/mandos/trunk : revision 654

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

Committer: Teddy Hogeborn
Date: 2014-02-16 02:42:42 UTC
Revision ID: teddy@recompile.se-20140216024242-9wiw1nkxgt7ohovj

Fix running of self-tests.

* debian/control (Build-Depends): Add Python dependencies to
successfully run self-tests.
* debian/copyright: GPLv3 now has its own license file - use it.
* debian/watch: Set PGP signature URL.
* mandos (main): Bug fix: When running self-tests, set exit code.
* mandos-ctl (main): Cosmetic fix; use os.EX_OK instead of plain 0.

files added:
initramfs-unpack

mandos.service

files modified:
INSTALL

Makefile

NEWS

TODO

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos.dirs

debian/mandos.postinst

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/plymouth.c

Show diffs side-by-side

added added

removed removed

mandos

# "AvahiService" class, and some lines in "main".

# Everything else is

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

except ImportError:

SO_BINDTODEVICE = None

version = "1.6.0"

version = "1.6.3"

stored_state_file = "clients.pickle"

logger = logging.getLogger()

172

def password_encode(self, password):

173

# Passphrase can not be empty and can not contain newlines or

174

# NUL bytes. So we prefix it and hex encode it.

175

return b"mandos" + binascii.hexlify(password)

175

encoded = b"mandos" + binascii.hexlify(password)

176

if len(encoded) > 2048:

177

# GnuPG can't handle long passwords, so encode differently

178

encoded = (b"mandos" + password.replace(b"\\", b"\\\\")

179

.replace(b"\n", b"\\n")

180

.replace(b"\0", b"\\x00"))

181

return encoded

176

182

177

183

def encrypt(self, data, password):

178

184

passphrase = self.password_encode(password)

684

690

# If a checker exists, make sure it is not a zombie

685

691

try:

686

692

pid, status = os.waitpid(self.checker.pid, os.WNOHANG)

687

except (AttributeError, OSError) as error:

688

if (isinstance(error, OSError)

689

and error.errno != errno.ECHILD):

690

raise error

693

except AttributeError:

694

pass

695

except OSError as error:

696

if error.errno != errno.ECHILD:

697

raise

691

698

else:

692

699

if pid:

693

700

logger.warning("Checker was a zombie")

927

934

# The byte_arrays option is not supported yet on

928

935

# signatures other than "ay".

929

936

if prop._dbus_signature != "ay":

930

raise ValueError

937

raise ValueError("Byte arrays not supported for non-"

938

"'ay' signature {0!r}"

939

.format(prop._dbus_signature))

931

940

value = dbus.ByteArray(b''.join(chr(byte)

932

941

for byte in value))

933

942

prop(value)

1696

1705

logger.debug("Protocol version: %r", line)

1697

1706

try:

1698

1707

if int(line.strip().split()[0]) > 1:

1699

raise RuntimeError

1708

raise RuntimeError(line)

1700

1709

except (ValueError, IndexError, RuntimeError) as error:

1701

1710

logger.error("Unknown protocol version: %s", error)

1702

1711

return

1909

1918

1910

1919

def add_pipe(self, parent_pipe, proc):

1911

1920

"""Dummy function; override as necessary"""

1912

raise NotImplementedError

1921

raise NotImplementedError()

1913

1922

1914

1923

1915

1924

class IPv6_TCPServer(MultiprocessingMixInWithPipe,

1991

2000

if self.address_family == socket.AF_INET6:

1992

2001

any_address = "::" # in6addr_any

1993

2002

else:

1994

any_address = socket.INADDR_ANY

2003

any_address = "0.0.0.0" # INADDR_ANY

1995

2004

self.server_address = (any_address,

1996

2005

self.server_address[1])

1997

2006

elif not self.server_address[1]:

2252

2261

else:

2253

2262

raise ValueError("Unknown suffix {0!r}"

2254

2263

.format(suffix))

