def init(names):
"""
<function internal="yes">
<summary>
Default init() function provided by Zorp
</summary>
<description>
This function is a default <function>init()</function> calling the init function
identified by the <parameter>name</parameter> argument. This way several Zorp
instances can use the same policy file.
</description>
<metainfo>
<attributes>
<attribute maturity="stable">
<name>name</name>
<type></type>
<description>Name of this instance.</description>
</attribute>
</attributes>
</metainfo>
</function>
"""
import __main__
import SockAddr, KZorp
import kznf.nfnetlink
import kznf.kznfnetlink
import errno
# miscelanneous initialization
if config.audit.encrypt_certificate_file:
try:
config.audit.encrypt_certificate = open(config.audit.encrypt_certificate_file, 'r').read()
except IOError:
log(None, CORE_ERROR, 1, "Error reading audit encryption certificate; file='%s'", (config.audit.encrypt_certificate_file))
if config.audit.encrypt_certificate_list_file:
try:
config.audit.encrypt_certificate_list = [ ]
for list in config.audit.encrypt_certificate_list_file:
newlist = [ ]
for file in list:
try:
newlist.append( open(file, 'r').read() )
except IOError:
log(None, CORE_ERROR, 1, "Error reading audit encryption certificate; file='%s'", (file))
config.audit.encrypt_certificate_list.append( newlist )
except TypeError:
log(None, CORE_ERROR, 1, "Error iterating encryption certificate file list;")
if config.audit.encrypt_certificate_list == None and config.audit.encrypt_certificate:
config.audit.encrypt_certificate_list = [ [ config.audit.encrypt_certificate ] ]
if config.audit.sign_private_key_file:
try:
config.audit.sign_private_key = open(config.audit.sign_private_key_file, 'r').read()
except IOError:
log(None, CORE_ERROR, 1, "Error reading audit signature's private key; file='%s'", (config.audit.sign_private_key_file))
if config.audit.sign_certificate_file:
try:
config.audit.sign_certificate = open(config.audit.sign_certificate_file, 'r').read()
except IOError:
log(None, CORE_ERROR, 1, "Error reading audit signature's certificate; file='%s'", (config.audit.sign_certificate_file))
Globals.kzorp_responds_to_ping = False
if config.options.kzorp_enabled:
# ping kzorp to see if it's there
try:
h = KZorp.openHandle()
m = h.create_message(kznf.nfnetlink.NFNL_SUBSYS_KZORP, kznf.kznfnetlink.KZNL_MSG_GET_ZONE,
kznf.nfnetlink.NLM_F_REQUEST | kznf.nfnetlink.NLM_F_DUMP)
m.set_nfmessage(kznf.kznfnetlink.create_get_zone_msg(None))
result = h.talk(m, (0, 0), KZorp.netlinkmsg_handler)
if result < 0:
log(None, CORE_ERROR, 0, "Error pinging KZorp, it is probably unavailable; result='%d'" % (result))
else:
Globals.kzorp_responds_to_ping = True
except:
log(None, CORE_ERROR, 0, "Error pinging KZorp, it is probably unavailable; exc_value='%s'" % (sys.exc_value))
Globals.instance_name = names[0]
for i in names:
try:
func = getattr(__main__, i)
except AttributeError:
## LOG ##
# This message indicates that the initialization function of
# the given instance was not found in the policy file.
##
log(None, CORE_ERROR, 0, "Instance definition not found in policy; instance='%s'", (names,))
return FALSE
func()
if config.options.kzorp_enabled:
# ping kzorp to see if it's there
try:
h = KZorp.openHandle()
m = h.create_message(kznf.nfnetlink.NFNL_SUBSYS_KZORP, kznf.kznfnetlink.KZNL_MSG_GET_ZONE,
kznf.nfnetlink.NLM_F_REQUEST)
m.set_nfmessage(kznf.kznfnetlink.create_get_zone_msg("__nonexistent_zone__"))
result = h.talk(m, (0, 0), KZorp.netlinkmsg_handler)
if result < 0 and result != -errno.ENOENT:
log(None, CORE_ERROR, 0, "Error pinging KZorp, it is probably unavailable; result='%d'" % (result))
else:
Globals.kzorp_responds_to_ping = True
except:
log(None, CORE_ERROR, 0, "Error pinging KZorp, it is probably unavailable; exc_value='%s'" % (sys.exc_value))
if Globals.kzorp_responds_to_ping:
try:
KZorp.downloadKZorpConfig(names[0])
except:
## LOG ##
# This message indicates that downloading the necessary information to the
# kernel-level KZorp subsystem has failed.
##
log(None, CORE_ERROR, 0, "Error downloading KZorp configuration, Python traceback follows; error='%s'" % (sys.exc_value))
for s in traceback.format_tb(sys.exc_traceback):
for l in s.split("\n"):
if l:
log(None, CORE_ERROR, 0, "Traceback: %s" % (l))
# if kzorp did respond to the ping, the configuration is erroneous -- we die here so the user finds out
return FALSE
return TRUE
def init(names):
"""
<function internal="yes">
<summary>
Default init() function provided by Zorp
</summary>
<description>
This function is a default <function>init()</function> calling the init function
identified by the <parameter>name</parameter> argument. This way several Zorp
instances can use the same policy file.
</description>
<metainfo>
<attributes>
<attribute maturity="stable">
<name>name</name>
<type></type>
<description>Name of this instance.</description>
</attribute>
</attributes>
</metainfo>
</function>
"""
import __main__
import SockAddr, KZorp
import kznf.nfnetlink
import kznf.kznfnetlink
import errno
# miscelanneous initialization
if config.audit.encrypt_certificate_file:
try:
config.audit.encrypt_certificate = open(config.audit.encrypt_certificate_file, 'r').read()
except IOError:
log(None, CORE_ERROR, 1, "Error reading audit encryption certificate; file='%s'", (config.audit.encrypt_certificate_file))
if config.audit.encrypt_certificate_list_file:
try:
config.audit.encrypt_certificate_list = [ ]
for list in config.audit.encrypt_certificate_list_file:
newlist = [ ]
for file in list:
try:
newlist.append( open(file, 'r').read() )
except IOError:
log(None, CORE_ERROR, 1, "Error reading audit encryption certificate; file='%s'", (file))
config.audit.encrypt_certificate_list.append( newlist )
except TypeError:
log(None, CORE_ERROR, 1, "Error iterating encryption certificate file list;")
if config.audit.encrypt_certificate_list == None and config.audit.encrypt_certificate:
config.audit.encrypt_certificate_list = [ [ config.audit.encrypt_certificate ] ]
if config.audit.sign_private_key_file:
try:
config.audit.sign_private_key = open(config.audit.sign_private_key_file, 'r').read()
except IOError:
log(None, CORE_ERROR, 1, "Error reading audit signature's private key; file='%s'", (config.audit.sign_private_key_file))
if config.audit.sign_certificate_file:
try:
config.audit.sign_certificate = open(config.audit.sign_certificate_file, 'r').read()
except IOError:
log(None, CORE_ERROR, 1, "Error reading audit signature's certificate; file='%s'", (config.audit.sign_certificate_file))
Globals.kzorp_responds_to_ping = False
if config.options.kzorp_enabled:
# ping kzorp to see if it's there
try:
h = KZorp.openHandle()
m = h.create_message(kznf.nfnetlink.NFNL_SUBSYS_KZORP, kznf.kznfnetlink.KZNL_MSG_GET_ZONE,
kznf.nfnetlink.NLM_F_REQUEST | kznf.nfnetlink.NLM_F_DUMP)
m.set_nfmessage(kznf.kznfnetlink.create_get_zone_msg(None))
result = h.talk(m, (0, 0), KZorp.netlinkmsg_handler)
if result < 0:
log(None, CORE_ERROR, 0, "Error pinging KZorp, it is probably unavailable; result='%d'" % (result))
else:
Globals.kzorp_responds_to_ping = True
except:
log(None, CORE_ERROR, 0, "Error pinging KZorp, it is probably unavailable; exc_value='%s'" % (sys.exc_value))
Globals.instance_name = names[0]
for i in names:
try:
func = getattr(__main__, i)
except AttributeError:
## LOG ##
# This message indicates that the initialization function of
# the given instance was not found in the policy file.
##
log(None, CORE_ERROR, 0, "Instance definition not found in policy; instance='%s'", (names,))
return FALSE
func()
if Globals.kzorp_responds_to_ping:
try:
KZorp.downloadKZorpConfig(names[0])
except:
## LOG ##
# This message indicates that downloading the necessary information to the
# kernel-level KZorp subsystem has failed.
##
log(None, CORE_ERROR, 0, "Error downloading KZorp configuration, Python traceback follows; error='%s'" % (sys.exc_value))
for s in traceback.format_tb(sys.exc_traceback):
for l in s.split("\n"):
if l:
log(None, CORE_ERROR, 0, "Traceback: %s" % (l))
# if kzorp did respond to the ping, the configuration is erroneous -- we die here so the user finds out
return FALSE
return TRUE
