/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

  • Committer: Teddy Hogeborn
  • Date: 2013-10-13 19:12:58 UTC
  • mfrom: (237.4.35 release)
  • Revision ID: teddy@recompile.se-20131013191258-2a4lmsq5eqbw0sy1
Merge from release branch.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos
88
88
    except ImportError:
89
89
        SO_BINDTODEVICE = None
90
90
 
91
 
version = "1.6.0"
 
91
version = "1.6.1"
92
92
stored_state_file = "clients.pickle"
93
93
 
94
94
logger = logging.getLogger()
440
440
    runtime_expansions: Allowed attributes for runtime expansion.
441
441
    expires:    datetime.datetime(); time (UTC) when a client will be
442
442
                disabled, or None
 
443
    server_settings: The server_settings dict from main()
443
444
    """
444
445
    
445
446
    runtime_expansions = ("approval_delay", "approval_duration",
520
521
        
521
522
        return settings
522
523
    
523
 
    def __init__(self, settings, name = None):
 
524
    def __init__(self, settings, name = None, server_settings=None):
524
525
        self.name = name
 
526
        if server_settings is None:
 
527
            server_settings = {}
 
528
        self.server_settings = server_settings
525
529
        # adding all client settings
526
530
        for setting, value in settings.iteritems():
527
531
            setattr(self, setting, value)
711
715
                # in normal mode, that is already done by daemon(),
712
716
                # and in debug mode we don't want to.  (Stdin is
713
717
                # always replaced by /dev/null.)
 
718
                # The exception is when not debugging but nevertheless
 
719
                # running in the foreground; use the previously
 
720
                # created wnull.
 
721
                popen_args = {}
 
722
                if (not self.server_settings["debug"]
 
723
                    and self.server_settings["foreground"]):
 
724
                    popen_args.update({"stdout": wnull,
 
725
                                       "stderr": wnull })
714
726
                self.checker = subprocess.Popen(command,
715
727
                                                close_fds=True,
716
 
                                                shell=True, cwd="/")
 
728
                                                shell=True, cwd="/",
 
729
                                                **popen_args)
717
730
            except OSError as error:
718
731
                logger.error("Failed to start subprocess",
719
732
                             exc_info=error)
1978
1991
                if self.address_family == socket.AF_INET6:
1979
1992
                    any_address = "::" # in6addr_any
1980
1993
                else:
1981
 
                    any_address = socket.INADDR_ANY
 
1994
                    any_address = "0.0.0.0" # INADDR_ANY
1982
1995
                self.server_address = (any_address,
1983
1996
                                       self.server_address[1])
1984
1997
            elif not self.server_address[1]:
2289
2302
                        help="Run self-test")
2290
2303
    parser.add_argument("--debug", action="store_true",
2291
2304
                        help="Debug mode; run in foreground and log"
2292
 
                        " to terminal")
 
2305
                        " to terminal", default=None)
2293
2306
    parser.add_argument("--debuglevel", metavar="LEVEL",
2294
2307
                        help="Debug level for stdout output")
2295
2308
    parser.add_argument("--priority", help="GnuTLS"
2302
2315
                        " files")
2303
2316
    parser.add_argument("--no-dbus", action="store_false",
2304
2317
                        dest="use_dbus", help="Do not provide D-Bus"
2305
 
                        " system bus interface")
 
2318
                        " system bus interface", default=None)
2306
2319
    parser.add_argument("--no-ipv6", action="store_false",
2307
 
                        dest="use_ipv6", help="Do not use IPv6")
 
2320
                        dest="use_ipv6", help="Do not use IPv6",
 
2321
                        default=None)
2308
2322
    parser.add_argument("--no-restore", action="store_false",
2309
2323
                        dest="restore", help="Do not restore stored"
2310
 
                        " state")
 
2324
                        " state", default=None)
2311
2325
    parser.add_argument("--socket", type=int,
2312
2326
                        help="Specify a file descriptor to a network"
2313
2327
                        " socket to use instead of creating one")
2314
2328
    parser.add_argument("--statedir", metavar="DIR",
2315
2329
                        help="Directory to save/restore state in")
2316
2330
    parser.add_argument("--foreground", action="store_true",
2317
 
                        help="Run in foreground")
 
2331
                        help="Run in foreground", default=None)
2318
2332
    
2319
2333
    options = parser.parse_args()
2320
2334
    
2329
2343
                        "port": "",
2330
2344
                        "debug": "False",
2331
2345
                        "priority":
2332
 
                        "SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
 
2346
                        "SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:+SIGN-RSA-SHA224",
2333
2347
                        "servicename": "Mandos",
2334
2348
                        "use_dbus": "True",
2335
2349
                        "use_ipv6": "True",
2379
2393
    for option in server_settings.keys():
2380
2394
        if type(server_settings[option]) is str:
2381
2395
            server_settings[option] = unicode(server_settings[option])
 
2396
    # Force all boolean options to be boolean
 
2397
    for option in ("debug", "use_dbus", "use_ipv6", "restore",
 
2398
                   "foreground"):
 
2399
        server_settings[option] = bool(server_settings[option])
2382
2400
    # Debug implies foreground
2383
2401
    if server_settings["debug"]:
2384
2402
        server_settings["foreground"] = True
2524
2542
    old_client_settings = {}
2525
2543
    clients_data = {}
2526
2544
    
 
2545
    # This is used to redirect stdout and stderr for checker processes
 
2546
    global wnull
 
2547
    wnull = open(os.devnull, "w") # A writable /dev/null
 
2548
    # Only used if server is running in foreground but not in debug
 
2549
    # mode
 
2550
    if debug or not foreground:
 
2551
        wnull.close()
 
2552
    
2527
2553
    # Get client data and settings from last running state.
2528
2554
    if server_settings["restore"]:
2529
2555
        try:
2545
2571
    
2546
2572
    with PGPEngine() as pgp:
2547
2573
        for client_name, client in clients_data.iteritems():
 
2574
            # Skip removed clients
 
2575
            if client_name not in client_settings:
 
2576
                continue
 
2577
            
2548
2578
            # Decide which value to use after restoring saved state.
2549
2579
            # We have three different values: Old config file,
2550
2580
            # new config file, and saved state.
2612
2642
    # Create all client objects
2613
2643
    for client_name, client in clients_data.iteritems():
2614
2644
        tcp_server.clients[client_name] = client_class(
2615
 
            name = client_name, settings = client)
 
2645
            name = client_name, settings = client,
 
2646
            server_settings = server_settings)
2616
2647
    
2617
2648
    if not tcp_server.clients:
2618
2649
        logger.warning("No clients defined")
2701
2732
        service.cleanup()
2702
2733
        
2703
2734
        multiprocessing.active_children()
 
2735
        wnull.close()
2704
2736
        if not (tcp_server.clients or client_settings):
2705
2737
            return
2706
2738
        
2718
2750
                # A list of attributes that can not be pickled
2719
2751
                # + secret.
2720
2752
                exclude = set(("bus", "changedstate", "secret",
2721
 
                               "checker"))
 
2753
                               "checker", "server_settings"))
2722
2754
                for name, typ in (inspect.getmembers
2723
2755
                                  (dbus.service.Object)):
2724
2756
                    exclude.add(name)