100
89
except ImportError:
101
90
SO_BINDTODEVICE = None
103
if sys.version_info.major == 2:
107
93
stored_state_file = "clients.pickle"
109
95
logger = logging.getLogger()
96
syslogger = (logging.handlers.SysLogHandler
97
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
98
address = str("/dev/log")))
113
if_nametoindex = ctypes.cdll.LoadLibrary(
114
ctypes.util.find_library("c")).if_nametoindex
101
if_nametoindex = (ctypes.cdll.LoadLibrary
102
(ctypes.util.find_library("c"))
115
104
except (OSError, AttributeError):
117
105
def if_nametoindex(interface):
118
106
"Get an interface index the hard way, i.e. using fcntl()"
119
107
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
120
108
with contextlib.closing(socket.socket()) as s:
121
109
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
122
struct.pack(b"16s16x", interface))
123
interface_index = struct.unpack("I", ifreq[16:20])[0]
110
struct.pack(str("16s16x"),
112
interface_index = struct.unpack(str("I"),
124
114
return interface_index
127
117
def initlogger(debug, level=logging.WARNING):
128
118
"""init logger and add loglevel"""
131
syslogger = (logging.handlers.SysLogHandler(
132
facility = logging.handlers.SysLogHandler.LOG_DAEMON,
133
address = "/dev/log"))
134
120
syslogger.setFormatter(logging.Formatter
135
121
('Mandos [%(process)d]: %(levelname)s:'
188
175
def password_encode(self, password):
189
176
# Passphrase can not be empty and can not contain newlines or
190
177
# NUL bytes. So we prefix it and hex encode it.
191
encoded = b"mandos" + binascii.hexlify(password)
192
if len(encoded) > 2048:
193
# GnuPG can't handle long passwords, so encode differently
194
encoded = (b"mandos" + password.replace(b"\\", b"\\\\")
195
.replace(b"\n", b"\\n")
196
.replace(b"\0", b"\\x00"))
178
return b"mandos" + binascii.hexlify(password)
199
180
def encrypt(self, data, password):
200
passphrase = self.password_encode(password)
201
with tempfile.NamedTemporaryFile(
202
dir=self.tempdir) as passfile:
203
passfile.write(passphrase)
205
proc = subprocess.Popen(['gpg', '--symmetric',
209
stdin = subprocess.PIPE,
210
stdout = subprocess.PIPE,
211
stderr = subprocess.PIPE)
212
ciphertext, err = proc.communicate(input = data)
213
if proc.returncode != 0:
181
self.gnupg.passphrase = self.password_encode(password)
182
with open(os.devnull, "w") as devnull:
184
proc = self.gnupg.run(['--symmetric'],
185
create_fhs=['stdin', 'stdout'],
186
attach_fhs={'stderr': devnull})
187
with contextlib.closing(proc.handles['stdin']) as f:
189
with contextlib.closing(proc.handles['stdout']) as f:
190
ciphertext = f.read()
194
self.gnupg.passphrase = None
215
195
return ciphertext
217
197
def decrypt(self, data, password):
218
passphrase = self.password_encode(password)
219
with tempfile.NamedTemporaryFile(
220
dir = self.tempdir) as passfile:
221
passfile.write(passphrase)
223
proc = subprocess.Popen(['gpg', '--decrypt',
227
stdin = subprocess.PIPE,
228
stdout = subprocess.PIPE,
229
stderr = subprocess.PIPE)
230
decrypted_plaintext, err = proc.communicate(input = data)
231
if proc.returncode != 0:
198
self.gnupg.passphrase = self.password_encode(password)
199
with open(os.devnull, "w") as devnull:
201
proc = self.gnupg.run(['--decrypt'],
202
create_fhs=['stdin', 'stdout'],
203
attach_fhs={'stderr': devnull})
204
with contextlib.closing(proc.handles['stdin']) as f:
206
with contextlib.closing(proc.handles['stdout']) as f:
207
decrypted_plaintext = f.read()
211
self.gnupg.passphrase = None
233
212
return decrypted_plaintext
236
215
class AvahiError(Exception):
237
216
def __init__(self, value, *args, **kwargs):
238
217
self.value = value
239
return super(AvahiError, self).__init__(value, *args,
218
super(AvahiError, self).__init__(value, *args, **kwargs)
219
def __unicode__(self):
220
return unicode(repr(self.value))
243
222
class AvahiServiceError(AvahiError):
247
225
class AvahiGroupError(AvahiError):
269
247
bus: dbus.SystemBus()
273
interface = avahi.IF_UNSPEC,
281
protocol = avahi.PROTO_UNSPEC,
250
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
251
servicetype = None, port = None, TXT = None,
252
domain = "", host = "", max_renames = 32768,
253
protocol = avahi.PROTO_UNSPEC, bus = None):
283
254
self.interface = interface
285
256
self.type = servicetype
296
267
self.entry_group_state_changed_match = None
298
def rename(self, remove=True):
299
270
"""Derived from the Avahi example code"""
300
271
if self.rename_count >= self.max_renames:
301
272
logger.critical("No suitable Zeroconf service name found"
302
273
" after %i retries, exiting.",
303
274
self.rename_count)
304
275
raise AvahiServiceError("Too many renames")
306
self.server.GetAlternativeServiceName(self.name))
307
self.rename_count += 1
276
self.name = unicode(self.server
277
.GetAlternativeServiceName(self.name))
308
278
logger.info("Changing Zeroconf service name to %r ...",
314
283
except dbus.exceptions.DBusException as error:
315
if (error.get_dbus_name()
316
== "org.freedesktop.Avahi.CollisionError"):
317
logger.info("Local Zeroconf service name collision.")