2255

except (ValueError, IndexError) as e:

2264

except IndexError as e:

2256

2265

raise ValueError(*(e.args))

2257

2266

timevalue += delta

2258

2267

return timevalue

2302

2311

help="Run self-test")

2303

2312

parser.add_argument("--debug", action="store_true",

2304

2313

help="Debug mode; run in foreground and log"

2305

" to terminal")

2314

" to terminal", default=None)

2306

2315

parser.add_argument("--debuglevel", metavar="LEVEL",

2307

2316

help="Debug level for stdout output")

2308

2317

parser.add_argument("--priority", help="GnuTLS"

2315

2324

" files")

2316

2325

parser.add_argument("--no-dbus", action="store_false",

2317

2326

dest="use_dbus", help="Do not provide D-Bus"

2318

" system bus interface")

2327

" system bus interface", default=None)

2319

2328

parser.add_argument("--no-ipv6", action="store_false",

2320

dest="use_ipv6", help="Do not use IPv6")

2329

dest="use_ipv6", help="Do not use IPv6",

2330

default=None)

2321

2331

parser.add_argument("--no-restore", action="store_false",

2322

2332

dest="restore", help="Do not restore stored"

2323

" state")

2333

" state", default=None)

2324

2334

parser.add_argument("--socket", type=int,

2325

2335

help="Specify a file descriptor to a network"

2326

2336

" socket to use instead of creating one")

2327

2337

parser.add_argument("--statedir", metavar="DIR",

2328

2338

help="Directory to save/restore state in")

2329

2339

parser.add_argument("--foreground", action="store_true",

2330

help="Run in foreground")

2340

help="Run in foreground", default=None)

2331

2341

2332

2342

options = parser.parse_args()

2333

2343

2334

2344

if options.check:

2335

2345

import doctest

2336

doctest.testmod()

2337

sys.exit()

2346

fail_count, test_count = doctest.testmod()

2347

sys.exit(os.EX_OK if fail_count == 0 else 1)

2338

2348

2339

2349

# Default values for config file for server-global settings

2340

2350

server_defaults = { "interface": "",

2342

2352

"port": "",

2343

2353

"debug": "False",

2344

2354

"priority":

2345

"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",

2355

"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:+SIGN-RSA-SHA224:+SIGN-RSA-RMD160",

2346

2356

"servicename": "Mandos",

2347

2357

"use_dbus": "True",

2348

2358

"use_ipv6": "True",

2392

2402

for option in server_settings.keys():

2393

2403

if type(server_settings[option]) is str:

2394

2404

server_settings[option] = unicode(server_settings[option])

2405

# Force all boolean options to be boolean

2406

for option in ("debug", "use_dbus", "use_ipv6", "restore",

2407

"foreground"):

2408

server_settings[option] = bool(server_settings[option])

2395

2409

# Debug implies foreground

2396

2410

if server_settings["debug"]:

2397

2411

server_settings["foreground"] = True

2445

2459

socketfd=(server_settings["socket"]

2446

2460

or None))

2447

2461

if not foreground:

2448

pidfilename = "/var/run/mandos.pid"

2462

pidfilename = "/run/mandos.pid"

2463

if not os.path.isdir("/run/."):

2464

pidfilename = "/var/run/mandos.pid"

2449

2465

pidfile = None

2450

2466

try:

2451

2467

pidfile = open(pidfilename, "w")

2468

2484

os.setuid(uid)

2469

2485

except OSError as error:

2470

2486

if error.errno != errno.EPERM:

2471

raise error

2487

raise

2472

2488

2473

2489

if debug:

2474

2490

# Enable all possible GnuTLS debugging

2779

2795

else:

2780

2796

logger.warning("Could not save persistent state:",

2781

2797

exc_info=e)

2782

raise e

2798

raise

2783

2799

2784

2800

# Delete all clients, and settings from config

2785

2801

while tcp_server.clients:

Older »