To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 750
- compare with another revision
- download diff
- download tarball
- view history from revision 750
- Committer: Teddy Hogeborn
- Date: 2015-05-30 16:47:00 UTC
- Revision ID: teddy@recompile.se-20150530164700-77zrd7964gdhbk1f
mandos: Disable D-Bus if any DBusException is raised when connecting.
- files removed:
- plugin-helpers
- files modified:
- DBUS-API
added
removed
mandos
78
78
import tempfile
79
79
import itertools
80
80
import collections
81
import codecs
82
81
83
82
import dbus
84
83
import dbus.service
395
394
logger.error(bad_states[state] + ": %r", error)
396
395
self.cleanup()
397
396
elif state == avahi.SERVER_RUNNING:
398
try:
399
self.add()
400
except dbus.exceptions.DBusException as error:
401
if (error.get_dbus_name()
402
== "org.freedesktop.Avahi.CollisionError"):
403
logger.info("Local Zeroconf service name"
404
" collision.")
405
return self.rename(remove=False)
406
else:
407
logger.critical("D-Bus Exception", exc_info=error)
408
self.cleanup()
409
os._exit(1)
397
self.add()
410
398
else:
411
399
if error is None:
412
400
logger.debug("Unknown state: %r", state)
435
423
.format(self.name)))
436
424
return ret
437
425
438
def call_pipe(connection, # : multiprocessing.Connection
439
func, *args, **kwargs):
440
"""This function is meant to be called by multiprocessing.Process
441
442
This function runs func(*args, **kwargs), and writes the resulting
443
return value on the provided multiprocessing.Connection.
444
"""
445
connection.send(func(*args, **kwargs))
446
connection.close()
447
426
448
427
class Client(object):
449
428
"""A representation of a client host served by this server.
476
455
last_checker_status: integer between 0 and 255 reflecting exit
477
456
status of last checker. -1 reflects crashed
478
457
checker, -2 means no checker completed yet.
479
last_checker_signal: The signal which killed the last checker, if
480
last_checker_status is -1
481
458
last_enabled: datetime.datetime(); (UTC) or None
482
459
name: string; from the config file, used in log messages and
483
460
D-Bus identifiers
657
634
# Also start a new checker *right now*.
658
635
self.start_checker()
659
636
660
def checker_callback(self, source, condition, connection,
661
command):
637
def checker_callback(self, pid, condition, command):
662
638
"""The checker has completed, so take appropriate actions."""
663
639
self.checker_callback_tag = None
664
640
self.checker = None
665
# Read return code from connection (see call_pipe)
666
returncode = connection.recv()
667
connection.close()
668
669
if returncode >= 0:
670
self.last_checker_status = returncode
671
self.last_checker_signal = None
641
if os.WIFEXITED(condition):
642
self.last_checker_status = os.WEXITSTATUS(condition)
672
643
if self.last_checker_status == 0:
673
644
logger.info("Checker for %(name)s succeeded",
674
645
vars(self))
677
648
logger.info("Checker for %(name)s failed", vars(self))
678
649
else:
679
650
self.last_checker_status = -1
680
self.last_checker_signal = -returncode
681
651
logger.warning("Checker for %(name)s crashed?",
682
652
vars(self))
683
return False
684
653
685
654
def checked_ok(self):
686
655
"""Assert that the client has been seen, alive and well."""
687
656
self.last_checked_ok = datetime.datetime.utcnow()
688
657
self.last_checker_status = 0
689
self.last_checker_signal = None
690
658
self.bump_timeout()
691
659
692
660
def bump_timeout(self, timeout=None):
718
686
# than 'timeout' for the client to be disabled, which is as it
719
687
# should be.
720
688
721
if self.checker is not None and not self.checker.is_alive():
722
logger.warning("Checker was not alive; joining")
723
self.checker.join()
724
self.checker = None
689
# If a checker exists, make sure it is not a zombie
690
try:
691
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
692
except AttributeError:
693
pass
694
except OSError as error:
695
if error.errno != errno.ECHILD:
696
raise
697
else:
698
if pid:
699
logger.warning("Checker was a zombie")
700
gobject.source_remove(self.checker_callback_tag)
701
self.checker_callback(pid, status,
702
self.current_checker_command)
725
703
# Start a new checker if needed
726
704
if self.checker is None:
727
705
# Escape attributes for the shell
736
714
exc_info=error)
737
715
return True # Try again later
738
716
self.current_checker_command = command
739
logger.info("Starting checker %r for %s", command,
740
self.name)
741
# We don't need to redirect stdout and stderr, since
742
# in normal mode, that is already done by daemon(),
743
# and in debug mode we don't want to. (Stdin is
744
# always replaced by /dev/null.)
745
# The exception is when not debugging but nevertheless
746
# running in the foreground; use the previously
747
# created wnull.
748
popen_args = { "close_fds": True,
749
"shell": True,
750
"cwd": "/" }
751
if (not self.server_settings["debug"]
752
and self.server_settings["foreground"]):
753
popen_args.update({"stdout": wnull,
754
"stderr": wnull })
755
pipe = multiprocessing.Pipe(duplex = False)
756
self.checker = multiprocessing.Process(
757
target = call_pipe,
758
args = (pipe[1], subprocess.call, command),
759
kwargs = popen_args)
760
self.checker.start()
761
self.checker_callback_tag = gobject.io_add_watch(
762
pipe[0].fileno(), gobject.IO_IN,
763
self.checker_callback, pipe[0], command)
717
try:
718
logger.info("Starting checker %r for %s", command,
719
self.name)
720
# We don't need to redirect stdout and stderr, since
721
# in normal mode, that is already done by daemon(),
722
# and in debug mode we don't want to. (Stdin is
723
# always replaced by /dev/null.)
724
# The exception is when not debugging but nevertheless
725
# running in the foreground; use the previously
726
# created wnull.
727
popen_args = {}
728
if (not self.server_settings["debug"]
729
and self.server_settings["foreground"]):
730
popen_args.update({"stdout": wnull,
731
"stderr": wnull })
732
self.checker = subprocess.Popen(command,
733
close_fds=True,
734
shell=True,
735
cwd="/",
736
**popen_args)
737
except OSError as error:
738
logger.error("Failed to start subprocess",
739
exc_info=error)
740
return True
741
self.checker_callback_tag = gobject.child_watch_add(
742
self.checker.pid, self.checker_callback, data=command)
743
# The checker may have completed before the gobject
744
# watch was added. Check for this.
745
try:
746
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
747
except OSError as error:
748
if error.errno == errno.ECHILD:
749
# This should never happen
750
logger.error("Child process vanished",
751
exc_info=error)
752
return True
753
raise
754
if pid:
755
gobject.source_remove(self.checker_callback_tag)
756
self.checker_callback(pid, status, command)
764
757
# Re-run this periodically if run by gobject.timeout_add
765
758
return True
766
759
772
765
if getattr(self, "checker", None) is None:
773
766
return
774
767
logger.debug("Stopping checker for %(name)s", vars(self))
775
self.checker.terminate()
768
try:
769
self.checker.terminate()
770
#time.sleep(0.5)
771
#if self.checker.poll() is None:
772
# self.checker.kill()
773
except OSError as error:
774
if error.errno != errno.ESRCH: # No such process
775
raise
776
776
self.checker = None
777
777
778
778
1110
1110
interface_names.add(alt_interface)
1111
1111
# Is this a D-Bus signal?
1112
1112
if getattr(attribute, "_dbus_is_signal", False):
1113
if sys.version_info.major == 2:
1114
# Extract the original non-method undecorated
1115
# function by black magic
1116
nonmethod_func = (dict(
1117
zip(attribute.func_code.co_freevars,
1118
attribute.__closure__))
1119
["func"].cell_contents)
1120
else:
1121
nonmethod_func = attribute
1113
# Extract the original non-method undecorated
1114
# function by black magic
1115
nonmethod_func = (dict(
1116
zip(attribute.func_code.co_freevars,
1117
attribute.__closure__))
1118
["func"].cell_contents)
1122
1119
# Create a new, but exactly alike, function
1123
1120
# object, and decorate it to be a new D-Bus signal
1124
1121
# with the alternate D-Bus interface name
1125
if sys.version_info.major == 2:
1126
new_function = types.FunctionType(
1127
nonmethod_func.func_code,
1128
nonmethod_func.func_globals,
1129
nonmethod_func.func_name,
1130
nonmethod_func.func_defaults,
1131
nonmethod_func.func_closure)
1132
else:
1133
new_function = types.FunctionType(
1134
nonmethod_func.__code__,
1135
nonmethod_func.__globals__,
1136
nonmethod_func.__name__,
1137
nonmethod_func.__defaults__,
1138
nonmethod_func.__closure__)
1139
1122
new_function = (dbus.service.signal(
1140
alt_interface,
1141
attribute._dbus_signature)(new_function))
1123
alt_interface, attribute._dbus_signature)
1124
(types.FunctionType(
1125
nonmethod_func.func_code,
1126
nonmethod_func.func_globals,