318
return self.rename(remove=False)
320
logger.critical("D-Bus Exception", exc_info=error)
284
logger.critical("D-Bus Exception", exc_info=error)
287
self.rename_count += 1
324
289
def remove(self):
325
290
"""Derived from the Avahi example code"""
380
346
def server_state_changed(self, state, error=None):
381
347
"""Derived from the Avahi example code"""
382
348
logger.debug("Avahi server state change: %i", state)
384
avahi.SERVER_INVALID: "Zeroconf server invalid",
385
avahi.SERVER_REGISTERING: None,
386
avahi.SERVER_COLLISION: "Zeroconf server name collision",
387
avahi.SERVER_FAILURE: "Zeroconf server failure",
349
bad_states = { avahi.SERVER_INVALID:
350
"Zeroconf server invalid",
351
avahi.SERVER_REGISTERING: None,
352
avahi.SERVER_COLLISION:
353
"Zeroconf server name collision",
354
avahi.SERVER_FAILURE:
355
"Zeroconf server failure" }
389
356
if state in bad_states:
390
357
if bad_states[state] is not None:
391
358
if error is None:
410
377
follow_name_owner_changes=True),
411
378
avahi.DBUS_INTERFACE_SERVER)
412
379
self.server.connect_to_signal("StateChanged",
413
self.server_state_changed)
380
self.server_state_changed)
414
381
self.server_state_changed(self.server.GetState())
417
384
class AvahiServiceToSyslog(AvahiService):
418
def rename(self, *args, **kwargs):
419
386
"""Add the new name to the syslog messages"""
420
ret = AvahiService.rename(self, *args, **kwargs)
421
syslogger.setFormatter(logging.Formatter(
422
'Mandos ({}) [%(process)d]: %(levelname)s: %(message)s'
387
ret = AvahiService.rename(self)
388
syslogger.setFormatter(logging.Formatter
389
('Mandos ({0}) [%(process)d]:'
390
' %(levelname)s: %(message)s'
395
def timedelta_to_milliseconds(td):
396
"Convert a datetime.timedelta() to milliseconds"
397
return ((td.days * 24 * 60 * 60 * 1000)
398
+ (td.seconds * 1000)
399
+ (td.microseconds // 1000))
427
402
class Client(object):
428
403
"""A representation of a client host served by this server.
473
447
"fingerprint", "host", "interval",
474
448
"last_approval_request", "last_checked_ok",
475
449
"last_enabled", "name", "timeout")
478
"extended_timeout": "PT15M",
480
"checker": "fping -q -- %%(host)s",
482
"approval_delay": "PT0S",
483
"approval_duration": "PT1S",
484
"approved_by_default": "True",
450
client_defaults = { "timeout": "PT5M",
451
"extended_timeout": "PT15M",
453
"checker": "fping -q -- %%(host)s",
455
"approval_delay": "PT0S",
456
"approval_duration": "PT1S",
457
"approved_by_default": "True",
461
def timeout_milliseconds(self):
462
"Return the 'timeout' attribute in milliseconds"
463
return timedelta_to_milliseconds(self.timeout)
465
def extended_timeout_milliseconds(self):
466
"Return the 'extended_timeout' attribute in milliseconds"
467
return timedelta_to_milliseconds(self.extended_timeout)
469
def interval_milliseconds(self):
470
"Return the 'interval' attribute in milliseconds"
471
return timedelta_to_milliseconds(self.interval)
473
def approval_delay_milliseconds(self):
474
return timedelta_to_milliseconds(self.approval_delay)
489
477
def config_parser(config):
538
def __init__(self, settings, name = None, server_settings=None):
523
def __init__(self, settings, name = None):
540
if server_settings is None:
542
self.server_settings = server_settings
543
525
# adding all client settings
544
for setting, value in settings.items():
526
for setting, value in settings.iteritems():
545
527
setattr(self, setting, value)
567
552
self.current_checker_command = None
568
553
self.approved = None
569
554
self.approvals_pending = 0
570
self.changedstate = multiprocessing_manager.Condition(
571
multiprocessing_manager.Lock())
572
self.client_structure = [attr
573
for attr in self.__dict__.iterkeys()
555
self.changedstate = (multiprocessing_manager
556
.Condition(multiprocessing_manager
558
self.client_structure = [attr for attr in
559
self.__dict__.iterkeys()
574
560
if not attr.startswith("_")]
575
561
self.client_structure.append("client_structure")
577
for name, t in inspect.getmembers(
578
type(self), lambda obj: isinstance(obj, property)):
563
for name, t in inspect.getmembers(type(self),
579
567
if not name.startswith("_"):
580
568
self.client_structure.append(name)
623
611
# and every interval from then on.
624
612
if self.checker_initiator_tag is not None:
625
613
gobject.source_remove(self.checker_initiator_tag)
626
self.checker_initiator_tag = gobject.timeout_add(
627
int(self.interval.total_seconds() * 1000),
614
self.checker_initiator_tag = (gobject.timeout_add
615
(self.interval_milliseconds(),
629
617
# Schedule a disable() when 'timeout' has passed
630
618
if self.disable_initiator_tag is not None:
631
619
gobject.source_remove(self.disable_initiator_tag)
632
self.disable_initiator_tag = gobject.timeout_add(
633
int(self.timeout.total_seconds() * 1000), self.disable)
620
self.disable_initiator_tag = (gobject.timeout_add
621
(self.timeout_milliseconds(),
634
623
# Also start a new checker *right now*.
635
624
self.start_checker()
665
655
gobject.source_remove(self.disable_initiator_tag)
666
656
self.disable_initiator_tag = None
667
657
if getattr(self, "enabled", False):
668
self.disable_initiator_tag = gobject.timeout_add(
669
int(timeout.total_seconds() * 1000), self.disable)
658
self.disable_initiator_tag = (gobject.timeout_add
659
(timedelta_to_milliseconds
660
(timeout), self.disable))
670
661
self.expires = datetime.datetime.utcnow() + timeout
672
663
def need_approval(self):
703
693
# Start a new checker if needed
704
694
if self.checker is None:
705
695
# Escape attributes for the shell
707
attr: re.escape(str(getattr(self, attr)))
708
for attr in self.runtime_expansions }
696
escaped_attrs = dict(
697
(attr, re.escape(unicode(getattr(self, attr))))
699
self.runtime_expansions)
710
701
command = self.checker_command % escaped_attrs
711
702
except TypeError as error:
712
703
logger.error('Could not format string "%s"',
713
self.checker_command,
715
return True # Try again later
704
self.checker_command, exc_info=error)
705
return True # Try again later
716
706
self.current_checker_command = command
718
logger.info("Starting checker %r for %s", command,
708
logger.info("Starting checker %r for %s",
720
710
# We don't need to redirect stdout and stderr, since
721
711
# in normal mode, that is already done by daemon(),
722
712
# and in debug mode we don't want to. (Stdin is
723
713
# always replaced by /dev/null.)
724
# The exception is when not debugging but nevertheless
725
# running in the foreground; use the previously
728
if (not self.server_settings["debug"]
729
and self.server_settings["foreground"]):
730
popen_args.update({"stdout": wnull,
732
714
self.checker = subprocess.Popen(command,
737
717
except OSError as error:
738
718
logger.error("Failed to start subprocess",
741
self.checker_callback_tag = gobject.child_watch_add(
742
self.checker.pid, self.checker_callback, data=command)
720
self.checker_callback_tag = (gobject.child_watch_add
722
self.checker_callback,
743
724
# The checker may have completed before the gobject
744
725
# watch was added. Check for this.
746
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
747
except OSError as error:
748
if error.errno == errno.ECHILD:
749
# This should never happen
750
logger.error("Child process vanished",
726
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
755
728
gobject.source_remove(self.checker_callback_tag)
756
729
self.checker_callback(pid, status, command)
835
802
"""Decorator to annotate D-Bus methods, signals or properties
838
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true",
839
"org.freedesktop.DBus.Property."
