To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 803
- compare with another revision
- download diff
- download tarball
- view history from revision 803
- Committer: Teddy Hogeborn
- Date: 2016-02-28 12:29:12 UTC
- Revision ID: teddy@recompile.se-20160228122912-6yxw70vq8oze7ogc
Remove version specific packages from Debian dependencies.
* debian/control (Source: mandos/Build-Depends-Indep): Remove
"python2.7", "python2.7-dbus", "python2.7-avahi", and
"python2.7-gobject"; replace with "python (= 2.7)", "python-dbus",
"python-avahi", "python-gobject".
Thanks: Scott Kitterman <debian@kitterman.com>
Closes: #811159
* debian/control (Source: mandos/Build-Depends-Indep): Remove
"python2.7", "python2.7-dbus", "python2.7-avahi", and
"python2.7-gobject"; replace with "python (= 2.7)", "python-dbus",
"python-avahi", "python-gobject".
Thanks: Scott Kitterman <debian@kitterman.com>
Closes: #811159
- files added:
- debian/upstream
- plugin-helpers
- files modified:
- DBUS-API
added
removed
mandos
1
#!/usr/bin/python
1
#!/usr/bin/python2.7
2
2
# -*- mode: python; coding: utf-8 -*-
3
3
#
4
4
# Mandos server - give out binary blobs to connecting clients.
11
11
# "AvahiService" class, and some lines in "main".
12
12
#
13
13
# Everything else is
14
# Copyright © 2008-2012 Teddy Hogeborn
15
# Copyright © 2008-2012 Björn Påhlsson
14
# Copyright © 2008-2015 Teddy Hogeborn
15
# Copyright © 2008-2015 Björn Påhlsson
16
16
#
17
17
# This program is free software: you can redistribute it and/or modify
18
18
# it under the terms of the GNU General Public License as published by
36
36
37
37
from future_builtins import *
38
38
39
import SocketServer as socketserver
39
try:
40
import SocketServer as socketserver
41
except ImportError:
42
import socketserver
40
43
import socket
41
44
import argparse
42
45
import datetime
43
46
import errno
44
import gnutls.crypto
45
import gnutls.connection
46
import gnutls.errors
47
import gnutls.library.functions
48
import gnutls.library.constants
49
import gnutls.library.types
50
import ConfigParser as configparser
47
try:
48
import ConfigParser as configparser
49
except ImportError:
50
import configparser
51
51
import sys
52
52
import re
53
53
import os
62
62
import struct
63
63
import fcntl
64
64
import functools
65
import cPickle as pickle
65
try:
66
import cPickle as pickle
67
except ImportError:
68
import pickle
66
69
import multiprocessing
67
70
import types
68
71
import binascii
69
72
import tempfile
70
73
import itertools
74
import collections
75
import codecs
71
76
72
77
import dbus
73
78
import dbus.service
74
import gobject
79
try:
80
import gobject
81
except ImportError:
82
from gi.repository import GObject as gobject
75
83
import avahi
76
84
from dbus.mainloop.glib import DBusGMainLoop
77
85
import ctypes
78
86
import ctypes.util
79
87
import xml.dom.minidom
80
88
import inspect
81
import GnuPGInterface
82
89
83
90
try:
84
91
SO_BINDTODEVICE = socket.SO_BINDTODEVICE
88
95
except ImportError:
89
96
SO_BINDTODEVICE = None
90
97
91
version = "1.5.5"
98
if sys.version_info.major == 2:
99
str = unicode
100
101
version = "1.7.1"
92
102
stored_state_file = "clients.pickle"
93
103
94
104
logger = logging.getLogger()
95
syslogger = (logging.handlers.SysLogHandler
96
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
97
address = str("/dev/log")))
105
syslogger = None
98
106
99
107
try:
100
if_nametoindex = (ctypes.cdll.LoadLibrary
101
(ctypes.util.find_library("c"))
102
.if_nametoindex)
108
if_nametoindex = ctypes.cdll.LoadLibrary(
109
ctypes.util.find_library("c")).if_nametoindex
103
110
except (OSError, AttributeError):
111
104
112
def if_nametoindex(interface):
105
113
"Get an interface index the hard way, i.e. using fcntl()"
106
114
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
107
115
with contextlib.closing(socket.socket()) as s:
108
116
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
109
struct.pack(str("16s16x"),
110
interface))
111
interface_index = struct.unpack(str("I"),
112
ifreq[16:20])[0]
117
struct.pack(b"16s16x", interface))
118
interface_index = struct.unpack("I", ifreq[16:20])[0]
113
119
return interface_index
114
120
115
121
116
122
def initlogger(debug, level=logging.WARNING):
117
123
"""init logger and add loglevel"""
118
124
125
global syslogger
126
syslogger = (logging.handlers.SysLogHandler(
127
facility = logging.handlers.SysLogHandler.LOG_DAEMON,
128
address = "/dev/log"))
119
129
syslogger.setFormatter(logging.Formatter
120
130
('Mandos [%(process)d]: %(levelname)s:'
121
131
' %(message)s'))
138
148
139
149
class PGPEngine(object):
140
150
"""A simple class for OpenPGP symmetric encryption & decryption"""
151
141
152
def __init__(self):
142
self.gnupg = GnuPGInterface.GnuPG()
143
153
self.tempdir = tempfile.mkdtemp(prefix="mandos-")
144
self.gnupg = GnuPGInterface.GnuPG()
145
self.gnupg.options.meta_interactive = False
146
self.gnupg.options.homedir = self.tempdir
147
self.gnupg.options.extra_args.extend(['--force-mdc',
148
'--quiet',
149
'--no-use-agent'])
154
self.gnupgargs = ['--batch',
155
'--home', self.tempdir,
156
'--force-mdc',
157
'--quiet',
158
'--no-use-agent']
150
159
151
160
def __enter__(self):
152
161
return self
174
183
def password_encode(self, password):
175
184
# Passphrase can not be empty and can not contain newlines or
176
185
# NUL bytes. So we prefix it and hex encode it.
177
return b"mandos" + binascii.hexlify(password)
186
encoded = b"mandos" + binascii.hexlify(password)
187
if len(encoded) > 2048:
188
# GnuPG can't handle long passwords, so encode differently
189
encoded = (b"mandos" + password.replace(b"\\", b"\\\\")
190
.replace(b"\n", b"\\n")
191
.replace(b"\0", b"\\x00"))
192
return encoded
178
193
179
194
def encrypt(self, data, password):
180
self.gnupg.passphrase = self.password_encode(password)
181
with open(os.devnull, "w") as devnull:
182
try:
183
proc = self.gnupg.run(['--symmetric'],
184
create_fhs=['stdin', 'stdout'],
185
attach_fhs={'stderr': devnull})
186
with contextlib.closing(proc.handles['stdin']) as f:
187
f.write(data)
188
with contextlib.closing(proc.handles['stdout']) as f:
189
ciphertext = f.read()
190
proc.wait()
191
except IOError as e:
192
raise PGPError(e)
193
self.gnupg.passphrase = None
195
passphrase = self.password_encode(password)
196
with tempfile.NamedTemporaryFile(
197
dir=self.tempdir) as passfile:
198
passfile.write(passphrase)
199
passfile.flush()
200
proc = subprocess.Popen(['gpg', '--symmetric',
201
'--passphrase-file',
202
passfile.name]
203
+ self.gnupgargs,
204
stdin = subprocess.PIPE,
205
stdout = subprocess.PIPE,
206
stderr = subprocess.PIPE)
207
ciphertext, err = proc.communicate(input = data)
208
if proc.returncode != 0:
209
raise PGPError(err)
194
210
return ciphertext
195
211
196
212
def decrypt(self, data, password):
197
self.gnupg.passphrase = self.password_encode(password)
198
with open(os.devnull, "w") as devnull:
199
try:
200
proc = self.gnupg.run(['--decrypt'],
201
create_fhs=['stdin', 'stdout'],
202
attach_fhs={'stderr': devnull})
203
with contextlib.closing(proc.handles['stdin']) as f:
204
f.write(data)
205
with contextlib.closing(proc.handles['stdout']) as f:
206
decrypted_plaintext = f.read()
207
proc.wait()
208
except IOError as e:
209
raise PGPError(e)
210
self.gnupg.passphrase = None
213
passphrase = self.password_encode(password)
214
with tempfile.NamedTemporaryFile(
215
dir = self.tempdir) as passfile:
216
passfile.write(passphrase)
217
passfile.flush()
218
proc = subprocess.Popen(['gpg', '--decrypt',
219
'--passphrase-file',
220
passfile.name]
221
+ self.gnupgargs,
222
stdin = subprocess.PIPE,
223
stdout = subprocess.PIPE,
224
stderr = subprocess.PIPE)
225
decrypted_plaintext, err = proc.communicate(input = data)
226
if proc.returncode != 0:
227
raise PGPError(err)
211
228
return decrypted_plaintext
212
229
213
230
214
231
class AvahiError(Exception):
215
232
def __init__(self, value, *args, **kwargs):
216
233
self.value = value
217
super(AvahiError, self).__init__(value, *args, **kwargs)
218
def __unicode__(self):
219
return unicode(repr(self.value))
234
return super(AvahiError, self).__init__(value, *args,
235
**kwargs)
236
220
237
221
238
class AvahiServiceError(AvahiError):
222
239
pass
223
240
241
224
242
class AvahiGroupError(AvahiError):
225
243
pass
226
244
233
251
Used to optionally bind to the specified interface.
234
252
name: string; Example: 'Mandos'
235
253
type: string; Example: '_mandos._tcp'.
236
See <http://www.dns-sd.org/ServiceTypes.html>
254
See <https://www.iana.org/assignments/service-names-port-numbers>
237
255
port: integer; what port to announce
238
256
TXT: list of strings; TXT record for the service
239
257
domain: string; Domain to publish on, default to .local if empty.
246
264
bus: dbus.SystemBus()
247
265
"""
248
266
249
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
250
servicetype = None, port = None, TXT = None,
251
domain = "", host = "", max_renames = 32768,
252
protocol = avahi.PROTO_UNSPEC, bus = None):
267
def __init__(self,
268
interface = avahi.IF_UNSPEC,
269
name = None,
270
servicetype = None,
271
port = None,
272
TXT = None,
273
domain = "",
274
host = "",
275
max_renames = 32768,
276
protocol = avahi.PROTO_UNSPEC,
277
bus = None):
253
278
self.interface = interface
254
279
self.name = name
255
280
self.type = servicetype
265
290
self.bus = bus
266
291
self.entry_group_state_changed_match = None
267
292
268
def rename(self):
293
def rename(self, remove=True):
269
294
"""Derived from the Avahi example code"""
270
295
if self.rename_count >= self.max_renames:
271
296
logger.critical("No suitable Zeroconf service name found"
272
297
" after %i retries, exiting.",
273
298
self.rename_count)
274
299
raise AvahiServiceError("Too many renames")
275
self.name = unicode(self.server
276
.GetAlternativeServiceName(self.name))
300
self.name = str(
301
self.server.GetAlternativeServiceName(self.name))
302
self.rename_count += 1
277
303
logger.info("Changing Zeroconf service name to %r ...",
278
304
self.name)
279
self.remove()
305
if remove:
306
self.remove()
280
307
try:
281
308
self.add()
282
309
except dbus.exceptions.DBusException as error:
283
logger.critical("D-Bus Exception", exc_info=error)
284
self.cleanup()
285
os._exit(1)
286
self.rename_count += 1
310
if (error.get_dbus_name()
311
== "org.freedesktop.Avahi.CollisionError"):
312
logger.info("Local Zeroconf service name collision.")
313
return self.rename(remove=False)
314
else:
315
logger.critical("D-Bus Exception", exc_info=error)
316
self.cleanup()
317
os._exit(1)
287
318
288
319
def remove(self):
289
320
"""Derived from the Avahi example code"""
327
358
self.rename()
328
359
elif state == avahi.ENTRY_GROUP_FAILURE:
329
360
logger.critical("Avahi: Error in group state changed %s",
330
unicode(error))
331
raise AvahiGroupError("State changed: {0!s}"
332
.format(error))
361
str(error))
362
raise AvahiGroupError("State changed: {!s}".format(error))
333
363
334
364
def cleanup(self):
335
365
"""Derived from the Avahi example code"""
345
375
def server_state_changed(self, state, error=None):
346
376
"""Derived from the Avahi example code"""
347
377
logger.debug("Avahi server state change: %i", state)
348
bad_states = { avahi.SERVER_INVALID:
349
"Zeroconf server invalid",
350
avahi.SERVER_REGISTERING: None,
351
avahi.SERVER_COLLISION:
352
"Zeroconf server name collision",
353
avahi.SERVER_FAILURE:
354
"Zeroconf server failure" }
378
bad_states = {
379
avahi.SERVER_INVALID: "Zeroconf server invalid",
380
avahi.SERVER_REGISTERING: None,
381
avahi.SERVER_COLLISION: "Zeroconf server name collision",
382
avahi.SERVER_FAILURE: "Zeroconf server failure",
383
}
355
384
if state in bad_states:
356
385
if bad_states[state] is not None:
357
386
if error is None:
360
389
logger.error(bad_states[state] + ": %r", error)
361
390
self.cleanup()
362
391
elif state == avahi.SERVER_RUNNING:
363
self.add()
392
try:
393
self.add()
394
except dbus.exceptions.DBusException as error:
395
if (error.get_dbus_name()
396
== "org.freedesktop.Avahi.CollisionError"):
397
logger.info("Local Zeroconf service name"
398
" collision.")
399
return self.rename(remove=False)
400
else:
401
logger.critical("D-Bus Exception", exc_info=error)
402
self.cleanup()
403
os._exit(1)
364
404
else:
365
405
if error is None:
366
406
logger.debug("Unknown state: %r", state)
376
416
follow_name_owner_changes=True),
377
417
avahi.DBUS_INTERFACE_SERVER)
378
418
self.server.connect_to_signal("StateChanged",
379
self.server_state_changed)
419
self.server_state_changed)
380
420
self.server_state_changed(self.server.GetState())
381
421
382
422
383
423
class AvahiServiceToSyslog(AvahiService):
384
def rename(self):
424
def rename(self, *args, **kwargs):
385
425
"""Add the new name to the syslog messages"""
386
ret = AvahiService.rename(self)
387
syslogger.setFormatter(logging.Formatter
388
('Mandos ({0}) [%(process)d]:'
389
' %(levelname)s: %(message)s'
390
.format(self.name)))
426
ret = AvahiService.rename(self, *args, **kwargs)
427
syslogger.setFormatter(logging.Formatter(
428
'Mandos ({}) [%(process)d]: %(levelname)s: %(message)s'
429
.format(self.name)))
391
430
return ret
392
431
393
394
def timedelta_to_milliseconds(td):
395
"Convert a datetime.timedelta() to milliseconds"
396
return ((td.days * 24 * 60 * 60 * 1000)
397
+ (td.seconds * 1000)
398
+ (td.microseconds // 1000))
399
432
# Pretend that we have a GnuTLS module
433
class GnuTLS(object):
434
"""This isn't so much a class as it is a module-like namespace.
435
It is instantiated once, and simulates having a GnuTLS module."""
