.func_globals,
1064
nonmethod_func.func_name,
1065
nonmethod_func.func_defaults,
1066
nonmethod_func.func_closure)))
1279
1067
# Copy annotations, if any
1281
new_function._dbus_annotations = dict(
1282
attribute._dbus_annotations)
1069
new_function._dbus_annotations = (
1070
dict(attribute._dbus_annotations))
1283
1071
except AttributeError:
1285
1073
# Define a creator of a function to call both the
1286
# original and alternate functions, so both the
1287
# original and alternate signals gets sent when
1288
# the function is called
1074
# old and new functions, so both the old and new
1075
# signals gets sent when the function is called
1289
1076
def fixscope(func1, func2):
1290
1077
"""This function is a scope container to pass
1291
1078
func1 and func2 to the "call_both" function
1292
1079
outside of its arguments"""
1294
@functools.wraps(func2)
1295
1080
def call_both(*args, **kwargs):
1296
1081
"""This function will emit two D-Bus
1297
1082
signals by calling func1 and func2"""
1298
1083
func1(*args, **kwargs)
1299
1084
func2(*args, **kwargs)
1300
# Make wrapper function look like a D-Bus signal
1301
for name, attr in inspect.getmembers(func2):
1302
if name.startswith("_dbus_"):
1303
setattr(call_both, name, attr)
1305
1085
return call_both
1306
1086
# Create the "call_both" function and add it to
1308
attr[attrname] = fixscope(attribute, new_function)
1088
attr[attrname] = fixscope(attribute,
1309
1090
# Is this a D-Bus method?
1310
1091
elif getattr(attribute, "_dbus_is_method", False):
1311
1092
# Create a new, but exactly alike, function
1312
1093
# object. Decorate it to be a new D-Bus method
1313
1094
# with the alternate D-Bus interface name. Add it
1314
1095
# to the class.
1316
dbus.service.method(
1318
attribute._dbus_in_signature,
1319
attribute._dbus_out_signature)
1320
(types.FunctionType(attribute.func_code,
1321
attribute.func_globals,
1322
attribute.func_name,
1323
attribute.func_defaults,
1324
attribute.func_closure)))
1096
attr[attrname] = (dbus.service.method
1098
attribute._dbus_in_signature,
1099
attribute._dbus_out_signature)
1101
(attribute.func_code,
1102
attribute.func_globals,
1103
attribute.func_name,
1104
attribute.func_defaults,
1105
attribute.func_closure)))
1325
1106
# Copy annotations, if any
1327
attr[attrname]._dbus_annotations = dict(
1328
attribute._dbus_annotations)
1108
attr[attrname]._dbus_annotations = (
1109
dict(attribute._dbus_annotations))
1329
1110
except AttributeError:
1331
1112
# Is this a D-Bus property?
1509
1267
DBusObjectWithProperties.__del__(self, *args, **kwargs)
1510
1268
Client.__del__(self, *args, **kwargs)
1512
def checker_callback(self, source, condition,
1513
connection, command, *args, **kwargs):
1514
ret = Client.checker_callback(self, source, condition,
1515
connection, command, *args,
1517
exitstatus = self.last_checker_status
1270
def checker_callback(self, pid, condition, command,
1272
self.checker_callback_tag = None
1274
if os.WIFEXITED(condition):
1275
exitstatus = os.WEXITSTATUS(condition)
1519
1276
# Emit D-Bus signal
1520
1277
self.CheckerCompleted(dbus.Int16(exitstatus),
1521
# This is specific to GNU libC
1522
dbus.Int64(exitstatus << 8),
1278
dbus.Int64(condition),
1523
1279
dbus.String(command))
1525
1281
# Emit D-Bus signal
1526
1282
self.CheckerCompleted(dbus.Int16(-1),
1528
# This is specific to GNU libC
1530
| self.last_checker_signal),
1283
dbus.Int64(condition),
1531
1284
dbus.String(command))
1286
return Client.checker_callback(self, pid, condition, command,
1534
1289
def start_checker(self, *args, **kwargs):
1535
old_checker_pid = getattr(self.checker, "pid", None)
1290
old_checker = self.checker
1291
if self.checker is not None:
1292
old_checker_pid = self.checker.pid
1294
old_checker_pid = None
1536
1295
r = Client.start_checker(self, *args, **kwargs)
1537
1296
# Only if new checker process was started
1538
1297
if (self.checker is not None
1653