840
"EmitsChangedSignal": "false"})
841
805
@dbus_service_property("org.example.Interface", signature="b",
807
@dbus_annotations({{"org.freedesktop.DBus.Deprecated": "true",
808
"org.freedesktop.DBus.Property."
809
"EmitsChangedSignal": "false"})
843
810
def Property_dbus_property(self):
844
811
return dbus.Boolean(False)
847
813
def decorator(func):
848
814
func._dbus_annotations = annotations
854
819
class DBusPropertyException(dbus.exceptions.DBusException):
855
820
"""A base class for D-Bus property-related exceptions
822
def __unicode__(self):
823
return unicode(str(self))
860
826
class DBusPropertyAccessException(DBusPropertyException):
884
850
If called like _is_dbus_thing("method") it returns a function
885
851
suitable for use as predicate to inspect.getmembers().
887
return lambda obj: getattr(obj, "_dbus_is_{}".format(thing),
853
return lambda obj: getattr(obj, "_dbus_is_{0}".format(thing),
890
856
def _get_all_dbus_things(self, thing):
891
857
"""Returns a generator of (name, attribute) pairs
893
return ((getattr(athing.__get__(self), "_dbus_name", name),
859
return ((getattr(athing.__get__(self), "_dbus_name",
894
861
athing.__get__(self))
895
862
for cls in self.__class__.__mro__
896
863
for name, athing in
897
inspect.getmembers(cls, self._is_dbus_thing(thing)))
864
inspect.getmembers(cls,
865
self._is_dbus_thing(thing)))
899
867
def _get_dbus_property(self, interface_name, property_name):
900
868
"""Returns a bound method if one exists which is a D-Bus
901
869
property with the specified name and interface.
903
for cls in self.__class__.__mro__:
904
for name, value in inspect.getmembers(
905
cls, self._is_dbus_thing("property")):
871
for cls in self.__class__.__mro__:
872
for name, value in (inspect.getmembers
874
self._is_dbus_thing("property"))):
906
875
if (value._dbus_name == property_name
907
876
and value._dbus_interface == interface_name):
908
877
return value.__get__(self)
910
879
# No such property
911
raise DBusPropertyNotFound("{}:{}.{}".format(
912
self.dbus_object_path, interface_name, property_name))
880
raise DBusPropertyNotFound(self.dbus_object_path + ":"
881
+ interface_name + "."
914
@dbus.service.method(dbus.PROPERTIES_IFACE,
884
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
916
885
out_signature="v")
917
886
def Get(self, interface_name, property_name):
918
887
"""Standard D-Bus property Get() method, see D-Bus standard.
936
905
# The byte_arrays option is not supported yet on
937
906
# signatures other than "ay".
938
907
if prop._dbus_signature != "ay":
939
raise ValueError("Byte arrays not supported for non-"
940
"'ay' signature {!r}"
941
.format(prop._dbus_signature))
942
909
value = dbus.ByteArray(b''.join(chr(byte)
943
910
for byte in value))
946
@dbus.service.method(dbus.PROPERTIES_IFACE,
913
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
948
914
out_signature="a{sv}")
949
915
def GetAll(self, interface_name):
950
916
"""Standard D-Bus property GetAll() method, see D-Bus
965
931
if not hasattr(value, "variant_level"):
966
932
properties[name] = value
968
properties[name] = type(value)(
969
value, variant_level = value.variant_level + 1)
934
properties[name] = type(value)(value, variant_level=
935
value.variant_level+1)
970
936
return dbus.Dictionary(properties, signature="sv")
972
@dbus.service.signal(dbus.PROPERTIES_IFACE, signature="sa{sv}as")
973
def PropertiesChanged(self, interface_name, changed_properties,
974
invalidated_properties):
975
"""Standard D-Bus PropertiesChanged() signal, see D-Bus
980
938
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
981
939
out_signature="s",
982
940
path_keyword='object_path',
992
950
document = xml.dom.minidom.parseString(xmlstring)
994
951
def make_tag(document, name, prop):
995
952
e = document.createElement("property")
996
953
e.setAttribute("name", name)
997
954
e.setAttribute("type", prop._dbus_signature)
998
955
e.setAttribute("access", prop._dbus_access)
1001
957
for if_tag in document.getElementsByTagName("interface"):
1002
958
# Add property tags
1003
959
for tag in (make_tag(document, name, prop)
1026
984
# Add interface annotation tags
1027
985
for annotation, value in dict(
1028
986
itertools.chain.from_iterable(
1029
annotations().items()
1030
for name, annotations
1031
in self._get_all_dbus_things("interface")
987
annotations().iteritems()
988
for name, annotations in
989
self._get_all_dbus_things("interface")
1032
990
if name == if_tag.getAttribute("name")
1034
992
ann_tag = document.createElement("annotation")
1035
993
ann_tag.setAttribute("name", annotation)
1036
994
ann_tag.setAttribute("value", value)
1100
1058
# Ignore non-D-Bus attributes, and D-Bus attributes
1101
1059
# with the wrong interface name
1102
1060
if (not hasattr(attribute, "_dbus_interface")
1103
or not attribute._dbus_interface.startswith(
1104
orig_interface_name)):
1061
or not attribute._dbus_interface
1062
.startswith(orig_interface_name)):
1106
1064
# Create an alternate D-Bus interface name based on
1107
1065
# the current name
1108
alt_interface = attribute._dbus_interface.replace(
1109
orig_interface_name, alt_interface_name)
1066
alt_interface = (attribute._dbus_interface
1067
.replace(orig_interface_name,
1068
alt_interface_name))
1110
1069
interface_names.add(alt_interface)