436
437
_library = ctypes.cdll.LoadLibrary(
438
ctypes.util.find_library("gnutls"))
439
_need_version = "3.3.0"
440
def __init__(self):
441
# Need to use class name "GnuTLS" here, since this method is
442
# called before the assignment to the "gnutls" global variable
443
# happens.
444
if GnuTLS.check_version(self._need_version) is None:
445
raise GnuTLS.Error("Needs GnuTLS {} or later"
446
.format(self._need_version))
447
448
# Unless otherwise indicated, the constants and types below are
449
# all from the gnutls/gnutls.h C header file.
450
451
# Constants
452
E_SUCCESS = 0
453
E_INTERRUPTED = -52
454
E_AGAIN = -28
455
CRT_OPENPGP = 2
456
CLIENT = 2
457
SHUT_RDWR = 0
458
CRD_CERTIFICATE = 1
459
E_NO_CERTIFICATE_FOUND = -49
460
OPENPGP_FMT_RAW = 0 # gnutls/openpgp.h
461
462
# Types
463
class session_int(ctypes.Structure):
464
_fields_ = []
465
session_t = ctypes.POINTER(session_int)
466
class certificate_credentials_st(ctypes.Structure):
467
_fields_ = []
468
certificate_credentials_t = ctypes.POINTER(
469
certificate_credentials_st)
470
certificate_type_t = ctypes.c_int
471
class datum_t(ctypes.Structure):
472
_fields_ = [('data', ctypes.POINTER(ctypes.c_ubyte)),
473
('size', ctypes.c_uint)]
474
class openpgp_crt_int(ctypes.Structure):
475
_fields_ = []
476
openpgp_crt_t = ctypes.POINTER(openpgp_crt_int)
477
openpgp_crt_fmt_t = ctypes.c_int # gnutls/openpgp.h
478
log_func = ctypes.CFUNCTYPE(None, ctypes.c_int, ctypes.c_char_p)
479
credentials_type_t = ctypes.c_int #
480
transport_ptr_t = ctypes.c_void_p
481
close_request_t = ctypes.c_int
482
483
# Exceptions
484
class Error(Exception):
485
# We need to use the class name "GnuTLS" here, since this
486
# exception might be raised from within GnuTLS.__init__,
487
# which is called before the assignment to the "gnutls"
488
# global variable has happened.
489
def __init__(self, message = None, code = None, args=()):
490
# Default usage is by a message string, but if a return
491
# code is passed, convert it to a string with
492
# gnutls.strerror()
493
self.code = code
494
if message is None and code is not None:
495
message = GnuTLS.strerror(code)
496
return super(GnuTLS.Error, self).__init__(
497
message, *args)
498
499
class CertificateSecurityError(Error):
500
pass
501
502
# Classes
503
class Credentials(object):
504
def __init__(self):
505
self._c_object = gnutls.certificate_credentials_t()
506
gnutls.certificate_allocate_credentials(
507
ctypes.byref(self._c_object))
508
self.type = gnutls.CRD_CERTIFICATE
509
510
def __del__(self):
511
gnutls.certificate_free_credentials(self._c_object)
512
513
class ClientSession(object):
514
def __init__(self, socket, credentials = None):
515
self._c_object = gnutls.session_t()
516
gnutls.init(ctypes.byref(self._c_object), gnutls.CLIENT)
517
gnutls.set_default_priority(self._c_object)
518
gnutls.transport_set_ptr(self._c_object, socket.fileno())
519
gnutls.handshake_set_private_extensions(self._c_object,
520
True)
521
self.socket = socket
522
if credentials is None:
523
credentials = gnutls.Credentials()
524
gnutls.credentials_set(self._c_object, credentials.type,
525
ctypes.cast(credentials._c_object,
526
ctypes.c_void_p))
527
self.credentials = credentials
528
529
def __del__(self):
530
gnutls.deinit(self._c_object)
531
532
def handshake(self):
533
return gnutls.handshake(self._c_object)
534
535
def send(self, data):
536
data = bytes(data)
537
data_len = len(data)
538
while data_len > 0:
539
data_len -= gnutls.record_send(self._c_object,
540
data[-data_len:],
541
data_len)
542
543
def bye(self):
544
return gnutls.bye(self._c_object, gnutls.SHUT_RDWR)
545
546
# Error handling functions
547
def _error_code(result):
548
"""A function to raise exceptions on errors, suitable
549
for the 'restype' attribute on ctypes functions"""
550
if result >= 0:
551
return result
552
if result == gnutls.E_NO_CERTIFICATE_FOUND:
553
raise gnutls.CertificateSecurityError(code = result)
554
raise gnutls.Error(code = result)
555
556
def _retry_on_error(result, func, arguments):
557
"""A function to retry on some errors, suitable
558
for the 'errcheck' attribute on ctypes functions"""
559
while result < 0:
560
if result not in (gnutls.E_INTERRUPTED, gnutls.E_AGAIN):
561
return _error_code(result)
562
result = func(*arguments)
563
return result
564
565
# Unless otherwise indicated, the function declarations below are
566
# all from the gnutls/gnutls.h C header file.
567
568
# Functions
569
priority_set_direct = _library.gnutls_priority_set_direct
570
priority_set_direct.argtypes = [session_t, ctypes.c_char_p,
571
ctypes.POINTER(ctypes.c_char_p)]
572
priority_set_direct.restype = _error_code
573
574
init = _library.gnutls_init
575
init.argtypes = [ctypes.POINTER(session_t), ctypes.c_int]
576
init.restype = _error_code
577
578
set_default_priority = _library.gnutls_set_default_priority
579
set_default_priority.argtypes = [session_t]
580
set_default_priority.restype = _error_code
581
582
record_send = _library.gnutls_record_send
583
record_send.argtypes = [session_t, ctypes.c_void_p,
584
ctypes.c_size_t]
585
record_send.restype = ctypes.c_ssize_t
586
record_send.errcheck = _retry_on_error
587
588
certificate_allocate_credentials = (
589
_library.gnutls_certificate_allocate_credentials)
590
certificate_allocate_credentials.argtypes = [
591
ctypes.POINTER(certificate_credentials_t)]
592
certificate_allocate_credentials.restype = _error_code
593
594
certificate_free_credentials = (
595
_library.gnutls_certificate_free_credentials)
596
certificate_free_credentials.argtypes = [certificate_credentials_t]
597
certificate_free_credentials.restype = None
598
599
handshake_set_private_extensions = (
600
_library.gnutls_handshake_set_private_extensions)
601
handshake_set_private_extensions.argtypes = [session_t,
602
ctypes.c_int]
603
handshake_set_private_extensions.restype = None
604
605
credentials_set = _library.gnutls_credentials_set
606
credentials_set.argtypes = [session_t, credentials_type_t,
607
ctypes.c_void_p]
608
credentials_set.restype = _error_code
609
610
strerror = _library.gnutls_strerror
611
strerror.argtypes = [ctypes.c_int]
612
strerror.restype = ctypes.c_char_p
613
614
certificate_type_get = _library.gnutls_certificate_type_get
615
certificate_type_get.argtypes = [session_t]
616
certificate_type_get.restype = _error_code
617
618
certificate_get_peers = _library.gnutls_certificate_get_peers
619
certificate_get_peers.argtypes = [session_t,
620
ctypes.POINTER(ctypes.c_uint)]
621
certificate_get_peers.restype = ctypes.POINTER(datum_t)
622
623
global_set_log_level = _library.gnutls_global_set_log_level
624
global_set_log_level.argtypes = [ctypes.c_int]
625
global_set_log_level.restype = None
626
627
global_set_log_function = _library.gnutls_global_set_log_function
628
global_set_log_function.argtypes = [log_func]
629
global_set_log_function.restype = None
630
631
deinit = _library.gnutls_deinit
632
deinit.argtypes = [session_t]
633
deinit.restype = None
634
635
handshake = _library.gnutls_handshake
636
handshake.argtypes = [session_t]
637
handshake.restype = _error_code
638
handshake.errcheck = _retry_on_error
639
640
transport_set_ptr = _library.gnutls_transport_set_ptr
641
transport_set_ptr.argtypes = [session_t, transport_ptr_t]
642
transport_set_ptr.restype = None
643
644
bye = _library.gnutls_bye
645
bye.argtypes = [session_t, close_request_t]
646
bye.restype = _error_code
647
bye.errcheck = _retry_on_error
648
649
check_version = _library.gnutls_check_version
650
check_version.argtypes = [ctypes.c_char_p]
651
check_version.restype = ctypes.c_char_p
652
653
# All the function declarations below are from gnutls/openpgp.h
654
655
openpgp_crt_init = _library.gnutls_openpgp_crt_init
656
openpgp_crt_init.argtypes = [ctypes.POINTER(openpgp_crt_t)]
657
openpgp_crt_init.restype = _error_code
658
659
openpgp_crt_import = _library.gnutls_openpgp_crt_import
660
openpgp_crt_import.argtypes = [openpgp_crt_t,
661
ctypes.POINTER(datum_t),
662
openpgp_crt_fmt_t]
663
openpgp_crt_import.restype = _error_code
664
665
openpgp_crt_verify_self = _library.gnutls_openpgp_crt_verify_self
666
openpgp_crt_verify_self.argtypes = [openpgp_crt_t, ctypes.c_uint,
667
ctypes.POINTER(ctypes.c_uint)]
668
openpgp_crt_verify_self.restype = _error_code
669
670
openpgp_crt_deinit = _library.gnutls_openpgp_crt_deinit
671
openpgp_crt_deinit.argtypes = [openpgp_crt_t]
672
openpgp_crt_deinit.restype = None
673
674
openpgp_crt_get_fingerprint = (
675
_library.gnutls_openpgp_crt_get_fingerprint)
676
openpgp_crt_get_fingerprint.argtypes = [openpgp_crt_t,
677
ctypes.c_void_p,
678
ctypes.POINTER(
679
ctypes.c_size_t)]
680
openpgp_crt_get_fingerprint.restype = _error_code
681
682
# Remove non-public functions
683
del _error_code, _retry_on_error
684
# Create the global "gnutls" object, simulating a module
685
gnutls = GnuTLS()
686
687
def call_pipe(connection, # : multiprocessing.Connection
688
func, *args, **kwargs):
689
"""This function is meant to be called by multiprocessing.Process
690
691
This function runs func(*args, **kwargs), and writes the resulting
692
return value on the provided multiprocessing.Connection.
693
"""
694
connection.send(func(*args, **kwargs))
695
connection.close()
400
696
401
697
class Client(object):
402
698
"""A representation of a client host served by this server.
429
725
last_checker_status: integer between 0 and 255 reflecting exit
430
726
status of last checker. -1 reflects crashed
431
727
checker, -2 means no checker completed yet.
728
last_checker_signal: The signal which killed the last checker, if
729
last_checker_status is -1
432
730
last_enabled: datetime.datetime(); (UTC) or None
433
731
name: string; from the config file, used in log messages and
434
732
D-Bus identifiers
439
737
runtime_expansions: Allowed attributes for runtime expansion.
440
738
expires: datetime.datetime(); time (UTC) when a client will be
441
739
disabled, or None
740
server_settings: The server_settings dict from main()
442
741
"""
443
742
444
743
runtime_expansions = ("approval_delay", "approval_duration",
446
745
"fingerprint", "host", "interval",
447
746
"last_approval_request", "last_checked_ok",
448
747
"last_enabled", "name", "timeout")
449
client_defaults = { "timeout": "5m",
450
"extended_timeout": "15m",
451
"interval": "2m",
452
"checker": "fping -q -- %%(host)s",
453
"host": "",
454
"approval_delay": "0s",
455
"approval_duration": "1s",
456
"approved_by_default": "True",
457
"enabled": "True",
458
}
459
460
def timeout_milliseconds(self):
461
"Return the 'timeout' attribute in milliseconds"
462
return timedelta_to_milliseconds(self.timeout)
463
464
def extended_timeout_milliseconds(self):
465
"Return the 'extended_timeout' attribute in milliseconds"
466
return timedelta_to_milliseconds(self.extended_timeout)
467
468
def interval_milliseconds(self):
469
"Return the 'interval' attribute in milliseconds"
470
return timedelta_to_milliseconds(self.interval)
471
472
def approval_delay_milliseconds(self):
473
return timedelta_to_milliseconds(self.approval_delay)
748
client_defaults = {
749
"timeout": "PT5M",
750
"extended_timeout": "PT15M",
751
"interval": "PT2M",
752
"checker": "fping -q -- %%(host)s",
753
"host": "",
754
"approval_delay": "PT0S",
755
"approval_duration": "PT1S",
756
"approved_by_default": "True",
757
"enabled": "True",
758
}
474
759
475
760
@staticmethod
476
761
def config_parser(config):
492
777
client["enabled"] = config.getboolean(client_name,
493
778
"enabled")
494
779
780
# Uppercase and remove spaces from fingerprint for later
781
# comparison purposes with return value from the
782
# fingerprint() function
495
783
client["fingerprint"] = (section["fingerprint"].upper()
496
784
.replace(" ", ""))
497
785
if "secret" in section:
502
790
"rb") as secfile:
503
791
client["secret"] = secfile.read()
504
792
else:
505
raise TypeError("No secret or secfile for section {0}"
793
raise TypeError("No secret or secfile for section {}"
506
794
.format(section))
507
795
client["timeout"] = string_to_delta(section["timeout"])
508
796
client["extended_timeout"] = string_to_delta(
519
807
520
808
return settings
521
809
522
def __init__(self, settings, name = None):
810
def __init__(self, settings, name = None, server_settings=None):
523
811
self.name = name
812
if server_settings is None:
813
server_settings = {}
814
self.server_settings = server_settings
524
815
# adding all client settings
525
for setting, value in settings.iteritems():
816
for setting, value in settings.items():
526
817
setattr(self, setting, value)
527
818
528
819
if self.enabled:
536
827
self.expires = None
537
828
538
829
logger.debug("Creating client %r", self.name)
539
# Uppercase and remove spaces from fingerprint for later
540
# comparison purposes with return value from the fingerprint()
541
# function
542
830
logger.debug(" Fingerprint: %s", self.fingerprint)
543
831
self.created = settings.get("created",
544
832
datetime.datetime.utcnow())
551
839
self.current_checker_command = None
552
840
self.approved = None
553
841
self.approvals_pending = 0
554
self.changedstate = (multiprocessing_manager
555
.Condition(multiprocessing_manager
556
.Lock()))
557
self.client_structure = [attr for attr in
558
self.__dict__.iterkeys()
842
self.changedstate = multiprocessing_manager.Condition(
843
multiprocessing_manager.Lock())
844
self.client_structure = [attr
845
for attr in self.__dict__.iterkeys()
559
846
if not attr.startswith("_")]
560
847
self.client_structure.append("client_structure")
561
848
562
for name, t in inspect.getmembers(type(self),
563
lambda obj:
564
isinstance(obj,
565
property)):
849
for name, t in inspect.getmembers(
850
type(self), lambda obj: isinstance(obj, property)):
566
851
if not name.startswith("_"):
567
852
self.client_structure.append(name)
568
853
610
895
# and every interval from then on.
611
896
if self.checker_initiator_tag is not None:
612
897
gobject.source_remove(self.checker_initiator_tag)
613
self.checker_initiator_tag = (gobject.timeout_add
614
(self.interval_milliseconds(),
615
self.start_checker))
898
self.checker_initiator_tag = gobject.timeout_add(
899
int(self.interval.total_seconds() * 1000),
900
self.start_checker)
616
901
# Schedule a disable() when 'timeout' has passed
617
902
if self.disable_initiator_tag is not None:
618
903
gobject.source_remove(self.disable_initiator_tag)
619
self.disable_initiator_tag = (gobject.timeout_add
620
(self.timeout_milliseconds(),
621
self.disable))
904
self.disable_initiator_tag = gobject.timeout_add(
905
int(self.timeout.total_seconds() * 1000), self.disable)
622
906
# Also start a new checker *right now*.
623
907
self.start_checker()
624
908
625
def checker_callback(self, pid, condition, command):
909
def checker_callback(self, source, condition, connection,
910
command):
626
911
"""The checker has completed, so take appropriate actions."""
