/mandos/trunk : revision 9

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to server.py

Committer: Teddy Hogeborn
Date: 2008-01-30 17:28:18 UTC
Revision ID: teddy@fukt.bsnet.se-20080130172818-fnrq2xmtg1wa8wo2

* client.cpp (main): Get t_old early since it is used on error exits.

* server.py (Client.checker): New attribute.
  (Client.check_action, Client.start_checker, Client.stop_checker,
  Client.fileno, Client.next_stop, Client.still_valid,
  Client.it_is_time_to_check): New methods.
  (Client.handle_request): Alias to "check_action".
  (main): Stop all started checkers on exit.  Exit cleanly on keyboard
  interrupt.

files removed:
bad-ca.pem

bad-cert.pem

bad-client-cert.pem

bad-client-key.pem

bad-crl.pem

bad-key.pem

clients.conf

server.cpp

files modified:
Makefile

client.cpp

server.py

Show diffs side-by-side

added added

removed removed

server.py

import gnutls.errors

import ConfigParser

import sys

import re

import os

import signal

class Client(object):

def __init__(self, name=None, dn=None, password=None,

passfile=None, fqdn=None, timeout=None,

interval=-1):

def __init__(self, name=None, options=None, dn=None,

password=None, passfile=None, fqdn=None,

timeout=None, interval=-1):

self.name = name

self.dn = dn

if password:

print "No Password or Passfile in client config file"

# raise RuntimeError XXX

self.password = "gazonk"

self.fqdn = fqdn

self.fqdn = fqdn # string

self.created = datetime.datetime.now()

self.last_seen = None

self.last_seen = None # datetime.datetime()

if timeout is None:

timeout = self.server.options.timeout

self.timeout = timeout

timeout = options.timeout

self.timeout = timeout # datetime.timedelta()

if interval == -1:

interval = self.server.options.interval

self.interval = interval

self.next_check = datetime.datetime.now()

def server_bind(self):

if self.options.interface:

if not hasattr(socket, "SO_BINDTODEVICE"):

# From /usr/include/asm-i486/socket.h

socket.SO_BINDTODEVICE = 25

interval = options.interval

self.interval = interval # datetime.timedelta()

self.next_check = datetime.datetime.now() # datetime.datetime()

self.checker = None # or a subprocess.Popen()

def check_action(self, now=None):

"""The checker said something and might have completed.

Check if is has, and take appropriate actions."""

if self.checker.poll() is None:

# False alarm, no result yet

#self.checker.read()

return

if now is None:

now = datetime.datetime.now()

if self.checker.returncode == 0:

self.last_seen = now

while self.next_check <= now:

self.next_check += self.interval

handle_request = check_action

def start_checker(self):

self.stop_checker()

try:

self.socket.setsockopt(socket.SOL_SOCKET,

socket.SO_BINDTODEVICE,

self.options.interface)

except socket.error, error:

if error[0] == errno.EPERM:

print "Warning: Denied permission to bind to interface", \

self.options.interface

else:

raise error

return super(type(self), self).server_bind()

def init_with_options(self, *args, **kwargs):

if "options" in kwargs:

self.options = kwargs["options"]

del kwargs["options"]

if "clients" in kwargs:

self.clients = kwargs["clients"]

del kwargs["clients"]

if "credentials" in kwargs:

self.credentials = kwargs["credentials"]

del kwargs["credentials"]

return super(type(self), self).__init__(*args, **kwargs)

self.checker = subprocess.Popen("sleep 1; fping -q -- %s"

% re.escape(self.fqdn),

stdout=subprocess.PIPE,

close_fds=True,

shell=True, cwd="/")

except subprocess.OSError, e:

print "Failed to start subprocess:", e

def stop_checker(self):

if self.checker is None:

return

os.kill(self.checker.pid, signal.SIGTERM)

if self.checker.poll() is None:

os.kill(self.checker.pid, signal.SIGKILL)

self.checker = None

__del__ = stop_checker

def fileno(self):

if self.checker is None:

return None

return self.checker.stdout.fileno()

def next_stop(self):

"""The time when something must be done about this client"""

return min(self.last_seen + self.timeout, self.next_check)

def still_valid(self, now=None):

"""Has this client's timeout not passed?"""

if now is None:

now = datetime.datetime.now()

return now < (self.last_seen + timeout)

def it_is_time_to_check(self, now=None):

if now is None:

now = datetime.datetime.now()

return self.next_check <= now

class server_metaclass(type):

"Common behavior for the UDP and TCP server classes"

def __new__(cls, name, bases, attrs):

attrs["address_family"] = socket.AF_INET6

attrs["allow_reuse_address"] = True

def server_bind(self):

if self.options.interface:

100

if not hasattr(socket, "SO_BINDTODEVICE"):

101

# From /usr/include/asm-i486/socket.h

102

socket.SO_BINDTODEVICE = 25

103

try:

104

self.socket.setsockopt(socket.SOL_SOCKET,

105

socket.SO_BINDTODEVICE,

106

self.options.interface)

107

except socket.error, error:

108

if error[0] == errno.EPERM:

109

print "Warning: No permission to bind to interface", \

110

self.options.interface

111

else:

112

raise error

113

return super(type(self), self).server_bind()

114

attrs["server_bind"] = server_bind

115

def init(self, *args, **kwargs):

116

if "options" in kwargs:

117

self.options = kwargs["options"]

118

del kwargs["options"]

119

if "clients" in kwargs:

120

self.clients = kwargs["clients"]

121

del kwargs["clients"]

122

if "credentials" in kwargs:

123

self.credentials = kwargs["credentials"]

124

del kwargs["credentials"]

125

return super(type(self), self).__init__(*args, **kwargs)

126

attrs["__init__"] = init

127

return type.__new__(cls, name, bases, attrs)

128

129

130

class udp_handler(SocketServer.DatagramRequestHandler, object):

134

135

136

class IPv6_UDPServer(SocketServer.UDPServer, object):

__init__ = init_with_options

address_family = socket.AF_INET6

allow_reuse_address = True

server_bind = server_bind

137

__metaclass__ = server_metaclass

138

def verify_request(self, request, client_address):

139

print "UDP request came"

140

return request[0] == "Marco"

110

166

# Log maybe? XXX

111

167

session.bye()

112

168

169

113

170

class IPv6_TCPServer(SocketServer.ForkingTCPServer, object):

114

__init__ = init_with_options

115

address_family = socket.AF_INET6

116

allow_reuse_address = True

171

__metaclass__ = server_metaclass

117

172

request_queue_size = 1024

118

server_bind = server_bind

119

173

120

174

121

175

in6addr_any = "::"

122

176

123

cred = None

124

125

177

def string_to_delta(interval):

126

178

"""Parse a string and return a datetime.timedelta

127

179

155

207

raise ValueError

156

208

return delta

157

209

210

158

211

def main():

159

212

parser = OptionParser()

160

213

parser.add_option("-i", "--interface", type="string",

212

265

defaults = {}

213

266

client_config_object = ConfigParser.SafeConfigParser(defaults)

214

267

client_config_object.read("mandos-clients.conf")

215

clients = [Client(name=section,

268

clients = [Client(name=section, options=options,

216

269

**(dict(client_config_object.items(section))))

217

270

for section in client_config_object.sections()]

218

271

227

280

credentials=cred)

228

281

229

282

while True:

230

in_, out, err = select.select((udp_server,

231

tcp_server), (), ())

232

for server in in_:

233

server.handle_request()

283

try:

284

input, out, err = select.select((udp_server,

285

tcp_server), (), ())

286

if not input:

287

pass

288

else:

289

for obj in input:

290

obj.handle_request()

291

except KeyboardInterrupt:

292

break

293

294

# Cleanup here

295

for client in clients:

296

client.stop_checker()

234

297

235

298

236

299

if __name__ == "__main__":

Older »