File: //usr/bin/networkd-dispatcher
#! /usr/bin/python3
# networkd-dispatcher
#   Dispatcher service for systemd-networkd
# Copyright(c) 2016 by wave++ "Yuri D'Elia" <wavexx@thregr.org>
# Distributed under GPLv3+ (see COPYING) WITHOUT ANY WARRANTY.
# Copyright(c) 2018-2020 by craftyguy "Clayton Craft" <clayton@craftyguy.net>
# Distributed under GPLv3+ (see COPYING) WITHOUT ANY WARRANTY.
from __future__ import print_function, division, generators, unicode_literals
import argparse
import collections
import errno
import json
import logging
import os
import pathlib
import re
import socket
import subprocess
import sys
# Try to import the dynamic glib, or try to fall back to static
try:
    from gi.repository import GLib as glib  # pragma: no cover
except ImportError:                         # pragma: no cover
    import glib                             # pragma: no cover
import dbus
import dbus.mainloop.glib
logger = logging.getLogger('networkd-dispatcher')
# Detect up-front which commands we use exist
def resolve_path(cmdname):
    for dirname in os.environ['PATH'].split(':'):
        path = os.path.join(dirname, cmdname)
        if os.path.exists(path):
            return path
    logger.warning('No valid path found for %s', cmdname)
    return None
# Constants
NETWORKCTL = resolve_path('networkctl')
DEFAULT_SCRIPT_DIR = '/etc/networkd-dispatcher:/usr/lib/networkd-dispatcher'
# Supported wireless tools
IWCONFIG = resolve_path('iwconfig')
IW = resolve_path('iw')
LOG_FORMAT = '%(levelname)s:%(message)s'
SINGLETONS = {'Type', 'ESSID', 'OperationalState'}
# taken from https://www.freedesktop.org/software/systemd/man/networkctl.html
ADMIN_STATES = ['configured', 'configuring', 'failed', 'pending', 'unmanaged',
                'linger', 'initialized']
OPER_STATES = ['carrier', 'degraded', 'degraded-carrier', 'dormant',
               'enslaved', 'missing', 'no-carrier', 'off', 'routable']
AddressList = collections.namedtuple('AddressList', ['ipv4', 'ipv6'])
NetworkctlListState = collections.namedtuple('NetworkctlListState',
                                             ['idx', 'name', 'type',
                                              'operational', 'administrative'])
class UnknownState(Exception):
    pass
def unquote(buf, char='\\'):
    """Remove escape characters from iwconfig ESSID output"""
    idx = 0
    while True:
        idx = buf.find(char, idx)
        if idx < 0:
            break
        buf = buf[:idx] + buf[idx+1:]
        idx += 1
    return buf
def get_networkctl_list():
    """Update the mapping from interface index numbers to state"""
    try:
        out = subprocess.check_output([NETWORKCTL, 'list', '--no-pager',
                                       '--no-legend'])
    except subprocess.CalledProcessError as e:
        logger.error('networkctl list failed: %s', e)
        return []
    result = []
    for line in out.split(b'\n')[:-1]:
        fields = line.decode('utf-8', errors='replace').split()
        idx_s = fields.pop(0)
        result.append(NetworkctlListState(int(idx_s), *fields))
    return result
def get_networkctl_status(iface_name):
    """Return a dictionary mapping keys to lists (or strings if
    in SINGLETONS)"""
    data = collections.defaultdict(list)
    try:
        out = subprocess.check_output([NETWORKCTL, 'status', '--no-pager',
                                       '--no-legend', '--', iface_name])
    except subprocess.CalledProcessError as e:
        logger.error('Failed to get interface "%s" status: %s', iface_name, e)
        return data
    out = out.decode('utf-8', errors='replace')
    oldk = None
    for line in out.split('\n')[1:-1]:
        kv = line.split(': ', 1)
        k = oldk if len(kv) == 1 else kv[0].strip()
        v = kv[-1].strip()
        if not v:
            continue
        # normalize some values that changed in v244 & v246
        if k == 'Address':
            v = re.sub(r' \(DHCP4.*\)$', '', v)
        oldk = k
        if k in SINGLETONS:
            data[k] = v
        else:
            data[k].append(v)
    return data
def get_wlan_essid(iface_name):
    """Given an interface name, return its ESSID"""
    if IWCONFIG is None:
        if IW is None:
            logger.error('Unable to retrieve ESSID for wireless interface %s: '
                         'no supported wireless tool installed', iface_name)
            return ''
        return iw_get_ssid(iface_name)
    return iwconfig_get_ssid(iface_name)
def iw_get_ssid(iface_name):
    out = subprocess.check_output([IW, iface_name, 'link'])
    lines = out.decode('utf-8', errors='replace').split('\n')
    line = [s for s in lines if 'SSID' in s]
    if not line:
        logger.warning('Unable to retrieve ESSID for wireless interface %s.',
                       iface_name)
        return ''
    essid = line[0].rsplit(" ")[1]
    return unquote(essid)
def iwconfig_get_ssid(iface_name):
    out = subprocess.check_output([IWCONFIG, '--', iface_name])
    line = out.split(b'\n')[0].decode('utf-8', errors='replace')
    essid = line[line.find('ESSID:')+7:-3]
    return unquote(essid)
def check_perms(path, mode=0o755, uid=0, gid=0):
    """ Check that the given file or dir @ path has the given mode set, and is
    owned by the given uid/gid. Symlinks are *not* followed. Raises
    FileNotFoundError if path doesn't exist."""
