/mandos/trunk : revision 861

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

Committer: Teddy Hogeborn
Date: 2016-06-23 21:11:31 UTC
mfrom: (237.4.80 release)
Revision ID: teddy@recompile.se-20160623211131-s3hf7q71i3l1gx2c

Merge from release branch

files modified:
Makefile

NEWS

TODO

common.ent

debian/changelog

debian/control

debian/mandos-client.README.Debian

debian/mandos-client.postinst

debian/rules

initramfs-tools-hook

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-monitor

mandos.lsm

Show diffs side-by-side

added added

removed removed

mandos

import xml.dom.minidom

import inspect

# Try to find the value of SO_BINDTODEVICE:

try:

# This is where SO_BINDTODEVICE is in Python 3.3 (or 3.4?) and

# newer, and it is also the most natural place for it:

SO_BINDTODEVICE = socket.SO_BINDTODEVICE

except AttributeError:

try:

# This is where SO_BINDTODEVICE was up to and including Python

# 2.6, and also 3.2:

from IN import SO_BINDTODEVICE

except ImportError:

SO_BINDTODEVICE = None

100

# In Python 2.7 it seems to have been removed entirely.

101

# Try running the C preprocessor:

102

try:

103

cc = subprocess.Popen(["cc", "--language=c", "-E",

104

"/dev/stdin"],

105

stdin=subprocess.PIPE,

106

stdout=subprocess.PIPE)

107

stdout = cc.communicate(

108

"#include <sys/socket.h>\nSO_BINDTODEVICE\n")[0]

109

SO_BINDTODEVICE = int(stdout.splitlines()[-1])

110

except (OSError, ValueError, IndexError):

111

# No value found

112

SO_BINDTODEVICE = None

113

114

if sys.version_info.major == 2:

115

str = unicode

116

100

version = "1.7.7"

117

version = "1.7.10"

101

118

stored_state_file = "clients.pickle"

102

119

103

120

logger = logging.getLogger()

180

197

self.gnupgargs = ['--batch',

181

198

'--homedir', self.tempdir,

182

199

'--force-mdc',

183

'--quiet',

184

'--no-use-agent']

200

'--quiet']

201

# Only GPG version 1 has the --no-use-agent option.

202

if self.gpg == "gpg" or self.gpg.endswith("/gpg"):

203

self.gnupgargs.append("--no-use-agent")

185

204

186

205

def __enter__(self):

187

206

return self

2172

2191

priority = self.server.gnutls_priority

2173

2192

if priority is None:

2174

2193

priority = "NORMAL"

2175

gnutls.priority_set_direct(session._c_object, priority,

2194

gnutls.priority_set_direct(session._c_object,

2195

priority.encode("utf-8"),

2176

2196

None)

2177

2197

2178

2198

# Start communication using the Mandos protocol

2433

2453

"""This overrides the normal server_bind() function

2434

2454

to bind to an interface if one was specified, and also NOT to

2435

2455

bind to an address or port if they were not specified."""

2456

global SO_BINDTODEVICE

2436

2457

if self.interface is not None:

2437

2458

if SO_BINDTODEVICE is None:

2438

logger.error("SO_BINDTODEVICE does not exist;"

2439

" cannot bind to interface %s",

2440

self.interface)

2441

else:

2442

try:

2443

self.socket.setsockopt(

2444

socket.SOL_SOCKET, SO_BINDTODEVICE,

2445

(self.interface + "\0").encode("utf-8"))

2446

except socket.error as error:

2447

if error.errno == errno.EPERM:

2448

logger.error("No permission to bind to"

2449

" interface %s", self.interface)

2450

elif error.errno == errno.ENOPROTOOPT:

2451

logger.error("SO_BINDTODEVICE not available;"

2452

" cannot bind to interface %s",

2453

self.interface)

2454

elif error.errno == errno.ENODEV:

2455

logger.error("Interface %s does not exist,"

2456

" cannot bind", self.interface)

2457

else:

2458

raise

2459

# Fall back to a hard-coded value which seems to be

2460

# common enough.

2461

logger.warning("SO_BINDTODEVICE not found, trying 25")

2462

SO_BINDTODEVICE = 25

2463

try:

2464

self.socket.setsockopt(

2465

socket.SOL_SOCKET, SO_BINDTODEVICE,

2466

(self.interface + "\0").encode("utf-8"))

2467

except socket.error as error:

2468

if error.errno == errno.EPERM:

2469

logger.error("No permission to bind to"

2470

" interface %s", self.interface)

2471

elif error.errno == errno.ENOPROTOOPT:

2472

logger.error("SO_BINDTODEVICE not available;"

2473

" cannot bind to interface %s",

2474

self.interface)

2475

elif error.errno == errno.ENODEV:

2476

logger.error("Interface %s does not exist,"

2477

" cannot bind", self.interface)

2478

else:

2479

raise

2459

2480

# Only bind(2) the socket if we really need to.

2460

2481

if self.server_address[0] or self.server_address[1]:

2461

2482

if not self.server_address[0]:

3307

3328

3308

3329

mandos_dbus_service = MandosDBusService()

3309

3330

3331

# Save modules to variables to exempt the modules from being

3332

# unloaded before the function registered with atexit() is run.

3333

mp = multiprocessing

3334

wn = wnull

3310

3335

def cleanup():

3311

3336

"Cleanup function; run on exit"

3312

3337

if zeroconf:

3313

3338

service.cleanup()

3314

3339

3315

multiprocessing.active_children()

3316

wnull.close()

3340

mp.active_children()

3341

wn.close()

3317

3342

if not (tcp_server.clients or client_settings):

3318

3343

return

3319

3344

Older »