To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 787
- compare with another revision
- download diff
- download tarball
- view history from revision 787
- Committer: Teddy Hogeborn
- Date: 2015-08-10 16:19:28 UTC
- Revision ID: teddy@recompile.se-20150810161928-bnukog7l47j3pjix
Depend on Avahi and the network in the server's systemd service file.
* mandos.service ([Unit]/After): New; set to "network.target" and
"avahi-daemon.service".
([Unit]/RequisiteOverridable): New; set to "avahi-daemon.service".
* mandos.service ([Unit]/After): New; set to "network.target" and
"avahi-daemon.service".
([Unit]/RequisiteOverridable): New; set to "avahi-daemon.service".
- files added:
- plugin-helpers
- files modified:
- DBUS-API
added
removed
mandos
36
36
37
37
from future_builtins import *
38
38
39
import SocketServer as socketserver
39
try:
40
import SocketServer as socketserver
41
except ImportError:
42
import socketserver
40
43
import socket
41
44
import argparse
42
45
import datetime
47
50
import gnutls.library.functions
48
51
import gnutls.library.constants
49
52
import gnutls.library.types
50
import ConfigParser as configparser
53
try:
54
import ConfigParser as configparser
55
except ImportError:
56
import configparser
51
57
import sys
52
58
import re
53
59
import os
62
68
import struct
63
69
import fcntl
64
70
import functools
65
import cPickle as pickle
71
try:
72
import cPickle as pickle
73
except ImportError:
74
import pickle
66
75
import multiprocessing
67
76
import types
68
77
import binascii
69
78
import tempfile
70
79
import itertools
71
80
import collections
81
import codecs
72
82
73
83
import dbus
74
84
import dbus.service
75
import gobject
85
try:
86
import gobject
87
except ImportError:
88
from gi.repository import GObject as gobject
76
89
import avahi
77
90
from dbus.mainloop.glib import DBusGMainLoop
78
91
import ctypes
382
395
logger.error(bad_states[state] + ": %r", error)
383
396
self.cleanup()
384
397
elif state == avahi.SERVER_RUNNING:
385
self.add()
398
try:
399
self.add()
400
except dbus.exceptions.DBusException as error:
401
if (error.get_dbus_name()
402
== "org.freedesktop.Avahi.CollisionError"):
403
logger.info("Local Zeroconf service name"
404
" collision.")
405
return self.rename(remove=False)
406
else:
407
logger.critical("D-Bus Exception", exc_info=error)
408
self.cleanup()
409
os._exit(1)
386
410
else:
387
411
if error is None:
388
412
logger.debug("Unknown state: %r", state)
411
435
.format(self.name)))
412
436
return ret
413
437
438
def call_pipe(connection, # : multiprocessing.Connection
439
func, *args, **kwargs):
440
"""This function is meant to be called by multiprocessing.Process
441
442
This function runs func(*args, **kwargs), and writes the resulting
443
return value on the provided multiprocessing.Connection.
444
"""
445
connection.send(func(*args, **kwargs))
446
connection.close()
414
447
415
448
class Client(object):
416
449
"""A representation of a client host served by this server.
443
476
last_checker_status: integer between 0 and 255 reflecting exit
444
477
status of last checker. -1 reflects crashed
445
478
checker, -2 means no checker completed yet.
479
last_checker_signal: The signal which killed the last checker, if
480
last_checker_status is -1
446
481
last_enabled: datetime.datetime(); (UTC) or None
447
482
name: string; from the config file, used in log messages and
448
483
D-Bus identifiers
622
657
# Also start a new checker *right now*.
623
658
self.start_checker()
624
659
625
def checker_callback(self, pid, condition, command):
660
def checker_callback(self, source, condition, connection,
661
command):
626
662
"""The checker has completed, so take appropriate actions."""
627
663
self.checker_callback_tag = None
628
664
self.checker = None
629
if os.WIFEXITED(condition):
630
self.last_checker_status = os.WEXITSTATUS(condition)
665
# Read return code from connection (see call_pipe)
666
returncode = connection.recv()
667
connection.close()
668
669
if returncode >= 0:
670
self.last_checker_status = returncode
671
self.last_checker_signal = None
631
672
if self.last_checker_status == 0:
632
673
logger.info("Checker for %(name)s succeeded",
633
674
vars(self))
636
677
logger.info("Checker for %(name)s failed", vars(self))
637
678
else:
638
679
self.last_checker_status = -1
680
self.last_checker_signal = -returncode
639
681
logger.warning("Checker for %(name)s crashed?",
640
682
vars(self))
683
return False
641
684
642
685
def checked_ok(self):
643
686
"""Assert that the client has been seen, alive and well."""
