235
196
.replace(b"\n", b"\\n")
236
197
.replace(b"\0", b"\\x00"))
239
200
def encrypt(self, data, password):
240
201
passphrase = self.password_encode(password)
241
202
with tempfile.NamedTemporaryFile(
242
203
dir=self.tempdir) as passfile:
243
204
passfile.write(passphrase)
245
proc = subprocess.Popen([self.gpg, '--symmetric',
206
proc = subprocess.Popen(['gpg', '--symmetric',
246
207
'--passphrase-file',
248
209
+ self.gnupgargs,
249
stdin=subprocess.PIPE,
250
stdout=subprocess.PIPE,
251
stderr=subprocess.PIPE)
252
ciphertext, err = proc.communicate(input=data)
210
stdin = subprocess.PIPE,
211
stdout = subprocess.PIPE,
212
stderr = subprocess.PIPE)
213
ciphertext, err = proc.communicate(input = data)
253
214
if proc.returncode != 0:
254
215
raise PGPError(err)
255
216
return ciphertext
257
218
def decrypt(self, data, password):
258
219
passphrase = self.password_encode(password)
259
220
with tempfile.NamedTemporaryFile(
260
dir=self.tempdir) as passfile:
221
dir = self.tempdir) as passfile:
261
222
passfile.write(passphrase)
263
proc = subprocess.Popen([self.gpg, '--decrypt',
224
proc = subprocess.Popen(['gpg', '--decrypt',
264
225
'--passphrase-file',
266
227
+ self.gnupgargs,
267
stdin=subprocess.PIPE,
268
stdout=subprocess.PIPE,
269
stderr=subprocess.PIPE)
270
decrypted_plaintext, err = proc.communicate(input=data)
228
stdin = subprocess.PIPE,
229
stdout = subprocess.PIPE,
230
stderr = subprocess.PIPE)
231
decrypted_plaintext, err = proc.communicate(input = data)
271
232
if proc.returncode != 0:
272
233
raise PGPError(err)
273
234
return decrypted_plaintext
276
# Pretend that we have an Avahi module
278
"""This isn't so much a class as it is a module-like namespace.
279
It is instantiated once, and simulates having an Avahi module."""
280
IF_UNSPEC = -1 # avahi-common/address.h
281
PROTO_UNSPEC = -1 # avahi-common/address.h
282
PROTO_INET = 0 # avahi-common/address.h
283
PROTO_INET6 = 1 # avahi-common/address.h
284
DBUS_NAME = "org.freedesktop.Avahi"
285
DBUS_INTERFACE_ENTRY_GROUP = DBUS_NAME + ".EntryGroup"
286
DBUS_INTERFACE_SERVER = DBUS_NAME + ".Server"
287
DBUS_PATH_SERVER = "/"
289
def string_array_to_txt_array(self, t):
290
return dbus.Array((dbus.ByteArray(s.encode("utf-8"))
291
for s in t), signature="ay")
292
ENTRY_GROUP_ESTABLISHED = 2 # avahi-common/defs.h
293
ENTRY_GROUP_COLLISION = 3 # avahi-common/defs.h
294
ENTRY_GROUP_FAILURE = 4 # avahi-common/defs.h
295
SERVER_INVALID = 0 # avahi-common/defs.h
296
SERVER_REGISTERING = 1 # avahi-common/defs.h
297
SERVER_RUNNING = 2 # avahi-common/defs.h
298
SERVER_COLLISION = 3 # avahi-common/defs.h
299
SERVER_FAILURE = 4 # avahi-common/defs.h
303
237
class AvahiError(Exception):
304
238
def __init__(self, value, *args, **kwargs):
305
239
self.value = value
501
435
.format(self.name)))
505
# Pretend that we have a GnuTLS module
506
class GnuTLS(object):
507
"""This isn't so much a class as it is a module-like namespace.
508
It is instantiated once, and simulates having a GnuTLS module."""
