def init(names): """ <function internal="yes"> <summary> Default init() function provided by Zorp </summary> <description> This function is a default <function>init()</function> calling the init function identified by the <parameter>name</parameter> argument. This way several Zorp instances can use the same policy file. </description> <metainfo> <attributes> <attribute maturity="stable"> <name>name</name> <type></type> <description>Name of this instance.</description> </attribute> </attributes> </metainfo> </function> """ import __main__ import SockAddr, KZorp import kznf.nfnetlink import kznf.kznfnetlink import errno # miscelanneous initialization if config.audit.encrypt_certificate_file: try: config.audit.encrypt_certificate = open(config.audit.encrypt_certificate_file, 'r').read() except IOError: log(None, CORE_ERROR, 1, "Error reading audit encryption certificate; file='%s'", (config.audit.encrypt_certificate_file)) if config.audit.encrypt_certificate_list_file: try: config.audit.encrypt_certificate_list = [ ] for list in config.audit.encrypt_certificate_list_file: newlist = [ ] for file in list: try: newlist.append( open(file, 'r').read() ) except IOError: log(None, CORE_ERROR, 1, "Error reading audit encryption certificate; file='%s'", (file)) config.audit.encrypt_certificate_list.append( newlist ) except TypeError: log(None, CORE_ERROR, 1, "Error iterating encryption certificate file list;") if config.audit.encrypt_certificate_list == None and config.audit.encrypt_certificate: config.audit.encrypt_certificate_list = [ [ config.audit.encrypt_certificate ] ] if config.audit.sign_private_key_file: try: config.audit.sign_private_key = open(config.audit.sign_private_key_file, 'r').read() except IOError: log(None, CORE_ERROR, 1, "Error reading audit signature's private key; file='%s'", (config.audit.sign_private_key_file)) if config.audit.sign_certificate_file: try: config.audit.sign_certificate = open(config.audit.sign_certificate_file, 'r').read() except IOError: log(None, CORE_ERROR, 1, "Error reading audit signature's certificate; file='%s'", (config.audit.sign_certificate_file)) Globals.kzorp_responds_to_ping = False if config.options.kzorp_enabled: # ping kzorp to see if it's there try: h = KZorp.openHandle() m = h.create_message(kznf.nfnetlink.NFNL_SUBSYS_KZORP, kznf.kznfnetlink.KZNL_MSG_GET_ZONE, kznf.nfnetlink.NLM_F_REQUEST | kznf.nfnetlink.NLM_F_DUMP) m.set_nfmessage(kznf.kznfnetlink.create_get_zone_msg(None)) result = h.talk(m, (0, 0), KZorp.netlinkmsg_handler) if result < 0: log(None, CORE_ERROR, 0, "Error pinging KZorp, it is probably unavailable; result='%d'" % (result)) else: Globals.kzorp_responds_to_ping = True except: log(None, CORE_ERROR, 0, "Error pinging KZorp, it is probably unavailable; exc_value='%s'" % (sys.exc_value)) Globals.instance_name = names[0] for i in names: try: func = getattr(__main__, i) except AttributeError: ## LOG ## # This message indicates that the initialization function of # the given instance was not found in the policy file. ## log(None, CORE_ERROR, 0, "Instance definition not found in policy; instance='%s'", (names,)) return FALSE func() if config.options.kzorp_enabled: # ping kzorp to see if it's there try: h = KZorp.openHandle() m = h.create_message(kznf.nfnetlink.NFNL_SUBSYS_KZORP, kznf.kznfnetlink.KZNL_MSG_GET_ZONE, kznf.nfnetlink.NLM_F_REQUEST) m.set_nfmessage(kznf.kznfnetlink.create_get_zone_msg("__nonexistent_zone__")) result = h.talk(m, (0, 0), KZorp.netlinkmsg_handler) if result < 0 and result != -errno.ENOENT: log(None, CORE_ERROR, 0, "Error pinging KZorp, it is probably unavailable; result='%d'" % (result)) else: Globals.kzorp_responds_to_ping = True except: log(None, CORE_ERROR, 0, "Error pinging KZorp, it is probably unavailable; exc_value='%s'" % (sys.exc_value)) if Globals.kzorp_responds_to_ping: try: KZorp.downloadKZorpConfig(names[0]) except: ## LOG ## # This message indicates that downloading the necessary information to the # kernel-level KZorp subsystem has failed. ## log(None, CORE_ERROR, 0, "Error downloading KZorp configuration, Python traceback follows; error='%s'" % (sys.exc_value)) for s in traceback.format_tb(sys.exc_traceback): for l in s.split("\n"): if l: log(None, CORE_ERROR, 0, "Traceback: %s" % (l)) # if kzorp did respond to the ping, the configuration is erroneous -- we die here so the user finds out return FALSE return TRUE
def init(names): """ <function internal="yes"> <summary> Default init() function provided by Zorp </summary> <description> This function is a default <function>init()</function> calling the init function identified by the <parameter>name</parameter> argument. This way several Zorp instances can use the same policy file. </description> <metainfo> <attributes> <attribute maturity="stable"> <name>name</name> <type></type> <description>Name of this instance.</description> </attribute> </attributes> </metainfo> </function> """ import __main__ import SockAddr, KZorp import kznf.nfnetlink import kznf.kznfnetlink import errno # miscelanneous initialization if config.audit.encrypt_certificate_file: try: config.audit.encrypt_certificate = open(config.audit.encrypt_certificate_file, 'r').read() except IOError: log(None, CORE_ERROR, 1, "Error reading audit encryption certificate; file='%s'", (config.audit.encrypt_certificate_file)) if config.audit.encrypt_certificate_list_file: try: config.audit.encrypt_certificate_list = [ ] for list in config.audit.encrypt_certificate_list_file: newlist = [ ] for file in list: try: newlist.append( open(file, 'r').read() ) except IOError: log(None, CORE_ERROR, 1, "Error reading audit encryption certificate; file='%s'", (file)) config.audit.encrypt_certificate_list.append( newlist ) except TypeError: log(None, CORE_ERROR, 1, "Error iterating encryption certificate file list;") if config.audit.encrypt_certificate_list == None and config.audit.encrypt_certificate: config.audit.encrypt_certificate_list = [ [ config.audit.encrypt_certificate ] ] if config.audit.sign_private_key_file: try: config.audit.sign_private_key = open(config.audit.sign_private_key_file, 'r').read() except IOError: log(None, CORE_ERROR, 1, "Error reading audit signature's private key; file='%s'", (config.audit.sign_private_key_file)) if config.audit.sign_certificate_file: try: config.audit.sign_certificate = open(config.audit.sign_certificate_file, 'r').read() except IOError: log(None, CORE_ERROR, 1, "Error reading audit signature's certificate; file='%s'", (config.audit.sign_certificate_file)) Globals.kzorp_responds_to_ping = False if config.options.kzorp_enabled: # ping kzorp to see if it's there try: h = KZorp.openHandle() m = h.create_message(kznf.nfnetlink.NFNL_SUBSYS_KZORP, kznf.kznfnetlink.KZNL_MSG_GET_ZONE, kznf.nfnetlink.NLM_F_REQUEST | kznf.nfnetlink.NLM_F_DUMP) m.set_nfmessage(kznf.kznfnetlink.create_get_zone_msg(None)) result = h.talk(m, (0, 0), KZorp.netlinkmsg_handler) if result < 0: log(None, CORE_ERROR, 0, "Error pinging KZorp, it is probably unavailable; result='%d'" % (result)) else: Globals.kzorp_responds_to_ping = True except: log(None, CORE_ERROR, 0, "Error pinging KZorp, it is probably unavailable; exc_value='%s'" % (sys.exc_value)) Globals.instance_name = names[0] for i in names: try: func = getattr(__main__, i) except AttributeError: ## LOG ## # This message indicates that the initialization function of # the given instance was not found in the policy file. ## log(None, CORE_ERROR, 0, "Instance definition not found in policy; instance='%s'", (names,)) return FALSE func() if Globals.kzorp_responds_to_ping: try: KZorp.downloadKZorpConfig(names[0]) except: ## LOG ## # This message indicates that downloading the necessary information to the # kernel-level KZorp subsystem has failed. ## log(None, CORE_ERROR, 0, "Error downloading KZorp configuration, Python traceback follows; error='%s'" % (sys.exc_value)) for s in traceback.format_tb(sys.exc_traceback): for l in s.split("\n"): if l: log(None, CORE_ERROR, 0, "Traceback: %s" % (l)) # if kzorp did respond to the ping, the configuration is erroneous -- we die here so the user finds out return FALSE return TRUE