To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 84
- compare with another revision
- download diff
- download tarball
- view history from revision 84
- Committer: Teddy Hogeborn
- Date: 2008-08-17 22:42:28 UTC
- Revision ID: teddy@fukt.bsnet.se-20080817224228-nhor2yuv230if01i
* Makefile (DOCBOOKTOMAN): Use the local manpages/docbook.xsl file, do
not rely on a stylesheet declaration.
* mandos.xml: Removed <?xml-stylesheet>. New entity "&OVERVIEW;"
refers to "overview.xml". Changed all single quotes to
double quotes for consistency.
(DESCRIPTION): Use the term "TLS" and not "GnuTLS" for the protocol.
Refer to the "OVERVIEW" section for reason for IPv6
link-local addresses.
(PURPOSE): Shortened a lot. Refer to "OVERVIEW" section for details.
(OVERVIEW): New section. Include &OVERVIEW; and add a paragraph
about what the role of this program is.
(SECURITY/CLIENTS): Refer to the "CHECKING" section for details on
checking.
(SEE ALSO): Changed from an <itemizedlist> to a <variablelist>.
Added a short text for each entry. Removed reference to
plugin-runner(8mandos). Add reference to RFC 4291 and
RFC 4346.
* overview.xml: New file, containing a single <para>. The idea is to
use this in all the man pages.
* plugins.d/password-request.c: Updated comments about spurious
warnings.
not rely on a stylesheet declaration.
* mandos.xml: Removed <?xml-stylesheet>. New entity "&OVERVIEW;"
refers to "overview.xml". Changed all single quotes to
double quotes for consistency.
(DESCRIPTION): Use the term "TLS" and not "GnuTLS" for the protocol.
Refer to the "OVERVIEW" section for reason for IPv6
link-local addresses.
(PURPOSE): Shortened a lot. Refer to "OVERVIEW" section for details.
(OVERVIEW): New section. Include &OVERVIEW; and add a paragraph
about what the role of this program is.
(SECURITY/CLIENTS): Refer to the "CHECKING" section for details on
checking.
(SEE ALSO): Changed from an <itemizedlist> to a <variablelist>.
Added a short text for each entry. Removed reference to
plugin-runner(8mandos). Add reference to RFC 4291 and
RFC 4346.
* overview.xml: New file, containing a single <para>. The idea is to
use this in all the man pages.
* plugins.d/password-request.c: Updated comments about spurious
warnings.
- files added:
- COPYING
- plugins.d
- files removed:
- ca.pem
- files renamed:
- mandos-clients.conf => clients.conf
- server.py => mandos
- files modified:
- Makefile
added
removed
mandos
1
1
#!/usr/bin/python
2
# -*- mode: python; coding: utf-8 -*-
3
#
4
# Mandos server - give out binary blobs to connecting clients.
5
#
6
# This program is partly derived from an example program for an Avahi
7
# service publisher, downloaded from
8
# <http://avahi.org/wiki/PythonPublishExample>. This includes the
9
# methods "add" and "remove" in the "AvahiService" class, the
10
# "server_state_changed" and "entry_group_state_changed" functions,
11
# and some lines in "main".
12
#
13
# Everything else is
14
# Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
15
#
16
# This program is free software: you can redistribute it and/or modify
17
# it under the terms of the GNU General Public License as published by
18
# the Free Software Foundation, either version 3 of the License, or
19
# (at your option) any later version.
20
#
21
# This program is distributed in the hope that it will be useful,
22
# but WITHOUT ANY WARRANTY; without even the implied warranty of
23
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24
# GNU General Public License for more details.
25
#
26
# You should have received a copy of the GNU General Public License
27
# along with this program. If not, see <http://www.gnu.org/licenses/>.
28
#
29
# Contact the authors at <mandos@fukt.bsnet.se>.
30
#
2
31
3
32
from __future__ import division
4
33
11
40
import gnutls.crypto
12
41
import gnutls.connection
13
42
import gnutls.errors
43
import gnutls.library.functions
44
import gnutls.library.constants
45
import gnutls.library.types
14
46
import ConfigParser
15
47
import sys
16
48
import re
18
50
import signal
19
51
from sets import Set
20
52
import subprocess
53
import atexit
54
import stat
55
import logging
56
import logging.handlers
21
57
22
58
import dbus
23
59
import gobject
24
60
import avahi
25
61
from dbus.mainloop.glib import DBusGMainLoop
26
27
# This variable is used to optionally bind to a specified
28
# interface.
29
serviceInterface = avahi.IF_UNSPEC
30
# It is a global variable to fit in with the rest of the
31
# variables from the Avahi server example code:
32
serviceName = "Mandos"
33
serviceType = "_mandos._tcp" # http://www.dns-sd.org/ServiceTypes.html
34
servicePort = None # Not known at startup
35
serviceTXT = [] # TXT record for the service
36
domain = "" # Domain to publish on, default to .local
37
host = "" # Host to publish records for, default to localhost
38
group = None #our entry group
39
rename_count = 12 # Counter so we only rename after collisions a
40
# sensible number of times
62
import ctypes
63
64
version = "1.0"
65
66
logger = logging.Logger('mandos')
67
syslogger = logging.handlers.SysLogHandler\
68
(facility = logging.handlers.SysLogHandler.LOG_DAEMON,
69
address = "/dev/log")
70
syslogger.setFormatter(logging.Formatter\
71
('Mandos: %(levelname)s: %(message)s'))
72
logger.addHandler(syslogger)
73
74
console = logging.StreamHandler()
75
console.setFormatter(logging.Formatter('%(name)s: %(levelname)s:'
76
' %(message)s'))
77
logger.addHandler(console)
78
79
class AvahiError(Exception):
80
def __init__(self, value):
81
self.value = value
82
def __str__(self):
83
return repr(self.value)
84
85
class AvahiServiceError(AvahiError):
86
pass
87
88
class AvahiGroupError(AvahiError):
89
pass
90
91
92
class AvahiService(object):
93
"""An Avahi (Zeroconf) service.
94
Attributes:
95
interface: integer; avahi.IF_UNSPEC or an interface index.
96
Used to optionally bind to the specified interface.
97
name: string; Example: 'Mandos'
98
type: string; Example: '_mandos._tcp'.
99
See <http://www.dns-sd.org/ServiceTypes.html>
100
port: integer; what port to announce
101
TXT: list of strings; TXT record for the service
102
domain: string; Domain to publish on, default to .local if empty.
103
host: string; Host to publish records for, default is localhost
104
max_renames: integer; maximum number of renames
105
rename_count: integer; counter so we only rename after collisions
106
a sensible number of times
107
"""
108
def __init__(self, interface = avahi.IF_UNSPEC, name = None,
109
type = None, port = None, TXT = None, domain = "",
110
host = "", max_renames = 32768):
111
self.interface = interface
112
self.name = name
113
self.type = type
114
self.port = port
115
if TXT is None:
116
self.TXT = []
117
else:
118
self.TXT = TXT
119
self.domain = domain
120
self.host = host
121
self.rename_count = 0
122
self.max_renames = max_renames
123
def rename(self):
124
"""Derived from the Avahi example code"""
125
if self.rename_count >= self.max_renames:
126
logger.critical(u"No suitable service name found after %i"
127
u" retries, exiting.", rename_count)
128
raise AvahiServiceError("Too many renames")
129
self.name = server.GetAlternativeServiceName(self.name)
130
logger.info(u"Changing name to %r ...", str(self.name))
131
syslogger.setFormatter(logging.Formatter\
132
('Mandos (%s): %%(levelname)s:'
133
' %%(message)s' % self.name))
134
self.remove()
135
self.add()
136
self.rename_count += 1
137
def remove(self):
138
"""Derived from the Avahi example code"""
139
if group is not None:
140
group.Reset()
141
def add(self):
142
"""Derived from the Avahi example code"""
143
global group
144
if group is None:
145
group = dbus.Interface\
146
(bus.get_object(avahi.DBUS_NAME,
147
server.EntryGroupNew()),
148
avahi.DBUS_INTERFACE_ENTRY_GROUP)
149
group.connect_to_signal('StateChanged',
150
entry_group_state_changed)
151
logger.debug(u"Adding service '%s' of type '%s' ...",
152
service.name, service.type)
153
group.AddService(
154
self.interface, # interface
155
avahi.PROTO_INET6, # protocol
156
dbus.UInt32(0), # flags
157
self.name, self.type,
158
self.domain, self.host,
159
dbus.UInt16(self.port),
160
avahi.string_array_to_txt_array(self.TXT))
161
group.Commit()
162
163
# From the Avahi example code:
164
group = None # our entry group
41
165
# End of Avahi example code
42
166
43
167
44
168
class Client(object):
45
169
"""A representation of a client host served by this server.
46
170
Attributes:
47
password: string
48
fqdn: string, FQDN (used by the checker)
49
created: datetime.datetime()
50
last_seen: datetime.datetime() or None if not yet seen
51
timeout: datetime.timedelta(); How long from last_seen until
52
this client is invalid
171
name: string; from the config file, used in log messages
172
fingerprint: string (40 or 32 hexadecimal digits); used to
173
uniquely identify the client
174
secret: bytestring; sent verbatim (over TLS) to client
175
host: string; available for use by the checker command
176
created: datetime.datetime(); object creation, not client host
177
last_checked_ok: datetime.datetime() or None if not yet checked OK
178
timeout: datetime.timedelta(); How long from last_checked_ok
179
until this client is invalid
53
180
interval: datetime.timedelta(); How often to start a new checker
54
timeout_milliseconds: Used by gobject.timeout_add()
55
interval_milliseconds: - '' -
56
181
stop_hook: If set, called by stop() as stop_hook(self)
57
182
checker: subprocess.Popen(); a running checker process used
58
183
to see if the client lives.
59
Is None if no process is running.
184
'None' if no process is running.
60
185
checker_initiator_tag: a gobject event source tag, or None
61
186
stop_initiator_tag: - '' -
62
187
checker_callback_tag: - '' -
188
checker_command: string; External command which is run to check if
189
client lives. %() expansions are done at
190
runtime with vars(self) as dict, so that for
191
instance %(name)s can be used in the command.
192
Private attibutes:
193
_timeout: Real variable for 'timeout'
194
_interval: Real variable for 'interval'
195
_timeout_milliseconds: Used when calling gobject.timeout_add()
196
_interval_milliseconds: - '' -
63
197
"""
64
def __init__(self, name=None, options=None, stop_hook=None,
65
dn=None, password=None, passfile=None, fqdn=None,
66
timeout=None, interval=-1):
67
self.name = name
68
self.dn = dn
69
if password:
70
self.password = password
71
elif passfile:
72
self.password = open(passfile).readall()
73
else:
74
raise RuntimeError(u"No Password or Passfile for client %s"
75
% self.name)
76
self.fqdn = fqdn # string
77
self.created = datetime.datetime.now()
78
self.last_seen = None
79
if timeout is None:
80
timeout = options.timeout
81
self.timeout = timeout
82
self.timeout_milliseconds = ((self.timeout.days
83
* 24 * 60 * 60 * 1000)
84
+ (self.timeout.seconds * 1000)
85
+ (self.timeout.microseconds
86
// 1000))
87
if interval == -1:
88
interval = options.interval
89
else:
90
interval = string_to_delta(interval)
91
self.interval = interval
92
self.interval_milliseconds = ((self.interval.days
198
def _set_timeout(self, timeout):
199
"Setter function for 'timeout' attribute"
200
self._timeout = timeout
201
self._timeout_milliseconds = ((self.timeout.days
93
202
* 24 * 60 * 60 * 1000)
94
+ (self.interval.seconds * 1000)
95
+ (self.interval.microseconds
203
+ (self.timeout.seconds * 1000)
204
+ (self.timeout.microseconds
96
205
// 1000))
206
timeout = property(lambda self: self._timeout,
207
_set_timeout)
208
del _set_timeout
209
def _set_interval(self, interval):
210
"Setter function for 'interval' attribute"
211
self._interval = interval
212
self._interval_milliseconds = ((self.interval.days
213
* 24 * 60 * 60 * 1000)
214
+ (self.interval.seconds
215
* 1000)
216
+ (self.interval.microseconds
217
// 1000))
218
interval = property(lambda self: self._interval,
219
_set_interval)
220
del _set_interval
221
def __init__(self, name = None, stop_hook=None, config={}):
222
"""Note: the 'checker' key in 'config' sets the
223
'checker_command' attribute and *not* the 'checker'
224
attribute."""
225
self.name = name
226
logger.debug(u"Creating client %r", self.name)
227
# Uppercase and remove spaces from fingerprint for later
228
# comparison purposes with return value from the fingerprint()
229
# function
230
self.fingerprint = config["fingerprint"].upper()\
231
.replace(u" ", u"")
232
logger.debug(u" Fingerprint: %s", self.fingerprint)
233
if "secret" in config:
234
self.secret = config["secret"].decode(u"base64")
235
elif "secfile" in config:
236
sf = open(config["secfile"])
237
self.secret = sf.read()
238
sf.close()
239
else:
240
raise TypeError(u"No secret or secfile for client %s"
241
% self.name)
242
self.host = config.get("host", "")
243
self.created = datetime.datetime.now()
244
self.last_checked_ok = None
245
self.timeout = string_to_delta(config["timeout"])
246
self.interval = string_to_delta(config["interval"])
97
247
self.stop_hook = stop_hook
98
248
self.checker = None
99
249
self.checker_initiator_tag = None
100
250
self.stop_initiator_tag = None
101
251
self.checker_callback_tag = None
252
self.check_command = config["checker"]
102
253
def start(self):
103
"""Start this clients checker and timeout hooks"""
254
"""Start this client's checker and timeout hooks"""
104
255
# Schedule a new checker to be started an 'interval' from now,
105
256
# and every interval from then on.
106
self.checker_initiator_tag = gobject.\
107
timeout_add(self.interval_milliseconds,
108
self.start_checker)
257
self.checker_initiator_tag = gobject.timeout_add\
258
(self._interval_milliseconds,
259
self.start_checker)
109
260
# Also start a new checker *right now*.
110
261
self.start_checker()
111
262
# Schedule a stop() when 'timeout' has passed
112
self.stop_initiator_tag = gobject.\
113
timeout_add(self.timeout_milliseconds,
114
self.stop)
263
self.stop_initiator_tag = gobject.timeout_add\
264
(self._timeout_milliseconds,
265
self.stop)
115
266
def stop(self):
116
267
"""Stop this client.
117
The possibility that this client might be restarted is left
118
open, but not currently used."""
119
# print "Stopping client", self.name
120
self.password = None
121
if self.stop_initiator_tag:
268
The possibility that a client might be restarted is left open,
269
but not currently used."""
270
# If this client doesn't have a secret, it is already stopped.
271
if hasattr(self, "secret") and self.secret:
272
logger.info(u"Stopping client %s", self.name)
273
self.secret = None
274
else:
275
return False
276
if getattr(self, "stop_initiator_tag", False):
122
277
gobject.source_remove(self.stop_initiator_tag)
123
278
self.stop_initiator_tag = None
124
if self.checker_initiator_tag:
279
if getattr(self, "checker_initiator_tag", False):
125
280
gobject.source_remove(self.checker_initiator_tag)
126
281
self.checker_initiator_tag = None
127
282
self.stop_checker()
130
285
# Do not run this again if called by a gobject.timeout_add
131
286
return False
132
287
def __del__(self):
133
# Some code duplication here and in stop()
134
if hasattr(self, "stop_initiator_tag") \
135
and self.stop_initiator_tag:
136
gobject.source_remove(self.stop_initiator_tag)
137
self.stop_initiator_tag = None
138
if hasattr(self, "checker_initiator_tag") \
139
and self.checker_initiator_tag:
140
gobject.source_remove(self.checker_initiator_tag)
141
self.checker_initiator_tag = None
142
self.stop_checker()
288
self.stop_hook = None
289
self.stop()
143
290
def checker_callback(self, pid, condition):
144
291
"""The checker has completed, so take appropriate actions."""
145
292
now = datetime.datetime.now()
293
self.checker_callback_tag = None
294
self.checker = None
146
295
if os.WIFEXITED(condition) \
147
296
and (os.WEXITSTATUS(condition) == 0):
148
#print "Checker for %(name)s succeeded" % vars(self)
149
self.last_seen = now
297
logger.info(u"Checker for %(name)s succeeded",
298
vars(self))
299
self.last_checked_ok = now
150
300
gobject.source_remove(self.stop_initiator_tag)
151
self.stop_initiator_tag = gobject.\
152
timeout_add(self.timeout_milliseconds,
153
self.stop)
154
#else:
155
# if not os.WIFEXITED(condition):
156
# print "Checker for %(name)s crashed?" % vars(self)
157
# else:
158
# print "Checker for %(name)s failed" % vars(self)
159
self.checker = None
160
self.checker_callback_tag = None
301
self.stop_initiator_tag = gobject.timeout_add\
302
(self._timeout_milliseconds,
303
self.stop)
304
elif not os.WIFEXITED(condition):
305
logger.warning(u"Checker for %(name)s crashed?",
306
vars(self))
307
else:
308
logger.info(u"Checker for %(name)s failed",
309
vars(self))
161
310
def start_checker(self):
162
311
"""Start a new checker subprocess if one is not running.
163
312
If a checker already exists, leave it running and do
164
313
nothing."""
314
# The reason for not killing a running checker is that if we
315
# did that, then if a checker (for some reason) started
316
# running slowly and taking more than 'interval' time, the
317
# client would inevitably timeout, since no checker would get
318
# a chance to run to completion. If we instead leave running
319
# checkers alone, the checker would have to take more time
320
# than 'timeout' for the client to be declared invalid, which
321
# is as it should be.
165
322
if self.checker is None:
166
#print "Starting checker for", self.name
167
try:
168
self.checker = subprocess.\
169
Popen("sleep 1; fping -q -- %s"
170
% re.escape(self.fqdn),
171
stdout=subprocess.PIPE,
172
close_fds=True, shell=True,
173
cwd="/")
174
self.checker_callback_tag = gobject.\
175
child_watch_add(self.checker.pid,
176
self.\
177
checker_callback)
323
try:
324
# In case check_command has exactly one % operator
325
command = self.check_command % self.host
326
except TypeError:
327
# Escape attributes for the shell
328
escaped_attrs = dict((key, re.escape(str(val)))
329
for key, val in
330
vars(self).iteritems())
331
try:
332
command = self.check_command % escaped_attrs
333
except TypeError, error:
334
logger.error(u'Could not format string "%s":'
335
u' %s', self.check_command, error)
336
return True # Try again later
337
try:
338
logger.info(u"Starting checker %r for %s",
339
command, self.name)
340
self.checker = subprocess.Popen(command,
341
close_fds=True,
342
shell=True, cwd="/")
343
self.checker_callback_tag = gobject.child_watch_add\
344
(self.checker.pid,
345
self.checker_callback)
178
346
except subprocess.OSError, error:
179
sys.stderr.write(u"Failed to start subprocess: %s\n"
180
% error)
347
logger.error(u"Failed to start subprocess: %s",
348
error)
181
349
# Re-run this periodically if run by gobject.timeout_add
182
350
return True
183
351
def stop_checker(self):
184
352
"""Force the checker process, if any, to stop."""
185
if not hasattr(self, "checker") or self.checker is None:
353
if self.checker_callback_tag:
354
gobject.source_remove(self.checker_callback_tag)
355
self.checker_callback_tag = None
356
if getattr(self, "checker", None) is None:
186
357
return
187
gobject.source_remove(self.checker_callback_tag)
188
self.checker_callback_tag = None
189
os.kill(self.checker.pid, signal.SIGTERM)
190
if self.checker.poll() is None:
191
os.kill(self.checker.pid, signal.SIGKILL)
358
logger.debug(u"Stopping checker for %(name)s", vars(self))
359
try:
360
os.kill(self.checker.pid, signal.SIGTERM)
361
#os.sleep(0.5)
362
#if self.checker.poll() is None:
363
# os.kill(self.checker.pid, signal.SIGKILL)
364
except OSError, error:
365
if error.errno != errno.ESRCH: # No such process
366
raise
192
367
self.checker = None
193
def still_valid(self, now=None):
368
def still_valid(self):
194
369
"""Has the timeout not yet passed for this client?"""
195
if now is None:
196
now = datetime.datetime.now()
197
if self.last_seen is None:
370
now = datetime.datetime.now()
371
if self.last_checked_ok is None:
198
372
return now < (self.created + self.timeout)
199
373
else:
200
return now < (self.last_seen + self.timeout)
374
return now < (self.last_checked_ok + self.timeout)
375
376
377
def peer_certificate(session):
378
"Return the peer's OpenPGP certificate as a bytestring"
379
# If not an OpenPGP certificate...
380
if gnutls.library.functions.gnutls_certificate_type_get\
381
(session._c_object) \
382
!= gnutls.library.constants.GNUTLS_CRT_OPENPGP:
383
# ...do the normal thing
384
return session.peer_certificate
385
list_size = ctypes.c_uint()
386
cert_list = gnutls.library.functions.gnutls_certificate_get_peers\
387
(session._c_object, ctypes.byref(list_size))
388
if list_size.value == 0:
389
return None
390
cert = cert_list[0]
391
return ctypes.string_at(cert.data, cert.size)
392
393
394
def fingerprint(openpgp):
395
"Convert an OpenPGP bytestring to a hexdigit fingerprint string"
396
# New GnuTLS "datum" with the OpenPGP public key
397
datum = gnutls.library.types.gnutls_datum_t\
398
(ctypes.cast(ctypes.c_char_p(openpgp),
399
ctypes.POINTER(ctypes.c_ubyte)),
400
ctypes.c_uint(len(openpgp)))
401
# New empty GnuTLS certificate
402
crt = gnutls.library.types.gnutls_openpgp_crt_t()
403
gnutls.library.functions.gnutls_openpgp_crt_init\
404
(ctypes.byref(crt))
405
# Import the OpenPGP public key into the certificate
406
gnutls.library.functions.gnutls_openpgp_crt_import\
407
(crt, ctypes.byref(datum),
408
gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)
409
# New buffer for the fingerprint
410
buffer = ctypes.create_string_buffer(20)
411
buffer_length = ctypes.c_size_t()
412
# Get the fingerprint from the certificate into the buffer
413
gnutls.library.functions.gnutls_openpgp_crt_get_fingerprint\
414
(crt, ctypes.byref(buffer), ctypes.byref(buffer_length))
415
# Deinit the certificate
416
gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)
417
# Convert the buffer to a Python bytestring
418
fpr = ctypes.string_at(buffer, buffer_length.value)
419
# Convert the bytestring to hexadecimal notation
420
hex_fpr = u''.join(u"%02X" % ord(char) for char in fpr)
421
return hex_fpr
201
422
202
423
203
424
class tcp_handler(SocketServer.BaseRequestHandler, object):
204
425
"""A TCP request handler class.
205
426
Instantiated by IPv6_TCPServer for each request to handle it.
206
427
Note: This will run in its own forked process."""
428
207
429
def handle(self):
208
#print u"TCP request came"
209
#print u"Request:", self.request
210
#print u"Client Address:", self.client_address
211
#print u"Server:", self.server
212
session = gnutls.connection.ServerSession(self.request,
213
self.server\
214
.credentials)
430
logger.info(u"TCP connection from: %s",
431
unicode(self.client_address))
432
session = gnutls.connection.ClientSession\
433
(self.request, gnutls.connection.X509Credentials())
434
435
line = self.request.makefile().readline()
436
logger.debug(u"Protocol version: %r", line)
437
try:
438
if int(line.strip().split()[0]) > 1:
439
raise RuntimeError
440
except (ValueError, IndexError, RuntimeError), error:
441
logger.error(u"Unknown protocol version: %s", error)
442
return
443
444
# Note: gnutls.connection.X509Credentials is really a generic
445
# GnuTLS certificate credentials object so long as no X.509
446
# keys are added to it. Therefore, we can use it here despite
447
# using OpenPGP certificates.
448
449
#priority = ':'.join(("NONE", "+VERS-TLS1.1", "+AES-256-CBC",
450
# "+SHA1", "+COMP-NULL", "+CTYPE-OPENPGP",
451
# "+DHE-DSS"))
452
priority = "NORMAL" # Fallback default, since this
453
# MUST be set.
454
if self.server.settings["priority"]:
455
priority = self.server.settings["priority"]
456
gnutls.library.functions.gnutls_priority_set_direct\
457
(session._c_object, priority, None);
458
215
459
try:
216
460
session.handshake()
217
461
except gnutls.errors.GNUTLSError, error:
218
#sys.stderr.write(u"Handshake failed: %s\n" % error)
462
logger.warning(u"Handshake failed: %s", error)
219
463
# Do not run session.bye() here: the session is not
220
464
# established. Just abandon the request.
221
465
return
222
#if session.peer_certificate:
223
# print "DN:", session.peer_certificate.subject
224
466
try:
225
session.verify_peer()
226
except gnutls.errors.CertificateError, error:
227
#sys.stderr.write(u"Verify failed: %s\n" % error)
467
fpr = fingerprint(peer_certificate(session))
468
except (TypeError, gnutls.errors.GNUTLSError), error:
469
logger.warning(u"Bad certificate: %s", error)
228
470
session.bye()
229
471
return
472
logger.debug(u"Fingerprint: %s", fpr)
230
473
client = None
231
for c in clients:
232
if c.dn == session.peer_certificate.subject:
474
for c in self.server.clients:
475
if c.fingerprint == fpr:
233
476
client = c
234
477
break
478
if not client:
479
logger.warning(u"Client not found for fingerprint: %s",
480
fpr)
481
session.bye()
482
return
235
483
# Have to check if client.still_valid(), since it is possible
236
484
# that the client timed out while establishing the GnuTLS
237
485
# session.
238
if client and client.still_valid():
239
session.send(client.password)
240
else:
241
#if client:
242
# sys.stderr.write(u"Client %(name)s is invalid\n"
243
# % vars(client))
244
#else:
245
# sys.stderr.write(u"Client not found for DN: %s\n"
246
# % session.peer_certificate.subject)
247
#session.send("gazonk")
248
pass
486
if not client.still_valid():
487
logger.warning(u"Client %(name)s is invalid",
488
vars(client))
489
session.bye()
490
return
491
sent_size = 0
492
while sent_size < len(client.secret):
493
sent = session.send(client.secret[sent_size:])
494
logger.debug(u"Sent: %d, remaining: %d",
495
sent, len(client.secret)
496
- (sent_size + sent))
497
sent_size += sent
249
498
session.bye()
250
499
251
500
252
501
class IPv6_TCPServer(SocketServer.ForkingTCPServer, object):
253
502
"""IPv6 TCP server. Accepts 'None' as address and/or port.
254
503
Attributes:
255
options: Command line options
504
settings: Server settings
256
505
clients: Set() of Client objects
257
credentials: GnuTLS X.509 credentials
258
506
"""
259
507
address_family = socket.AF_INET6
260
508
def __init__(self, *args, **kwargs):
261
if "options" in kwargs:
262
self.options = kwargs["options"]
263
del kwargs["options"]
509
if "settings" in kwargs:
510
self.settings = kwargs["settings"]
511
del kwargs["settings"]
264
512
if "clients" in kwargs:
265
513
self.clients = kwargs["clients"]
266
514
del kwargs["clients"]
267
if "credentials" in kwargs:
268
self.credentials = kwargs["credentials"]
269
del kwargs["credentials"]
270
515
return super(type(self), self).__init__(*args, **kwargs)
271
516
def server_bind(self):
272
517
"""This overrides the normal server_bind() function
273
518
to bind to an interface if one was specified, and also NOT to
274
519
bind to an address or port if they were not specified."""
275
if self.options.interface:
276
if not hasattr(socket, "SO_BINDTODEVICE"):
277
# From /usr/include/asm-i486/socket.h
278
socket.SO_BINDTODEVICE = 25
520
if self.settings["interface"]:
521
# 25 is from /usr/include/asm-i486/socket.h
522
SO_BINDTODEVICE = getattr(socket, "SO_BINDTODEVICE", 25)
279
523
try:
280
524
self.socket.setsockopt(socket.SOL_SOCKET,
281
socket.SO_BINDTODEVICE,
282
self.options.interface)
525
SO_BINDTODEVICE,
526
self.settings["interface"])
283
527
except socket.error, error:
284
528
if error[0] == errno.EPERM:
285
sys.stderr.write(u"Warning: No permission to bind to interface %s\n"
286
% self.options.interface)
529
logger.error(u"No permission to"
530
u" bind to interface %s",
531
self.settings["interface"])
287
532
else:
288
533
raise error
289
534
# Only bind(2) the socket if we really need to.
292
537
in6addr_any = "::"
293
538
self.server_address = (in6addr_any,
294
539
self.server_address[1])
295
elif self.server_address[1] is None:
540
elif not self.server_address[1]:
296
541
self.server_address = (self.server_address[0],
297
542
0)
543
# if self.settings["interface"]:
544
# self.server_address = (self.server_address[0],
545
# 0, # port
546
# 0, # flowinfo
547
# if_nametoindex
548
# (self.settings
549
# ["interface"]))
298
550
return super(type(self), self).server_bind()
299
551
300
552
332
584
return delta
333
585
334
586
335
def add_service():
336
"""From the Avahi server example code"""
337
global group, serviceName, serviceType, servicePort, serviceTXT, \
338
domain, host
339
if group is None:
340
group = dbus.Interface(
341
bus.get_object( avahi.DBUS_NAME,
342
server.EntryGroupNew()),
343
avahi.DBUS_INTERFACE_ENTRY_GROUP)
344
group.connect_to_signal('StateChanged',
345
entry_group_state_changed)
346
347
# print "Adding service '%s' of type '%s' ..." % (serviceName,
348
# serviceType)
349
350
group.AddService(
351
serviceInterface, # interface
352
avahi.PROTO_INET6, # protocol
353
dbus.UInt32(0), # flags
354
serviceName, serviceType,
355
domain, host,
356
dbus.UInt16(servicePort),
357
avahi.string_array_to_txt_array(serviceTXT))
358
group.Commit()
359
360
361
def remove_service():
362
"""From the Avahi server example code"""
363
global group
364
365
if not group is None:
366
group.Reset()
367
368
369
587
def server_state_changed(state):
370
"""From the Avahi server example code"""
588
"""Derived from the Avahi example code"""
371
589
if state == avahi.SERVER_COLLISION:
372
print "WARNING: Server name collision"
373
remove_service()
590
logger.error(u"Server name collision")
591
service.remove()
374
592
elif state == avahi.SERVER_RUNNING:
375
add_service()
593
service.add()
376
594
377
595
378
596
def entry_group_state_changed(state, error):
379
"""From the Avahi server example code"""
380
global serviceName, server, rename_count
381
382
# print "state change: %i" % state
597
"""Derived from the Avahi example code"""
598
logger.debug(u"state change: %i", state)
383
599
384
600
if state == avahi.ENTRY_GROUP_ESTABLISHED:
385
pass
386
# print "Service established."
601
logger.debug(u"Service established.")
387
602
elif state == avahi.ENTRY_GROUP_COLLISION:
388
389
rename_count = rename_count - 1
390
if rename_count > 0:
391
name = server.GetAlternativeServiceName(name)
392
print "WARNING: Service name collision, changing name to '%s' ..." % name
393
remove_service()
394
add_service()
395
396
else:
397
print "ERROR: No suitable service name found after %i retries, exiting." % n_rename
398
main_loop.quit()
603
logger.warning(u"Service name collision.")
604
service.rename()
399
605
elif state == avahi.ENTRY_GROUP_FAILURE:
400
print "Error in group state changed", error
401
main_loop.quit()
402
return
403
606
logger.critical(u"Error in group state changed %s",
607
unicode(error))
608
raise AvahiGroupError("State changed: %s", str(error))
404
609
405
610
def if_nametoindex(interface):
406
"""Call the C function if_nametoindex()"""
611
"""Call the C function if_nametoindex(), or equivalent"""
612
global if_nametoindex
407
613
try:
408
if "ctypes" not in sys.modules:
409
import ctypes
410
libc = ctypes.cdll.LoadLibrary("libc.so.6")
411
return libc.if_nametoindex(interface)
412
except (ImportError, OSError, AttributeError):
614
if "ctypes.util" not in sys.modules:
615
import ctypes.util
616
if_nametoindex = ctypes.cdll.LoadLibrary\
617
(ctypes.util.find_library("c")).if_nametoindex
618
except (OSError, AttributeError):
413
619
if "struct" not in sys.modules:
414
620
import struct
415
621
if "fcntl" not in sys.modules:
416
622
import fcntl
417
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
418
s = socket.socket()
419
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
420
struct.pack("16s16x", interface))
421
s.close()
422
interface_index = struct.unpack("I", ifreq[16:20])[0]
423
return interface_index
424
425
426
if __name__ == '__main__':
427
parser = OptionParser()
623
def if_nametoindex(interface):
624
"Get an interface index the hard way, i.e. using fcntl()"
625
SIOCGIFINDEX = 0x8933 # From /usr/include/linux/sockios.h
626
s = socket.socket()
627
ifreq = fcntl.ioctl(s, SIOCGIFINDEX,
628
struct.pack("16s16x", interface))
629
s.close()
630
interface_index = struct.unpack("I", ifreq[16:20])[0]
631
return interface_index
632
return if_nametoindex(interface)
633
634
635
def daemon(nochdir = False, noclose = False):
636
"""See daemon(3). Standard BSD Unix function.
637
This should really exist as os.daemon, but it doesn't (yet)."""
638
if os.fork():
639
sys.exit()
640
os.setsid()
641
if not nochdir:
642
os.chdir("/")
643
if os.fork():
644
sys.exit()
645
if not noclose:
646
# Close all standard open file descriptors
647
null = os.open(os.path.devnull, os.O_NOCTTY | os.O_RDWR)
648
if not stat.S_ISCHR(os.fstat(null).st_mode):
649
raise OSError(errno.ENODEV,
650
"/dev/null not a character device")
651
os.dup2(null, sys.stdin.fileno())
652
os.dup2(null, sys.stdout.fileno())
653
os.dup2(null, sys.stderr.fileno())
654
if null > 2:
655
os.close(null)
656
657
658
def main():
659
global main_loop_started
660
main_loop_started = False
661
662
parser = OptionParser(version = "%%prog %s" % version)
428
663
parser.add_option("-i", "--interface", type="string",
429
default=None, metavar="IF",
430
help="Bind to interface IF")
431
parser.add_option("--cert", type="string", default="cert.pem",
432
metavar="FILE",
433
help="Public key certificate PEM file to use")
434
parser.add_option("--key", type="string", default="key.pem",
435
metavar="FILE",
436
help="Private key PEM file to use")
437
parser.add_option("--ca", type="string", default="ca.pem",
438
metavar="FILE",
439
help="Certificate Authority certificate PEM file to use")
440
parser.add_option("--crl", type="string", default="crl.pem",
441
metavar="FILE",
442
help="Certificate Revokation List PEM file to use")
443
parser.add_option("-p", "--port", type="int", default=None,
664
metavar="IF", help="Bind to interface IF")
665
parser.add_option("-a", "--address", type="string",
666
help="Address to listen for requests on")
667
parser.add_option("-p", "--port", type="int",
444
668
help="Port number to receive requests on")
445
parser.add_option("--timeout", type="string", # Parsed later
446
default="1h",
447
help="Amount of downtime allowed for clients")
448
parser.add_option("--interval", type="string", # Parsed later
449
default="5m",
450
help="How often to check that a client is up")
451
669
parser.add_option("--check", action="store_true", default=False,
452
670
help="Run self-test")
671
parser.add_option("--debug", action="store_true",
672
help="Debug mode; run in foreground and log to"
673
" terminal")
674
parser.add_option("--priority", type="string", help="GnuTLS"
675
" priority string (see GnuTLS documentation)")
676
parser.add_option("--servicename", type="string", metavar="NAME",
677
help="Zeroconf service name")
678
parser.add_option("--configdir", type="string",
679
default="/etc/mandos", metavar="DIR",
680
help="Directory to search for configuration"
681
" files")
453
682
(options, args) = parser.parse_args()
454
683
455
684
if options.check:
457
686
doctest.testmod()
458
687
sys.exit()
459
688
460
# Parse the time arguments
461
try:
462
options.timeout = string_to_delta(options.timeout)
463
except ValueError:
464
parser.error("option --timeout: Unparseable time")
465
try:
466
options.interval = string_to_delta(options.interval)
467
except ValueError:
468
parser.error("option --interval: Unparseable time")
469
470
cert = gnutls.crypto.X509Certificate(open(options.cert).read())
471
key = gnutls.crypto.X509PrivateKey(open(options.key).read())
472
ca = gnutls.crypto.X509Certificate(open(options.ca).read())
473
crl = gnutls.crypto.X509CRL(open(options.crl).read())
474
cred = gnutls.connection.X509Credentials(cert, key, [ca], [crl])
475
476
# Parse config file
477
defaults = {}
478
client_config = ConfigParser.SafeConfigParser(defaults)
479
#client_config.readfp(open("secrets.conf"), "secrets.conf")
480
client_config.read("mandos-clients.conf")
481
482
# From the Avahi server example code
689
# Default values for config file for server-global settings
690
server_defaults = { "interface": "",
691
"address": "",
692
"port": "",
693
"debug": "False",
694
"priority":
695
"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP",
696
"servicename": "Mandos",
697
}
698
699
# Parse config file for server-global settings
700
server_config = ConfigParser.SafeConfigParser(server_defaults)
701
del server_defaults
702
server_config.read(os.path.join(options.configdir, "mandos.conf"))
703
server_section = "server"
704
# Convert the SafeConfigParser object to a dict
705
server_settings = dict(server_config.items(server_section))
706
# Use getboolean on the boolean config option
707
server_settings["debug"] = server_config.getboolean\
708
(server_section, "debug")
709
del server_config
710
711
# Override the settings from the config file with command line
712
# options, if set.
713
for option in ("interface", "address", "port", "debug",
714
"priority", "servicename", "configdir"):
715
value = getattr(options, option)
716
if value is not None:
717
server_settings[option] = value
718
del options
719
# Now we have our good server settings in "server_settings"
720
721
debug = server_settings["debug"]
722
723
if not debug:
724
syslogger.setLevel(logging.WARNING)
725
console.setLevel(logging.WARNING)
726
727
if server_settings["servicename"] != "Mandos":
728
syslogger.setFormatter(logging.Formatter\
729
('Mandos (%s): %%(levelname)s:'
730
' %%(message)s'
731
% server_settings["servicename"]))
732
733
# Parse config file with clients
734
client_defaults = { "timeout": "1h",
735
"interval": "5m",
736
"checker": "fping -q -- %%(host)s",
737
}
738
client_config = ConfigParser.SafeConfigParser(client_defaults)
739
client_config.read(os.path.join(server_settings["configdir"],
740
"clients.conf"))
741
742
global service
743
service = AvahiService(name = server_settings["servicename"],
744
type = "_mandos._tcp", );
745
if server_settings["interface"]:
746
service.interface = if_nametoindex(server_settings["interface"])
747
748
global main_loop
749
global bus
750
global server
751
# From the Avahi example code
483
752
DBusGMainLoop(set_as_default=True )
484
753
main_loop = gobject.MainLoop()
485
754
bus = dbus.SystemBus()
492
761
def remove_from_clients(client):
493
762
clients.remove(client)
494
763
if not clients:
495
print "No clients left, exiting"
496
main_loop.quit()
764
logger.critical(u"No clients left, exiting")
765
sys.exit()
497
766
498
clients.update(Set(Client(name=section, options=options,
767
clients.update(Set(Client(name = section,
499
768
stop_hook = remove_from_clients,
500
**(dict(client_config\
501
.items(section))))
769
config
770
= dict(client_config.items(section)))
502
771
for section in client_config.sections()))
772
if not clients:
773
logger.critical(u"No clients defined")
774
sys.exit(1)
775
776
if not debug:
777
logger.removeHandler(console)
778
daemon()
779
780
pidfilename = "/var/run/mandos/mandos.pid"
781
pid = os.getpid()
782
try:
783
pidfile = open(pidfilename, "w")
784
pidfile.write(str(pid) + "\n")
785
pidfile.close()
786
del pidfile
787
except IOError, err:
788
logger.error(u"Could not write %s file with PID %d",
789
pidfilename, os.getpid())
790
791
def cleanup():
792
"Cleanup function; run on exit"
793
global group
794
# From the Avahi example code
795
if not group is None:
796
group.Free()
797
group = None
798
# End of Avahi example code
799
800
while clients:
801
client = clients.pop()
802
client.stop_hook = None
803
client.stop()
804
805
atexit.register(cleanup)
806
807
if not debug:
808
signal.signal(signal.SIGINT, signal.SIG_IGN)
809
signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())
810
signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())
811
503
812
for client in clients:
504
813
client.start()
505
814
506
tcp_server = IPv6_TCPServer((None, options.port),
815
tcp_server = IPv6_TCPServer((server_settings["address"],
816
server_settings["port"]),
507
817
tcp_handler,
508
options=options,
509
clients=clients,
510
credentials=cred)
511
# Find out what random port we got
512
servicePort = tcp_server.socket.getsockname()[1]
513
#sys.stderr.write("Now listening on port %d\n" % servicePort)
514
515
if options.interface is not None:
516
serviceInterface = if_nametoindex(options.interface)
517
518
# From the Avahi server example code
519
server.connect_to_signal("StateChanged", server_state_changed)
520
server_state_changed(server.GetState())
521
# End of Avahi example code
522
523
gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,
524
lambda *args, **kwargs:
525
tcp_server.handle_request(*args[2:],
526
**kwargs) or True)
818
settings=server_settings,
819
clients=clients)
820
# Find out what port we got
821
service.port = tcp_server.socket.getsockname()[1]
822
logger.info(u"Now listening on address %r, port %d, flowinfo %d,"
823
u" scope_id %d" % tcp_server.socket.getsockname())
824
825
#service.interface = tcp_server.socket.getsockname()[3]
826
527
827
try:
828
# From the Avahi example code
829
server.connect_to_signal("StateChanged", server_state_changed)
830
try:
831
server_state_changed(server.GetState())
832
except dbus.exceptions.DBusException, error:
833
logger.critical(u"DBusException: %s", error)
834
sys.exit(1)
835
# End of Avahi example code
836
837
gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,
838
lambda *args, **kwargs:
839
tcp_server.handle_request\
840
(*args[2:], **kwargs) or True)
841
842
logger.debug(u"Starting main loop")
843
main_loop_started = True
528
844
main_loop.run()
845
except AvahiError, error:
846
logger.critical(u"AvahiError: %s" + unicode(error))
847
sys.exit(1)
529
848
except KeyboardInterrupt:
530
print
531
532
# Cleanup here
849
if debug:
850
print
533
851
534
# From the Avahi server example code
535
if not group is None:
536
group.Free()
537
# End of Avahi example code
538
539
for client in clients:
540
client.stop_hook = None
541
client.stop()
852
if __name__ == '__main__':
853
main()
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0