To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 572
- compare with another revision
- download diff
- download tarball
- view history from revision 572
- Committer: Teddy Hogeborn
- Date: 2012-05-05 09:33:27 UTC
- Revision ID: teddy@recompile.se-20120505093327-kzn0kkia6rhpciwd
* mandos-ctl: Break long lines.
* mandos-monitor: - '' -
* mandos-monitor: - '' -
- files removed:
- debian/mandos-client.examples
- debian/upstream
- plugin-helpers
- files modified:
- .bzrignore
added
removed
mandos
1
#!/usr/bin/python2.7
1
#!/usr/bin/python
2
2
# -*- mode: python; coding: utf-8 -*-
3
3
#
4
4
# Mandos server - give out binary blobs to connecting clients.
11
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008-2015 Teddy Hogeborn
15
# Copyright © 2008-2015 Björn Påhlsson
14
# Copyright © 2008-2012 Teddy Hogeborn
15
# Copyright © 2008-2012 Björn Påhlsson
16
16
#
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
34
34
from __future__ import (division, absolute_import, print_function,
35
35
unicode_literals)
36
36
37
from future_builtins import *
38
39
try:
40
import SocketServer as socketserver
41
except ImportError:
42
import socketserver
37
import SocketServer as socketserver
43
38
import socket
44
39
import argparse
45
40
import datetime
50
45
import gnutls.library.functions
51
46
import gnutls.library.constants
52
47
import gnutls.library.types
53
try:
54
import ConfigParser as configparser
55
except ImportError:
56
import configparser
48
import ConfigParser as configparser
57
49
import sys
58
50
import re
59
51
import os
68
60
import struct
69
61
import fcntl
70
62
import functools
71
try:
72
import cPickle as pickle
73
except ImportError:
74
import pickle
63
import cPickle as pickle
75
64
import multiprocessing
76
65
import types
77
66
import binascii
78
67
import tempfile
79
68
import itertools
80
import collections
81
import codecs
82
69
83
70
import dbus
84
71
import dbus.service
85
try:
86
import gobject
87
except ImportError:
88
from gi.repository import GObject as gobject
72
import gobject
89
73
import avahi
90
74
from dbus.mainloop.glib import DBusGMainLoop
91
75
import ctypes
92
76
import ctypes.util
93
77
import xml.dom.minidom
94
78
import inspect
79
import GnuPGInterface
95
80
96
81
try:
97
82
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
101
86
except ImportError:
102
87
SO_BINDTODEVICE = None
103
88
104
if sys.version_info.major == 2:
105
str = unicode
106
107
version = "1.7.1"
89
version = "1.5.3"
108
90
stored_state_file = "clients.pickle"
109
91
110
92
logger = logging.getLogger()
111
syslogger = None
93
syslogger = (logging.handlers.SysLogHandler
94
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
95
address = str("/dev/log")))
112
96
113
97
try:
114
if_nametoindex = ctypes.cdll.LoadLibrary(
115
ctypes.util.find_library("c")).if_nametoindex
98
if_nametoindex = (ctypes.cdll.LoadLibrary
99
(ctypes.util.find_library("c"))
100
.if_nametoindex)
116
101
except (OSError, AttributeError):
117
118
102
def if_nametoindex(interface):
119
103
"Get an interface index the hard way, i.e. using fcntl()"
120
104
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
121
105
with contextlib.closing(socket.socket()) as s:
122
106
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
123
struct.pack(b"16s16x", interface))
124
interface_index = struct.unpack("I", ifreq[16:20])[0]
107
struct.pack(str("16s16x"),
108
interface))
109
interface_index = struct.unpack(str("I"),
110
ifreq[16:20])[0]
125
111
return interface_index
126
112
127
113
128
114
def initlogger(debug, level=logging.WARNING):
129
115
"""init logger and add loglevel"""
130
116
131
global syslogger
132
syslogger = (logging.handlers.SysLogHandler(
133
facility = logging.handlers.SysLogHandler.LOG_DAEMON,
134
address = "/dev/log"))
135
117
syslogger.setFormatter(logging.Formatter
136
118
('Mandos [%(process)d]: %(levelname)s:'
137
119
' %(message)s'))
154
136
155
137
class PGPEngine(object):
156
138
"""A simple class for OpenPGP symmetric encryption & decryption"""
157
158
139
def __init__(self):
140
self.gnupg = GnuPGInterface.GnuPG()
159
141
self.tempdir = tempfile.mkdtemp(prefix="mandos-")
160
self.gnupgargs = ['--batch',
161
'--home', self.tempdir,
162
'--force-mdc',
163
'--quiet',
164
'--no-use-agent']
142
self.gnupg = GnuPGInterface.GnuPG()
143
self.gnupg.options.meta_interactive = False
144
self.gnupg.options.homedir = self.tempdir
145
self.gnupg.options.extra_args.extend(['--force-mdc',
146
'--quiet',
147
'--no-use-agent'])
165
148
166
149
def __enter__(self):
167
150
return self
168
151
169
def __exit__(self, exc_type, exc_value, traceback):
152
def __exit__ (self, exc_type, exc_value, traceback):
170
153
self._cleanup()
171
154
return False
172
155
189
172
def password_encode(self, password):
190
173
# Passphrase can not be empty and can not contain newlines or
191
174
# NUL bytes. So we prefix it and hex encode it.
192
encoded = b"mandos" + binascii.hexlify(password)
193
if len(encoded) > 2048:
194
# GnuPG can't handle long passwords, so encode differently
195
encoded = (b"mandos" + password.replace(b"\\", b"\\\\")
196
.replace(b"\n", b"\\n")
197
.replace(b"\0", b"\\x00"))
198
return encoded
175
return b"mandos" + binascii.hexlify(password)
199
176
200
177
def encrypt(self, data, password):
201
passphrase = self.password_encode(password)
202
with tempfile.NamedTemporaryFile(
203
dir=self.tempdir) as passfile:
204
passfile.write(passphrase)
205
passfile.flush()
206
proc = subprocess.Popen(['gpg', '--symmetric',
207
'--passphrase-file',
208
passfile.name]
209
+ self.gnupgargs,
210
stdin = subprocess.PIPE,
211
stdout = subprocess.PIPE,
212
stderr = subprocess.PIPE)
213
ciphertext, err = proc.communicate(input = data)
214
if proc.returncode != 0:
215
raise PGPError(err)
178
self.gnupg.passphrase = self.password_encode(password)
179
with open(os.devnull, "w") as devnull:
180
try:
181
proc = self.gnupg.run(['--symmetric'],
182
create_fhs=['stdin', 'stdout'],
183
attach_fhs={'stderr': devnull})
184
with contextlib.closing(proc.handles['stdin']) as f:
185
f.write(data)
186
with contextlib.closing(proc.handles['stdout']) as f:
187
ciphertext = f.read()
188
proc.wait()
189
except IOError as e:
190
raise PGPError(e)
191
self.gnupg.passphrase = None
216
192
return ciphertext
217
193
218
194
def decrypt(self, data, password):
219
passphrase = self.password_encode(password)
220
with tempfile.NamedTemporaryFile(
221
dir = self.tempdir) as passfile:
222
passfile.write(passphrase)
223
passfile.flush()
224
proc = subprocess.Popen(['gpg', '--decrypt',
225
'--passphrase-file',
226
passfile.name]
227
+ self.gnupgargs,
228
stdin = subprocess.PIPE,
229
stdout = subprocess.PIPE,
230
stderr = subprocess.PIPE)
231
decrypted_plaintext, err = proc.communicate(input = data)
232
if proc.returncode != 0:
233
raise PGPError(err)
195
self.gnupg.passphrase = self.password_encode(password)
196
with open(os.devnull, "w") as devnull:
197
try:
198
proc = self.gnupg.run(['--decrypt'],
199
create_fhs=['stdin', 'stdout'],
200
attach_fhs={'stderr': devnull})
201
with contextlib.closing(proc.handles['stdin']) as f:
202
f.write(data)
203
with contextlib.closing(proc.handles['stdout']) as f:
204
decrypted_plaintext = f.read()
205
proc.wait()
206
except IOError as e:
207
raise PGPError(e)
208
self.gnupg.passphrase = None
234
209
return decrypted_plaintext
235
210
236
211
212
237
213
class AvahiError(Exception):
238
214
def __init__(self, value, *args, **kwargs):
239
215
self.value = value
240
return super(AvahiError, self).__init__(value, *args,
241
**kwargs)
242
216
super(AvahiError, self).__init__(value, *args, **kwargs)
217
def __unicode__(self):
218
return unicode(repr(self.value))
243
219
244
220
class AvahiServiceError(AvahiError):
245
221
pass
246
222
247
248
223
class AvahiGroupError(AvahiError):
249
224
pass
250
225
257
232
Used to optionally bind to the specified interface.
258
233
name: string; Example: 'Mandos'
259
234
type: string; Example: '_mandos._tcp'.
260
See <https://www.iana.org/assignments/service-names-port-numbers>
235
See <http://www.dns-sd.org/ServiceTypes.html>
261
236
port: integer; what port to announce
262
237
TXT: list of strings; TXT record for the service
263
238
domain: string; Domain to publish on, default to .local if empty.
269
244
server: D-Bus Server
270
245
bus: dbus.SystemBus()
271
246
"""
272
273
def __init__(self,
274
interface = avahi.IF_UNSPEC,
275
name = None,
276
servicetype = None,
277
port = None,
278
TXT = None,
279
domain = "",
280
host = "",
281
max_renames = 32768,
282
protocol = avahi.PROTO_UNSPEC,
283
bus = None):
247
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
248
servicetype = None, port = None, TXT = None,
249
domain = "", host = "", max_renames = 32768,
250
protocol = avahi.PROTO_UNSPEC, bus = None):
284
251
self.interface = interface
285
252
self.name = name
286
253
self.type = servicetype
295
262
self.server = None
296
263
self.bus = bus
297
264
self.entry_group_state_changed_match = None
298
299
def rename(self, remove=True):
265
def rename(self):
300
266
"""Derived from the Avahi example code"""
301
267
if self.rename_count >= self.max_renames:
302
268
logger.critical("No suitable Zeroconf service name found"
303
269
" after %i retries, exiting.",
304
270
self.rename_count)
305
271
raise AvahiServiceError("Too many renames")
306
self.name = str(
307
self.server.GetAlternativeServiceName(self.name))
308
self.rename_count += 1
272
self.name = unicode(self.server
273
.GetAlternativeServiceName(self.name))
309
274
logger.info("Changing Zeroconf service name to %r ...",
310
275
self.name)
311
if remove:
312
self.remove()
276
self.remove()
313
277
try:
314
278
self.add()
315
279
except dbus.exceptions.DBusException as error:
316
if (error.get_dbus_name()
317
== "org.freedesktop.Avahi.CollisionError"):
318
logger.info("Local Zeroconf service name collision.")
319
return self.rename(remove=False)
320
else:
321
logger.critical("D-Bus Exception", exc_info=error)
322
self.cleanup()
323
os._exit(1)
324
280
logger.critical("D-Bus Exception", exc_info=error)
281
self.cleanup()
282
os._exit(1)
283
self.rename_count += 1
325
284
def remove(self):
326
285
"""Derived from the Avahi example code"""
327
286
if self.entry_group_state_changed_match is not None:
329
288
self.entry_group_state_changed_match = None
330
289
if self.group is not None:
331
290
self.group.Reset()
332
333
291
def add(self):
334
292
"""Derived from the Avahi example code"""
335
293
self.remove()
352
310
dbus.UInt16(self.port),
353
311
avahi.string_array_to_txt_array(self.TXT))
354
312
self.group.Commit()
355
356
313
def entry_group_state_changed(self, state, error):
357
314
"""Derived from the Avahi example code"""
358
315
logger.debug("Avahi entry group state change: %i", state)
364
321
self.rename()
365
322
elif state == avahi.ENTRY_GROUP_FAILURE:
366
323
logger.critical("Avahi: Error in group state changed %s",
367
str(error))
368
raise AvahiGroupError("State changed: {!s}".format(error))
369
324
unicode(error))
325
raise AvahiGroupError("State changed: {0!s}"
326
.format(error))
370
327
def cleanup(self):
371
328
"""Derived from the Avahi example code"""
372
329
if self.group is not None:
377
334
pass
378
335
self.group = None
379
336
self.remove()
380
381
337
def server_state_changed(self, state, error=None):
382
338
"""Derived from the Avahi example code"""
383
339
logger.debug("Avahi server state change: %i", state)
384
bad_states = {
385
avahi.SERVER_INVALID: "Zeroconf server invalid",
386
avahi.SERVER_REGISTERING: None,
387
avahi.SERVER_COLLISION: "Zeroconf server name collision",
388
avahi.SERVER_FAILURE: "Zeroconf server failure",
389
}
340
bad_states = { avahi.SERVER_INVALID:
341
"Zeroconf server invalid",
342
avahi.SERVER_REGISTERING: None,
343
avahi.SERVER_COLLISION:
344
"Zeroconf server name collision",
345
avahi.SERVER_FAILURE:
346
"Zeroconf server failure" }
390
347
if state in bad_states:
391
348
if bad_states[state] is not None:
392
349
if error is None:
395
352
logger.error(bad_states[state] + ": %r", error)
396
353
self.cleanup()
397
354
elif state == avahi.SERVER_RUNNING:
398
try:
399
self.add()
400
except dbus.exceptions.DBusException as error:
401
if (error.get_dbus_name()
402
== "org.freedesktop.Avahi.CollisionError"):
403
logger.info("Local Zeroconf service name"
404
" collision.")
405
return self.rename(remove=False)
406
else:
407
logger.critical("D-Bus Exception", exc_info=error)
408
self.cleanup()
409
os._exit(1)
355
self.add()
410
356
else:
411
357
if error is None:
412
358
logger.debug("Unknown state: %r", state)
413
359
else:
414
360
logger.debug("Unknown state: %r: %r", state, error)
415
416
361
def activate(self):
417
362
"""Derived from the Avahi example code"""
418
363
if self.server is None:
422
367
follow_name_owner_changes=True),
423
368
avahi.DBUS_INTERFACE_SERVER)
424
369
self.server.connect_to_signal("StateChanged",
425
self.server_state_changed)
370
self.server_state_changed)
426
371
self.server_state_changed(self.server.GetState())
427
372
428
429
373
class AvahiServiceToSyslog(AvahiService):
430
def rename(self, *args, **kwargs):
374
def rename(self):
431
375
"""Add the new name to the syslog messages"""
432
ret = AvahiService.rename(self, *args, **kwargs)
433
syslogger.setFormatter(logging.Formatter(
434
'Mandos ({}) [%(process)d]: %(levelname)s: %(message)s'
435
.format(self.name)))
376
ret = AvahiService.rename(self)
377
syslogger.setFormatter(logging.Formatter
378
('Mandos ({0}) [%(process)d]:'
379
' %(levelname)s: %(message)s'
380
.format(self.name)))
436
381
return ret
437
382
438
def call_pipe(connection, # : multiprocessing.Connection
439
func, *args, **kwargs):
440
"""This function is meant to be called by multiprocessing.Process
441
442
This function runs func(*args, **kwargs), and writes the resulting
443
return value on the provided multiprocessing.Connection.
444
"""
445
connection.send(func(*args, **kwargs))
446
connection.close()
447
383
def timedelta_to_milliseconds(td):
384
"Convert a datetime.timedelta() to milliseconds"
385
return ((td.days * 24 * 60 * 60 * 1000)
386
+ (td.seconds * 1000)
387
+ (td.microseconds // 1000))
388
448
389
class Client(object):
449
390
"""A representation of a client host served by this server.
450
391
476
417
last_checker_status: integer between 0 and 255 reflecting exit
477
418
status of last checker. -1 reflects crashed
478
419
checker, -2 means no checker completed yet.
479
last_checker_signal: The signal which killed the last checker, if
480
last_checker_status is -1
481
420
last_enabled: datetime.datetime(); (UTC) or None
482
421
name: string; from the config file, used in log messages and
483
422
D-Bus identifiers
488
427
runtime_expansions: Allowed attributes for runtime expansion.
489
428
expires: datetime.datetime(); time (UTC) when a client will be
490
429
disabled, or None
491
server_settings: The server_settings dict from main()
492
430
"""
493
431
494
432
runtime_expansions = ("approval_delay", "approval_duration",
495
"created", "enabled", "expires",
496
"fingerprint", "host", "interval",
497
"last_approval_request", "last_checked_ok",
433
"created", "enabled", "fingerprint",
434
"host", "interval", "last_checked_ok",
498
435
"last_enabled", "name", "timeout")
499
client_defaults = {
500
"timeout": "PT5M",
501
"extended_timeout": "PT15M",
502
"interval": "PT2M",
503
"checker": "fping -q -- %%(host)s",
504
"host": "",
505
"approval_delay": "PT0S",
506
"approval_duration": "PT1S",
507
"approved_by_default": "True",
508
"enabled": "True",
509
}
510
436
client_defaults = { "timeout": "5m",
437
"extended_timeout": "15m",
438
"interval": "2m",
439
"checker": "fping -q -- %%(host)s",
440
"host": "",
441
"approval_delay": "0s",
442
"approval_duration": "1s",
443
"approved_by_default": "True",
444
"enabled": "True",
445
}
446
447
def timeout_milliseconds(self):
448
"Return the 'timeout' attribute in milliseconds"
449
return timedelta_to_milliseconds(self.timeout)
450
451
def extended_timeout_milliseconds(self):
452
"Return the 'extended_timeout' attribute in milliseconds"
453
return timedelta_to_milliseconds(self.extended_timeout)
454
455
def interval_milliseconds(self):
456
"Return the 'interval' attribute in milliseconds"
457
return timedelta_to_milliseconds(self.interval)
458
459
def approval_delay_milliseconds(self):
460
return timedelta_to_milliseconds(self.approval_delay)
461
511
462
@staticmethod
512
463
def config_parser(config):
513
464
"""Construct a new dict of client settings of this form:
528
479
client["enabled"] = config.getboolean(client_name,
529
480
"enabled")
530
481
531
# Uppercase and remove spaces from fingerprint for later
532
# comparison purposes with return value from the
533
# fingerprint() function
534
482
client["fingerprint"] = (section["fingerprint"].upper()
535
483
.replace(" ", ""))
536
484
if "secret" in section:
541
489
"rb") as secfile:
542
490
client["secret"] = secfile.read()
543
491
else:
544
raise TypeError("No secret or secfile for section {}"
492
raise TypeError("No secret or secfile for section {0}"
545
493
.format(section))
546
494
client["timeout"] = string_to_delta(section["timeout"])
547
495
client["extended_timeout"] = string_to_delta(
557
505
client["last_checker_status"] = -2
558
506
559
507
return settings
560
561
def __init__(self, settings, name = None, server_settings=None):
508
509
510
def __init__(self, settings, name = None):
511
"""Note: the 'checker' key in 'config' sets the
512
'checker_command' attribute and *not* the 'checker'
513
attribute."""
562
514
self.name = name
563
if server_settings is None:
564
server_settings = {}
565
self.server_settings = server_settings
566
515
# adding all client settings
567
for setting, value in settings.items():
516
for setting, value in settings.iteritems():
568
517
setattr(self, setting, value)
569
518
570
519
if self.enabled:
576
525
else:
577
526
self.last_enabled = None
578
527
self.expires = None
579
528
580
529
logger.debug("Creating client %r", self.name)
530
# Uppercase and remove spaces from fingerprint for later
531
# comparison purposes with return value from the fingerprint()
532
# function
581
533
logger.debug(" Fingerprint: %s", self.fingerprint)
582
534
self.created = settings.get("created",
583
535
datetime.datetime.utcnow())
584
536
585
537
# attributes specific for this server instance
586
538
self.checker = None
587
539
self.checker_initiator_tag = None
590
542
self.current_checker_command = None
591
543
self.approved = None
592
544
self.approvals_pending = 0
593
self.changedstate = multiprocessing_manager.Condition(
594
multiprocessing_manager.Lock())
595
self.client_structure = [attr
596
for attr in self.__dict__.iterkeys()
545
self.changedstate = (multiprocessing_manager
546
.Condition(multiprocessing_manager
547
.Lock()))
548
self.client_structure = [attr for attr in
549
self.__dict__.iterkeys()
597
550
if not attr.startswith("_")]
598
551
self.client_structure.append("client_structure")
599
552
600
for name, t in inspect.getmembers(
601
type(self), lambda obj: isinstance(obj, property)):
553
for name, t in inspect.getmembers(type(self),
554
lambda obj:
555
isinstance(obj,
556
property)):
602
557
if not name.startswith("_"):
603
558
self.client_structure.append(name)
604
559
612
567
if getattr(self, "enabled", False):
613
568
# Already enabled
614
569
return
570
self.send_changedstate()
615
571
self.expires = datetime.datetime.utcnow() + self.timeout
616
572
self.enabled = True
617
573
self.last_enabled = datetime.datetime.utcnow()
618
574
self.init_checker()
619
self.send_changedstate()
620
575
621
576
def disable(self, quiet=True):
622
577
"""Disable this client."""
623
578
if not getattr(self, "enabled", False):
624
579
return False
625
580
if not quiet:
581
self.send_changedstate()
582
if not quiet:
626
583
logger.info("Disabling client %s", self.name)
627
if getattr(self, "disable_initiator_tag", None) is not None:
584
if getattr(self, "disable_initiator_tag", False):
628
585
gobject.source_remove(self.disable_initiator_tag)
629
586
self.disable_initiator_tag = None
630
587
self.expires = None
631
if getattr(self, "checker_initiator_tag", None) is not None:
588
if getattr(self, "checker_initiator_tag", False):
632
589
gobject.source_remove(self.checker_initiator_tag)
633
590
self.checker_initiator_tag = None
634
591
self.stop_checker()
635
592
self.enabled = False
636
if not quiet:
637
self.send_changedstate()
638
593
# Do not run this again if called by a gobject.timeout_add
639
594
return False
640
595
644
599
def init_checker(self):
645
600
# Schedule a new checker to be started an 'interval' from now,
646
601
# and every interval from then on.
647
if self.checker_initiator_tag is not None:
648
gobject.source_remove(self.checker_initiator_tag)
649
self.checker_initiator_tag = gobject.timeout_add(
650
int(self.interval.total_seconds() * 1000),
651
self.start_checker)
602
self.checker_initiator_tag = (gobject.timeout_add
603
(self.interval_milliseconds(),
604
self.start_checker))
652
605
# Schedule a disable() when 'timeout' has passed
653
if self.disable_initiator_tag is not None:
654
gobject.source_remove(self.disable_initiator_tag)
655
self.disable_initiator_tag = gobject.timeout_add(
656
int(self.timeout.total_seconds() * 1000), self.disable)
606
self.disable_initiator_tag = (gobject.timeout_add
607
(self.timeout_milliseconds(),
608
self.disable))
657
609
# Also start a new checker *right now*.
658
610
self.start_checker()
659
611
660
def checker_callback(self, source, condition, connection,
661
command):
612
def checker_callback(self, pid, condition, command):
662
613
"""The checker has completed, so take appropriate actions."""
663
614
self.checker_callback_tag = None
664
615
self.checker = None
665
# Read return code from connection (see call_pipe)
666
returncode = connection.recv()
667
connection.close()
668
669
if returncode >= 0:
670
self.last_checker_status = returncode
671
self.last_checker_signal = None
616
if os.WIFEXITED(condition):
617
self.last_checker_status = os.WEXITSTATUS(condition)
672
618
if self.last_checker_status == 0:
673
619
logger.info("Checker for %(name)s succeeded",
674
620
vars(self))
675
621
self.checked_ok()
676
622
else:
677
logger.info("Checker for %(name)s failed", vars(self))
623
logger.info("Checker for %(name)s failed",
624
vars(self))
678
625
else:
679
626
self.last_checker_status = -1
680
self.last_checker_signal = -returncode
681
627
logger.warning("Checker for %(name)s crashed?",
682
628
vars(self))
683
return False
684
629
685
630
def checked_ok(self):
686
631
"""Assert that the client has been seen, alive and well."""
687
632
self.last_checked_ok = datetime.datetime.utcnow()
688
633
self.last_checker_status = 0
689
self.last_checker_signal = None
690
634
self.bump_timeout()
691
635
692
636
def bump_timeout(self, timeout=None):
695
639
timeout = self.timeout
696
640
if self.disable_initiator_tag is not None:
697
641
gobject.source_remove(self.disable_initiator_tag)
698
self.disable_initiator_tag = None
699
642
if getattr(self, "enabled", False):
700
self.disable_initiator_tag = gobject.timeout_add(
701
int(timeout.total_seconds() * 1000), self.disable)
643
self.disable_initiator_tag = (gobject.timeout_add
644
(timedelta_to_milliseconds
645
(timeout), self.disable))
702
646
self.expires = datetime.datetime.utcnow() + timeout
703
647
704
648
def need_approval(self):
710
654
If a checker already exists, leave it running and do
711
655
nothing."""
712
656
# The reason for not killing a running checker is that if we
713
# did that, and if a checker (for some reason) started running
714
# slowly and taking more than 'interval' time, then the client
715
# would inevitably timeout, since no checker would get a
716
# chance to run to completion. If we instead leave running
657
# did that, then if a checker (for some reason) started
658
# running slowly and taking more than 'interval' time, the
659
# client would inevitably timeout, since no checker would get
660
# a chance to run to completion. If we instead leave running
717
661
# checkers alone, the checker would have to take more time
718
662
# than 'timeout' for the client to be disabled, which is as it
719
663
# should be.
720
664
721
if self.checker is not None and not self.checker.is_alive():
722
logger.warning("Checker was not alive; joining")
723
self.checker.join()
724
self.checker = None
665
# If a checker exists, make sure it is not a zombie
666
try:
667
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
668
except (AttributeError, OSError) as error:
669
if (isinstance(error, OSError)
670
and error.errno != errno.ECHILD):
671
raise error
672
else:
673
if pid:
674
logger.warning("Checker was a zombie")
675
gobject.source_remove(self.checker_callback_tag)
676
self.checker_callback(pid, status,
677
self.current_checker_command)
725
678
# Start a new checker if needed
726
679
if self.checker is None:
727
# Escape attributes for the shell
728
escaped_attrs = {
729
attr: re.escape(str(getattr(self, attr)))
730
for attr in self.runtime_expansions }
731
try:
732
command = self.checker_command % escaped_attrs
733
except TypeError as error:
734
logger.error('Could not format string "%s"',
735
self.checker_command,
680
try:
681
# In case checker_command has exactly one % operator
682
command = self.checker_command % self.host
683
except TypeError:
684
# Escape attributes for the shell
685
escaped_attrs = dict(
686
(attr,
687
re.escape(unicode(str(getattr(self, attr, "")),
688
errors=
689
'replace')))
690
for attr in
691
self.runtime_expansions)
692
693
try:
694
command = self.checker_command % escaped_attrs
695
except TypeError as error:
696
logger.error('Could not format string "%s"',
697
self.checker_command, exc_info=error)
698
return True # Try again later
699
self.current_checker_command = command
700
try:
701
logger.info("Starting checker %r for %s",
702
command, self.name)
703
# We don't need to redirect stdout and stderr, since
704
# in normal mode, that is already done by daemon(),
705
# and in debug mode we don't want to. (Stdin is
706
# always replaced by /dev/null.)
707
self.checker = subprocess.Popen(command,
708
close_fds=True,
709
shell=True, cwd="/")
710
self.checker_callback_tag = (gobject.child_watch_add
711
(self.checker.pid,
712
self.checker_callback,
713
data=command))
714
# The checker may have completed before the gobject
715
# watch was added. Check for this.
716
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
717
if pid:
718
gobject.source_remove(self.checker_callback_tag)
719
self.checker_callback(pid, status, command)
720
except OSError as error:
721
logger.error("Failed to start subprocess",
736
722
exc_info=error)
737
return True # Try again later
738
self.current_checker_command = command
739
logger.info("Starting checker %r for %s", command,
740
self.name)
741
# We don't need to redirect stdout and stderr, since
742
# in normal mode, that is already done by daemon(),
743
# and in debug mode we don't want to. (Stdin is
744
# always replaced by /dev/null.)
745
# The exception is when not debugging but nevertheless
746
# running in the foreground; use the previously
747
# created wnull.
748
popen_args = { "close_fds": True,
749
"shell": True,
750
"cwd": "/" }
751
if (not self.server_settings["debug"]
752
and self.server_settings["foreground"]):
753
popen_args.update({"stdout": wnull,
754
"stderr": wnull })
755
pipe = multiprocessing.Pipe(duplex = False)
756
self.checker = multiprocessing.Process(
757
target = call_pipe,
758
args = (pipe[1], subprocess.call, command),
759
kwargs = popen_args)
760
self.checker.start()
761
self.checker_callback_tag = gobject.io_add_watch(
762
pipe[0].fileno(), gobject.IO_IN,
763
self.checker_callback, pipe[0], command)
764
723
# Re-run this periodically if run by gobject.timeout_add
765
724
return True
766
725
772
731
if getattr(self, "checker", None) is None:
773
732
return
774
733
logger.debug("Stopping checker for %(name)s", vars(self))
775
self.checker.terminate()
734
try:
735
self.checker.terminate()
736
#time.sleep(0.5)
737
#if self.checker.poll() is None:
738
# self.checker.kill()
739
except OSError as error:
740
if error.errno != errno.ESRCH: # No such process
741
raise
776
742
self.checker = None
777
743
778
744
779
def dbus_service_property(dbus_interface,
780
signature="v",
781
access="readwrite",
782
byte_arrays=False):
745
def dbus_service_property(dbus_interface, signature="v",
746
access="readwrite", byte_arrays=False):
783
747
"""Decorators for marking methods of a DBusObjectWithProperties to
784
748
become properties on the D-Bus.
785
749
794
758
# "Set" method, so we fail early here:
795
759
if byte_arrays and signature != "ay":
796
760
raise ValueError("Byte arrays not supported for non-'ay'"
797
" signature {!r}".format(signature))
798
761
" signature {0!r}".format(signature))
799
762
def decorator(func):
800
763
func._dbus_is_property = True
801
764
func._dbus_interface = dbus_interface
806
769
func._dbus_name = func._dbus_name[:-14]
807
770
func._dbus_get_args_options = {'byte_arrays': byte_arrays }
808
771
return func
809
810
772
return decorator
811
773
812
774
813
775
def dbus_interface_annotations(dbus_interface):
814
"""Decorator for marking functions returning interface annotations
776
"""Decorator for marking functions returning interface annotations.
815
777
816
778
Usage:
817
779
821
783
"org.freedesktop.DBus.Property.EmitsChangedSignal":
822
784
"false"}
823
785
"""
824
825
786
def decorator(func):
826
787
func._dbus_is_interface = True
827
788
func._dbus_interface = dbus_interface
828
789
func._dbus_name = dbus_interface
829
790
return func
830
831
791
return decorator
832
792
833
793
835
795
"""Decorator to annotate D-Bus methods, signals or properties
836
796
Usage:
837
797
838
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true",
839
"org.freedesktop.DBus.Property."
840
"EmitsChangedSignal": "false"})
841
798
@dbus_service_property("org.example.Interface", signature="b",
842
799
access="r")
800
@dbus_annotations({{"org.freedesktop.DBus.Deprecated": "true",
801
"org.freedesktop.DBus.Property."
802
"EmitsChangedSignal": "false"})
843
803
def Property_dbus_property(self):
844
804
return dbus.Boolean(False)
845
846
See also the DBusObjectWithAnnotations class.
847
805
"""
848
849
806
def decorator(func):
850
807
func._dbus_annotations = annotations
851
808
return func
852
853
809
return decorator
854
810
855
811
856
812
class DBusPropertyException(dbus.exceptions.DBusException):
857
813
"""A base class for D-Bus property-related exceptions
858
814
"""
859
pass
815
def __unicode__(self):
816
return unicode(str(self))
860
817
861
818
862
819
class DBusPropertyAccessException(DBusPropertyException):
871
828
pass
872
829
873
830
874
class DBusObjectWithAnnotations(dbus.service.Object):
875
"""A D-Bus object with annotations.
831
class DBusObjectWithProperties(dbus.service.Object):
832
"""A D-Bus object with properties.
876
833
877
Classes inheriting from this can use the dbus_annotations
878
decorator to add annotations to methods or signals.
834
Classes inheriting from this can use the dbus_service_property
835
decorator to expose methods as D-Bus properties. It exposes the
836
standard Get(), Set(), and GetAll() methods on the D-Bus.
879
837
"""
880
838
881
839
@staticmethod
885
843
If called like _is_dbus_thing("method") it returns a function
886
844
suitable for use as predicate to inspect.getmembers().
887
845
"""
888
return lambda obj: getattr(obj, "_dbus_is_{}".format(thing),
846
return lambda obj: getattr(obj, "_dbus_is_{0}".format(thing),
889
847
False)
890
848
891
849
def _get_all_dbus_things(self, thing):
892
850
"""Returns a generator of (name, attribute) pairs
893
851
"""
894
return ((getattr(athing.__get__(self), "_dbus_name", name),
852
return ((getattr(athing.__get__(self), "_dbus_name",
853
name),
895
854
athing.__get__(self))
896
855
for cls in self.__class__.__mro__
897
856
for name, athing in
898
inspect.getmembers(cls, self._is_dbus_thing(thing)))
899
900
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
901
out_signature = "s",
902
path_keyword = 'object_path',
903
connection_keyword = 'connection')
904
def Introspect(self, object_path, connection):
905
"""Overloading of standard D-Bus method.
906
907
Inserts annotation tags on methods and signals.
908
"""
909
xmlstring = dbus.service.Object.Introspect(self, object_path,
910
connection)
911
try:
912
document = xml.dom.minidom.parseString(xmlstring)
913
914
for if_tag in document.getElementsByTagName("interface"):
915
# Add annotation tags
916
for typ in ("method", "signal"):
917
for tag in if_tag.getElementsByTagName(typ):
918
annots = dict()
919
for name, prop in (self.
920
_get_all_dbus_things(typ)):
921
if (name == tag.getAttribute("name")
922
and prop._dbus_interface
923
== if_tag.getAttribute("name")):
924
annots.update(getattr(
925
prop, "_dbus_annotations", {}))
926
for name, value in annots.items():
927
ann_tag = document.createElement(
928
"annotation")
929
ann_tag.setAttribute("name", name)
930
ann_tag.setAttribute("value", value)
931
tag.appendChild(ann_tag)
932
# Add interface annotation tags
933
for annotation, value in dict(
934
itertools.chain.from_iterable(
935
annotations().items()
936
for name, annotations
937
in self._get_all_dbus_things("interface")
938
if name == if_tag.getAttribute("name")
939
)).items():
940
ann_tag = document.createElement("annotation")
941
ann_tag.setAttribute("name", annotation)
942
ann_tag.setAttribute("value", value)
943
if_tag.appendChild(ann_tag)
944
# Fix argument name for the Introspect method itself
945
if (if_tag.getAttribute("name")
946
== dbus.INTROSPECTABLE_IFACE):
947
for cn in if_tag.getElementsByTagName("method"):
948
if cn.getAttribute("name") == "Introspect":
949
for arg in cn.getElementsByTagName("arg"):
950
if (arg.getAttribute("direction")
951
== "out"):
952
arg.setAttribute("name",
953
"xml_data")
954
xmlstring = document.toxml("utf-8")
955
document.unlink()
956
except (AttributeError, xml.dom.DOMException,
957
xml.parsers.expat.ExpatError) as error:
958
logger.error("Failed to override Introspection method",
959
exc_info=error)
960
return xmlstring
961
962
963
class DBusObjectWithProperties(DBusObjectWithAnnotations):
964
"""A D-Bus object with properties.
965
966
Classes inheriting from this can use the dbus_service_property
967
decorator to expose methods as D-Bus properties. It exposes the
968
standard Get(), Set(), and GetAll() methods on the D-Bus.
969
"""
857
inspect.getmembers(cls,
858
self._is_dbus_thing(thing)))
970
859
971
860
def _get_dbus_property(self, interface_name, property_name):
972
861
"""Returns a bound method if one exists which is a D-Bus
973
862
property with the specified name and interface.
974
863
"""
975
for cls in self.__class__.__mro__:
976
for name, value in inspect.getmembers(
977
cls, self._is_dbus_thing("property")):
864
for cls in self.__class__.__mro__:
865
for name, value in (inspect.getmembers
866
(cls,
867
self._is_dbus_thing("property"))):
978
868
if (value._dbus_name == property_name
979
869
and value._dbus_interface == interface_name):
980
870
return value.__get__(self)
981
871
982
872
# No such property
983
raise DBusPropertyNotFound("{}:{}.{}".format(
984
self.dbus_object_path, interface_name, property_name))
985
986
@classmethod
987
def _get_all_interface_names(cls):
988
"""Get a sequence of all interfaces supported by an object"""
989
return (name for name in set(getattr(getattr(x, attr),
990
"_dbus_interface", None)
991
for x in (inspect.getmro(cls))
992
for attr in dir(x))
993
if name is not None)
994
995
@dbus.service.method(dbus.PROPERTIES_IFACE,
996
in_signature="ss",
873
raise DBusPropertyNotFound(self.dbus_object_path + ":"
874
+ interface_name + "."
875
+ property_name)
876
877
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
997
878
out_signature="v")
998
879
def Get(self, interface_name, property_name):
999
880
"""Standard D-Bus property Get() method, see D-Bus standard.
1017
898
# The byte_arrays option is not supported yet on
1018
899
# signatures other than "ay".
1019
900
if prop._dbus_signature != "ay":
1020
raise ValueError("Byte arrays not supported for non-"
1021
"'ay' signature {!r}"
1022
.format(prop._dbus_signature))
901
raise ValueError
1023
902
value = dbus.ByteArray(b''.join(chr(byte)
1024
903
for byte in value))
1025
904
prop(value)
1026
905
1027
@dbus.service.method(dbus.PROPERTIES_IFACE,
1028
in_signature="s",
906
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
1029
907
out_signature="a{sv}")
1030
908
def GetAll(self, interface_name):
1031
909
"""Standard D-Bus property GetAll() method, see D-Bus
1046
924
if not hasattr(value, "variant_level"):
1047
925
properties[name] = value
1048
926
continue
1049
properties[name] = type(value)(
1050
value, variant_level = value.variant_level + 1)
927
properties[name] = type(value)(value, variant_level=
928
value.variant_level+1)
1051
929
return dbus.Dictionary(properties, signature="sv")
1052
930
1053
@dbus.service.signal(dbus.PROPERTIES_IFACE, signature="sa{sv}as")
1054
def PropertiesChanged(self, interface_name, changed_properties,
1055
invalidated_properties):
1056
"""Standard D-Bus PropertiesChanged() signal, see D-Bus
1057
standard.
1058
"""
1059
pass
1060
1061
931
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
1062
932
out_signature="s",
1063
933
path_keyword='object_path',
1067
937
1068
938
Inserts property tags and interface annotation tags.
1069
939
"""
1070
xmlstring = DBusObjectWithAnnotations.Introspect(self,
1071
object_path,
1072
connection)
940
xmlstring = dbus.service.Object.Introspect(self, object_path,
941
connection)
1073
942
try:
1074
943
document = xml.dom.minidom.parseString(xmlstring)
1075
1076
944
def make_tag(document, name, prop):
1077
945
e = document.createElement("property")
1078
946
e.setAttribute("name", name)
1079
947
e.setAttribute("type", prop._dbus_signature)
1080
948
e.setAttribute("access", prop._dbus_access)
1081
949
return e
1082
1083
950
for if_tag in document.getElementsByTagName("interface"):
1084
951
# Add property tags
1085
952
for tag in (make_tag(document, name, prop)
1088
955
if prop._dbus_interface
1089
956
== if_tag.getAttribute("name")):
1090
957
if_tag.appendChild(tag)
1091
# Add annotation tags for properties
1092
for tag in if_tag.getElementsByTagName("property"):
1093
annots = dict()
1094
for name, prop in self._get_all_dbus_things(
1095
"property"):
1096
if (name == tag.getAttribute("name")
1097
and prop._dbus_interface
1098
== if_tag.getAttribute("name")):
1099
annots.update(getattr(
1100
prop, "_dbus_annotations", {}))
1101
for name, value in annots.items():
1102
ann_tag = document.createElement(
1103
"annotation")
1104
ann_tag.setAttribute("name", name)
1105
ann_tag.setAttribute("value", value)
1106
tag.appendChild(ann_tag)
958
# Add annotation tags
959
for typ in ("method", "signal", "property"):
960
for tag in if_tag.getElementsByTagName(typ):
961
annots = dict()
962
for name, prop in (self.
963
_get_all_dbus_things(typ)):
964
if (name == tag.getAttribute("name")
965
and prop._dbus_interface
966
== if_tag.getAttribute("name")):
967
annots.update(getattr
968
(prop,
969
"_dbus_annotations",
970
{}))
971
for name, value in annots.iteritems():
972
ann_tag = document.createElement(
973
"annotation")
974
ann_tag.setAttribute("name", name)
975
ann_tag.setAttribute("value", value)
976
tag.appendChild(ann_tag)
977
# Add interface annotation tags
978
for annotation, value in dict(
979
itertools.chain(
980
*(annotations().iteritems()
981
for name, annotations in
982
self._get_all_dbus_things("interface")
983
if name == if_tag.getAttribute("name")
984
))).iteritems():
985
ann_tag = document.createElement("annotation")
986
ann_tag.setAttribute("name", annotation)
987
ann_tag.setAttribute("value", value)
988
if_tag.appendChild(ann_tag)
1107
989
# Add the names to the return values for the
1108
990
# "org.freedesktop.DBus.Properties" methods
1109
991
if (if_tag.getAttribute("name")
1127
1009
exc_info=error)
1128
1010
return xmlstring
1129
1011
1130
try:
1131
dbus.OBJECT_MANAGER_IFACE
1132
except AttributeError:
1133
dbus.OBJECT_MANAGER_IFACE = "org.freedesktop.DBus.ObjectManager"
1134
1135
class DBusObjectWithObjectManager(DBusObjectWithAnnotations):
1136
"""A D-Bus object with an ObjectManager.
1137
1138
Classes inheriting from this exposes the standard
1139
GetManagedObjects call and the InterfacesAdded and
1140
InterfacesRemoved signals on the standard
1141
"org.freedesktop.DBus.ObjectManager" interface.
1142
1143
Note: No signals are sent automatically; they must be sent
1144
manually.
1145
"""
1146
@dbus.service.method(dbus.OBJECT_MANAGER_IFACE,
1147
out_signature = "a{oa{sa{sv}}}")
1148
def GetManagedObjects(self):
1149
"""This function must be overridden"""
1150
raise NotImplementedError()
1151
1152
@dbus.service.signal(dbus.OBJECT_MANAGER_IFACE,
1153
signature = "oa{sa{sv}}")
1154
def InterfacesAdded(self, object_path, interfaces_and_properties):
1155
pass
1156
1157
@dbus.service.signal(dbus.OBJECT_MANAGER_IFACE, signature = "oas")
1158
def InterfacesRemoved(self, object_path, interfaces):
1159
pass
1160
1161
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
1162
out_signature = "s",
1163
path_keyword = 'object_path',
1164
connection_keyword = 'connection')
1165
def Introspect(self, object_path, connection):
1166
"""Overloading of standard D-Bus method.
1167
1168
Override return argument name of GetManagedObjects to be
1169
"objpath_interfaces_and_properties"
1170
"""
1171
xmlstring = DBusObjectWithAnnotations.Introspect(self,
1172
object_path,
1173
connection)
1174
try:
1175
document = xml.dom.minidom.parseString(xmlstring)
1176
1177
for if_tag in document.getElementsByTagName("interface"):
1178
# Fix argument name for the GetManagedObjects method
1179
if (if_tag.getAttribute("name")
1180
== dbus.OBJECT_MANAGER_IFACE):
1181
for cn in if_tag.getElementsByTagName("method"):
1182
if (cn.getAttribute("name")
1183
== "GetManagedObjects"):
1184
for arg in cn.getElementsByTagName("arg"):
1185
if (arg.getAttribute("direction")
1186
== "out"):
1187
arg.setAttribute(
1188
"name",
1189
"objpath_interfaces"
1190
"_and_properties")
1191
xmlstring = document.toxml("utf-8")
1192
document.unlink()
1193
except (AttributeError, xml.dom.DOMException,
1194
xml.parsers.expat.ExpatError) as error:
1195
logger.error("Failed to override Introspection method",
1196
exc_info = error)
1197
return xmlstring
1198
1199
def datetime_to_dbus(dt, variant_level=0):
1012
1013
def datetime_to_dbus (dt, variant_level=0):
1200
1014
"""Convert a UTC datetime.datetime() to a D-Bus type."""
1201
1015
if dt is None:
1202
1016
return dbus.String("", variant_level = variant_level)
1203
return dbus.String(dt.isoformat(), variant_level=variant_level)
1204
1205
1206
def alternate_dbus_interfaces(alt_interface_names, deprecate=True):
1207
"""A class decorator; applied to a subclass of
1208
dbus.service.Object, it will add alternate D-Bus attributes with
1209
interface names according to the "alt_interface_names" mapping.
1210
Usage:
1211
1212
@alternate_dbus_interfaces({"org.example.Interface":
1213
"net.example.AlternateInterface"})
1214
class SampleDBusObject(dbus.service.Object):
1215
@dbus.service.method("org.example.Interface")
1216
def SampleDBusMethod():
1217
pass
1218
1219
The above "SampleDBusMethod" on "SampleDBusObject" will be
1220
reachable via two interfaces: "org.example.Interface" and
1221
"net.example.AlternateInterface", the latter of which will have
1222
its D-Bus annotation "org.freedesktop.DBus.Deprecated" set to
1223
"true", unless "deprecate" is passed with a False value.
1224
1225
This works for methods and signals, and also for D-Bus properties
1226
(from DBusObjectWithProperties) and interfaces (from the
1227
dbus_interface_annotations decorator).
1017
return dbus.String(dt.isoformat(),
1018
variant_level=variant_level)
1019
1020
1021
class AlternateDBusNamesMetaclass(DBusObjectWithProperties
1022
.__metaclass__):
1023
"""Applied to an empty subclass of a D-Bus object, this metaclass
1024
will add additional D-Bus attributes matching a certain pattern.
1228
1025
"""
1229
1230
def wrapper(cls):
1231
for orig_interface_name, alt_interface_name in (
1232
alt_interface_names.items()):
1233
attr = {}
1234
interface_names = set()
1235
# Go though all attributes of the class
1236
for attrname, attribute in inspect.getmembers(cls):
1026
def __new__(mcs, name, bases, attr):
1027
# Go through all the base classes which could have D-Bus
1028
# methods, signals, or properties in them
1029
old_interface_names = []
1030
for base in (b for b in bases
1031
if issubclass(b, dbus.service.Object)):
1032
# Go though all attributes of the base class
1033
for attrname, attribute in inspect.getmembers(base):
1237
1034
# Ignore non-D-Bus attributes, and D-Bus attributes
1238
1035
# with the wrong interface name
1239
1036
if (not hasattr(attribute, "_dbus_interface")
1240
or not attribute._dbus_interface.startswith(
1241
orig_interface_name)):
1037
or not attribute._dbus_interface
1038
.startswith("se.recompile.Mandos")):
1242
1039
continue
1243
1040
# Create an alternate D-Bus interface name based on
1244
1041
# the current name
1245
alt_interface = attribute._dbus_interface.replace(
1246
orig_interface_name, alt_interface_name)
1247
interface_names.add(alt_interface)
1042
alt_interface = (attribute._dbus_interface
1043
.replace("se.recompile.Mandos",
1044
"se.bsnet.fukt.Mandos"))
1045
if alt_interface != attribute._dbus_interface:
1046
old_interface_names.append(alt_interface)
1248
1047
# Is this a D-Bus signal?
1249
1048
if getattr(attribute, "_dbus_is_signal", False):
1250
if sys.version_info.major == 2:
1251
# Extract the original non-method undecorated
1252
# function by black magic
1253
nonmethod_func = (dict(
1049
# Extract the original non-method function by
1050
# black magic
1051
nonmethod_func = (dict(
1254
1052
zip(attribute.func_code.co_freevars,
1255
attribute.__closure__))
1256
["func"].cell_contents)
1257
else:
1258
nonmethod_func = attribute
1053
attribute.__closure__))["func"]
1054
.cell_contents)
1259
1055
# Create a new, but exactly alike, function
1260
1056
# object, and decorate it to be a new D-Bus signal
1261
1057
# with the alternate D-Bus interface name
1262
if sys.version_info.major == 2:
1263
new_function = types.FunctionType(
1264
nonmethod_func.func_code,
1265
nonmethod_func.func_globals,
1266
nonmethod_func.func_name,
1267
nonmethod_func.func_defaults,
1268
nonmethod_func.func_closure)
1269
else:
1270
new_function = types.FunctionType(
1271
nonmethod_func.__code__,
1272
nonmethod_func.__globals__,
1273
nonmethod_func.__name__,
1274
nonmethod_func.__defaults__,
1275
nonmethod_func.__closure__)
1276
new_function = (dbus.service.signal(
1277
alt_interface,
1278
attribute._dbus_signature)(new_function))
1058
new_function = (dbus.service.signal
1059
(alt_interface,
1060
attribute._dbus_signature)
1061
(types.FunctionType(
1062
nonmethod_func.func_code,
1063
nonmethod_func.func_globals,
1064
nonmethod_func.func_name,
1065
nonmethod_func.func_defaults,
1066
nonmethod_func.func_closure)))
1279
1067
# Copy annotations, if any
1280
1068
try:
1281
new_function._dbus_annotations = dict(
1282
attribute._dbus_annotations)
1069
new_function._dbus_annotations = (
1070
dict(attribute._dbus_annotations))
1283
1071
except AttributeError:
1284
1072
pass
1285
1073
# Define a creator of a function to call both the
1286
# original and alternate functions, so both the
1287
# original and alternate signals gets sent when
1288
# the function is called
1074
# old and new functions, so both the old and new
1075
# signals gets sent when the function is called
1289
1076
def fixscope(func1, func2):
1290
1077
"""This function is a scope container to pass
1291
1078
func1 and func2 to the "call_both" function
1292
1079
outside of its arguments"""
1293
1294
@functools.wraps(func2)
1295
1080
def call_both(*args, **kwargs):
1296
1081
"""This function will emit two D-Bus
1297
1082
signals by calling func1 and func2"""
1298
1083
func1(*args, **kwargs)
1299
1084
func2(*args, **kwargs)
1300
# Make wrapper function look like a D-Bus signal
1301
for name, attr in inspect.getmembers(func2):
1302
if name.startswith("_dbus_"):
1303
setattr(call_both, name, attr)
1304
1305
1085
return call_both
1306
1086
# Create the "call_both" function and add it to
1307
1087
# the class
1308
attr[attrname] = fixscope(attribute, new_function)
1088
attr[attrname] = fixscope(attribute,
1089
new_function)
1309
1090
# Is this a D-Bus method?
1310
1091
elif getattr(attribute, "_dbus_is_method", False):
1311
1092
# Create a new, but exactly alike, function
1312
1093
# object. Decorate it to be a new D-Bus method
1313
1094
# with the alternate D-Bus interface name. Add it
1314
1095
# to the class.
1315
attr[attrname] = (
1316
dbus.service.method(
1317
alt_interface,
1318
attribute._dbus_in_signature,
1319
attribute._dbus_out_signature)
1320
(types.FunctionType(attribute.func_code,
1321
attribute.func_globals,
1322
attribute.func_name,
1323
attribute.func_defaults,
1324
attribute.func_closure)))
1096
attr[attrname] = (dbus.service.method
1097
(alt_interface,
1098
attribute._dbus_in_signature,
1099
attribute._dbus_out_signature)
1100
(types.FunctionType
1101
(attribute.func_code,
1102
attribute.func_globals,
1103
attribute.func_name,
1104
attribute.func_defaults,
1105
attribute.func_closure)))
1325
1106
# Copy annotations, if any
1326
1107
try:
1327
attr[attrname]._dbus_annotations = dict(
1328
attribute._dbus_annotations)
1108
attr[attrname]._dbus_annotations = (
1109
dict(attribute._dbus_annotations))
1329
1110
except AttributeError:
1330
1111
pass
1331
1112
# Is this a D-Bus property?
1334
1115
# object, and decorate it to be a new D-Bus
1335
1116
# property with the alternate D-Bus interface
1336
1117
# name. Add it to the class.
1337
attr[attrname] = (dbus_service_property(
1338
alt_interface, attribute._dbus_signature,
1339
attribute._dbus_access,
1340
attribute._dbus_get_args_options
1341
["byte_arrays"])
1342
(types.FunctionType(
1343
attribute.func_code,
1344
attribute.func_globals,
1345
attribute.func_name,
1346
attribute.func_defaults,
1347
attribute.func_closure)))
1118
attr[attrname] = (dbus_service_property
1119
(alt_interface,
1120
attribute._dbus_signature,
1121
attribute._dbus_access,
1122
attribute
1123
._dbus_get_args_options
1124
["byte_arrays"])
1125
(types.FunctionType
1126
(attribute.func_code,
1127
attribute.func_globals,
1128
attribute.func_name,
1129
attribute.func_defaults,
1130
attribute.func_closure)))
1348
1131
# Copy annotations, if any
1349
1132
try:
1350
attr[attrname]._dbus_annotations = dict(
1351
attribute._dbus_annotations)
1133
attr[attrname]._dbus_annotations = (
1134
dict(attribute._dbus_annotations))
1352
1135
except AttributeError:
1353
1136
pass
1354
1137
# Is this a D-Bus interface?
1357
1140
# object. Decorate it to be a new D-Bus interface
1358
1141
# with the alternate D-Bus interface name. Add it
1359
1142
# to the class.
1360
attr[attrname] = (
1361
dbus_interface_annotations(alt_interface)
1362
(types.FunctionType(attribute.func_code,
1363
attribute.func_globals,
1364
attribute.func_name,
1365
attribute.func_defaults,
1366
attribute.func_closure)))
1367
if deprecate:
1368
# Deprecate all alternate interfaces
1369
iname="_AlternateDBusNames_interface_annotation{}"
1370
for interface_name in interface_names:
1371
1372
@dbus_interface_annotations(interface_name)
1373
def func(self):
1374
return { "org.freedesktop.DBus.Deprecated":
1375
"true" }
1376
# Find an unused name
1377
for aname in (iname.format(i)
1378
for i in itertools.count()):
1379
if aname not in attr:
1380
attr[aname] = func
1381
break
1382
if interface_names:
1383
# Replace the class with a new subclass of it with
1384
# methods, signals, etc. as created above.
1385
cls = type(b"{}Alternate".format(cls.__name__),
1386
(cls, ), attr)
1387
return cls
1388
1389
return wrapper
1390
1391
1392
@alternate_dbus_interfaces({"se.recompile.Mandos":
1393
"se.bsnet.fukt.Mandos"})
1143
attr[attrname] = (dbus_interface_annotations
1144
(alt_interface)
1145
(types.FunctionType
1146
(attribute.func_code,
1147
attribute.func_globals,
1148
attribute.func_name,
1149
attribute.func_defaults,
1150
attribute.func_closure)))
1151
# Deprecate all old interfaces
1152
basename="_AlternateDBusNamesMetaclass_interface_annotation{0}"
1153
for old_interface_name in old_interface_names:
1154
@dbus_interface_annotations(old_interface_name)
1155
def func(self):
1156
return { "org.freedesktop.DBus.Deprecated": "true" }
1157
# Find an unused name
1158
for aname in (basename.format(i) for i in
1159
itertools.count()):
1160
if aname not in attr:
1161
attr[aname] = func
1162
break
1163
return type.__new__(mcs, name, bases, attr)
1164
1165
1394
1166
class ClientDBus(Client, DBusObjectWithProperties):
1395
1167
"""A Client class using D-Bus
1396
1168
1400
1172
"""
1401
1173
1402
1174
runtime_expansions = (Client.runtime_expansions
1403
+ ("dbus_object_path", ))
1404
1405
_interface = "se.recompile.Mandos.Client"
1175
+ ("dbus_object_path",))
1406
1176
1407
1177
# dbus.service.Object doesn't use super(), so we can't either.
1408
1178
1411
1181
Client.__init__(self, *args, **kwargs)
1412
1182
# Only now, when this client is initialized, can it show up on
1413
1183
# the D-Bus
1414
client_object_name = str(self.name).translate(
1184
client_object_name = unicode(self.name).translate(
1415
1185
{ord("."): ord("_"),
1416
1186
ord("-"): ord("_")})
1417
self.dbus_object_path = dbus.ObjectPath(
1418
"/clients/" + client_object_name)
1187
self.dbus_object_path = (dbus.ObjectPath
1188
("/clients/" + client_object_name))
1419
1189
DBusObjectWithProperties.__init__(self, self.bus,
1420
1190
self.dbus_object_path)
1421
1422
def notifychangeproperty(transform_func, dbus_name,
1423
type_func=lambda x: x,
1424
variant_level=1,
1425
invalidate_only=False,
1426
_interface=_interface):
1191
1192
def notifychangeproperty(transform_func,
1193
dbus_name, type_func=lambda x: x,
1194
variant_level=1):
1427
1195
""" Modify a variable so that it's a property which announces
1428
1196
its changes to DBus.
1429
1197
1434
1202
to the D-Bus. Default: no transform
1435
1203
variant_level: D-Bus variant level. Default: 1
1436
1204
"""
1437
attrname = "_{}".format(dbus_name)
1438
1205
attrname = "_{0}".format(dbus_name)
1439
1206
def setter(self, value):
1440
1207
if hasattr(self, "dbus_object_path"):
1441
1208
if (not hasattr(self, attrname) or
1442
1209
type_func(getattr(self, attrname, None))
1443
1210
!= type_func(value)):
1444
if invalidate_only:
1445
self.PropertiesChanged(
1446
_interface, dbus.Dictionary(),
1447
dbus.Array((dbus_name, )))
1448
else:
1449
dbus_value = transform_func(
1450
type_func(value),
1451
variant_level = variant_level)
1452
self.PropertyChanged(dbus.String(dbus_name),
1453
dbus_value)
1454
self.PropertiesChanged(
1455
_interface,
1456
dbus.Dictionary({ dbus.String(dbus_name):
1457
dbus_value }),
1458
dbus.Array())
1211
dbus_value = transform_func(type_func(value),
1212
variant_level
1213
=variant_level)
1214
self.PropertyChanged(dbus.String(dbus_name),
1215
dbus_value)
1459
1216
setattr(self, attrname, value)
1460
1217
1461
1218
return property(lambda self: getattr(self, attrname), setter)
1462
1219
1220
1463
1221
expires = notifychangeproperty(datetime_to_dbus, "Expires")
1464
1222
approvals_pending = notifychangeproperty(dbus.Boolean,
1465
1223
"ApprovalPending",
1467
1225
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
1468
1226
last_enabled = notifychangeproperty(datetime_to_dbus,
1469
1227
"LastEnabled")
1470
checker = notifychangeproperty(
1471
dbus.Boolean, "CheckerRunning",
1472
type_func = lambda checker: checker is not None)
1228
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
1229
type_func = lambda checker:
1230
checker is not None)
1473
1231
last_checked_ok = notifychangeproperty(datetime_to_dbus,
1474
1232
"LastCheckedOK")
1475
1233
last_checker_status = notifychangeproperty(dbus.Int16,
1478
1236
datetime_to_dbus, "LastApprovalRequest")
1479
1237
approved_by_default = notifychangeproperty(dbus.Boolean,
1480
1238
"ApprovedByDefault")
1481
approval_delay = notifychangeproperty(
1482
dbus.UInt64, "ApprovalDelay",
1483
type_func = lambda td: td.total_seconds() * 1000)
1239
approval_delay = notifychangeproperty(dbus.UInt64,
1240
"ApprovalDelay",
1241
type_func =
1242
timedelta_to_milliseconds)
1484
1243
approval_duration = notifychangeproperty(
1485
1244
dbus.UInt64, "ApprovalDuration",
1486
type_func = lambda td: td.total_seconds() * 1000)
1245
type_func = timedelta_to_milliseconds)
1487
1246
host = notifychangeproperty(dbus.String, "Host")
1488
timeout = notifychangeproperty(
1489
dbus.UInt64, "Timeout",
1490
type_func = lambda td: td.total_seconds() * 1000)
1247
timeout = notifychangeproperty(dbus.UInt64, "Timeout",
1248
type_func =
1249
timedelta_to_milliseconds)
1491
1250
extended_timeout = notifychangeproperty(
1492
1251
dbus.UInt64, "ExtendedTimeout",
1493
type_func = lambda td: td.total_seconds() * 1000)
1494
interval = notifychangeproperty(
1495
dbus.UInt64, "Interval",
1496
type_func = lambda td: td.total_seconds() * 1000)
1252
type_func = timedelta_to_milliseconds)
1253
interval = notifychangeproperty(dbus.UInt64,
1254
"Interval",
1255
type_func =
1256
timedelta_to_milliseconds)
1497
1257
checker_command = notifychangeproperty(dbus.String, "Checker")
1498
secret = notifychangeproperty(dbus.ByteArray, "Secret",
1499
invalidate_only=True)
1500
1258
1501
1259
del notifychangeproperty
1502
1260
1509
1267
DBusObjectWithProperties.__del__(self, *args, **kwargs)
1510
1268
Client.__del__(self, *args, **kwargs)
1511
1269
1512
def checker_callback(self, source, condition,
1513
connection, command, *args, **kwargs):
1514
ret = Client.checker_callback(self, source, condition,
1515
connection, command, *args,
1516
**kwargs)
1517
exitstatus = self.last_checker_status
1518
if exitstatus >= 0:
1270
def checker_callback(self, pid, condition, command,
1271
*args, **kwargs):
1272
self.checker_callback_tag = None
1273
self.checker = None
1274
if os.WIFEXITED(condition):
1275
exitstatus = os.WEXITSTATUS(condition)
1519
1276
# Emit D-Bus signal
1520
1277
self.CheckerCompleted(dbus.Int16(exitstatus),
1521
# This is specific to GNU libC
1522
dbus.Int64(exitstatus << 8),
1278
dbus.Int64(condition),
1523
1279
dbus.String(command))
1524
1280
else:
1525
1281
# Emit D-Bus signal
1526
1282
self.CheckerCompleted(dbus.Int16(-1),
1527
dbus.Int64(
1528
# This is specific to GNU libC
1529
(exitstatus << 8)
1530
| self.last_checker_signal),
1283
dbus.Int64(condition),
1531
1284
dbus.String(command))
1532
return ret
1285
1286
return Client.checker_callback(self, pid, condition, command,
1287
*args, **kwargs)
1533
1288
1534
1289
def start_checker(self, *args, **kwargs):
1535
old_checker_pid = getattr(self.checker, "pid", None)
1290
old_checker = self.checker
1291
if self.checker is not None:
1292
old_checker_pid = self.checker.pid
1293
else:
1294
old_checker_pid = None
1536
1295
r = Client.start_checker(self, *args, **kwargs)
1537
1296
# Only if new checker process was started
1538
1297
if (self.checker is not None
1546
1305
return False
1547
1306
1548
1307
def approve(self, value=True):
1308
self.send_changedstate()
1549
1309
self.approved = value
1550
gobject.timeout_add(int(self.approval_duration.total_seconds()
1551
* 1000), self._reset_approved)
1552
self.send_changedstate()
1310
gobject.timeout_add(timedelta_to_milliseconds
1311
(self.approval_duration),
1312
self._reset_approved)
1313
1553
1314
1554
1315
## D-Bus methods, signals & properties
1316
_interface = "se.recompile.Mandos.Client"
1555
1317
1556
1318
## Interfaces
1557
1319
1320
@dbus_interface_annotations(_interface)
1321
def _foo(self):
1322
return { "org.freedesktop.DBus.Property.EmitsChangedSignal":
1323
"false"}
1324
1558
1325
## Signals
1559
1326
1560
1327
# CheckerCompleted - signal
1570
1337
pass
1571
1338
1572
1339
# PropertyChanged - signal
1573
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1574
1340
@dbus.service.signal(_interface, signature="sv")
1575
1341
def PropertyChanged(self, property, value):
1576
1342
"D-Bus signal"
1610
1376
self.checked_ok()
1611
1377
1612
1378
# Enable - method
1613
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1614
1379
@dbus.service.method(_interface)
1615
1380
def Enable(self):
1616
1381
"D-Bus method"
1617
1382
self.enable()
1618
1383
1619
1384
# StartChecker - method
1620
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1621
1385
@dbus.service.method(_interface)
1622
1386
def StartChecker(self):
1623
1387
"D-Bus method"
1624
1388
self.start_checker()
1625
1389
1626
1390
# Disable - method
1627
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1628
1391
@dbus.service.method(_interface)
1629
1392
def Disable(self):
1630
1393
"D-Bus method"
1631
1394
self.disable()
1632
1395
1633
1396
# StopChecker - method
1634
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1635
1397
@dbus.service.method(_interface)
1636
1398
def StopChecker(self):
1637
1399
self.stop_checker()
1644
1406
return dbus.Boolean(bool(self.approvals_pending))
1645
1407
1646
1408
# ApprovedByDefault - property
1647
@dbus_service_property(_interface,
1648
signature="b",
1409
@dbus_service_property(_interface, signature="b",
1649
1410
access="readwrite")
1650
1411
def ApprovedByDefault_dbus_property(self, value=None):
1651
1412
if value is None: # get
1653
1414
self.approved_by_default = bool(value)
1654
1415
1655
1416
# ApprovalDelay - property
1656
@dbus_service_property(_interface,
1657
signature="t",
1417
@dbus_service_property(_interface, signature="t",
1658
1418
access="readwrite")
1659
1419
def ApprovalDelay_dbus_property(self, value=None):
1660
1420
if value is None: # get
1661
return dbus.UInt64(self.approval_delay.total_seconds()
1662
* 1000)
1421
return dbus.UInt64(self.approval_delay_milliseconds())
1663
1422
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1664
1423
1665
1424
# ApprovalDuration - property
1666
@dbus_service_property(_interface,
1667
signature="t",
1425
@dbus_service_property(_interface, signature="t",
1668
1426
access="readwrite")
1669
1427
def ApprovalDuration_dbus_property(self, value=None):
1670
1428
if value is None: # get
1671
return dbus.UInt64(self.approval_duration.total_seconds()
1672
* 1000)
1429
return dbus.UInt64(timedelta_to_milliseconds(
1430
self.approval_duration))
1673
1431
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1674
1432
1675
1433
# Name - property
1676
@dbus_annotations(
1677
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1678
1434
@dbus_service_property(_interface, signature="s", access="read")
1679
1435
def Name_dbus_property(self):
1680
1436
return dbus.String(self.name)
1681
1437
1682
1438
# Fingerprint - property
1683
@dbus_annotations(
1684
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1685
1439
@dbus_service_property(_interface, signature="s", access="read")
1686
1440
def Fingerprint_dbus_property(self):
1687
1441
return dbus.String(self.fingerprint)
1688
1442
1689
1443
# Host - property
1690
@dbus_service_property(_interface,
1691
signature="s",
1444
@dbus_service_property(_interface, signature="s",
1692
1445
access="readwrite")
1693
1446
def Host_dbus_property(self, value=None):
1694
1447
if value is None: # get
1695
1448
return dbus.String(self.host)
1696
self.host = str(value)
1449
self.host = unicode(value)
1697
1450
1698
1451
# Created - property
1699
@dbus_annotations(
1700
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1701
1452
@dbus_service_property(_interface, signature="s", access="read")
1702
1453
def Created_dbus_property(self):
1703
1454
return datetime_to_dbus(self.created)
1708
1459
return datetime_to_dbus(self.last_enabled)
1709
1460
1710
1461
# Enabled - property
1711
@dbus_service_property(_interface,
1712
signature="b",
1462
@dbus_service_property(_interface, signature="b",
1713
1463
access="readwrite")
1714
1464
def Enabled_dbus_property(self, value=None):
1715
1465
if value is None: # get
1720
1470
self.disable()
1721
1471
1722
1472
# LastCheckedOK - property
1723
@dbus_service_property(_interface,
1724
signature="s",
1473
@dbus_service_property(_interface, signature="s",
1725
1474
access="readwrite")
1726
1475
def LastCheckedOK_dbus_property(self, value=None):
1727
1476
if value is not None:
1730
1479
return datetime_to_dbus(self.last_checked_ok)
1731
1480
1732
1481
# LastCheckerStatus - property
1733
@dbus_service_property(_interface, signature="n", access="read")
1482
@dbus_service_property(_interface, signature="n",
1483
access="read")
1734
1484
def LastCheckerStatus_dbus_property(self):
1735
1485
return dbus.Int16(self.last_checker_status)
1736
1486
1745
1495
return datetime_to_dbus(self.last_approval_request)
1746
1496
1747
1497
# Timeout - property
1748
@dbus_service_property(_interface,
1749
signature="t",
1498
@dbus_service_property(_interface, signature="t",
1750
1499
access="readwrite")
1751
1500
def Timeout_dbus_property(self, value=None):
1752
1501
if value is None: # get
1753
return dbus.UInt64(self.timeout.total_seconds() * 1000)
1754
old_timeout = self.timeout
1502
return dbus.UInt64(self.timeout_milliseconds())
1755
1503
self.timeout = datetime.timedelta(0, 0, 0, value)
1756
# Reschedule disabling
1504
# Reschedule timeout
1757
1505
if self.enabled:
1758
1506
now = datetime.datetime.utcnow()
1759
self.expires += self.timeout - old_timeout
1760
if self.expires <= now:
1507
time_to_die = timedelta_to_milliseconds(
1508
(self.last_checked_ok + self.timeout) - now)
1509
if time_to_die <= 0:
1761
1510
# The timeout has passed
1762
1511
self.disable()
1763
1512
else:
1513
self.expires = (now +
1514
datetime.timedelta(milliseconds =
1515
time_to_die))
1764
1516
if (getattr(self, "disable_initiator_tag", None)
1765
1517
is None):
1766
1518
return
1767
1519
gobject.source_remove(self.disable_initiator_tag)
1768
self.disable_initiator_tag = gobject.timeout_add(
1769
int((self.expires - now).total_seconds() * 1000),
1770
self.disable)
1520
self.disable_initiator_tag = (gobject.timeout_add
1521
(time_to_die,
1522
self.disable))
1771
1523
1772
1524
# ExtendedTimeout - property
1773
@dbus_service_property(_interface,
1774
signature="t",
1525
@dbus_service_property(_interface, signature="t",
1775
1526
access="readwrite")
1776
1527
def ExtendedTimeout_dbus_property(self, value=None):
1777
1528
if value is None: # get
1778
return dbus.UInt64(self.extended_timeout.total_seconds()
1779
* 1000)
1529
return dbus.UInt64(self.extended_timeout_milliseconds())
1780
1530
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1781
1531
1782
1532
# Interval - property
1783
@dbus_service_property(_interface,
1784
signature="t",
1533
@dbus_service_property(_interface, signature="t",
1785
1534
access="readwrite")
1786
1535
def Interval_dbus_property(self, value=None):
1787
1536
if value is None: # get
1788
return dbus.UInt64(self.interval.total_seconds() * 1000)
1537
return dbus.UInt64(self.interval_milliseconds())
1789
1538
self.interval = datetime.timedelta(0, 0, 0, value)
1790
1539
if getattr(self, "checker_initiator_tag", None) is None:
1791
1540
return
1792
1541
if self.enabled:
1793
1542
# Reschedule checker run
1794
1543
gobject.source_remove(self.checker_initiator_tag)
1795
self.checker_initiator_tag = gobject.timeout_add(
1796
value, self.start_checker)
1797
self.start_checker() # Start one now, too
1544
self.checker_initiator_tag = (gobject.timeout_add
1545
(value, self.start_checker))
1546
self.start_checker() # Start one now, too
1798
1547
1799
1548
# Checker - property
1800
@dbus_service_property(_interface,
1801
signature="s",
1549
@dbus_service_property(_interface, signature="s",
1802
1550
access="readwrite")
1803
1551
def Checker_dbus_property(self, value=None):
1804
1552
if value is None: # get
1805
1553
return dbus.String(self.checker_command)
1806
self.checker_command = str(value)
1554
self.checker_command = unicode(value)
1807
1555
1808
1556
# CheckerRunning - property
1809
@dbus_service_property(_interface,
1810
signature="b",
1557
@dbus_service_property(_interface, signature="b",
1811
1558
access="readwrite")
1812
1559
def CheckerRunning_dbus_property(self, value=None):
1813
1560
if value is None: # get
1818
1565
self.stop_checker()
1819
1566
1820
1567
# ObjectPath - property
1821
@dbus_annotations(
1822
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const",
1823
"org.freedesktop.DBus.Deprecated": "true"})
1824
1568
@dbus_service_property(_interface, signature="o", access="read")
1825
1569
def ObjectPath_dbus_property(self):
1826
1570
return self.dbus_object_path # is already a dbus.ObjectPath
1827
1571
1828
1572
# Secret = property
1829
@dbus_annotations(
1830
{"org.freedesktop.DBus.Property.EmitsChangedSignal":
1831
"invalidates"})
1832
@dbus_service_property(_interface,
1833
signature="ay",
1834
access="write",
1835
byte_arrays=True)
1573
@dbus_service_property(_interface, signature="ay",
1574
access="write", byte_arrays=True)
1836
1575
def Secret_dbus_property(self, value):
1837
self.secret = bytes(value)
1576
self.secret = str(value)
1838
1577
1839
1578
del _interface
1840
1579
1844
1583
self._pipe = child_pipe
1845
1584
self._pipe.send(('init', fpr, address))
1846
1585
if not self._pipe.recv():
1847
raise KeyError(fpr)
1586
raise KeyError()
1848
1587
1849
1588
def __getattribute__(self, name):
1850
1589
if name == '_pipe':
1854
1593
if data[0] == 'data':
1855
1594
return data[1]
1856
1595
if data[0] == 'function':
1857
1858
1596
def func(*args, **kwargs):
1859
1597
self._pipe.send(('funcall', name, args, kwargs))
1860
1598
return self._pipe.recv()[1]
1861
1862
1599
return func
1863
1600
1864
1601
def __setattr__(self, name, value):
1867
1604
self._pipe.send(('setattr', name, value))
1868
1605
1869
1606
1607
class ClientDBusTransitional(ClientDBus):
1608
__metaclass__ = AlternateDBusNamesMetaclass
1609
1610
1870
1611
class ClientHandler(socketserver.BaseRequestHandler, object):
1871
1612
"""A class to handle client connections.
1872
1613
1876
1617
def handle(self):
1877
1618
with contextlib.closing(self.server.child_pipe) as child_pipe:
1878
1619
logger.info("TCP connection from: %s",
1879
str(self.client_address))
1620
unicode(self.client_address))
1880
1621
logger.debug("Pipe FD: %d",
1881
1622
self.server.child_pipe.fileno())
1882
1623
1883
session = gnutls.connection.ClientSession(
1884
self.request, gnutls.connection .X509Credentials())
1624
session = (gnutls.connection
1625
.ClientSession(self.request,
1626
gnutls.connection
1627
.X509Credentials()))
1885
1628
1886
1629
# Note: gnutls.connection.X509Credentials is really a
1887
1630
# generic GnuTLS certificate credentials object so long as
1896
1639
priority = self.server.gnutls_priority
1897
1640
if priority is None:
1898
1641
priority = "NORMAL"
1899
gnutls.library.functions.gnutls_priority_set_direct(
1900
session._c_object, priority, None)
1642
(gnutls.library.functions
1643
.gnutls_priority_set_direct(session._c_object,
1644
priority, None))
1901
1645
1902
1646
# Start communication using the Mandos protocol
1903
1647
# Get protocol number
1905
1649
logger.debug("Protocol version: %r", line)
1906
1650
try:
1907
1651
if int(line.strip().split()[0]) > 1:
1908
raise RuntimeError(line)
1652
raise RuntimeError
1909
1653
except (ValueError, IndexError, RuntimeError) as error:
1910
1654
logger.error("Unknown protocol version: %s", error)
1911
1655
return
1923
1667
approval_required = False
1924
1668
try:
1925
1669
try:
1926
fpr = self.fingerprint(
1927
self.peer_certificate(session))
1670
fpr = self.fingerprint(self.peer_certificate
1671
(session))
1928
1672
except (TypeError,
1929
1673
gnutls.errors.GNUTLSError) as error:
1930
1674
logger.warning("Bad certificate: %s", error)
1945
1689
while True:
1946
1690
if not client.enabled:
1947
1691
logger.info("Client %s is disabled",
1948
client.name)
1692
client.name)
1949
1693
if self.server.use_dbus:
1950
1694
# Emit D-Bus signal
1951
1695
client.Rejected("Disabled")
1960
1704
if self.server.use_dbus:
1961
1705
# Emit D-Bus signal
1962
1706
client.NeedApproval(
1963
client.approval_delay.total_seconds()
1964
* 1000, client.approved_by_default)
1707
client.approval_delay_milliseconds(),
1708
client.approved_by_default)
1965
1709
else:
1966
1710
logger.warning("Client %s was not approved",
1967
1711
client.name)
1973
1717
#wait until timeout or approved
1974
1718
time = datetime.datetime.now()
1975
1719
client.changedstate.acquire()
1976
client.changedstate.wait(delay.total_seconds())
1720
(client.changedstate.wait
1721
(float(client.timedelta_to_milliseconds(delay)
1722
/ 1000)))
1977
1723
client.changedstate.release()
1978
1724
time2 = datetime.datetime.now()
1979
1725
if (time2 - time) >= delay:
1995
1741
try:
1996
1742
sent = session.send(client.secret[sent_size:])
1997
1743
except gnutls.errors.GNUTLSError as error:
1998
logger.warning("gnutls send failed",
1999
exc_info=error)
1744
logger.warning("gnutls send failed")
2000
1745
return
2001
logger.debug("Sent: %d, remaining: %d", sent,
2002
len(client.secret) - (sent_size
2003
+ sent))
1746
logger.debug("Sent: %d, remaining: %d",
1747
sent, len(client.secret)
1748
- (sent_size + sent))
2004
1749
sent_size += sent
2005
1750
2006
1751
logger.info("Sending secret to %s", client.name)
2016
1761
try:
2017
1762
session.bye()
2018
1763
except gnutls.errors.GNUTLSError as error:
2019
logger.warning("GnuTLS bye failed",
2020
exc_info=error)
1764
logger.warning("GnuTLS bye failed")
2021
1765
2022
1766
@staticmethod
2023
1767
def peer_certificate(session):
2024
1768
"Return the peer's OpenPGP certificate as a bytestring"
2025
1769
# If not an OpenPGP certificate...
2026
if (gnutls.library.functions.gnutls_certificate_type_get(
2027
session._c_object)
1770
if (gnutls.library.functions
1771
.gnutls_certificate_type_get(session._c_object)
2028
1772
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
2029
1773
# ...do the normal thing
2030
1774
return session.peer_certificate
2044
1788
def fingerprint(openpgp):
2045
1789
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
2046
1790
# New GnuTLS "datum" with the OpenPGP public key
2047
datum = gnutls.library.types.gnutls_datum_t(
2048
ctypes.cast(ctypes.c_char_p(openpgp),
2049
ctypes.POINTER(ctypes.c_ubyte)),
2050
ctypes.c_uint(len(openpgp)))
1791
datum = (gnutls.library.types
1792
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
1793
ctypes.POINTER
1794
(ctypes.c_ubyte)),
1795
ctypes.c_uint(len(openpgp))))
2051
1796
# New empty GnuTLS certificate
2052
1797
crt = gnutls.library.types.gnutls_openpgp_crt_t()
2053
gnutls.library.functions.gnutls_openpgp_crt_init(
2054
ctypes.byref(crt))
1798
(gnutls.library.functions
1799
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
2055
1800
# Import the OpenPGP public key into the certificate
2056
gnutls.library.functions.gnutls_openpgp_crt_import(
2057
crt, ctypes.byref(datum),
2058
gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)
1801
(gnutls.library.functions
1802
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
1803
gnutls.library.constants
1804
.GNUTLS_OPENPGP_FMT_RAW))
2059
1805
# Verify the self signature in the key
2060
1806
crtverify = ctypes.c_uint()
2061
gnutls.library.functions.gnutls_openpgp_crt_verify_self(
2062
crt, 0, ctypes.byref(crtverify))
1807
(gnutls.library.functions
1808
.gnutls_openpgp_crt_verify_self(crt, 0,
1809
ctypes.byref(crtverify)))
2063
1810
if crtverify.value != 0:
2064
1811
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
2065
raise gnutls.errors.CertificateSecurityError(
2066
"Verify failed")
1812
raise (gnutls.errors.CertificateSecurityError
1813
("Verify failed"))
2067
1814
# New buffer for the fingerprint
2068
1815
buf = ctypes.create_string_buffer(20)
2069
1816
buf_len = ctypes.c_size_t()
2070
1817
# Get the fingerprint from the certificate into the buffer
2071
gnutls.library.functions.gnutls_openpgp_crt_get_fingerprint(
2072
crt, ctypes.byref(buf), ctypes.byref(buf_len))
1818
(gnutls.library.functions
1819
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
1820
ctypes.byref(buf_len)))
2073
1821
# Deinit the certificate
2074
1822
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
2075
1823
# Convert the buffer to a Python bytestring
2081
1829
2082
1830
class MultiprocessingMixIn(object):
2083
1831
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
2084
2085
1832
def sub_process_main(self, request, address):
2086
1833
try:
2087
1834
self.finish_request(request, address)
2092
1839
def process_request(self, request, address):
2093
1840
"""Start a new process to process the request."""
2094
1841
proc = multiprocessing.Process(target = self.sub_process_main,
2095
args = (request, address))
1842
args = (request,
1843
address))
2096
1844
proc.start()
2097
1845
return proc
2098
1846
2099
1847
2100
1848
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
2101
1849
""" adds a pipe to the MixIn """
2102
2103
1850
def process_request(self, request, client_address):
2104
1851
"""Overrides and wraps the original process_request().
2105
1852
2114
1861
2115
1862
def add_pipe(self, parent_pipe, proc):
2116
1863
"""Dummy function; override as necessary"""
2117
raise NotImplementedError()
1864
raise NotImplementedError
2118
1865
2119
1866
2120
1867
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
2126
1873
interface: None or a network interface name (string)
2127
1874
use_ipv6: Boolean; to use IPv6 or not
2128
1875
"""
2129
2130
1876
def __init__(self, server_address, RequestHandlerClass,
2131
interface=None,
2132
use_ipv6=True,
2133
socketfd=None):
2134
"""If socketfd is set, use that file descriptor instead of
2135
creating a new one with socket.socket().
2136
"""
1877
interface=None, use_ipv6=True):
2137
1878
self.interface = interface
2138
1879
if use_ipv6:
2139
1880
self.address_family = socket.AF_INET6
2140
if socketfd is not None:
2141
# Save the file descriptor
2142
self.socketfd = socketfd
2143
# Save the original socket.socket() function
2144
self.socket_socket = socket.socket
2145
# To implement --socket, we monkey patch socket.socket.
2146
#
2147
# (When socketserver.TCPServer is a new-style class, we
2148
# could make self.socket into a property instead of monkey
2149
# patching socket.socket.)
2150
#
2151
# Create a one-time-only replacement for socket.socket()
2152
@functools.wraps(socket.socket)
2153
def socket_wrapper(*args, **kwargs):
2154
# Restore original function so subsequent calls are
2155
# not affected.
2156
socket.socket = self.socket_socket
2157
del self.socket_socket
2158
# This time only, return a new socket object from the
2159
# saved file descriptor.
2160
return socket.fromfd(self.socketfd, *args, **kwargs)
2161
# Replace socket.socket() function with wrapper
2162
socket.socket = socket_wrapper
2163
# The socketserver.TCPServer.__init__ will call
2164
# socket.socket(), which might be our replacement,
2165
# socket_wrapper(), if socketfd was set.
2166
1881
socketserver.TCPServer.__init__(self, server_address,
2167
1882
RequestHandlerClass)
2168
2169
1883
def server_bind(self):
2170
1884
"""This overrides the normal server_bind() function
2171
1885
to bind to an interface if one was specified, and also NOT to
2177
1891
self.interface)
2178
1892
else:
2179
1893
try:
2180
self.socket.setsockopt(
2181
socket.SOL_SOCKET, SO_BINDTODEVICE,
2182
(self.interface + "\0").encode("utf-8"))
1894
self.socket.setsockopt(socket.SOL_SOCKET,
1895
SO_BINDTODEVICE,
1896
str(self.interface
1897
+ '\0'))
2183
1898
except socket.error as error:
2184
if error.errno == errno.EPERM:
2185
logger.error("No permission to bind to"
2186
" interface %s", self.interface)
2187
elif error.errno == errno.ENOPROTOOPT:
1899
if error[0] == errno.EPERM:
1900
logger.error("No permission to"
1901
" bind to interface %s",
1902
self.interface)
1903
elif error[0] == errno.ENOPROTOOPT:
2188
1904
logger.error("SO_BINDTODEVICE not available;"
2189
1905
" cannot bind to interface %s",
2190
1906
self.interface)
2191
elif error.errno == errno.ENODEV:
2192
logger.error("Interface %s does not exist,"
2193
" cannot bind", self.interface)
2194
1907
else:
2195
1908
raise
2196
1909
# Only bind(2) the socket if we really need to.
2199
1912
if self.address_family == socket.AF_INET6:
2200
1913
any_address = "::" # in6addr_any
2201
1914
else:
2202
any_address = "0.0.0.0" # INADDR_ANY
1915
any_address = socket.INADDR_ANY
2203
1916
self.server_address = (any_address,
2204
1917
self.server_address[1])
2205
1918
elif not self.server_address[1]:
2206
self.server_address = (self.server_address[0], 0)
1919
self.server_address = (self.server_address[0],
1920
0)
2207
1921
# if self.interface:
2208
1922
# self.server_address = (self.server_address[0],
2209
1923
# 0, # port
2223
1937
2224
1938
Assumes a gobject.MainLoop event loop.
2225
1939
"""
2226
2227
1940
def __init__(self, server_address, RequestHandlerClass,
2228
interface=None,
2229
use_ipv6=True,
2230
clients=None,
2231
gnutls_priority=None,
2232
use_dbus=True,
2233
socketfd=None):
1941
interface=None, use_ipv6=True, clients=None,
1942
gnutls_priority=None, use_dbus=True):
2234
1943
self.enabled = False
2235
1944
self.clients = clients
2236
1945
if self.clients is None:
2240
1949
IPv6_TCPServer.__init__(self, server_address,
2241
1950
RequestHandlerClass,
2242
1951
interface = interface,
2243
use_ipv6 = use_ipv6,
2244
socketfd = socketfd)
2245
1952
use_ipv6 = use_ipv6)
2246
1953
def server_activate(self):
2247
1954
if self.enabled:
2248
1955
return socketserver.TCPServer.server_activate(self)
2252
1959
2253
1960
def add_pipe(self, parent_pipe, proc):
2254
1961
# Call "handle_ipc" for both data and EOF events
2255
gobject.io_add_watch(
2256
parent_pipe.fileno(),
2257
gobject.IO_IN | gobject.IO_HUP,
2258
functools.partial(self.handle_ipc,
2259
parent_pipe = parent_pipe,
2260
proc = proc))
1962
gobject.io_add_watch(parent_pipe.fileno(),
1963
gobject.IO_IN | gobject.IO_HUP,
1964
functools.partial(self.handle_ipc,
1965
parent_pipe =
1966
parent_pipe,
1967
proc = proc))
2261
1968
2262
def handle_ipc(self, source, condition,
2263
parent_pipe=None,
2264
proc = None,
2265
client_object=None):
1969
def handle_ipc(self, source, condition, parent_pipe=None,
1970
proc = None, client_object=None):
1971
condition_names = {
1972
gobject.IO_IN: "IN", # There is data to read.
1973
gobject.IO_OUT: "OUT", # Data can be written (without
1974
# blocking).
1975
gobject.IO_PRI: "PRI", # There is urgent data to read.
1976
gobject.IO_ERR: "ERR", # Error condition.
1977
gobject.IO_HUP: "HUP" # Hung up (the connection has been
1978
# broken, usually for pipes and
1979
# sockets).
1980
}
1981
conditions_string = ' | '.join(name
1982
for cond, name in
1983
condition_names.iteritems()
1984
if cond & condition)
2266
1985
# error, or the other end of multiprocessing.Pipe has closed
2267
if condition & (gobject.IO_ERR | gobject.IO_HUP):
1986
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
2268
1987
# Wait for other process to exit
2269
1988
proc.join()
2270
1989
return False
2291
2010
parent_pipe.send(False)
2292
2011
return False
2293
2012
2294
gobject.io_add_watch(
2295
parent_pipe.fileno(),
2296
gobject.IO_IN | gobject.IO_HUP,
2297
functools.partial(self.handle_ipc,
2298
parent_pipe = parent_pipe,
2299
proc = proc,
2300
client_object = client))
2013
gobject.io_add_watch(parent_pipe.fileno(),
2014
gobject.IO_IN | gobject.IO_HUP,
2015
functools.partial(self.handle_ipc,
2016
parent_pipe =
2017
parent_pipe,
2018
proc = proc,
2019
client_object =
2020
client))
2301
2021
parent_pipe.send(True)
2302
2022
# remove the old hook in favor of the new above hook on
2303
2023
# same fileno
2309
2029
2310
2030
parent_pipe.send(('data', getattr(client_object,
2311
2031
funcname)(*args,
2312
**kwargs)))
2032
**kwargs)))
2313
2033
2314
2034
if command == 'getattr':
2315
2035
attrname = request[1]
2316
if isinstance(client_object.__getattribute__(attrname),
2317
collections.Callable):
2318
parent_pipe.send(('function', ))
2036
if callable(client_object.__getattribute__(attrname)):
2037
parent_pipe.send(('function',))
2319
2038
else:
2320
parent_pipe.send((
2321
'data', client_object.__getattribute__(attrname)))
2039
parent_pipe.send(('data', client_object
2040
.__getattribute__(attrname)))
2322
2041
2323
2042
if command == 'setattr':
2324
2043
attrname = request[1]
2328
2047
return True
2329
2048
2330
2049
2331
def rfc3339_duration_to_delta(duration):
2332
"""Parse an RFC 3339 "duration" and return a datetime.timedelta
2333
2334
>>> rfc3339_duration_to_delta("P7D")
2335
datetime.timedelta(7)
2336
>>> rfc3339_duration_to_delta("PT60S")
2337
datetime.timedelta(0, 60)
2338
>>> rfc3339_duration_to_delta("PT60M")
2339
datetime.timedelta(0, 3600)
2340
>>> rfc3339_duration_to_delta("PT24H")
2341
datetime.timedelta(1)
2342
>>> rfc3339_duration_to_delta("P1W")
2343
datetime.timedelta(7)
2344
>>> rfc3339_duration_to_delta("PT5M30S")
2345
datetime.timedelta(0, 330)
2346
>>> rfc3339_duration_to_delta("P1DT3M20S")
2347
datetime.timedelta(1, 200)
2348
"""
2349
2350
# Parsing an RFC 3339 duration with regular expressions is not
2351
# possible - there would have to be multiple places for the same
2352
# values, like seconds. The current code, while more esoteric, is
2353
# cleaner without depending on a parsing library. If Python had a
2354
# built-in library for parsing we would use it, but we'd like to
2355
# avoid excessive use of external libraries.
2356
2357
# New type for defining tokens, syntax, and semantics all-in-one
2358
Token = collections.namedtuple("Token", (
2359
"regexp", # To match token; if "value" is not None, must have
2360
# a "group" containing digits
2361
"value", # datetime.timedelta or None
2362
"followers")) # Tokens valid after this token
2363
# RFC 3339 "duration" tokens, syntax, and semantics; taken from
2364
# the "duration" ABNF definition in RFC 3339, Appendix A.
2365
token_end = Token(re.compile(r"$"), None, frozenset())
2366
token_second = Token(re.compile(r"(\d+)S"),
2367
datetime.timedelta(seconds=1),
2368
frozenset((token_end, )))
2369
token_minute = Token(re.compile(r"(\d+)M"),
2370
datetime.timedelta(minutes=1),
2371
frozenset((token_second, token_end)))
2372
token_hour = Token(re.compile(r"(\d+)H"),
2373
datetime.timedelta(hours=1),
2374
frozenset((token_minute, token_end)))
2375
token_time = Token(re.compile(r"T"),
2376
None,
2377
frozenset((token_hour, token_minute,
2378
token_second)))
2379
token_day = Token(re.compile(r"(\d+)D"),
2380
datetime.timedelta(days=1),
2381
frozenset((token_time, token_end)))
2382
token_month = Token(re.compile(r"(\d+)M"),
2383
datetime.timedelta(weeks=4),
2384
frozenset((token_day, token_end)))
2385
token_year = Token(re.compile(r"(\d+)Y"),
2386
datetime.timedelta(weeks=52),
2387
frozenset((token_month, token_end)))
2388
token_week = Token(re.compile(r"(\d+)W"),
2389
datetime.timedelta(weeks=1),
2390
frozenset((token_end, )))
2391
token_duration = Token(re.compile(r"P"), None,
2392
frozenset((token_year, token_month,
2393
token_day, token_time,
2394
token_week)))
2395
# Define starting values
2396
value = datetime.timedelta() # Value so far
2397
found_token = None
2398
followers = frozenset((token_duration, )) # Following valid tokens
2399
s = duration # String left to parse
2400
# Loop until end token is found
2401
while found_token is not token_end:
2402
# Search for any currently valid tokens
2403
for token in followers:
2404
match = token.regexp.match(s)
2405
if match is not None:
2406
# Token found
2407
if token.value is not None:
2408
# Value found, parse digits
2409
factor = int(match.group(1), 10)
2410
# Add to value so far
2411
value += factor * token.value
2412
# Strip token from string
2413
s = token.regexp.sub("", s, 1)
2414
# Go to found token
2415
found_token = token
2416
# Set valid next tokens
2417
followers = found_token.followers
2418
break
2419
else:
2420
# No currently valid tokens were found
2421
raise ValueError("Invalid RFC 3339 duration: {!r}"
2422
.format(duration))
2423
# End token found
2424
return value
2425
2426
2427
2050
def string_to_delta(interval):
2428
2051
"""Parse a string and return a datetime.timedelta
2429
2052
2440
2063
>>> string_to_delta('5m 30s')
2441
2064
datetime.timedelta(0, 330)
2442
2065
"""
2443
2444
try:
2445
return rfc3339_duration_to_delta(interval)
2446
except ValueError:
2447
pass
2448
2449
2066
timevalue = datetime.timedelta(0)
2450
2067
for s in interval.split():
2451
2068
try:
2452
suffix = s[-1]
2069
suffix = unicode(s[-1])
2453
2070
value = int(s[:-1])
2454
2071
if suffix == "d":
2455
2072
delta = datetime.timedelta(value)
2462
2079
elif suffix == "w":
2463
2080
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
2464
2081
else:
2465
raise ValueError("Unknown suffix {!r}".format(suffix))
2466
except IndexError as e:
2082
raise ValueError("Unknown suffix {0!r}"
2083
.format(suffix))
2084
except (ValueError, IndexError) as e:
2467
2085
raise ValueError(*(e.args))
2468
2086
timevalue += delta
2469
2087
return timevalue
2485
2103
null = os.open(os.devnull, os.O_NOCTTY | os.O_RDWR)
2486
2104
if not stat.S_ISCHR(os.fstat(null).st_mode):
2487
2105
raise OSError(errno.ENODEV,
2488
"{} not a character device"
2106
"{0} not a character device"
2489
2107
.format(os.devnull))
2490
2108
os.dup2(null, sys.stdin.fileno())
2491
2109
os.dup2(null, sys.stdout.fileno())
2501
2119
2502
2120
parser = argparse.ArgumentParser()
2503
2121
parser.add_argument("-v", "--version", action="version",
2504
version = "%(prog)s {}".format(version),
2122
version = "%(prog)s {0}".format(version),
2505
2123
help="show version number and exit")
2506
2124
parser.add_argument("-i", "--interface", metavar="IF",
2507
2125
help="Bind to interface IF")
2513
2131
help="Run self-test")
2514
2132
parser.add_argument("--debug", action="store_true",
2515
2133
help="Debug mode; run in foreground and log"
2516
" to terminal", default=None)
2134
" to terminal")
2517
2135
parser.add_argument("--debuglevel", metavar="LEVEL",
2518
2136
help="Debug level for stdout output")
2519
2137
parser.add_argument("--priority", help="GnuTLS"
2526
2144
" files")
2527
2145
parser.add_argument("--no-dbus", action="store_false",
2528
2146
dest="use_dbus", help="Do not provide D-Bus"
2529
" system bus interface", default=None)
2147
" system bus interface")
2530
2148
parser.add_argument("--no-ipv6", action="store_false",
2531
dest="use_ipv6", help="Do not use IPv6",
2532
default=None)
2149
dest="use_ipv6", help="Do not use IPv6")
2533
2150
parser.add_argument("--no-restore", action="store_false",
2534
2151
dest="restore", help="Do not restore stored"
2535
" state", default=None)
2536
parser.add_argument("--socket", type=int,
2537
help="Specify a file descriptor to a network"
2538
" socket to use instead of creating one")
2152
" state")
2539
2153
parser.add_argument("--statedir", metavar="DIR",
2540
2154
help="Directory to save/restore state in")
2541
parser.add_argument("--foreground", action="store_true",
2542
help="Run in foreground", default=None)
2543
parser.add_argument("--no-zeroconf", action="store_false",
2544
dest="zeroconf", help="Do not use Zeroconf",
2545
default=None)
2546
2155
2547
2156
options = parser.parse_args()
2548
2157
2549
2158
if options.check:
2550
2159
import doctest
2551
fail_count, test_count = doctest.testmod()
2552
sys.exit(os.EX_OK if fail_count == 0 else 1)
2160
doctest.testmod()
2161
sys.exit()
2553
2162
2554
2163
# Default values for config file for server-global settings
2555
2164
server_defaults = { "interface": "",
2557
2166
"port": "",
2558
2167
"debug": "False",
2559
2168
"priority":
2560
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA"
2561
":+SIGN-DSA-SHA256",
2169
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
2562
2170
"servicename": "Mandos",
2563
2171
"use_dbus": "True",
2564
2172
"use_ipv6": "True",
2565
2173
"debuglevel": "",
2566
2174
"restore": "True",
2567
"socket": "",
2568
"statedir": "/var/lib/mandos",
2569
"foreground": "False",
2570
"zeroconf": "True",
2571
}
2175
"statedir": "/var/lib/mandos"
2176
}
2572
2177
2573
2178
# Parse config file for server-global settings
2574
2179
server_config = configparser.SafeConfigParser(server_defaults)
2575
2180
del server_defaults
2576
server_config.read(os.path.join(options.configdir, "mandos.conf"))
2181
server_config.read(os.path.join(options.configdir,
2182
"mandos.conf"))
2577
2183
# Convert the SafeConfigParser object to a dict
2578
2184
server_settings = server_config.defaults()
2579
2185
# Use the appropriate methods on the non-string config options
2580
for option in ("debug", "use_dbus", "use_ipv6", "foreground"):
2186
for option in ("debug", "use_dbus", "use_ipv6"):
2581
2187
server_settings[option] = server_config.getboolean("DEFAULT",
2582
2188
option)
2583
2189
if server_settings["port"]:
2584
2190
server_settings["port"] = server_config.getint("DEFAULT",
2585
2191
"port")
2586
if server_settings["socket"]:
2587
server_settings["socket"] = server_config.getint("DEFAULT",
2588
"socket")
2589
# Later, stdin will, and stdout and stderr might, be dup'ed
2590
# over with an opened os.devnull. But we don't want this to
2591
# happen with a supplied network socket.
2592
if 0 <= server_settings["socket"] <= 2:
2593
server_settings["socket"] = os.dup(server_settings
2594
["socket"])
2595
2192
del server_config
2596
2193
2597
2194
# Override the settings from the config file with command line
2598
2195
# options, if set.
2599
2196
for option in ("interface", "address", "port", "debug",
2600
"priority", "servicename", "configdir", "use_dbus",
2601
"use_ipv6", "debuglevel", "restore", "statedir",
2602
"socket", "foreground", "zeroconf"):
2197
"priority", "servicename", "configdir",
2198
"use_dbus", "use_ipv6", "debuglevel", "restore",
2199
"statedir"):
2603
2200
value = getattr(options, option)
2604
2201
if value is not None:
2605
2202
server_settings[option] = value
2606
2203
del options
2607
2204
# Force all strings to be unicode
2608
2205
for option in server_settings.keys():
2609
if isinstance(server_settings[option], bytes):
2610
server_settings[option] = (server_settings[option]
2611
.decode("utf-8"))
2612
# Force all boolean options to be boolean
2613
for option in ("debug", "use_dbus", "use_ipv6", "restore",
2614
"foreground", "zeroconf"):
2615
server_settings[option] = bool(server_settings[option])
2616
# Debug implies foreground
2617
if server_settings["debug"]:
2618
server_settings["foreground"] = True
2206
if type(server_settings[option]) is str:
2207
server_settings[option] = unicode(server_settings[option])
2619
2208
# Now we have our good server settings in "server_settings"
2620
2209
2621
2210
##################################################################
2622
2211
2623
if (not server_settings["zeroconf"]
2624
and not (server_settings["port"]
2625
or server_settings["socket"] != "")):
2626
parser.error("Needs port or socket to work without Zeroconf")
2627
2628
2212
# For convenience
2629
2213
debug = server_settings["debug"]
2630
2214
debuglevel = server_settings["debuglevel"]
2632
2216
use_ipv6 = server_settings["use_ipv6"]
2633
2217
stored_state_path = os.path.join(server_settings["statedir"],
2634
2218
stored_state_file)
2635
foreground = server_settings["foreground"]
2636
zeroconf = server_settings["zeroconf"]
2637
2219
2638
2220
if debug:
2639
2221
initlogger(debug, logging.DEBUG)
2645
2227
initlogger(debug, level)
2646
2228
2647
2229
if server_settings["servicename"] != "Mandos":
2648
syslogger.setFormatter(
2649
logging.Formatter('Mandos ({}) [%(process)d]:'
2650
' %(levelname)s: %(message)s'.format(
2651
server_settings["servicename"])))
2230
syslogger.setFormatter(logging.Formatter
2231
('Mandos ({0}) [%(process)d]:'
2232
' %(levelname)s: %(message)s'
2233
.format(server_settings
2234
["servicename"])))
2652
2235
2653
2236
# Parse config file with clients
2654
2237
client_config = configparser.SafeConfigParser(Client
2659
2242
global mandos_dbus_service
2660
2243
mandos_dbus_service = None
2661
2244
2662
socketfd = None
2663
if server_settings["socket"] != "":
2664
socketfd = server_settings["socket"]
2665
tcp_server = MandosServer(
2666
(server_settings["address"], server_settings["port"]),
2667
ClientHandler,
2668
interface=(server_settings["interface"] or None),
2669
use_ipv6=use_ipv6,
2670
gnutls_priority=server_settings["priority"],
2671
use_dbus=use_dbus,
2672
socketfd=socketfd)
2673
if not foreground:
2674
pidfilename = "/run/mandos.pid"
2675
if not os.path.isdir("/run/."):
2676
pidfilename = "/var/run/mandos.pid"
2677
pidfile = None
2245
tcp_server = MandosServer((server_settings["address"],
2246
server_settings["port"]),
2247
ClientHandler,
2248
interface=(server_settings["interface"]
2249
or None),
2250
use_ipv6=use_ipv6,
2251
gnutls_priority=
2252
server_settings["priority"],
2253
use_dbus=use_dbus)
2254
if not debug:
2255
pidfilename = "/var/run/mandos.pid"
2678
2256
try:
2679
pidfile = codecs.open(pidfilename, "w", encoding="utf-8")
2680
except IOError as e:
2681
logger.error("Could not open file %r", pidfilename,
2682
exc_info=e)
2257
pidfile = open(pidfilename, "w")
2258
except IOError:
2259
logger.error("Could not open file %r", pidfilename)
2683
2260
2684
2261
for name in ("_mandos", "mandos", "nobody"):
2685
2262
try:
2695
2272
os.setgid(gid)
2696
2273
os.setuid(uid)
2697
2274
except OSError as error:
2698
if error.errno != errno.EPERM:
2699
raise
2275
if error[0] != errno.EPERM:
2276
raise error
2700
2277
2701
2278
if debug:
2702
2279
# Enable all possible GnuTLS debugging
2709
2286
def debug_gnutls(level, string):
2710
2287
logger.debug("GnuTLS: %s", string[:-1])
2711
2288
2712
gnutls.library.functions.gnutls_global_set_log_function(
2713
debug_gnutls)
2289
(gnutls.library.functions
2290
.gnutls_global_set_log_function(debug_gnutls))
2714
2291
2715
2292
# Redirect stdin so all checkers get /dev/null
2716
2293
null = os.open(os.devnull, os.O_NOCTTY | os.O_RDWR)
2719
2296
os.close(null)
2720
2297
2721
2298
# Need to fork before connecting to D-Bus
2722
if not foreground:
2299
if not debug:
2723
2300
# Close all input and output, do double fork, etc.
2724
2301
daemon()
2725
2302
2726
# multiprocessing will use threads, so before we use gobject we
2727
# need to inform gobject that threads will be used.
2728
2303
gobject.threads_init()
2729
2304
2730
2305
global main_loop
2736
2311
if use_dbus:
2737
2312
try:
2738
2313
bus_name = dbus.service.BusName("se.recompile.Mandos",
2739
bus,
2740
do_not_queue=True)
2741
old_bus_name = dbus.service.BusName(
2742
"se.bsnet.fukt.Mandos", bus,
2743
do_not_queue=True)
2744
except dbus.exceptions.DBusException as e:
2745
logger.error("Disabling D-Bus:", exc_info=e)
2314
bus, do_not_queue=True)
2315
old_bus_name = (dbus.service.BusName
2316
("se.bsnet.fukt.Mandos", bus,
2317
do_not_queue=True))
2318
except dbus.exceptions.NameExistsException as e:
2319
logger.error(unicode(e) + ", disabling D-Bus")
2746
2320
use_dbus = False
2747
2321
server_settings["use_dbus"] = False
2748
2322
tcp_server.use_dbus = False
2749
if zeroconf:
2750
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2751
service = AvahiServiceToSyslog(
2752
name = server_settings["servicename"],
2753
servicetype = "_mandos._tcp",
2754
protocol = protocol,
2755
bus = bus)
2756
if server_settings["interface"]:
2757
service.interface = if_nametoindex(
2758
server_settings["interface"].encode("utf-8"))
2323
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2324
service = AvahiServiceToSyslog(name =
2325
server_settings["servicename"],
2326
servicetype = "_mandos._tcp",
2327
protocol = protocol, bus = bus)
2328
if server_settings["interface"]:
2329
service.interface = (if_nametoindex
2330
(str(server_settings["interface"])))
2759
2331
2760
2332
global multiprocessing_manager
2761
2333
multiprocessing_manager = multiprocessing.Manager()
2762
2334
2763
2335
client_class = Client
2764
2336
if use_dbus:
2765
client_class = functools.partial(ClientDBus, bus = bus)
2337
client_class = functools.partial(ClientDBusTransitional,
2338
bus = bus)
2766
2339
2767
2340
client_settings = Client.config_parser(client_config)
2768
2341
old_client_settings = {}
2769
2342
clients_data = {}
2770
2343
2771
# This is used to redirect stdout and stderr for checker processes
2772
global wnull
2773
wnull = open(os.devnull, "w") # A writable /dev/null
2774
# Only used if server is running in foreground but not in debug
2775
# mode
2776
if debug or not foreground:
2777
wnull.close()
2778
2779
2344
# Get client data and settings from last running state.
2780
2345
if server_settings["restore"]:
2781
2346
try:
2782
2347
with open(stored_state_path, "rb") as stored_state:
2783
clients_data, old_client_settings = pickle.load(
2784
stored_state)
2348
clients_data, old_client_settings = (pickle.load
2349
(stored_state))
2785
2350
os.remove(stored_state_path)
2786
2351
except IOError as e:
2787
if e.errno == errno.ENOENT:
2788
logger.warning("Could not load persistent state:"
2789
" {}".format(os.strerror(e.errno)))
2790
else:
2791
logger.critical("Could not load persistent state:",
2792
exc_info=e)
2352
logger.warning("Could not load persistent state: {0}"
2353
.format(e))
2354
if e.errno != errno.ENOENT:
2793
2355
raise
2794
2356
except EOFError as e:
2795
2357
logger.warning("Could not load persistent state: "
2796
"EOFError:",
2797
exc_info=e)
2358
"EOFError: {0}".format(e))
2798
2359
2799
2360
with PGPEngine() as pgp:
2800
for client_name, client in clients_data.items():
2801
# Skip removed clients
2802
if client_name not in client_settings:
2803
continue
2804
2361
for client_name, client in clients_data.iteritems():
2805
2362
# Decide which value to use after restoring saved state.
2806
2363
# We have three different values: Old config file,
2807
2364
# new config file, and saved state.
2812
2369
# For each value in new config, check if it
2813
2370
# differs from the old config value (Except for
2814
2371
# the "secret" attribute)
2815
if (name != "secret"
2816
and (value !=
2817
old_client_settings[client_name][name])):
2372
if (name != "secret" and
2373
value != old_client_settings[client_name]
2374
[name]):
2818
2375
client[name] = value
2819
2376
except KeyError:
2820
2377
pass
2821
2378
2822
2379
# Clients who has passed its expire date can still be
2823
# enabled if its last checker was successful. A Client
2380
# enabled if its last checker was successful. Clients
2824
2381
# whose checker succeeded before we stored its state is
2825
2382
# assumed to have successfully run all checkers during
2826
2383
# downtime.
2828
2385
if datetime.datetime.utcnow() >= client["expires"]:
2829
2386
if not client["last_checked_ok"]:
2830
2387
logger.warning(
2831
"disabling client {} - Client never "
2832
"performed a successful checker".format(
2833
client_name))
2388
"disabling client {0} - Client never "
2389
"performed a successful checker"
2390
.format(client_name))
2834
2391
client["enabled"] = False
2835
2392
elif client["last_checker_status"] != 0:
2836
2393
logger.warning(
2837
"disabling client {} - Client last"
2838
" checker failed with error code"
2839
" {}".format(
2840
client_name,
2841
client["last_checker_status"]))
2394
"disabling client {0} - Client "
2395
"last checker failed with error code {1}"
2396
.format(client_name,
2397
client["last_checker_status"]))
2842
2398
client["enabled"] = False
2843
2399
else:
2844
client["expires"] = (
2845
datetime.datetime.utcnow()
2846
+ client["timeout"])
2400
client["expires"] = (datetime.datetime
2401
.utcnow()
2402
+ client["timeout"])
2847
2403
logger.debug("Last checker succeeded,"
2848
" keeping {} enabled".format(
2849
client_name))
2404
" keeping {0} enabled"
2405
.format(client_name))
2850
2406
try:
2851
client["secret"] = pgp.decrypt(
2852
client["encrypted_secret"],
2853
client_settings[client_name]["secret"])
2407
client["secret"] = (
2408
pgp.decrypt(client["encrypted_secret"],
2409
client_settings[client_name]
2410
["secret"]))
2854
2411
except PGPError:
2855
2412
# If decryption fails, we use secret from new settings
2856
logger.debug("Failed to decrypt {} old secret".format(
2857
client_name))
2858
client["secret"] = (client_settings[client_name]
2859
["secret"])
2413
logger.debug("Failed to decrypt {0} old secret"
2414
.format(client_name))
2415
client["secret"] = (
2416
client_settings[client_name]["secret"])
2417
2860
2418
2861
2419
# Add/remove clients based on new changes made to config
2862
2420
for client_name in (set(old_client_settings)
2865
2423
for client_name in (set(client_settings)
2866
2424
- set(old_client_settings)):
2867
2425
clients_data[client_name] = client_settings[client_name]
2868
2426
2869
2427
# Create all client objects
2870
for client_name, client in clients_data.items():
2428
for client_name, client in clients_data.iteritems():
2871
2429
tcp_server.clients[client_name] = client_class(
2872
name = client_name,
2873
settings = client,
2874
server_settings = server_settings)
2430
name = client_name, settings = client)
2875
2431
2876
2432
if not tcp_server.clients:
2877
2433
logger.warning("No clients defined")
2878
2879
if not foreground:
2880
if pidfile is not None:
2881
pid = os.getpid()
2882
try:
2883
with pidfile:
2884
print(pid, file=pidfile)
2885
except IOError:
2886
logger.error("Could not write to file %r with PID %d",
2887
pidfilename, pid)
2888
del pidfile
2434
2435
if not debug:
2436
try:
2437
with pidfile:
2438
pid = os.getpid()
2439
pidfile.write(str(pid) + "\n".encode("utf-8"))
2440
del pidfile
2441
except IOError:
2442
logger.error("Could not write to file %r with PID %d",
2443
pidfilename, pid)
2444
except NameError:
2445
# "pidfile" was never created
2446
pass
2889
2447
del pidfilename
2448
signal.signal(signal.SIGINT, signal.SIG_IGN)
2890
2449
2891
2450
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
2892
2451
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
2893
2452
2894
2453
if use_dbus:
2895
2896
@alternate_dbus_interfaces(
2897
{ "se.recompile.Mandos": "se.bsnet.fukt.Mandos" })
2898
class MandosDBusService(DBusObjectWithObjectManager):
2454
class MandosDBusService(DBusObjectWithProperties):
2899
2455
"""A D-Bus proxy object"""
2900
2901
2456
def __init__(self):
2902
2457
dbus.service.Object.__init__(self, bus, "/")
2903
2904
2458
_interface = "se.recompile.Mandos"
2905
2459
2460
@dbus_interface_annotations(_interface)
2461
def _foo(self):
2462
return { "org.freedesktop.DBus.Property"
2463
".EmitsChangedSignal":
2464
"false"}
2465
2906
2466
@dbus.service.signal(_interface, signature="o")
2907
2467
def ClientAdded(self, objpath):
2908
2468
"D-Bus signal"
2913
2473
"D-Bus signal"
2914
2474
pass
2915
2475
2916
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
2917
"true"})
2918
2476
@dbus.service.signal(_interface, signature="os")
2919
2477
def ClientRemoved(self, objpath, name):
2920
2478
"D-Bus signal"
2921
2479
pass
2922
2480
2923
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
2924
"true"})
2925
2481
@dbus.service.method(_interface, out_signature="ao")
2926
2482
def GetAllClients(self):
2927
2483
"D-Bus method"
2928
return dbus.Array(c.dbus_object_path for c in
2484
return dbus.Array(c.dbus_object_path
2485
for c in
2929
2486
tcp_server.clients.itervalues())
2930
2487
2931
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
2932
"true"})
2933
2488
@dbus.service.method(_interface,
2934
2489
out_signature="a{oa{sv}}")
2935
2490
def GetAllClientsWithProperties(self):
2936
2491
"D-Bus method"
2937
2492
return dbus.Dictionary(
2938
{ c.dbus_object_path: c.GetAll(
2939
"se.recompile.Mandos.Client")
2940
for c in tcp_server.clients.itervalues() },
2493
((c.dbus_object_path, c.GetAll(""))
2494
for c in tcp_server.clients.itervalues()),
2941
2495
signature="oa{sv}")
2942
2496
2943
2497
@dbus.service.method(_interface, in_signature="o")
2947
2501
if c.dbus_object_path == object_path:
2948
2502
del tcp_server.clients[c.name]
2949
2503
c.remove_from_connection()
2950
# Don't signal the disabling
2504
# Don't signal anything except ClientRemoved
2951
2505
c.disable(quiet=True)
2952
# Emit D-Bus signal for removal
2953
self.client_removed_signal(c)
2506
# Emit D-Bus signal
2507
self.ClientRemoved(object_path, c.name)
2954
2508
return
2955
2509
raise KeyError(object_path)
2956
2510
2957
2511
del _interface
2958
2959
@dbus.service.method(dbus.OBJECT_MANAGER_IFACE,
2960
out_signature = "a{oa{sa{sv}}}")
2961
def GetManagedObjects(self):
2962
"""D-Bus method"""
2963
return dbus.Dictionary(
2964
{ client.dbus_object_path:
2965
dbus.Dictionary(
2966
{ interface: client.GetAll(interface)
2967
for interface in
2968
client._get_all_interface_names()})
2969
for client in tcp_server.clients.values()})
2970
2971
def client_added_signal(self, client):
2972
"""Send the new standard signal and the old signal"""
2973
if use_dbus:
2974
# New standard signal
2975
self.InterfacesAdded(
2976
client.dbus_object_path,
2977
dbus.Dictionary(
2978
{ interface: client.GetAll(interface)
2979
for interface in
2980
client._get_all_interface_names()}))
2981
# Old signal
2982
self.ClientAdded(client.dbus_object_path)
2983
2984
def client_removed_signal(self, client):
2985
"""Send the new standard signal and the old signal"""
2986
if use_dbus:
2987
# New standard signal
2988
self.InterfacesRemoved(
2989
client.dbus_object_path,
2990
client._get_all_interface_names())
2991
# Old signal
2992
self.ClientRemoved(client.dbus_object_path,
2993
client.name)
2994
2512
2995
mandos_dbus_service = MandosDBusService()
2513
class MandosDBusServiceTransitional(MandosDBusService):
2514
__metaclass__ = AlternateDBusNamesMetaclass
2515
mandos_dbus_service = MandosDBusServiceTransitional()
2996
2516
2997
2517
def cleanup():
2998
2518
"Cleanup function; run on exit"
2999
if zeroconf:
3000
service.cleanup()
2519
service.cleanup()
3001
2520
3002
2521
multiprocessing.active_children()
3003
wnull.close()
3004
2522
if not (tcp_server.clients or client_settings):
3005
2523
return
3006
2524
3017
2535
3018
2536
# A list of attributes that can not be pickled
3019
2537
# + secret.
3020
exclude = { "bus", "changedstate", "secret",
3021
"checker", "server_settings" }
3022
for name, typ in inspect.getmembers(dbus.service
3023
.Object):
2538
exclude = set(("bus", "changedstate", "secret",
2539
"checker"))
2540
for name, typ in (inspect.getmembers
2541
(dbus.service.Object)):
3024
2542
exclude.add(name)
3025
2543
3026
2544
client_dict["encrypted_secret"] = (client
3033
2551
del client_settings[client.name]["secret"]
3034
2552
3035
2553
try:
3036
with tempfile.NamedTemporaryFile(
3037
mode='wb',
3038
suffix=".pickle",
3039
prefix='clients-',
3040
dir=os.path.dirname(stored_state_path),
3041
delete=False) as stored_state:
2554
tempfd, tempname = tempfile.mkstemp(suffix=".pickle",
2555
prefix="clients-",
2556
dir=os.path.dirname
2557
(stored_state_path))
2558
with os.fdopen(tempfd, "wb") as stored_state:
3042
2559
pickle.dump((clients, client_settings), stored_state)
3043
tempname = stored_state.name
3044
2560
os.rename(tempname, stored_state_path)
3045
2561
except (IOError, OSError) as e:
2562
logger.warning("Could not save persistent state: {0}"
2563
.format(e))
3046
2564
if not debug:
3047
2565
try:
3048
2566
os.remove(tempname)
3049
2567
except NameError:
3050
2568
pass
3051
if e.errno in (errno.ENOENT, errno.EACCES, errno.EEXIST):
3052
logger.warning("Could not save persistent state: {}"
3053
.format(os.strerror(e.errno)))
3054
else:
3055
logger.warning("Could not save persistent state:",
3056
exc_info=e)
3057
raise
2569
if e.errno not in set((errno.ENOENT, errno.EACCES,
2570
errno.EEXIST)):
2571
raise e
3058
2572
3059
2573
# Delete all clients, and settings from config
3060
2574
while tcp_server.clients:
3061
2575
name, client = tcp_server.clients.popitem()
3062
2576
if use_dbus:
3063
2577
client.remove_from_connection()
3064
# Don't signal the disabling
2578
# Don't signal anything except ClientRemoved
3065
2579
client.disable(quiet=True)
3066
# Emit D-Bus signal for removal
3067
mandos_dbus_service.client_removed_signal(client)
2580
if use_dbus:
2581
# Emit D-Bus signal
2582
mandos_dbus_service.ClientRemoved(client
2583
.dbus_object_path,
2584
client.name)
3068
2585
client_settings.clear()
3069
2586
3070
2587
atexit.register(cleanup)
3071
2588
3072
2589
for client in tcp_server.clients.itervalues():
3073
2590
if use_dbus:
3074
# Emit D-Bus signal for adding
3075
mandos_dbus_service.client_added_signal(client)
2591
# Emit D-Bus signal
2592
mandos_dbus_service.ClientAdded(client.dbus_object_path)
3076
2593
# Need to initiate checking of clients
3077
2594
if client.enabled:
3078
2595
client.init_checker()
3081
2598
tcp_server.server_activate()
3082
2599
3083
2600
# Find out what port we got
3084
if zeroconf:
3085
service.port = tcp_server.socket.getsockname()[1]
2601
service.port = tcp_server.socket.getsockname()[1]
3086
2602
if use_ipv6:
3087
2603
logger.info("Now listening on address %r, port %d,"
3088
2604
" flowinfo %d, scope_id %d",
3094
2610
#service.interface = tcp_server.socket.getsockname()[3]
3095
2611
3096
2612
try:
3097
if zeroconf:
3098
# From the Avahi example code
3099
try:
3100
service.activate()
3101
except dbus.exceptions.DBusException as error:
3102
logger.critical("D-Bus Exception", exc_info=error)
3103
cleanup()
3104
sys.exit(1)
3105
# End of Avahi example code
2613
# From the Avahi example code
2614
try:
2615
service.activate()
2616
except dbus.exceptions.DBusException as error:
2617
logger.critical("D-Bus Exception", exc_info=error)
2618
cleanup()
2619
sys.exit(1)
2620
# End of Avahi example code
3106
2621
3107
2622
gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,
3108
2623
lambda *args, **kwargs:
3123
2638
# Must run before the D-Bus bus name gets deregistered
3124
2639
cleanup()
3125
2640
3126
3127
2641
if __name__ == '__main__':
3128
2642
main()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0