To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos
- browse files at revision 505.1.2
- compare with another revision
- download diff
- download tarball
- view history from revision 505.1.2
- Committer: Teddy Hogeborn
- Date: 2011-10-05 16:00:56 UTC
- mto: (505.2.5 mandos-client-network-hooks)
- mto: This revision was merged to the branch mainline in revision 507.
- Revision ID: teddy@recompile.se-20111005160056-cv0si3bw1rt3srrv
Change "fukt.bsnet.se" to "recompile.se" throughout.
* README: - '' -
* debian/control: - '' -
* debian/copyright: - '' -
* debian/mandos-client.README.Debian: - '' - and some rewriting.
* debian/mandos.README.Debian: - '' -
* debian/watch: Change "fukt.bsnet.se" to "recompile.se".
* init.d-mandos: - '' -
* intro.xml: - '' -
* mandos: - '' -
* mandos-clients.conf.xml: - '' -
* mandos-ctl: - '' -
* mandos-ctl.xml: - '' -
* mandos-keygen: - '' -
* mandos-keygen.xml: - '' -
* mandos-monitor: - '' -
* mandos-monitor.xml: - '' -
* mandos.conf.xml: - '' -
* mandos.lsm: - '' -
* mandos.xml: - '' -
* plugin-runner.c: - '' -
* plugin-runner.xml: - '' -
* plugins.d/askpass-fifo.c: - '' -
* plugins.d/askpass-fifo.xml: - '' -
* plugins.d/mandos-client.c: - '' -
* plugins.d/mandos-client.xml: - '' -
* plugins.d/password-prompt.c: - '' -
* plugins.d/password-prompt.xml: - '' -
* plugins.d/plymouth.c: - '' -
* plugins.d/plymouth.xml: - '' -
* plugins.d/splashy.c: - '' -
* plugins.d/splashy.xml: - '' -
* plugins.d/usplash.c: - '' -
* plugins.d/usplash.xml: - '' -
* README: - '' -
* debian/control: - '' -
* debian/copyright: - '' -
* debian/mandos-client.README.Debian: - '' - and some rewriting.
* debian/mandos.README.Debian: - '' -
* debian/watch: Change "fukt.bsnet.se" to "recompile.se".
* init.d-mandos: - '' -
* intro.xml: - '' -
* mandos: - '' -
* mandos-clients.conf.xml: - '' -
* mandos-ctl: - '' -
* mandos-ctl.xml: - '' -
* mandos-keygen: - '' -
* mandos-keygen.xml: - '' -
* mandos-monitor: - '' -
* mandos-monitor.xml: - '' -
* mandos.conf.xml: - '' -
* mandos.lsm: - '' -
* mandos.xml: - '' -
* plugin-runner.c: - '' -
* plugin-runner.xml: - '' -
* plugins.d/askpass-fifo.c: - '' -
* plugins.d/askpass-fifo.xml: - '' -
* plugins.d/mandos-client.c: - '' -
* plugins.d/mandos-client.xml: - '' -
* plugins.d/password-prompt.c: - '' -
* plugins.d/password-prompt.xml: - '' -
* plugins.d/plymouth.c: - '' -
* plugins.d/plymouth.xml: - '' -
* plugins.d/splashy.c: - '' -
* plugins.d/splashy.xml: - '' -
* plugins.d/usplash.c: - '' -
* plugins.d/usplash.xml: - '' -
- files removed:
- debian/source/local-options
- files modified:
- Makefile
added
removed
mandos
83
83
SO_BINDTODEVICE = None
84
84
85
85
86
version = "1.4.1"
86
version = "1.3.1"
87
87
88
88
#logger = logging.getLogger('mandos')
89
89
logger = logging.Logger('mandos')
160
160
" after %i retries, exiting.",
161
161
self.rename_count)
162
162
raise AvahiServiceError("Too many renames")
163
self.name = unicode(self.server
164
.GetAlternativeServiceName(self.name))
163
self.name = unicode(self.server.GetAlternativeServiceName(self.name))
165
164
logger.info("Changing Zeroconf service name to %r ...",
166
165
self.name)
167
166
syslogger.setFormatter(logging.Formatter
322
321
323
322
def extended_timeout_milliseconds(self):
324
323
"Return the 'extended_timeout' attribute in milliseconds"
325
return _timedelta_to_milliseconds(self.extended_timeout)
324
return _timedelta_to_milliseconds(self.extended_timeout)
326
325
327
326
def interval_milliseconds(self):
328
327
"Return the 'interval' attribute in milliseconds"
362
361
self.last_enabled = None
363
362
self.last_checked_ok = None
364
363
self.timeout = string_to_delta(config["timeout"])
365
self.extended_timeout = string_to_delta(config
366
["extended_timeout"])
364
self.extended_timeout = string_to_delta(config["extended_timeout"])
367
365
self.interval = string_to_delta(config["interval"])
368
366
self.disable_hook = disable_hook
369
367
self.checker = None
382
380
config["approval_delay"])
383
381
self.approval_duration = string_to_delta(
384
382
config["approval_duration"])
385
self.changedstate = (multiprocessing_manager
386
.Condition(multiprocessing_manager
387
.Lock()))
383
self.changedstate = multiprocessing_manager.Condition(multiprocessing_manager.Lock())
388
384
389
385
def send_changedstate(self):
390
386
self.changedstate.acquire()
391
387
self.changedstate.notify_all()
392
388
self.changedstate.release()
393
389
394
390
def enable(self):
395
391
"""Start this client's checker and timeout hooks"""
396
392
if getattr(self, "enabled", False):
464
460
if timeout is None:
465
461
timeout = self.timeout
466
462
self.last_checked_ok = datetime.datetime.utcnow()
467
if self.disable_initiator_tag is not None:
468
gobject.source_remove(self.disable_initiator_tag)
469
if getattr(self, "enabled", False):
470
self.disable_initiator_tag = (gobject.timeout_add
471
(_timedelta_to_milliseconds
472
(timeout), self.disable))
473
self.expires = datetime.datetime.utcnow() + timeout
463
gobject.source_remove(self.disable_initiator_tag)
464
self.expires = datetime.datetime.utcnow() + timeout
465
self.disable_initiator_tag = (gobject.timeout_add
466
(_timedelta_to_milliseconds(timeout),
467
self.disable))
474
468
475
469
def need_approval(self):
476
470
self.last_approval_request = datetime.datetime.utcnow()
635
629
"""
636
630
return ((prop.__get__(self)._dbus_name, prop.__get__(self))
637
631
for cls in self.__class__.__mro__
638
for name, prop in
639
inspect.getmembers(cls, self._is_dbus_property))
632
for name, prop in inspect.getmembers(cls, self._is_dbus_property))
640
633
641
634
def _get_dbus_property(self, interface_name, property_name):
642
635
"""Returns a bound method if one exists which is a D-Bus
643
636
property with the specified name and interface.
644
637
"""
645
638
for cls in self.__class__.__mro__:
646
for name, value in (inspect.getmembers
647
(cls, self._is_dbus_property)):
648
if (value._dbus_name == property_name
649
and value._dbus_interface == interface_name):
639
for name, value in inspect.getmembers(cls, self._is_dbus_property):
640
if value._dbus_name == property_name and value._dbus_interface == interface_name:
650
641
return value.__get__(self)
651
642
652
643
# No such property
763
754
return dbus.String(dt.isoformat(),
764
755
variant_level=variant_level)
765
756
766
class AlternateDBusNamesMetaclass(DBusObjectWithProperties
767
.__metaclass__):
757
class AlternateDBusNamesMetaclass(DBusObjectWithProperties.__metaclass__):
768
758
"""Applied to an empty subclass of a D-Bus object, this metaclass
769
759
will add additional D-Bus attributes matching a certain pattern.
770
760
"""
893
883
""" Modify a variable so that it's a property which announces
894
884
its changes to DBus.
895
885
896
transform_fun: Function that takes a value and a variant_level
897
and transforms it to a D-Bus type.
886
transform_fun: Function that takes a value and transforms it
887
to a D-Bus type.
898
888
dbus_name: D-Bus name of the variable
899
889
type_func: Function that transform the value before sending it
900
890
to the D-Bus. Default: no transform
901
891
variant_level: D-Bus variant level. Default: 1
902
892
"""
903
attrname = "_{0}".format(dbus_name)
893
real_value = [None,]
904
894
def setter(self, value):
895
old_value = real_value[0]
896
real_value[0] = value
905
897
if hasattr(self, "dbus_object_path"):
906
if (not hasattr(self, attrname) or
907
type_func(getattr(self, attrname, None))
908
!= type_func(value)):
909
dbus_value = transform_func(type_func(value),
910
variant_level
911
=variant_level)
898
if type_func(old_value) != type_func(real_value[0]):
899
dbus_value = transform_func(type_func(real_value[0]),
900
variant_level)
912
901
self.PropertyChanged(dbus.String(dbus_name),
913
902
dbus_value)
914
setattr(self, attrname, value)
915
903
916
return property(lambda self: getattr(self, attrname), setter)
904
return property(lambda self: real_value[0], setter)
917
905
918
906
919
907
expires = notifychangeproperty(datetime_to_dbus, "Expires")
924
912
last_enabled = notifychangeproperty(datetime_to_dbus,
925
913
"LastEnabled")
926
914
checker = notifychangeproperty(dbus.Boolean, "CheckerRunning",
927
type_func = lambda checker:
928
checker is not None)
915
type_func = lambda checker: checker is not None)
929
916
last_checked_ok = notifychangeproperty(datetime_to_dbus,
930
917
"LastCheckedOK")
931
last_approval_request = notifychangeproperty(
932
datetime_to_dbus, "LastApprovalRequest")
918
last_approval_request = notifychangeproperty(datetime_to_dbus,
919
"LastApprovalRequest")
933
920
approved_by_default = notifychangeproperty(dbus.Boolean,
934
921
"ApprovedByDefault")
935
approval_delay = notifychangeproperty(dbus.UInt16,
936
"ApprovalDelay",
937
type_func =
938
_timedelta_to_milliseconds)
939
approval_duration = notifychangeproperty(
940
dbus.UInt16, "ApprovalDuration",
941
type_func = _timedelta_to_milliseconds)
922
approval_delay = notifychangeproperty(dbus.UInt16, "ApprovalDelay",
923
type_func = _timedelta_to_milliseconds)
924
approval_duration = notifychangeproperty(dbus.UInt16, "ApprovalDuration",
925
type_func = _timedelta_to_milliseconds)
942
926
host = notifychangeproperty(dbus.String, "Host")
943
927
timeout = notifychangeproperty(dbus.UInt16, "Timeout",
944
type_func =
945
_timedelta_to_milliseconds)
946
extended_timeout = notifychangeproperty(
947
dbus.UInt16, "ExtendedTimeout",
948
type_func = _timedelta_to_milliseconds)
949
interval = notifychangeproperty(dbus.UInt16,
950
"Interval",
951
type_func =
952
_timedelta_to_milliseconds)
928
type_func = _timedelta_to_milliseconds)
929
extended_timeout = notifychangeproperty(dbus.UInt16, "ExtendedTimeout",
930
type_func = _timedelta_to_milliseconds)
931
interval = notifychangeproperty(dbus.UInt16, "Interval",
932
type_func = _timedelta_to_milliseconds)
953
933
checker_command = notifychangeproperty(dbus.String, "Checker")
954
934
955
935
del notifychangeproperty
1190
1170
gobject.source_remove(self.disable_initiator_tag)
1191
1171
self.disable_initiator_tag = None
1192
1172
self.expires = None
1193
time_to_die = _timedelta_to_milliseconds((self
1194
.last_checked_ok
1195
+ self.timeout)
1196
- datetime.datetime
1197
.utcnow())
1173
time_to_die = (self.
1174
_timedelta_to_milliseconds((self
1175
.last_checked_ok
1176
+ self.timeout)
1177
- datetime.datetime
1178
.utcnow()))
1198
1179
if time_to_die <= 0:
1199
1180
# The timeout has passed
1200
1181
self.disable()
1201
1182
else:
1202
1183
self.expires = (datetime.datetime.utcnow()
1203
+ datetime.timedelta(milliseconds =
1204
time_to_die))
1184
+ datetime.timedelta(milliseconds = time_to_die))
1205
1185
self.disable_initiator_tag = (gobject.timeout_add
1206
1186
(time_to_die, self.disable))
1207
1187
1373
1353
client.name)
1374
1354
if self.server.use_dbus:
1375
1355
# Emit D-Bus signal
1376
client.Rejected("Disabled")
1356
client.Rejected("Disabled")
1377
1357
return
1378
1358
1379
1359
if client._approved or not client.approval_delay:
1396
1376
return
1397
1377
1398
1378
#wait until timeout or approved
1379
#x = float(client._timedelta_to_milliseconds(delay))
1399
1380
time = datetime.datetime.now()
1400
1381
client.changedstate.acquire()
1401
(client.changedstate.wait
1402
(float(client._timedelta_to_milliseconds(delay)
1403
/ 1000)))
1382
client.changedstate.wait(float(client._timedelta_to_milliseconds(delay) / 1000))
1404
1383
client.changedstate.release()
1405
1384
time2 = datetime.datetime.now()
1406
1385
if (time2 - time) >= delay:
1430
1409
sent_size += sent
1431
1410
1432
1411
logger.info("Sending secret to %s", client.name)
1433
# bump the timeout using extended_timeout
1412
# bump the timeout as if seen
1434
1413
client.checked_ok(client.extended_timeout)
1435
1414
if self.server.use_dbus:
1436
1415
# Emit D-Bus signal
1516
1495
except:
1517
1496
self.handle_error(request, address)
1518
1497
self.close_request(request)
1519
1498
1520
1499
def process_request(self, request, address):
1521
1500
"""Start a new process to process the request."""
1522
proc = multiprocessing.Process(target = self.sub_process_main,
1523
args = (request,
1524
address))
1525
proc.start()
1526
return proc
1501
multiprocessing.Process(target = self.sub_process_main,
1502
args = (request, address)).start()
1527
1503
1528
1504
1529
1505
class MultiprocessingMixInWithPipe(MultiprocessingMixIn, object):
1535
1511
"""
1536
1512
parent_pipe, self.child_pipe = multiprocessing.Pipe()
1537
1513
1538
proc = MultiprocessingMixIn.process_request(self, request,
1539
client_address)
1514
super(MultiprocessingMixInWithPipe,
1515
self).process_request(request, client_address)
1540
1516
self.child_pipe.close()
1541
self.add_pipe(parent_pipe, proc)
1517
self.add_pipe(parent_pipe)
1542
1518
1543
def add_pipe(self, parent_pipe, proc):
1519
def add_pipe(self, parent_pipe):
1544
1520
"""Dummy function; override as necessary"""
1545
1521
raise NotImplementedError
1546
1522
1634
1610
def server_activate(self):
1635
1611
if self.enabled:
1636
1612
return socketserver.TCPServer.server_activate(self)
1637
1638
1613
def enable(self):
1639
1614
self.enabled = True
1640
1641
def add_pipe(self, parent_pipe, proc):
1615
def add_pipe(self, parent_pipe):
1642
1616
# Call "handle_ipc" for both data and EOF events
1643
1617
gobject.io_add_watch(parent_pipe.fileno(),
1644
1618
gobject.IO_IN | gobject.IO_HUP,
1645
1619
functools.partial(self.handle_ipc,
1646
parent_pipe =
1647
parent_pipe,
1648
proc = proc))
1649
1620
parent_pipe = parent_pipe))
1621
1650
1622
def handle_ipc(self, source, condition, parent_pipe=None,
1651
proc = None, client_object=None):
1623
client_object=None):
1652
1624
condition_names = {
1653
1625
gobject.IO_IN: "IN", # There is data to read.
1654
1626
gobject.IO_OUT: "OUT", # Data can be written (without
1663
1635
for cond, name in
1664
1636
condition_names.iteritems()
1665
1637
if cond & condition)
1666
# error, or the other end of multiprocessing.Pipe has closed
1638
# error or the other end of multiprocessing.Pipe has closed
1667
1639
if condition & (gobject.IO_ERR | condition & gobject.IO_HUP):
1668
# Wait for other process to exit
1669
proc.join()
1670
1640
return False
1671
1641
1672
1642
# Read a request from the child
1686
1656
"dress: %s", fpr, address)
1687
1657
if self.use_dbus:
1688
1658
# Emit D-Bus signal
1689
mandos_dbus_service.ClientNotFound(fpr,
1690
address[0])
1659
mandos_dbus_service.ClientNotFound(fpr, address[0])
1691
1660
parent_pipe.send(False)
1692
1661
return False
1693
1662
1694
1663
gobject.io_add_watch(parent_pipe.fileno(),
1695
1664
gobject.IO_IN | gobject.IO_HUP,
1696
1665
functools.partial(self.handle_ipc,
1697
parent_pipe =
1698
parent_pipe,
1699
proc = proc,
1700
client_object =
1701
client))
1666
parent_pipe = parent_pipe,
1667
client_object = client))
1702
1668
parent_pipe.send(True)
1703
# remove the old hook in favor of the new above hook on
1704
# same fileno
1669
# remove the old hook in favor of the new above hook on same fileno
1705
1670
return False
1706
1671
if command == 'funcall':
1707
1672
funcname = request[1]
1708
1673
args = request[2]
1709
1674
kwargs = request[3]
1710
1675
1711
parent_pipe.send(('data', getattr(client_object,
1712
funcname)(*args,
1713
**kwargs)))
1676
parent_pipe.send(('data', getattr(client_object, funcname)(*args, **kwargs)))
1714
1677
1715
1678
if command == 'getattr':
1716
1679
attrname = request[1]
1717
1680
if callable(client_object.__getattribute__(attrname)):
1718
1681
parent_pipe.send(('function',))
1719
1682
else:
1720
parent_pipe.send(('data', client_object
1721
.__getattribute__(attrname)))
1683
parent_pipe.send(('data', client_object.__getattribute__(attrname)))
1722
1684
1723
1685
if command == 'setattr':
1724
1686
attrname = request[1]
2015
1977
try:
2016
1978
bus_name = dbus.service.BusName("se.recompile.Mandos",
2017
1979
bus, do_not_queue=True)
2018
old_bus_name = (dbus.service.BusName
2019
("se.bsnet.fukt.Mandos", bus,
2020
do_not_queue=True))
1980
old_bus_name = dbus.service.BusName("se.bsnet.fukt.Mandos",
1981
bus, do_not_queue=True)
2021
1982
except dbus.exceptions.NameExistsException as e:
2022
1983
logger.error(unicode(e) + ", disabling D-Bus")
2023
1984
use_dbus = False
2036
1997
2037
1998
client_class = Client
2038
1999
if use_dbus:
2039
client_class = functools.partial(ClientDBusTransitional,
2040
bus = bus)
2000
client_class = functools.partial(ClientDBusTransitional, bus = bus)
2041
2001
def client_config_items(config, section):
2042
2002
special_settings = {
2043
2003
"approved_by_default":
2138
2098
"Cleanup function; run on exit"
2139
2099
service.cleanup()
2140
2100
2141
multiprocessing.active_children()
2142
2101
while tcp_server.clients:
2143
2102
client = tcp_server.clients.pop()
2144
2103
if use_dbus:
2148
2107
client.disable(quiet=True)
2149
2108
if use_dbus:
2150
2109
# Emit D-Bus signal
2151
mandos_dbus_service.ClientRemoved(client
2152
.dbus_object_path,
2110
mandos_dbus_service.ClientRemoved(client.dbus_object_path,
2153
2111
client.name)
2154
2112
2155
2113
atexit.register(cleanup)
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0