510
library = ctypes.util.find_library("gnutls")
512
library = ctypes.util.find_library("gnutls-deb0")
513
_library = ctypes.cdll.LoadLibrary(library)
515
_need_version = b"3.3.0"
518
# Need to use "self" here, since this method is called before
519
# the assignment to the "gnutls" global variable happens.
520
if self.check_version(self._need_version) is None:
521
raise self.Error("Needs GnuTLS {} or later"
522
.format(self._need_version))
524
# Unless otherwise indicated, the constants and types below are
525
# all from the gnutls/gnutls.h C header file.
535
E_NO_CERTIFICATE_FOUND = -49
536
OPENPGP_FMT_RAW = 0 # gnutls/openpgp.h
539
class session_int(ctypes.Structure):
541
session_t = ctypes.POINTER(session_int)
543
class certificate_credentials_st(ctypes.Structure):
545
certificate_credentials_t = ctypes.POINTER(
546
certificate_credentials_st)
547
certificate_type_t = ctypes.c_int
549
class datum_t(ctypes.Structure):
550
_fields_ = [('data', ctypes.POINTER(ctypes.c_ubyte)),
551
('size', ctypes.c_uint)]
553
class openpgp_crt_int(ctypes.Structure):
555
openpgp_crt_t = ctypes.POINTER(openpgp_crt_int)
556
openpgp_crt_fmt_t = ctypes.c_int # gnutls/openpgp.h
557
log_func = ctypes.CFUNCTYPE(None, ctypes.c_int, ctypes.c_char_p)
558
credentials_type_t = ctypes.c_int
559
transport_ptr_t = ctypes.c_void_p
560
close_request_t = ctypes.c_int
563
class Error(Exception):
564
# We need to use the class name "GnuTLS" here, since this
565
# exception might be raised from within GnuTLS.__init__,
566
# which is called before the assignment to the "gnutls"
567
# global variable has happened.
568
def __init__(self, message=None, code=None, args=()):
569
# Default usage is by a message string, but if a return
570
# code is passed, convert it to a string with
573
if message is None and code is not None:
574
message = GnuTLS.strerror(code)
575
return super(GnuTLS.Error, self).__init__(
578
class CertificateSecurityError(Error):
582
class Credentials(object):
584
self._c_object = gnutls.certificate_credentials_t()
585
gnutls.certificate_allocate_credentials(
586
ctypes.byref(self._c_object))
587
self.type = gnutls.CRD_CERTIFICATE
590
gnutls.certificate_free_credentials(self._c_object)
592
class ClientSession(object):
593
def __init__(self, socket, credentials=None):
594
self._c_object = gnutls.session_t()
595
gnutls.init(ctypes.byref(self._c_object), gnutls.CLIENT)
596
gnutls.set_default_priority(self._c_object)
597
gnutls.transport_set_ptr(self._c_object, socket.fileno())
598
gnutls.handshake_set_private_extensions(self._c_object,
601
if credentials is None:
602
credentials = gnutls.Credentials()
603
gnutls.credentials_set(self._c_object, credentials.type,
604
ctypes.cast(credentials._c_object,
606
self.credentials = credentials
609
gnutls.deinit(self._c_object)
612
return gnutls.handshake(self._c_object)
614
def send(self, data):
618
data_len -= gnutls.record_send(self._c_object,
623
return gnutls.bye(self._c_object, gnutls.SHUT_RDWR)
625
# Error handling functions
626
def _error_code(result):
627
"""A function to raise exceptions on errors, suitable
628
for the 'restype' attribute on ctypes functions"""
631
if result == gnutls.E_NO_CERTIFICATE_FOUND:
632
raise gnutls.CertificateSecurityError(code=result)
633
raise gnutls.Error(code=result)
635
def _retry_on_error(result, func, arguments):
636
"""A function to retry on some errors, suitable
637
for the 'errcheck' attribute on ctypes functions"""
639
if result not in (gnutls.E_INTERRUPTED, gnutls.E_AGAIN):
640
return _error_code(result)
641
result = func(*arguments)
