To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 659
- compare with another revision
- download diff
- download tarball
- view history from revision 659
- Committer: Teddy Hogeborn
- Date: 2014-03-01 09:39:25 UTC
- Revision ID: teddy@recompile.se-20140301093925-0x6nwf21f0zljk6e
* debian/copyright: Change year to "2014".
* mandos-ctl: - '' -
* mandos-monitor: - '' -
* plugins.d/mandos-client.xml: - '' -
* mandos-ctl: - '' -
* mandos-monitor: - '' -
* plugins.d/mandos-client.xml: - '' -
- files added:
- initramfs-unpack
- files modified:
- INSTALL
added
removed
mandos
11
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008-2012 Teddy Hogeborn
15
# Copyright © 2008-2012 Björn Påhlsson
14
# Copyright © 2008-2014 Teddy Hogeborn
15
# Copyright © 2008-2014 Björn Påhlsson
16
16
#
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
68
68
import binascii
69
69
import tempfile
70
70
import itertools
71
import collections
71
72
72
73
import dbus
73
74
import dbus.service
78
79
import ctypes.util
79
80
import xml.dom.minidom
80
81
import inspect
81
import GnuPGInterface
82
82
83
83
try:
84
84
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
88
88
except ImportError:
89
89
SO_BINDTODEVICE = None
90
90
91
version = "1.6.0"
91
version = "1.6.4"
92
92
stored_state_file = "clients.pickle"
93
93
94
94
logger = logging.getLogger()
95
syslogger = (logging.handlers.SysLogHandler
96
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
97
address = str("/dev/log")))
95
syslogger = None
98
96
99
97
try:
100
98
if_nametoindex = (ctypes.cdll.LoadLibrary
116
114
def initlogger(debug, level=logging.WARNING):
117
115
"""init logger and add loglevel"""
118
116
117
syslogger = (logging.handlers.SysLogHandler
118
(facility =
119
logging.handlers.SysLogHandler.LOG_DAEMON,
120
address = str("/dev/log")))
119
121
syslogger.setFormatter(logging.Formatter
120
122
('Mandos [%(process)d]: %(levelname)s:'
121
123
' %(message)s'))
139
141
class PGPEngine(object):
140
142
"""A simple class for OpenPGP symmetric encryption & decryption"""
141
143
def __init__(self):
142
self.gnupg = GnuPGInterface.GnuPG()
143
144
self.tempdir = tempfile.mkdtemp(prefix="mandos-")
144
self.gnupg = GnuPGInterface.GnuPG()
145
self.gnupg.options.meta_interactive = False
146
self.gnupg.options.homedir = self.tempdir
147
self.gnupg.options.extra_args.extend(['--force-mdc',
148
'--quiet',
149
'--no-use-agent'])
145
self.gnupgargs = ['--batch',
146
'--home', self.tempdir,
147
'--force-mdc',
148
'--quiet',
149
'--no-use-agent']
150
150
151
151
def __enter__(self):
152
152
return self
174
174
def password_encode(self, password):
175
175
# Passphrase can not be empty and can not contain newlines or
176
176
# NUL bytes. So we prefix it and hex encode it.
177
return b"mandos" + binascii.hexlify(password)
177
encoded = b"mandos" + binascii.hexlify(password)
178
if len(encoded) > 2048:
179
# GnuPG can't handle long passwords, so encode differently
180
encoded = (b"mandos" + password.replace(b"\\", b"\\\\")
181
.replace(b"\n", b"\\n")
182
.replace(b"\0", b"\\x00"))
183
return encoded
178
184
179
185
def encrypt(self, data, password):
180
self.gnupg.passphrase = self.password_encode(password)
181
with open(os.devnull, "w") as devnull:
182
try:
183
proc = self.gnupg.run(['--symmetric'],
184
create_fhs=['stdin', 'stdout'],
185
attach_fhs={'stderr': devnull})
186
with contextlib.closing(proc.handles['stdin']) as f:
187
f.write(data)
188
with contextlib.closing(proc.handles['stdout']) as f:
189
ciphertext = f.read()
190
proc.wait()
191
except IOError as e:
192
raise PGPError(e)
193
self.gnupg.passphrase = None
186
passphrase = self.password_encode(password)
187
with tempfile.NamedTemporaryFile(dir=self.tempdir
188
) as passfile:
189
passfile.write(passphrase)
190
passfile.flush()
191
proc = subprocess.Popen(['gpg', '--symmetric',
192
'--passphrase-file',
193
passfile.name]
194
+ self.gnupgargs,
195
stdin = subprocess.PIPE,
196
stdout = subprocess.PIPE,
197
stderr = subprocess.PIPE)
198
ciphertext, err = proc.communicate(input = data)
199
if proc.returncode != 0:
200
raise PGPError(err)
194
201
return ciphertext
195
202
196
203
