/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-ctl

  • Committer: Björn Påhlsson
  • Date: 2008-07-20 02:52:20 UTC
  • Revision ID: belorn@braxen-20080720025220-r5u0388uy9iu23h6
Added following support:
Pluginbased client handler
rewritten Mandos client
       Avahi instead of udp server discovery
       openpgp encrypted key support
Passprompt stand alone application for direct console input
Added logging for Mandos server

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
#!/usr/bin/python
2
 
# -*- mode: python; coding: utf-8 -*-
3
 
4
 
# Mandos Monitor - Control and monitor the Mandos server
5
 
6
 
# Copyright © 2008-2012 Teddy Hogeborn
7
 
# Copyright © 2008-2012 Björn Påhlsson
8
 
9
 
# This program is free software: you can redistribute it and/or modify
10
 
# it under the terms of the GNU General Public License as published by
11
 
# the Free Software Foundation, either version 3 of the License, or
12
 
# (at your option) any later version.
13
 
#
14
 
#     This program is distributed in the hope that it will be useful,
15
 
#     but WITHOUT ANY WARRANTY; without even the implied warranty of
16
 
#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17
 
#     GNU General Public License for more details.
18
 
19
 
# You should have received a copy of the GNU General Public License
20
 
# along with this program.  If not, see
21
 
# <http://www.gnu.org/licenses/>.
22
 
23
 
# Contact the authors at <mandos@recompile.se>.
24
 
25
 
 
26
 
from __future__ import (division, absolute_import, print_function,
27
 
                        unicode_literals)
28
 
 
29
 
from future_builtins import *
30
 
 
31
 
import sys
32
 
import dbus
33
 
import argparse
34
 
import locale
35
 
import datetime
36
 
import re
37
 
import os
38
 
 
39
 
locale.setlocale(locale.LC_ALL, "")
40
 
 
41
 
tablewords = {
42
 
    "Name": "Name",
43
 
    "Enabled": "Enabled",
44
 
    "Timeout": "Timeout",
45
 
    "LastCheckedOK": "Last Successful Check",
46
 
    "LastApprovalRequest": "Last Approval Request",
47
 
    "Created": "Created",
48
 
    "Interval": "Interval",
49
 
    "Host": "Host",
50
 
    "Fingerprint": "Fingerprint",
51
 
    "CheckerRunning": "Check Is Running",
52
 
    "LastEnabled": "Last Enabled",
53
 
    "ApprovalPending": "Approval Is Pending",
54
 
    "ApprovedByDefault": "Approved By Default",
55
 
    "ApprovalDelay": "Approval Delay",
56
 
    "ApprovalDuration": "Approval Duration",
57
 
    "Checker": "Checker",
58
 
    "ExtendedTimeout" : "Extended Timeout"
59
 
    }
60
 
defaultkeywords = ("Name", "Enabled", "Timeout", "LastCheckedOK")
61
 
domain = "se.recompile"
62
 
busname = domain + ".Mandos"
63
 
server_path = "/"
64
 
server_interface = domain + ".Mandos"
65
 
client_interface = domain + ".Mandos.Client"
66
 
version = "1.5.3"
67
 
 
68
 
def timedelta_to_milliseconds(td):
69
 
    """Convert a datetime.timedelta object to milliseconds"""
70
 
    return ((td.days * 24 * 60 * 60 * 1000)
71
 
            + (td.seconds * 1000)
72
 
            + (td.microseconds // 1000))
73
 
 
74
 
def milliseconds_to_string(ms):
75
 
    td = datetime.timedelta(0, 0, 0, ms)
76
 
    return ("{days}{hours:02}:{minutes:02}:{seconds:02}"
77
 
            .format(days = "{0}T".format(td.days) if td.days else "",
78
 
                    hours = td.seconds // 3600,
79
 
                    minutes = (td.seconds % 3600) // 60,
80
 
                    seconds = td.seconds % 60,
81
 
                    ))
82
 
 
83
 
def string_to_delta(interval):
84
 
    """Parse a string and return a datetime.timedelta
85
 
    
86
 
    >>> string_to_delta("7d")
87
 
    datetime.timedelta(7)
88
 
    >>> string_to_delta("60s")
89
 
    datetime.timedelta(0, 60)
90
 
    >>> string_to_delta("60m")
91
 
    datetime.timedelta(0, 3600)
92
 
    >>> string_to_delta("24h")
93
 
    datetime.timedelta(1)
94
 
    >>> string_to_delta("1w")
95
 
    datetime.timedelta(7)
96
 
    >>> string_to_delta("5m 30s")
97
 
    datetime.timedelta(0, 330)
98
 
    """
99
 
    value = datetime.timedelta(0)
100
 
    regexp = re.compile("(\d+)([dsmhw]?)")
101
 
    
102
 
    for num, suffix in regexp.findall(interval):
103
 
        if suffix == "d":
