def init(names, virtual_name, is_master): """ <function internal="yes"> <summary> Default init() function provided by Zorp </summary> <description> This function is a default <function>init()</function> calling the init function identified by the <parameter>name</parameter> argument. This way several Zorp instances can use the same policy file. </description> <metainfo> <attributes> <attribute maturity="stable"> <name>names</name> <type></type> <description>Names (instance name and also-as names) of this instance.</description> </attribute> <attribute maturity="stable"> <name>virtual_name</name> <type>string</type> <description> Virtual instance name of this process. If a Zorp instance is backed by multiple Zorp processes using the same configuration each process has a unique virtual instance name that is used for SZIG communication, PID file creation, etc. </description> </attribute> <attribute> <name>is_master</name> <type>int</type> <description> TRUE if Zorp is running in master mode, FALSE for slave processes. Each Zorp instance should have exactly one master process and an arbitrary number of slaves. </description> </attribute> </attributes> </metainfo> </function> """ import __main__ import SockAddr, KZorp, Matcher, Rule import kzorp.netlink import kzorp.kzorp_netlink import errno # miscelanneous initialization if config.audit.encrypt_certificate_file: try: config.audit.encrypt_certificate = open(config.audit.encrypt_certificate_file, 'r').read() except IOError: log(None, CORE_ERROR, 1, "Error reading audit encryption certificate; file='%s'", (config.audit.encrypt_certificate_file)) if config.audit.encrypt_certificate_list_file: try: config.audit.encrypt_certificate_list = [ ] for list in config.audit.encrypt_certificate_list_file: newlist = [ ] for file in list: try: newlist.append( open(file, 'r').read() ) except IOError: log(None, CORE_ERROR, 1, "Error reading audit encryption certificate; file='%s'", (file)) config.audit.encrypt_certificate_list.append( newlist ) except TypeError: log(None, CORE_ERROR, 1, "Error iterating encryption certificate file list;") if config.audit.encrypt_certificate_list == None and config.audit.encrypt_certificate: config.audit.encrypt_certificate_list = [ [ config.audit.encrypt_certificate ] ] if config.audit.sign_private_key_file: try: config.audit.sign_private_key = open(config.audit.sign_private_key_file, 'r').read() except IOError: log(None, CORE_ERROR, 1, "Error reading audit signature's private key; file='%s'", (config.audit.sign_private_key_file)) if config.audit.sign_certificate_file: try: config.audit.sign_certificate = open(config.audit.sign_certificate_file, 'r').read() except IOError: log(None, CORE_ERROR, 1, "Error reading audit signature's certificate; file='%s'", (config.audit.sign_certificate_file)) Globals.rules = Rule.RuleSet() if config.options.kzorp_enabled: # ping kzorp to see if it's there try: h = kzorp.kzorp_netlink.Handle() Globals.kzorp_available = True except: Globals.kzorp_available = False log(None, CORE_ERROR, 0, "Error pinging KZorp, it is probably unavailable; exc_value='%s'" % (sys.exc_value)) Globals.instance_name = names[0] for i in names: try: func = getattr(__main__, i) except AttributeError: ## LOG ## # This message indicates that the initialization function of # the given instance was not found in the policy file. ## log(None, CORE_ERROR, 0, "Instance definition not found in policy; instance='%s'", (names,)) return FALSE func() Matcher.validateMatchers() if Globals.kzorp_available: try: KZorp.downloadKZorpConfig(names[0], is_master) except: ## LOG ## # This message indicates that downloading the necessary information to the # kernel-level KZorp subsystem has failed. ## log(None, CORE_ERROR, 0, "Error downloading KZorp configuration, Python traceback follows; error='%s'" % (sys.exc_value)) for s in traceback.format_tb(sys.exc_traceback): for l in s.split("\n"): if l: log(None, CORE_ERROR, 0, "Traceback: %s" % (l)) # if kzorp did respond to the ping, the configuration is erroneous -- we die here so the user finds out return FALSE return TRUE