644
# Unless otherwise indicated, the function declarations below are
645
# all from the gnutls/gnutls.h C header file.
648
priority_set_direct = _library.gnutls_priority_set_direct
649
priority_set_direct.argtypes = [session_t, ctypes.c_char_p,
650
ctypes.POINTER(ctypes.c_char_p)]
651
priority_set_direct.restype = _error_code
653
init = _library.gnutls_init
654
init.argtypes = [ctypes.POINTER(session_t), ctypes.c_int]
655
init.restype = _error_code
657
set_default_priority = _library.gnutls_set_default_priority
658
set_default_priority.argtypes = [session_t]
659
set_default_priority.restype = _error_code
661
record_send = _library.gnutls_record_send
662
record_send.argtypes = [session_t, ctypes.c_void_p,
664
record_send.restype = ctypes.c_ssize_t
665
record_send.errcheck = _retry_on_error
667
certificate_allocate_credentials = (
668
_library.gnutls_certificate_allocate_credentials)
669
certificate_allocate_credentials.argtypes = [
670
ctypes.POINTER(certificate_credentials_t)]
671
certificate_allocate_credentials.restype = _error_code
673
certificate_free_credentials = (
674
_library.gnutls_certificate_free_credentials)
675
certificate_free_credentials.argtypes = [
676
certificate_credentials_t]
677
certificate_free_credentials.restype = None
679
handshake_set_private_extensions = (
680
_library.gnutls_handshake_set_private_extensions)
681
handshake_set_private_extensions.argtypes = [session_t,
683
handshake_set_private_extensions.restype = None
685
credentials_set = _library.gnutls_credentials_set
686
credentials_set.argtypes = [session_t, credentials_type_t,
688
credentials_set.restype = _error_code
690
strerror = _library.gnutls_strerror
691
strerror.argtypes = [ctypes.c_int]
692
strerror.restype = ctypes.c_char_p
694
certificate_type_get = _library.gnutls_certificate_type_get
695
certificate_type_get.argtypes = [session_t]
696
certificate_type_get.restype = _error_code
698
certificate_get_peers = _library.gnutls_certificate_get_peers
699
certificate_get_peers.argtypes = [session_t,
700
ctypes.POINTER(ctypes.c_uint)]
701
certificate_get_peers.restype = ctypes.POINTER(datum_t)
703
global_set_log_level = _library.gnutls_global_set_log_level
704
global_set_log_level.argtypes = [ctypes.c_int]
705
global_set_log_level.restype = None
707
global_set_log_function = _library.gnutls_global_set_log_function
708
global_set_log_function.argtypes = [log_func]
709
global_set_log_function.restype = None
711
deinit = _library.gnutls_deinit
712
deinit.argtypes = [session_t]
713
deinit.restype = None
715
handshake = _library.gnutls_handshake
716
handshake.argtypes = [session_t]
717
handshake.restype = _error_code
718
handshake.errcheck = _retry_on_error
720
transport_set_ptr = _library.gnutls_transport_set_ptr
721
transport_set_ptr.argtypes = [session_t, transport_ptr_t]
722
transport_set_ptr.restype = None
724
bye = _library.gnutls_bye
725
bye.argtypes = [session_t, close_request_t]
726
bye.restype = _error_code
727
bye.errcheck = _retry_on_error
729
check_version = _library.gnutls_check_version
730
check_version.argtypes = [ctypes.c_char_p]
731
check_version.restype = ctypes.c_char_p
733
# All the function declarations below are from gnutls/openpgp.h
735
openpgp_crt_init = _library.gnutls_openpgp_crt_init
736
openpgp_crt_init.argtypes = [ctypes.POINTER(openpgp_crt_t)]
737
openpgp_crt_init.restype = _error_code
739
openpgp_crt_import = _library.gnutls_openpgp_crt_import
740
openpgp_crt_import.argtypes = [openpgp_crt_t,
741
