/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-monitor

  • Committer: Teddy Hogeborn
  • Date: 2013-10-22 19:24:01 UTC
  • mto: (237.7.272 trunk)
  • mto: This revision was merged to the branch mainline in revision 305.
  • Revision ID: teddy@recompile.se-20131022192401-op6mwsb7f7gygjyh
* mandos (priority): Bug fix: Add even more magic to make the old
                     DSA/ELG 2048-bit keys work with GnuTLS.
* mandos-keygen (KEYCOMMENT): Changed default to "".
* mandos-keygen (OPTIONS): Document new default value of "--comment".
* mandos-options.xml (priority): Document new default value.
* mandos.conf (priority): - '' -

Show diffs side-by-side

added added

removed removed

Lines of Context:
3
3
4
4
# Mandos Monitor - Control and monitor the Mandos server
5
5
6
 
# Copyright © 2009-2012 Teddy Hogeborn
7
 
# Copyright © 2009-2012 Björn Påhlsson
 
6
# Copyright © 2009-2013 Teddy Hogeborn
 
7
# Copyright © 2009-2013 Björn Påhlsson
8
8
9
9
# This program is free software: you can redistribute it and/or modify
10
10
# it under the terms of the GNU General Public License as published by
17
17
#     GNU General Public License for more details.
18
18
19
19
# You should have received a copy of the GNU General Public License
20
 
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
20
# along with this program.  If not, see
 
21
# <http://www.gnu.org/licenses/>.
21
22
22
23
# Contact the authors at <mandos@recompile.se>.
23
24
24
25
 
25
26
from __future__ import (division, absolute_import, print_function,
26
27
                        unicode_literals)
 
28
try:
 
29
    from future_builtins import *
 
30
except ImportError:
 
31
    pass
27
32
 
28
33
import sys
29
34
import os
35
40
import urwid
36
41
 
37
42
from dbus.mainloop.glib import DBusGMainLoop
38
 
import gobject
 
43
try:
 
44
    import gobject
 
45
except ImportError:
 
46
    from gi.repository import GObject as gobject
39
47
 
40
48
import dbus
41
49
 
42
 
import UserList
43
 
 
44
50
import locale
45
51
 
 
52
if sys.version_info[0] == 2:
 
53
    str = unicode
 
54
 
46
55
locale.setlocale(locale.LC_ALL, '')
47
56
 
48
57
import logging
52
61
domain = 'se.recompile'
53
62
server_interface = domain + '.Mandos'
54
63
client_interface = domain + '.Mandos.Client'
55
 
version = "1.5.3"
56
 
 
57
 
# Always run in monochrome mode
58
 
urwid.curses_display.curses.has_colors = lambda : False
59
 
 
60
 
# Urwid doesn't support blinking, but we want it.  Since we have no
61
 
# use for underline on its own, we make underline also always blink.
62
 
urwid.curses_display.curses.A_UNDERLINE |= (
63
 
    urwid.curses_display.curses.A_BLINK)
 
64
version = "1.6.1"
64
65
 
65
66
def isoformat_to_datetime(iso):
66
67
    "Parse an ISO 8601 date string to a datetime.datetime()"
83
84
    properties and calls a hook function when any of them are
84
85
    changed.
85
86
    """
86
 
    def __init__(self, proxy_object=None, *args, **kwargs):
 
87
    def __init__(self, proxy_object=None, properties=None, **kwargs):
87
88
        self.proxy = proxy_object # Mandos Client proxy object
88
 
        
89
 
        self.properties = dict()
 
89
        self.properties = dict() if properties is None else properties
90
90
        self.property_changed_match = (
91
91
            self.proxy.connect_to_signal("PropertyChanged",
92
 
                                         self.property_changed,
 
92
                                         self._property_changed,
93
93
                                         client_interface,
94
94
                                         byte_arrays=True))
95
95
        
96
 
        self.properties.update(
97
 
            self.proxy.GetAll(client_interface,
98
 
                              dbus_interface = dbus.PROPERTIES_IFACE))
99
 
 
100
 
        #XXX This breaks good super behaviour
101
 
#        super(MandosClientPropertyCache, self).__init__(
102
 
#            *args, **kwargs)
 
96
        if properties is None:
 
97
            self.properties.update(
 
98
                self.proxy.GetAll(client_interface,
 
99
                                  dbus_interface
 
100
                                  = dbus.PROPERTIES_IFACE))
 
101
        
 
102
        super(MandosClientPropertyCache, self).__init__(**kwargs)
 
103
    
 
104
    def _property_changed(self, property, value):
 
105
        """Helper which takes positional arguments"""
 
106
        return self.property_changed(property=property, value=value)
103
107
    
104
108
    def property_changed(self, property=None, value=None):
105
109
        """This is called whenever we get a PropertyChanged signal
108
112
        # Update properties dict with new value
109
113
        self.properties[property] = value
110
114
    
111
 
    def delete(self, *args, **kwargs):
 
115
    def delete(self):
112
116
        self.property_changed_match.remove()
113
 
        super(MandosClientPropertyCache, self).__init__(
114
 
            *args, **kwargs)
115
117
 
116
118
 
117
119
class MandosClientWidget(urwid.FlowWidget, MandosClientPropertyCache):
119
121
    """
120
122
    
121
123
    def __init__(self, server_proxy_object=None, update_hook=None,
122
 
                 delete_hook=None, logger=None, *args, **kwargs):
 
124
                 delete_hook=None, logger=None, **kwargs):
123
125
        # Called on update
124
126
        self.update_hook = update_hook
125
127
        # Called on delete
130
132
        self.logger = logger
131
133
        