627
912
self.checker_callback_tag = None
628
913
self.checker = None
629
if os.WIFEXITED(condition):
630
self.last_checker_status = os.WEXITSTATUS(condition)
914
# Read return code from connection (see call_pipe)
915
returncode = connection.recv()
916
connection.close()
917
918
if returncode >= 0:
919
self.last_checker_status = returncode
920
self.last_checker_signal = None
631
921
if self.last_checker_status == 0:
632
922
logger.info("Checker for %(name)s succeeded",
633
923
vars(self))
634
924
self.checked_ok()
635
925
else:
636
logger.info("Checker for %(name)s failed",
637
vars(self))
926
logger.info("Checker for %(name)s failed", vars(self))
638
927
else:
639
928
self.last_checker_status = -1
929
self.last_checker_signal = -returncode
640
930
logger.warning("Checker for %(name)s crashed?",
641
931
vars(self))
932
return False
642
933
643
934
def checked_ok(self):
644
935
"""Assert that the client has been seen, alive and well."""
645
936
self.last_checked_ok = datetime.datetime.utcnow()
646
937
self.last_checker_status = 0
938
self.last_checker_signal = None
647
939
self.bump_timeout()
648
940
649
941
def bump_timeout(self, timeout=None):
654
946
gobject.source_remove(self.disable_initiator_tag)
655
947
self.disable_initiator_tag = None
656
948
if getattr(self, "enabled", False):
657
self.disable_initiator_tag = (gobject.timeout_add
658
(timedelta_to_milliseconds
659
(timeout), self.disable))
949
self.disable_initiator_tag = gobject.timeout_add(
950
int(timeout.total_seconds() * 1000), self.disable)
660
951
self.expires = datetime.datetime.utcnow() + timeout
661
952
662
953
def need_approval(self):
676
967
# than 'timeout' for the client to be disabled, which is as it
677
968
# should be.
678
969
679
# If a checker exists, make sure it is not a zombie
680
try:
681
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
682
except (AttributeError, OSError) as error:
683
if (isinstance(error, OSError)
684
and error.errno != errno.ECHILD):
685
raise error
686
else:
687
if pid:
688
logger.warning("Checker was a zombie")
689
gobject.source_remove(self.checker_callback_tag)
690
self.checker_callback(pid, status,
691
self.current_checker_command)
970
if self.checker is not None and not self.checker.is_alive():
971
logger.warning("Checker was not alive; joining")
972
self.checker.join()
973
self.checker = None
692
974
# Start a new checker if needed
693
975
if self.checker is None:
694
976
# Escape attributes for the shell
695
escaped_attrs = dict(
696
(attr, re.escape(unicode(getattr(self, attr))))
697
for attr in
698
self.runtime_expansions)
977
escaped_attrs = {
978
attr: re.escape(str(getattr(self, attr)))
979
for attr in self.runtime_expansions }
699
980
try:
700
981
command = self.checker_command % escaped_attrs
701
982
except TypeError as error:
702
983
logger.error('Could not format string "%s"',
703
self.checker_command, exc_info=error)
704
return True # Try again later
984
self.checker_command,
985
exc_info=error)
986
return True # Try again later
705
987
self.current_checker_command = command
706
try:
707
logger.info("Starting checker %r for %s",
708
command, self.name)
709
# We don't need to redirect stdout and stderr, since
710
# in normal mode, that is already done by daemon(),
711
# and in debug mode we don't want to. (Stdin is
712
# always replaced by /dev/null.)
713
self.checker = subprocess.Popen(command,
714
close_fds=True,
715
shell=True, cwd="/")
716
except OSError as error:
717
logger.error("Failed to start subprocess",
718
exc_info=error)
719
self.checker_callback_tag = (gobject.child_watch_add
720
(self.checker.pid,
721
self.checker_callback,
722
data=command))
723
# The checker may have completed before the gobject
724
# watch was added. Check for this.
725
pid, status = os.waitpid(self.checker.pid, os.WNOHANG)
726
if pid:
727
gobject.source_remove(self.checker_callback_tag)
728
self.checker_callback(pid, status, command)
988
logger.info("Starting checker %r for %s", command,
989
self.name)
990
# We don't need to redirect stdout and stderr, since
991
# in normal mode, that is already done by daemon(),
992
# and in debug mode we don't want to. (Stdin is
993
# always replaced by /dev/null.)
994
# The exception is when not debugging but nevertheless
995
# running in the foreground; use the previously
996
# created wnull.
997
popen_args = { "close_fds": True,
998
"shell": True,
999
"cwd": "/" }
1000
if (not self.server_settings["debug"]
1001
and self.server_settings["foreground"]):
1002
popen_args.update({"stdout": wnull,
1003
"stderr": wnull })
1004
pipe = multiprocessing.Pipe(duplex = False)
1005
self.checker = multiprocessing.Process(
1006
target = call_pipe,
1007
args = (pipe[1], subprocess.call, command),
1008
kwargs = popen_args)
1009
self.checker.start()
1010
self.checker_callback_tag = gobject.io_add_watch(
1011
pipe[0].fileno(), gobject.IO_IN,
1012
self.checker_callback, pipe[0], command)
729
1013
# Re-run this periodically if run by gobject.timeout_add
730
1014
return True
731
1015
737
1021
if getattr(self, "checker", None) is None:
738
1022
return
739
1023
logger.debug("Stopping checker for %(name)s", vars(self))
740
try:
741
self.checker.terminate()
742
#time.sleep(0.5)
743
#if self.checker.poll() is None:
744
# self.checker.kill()
745
except OSError as error:
746
if error.errno != errno.ESRCH: # No such process
747
raise
1024
self.checker.terminate()
748
1025
self.checker = None
749
1026
750
1027
751
def dbus_service_property(dbus_interface, signature="v",
752
access="readwrite", byte_arrays=False):
1028
def dbus_service_property(dbus_interface,
1029
signature="v",
1030
access="readwrite",
1031
byte_arrays=False):
753
1032
"""Decorators for marking methods of a DBusObjectWithProperties to
754
1033
become properties on the D-Bus.
755
1034
764
1043
# "Set" method, so we fail early here:
765
1044
if byte_arrays and signature != "ay":
766
1045
raise ValueError("Byte arrays not supported for non-'ay'"
767
" signature {0!r}".format(signature))
1046
" signature {!r}".format(signature))
1047
768
1048
def decorator(func):
769
1049
func._dbus_is_property = True
770
1050
func._dbus_interface = dbus_interface
775
1055
func._dbus_name = func._dbus_name[:-14]
776
1056
func._dbus_get_args_options = {'byte_arrays': byte_arrays }
777
1057
return func
1058
778
1059
return decorator
779
1060
780
1061
789
1070
"org.freedesktop.DBus.Property.EmitsChangedSignal":
790
1071
"false"}
791
1072
"""
1073
792
1074
def decorator(func):
793
1075
func._dbus_is_interface = True
794
1076
func._dbus_interface = dbus_interface
795
1077
func._dbus_name = dbus_interface
796
1078
return func
1079
797
1080
return decorator
798
1081
799
1082
801
1084
"""Decorator to annotate D-Bus methods, signals or properties
802
1085
Usage:
803
1086
1087
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true",
1088
"org.freedesktop.DBus.Property."
1089
"EmitsChangedSignal": "false"})
804
1090
@dbus_service_property("org.example.Interface", signature="b",
805
1091
access="r")
806
@dbus_annotations({{"org.freedesktop.DBus.Deprecated": "true",
807
"org.freedesktop.DBus.Property."
808
"EmitsChangedSignal": "false"})
809
1092
def Property_dbus_property(self):
810
1093
return dbus.Boolean(False)
1094
1095
See also the DBusObjectWithAnnotations class.
811
1096
"""
1097
812
1098
def decorator(func):
813
1099
func._dbus_annotations = annotations
814
1100
return func
1101
815
1102
return decorator
816
1103
817
1104
818
1105
class DBusPropertyException(dbus.exceptions.DBusException):
819
1106
"""A base class for D-Bus property-related exceptions
820
1107
"""
821
def __unicode__(self):
822
return unicode(str(self))
1108
pass
823
1109
824
1110
825
1111
class DBusPropertyAccessException(DBusPropertyException):
834
1120
pass
835
1121
836
1122
837
class DBusObjectWithProperties(dbus.service.Object):
838
"""A D-Bus object with properties.
1123
class DBusObjectWithAnnotations(dbus.service.Object):
1124
"""A D-Bus object with annotations.
839
1125
840
Classes inheriting from this can use the dbus_service_property
841
decorator to expose methods as D-Bus properties. It exposes the
842
standard Get(), Set(), and GetAll() methods on the D-Bus.
1126
Classes inheriting from this can use the dbus_annotations
1127
decorator to add annotations to methods or signals.
843
1128
"""
844
1129
845
1130
@staticmethod
849
1134
If called like _is_dbus_thing("method") it returns a function
850
1135
suitable for use as predicate to inspect.getmembers().
851
1136
"""
852
return lambda obj: getattr(obj, "_dbus_is_{0}".format(thing),
1137
return lambda obj: getattr(obj, "_dbus_is_{}".format(thing),
853
1138
False)
854
1139
855
1140
def _get_all_dbus_things(self, thing):
856
1141
"""Returns a generator of (name, attribute) pairs
857
1142
"""
858
return ((getattr(athing.__get__(self), "_dbus_name",
859
name),
1143
return ((getattr(athing.__get__(self), "_dbus_name", name),
860
1144
athing.__get__(self))
861
1145
for cls in self.__class__.__mro__
862
1146
for name, athing in
863
inspect.getmembers(cls,
864
self._is_dbus_thing(thing)))
1147
inspect.getmembers(cls, self._is_dbus_thing(thing)))
1148
1149
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
1150
out_signature = "s",
1151
path_keyword = 'object_path',
1152
connection_keyword = 'connection')
1153
def Introspect(self, object_path, connection):
1154
"""Overloading of standard D-Bus method.
1155
1156
Inserts annotation tags on methods and signals.
1157
"""
1158
xmlstring = dbus.service.Object.Introspect(self, object_path,
1159
connection)
1160
try:
1161
document = xml.dom.minidom.parseString(xmlstring)
1162
1163
for if_tag in document.getElementsByTagName("interface"):
1164
# Add annotation tags
1165
for typ in ("method", "signal"):
1166
for tag in if_tag.getElementsByTagName(typ):
1167
annots = dict()
1168
for name, prop in (self.
1169
_get_all_dbus_things(typ)):
1170
if (name == tag.getAttribute("name")
1171
and prop._dbus_interface
1172
== if_tag.getAttribute("name")):
1173
annots.update(getattr(
1174
prop, "_dbus_annotations", {}))
1175
for name, value in annots.items():
1176
ann_tag = document.createElement(
1177
"annotation")
1178
ann_tag.setAttribute("name", name)
1179
ann_tag.setAttribute("value", value)
1180
tag.appendChild(ann_tag)
1181
# Add interface annotation tags
1182
for annotation, value in dict(
1183
itertools.chain.from_iterable(
1184
annotations().items()
1185
for name, annotations
1186
in self._get_all_dbus_things("interface")
1187
if name == if_tag.getAttribute("name")
1188
)).items():
1189
ann_tag = document.createElement("annotation")
1190
ann_tag.setAttribute("name", annotation)
1191
ann_tag.setAttribute("value", value)
1192
if_tag.appendChild(ann_tag)
1193
# Fix argument name for the Introspect method itself
1194
if (if_tag.getAttribute("name")
1195
== dbus.INTROSPECTABLE_IFACE):
1196
for cn in if_tag.getElementsByTagName("method"):
1197
if cn.getAttribute("name") == "Introspect":
1198
for arg in cn.getElementsByTagName("arg"):
1199
if (arg.getAttribute("direction")
1200
== "out"):
1201
arg.setAttribute("name",
1202
"xml_data")
1203
xmlstring = document.toxml("utf-8")
1204
document.unlink()
1205
except (AttributeError, xml.dom.DOMException,
1206
xml.parsers.expat.ExpatError) as error:
1207
logger.error("Failed to override Introspection method",
1208
exc_info=error)
1209
return xmlstring
1210
1211
1212
class DBusObjectWithProperties(DBusObjectWithAnnotations):
1213
"""A D-Bus object with properties.
1214
1215
Classes inheriting from this can use the dbus_service_property
1216
decorator to expose methods as D-Bus properties. It exposes the
1217
standard Get(), Set(), and GetAll() methods on the D-Bus.
1218
"""
865
1219
866
1220
def _get_dbus_property(self, interface_name, property_name):
867
1221
"""Returns a bound method if one exists which is a D-Bus
868
1222
property with the specified name and interface.
869
1223
"""
870
for cls in self.__class__.__mro__:
871
for name, value in (inspect.getmembers
872
(cls,
873
self._is_dbus_thing("property"))):
1224
for cls in self.__class__.__mro__:
1225
for name, value in inspect.getmembers(
1226
cls, self._is_dbus_thing("property")):
874
1227
if (value._dbus_name == property_name
875
1228
and value._dbus_interface == interface_name):
876
1229
return value.__get__(self)
877
1230
878
1231
# No such property
879
raise DBusPropertyNotFound(self.dbus_object_path + ":"
880
+ interface_name + "."
881
+ property_name)
882
883
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="ss",
1232
raise DBusPropertyNotFound("{}:{}.{}".format(
1233
self.dbus_object_path, interface_name, property_name))
1234
1235
@classmethod
1236
def _get_all_interface_names(cls):
1237
"""Get a sequence of all interfaces supported by an object"""
1238
return (name for name in set(getattr(getattr(x, attr),
1239
"_dbus_interface", None)
1240
for x in (inspect.getmro(cls))
1241
for attr in dir(x))
1242
if name is not None)
1243
1244
@dbus.service.method(dbus.PROPERTIES_IFACE,
1245
in_signature="ss",
884
1246
out_signature="v")
885
1247
def Get(self, interface_name, property_name):
886
1248
"""Standard D-Bus property Get() method, see D-Bus standard.
904
1266
# The byte_arrays option is not supported yet on
905
1267
# signatures other than "ay".
906
1268
if prop._dbus_signature != "ay":
907
raise ValueError
1269
raise ValueError("Byte arrays not supported for non-"
1270
"'ay' signature {!r}"
1271
.format(prop._dbus_signature))
908
1272
value = dbus.ByteArray(b''.join(chr(byte)
909
1273
for byte in value))
910
1274
prop(value)
911
1275
912
@dbus.service.method(dbus.PROPERTIES_IFACE, in_signature="s",
1276
@dbus.service.method(dbus.PROPERTIES_IFACE,
1277
in_signature="s",
913
1278
out_signature="a{sv}")
914
1279
def GetAll(self, interface_name):
915
1280
"""Standard D-Bus property GetAll() method, see D-Bus
930
1295
if not hasattr(value, "variant_level"):
931
1296
properties[name] = value
932
1297
continue
933
properties[name] = type(value)(value, variant_level=
934
value.variant_level+1)
1298
properties[name] = type(value)(
1299
value, variant_level = value.variant_level + 1)
935
1300
return dbus.Dictionary(properties, signature="sv")
936
1301
1302
@dbus.service.signal(dbus.PROPERTIES_IFACE, signature="sa{sv}as")
1303
def PropertiesChanged(self, interface_name, changed_properties,
1304
invalidated_properties):
1305
"""Standard D-Bus PropertiesChanged() signal, see D-Bus
1306
standard.
1307
"""
1308
pass
1309
937
1310
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
938
1311
out_signature="s",
939
1312
path_keyword='object_path',
943
1316
944
1317
Inserts property tags and interface annotation tags.
945
1318
"""
946
xmlstring = dbus.service.Object.Introspect(self, object_path,
947
connection)
1319
xmlstring = DBusObjectWithAnnotations.Introspect(self,
1320
object_path,
1321
connection)
948
1322
try:
949
1323
document = xml.dom.minidom.parseString(xmlstring)
1324
950
1325
def make_tag(document, name, prop):
951
1326
e = document.createElement("property")
952
1327
e.setAttribute("name", name)
953
1328
e.setAttribute("type", prop._dbus_signature)
954
1329
e.setAttribute("access", prop._dbus_access)
955
1330
return e
1331
956
1332
for if_tag in document.getElementsByTagName("interface"):
957
1333
# Add property tags
958
1334
for tag in (make_tag(document, name, prop)
961
1337
if prop._dbus_interface
962
1338
== if_tag.getAttribute("name")):
963
1339
if_tag.appendChild(tag)
964
# Add annotation tags
965
for typ in ("method", "signal", "property"):
966
for tag in if_tag.getElementsByTagName(typ):
967
annots = dict()
968
for name, prop in (self.