1111
1070
# Is this a D-Bus signal?
1112
1071
if getattr(attribute, "_dbus_is_signal", False):
1113
# Extract the original non-method undecorated
1114
# function by black magic
1072
# Extract the original non-method function by
1115
1074
nonmethod_func = (dict(
1116
zip(attribute.func_code.co_freevars,
1117
attribute.__closure__))
1118
["func"].cell_contents)
1075
zip(attribute.func_code.co_freevars,
1076
attribute.__closure__))["func"]
1119
1078
# Create a new, but exactly alike, function
1120
1079
# object, and decorate it to be a new D-Bus signal
1121
1080
# with the alternate D-Bus interface name
1122
new_function = (dbus.service.signal(
1123
alt_interface, attribute._dbus_signature)
1081
new_function = (dbus.service.signal
1083
attribute._dbus_signature)
1124
1084
(types.FunctionType(
1125
nonmethod_func.func_code,
1126
nonmethod_func.func_globals,
1127
nonmethod_func.func_name,
1128
nonmethod_func.func_defaults,
1129
nonmethod_func.func_closure)))
1085
nonmethod_func.func_code,
1086
nonmethod_func.func_globals,
1087
nonmethod_func.func_name,
1088
nonmethod_func.func_defaults,
1089
nonmethod_func.func_closure)))
1130
1090
# Copy annotations, if any
1132
new_function._dbus_annotations = dict(
1133
attribute._dbus_annotations)
1092
new_function._dbus_annotations = (
1093
dict(attribute._dbus_annotations))
1134
1094
except AttributeError:
1136
1096
# Define a creator of a function to call both the
1158
1116
# object. Decorate it to be a new D-Bus method
1159
1117
# with the alternate D-Bus interface name. Add it
1160
1118
# to the class.
1162
dbus.service.method(
1164
attribute._dbus_in_signature,
1165
attribute._dbus_out_signature)
1166
(types.FunctionType(attribute.func_code,
1167
attribute.func_globals,
1168
attribute.func_name,
1169
attribute.func_defaults,
1170
attribute.func_closure)))
1119
attr[attrname] = (dbus.service.method
1121
attribute._dbus_in_signature,
1122
attribute._dbus_out_signature)
1124
(attribute.func_code,
1125
attribute.func_globals,
1126
attribute.func_name,
1127
attribute.func_defaults,
1128
attribute.func_closure)))
1171
1129
# Copy annotations, if any
1173
attr[attrname]._dbus_annotations = dict(
1174
attribute._dbus_annotations)
1131
attr[attrname]._dbus_annotations = (
1132
dict(attribute._dbus_annotations))
1175
1133
except AttributeError:
1177
1135
# Is this a D-Bus property?
1180
1138
# object, and decorate it to be a new D-Bus
1181
1139
# property with the alternate D-Bus interface
1182
1140
# name. Add it to the class.
1183
attr[attrname] = (dbus_service_property(
1184
alt_interface, attribute._dbus_signature,
1185
attribute._dbus_access,
1186
attribute._dbus_get_args_options
1188
(types.FunctionType(
1189
attribute.func_code,
1190
attribute.func_globals,
1191
attribute.func_name,
1192
attribute.func_defaults,
1193
attribute.func_closure)))
1141
attr[attrname] = (dbus_service_property
1143
attribute._dbus_signature,
1144
attribute._dbus_access,
1146
._dbus_get_args_options
1149
(attribute.func_code,
1150
attribute.func_globals,
1151
attribute.func_name,
1152
attribute.func_defaults,
1153
attribute.func_closure)))
1194
1154
# Copy annotations, if any
1196
attr[attrname]._dbus_annotations = dict(
1197
attribute._dbus_annotations)
1156
attr[attrname]._dbus_annotations = (
1157
dict(attribute._dbus_annotations))
1198
1158
except AttributeError:
1200
1160
# Is this a D-Bus interface?
1203
1163
# object. Decorate it to be a new D-Bus interface
1204
1164
# with the alternate D-Bus interface name. Add it
1205
1165
# to the class.
1207
dbus_interface_annotations(alt_interface)
1208
(types.FunctionType(attribute.func_code,
1209
attribute.func_globals,
1210
attribute.func_name,
1211
attribute.func_defaults,
1212
attribute.func_closure)))
1166
attr[attrname] = (dbus_interface_annotations
1169
(attribute.func_code,
1170
attribute.func_globals,
1171
attribute.func_name,
1172
attribute.func_defaults,
1173
attribute.func_closure)))
1214
1175
# Deprecate all alternate interfaces
1215
iname="_AlternateDBusNames_interface_annotation{}"
1176
iname="_AlternateDBusNames_interface_annotation{0}"
1216
1177
for interface_name in interface_names:
1218
1178
@dbus_interface_annotations(interface_name)
1219
1179
def func(self):
1220
1180
return { "org.freedesktop.DBus.Deprecated":
1222
1182
# Find an unused name
1223
1183
for aname in (iname.format(i)
1224
1184
for i in itertools.count()):
1257
1214
Client.__init__(self, *args, **kwargs)
1258
1215
# Only now, when this client is initialized, can it show up on
1260
client_object_name = str(self.name).translate(
1217
client_object_name = unicode(self.name).translate(
1261
1218
{ord("."): ord("_"),
1262
1219
ord("-"): ord("_")})
1263
self.dbus_object_path = dbus.ObjectPath(
1264
"/clients/" + client_object_name)
1220
self.dbus_object_path = (dbus.ObjectPath
1221
("/clients/" + client_object_name))
1265
1222
DBusObjectWithProperties.__init__(self, self.bus,
1266
1223
self.dbus_object_path)
1268
def notifychangeproperty(transform_func, dbus_name,
1269
type_func=lambda x: x,
1271
invalidate_only=False,
1272
_interface=_interface):
1225
def notifychangeproperty(transform_func,
1226
dbus_name, type_func=lambda x: x,
1273
1228
""" Modify a variable so that it's a property which announces
1274
1229
its changes to DBus.
1280
1235
to the D-Bus. Default: no transform
1281
1236
variant_level: D-Bus variant level. Default: 1
1283
attrname = "_{}".format(dbus_name)
1238
attrname = "_{0}".format(dbus_name)
1285
1239
def setter(self, value):
1286
1240
if hasattr(self, "dbus_object_path"):
1287
1241
if (not hasattr(self, attrname) or
1288
1242
type_func(getattr(self, attrname, None))
1289
1243
!= type_func(value)):
1291
self.PropertiesChanged(
1292
_interface, dbus.Dictionary(),
1293
dbus.Array((dbus_name, )))
1295
dbus_value = transform_func(
1297
variant_level = variant_level)
1298
self.PropertyChanged(dbus.String(dbus_name),
1300
self.PropertiesChanged(
1302
dbus.Dictionary({ dbus.String(dbus_name):
1244
dbus_value = transform_func(type_func(value),
1247
self.PropertyChanged(dbus.String(dbus_name),
1305
1249
setattr(self, attrname, value)
1307
1251
return property(lambda self: getattr(self, attrname), setter)
1313
1257
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
1314
1258
last_enabled = notifychangeproperty(datetime_to_dbus,
1316
checker = notifychangeproperty(
1317
dbus.Boolean, "CheckerRunning",
1318
type_func = lambda checker: checker is not None)
1260
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
1261
type_func = lambda checker:
1262
checker is not None)
1319
1263
last_checked_ok = notifychangeproperty(datetime_to_dbus,
1320
1264
"LastCheckedOK")
1321
1265
last_checker_status = notifychangeproperty(dbus.Int16,
1324
1268
datetime_to_dbus, "LastApprovalRequest")
1325
1269
approved_by_default = notifychangeproperty(dbus.Boolean,
1326
1270
"ApprovedByDefault")
1327
approval_delay = notifychangeproperty(
1328
dbus.UInt64, "ApprovalDelay",
1329
type_func = lambda td: td.total_seconds() * 1000)
1271
approval_delay = notifychangeproperty(dbus.UInt64,
1274
timedelta_to_milliseconds)
1330
1275
approval_duration = notifychangeproperty(
1331
1276
dbus.UInt64, "ApprovalDuration",
1332
type_func = lambda td: td.total_seconds() * 1000)
1277
type_func = timedelta_to_milliseconds)
1333
1278
host = notifychangeproperty(dbus.String, "Host")
1334
timeout = notifychangeproperty(
1335
dbus.UInt64, "Timeout",
1336
type_func = lambda td: td.total_seconds() * 1000)
1279
timeout = notifychangeproperty(dbus.UInt64, "Timeout",
1281
timedelta_to_milliseconds)
1337
1282
extended_timeout = notifychangeproperty(
1338
1283
dbus.UInt64, "ExtendedTimeout",
1339
type_func = lambda td: td.total_seconds() * 1000)
1340
interval = notifychangeproperty(
1341
dbus.UInt64, "Interval",
1342
type_func = lambda td: td.total_seconds() * 1000)
1284
type_func = timedelta_to_milliseconds)
1285
interval = notifychangeproperty(dbus.UInt64,
1288
timedelta_to_milliseconds)
1343
1289
checker_command = notifychangeproperty(dbus.String, "Checker")
1344
secret = notifychangeproperty(dbus.ByteArray, "Secret",
1345
invalidate_only=True)
1347
1291
del notifychangeproperty
1375
1319
*args, **kwargs)
1377
1321
def start_checker(self, *args, **kwargs):
1378
old_checker_pid = getattr(self.checker, "pid", None)
1322
old_checker = self.checker
1323
if self.checker is not None:
1324
old_checker_pid = self.checker.pid
1326
old_checker_pid = None
1379
1327
r = Client.start_checker(self, *args, **kwargs)
1380
1328
# Only if new checker process was started
1381
1329
if (self.checker is not None
1391
1339
def approve(self, value=True):
1392
1340
self.approved = value
1393
gobject.timeout_add(int(self.approval_duration.total_seconds()
1394
* 1000), self._reset_approved)
1341
gobject.timeout_add(timedelta_to_milliseconds
1342
(self.approval_duration),
1343
self._reset_approved)
1395
1344
self.send_changedstate()
1397
1346
## D-Bus methods, signals & properties
1347
_interface = "se.recompile.Mandos.Client"
1351
@dbus_interface_annotations(_interface)
1353
return { "org.freedesktop.DBus.Property.EmitsChangedSignal":
1403
1358
# CheckerCompleted - signal
1492
1445
self.approved_by_default = bool(value)
1494
1447
# ApprovalDelay - property
1495
@dbus_service_property(_interface,
1448
@dbus_service_property(_interface, signature="t",
1497
1449
access="readwrite")
1498
1450
def ApprovalDelay_dbus_property(self, value=None):
1499
1451
if value is None: # get
1500
return dbus.UInt64(self.approval_delay.total_seconds()
1452
return dbus.UInt64(self.approval_delay_milliseconds())
1502
1453
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1504
1455
# ApprovalDuration - property
1505
@dbus_service_property(_interface,
1456
@dbus_service_property(_interface, signature="t",
1507
1457
access="readwrite")
1508
1458
def ApprovalDuration_dbus_property(self, value=None):
1509
1459
if value is None: # get
1510
return dbus.UInt64(self.approval_duration.total_seconds()
1460
return dbus.UInt64(timedelta_to_milliseconds(
1461
self.approval_duration))
1512
1462
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1514
1464
# Name - property
1578
1526
return datetime_to_dbus(self.last_approval_request)
1580
1528
# Timeout - property
1581
@dbus_service_property(_interface,
1529
@dbus_service_property(_interface, signature="t",
1583
1530
access="readwrite")
1584
1531
def Timeout_dbus_property(self, value=None):
1585
1532
if value is None: # get
1586
return dbus.UInt64(self.timeout.total_seconds() * 1000)
1533
return dbus.UInt64(self.timeout_milliseconds())
1587
1534
old_timeout = self.timeout
1588
1535
self.timeout = datetime.timedelta(0, 0, 0, value)
1589
1536
# Reschedule disabling
1600
1547
gobject.source_remove(self.disable_initiator_tag)
1601
self.disable_initiator_tag = gobject.timeout_add(
1602
int((self.expires - now).total_seconds() * 1000),
1548
self.disable_initiator_tag = (
1549
gobject.timeout_add(
1550
timedelta_to_milliseconds(self.expires - now),
1605
1553
# ExtendedTimeout - property
1606
@dbus_service_property(_interface,
1554
@dbus_service_property(_interface, signature="t",
1608
1555
access="readwrite")
1609
1556
def ExtendedTimeout_dbus_property(self, value=None):
1610
1557
if value is None: # get
1611
return dbus.UInt64(self.extended_timeout.total_seconds()
1558
return dbus.UInt64(self.extended_timeout_milliseconds())
1613
1559
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1615
1561
# Interval - property
1616
@dbus_service_property(_interface,
1562
@dbus_service_property(_interface, signature="t",
1618
1563
access="readwrite")
1619
1564
def Interval_dbus_property(self, value=None):
1620
1565
if value is None: # get
1621
return dbus.UInt64(self.interval.total_seconds() * 1000)
1566
return dbus.UInt64(self.interval_milliseconds())
1622
1567
self.interval = datetime.timedelta(0, 0, 0, value)
1623
1568
if getattr(self, "checker_initiator_tag", None) is None:
1625
1570
if self.enabled:
1626
1571
# Reschedule checker run
1627
1572
gobject.source_remove(self.checker_initiator_tag)
1628
self.checker_initiator_tag = gobject.timeout_add(
1629
value, self.start_checker)
1630
self.start_checker() # Start one now, too
1573
self.checker_initiator_tag = (gobject.timeout_add
1574
(value, self.start_checker))
1575
self.start_checker() # Start one now, too
1632
1577
# Checker - property
1633
@dbus_service_property(_interface,
1578
@dbus_service_property(_interface, signature="s",
1635
1579
access="readwrite")
1636
1580
def Checker_dbus_property(self, value=None):
1637
1581
if value is None: # get
1638
1582
return dbus.String(self.checker_command)
1639
self.checker_command = str(value)
1583
self.checker_command = unicode(value)
1641
1585
# CheckerRunning - property
1642
@dbus_service_property(_interface,
1586
@dbus_service_property(_interface, signature="b",
1644
1587
access="readwrite")
1645
1588
def CheckerRunning_dbus_property(self, value=None):
1646
1589
if value is None: # get
1703
1642
def handle(self):
1704
1643
with contextlib.closing(self.server.child_pipe) as child_pipe:
1705
1644
logger.info("TCP connection from: %s",
1706
str(self.client_address))
1645
unicode(self.client_address))
1707
1646
logger.debug("Pipe FD: %d",
1708
1647
self.server.child_pipe.fileno())
1710
session = gnutls.connection.ClientSession(
1711
self.request, gnutls.connection .X509Credentials())
1649
session = (gnutls.connection
1650
.ClientSession(self.request,
1652
.X509Credentials()))
1713
1654
# Note: gnutls.connection.X509Credentials is really a
1714
1655
# generic GnuTLS certificate credentials object so long as
1871
1815
def fingerprint(openpgp):
1872
1816
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
1873
1817
# New GnuTLS "datum" with the OpenPGP public key
1874
datum = gnutls.library.types.gnutls_datum_t(
1875
ctypes.cast(ctypes.c_char_p(openpgp),
1876
ctypes.POINTER(ctypes.c_ubyte)),
1877
ctypes.c_uint(len(openpgp)))
1818
datum = (gnutls.library.types
1819
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
1822
ctypes.c_uint(len(openpgp))))
1878
1823
# New empty GnuTLS certificate
1879
1824
crt = gnutls.library.types.gnutls_openpgp_crt_t()
1880
gnutls.library.functions.gnutls_openpgp_crt_init(
1825
(gnutls.library.functions
1826
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
1882
1827
# Import the OpenPGP public key into the certificate
1883
gnutls.library.functions.gnutls_openpgp_crt_import(
1884
crt, ctypes.byref(datum),
1885
gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)
1828
(gnutls.library.functions
1829
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
1830
gnutls.library.constants
1831
.GNUTLS_OPENPGP_FMT_RAW))
1886
1832
# Verify the self signature in the key
1887
1833
crtverify = ctypes.c_uint()
1888
gnutls.library.functions.gnutls_openpgp_crt_verify_self(
1889
crt, 0, ctypes.byref(crtverify))
1834
(gnutls.library.functions
1835
.gnutls_openpgp_crt_verify_self(crt, 0,
1836
ctypes.byref(crtverify)))
1890
1837
if crtverify.value != 0:
1891
1838
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1892
raise gnutls.errors.CertificateSecurityError(
1839
raise (gnutls.errors.CertificateSecurityError
1894
1841
# New buffer for the fingerprint
1895
1842
buf = ctypes.create_string_buffer(20)
1896
1843
buf_len = ctypes.c_size_t()
1897
1844
# Get the fingerprint from the certificate into the buffer
1898
gnutls.library.functions.gnutls_openpgp_crt_get_fingerprint(
1899
crt, ctypes.byref(buf), ctypes.byref(buf_len))
1845
(gnutls.library.functions
1846
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
1847
ctypes.byref(buf_len)))
1900
1848
# Deinit the certificate
1901
1849
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1902
1850
# Convert the buffer to a Python bytestring
2026
1969
if self.address_family == socket.AF_INET6:
2027
1970
any_address = "::" # in6addr_any
2029
any_address = "0.0.0.0" # INADDR_ANY
1972
any_address = socket.INADDR_ANY
2030
1973
self.server_address = (any_address,
2031
1974
self.server_address[1])
2032
1975
elif not self.server_address[1]:
2033
self.server_address = (self.server_address[0], 0)
1976
self.server_address = (self.server_address[0],
2034
1978
# if self.interface:
2035
1979
# self.server_address = (self.server_address[0],
2080
2018
def add_pipe(self, parent_pipe, proc):
2081
2019
# Call "handle_ipc" for both data and EOF events
2082
gobject.io_add_watch(
2083
parent_pipe.fileno(),
2084
gobject.IO_IN | gobject.IO_HUP,
2085
functools.partial(self.handle_ipc,
2086
parent_pipe = parent_pipe,
2020
gobject.io_add_watch(parent_pipe.fileno(),
2021
gobject.IO_IN | gobject.IO_HUP,
2022
functools.partial(self.handle_ipc,
2089
def handle_ipc(self, source, condition,
2092
client_object=None):
2027
def handle_ipc(self, source, condition, parent_pipe=None,
2028
proc = None, client_object=None):
2093
2029
# error, or the other end of multiprocessing.Pipe has closed
2094
2030
if condition & (gobject.IO_ERR | gobject.IO_HUP):
2095
2031
# Wait for other process to exit
2191
2128
"followers")) # Tokens valid after
2193
Token = collections.namedtuple("Token", (
2194
"regexp", # To match token; if "value" is not None, must have
2195
# a "group" containing digits
2196
"value", # datetime.timedelta or None
2197
"followers")) # Tokens valid after this token
2198
2130
# RFC 3339 "duration" tokens, syntax, and semantics; taken from
2199
2131
# the "duration" ABNF definition in RFC 3339, Appendix A.
2200
2132
token_end = Token(re.compile(r"$"), None, frozenset())
2201
2133
token_second = Token(re.compile(r"(\d+)S"),
2202
2134
datetime.timedelta(seconds=1),
2203
frozenset((token_end, )))
2135
frozenset((token_end,)))
2204
2136
token_minute = Token(re.compile(r"(\d+)M"),
2205
2137
datetime.timedelta(minutes=1),
2206
2138
frozenset((token_second, token_end)))
2222
2154
frozenset((token_month, token_end)))
2223
2155
token_week = Token(re.compile(r"(\d+)W"),
2224
2156
datetime.timedelta(weeks=1),
2225
frozenset((token_end, )))
2157
frozenset((token_end,)))
2226
2158
token_duration = Token(re.compile(r"P"), None,
2227
2159
frozenset((token_year, token_month,
2228
2160
token_day, token_time,
2230
2162
# Define starting values
2231
2163
value = datetime.timedelta() # Value so far
2232
2164
found_token = None
2233
followers = frozenset((token_duration,)) # Following valid tokens
2165
followers = frozenset(token_duration,) # Following valid tokens
2234
2166
s = duration # String left to parse
2235
2167
# Loop until end token is found
2236
2168
while found_token is not token_end:
2336
2269
parser = argparse.ArgumentParser()
2337
2270
parser.add_argument("-v", "--version", action="version",
2338
version = "%(prog)s {}".format(version),
2271
version = "%(prog)s {0}".format(version),
2339
2272
help="show version number and exit")
2340
2273
parser.add_argument("-i", "--interface", metavar="IF",
2341
2274
help="Bind to interface IF")
2361
2294
parser.add_argument("--no-dbus", action="store_false",
2362
2295
dest="use_dbus", help="Do not provide D-Bus"
2363
" system bus interface", default=None)
2296
" system bus interface")
2364
2297
parser.add_argument("--no-ipv6", action="store_false",
2365
dest="use_ipv6", help="Do not use IPv6",
2298
dest="use_ipv6", help="Do not use IPv6")
2367
2299
parser.add_argument("--no-restore", action="store_false",
2368
2300
dest="restore", help="Do not restore stored"
2369
" state", default=None)
2370
2302
parser.add_argument("--socket", type=int,
2371
2303
help="Specify a file descriptor to a network"
2372
2304
" socket to use instead of creating one")
2373
2305
parser.add_argument("--statedir", metavar="DIR",
2374
2306
help="Directory to save/restore state in")
2375
2307
parser.add_argument("--foreground", action="store_true",
2376
help="Run in foreground", default=None)
2377
parser.add_argument("--no-zeroconf", action="store_false",
2378
dest="zeroconf", help="Do not use Zeroconf",
2308
help="Run in foreground")
2381
2310
options = parser.parse_args()
2383
2312
if options.check:
2385
fail_count, test_count = doctest.testmod()
2386
sys.exit(os.EX_OK if fail_count == 0 else 1)
2388
2317
# Default values for config file for server-global settings
2389
2318
server_defaults = { "interface": "",
2402
2330
"statedir": "/var/lib/mandos",
2403
2331
"foreground": "False",
2407
2334
# Parse config file for server-global settings
2408
2335
server_config = configparser.SafeConfigParser(server_defaults)
2409
2336
del server_defaults
2410
server_config.read(os.path.join(options.configdir, "mandos.conf"))
2337
server_config.read(os.path.join(options.configdir,
2411
2339
# Convert the SafeConfigParser object to a dict
2412
2340
server_settings = server_config.defaults()
2413
2341
# Use the appropriate methods on the non-string config options
2431
2359
# Override the settings from the config file with command line
2432
2360
# options, if set.
2433
2361
for option in ("interface", "address", "port", "debug",
2434
"priority", "servicename", "configdir", "use_dbus",
2435
"use_ipv6", "debuglevel", "restore", "statedir",
2436
"socket", "foreground", "zeroconf"):
2362
"priority", "servicename", "configdir",
2363
"use_dbus", "use_ipv6", "debuglevel", "restore",
2364
"statedir", "socket", "foreground"):
2437
2365
value = getattr(options, option)
2438
2366
if value is not None:
2439
2367
server_settings[option] = value
2441
2369
# Force all strings to be unicode
2442
2370
for option in server_settings.keys():
2443
if isinstance(server_settings[option], bytes):
2444
server_settings[option] = (server_settings[option]
2446
# Force all boolean options to be boolean
2447
for option in ("debug", "use_dbus", "use_ipv6", "restore",
2448
"foreground", "zeroconf"):
2449
server_settings[option] = bool(server_settings[option])
2371
if type(server_settings[option]) is str:
2372
server_settings[option] = unicode(server_settings[option])
2450
2373
# Debug implies foreground
2451
2374
if server_settings["debug"]:
2452
2375
server_settings["foreground"] = True
2493
2411
global mandos_dbus_service
2494
2412
mandos_dbus_service = None
2497
if server_settings["socket"] != "":
2498
socketfd = server_settings["socket"]
2499
tcp_server = MandosServer(
2500
(server_settings["address"], server_settings["port"]),
2502
interface=(server_settings["interface"] or None),
2504
gnutls_priority=server_settings["priority"],
2414
tcp_server = MandosServer((server_settings["address"],
2415
server_settings["port"]),
2417
interface=(server_settings["interface"]
2421
server_settings["priority"],
2423
socketfd=(server_settings["socket"]
2507
2425
if not foreground:
2508
pidfilename = "/run/mandos.pid"
2509
if not os.path.isdir("/run/."):
2510
pidfilename = "/var/run/mandos.pid"
2426
pidfilename = "/var/run/mandos.pid"
2513
2429
pidfile = open(pidfilename, "w")
2572
2488
bus_name = dbus.service.BusName("se.recompile.Mandos",
2575
old_bus_name = dbus.service.BusName(
2576
"se.bsnet.fukt.Mandos", bus,
2578
except dbus.exceptions.DBusException as e:
2489
bus, do_not_queue=True)
2490
old_bus_name = (dbus.service.BusName
2491
("se.bsnet.fukt.Mandos", bus,
2493
except dbus.exceptions.NameExistsException as e:
2579
2494
logger.error("Disabling D-Bus:", exc_info=e)
2580
2495
use_dbus = False
2581
2496
server_settings["use_dbus"] = False
2582
2497
tcp_server.use_dbus = False
2584
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2585
service = AvahiServiceToSyslog(
2586
name = server_settings["servicename"],
2587
servicetype = "_mandos._tcp",
2588
protocol = protocol,
2590
if server_settings["interface"]:
2591
service.interface = if_nametoindex(
2592
server_settings["interface"].encode("utf-8"))
2498
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2499
service = AvahiServiceToSyslog(name =
2500
server_settings["servicename"],
2501
servicetype = "_mandos._tcp",
2502
protocol = protocol, bus = bus)
2503
if server_settings["interface"]:
2504
service.interface = (if_nametoindex
2505
(str(server_settings["interface"])))
2594
2507
global multiprocessing_manager
2595
2508
multiprocessing_manager = multiprocessing.Manager()
2602
2515
old_client_settings = {}
2603
2516
clients_data = {}
2605
# This is used to redirect stdout and stderr for checker processes
2607
wnull = open(os.devnull, "w") # A writable /dev/null
2608
# Only used if server is running in foreground but not in debug
2610
if debug or not foreground:
2613
2518
# Get client data and settings from last running state.
2614
2519
if server_settings["restore"]:
2616
2521
with open(stored_state_path, "rb") as stored_state:
2617
clients_data, old_client_settings = pickle.load(
2522
clients_data, old_client_settings = (pickle.load
2619
2524
os.remove(stored_state_path)
2620
2525
except IOError as e:
2621
2526
if e.errno == errno.ENOENT:
2622
logger.warning("Could not load persistent state:"
2623
" {}".format(os.strerror(e.errno)))
2527
logger.warning("Could not load persistent state: {0}"
2528
.format(os.strerror(e.errno)))
2625
2530
logger.critical("Could not load persistent state:",
2628
2533
except EOFError as e:
2629
2534
logger.warning("Could not load persistent state: "
2535
"EOFError:", exc_info=e)
2633
2537
with PGPEngine() as pgp:
2634
for client_name, client in clients_data.items():
2635
# Skip removed clients
2636
if client_name not in client_settings:
2538
for client_name, client in clients_data.iteritems():
2639
2539
# Decide which value to use after restoring saved state.
2640
2540
# We have three different values: Old config file,
2641
2541
# new config file, and saved state.
2662
2562
if datetime.datetime.utcnow() >= client["expires"]:
2663
2563
if not client["last_checked_ok"]:
2664
2564
logger.warning(
2665
"disabling client {} - Client never "
2666
"performed a successful checker".format(
2565
"disabling client {0} - Client never "
2566
"performed a successful checker"
2567
.format(client_name))
2668
2568
client["enabled"] = False
2669
2569
elif client["last_checker_status"] != 0:
2670
2570
logger.warning(
2671
"disabling client {} - Client last"
2672
" checker failed with error code"
2675
client["last_checker_status"]))
2571
"disabling client {0} - Client "
2572
"last checker failed with error code {1}"
2573
.format(client_name,
2574
client["last_checker_status"]))
2676
2575
client["enabled"] = False
2678
client["expires"] = (
2679
datetime.datetime.utcnow()
2680
+ client["timeout"])
2577
client["expires"] = (datetime.datetime
2579
+ client["timeout"])
2681
2580
logger.debug("Last checker succeeded,"
2682
" keeping {} enabled".format(
2581
" keeping {0} enabled"
2582
.format(client_name))
2685
client["secret"] = pgp.decrypt(
2686
client["encrypted_secret"],
2687
client_settings[client_name]["secret"])
2584
client["secret"] = (
2585
pgp.decrypt(client["encrypted_secret"],
2586
client_settings[client_name]
2688
2588
except PGPError:
2689
2589
# If decryption fails, we use secret from new settings
2690
logger.debug("Failed to decrypt {} old secret".format(
2692
client["secret"] = (client_settings[client_name]
2590
logger.debug("Failed to decrypt {0} old secret"
2591
.format(client_name))
2592
client["secret"] = (
2593
client_settings[client_name]["secret"])
2695
2595
# Add/remove clients based on new changes made to config
2696
2596
for client_name in (set(old_client_settings)
2701
2601
clients_data[client_name] = client_settings[client_name]
2703
2603
# Create all client objects
2704
for client_name, client in clients_data.items():
2604
for client_name, client in clients_data.iteritems():
2705
2605
tcp_server.clients[client_name] = client_class(
2708
server_settings = server_settings)
2606
name = client_name, settings = client)
2710
2608
if not tcp_server.clients:
2711
2609
logger.warning("No clients defined")
2726
2624
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
2730
@alternate_dbus_interfaces(
2731
{ "se.recompile.Mandos": "se.bsnet.fukt.Mandos" })
2627
@alternate_dbus_interfaces({"se.recompile.Mandos":
2628
"se.bsnet.fukt.Mandos"})
2732
2629
class MandosDBusService(DBusObjectWithProperties):
2733
2630
"""A D-Bus proxy object"""
2735
2631
def __init__(self):
2736
2632
dbus.service.Object.__init__(self, bus, "/")
2738
2633
_interface = "se.recompile.Mandos"
2740
2635
@dbus_interface_annotations(_interface)
2741
2636
def _foo(self):
2743
"org.freedesktop.DBus.Property.EmitsChangedSignal":
2637
return { "org.freedesktop.DBus.Property"
2638
".EmitsChangedSignal":
2746
2641
@dbus.service.signal(_interface, signature="o")
2747
2642
def ClientAdded(self, objpath):
2815
2709
# A list of attributes that can not be pickled
2817
exclude = { "bus", "changedstate", "secret",
2818
"checker", "server_settings" }
2819
for name, typ in inspect.getmembers(dbus.service
2711
exclude = set(("bus", "changedstate", "secret",
2713
for name, typ in (inspect.getmembers
2714
(dbus.service.Object)):
2821
2715
exclude.add(name)
2823
2717
client_dict["encrypted_secret"] = (client
2830
2724
del client_settings[client.name]["secret"]
2833
with tempfile.NamedTemporaryFile(
2837
dir=os.path.dirname(stored_state_path),
2838
delete=False) as stored_state:
2727
with (tempfile.NamedTemporaryFile
2728
(mode='wb', suffix=".pickle", prefix='clients-',
2729
dir=os.path.dirname(stored_state_path),
2730
delete=False)) as stored_state:
2839
2731
pickle.dump((clients, client_settings), stored_state)
2840
tempname = stored_state.name
2732
tempname=stored_state.name
2841
2733
os.rename(tempname, stored_state_path)
2842
2734
except (IOError, OSError) as e:
2893
2785
#service.interface = tcp_server.socket.getsockname()[3]
2897
# From the Avahi example code
2900
except dbus.exceptions.DBusException as error:
2901
logger.critical("D-Bus Exception", exc_info=error)
2904
# End of Avahi example code
2788
# From the Avahi example code
2791
except dbus.exceptions.DBusException as error:
2792
logger.critical("D-Bus Exception", exc_info=error)
2795
# End of Avahi example code
2906
2797
gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,
2907
2798
lambda *args, **kwargs: