/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to server.py

  • Committer: Teddy Hogeborn
  • Date: 2008-01-18 22:04:19 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080118220419-z95418owrporioo5
* Makefile (client_debug): New.
* client.cpp (CERT_ROOT): New.

(Tested)

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
#!/usr/bin/python
2
 
# -*- mode: python; coding: utf-8 -*-
3
 
4
 
# Mandos server - give out binary blobs to connecting clients.
5
 
6
 
# This program is partly derived from an example program for an Avahi
7
 
# service publisher, downloaded from
8
 
# <http://avahi.org/wiki/PythonPublishExample>.  This includes the
9
 
# methods "add" and "remove" in the "AvahiService" class, the
10
 
# "server_state_changed" and "entry_group_state_changed" functions,
11
 
# and some lines in "main".
12
 
13
 
# Everything else is
14
 
# Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
15
 
16
 
# This program is free software: you can redistribute it and/or modify
17
 
# it under the terms of the GNU General Public License as published by
18
 
# the Free Software Foundation, either version 3 of the License, or
19
 
# (at your option) any later version.
20
 
#
21
 
#     This program is distributed in the hope that it will be useful,
22
 
#     but WITHOUT ANY WARRANTY; without even the implied warranty of
23
 
#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
24
 
#     GNU General Public License for more details.
25
 
26
 
# You should have received a copy of the GNU General Public License
27
 
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
28
 
29
 
# Contact the authors at <mandos@fukt.bsnet.se>.
30
 
31
 
 
32
 
from __future__ import division
33
2
 
34
3
import SocketServer
35
4
import socket
40
9
import gnutls.crypto
41
10
import gnutls.connection
42
11
import gnutls.errors
43
 
import gnutls.library.functions
44
 
import gnutls.library.constants
45
 
import gnutls.library.types
46
12
import ConfigParser
47
13
import sys
48
 
import re
49
 
import os
50
 
import signal
51
 
from sets import Set
52
 
import subprocess
53
 
import atexit
54
 
import stat
55
 
import logging
56
 
import logging.handlers
57
 
 
58
 
import dbus
59
 
import gobject
60
 
import avahi
61
 
from dbus.mainloop.glib import DBusGMainLoop
62
 
import ctypes
63
 
 
64
 
version = "1.0"
65
 
 
66
 
logger = logging.Logger('mandos')
67
 
syslogger = logging.handlers.SysLogHandler\
68
 
            (facility = logging.handlers.SysLogHandler.LOG_DAEMON,
69
 
             address = "/dev/log")
70
 
syslogger.setFormatter(logging.Formatter\
71
 
                        ('Mandos: %(levelname)s: %(message)s'))
72
 
logger.addHandler(syslogger)
73
 
 
74
 
 
75
 
class AvahiError(Exception):
76
 
    def __init__(self, value):
77
 
        self.value = value
78
 
    def __str__(self):
79
 
        return repr(self.value)
80
 
 
81
 
class AvahiServiceError(AvahiError):
82
 
    pass
83
 
 
84
 
class AvahiGroupError(AvahiError):
85
 
    pass
86
 
 
87
 
 
88
 
class AvahiService(object):
89
 
    """An Avahi (Zeroconf) service.
90
 
    Attributes:
91
 
    interface: integer; avahi.IF_UNSPEC or an interface index.
92
 
               Used to optionally bind to the specified interface.
93
 
    name: string; Example: 'Mandos'
94
 
    type: string; Example: '_mandos._tcp'.
95
 
                  See <http://www.dns-sd.org/ServiceTypes.html>
96
 
    port: integer; what port to announce
97
 
    TXT: list of strings; TXT record for the service
98
 
    domain: string; Domain to publish on, default to .local if empty.
99
 
    host: string; Host to publish records for, default is localhost
100
 
    max_renames: integer; maximum number of renames
101
 
    rename_count: integer; counter so we only rename after collisions
102
 
                  a sensible number of times
103
 
    """
104
 
    def __init__(self, interface = avahi.IF_UNSPEC, name = None,
105
 
                 type = None, port = None, TXT = None, domain = "",
106
 
                 host = "", max_renames = 32768):
107
 
        self.interface = interface
108
 
        self.name = name
109
 
        self.type = type
110
 
        self.port = port
111
 
        if TXT is None:
112
 
            self.TXT = []
113
 
        else:
114
 
            self.TXT = TXT
115
 
        self.domain = domain
116
 
        self.host = host
117
 
        self.rename_count = 0
118
 
    def rename(self):
119
 
        """Derived from the Avahi example code"""
120
 
        if self.rename_count >= self.max_renames:
121
 
            logger.critical(u"No suitable service name found after %i"
122
 
                            u" retries, exiting.", rename_count)
123
 
            raise AvahiServiceError("Too many renames")
124
 
        name = server.GetAlternativeServiceName(name)
125
 
        logger.error(u"Changing name to %r ...", name)
126
 
        syslogger.setFormatter(logging.Formatter\
127
 
                               ('Mandos (%s): %%(levelname)s:'
128
 
                               ' %%(message)s' % name))
129
 
        self.remove()
130
 
        self.add()
131
 
        self.rename_count += 1
132
 
    def remove(self):
133
 
        """Derived from the Avahi example code"""
134
 
        if group is not None:
135
 
            group.Reset()
136
 
    def add(self):
137
 
        """Derived from the Avahi example code"""
138
 
        global group
139
 
        if group is None:
140
 
            group = dbus.Interface\
141
 
                    (bus.get_object(avahi.DBUS_NAME,
142
 
                                    server.EntryGroupNew()),
143
 
                     avahi.DBUS_INTERFACE_ENTRY_GROUP)
144
 
            group.connect_to_signal('StateChanged',
145
 
                                    entry_group_state_changed)
146
 
        logger.debug(u"Adding service '%s' of type '%s' ...",
147
 
                     service.name, service.type)
148
 
        group.AddService(
149
 
                self.interface,         # interface
150
 
                avahi.PROTO_INET6,      # protocol
151
 
                dbus.UInt32(0),         # flags
152
 
                self.name, self.type,
153
 
                self.domain, self.host,
154
 
                dbus.UInt16(self.port),
155
 
                avahi.string_array_to_txt_array(self.TXT))
156
 
        group.Commit()
157
 
 
158
 
# From the Avahi example code:
159
 
group = None                            # our entry group
160
 
# End of Avahi example code
161
14
 
162
15
 
163
16
class Client(object):
164
 
    """A representation of a client host served by this server.
165
 
    Attributes:
166
 
    name:      string; from the config file, used in log messages
167
 
    fingerprint: string (40 or 32 hexadecimal digits); used to
168
 
                 uniquely identify the client
169
 
    secret:    bytestring; sent verbatim (over TLS) to client
170
 
    host:      string; available for use by the checker command
171
 
    created:   datetime.datetime(); object creation, not client host
172
 
    last_checked_ok: datetime.datetime() or None if not yet checked OK
173
 
    timeout:   datetime.timedelta(); How long from last_checked_ok
174
 
                                     until this client is invalid
175
 
    interval:  datetime.timedelta(); How often to start a new checker
176
 
    stop_hook: If set, called by stop() as stop_hook(self)
177
 
    checker:   subprocess.Popen(); a running checker process used
178
 
                                   to see if the client lives.
179
 
                                   'None' if no process is running.
180
 
    checker_initiator_tag: a gobject event source tag, or None
181
 
    stop_initiator_tag:    - '' -
182
 
    checker_callback_tag:  - '' -
183
 
    checker_command: string; External command which is run to check if
184
 
                     client lives.  %() expansions are done at
185
 
                     runtime with vars(self) as dict, so that for
186
 
                     instance %(name)s can be used in the command.
187
 
    Private attibutes:
188
 
    _timeout: Real variable for 'timeout'
189
 
    _interval: Real variable for 'interval'
190
 
    _timeout_milliseconds: Used when calling gobject.timeout_add()
191
 
    _interval_milliseconds: - '' -
192
 
    """
193
 
    def _set_timeout(self, timeout):
194
 
        "Setter function for 'timeout' attribute"
195
 
        self._timeout = timeout
196
 
        self._timeout_milliseconds = ((self.timeout.days
197
 
                                       * 24 * 60 * 60 * 1000)
198
 
                                      + (self.timeout.seconds * 1000)
199
 
                                      + (self.timeout.microseconds
200
 
                                         // 1000))
201
 
    timeout = property(lambda self: self._timeout,
202
 
                       _set_timeout)
203
 
    del _set_timeout
204
 
    def _set_interval(self, interval):
205
 
        "Setter function for 'interval' attribute"
206
 
        self._interval = interval
207
 
        self._interval_milliseconds = ((self.interval.days
208
 
                                        * 24 * 60 * 60 * 1000)
209
 
                                       + (self.interval.seconds
210
 
                                          * 1000)
211
 
                                       + (self.interval.microseconds
212
 
                                          // 1000))
213
 
    interval = property(lambda self: self._interval,
214
 
                        _set_interval)
215
 
    del _set_interval
216
 
    def __init__(self, name = None, stop_hook=None, config={}):
217
 
        """Note: the 'checker' key in 'config' sets the
218
 
        'checker_command' attribute and *not* the 'checker'
219
 
        attribute."""
 
17
    def __init__(self, name=None, options=None, dn=None,
 
18
                 password=None, passfile=None, fqdn=None,
 
19
                 timeout=None, interval=-1):
220
20
        self.name = name
221
 
        logger.debug(u"Creating client %r", self.name)
222
 
        # Uppercase and remove spaces from fingerprint for later
223
 
        # comparison purposes with return value from the fingerprint()
224
 
        # function
225
 
        self.fingerprint = config["fingerprint"].upper()\
226
 
                           .replace(u" ", u"")
227
 
        logger.debug(u"  Fingerprint: %s", self.fingerprint)
228
 
        if "secret" in config:
229
 
            self.secret = config["secret"].decode(u"base64")
230
 
        elif "secfile" in config:
231
 
            sf = open(config["secfile"])
232
 
            self.secret = sf.read()
233
 
            sf.close()
 
21
        self.dn = dn
 
22
        if password:
 
23
            self.password = password
 
24
        elif passfile:
 
25
            self.password = open(passfile).readall()
234
26
        else:
235
 
            raise TypeError(u"No secret or secfile for client %s"
236
 
                            % self.name)
237
 
        self.host = config.get("host", "")
 
27
            print "No Password or Passfile in client config file"
 
28
            # raise RuntimeError XXX
 
29
            self.password = "gazonk"
 
