/mandos/trunk : revision 869

1

#!/usr/bin/python2.7

1

#!/usr/bin/python

2

# -*- mode: python; coding: utf-8 -*-

3

#

4

# Mandos server - give out binary blobs to connecting clients.

11

# "AvahiService" class, and some lines in "main".

12

#

13

# Everything else is

14

15

14

15

16

#

17

# This program is free software: you can redistribute it and/or modify

18

# it under the terms of the GNU General Public License as published by

34

from __future__ import (division, absolute_import, print_function,

35

unicode_literals)

36

37

from future_builtins import *

37

try:

38

from future_builtins import *

39

except ImportError:

40

pass

38

41

39

42

try:

40

43

import SocketServer as socketserver

44

47

import argparse

45

48

import datetime

46

49

import errno

47

import gnutls.crypto

48

import gnutls.connection

49

import gnutls.errors

50

import gnutls.library.functions

51

import gnutls.library.constants

52

import gnutls.library.types

53

50

try:

54

51

import ConfigParser as configparser

55

52

except ImportError:

82

79

83

80

import dbus

84

81

import dbus.service

85

try:

86

import gobject

87

except ImportError:

88

from gi.repository import GObject as gobject

89

import avahi

82

from gi.repository import GLib

90

83

from dbus.mainloop.glib import DBusGMainLoop

91

84

import ctypes

92

85

import ctypes.util

93

86

import xml.dom.minidom

94

87

import inspect

95

88

89

# Try to find the value of SO_BINDTODEVICE:

96

90

try:

91

# This is where SO_BINDTODEVICE is in Python 3.3 (or 3.4?) and

92

# newer, and it is also the most natural place for it:

97

93

SO_BINDTODEVICE = socket.SO_BINDTODEVICE

98

94

except AttributeError:

99

95

try:

96

# This is where SO_BINDTODEVICE was up to and including Python

97

# 2.6, and also 3.2:

100

98

from IN import SO_BINDTODEVICE

101

99

except ImportError:

102

SO_BINDTODEVICE = None

100

# In Python 2.7 it seems to have been removed entirely.

101

# Try running the C preprocessor:

102

try:

103

cc = subprocess.Popen(["cc", "--language=c", "-E",

104

"/dev/stdin"],

105

stdin=subprocess.PIPE,

106

stdout=subprocess.PIPE)

107

stdout = cc.communicate(

108

"#include <sys/socket.h>\nSO_BINDTODEVICE\n")[0]

109

SO_BINDTODEVICE = int(stdout.splitlines()[-1])

110

except (OSError, ValueError, IndexError):

111

# No value found

112

SO_BINDTODEVICE = None

103

113

104

114

if sys.version_info.major == 2:

105

115

str = unicode

106

116

107

version = "1.6.9"

117

version = "1.7.10"

108

118

stored_state_file = "clients.pickle"

109

119

110

120

logger = logging.getLogger()

125

135

return interface_index

126

136

127

137

138

def copy_function(func):

139

"""Make a copy of a function"""

140

if sys.version_info.major == 2:

141

return types.FunctionType(func.func_code,

142

func.func_globals,

143

func.func_name,

144

func.func_defaults,

145

func.func_closure)

146

else:

147

return types.FunctionType(func.__code__,

148

func.__globals__,

149

func.__name__,

150

func.__defaults__,

151

func.__closure__)

152

153

128

154

def initlogger(debug, level=logging.WARNING):

129

155

"""init logger and add loglevel"""

130

156

157

183

158

184

def __init__(self):

159

185

self.tempdir = tempfile.mkdtemp(prefix="mandos-")

186

self.gpg = "gpg"

187

try:

188

output = subprocess.check_output(["gpgconf"])

189

for line in output.splitlines():

190

name, text, path = line.split(b":")

191

if name == "gpg":

192

self.gpg = path

193

break

194

except OSError as e:

195

if e.errno != errno.ENOENT:

196

raise

160

197

self.gnupgargs = ['--batch',

161

'--home', self.tempdir,

198

'--homedir', self.tempdir,

162

199

'--force-mdc',

163

'--quiet',

164

'--no-use-agent']

200

'--quiet']

201

# Only GPG version 1 has the --no-use-agent option.

202

if self.gpg == "gpg" or self.gpg.endswith("/gpg"):

203

self.gnupgargs.append("--no-use-agent")

165

204

166

205

def __enter__(self):

167

206

return self

203

242

dir=self.tempdir) as passfile:

204

243

passfile.write(passphrase)

205

244

passfile.flush()

206

proc = subprocess.Popen(['gpg', '--symmetric',

245

proc = subprocess.Popen([self.gpg, '--symmetric',

207

246

'--passphrase-file',

208

247

passfile.name]

209

248

+ self.gnupgargs,

221

260

dir = self.tempdir) as passfile:

222

261

passfile.write(passphrase)

223

262

passfile.flush()

224

proc = subprocess.Popen(['gpg', '--decrypt',

263

proc = subprocess.Popen([self.gpg, '--decrypt',

225

264

'--passphrase-file',

226

265

passfile.name]

227

266

+ self.gnupgargs,

233

272

raise PGPError(err)

234

273

return decrypted_plaintext

235

274

275

# Pretend that we have an Avahi module

276

class Avahi(object):

277

"""This isn't so much a class as it is a module-like namespace.

278

It is instantiated once, and simulates having an Avahi module."""

279

IF_UNSPEC = -1 # avahi-common/address.h

280

PROTO_UNSPEC = -1 # avahi-common/address.h

281

PROTO_INET = 0 # avahi-common/address.h

282

PROTO_INET6 = 1 # avahi-common/address.h

283

DBUS_NAME = "org.freedesktop.Avahi"

284

DBUS_INTERFACE_ENTRY_GROUP = DBUS_NAME + ".EntryGroup"

285

DBUS_INTERFACE_SERVER = DBUS_NAME + ".Server"

286

DBUS_PATH_SERVER = "/"

287

def string_array_to_txt_array(self, t):

288

return dbus.Array((dbus.ByteArray(s.encode("utf-8"))

289

for s in t), signature="ay")

290

ENTRY_GROUP_ESTABLISHED = 2 # avahi-common/defs.h

291

ENTRY_GROUP_COLLISION = 3 # avahi-common/defs.h

292

ENTRY_GROUP_FAILURE = 4 # avahi-common/defs.h

293

SERVER_INVALID = 0 # avahi-common/defs.h

294

SERVER_REGISTERING = 1 # avahi-common/defs.h

295

SERVER_RUNNING = 2 # avahi-common/defs.h

296

SERVER_COLLISION = 3 # avahi-common/defs.h

297

SERVER_FAILURE = 4 # avahi-common/defs.h

298

avahi = Avahi()

236

299

237

300

class AvahiError(Exception):

238

301

def __init__(self, value, *args, **kwargs):

435

498

.format(self.name)))

436

499

return ret

437

500

501

# Pretend that we have a GnuTLS module

502

class GnuTLS(object):

503

"""This isn't so much a class as it is a module-like namespace.