def decrypt(self, data, password):
197
self.gnupg.passphrase = self.password_encode(password)
198
with open(os.devnull, "w") as devnull:
199
try:
200
proc = self.gnupg.run(['--decrypt'],
201
create_fhs=['stdin', 'stdout'],
202
attach_fhs={'stderr': devnull})
203
with contextlib.closing(proc.handles['stdin']) as f:
204
f.write(data)
205
with contextlib.closing(proc.handles['stdout']) as f:
206
decrypted_plaintext = f.read()
207
proc.wait()
208
except IOError as e:
209
raise PGPError(e)
210
self.gnupg.passphrase = None
204
passphrase = self.password_encode(password)
205
with tempfile.NamedTemporaryFile(dir = self.tempdir
206
) as passfile:
207
passfile.write(passphrase)
208
passfile.flush()
209
proc = subprocess.Popen(['gpg', '--decrypt',
210
'--passphrase-file',
211
passfile.name]
212
+ self.gnupgargs,
213
stdin = subprocess.PIPE,
214
stdout = subprocess.PIPE,
215
stderr = subprocess.PIPE)
216
decrypted_plaintext, err = proc.communicate(input
217
= data)
218
if proc.returncode != 0:
219
raise PGPError(err)
211
220
return decrypted_plaintext
212
221
213
222
233
242
Used to optionally bind to the specified interface.
234
243
name: string; Example: 'Mandos'
235
244
type: string; Example: '_mandos._tcp'.
236
See <http://www.dns-sd.org/ServiceTypes.html>
245
See <https://www.iana.org/assignments/service-names-port-numbers>
237
246
port: integer; what port to announce
238
247
TXT: list of strings; TXT record for the service
239
248
domain: string; Domain to publish on, default to .local if empty.
439
448
runtime_expansions: Allowed attributes for runtime expansion.
440
449
expires: datetime.datetime(); time (UTC) when a client will be
441
450
disabled, or None
451
server_settings: The server_settings dict from main()
442
452
"""
443
453
444
454
runtime_expansions = ("approval_delay", "approval_duration",
446
456
"fingerprint", "host", "interval",
447
457
"last_approval_request", "last_checked_ok",
448
458
"last_enabled", "name", "timeout")
449
client_defaults = { "timeout": "5m",
450
"extended_timeout": "15m",
451
"interval": "2m",
459
client_defaults = { "timeout": "PT5M",
460
"extended_timeout": "PT15M",
461
"interval": "PT2M",
452
462
"checker": "fping -q -- %%(host)s",
453
463
"host": "",
454
"approval_delay": "0s",
455
"approval_duration": "1s",
464
"approval_delay": "PT0S",
465
"approval_duration": "PT1S",
456
466
"approved_by_default": "True",
457
467
"enabled": "True",
458
468
}
519
529
520
530
return settings
521
531
522
def __init__(self, settings, name = None):
532
def __init__(self, settings, name = None, server_settings=None):
523
533
self.name = name
534
if server_settings is None:
535
server_settings = {}
536
self.server_settings = server_settings
524
537
# adding all client settings
525
538
for setting, value in settings.iteritems():
526
539
setattr(self, setting, value)
679
692
# If a checker exists, make sure it is not a zombie
680
693
try:
681
694
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
682
except (AttributeError, OSError) as error:
683
if (isinstance(error, OSError)
684
and error.errno != errno.ECHILD):
685
raise error
695
except AttributeError:
696
pass
697
except OSError as error:
698
if error.errno != errno.ECHILD:
699
raise
686
700
else:
687
701
if pid:
688
702
logger.warning("Checker was a zombie")
710
724
# in normal mode, that is already done by daemon(),
711
725
# and in debug mode we don't want to. (Stdin is
712
726
# always replaced by /dev/null.)
727
# The exception is when not debugging but nevertheless
728
# running in the foreground; use the previously
729
# created wnull.
730
popen_args = {}
731
if (not self.server_settings["debug"]
732
and self.server_settings["foreground"]):
733
popen_args.update({"stdout": wnull,
734
"stderr": wnull })
713
735
self.checker = subprocess.Popen(command,
714
736
close_fds=True,
715
shell=True, cwd="/")
737
shell=True, cwd="/",
738
**popen_args)
716
739
except OSError as error:
717
740
logger.error("Failed to start subprocess",
718
741
exc_info=error)
742
return True
719
743
self.checker_callback_tag = (gobject.child_watch_add
720
744
(self.checker.pid,
721
745
self.checker_callback,
722
746
data=command))
