/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

  • Committer: Teddy Hogeborn
  • Date: 2008-08-16 03:29:08 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080816032908-ihw7c05r2mnyk389
Add feature to specify custom environment variables for plugins.

* plugin-runner.c (plugin): New members "environ" and "envc" to
                            contain possible custom environment.
  (getplugin): Return NULL on failure instead of doing exit(); all
               callers changed.
  (add_to_char_array): New helper function for "add_argument" and
                       "add_environment".
  (addargument): Renamed to "add_argument".  Return bool.  Call
                 "add_to_char_array" to actually do things.
  (add_environment): New; analogous to "add_argument".
  (addcustomargument): Renamed to "add_to_argv" to avoid confusion
                       with "add_argument".
  (main): New options "--global-envs" and "--envs-for" to specify
          custom environment for plugins.  Print environment for
          plugins in debug mode.  Use asprintf instead of strcpy and
          strcat.  Use execve() for plugins with custom environments.
          Free environment for plugin when freeing plugin list.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos
337
337
            try:
338
338
                logger.info(u"Starting checker %r for %s",
339
339
                            command, self.name)
340
 
                # We don't need to redirect stdout and stderr, since
341
 
                # in normal mode, that is already done by daemon(),
342
 
                # and in debug mode we don't want to.  (Stdin is
343
 
                # always replaced by /dev/null.)
344
340
                self.checker = subprocess.Popen(command,
345
341
                                                close_fds=True,
346
342
                                                shell=True, cwd="/")
347
343
                self.checker_callback_tag = gobject.child_watch_add\
348
344
                                            (self.checker.pid,
349
345
                                             self.checker_callback)
350
 
            except OSError, error:
 
346
            except subprocess.OSError, error:
351
347
                logger.error(u"Failed to start subprocess: %s",
352
348
                             error)
353
349
        # Re-run this periodically if run by gobject.timeout_add
410
406
    gnutls.library.functions.gnutls_openpgp_crt_import\
411
407
                    (crt, ctypes.byref(datum),
412
408
                     gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)
413
 
    # Verify the self signature in the key
414
 
    crtverify = ctypes.c_uint();
415
 
    gnutls.library.functions.gnutls_openpgp_crt_verify_self\
416
 
        (crt, ctypes.c_uint(0), ctypes.byref(crtverify))
417
 
    if crtverify.value != 0:
418
 
        gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
419
 
        raise gnutls.errors.CertificateSecurityError("Verify failed")
420
409
    # New buffer for the fingerprint
421
410
    buffer = ctypes.create_string_buffer(20)
422
411
    buffer_length = ctypes.c_size_t()
574
563
    datetime.timedelta(1)
575
564
    >>> string_to_delta(u'1w')
576
565
    datetime.timedelta(7)
577
 
    >>> string_to_delta('5m 30s')
578
 
    datetime.timedelta(0, 330)
579
566
    """
580
 
    timevalue = datetime.timedelta(0)
581
 
    for s in interval.split():
582
 
        try:
583
 
            suffix=unicode(s[-1])
584
 
            value=int(s[:-1])
585
 
            if suffix == u"d":
586
 
                delta = datetime.timedelta(value)
587
 
            elif suffix == u"s":
588
 
                delta = datetime.timedelta(0, value)
589
 
            elif suffix == u"m":
590
 
                delta = datetime.timedelta(0, 0, 0, 0, value)
591
 
            elif suffix == u"h":
592
 
                delta = datetime.timedelta(0, 0, 0, 0, 0, value)
593
 
            elif suffix == u"w":
594
 
                delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
595
 
            else:
596
 
                raise ValueError
597
 
        except (ValueError, IndexError):
 
567
    try:
 
568
        suffix=unicode(interval[-1])
 
569
        value=int(interval[:-1])
 
570
        if suffix == u"d":
 
571
            delta = datetime.timedelta(value)
 
572
        elif suffix == u"s":
 
573
            delta = datetime.timedelta(0, value)
 
574
        elif suffix == u"m":
 
575
            delta = datetime.timedelta(0, 0, 0, 0, value)
 
576
        elif suffix == u"h":
 
577
            delta = datetime.timedelta(0, 0, 0, 0, 0, value)
 
578
        elif suffix == u"w":
 
579
            delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
 
580
        else:
598
581
            raise ValueError
599
 
        timevalue += delta
600
 
    return timevalue
 
582
    except (ValueError, IndexError):
 
583
        raise ValueError
 
584
    return delta
601
585
 
602
586
 
603
587
def server_state_changed(state):
716
700
    server_config = ConfigParser.SafeConfigParser(server_defaults)
717
701
    del server_defaults
718
702
    server_config.read(os.path.join(options.configdir, "mandos.conf"))
 
703
    server_section = "server"
719
704
    # Convert the SafeConfigParser object to a dict
720
 
    server_settings = server_config.defaults()
 
705
    server_settings = dict(server_config.items(server_section))
721
706
    # Use getboolean on the boolean config option
722
707
    server_settings["debug"] = server_config.getboolean\
723
 
                               ("DEFAULT", "debug")
 
708
                               (server_section, "debug")
724
709
    del server_config
725
710
    
726
711
    # Override the settings from the config file with command line
748
733
    # Parse config file with clients
749
734
    client_defaults = { "timeout": "1h",
750
735
                        "interval": "5m",
751
 
                        "checker": "fping -q -- %(host)s",
752
 
                        "host": "",
 
736
                        "checker": "fping -q -- %%(host)s",
753
737
                        }
754
738
    client_config = ConfigParser.SafeConfigParser(client_defaults)
755
739
    client_config.read(os.path.join(server_settings["configdir"],
789
773
        logger.critical(u"No clients defined")
790
774
        sys.exit(1)
791
775
    
792
 
    if debug:
793
 
        # Redirect stdin so all checkers get /dev/null
794
 
        null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
795
 
        os.dup2(null, sys.stdin.fileno())
796
 
        if null > 2:
797
 
            os.close(null)
798
 
    else:
799
 
        # No console logging
 
776
    if not debug:
800
777
        logger.removeHandler(console)
801
 
        # Close all input and output, do double fork, etc.
802
778
        daemon()
803
779
    
804
780
    pidfilename = "/var/run/mandos/mandos.pid"