    if not os.path.exists(path):
        raise FileNotFoundError
    st = os.stat(path, follow_symlinks=False)
    st_mode = st.st_mode & 0x00FFF
    if st.st_uid == uid and st.st_gid == gid and st_mode == mode:
        return True
    logger.error("invalid permissions on %s. expected mode=%s, uid=%d, "
                 "gid=%d; got mode=%s, uid=%d, gid=%d", path, oct(mode), uid,
                 gid, oct(st_mode), st.st_uid, st.st_gid)
    return False
def scripts_in_path(path, subdir):
    """Given directory names in PATH notation (separated by :), and a
    subdirectory name, return a sorted list of executables
    contained in that subdirectory, such that executables in earlier
    path components override those with the same name in later path
    components."""
    script_list = []
    base_filenames = set()
    for one_path in path.split(":"):
        one_path = os.path.join(one_path, subdir)
        if not os.path.exists(one_path):
            logger.debug("Path %r does not exist; skipping", one_path)
            continue
        base_filenames.update(os.listdir(one_path))
    for filename in sorted(base_filenames):
        for one_path in path.split(":"):
            pathname = os.path.join(one_path, subdir, filename)
            if os.path.isfile(pathname):
                try:
                    realpath = pathlib.Path(pathname).resolve()
                    # Make sure that the file's parent dir has the correct
                    # perms, without following any symlinks
                    if not check_perms(os.path.dirname(pathname),
                                       0o755, 0, 0):
                        continue
                    # Make sure file has correct perms, after following any
                    # symlink(s)
                    if not check_perms(realpath, 0o755, 0, 0):
                        continue
                except FileNotFoundError:
                    continue
                script_list.append(pathname)
                break
    return script_list
def parse_address_strings(addrs):
    """Given a list of addresses, discard uninteresting ones, and sort the rest
    into IPv4 vs IPv6"""
    ip4addrs = []
    ip6addrs = []
    for addr in addrs:
        if addr.startswith('127.') or \
           addr.startswith('fe80:'):
            continue
        if ':' in addr:
            ip6addrs.append(addr)
        elif '.' in addr:
            ip4addrs.append(addr)
    return AddressList(ip4addrs, ip6addrs)
def get_interface_data(iface):
    """Return JSON-serializable data representing all state needed to run
    hooks for the given interface"""
    data = {'Type': iface.type, 'OperationalState': iface.operational,
            'AdministrativeState': iface.administrative,
            "InterfaceName": iface.name}
    # Always collect what data we can.
    data.update(get_networkctl_status(iface.name))
