/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

  • Committer: Teddy Hogeborn
  • Date: 2013-10-22 19:46:35 UTC
  • Revision ID: teddy@recompile.se-20131022194635-ll6jyg1snrxwe94o
* TODO

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos
11
11
# "AvahiService" class, and some lines in "main".
12
12
13
13
# Everything else is
14
 
# Copyright © 2008-2012 Teddy Hogeborn
15
 
# Copyright © 2008-2012 Björn Påhlsson
 
14
# Copyright © 2008-2013 Teddy Hogeborn
 
15
# Copyright © 2008-2013 Björn Påhlsson
16
16
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
88
88
    except ImportError:
89
89
        SO_BINDTODEVICE = None
90
90
 
91
 
version = "1.6.0"
 
91
version = "1.6.1"
92
92
stored_state_file = "clients.pickle"
93
93
 
94
94
logger = logging.getLogger()
172
172
    def password_encode(self, password):
173
173
        # Passphrase can not be empty and can not contain newlines or
174
174
        # NUL bytes.  So we prefix it and hex encode it.
175
 
        return b"mandos" + binascii.hexlify(password)
 
175
        encoded = b"mandos" + binascii.hexlify(password)
 
176
        if len(encoded) > 2048:
 
177
            # GnuPG can't handle long passwords, so encode differently
 
178
            encoded = (b"mandos" + password.replace(b"\\", b"\\\\")
 
179
                       .replace(b"\n", b"\\n")
 
180
                       .replace(b"\0", b"\\x00"))
 
181
        return encoded
176
182
    
177
183
    def encrypt(self, data, password):
178
184
        passphrase = self.password_encode(password)
1991
1997
                if self.address_family == socket.AF_INET6:
1992
1998
                    any_address = "::" # in6addr_any
1993
1999
                else:
1994
 
                    any_address = socket.INADDR_ANY
 
2000
                    any_address = "0.0.0.0" # INADDR_ANY
1995
2001
                self.server_address = (any_address,
1996
2002
                                       self.server_address[1])
1997
2003
            elif not self.server_address[1]:
2302
2308
                        help="Run self-test")
2303
2309
    parser.add_argument("--debug", action="store_true",
2304
2310
                        help="Debug mode; run in foreground and log"
2305
 
                        " to terminal")
 
2311
                        " to terminal", default=None)
2306
2312
    parser.add_argument("--debuglevel", metavar="LEVEL",
2307
2313
                        help="Debug level for stdout output")
2308
2314
    parser.add_argument("--priority", help="GnuTLS"
2315
2321
                        " files")
2316
2322
    parser.add_argument("--no-dbus", action="store_false",
2317
2323
                        dest="use_dbus", help="Do not provide D-Bus"
2318
 
                        " system bus interface")
 
2324
                        " system bus interface", default=None)
2319
2325
    parser.add_argument("--no-ipv6", action="store_false",
2320
 
                        dest="use_ipv6", help="Do not use IPv6")
 
2326
                        dest="use_ipv6", help="Do not use IPv6",
 
2327
                        default=None)
2321
2328
    parser.add_argument("--no-restore", action="store_false",
2322
2329
                        dest="restore", help="Do not restore stored"
2323
 
                        " state")
 
2330
                        " state", default=None)
2324
2331
    parser.add_argument("--socket", type=int,
2325
2332
                        help="Specify a file descriptor to a network"
2326
2333
                        " socket to use instead of creating one")
2327
2334
    parser.add_argument("--statedir", metavar="DIR",
2328
2335
                        help="Directory to save/restore state in")
2329
2336
    parser.add_argument("--foreground", action="store_true",
2330
 
                        help="Run in foreground")
 
2337
                        help="Run in foreground", default=None)
2331
2338
    
2332
2339
    options = parser.parse_args()
2333
2340
    
2342
2349
                        "port": "",
2343
2350
                        "debug": "False",
2344
2351
                        "priority":
2345
 
                        "SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
 
2352
                        "SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:+SIGN-RSA-SHA224:+SIGN-RSA-RMD160",
2346
2353
                        "servicename": "Mandos",
2347
2354
                        "use_dbus": "True",
2348
2355
                        "use_ipv6": "True",
2392
2399
    for option in server_settings.keys():
2393
2400
        if type(server_settings[option]) is str:
2394
2401
            server_settings[option] = unicode(server_settings[option])
 
2402
    # Force all boolean options to be boolean
 
2403
    for option in ("debug", "use_dbus", "use_ipv6", "restore",
 
2404
                   "foreground"):
 
2405
        server_settings[option] = bool(server_settings[option])
2395
2406
    # Debug implies foreground
2396
2407
    if server_settings["debug"]:
2397
2408
        server_settings["foreground"] = True
2445
2456
                              socketfd=(server_settings["socket"]
2446
2457
                                        or None))
2447
2458
    if not foreground:
2448
 
        pidfilename = "/var/run/mandos.pid"
 
2459
        pidfilename = "/run/mandos.pid"
2449
2460
        pidfile = None
2450
2461
        try:
2451
2462
            pidfile = open(pidfilename, "w")