644
687
self.last_checked_ok = datetime.datetime.utcnow()
645
688
self.last_checker_status = 0
689
self.last_checker_signal = None
646
690
self.bump_timeout()
647
691
648
692
def bump_timeout(self, timeout=None):
674
718
# than 'timeout' for the client to be disabled, which is as it
675
719
# should be.
676
720
677
# If a checker exists, make sure it is not a zombie
678
try:
679
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
680
except AttributeError:
681
pass
682
except OSError as error:
683
if error.errno != errno.ECHILD:
684
raise
685
else:
686
if pid:
687
logger.warning("Checker was a zombie")
688
gobject.source_remove(self.checker_callback_tag)
689
self.checker_callback(pid, status,
690
self.current_checker_command)
721
if self.checker is not None and not self.checker.is_alive():
722
logger.warning("Checker was not alive; joining")
723
self.checker.join()
724
self.checker = None
691
725
# Start a new checker if needed
692
726
if self.checker is None:
693
727
# Escape attributes for the shell
702
736
exc_info=error)
703
737
return True # Try again later
704
738
self.current_checker_command = command
705
try:
706
logger.info("Starting checker %r for %s", command,
707
self.name)
708
# We don't need to redirect stdout and stderr, since
709
# in normal mode, that is already done by daemon(),
710
# and in debug mode we don't want to. (Stdin is
711
# always replaced by /dev/null.)
712
# The exception is when not debugging but nevertheless
713
# running in the foreground; use the previously
714
# created wnull.
715
popen_args = {}
716
if (not self.server_settings["debug"]
717
and self.server_settings["foreground"]):
718
popen_args.update({"stdout": wnull,
719
"stderr": wnull })
720
self.checker = subprocess.Popen(command,
721
close_fds=True,
722
shell=True,
723
cwd="/",
724
**popen_args)
725
except OSError as error:
726
logger.error("Failed to start subprocess",
727
exc_info=error)
728
return True
729
self.checker_callback_tag = gobject.child_watch_add(
730
self.checker.pid, self.checker_callback, data=command)
731
# The checker may have completed before the gobject
732
# watch was added. Check for this.
733
try:
734
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
735
except OSError as error:
736
if error.errno == errno.ECHILD:
737
# This should never happen
738
logger.error("Child process vanished",
739
exc_info=error)
740
return True
741
raise
742
if pid:
743
gobject.source_remove(self.checker_callback_tag)
744
self.checker_callback(pid, status, command)
739
logger.info("Starting checker %r for %s", command,
740
self.name)
741
# We don't need to redirect stdout and stderr, since
742
# in normal mode, that is already done by daemon(),
743
# and in debug mode we don't want to. (Stdin is
744
# always replaced by /dev/null.)
745
# The exception is when not debugging but nevertheless
746
# running in the foreground; use the previously
747
# created wnull.
748
popen_args = { "close_fds": True,
749
"shell": True,
750
"cwd": "/" }
751
if (not self.server_settings["debug"]
752
and self.server_settings["foreground"]):
753
popen_args.update({"stdout": wnull,
754
"stderr": wnull })
755
pipe = multiprocessing.Pipe(duplex = False)
756
self.checker = multiprocessing.Process(
757
target = call_pipe,
758
args = (pipe[1], subprocess.call, command),
759
kwargs = popen_args)
760
self.checker.start()
761
self.checker_callback_tag = gobject.io_add_watch(
762
pipe[0].fileno(), gobject.IO_IN,
763
self.checker_callback, pipe[0], command)
745
764
# Re-run this periodically if run by gobject.timeout_add
746
765
return True
747
766
753
772
if getattr(self, "checker", None) is None:
754
773
return
755
774
logger.debug("Stopping checker for %(name)s", vars(self))
756
try:
757
self.checker.terminate()
758
#time.sleep(0.5)
759
#if self.checker.poll() is None:
760
# self.checker.kill()
761
except OSError as error:
762
if error.errno != errno.ESRCH: # No such process
763
raise
775
self.checker.terminate()
764
776
self.checker = None
765
777
766
778
830
842
access="r")
831
843
def Property_dbus_property(self):
832
844
return dbus.Boolean(False)
845
846
See also the DBusObjectWithAnnotations class.