30
        self.fqdn = fqdn
238
31
        self.created = datetime.datetime.now()
239
 
        self.last_checked_ok = None
240
 
        self.timeout = string_to_delta(config["timeout"])
241
 
        self.interval = string_to_delta(config["interval"])
242
 
        self.stop_hook = stop_hook
243
 
        self.checker = None
244
 
        self.checker_initiator_tag = None
245
 
        self.stop_initiator_tag = None
246
 
        self.checker_callback_tag = None
247
 
        self.check_command = config["checker"]
248
 
    def start(self):
249
 
        """Start this client's checker and timeout hooks"""
250
 
        # Schedule a new checker to be started an 'interval' from now,
251
 
        # and every interval from then on.
252
 
        self.checker_initiator_tag = gobject.timeout_add\
253
 
                                     (self._interval_milliseconds,
254
 
                                      self.start_checker)
255
 
        # Also start a new checker *right now*.
256
 
        self.start_checker()
257
 
        # Schedule a stop() when 'timeout' has passed
258
 
        self.stop_initiator_tag = gobject.timeout_add\
259
 
                                  (self._timeout_milliseconds,
260
 
                                   self.stop)
261
 
    def stop(self):
262
 
        """Stop this client.
263
 
        The possibility that a client might be restarted is left open,
264
 
        but not currently used."""
265
 
        # If this client doesn't have a secret, it is already stopped.
266
 
        if hasattr(self, "secret") and self.secret:
267
 
            logger.info(u"Stopping client %s", self.name)
268
 
            self.secret = None
269
 
        else:
270
 
            return False
271
 
        if getattr(self, "stop_initiator_tag", False):
272
 
            gobject.source_remove(self.stop_initiator_tag)
273
 
            self.stop_initiator_tag = None
274
 
        if getattr(self, "checker_initiator_tag", False):
275
 
            gobject.source_remove(self.checker_initiator_tag)
276
 
            self.checker_initiator_tag = None
277
 
        self.stop_checker()
278
 
        if self.stop_hook:
279
 
            self.stop_hook(self)
280
 
        # Do not run this again if called by a gobject.timeout_add
281
 
        return False
282
 
    def __del__(self):
283
 
        self.stop_hook = None
284
 
        self.stop()
285
 
    def checker_callback(self, pid, condition):
286
 
        """The checker has completed, so take appropriate actions."""
287
 
        now = datetime.datetime.now()
288
 
        self.checker_callback_tag = None
289
 
        self.checker = None
290
 
        if os.WIFEXITED(condition) \
291
 
               and (os.WEXITSTATUS(condition) == 0):
292
 
            logger.info(u"Checker for %(name)s succeeded",
293
 
                        vars(self))
294
 
            self.last_checked_ok = now
295
 
            gobject.source_remove(self.stop_initiator_tag)
296
 
            self.stop_initiator_tag = gobject.timeout_add\
297
 
                                      (self._timeout_milliseconds,
298
 
                                       self.stop)
299
 
        elif not os.WIFEXITED(condition):
300
 
            logger.warning(u"Checker for %(name)s crashed?",
301
 
                           vars(self))
302
 
        else:
303
 
            logger.info(u"Checker for %(name)s failed",
304
 
                        vars(self))
305
 
    def start_checker(self):
306
 
        """Start a new checker subprocess if one is not running.
307
 
        If a checker already exists, leave it running and do
308
 
        nothing."""
309
 
        # The reason for not killing a running checker is that if we
310
 
        # did that, then if a checker (for some reason) started
311
 
        # running slowly and taking more than 'interval' time, the
312
 
        # client would inevitably timeout, since no checker would get
313
 
        # a chance to run to completion.  If we instead leave running
314
 
        # checkers alone, the checker would have to take more time
315
 
        # than 'timeout' for the client to be declared invalid, which
316
 
        # is as it should be.
317
 
        if self.checker is None:
318
 
            try:
319
 
                # In case check_command has exactly one % operator
320
 
                command = self.check_command % self.host
321
 
            except TypeError:
322
 
                # Escape attributes for the shell
323
 
                escaped_attrs = dict((key, re.escape(str(val)))
324
 
                                     for key, val in
325
 
                                     vars(self).iteritems())
 
32
        self.last_seen = None
 
33
        if timeout is None:
 
34
            timeout = options.timeout
 
35
        self.timeout = timeout
 
36
        if interval == -1:
 
37
            interval = options.interval
 
38
        self.interval = interval
 
39
        self.next_check = datetime.datetime.now()
 
40
 
 
41
 
 
42
class server_metaclass(type):
 
43
    "Common behavior for the UDP and TCP server classes"
 
44
    def __new__(cls, name, bases, attrs):
 
45
        attrs["address_family"] = socket.AF_INET6
 
46
        attrs["allow_reuse_address"] = True
 
47
        def server_bind(self):
 
48
            if self.options.interface:
 
49
                if not hasattr(socket, "SO_BINDTODEVICE"):
 
