/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release
24.1.116 by Björn Påhlsson
added a mandos list client program
1
#!/usr/bin/python
237.2.3 by Teddy Hogeborn
Merge "mandos-list" from belorn.
2
# -*- mode: python; coding: utf-8 -*-
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
3
#
237.2.207 by Teddy Hogeborn
Update copyright year to "2010" wherever appropriate.
4
# Mandos Monitor - Control and monitor the Mandos server
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
5
#
237.7.517 by Teddy Hogeborn
Update copyright year to 2019
6
# Copyright © 2008-2019 Teddy Hogeborn
7
# Copyright © 2008-2019 Björn Påhlsson
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
8
#
237.7.455 by Teddy Hogeborn
Alter copyright notices slightly. Actual license is unchanged!
9
# This file is part of Mandos.
10
#
11
# Mandos is free software: you can redistribute it and/or modify it
12
# under the terms of the GNU General Public License as published by
237.2.207 by Teddy Hogeborn
Update copyright year to "2010" wherever appropriate.
13
# the Free Software Foundation, either version 3 of the License, or
14
# (at your option) any later version.
15
#
237.7.455 by Teddy Hogeborn
Alter copyright notices slightly. Actual license is unchanged!
16
#     Mandos is distributed in the hope that it will be useful, but
17
#     WITHOUT ANY WARRANTY; without even the implied warranty of
237.2.207 by Teddy Hogeborn
Update copyright year to "2010" wherever appropriate.
18
#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19
#     GNU General Public License for more details.
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
20
#
237.2.207 by Teddy Hogeborn
Update copyright year to "2010" wherever appropriate.
21
# You should have received a copy of the GNU General Public License
237.7.455 by Teddy Hogeborn
Alter copyright notices slightly. Actual license is unchanged!
22
# along with Mandos.  If not, see <http://www.gnu.org/licenses/>.
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
23
#
237.11.2 by Teddy Hogeborn
Change "fukt.bsnet.se" to "recompile.se" throughout.
24
# Contact the authors at <mandos@recompile.se>.
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
25
#
24.1.116 by Björn Påhlsson
added a mandos list client program
26
237.8.9 by teddy at bsnet
* mandos-ctl: Use print function.
27
from __future__ import (division, absolute_import, print_function,
28
                        unicode_literals)
237.8.8 by teddy at bsnet
* mandos-ctl: Use unicode string literals.
29
237.7.266 by Teddy Hogeborn
mandos-ctl: Make it work in Python 3.
30
try:
31
    from future_builtins import *
32
except ImportError:
33
    pass
237.7.127 by Teddy Hogeborn
* mandos: Use all new builtins.
34
24.1.119 by Björn Påhlsson
Added more method support for mandos clients through mandos-ctl
35
import sys
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
36
import argparse
237.2.3 by Teddy Hogeborn
Merge "mandos-list" from belorn.
37
import locale
24.1.121 by Björn Påhlsson
mandos-ctl: Added support for all client calls
38
import datetime
39
import re
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
40
import os
237.7.156 by Teddy Hogeborn
* Makefile (check): Also check mandos-ctl.
41
import collections
237.7.411 by Teddy Hogeborn
mandos-ctl: Implement --dump-json option
42
import json
237.7.156 by Teddy Hogeborn
* Makefile (check): Also check mandos-ctl.
43
44
import dbus
237.2.3 by Teddy Hogeborn
Merge "mandos-list" from belorn.
45
237.23.7 by Teddy Hogeborn
Use the .major attribute on sys.version_info instead of using "[0]".
46
if sys.version_info.major == 2:
237.7.266 by Teddy Hogeborn
mandos-ctl: Make it work in Python 3.
47
    str = unicode
48
237.8.8 by teddy at bsnet
* mandos-ctl: Use unicode string literals.
49
locale.setlocale(locale.LC_ALL, "")
24.1.116 by Björn Påhlsson
added a mandos list client program
50
51
tablewords = {
237.8.8 by teddy at bsnet
* mandos-ctl: Use unicode string literals.
52
    "Name": "Name",
53
    "Enabled": "Enabled",
54
    "Timeout": "Timeout",
55
    "LastCheckedOK": "Last Successful Check",
56
    "LastApprovalRequest": "Last Approval Request",
57
    "Created": "Created",
58
    "Interval": "Interval",
59
    "Host": "Host",
60
    "Fingerprint": "Fingerprint",
237.7.510 by Teddy Hogeborn
Add support for using raw public keys in TLS (RFC 7250)
61
    "KeyID": "Key ID",
237.8.8 by teddy at bsnet
* mandos-ctl: Use unicode string literals.