    # The returned state may be different than what was read from
    # 'networkctl list', so construct state based on th iface data.
    # See Issue #24.
    data['State'] = (data.get('OperationalState', '') + " (" +
                     data.get('AdministrativeState', '') + ")")
    if data.get('Type') == 'wlan':
        data['ESSID'] = get_wlan_essid(iface.name)
    return data
class Dispatcher():
    iface_names_by_idx = {}    # only changed on rescan
    ifaces_by_name = {}        # updated on every state change
    def __init__(self, script_dir=DEFAULT_SCRIPT_DIR):
        self.script_dir = script_dir
        self._interface_scan()
    def __repr__(self):
        return '<Dispatcher(%r)>' % (self.__dict__,)
    def _interface_scan(self):
        iface_list = get_networkctl_list()
        # Append new interfaces, keeping old ones around to avoid hotplug race
        # condition (issue #20)
        for i in iface_list:
            if i not in self.iface_names_by_idx:
                self.iface_names_by_idx[i.idx] = i.name
                self.ifaces_by_name[i.name] = i
        logger.debug('Performed interface scan; state: %r', self)
    def register(self, bus=None):
        """Register this dispatcher to handle events from the given bus"""
        if bus is None:
            bus = dbus.SystemBus()
        bus.add_signal_receiver(self._receive_signal,
                                bus_name='org.freedesktop.network1',
                                signal_name='PropertiesChanged',
                                path_keyword='path')
    def trigger_all(self):
        """Immediately invoke all scripts for the last known (or initial)
        states for each interface"""
        logger.info('Triggering scripts for last-known state for all'
                    'interfaces')
        for iface_name, iface in self.ifaces_by_name.items():
            logger.debug('Running immediate triggers for %r', iface)
            try:
                self.handle_state(iface_name,
                                  administrative_state=iface.administrative,
                                  operational_state=iface.operational,
                                  force=True)
            except UnknownState as e:
                logger.exception("Unknown state for interface %s: %s",
                                 iface, str(e))
            except Exception:  # pylint: disable=broad-except
                logger.exception("Error handling initial state for "
                                 "interface %r", iface)
    def get_scripts_list(self, state):
        """Return scripts for the given state"""
        return scripts_in_path(self.script_dir, state + ".d")
    def _handle_one_state(self, iface_name, state, state_type, force=False):
        """Process a single state change"""
        try:
            if state is None:
                return
            prior_iface = self.ifaces_by_name.get(iface_name)
            if prior_iface is None:
                logger.error('Attempting to handle state for unknown interface'
                             ' %r', iface_name)
                return
            prior_state = getattr(prior_iface, state_type)
            if force is False and state == prior_state:
                logger.debug('No change represented by %s state %r for '
                             'interface %r', state_type, state, iface_name)
                return
            new_iface = prior_iface._replace(**{state_type: state})
            self.ifaces_by_name[new_iface.name] = new_iface
            self.run_hooks_for_state(new_iface, state)
        # pylint: disable=broad-except
        except Exception:
            logger.exception('Error handling notification for interface %r '
                             'entering %s state %s', iface_name, state_type,
                             state)
    def handle_state(self, iface_name, administrative_state=None,
                     operational_state=None, force=False):
        if (administrative_state and
                administrative_state.lower() not in ADMIN_STATES):
            raise UnknownState(administrative_state)
        if (operational_state and
                operational_state.lower() not in OPER_STATES):
            raise UnknownState(operational_state)
        self._handle_one_state(iface_name, administrative_state,
                               'administrative', force=force)
        self._handle_one_state(iface_name, operational_state, 'operational',
                               force=force)
    def run_hooks_for_state(self, iface, state):
        """Run all hooks associated with a given state"""
        # No actions to take? Do nothing.
        script_list = self.get_scripts_list(state)
        if not script_list:
            logger.debug('Ignoring notification for interface %r entering '
                         'state %r: no triggers', iface, state)
            return
        # Collect data
        data = get_interface_data(iface)
        (v4addrs, v6addrs) = parse_address_strings(data.get('Address', ()))
        # Set script env. variables
        script_env = dict(os.environ)
        script_env.update({
            'ADDR': (data.get('Address', ['']) + [''])[0],
            'ESSID': data.get('ESSID', ''),
            'IP_ADDRS': ' '.join(v4addrs),
            'IP6_ADDRS': ' '.join(v6addrs),
            'IFACE': iface.name,
            'STATE': str(state),
            'AdministrativeState': data.get('AdministrativeState', ''),
            'OperationalState': data.get('OperationalState', ''),
            'json': json.dumps(data, sort_keys=True),
        })
        # run all valid scripts in the list
        logger.debug('Running triggers for interface %r entering state %r '
                     'with environment %r', iface, state, script_env)
        for script in script_list:
            logger.info('Invoking %r for interface %s', script, iface.name)
            ret = subprocess.Popen(script, env=script_env).wait()