969
_get_all_dbus_things(typ)):
970
if (name == tag.getAttribute("name")
971
and prop._dbus_interface
972
== if_tag.getAttribute("name")):
973
annots.update(getattr
974
(prop,
975
"_dbus_annotations",
976
{}))
977
for name, value in annots.iteritems():
978
ann_tag = document.createElement(
979
"annotation")
980
ann_tag.setAttribute("name", name)
981
ann_tag.setAttribute("value", value)
982
tag.appendChild(ann_tag)
983
# Add interface annotation tags
984
for annotation, value in dict(
985
itertools.chain.from_iterable(
986
annotations().iteritems()
987
for name, annotations in
988
self._get_all_dbus_things("interface")
989
if name == if_tag.getAttribute("name")
990
)).iteritems():
991
ann_tag = document.createElement("annotation")
992
ann_tag.setAttribute("name", annotation)
993
ann_tag.setAttribute("value", value)
994
if_tag.appendChild(ann_tag)
1340
# Add annotation tags for properties
1341
for tag in if_tag.getElementsByTagName("property"):
1342
annots = dict()
1343
for name, prop in self._get_all_dbus_things(
1344
"property"):
1345
if (name == tag.getAttribute("name")
1346
and prop._dbus_interface
1347
== if_tag.getAttribute("name")):
1348
annots.update(getattr(
1349
prop, "_dbus_annotations", {}))
1350
for name, value in annots.items():
1351
ann_tag = document.createElement(
1352
"annotation")
1353
ann_tag.setAttribute("name", name)
1354
ann_tag.setAttribute("value", value)
1355
tag.appendChild(ann_tag)
995
1356
# Add the names to the return values for the
996
1357
# "org.freedesktop.DBus.Properties" methods
997
1358
if (if_tag.getAttribute("name")
1015
1376
exc_info=error)
1016
1377
return xmlstring
1017
1378
1379
try:
1380
dbus.OBJECT_MANAGER_IFACE
1381
except AttributeError:
1382
dbus.OBJECT_MANAGER_IFACE = "org.freedesktop.DBus.ObjectManager"
1383
1384
class DBusObjectWithObjectManager(DBusObjectWithAnnotations):
1385
"""A D-Bus object with an ObjectManager.
1386
1387
Classes inheriting from this exposes the standard
1388
GetManagedObjects call and the InterfacesAdded and
1389
InterfacesRemoved signals on the standard
1390
"org.freedesktop.DBus.ObjectManager" interface.
1391
1392
Note: No signals are sent automatically; they must be sent
1393
manually.
1394
"""
1395
@dbus.service.method(dbus.OBJECT_MANAGER_IFACE,
1396
out_signature = "a{oa{sa{sv}}}")
1397
def GetManagedObjects(self):
1398
"""This function must be overridden"""
1399
raise NotImplementedError()
1400
1401
@dbus.service.signal(dbus.OBJECT_MANAGER_IFACE,
1402
signature = "oa{sa{sv}}")
1403
def InterfacesAdded(self, object_path, interfaces_and_properties):
1404
pass
1405
1406
@dbus.service.signal(dbus.OBJECT_MANAGER_IFACE, signature = "oas")
1407
def InterfacesRemoved(self, object_path, interfaces):
1408
pass
1409
1410
@dbus.service.method(dbus.INTROSPECTABLE_IFACE,
1411
out_signature = "s",
1412
path_keyword = 'object_path',
1413
connection_keyword = 'connection')
1414
def Introspect(self, object_path, connection):
1415
"""Overloading of standard D-Bus method.
1416
1417
Override return argument name of GetManagedObjects to be
1418
"objpath_interfaces_and_properties"
1419
"""
1420
xmlstring = DBusObjectWithAnnotations.Introspect(self,
1421
object_path,
1422
connection)
1423
try:
1424
document = xml.dom.minidom.parseString(xmlstring)
1425
1426
for if_tag in document.getElementsByTagName("interface"):
1427
# Fix argument name for the GetManagedObjects method
1428
if (if_tag.getAttribute("name")
1429
== dbus.OBJECT_MANAGER_IFACE):
1430
for cn in if_tag.getElementsByTagName("method"):
1431
if (cn.getAttribute("name")
1432
== "GetManagedObjects"):
1433
for arg in cn.getElementsByTagName("arg"):
1434
if (arg.getAttribute("direction")
1435
== "out"):
1436
arg.setAttribute(
1437
"name",
1438
"objpath_interfaces"
1439
"_and_properties")
1440
xmlstring = document.toxml("utf-8")
1441
document.unlink()
1442
except (AttributeError, xml.dom.DOMException,
1443
xml.parsers.expat.ExpatError) as error:
1444
logger.error("Failed to override Introspection method",
1445
exc_info = error)
1446
return xmlstring
1018
1447
1019
1448
def datetime_to_dbus(dt, variant_level=0):
1020
1449
"""Convert a UTC datetime.datetime() to a D-Bus type."""
1021
1450
if dt is None:
1022
1451
return dbus.String("", variant_level = variant_level)
1023
return dbus.String(dt.isoformat(),
1024
variant_level=variant_level)
1452
return dbus.String(dt.isoformat(), variant_level=variant_level)
1025
1453
1026
1454
1027
1455
def alternate_dbus_interfaces(alt_interface_names, deprecate=True):
1047
1475
(from DBusObjectWithProperties) and interfaces (from the
1048
1476
dbus_interface_annotations decorator).
1049
1477
"""
1478
1050
1479
def wrapper(cls):
1051
1480
for orig_interface_name, alt_interface_name in (
1052
alt_interface_names.iteritems()):
1481
alt_interface_names.items()):
1053
1482
attr = {}
1054
1483
interface_names = set()
1055
1484
# Go though all attributes of the class
1057
1486
# Ignore non-D-Bus attributes, and D-Bus attributes
1058
1487
# with the wrong interface name
1059
1488
if (not hasattr(attribute, "_dbus_interface")
1060
or not attribute._dbus_interface
1061
.startswith(orig_interface_name)):
1489
or not attribute._dbus_interface.startswith(
1490
orig_interface_name)):
1062
1491
continue
1063
1492
# Create an alternate D-Bus interface name based on
1064
1493
# the current name
1065
alt_interface = (attribute._dbus_interface
1066
.replace(orig_interface_name,
1067
alt_interface_name))
1494
alt_interface = attribute._dbus_interface.replace(
1495
orig_interface_name, alt_interface_name)
1068
1496
interface_names.add(alt_interface)
1069
1497
# Is this a D-Bus signal?
1070
1498
if getattr(attribute, "_dbus_is_signal", False):
1071
# Extract the original non-method function by
1072
# black magic
1073
nonmethod_func = (dict(
1499
if sys.version_info.major == 2:
1500
# Extract the original non-method undecorated
1501
# function by black magic
1502
nonmethod_func = (dict(
1074
1503
zip(attribute.func_code.co_freevars,
1075
attribute.__closure__))["func"]
1076
.cell_contents)
1504
attribute.__closure__))
1505
["func"].cell_contents)
1506
else:
1507
nonmethod_func = attribute
1077
1508
# Create a new, but exactly alike, function
1078
1509
# object, and decorate it to be a new D-Bus signal
1079
1510
# with the alternate D-Bus interface name
1080
new_function = (dbus.service.signal
1081
(alt_interface,
1082
attribute._dbus_signature)
1083
(types.FunctionType(
1084
nonmethod_func.func_code,
1085
nonmethod_func.func_globals,
1086
nonmethod_func.func_name,
1087
nonmethod_func.func_defaults,
1088
nonmethod_func.func_closure)))
1511
if sys.version_info.major == 2:
1512
new_function = types.FunctionType(
1513
nonmethod_func.func_code,
1514
nonmethod_func.func_globals,
1515
nonmethod_func.func_name,
1516
nonmethod_func.func_defaults,
1517
nonmethod_func.func_closure)
1518
else:
1519
new_function = types.FunctionType(
1520
nonmethod_func.__code__,
1521
nonmethod_func.__globals__,
1522
nonmethod_func.__name__,
1523
nonmethod_func.__defaults__,
1524
nonmethod_func.__closure__)
1525
new_function = (dbus.service.signal(
1526
alt_interface,
1527
attribute._dbus_signature)(new_function))
1089
1528
# Copy annotations, if any
1090
1529
try:
1091
new_function._dbus_annotations = (
1092
dict(attribute._dbus_annotations))
1530
new_function._dbus_annotations = dict(
1531
attribute._dbus_annotations)
1093
1532
except AttributeError:
1094
1533
pass
1095
1534
# Define a creator of a function to call both the
1100
1539
"""This function is a scope container to pass
1101
1540
func1 and func2 to the "call_both" function
1102
1541
outside of its arguments"""
1542
1543
@functools.wraps(func2)
1103
1544
def call_both(*args, **kwargs):
1104
1545
"""This function will emit two D-Bus
1105
1546
signals by calling func1 and func2"""
1106
1547
func1(*args, **kwargs)
1107
1548
func2(*args, **kwargs)
1549
# Make wrapper function look like a D-Bus signal
1550
for name, attr in inspect.getmembers(func2):
1551
if name.startswith("_dbus_"):
1552
setattr(call_both, name, attr)
1553
1108
1554
return call_both
1109
1555
# Create the "call_both" function and add it to
1110
1556
# the class
1115
1561
# object. Decorate it to be a new D-Bus method
1116
1562
# with the alternate D-Bus interface name. Add it
1117
1563
# to the class.
1118
attr[attrname] = (dbus.service.method
1119
(alt_interface,
1120
attribute._dbus_in_signature,
1121
attribute._dbus_out_signature)
1122
(types.FunctionType
1123
(attribute.func_code,
1124
attribute.func_globals,
1125
attribute.func_name,
1126
attribute.func_defaults,
1127
attribute.func_closure)))
1564
attr[attrname] = (
1565
dbus.service.method(
1566
alt_interface,
1567
attribute._dbus_in_signature,
1568
attribute._dbus_out_signature)
1569
(types.FunctionType(attribute.func_code,
1570
attribute.func_globals,
1571
attribute.func_name,
1572
attribute.func_defaults,
1573
attribute.func_closure)))
1128
1574
# Copy annotations, if any
1129
1575
try:
1130
attr[attrname]._dbus_annotations = (
1131
dict(attribute._dbus_annotations))
1576
attr[attrname]._dbus_annotations = dict(
1577
attribute._dbus_annotations)
1132
1578
except AttributeError:
1133
1579
pass
1134
1580
# Is this a D-Bus property?
1137
1583
# object, and decorate it to be a new D-Bus
1138
1584
# property with the alternate D-Bus interface
1139
1585
# name. Add it to the class.
1140
attr[attrname] = (dbus_service_property
1141
(alt_interface,
1142
attribute._dbus_signature,
1143
attribute._dbus_access,
1144
attribute
1145
._dbus_get_args_options
1146
["byte_arrays"])
1147
(types.FunctionType
1148
(attribute.func_code,
1149
attribute.func_globals,
1150
attribute.func_name,
1151
attribute.func_defaults,
1152
attribute.func_closure)))
1586
attr[attrname] = (dbus_service_property(
1587
alt_interface, attribute._dbus_signature,
1588
attribute._dbus_access,
1589
attribute._dbus_get_args_options
1590
["byte_arrays"])
1591
(types.FunctionType(
1592
attribute.func_code,
1593
attribute.func_globals,
1594
attribute.func_name,
1595
attribute.func_defaults,
1596
attribute.func_closure)))
1153
1597
# Copy annotations, if any
1154
1598
try:
1155
attr[attrname]._dbus_annotations = (
1156
dict(attribute._dbus_annotations))
1599
attr[attrname]._dbus_annotations = dict(
1600
attribute._dbus_annotations)
1157
1601
except AttributeError:
1158
1602
pass
1159
1603
# Is this a D-Bus interface?
1162
1606
# object. Decorate it to be a new D-Bus interface
1163
1607
# with the alternate D-Bus interface name. Add it
1164
1608
# to the class.
1165
attr[attrname] = (dbus_interface_annotations
1166
(alt_interface)
1167
(types.FunctionType
1168
(attribute.func_code,
1169
attribute.func_globals,
1170
attribute.func_name,
1171
attribute.func_defaults,
1172
attribute.func_closure)))
1609
attr[attrname] = (
1610
dbus_interface_annotations(alt_interface)
1611
(types.FunctionType(attribute.func_code,
1612
attribute.func_globals,
1613
attribute.func_name,
1614
attribute.func_defaults,
1615
attribute.func_closure)))
1173
1616
if deprecate:
1174
1617
# Deprecate all alternate interfaces
1175
iname="_AlternateDBusNames_interface_annotation{0}"
1618
iname="_AlternateDBusNames_interface_annotation{}"
1176
1619
for interface_name in interface_names:
1620
1177
1621
@dbus_interface_annotations(interface_name)
1178
1622
def func(self):
1179
1623
return { "org.freedesktop.DBus.Deprecated":
1180
"true" }
1624
"true" }
1181
1625
# Find an unused name
1182
1626
for aname in (iname.format(i)
1183
1627
for i in itertools.count()):
1187
1631
if interface_names:
1188
1632
# Replace the class with a new subclass of it with
1189
1633
# methods, signals, etc. as created above.
1190
cls = type(b"{0}Alternate".format(cls.__name__),
1191
(cls,), attr)
1634
cls = type(b"{}Alternate".format(cls.__name__),
1635
(cls, ), attr)
1192
1636
return cls
1637
1193
1638
return wrapper
1194
1639
1195
1640
1196
1641
@alternate_dbus_interfaces({"se.recompile.Mandos":
1197
"se.bsnet.fukt.Mandos"})
1642
"se.bsnet.fukt.Mandos"})
1198
1643
class ClientDBus(Client, DBusObjectWithProperties):
1199
1644
"""A Client class using D-Bus
1200
1645
1204
1649
"""
1205
1650
1206
1651
runtime_expansions = (Client.runtime_expansions
1207
+ ("dbus_object_path",))
1652
+ ("dbus_object_path", ))
1653
1654
_interface = "se.recompile.Mandos.Client"
1208
1655
1209
1656
# dbus.service.Object doesn't use super(), so we can't either.
1210
1657
1213
1660
Client.__init__(self, *args, **kwargs)
1214
1661
# Only now, when this client is initialized, can it show up on
1215
1662
# the D-Bus
1216
client_object_name = unicode(self.name).translate(
1663
client_object_name = str(self.name).translate(
1217
1664
{ord("."): ord("_"),
1218
1665
ord("-"): ord("_")})
1219
self.dbus_object_path = (dbus.ObjectPath
1220
("/clients/" + client_object_name))
1666
self.dbus_object_path = dbus.ObjectPath(
1667
"/clients/" + client_object_name)
1221
1668
DBusObjectWithProperties.__init__(self, self.bus,
1222
1669
self.dbus_object_path)
1223
1670
1224
def notifychangeproperty(transform_func,
1225
dbus_name, type_func=lambda x: x,
1226
variant_level=1):
1671
def notifychangeproperty(transform_func, dbus_name,
1672
type_func=lambda x: x,
1673
variant_level=1,
1674
invalidate_only=False,
1675
_interface=_interface):
1227
1676
""" Modify a variable so that it's a property which announces
1228
1677
its changes to DBus.