50
                    # From /usr/include/asm-i486/socket.h
 
51
                    socket.SO_BINDTODEVICE = 25
326
52
                try:
327
 
                    command = self.check_command % escaped_attrs
328
 
                except TypeError, error:
329
 
                    logger.error(u'Could not format string "%s":'
330
 
                                 u' %s', self.check_command, error)
331
 
                    return True # Try again later
332
 
            try:
333
 
                logger.info(u"Starting checker %r for %s",
334
 
                            command, self.name)
335
 
                self.checker = subprocess.Popen(command,
336
 
                                                close_fds=True,
337
 
                                                shell=True, cwd="/")
338
 
                self.checker_callback_tag = gobject.child_watch_add\
339
 
                                            (self.checker.pid,
340
 
                                             self.checker_callback)
341
 
            except subprocess.OSError, error:
342
 
                logger.error(u"Failed to start subprocess: %s",
343
 
                             error)
344
 
        # Re-run this periodically if run by gobject.timeout_add
345
 
        return True
346
 
    def stop_checker(self):
347
 
        """Force the checker process, if any, to stop."""
348
 
        if self.checker_callback_tag:
349
 
            gobject.source_remove(self.checker_callback_tag)
350
 
            self.checker_callback_tag = None
351
 
        if getattr(self, "checker", None) is None:
352
 
            return
353
 
        logger.debug(u"Stopping checker for %(name)s", vars(self))
354
 
        try:
355
 
            os.kill(self.checker.pid, signal.SIGTERM)
356
 
            #os.sleep(0.5)
357
 
            #if self.checker.poll() is None:
358
 
            #    os.kill(self.checker.pid, signal.SIGKILL)
359
 
        except OSError, error:
360
 
            if error.errno != errno.ESRCH: # No such process
361
 
                raise
362
 
        self.checker = None
363
 
    def still_valid(self):
364
 
        """Has the timeout not yet passed for this client?"""
365
 
        now = datetime.datetime.now()
366
 
        if self.last_checked_ok is None:
367
 
            return now < (self.created + self.timeout)
368
 
        else:
369
 
            return now < (self.last_checked_ok + self.timeout)
370
 
 
371
 
 
372
 
def peer_certificate(session):
373
 
    "Return the peer's OpenPGP certificate as a bytestring"
374
 
    # If not an OpenPGP certificate...
375
 
    if gnutls.library.functions.gnutls_certificate_type_get\
376
 
            (session._c_object) \
377
 
           != gnutls.library.constants.GNUTLS_CRT_OPENPGP:
378
 
        # ...do the normal thing
379
 
        return session.peer_certificate
380
 
    list_size = ctypes.c_uint()
381
 
    cert_list = gnutls.library.functions.gnutls_certificate_get_peers\
382
 
        (session._c_object, ctypes.byref(list_size))
383
 
    if list_size.value == 0:
384
 
        return None
385
 
    cert = cert_list[0]
386
 
    return ctypes.string_at(cert.data, cert.size)
387
 
 
388
 
 
389
 
def fingerprint(openpgp):
390
 
    "Convert an OpenPGP bytestring to a hexdigit fingerprint string"
391
 
    # New GnuTLS "datum" with the OpenPGP public key
392
 
    datum = gnutls.library.types.gnutls_datum_t\
393
 
        (ctypes.cast(ctypes.c_char_p(openpgp),
394
 
                     ctypes.POINTER(ctypes.c_ubyte)),
395
 
         ctypes.c_uint(len(openpgp)))
396
 
    # New empty GnuTLS certificate
397
 
    crt = gnutls.library.types.gnutls_openpgp_crt_t()
398
 
    gnutls.library.functions.gnutls_openpgp_crt_init\
399
 
        (ctypes.byref(crt))
400
 
    # Import the OpenPGP public key into the certificate
401
 
    gnutls.library.functions.gnutls_openpgp_crt_import\
402
 
                    (crt, ctypes.byref(datum),
403
 
                     gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)
404
 
    # New buffer for the fingerprint
405
 
    buffer = ctypes.create_string_buffer(20)
406
 
    buffer_length = ctypes.c_size_t()
407
 
    # Get the fingerprint from the certificate into the buffer
408
 
    gnutls.library.functions.gnutls_openpgp_crt_get_fingerprint\
409
 
        (crt, ctypes.byref(buffer), ctypes.byref(buffer_length))
410
 
    # Deinit the certificate
411
 
    gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
412
 
    # Convert the buffer to a Python bytestring
413
 
    fpr = ctypes.string_at(buffer, buffer_length.value)
414
 
    # Convert the bytestring to hexadecimal notation
415
 
    hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
416
 
    return hex_fpr
 
53
                    self.socket.setsockopt(socket.SOL_SOCKET,
 
54
                                           socket.SO_BINDTODEVICE,
 
55
                                           self.options.interface)
 
56
                except socket.error, error:
 
57
                    if error[0] == errno.EPERM:
 
58
                        print "Warning: No permission to bind to interface", \
 
59
                              self.options.interface
 
60
                    else:
 
61
                        raise error
 
62
            return super(type(self), self).server_bind()
 
63
        attrs["server_bind"] = server_bind
 
64
        def init(self, *args, **kwargs):
 
65
            if "options" in kwargs:
 
66
                self.options = kwargs["options"]
 
67
                del kwargs["options"]
 
68
            if "clients" in kwargs:
 
69
                self.clients = kwargs["clients"]
 
70
                del kwargs["clients"]
 
71
            if "credentials" in kwargs:
 
72
                self.credentials = kwargs["credentials"]
 
73
                del kwargs["credentials"]
 
74
            return super(type(self), self).__init__(*args, **kwargs)
 
75
        attrs["__init__"] = init
 
76
        return type.__new__(cls, name, bases, attrs)
 
77
 
 
78
 
 
79
class udp_handler(SocketServer.DatagramRequestHandler, object):
 
80
    def handle(self):
 
81
        self.wfile.write("Polo")
 
82
        print "UDP request answered"
 
83
 
 
84
 
 
85
class IPv6_UDPServer(SocketServer.UDPServer, object):
 
86
    __metaclass__ = server_metaclass
 
87
    def verify_request(self, request, client_address):
 
88
        print "UDP request came"
 
89
        return request[0] == "Marco"
417
90
 
418
91
 
419
92
class tcp_handler(SocketServer.BaseRequestHandler, object):
420
 
    """A TCP request handler class.
421
 
    Instantiated by IPv6_TCPServer for each request to handle it.
422
 
    Note: This will run in its own forked process."""
423
 
    
424
93
    def handle(self):
425
 
        logger.info(u"TCP connection from: %s",
426
 
                     unicode(self.client_address))
427
 
        session = gnutls.connection.ClientSession\
428
 
                  (self.request, gnutls.connection.X509Credentials())
429
 
        
430
 
        line = self.request.makefile().readline()
431
 
        logger.debug(u"Protocol version: %r", line)
432
 
        try:
433
 
            if int(line.strip().split()[0]) > 1:
434
 
                raise RuntimeError
435
 
        except (ValueError, IndexError, RuntimeError), error:
436
 
            logger.error(u"Unknown protocol version: %s", error)
437
 
            return
438
 
        
439
 
        # Note: gnutls.connection.X509Credentials is really a generic
440
 
        # GnuTLS certificate credentials object so long as no X.509
441
 
        # keys are added to it.  Therefore, we can use it here despite
442
 
        # using OpenPGP certificates.
443
 
        
444
 
        #priority = ':'.join(("NONE", "+VERS-TLS1.1", "+AES-256-CBC",
445
 
        #                "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",
446
 
        #                "+DHE-DSS"))
447
 
        priority = "NORMAL"             # Fallback default, since this
448
 
                                        # MUST be set.
449
 
        if self.server.settings["priority"]:
450
 
            priority = self.server.settings["priority"]
451
 
        gnutls.library.functions.gnutls_priority_set_direct\
452
 
            (session._c_object, priority, None);
453
 
        
454
 
        try:
455
 
            session.handshake()
456
 
        except gnutls.errors.GNUTLSError, error:
457
 
            logger.warning(u"Handshake failed: %s", error)
458
 
            # Do not run session.bye() here: the session is not
459
 
            # established.  Just abandon the request.
460
 
            return
461
 
        try:
462
 
            fpr = fingerprint(peer_certificate(session))
463
 
        except (TypeError, gnutls.errors.GNUTLSError), error:
464
 
            logger.warning(u"Bad certificate: %s", error)
465
 
            session.bye()
466
 
            return
467
 
        logger.debug(u"Fingerprint: %s", fpr)
468
 
        client = None
469
 
        for c in self.server.clients:
470
 
            if c.fingerprint == fpr:
471
 
                client = c
472
 
                break
473
 
        if not client:
474
 
            logger.warning(u"Client not found for fingerprint: %s",
475
 
                           fpr)
476
 
            session.bye()
477
 
            return
478
 
        # Have to check if client.still_valid(), since it is possible
479
 
        # that the client timed out while establishing the GnuTLS
480
 
        # session.
481
 
        if not client.still_valid():
482
 
            logger.warning(u"Client %(name)s is invalid",
483
 
                           vars(client))
484
 
            session.bye()
485
 
            return
486
 
        sent_size = 0
487
 
        while sent_size < len(client.secret):
488
 
            sent = session.send(client.secret[sent_size:])
489
 
            logger.debug(u"Sent: %d, remaining: %d",
490
 
                         sent, len(client.secret)
491
 
                         - (sent_size + sent))
492
 
            sent_size += sent
 
94
        print "TCP request came"
 
95
        print "Request:", self.request
 
96
        print "Client Address:", self.client_address
 
97
        print "Server:", self.server
 
98
        session = gnutls.connection.ServerSession(self.request,
 
99
                                                  self.server.credentials)
 
100
        session.handshake()
 
101
        if session.peer_certificate:
 
102
            print "DN:", session.peer_certificate.subject
 
103
        try:
 
104
            session.verify_peer()
 
105
        except gnutls.errors.CertificateError, error:
 
106
            print "Verify failed", error
 
107
            session.bye()
 
108
            return
 
109
        try:
 
110
            session.send(dict((client.dn, client.password)
 
111
                              for client in self.server.clients)
 
112
                         [session.peer_certificate.subject])
 
113
        except KeyError:
 
114
            session.send("gazonk")
 
115
            # Log maybe? XXX
493
116
        session.bye()
494
117
 
495
118
 
496
119
class IPv6_TCPServer(SocketServer.ForkingTCPServer, object):
497
 
    """IPv6 TCP server.  Accepts 'None' as address and/or port.
498
 
    Attributes:
499
 
        settings:       Server settings
500
 
        clients:        Set() of Client objects
501
 
    """
502
 
    address_family = socket.AF_INET6
503
 
    def __init__(self, *args, **kwargs):
504
 
        if "settings" in kwargs:
505
 
            self.settings = kwargs["settings"]
506
 
            del kwargs["settings"]
507
 
        if "clients" in kwargs:
508
 
            self.clients = kwargs["clients"]
509
 
            del kwargs["clients"]
510
 
        return super(type(self), self).__init__(*args, **kwargs)
511
 
    def server_bind(self):
512
 
        """This overrides the normal server_bind() function
513
 
        to bind to an interface if one was specified, and also NOT to
514
 
        bind to an address or port if they were not specified."""
515
 
        if self.settings["interface"]:
516
 
            # 25 is from /usr/include/asm-i486/socket.h
517
 
            SO_BINDTODEVICE = getattr(socket, "SO_BINDTODEVICE", 25)
518
 
            try:
519
 
                self.socket.setsockopt(socket.SOL_SOCKET,
520
 
                                       SO_BINDTODEVICE,
521
 
                                       self.settings["interface"])
522
 
            except socket.error, error:
523
 
                if error[0] == errno.EPERM:
524
 
                    logger.error(u"No permission to"
525
 
                                 u" bind to interface %s",
526
 
                                 self.settings["interface"])
527
 
                else:
528
 
                    raise error
529
 
        # Only bind(2) the socket if we really need to.
530
 
        if self.server_address[0] or self.server_address[1]:
531
 
            if not self.server_address[0]:
532
 
                in6addr_any = "::"
533
 
                self.server_address = (in6addr_any,
534
 
                                       self.server_address[1])
535
 
            elif not self.server_address[1]:
536
 
                self.server_address = (self.server_address[0],
537
 
                                       0)
538
 
#                 if self.settings["interface"]:
539
 
#                     self.server_address = (self.server_address[0],
540
 
#                                            0, # port
541
 
#                                            0, # flowinfo
542
 
#                                            if_nametoindex
543
 
#                                            (self.settings
544
 
#                                             ["interface"]))
545
 
            return super(type(self), self).server_bind()
546
 
 
 
120
    __metaclass__ = server_metaclass
 
121
    request_queue_size = 1024
 
122
 
 
123
 
 
124
in6addr_any = "::"
 
125
 
 
126
cred = None
547
127
 
548
128
def string_to_delta(interval):
549
129
    """Parse a string and return a datetime.timedelta
578
158
        raise ValueError
579
159
    return delta
580
160
 
581
 
 
582
 
def server_state_changed(state):
583
 
    """Derived from the Avahi example code"""
584
 
    if state == avahi.SERVER_COLLISION:
585
 
        logger.error(u"Server name collision")
586
 
        service.remove()
587
 
    elif state == avahi.SERVER_RUNNING:
588
 
        service.add()
589
 
 
590
 
 
591
 
def entry_group_state_changed(state, error):
592
 
    """Derived from the Avahi example code"""
593
 
    logger.debug(u"state change: %i", state)
594
 
    
595
 
    if state == avahi.ENTRY_GROUP_ESTABLISHED:
596
 
        logger.debug(u"Service established.")
597
 
    elif state == avahi.ENTRY_GROUP_COLLISION:
598
 
        logger.warning(u"Service name collision.")
599
 
        service.rename()
600
 
    elif state == avahi.ENTRY_GROUP_FAILURE:
601
 
        logger.critical(u"Error in group state changed %s",
602
 
                        unicode(error))
603
 
        raise AvahiGroupError("State changed: %s", str(error))
604
 
 
605
 
def if_nametoindex(interface):
606
 
    """Call the C function if_nametoindex(), or equivalent"""
607
 
    global if_nametoindex
608
 
    try:
609
 
        if "ctypes.util" not in sys.modules:
610
 
            import ctypes.util
611
 
        if_nametoindex = ctypes.cdll.LoadLibrary\
612
 
            (ctypes.util.find_library("c")).if_nametoindex
613
 
    except (OSError, AttributeError):
614
 
        if "struct" not in sys.modules:
615
 
            import struct
616
 
        if "fcntl" not in sys.modules:
617
 
            import fcntl
618
 
        def if_nametoindex(interface):
619
 
            "Get an interface index the hard way, i.e. using fcntl()"
620
 
            SIOCGIFINDEX = 0x8933  # From /usr/include/linux/sockios.h
621
 
            s = socket.socket()
622
 
            ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
623
 
                                struct.pack("16s16x", interface))
624
 
            s.close()
625
 
            interface_index = struct.unpack("I", ifreq[16:20])[0]
626
 
            return interface_index
627
 
    return if_nametoindex(interface)
628
 
 
629
 
 
630
 
def daemon(nochdir = False, noclose = False):
631
 
    """See daemon(3).  Standard BSD Unix function.
632
 
    This should really exist as os.daemon, but it doesn't (yet)."""
633
 
    if os.fork():
634
 
        sys.exit()
635
 
    os.setsid()
636
 
    if not nochdir:
637
 
        os.chdir("/")
638
 
    if os.fork():
639
 
        sys.exit()
640
 
    if not noclose:
641
 
        # Close all standard open file descriptors
642
 
        null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
643
 
        if not stat.S_ISCHR(os.fstat(null).st_mode):
644
 
            raise OSError(errno.ENODEV,
645
 
                          "/dev/null not a character device")
646
 
        os.dup2(null, sys.stdin.fileno())
647
 
        os.dup2(null, sys.stdout.fileno())
648
 
        os.dup2(null, sys.stderr.fileno())
649
 
        if null > 2:
650
 
            os.close(null)
651
 
 
652
 
 
653
161
def main():
654
 
    global main_loop_started
655
 
    main_loop_started = False
656
 
    
657
 
    parser = OptionParser(version = "Mandos server %s" % version)
 
162
    parser = OptionParser()
658
163
    parser.add_option("-i", "--interface", type="string",
659
 
                      metavar="IF", help="Bind to interface IF")
660
 
    parser.add_option("-a", "--address", type="string",
661
 
                      help="Address to listen for requests on")
662
 
    parser.add_option("-p", "--port", type="int",
 
164
                      default="eth0", metavar="IF",
 
165
                      help="Interface to bind to")
 
166
    parser.add_option("--cert", type="string", default="cert.pem",
 
167
                      metavar="FILE",
 
168
                      help="Public key certificate to use")
 
169
    parser.add_option("--key", type="string", default="key.pem",
 
170
                      metavar="FILE",
 
171
                      help="Private key to use")
 
172
    parser.add_option("--ca", type="string", default="ca.pem",
 
173
                      metavar="FILE",
 
174
                      help="Certificate Authority certificate to use")
 
175
    parser.add_option("--crl", type="string", default="crl.pem",
 
176
                      metavar="FILE",
 
177
                      help="Certificate Revokation List to use")
 
178
    parser.add_option("-p", "--port", type="int", default=49001,
663
179
                      help="Port number to receive requests on")
 
180
    parser.add_option("--dh", type="int", metavar="BITS",
 
181
                      help="DH group to use")
 
182
    parser.add_option("-t", "--timeout", type="string", # Parsed later
 
183
                      default="15m",
 
184
                      help="Amount of downtime allowed for clients")
 
185
    parser.add_option("--interval", type="string", # Parsed later
 
186
                      default="5m",
 
187
                      help="How often to check that a client is up")
664
188
    parser.add_option("--check", action="store_true", default=False,
665
189
                      help="Run self-test")
666
 
    parser.add_option("--debug", action="store_true",
667
 
                      help="Debug mode; run in foreground and log to"
668
 
                      " terminal")
669
 
    parser.add_option("--priority", type="string", help="GnuTLS"
670
 
                      " priority string (see GnuTLS documentation)")
671
 
    parser.add_option("--servicename", type="string", metavar="NAME",
672
 
                      help="Zeroconf service name")
673
 
    parser.add_option("--configdir", type="string",
674
 
                      default="/etc/mandos", metavar="DIR",
675
 
                      help="Directory to search for configuration"
676
 
                      " files")
677
190
    (options, args) = parser.parse_args()
678
 
    
 
191
 
679
192
    if options.check:
680
193
        import doctest
681
194
        doctest.testmod()
682
195
        sys.exit()
683
196
    