ctypes.POINTER(datum_t),
743
openpgp_crt_import.restype = _error_code
745
openpgp_crt_verify_self = _library.gnutls_openpgp_crt_verify_self
746
openpgp_crt_verify_self.argtypes = [openpgp_crt_t, ctypes.c_uint,
747
ctypes.POINTER(ctypes.c_uint)]
748
openpgp_crt_verify_self.restype = _error_code
750
openpgp_crt_deinit = _library.gnutls_openpgp_crt_deinit
751
openpgp_crt_deinit.argtypes = [openpgp_crt_t]
752
openpgp_crt_deinit.restype = None
754
openpgp_crt_get_fingerprint = (
755
_library.gnutls_openpgp_crt_get_fingerprint)
756
openpgp_crt_get_fingerprint.argtypes = [openpgp_crt_t,
760
openpgp_crt_get_fingerprint.restype = _error_code
762
# Remove non-public functions
763
del _error_code, _retry_on_error
764
# Create the global "gnutls" object, simulating a module
768
438
def call_pipe(connection, # : multiprocessing.Connection
769
439
func, *args, **kwargs):
770
440
"""This function is meant to be called by multiprocessing.Process
772
442
This function runs func(*args, **kwargs), and writes the resulting
773
443
return value on the provided multiprocessing.Connection.
775
445
connection.send(func(*args, **kwargs))
776
446
connection.close()
779
448
class Client(object):
780
449
"""A representation of a client host served by this server.
783
452
approved: bool(); 'None' if not yet approved/disapproved
784
453
approval_delay: datetime.timedelta(); Time to wait for approval
959
626
logger.info("Disabling client %s", self.name)
960
627
if getattr(self, "disable_initiator_tag", None) is not None:
961
GLib.source_remove(self.disable_initiator_tag)
628
gobject.source_remove(self.disable_initiator_tag)
962
629
self.disable_initiator_tag = None
963
630
self.expires = None
964
631
if getattr(self, "checker_initiator_tag", None) is not None:
965
GLib.source_remove(self.checker_initiator_tag)
632
gobject.source_remove(self.checker_initiator_tag)
966
633
self.checker_initiator_tag = None
967
634
self.stop_checker()
968
635
self.enabled = False
970
637
self.send_changedstate()
971
# Do not run this again if called by a GLib.timeout_add
638
# Do not run this again if called by a gobject.timeout_add
974
641
def __del__(self):
977
644
def init_checker(self):
978
645
# Schedule a new checker to be started an 'interval' from now,
979
646
# and every interval from then on.
980
647
if self.checker_initiator_tag is not None:
981
GLib.source_remove(self.checker_initiator_tag)
982
self.checker_initiator_tag = GLib.timeout_add(
648
gobject.source_remove(self.checker_initiator_tag)
649
self.checker_initiator_tag = gobject.timeout_add(
983
650
int(self.interval.total_seconds() * 1000),
984
651
self.start_checker)
985
652
# Schedule a disable() when 'timeout' has passed
986
653
if self.disable_initiator_tag is not None:
987
GLib.source_remove(self.disable_initiator_tag)
988
self.disable_initiator_tag = GLib.timeout_add(
654
gobject.source_remove(self.disable_initiator_tag)
655
self.disable_initiator_tag = gobject.timeout_add(
989
656
int(self.timeout.total_seconds() * 1000), self.disable)
990
657
# Also start a new checker *right now*.
991
658
self.start_checker()
993
660
def checker_callback(self, source, condition, connection,
995
662
"""The checker has completed, so take appropriate actions."""
2188
1870
class ClientHandler(socketserver.BaseRequestHandler, object):
2189
1871
"""A class to handle client connections.
2191
1873
Instantiated once for each connection to handle it.
2192
1874
Note: This will run in its own forked process."""