833
847
"""
834
848
835
849
def decorator(func):
857
871
pass
858
872
859
873
860
class DBusObjectWithProperties(dbus.service.Object):
861
"""A D-Bus object with properties.
874
class DBusObjectWithAnnotations(dbus.service.Object):
875
"""A D-Bus object with annotations.
862
876
863
Classes inheriting from this can use the dbus_service_property
864
decorator to expose methods as D-Bus properties. It exposes the
865
standard Get(), Set(), and GetAll() methods on the D-Bus.
877
Classes inheriting from this can use the dbus_annotations
878
decorator to add annotations to methods or signals.
866
879
"""
867
880
868
881
@staticmethod
884
897
for name, athing in
885
898
inspect.getmembers(cls, self._is_dbus_thing(thing)))
886
899
900
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
901
out_signature = "s",
902
path_keyword = 'object_path',
903
connection_keyword = 'connection')
904
def Introspect(self, object_path, connection):
905
"""Overloading of standard D-Bus method.
906
907
Inserts annotation tags on methods and signals.
908
"""
909
xmlstring = dbus.service.Object.Introspect(self, object_path,
910
connection)
911
try:
912
document = xml.dom.minidom.parseString(xmlstring)
913
914
for if_tag in document.getElementsByTagName("interface"):
915
# Add annotation tags
916
for typ in ("method", "signal"):
917
for tag in if_tag.getElementsByTagName(typ):
918
annots = dict()
919
for name, prop in (self.
920
_get_all_dbus_things(typ)):
921
if (name == tag.getAttribute("name")
922
and prop._dbus_interface
923
== if_tag.getAttribute("name")):
924
annots.update(getattr(
925
prop, "_dbus_annotations", {}))
926
for name, value in annots.items():
927
ann_tag = document.createElement(
928
"annotation")
929
ann_tag.setAttribute("name", name)
930
ann_tag.setAttribute("value", value)
931
tag.appendChild(ann_tag)
932
# Add interface annotation tags
933
for annotation, value in dict(
934
itertools.chain.from_iterable(
935
annotations().items()
936
for name, annotations
937
in self._get_all_dbus_things("interface")
938
if name == if_tag.getAttribute("name")
939
)).items():
940
ann_tag = document.createElement("annotation")
941
ann_tag.setAttribute("name", annotation)
942
ann_tag.setAttribute("value", value)
943
if_tag.appendChild(ann_tag)
944
# Fix argument name for the Introspect method itself
945
if (if_tag.getAttribute("name")
946
== dbus.INTROSPECTABLE_IFACE):
947
for cn in if_tag.getElementsByTagName("method"):
948
if cn.getAttribute("name") == "Introspect":
949
for arg in cn.getElementsByTagName("arg"):
950
if (arg.getAttribute("direction")
951
== "out"):
952
arg.setAttribute("name",
953
"xml_data")
954
xmlstring = document.toxml("utf-8")
955
document.unlink()
956
except (AttributeError, xml.dom.DOMException,
957
xml.parsers.expat.ExpatError) as error:
958
logger.error("Failed to override Introspection method",
959
exc_info=error)
960
return xmlstring
961
962
963
class DBusObjectWithProperties(DBusObjectWithAnnotations):
964
"""A D-Bus object with properties.
965
966
Classes inheriting from this can use the dbus_service_property
967
decorator to expose methods as D-Bus properties. It exposes the
968
standard Get(), Set(), and GetAll() methods on the D-Bus.
969
"""
970
887
971
def _get_dbus_property(self, interface_name, property_name):
888
972
"""Returns a bound method if one exists which is a D-Bus
889
973
property with the specified name and interface.
899
983
raise DBusPropertyNotFound("{}:{}.{}".format(
900
984
self.dbus_object_path, interface_name, property_name))
901
985
986
@classmethod
987
def _get_all_interface_names(cls):
988
"""Get a sequence of all interfaces supported by an object"""
989
return (name for name in set(getattr(getattr(x, attr),
990
"_dbus_interface", None)
991
for x in (inspect.getmro(cls))
992
for attr in dir(x))
993
if name is not None)
994
902
995
@dbus.service.method(dbus.PROPERTIES_IFACE,
903
996
in_signature="ss",
904
997
out_signature="v")
974
1067
975
1068
Inserts property tags and interface annotation tags.
976
1069
"""
977
xmlstring = dbus.service.Object.Introspect(self, object_path,
978
connection)
1070
xmlstring = DBusObjectWithAnnotations.Introspect(self,
1071
object_path,
1072
connection)
979
1073
try:
980
1074
document = xml.dom.minidom.parseString(xmlstring)
981
1075
994
1088
if prop._dbus_interface
995
1089
== if_tag.getAttribute("name")):
996
1090
if_tag.appendChild(tag)
997
# Add annotation tags
998
for typ in ("method", "signal", "property"):
999
for tag in if_tag.getElementsByTagName(typ):
1000
annots = dict()
1001
for name, prop in (self.
1002
_get_all_dbus_things(typ)):
1003
if (name == tag.getAttribute("name")
1004
and prop._dbus_interface
1005
== if_tag.getAttribute("name")):
1006
annots.update(getattr(
1007
prop, "_dbus_annotations", {}))
1008
for name, value in annots.items():
1009
ann_tag = document.createElement(
1010
"annotation")
1011
ann_tag.setAttribute("name", name)
1012
ann_tag.setAttribute("value", value)
1013
tag.appendChild(ann_tag)
1014
# Add interface annotation tags
1015
for annotation, value in dict(
1016
itertools.chain.from_iterable(
1017
annotations().items()
1018
for name, annotations
1019
in self._get_all_dbus_things("interface")
1020
if name == if_tag.getAttribute("name")
1021
)).items():
1022
ann_tag = document.createElement("annotation")
1023
ann_tag.setAttribute("name", annotation)
1024
ann_tag.setAttribute("value", value)
1025
if_tag.appendChild(ann_tag)
1091
# Add annotation tags for properties
1092
for tag in if_tag.getElementsByTagName("property"):
1093
annots = dict()
1094
for name, prop in self._get_all_dbus_things(
1095
"property"):
1096
if (name == tag.getAttribute("name")
1097
and prop._dbus_interface
1098
== if_tag.getAttribute("name")):
1099
annots.update(getattr(
1100
prop, "_dbus_annotations", {}))
1101
for name, value in annots.items():
1102
ann_tag = document.createElement(
1103
"annotation")
1104
ann_tag.setAttribute("name", name)
1105
ann_tag.setAttribute("value", value)
1106
tag.appendChild(ann_tag)
1026
1107
# Add the names to the return values for the
1027
1108
# "org.freedesktop.DBus.Properties" methods
1028
1109
if (if_tag.getAttribute("name")
1046
1127
exc_info=error)
1047
1128
return xmlstring
1048
1129
1130
try:
1131
dbus.OBJECT_MANAGER_IFACE
1132
except AttributeError:
1133
dbus.OBJECT_MANAGER_IFACE = "org.freedesktop.DBus.ObjectManager"
1134
1135
class DBusObjectWithObjectManager(DBusObjectWithAnnotations):
1136
"""A D-Bus object with an ObjectManager.
1137
1138
Classes inheriting from this exposes the standard
1139
GetManagedObjects call and the InterfacesAdded and
1140
InterfacesRemoved signals on the standard
1141
"org.freedesktop.DBus.ObjectManager" interface.
1142
1143
Note: No signals are sent automatically; they must be sent
1144
manually.
1145
"""
1146
@dbus.service.method(dbus.OBJECT_MANAGER_IFACE,
1147
out_signature = "a{oa{sa{sv}}}")
1148
def GetManagedObjects(self):
1149
"""This function must be overridden"""
1150
raise NotImplementedError()
1151
1152
@dbus.service.signal(dbus.OBJECT_MANAGER_IFACE,
1153
signature = "oa{sa{sv}}")
1154
def InterfacesAdded(self, object_path, interfaces_and_properties):
1155
pass
1156
1157
@dbus.service.signal(dbus.OBJECT_MANAGER_IFACE, signature = "oas")
1158
def InterfacesRemoved(self, object_path, interfaces):
1159
pass
1160
1161
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
1162
out_signature = "s",
1163
path_keyword = 'object_path',
1164
connection_keyword = 'connection')
1165
def Introspect(self, object_path, connection):
1166
"""Overloading of standard D-Bus method.
1167
1168
Override return argument name of GetManagedObjects to be
1169
"objpath_interfaces_and_properties"
1170
"""
1171
xmlstring = DBusObjectWithAnnotations.Introspect(self,
1172
object_path,
1173
connection)
1174
try:
1175
document = xml.dom.minidom.parseString(xmlstring)
1176
1177
for if_tag in document.getElementsByTagName("interface"):
1178
# Fix argument name for the GetManagedObjects method
1179
if (if_tag.getAttribute("name")
1180
== dbus.OBJECT_MANAGER_IFACE):
1181
for cn in if_tag.getElementsByTagName("method"):
1182
if (cn.getAttribute("name")
1183
== "GetManagedObjects"):
1184
for arg in cn.getElementsByTagName("arg"):
1185
if (arg.getAttribute("direction")
1186
== "out"):
1187
arg.setAttribute(
1188
"name",
1189
"objpath_interfaces"
1190
"_and_properties")
1191
xmlstring = document.toxml("utf-8")
1192
document.unlink()
1193
except (AttributeError, xml.dom.DOMException,
1194
xml.parsers.expat.ExpatError) as error:
1195
logger.error("Failed to override Introspection method",
1196
exc_info = error)
1197
return xmlstring
1049
1198
1050
1199
def datetime_to_dbus(dt, variant_level=0):
1051
1200
"""Convert a UTC datetime.datetime() to a D-Bus type."""
1098
1247
interface_names.add(alt_interface)
1099
1248
# Is this a D-Bus signal?
1100
1249
if getattr(attribute, "_dbus_is_signal", False):
1101
# Extract the original non-method undecorated
1102
# function by black magic
1103
nonmethod_func = (dict(
1104
zip(attribute.func_code.co_freevars,
1105
attribute.__closure__))
1106
["func"].cell_contents)
1250
if sys.version_info.major == 2:
1251
# Extract the original non-method undecorated
1252
# function by black magic
1253
nonmethod_func = (dict(
1254
zip(attribute.func_code.co_freevars,
1255
attribute.__closure__))
1256
["func"].cell_contents)
1257
else:
1258
nonmethod_func = attribute
1107
1259
# Create a new, but exactly alike, function
1108
1260
# object, and decorate it to be a new D-Bus signal
1109
1261
# with the alternate D-Bus interface name
1262
if sys.version_info.major == 2:
1263
new_function = types.FunctionType(
1264
nonmethod_func.func_code,
1265
nonmethod_func.func_globals,
1266
nonmethod_func.func_name,
1267
nonmethod_func.func_defaults,
1268
nonmethod_func.func_closure)
1269
else:
1270
new_function = types.FunctionType(
1271
nonmethod_func.__code__,
1272
nonmethod_func.__globals__,
1273
nonmethod_func.__name__,
1274
nonmethod_func.__defaults__,
1275
nonmethod_func.__closure__)
1110
1276
new_function = (dbus.service.signal(
1111
alt_interface, attribute._dbus_signature)
1112
(types.FunctionType(
1113
nonmethod_func.func_code,
1114
nonmethod_func.func_globals,
1115
nonmethod_func.func_name,
1116
nonmethod_func.func_defaults,
1117
nonmethod_func.func_closure)))
1277
alt_interface,
1278
attribute._dbus_signature)(new_function))
1118
1279
# Copy annotations, if any
1119
1280
try:
1120
1281
new_function._dbus_annotations = dict(
1130
1291
func1 and func2 to the "call_both" function
1131
1292
outside of its arguments"""
1132
1293
1294
@functools.wraps(func2)
1133
1295
def call_both(*args, **kwargs):
1134
1296
"""This function will emit two D-Bus
1135
1297
signals by calling func1 and func2"""
1136
1298
func1(*args, **kwargs)
1137
1299
func2(*args, **kwargs)
1300
# Make wrapper function look like a D-Bus signal
1301
for name, attr in inspect.getmembers(func2):
1302
if name.startswith("_dbus_"):
1303
setattr(call_both, name, attr)
1138
1304
1139
1305
return call_both
1140
1306
# Create the "call_both" function and add it to
1343
1509
DBusObjectWithProperties.__del__(self, *args, **kwargs)
1344
1510
Client.__del__(self, *args, **kwargs)
1345
1511
1346
def checker_callback(self, pid, condition, command,
1347
*args, **kwargs):
1348
self.checker_callback_tag = None
1349
self.checker = None
1350
if os.WIFEXITED(condition):
1351
exitstatus = os.WEXITSTATUS(condition)
1512
def checker_callback(self, source, condition,
1513
connection, command, *args, **kwargs):