62
    "CheckerRunning": "Check Is Running",
63
    "LastEnabled": "Last Enabled",
64
    "ApprovalPending": "Approval Is Pending",
65
    "ApprovedByDefault": "Approved By Default",
66
    "ApprovalDelay": "Approval Delay",
67
    "ApprovalDuration": "Approval Duration",
68
    "Checker": "Checker",
237.7.413 by Teddy Hogeborn
mandos-ctl: Include "Expires" and "LastCheckerStatus" properties
69
    "ExtendedTimeout": "Extended Timeout",
70
    "Expires": "Expires",
71
    "LastCheckerStatus": "Last Checker Status",
237.7.293 by Teddy Hogeborn
mandos-ctl: Do minor formatting and whitespace adjustments.
72
}
237.8.8 by teddy at bsnet
* mandos-ctl: Use unicode string literals.
73
defaultkeywords = ("Name", "Enabled", "Timeout", "LastCheckedOK")
24.1.186 by Björn Påhlsson
transitional stuff actually working
74
domain = "se.recompile"
237.8.8 by teddy at bsnet
* mandos-ctl: Use unicode string literals.
75
busname = domain + ".Mandos"
76
server_path = "/"
77
server_interface = domain + ".Mandos"
78
client_interface = domain + ".Mandos.Client"
371 by Teddy Hogeborn
* Makefile (version): Change to 1.8.0.
79
version = "1.8.0"
24.1.118 by Björn Påhlsson
Added enable/disable
80
237.7.293 by Teddy Hogeborn
mandos-ctl: Do minor formatting and whitespace adjustments.
81
237.7.333 by Teddy Hogeborn
Support the standard org.freedesktop.DBus.ObjectManager interface.
82
try:
83
    dbus.OBJECT_MANAGER_IFACE
84
except AttributeError:
85
    dbus.OBJECT_MANAGER_IFACE = "org.freedesktop.DBus.ObjectManager"
86
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
87
24.1.121 by Björn Påhlsson
mandos-ctl: Added support for all client calls
88
def milliseconds_to_string(ms):
89
    td = datetime.timedelta(0, 0, 0, ms)
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
90
    return ("{days}{hours:02}:{minutes:02}:{seconds:02}"
91
            .format(days="{}T".format(td.days) if td.days else "",
92
                    hours=td.seconds // 3600,
93
                    minutes=(td.seconds % 3600) // 60,
94
                    seconds=td.seconds % 60))
24.1.121 by Björn Påhlsson
mandos-ctl: Added support for all client calls
95
237.7.156 by Teddy Hogeborn
* Makefile (check): Also check mandos-ctl.
96
97
def rfc3339_duration_to_delta(duration):
237.7.157 by Teddy Hogeborn
* clients.conf: Convert all time intervals to new RFC 3339 syntax.
98
    """Parse an RFC 3339 "duration" and return a datetime.timedelta
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
99
237.7.156 by Teddy Hogeborn
* Makefile (check): Also check mandos-ctl.
100
    >>> rfc3339_duration_to_delta("P7D")
101
    datetime.timedelta(7)
102
    >>> rfc3339_duration_to_delta("PT60S")
103
    datetime.timedelta(0, 60)
104
    >>> rfc3339_duration_to_delta("PT60M")
105
    datetime.timedelta(0, 3600)
106
    >>> rfc3339_duration_to_delta("PT24H")
107
    datetime.timedelta(1)
108
    >>> rfc3339_duration_to_delta("P1W")
109
    datetime.timedelta(7)
110
    >>> rfc3339_duration_to_delta("PT5M30S")
111
    datetime.timedelta(0, 330)
112
    >>> rfc3339_duration_to_delta("P1DT3M20S")
113
    datetime.timedelta(1, 200)
114
    """
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
115
237.7.157 by Teddy Hogeborn
* clients.conf: Convert all time intervals to new RFC 3339 syntax.
116
    # Parsing an RFC 3339 duration with regular expressions is not
237.7.156 by Teddy Hogeborn
* Makefile (check): Also check mandos-ctl.