2194
1876
def handle(self):
2195
1877
with contextlib.closing(self.server.child_pipe) as child_pipe:
2196
1878
logger.info("TCP connection from: %s",
2197
1879
str(self.client_address))
2198
1880
logger.debug("Pipe FD: %d",
2199
1881
self.server.child_pipe.fileno())
2201
session = gnutls.ClientSession(self.request)
2203
# priority = ':'.join(("NONE", "+VERS-TLS1.1",
2204
# "+AES-256-CBC", "+SHA1",
2205
# "+COMP-NULL", "+CTYPE-OPENPGP",
1883
session = gnutls.connection.ClientSession(
1884
self.request, gnutls.connection .X509Credentials())
1886
# Note: gnutls.connection.X509Credentials is really a
1887
# generic GnuTLS certificate credentials object so long as
1888
# no X.509 keys are added to it. Therefore, we can use it
1889
# here despite using OpenPGP certificates.
1891
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
1892
# "+AES-256-CBC", "+SHA1",
1893
# "+COMP-NULL", "+CTYPE-OPENPGP",
2207
1895
# Use a fallback default, since this MUST be set.
2208
1896
priority = self.server.gnutls_priority
2209
1897
if priority is None:
2210
1898
priority = "NORMAL"
2211
gnutls.priority_set_direct(session._c_object,
2212
priority.encode("utf-8"),
1899
gnutls.library.functions.gnutls_priority_set_direct(
1900
session._c_object, priority, None)
2215
1902
# Start communication using the Mandos protocol
2216
1903
# Get protocol number
2217
1904
line = self.request.makefile().readline()
2303
1991
delay -= time2 - time
2306
session.send(client.secret)
2307
except gnutls.Error as error:
2308
logger.warning("gnutls send failed",
1994
while sent_size < len(client.secret):
1996
sent = session.send(client.secret[sent_size:])
1997
except gnutls.errors.GNUTLSError as error:
1998
logger.warning("gnutls send failed",
2001
logger.debug("Sent: %d, remaining: %d", sent,
2002
len(client.secret) - (sent_size
2312
2006
logger.info("Sending secret to %s", client.name)
2313
2007
# bump the timeout using extended_timeout
2314
2008
client.bump_timeout(client.extended_timeout)
2315
2009
if self.server.use_dbus:
2316
2010
# Emit D-Bus signal
2317
2011
client.GotSecret()
2320
2014
if approval_required:
2321
2015
client.approvals_pending -= 1
2324
except gnutls.Error as error:
2018
except gnutls.errors.GNUTLSError as error:
2325
2019
logger.warning("GnuTLS bye failed",
2326
2020
exc_info=error)
2329
2023
def peer_certificate(session):
2330
2024
"Return the peer's OpenPGP certificate as a bytestring"
