544 lines
20 KiB
Python
Executable File
544 lines
20 KiB
Python
Executable File
#! /usr/bin/python3
|
|
# networkd-dispatcher
|
|
# Dispatcher service for systemd-networkd
|
|
# Copyright(c) 2016 by wave++ "Yuri D'Elia" <wavexx@thregr.org>
|
|
# Distributed under GPLv3+ (see COPYING) WITHOUT ANY WARRANTY.
|
|
# Copyright(c) 2018-2020 by craftyguy "Clayton Craft" <clayton@craftyguy.net>
|
|
# Distributed under GPLv3+ (see COPYING) WITHOUT ANY WARRANTY.
|
|
|
|
|
|
from __future__ import print_function, division, generators, unicode_literals
|
|
|
|
import argparse
|
|
import collections
|
|
import errno
|
|
import json
|
|
import logging
|
|
import os
|
|
import pathlib
|
|
import re
|
|
import socket
|
|
import subprocess
|
|
import sys
|
|
|
|
# Try to import the dynamic glib, or try to fall back to static
|
|
try:
|
|
from gi.repository import GLib as glib # pragma: no cover
|
|
except ImportError: # pragma: no cover
|
|
import glib # pragma: no cover
|
|
|
|
import dbus
|
|
import dbus.mainloop.glib
|
|
|
|
logger = logging.getLogger('networkd-dispatcher')
|
|
|
|
|
|
# Detect up-front which commands we use exist
|
|
def resolve_path(cmdname):
|
|
for dirname in os.environ['PATH'].split(':'):
|
|
path = os.path.join(dirname, cmdname)
|
|
if os.path.exists(path):
|
|
return path
|
|
logger.warning('No valid path found for %s', cmdname)
|
|
return None
|
|
|
|
|
|
# Constants
|
|
NETWORKCTL = resolve_path('networkctl')
|
|
DEFAULT_SCRIPT_DIR = '/etc/networkd-dispatcher:/usr/lib/networkd-dispatcher'
|
|
|
|
# Supported wireless tools
|
|
IWCONFIG = resolve_path('iwconfig')
|
|
IW = resolve_path('iw')
|
|
|
|
LOG_FORMAT = '%(levelname)s:%(message)s'
|
|
|
|
SINGLETONS = {'Type', 'ESSID', 'OperationalState'}
|
|
|
|
# taken from https://www.freedesktop.org/software/systemd/man/networkctl.html
|
|
ADMIN_STATES = ['configured', 'configuring', 'failed', 'pending', 'unmanaged',
|
|
'linger', 'initialized']
|
|
OPER_STATES = ['carrier', 'degraded', 'degraded-carrier', 'dormant',
|
|
'enslaved', 'missing', 'no-carrier', 'off', 'routable']
|
|
|
|
AddressList = collections.namedtuple('AddressList', ['ipv4', 'ipv6'])
|
|
NetworkctlListState = collections.namedtuple('NetworkctlListState',
|
|
['idx', 'name', 'type',
|
|
'operational', 'administrative'])
|
|
|
|
|
|
class UnknownState(Exception):
|
|
pass
|
|
|
|
|
|
def unquote(buf, char='\\'):
|
|
"""Remove escape characters from iwconfig ESSID output"""
|
|
idx = 0
|
|
while True:
|
|
idx = buf.find(char, idx)
|
|
if idx < 0:
|
|
break
|
|
buf = buf[:idx] + buf[idx+1:]
|
|
idx += 1
|
|
return buf
|
|
|
|
|
|
def get_networkctl_list():
|
|
"""Update the mapping from interface index numbers to state"""
|
|
try:
|
|
out = subprocess.check_output([NETWORKCTL, 'list', '--no-pager',
|
|
'--no-legend'])
|
|
except subprocess.CalledProcessError as e:
|
|
logger.error('networkctl list failed: %s', e)
|
|
return []
|
|
|
|
result = []
|
|
for line in out.split(b'\n')[:-1]:
|
|
fields = line.decode('utf-8', errors='replace').split()