1514
ret = Client.checker_callback(self, source, condition,
1515
connection, command, *args,
1516
**kwargs)
1517
exitstatus = self.last_checker_status
1518
if exitstatus >= 0:
1352
1519
# Emit D-Bus signal
1353
1520
self.CheckerCompleted(dbus.Int16(exitstatus),
1354
dbus.Int64(condition),
1521
# This is specific to GNU libC
1522
dbus.Int64(exitstatus << 8),
1355
1523
dbus.String(command))
1356
1524
else:
1357
1525
# Emit D-Bus signal
1358
1526
self.CheckerCompleted(dbus.Int16(-1),
1359
dbus.Int64(condition),
1527
dbus.Int64(
1528
# This is specific to GNU libC
1529
(exitstatus << 8)
1530
| self.last_checker_signal),
1360
1531
dbus.String(command))
1361
1362
return Client.checker_callback(self, pid, condition, command,
1363
*args, **kwargs)
1532
return ret
1364
1533
1365
1534
def start_checker(self, *args, **kwargs):
1366
1535
old_checker_pid = getattr(self.checker, "pid", None)
1441
1610
self.checked_ok()
1442
1611
1443
1612
# Enable - method
1613
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1444
1614
@dbus.service.method(_interface)
1445
1615
def Enable(self):
1446
1616
"D-Bus method"
1447
1617
self.enable()
1448
1618
1449
1619
# StartChecker - method
1620
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1450
1621
@dbus.service.method(_interface)
1451
1622
def StartChecker(self):
1452
1623
"D-Bus method"
1453
1624
self.start_checker()
1454
1625
1455
1626
# Disable - method
1627
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1456
1628
@dbus.service.method(_interface)
1457
1629
def Disable(self):
1458
1630
"D-Bus method"
1459
1631
self.disable()
1460
1632
1461
1633
# StopChecker - method
1634
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1462
1635
@dbus.service.method(_interface)
1463
1636
def StopChecker(self):
1464
1637
self.stop_checker()
1500
1673
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1501
1674
1502
1675
# Name - property
1676
@dbus_annotations(
1677
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1503
1678
@dbus_service_property(_interface, signature="s", access="read")
1504
1679
def Name_dbus_property(self):
1505
1680
return dbus.String(self.name)
1506
1681
1507
1682
# Fingerprint - property
1683
@dbus_annotations(
1684
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1508
1685
@dbus_service_property(_interface, signature="s", access="read")
1509
1686
def Fingerprint_dbus_property(self):
1510
1687
return dbus.String(self.fingerprint)
1519
1696
self.host = str(value)
1520
1697
1521
1698
# Created - property
1699
@dbus_annotations(
1700
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1522
1701
@dbus_service_property(_interface, signature="s", access="read")
1523
1702
def Created_dbus_property(self):
1524
1703
return datetime_to_dbus(self.created)
1639
1818
self.stop_checker()
1640
1819
1641
1820
# ObjectPath - property
1821
@dbus_annotations(
1822
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const",
1823
"org.freedesktop.DBus.Deprecated": "true"})
1642
1824
@dbus_service_property(_interface, signature="o", access="read")
1643
1825
def ObjectPath_dbus_property(self):
1644
1826
return self.dbus_object_path # is already a dbus.ObjectPath
1645
1827
1646
1828
# Secret = property
1829
@dbus_annotations(
1830
{"org.freedesktop.DBus.Property.EmitsChangedSignal":
1831
"invalidates"})
1647
1832
@dbus_service_property(_interface,
1648
1833
signature="ay",
1649
1834
access="write",
1659
1844
self._pipe = child_pipe
1660
1845
self._pipe.send(('init', fpr, address))
1661
1846
if not self._pipe.recv():
1662
raise KeyError()
1847
raise KeyError(fpr)
1663
1848
1664
1849
def __getattribute__(self, name):
1665
1850
if name == '_pipe':
2128
2313
2129
2314
if command == 'getattr':
2130
2315
attrname = request[1]
2131
if callable(client_object.__getattribute__(attrname)):
2316
if isinstance(client_object.__getattribute__(attrname),
2317
collections.Callable):
2132
2318
parent_pipe.send(('function', ))
2133
2319
else:
2134
2320
parent_pipe.send((
2169
2355
# avoid excessive use of external libraries.
2170
2356
2171
2357
# New type for defining tokens, syntax, and semantics all-in-one
2172
Token = collections.namedtuple("Token",
2173
("regexp", # To match token; if
2174
# "value" is not None,
2175
# must have a "group"
2176
# containing digits
2177
"value", # datetime.timedelta or
2178
# None
2179
"followers")) # Tokens valid after
2180
# this token
2181
2358
Token = collections.namedtuple("Token", (
2182
2359
"regexp", # To match token; if "value" is not None, must have
2183
2360
# a "group" containing digits
2218
2395
# Define starting values
2219
2396
value = datetime.timedelta() # Value so far
2220
2397
found_token = None
2221
followers = frozenset((token_duration,)) # Following valid tokens
2398
followers = frozenset((token_duration, )) # Following valid tokens
2222
2399
s = duration # String left to parse
2223
2400
# Loop until end token is found
2224
2401
while found_token is not token_end:
2241
2418
break
2242
2419
else:
2243
2420
# No currently valid tokens were found
2244
raise ValueError("Invalid RFC 3339 duration")
2421
raise ValueError("Invalid RFC 3339 duration: {!r}"
2422
.format(duration))
2245
2423
# End token found
2246
2424
return value
2247
2425
2380
2558
"debug": "False",
2381
2559
"priority":
2382
2560
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA"
2383
":+SIGN-RSA-SHA224:+SIGN-RSA-RMD160",
2561
":+SIGN-DSA-SHA256",
2384
2562
"servicename": "Mandos",
2385
2563
"use_dbus": "True",
2386
2564
"use_ipv6": "True",
2498
2676
pidfilename = "/var/run/mandos.pid"
2499
2677
pidfile = None
2500
2678
try:
2501
pidfile = open(pidfilename, "w")
2679
pidfile = codecs.open(pidfilename, "w", encoding="utf-8")
2502
2680
except IOError as e:
2503
2681
logger.error("Could not open file %r", pidfilename,
2504
2682
exc_info=e)
2563
2741
old_bus_name = dbus.service.BusName(
2564
2742
"se.bsnet.fukt.Mandos", bus,
2565
2743
do_not_queue=True)
2566
except dbus.exceptions.NameExistsException as e:
2744
except dbus.exceptions.DBusException as e:
2567
2745
logger.error("Disabling D-Bus:", exc_info=e)
