/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

  • Committer: Teddy Hogeborn
  • Date: 2008-08-16 03:29:08 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080816032908-ihw7c05r2mnyk389
Add feature to specify custom environment variables for plugins.

* plugin-runner.c (plugin): New members "environ" and "envc" to
                            contain possible custom environment.
  (getplugin): Return NULL on failure instead of doing exit(); all
               callers changed.
  (add_to_char_array): New helper function for "add_argument" and
                       "add_environment".
  (addargument): Renamed to "add_argument".  Return bool.  Call
                 "add_to_char_array" to actually do things.
  (add_environment): New; analogous to "add_argument".
  (addcustomargument): Renamed to "add_to_argv" to avoid confusion
                       with "add_argument".
  (main): New options "--global-envs" and "--envs-for" to specify
          custom environment for plugins.  Print environment for
          plugins in debug mode.  Use asprintf instead of strcpy and
          strcat.  Use execve() for plugins with custom environments.
          Free environment for plugin when freeing plugin list.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos
337
337
            try:
338
338
                logger.info(u"Starting checker %r for %s",
339
339
                            command, self.name)
340
 
                # We don't need to redirect stdout and stderr, since
341
 
                # in normal mode, that is already done by daemon(),
342
 
                # and in debug mode we don't want to.  (Stdin is
343
 
                # always replaced by /dev/null.)
344
340
                self.checker = subprocess.Popen(command,
345
341
                                                close_fds=True,
346
342
                                                shell=True, cwd="/")
347
343
                self.checker_callback_tag = gobject.child_watch_add\
348
344
                                            (self.checker.pid,
349
345
                                             self.checker_callback)
350
 
            except OSError, error:
 
346
            except subprocess.OSError, error:
351
347
                logger.error(u"Failed to start subprocess: %s",
352
348
                             error)
353
349
        # Re-run this periodically if run by gobject.timeout_add
410
406
    gnutls.library.functions.gnutls_openpgp_crt_import\
411
407
                    (crt, ctypes.byref(datum),
412
408
                     gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)
413
 
    # Verify the self signature in the key
414
 
    crtverify = ctypes.c_uint();
415
 
    gnutls.library.functions.gnutls_openpgp_crt_verify_self\
416
 
        (crt, ctypes.c_uint(0), ctypes.byref(crtverify))
417
 
    if crtverify.value != 0:
418
 
        tmp = open("/tmp/tmp.gpg", "w")
419
 
        tmp.write(openpgp)
420
 
        tmp.close()
421
 
        gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
422
 
        raise gnutls.errors.CertificateSecurityError("Verify failed")
423
409
    # New buffer for the fingerprint
424
410
    buffer = ctypes.create_string_buffer(20)
425
411
    buffer_length = ctypes.c_size_t()
577
563
    datetime.timedelta(1)
578
564
    >>> string_to_delta(u'1w')
579
565
    datetime.timedelta(7)
580
 
    >>> string_to_delta('5m 30s')
581
 
    datetime.timedelta(0, 330)
582
566
    """
583
 
    timevalue = datetime.timedelta(0)
584
 
    for s in interval.split():
585
 
        try:
586
 
            suffix=unicode(s[-1])
587
 
            value=int(s[:-1])
588
 
            if suffix == u"d":
589
 
                delta = datetime.timedelta(value)
590
 
            elif suffix == u"s":
591
 
                delta = datetime.timedelta(0, value)
592
 
            elif suffix == u"m":
593
 
                delta = datetime.timedelta(0, 0, 0, 0, value)
594
 
            elif suffix == u"h":
595
 
                delta = datetime.timedelta(0, 0, 0, 0, 0, value)
596
 
            elif suffix == u"w":
597
 
                delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
598
 
            else:
599
 
                raise ValueError
600
 
        except (ValueError, IndexError):
 
567
    try:
 
568
        suffix=unicode(interval[-1])
 
569
        value=int(interval[:-1])
 
570
        if suffix == u"d":
 
571
            delta = datetime.timedelta(value)
 
572
        elif suffix == u"s":
 
573
            delta = datetime.timedelta(0, value)
 
574
        elif suffix == u"m":
 
575
            delta = datetime.timedelta(0, 0, 0, 0, value)
 
576
        elif suffix == u"h":
 
577
            delta = datetime.timedelta(0, 0, 0, 0, 0, value)
 
578
        elif suffix == u"w":
 
579
            delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
 
580
        else:
601
581
            raise ValueError
602
 
        timevalue += delta
603
 
    return timevalue
 
582
    except (ValueError, IndexError):
 
583
        raise ValueError
 
584
    return delta
604
585
 
605
586
 
606
587
def server_state_changed(state):
719
700
    server_config = ConfigParser.SafeConfigParser(server_defaults)
720
701
    del server_defaults
721
702
    server_config.read(os.path.join(options.configdir, "mandos.conf"))
 
703
    server_section = "server"
722
704
    # Convert the SafeConfigParser object to a dict
723
 
    server_settings = server_config.defaults()
 
705
    server_settings = dict(server_config.items(server_section))
724
706
    # Use getboolean on the boolean config option
725
707
    server_settings["debug"] = server_config.getboolean\
726
 
                               ("DEFAULT", "debug")
 
708
                               (server_section, "debug")
727
709
    del server_config
728
710
    
729
711
    # Override the settings from the config file with command line
751
733
    # Parse config file with clients
752
734
    client_defaults = { "timeout": "1h",
753
735
                        "interval": "5m",
754
 
                        "checker": "fping -q -- %(host)s",
755
 
                        "host": "",
 
736
                        "checker": "fping -q -- %%(host)s",
756
737
                        }
757
738
    client_config = ConfigParser.SafeConfigParser(client_defaults)
758
739
    client_config.read(os.path.join(server_settings["configdir"],
792
773
        logger.critical(u"No clients defined")
793
774
        sys.exit(1)
794
775
    
795
 
    if debug:
796
 
        # Redirect stdin so all checkers get /dev/null
797
 
        null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
798
 
        os.dup2(null, sys.stdin.fileno())
799
 
        if null > 2:
800
 
            os.close(null)
801
 
    else:
802
 
        # No console logging
 
776
    if not debug:
803
777
        logger.removeHandler(console)
804
 
        # Close all input and output, do double fork, etc.
805
778
        daemon()
806
779
    
807
780
    pidfilename = "/var/run/mandos/mandos.pid"