|
|
idx_s = fields.pop(0)
|
|
result.append(NetworkctlListState(int(idx_s), *fields))
|
|
return result
|
|
|
|
|
|
def get_networkctl_status(iface_name):
|
|
"""Return a dictionary mapping keys to lists (or strings if
|
|
in SINGLETONS)"""
|
|
data = collections.defaultdict(list)
|
|
try:
|
|
out = subprocess.check_output([NETWORKCTL, 'status', '--no-pager',
|
|
'--no-legend', '--', iface_name])
|
|
except subprocess.CalledProcessError as e:
|
|
logger.error('Failed to get interface "%s" status: %s', iface_name, e)
|
|
return data
|
|
|
|
out = out.decode('utf-8', errors='replace')
|
|
oldk = None
|
|
for line in out.split('\n')[1:-1]:
|
|
kv = line.split(': ', 1)
|
|
k = oldk if len(kv) == 1 else kv[0].strip()
|
|
v = kv[-1].strip()
|
|
if not v:
|
|
continue
|
|
|
|
# normalize some values that changed in v244 & v246
|
|
if k == 'Address':
|
|
v = re.sub(r' \(DHCP4.*\)$', '', v)
|
|
|
|
oldk = k
|
|
|
|
if k in SINGLETONS:
|
|
data[k] = v
|
|
else:
|
|
data[k].append(v)
|
|
return data
|
|
|
|
|
|
def get_wlan_essid(iface_name):
|
|
"""Given an interface name, return its ESSID"""
|
|
if IWCONFIG is None:
|
|
if IW is None:
|
|
logger.error('Unable to retrieve ESSID for wireless interface %s: '
|
|
'no supported wireless tool installed', iface_name)
|
|
return ''
|
|
return iw_get_ssid(iface_name)
|
|
return iwconfig_get_ssid(iface_name)
|
|
|
|
|
|
def iw_get_ssid(iface_name):
|
|
out = subprocess.check_output([IW, iface_name, 'link'])
|
|
lines = out.decode('utf-8', errors='replace').split('\n')
|
|
line = [s for s in lines if 'SSID' in s]
|
|
if not line:
|
|
logger.warning('Unable to retrieve ESSID for wireless interface %s.',
|
|
iface_name)
|
|
return ''
|
|
essid = line[0].rsplit(" ")[1]
|
|
return unquote(essid)
|
|
|
|
|
|
def iwconfig_get_ssid(iface_name):
|
|
out = subprocess.check_output([IWCONFIG, '--', iface_name])
|
|
line = out.split(b'\n')[0].decode('utf-8', errors='replace')
|
|
essid = line[line.find('ESSID:')+7:-3]
|
|
return unquote(essid)
|
|
|
|
|
|
def check_perms(path, mode=0o755, uid=0, gid=0):
|
|
""" Check that the given file or dir @ path has the given mode set, and is
|
|
owned by the given uid/gid. Symlinks are *not* followed. Raises
|
|
FileNotFoundError if path doesn't exist."""
|
|
|
|
if not os.path.exists(path):
|
|
raise FileNotFoundError
|
|
st = os.stat(path, follow_symlinks=False)
|
|
st_mode = st.st_mode & 0x00FFF
|
|
if st.st_uid == uid and st.st_gid == gid and st_mode == mode:
|
|
return True
|
|
|
|
logger.error("invalid permissions on %s. expected mode=%s, uid=%d, "
|
|
"gid=%d; got mode=%s, uid=%d, gid=%d", path, oct(mode), uid,
|
|
gid, oct(st_mode), st.st_uid, st.st_gid)
|
|
return False
|
|
|
|
|
|
def scripts_in_path(path, subdir):
|
|
"""Given directory names in PATH notation (separated by :), and a
|
|
subdirectory name, return a sorted list of executables
|
|
contained in that subdirectory, such that executables in earlier
|
|
path components override those with the same name in later path
|
|
components."""