104
 
            value += datetime.timedelta(int(num))
105
 
        elif suffix == "s":
106
 
            value += datetime.timedelta(0, int(num))
107
 
        elif suffix == "m":
108
 
            value += datetime.timedelta(0, 0, 0, 0, int(num))
109
 
        elif suffix == "h":
110
 
            value += datetime.timedelta(0, 0, 0, 0, 0, int(num))
111
 
        elif suffix == "w":
112
 
            value += datetime.timedelta(0, 0, 0, 0, 0, 0, int(num))
113
 
        elif suffix == "":
114
 
            value += datetime.timedelta(0, 0, 0, int(num))
115
 
    return value
116
 
 
117
 
def print_clients(clients, keywords):
118
 
    def valuetostring(value, keyword):
119
 
        if type(value) is dbus.Boolean:
120
 
            return "Yes" if value else "No"
121
 
        if keyword in ("Timeout", "Interval", "ApprovalDelay",
122
 
                       "ApprovalDuration", "ExtendedTimeout"):
123
 
            return milliseconds_to_string(value)
124
 
        return unicode(value)
125
 
    
126
 
    # Create format string to print table rows
127
 
    format_string = " ".join("{{{key}:{width}}}".format(
128
 
            width = max(len(tablewords[key]),
129
 
                        max(len(valuetostring(client[key],
130
 
                                              key))
131
 
                            for client in
132
 
                            clients)),
133
 
            key = key) for key in keywords)
134
 
    # Print header line
135
 
    print(format_string.format(**tablewords))
136
 
    for client in clients:
137
 
        print(format_string.format(**dict((key,
138
 
                                           valuetostring(client[key],
139
 
                                                         key))
140
 
                                          for key in keywords)))
141
 
 
142
 
def has_actions(options):
143
 
    return any((options.enable,
144
 
                options.disable,
145
 
                options.bump_timeout,
146
 
                options.start_checker,
147
 
                options.stop_checker,
148
 
                options.is_enabled,
149
 
                options.remove,
150
 
                options.checker is not None,
151
 
                options.timeout is not None,
152
 
                options.extended_timeout is not None,
153
 
                options.interval is not None,
154
 
                options.approved_by_default is not None,
155
 
                options.approval_delay is not None,
156
 
                options.approval_duration is not None,
157
 
                options.host is not None,
158
 
                options.secret is not None,
159
 
                options.approve,
160
 
                options.deny))
161
 
 
162
 
def main():
163
 
    parser = argparse.ArgumentParser()
164
 
    parser.add_argument("--version", action="version",
165
 
                        version = "%(prog)s {0}".format(version),
166
 
                        help="show version number and exit")
167
 
    parser.add_argument("-a", "--all", action="store_true",
168
 
                        help="Select all clients")
169
 
    parser.add_argument("-v", "--verbose", action="store_true",
170
 
                        help="Print all fields")
171
 
    parser.add_argument("-e", "--enable", action="store_true",
172
 
                        help="Enable client")
173
 
    parser.add_argument("-d", "--disable", action="store_true",
174
 
                        help="disable client")
175
 
    parser.add_argument("-b", "--bump-timeout", action="store_true",
176
 
                        help="Bump timeout for client")
177
 
    parser.add_argument("--start-checker", action="store_true",
178
 
                        help="Start checker for client")
179
 
    parser.add_argument("--stop-checker", action="store_true",
180
 
                        help="Stop checker for client")
181
 
    parser.add_argument("-V", "--is-enabled", action="store_true",
182
 
                        help="Check if client is enabled")
183
 
    parser.add_argument("-r", "--remove", action="store_true",
184
 
                        help="Remove client")
185
 
    parser.add_argument("-c", "--checker",
186
 
                        help="Set checker command for client")
187
 
    parser.add_argument("-t", "--timeout",
188
 
                        help="Set timeout for client")
189
 
    parser.add_argument("--extended-timeout",
190
 
                        help="Set extended timeout for client")
191
 
    parser.add_argument("-i", "--interval",
192
 
                        help="Set checker interval for client")
193
 
    parser.add_argument("--approve-by-default", action="store_true",
194
 
                        default=None, dest="approved_by_default",
195
 
                        help="Set client to be approved by default")
196
 
    parser.add_argument("--deny-by-default", action="store_false",
197
 
                        dest="approved_by_default",
198
 
                        help="Set client to be denied by default")
199
 
    parser.add_argument("--approval-delay",
200
 
                        help="Set delay before client approve/deny")
201
 
    parser.add_argument("--approval-duration",
202
 
                        help="Set duration of one client approval")
203
 
    parser.add_argument("-H", "--host", help="Set host for client")
204
 
    parser.add_argument("-s", "--secret", type=file,
205
 
                        help="Set password blob (file) for client")
206
 
    parser.add_argument("-A", "--approve", action="store_true",
207
 
                        help="Approve any current client request")
208
 
    parser.add_argument("-D", "--deny", action="store_true",
209
 
                        help="Deny any current client request")
210
 
    parser.add_argument("client", nargs="*", help="Client name")
211
 
    options = parser.parse_args()
212
 
    
213
 
    if has_actions(options) and not (options.client or options.all):
214
 
        parser.error("Options require clients names or --all.")
215
 
    if options.verbose and has_actions(options):
216
 
        parser.error("--verbose can only be used alone or with"
217
 
                     " --all.")
218
 
    if options.all and not has_actions(options):
219
 
        parser.error("--all requires an action.")
220
 
    
221
 
    try:
222
 
        bus = dbus.SystemBus()
223
 
        mandos_dbus_objc = bus.get_object(busname, server_path)
224
 
    except dbus.exceptions.DBusException:
225
 
        print("Could not connect to Mandos server",
226
 
              file=sys.stderr)
227
 
        sys.exit(1)
228
 
    
229
 
    mandos_serv = dbus.Interface(mandos_dbus_objc,
230
 
                                 dbus_interface = server_interface)
231
 
    
232
 
    #block stderr since dbus library prints to stderr
233
 
    null = os.open(os.path.devnull, os.O_RDWR)
234
 
    stderrcopy = os.dup(sys.stderr.fileno())
235
 
    os.dup2(null, sys.stderr.fileno())
236
 
    os.close(null)
237
 
    try:
238
 
        try:
239
 
            mandos_clients = mandos_serv.GetAllClientsWithProperties()
240
 
        finally:
241
 
            #restore stderr
242
 
            os.dup2(stderrcopy, sys.stderr.fileno())
243
 
            os.close(stderrcopy)
244
 
    except dbus.exceptions.DBusException:
245
 
        print("Access denied: Accessing mandos server through dbus.",
246
 
              file=sys.stderr)
247
 
        sys.exit(1)
248
 
    
249
 
    # Compile dict of (clients: properties) to process
250
 
    clients={}
251
 
    
252
 
    if options.all or not options.client:
253
 
        clients = dict((bus.get_object(busname, path), properties)
254
 
                       for path, properties in
255
 
                       mandos_clients.iteritems())
256
 
    else:
257
 
        for name in options.client:
258
 
            for path, client in mandos_clients.iteritems():
259
 
                if client["Name"] == name:
260
 
                    client_objc = bus.get_object(busname, path)
261
 
                    clients[client_objc] = client
262
 
                    break
263
 
            else:
264
 
                print("Client not found on server: {0!r}"
265
 
                      .format(name), file=sys.stderr)
266
 
                sys.exit(1)
267
 
    
268
 
    if not has_actions(options) and clients:
269
 
        if options.verbose:
270
 
            keywords = ("Name", "Enabled", "Timeout",
271
 
                        "LastCheckedOK", "Created", "Interval",
272
 
                        "Host", "Fingerprint", "CheckerRunning",
273
 
                        "LastEnabled", "ApprovalPending",
274
 
                        "ApprovedByDefault",
275
 
                        "LastApprovalRequest", "ApprovalDelay",
276
 
                        "ApprovalDuration", "Checker",
277
 
                        "ExtendedTimeout")
278
 
        else:
279
 
            keywords = defaultkeywords
280
 
        
281
 
        print_clients(clients.values(), keywords)
282
 
    else:
283
 
        # Process each client in the list by all selected options
284
 
        for client in clients:
285
 
            def set_client_prop(prop, value):
286
 
                """Set a Client D-Bus property"""
287
 
                client.Set(client_interface, prop, value,
288
 
                           dbus_interface=dbus.PROPERTIES_IFACE)
289
 
            def set_client_prop_ms(prop, value):
290
 
                """Set a Client D-Bus property, converted
291
 
                from a string to milliseconds."""
292
 
                set_client_prop(prop,
293
 
                                timedelta_to_milliseconds
294
 
                                (string_to_delta(value)))
295
 
            if options.remove:
296
 
                mandos_serv.RemoveClient(client.__dbus_object_path__)
297
 
            if options.enable:
298
 
                set_client_prop("Enabled", dbus.Boolean(True))
299
 
            if options.disable:
300
 
                set_client_prop("Enabled", dbus.Boolean(False))
301
 
            if options.bump_timeout:
302
 
                set_client_prop("LastCheckedOK", "")
303
 
            if options.start_checker:
304
 
                set_client_prop("CheckerRunning", dbus.Boolean(True))
305
 
            if options.stop_checker:
306
 
                set_client_prop("CheckerRunning", dbus.Boolean(False))
307
 
            if options.is_enabled:
308
 
                sys.exit(0 if client.Get(client_interface,
309
 
                                         "Enabled",
310
 
                                         dbus_interface=
311
 
                                         dbus.PROPERTIES_IFACE)
312
 
                         else 1)
313
 
            if options.checker is not None:
314
 
                set_client_prop("Checker", options.checker)
315
 
            if options.host is not None:
316
 
                set_client_prop("Host", options.host)
317
 
            if options.interval is not None:
318
 
                set_client_prop_ms("Interval", options.interval)
319
 
            if options.approval_delay is not None:
320
 
                set_client_prop_ms("ApprovalDelay",
321
 
                                   options.approval_delay)
322
 
            if options.approval_duration is not None:
323
 
                set_client_prop_ms("ApprovalDuration",
324
 
                                   options.approval_duration)
325
 
            if options.timeout is not None:
326
 
                set_client_prop_ms("Timeout", options.timeout)
327
 
            if options.extended_timeout is not None:
328
 
                set_client_prop_ms("ExtendedTimeout",
329
 
                                   options.extended_timeout)
330
 
            if options.secret is not None:
331
 
                set_client_prop("Secret",
332
 
                                dbus.ByteArray(options.secret.read()))
333
 
            if options.approved_by_default is not None:
334
 
                set_client_prop("ApprovedByDefault",
335
 
                                dbus.Boolean(options
336
 
                                             .approved_by_default))
337
 
            if options.approve:
338
 
                client.Approve(dbus.Boolean(True),
339
 
                               dbus_interface=client_interface)
340
 
            elif options.deny:
341
 
                client.Approve(dbus.Boolean(False),
342
 
                               dbus_interface=client_interface)
343
 
 
344
 
if __name__ == "__main__":
345
 
    main()