            if ret != 0:
                logger.warning('Exit status %r from script %r invoked with '
                               'environment %r', ret, script, script_env)
    def _receive_signal(self, typ, data, _, path):
        logger.debug('Signal: typ=%r, data=%r, path=%r', typ, data, path)
        if typ != 'org.freedesktop.network1.Link':
            logger.debug('Ignoring signal received with unexpected typ %r',
                         typ)
            return
        if not path.startswith('/org/freedesktop/network1/link/_'):
            logger.warning('Ignoring signal received with unexpected path %r',
                           path)
            return
        # Detect necessity of reloading map *before* filtering ignored states
        # http://thread.gmane.org/gmane.comp.sysutils.systemd.devel/36460
        idx = path[32:]
        idx = int(chr(int(idx[:2], 16)) + idx[2:])
        if idx not in self.iface_names_by_idx:
            # Try to reload configuration if even an ignored message is seen
            logger.warning('Unknown index %r seen, reloading interface list',
                           idx)
            self._interface_scan()
        try:
            iface_name = self.iface_names_by_idx[idx]
        except KeyError:
            # Presumptive race condition: We reloaded, but the index is
            # still invalid
            logger.error('Unknown interface index %r seen even after reload',
                         idx)
            return
        operational_state = data.get('OperationalState', None)
        administrative_state = data.get('AdministrativeState', None)
        if ((operational_state is not None) or
                (administrative_state is not None)):
            try:
                self.handle_state(iface_name,
                                  administrative_state=str(administrative_state)  # noqa
                                  if administrative_state else None,
                                  operational_state=str(operational_state)
                                  if operational_state else None,)
            except UnknownState as e:
                logger.exception("Unknown state for interface %s: %s",
                                 iface_name, str(e))
        # Handle interfaces that have been removed
        if administrative_state == 'linger':
            try:
                self.iface_names_by_idx.pop(idx)
                self.ifaces_by_name.pop(iface_name)
            except KeyError:
                logger.error('Unable to remove interface at index %r.', idx)
def sd_notify(**kwargs):
    """Systemd sd_notify implementation for Python.
    Note: kwargs should contain the state to send to systemd"""
    if not kwargs:
        logger.error("sd_notify called with no state specified!")
        return -errno.EINVAL
    sock = None
    try:
        # Turn state, a dictionary, into a properly formatted string where
        # each 'key=val' combo in the dictionary is separated by a \n
        state_str = '\n'.join(['{0}={1}'.format(key, val) for (key, val)
                               in kwargs.items()])
        env = os.environ.get('NOTIFY_SOCKET', None)
        if not env:
            # Process was not invoked with systemd
            return -errno.EINVAL
        if env[0] not in ('/', '@'):
            logger.warning("NOTIFY_SOCKET is set, but does not contain a "
                           "legitimate value")
            return -errno.EINVAL
        if env[0] == '@':
            env = '\0' + env[1:]
        sock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
        if sock.sendto(bytearray(state_str, 'utf-8'), env) > 0:
            return 1
    # pylint: disable=broad-except
    except Exception:
        logger.exception("Ignoring unexpected error during sd_notify() "
                         "invocation")
    if sock:
        sock.close()
    return 0
def parse_args(args):
    """Parses arguments from command line"""
    ap = argparse.ArgumentParser(description='networkd dispatcher daemon')
    ap.add_argument('-S', '--script-dir', action='store',
                    default=DEFAULT_SCRIPT_DIR,
                    help='Location under which to look for scripts [default: '
                    '%(default)s]')
    ap.add_argument('-T', '--run-startup-triggers', action='store_true',
                    help='Generate events reflecting preexisting state and '
                    'behavior on startup [default: %(default)s]')
    ap.add_argument('-v', '--verbose', action='count', default=0,
                    help='Increment verbosity level once per call')
    ap.add_argument('-q', '--quiet', action='count', default=0,
                    help='Decrement verbosity level once per call')
    return ap.parse_args(args)
def main():
    args = parse_args(sys.argv[1:])
    verbosity_num = (args.verbose - args.quiet)
    if verbosity_num <= -2:
        log_level = logging.CRITICAL
    elif verbosity_num <= -1:
        log_level = logging.ERROR
    elif verbosity_num == 0:
        log_level = logging.WARNING
    elif verbosity_num == 1:
        log_level = logging.INFO
    else:
        log_level = logging.DEBUG
    logging.basicConfig(level=log_level, format=LOG_FORMAT)
    dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
    if NETWORKCTL is None:
        logger.critical('Unable to find networkctl command; cannot continue')
        sd_notify(ERRNO=errno.ENOENT)
        sys.exit(1)
    dispatcher = Dispatcher(script_dir=args.script_dir)
    dispatcher.register()
    # After configuring the receiver, run initial operations
    if args.run_startup_triggers:
        dispatcher.trigger_all()
    # main loop
    mainloop = glib.MainLoop()
    # Signal to systemd that service is runnning
    sd_notify(READY=1)
    logger.info('Startup complete')
    mainloop.run()
def init():
    if __name__ == '__main__':
        main()
init()
# vim: ai et sts=4 sw=4 ts=4