|
|
script_list = []
|
|
base_filenames = set()
|
|
for one_path in path.split(":"):
|
|
one_path = os.path.join(one_path, subdir)
|
|
if not os.path.exists(one_path):
|
|
logger.debug("Path %r does not exist; skipping", one_path)
|
|
continue
|
|
base_filenames.update(os.listdir(one_path))
|
|
|
|
for filename in sorted(base_filenames):
|
|
for one_path in path.split(":"):
|
|
pathname = os.path.join(one_path, subdir, filename)
|
|
|
|
if os.path.isfile(pathname):
|
|
try:
|
|
realpath = pathlib.Path(pathname).resolve()
|
|
|
|
# Make sure that the file's parent dir has the correct
|
|
# perms, without following any symlinks
|
|
if not check_perms(os.path.dirname(pathname),
|
|
0o755, 0, 0):
|
|
continue
|
|
|
|
# Make sure file has correct perms, after following any
|
|
# symlink(s)
|
|
if not check_perms(realpath, 0o755, 0, 0):
|
|
continue
|
|
except FileNotFoundError:
|
|
continue
|
|
|
|
script_list.append(pathname)
|
|
break
|
|
|
|
return script_list
|
|
|
|
|
|
def parse_address_strings(addrs):
|
|
"""Given a list of addresses, discard uninteresting ones, and sort the rest
|
|
into IPv4 vs IPv6"""
|
|
ip4addrs = []
|
|
ip6addrs = []
|
|
for addr in addrs:
|
|
if addr.startswith('127.') or \
|
|
addr.startswith('fe80:'):
|
|
continue
|
|
if ':' in addr:
|
|
ip6addrs.append(addr)
|
|
elif '.' in addr:
|
|
ip4addrs.append(addr)
|
|
return AddressList(ip4addrs, ip6addrs)
|
|
|
|
|
|
def get_interface_data(iface):
|
|
"""Return JSON-serializable data representing all state needed to run
|
|
hooks for the given interface"""
|
|
data = {'Type': iface.type, 'OperationalState': iface.operational,
|
|
'AdministrativeState': iface.administrative,
|
|
"InterfaceName": iface.name}
|
|
# Always collect what data we can.
|
|
data.update(get_networkctl_status(iface.name))
|
|
# The returned state may be different than what was read from
|
|
# 'networkctl list', so construct state based on th iface data.
|
|
# See Issue #24.
|
|
data['State'] = (data.get('OperationalState', '') + " (" +
|
|
data.get('AdministrativeState', '') + ")")
|
|
if data.get('Type') == 'wlan':
|
|
data['ESSID'] = get_wlan_essid(iface.name)
|
|
return data
|
|
|
|
|
|
class Dispatcher():
|
|
iface_names_by_idx = {} # only changed on rescan
|
|
ifaces_by_name = {} # updated on every state change
|
|
|
|
def __init__(self, script_dir=DEFAULT_SCRIPT_DIR):
|
|
self.script_dir = script_dir
|
|
self._interface_scan()
|
|
|
|
def __repr__(self):
|
|
return '<Dispatcher(%r)>' % (self.__dict__,)
|
|
|
|
def _interface_scan(self):
|
|
iface_list = get_networkctl_list()
|
|
# Append new interfaces, keeping old ones around to avoid hotplug race
|
|
# condition (issue #20)
|
|
for i in iface_list:
|
|
if i not in self.iface_names_by_idx:
|
|
self.iface_names_by_idx[i.idx] = i.name
|
|
self.ifaces_by_name[i.name] = i
|
|
logger.debug('Performed interface scan; state: %r', self)
|
|
|
|
def register(self, bus=None):
|
|
"""Register this dispatcher to handle events from the given bus"""
|
|
if bus is None:
|
|
bus = dbus.SystemBus()
|
|
bus.add_signal_receiver(self._receive_signal,
|
|
bus_name='org.freedesktop.network1',
|
|
signal_name='PropertiesChanged',
|
|
path_keyword='path')
|
|
|
|
def trigger_all(self):
|
|
"""Immediately invoke all scripts for the last known (or initial)
|
|
states for each interface"""
|
|
logger.info('Triggering scripts for last-known state for all'
|
|
'interfaces')
|
|
for iface_name, iface in self.ifaces_by_name.items():
|
|
logger.debug('Running immediate triggers for %r', iface)
|
|
try:
|
|
self.handle_state(iface_name,
|
|
administrative_state=iface.administrative,
|
|
operational_state=iface.operational,
|
|
force=True)
|
|
except UnknownState as e:
|
|
logger.exception("Unknown state for interface %s: %s",
|
|
iface, str(e))
|
|
except Exception: # pylint: disable=broad-except
|
|
logger.exception("Error handling initial state for "
|
|
"interface %r", iface)
|
|
|
|
def get_scripts_list(self, state):
|
|
"""Return scripts for the given state"""
|
|
return scripts_in_path(self.script_dir, state + ".d")
|
|
|
|
def _handle_one_state(self, iface_name, state, state_type, force=False):
|
|
"""Process a single state change"""
|
|
try:
|
|
if state is None:
|
|
return
|
|
|
|
prior_iface = self.ifaces_by_name.get(iface_name)
|
|
if prior_iface is None:
|
|
logger.error('Attempting to handle state for unknown interface'
|
|
' %r', iface_name)
|
|
return
|
|
|
|
prior_state = getattr(prior_iface, state_type)
|
|
if force is False and state == prior_state:
|
|
logger.debug('No change represented by %s state %r for '
|
|
'interface %r', state_type, state, iface_name)
|
|
return
|
|
|
|
new_iface = prior_iface._replace(**{state_type: state})
|
|
self.ifaces_by_name[new_iface.name] = new_iface
|
|
|
|
self.run_hooks_for_state(new_iface, state)
|
|
# pylint: disable=broad-except
|
|
except Exception:
|
|
logger.exception('Error handling notification for interface %r '
|
|
'entering %s state %s', iface_name, state_type,
|
|
state)
|
|
|
|
def handle_state(self, iface_name, administrative_state=None,
|
|
operational_state=None, force=False):
|
|
if (administrative_state and
|
|
administrative_state.lower() not in ADMIN_STATES):
|
|
raise UnknownState(administrative_state)
|
|
if (operational_state and
|
|
operational_state.lower() not in OPER_STATES):
|
|
raise UnknownState(operational_state)
|
|
|
|
self._handle_one_state(iface_name, administrative_state,
|
|
'administrative', force=force)
|
|
self._handle_one_state(iface_name, operational_state, 'operational',
|
|
force=force)
|
|
|
|
def run_hooks_for_state(self, iface, state):
|
|
"""Run all hooks associated with a given state"""