684
 
    # Default values for config file for server-global settings
685
 
    server_defaults = { "interface": "",
686
 
                        "address": "",
687
 
                        "port": "",
688
 
                        "debug": "False",
689
 
                        "priority":
690
 
                        "SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
691
 
                        "servicename": "Mandos",
692
 
                        }
693
 
    
694
 
    # Parse config file for server-global settings
695
 
    server_config = ConfigParser.SafeConfigParser(server_defaults)
696
 
    del server_defaults
697
 
    server_config.read(os.path.join(options.configdir, "mandos.conf"))
698
 
    server_section = "server"
699
 
    # Convert the SafeConfigParser object to a dict
700
 
    server_settings = dict(server_config.items(server_section))
701
 
    # Use getboolean on the boolean config option
702
 
    server_settings["debug"] = server_config.getboolean\
703
 
                               (server_section, "debug")
704
 
    del server_config
705
 
    
706
 
    # Override the settings from the config file with command line
707
 
    # options, if set.
708
 
    for option in ("interface", "address", "port", "debug",
709
 
                   "priority", "servicename", "configdir"):
710
 
        value = getattr(options, option)
711
 
        if value is not None:
712
 
            server_settings[option] = value
713
 
    del options
714
 
    # Now we have our good server settings in "server_settings"
715
 
    
716
 
    debug = server_settings["debug"]
717
 
    
718
 
    if not debug:
719
 
        syslogger.setLevel(logging.WARNING)
720
 
    
721
 
    if server_settings["servicename"] != "Mandos":
722
 
        syslogger.setFormatter(logging.Formatter\
723
 
                               ('Mandos (%s): %%(levelname)s:'
724
 
                                ' %%(message)s'
725
 
                                % server_settings["servicename"]))
726
 
    
727
 
    # Parse config file with clients
728
 
    client_defaults = { "timeout": "1h",
729
 
                        "interval": "5m",
730
 
                        "checker": "fping -q -- %%(host)s",
731
 
                        }
732
 
    client_config = ConfigParser.SafeConfigParser(client_defaults)
733
 
    client_config.read(os.path.join(server_settings["configdir"],
734
 
                                    "clients.conf"))
735
 
    
736
 
    global service
737
 
    service = AvahiService(name = server_settings["servicename"],
738
 
                           type = "_mandos._tcp", );
739
 
    if server_settings["interface"]:
740
 
        service.interface = if_nametoindex(server_settings["interface"])
741
 
    
742
 
    global main_loop
743
 
    global bus
744
 
    global server
745
 
    # From the Avahi example code
746
 
    DBusGMainLoop(set_as_default=True )
747
 
    main_loop = gobject.MainLoop()
748
 
    bus = dbus.SystemBus()
749
 
    server = dbus.Interface(
750
 
            bus.get_object( avahi.DBUS_NAME, avahi.DBUS_PATH_SERVER ),
751
 
            avahi.DBUS_INTERFACE_SERVER )
752
 
    # End of Avahi example code
753
 
    
754
 
    if debug:
755
 
        console = logging.StreamHandler()
756
 
        # console.setLevel(logging.DEBUG)
757
 
        console.setFormatter(logging.Formatter\
758
 
                             ('%(levelname)s: %(message)s'))
759
 
        logger.addHandler(console)
760
 
        del console
761
 
    
762
 
    clients = Set()
763
 
    def remove_from_clients(client):
764
 
        clients.remove(client)
765
 
        if not clients:
766
 
            logger.critical(u"No clients left, exiting")
767
 
            sys.exit()
768
 
    
769
 
    clients.update(Set(Client(name = section,
770
 
                              stop_hook = remove_from_clients,
771
 
                              config
772
 
                              = dict(client_config.items(section)))
773
 
                       for section in client_config.sections()))
774
 
    if not clients:
775
 
        logger.critical(u"No clients defined")
776
 
        sys.exit(1)
777
 
    
778
 
    if not debug:
779
 
        daemon()
780
 
    
781
 
    pidfilename = "/var/run/mandos/mandos.pid"
782
 
    pid = os.getpid()
783
 
    try:
784
 
        pidfile = open(pidfilename, "w")
785
 
        pidfile.write(str(pid) + "\n")
786
 
        pidfile.close()
787
 
        del pidfile
788
 
    except IOError, err:
789
 
        logger.error(u"Could not write %s file with PID %d",
790
 
                     pidfilename, os.getpid())
791
 
    
792
 
    def cleanup():
793
 
        "Cleanup function; run on exit"
794
 
        global group
795
 
        # From the Avahi example code
796
 
        if not group is None:
797
 
            group.Free()
798
 
            group = None
799
 
        # End of Avahi example code
800
 
        
801
 
        while clients:
802
 
            client = clients.pop()
803
 
            client.stop_hook = None
804
 
            client.stop()
805
 
    
806
 
    atexit.register(cleanup)
807
 
    
808
 
    if not debug:
809
 
        signal.signal(signal.SIGINT, signal.SIG_IGN)
810
 
    signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
811
 
    signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
812
 
    
813
 
    for client in clients:
814
 
        client.start()
815
 
    
816
 
    tcp_server = IPv6_TCPServer((server_settings["address"],
817
 
                                 server_settings["port"]),
 
197
    # Parse the time arguments
 
198
    try:
 
199
        options.timeout = string_to_delta(options.timeout)
 
200
    except ValueError:
 
201
        parser.error("option --timeout: Unparseable time")
 
202
    
 
203
    try:
 
204
        options.interval = string_to_delta(options.interval)
 
205
    except ValueError:
 
206
        parser.error("option --interval: Unparseable time")
 
207
    
 
208
    cert = gnutls.crypto.X509Certificate(open(options.cert).read())
 
209
    key = gnutls.crypto.X509PrivateKey(open(options.key).read())
 
210
    ca = gnutls.crypto.X509Certificate(open(options.ca).read())
 
211
    crl = gnutls.crypto.X509CRL(open(options.crl).read())
 
212
    cred = gnutls.connection.X509Credentials(cert, key, [ca], [crl])
 
213
    
 
214
    # Parse config file
 
215
    defaults = {}
 
216
    client_config_object = ConfigParser.SafeConfigParser(defaults)
 
217
    client_config_object.read("mandos-clients.conf")
 
218
    clients = [Client(name=section, options=options,
 
219
                      **(dict(client_config_object.items(section))))
 
220
               for section in client_config_object.sections()]
 
221
    
 
222
    udp_server = IPv6_UDPServer((in6addr_any, options.port),
 
223
                                udp_handler,
 
224
                                options=options)
 
225
    
 
226
    tcp_server = IPv6_TCPServer((in6addr_any, options.port),
818
227
                                tcp_handler,
819
 
                                settings=server_settings,
820
 
                                clients=clients)
821
 
    # Find out what port we got
822
 
    service.port = tcp_server.socket.getsockname()[1]
823
 
    logger.info(u"Now listening on address %r, port %d, flowinfo %d,"
824
 
                u" scope_id %d" % tcp_server.socket.getsockname())
825
 
    
826
 
    #service.interface = tcp_server.socket.getsockname()[3]
827
 
    
828
 
    try:
829
 
        # From the Avahi example code
830
 
        server.connect_to_signal("StateChanged", server_state_changed)
831
 
        try:
832
 
            server_state_changed(server.GetState())
833
 
        except dbus.exceptions.DBusException, error:
834
 
            logger.critical(u"DBusException: %s", error)
835
 
            sys.exit(1)
836
 
        # End of Avahi example code
837
 
        
838
 
        gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,
839
 
                             lambda *args, **kwargs:
840
 
                             tcp_server.handle_request\
841
 
                             (*args[2:], **kwargs) or True)
842
 
        
843
 
        logger.debug(u"Starting main loop")
844
 
        main_loop_started = True
845
 
        main_loop.run()
846
 
    except AvahiError, error:
847
 
        logger.critical(u"AvahiError: %s" + unicode(error))
848
 
        sys.exit(1)
849
 
    except KeyboardInterrupt:
850
 
        if debug:
851
 
            print
852
 
 
853
 
if __name__ == '__main__':
 
228
                                options=options,
 
229
                                clients=clients,
 
230
                                credentials=cred)
 
231
    
 
232
    while True:
 
233
        in_, out, err = select.select((udp_server,
 
234
                                       tcp_server), (), ())
 
235
        for server in in_:
 
236
            server.handle_request()
 
237
 
 
238
 
 
239
if __name__ == "__main__":
854
240
    main()
 
241