/mandos/trunk : revision 78

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

Committer: Teddy Hogeborn
Date: 2008-08-16 03:29:08 UTC
Revision ID: teddy@fukt.bsnet.se-20080816032908-ihw7c05r2mnyk389

Add feature to specify custom environment variables for plugins.

* plugin-runner.c (plugin): New members "environ" and "envc" to
                            contain possible custom environment.
  (getplugin): Return NULL on failure instead of doing exit(); all
               callers changed.
  (add_to_char_array): New helper function for "add_argument" and
                       "add_environment".
  (addargument): Renamed to "add_argument".  Return bool.  Call
                 "add_to_char_array" to actually do things.
  (add_environment): New; analogous to "add_argument".
  (addcustomargument): Renamed to "add_to_argv" to avoid confusion
                       with "add_argument".
  (main): New options "--global-envs" and "--envs-for" to specify
          custom environment for plugins.  Print environment for
          plugins in debug mode.  Use asprintf instead of strcpy and
          strcat.  Use execve() for plugins with custom environments.
          Free environment for plugin when freeing plugin list.

files added:
network-protocol.txt

files removed:
mandos-keygen.xml

mandos-options.xml

overview.xml

files modified:
Makefile

TODO

clients.conf

mandos

mandos-clients.conf.xml

mandos-keygen

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/password-request.c

plugins.d/password-request.xml

Show diffs side-by-side

added added

removed removed

mandos

337

try:

338

logger.info(u"Starting checker %r for %s",

339

command, self.name)

340

# We don't need to redirect stdout and stderr, since

341

# in normal mode, that is already done by daemon(),

342

# and in debug mode we don't want to. (Stdin is

343

# always replaced by /dev/null.)

344

340

self.checker = subprocess.Popen(command,

345

341

close_fds=True,

346

342

shell=True, cwd="/")

347

343

self.checker_callback_tag = gobject.child_watch_add\

348

344

(self.checker.pid,

349

345

self.checker_callback)

350

except OSError, error:

346

except subprocess.OSError, error:

351

347

logger.error(u"Failed to start subprocess: %s",

352

348

error)

353

349

# Re-run this periodically if run by gobject.timeout_add

567

563

datetime.timedelta(1)

568

564

>>> string_to_delta(u'1w')

569

565

datetime.timedelta(7)

570

>>> string_to_delta('5m 30s')

571

datetime.timedelta(0, 330)

572

566

"""

573

timevalue = datetime.timedelta(0)

574

for s in interval.split():

575

try:

576

suffix=unicode(s[-1])

577

value=int(s[:-1])

578

if suffix == u"d":

579

delta = datetime.timedelta(value)

580

elif suffix == u"s":

581

delta = datetime.timedelta(0, value)

582

elif suffix == u"m":

583

delta = datetime.timedelta(0, 0, 0, 0, value)

584

elif suffix == u"h":

585

delta = datetime.timedelta(0, 0, 0, 0, 0, value)

586

elif suffix == u"w":

587

delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)

588

else:

589

raise ValueError

590

except (ValueError, IndexError):

567

try:

568

suffix=unicode(interval[-1])

569

value=int(interval[:-1])

570

if suffix == u"d":

571

delta = datetime.timedelta(value)

572

elif suffix == u"s":

573

delta = datetime.timedelta(0, value)

574

elif suffix == u"m":

575

delta = datetime.timedelta(0, 0, 0, 0, value)

576

elif suffix == u"h":

577

delta = datetime.timedelta(0, 0, 0, 0, 0, value)

578

elif suffix == u"w":

579

delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)

580

else:

591

581

raise ValueError

592

timevalue += delta

593

return timevalue

582

except (ValueError, IndexError):

583

raise ValueError

584

return delta

594

585

595

586

596

587

def server_state_changed(state):

709

700

server_config = ConfigParser.SafeConfigParser(server_defaults)

710

701

del server_defaults

711

702

server_config.read(os.path.join(options.configdir, "mandos.conf"))

703

server_section = "server"

712

704

# Convert the SafeConfigParser object to a dict

713

server_settings = server_config.defaults()

705

server_settings = dict(server_config.items(server_section))

714

706

# Use getboolean on the boolean config option

715

707

server_settings["debug"] = server_config.getboolean\

716

("DEFAULT", "debug")

708

(server_section, "debug")

717

709

del server_config

718

710

719

711

# Override the settings from the config file with command line

741

733

# Parse config file with clients

742

734

client_defaults = { "timeout": "1h",

743

735

"interval": "5m",

744

"checker": "fping -q -- %(host)s",

745

"host": "",

736

"checker": "fping -q -- %%(host)s",

746

737

}

747

738

client_config = ConfigParser.SafeConfigParser(client_defaults)

748

739

client_config.read(os.path.join(server_settings["configdir"],

782

773

logger.critical(u"No clients defined")

783

774

sys.exit(1)

784

775

785

if debug:

786

# Redirect stdin so all checkers get /dev/null

787

null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)

788

os.dup2(null, sys.stdin.fileno())

789

if null > 2:

790

os.close(null)

791

else:

792

# No console logging

776

if not debug:

793

777

logger.removeHandler(console)

794

# Close all input and output, do double fork, etc.

795

778

daemon()

796

779

797

780

pidfilename = "/var/run/mandos/mandos.pid"

Older »