1414
self.approved_by_default = bool(value)
1655
1416
# ApprovalDelay - property
1656
@dbus_service_property(_interface,
1417
@dbus_service_property(_interface, signature="t",
1658
1418
access="readwrite")
1659
1419
def ApprovalDelay_dbus_property(self, value=None):
1660
1420
if value is None: # get
1661
return dbus.UInt64(self.approval_delay.total_seconds()
1421
return dbus.UInt64(self.approval_delay_milliseconds())
1663
1422
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1665
1424
# ApprovalDuration - property
1666
@dbus_service_property(_interface,
1425
@dbus_service_property(_interface, signature="t",
1668
1426
access="readwrite")
1669
1427
def ApprovalDuration_dbus_property(self, value=None):
1670
1428
if value is None: # get
1671
return dbus.UInt64(self.approval_duration.total_seconds()
1429
return dbus.UInt64(timedelta_to_milliseconds(
1430
self.approval_duration))
1673
1431
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1675
1433
# Name - property
1677
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1678
1434
@dbus_service_property(_interface, signature="s", access="read")
1679
1435
def Name_dbus_property(self):
1680
1436
return dbus.String(self.name)
1682
1438
# Fingerprint - property
1684
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1685
1439
@dbus_service_property(_interface, signature="s", access="read")
1686
1440
def Fingerprint_dbus_property(self):
1687
1441
return dbus.String(self.fingerprint)
1689
1443
# Host - property
1690
@dbus_service_property(_interface,
1444
@dbus_service_property(_interface, signature="s",
1692
1445
access="readwrite")
1693
1446
def Host_dbus_property(self, value=None):
1694
1447
if value is None: # get
1695
1448
return dbus.String(self.host)
1696
self.host = str(value)
1449
self.host = unicode(value)
1698
1451
# Created - property
1700
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1701
1452
@dbus_service_property(_interface, signature="s", access="read")
1702
1453
def Created_dbus_property(self):
1703
1454
return datetime_to_dbus(self.created)
1745
1495
return datetime_to_dbus(self.last_approval_request)
1747
1497
# Timeout - property
1748
@dbus_service_property(_interface,
1498
@dbus_service_property(_interface, signature="t",
1750
1499
access="readwrite")
1751
1500
def Timeout_dbus_property(self, value=None):
1752
1501
if value is None: # get
1753
return dbus.UInt64(self.timeout.total_seconds() * 1000)
1754
old_timeout = self.timeout
1502
return dbus.UInt64(self.timeout_milliseconds())
1755
1503
self.timeout = datetime.timedelta(0, 0, 0, value)
1756
# Reschedule disabling
1504
# Reschedule timeout
1757
1505
if self.enabled:
1758
1506
now = datetime.datetime.utcnow()
1759
self.expires += self.timeout - old_timeout
1760
if self.expires <= now:
1507
time_to_die = timedelta_to_milliseconds(
1508
(self.last_checked_ok + self.timeout) - now)
1509
if time_to_die <= 0:
1761
1510
# The timeout has passed
1513
self.expires = (now +
1514
datetime.timedelta(milliseconds =
1764
1516
if (getattr(self, "disable_initiator_tag", None)
1767
1519
gobject.source_remove(self.disable_initiator_tag)
1768
self.disable_initiator_tag = gobject.timeout_add(
1769
int((self.expires - now).total_seconds() * 1000),
1520
self.disable_initiator_tag = (gobject.timeout_add
1772
1524
# ExtendedTimeout - property
1773
@dbus_service_property(_interface,
1525
@dbus_service_property(_interface, signature="t",
1775
1526
access="readwrite")
1776
1527
def ExtendedTimeout_dbus_property(self, value=None):
1777
1528
if value is None: # get
1778
return dbus.UInt64(self.extended_timeout.total_seconds()
1529
return dbus.UInt64(self.extended_timeout_milliseconds())
1780
1530
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1782
1532
# Interval - property
1783
@dbus_service_property(_interface,
1533
@dbus_service_property(_interface, signature="t",
1785
1534
access="readwrite")
1786
1535
def Interval_dbus_property(self, value=None):