2331
2025
# If not an OpenPGP certificate...
2332
if (gnutls.certificate_type_get(session._c_object)
2333
!= gnutls.CRT_OPENPGP):
2334
# ...return invalid data
2026
if (gnutls.library.functions.gnutls_certificate_type_get(
2028
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
2029
# ...do the normal thing
2030
return session.peer_certificate
2336
2031
list_size = ctypes.c_uint(1)
2337
cert_list = (gnutls.certificate_get_peers
2032
cert_list = (gnutls.library.functions
2033
.gnutls_certificate_get_peers
2338
2034
(session._c_object, ctypes.byref(list_size)))
2339
2035
if not bool(cert_list) and list_size.value != 0:
2340
raise gnutls.Error("error getting peer certificate")
2036
raise gnutls.errors.GNUTLSError("error getting peer"
2341
2038
if list_size.value == 0:
2343
2040
cert = cert_list[0]
2344
2041
return ctypes.string_at(cert.data, cert.size)
2347
2044
def fingerprint(openpgp):
2348
2045
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
2349
2046
# New GnuTLS "datum" with the OpenPGP public key
2350
datum = gnutls.datum_t(
2047
datum = gnutls.library.types.gnutls_datum_t(
2351
2048
ctypes.cast(ctypes.c_char_p(openpgp),
2352
2049
ctypes.POINTER(ctypes.c_ubyte)),
2353
2050
ctypes.c_uint(len(openpgp)))
2354
2051
# New empty GnuTLS certificate
2355
crt = gnutls.openpgp_crt_t()
2356
gnutls.openpgp_crt_init(ctypes.byref(crt))
2052
crt = gnutls.library.types.gnutls_openpgp_crt_t()
2053
gnutls.library.functions.gnutls_openpgp_crt_init(
2357
2055
# Import the OpenPGP public key into the certificate
2358
gnutls.openpgp_crt_import(crt, ctypes.byref(datum),
2359
gnutls.OPENPGP_FMT_RAW)
2056
gnutls.library.functions.gnutls_openpgp_crt_import(
2057
crt, ctypes.byref(datum),
2058
gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)
2360
2059
# Verify the self signature in the key
2361
2060
crtverify = ctypes.c_uint()
2362
gnutls.openpgp_crt_verify_self(crt, 0,
2363
ctypes.byref(crtverify))
2061
gnutls.library.functions.gnutls_openpgp_crt_verify_self(
2062
crt, 0, ctypes.byref(crtverify))
2364
2063
if crtverify.value != 0:
2365
gnutls.openpgp_crt_deinit(crt)
2366
raise gnutls.CertificateSecurityError("Verify failed")
2064
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
2065
raise gnutls.errors.CertificateSecurityError(
2367
2067
# New buffer for the fingerprint
2368
2068
buf = ctypes.create_string_buffer(20)
2369
2069
buf_len = ctypes.c_size_t()
2370
2070
# Get the fingerprint from the certificate into the buffer
2371
gnutls.openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
2372
ctypes.byref(buf_len))
2071
gnutls.library.functions.gnutls_openpgp_crt_get_fingerprint(
2072
crt, ctypes.byref(buf), ctypes.byref(buf_len))
2373
2073
# Deinit the certificate
2374
gnutls.openpgp_crt_deinit(crt)
2074
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
2375
2075
# Convert the buffer to a Python bytestring
2376
2076
fpr = ctypes.string_at(buf, buf_len.value)
2377
2077
# Convert the bytestring to hexadecimal notation
2466
2165
# socket_wrapper(), if socketfd was set.
2467
2166
socketserver.TCPServer.__init__(self, server_address,
2468
2167
RequestHandlerClass)
2470
2169
def server_bind(self):
2471
2170
"""This overrides the normal server_bind() function
2472
2171
to bind to an interface if one was specified, and also NOT to
2473
2172
bind to an address or port if they were not specified."""
2474
global SO_BINDTODEVICE
2475
2173
if self.interface is not None:
2476
2174
if SO_BINDTODEVICE is None:
2477
# Fall back to a hard-coded value which seems to be
2479
logger.warning("SO_BINDTODEVICE not found, trying 25")
2480
SO_BINDTODEVICE = 25
2482
self.socket.setsockopt(
2483
socket.SOL_SOCKET, SO_BINDTODEVICE,
2484
(self.interface + "\0").encode("utf-8"))
2485
except socket.error as error:
2486
if error.errno == errno.EPERM:
2487
logger.error("No permission to bind to"
2488
" interface %s", self.interface)
2489
elif error.errno == errno.ENOPROTOOPT:
2490
logger.error("SO_BINDTODEVICE not available;"
2491
" cannot bind to interface %s",
2493
elif error.errno == errno.ENODEV:
2494
logger.error("Interface %s does not exist,"
2495
" cannot bind", self.interface)
2175
logger.error("SO_BINDTODEVICE does not exist;"
2176
" cannot bind to interface %s",
2180
self.socket.setsockopt(
2181
socket.SOL_SOCKET, SO_BINDTODEVICE,
2182
(self.interface + "\0").encode("utf-8"))
2183
except socket.error as error:
2184
if error.errno == errno.EPERM:
2185
logger.error("No permission to bind to"
2186
" interface %s", self.interface)
2187
elif error.errno == errno.ENOPROTOOPT:
2188
logger.error("SO_BINDTODEVICE not available;"
2189
" cannot bind to interface %s",
2191
elif error.errno == errno.ENODEV:
2192
logger.error("Interface %s does not exist,"
2193
" cannot bind", self.interface)