504

It is instantiated once, and simulates having a GnuTLS module."""

505

506

_library = ctypes.cdll.LoadLibrary(

507

ctypes.util.find_library("gnutls"))

508

_need_version = b"3.3.0"

509

def __init__(self):

510

# Need to use class name "GnuTLS" here, since this method is

511

# called before the assignment to the "gnutls" global variable

512

# happens.

513

if GnuTLS.check_version(self._need_version) is None:

514

raise GnuTLS.Error("Needs GnuTLS {} or later"

515

.format(self._need_version))

516

517

# Unless otherwise indicated, the constants and types below are

518

# all from the gnutls/gnutls.h C header file.

519

520

# Constants

521

E_SUCCESS = 0

522

E_INTERRUPTED = -52

523

E_AGAIN = -28

524

CRT_OPENPGP = 2

525

CLIENT = 2

526

SHUT_RDWR = 0

527

CRD_CERTIFICATE = 1

528

E_NO_CERTIFICATE_FOUND = -49

529

OPENPGP_FMT_RAW = 0 # gnutls/openpgp.h

530

531

# Types

532

class session_int(ctypes.Structure):

533

_fields_ = []

534

session_t = ctypes.POINTER(session_int)

535

class certificate_credentials_st(ctypes.Structure):

536

_fields_ = []

537

certificate_credentials_t = ctypes.POINTER(

538

certificate_credentials_st)

539

certificate_type_t = ctypes.c_int

540

class datum_t(ctypes.Structure):

541

_fields_ = [('data', ctypes.POINTER(ctypes.c_ubyte)),

542

('size', ctypes.c_uint)]

543

class openpgp_crt_int(ctypes.Structure):

544

_fields_ = []

545

openpgp_crt_t = ctypes.POINTER(openpgp_crt_int)

546

openpgp_crt_fmt_t = ctypes.c_int # gnutls/openpgp.h

547

log_func = ctypes.CFUNCTYPE(None, ctypes.c_int, ctypes.c_char_p)

548

credentials_type_t = ctypes.c_int

549

transport_ptr_t = ctypes.c_void_p

550

close_request_t = ctypes.c_int

551

552

# Exceptions

553

class Error(Exception):

554

# We need to use the class name "GnuTLS" here, since this

555

# exception might be raised from within GnuTLS.__init__,

556

# which is called before the assignment to the "gnutls"

557

# global variable has happened.

558

def __init__(self, message = None, code = None, args=()):

559

# Default usage is by a message string, but if a return

560

# code is passed, convert it to a string with

561

# gnutls.strerror()

562

self.code = code

563

if message is None and code is not None:

564

message = GnuTLS.strerror(code)

565

return super(GnuTLS.Error, self).__init__(

566

message, *args)

567

568

class CertificateSecurityError(Error):

569

pass

570

571

# Classes

572

class Credentials(object):

573

def __init__(self):

574

self._c_object = gnutls.certificate_credentials_t()

575

gnutls.certificate_allocate_credentials(

576

ctypes.byref(self._c_object))

577

self.type = gnutls.CRD_CERTIFICATE

578

579

def __del__(self):

580

gnutls.certificate_free_credentials(self._c_object)

581

582

class ClientSession(object):

583

def __init__(self, socket, credentials = None):

584

self._c_object = gnutls.session_t()

585

gnutls.init(ctypes.byref(self._c_object), gnutls.CLIENT)

586

gnutls.set_default_priority(self._c_object)

587

gnutls.transport_set_ptr(self._c_object, socket.fileno())

588

gnutls.handshake_set_private_extensions(self._c_object,

589

True)

590

self.socket = socket

591

if credentials is None:

592

credentials = gnutls.Credentials()

593

gnutls.credentials_set(self._c_object, credentials.type,

594

ctypes.cast(credentials._c_object,

595

ctypes.c_void_p))

596

self.credentials = credentials

597

598

def __del__(self):

599

gnutls.deinit(self._c_object)

600

601

def handshake(self):

602

return gnutls.handshake(self._c_object)

603

604

def send(self, data):

605

data = bytes(data)

606

data_len = len(data)

607

while data_len > 0:

608

data_len -= gnutls.record_send(self._c_object,

609

data[-data_len:],

610

data_len)

611

612

def bye(self):

613

return gnutls.bye(self._c_object, gnutls.SHUT_RDWR)

614

615

# Error handling functions

616

def _error_code(result):

617

"""A function to raise exceptions on errors, suitable

618

for the 'restype' attribute on ctypes functions"""

619

if result >= 0:

620

return result

621

if result == gnutls.E_NO_CERTIFICATE_FOUND:

622

raise gnutls.CertificateSecurityError(code = result)

623

raise gnutls.Error(code = result)

624

625

def _retry_on_error(result, func, arguments):

626

"""A function to retry on some errors, suitable

627

for the 'errcheck' attribute on ctypes functions"""

628

while result < 0:

629

if result not in (gnutls.E_INTERRUPTED, gnutls.E_AGAIN):

630

return _error_code(result)

631

result = func(*arguments)

632

return result

633

634

# Unless otherwise indicated, the function declarations below are

635

# all from the gnutls/gnutls.h C header file.

636

637

# Functions

638

priority_set_direct = _library.gnutls_priority_set_direct

639

priority_set_direct.argtypes = [session_t, ctypes.c_char_p,

640

ctypes.POINTER(ctypes.c_char_p)]

641

priority_set_direct.restype = _error_code

642

643

init = _library.gnutls_init

644

init.argtypes = [ctypes.POINTER(session_t), ctypes.c_int]

645

init.restype = _error_code

646

647

set_default_priority = _library.gnutls_set_default_priority

648

set_default_priority.argtypes = [session_t]

649

set_default_priority.restype = _error_code

650

651

record_send = _library.gnutls_record_send

652

record_send.argtypes = [session_t, ctypes.c_void_p,

653

ctypes.c_size_t]

654

record_send.restype = ctypes.c_ssize_t

655

record_send.errcheck = _retry_on_error

656

657

certificate_allocate_credentials = (

658

_library.gnutls_certificate_allocate_credentials)

659

certificate_allocate_credentials.argtypes = [

660

ctypes.POINTER(certificate_credentials_t)]

661

certificate_allocate_credentials.restype = _error_code

662

663

certificate_free_credentials = (

664

_library.gnutls_certificate_free_credentials)

665

certificate_free_credentials.argtypes = [certificate_credentials_t]

666

certificate_free_credentials.restype = None

667

668

handshake_set_private_extensions = (

669

_library.gnutls_handshake_set_private_extensions)

670

handshake_set_private_extensions.argtypes = [session_t,

671

ctypes.c_int]

672

handshake_set_private_extensions.restype = None

673

674

credentials_set = _library.gnutls_credentials_set

675

credentials_set.argtypes = [session_t, credentials_type_t,

676

ctypes.c_void_p]

677

credentials_set.restype = _error_code

678

679

strerror = _library.gnutls_strerror

680

strerror.argtypes = [ctypes.c_int]

681

strerror.restype = ctypes.c_char_p

682

683

certificate_type_get = _library.gnutls_certificate_type_get

684

certificate_type_get.argtypes = [session_t]

685

certificate_type_get.restype = _error_code

686

687

certificate_get_peers = _library.gnutls_certificate_get_peers

688

certificate_get_peers.argtypes = [session_t,

689

ctypes.POINTER(ctypes.c_uint)]

690

certificate_get_peers.restype = ctypes.POINTER(datum_t)

691

692

global_set_log_level = _library.gnutls_global_set_log_level

693

global_set_log_level.argtypes = [ctypes.c_int]

694

global_set_log_level.restype = None

695

696

global_set_log_function = _library.gnutls_global_set_log_function

697

global_set_log_function.argtypes = [log_func]

698

global_set_log_function.restype = None

699

700

deinit = _library.gnutls_deinit

701

deinit.argtypes = [session_t]

702

deinit.restype = None

703

704

handshake = _library.gnutls_handshake

705

handshake.argtypes = [session_t]

706

handshake.restype = _error_code

707

handshake.errcheck = _retry_on_error

708

709

transport_set_ptr = _library.gnutls_transport_set_ptr

710

transport_set_ptr.argtypes = [session_t, transport_ptr_t]

711

transport_set_ptr.restype = None

712

713

bye = _library.gnutls_bye

714

bye.argtypes = [session_t, close_request_t]

715

bye.restype = _error_code

716

bye.errcheck = _retry_on_error

717

718

check_version = _library.gnutls_check_version

719

check_version.argtypes = [ctypes.c_char_p]

720

check_version.restype = ctypes.c_char_p

721

722

# All the function declarations below are from gnutls/openpgp.h

723

724

openpgp_crt_init = _library.gnutls_openpgp_crt_init

725

openpgp_crt_init.argtypes = [ctypes.POINTER(openpgp_crt_t)]

726

openpgp_crt_init.restype = _error_code

727

728

openpgp_crt_import = _library.gnutls_openpgp_crt_import

729

openpgp_crt_import.argtypes = [openpgp_crt_t,

730

ctypes.POINTER(datum_t),

731

openpgp_crt_fmt_t]

732

openpgp_crt_import.restype = _error_code

733

734

openpgp_crt_verify_self = _library.gnutls_openpgp_crt_verify_self

735

openpgp_crt_verify_self.argtypes = [openpgp_crt_t, ctypes.c_uint,

736

ctypes.POINTER(ctypes.c_uint)]

737

openpgp_crt_verify_self.restype = _error_code

738

739

openpgp_crt_deinit = _library.gnutls_openpgp_crt_deinit

740

openpgp_crt_deinit.argtypes = [openpgp_crt_t]

741

openpgp_crt_deinit.restype = None

742

743

openpgp_crt_get_fingerprint = (

744

_library.gnutls_openpgp_crt_get_fingerprint)

745

openpgp_crt_get_fingerprint.argtypes = [openpgp_crt_t,

746

ctypes.c_void_p,

747

ctypes.POINTER(

748

ctypes.c_size_t)]

749

openpgp_crt_get_fingerprint.restype = _error_code

750

751

# Remove non-public functions

752

del _error_code, _retry_on_error

753

# Create the global "gnutls" object, simulating a module

754

gnutls = GnuTLS()

755

438

756

def call_pipe(connection, # : multiprocessing.Connection

439

757

func, *args, **kwargs):

440

758

"""This function is meant to be called by multiprocessing.Process

455

773

checker: subprocess.Popen(); a running checker process used

456

774

to see if the client lives.

457

775

'None' if no process is running.

458

checker_callback_tag: a gobject event source tag, or None

776

checker_callback_tag: a GLib event source tag, or None

459

777

checker_command: string; External command which is run to check

460

778

if client lives. %() expansions are done at

461

779

runtime with vars(self) as dict, so that for

462

780

instance %(name)s can be used in the command.

463

checker_initiator_tag: a gobject event source tag, or None

781

checker_initiator_tag: a GLib event source tag, or None

464

782

created: datetime.datetime(); (UTC) object creation

465

783

client_structure: Object describing what attributes a client has

466

784

and is used for storing the client at exit

467

785

current_checker_command: string; current running checker_command

468

disable_initiator_tag: a gobject event source tag, or None

786

disable_initiator_tag: a GLib event source tag, or None

469

787

enabled: bool()

470

788

fingerprint: string (40 or 32 hexadecimal digits); used to

471

789

uniquely identify the client

534

852

client["fingerprint"] = (section["fingerprint"].upper()

535

853

.replace(" ", ""))

536

854

if "secret" in section:

537

client["secret"] = section["secret"].decode("base64")

855

client["secret"] = codecs.decode(section["secret"]

856

.encode("utf-8"),

857

"base64")

538

858

elif "secfile" in section:

539

859

with open(os.path.expanduser(os.path.expandvars

540

860

(section["secfile"])),

593

913

self.changedstate = multiprocessing_manager.Condition(

594

914

multiprocessing_manager.Lock())

595

915

self.client_structure = [attr

596

for attr in self.__dict__.iterkeys()

916

for attr in self.__dict__.keys()

597

917

if not attr.startswith("_")]

598

918

self.client_structure.append("client_structure")

599

919

625

945

if not quiet:

626

946

logger.info("Disabling client %s", self.name)

627

947

if getattr(self, "disable_initiator_tag", None) is not None:

628

gobject.source_remove(self.disable_initiator_tag)

948

GLib.source_remove(self.disable_initiator_tag)

629

949

self.disable_initiator_tag = None

630

950

self.expires = None

631

951

if getattr(self, "checker_initiator_tag", None) is not None:

632

gobject.source_remove(self.checker_initiator_tag)

952

GLib.source_remove(self.checker_initiator_tag)

633

953

self.checker_initiator_tag = None

634

954

self.stop_checker()

635

955

self.enabled = False

636

956

if not quiet:

637

957

self.send_changedstate()

638

# Do not run this again if called by a gobject.timeout_add

958

# Do not run this again if called by a GLib.timeout_add

639

959

return False

640

960

641

961

def __del__(self):

645

965

# Schedule a new checker to be started an 'interval' from now,

646

966

# and every interval from then on.

647

967

if self.checker_initiator_tag is not None:

648

gobject.source_remove(self.checker_initiator_tag)

649

self.checker_initiator_tag = gobject.timeout_add(

968

GLib.source_remove(self.checker_initiator_tag)

969

self.checker_initiator_tag = GLib.timeout_add(

650

970

int(self.interval.total_seconds() * 1000),

651

971

self.start_checker)

652

972

# Schedule a disable() when 'timeout' has passed

653

973

if self.disable_initiator_tag is not None:

654

gobject.source_remove(self.disable_initiator_tag)

655

self.disable_initiator_tag = gobject.timeout_add(

974

GLib.source_remove(self.disable_initiator_tag)

975

self.disable_initiator_tag = GLib.timeout_add(

656

976

int(self.timeout.total_seconds() * 1000), self.disable)

657

977

# Also start a new checker *right now*.

658

978

self.start_checker()

694

1014

if timeout is None:

695

1015

timeout = self.timeout

696

1016

if self.disable_initiator_tag is not None:

697

gobject.source_remove(self.disable_initiator_tag)

1017

GLib.source_remove(self.disable_initiator_tag)

698

1018

self.disable_initiator_tag = None

699

1019

if getattr(self, "enabled", False):

700

self.disable_initiator_tag = gobject.timeout_add(

1020

self.disable_initiator_tag = GLib.timeout_add(

701

1021

int(timeout.total_seconds() * 1000), self.disable)

702

1022

self.expires = datetime.datetime.utcnow() + timeout

703

1023

758

1078

args = (pipe[1], subprocess.call, command),

759

1079

kwargs = popen_args)

760

1080

self.checker.start()

761

self.checker_callback_tag = gobject.io_add_watch(

762

pipe[0].fileno(), gobject.IO_IN,

1081

self.checker_callback_tag = GLib.io_add_watch(

1082

pipe[0].fileno(), GLib.IO_IN,

763

1083

self.checker_callback, pipe[0], command)

764

# Re-run this periodically if run by gobject.timeout_add

1084

# Re-run this periodically if run by GLib.timeout_add

765

1085

return True

766

1086

767

1087

def stop_checker(self):

768

1088

"""Force the checker process, if any, to stop."""

769

1089

if self.checker_callback_tag:

770

gobject.source_remove(self.checker_callback_tag)

1090

GLib.source_remove(self.checker_callback_tag)

771

1091

self.checker_callback_tag = None

772

1092

if getattr(self, "checker", None) is None:

773

1093

return

1154

1474

def InterfacesAdded(self, object_path, interfaces_and_properties):

1155

1475

pass

1156

1476

1157

@dbus.service.signal(dbus.OBJECT_MANAGER_IFACE,

1158

signature = "oas")

1477

@dbus.service.signal(dbus.OBJECT_MANAGER_IFACE, signature = "oas")

1159

1478

def InterfacesRemoved(self, object_path, interfaces):

1160

1479

pass

1161

1480

1169

1488

Override return argument name of GetManagedObjects to be

1170

1489

"objpath_interfaces_and_properties"

1171

1490

"""

1172

xmlstring = DBusObjectWithAnnotations(self, object_path,

1173

connection)

1491

xmlstring = DBusObjectWithAnnotations.Introspect(self,

1492

object_path,

1493

connection)

1174

1494

try:

1175

1495

document = xml.dom.minidom.parseString(xmlstring)

1176

1496

1247

1567

interface_names.add(alt_interface)

1248

1568

# Is this a D-Bus signal?

1249

1569

if getattr(attribute, "_dbus_is_signal", False):

1570

# Extract the original non-method undecorated

1571

# function by black magic

1250

1572

if sys.version_info.major == 2:

1251

# Extract the original non-method undecorated

1252

# function by black magic

1253

1573

nonmethod_func = (dict(

1254

1574

zip(attribute.func_code.co_freevars,

1255

1575

attribute.__closure__))

1256

1576

["func"].cell_contents)

1257

1577

else:

1258

nonmethod_func = attribute

1578

nonmethod_func = (dict(

1579

zip(attribute.__code__.co_freevars,

1580

attribute.__closure__))

1581

["func"].cell_contents)

1259

1582

# Create a new, but exactly alike, function

1260

1583

# object, and decorate it to be a new D-Bus signal

1261

1584

# with the alternate D-Bus interface name

1262

if sys.version_info.major == 2:

1263

new_function = types.FunctionType(

1264

nonmethod_func.func_code,

1265

nonmethod_func.func_globals,

1266

nonmethod_func.func_name,

1267

nonmethod_func.func_defaults,

1268

nonmethod_func.func_closure)

1269

else:

1270

new_function = types.FunctionType(

1271

nonmethod_func.__code__,

1272

nonmethod_func.__globals__,

1273

nonmethod_func.__name__,

1274

nonmethod_func.__defaults__,

1275

nonmethod_func.__closure__)

1585

new_function = copy_function(nonmethod_func)

1276

1586

new_function = (dbus.service.signal(

1277

1587

alt_interface,

1278

1588

attribute._dbus_signature)(new_function))

1291

1601

func1 and func2 to the "call_both" function

1292

1602

outside of its arguments"""

1293

1603

1604

@functools.wraps(func2)

1294

1605

def call_both(*args, **kwargs):

1295

1606

"""This function will emit two D-Bus

1296

1607

signals by calling func1 and func2"""

1297

1608

func1(*args, **kwargs)

1298

1609

func2(*args, **kwargs)

1610

# Make wrapper function look like a D-Bus signal

1611

for name, attr in inspect.getmembers(func2):

1612

if name.startswith("_dbus_"):

1613

setattr(call_both, name, attr)

1299

1614

1300

1615

return call_both

1301

1616

# Create the "call_both" function and add it to

1312

1627

alt_interface,

1313

1628

attribute._dbus_in_signature,

1314

1629

attribute._dbus_out_signature)

1315

(types.FunctionType(attribute.func_code,

1316

attribute.func_globals,

1317

attribute.func_name,

1318

attribute.func_defaults,

1319

attribute.func_closure)))

1630

(copy_function(attribute)))

1320

1631

# Copy annotations, if any

1321

1632

try:

1322

1633

attr[attrname]._dbus_annotations = dict(

1334

1645

attribute._dbus_access,

1335

1646

attribute._dbus_get_args_options

1336

1647

["byte_arrays"])

1337

(types.FunctionType(

1338

attribute.func_code,

1339

attribute.func_globals,

1340

attribute.func_name,

1341

attribute.func_defaults,

1342

attribute.func_closure)))

1648

(copy_function(attribute)))

1343

1649

# Copy annotations, if any

1344

1650

try:

1345

1651

attr[attrname]._dbus_annotations = dict(

1354

1660

# to the class.

1355

1661

attr[attrname] = (

1356

1662

dbus_interface_annotations(alt_interface)

1357

(types.FunctionType(attribute.func_code,

1358

attribute.func_globals,

1359

attribute.func_name,

1360

attribute.func_defaults,

1361

attribute.func_closure)))

1663

(copy_function(attribute)))

1362

1664

if deprecate:

1363

1665

# Deprecate all alternate interfaces

1364

1666

iname="_AlternateDBusNames_interface_annotation{}"

1377

1679

if interface_names:

1378

1680

# Replace the class with a new subclass of it with

1379

1681

# methods, signals, etc. as created above.

1380

cls = type(b"{}Alternate".format(cls.__name__),

1381

(cls, ), attr)

1682

if sys.version_info.major == 2:

1683

cls = type(b"{}Alternate".format(cls.__name__),

1684

(cls, ), attr)

1685

else:

1686

cls = type("{}Alternate".format(cls.__name__),

1687

(cls, ), attr)

1382

1688

return cls

1383

1689

1384

1690

return wrapper

1542

1848

1543

1849

def approve(self, value=True):

1544

1850

self.approved = value

1545

gobject.timeout_add(int(self.approval_duration.total_seconds()

1546

* 1000), self._reset_approved)

1851

GLib.timeout_add(int(self.approval_duration.total_seconds()

1852

* 1000), self._reset_approved)

1547

1853

self.send_changedstate()

1548

1854

1549

1855

## D-Bus methods, signals & properties

1759

2065

if (getattr(self, "disable_initiator_tag", None)

1760

2066

is None):

1761

2067

return

1762

gobject.source_remove(self.disable_initiator_tag)

1763

self.disable_initiator_tag = gobject.timeout_add(

2068

GLib.source_remove(self.disable_initiator_tag)

2069

self.disable_initiator_tag = GLib.timeout_add(

1764

2070

int((self.expires - now).total_seconds() * 1000),

1765

2071

self.disable)

1766

2072

1786

2092

return

1787

2093

if self.enabled:

1788

2094

# Reschedule checker run

1789

gobject.source_remove(self.checker_initiator_tag)

1790

self.checker_initiator_tag = gobject.timeout_add(

2095

GLib.source_remove(self.checker_initiator_tag)

2096

self.checker_initiator_tag = GLib.timeout_add(

1791

2097

value, self.start_checker)

1792

2098

self.start_checker() # Start one now, too

1793

2099

1875

2181

logger.debug("Pipe FD: %d",

1876

2182

self.server.child_pipe.fileno())

1877

2183

1878

session = gnutls.connection.ClientSession(

1879

self.request, gnutls.connection .X509Credentials())

1880

1881

# Note: gnutls.connection.X509Credentials is really a

1882

# generic GnuTLS certificate credentials object so long as

1883

# no X.509 keys are added to it. Therefore, we can use it

1884

# here despite using OpenPGP certificates.

2184

session = gnutls.ClientSession(self.request)

1885

2185

1886

2186

#priority = ':'.join(("NONE", "+VERS-TLS1.1",

1887

2187

# "+AES-256-CBC", "+SHA1",

1891

2191

priority = self.server.gnutls_priority

1892

2192

if priority is None:

1893

2193

priority = "NORMAL"

1894

gnutls.library.functions.gnutls_priority_set_direct(

1895

session._c_object, priority, None)

2194

gnutls.priority_set_direct(session._c_object,

2195

priority.encode("utf-8"),

2196

None)

1896

2197

1897

2198

# Start communication using the Mandos protocol

1898

2199

# Get protocol number

1908

2209

# Start GnuTLS connection

1909

2210

try:

1910

2211

session.handshake()

1911

except gnutls.errors.GNUTLSError as error:

2212

except gnutls.Error as error:

1912

2213

logger.warning("Handshake failed: %s", error)

1913

2214

# Do not run session.bye() here: the session is not

1914

2215

# established. Just abandon the request.

1920

2221

try:

1921

2222

fpr = self.fingerprint(

1922

2223

self.peer_certificate(session))

1923

except (TypeError,

1924

gnutls.errors.GNUTLSError) as error:

2224

except (TypeError, gnutls.Error) as error:

1925

2225

logger.warning("Bad certificate: %s", error)

1926

2226

return

1927

2227

logger.debug("Fingerprint: %s", fpr)

1985

2285

else:

1986

2286

delay -= time2 - time

1987

2287

1988

sent_size = 0

1989

while sent_size < len(client.secret):

1990

try:

1991

sent = session.send(client.secret[sent_size:])

1992

except gnutls.errors.GNUTLSError as error:

1993

logger.warning("gnutls send failed",

1994

exc_info=error)

1995

return

1996

logger.debug("Sent: %d, remaining: %d", sent,

1997

len(client.secret) - (sent_size

1998

+ sent))

1999

sent_size += sent

2288

try:

2289

session.send(client.secret)

2290

except gnutls.Error as error:

2291

logger.warning("gnutls send failed",

2292

exc_info = error)

2293

return

2000

2294

2001

2295

logger.info("Sending secret to %s", client.name)

2002

2296

# bump the timeout using extended_timeout

2010

2304

client.approvals_pending -= 1

2011

2305

try:

2012

2306

session.bye()

2013

except gnutls.errors.GNUTLSError as error:

2307

except gnutls.Error as error:

2014

2308

logger.warning("GnuTLS bye failed",

2015

2309

exc_info=error)

2016

2310

2018

2312

def peer_certificate(session):

2019

2313

"Return the peer's OpenPGP certificate as a bytestring"

2020

2314

# If not an OpenPGP certificate...

2021

if (gnutls.library.functions.gnutls_certificate_type_get(

2022

session._c_object)

2023

!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):

2024

# ...do the normal thing

2025

return session.peer_certificate

2315

if (gnutls.certificate_type_get(session._c_object)

2316

!= gnutls.CRT_OPENPGP):

2317

# ...return invalid data

2318

return b""

2026

2319

list_size = ctypes.c_uint(1)

2027

cert_list = (gnutls.library.functions

2028

.gnutls_certificate_get_peers

2320

cert_list = (gnutls.certificate_get_peers

2029

2321

(session._c_object, ctypes.byref(list_size)))

2030

2322

if not bool(cert_list) and list_size.value != 0:

2031

raise gnutls.errors.GNUTLSError("error getting peer"

2032

" certificate")

2323

raise gnutls.Error("error getting peer certificate")

2033

2324

if list_size.value == 0:

2034

2325

return None

2035

2326

cert = cert_list[0]

2039

2330

def fingerprint(openpgp):

2040

2331

"Convert an OpenPGP bytestring to a hexdigit fingerprint"

2041

2332

# New GnuTLS "datum" with the OpenPGP public key

2042

datum = gnutls.library.types.gnutls_datum_t(

2333

datum = gnutls.datum_t(

2043

2334

ctypes.cast(ctypes.c_char_p(openpgp),

2044

2335

ctypes.POINTER(ctypes.c_ubyte)),

2045

2336

ctypes.c_uint(len(openpgp)))

2046

2337

# New empty GnuTLS certificate

2047

crt = gnutls.library.types.gnutls_openpgp_crt_t()

2048

gnutls.library.functions.gnutls_openpgp_crt_init(

2049

ctypes.byref(crt))

2338

crt = gnutls.openpgp_crt_t()

2339

gnutls.openpgp_crt_init(ctypes.byref(crt))

2050

2340

# Import the OpenPGP public key into the certificate

2051

gnutls.library.functions.gnutls_openpgp_crt_import(

2052

crt, ctypes.byref(datum),

2053

gnutls.library.constants.GNUTLS_OPENPGP_FMT_RAW)

2341

gnutls.openpgp_crt_import(crt, ctypes.byref(datum),

2342

gnutls.OPENPGP_FMT_RAW)

2054

2343

# Verify the self signature in the key

2055

2344

crtverify = ctypes.c_uint()

2056

gnutls.library.functions.gnutls_openpgp_crt_verify_self(

2057

crt, 0, ctypes.byref(crtverify))

2345

gnutls.openpgp_crt_verify_self(crt, 0,

2346

ctypes.byref(crtverify))

2058

2347

if crtverify.value != 0:

2059

gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)

2060

raise gnutls.errors.CertificateSecurityError(

2061

"Verify failed")

2348

gnutls.openpgp_crt_deinit(crt)

2349

raise gnutls.CertificateSecurityError("Verify failed")

2062

2350

# New buffer for the fingerprint

2063

2351

buf = ctypes.create_string_buffer(20)

2064

2352

buf_len = ctypes.c_size_t()

2065

2353

# Get the fingerprint from the certificate into the buffer

2066

gnutls.library.functions.gnutls_openpgp_crt_get_fingerprint(

2067

crt, ctypes.byref(buf), ctypes.byref(buf_len))

2354

gnutls.openpgp_crt_get_fingerprint(crt, ctypes.byref(buf),

2355

ctypes.byref(buf_len))

2068

2356

# Deinit the certificate

2069

gnutls.library.functions.gnutls_openpgp_crt_deinit(crt)

2357

gnutls.openpgp_crt_deinit(crt)

2070

2358

# Convert the buffer to a Python bytestring

2071

2359

fpr = ctypes.string_at(buf, buf_len.value)

2072

2360

# Convert the bytestring to hexadecimal notation

2165

2453

"""This overrides the normal server_bind() function

2166

2454

to bind to an interface if one was specified, and also NOT to

2167

2455

bind to an address or port if they were not specified."""

2456

global SO_BINDTODEVICE

2168

2457

if self.interface is not None:

2169

2458

if SO_BINDTODEVICE is None:

2170

logger.error("SO_BINDTODEVICE does not exist;"

2171

" cannot bind to interface %s",

2172

self.interface)

2173

else:

2174

try:

2175

self.socket.setsockopt(

2176

socket.SOL_SOCKET, SO_BINDTODEVICE,

2177

(self.interface + "\0").encode("utf-8"))

2178

except socket.error as error:

2179

if error.errno == errno.EPERM:

2180

logger.error("No permission to bind to"

2181

" interface %s", self.interface)

2182

elif error.errno == errno.ENOPROTOOPT:

2183

logger.error("SO_BINDTODEVICE not available;"

2184

" cannot bind to interface %s",

2185

self.interface)

2186

elif error.errno == errno.ENODEV:

2187

logger.error("Interface %s does not exist,"

2188

" cannot bind", self.interface)

2189

else:

2190

raise

2459

# Fall back to a hard-coded value which seems to be

2460

# common enough.

2461

logger.warning("SO_BINDTODEVICE not found, trying 25")

2462

SO_BINDTODEVICE = 25

2463

try:

2464

self.socket.setsockopt(

2465

socket.SOL_SOCKET, SO_BINDTODEVICE,

2466

(self.interface + "\0").encode("utf-8"))

2467

except socket.error as error:

2468

if error.errno == errno.EPERM:

2469

logger.error("No permission to bind to"

2470

" interface %s", self.interface)

2471

elif error.errno == errno.ENOPROTOOPT:

2472

logger.error("SO_BINDTODEVICE not available;"

2473

" cannot bind to interface %s",

2474

self.interface)

2475

elif error.errno == errno.ENODEV:

2476

logger.error("Interface %s does not exist,"

2477

" cannot bind", self.interface)

2478

else:

2479

raise

2191

2480

# Only bind(2) the socket if we really need to.

2192

2481

if self.server_address[0] or self.server_address[1]:

2193

2482

if not self.server_address[0]:

2216

2505

gnutls_priority GnuTLS priority string

2217

2506

use_dbus: Boolean; to emit D-Bus signals or not

2218

2507

2219

Assumes a gobject.MainLoop event loop.

2508

Assumes a GLib.MainLoop event loop.

2220

2509

"""

2221

2510

2222

2511

def __init__(self, server_address, RequestHandlerClass,

2247

2536

2248

2537

def add_pipe(self, parent_pipe, proc):

2249

2538

# Call "handle_ipc" for both data and EOF events

2250

gobject.io_add_watch(

2539

GLib.io_add_watch(

2251

2540

parent_pipe.fileno(),

2252

gobject.IO_IN | gobject.IO_HUP,

2541

GLib.IO_IN | GLib.IO_HUP,

2253

2542

functools.partial(self.handle_ipc,

2254

2543

parent_pipe = parent_pipe,

2255

2544

proc = proc))

2259

2548

proc = None,

2260

2549

client_object=None):

2261

2550

# error, or the other end of multiprocessing.Pipe has closed

2262

if condition & (gobject.IO_ERR | gobject.IO_HUP):

2551

if condition & (GLib.IO_ERR | GLib.IO_HUP):

2263

2552

# Wait for other process to exit

2264

2553

proc.join()

2265

2554

return False

2272

2561

fpr = request[1]

2273

2562

address = request[2]

2274

2563

2275

for c in self.clients.itervalues():

2564

for c in self.clients.values():

2276

2565

if c.fingerprint == fpr:

2277

2566

client = c

2278

2567

break

2286

2575

parent_pipe.send(False)

2287

2576

return False

2288

2577

2289

gobject.io_add_watch(

2578

GLib.io_add_watch(

2290

2579

parent_pipe.fileno(),

2291

gobject.IO_IN | gobject.IO_HUP,

2580

GLib.IO_IN | GLib.IO_HUP,

2292

2581

functools.partial(self.handle_ipc,

2293

2582

parent_pipe = parent_pipe,

2294

2583

proc = proc,

2676

2965

logger.error("Could not open file %r", pidfilename,

2677

2966

exc_info=e)

2678

2967

2679

for name in ("_mandos", "mandos", "nobody"):

2968

for name, group in (("_mandos", "_mandos"),

2969

("mandos", "mandos"),

2970

("nobody", "nogroup")):

2680

2971

try:

2681

2972

uid = pwd.getpwnam(name).pw_uid

2682

gid = pwd.getpwnam(name).pw_gid

2973

gid = pwd.getpwnam(group).pw_gid

2683

2974

break

2684

2975

except KeyError:

2685

2976

continue

2689

2980

try:

2690

2981

os.setgid(gid)

2691

2982

os.setuid(uid)

2983

if debug:

2984

logger.debug("Did setuid/setgid to {}:{}".format(uid,

2985

gid))

2692

2986

except OSError as error:

2987

logger.warning("Failed to setuid/setgid to {}:{}: {}"

2988

.format(uid, gid, os.strerror(error.errno)))

2693

2989

if error.errno != errno.EPERM:

2694

2990

raise

2695

2991

2698

2994

2699

2995

# "Use a log level over 10 to enable all debugging options."

2700

2996

# - GnuTLS manual

2701

gnutls.library.functions.gnutls_global_set_log_level(11)

2997

gnutls.global_set_log_level(11)

2702

2998

2703

@gnutls.library.types.gnutls_log_func

2999

@gnutls.log_func

2704

3000

def debug_gnutls(level, string):

2705

3001

logger.debug("GnuTLS: %s", string[:-1])

2706

3002

2707

gnutls.library.functions.gnutls_global_set_log_function(

2708

debug_gnutls)

3003

gnutls.global_set_log_function(debug_gnutls)

2709

3004

2710

3005

# Redirect stdin so all checkers get /dev/null

2711

3006

null = os.open(os.devnull, os.O_NOCTTY | os.O_RDWR)

2718

3013

# Close all input and output, do double fork, etc.

2719

3014

daemon()

2720

3015

2721

# multiprocessing will use threads, so before we use gobject we

2722

# need to inform gobject that threads will be used.

2723

gobject.threads_init()

3016

# multiprocessing will use threads, so before we use GLib we need

3017

# to inform GLib that threads will be used.

3018

GLib.threads_init()

2724

3019

2725

3020

global main_loop

2726

3021

# From the Avahi example code

2727

3022

DBusGMainLoop(set_as_default=True)

2728

main_loop = gobject.MainLoop()

3023

main_loop = GLib.MainLoop()

2729

3024

bus = dbus.SystemBus()

2730

3025

# End of Avahi example code

2731

3026

if use_dbus:

2775

3070

if server_settings["restore"]:

2776

3071

try:

2777

3072

with open(stored_state_path, "rb") as stored_state:

2778

clients_data, old_client_settings = pickle.load(

2779

stored_state)

3073

if sys.version_info.major == 2:

3074

clients_data, old_client_settings = pickle.load(

3075

stored_state)

3076

else:

3077

bytes_clients_data, bytes_old_client_settings = (

3078

pickle.load(stored_state, encoding = "bytes"))

3079

### Fix bytes to strings

3080

## clients_data

3081

# .keys()

3082

clients_data = { (key.decode("utf-8")

3083

if isinstance(key, bytes)

3084

else key): value

3085

for key, value in

3086

bytes_clients_data.items() }

3087

del bytes_clients_data

3088

for key in clients_data:

3089

value = { (k.decode("utf-8")

3090

if isinstance(k, bytes) else k): v

3091

for k, v in

3092

clients_data[key].items() }

3093

clients_data[key] = value

3094

# .client_structure

3095

value["client_structure"] = [

3096

(s.decode("utf-8")

3097

if isinstance(s, bytes)

3098

else s) for s in

3099

value["client_structure"] ]

3100

# .name & .host

3101

for k in ("name", "host"):

3102

if isinstance(value[k], bytes):

3103

value[k] = value[k].decode("utf-8")

3104

## old_client_settings

3105

# .keys()

3106

old_client_settings = {

3107

(key.decode("utf-8")

3108

if isinstance(key, bytes)

3109

else key): value

3110

for key, value in

3111

bytes_old_client_settings.items() }

3112

del bytes_old_client_settings

3113

# .host

3114

for value in old_client_settings.values():

3115

if isinstance(value["host"], bytes):

3116

value["host"] = (value["host"]

3117

.decode("utf-8"))

2780

3118

os.remove(stored_state_path)

2781

3119

except IOError as e:

2782

3120

if e.errno == errno.ENOENT:

2883

3221

del pidfile

2884

3222

del pidfilename

2885

3223

2886

signal.signal(signal.SIGHUP, lambda signum, frame: sys.exit())

2887

signal.signal(signal.SIGTERM, lambda signum, frame: sys.exit())

3224

for termsig in (signal.SIGHUP, signal.SIGTERM):

3225

GLib.unix_signal_add(GLib.PRIORITY_HIGH, termsig,

3226

lambda: main_loop.quit() and False)

2888

3227

2889

3228

if use_dbus:

2890

3229

2921

3260

def GetAllClients(self):

2922

3261

"D-Bus method"

2923

3262

return dbus.Array(c.dbus_object_path for c in

2924

tcp_server.clients.itervalues())

3263

tcp_server.clients.values())

2925

3264

2926

3265

@dbus_annotations({"org.freedesktop.DBus.Deprecated":

2927

3266

"true"})

2932

3271

return dbus.Dictionary(

2933

3272

{ c.dbus_object_path: c.GetAll(

2934

3273

"se.recompile.Mandos.Client")

2935

for c in tcp_server.clients.itervalues() },

3274

for c in tcp_server.clients.values() },

2936

3275

signature="oa{sv}")

2937

3276

2938

3277

@dbus.service.method(_interface, in_signature="o")

2939

3278

def RemoveClient(self, object_path):

2940

3279

"D-Bus method"

2941

for c in tcp_server.clients.itervalues():

3280

for c in tcp_server.clients.values():

2942

3281

if c.dbus_object_path == object_path:

2943

3282

del tcp_server.clients[c.name]

2944

3283

c.remove_from_connection()

2989

3328

2990

3329

mandos_dbus_service = MandosDBusService()

2991

3330

3331

# Save modules to variables to exempt the modules from being

3332

# unloaded before the function registered with atexit() is run.

3333

mp = multiprocessing

3334

wn = wnull

2992

3335

def cleanup():

2993

3336

"Cleanup function; run on exit"

2994

3337

if zeroconf:

2995

3338

service.cleanup()

2996

3339

2997

multiprocessing.active_children()

2998

wnull.close()

3340

mp.active_children()

3341

wn.close()

2999

3342

if not (tcp_server.clients or client_settings):

3000

3343

return

3001

3344

3004

3347

# removed/edited, old secret will thus be unrecovable.

3005

3348

clients = {}

3006

3349

with PGPEngine() as pgp:

3007

for client in tcp_server.clients.itervalues():

3350

for client in tcp_server.clients.values():

3008

3351

key = client_settings[client.name]["secret"]

3009

3352

client.encrypted_secret = pgp.encrypt(client.secret,

3010

3353

key)

3034

3377

prefix='clients-',

3035

3378

dir=os.path.dirname(stored_state_path),

3036

3379

delete=False) as stored_state:

3037

pickle.dump((clients, client_settings), stored_state)

3380

pickle.dump((clients, client_settings), stored_state,

3381

protocol = 2)

3038

3382

tempname = stored_state.name

3039

3383

os.rename(tempname, stored_state_path)

3040

3384

except (IOError, OSError) as e:

3059

3403

# Don't signal the disabling

3060

3404

client.disable(quiet=True)

3061

3405

# Emit D-Bus signal for removal

3062

mandos_dbus_service.client_removed_signal(client)

3406

if use_dbus:

3407

mandos_dbus_service.client_removed_signal(client)

3063

3408

client_settings.clear()

3064

3409

3065

3410

atexit.register(cleanup)

3066

3411

3067

for client in tcp_server.clients.itervalues():

3412

for client in tcp_server.clients.values():

3068

3413

if use_dbus:

3069

3414

# Emit D-Bus signal for adding

3070

3415

mandos_dbus_service.client_added_signal(client)

3099

3444

sys.exit(1)

3100

3445

# End of Avahi example code

3101

3446

3102

gobject.io_add_watch(tcp_server.fileno(), gobject.IO_IN,

3103

lambda *args, **kwargs:

3104

(tcp_server.handle_request

3105

(*args[2:], **kwargs) or True))

3447

GLib.io_add_watch(tcp_server.fileno(), GLib.IO_IN,

3448

lambda *args, **kwargs:

3449

(tcp_server.handle_request

3450

(*args[2:], **kwargs) or True))

3106

3451

3107

3452

logger.debug("Starting main loop")

3108

3453

main_loop.run()