|
|
# No actions to take? Do nothing.
|
|
script_list = self.get_scripts_list(state)
|
|
if not script_list:
|
|
logger.debug('Ignoring notification for interface %r entering '
|
|
'state %r: no triggers', iface, state)
|
|
return
|
|
|
|
# Collect data
|
|
data = get_interface_data(iface)
|
|
(v4addrs, v6addrs) = parse_address_strings(data.get('Address', ()))
|
|
|
|
# Set script env. variables
|
|
script_env = dict(os.environ)
|
|
script_env.update({
|
|
'ADDR': (data.get('Address', ['']) + [''])[0],
|
|
'ESSID': data.get('ESSID', ''),
|
|
'IP_ADDRS': ' '.join(v4addrs),
|
|
'IP6_ADDRS': ' '.join(v6addrs),
|
|
'IFACE': iface.name,
|
|
'STATE': str(state),
|
|
'AdministrativeState': data.get('AdministrativeState', ''),
|
|
'OperationalState': data.get('OperationalState', ''),
|
|
'json': json.dumps(data, sort_keys=True),
|
|
})
|
|
|
|
# run all valid scripts in the list
|
|
logger.debug('Running triggers for interface %r entering state %r '
|
|
'with environment %r', iface, state, script_env)
|
|
for script in script_list:
|
|
logger.info('Invoking %r for interface %s', script, iface.name)
|
|
ret = subprocess.Popen(script, env=script_env).wait()
|
|
if ret != 0:
|
|
logger.warning('Exit status %r from script %r invoked with '
|
|
'environment %r', ret, script, script_env)
|
|
|
|
def _receive_signal(self, typ, data, _, path):
|
|
logger.debug('Signal: typ=%r, data=%r, path=%r', typ, data, path)
|
|
if typ != 'org.freedesktop.network1.Link':
|
|
logger.debug('Ignoring signal received with unexpected typ %r',
|
|
typ)
|
|
return
|
|
if not path.startswith('/org/freedesktop/network1/link/_'):
|
|
logger.warning('Ignoring signal received with unexpected path %r',
|
|
path)
|
|
return
|
|
|
|
# Detect necessity of reloading map *before* filtering ignored states
|
|
# http://thread.gmane.org/gmane.comp.sysutils.systemd.devel/36460
|
|
idx = path[32:]
|
|
idx = int(chr(int(idx[:2], 16)) + idx[2:])
|
|
if idx not in self.iface_names_by_idx:
|
|
# Try to reload configuration if even an ignored message is seen
|
|
logger.warning('Unknown index %r seen, reloading interface list',
|
|
idx)
|
|
self._interface_scan()
|
|
|
|
try:
|
|
iface_name = self.iface_names_by_idx[idx]
|
|
except KeyError:
|
|
# Presumptive race condition: We reloaded, but the index is
|
|
# still invalid
|
|
logger.error('Unknown interface index %r seen even after reload',
|
|
idx)
|
|
return
|
|
|
|
operational_state = data.get('OperationalState', None)
|
|
administrative_state = data.get('AdministrativeState', None)
|
|
|
|
if ((operational_state is not None) or
|
|
(administrative_state is not None)):
|
|
try:
|
|
self.handle_state(iface_name,
|
|
administrative_state=str(administrative_state) # noqa
|
|
if administrative_state else None,
|
|
operational_state=str(operational_state)
|
|
if operational_state else None,)
|
|
except UnknownState as e:
|
|
logger.exception("Unknown state for interface %s: %s",
|
|
iface_name, str(e))
|
|
|
|
# Handle interfaces that have been removed
|
|
if administrative_state == 'linger':
|
|
try:
|
|
self.iface_names_by_idx.pop(idx)
|
|
self.ifaces_by_name.pop(iface_name)
|
|
except KeyError:
|
|
logger.error('Unable to remove interface at index %r.', idx)
|
|
|
|
|
|
def sd_notify(**kwargs):
|
|
"""Systemd sd_notify implementation for Python.
|
|
Note: kwargs should contain the state to send to systemd"""
|
|
if not kwargs:
|
|
logger.error("sd_notify called with no state specified!")
|
|
return -errno.EINVAL
|
|
sock = None
|
|
try:
|
|
# Turn state, a dictionary, into a properly formatted string where
|
|
# each 'key=val' combo in the dictionary is separated by a \n
|
|
state_str = '\n'.join(['{0}={1}'.format(key, val) for (key, val)
|
|
in kwargs.items()])
|
|
env = os.environ.get('NOTIFY_SOCKET', None)
|
|
if not env:
|
|
# Process was not invoked with systemd
|
|
return -errno.EINVAL
|
|
if env[0] not in ('/', '@'):
|
|
logger.warning("NOTIFY_SOCKET is set, but does not contain a "
|
|
"legitimate value")
|
|
return -errno.EINVAL
|
|
if env[0] == '@':
|
|
env = '\0' + env[1:]
|
|
sock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
|
|
if sock.sendto(bytearray(state_str, 'utf-8'), env) > 0:
|
|
return 1
|
|
# pylint: disable=broad-except
|
|
except Exception:
|
|
logger.exception("Ignoring unexpected error during sd_notify() "
|
|
"invocation")
|
|
|
|
if sock:
|
|
sock.close()
|
|
|
|
return 0
|
|
|
|
|
|
def parse_args(args):
|
|
"""Parses arguments from command line"""
|
|
ap = argparse.ArgumentParser(description='networkd dispatcher daemon')
|
|
ap.add_argument('-S', '--script-dir', action='store',
|
|
default=DEFAULT_SCRIPT_DIR,
|
|
help='Location under which to look for scripts [default: '
|
|
'%(default)s]')
|
|
ap.add_argument('-T', '--run-startup-triggers', action='store_true',
|
|
help='Generate events reflecting preexisting state and '
|
|
'behavior on startup [default: %(default)s]')
|
|
ap.add_argument('-v', '--verbose', action='count', default=0,
|
|
help='Increment verbosity level once per call')
|
|
ap.add_argument('-q', '--quiet', action='count', default=0,
|
|
help='Decrement verbosity level once per call')
|
|
return ap.parse_args(args)
|
|
|
|
|
|
def main():
|
|
args = parse_args(sys.argv[1:])
|
|
|
|
verbosity_num = (args.verbose - args.quiet)
|
|
if verbosity_num <= -2:
|
|
log_level = logging.CRITICAL
|
|
elif verbosity_num <= -1:
|
|
log_level = logging.ERROR
|
|
elif verbosity_num == 0:
|
|
log_level = logging.WARNING
|
|
elif verbosity_num == 1:
|
|
log_level = logging.INFO
|
|
else:
|
|
log_level = logging.DEBUG
|
|
logging.basicConfig(level=log_level, format=LOG_FORMAT)
|
|
|
|
dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
|
|
|
|
if NETWORKCTL is None:
|
|
logger.critical('Unable to find networkctl command; cannot continue')
|
|
sd_notify(ERRNO=errno.ENOENT)
|
|
sys.exit(1)
|
|
|
|
dispatcher = Dispatcher(script_dir=args.script_dir)
|
|
dispatcher.register()
|
|
|
|
# After configuring the receiver, run initial operations
|
|
if args.run_startup_triggers:
|
|
dispatcher.trigger_all()
|
|
|
|
# main loop
|
|
mainloop = glib.MainLoop()
|
|
# Signal to systemd that service is runnning
|
|
sd_notify(READY=1)
|
|
logger.info('Startup complete')
|
|
mainloop.run()
|
|
|
|
|
|
def init():
|
|
if __name__ == '__main__':
|
|
main()
|
|
|
|
|
|
init()
|
|
# vim: ai et sts=4 sw=4 ts=4
|