2498
2196
# Only bind(2) the socket if we really need to.
2499
2197
if self.server_address[0] or self.server_address[1]:
2500
2198
if not self.server_address[0]:
2501
2199
if self.address_family == socket.AF_INET6:
2502
any_address = "::" # in6addr_any
2200
any_address = "::" # in6addr_any
2504
any_address = "0.0.0.0" # INADDR_ANY
2202
any_address = "0.0.0.0" # INADDR_ANY
2505
2203
self.server_address = (any_address,
2506
2204
self.server_address[1])
2507
2205
elif not self.server_address[1]:
3061
2750
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
3062
2751
service = AvahiServiceToSyslog(
3063
name=server_settings["servicename"],
3064
servicetype="_mandos._tcp",
2752
name = server_settings["servicename"],
2753
servicetype = "_mandos._tcp",
2754
protocol = protocol,
3067
2756
if server_settings["interface"]:
3068
2757
service.interface = if_nametoindex(
3069
2758
server_settings["interface"].encode("utf-8"))
3071
2760
global multiprocessing_manager
3072
2761
multiprocessing_manager = multiprocessing.Manager()
3074
2763
client_class = Client
3076
client_class = functools.partial(ClientDBus, bus=bus)
2765
client_class = functools.partial(ClientDBus, bus = bus)
3078
2767
client_settings = Client.config_parser(client_config)
3079
2768
old_client_settings = {}
3080
2769
clients_data = {}
3082
2771
# This is used to redirect stdout and stderr for checker processes
3084
wnull = open(os.devnull, "w") # A writable /dev/null
2773
wnull = open(os.devnull, "w") # A writable /dev/null
3085
2774
# Only used if server is running in foreground but not in debug
3087
2776
if debug or not foreground:
3090
2779
# Get client data and settings from last running state.
3091
2780
if server_settings["restore"]:
3093
2782
with open(stored_state_path, "rb") as stored_state:
3094
if sys.version_info.major == 2:
3095
clients_data, old_client_settings = pickle.load(
3098
bytes_clients_data, bytes_old_client_settings = (
3099
pickle.load(stored_state, encoding="bytes"))
3100
# Fix bytes to strings
3103
clients_data = {(key.decode("utf-8")
3104
if isinstance(key, bytes)
3107
bytes_clients_data.items()}
3108
del bytes_clients_data
3109
for key in clients_data:
3110
value = {(k.decode("utf-8")
3111
if isinstance(k, bytes) else k): v
3113
clients_data[key].items()}
3114
clients_data[key] = value
3116
value["client_structure"] = [
3118
if isinstance(s, bytes)
3120
value["client_structure"]]
3122
for k in ("name", "host"):
3123
if isinstance(value[k], bytes):
3124
value[k] = value[k].decode("utf-8")
3125
# old_client_settings
3127
old_client_settings = {
3128
(key.decode("utf-8")
3129
if isinstance(key, bytes)
3132
bytes_old_client_settings.items()}
3133
del bytes_old_client_settings
3135
for value in old_client_settings.values():
3136
if isinstance(value["host"], bytes):
3137
value["host"] = (value["host"]
2783
clients_data, old_client_settings = pickle.load(
3139
2785
os.remove(stored_state_path)
3140
2786
except IOError as e:
3141
2787
if e.errno == errno.ENOENT: