def init(names, virtual_name, is_master):
"""
<function internal="yes">
<summary>
Default init() function provided by Zorp
</summary>
<description>
This function is a default <function>init()</function> calling the init function
identified by the <parameter>name</parameter> argument. This way several Zorp
instances can use the same policy file.
</description>
<metainfo>
<attributes>
<attribute maturity="stable">
<name>names</name>
<type></type>
<description>Names (instance name and also-as names) of this instance.</description>
</attribute>
<attribute maturity="stable">
<name>virtual_name</name>
<type>string</type>
<description>
Virtual instance name of this process. If a Zorp instance is backed by multiple
Zorp processes using the same configuration each process has a unique virtual
instance name that is used for SZIG communication, PID file creation, etc.
</description>
</attribute>
<attribute>
<name>is_master</name>
<type>int</type>
<description>
TRUE if Zorp is running in master mode, FALSE for slave processes. Each Zorp instance
should have exactly one master process and an arbitrary number of slaves.
</description>
</attribute>
</attributes>
</metainfo>
</function>
"""
import __main__
import SockAddr, KZorp, Matcher, Rule
import kzorp.netlink
import kzorp.kzorp_netlink
import errno
# miscelanneous initialization
if config.audit.encrypt_certificate_file:
try:
config.audit.encrypt_certificate = open(config.audit.encrypt_certificate_file, 'r').read()
except IOError:
log(None, CORE_ERROR, 1, "Error reading audit encryption certificate; file='%s'", (config.audit.encrypt_certificate_file))
if config.audit.encrypt_certificate_list_file:
try:
config.audit.encrypt_certificate_list = [ ]
for list in config.audit.encrypt_certificate_list_file:
newlist = [ ]
for file in list:
try:
newlist.append( open(file, 'r').read() )
except IOError:
log(None, CORE_ERROR, 1, "Error reading audit encryption certificate; file='%s'", (file))
config.audit.encrypt_certificate_list.append( newlist )
except TypeError:
log(None, CORE_ERROR, 1, "Error iterating encryption certificate file list;")
if config.audit.encrypt_certificate_list == None and config.audit.encrypt_certificate:
config.audit.encrypt_certificate_list = [ [ config.audit.encrypt_certificate ] ]
if config.audit.sign_private_key_file:
try:
config.audit.sign_private_key = open(config.audit.sign_private_key_file, 'r').read()
except IOError:
log(None, CORE_ERROR, 1, "Error reading audit signature's private key; file='%s'", (config.audit.sign_private_key_file))
if config.audit.sign_certificate_file:
try:
config.audit.sign_certificate = open(config.audit.sign_certificate_file, 'r').read()
except IOError:
log(None, CORE_ERROR, 1, "Error reading audit signature's certificate; file='%s'", (config.audit.sign_certificate_file))
Globals.rules = Rule.RuleSet()
if config.options.kzorp_enabled:
# ping kzorp to see if it's there
try:
h = kzorp.kzorp_netlink.Handle()
Globals.kzorp_available = True
except:
Globals.kzorp_available = False
log(None, CORE_ERROR, 0, "Error pinging KZorp, it is probably unavailable; exc_value='%s'" % (sys.exc_value))
Globals.instance_name = names[0]
for i in names:
try:
func = getattr(__main__, i)
except AttributeError:
## LOG ##
# This message indicates that the initialization function of
# the given instance was not found in the policy file.
##
log(None, CORE_ERROR, 0, "Instance definition not found in policy; instance='%s'", (names,))
return FALSE
func()
Matcher.validateMatchers()
if Globals.kzorp_available:
try:
KZorp.downloadKZorpConfig(names[0], is_master)
except:
## LOG ##
# This message indicates that downloading the necessary information to the
# kernel-level KZorp subsystem has failed.
##
log(None, CORE_ERROR, 0, "Error downloading KZorp configuration, Python traceback follows; error='%s'" % (sys.exc_value))
for s in traceback.format_tb(sys.exc_traceback):
for l in s.split("\n"):
if l:
log(None, CORE_ERROR, 0, "Traceback: %s" % (l))
# if kzorp did respond to the ping, the configuration is erroneous -- we die here so the user finds out
return FALSE
return TRUE