1229
1678
1234
1683
to the D-Bus. Default: no transform
1235
1684
variant_level: D-Bus variant level. Default: 1
1236
1685
"""
1237
attrname = "_{0}".format(dbus_name)
1686
attrname = "_{}".format(dbus_name)
1687
1238
1688
def setter(self, value):
1239
1689
if hasattr(self, "dbus_object_path"):
1240
1690
if (not hasattr(self, attrname) or
1241
1691
type_func(getattr(self, attrname, None))
1242
1692
!= type_func(value)):
1243
dbus_value = transform_func(type_func(value),
1244
variant_level
1245
=variant_level)
1246
self.PropertyChanged(dbus.String(dbus_name),
1247
dbus_value)
1693
if invalidate_only:
1694
self.PropertiesChanged(
1695
_interface, dbus.Dictionary(),
1696
dbus.Array((dbus_name, )))
1697
else:
1698
dbus_value = transform_func(
1699
type_func(value),
1700
variant_level = variant_level)
1701
self.PropertyChanged(dbus.String(dbus_name),
1702
dbus_value)
1703
self.PropertiesChanged(
1704
_interface,
1705
dbus.Dictionary({ dbus.String(dbus_name):
1706
dbus_value }),
1707
dbus.Array())
1248
1708
setattr(self, attrname, value)
1249
1709
1250
1710
return property(lambda self: getattr(self, attrname), setter)
1256
1716
enabled = notifychangeproperty(dbus.Boolean, "Enabled")
1257
1717
last_enabled = notifychangeproperty(datetime_to_dbus,
1258
1718
"LastEnabled")
1259
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
1260
type_func = lambda checker:
1261
checker is not None)
1719
checker = notifychangeproperty(
1720
dbus.Boolean, "CheckerRunning",
1721
type_func = lambda checker: checker is not None)
1262
1722
last_checked_ok = notifychangeproperty(datetime_to_dbus,
1263
1723
"LastCheckedOK")
1264
1724
last_checker_status = notifychangeproperty(dbus.Int16,
1267
1727
datetime_to_dbus, "LastApprovalRequest")
1268
1728
approved_by_default = notifychangeproperty(dbus.Boolean,
1269
1729
"ApprovedByDefault")
1270
approval_delay = notifychangeproperty(dbus.UInt64,
1271
"ApprovalDelay",
1272
type_func =
1273
timedelta_to_milliseconds)
1730
approval_delay = notifychangeproperty(
1731
dbus.UInt64, "ApprovalDelay",
1732
type_func = lambda td: td.total_seconds() * 1000)
1274
1733
approval_duration = notifychangeproperty(
1275
1734
dbus.UInt64, "ApprovalDuration",
1276
type_func = timedelta_to_milliseconds)
1735
type_func = lambda td: td.total_seconds() * 1000)
1277
1736
host = notifychangeproperty(dbus.String, "Host")
1278
timeout = notifychangeproperty(dbus.UInt64, "Timeout",
1279
type_func =
1280
timedelta_to_milliseconds)
1737
timeout = notifychangeproperty(
1738
dbus.UInt64, "Timeout",
1739
type_func = lambda td: td.total_seconds() * 1000)
1281
1740
extended_timeout = notifychangeproperty(
1282
1741
dbus.UInt64, "ExtendedTimeout",
1283
type_func = timedelta_to_milliseconds)
1284
interval = notifychangeproperty(dbus.UInt64,
1285
"Interval",
1286
type_func =
1287
timedelta_to_milliseconds)
1742
type_func = lambda td: td.total_seconds() * 1000)
1743
interval = notifychangeproperty(
1744
dbus.UInt64, "Interval",
1745
type_func = lambda td: td.total_seconds() * 1000)
1288
1746
checker_command = notifychangeproperty(dbus.String, "Checker")
1747
secret = notifychangeproperty(dbus.ByteArray, "Secret",
1748
invalidate_only=True)
1289
1749
1290
1750
del notifychangeproperty
1291
1751
1298
1758
DBusObjectWithProperties.__del__(self, *args, **kwargs)
1299
1759
Client.__del__(self, *args, **kwargs)
1300
1760
1301
def checker_callback(self, pid, condition, command,
1302
*args, **kwargs):
1303
self.checker_callback_tag = None
1304
self.checker = None
1305
if os.WIFEXITED(condition):
1306
exitstatus = os.WEXITSTATUS(condition)
1761
def checker_callback(self, source, condition,
1762
connection, command, *args, **kwargs):
1763
ret = Client.checker_callback(self, source, condition,
1764
connection, command, *args,
1765
**kwargs)
1766
exitstatus = self.last_checker_status
1767
if exitstatus >= 0:
1307
1768
# Emit D-Bus signal
1308
1769
self.CheckerCompleted(dbus.Int16(exitstatus),
1309
dbus.Int64(condition),
1770
# This is specific to GNU libC
1771
dbus.Int64(exitstatus << 8),
1310
1772
dbus.String(command))
1311
1773
else:
1312
1774
# Emit D-Bus signal
1313
1775
self.CheckerCompleted(dbus.Int16(-1),
1314
dbus.Int64(condition),
1776
dbus.Int64(
1777
# This is specific to GNU libC
1778
(exitstatus << 8)
1779
| self.last_checker_signal),
1315
1780
dbus.String(command))
1316
1317
return Client.checker_callback(self, pid, condition, command,
1318
*args, **kwargs)
1781
return ret
1319
1782
1320
1783
def start_checker(self, *args, **kwargs):
1321
old_checker = self.checker
1322
if self.checker is not None:
1323
old_checker_pid = self.checker.pid
1324
else:
1325
old_checker_pid = None
1784
old_checker_pid = getattr(self.checker, "pid", None)
1326
1785
r = Client.start_checker(self, *args, **kwargs)
1327
1786
# Only if new checker process was started
1328
1787
if (self.checker is not None
1337
1796
1338
1797
def approve(self, value=True):
1339
1798
self.approved = value
1340
gobject.timeout_add(timedelta_to_milliseconds
1341
(self.approval_duration),
1342
self._reset_approved)
1799
gobject.timeout_add(int(self.approval_duration.total_seconds()
1800
* 1000), self._reset_approved)
1343
1801
self.send_changedstate()
1344
1802
1345
1803
## D-Bus methods, signals & properties
1346
_interface = "se.recompile.Mandos.Client"
1347
1804
1348
1805
## Interfaces
1349
1806
1350
@dbus_interface_annotations(_interface)
1351
def _foo(self):
1352
return { "org.freedesktop.DBus.Property.EmitsChangedSignal":
1353
"false"}
1354
1355
1807
## Signals
1356
1808
1357
1809
# CheckerCompleted - signal
1367
1819
pass
1368
1820
1369
1821
# PropertyChanged - signal
1822
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1370
1823
@dbus.service.signal(_interface, signature="sv")
1371
1824
def PropertyChanged(self, property, value):
1372
1825
"D-Bus signal"
1406
1859
self.checked_ok()
1407
1860
1408
1861
# Enable - method
1862
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1409
1863
@dbus.service.method(_interface)
1410
1864
def Enable(self):
1411
1865
"D-Bus method"
1412
1866
self.enable()
1413
1867
1414
1868
# StartChecker - method
1869
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1415
1870
@dbus.service.method(_interface)
1416
1871
def StartChecker(self):
1417
1872
"D-Bus method"
1418
1873
self.start_checker()
1419
1874
1420
1875
# Disable - method
1876
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1421
1877
@dbus.service.method(_interface)
1422
1878
def Disable(self):
1423
1879
"D-Bus method"
1424
1880
self.disable()
1425
1881
1426
1882
# StopChecker - method
1883
@dbus_annotations({"org.freedesktop.DBus.Deprecated": "true"})
1427
1884
@dbus.service.method(_interface)
1428
1885
def StopChecker(self):
1429
1886
self.stop_checker()
1436
1893
return dbus.Boolean(bool(self.approvals_pending))
1437
1894
1438
1895
# ApprovedByDefault - property
1439
@dbus_service_property(_interface, signature="b",
1896
@dbus_service_property(_interface,
1897
signature="b",
1440
1898
access="readwrite")
1441
1899
def ApprovedByDefault_dbus_property(self, value=None):
1442
1900
if value is None: # get
1444
1902
self.approved_by_default = bool(value)
1445
1903
1446
1904
# ApprovalDelay - property
1447
@dbus_service_property(_interface, signature="t",
1905
@dbus_service_property(_interface,
1906
signature="t",
1448
1907
access="readwrite")
1449
1908
def ApprovalDelay_dbus_property(self, value=None):
1450
1909
if value is None: # get
1451
return dbus.UInt64(self.approval_delay_milliseconds())
1910
return dbus.UInt64(self.approval_delay.total_seconds()
1911
* 1000)
1452
1912
self.approval_delay = datetime.timedelta(0, 0, 0, value)
1453
1913
1454
1914
# ApprovalDuration - property
1455
@dbus_service_property(_interface, signature="t",
1915
@dbus_service_property(_interface,
1916
signature="t",
1456
1917
access="readwrite")
1457
1918
def ApprovalDuration_dbus_property(self, value=None):
1458
1919
if value is None: # get
1459
return dbus.UInt64(timedelta_to_milliseconds(
1460
self.approval_duration))
1920
return dbus.UInt64(self.approval_duration.total_seconds()
1921
* 1000)
1461
1922
self.approval_duration = datetime.timedelta(0, 0, 0, value)
1462
1923
1463
1924
# Name - property
1925
@dbus_annotations(
1926
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1464
1927
@dbus_service_property(_interface, signature="s", access="read")
1465
1928
def Name_dbus_property(self):
1466
1929
return dbus.String(self.name)
1467
1930
1468
1931
# Fingerprint - property
1932
@dbus_annotations(
1933
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1469
1934
@dbus_service_property(_interface, signature="s", access="read")
1470
1935
def Fingerprint_dbus_property(self):
1471
1936
return dbus.String(self.fingerprint)
1472
1937
1473
1938
# Host - property
1474
@dbus_service_property(_interface, signature="s",
1939
@dbus_service_property(_interface,
1940
signature="s",
1475
1941
access="readwrite")
1476
1942
def Host_dbus_property(self, value=None):
1477
1943
if value is None: # get
1478
1944
return dbus.String(self.host)
1479
self.host = unicode(value)
1945
self.host = str(value)
1480
1946
1481
1947
# Created - property
1948
@dbus_annotations(
1949
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})
1482
1950
@dbus_service_property(_interface, signature="s", access="read")
1483
1951
def Created_dbus_property(self):
1484
1952
return datetime_to_dbus(self.created)
1489
1957
return datetime_to_dbus(self.last_enabled)
1490
1958
1491
1959
# Enabled - property
1492
@dbus_service_property(_interface, signature="b",
1960
@dbus_service_property(_interface,
1961
signature="b",
1493
1962
access="readwrite")
1494
1963
def Enabled_dbus_property(self, value=None):
1495
1964
if value is None: # get
1500
1969
self.disable()
1501
1970
1502
1971
# LastCheckedOK - property
1503
@dbus_service_property(_interface, signature="s",
1972
@dbus_service_property(_interface,
1973
signature="s",
1504
1974
access="readwrite")
1505
1975
def LastCheckedOK_dbus_property(self, value=None):
1506
1976
if value is not None:
1509
1979
return datetime_to_dbus(self.last_checked_ok)
1510
1980
1511
1981
# LastCheckerStatus - property
1512
@dbus_service_property(_interface, signature="n",
1513
access="read")
1982
@dbus_service_property(_interface, signature="n", access="read")
1514
1983
def LastCheckerStatus_dbus_property(self):
1515
1984
return dbus.Int16(self.last_checker_status)
1516
1985
1525
1994
return datetime_to_dbus(self.last_approval_request)
1526
1995
1527
1996
# Timeout - property
1528
@dbus_service_property(_interface, signature="t",
1997
@dbus_service_property(_interface,
1998
signature="t",
1529
1999
access="readwrite")
1530
2000
def Timeout_dbus_property(self, value=None):
1531
2001
if value is None: # get
1532
return dbus.UInt64(self.timeout_milliseconds())
2002
return dbus.UInt64(self.timeout.total_seconds() * 1000)
1533
2003
old_timeout = self.timeout
1534
2004
self.timeout = datetime.timedelta(0, 0, 0, value)
1535
2005
# Reschedule disabling
1544
2014
is None):
1545
2015
return
1546
2016
gobject.source_remove(self.disable_initiator_tag)
1547
self.disable_initiator_tag = (
1548
gobject.timeout_add(
1549
timedelta_to_milliseconds(self.expires - now),
1550
self.disable))
2017
self.disable_initiator_tag = gobject.timeout_add(
2018
int((self.expires - now).total_seconds() * 1000),
2019
self.disable)
1551
2020
1552
2021
# ExtendedTimeout - property
1553
@dbus_service_property(_interface, signature="t",
2022
@dbus_service_property(_interface,
2023
signature="t",
1554
2024
access="readwrite")
1555
2025
def ExtendedTimeout_dbus_property(self, value=None):
1556
2026
if value is None: # get
1557
return dbus.UInt64(self.extended_timeout_milliseconds())
2027
return dbus.UInt64(self.extended_timeout.total_seconds()
2028
* 1000)
1558
2029
self.extended_timeout = datetime.timedelta(0, 0, 0, value)
1559
2030
1560
2031
# Interval - property
1561
@dbus_service_property(_interface, signature="t",
2032
@dbus_service_property(_interface,
2033
signature="t",
1562
2034
access="readwrite")
1563
2035
def Interval_dbus_property(self, value=None):
1564
2036
if value is None: # get
1565
return dbus.UInt64(self.interval_milliseconds())
2037
return dbus.UInt64(self.interval.total_seconds() * 1000)
1566
2038
self.interval = datetime.timedelta(0, 0, 0, value)
1567
2039
if getattr(self, "checker_initiator_tag", None) is None:
1568
2040
return
1569
2041
if self.enabled:
1570
2042
# Reschedule checker run
1571
2043
gobject.source_remove(self.checker_initiator_tag)
1572
self.checker_initiator_tag = (gobject.timeout_add
1573
(value, self.start_checker))
1574
self.start_checker() # Start one now, too
2044
self.checker_initiator_tag = gobject.timeout_add(
2045
value, self.start_checker)
2046
self.start_checker() # Start one now, too
1575
2047
1576
2048
# Checker - property
1577
@dbus_service_property(_interface, signature="s",
2049
@dbus_service_property(_interface,
2050
signature="s",
1578
2051
access="readwrite")
1579
2052
def Checker_dbus_property(self, value=None):
1580
2053
if value is None: # get
1581
2054
return dbus.String(self.checker_command)
1582
self.checker_command = unicode(value)
2055
self.checker_command = str(value)
1583
2056
1584
2057
# CheckerRunning - property
1585
@dbus_service_property(_interface, signature="b",
2058
@dbus_service_property(_interface,
2059
signature="b",
1586
2060
access="readwrite")
1587
2061
def CheckerRunning_dbus_property(self, value=None):
1588
2062
if value is None: # get
1593
2067
self.stop_checker()
1594
2068
1595
2069
# ObjectPath - property
2070
@dbus_annotations(
2071
{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const",
2072
"org.freedesktop.DBus.Deprecated": "true"})
1596
2073
@dbus_service_property(_interface, signature="o", access="read")
1597
2074
def ObjectPath_dbus_property(self):
1598
2075
return self.dbus_object_path # is already a dbus.ObjectPath
1599
2076
1600
2077
# Secret = property
1601
@dbus_service_property(_interface, signature="ay",
1602
access="write", byte_arrays=True)
2078
@dbus_annotations(
2079
{"org.freedesktop.DBus.Property.EmitsChangedSignal":
2080
"invalidates"})
2081
@dbus_service_property(_interface,
2082
signature="ay",
2083
access="write",
2084
byte_arrays=True)
1603
2085
def Secret_dbus_property(self, value):
1604
self.secret = str(value)
2086
self.secret = bytes(value)
1605
2087
1606
2088
del _interface
1607
2089
1611
2093
self._pipe = child_pipe
1612
2094
self._pipe.send(('init', fpr, address))
1613
2095
if not self._pipe.recv():
1614
raise KeyError()
2096
raise KeyError(fpr)
1615
2097
1616
2098
def __getattribute__(self, name):
1617
2099
if name == '_pipe':
1621
2103
if data[0] == 'data':
1622
2104
return data[1]
1623
2105
if data[0] == 'function':
2106
1624
2107
def func(*args, **kwargs):
1625
2108
self._pipe.send(('funcall', name, args, kwargs))
1626
2109
return self._pipe.recv()[1]
2110
1627
2111
return func
1628
2112
1629
2113
def __setattr__(self, name, value):
1641
2125
def handle(self):
1642
2126
with contextlib.closing(self.server.child_pipe) as child_pipe:
1643
2127
logger.info("TCP connection from: %s",
1644
unicode(self.client_address))
2128
str(self.client_address))
1645
2129
logger.debug("Pipe FD: %d",
1646
2130
self.server.child_pipe.fileno())
1647
2131
1648
session = (gnutls.connection
1649
.ClientSession(self.request,
1650
gnutls.connection
1651
.X509Credentials()))