1787
1536
if value is None: # get
1788
return dbus.UInt64(self.interval.total_seconds() * 1000)
1537
return dbus.UInt64(self.interval_milliseconds())
1789
1538
self.interval = datetime.timedelta(0, 0, 0, value)
1790
1539
if getattr(self, "checker_initiator_tag", None) is None:
1792
1541
if self.enabled:
1793
1542
# Reschedule checker run
1794
1543
gobject.source_remove(self.checker_initiator_tag)
1795
self.checker_initiator_tag = gobject.timeout_add(
1796
value, self.start_checker)
1797
self.start_checker() # Start one now, too
1544
self.checker_initiator_tag = (gobject.timeout_add
1545
(value, self.start_checker))
1546
self.start_checker() # Start one now, too
1799
1548
# Checker - property
1800
@dbus_service_property(_interface,
1549
@dbus_service_property(_interface, signature="s",
1802
1550
access="readwrite")
1803
1551
def Checker_dbus_property(self, value=None):
1804
1552
if value is None: # get
1805
1553
return dbus.String(self.checker_command)
1806
self.checker_command = str(value)
1554
self.checker_command = unicode(value)
1808
1556
# CheckerRunning - property
1809
@dbus_service_property(_interface,
1557
@dbus_service_property(_interface, signature="b",
1811
1558
access="readwrite")
1812
1559
def CheckerRunning_dbus_property(self, value=None):
1813
1560
if value is None: # get
2044
1788
def fingerprint(openpgp):
2045
1789
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
2046
1790
# New GnuTLS "datum" with the OpenPGP public key
2047
datum = gnutls.library.types.gnutls_datum_t(
2048
ctypes.cast(ctypes.c_char_p(openpgp),
2049
ctypes.POINTER(ctypes.c_ubyte)),
2050
ctypes.c_uint(len(openpgp)))
1791
datum = (gnutls.library.types
1792
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
1795
ctypes.c_uint(len(openpgp))))
2051
1796
# New empty GnuTLS certificate
2052
1797
crt = gnutls.library.types.gnutls_openpgp_crt_t()
2053
gnutls.library.functions.gnutls_openpgp_crt_init(
1798
(gnutls.library.functions
1799
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
2055
1800
# Import the OpenPGP public key into the certificate
2056
gnutls.library.functions.gnutls_openpgp_crt_import(
2057
crt, ctypes.byref(datum),
2058
gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)
1801
(gnutls.library.functions
1802
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
1803
gnutls.library.constants
1804
.GNUTLS_OPENPGP_FMT_RAW))
2059
1805
# Verify the self signature in the key
2060
1806
crtverify = ctypes.c_uint()
2061
gnutls.library.functions.gnutls_openpgp_crt_verify_self(
2062
crt, 0, ctypes.byref(crtverify))
1807
(gnutls.library.functions
1808
.gnutls_openpgp_crt_verify_self(crt, 0,
1809
ctypes.byref(crtverify)))
2063
1810
if crtverify.value != 0:
2064
1811
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
2065
raise gnutls.errors.CertificateSecurityError(
1812
raise (gnutls.errors.CertificateSecurityError
2067
1814
# New buffer for the fingerprint
2068
1815
buf = ctypes.create_string_buffer(20)
2069
1816
buf_len = ctypes.c_size_t()
2070
1817
# Get the fingerprint from the certificate into the buffer
2071
gnutls.library.functions.gnutls_openpgp_crt_get_fingerprint(
2072
crt, ctypes.byref(buf), ctypes.byref(buf_len))
1818
(gnutls.library.functions
1819
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
1820
ctypes.byref(buf_len)))
2073
1821
# Deinit the certificate
2074
1822
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
2075
1823
# Convert the buffer to a Python bytestring
2126
1873
interface: None or a network interface name (string)
2127
1874
use_ipv6: Boolean; to use IPv6 or not
2130
1876
def __init__(self, server_address, RequestHandlerClass,
2134
"""If socketfd is set, use that file descriptor instead of
2135
creating a new one with socket.socket().
1877
interface=None, use_ipv6=True):
2137
1878
self.interface = interface
2139
1880
self.address_family = socket.AF_INET6
2140
if socketfd is not None:
2141
# Save the file descriptor
2142
self.socketfd = socketfd
2143
# Save the original socket.socket() function
2144
self.socket_socket = socket.socket
2145
# To implement --socket, we monkey patch socket.socket.
2147
# (When socketserver.TCPServer is a new-style class, we
2148
# could make self.socket into a property instead of monkey
2149
# patching socket.socket.)
2151
# Create a one-time-only replacement for socket.socket()
2152
@functools.wraps(socket.socket)
2153
def socket_wrapper(*args, **kwargs):
2154
# Restore original function so subsequent calls are
2156
socket.socket = self.socket_socket
2157
del self.socket_socket
2158
# This time only, return a new socket object from the
2159
# saved file descriptor.
2160
return socket.fromfd(self.socketfd, *args, **kwargs)
2161
# Replace socket.socket() function with wrapper
2162
socket.socket = socket_wrapper
2163
# The socketserver.TCPServer.__init__ will call
2164
# socket.socket(), which might be our replacement,
2165
# socket_wrapper(), if socketfd was set.
2166
1881
socketserver.TCPServer.__init__(self, server_address,
2167
1882
RequestHandlerClass)
2169
1883
def server_bind(self):
2170
1884
"""This overrides the normal server_bind() function
2171
1885
to bind to an interface if one was specified, and also NOT to
2331
def rfc3339_duration_to_delta(duration):
2332
"""Parse an RFC 3339 "duration" and return a datetime.timedelta
2334
>>> rfc3339_duration_to_delta("P7D")
2335
datetime.timedelta(7)
2336
>>> rfc3339_duration_to_delta("PT60S")
2337
datetime.timedelta(0, 60)
2338
>>> rfc3339_duration_to_delta("PT60M")
2339
datetime.timedelta(0, 3600)
2340
>>> rfc3339_duration_to_delta("PT24H")
2341
datetime.timedelta(1)
2342
>>> rfc3339_duration_to_delta("P1W")
2343
datetime.timedelta(7)
2344
>>> rfc3339_duration_to_delta("PT5M30S")
2345
datetime.timedelta(0, 330)
2346
>>> rfc3339_duration_to_delta("P1DT3M20S")
2347
datetime.timedelta(1, 200)
2350
# Parsing an RFC 3339 duration with regular expressions is not
2351
# possible - there would have to be multiple places for the same
2352
# values, like seconds. The current code, while more esoteric, is
2353
# cleaner without depending on a parsing library. If Python had a
2354
# built-in library for parsing we would use it, but we'd like to
2355
# avoid excessive use of external libraries.
2357
# New type for defining tokens, syntax, and semantics all-in-one
2358
Token = collections.namedtuple("Token", (
2359
"regexp", # To match token; if "value" is not None, must have
2360
# a "group" containing digits
2361
"value", # datetime.timedelta or None
2362
"followers")) # Tokens valid after this token
2363
# RFC 3339 "duration" tokens, syntax, and semantics; taken from
2364
# the "duration" ABNF definition in RFC 3339, Appendix A.
2365
token_end = Token(re.compile(r"$"), None, frozenset())
2366
token_second = Token(re.compile(r"(\d+)S"),
2367
datetime.timedelta(seconds=1),
2368
frozenset((token_end, )))
2369
token_minute = Token(re.compile(r"(\d+)M"),
2370
datetime.timedelta(minutes=1),
2371
frozenset((token_second, token_end)))
2372
token_hour = Token(re.compile(r"(\d+)H"),
2373
datetime.timedelta(hours=1),
2374
frozenset((token_minute, token_end)))
2375
token_time = Token(re.compile(r"T"),
2377
frozenset((token_hour, token_minute,
2379
token_day = Token(re.compile(r"(\d+)D"),
2380
datetime.timedelta(days=1),
2381
frozenset((token_time, token_end)))
2382
token_month = Token(re.compile(r"(\d+)M"),
2383
datetime.timedelta(weeks=4),
2384
frozenset((token_day, token_end)))
2385
token_year = Token(re.compile(r"(\d+)Y"),
2386
datetime.timedelta(weeks=52),
2387
frozenset((token_month, token_end)))
2388
token_week = Token(re.compile(r"(\d+)W"),
2389
datetime.timedelta(weeks=1),
2390
frozenset((token_end, )))
2391
token_duration = Token(re.compile(r"P"), None,
2392
frozenset((token_year, token_month,
2393
token_day, token_time,
2395
# Define starting values
2396
value = datetime.timedelta() # Value so far
2398
followers = frozenset((token_duration, )) # Following valid tokens
2399
s = duration # String left to parse
2400
# Loop until end token is found
2401
while found_token is not token_end:
2402
# Search for any currently valid tokens
2403
for token in followers:
2404
match = token.regexp.match(s)
2405
if match is not None:
2407
if token.value is not None:
2408
# Value found, parse digits
2409
factor = int(match.group(1), 10)
2410
# Add to value so far
2411
value += factor * token.value
2412
# Strip token from string
2413
s = token.regexp.sub("", s, 1)
2416
# Set valid next tokens
2417
followers = found_token.followers
2420
# No currently valid tokens were found
2421
raise ValueError("Invalid RFC 3339 duration: {!r}"
2427
2050
def string_to_delta(interval):
2428
2051
"""Parse a string and return a datetime.timedelta
2558
2167
"debug": "False",
2560
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA"
2561
":+SIGN-DSA-SHA256",
2169
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
2562
2170
"servicename": "Mandos",
2563
2171
"use_dbus": "True",
2564
2172
"use_ipv6": "True",
2565
2173
"debuglevel": "",
2566
2174
"restore": "True",
2568
"statedir": "/var/lib/mandos",
2569
"foreground": "False",
2175
"statedir": "/var/lib/mandos"
2573
2178
# Parse config file for server-global settings
2574
2179
server_config = configparser.SafeConfigParser(server_defaults)
2575
2180
del server_defaults
2576
server_config.read(os.path.join(options.configdir, "mandos.conf"))
2181
server_config.read(os.path.join(options.configdir,
2577
2183
# Convert the SafeConfigParser object to a dict
2578
2184
server_settings = server_config.defaults()
2579
2185
# Use the appropriate methods on the non-string config options
2580
for option in ("debug", "use_dbus", "use_ipv6", "foreground"):
2186
for option in ("debug", "use_dbus", "use_ipv6"):
2581
2187
server_settings[option] = server_config.getboolean("DEFAULT",
2583
2189
if server_settings["port"]:
2584
2190
server_settings["port"] = server_config.getint("DEFAULT",
2586
if server_settings["socket"]:
2587
server_settings["socket"] = server_config.getint("DEFAULT",
2589
# Later, stdin will, and stdout and stderr might, be dup'ed
2590
# over with an opened os.devnull. But we don't want this to
2591
# happen with a supplied network socket.
2592
if 0 <= server_settings["socket"] <= 2:
2593
server_settings["socket"] = os.dup(server_settings
2595
2192
del server_config
2597
2194
# Override the settings from the config file with command line
2598
2195
# options, if set.
2599
2196
for option in ("interface", "address", "port", "debug",
2600
"priority", "servicename", "configdir", "use_dbus",
2601
"use_ipv6", "debuglevel", "restore", "statedir",
2602
"socket", "foreground", "zeroconf"):
2197
"priority", "servicename", "configdir",
2198
"use_dbus", "use_ipv6", "debuglevel", "restore",
2603
2200
value = getattr(options, option)
2604
2201
if value is not None:
2605
2202
server_settings[option] = value
2607
2204
# Force all strings to be unicode
2608
2205
for option in server_settings.keys():
2609
if isinstance(server_settings[option], bytes):
2610
server_settings[option] = (server_settings[option]
2612
# Force all boolean options to be boolean
2613
for option in ("debug", "use_dbus", "use_ipv6", "restore",
2614
"foreground", "zeroconf"):
2615
server_settings[option] = bool(server_settings[option])
2616
# Debug implies foreground
2617
if server_settings["debug"]:
2618
server_settings["foreground"] = True
2206
if type(server_settings[option]) is str:
2207
server_settings[option] = unicode(server_settings[option])
2619
2208
# Now we have our good server settings in "server_settings"
2621
2210
##################################################################
2623
if (not server_settings["zeroconf"]
2624
and not (server_settings["port"]
2625
or server_settings["socket"] != "")):
2626
parser.error("Needs port or socket to work without Zeroconf")
2628
2212
# For convenience
2629
2213
debug = server_settings["debug"]
2630
2214
debuglevel = server_settings["debuglevel"]
2738
2313
bus_name = dbus.service.BusName("se.recompile.Mandos",
2741
old_bus_name = dbus.service.BusName(
2742
"se.bsnet.fukt.Mandos", bus,
2744
except dbus.exceptions.DBusException as e:
2745
logger.error("Disabling D-Bus:", exc_info=e)
2314
bus, do_not_queue=True)
2315
old_bus_name = (dbus.service.BusName
2316
("se.bsnet.fukt.Mandos", bus,
2318
except dbus.exceptions.NameExistsException as e:
2319
logger.error(unicode(e) + ", disabling D-Bus")
2746
2320
use_dbus = False
2747
2321
server_settings["use_dbus"] = False
2748
2322
tcp_server.use_dbus = False
2750
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2751
service = AvahiServiceToSyslog(
2752
name = server_settings["servicename"],
2753
servicetype = "_mandos._tcp",
2754
protocol = protocol,
2756
if server_settings["interface"]:
2757
service.interface = if_nametoindex(
2758
server_settings["interface"].encode("utf-8"))
2323
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2324
service = AvahiServiceToSyslog(name =
2325
server_settings["servicename"],
2326
servicetype = "_mandos._tcp",
2327
protocol = protocol, bus = bus)
2328
if server_settings["interface"]:
2329
service.interface = (if_nametoindex
2330
(str(server_settings["interface"])))
2760
2332
global multiprocessing_manager
2761
2333
multiprocessing_manager = multiprocessing.Manager()
2763
2335
client_class = Client
2765
client_class = functools.partial(ClientDBus, bus = bus)
2337
client_class = functools.partial(ClientDBusTransitional,
2767
2340
client_settings = Client.config_parser(client_config)
2768
2341
old_client_settings = {}
2769
2342
clients_data = {}
2771
# This is used to redirect stdout and stderr for checker processes
2773
wnull = open(os.devnull, "w") # A writable /dev/null
2774
# Only used if server is running in foreground but not in debug
2776
if debug or not foreground:
2779
2344
# Get client data and settings from last running state.
2780
2345
if server_settings["restore"]:
2782
2347
with open(stored_state_path, "rb") as stored_state:
2783
clients_data, old_client_settings = pickle.load(
2348
clients_data, old_client_settings = (pickle.load
2785
2350
os.remove(stored_state_path)
2786
2351
except IOError as e:
2787
if e.errno == errno.ENOENT:
2788
logger.warning("Could not load persistent state:"
2789
" {}".format(os.strerror(e.errno)))
2791
logger.critical("Could not load persistent state:",
2352
logger.warning("Could not load persistent state: {0}"
2354
if e.errno != errno.ENOENT:
2794
2356
except EOFError as e:
2795
2357
logger.warning("Could not load persistent state: "
2358
"EOFError: {0}".format(e))
2799
2360
with PGPEngine() as pgp:
2800
for client_name, client in clients_data.items():
2801
# Skip removed clients
2802
if client_name not in client_settings:
2361
for client_name, client in clients_data.iteritems():
2805
2362
# Decide which value to use after restoring saved state.
2806
2363
# We have three different values: Old config file,
2807
2364
# new config file, and saved state.
3033
2551
del client_settings[client.name]["secret"]
3036
with tempfile.NamedTemporaryFile(
3040
dir=os.path.dirname(stored_state_path),
3041
delete=False) as stored_state:
2554
tempfd, tempname = tempfile.mkstemp(suffix=".pickle",
2557
(stored_state_path))
2558
with os.fdopen(tempfd, "wb") as stored_state:
3042
2559
pickle.dump((clients, client_settings), stored_state)
3043
tempname = stored_state.name
3044
2560
os.rename(tempname, stored_state_path)
3045
2561
except (IOError, OSError) as e:
2562
logger.warning("Could not save persistent state: {0}"
3048
2566
os.remove(tempname)
3049
2567
except NameError:
3051
if e.errno in (errno.ENOENT, errno.EACCES, errno.EEXIST):
3052
logger.warning("Could not save persistent state: {}"
3053
.format(os.strerror(e.errno)))
3055
logger.warning("Could not save persistent state:",
2569
if e.errno not in set((errno.ENOENT, errno.EACCES,
3059
2573
# Delete all clients, and settings from config
3060
2574
while tcp_server.clients:
3061
2575
name, client = tcp_server.clients.popitem()
3063
2577
client.remove_from_connection()
3064
# Don't signal the disabling
2578
# Don't signal anything except ClientRemoved
3065
2579
client.disable(quiet=True)
3066
# Emit D-Bus signal for removal
3067
mandos_dbus_service.client_removed_signal(client)
2582
mandos_dbus_service.ClientRemoved(client
3068
2585
client_settings.clear()
3070
2587
atexit.register(cleanup)
3072
2589
for client in tcp_server.clients.itervalues():
3074
# Emit D-Bus signal for adding
3075
mandos_dbus_service.client_added_signal(client)
2592
mandos_dbus_service.ClientAdded(client.dbus_object_path)
3076
2593
# Need to initiate checking of clients
3077
2594
if client.enabled:
3078
2595
client.init_checker()