723
747
# The checker may have completed before the gobject
724
748
# watch was added. Check for this.
725
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
749
try:
750
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
751
except OSError as error:
752
if error.errno == errno.ECHILD:
753
# This should never happen
754
logger.error("Child process vanished",
755
exc_info=error)
756
return True
757
raise
726
758
if pid:
727
759
gobject.source_remove(self.checker_callback_tag)
728
760
self.checker_callback(pid, status, command)
904
936
# The byte_arrays option is not supported yet on
905
937
# signatures other than "ay".
906
938
if prop._dbus_signature != "ay":
907
raise ValueError
939
raise ValueError("Byte arrays not supported for non-"
940
"'ay' signature {0!r}"
941
.format(prop._dbus_signature))
908
942
value = dbus.ByteArray(b''.join(chr(byte)
909
943
for byte in value))
910
944
prop(value)
1068
1102
interface_names.add(alt_interface)
1069
1103
# Is this a D-Bus signal?
1070
1104
if getattr(attribute, "_dbus_is_signal", False):
1071
# Extract the original non-method function by
1072
# black magic
1105
# Extract the original non-method undecorated
1106
# function by black magic
1073
1107
nonmethod_func = (dict(
1074
1108
zip(attribute.func_code.co_freevars,
1075
1109
attribute.__closure__))["func"]
1318
1352
*args, **kwargs)
1319
1353
1320
1354
def start_checker(self, *args, **kwargs):
1321
old_checker = self.checker
1322
if self.checker is not None:
1323
old_checker_pid = self.checker.pid
1324
else:
1325
old_checker_pid = None
1355
old_checker_pid = getattr(self.checker, "pid", None)
1326
1356
r = Client.start_checker(self, *args, **kwargs)
1327
1357
# Only if new checker process was started
1328
1358
if (self.checker is not None
1673
1703
logger.debug("Protocol version: %r", line)
1674
1704
try:
1675
1705
if int(line.strip().split()[0]) > 1:
1676
raise RuntimeError
1706
raise RuntimeError(line)
1677
1707
except (ValueError, IndexError, RuntimeError) as error:
1678
1708
logger.error("Unknown protocol version: %s", error)
1679
1709
return
1886
1916
1887
1917
def add_pipe(self, parent_pipe, proc):
1888
1918
"""Dummy function; override as necessary"""
1889
raise NotImplementedError
1919
raise NotImplementedError()
1890
1920
1891
1921
1892
1922
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
1968
1998
if self.address_family == socket.AF_INET6:
1969
1999
any_address = "::" # in6addr_any
1970
2000
else:
1971
any_address = socket.INADDR_ANY
2001
any_address = "0.0.0.0" # INADDR_ANY
1972
2002
self.server_address = (any_address,
1973
2003
self.server_address[1])
1974
2004
elif not self.server_address[1]:
2090
2120
return True
2091
2121
2092
2122
2123
def rfc3339_duration_to_delta(duration):
2124
"""Parse an RFC 3339 "duration" and return a datetime.timedelta
2125
2126
>>> rfc3339_duration_to_delta("P7D")
2127
datetime.timedelta(7)
2128
>>> rfc3339_duration_to_delta("PT60S")
2129
datetime.timedelta(0, 60)
2130
>>> rfc3339_duration_to_delta("PT60M")
2131
datetime.timedelta(0, 3600)
2132
>>> rfc3339_duration_to_delta("PT24H")
2133
datetime.timedelta(1)
2134
>>> rfc3339_duration_to_delta("P1W")
2135
datetime.timedelta(7)
2136
>>> rfc3339_duration_to_delta("PT5M30S")
2137
datetime.timedelta(0, 330)
2138
>>> rfc3339_duration_to_delta("P1DT3M20S")
2139
datetime.timedelta(1, 200)
2140
"""
2141
2142
# Parsing an RFC 3339 duration with regular expressions is not
2143
# possible - there would have to be multiple places for the same
2144
# values, like seconds. The current code, while more esoteric, is
2145
# cleaner without depending on a parsing library. If Python had a
2146
# built-in library for parsing we would use it, but we'd like to
2147
# avoid excessive use of external libraries.
2148
2149
# New type for defining tokens, syntax, and semantics all-in-one
2150
Token = collections.namedtuple("Token",
2151
("regexp", # To match token; if
2152
# "value" is not None,
2153
# must have a "group"
2154
# containing digits
2155
"value", # datetime.timedelta or
2156
# None
2157
"followers")) # Tokens valid after
2158
# this token
2159
# RFC 3339 "duration" tokens, syntax, and semantics; taken from
2160
# the "duration" ABNF definition in RFC 3339, Appendix A.
2161
token_end = Token(re.compile(r"$"), None, frozenset())
2162
token_second = Token(re.compile(r"(\d+)S"),
2163
datetime.timedelta(seconds=1),
2164
frozenset((token_end,)))
2165
token_minute = Token(re.compile(r"(\d+)M"),
2166
datetime.timedelta(minutes=1),
2167
frozenset((token_second, token_end)))
2168
token_hour = Token(re.compile(r"(\d+)H"),
2169
datetime.timedelta(hours=1),
2170
frozenset((token_minute, token_end)))
2171
token_time = Token(re.compile(r"T"),
2172
None,
2173
frozenset((token_hour, token_minute,
2174
token_second)))
2175
token_day = Token(re.compile(r"(\d+)D"),
2176
datetime.timedelta(days=1),
2177
frozenset((token_time, token_end)))
2178
token_month = Token(re.compile(r"(\d+)M"),
2179
datetime.timedelta(weeks=4),
2180
frozenset((token_day, token_end)))
2181
token_year = Token(re.compile(r"(\d+)Y"),
2182
datetime.timedelta(weeks=52),
2183
frozenset((token_month, token_end)))
2184
token_week = Token(re.compile(r"(\d+)W"),
2185
datetime.timedelta(weeks=1),
2186
frozenset((token_end,)))
2187
token_duration = Token(re.compile(r"P"), None,
2188
frozenset((token_year, token_month,
2189
token_day, token_time,
2190
token_week))),
2191
# Define starting values
2192
value = datetime.timedelta() # Value so far
2193
found_token = None
2194
followers = frozenset(token_duration,) # Following valid tokens
2195
s = duration # String left to parse
2196
# Loop until end token is found
2197
while found_token is not token_end:
2198
# Search for any currently valid tokens
2199
for token in followers:
2200
match = token.regexp.match(s)
2201
if match is not None:
2202
# Token found
2203
if token.value is not None:
2204
# Value found, parse digits
2205
factor = int(match.group(1), 10)
2206
# Add to value so far
2207
value += factor * token.value
2208
# Strip token from string
2209
s = token.regexp.sub("", s, 1)
2210
# Go to found token
2211
found_token = token
2212
# Set valid next tokens
2213
followers = found_token.followers
2214
break
2215
else:
2216
# No currently valid tokens were found
2217
raise ValueError("Invalid RFC 3339 duration")
2218
# End token found
2219
return value
2220
2221
2093
2222
def string_to_delta(interval):
2094
2223
"""Parse a string and return a datetime.timedelta
2095
2224
2106
2235
>>> string_to_delta('5m 30s')
2107
2236
datetime.timedelta(0, 330)
2108
2237
"""
2238
2239
try:
2240
return rfc3339_duration_to_delta(interval)
2241
except ValueError:
2242
pass
2243
2109
2244
timevalue = datetime.timedelta(0)
2110
2245
for s in interval.split():
2111
2246
try:
2124
2259
else:
2125
2260
raise ValueError("Unknown suffix {0!r}"
2126
2261
.format(suffix))
2127
except (ValueError, IndexError) as e:
2262
except IndexError as e:
2128
2263
raise ValueError(*(e.args))
2129
2264
timevalue += delta
2130
2265
return timevalue
2174
2309
help="Run self-test")
2175
2310
parser.add_argument("--debug", action="store_true",
2176
2311
help="Debug mode; run in foreground and log"
2177
" to terminal")
2312
" to terminal", default=None)
2178
2313
parser.add_argument("--debuglevel", metavar="LEVEL",
2179
2314
help="Debug level for stdout output")
2180
2315
parser.add_argument("--priority", help="GnuTLS"
2187
2322
" files")
2188
2323
parser.add_argument("--no-dbus", action="store_false",
2189
2324
dest="use_dbus", help="Do not provide D-Bus"
2190
" system bus interface")
2325
" system bus interface", default=None)
2191
2326
parser.add_argument("--no-ipv6", action="store_false",
2192
dest="use_ipv6", help="Do not use IPv6")
2327
dest="use_ipv6", help="Do not use IPv6",
2328
default=None)
2193
2329
parser.add_argument("--no-restore", action="store_false",
2194
2330
dest="restore", help="Do not restore stored"
2195
" state")
2331
" state", default=None)
2196
2332
parser.add_argument("--socket", type=int,
2197
2333
help="Specify a file descriptor to a network"
2198
2334
" socket to use instead of creating one")
2199
2335
parser.add_argument("--statedir", metavar="DIR",
2200
2336
help="Directory to save/restore state in")
2201
2337
parser.add_argument("--foreground", action="store_true",
2202
help="Run in foreground")
2338
help="Run in foreground", default=None)
2203
2339
2204
2340
options = parser.parse_args()
2205
2341
2206
2342
if options.check:
2207
2343
import doctest
2208
doctest.testmod()
2209
sys.exit()
2344
fail_count, test_count = doctest.testmod()
2345
sys.exit(os.EX_OK if fail_count == 0 else 1)
2210
2346
2211
2347
# Default values for config file for server-global settings
2212
2348
server_defaults = { "interface": "",
2214
2350
"port": "",
2215
2351
"debug": "False",
2216
2352
"priority":
2217
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
2353
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:+SIGN-RSA-SHA224:+SIGN-RSA-RMD160",
2218
2354
"servicename": "Mandos",
2219
2355
"use_dbus": "True",
2220
2356
"use_ipv6": "True",
2264
2400
for option in server_settings.keys():
2265
2401
if type(server_settings[option]) is str:
2266
2402
server_settings[option] = unicode(server_settings[option])
2403
# Force all boolean options to be boolean
2404
for option in ("debug", "use_dbus", "use_ipv6", "restore",
2405
"foreground"):
2406
server_settings[option] = bool(server_settings[option])
2267
2407
# Debug implies foreground
2268
2408
if server_settings["debug"]:
2269
2409
server_settings["foreground"] = True
2317
2457
socketfd=(server_settings["socket"]
2318
2458
or None))
2319
2459
if not foreground:
2320
pidfilename = "/var/run/mandos.pid"
2460
pidfilename = "/run/mandos.pid"
2461
if not os.path.isdir("/run/."):
2462
pidfilename = "/var/run/mandos.pid"
2321
2463
pidfile = None
2322
2464
try:
2323
2465
pidfile = open(pidfilename, "w")
2340
2482
os.setuid(uid)
2341
2483
except OSError as error:
2342
2484
if error.errno != errno.EPERM:
2343
raise error
2485
raise
2344
2486
2345
2487
if debug:
2346
2488
# Enable all possible GnuTLS debugging
2409
2551
old_client_settings = {}
2410
2552
clients_data = {}
2411
2553
2554
# This is used to redirect stdout and stderr for checker processes
2555
global wnull
2556
wnull = open(os.devnull, "w") # A writable /dev/null
2557
# Only used if server is running in foreground but not in debug
2558
# mode
2559
if debug or not foreground:
2560
wnull.close()
2561
2412
2562
# Get client data and settings from last running state.
2413
2563
if server_settings["restore"]:
2414
2564
try:
2430
2580
2431
2581
with PGPEngine() as pgp:
2432
2582
for client_name, client in clients_data.iteritems():
2583
# Skip removed clients
2584
if client_name not in client_settings:
2585
continue
2586
2433
2587
# Decide which value to use after restoring saved state.
2434
2588
# We have three different values: Old config file,
2435
2589
# new config file, and saved state.
2497
2651
# Create all client objects
2498
2652
for client_name, client in clients_data.iteritems():
2499
2653
tcp_server.clients[client_name] = client_class(
2500
name = client_name, settings = client)
2654
name = client_name, settings = client,
2655
server_settings = server_settings)
2501
2656
2502
2657
if not tcp_server.clients:
2503
2658
logger.warning("No clients defined")
2586
2741
service.cleanup()
2587
2742
2588
2743
multiprocessing.active_children()
2744
wnull.close()
2589
2745
if not (tcp_server.clients or client_settings):
2590
2746
return
2591
2747
2603
2759
# A list of attributes that can not be pickled
2604
2760
# + secret.
2605
2761
exclude = set(("bus", "changedstate", "secret",
2606
"checker"))
2762
"checker", "server_settings"))
2607
2763
for name, typ in (inspect.getmembers
2608
2764
(dbus.service.Object)):
2609
2765
exclude.add(name)
2637
2793
else:
2638
2794
logger.warning("Could not save persistent state:",
2639
2795
exc_info=e)
2640
raise e
2796
raise
2641
2797
2642
2798
# Delete all clients, and settings from config
2643
2799
while tcp_server.clients:
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0