1652
1653
# Note: gnutls.connection.X509Credentials is really a
1654
# generic GnuTLS certificate credentials object so long as
1655
# no X.509 keys are added to it. Therefore, we can use it
1656
# here despite using OpenPGP certificates.
2132
session = gnutls.ClientSession(self.request)
1657
2133
1658
2134
#priority = ':'.join(("NONE", "+VERS-TLS1.1",
1659
2135
# "+AES-256-CBC", "+SHA1",
1663
2139
priority = self.server.gnutls_priority
1664
2140
if priority is None:
1665
2141
priority = "NORMAL"
1666
(gnutls.library.functions
1667
.gnutls_priority_set_direct(session._c_object,
1668
priority, None))
2142
gnutls.priority_set_direct(session._c_object, priority,
2143
None)
1669
2144
1670
2145
# Start communication using the Mandos protocol
1671
2146
# Get protocol number
1673
2148
logger.debug("Protocol version: %r", line)
1674
2149
try:
1675
2150
if int(line.strip().split()[0]) > 1:
1676
raise RuntimeError
2151
raise RuntimeError(line)
1677
2152
except (ValueError, IndexError, RuntimeError) as error:
1678
2153
logger.error("Unknown protocol version: %s", error)
1679
2154
return
1681
2156
# Start GnuTLS connection
1682
2157
try:
1683
2158
session.handshake()
1684
except gnutls.errors.GNUTLSError as error:
2159
except gnutls.Error as error:
1685
2160
logger.warning("Handshake failed: %s", error)
1686
2161
# Do not run session.bye() here: the session is not
1687
2162
# established. Just abandon the request.
1691
2166
approval_required = False
1692
2167
try:
1693
2168
try:
1694
fpr = self.fingerprint(self.peer_certificate
1695
(session))
1696
except (TypeError,
1697
gnutls.errors.GNUTLSError) as error:
2169
fpr = self.fingerprint(
2170
self.peer_certificate(session))
2171
except (TypeError, gnutls.Error) as error:
1698
2172
logger.warning("Bad certificate: %s", error)
1699
2173
return
1700
2174
logger.debug("Fingerprint: %s", fpr)
1713
2187
while True:
1714
2188
if not client.enabled:
1715
2189
logger.info("Client %s is disabled",
1716
client.name)
2190
client.name)
1717
2191
if self.server.use_dbus:
1718
2192
# Emit D-Bus signal
1719
2193
client.Rejected("Disabled")
1728
2202
if self.server.use_dbus:
1729
2203
# Emit D-Bus signal
1730
2204
client.NeedApproval(
1731
client.approval_delay_milliseconds(),
1732
client.approved_by_default)
2205
client.approval_delay.total_seconds()
2206
* 1000, client.approved_by_default)
1733
2207
else:
1734
2208
logger.warning("Client %s was not approved",
1735
2209
client.name)
1741
2215
#wait until timeout or approved
1742
2216
time = datetime.datetime.now()
1743
2217
client.changedstate.acquire()
1744
client.changedstate.wait(
1745
float(timedelta_to_milliseconds(delay)
1746
/ 1000))
2218
client.changedstate.wait(delay.total_seconds())
1747
2219
client.changedstate.release()
1748
2220
time2 = datetime.datetime.now()
1749
2221
if (time2 - time) >= delay:
1760
2232
else:
1761
2233
delay -= time2 - time
1762
2234
1763
sent_size = 0
1764
while sent_size < len(client.secret):
1765
try:
1766
sent = session.send(client.secret[sent_size:])
1767
except gnutls.errors.GNUTLSError as error:
1768
logger.warning("gnutls send failed",
1769
exc_info=error)
1770
return
1771
logger.debug("Sent: %d, remaining: %d",
1772
sent, len(client.secret)
1773
- (sent_size + sent))
1774
sent_size += sent
2235
try:
2236
session.send(client.secret)
2237
except gnutls.Error as error:
2238
logger.warning("gnutls send failed",
2239
exc_info = error)
2240
return
1775
2241
1776
2242
logger.info("Sending secret to %s", client.name)
1777
2243
# bump the timeout using extended_timeout
1785
2251
client.approvals_pending -= 1
1786
2252
try:
1787
2253
session.bye()
1788
except gnutls.errors.GNUTLSError as error:
2254
except gnutls.Error as error:
1789
2255
logger.warning("GnuTLS bye failed",
1790
2256
exc_info=error)
1791
2257
1793
2259
def peer_certificate(session):
1794
2260
"Return the peer's OpenPGP certificate as a bytestring"
1795
2261
# If not an OpenPGP certificate...
1796
if (gnutls.library.functions
1797
.gnutls_certificate_type_get(session._c_object)
1798
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):
1799
# ...do the normal thing
1800
return session.peer_certificate
2262
if (gnutls.certificate_type_get(session._c_object)
2263
!= gnutls.CRT_OPENPGP):
2264
# ...return invalid data
2265
return b""
1801
2266
list_size = ctypes.c_uint(1)
1802
cert_list = (gnutls.library.functions
1803
.gnutls_certificate_get_peers
2267
cert_list = (gnutls.certificate_get_peers
1804
2268
(session._c_object, ctypes.byref(list_size)))
1805
2269
if not bool(cert_list) and list_size.value != 0:
1806
raise gnutls.errors.GNUTLSError("error getting peer"
1807
" certificate")
2270
raise gnutls.Error("error getting peer certificate")
1808
2271
if list_size.value == 0:
1809
2272
return None
1810
2273
cert = cert_list[0]
1814
2277
def fingerprint(openpgp):
1815
2278
"Convert an OpenPGP bytestring to a hexdigit fingerprint"
1816
2279
# New GnuTLS "datum" with the OpenPGP public key
1817
datum = (gnutls.library.types
1818
.gnutls_datum_t(ctypes.cast(ctypes.c_char_p(openpgp),
1819
ctypes.POINTER
1820
(ctypes.c_ubyte)),
1821
ctypes.c_uint(len(openpgp))))
2280
datum = gnutls.datum_t(
2281
ctypes.cast(ctypes.c_char_p(openpgp),
2282
ctypes.POINTER(ctypes.c_ubyte)),
2283
ctypes.c_uint(len(openpgp)))
1822
2284
# New empty GnuTLS certificate
1823
crt = gnutls.library.types.gnutls_openpgp_crt_t()
1824
(gnutls.library.functions
1825
.gnutls_openpgp_crt_init(ctypes.byref(crt)))
2285
crt = gnutls.openpgp_crt_t()
2286
gnutls.openpgp_crt_init(ctypes.byref(crt))
1826
2287
# Import the OpenPGP public key into the certificate
1827
(gnutls.library.functions
1828
.gnutls_openpgp_crt_import(crt, ctypes.byref(datum),
1829
gnutls.library.constants
1830
.GNUTLS_OPENPGP_FMT_RAW))
2288
gnutls.openpgp_crt_import(crt, ctypes.byref(datum),
2289
gnutls.OPENPGP_FMT_RAW)
1831
2290
# Verify the self signature in the key
1832
2291
crtverify = ctypes.c_uint()
1833
(gnutls.library.functions
1834
.gnutls_openpgp_crt_verify_self(crt, 0,
1835
ctypes.byref(crtverify)))
2292
gnutls.openpgp_crt_verify_self(crt, 0,
2293
ctypes.byref(crtverify))
1836
2294
if crtverify.value != 0:
1837
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
1838
raise (gnutls.errors.CertificateSecurityError
1839
("Verify failed"))
2295
gnutls.openpgp_crt_deinit(crt)
2296
raise gnutls.CertificateSecurityError("Verify failed")
1840
2297
# New buffer for the fingerprint
1841
2298
buf = ctypes.create_string_buffer(20)
1842
2299
buf_len = ctypes.c_size_t()
1843
2300
# Get the fingerprint from the certificate into the buffer
1844
(gnutls.library.functions
1845
.gnutls_openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
1846
ctypes.byref(buf_len)))
2301
gnutls.openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),
2302
ctypes.byref(buf_len))
1847
2303
# Deinit the certificate
1848
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
2304
gnutls.openpgp_crt_deinit(crt)
1849
2305
# Convert the buffer to a Python bytestring
1850
2306
fpr = ctypes.string_at(buf, buf_len.value)
1851
2307
# Convert the bytestring to hexadecimal notation
1855
2311
1856
2312
class MultiprocessingMixIn(object):
1857
2313
"""Like socketserver.ThreadingMixIn, but with multiprocessing"""
2314
1858
2315
def sub_process_main(self, request, address):
1859
2316
try:
1860
2317
self.finish_request(request, address)
1872
2329
1873
2330
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
1874
2331
""" adds a pipe to the MixIn """
2332
1875
2333
def process_request(self, request, client_address):
1876
2334
"""Overrides and wraps the original process_request().
1877
2335
1886
2344
1887
2345
def add_pipe(self, parent_pipe, proc):
1888
2346
"""Dummy function; override as necessary"""
1889
raise NotImplementedError
2347
raise NotImplementedError()
1890
2348
1891
2349
1892
2350
class IPv6_TCPServer(MultiprocessingMixInWithPipe,
1898
2356
interface: None or a network interface name (string)
1899
2357
use_ipv6: Boolean; to use IPv6 or not
1900
2358
"""
2359
1901
2360
def __init__(self, server_address, RequestHandlerClass,
1902
interface=None, use_ipv6=True, socketfd=None):
2361
interface=None,
2362
use_ipv6=True,
2363
socketfd=None):
1903
2364
"""If socketfd is set, use that file descriptor instead of
1904
2365
creating a new one with socket.socket().
1905
2366
"""
1946
2407
self.interface)
1947
2408
else:
1948
2409
try:
1949
self.socket.setsockopt(socket.SOL_SOCKET,
1950
SO_BINDTODEVICE,
1951
str(self.interface
1952
+ '\0'))
2410
self.socket.setsockopt(
2411
socket.SOL_SOCKET, SO_BINDTODEVICE,
2412
(self.interface + "\0").encode("utf-8"))
1953
2413
except socket.error as error:
1954
2414
if error.errno == errno.EPERM:
1955
logger.error("No permission to"
1956
" bind to interface %s",
1957
self.interface)
2415
logger.error("No permission to bind to"
2416
" interface %s", self.interface)
1958
2417
elif error.errno == errno.ENOPROTOOPT:
1959
2418
logger.error("SO_BINDTODEVICE not available;"
1960
2419
" cannot bind to interface %s",
1961
2420
self.interface)
1962
2421
elif error.errno == errno.ENODEV:
1963
logger.error("Interface %s does not"
1964
" exist, cannot bind",
1965
self.interface)
2422
logger.error("Interface %s does not exist,"
2423
" cannot bind", self.interface)
1966
2424
else:
1967
2425
raise
1968
2426
# Only bind(2) the socket if we really need to.
1971
2429
if self.address_family == socket.AF_INET6:
1972
2430
any_address = "::" # in6addr_any
1973
2431
else:
1974
any_address = socket.INADDR_ANY
2432
any_address = "0.0.0.0" # INADDR_ANY
1975
2433
self.server_address = (any_address,
1976
2434
self.server_address[1])
1977
2435
elif not self.server_address[1]:
1978
self.server_address = (self.server_address[0],
1979
0)
2436
self.server_address = (self.server_address[0], 0)
1980
2437
# if self.interface:
1981
2438
# self.server_address = (self.server_address[0],
1982
2439
# 0, # port
1996
2453
1997
2454
Assumes a gobject.MainLoop event loop.
1998
2455
"""
2456
1999
2457
def __init__(self, server_address, RequestHandlerClass,
2000
interface=None, use_ipv6=True, clients=None,
2001
gnutls_priority=None, use_dbus=True, socketfd=None):
2458
interface=None,
2459
use_ipv6=True,
2460
clients=None,
2461
gnutls_priority=None,
2462
use_dbus=True,
2463
socketfd=None):
2002
2464
self.enabled = False
2003
2465
self.clients = clients
2004
2466
if self.clients is None:
2010
2472
interface = interface,
2011
2473
use_ipv6 = use_ipv6,
2012
2474
socketfd = socketfd)
2475
2013
2476
def server_activate(self):
2014
2477
if self.enabled:
2015
2478
return socketserver.TCPServer.server_activate(self)
2019
2482
2020
2483
def add_pipe(self, parent_pipe, proc):
2021
2484
# Call "handle_ipc" for both data and EOF events
2022
gobject.io_add_watch(parent_pipe.fileno(),
2023
gobject.IO_IN | gobject.IO_HUP,
2024
functools.partial(self.handle_ipc,
2025
parent_pipe =
2026
parent_pipe,
2027
proc = proc))
2485
gobject.io_add_watch(
2486
parent_pipe.fileno(),
2487
gobject.IO_IN | gobject.IO_HUP,
2488
functools.partial(self.handle_ipc,
2489
parent_pipe = parent_pipe,
2490
proc = proc))
2028
2491
2029
def handle_ipc(self, source, condition, parent_pipe=None,
2030
proc = None, client_object=None):
2492
def handle_ipc(self, source, condition,
2493
parent_pipe=None,
2494
proc = None,
2495
client_object=None):
2031
2496
# error, or the other end of multiprocessing.Pipe has closed
2032
2497
if condition & (gobject.IO_ERR | gobject.IO_HUP):
2033
2498
# Wait for other process to exit
2056
2521
parent_pipe.send(False)
2057
2522
return False
2058
2523
2059
gobject.io_add_watch(parent_pipe.fileno(),
2060
gobject.IO_IN | gobject.IO_HUP,
2061
functools.partial(self.handle_ipc,
2062
parent_pipe =
2063
parent_pipe,
2064
proc = proc,
2065
client_object =
2066
client))
2524
gobject.io_add_watch(
2525
parent_pipe.fileno(),
2526
gobject.IO_IN | gobject.IO_HUP,
2527
functools.partial(self.handle_ipc,
2528
parent_pipe = parent_pipe,
2529
proc = proc,
2530
client_object = client))
2067
2531
parent_pipe.send(True)
2068
2532
# remove the old hook in favor of the new above hook on
2069
2533
# same fileno
2075
2539
2076
2540
parent_pipe.send(('data', getattr(client_object,
2077
2541
funcname)(*args,
2078
**kwargs)))
2542
**kwargs)))
2079
2543
2080
2544
if command == 'getattr':
2081
2545
attrname = request[1]
2082
if callable(client_object.__getattribute__(attrname)):
2083
parent_pipe.send(('function',))
2546
if isinstance(client_object.__getattribute__(attrname),
2547
collections.Callable):
2548
parent_pipe.send(('function', ))
2084
2549
else:
2085
parent_pipe.send(('data', client_object
2086
.__getattribute__(attrname)))
2550
parent_pipe.send((
2551
'data', client_object.__getattribute__(attrname)))
2087
2552
2088
2553
if command == 'setattr':
2089
2554
attrname = request[1]
2093
2558
return True
2094
2559
2095
2560
2561
def rfc3339_duration_to_delta(duration):
2562
"""Parse an RFC 3339 "duration" and return a datetime.timedelta
2563
2564
>>> rfc3339_duration_to_delta("P7D")
2565
datetime.timedelta(7)
2566
>>> rfc3339_duration_to_delta("PT60S")
2567
datetime.timedelta(0, 60)
2568
>>> rfc3339_duration_to_delta("PT60M")
2569
datetime.timedelta(0, 3600)
2570
>>> rfc3339_duration_to_delta("PT24H")
2571
datetime.timedelta(1)
2572
>>> rfc3339_duration_to_delta("P1W")
2573
datetime.timedelta(7)
2574
>>> rfc3339_duration_to_delta("PT5M30S")
2575
datetime.timedelta(0, 330)
2576
>>> rfc3339_duration_to_delta("P1DT3M20S")
2577
datetime.timedelta(1, 200)
2578
"""
2579
2580
# Parsing an RFC 3339 duration with regular expressions is not
2581
# possible - there would have to be multiple places for the same
2582
# values, like seconds. The current code, while more esoteric, is
2583
# cleaner without depending on a parsing library. If Python had a
2584
# built-in library for parsing we would use it, but we'd like to
2585
# avoid excessive use of external libraries.
2586
2587
# New type for defining tokens, syntax, and semantics all-in-one
2588
Token = collections.namedtuple("Token", (
2589
"regexp", # To match token; if "value" is not None, must have
2590
# a "group" containing digits
2591
"value", # datetime.timedelta or None
2592
"followers")) # Tokens valid after this token
2593
# RFC 3339 "duration" tokens, syntax, and semantics; taken from
2594
# the "duration" ABNF definition in RFC 3339, Appendix A.
2595
token_end = Token(re.compile(r"$"), None, frozenset())
2596
token_second = Token(re.compile(r"(\d+)S"),
2597
datetime.timedelta(seconds=1),
2598
frozenset((token_end, )))
2599
token_minute = Token(re.compile(r"(\d+)M"),
2600
datetime.timedelta(minutes=1),
2601
frozenset((token_second, token_end)))
2602
token_hour = Token(re.compile(r"(\d+)H"),
2603
datetime.timedelta(hours=1),
2604
frozenset((token_minute, token_end)))
2605
token_time = Token(re.compile(r"T"),
2606
None,
2607
frozenset((token_hour, token_minute,
2608
token_second)))
2609
token_day = Token(re.compile(r"(\d+)D"),
2610
datetime.timedelta(days=1),
2611
frozenset((token_time, token_end)))
2612
token_month = Token(re.compile(r"(\d+)M"),
2613
datetime.timedelta(weeks=4),
2614
frozenset((token_day, token_end)))
2615
token_year = Token(re.compile(r"(\d+)Y"),
2616
datetime.timedelta(weeks=52),
2617
frozenset((token_month, token_end)))
2618
token_week = Token(re.compile(r"(\d+)W"),
2619
datetime.timedelta(weeks=1),
2620
frozenset((token_end, )))
2621
token_duration = Token(re.compile(r"P"), None,
2622
frozenset((token_year, token_month,
2623
token_day, token_time,
2624
token_week)))
2625
# Define starting values
2626
value = datetime.timedelta() # Value so far
2627
found_token = None
2628
followers = frozenset((token_duration, )) # Following valid tokens
2629
s = duration # String left to parse
2630
# Loop until end token is found
2631
while found_token is not token_end:
2632
# Search for any currently valid tokens
2633
for token in followers:
2634
match = token.regexp.match(s)
2635
if match is not None:
2636
# Token found
2637
if token.value is not None:
2638
# Value found, parse digits
2639
factor = int(match.group(1), 10)
2640
# Add to value so far
2641
value += factor * token.value
2642
# Strip token from string
2643
s = token.regexp.sub("", s, 1)
2644
# Go to found token
2645
found_token = token
2646
# Set valid next tokens
2647
followers = found_token.followers
2648
break
2649
else:
2650
# No currently valid tokens were found
2651
raise ValueError("Invalid RFC 3339 duration: {!r}"
2652
.format(duration))
2653
# End token found
2654
return value
2655
2656
2096
2657
def string_to_delta(interval):
2097
2658
"""Parse a string and return a datetime.timedelta
2098
2659
2109
2670
>>> string_to_delta('5m 30s')
2110
2671
datetime.timedelta(0, 330)
2111
2672
"""
2673
2674
try:
2675
return rfc3339_duration_to_delta(interval)
2676
except ValueError:
2677
pass
2678
2112
2679
timevalue = datetime.timedelta(0)
2113
2680
for s in interval.split():
2114
2681
try:
2115
suffix = unicode(s[-1])
2682
suffix = s[-1]
2116
2683
value = int(s[:-1])
2117
2684
if suffix == "d":
2118
2685
delta = datetime.timedelta(value)
2125
2692
elif suffix == "w":
2126
2693
delta = datetime.timedelta(0, 0, 0, 0, 0, 0, value)
2127
2694
else:
2128
raise ValueError("Unknown suffix {0!r}"
2129
.format(suffix))
2130
except (ValueError, IndexError) as e:
2695
raise ValueError("Unknown suffix {!r}".format(suffix))
2696
except IndexError as e:
2131
2697
raise ValueError(*(e.args))
2132
2698
timevalue += delta
2133
2699
return timevalue
2149
2715
null = os.open(os.devnull, os.O_NOCTTY | os.O_RDWR)
2150
2716
if not stat.S_ISCHR(os.fstat(null).st_mode):
2151
2717
raise OSError(errno.ENODEV,
2152
"{0} not a character device"
2718
"{} not a character device"
2153
2719
.format(os.devnull))
2154
2720
os.dup2(null, sys.stdin.fileno())
2155
2721
os.dup2(null, sys.stdout.fileno())
2165
2731
2166
2732
parser = argparse.ArgumentParser()
2167
2733
parser.add_argument("-v", "--version", action="version",
2168
version = "%(prog)s {0}".format(version),
2734
version = "%(prog)s {}".format(version),
2169
2735
help="show version number and exit")
2170
2736
parser.add_argument("-i", "--interface", metavar="IF",
2171
2737
help="Bind to interface IF")
2177
2743
help="Run self-test")
2178
2744
parser.add_argument("--debug", action="store_true",
2179
2745
help="Debug mode; run in foreground and log"
2180
" to terminal")
2746
" to terminal", default=None)
2181
2747
parser.add_argument("--debuglevel", metavar="LEVEL",
2182
2748
help="Debug level for stdout output")
2183
2749
parser.add_argument("--priority", help="GnuTLS"
2190
2756
" files")
2191
2757
parser.add_argument("--no-dbus", action="store_false",
2192
2758
dest="use_dbus", help="Do not provide D-Bus"
2193
" system bus interface")
2759
" system bus interface", default=None)
2194
2760
parser.add_argument("--no-ipv6", action="store_false",
2195
dest="use_ipv6", help="Do not use IPv6")
2761
dest="use_ipv6", help="Do not use IPv6",
2762
default=None)
2196
2763
parser.add_argument("--no-restore", action="store_false",
2197
2764
dest="restore", help="Do not restore stored"
2198
" state")
2765
" state", default=None)
2199
2766
parser.add_argument("--socket", type=int,
2200
2767
help="Specify a file descriptor to a network"
2201
2768
" socket to use instead of creating one")
2202
2769
parser.add_argument("--statedir", metavar="DIR",
2203
2770
help="Directory to save/restore state in")
2771
parser.add_argument("--foreground", action="store_true",
2772
help="Run in foreground", default=None)
2773
parser.add_argument("--no-zeroconf", action="store_false",
2774
dest="zeroconf", help="Do not use Zeroconf",
2775
default=None)
2204
2776
2205
2777
options = parser.parse_args()
2206
2778
2207
2779
if options.check:
2208
2780
import doctest
2209
doctest.testmod()
2210
sys.exit()
2781
fail_count, test_count = doctest.testmod()
2782
sys.exit(os.EX_OK if fail_count == 0 else 1)
2211
2783
2212
2784
# Default values for config file for server-global settings
2213
2785
server_defaults = { "interface": "",
2215
2787
"port": "",
2216
2788
"debug": "False",
2217
2789
"priority":
2218
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
2790
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA"
2791
":+SIGN-DSA-SHA256",
2219
2792
"servicename": "Mandos",
2220
2793
"use_dbus": "True",
2221
2794
"use_ipv6": "True",
2222
2795
"debuglevel": "",
2223
2796
"restore": "True",
2224
2797
"socket": "",
2225
"statedir": "/var/lib/mandos"
2226
}
2798
"statedir": "/var/lib/mandos",
2799
"foreground": "False",
2800
"zeroconf": "True",
2801
}
2227
2802
2228
2803
# Parse config file for server-global settings
2229
2804
server_config = configparser.SafeConfigParser(server_defaults)
2230
2805
del server_defaults
2231
server_config.read(os.path.join(options.configdir,
2232
"mandos.conf"))
2806
server_config.read(os.path.join(options.configdir, "mandos.conf"))
2233
2807
# Convert the SafeConfigParser object to a dict
2234
2808
server_settings = server_config.defaults()
2235
2809
# Use the appropriate methods on the non-string config options
2236
for option in ("debug", "use_dbus", "use_ipv6"):
2810
for option in ("debug", "use_dbus", "use_ipv6", "foreground"):
2237
2811
server_settings[option] = server_config.getboolean("DEFAULT",
2238
2812
option)
2239
2813
if server_settings["port"]:
2253
2827
# Override the settings from the config file with command line
2254
2828
# options, if set.
2255
2829
for option in ("interface", "address", "port", "debug",
2256
"priority", "servicename", "configdir",
2257
"use_dbus", "use_ipv6", "debuglevel", "restore",
2258
"statedir", "socket"):
2830
"priority", "servicename", "configdir", "use_dbus",
2831
"use_ipv6", "debuglevel", "restore", "statedir",
2832
"socket", "foreground", "zeroconf"):
2259
2833
value = getattr(options, option)
2260
2834
if value is not None:
2261
2835
server_settings[option] = value
2262
2836
del options
2263
2837
# Force all strings to be unicode
2264
2838
for option in server_settings.keys():
2265
if type(server_settings[option]) is str:
2266
server_settings[option] = unicode(server_settings[option])
2839
if isinstance(server_settings[option], bytes):
2840
server_settings[option] = (server_settings[option]
2841
.decode("utf-8"))
2842
# Force all boolean options to be boolean
2843
for option in ("debug", "use_dbus", "use_ipv6", "restore",
2844
"foreground", "zeroconf"):
2845
server_settings[option] = bool(server_settings[option])
2846
# Debug implies foreground
2847
if server_settings["debug"]:
2848
server_settings["foreground"] = True
2267
2849
# Now we have our good server settings in "server_settings"
2268
2850
2269
2851
##################################################################
2270
2852
2853
if (not server_settings["zeroconf"]
2854
and not (server_settings["port"]
2855
or server_settings["socket"] != "")):
2856
parser.error("Needs port or socket to work without Zeroconf")
2857
2271
2858
# For convenience
2272
2859
debug = server_settings["debug"]
2273
2860
debuglevel = server_settings["debuglevel"]
2275
2862
use_ipv6 = server_settings["use_ipv6"]
2276
2863
stored_state_path = os.path.join(server_settings["statedir"],
2277
2864
stored_state_file)
2865
foreground = server_settings["foreground"]
2866
zeroconf = server_settings["zeroconf"]
2278
2867
2279
2868
if debug:
2280
2869
initlogger(debug, logging.DEBUG)
2286
2875
initlogger(debug, level)
2287
2876
2288
2877
if server_settings["servicename"] != "Mandos":
2289
syslogger.setFormatter(logging.Formatter
2290
('Mandos ({0}) [%(process)d]:'
2291
' %(levelname)s: %(message)s'
2292
.format(server_settings
2293
["servicename"])))
2878
syslogger.setFormatter(
2879
logging.Formatter('Mandos ({}) [%(process)d]:'
2880
' %(levelname)s: %(message)s'.format(
2881
server_settings["servicename"])))
2294
2882
2295
2883
# Parse config file with clients
2296
2884
client_config = configparser.SafeConfigParser(Client
2301
2889
global mandos_dbus_service
2302
2890
mandos_dbus_service = None
2303
2891
2304
tcp_server = MandosServer((server_settings["address"],
2305
server_settings["port"]),
2306
ClientHandler,
2307
interface=(server_settings["interface"]
2308
or None),
2309
use_ipv6=use_ipv6,
2310
gnutls_priority=
2311
server_settings["priority"],
2312
use_dbus=use_dbus,
2313
socketfd=(server_settings["socket"]
2314
or None))
2315
if not debug:
2316
pidfilename = "/var/run/mandos.pid"
2892
socketfd = None
2893
if server_settings["socket"] != "":
2894
socketfd = server_settings["socket"]
2895
tcp_server = MandosServer(
2896
(server_settings["address"], server_settings["port"]),
2897
ClientHandler,
2898
interface=(server_settings["interface"] or None),
2899
use_ipv6=use_ipv6,
2900
gnutls_priority=server_settings["priority"],
2901
use_dbus=use_dbus,
2902
socketfd=socketfd)
2903
if not foreground:
2904
pidfilename = "/run/mandos.pid"
2905
if not os.path.isdir("/run/."):
2906
pidfilename = "/var/run/mandos.pid"
2907
pidfile = None
2317
2908
try:
2318
pidfile = open(pidfilename, "w")
2909
pidfile = codecs.open(pidfilename, "w", encoding="utf-8")
2319
2910
except IOError as e:
2320
2911
logger.error("Could not open file %r", pidfilename,
2321
2912
exc_info=e)
2335
2926
os.setuid(uid)
2336
2927
except OSError as error:
2337
2928
if error.errno != errno.EPERM:
2338
raise error
2929
raise
2339
2930
2340
2931
if debug:
2341
2932
# Enable all possible GnuTLS debugging
2342
2933
2343
2934
# "Use a log level over 10 to enable all debugging options."
2344
2935
# - GnuTLS manual
2345
gnutls.library.functions.gnutls_global_set_log_level(11)
2936
gnutls.global_set_log_level(11)
2346
2937
2347
@gnutls.library.types.gnutls_log_func
2938
@gnutls.log_func
2348
2939
def debug_gnutls(level, string):
2349
2940
logger.debug("GnuTLS: %s", string[:-1])
2350
2941
2351
(gnutls.library.functions
2352
.gnutls_global_set_log_function(debug_gnutls))
2942
gnutls.global_set_log_function(debug_gnutls)
2353
2943
2354
2944
# Redirect stdin so all checkers get /dev/null
2355
2945
null = os.open(os.devnull, os.O_NOCTTY | os.O_RDWR)
2358
2948
os.close(null)
2359
2949
2360
2950
# Need to fork before connecting to D-Bus
2361
if not debug:
2951
if not foreground:
2362
2952
# Close all input and output, do double fork, etc.
2363
2953
daemon()
2364
2954
2375
2965
if use_dbus:
2376
2966
try:
2377
2967
bus_name = dbus.service.BusName("se.recompile.Mandos",
2378
bus, do_not_queue=True)
2379
old_bus_name = (dbus.service.BusName
2380
("se.bsnet.fukt.Mandos", bus,
2381
do_not_queue=True))
2382
except dbus.exceptions.NameExistsException as e:
2968
bus,
2969
do_not_queue=True)
2970
old_bus_name = dbus.service.BusName(
2971
"se.bsnet.fukt.Mandos", bus,
2972
do_not_queue=True)
2973
except dbus.exceptions.DBusException as e:
2383
2974
logger.error("Disabling D-Bus:", exc_info=e)
2384
2975
use_dbus = False
2385
2976
server_settings["use_dbus"] = False
2386
2977
tcp_server.use_dbus = False
2387
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2388
service = AvahiServiceToSyslog(name =
2389
server_settings["servicename"],
2390
servicetype = "_mandos._tcp",
2391
protocol = protocol, bus = bus)
2392
if server_settings["interface"]:
2393
service.interface = (if_nametoindex
2394
(str(server_settings["interface"])))
2978
if zeroconf:
2979
protocol = avahi.PROTO_INET6 if use_ipv6 else avahi.PROTO_INET
2980
service = AvahiServiceToSyslog(
2981
name = server_settings["servicename"],
2982
servicetype = "_mandos._tcp",
2983
protocol = protocol,
2984
bus = bus)
2985
if server_settings["interface"]:
2986
service.interface = if_nametoindex(
2987
server_settings["interface"].encode("utf-8"))
2395
2988
2396
2989
global multiprocessing_manager
2397
2990
multiprocessing_manager = multiprocessing.Manager()
2404
2997
old_client_settings = {}
2405
2998
clients_data = {}
2406
2999
3000
# This is used to redirect stdout and stderr for checker processes
3001
global wnull
3002
wnull = open(os.devnull, "w") # A writable /dev/null
3003
# Only used if server is running in foreground but not in debug
3004
# mode
3005
if debug or not foreground:
3006
wnull.close()
3007
2407
3008
# Get client data and settings from last running state.
2408
3009
if server_settings["restore"]:
2409
3010
try:
2410
3011
with open(stored_state_path, "rb") as stored_state:
2411
clients_data, old_client_settings = (pickle.load
2412
(stored_state))
3012
clients_data, old_client_settings = pickle.load(
3013
stored_state)
2413
3014
os.remove(stored_state_path)
2414
3015
except IOError as e:
2415
3016
if e.errno == errno.ENOENT:
2416
logger.warning("Could not load persistent state: {0}"
2417
.format(os.strerror(e.errno)))
3017
logger.warning("Could not load persistent state:"
3018
" {}".format(os.strerror(e.errno)))
2418
3019
else:
2419
3020
logger.critical("Could not load persistent state:",
2420
3021
exc_info=e)
2421
3022
raise
2422
3023
except EOFError as e:
2423
3024
logger.warning("Could not load persistent state: "
2424
"EOFError:", exc_info=e)
3025
"EOFError:",
3026
exc_info=e)
2425
3027
2426
3028
with PGPEngine() as pgp:
2427
for client_name, client in clients_data.iteritems():
3029
for client_name, client in clients_data.items():
3030
# Skip removed clients
3031
if client_name not in client_settings:
3032
continue
3033
2428
3034
# Decide which value to use after restoring saved state.
2429
3035
# We have three different values: Old config file,
2430
3036
# new config file, and saved state.
2435
3041
# For each value in new config, check if it
2436
3042
# differs from the old config value (Except for
2437
3043
# the "secret" attribute)
2438
if (name != "secret" and
2439
value != old_client_settings[client_name]
2440
[name]):
3044
if (name != "secret"
3045
and (value !=
3046
old_client_settings[client_name][name])):
2441
3047
client[name] = value
2442
3048
except KeyError:
2443
3049
pass
2444
3050
2445
3051
# Clients who has passed its expire date can still be
2446
# enabled if its last checker was successful. Clients
3052
# enabled if its last checker was successful. A Client
2447
3053
# whose checker succeeded before we stored its state is
2448
3054
# assumed to have successfully run all checkers during
2449
3055
# downtime.
2451
3057
if datetime.datetime.utcnow() >= client["expires"]:
2452
3058
if not client["last_checked_ok"]:
2453
3059
logger.warning(
2454
"disabling client {0} - Client never "
2455
"performed a successful checker"
2456
.format(client_name))
3060
"disabling client {} - Client never "
3061
"performed a successful checker".format(
3062
client_name))
2457
3063
client["enabled"] = False
2458
3064
elif client["last_checker_status"] != 0:
2459
3065
logger.warning(
2460
"disabling client {0} - Client "
2461
"last checker failed with error code {1}"
2462
.format(client_name,
2463
client["last_checker_status"]))
3066
"disabling client {} - Client last"
3067
" checker failed with error code"
3068
" {}".format(
3069
client_name,
3070
client["last_checker_status"]))
2464
3071
client["enabled"] = False
2465
3072
else:
2466
client["expires"] = (datetime.datetime
2467
.utcnow()
2468
+ client["timeout"])
3073
client["expires"] = (
3074
datetime.datetime.utcnow()
3075
+ client["timeout"])
2469
3076
logger.debug("Last checker succeeded,"
2470
" keeping {0} enabled"
2471
.format(client_name))
3077
" keeping {} enabled".format(
3078
client_name))
2472
3079
try:
2473
client["secret"] = (
2474
pgp.decrypt(client["encrypted_secret"],
2475
client_settings[client_name]
2476
["secret"]))
3080
client["secret"] = pgp.decrypt(
3081
client["encrypted_secret"],
3082
client_settings[client_name]["secret"])
2477
3083
except PGPError:
2478
3084
# If decryption fails, we use secret from new settings
2479
logger.debug("Failed to decrypt {0} old secret"
2480
.format(client_name))
2481
client["secret"] = (
2482
client_settings[client_name]["secret"])
3085
logger.debug("Failed to decrypt {} old secret".format(
3086
client_name))
3087
client["secret"] = (client_settings[client_name]
3088
["secret"])
2483
3089
2484
3090
# Add/remove clients based on new changes made to config
2485
3091
for client_name in (set(old_client_settings)
2490
3096
clients_data[client_name] = client_settings[client_name]
2491
3097
2492
3098
# Create all client objects
2493
for client_name, client in clients_data.iteritems():
3099
for client_name, client in clients_data.items():
2494
3100
tcp_server.clients[client_name] = client_class(
2495
name = client_name, settings = client)
3101
name = client_name,
3102
settings = client,
3103
server_settings = server_settings)
2496
3104
2497
3105
if not tcp_server.clients:
2498
3106
logger.warning("No clients defined")
2499
3107
2500
if not debug:
2501
try:
2502
with pidfile:
2503
pid = os.getpid()
2504
pidfile.write(str(pid) + "\n".encode("utf-8"))
2505
del pidfile
2506
except IOError:
2507
logger.error("Could not write to file %r with PID %d",
2508
pidfilename, pid)
2509
except NameError:
2510
# "pidfile" was never created
2511
pass
3108
if not foreground:
3109
if pidfile is not None:
3110
pid = os.getpid()
3111
try:
3112
with pidfile:
3113
print(pid, file=pidfile)
3114
except IOError:
3115
logger.error("Could not write to file %r with PID %d",
3116
pidfilename, pid)
3117
del pidfile
2512
3118
del pidfilename
2513
3119
2514
3120
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
2515
3121
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
2516
3122
2517
3123
if use_dbus:
2518
@alternate_dbus_interfaces({"se.recompile.Mandos":
2519
"se.bsnet.fukt.Mandos"})
2520
class MandosDBusService(DBusObjectWithProperties):
3124
3125
@alternate_dbus_interfaces(
3126
{ "se.recompile.Mandos": "se.bsnet.fukt.Mandos" })
3127
class MandosDBusService(DBusObjectWithObjectManager):
2521
3128
"""A D-Bus proxy object"""
3129
2522
3130
def __init__(self):
2523
3131
dbus.service.Object.__init__(self, bus, "/")
3132
2524
3133
_interface = "se.recompile.Mandos"
2525
3134
2526
@dbus_interface_annotations(_interface)
2527
def _foo(self):
2528
return { "org.freedesktop.DBus.Property"
2529
".EmitsChangedSignal":
2530
"false"}
2531
2532
3135
@dbus.service.signal(_interface, signature="o")
2533
3136
def ClientAdded(self, objpath):
2534
3137
"D-Bus signal"
2539
3142
"D-Bus signal"
2540
3143
pass
2541
3144
3145
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
3146
"true"})
2542
3147
@dbus.service.signal(_interface, signature="os")
2543
3148
def ClientRemoved(self, objpath, name):
2544
3149
"D-Bus signal"
2545
3150
pass
2546
3151
3152
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
3153
"true"})
2547
3154
@dbus.service.method(_interface, out_signature="ao")
2548
3155
def GetAllClients(self):
2549
3156
"D-Bus method"
2550
return dbus.Array(c.dbus_object_path
2551
for c in
3157
return dbus.Array(c.dbus_object_path for c in
2552
3158
tcp_server.clients.itervalues())
2553
3159
3160
@dbus_annotations({"org.freedesktop.DBus.Deprecated":
3161
"true"})
2554
3162
@dbus.service.method(_interface,
2555
3163
out_signature="a{oa{sv}}")
2556
3164
def GetAllClientsWithProperties(self):
2557
3165
"D-Bus method"
2558
3166
return dbus.Dictionary(
2559
((c.dbus_object_path, c.GetAll(""))
2560
for c in tcp_server.clients.itervalues()),
3167
{ c.dbus_object_path: c.GetAll(
3168
"se.recompile.Mandos.Client")
3169
for c in tcp_server.clients.itervalues() },
2561
3170
signature="oa{sv}")
2562
3171
2563
3172
@dbus.service.method(_interface, in_signature="o")
2567
3176
if c.dbus_object_path == object_path:
2568
3177
del tcp_server.clients[c.name]
2569
3178
c.remove_from_connection()
2570
# Don't signal anything except ClientRemoved
3179
# Don't signal the disabling
2571
3180
c.disable(quiet=True)
2572
# Emit D-Bus signal
2573
self.ClientRemoved(object_path, c.name)
3181
# Emit D-Bus signal for removal
3182
self.client_removed_signal(c)
2574
3183
return
2575
3184
raise KeyError(object_path)
2576
3185
2577
3186
del _interface
3187
3188
@dbus.service.method(dbus.OBJECT_MANAGER_IFACE,
3189
out_signature = "a{oa{sa{sv}}}")
3190
def GetManagedObjects(self):
3191
"""D-Bus method"""
3192
return dbus.Dictionary(
3193
{ client.dbus_object_path:
3194
dbus.Dictionary(
3195
{ interface: client.GetAll(interface)
3196
for interface in
3197
client._get_all_interface_names()})
3198
for client in tcp_server.clients.values()})
3199
3200
def client_added_signal(self, client):
3201
"""Send the new standard signal and the old signal"""
3202
if use_dbus:
3203
# New standard signal
3204
self.InterfacesAdded(
3205
client.dbus_object_path,
3206
dbus.Dictionary(
3207
{ interface: client.GetAll(interface)
3208
for interface in
3209
client._get_all_interface_names()}))
3210
# Old signal
3211
self.ClientAdded(client.dbus_object_path)
3212
3213
def client_removed_signal(self, client):
3214
"""Send the new standard signal and the old signal"""
3215
if use_dbus:
3216
# New standard signal
3217
self.InterfacesRemoved(
3218
client.dbus_object_path,
3219
client._get_all_interface_names())
3220
# Old signal
3221
self.ClientRemoved(client.dbus_object_path,
3222
client.name)
2578
3223
2579
3224
mandos_dbus_service = MandosDBusService()
2580
3225
2581
3226
def cleanup():
2582
3227
"Cleanup function; run on exit"
2583
service.cleanup()
3228
if zeroconf:
3229
service.cleanup()
2584
3230
2585
3231
multiprocessing.active_children()
3232
wnull.close()
2586
3233
if not (tcp_server.clients or client_settings):
2587
3234
return
2588
3235
2599
3246
2600
3247
# A list of attributes that can not be pickled
2601
3248
# + secret.
2602
exclude = set(("bus", "changedstate", "secret",
2603
"checker"))
2604
for name, typ in (inspect.getmembers
2605
(dbus.service.Object)):
3249
exclude = { "bus", "changedstate", "secret",
3250
"checker", "server_settings" }
3251
for name, typ in inspect.getmembers(dbus.service
3252
.Object):
2606
3253
exclude.add(name)
2607
3254
2608
3255
client_dict["encrypted_secret"] = (client
2615
3262
del client_settings[client.name]["secret"]
2616
3263
2617
3264
try:
2618
with (tempfile.NamedTemporaryFile
2619
(mode='wb', suffix=".pickle", prefix='clients-',
2620
dir=os.path.dirname(stored_state_path),
2621
delete=False)) as stored_state:
3265
with tempfile.NamedTemporaryFile(
3266
mode='wb',
3267
suffix=".pickle",
3268
prefix='clients-',
3269
dir=os.path.dirname(stored_state_path),
3270
delete=False) as stored_state:
2622
3271
pickle.dump((clients, client_settings), stored_state)
2623
tempname=stored_state.name
3272
tempname = stored_state.name
2624
3273
os.rename(tempname, stored_state_path)
2625
3274
except (IOError, OSError) as e:
2626
3275
if not debug:
2629
3278
except NameError:
2630
3279
pass
2631
3280
if e.errno in (errno.ENOENT, errno.EACCES, errno.EEXIST):
2632
logger.warning("Could not save persistent state: {0}"
3281
logger.warning("Could not save persistent state: {}"
2633
3282
.format(os.strerror(e.errno)))
2634
3283
else:
2635
3284
logger.warning("Could not save persistent state:",
2636
3285
exc_info=e)
2637
raise e
3286
raise
2638
3287
2639
3288
# Delete all clients, and settings from config
2640
3289
while tcp_server.clients:
2641
3290
name, client = tcp_server.clients.popitem()
2642
3291
if use_dbus:
2643
3292
client.remove_from_connection()
2644
# Don't signal anything except ClientRemoved
3293
# Don't signal the disabling
2645
3294
client.disable(quiet=True)
3295
# Emit D-Bus signal for removal
2646
3296
if use_dbus:
2647
# Emit D-Bus signal
2648
mandos_dbus_service.ClientRemoved(client
2649
.dbus_object_path,
2650
client.name)
3297
mandos_dbus_service.client_removed_signal(client)
2651
3298
client_settings.clear()
2652
3299
2653
3300
atexit.register(cleanup)
2654
3301
2655
3302
for client in tcp_server.clients.itervalues():
2656
3303
if use_dbus:
2657
# Emit D-Bus signal
2658
mandos_dbus_service.ClientAdded(client.dbus_object_path)
3304
# Emit D-Bus signal for adding
3305
mandos_dbus_service.client_added_signal(client)
2659
3306
# Need to initiate checking of clients
2660
3307
if client.enabled:
2661
3308
client.init_checker()
2664
3311
tcp_server.server_activate()
2665
3312
2666
3313
# Find out what port we got
2667
service.port = tcp_server.socket.getsockname()[1]
3314
if zeroconf:
3315
service.port = tcp_server.socket.getsockname()[1]
2668
3316
if use_ipv6:
2669
3317
logger.info("Now listening on address %r, port %d,"
2670
3318
" flowinfo %d, scope_id %d",
2676
3324
#service.interface = tcp_server.socket.getsockname()[3]
2677
3325
2678
3326
try:
2679
# From the Avahi example code
2680
try:
2681
service.activate()
2682
except dbus.exceptions.DBusException as error:
2683
logger.critical("D-Bus Exception", exc_info=error)
2684
cleanup()
2685
sys.exit(1)
2686
# End of Avahi example code
3327
if zeroconf:
3328
# From the Avahi example code
3329
try:
3330
service.activate()
3331
except dbus.exceptions.DBusException as error:
3332
logger.critical("D-Bus Exception", exc_info=error)
3333
cleanup()
3334
sys.exit(1)
3335
# End of Avahi example code
2687
3336
2688
3337
gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,
2689
3338
lambda *args, **kwargs:
2704
3353
# Must run before the D-Bus bus name gets deregistered
2705
3354
cleanup()
2706
3355
3356
2707
3357
if __name__ == '__main__':
2708
3358
main()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0