117
    # possible - there would have to be multiple places for the same
237.7.157 by Teddy Hogeborn
* clients.conf: Convert all time intervals to new RFC 3339 syntax.
118
    # values, like seconds.  The current code, while more esoteric, is
119
    # cleaner without depending on a parsing library.  If Python had a
237.7.156 by Teddy Hogeborn
* Makefile (check): Also check mandos-ctl.
120
    # built-in library for parsing we would use it, but we'd like to
121
    # avoid excessive use of external libraries.
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
122
237.7.156 by Teddy Hogeborn
* Makefile (check): Also check mandos-ctl.
123
    # New type for defining tokens, syntax, and semantics all-in-one
237.7.301 by Teddy Hogeborn
mandos-ctl: Generate better messages in exceptions.
124
    Token = collections.namedtuple("Token", (
125
        "regexp",  # To match token; if "value" is not None, must have
126
                   # a "group" containing digits
127
        "value",   # datetime.timedelta or None
128
        "followers"))           # Tokens valid after this token
237.7.156 by Teddy Hogeborn
* Makefile (check): Also check mandos-ctl.
129
    # RFC 3339 "duration" tokens, syntax, and semantics; taken from
130
    # the "duration" ABNF definition in RFC 3339, Appendix A.
131
    token_end = Token(re.compile(r"$"), None, frozenset())
132
    token_second = Token(re.compile(r"(\d+)S"),
133
                         datetime.timedelta(seconds=1),
237.7.293 by Teddy Hogeborn
mandos-ctl: Do minor formatting and whitespace adjustments.
134
                         frozenset((token_end, )))
237.7.156 by Teddy Hogeborn
* Makefile (check): Also check mandos-ctl.
135
    token_minute = Token(re.compile(r"(\d+)M"),
136
                         datetime.timedelta(minutes=1),
137
                         frozenset((token_second, token_end)))
138
    token_hour = Token(re.compile(r"(\d+)H"),
139
                       datetime.timedelta(hours=1),
140
                       frozenset((token_minute, token_end)))
141
    token_time = Token(re.compile(r"T"),
142
                       None,
143
                       frozenset((token_hour, token_minute,
144
                                  token_second)))
145
    token_day = Token(re.compile(r"(\d+)D"),
146
                      datetime.timedelta(days=1),
147
                      frozenset((token_time, token_end)))
148
    token_month = Token(re.compile(r"(\d+)M"),
149
                        datetime.timedelta(weeks=4),
150
                        frozenset((token_day, token_end)))
151
    token_year = Token(re.compile(r"(\d+)Y"),
152
                       datetime.timedelta(weeks=52),
153
                       frozenset((token_month, token_end)))
154
    token_week = Token(re.compile(r"(\d+)W"),
155
                       datetime.timedelta(weeks=1),
237.7.293 by Teddy Hogeborn
mandos-ctl: Do minor formatting and whitespace adjustments.
156
                       frozenset((token_end, )))
237.7.156 by Teddy Hogeborn
* Makefile (check): Also check mandos-ctl.
157
    token_duration = Token(re.compile(r"P"), None,
158
                           frozenset((token_year, token_month,
159
                                      token_day, token_time,
237.7.269 by Teddy Hogeborn
Fix two mutually cancelling bugs.
160
                                      token_week)))
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
161
    # Define starting values:
162
    # Value so far
163
    value = datetime.timedelta()
237.7.156 by Teddy Hogeborn
* Makefile (check): Also check mandos-ctl.
164
    found_token = None
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
165
    # Following valid tokens
166
    followers = frozenset((token_duration, ))
167
    # String left to parse
168
    s = duration
237.7.156 by Teddy Hogeborn
* Makefile (check): Also check mandos-ctl.
169
    # Loop until end token is found
170
    while found_token is not token_end:
171
        # Search for any currently valid tokens
172
        for token in followers:
173
            match = token.regexp.match(s)
174
            if match is not None:
175
                # Token found
176
                if token.value is not None:
177
                    # Value found, parse digits
178
                    factor = int(match.group(1), 10)
179
                    # Add to value so far
180
                    value += factor * token.value
181
                # Strip token from string
182
                s = token.regexp.sub("", s, 1)
183
                # Go to found token
184
                found_token = token
185
                # Set valid next tokens
186
                followers = found_token.followers
187
                break
188
        else:
189
            # No currently valid tokens were found
237.7.301 by Teddy Hogeborn
mandos-ctl: Generate better messages in exceptions.
190
            raise ValueError("Invalid RFC 3339 duration: {!r}"
191
                             .format(duration))
237.7.156 by Teddy Hogeborn
* Makefile (check): Also check mandos-ctl.
192
    # End token found
193
    return value
194
195
24.1.121 by Björn Påhlsson
mandos-ctl: Added support for all client calls
196
def string_to_delta(interval):
197
    """Parse a string and return a datetime.timedelta
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
198
237.7.301 by Teddy Hogeborn
mandos-ctl: Generate better messages in exceptions.
199
    >>> string_to_delta('7d')
24.1.121 by Björn Påhlsson
mandos-ctl: Added support for all client calls
200
    datetime.timedelta(7)
237.7.301 by Teddy Hogeborn
mandos-ctl: Generate better messages in exceptions.
201
    >>> string_to_delta('60s')
24.1.121 by Björn Påhlsson
mandos-ctl: Added support for all client calls
202
    datetime.timedelta(0, 60)
237.7.301 by Teddy Hogeborn
mandos-ctl: Generate better messages in exceptions.
203
    >>> string_to_delta('60m')
24.1.121 by Björn Påhlsson
mandos-ctl: Added support for all client calls
204
    datetime.timedelta(0, 3600)
237.7.301 by Teddy Hogeborn
mandos-ctl: Generate better messages in exceptions.
205
    >>> string_to_delta('24h')
24.1.121 by Björn Påhlsson
mandos-ctl: Added support for all client calls
206
    datetime.timedelta(1)
237.7.301 by Teddy Hogeborn
mandos-ctl: Generate better messages in exceptions.
207
    >>> string_to_delta('1w')
24.1.121 by Björn Påhlsson
mandos-ctl: Added support for all client calls
208
    datetime.timedelta(7)
237.7.301 by Teddy Hogeborn
mandos-ctl: Generate better messages in exceptions.
209
    >>> string_to_delta('5m 30s')
24.1.121 by Björn Påhlsson
mandos-ctl: Added support for all client calls
210
    datetime.timedelta(0, 330)
211
    """
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
212
237.7.156 by Teddy Hogeborn
* Makefile (check): Also check mandos-ctl.
213
    try:
214
        return rfc3339_duration_to_delta(interval)
215
    except ValueError:
216
        pass
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
217
237.7.164 by Teddy Hogeborn
* mandos-ctl (string_to_delta): Try to parse RFC 3339 duration before
218
    value = datetime.timedelta(0)
219
    regexp = re.compile(r"(\d+)([dsmhw]?)")
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
220
237.14.9 by Teddy Hogeborn
* mandos (ClientDBus.approval_delay, ClientDBus.approval_duration,
221
    for num, suffix in regexp.findall(interval):
222
        if suffix == "d":
223
            value += datetime.timedelta(int(num))
224
        elif suffix == "s":
225
            value += datetime.timedelta(0, int(num))
226
        elif suffix == "m":
227
            value += datetime.timedelta(0, 0, 0, 0, int(num))
228
        elif suffix == "h":
229
            value += datetime.timedelta(0, 0, 0, 0, 0, int(num))
230
        elif suffix == "w":
231
            value += datetime.timedelta(0, 0, 0, 0, 0, 0, int(num))
232
        elif suffix == "":
233
            value += datetime.timedelta(0, 0, 0, int(num))
234
    return value
24.1.121 by Björn Påhlsson
mandos-ctl: Added support for all client calls
235
237.7.293 by Teddy Hogeborn
mandos-ctl: Do minor formatting and whitespace adjustments.
236
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
237
def print_clients(clients, keywords):
24.1.121 by Björn Påhlsson
mandos-ctl: Added support for all client calls
238
    def valuetostring(value, keyword):
239
        if type(value) is dbus.Boolean:
237.8.8 by teddy at bsnet
* mandos-ctl: Use unicode string literals.
240
            return "Yes" if value else "No"
241
        if keyword in ("Timeout", "Interval", "ApprovalDelay",
237.7.119 by Teddy Hogeborn
* mandos-ctl (print_clients): Bug fix: Don't show "Extended Timeout"
242
                       "ApprovalDuration", "ExtendedTimeout"):
24.1.121 by Björn Påhlsson
mandos-ctl: Added support for all client calls
243
            return milliseconds_to_string(value)
237.7.266 by Teddy Hogeborn
mandos-ctl: Make it work in Python 3.
244
        return str(value)
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
245
237.2.145 by Teddy Hogeborn
* mandos-ctl: Made work again after D-Bus API changes.
246
    # Create format string to print table rows
237.7.117 by Teddy Hogeborn
* mandos-ctl: Use new string format method. Bug fix: --version now
247
    format_string = " ".join("{{{key}:{width}}}".format(
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
248
        width=max(len(tablewords[key]),
249
                  max(len(valuetostring(client[key], key))
250
                      for client in clients)),
251
        key=key)
237.7.293 by Teddy Hogeborn
mandos-ctl: Do minor formatting and whitespace adjustments.
252
                             for key in keywords)
237.2.145 by Teddy Hogeborn
* mandos-ctl: Made work again after D-Bus API changes.
253
    # Print header line
237.7.117 by Teddy Hogeborn
* mandos-ctl: Use new string format method. Bug fix: --version now
254
    print(format_string.format(**tablewords))
24.1.121 by Björn Påhlsson
mandos-ctl: Added support for all client calls
255
    for client in clients:
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
256
        print(format_string
257
              .format(**{key: valuetostring(client[key], key)
258
                         for key in keywords}))
237.7.293 by Teddy Hogeborn
mandos-ctl: Do minor formatting and whitespace adjustments.
259
237.2.201 by Teddy Hogeborn
* mandos (Client.runtime_expansions): New attribute containing the
260
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
261
def has_actions(options):
262
    return any((options.enable,
263
                options.disable,
264
                options.bump_timeout,
265
                options.start_checker,
266
                options.stop_checker,
267
                options.is_enabled,
268
                options.remove,
269
                options.checker is not None,
270
                options.timeout is not None,
24.1.179 by Björn Påhlsson
New feature:
271
                options.extended_timeout is not None,
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
272
                options.interval is not None,
237.2.204 by Teddy Hogeborn
* mandos (ClientDBus.__init__): Bug fix: Translate "-" in client names
273
                options.approved_by_default is not None,
274
                options.approval_delay is not None,
275
                options.approval_duration is not None,
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
276
                options.host is not None,
277
                options.secret is not None,
278
                options.approve,
279
                options.deny))
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
280
237.7.293 by Teddy Hogeborn
mandos-ctl: Do minor formatting and whitespace adjustments.
281
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
282
def main():
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
283
    parser = argparse.ArgumentParser()
284
    parser.add_argument("--version", action="version",
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
285
                        version="%(prog)s {}".format(version),
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
286
                        help="show version number and exit")
287
    parser.add_argument("-a", "--all", action="store_true",
288
                        help="Select all clients")
289
    parser.add_argument("-v", "--verbose", action="store_true",
290
                        help="Print all fields")
237.7.411 by Teddy Hogeborn
mandos-ctl: Implement --dump-json option
291
    parser.add_argument("-j", "--dump-json", action="store_true",
292
                        help="Dump client data in JSON format")
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
293
    parser.add_argument("-e", "--enable", action="store_true",
294
                        help="Enable client")
295
    parser.add_argument("-d", "--disable", action="store_true",
296
                        help="disable client")
297
    parser.add_argument("-b", "--bump-timeout", action="store_true",
298
                        help="Bump timeout for client")
299
    parser.add_argument("--start-checker", action="store_true",
300
                        help="Start checker for client")
301
    parser.add_argument("--stop-checker", action="store_true",
302
                        help="Stop checker for client")
303
    parser.add_argument("-V", "--is-enabled", action="store_true",
304
                        help="Check if client is enabled")
305
    parser.add_argument("-r", "--remove", action="store_true",
306
                        help="Remove client")
307
    parser.add_argument("-c", "--checker",
308
                        help="Set checker command for client")
309
    parser.add_argument("-t", "--timeout",
310
                        help="Set timeout for client")
24.1.179 by Björn Påhlsson
New feature:
311
    parser.add_argument("--extended-timeout",
312
                        help="Set extended timeout for client")
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
313
    parser.add_argument("-i", "--interval",
314
                        help="Set checker interval for client")
315
    parser.add_argument("--approve-by-default", action="store_true",
316
                        default=None, dest="approved_by_default",
317
                        help="Set client to be approved by default")
318
    parser.add_argument("--deny-by-default", action="store_false",
319
                        dest="approved_by_default",
320
                        help="Set client to be denied by default")
321
    parser.add_argument("--approval-delay",
322
                        help="Set delay before client approve/deny")
323
    parser.add_argument("--approval-duration",
324
                        help="Set duration of one client approval")
325
    parser.add_argument("-H", "--host", help="Set host for client")
237.7.266 by Teddy Hogeborn
mandos-ctl: Make it work in Python 3.
326
    parser.add_argument("-s", "--secret",
327
                        type=argparse.FileType(mode="rb"),
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
328
                        help="Set password blob (file) for client")
329
    parser.add_argument("-A", "--approve", action="store_true",
330
                        help="Approve any current client request")
331
    parser.add_argument("-D", "--deny", action="store_true",
332
                        help="Deny any current client request")
237.7.156 by Teddy Hogeborn
* Makefile (check): Also check mandos-ctl.
333
    parser.add_argument("--check", action="store_true",
334
                        help="Run self-test")
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
335
    parser.add_argument("client", nargs="*", help="Client name")
336
    options = parser.parse_args()
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
337
237.7.120 by Teddy Hogeborn
* mandos-ctl: Break long lines.
338
    if has_actions(options) and not (options.client or options.all):
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
339
        parser.error("Options require clients names or --all.")
340
    if options.verbose and has_actions(options):
237.7.411 by Teddy Hogeborn
mandos-ctl: Implement --dump-json option
341
        parser.error("--verbose can only be used alone.")
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
342
    if options.dump_json and (options.verbose
343
                              or has_actions(options)):
237.7.411 by Teddy Hogeborn
mandos-ctl: Implement --dump-json option
344
        parser.error("--dump-json can only be used alone.")
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
345
    if options.all and not has_actions(options):
346
        parser.error("--all requires an action.")
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
347
237.7.156 by Teddy Hogeborn
* Makefile (check): Also check mandos-ctl.
348
    if options.check:
237.7.450 by Teddy Hogeborn
Don't import doctest module in mandos-ctl unless running tests.
349
        import doctest
237.7.156 by Teddy Hogeborn
* Makefile (check): Also check mandos-ctl.
350
        fail_count, test_count = doctest.testmod()
237.7.202 by Teddy Hogeborn
Fix running of self-tests.
351
        sys.exit(os.EX_OK if fail_count == 0 else 1)
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
352
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
353
    try:
354
        bus = dbus.SystemBus()
355
        mandos_dbus_objc = bus.get_object(busname, server_path)
356
    except dbus.exceptions.DBusException:
237.7.293 by Teddy Hogeborn
mandos-ctl: Do minor formatting and whitespace adjustments.
357
        print("Could not connect to Mandos server", file=sys.stderr)
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
358
        sys.exit(1)
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
359
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
360
    mandos_serv = dbus.Interface(mandos_dbus_objc,
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
361
                                 dbus_interface=server_interface)
237.7.333 by Teddy Hogeborn
Support the standard org.freedesktop.DBus.ObjectManager interface.
362
    mandos_serv_object_manager = dbus.Interface(
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
363
        mandos_dbus_objc, dbus_interface=dbus.OBJECT_MANAGER_IFACE)
364
365
    # block stderr since dbus library prints to stderr
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
366
    null = os.open(os.path.devnull, os.O_RDWR)
367
    stderrcopy = os.dup(sys.stderr.fileno())
368
    os.dup2(null, sys.stderr.fileno())
369
    os.close(null)
370
    try:
371
        try:
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
372
            mandos_clients = {path: ifs_and_props[client_interface]
373
                              for path, ifs_and_props in
374
                              mandos_serv_object_manager
375
                              .GetManagedObjects().items()
376
                              if client_interface in ifs_and_props}
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
377
        finally:
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
378
            # restore stderr
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
379
            os.dup2(stderrcopy, sys.stderr.fileno())
380
            os.close(stderrcopy)
237.7.333 by Teddy Hogeborn
Support the standard org.freedesktop.DBus.ObjectManager interface.
381
    except dbus.exceptions.DBusException as e:
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
382
        print("Access denied: "
383
              "Accessing mandos server through D-Bus: {}".format(e),
384
              file=sys.stderr)
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
385
        sys.exit(1)
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
386
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
387
    # Compile dict of (clients: properties) to process
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
388
    clients = {}
389
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
390
    if options.all or not options.client:
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
391
        clients = {bus.get_object(busname, path): properties
392
                   for path, properties in mandos_clients.items()}
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
393
    else:
394
        for name in options.client:
237.23.4 by Teddy Hogeborn
Use the .items() method instead of .iteritems().
395
            for path, client in mandos_clients.items():
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
396
                if client["Name"] == name:
397
                    client_objc = bus.get_object(busname, path)
398
                    clients[client_objc] = client
399
                    break
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
400
            else:
237.23.5 by Teddy Hogeborn
Use the new auto-numbered "{}" syntax for the .format() string method.
401
                print("Client not found on server: {!r}"
237.7.117 by Teddy Hogeborn
* mandos-ctl: Use new string format method. Bug fix: --version now
402
                      .format(name), file=sys.stderr)
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
403
                sys.exit(1)
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
404
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
405
    if not has_actions(options) and clients:
237.7.411 by Teddy Hogeborn
mandos-ctl: Implement --dump-json option
406
        if options.verbose or options.dump_json:
237.7.293 by Teddy Hogeborn
mandos-ctl: Do minor formatting and whitespace adjustments.
407
            keywords = ("Name", "Enabled", "Timeout", "LastCheckedOK",
237.7.510 by Teddy Hogeborn
Add support for using raw public keys in TLS (RFC 7250)
408
                        "Created", "Interval", "Host", "KeyID",
409
                        "Fingerprint", "CheckerRunning",
410
                        "LastEnabled", "ApprovalPending",
411
                        "ApprovedByDefault", "LastApprovalRequest",
412
                        "ApprovalDelay", "ApprovalDuration",
413
                        "Checker", "ExtendedTimeout", "Expires",
237.7.413 by Teddy Hogeborn
mandos-ctl: Include "Expires" and "LastCheckerStatus" properties
414
                        "LastCheckerStatus")
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
415
        else:
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
416
            keywords = defaultkeywords
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
417
237.7.411 by Teddy Hogeborn
mandos-ctl: Implement --dump-json option
418
        if options.dump_json:
237.7.412 by Teddy Hogeborn
mandos-ctl: Dump booleans as booleans in --dump-json output.
419
            json.dump({client["Name"]: {key:
420
                                        bool(client[key])
421
                                        if isinstance(client[key],
422
                                                      dbus.Boolean)
423
                                        else client[key]
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
424
                                        for key in keywords}
425
                       for client in clients.values()},
426
                      fp=sys.stdout, indent=4,
427
                      separators=(',', ': '))
237.7.411 by Teddy Hogeborn
mandos-ctl: Implement --dump-json option
428
            print()
429
        else:
430
            print_clients(clients.values(), keywords)
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
431
    else:
432
        # Process each client in the list by all selected options
433
        for client in clients:
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
434
237.20.2 by Teddy Hogeborn
* mandos-ctl (main): Use helper functions to shorten code.
435
            def set_client_prop(prop, value):
436
                """Set a Client D-Bus property"""
437
                client.Set(client_interface, prop, value,
438
                           dbus_interface=dbus.PROPERTIES_IFACE)
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
439
237.20.2 by Teddy Hogeborn
* mandos-ctl (main): Use helper functions to shorten code.
440
            def set_client_prop_ms(prop, value):
441
                """Set a Client D-Bus property, converted
442
                from a string to milliseconds."""
443
                set_client_prop(prop,
237.23.6 by Teddy Hogeborn
Use the new .total_seconds() method on datetime.timedelta objects.
444
                                string_to_delta(value).total_seconds()
445
                                * 1000)
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
446
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
447
            if options.remove:
448
                mandos_serv.RemoveClient(client.__dbus_object_path__)
449
            if options.enable:
237.20.2 by Teddy Hogeborn
* mandos-ctl (main): Use helper functions to shorten code.
450
                set_client_prop("Enabled", dbus.Boolean(True))
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
451
            if options.disable:
237.20.2 by Teddy Hogeborn
* mandos-ctl (main): Use helper functions to shorten code.
452
                set_client_prop("Enabled", dbus.Boolean(False))
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
453
            if options.bump_timeout:
237.20.2 by Teddy Hogeborn
* mandos-ctl (main): Use helper functions to shorten code.
454
                set_client_prop("LastCheckedOK", "")
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
455
            if options.start_checker:
237.20.2 by Teddy Hogeborn
* mandos-ctl (main): Use helper functions to shorten code.
456
                set_client_prop("CheckerRunning", dbus.Boolean(True))
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
457
            if options.stop_checker:
237.20.2 by Teddy Hogeborn
* mandos-ctl (main): Use helper functions to shorten code.
458
                set_client_prop("CheckerRunning", dbus.Boolean(False))
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
459
            if options.is_enabled:
237.7.420 by Teddy Hogeborn
PEP8 compliance: mandos-ctl
460
                if client.Get(client_interface, "Enabled",
461
                              dbus_interface=dbus.PROPERTIES_IFACE):
462
                    sys.exit(0)
463
                else:
464
                    sys.exit(1)
237.11.16 by Teddy Hogeborn
* mandos-ctl (main): Bug fix: Handle empty strings correctly.
465
            if options.checker is not None:
237.20.2 by Teddy Hogeborn
* mandos-ctl (main): Use helper functions to shorten code.
466
                set_client_prop("Checker", options.checker)
237.11.16 by Teddy Hogeborn
* mandos-ctl (main): Bug fix: Handle empty strings correctly.
467
            if options.host is not None:
237.20.2 by Teddy Hogeborn
* mandos-ctl (main): Use helper functions to shorten code.
468
                set_client_prop("Host", options.host)
237.11.16 by Teddy Hogeborn
* mandos-ctl (main): Bug fix: Handle empty strings correctly.
469
            if options.interval is not None:
237.20.2 by Teddy Hogeborn
* mandos-ctl (main): Use helper functions to shorten code.
470
                set_client_prop_ms("Interval", options.interval)
237.11.16 by Teddy Hogeborn
* mandos-ctl (main): Bug fix: Handle empty strings correctly.
471
            if options.approval_delay is not None:
237.20.2 by Teddy Hogeborn
* mandos-ctl (main): Use helper functions to shorten code.
472
                set_client_prop_ms("ApprovalDelay",
473
                                   options.approval_delay)
237.11.16 by Teddy Hogeborn
* mandos-ctl (main): Bug fix: Handle empty strings correctly.
474
            if options.approval_duration is not None:
237.20.2 by Teddy Hogeborn
* mandos-ctl (main): Use helper functions to shorten code.
475
                set_client_prop_ms("ApprovalDuration",
476
                                   options.approval_duration)
237.11.16 by Teddy Hogeborn
* mandos-ctl (main): Bug fix: Handle empty strings correctly.
477
            if options.timeout is not None:
237.20.2 by Teddy Hogeborn
* mandos-ctl (main): Use helper functions to shorten code.
478
                set_client_prop_ms("Timeout", options.timeout)
237.11.16 by Teddy Hogeborn
* mandos-ctl (main): Bug fix: Handle empty strings correctly.
479
            if options.extended_timeout is not None:
237.20.2 by Teddy Hogeborn
* mandos-ctl (main): Use helper functions to shorten code.
480
                set_client_prop_ms("ExtendedTimeout",
481
                                   options.extended_timeout)
237.11.16 by Teddy Hogeborn
* mandos-ctl (main): Bug fix: Handle empty strings correctly.
482
            if options.secret is not None:
237.20.2 by Teddy Hogeborn
* mandos-ctl (main): Use helper functions to shorten code.
483
                set_client_prop("Secret",
484
                                dbus.ByteArray(options.secret.read()))
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
485
            if options.approved_by_default is not None:
237.20.2 by Teddy Hogeborn
* mandos-ctl (main): Use helper functions to shorten code.
486
                set_client_prop("ApprovedByDefault",
487
                                dbus.Boolean(options
488
                                             .approved_by_default))
237.7.23 by teddy at bsnet
* mandos-ctl: Use the new argparse library instead of optparse.
489
            if options.approve:
490
                client.Approve(dbus.Boolean(True),
491
                               dbus_interface=client_interface)
492
            elif options.deny:
493
                client.Approve(dbus.Boolean(False),
494
                               dbus_interface=client_interface)
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
495
237.7.293 by Teddy Hogeborn
mandos-ctl: Do minor formatting and whitespace adjustments.
496
237.8.8 by teddy at bsnet
* mandos-ctl: Use unicode string literals.
497
if __name__ == "__main__":
24.1.163 by Björn Påhlsson
mandos-client: Added never ending loop for --connect
498
    main()