1127
nonmethod_func.func_name,
1128
nonmethod_func.func_defaults,
1129
nonmethod_func.func_closure)))
1142
1130
# Copy annotations, if any
1143
1131
try:
1144
1132
new_function._dbus_annotations = dict(
1367
1355
DBusObjectWithProperties.__del__(self, *args, **kwargs)
1368
1356
Client.__del__(self, *args, **kwargs)
1369
1357
1370
def checker_callback(self, source, condition,
1371
connection, command, *args, **kwargs):
1372
ret = Client.checker_callback(self, source, condition,
1373
connection, command, *args,
1374
**kwargs)
1375
exitstatus = self.last_checker_status
1376
if exitstatus >= 0:
1358
def checker_callback(self, pid, condition, command,
1359
*args, **kwargs):
1360
self.checker_callback_tag = None
1361
self.checker = None
1362
if os.WIFEXITED(condition):
1363
exitstatus = os.WEXITSTATUS(condition)
1377
1364
# Emit D-Bus signal
1378
1365
self.CheckerCompleted(dbus.Int16(exitstatus),
1379
dbus.Int64(0),
1366
dbus.Int64(condition),
1380
1367
dbus.String(command))
1381
1368
else:
1382
1369
# Emit D-Bus signal
1383
1370
self.CheckerCompleted(dbus.Int16(-1),
1384
dbus.Int64(
1385
self.last_checker_signal),
1371
dbus.Int64(condition),
1386
1372
dbus.String(command))
1387
return ret
1373
1374
return Client.checker_callback(self, pid, condition, command,
1375
*args, **kwargs)
1388
1376
1389
1377
def start_checker(self, *args, **kwargs):
1390
1378
old_checker_pid = getattr(self.checker, "pid", None)
1683
1671
self._pipe = child_pipe
1684
1672
self._pipe.send(('init', fpr, address))
1685
1673
if not self._pipe.recv():
1686
raise KeyError(fpr)
1674
raise KeyError()
1687
1675
1688
1676
def __getattribute__(self, name):
1689
1677
if name == '_pipe':
2152
2140
2153
2141
if command == 'getattr':
2154
2142
attrname = request[1]
2155
if isinstance(client_object.__getattribute__(attrname),
2156
collections.Callable):
2143
if callable(client_object.__getattribute__(attrname)):
2157
2144
parent_pipe.send(('function', ))
2158
2145
else:
2159
2146
parent_pipe.send((
2194
2181
# avoid excessive use of external libraries.
2195
2182
2196
2183
# New type for defining tokens, syntax, and semantics all-in-one
2184
Token = collections.namedtuple("Token",
2185
("regexp", # To match token; if
2186
# "value" is not None,
2187
# must have a "group"
2188
# containing digits
2189
"value", # datetime.timedelta or
2190
# None
2191
"followers")) # Tokens valid after
2192
# this token
2197
2193
Token = collections.namedtuple("Token", (
2198
2194
"regexp", # To match token; if "value" is not None, must have
2199
2195
# a "group" containing digits
2234
2230
# Define starting values
2235
2231
value = datetime.timedelta() # Value so far
2236
2232
found_token = None
2237
followers = frozenset((token_duration, )) # Following valid tokens
2233
followers = frozenset((token_duration,)) # Following valid tokens
2238
2234
s = duration # String left to parse
2239
2235
# Loop until end token is found
2240
2236
while found_token is not token_end:
2257
2253
break
2258
2254
else:
2259
2255
# No currently valid tokens were found
2260
raise ValueError("Invalid RFC 3339 duration: {!r}"
2261
.format(duration))
2256
raise ValueError("Invalid RFC 3339 duration")
2262
2257
# End token found
2263
2258
return value
2264
2259
2515
2510
pidfilename = "/var/run/mandos.pid"
2516
2511
pidfile = None
2517
2512
try:
2518
pidfile = codecs.open(pidfilename, "w", encoding="utf-8")
2513
pidfile = open(pidfilename, "w")
2519
2514
except IOError as e:
2520
2515
logger.error("Could not open file %r", pidfilename,
2521
2516
exc_info=e)
2659
2654
pass
2660
2655
2661
2656
# Clients who has passed its expire date can still be
2662
# enabled if its last checker was successful. A Client
2657
# enabled if its last checker was successful. Clients
2663
2658
# whose checker succeeded before we stored its state is
2664
2659
# assumed to have successfully run all checkers during
2665
2660
# downtime.
2717
2712
2718
2713
if not foreground:
2719
2714
if pidfile is not None:
2720
pid = os.getpid()
2721
2715
try:
2722
2716
with pidfile:
2723
print(pid, file=pidfile)
2717
pid = os.getpid()
2718
pidfile.write("{}\n".format(pid).encode("utf-8"))
2724
2719
except IOError:
2725
2720
logger.error("Could not write to file %r with PID %d",
2726
2721
pidfilename, pid)
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0