2568
2746
use_dbus = False
2569
2747
server_settings["use_dbus"] = False
2642
2820
pass
2643
2821
2644
2822
# Clients who has passed its expire date can still be
2645
# enabled if its last checker was successful. Clients
2823
# enabled if its last checker was successful. A Client
2646
2824
# whose checker succeeded before we stored its state is
2647
2825
# assumed to have successfully run all checkers during
2648
2826
# downtime.
2700
2878
2701
2879
if not foreground:
2702
2880
if pidfile is not None:
2881
pid = os.getpid()
2703
2882
try:
2704
2883
with pidfile:
2705
pid = os.getpid()
2706
pidfile.write("{}\n".format(pid).encode("utf-8"))
2884
print(pid, file=pidfile)
2707
2885
except IOError:
2708
2886
logger.error("Could not write to file %r with PID %d",
2709
2887
pidfilename, pid)
2717
2895
2718
2896
@alternate_dbus_interfaces(
2719
2897
{ "se.recompile.Mandos": "se.bsnet.fukt.Mandos" })
2720
class MandosDBusService(DBusObjectWithProperties):
2898
class MandosDBusService(DBusObjectWithObjectManager):
2721
2899
"""A D-Bus proxy object"""
2722
2900
2723
2901
def __init__(self):
2725
2903
2726
2904
_interface = "se.recompile.Mandos"
2727
2905
2728
@dbus_interface_annotations(_interface)
2729
def _foo(self):
2730
return {
2731
"org.freedesktop.DBus.Property.EmitsChangedSignal":
2732
"false" }
2733
2734
2906
@dbus.service.signal(_interface, signature="o")
2735
2907
def ClientAdded(self, objpath):
2736
2908
"D-Bus signal"
2741
2913
"D-Bus signal"
2742
2914
pass
2743
2915
2916
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
2917
"true"})
2744
2918
@dbus.service.signal(_interface, signature="os")
2745
2919
def ClientRemoved(self, objpath, name):
2746
2920
"D-Bus signal"
2747
2921
pass
2748
2922
2923
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
2924
"true"})
2749
2925
@dbus.service.method(_interface, out_signature="ao")
2750
2926
def GetAllClients(self):
2751
2927
"D-Bus method"
2752
2928
return dbus.Array(c.dbus_object_path for c in
2753
2929
tcp_server.clients.itervalues())
2754
2930
2931
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
2932
"true"})
2755
2933
@dbus.service.method(_interface,
2756
2934
out_signature="a{oa{sv}}")
2757
2935
def GetAllClientsWithProperties(self):
2758
2936
"D-Bus method"
2759
2937
return dbus.Dictionary(
2760
{ c.dbus_object_path: c.GetAll("")
2938
{ c.dbus_object_path: c.GetAll(
2939
"se.recompile.Mandos.Client")
2761
2940
for c in tcp_server.clients.itervalues() },
2762
2941
signature="oa{sv}")
2763
2942
2768
2947
if c.dbus_object_path == object_path:
2769
2948
del tcp_server.clients[c.name]
2770
2949
c.remove_from_connection()
2771
# Don't signal anything except ClientRemoved
2950
# Don't signal the disabling
2772
2951
c.disable(quiet=True)
2773
# Emit D-Bus signal
2774
self.ClientRemoved(object_path, c.name)
2952
# Emit D-Bus signal for removal
2953
self.client_removed_signal(c)
2775
2954
return
2776
2955
raise KeyError(object_path)
2777
2956
2778
2957
del _interface
2958
2959
@dbus.service.method(dbus.OBJECT_MANAGER_IFACE,
2960
out_signature = "a{oa{sa{sv}}}")
2961
def GetManagedObjects(self):
2962
"""D-Bus method"""
2963
return dbus.Dictionary(
2964
{ client.dbus_object_path:
2965
dbus.Dictionary(
2966
{ interface: client.GetAll(interface)
2967
for interface in
2968
client._get_all_interface_names()})
2969
for client in tcp_server.clients.values()})
2970
2971
def client_added_signal(self, client):
2972
"""Send the new standard signal and the old signal"""
2973
if use_dbus:
2974
# New standard signal
2975
self.InterfacesAdded(
2976
client.dbus_object_path,
2977
dbus.Dictionary(
2978
{ interface: client.GetAll(interface)
2979
for interface in
2980
client._get_all_interface_names()}))
2981
# Old signal
2982
self.ClientAdded(client.dbus_object_path)
2983
2984
def client_removed_signal(self, client):
2985
"""Send the new standard signal and the old signal"""
2986
if use_dbus:
2987
# New standard signal
2988
self.InterfacesRemoved(
2989
client.dbus_object_path,
2990
client._get_all_interface_names())
2991
# Old signal
2992
self.ClientRemoved(client.dbus_object_path,
2993
client.name)
2779
2994
2780
2995
mandos_dbus_service = MandosDBusService()
2781
2996
2846
3061
name, client = tcp_server.clients.popitem()
2847
3062
if use_dbus:
2848
3063
client.remove_from_connection()
2849
# Don't signal anything except ClientRemoved
3064
# Don't signal the disabling
2850
3065
client.disable(quiet=True)
2851
if use_dbus:
2852
# Emit D-Bus signal
2853
mandos_dbus_service.ClientRemoved(
2854
client.dbus_object_path, client.name)
3066
# Emit D-Bus signal for removal
3067
mandos_dbus_service.client_removed_signal(client)
2855
3068
client_settings.clear()
2856
3069
2857
3070
atexit.register(cleanup)
2858
3071
2859
3072
for client in tcp_server.clients.itervalues():
2860
3073
if use_dbus:
2861
# Emit D-Bus signal
2862
mandos_dbus_service.ClientAdded(client.dbus_object_path)
3074
# Emit D-Bus signal for adding
3075
mandos_dbus_service.client_added_signal(client)
2863
3076
# Need to initiate checking of clients
2864
3077
if client.enabled:
2865
3078
client.init_checker()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0