132
134
        self._update_timer_callback_tag = None
133
 
        self._update_timer_callback_lock = 0
134
135
        
135
136
        # The widget shown normally
136
137
        self._text_widget = urwid.Text("")
137
138
        # The widget shown when we have focus
138
139
        self._focus_text_widget = urwid.Text("")
139
 
        super(MandosClientWidget, self).__init__(
140
 
            update_hook=update_hook, delete_hook=delete_hook,
141
 
            *args, **kwargs)
 
140
        super(MandosClientWidget, self).__init__(**kwargs)
142
141
        self.update()
143
142
        self.opened = False
144
143
        
145
 
        last_checked_ok = isoformat_to_datetime(self.properties
146
 
                                                ["LastCheckedOK"])
147
 
        
148
 
        if self.properties ["LastCheckerStatus"] != 0:
149
 
            self.using_timer(True)
150
 
        
151
 
        if self.need_approval:
152
 
            self.using_timer(True)
153
 
        
154
144
        self.match_objects = (
155
145
            self.proxy.connect_to_signal("CheckerCompleted",
156
146
                                         self.checker_completed,
172
162
                                         self.rejected,
173
163
                                         client_interface,
174
164
                                         byte_arrays=True))
175
 
        #self.logger('Created client %s' % (self.properties["Name"]))
176
 
    
177
 
    def property_changed(self, property=None, value=None):
178
 
        super(self, MandosClientWidget).property_changed(property,
179
 
                                                         value)
180
 
        if property == "ApprovalPending":
181
 
            using_timer(bool(value))
182
 
        if property == "LastCheckerStatus":
183
 
            using_timer(value != 0)
184
 
            #self.logger('Checker for client %s (command "%s")'
185
 
            #            ' was successful'
186
 
            #            % (self.properties["Name"], command))
 
165
        #self.logger('Created client {0}'
 
166
        #            .format(self.properties["Name"]))
187
167
    
188
168
    def using_timer(self, flag):
189
169
        """Call this method with True or False when timer should be
190
170
        activated or deactivated.
191
171
        """
192
 
        old = self._update_timer_callback_lock
193
 
        if flag:
194
 
            self._update_timer_callback_lock += 1
195
 
        else:
196
 
            self._update_timer_callback_lock -= 1
197
 
        if old == 0 and self._update_timer_callback_lock:
 
172
        if flag and self._update_timer_callback_tag is None:
198
173
            # Will update the shown timer value every second
199
174
            self._update_timer_callback_tag = (gobject.timeout_add
200
175
                                               (1000,
201
176
                                                self.update_timer))
202
 
        elif old and self._update_timer_callback_lock == 0:
 
177
        elif not (flag or self._update_timer_callback_tag is None):
203
178
            gobject.source_remove(self._update_timer_callback_tag)
204
179
            self._update_timer_callback_tag = None
205
180
    
209
184
            return
210
185
        # Checker failed
211
186
        if os.WIFEXITED(condition):
212
 
            self.logger('Checker for client %s (command "%s")'
213
 
                        ' failed with exit code %s'
214
 
                        % (self.properties["Name"], command,
215
 
                           os.WEXITSTATUS(condition)))
 
187
            self.logger('Checker for client {0} (command "{1}")'
 
188
                        ' failed with exit code {2}'
 
189
                        .format(self.properties["Name"], command,
 
190
                                os.WEXITSTATUS(condition)))
216
191
        elif os.WIFSIGNALED(condition):
217
 
            self.logger('Checker for client %s (command "%s")'
218
 
                        ' was killed by signal %s'
219
 
                        % (self.properties["Name"], command,
220
 
                           os.WTERMSIG(condition)))
 
192
            self.logger('Checker for client {0} (command "{1}") was'
 
193
                        ' killed by signal {2}'
 
194
                        .format(self.properties["Name"], command,
 
195
                                os.WTERMSIG(condition)))
221
196
        elif os.WCOREDUMP(condition):
222
 
            self.logger('Checker for client %s (command "%s")'
 
197
            self.logger('Checker for client {0} (command "{1}")'
223
198
                        ' dumped core'
224
 
                        % (self.properties["Name"], command))
 
199
                        .format(self.properties["Name"], command))
225
200
        else:
226
 
            self.logger('Checker for client %s completed'
227
 
                        ' mysteriously')
 
201
            self.logger('Checker for client {0} completed'
 
202
                        ' mysteriously'
 
203
                        .format(self.properties["Name"]))
228
204
        self.update()
229
205
    
230
206
    def checker_started(self, command):
231
207
        """Server signals that a checker started. This could be useful
232
208
           to log in the future. """
233
 
        #self.logger('Client %s started checker "%s"'
234
 
        #            % (self.properties["Name"], unicode(command)))
 
209
        #self.logger('Client {0} started checker "{1}"'
 
210
        #            .format(self.properties["Name"],
 
211
        #                    str(command)))
235
212
        pass
236
213
    
237
214
    def got_secret(self):
238
 
        self.logger('Client %s received its secret'
239
 
                    % self.properties["Name"])
 
215
        self.logger('Client {0} received its secret'
 
216
                    .format(self.properties["Name"]))
240
217
    
241
218
    def need_approval(self, timeout, default):
242
219
        if not default:
243
 
            message = 'Client %s needs approval within %s seconds'
 
220
            message = 'Client {0} needs approval within {1} seconds'
244
221
        else:
245
 
            message = 'Client %s will get its secret in %s seconds'
246
 
        self.logger(message
247
 
                    % (self.properties["Name"], timeout/1000))
248
 
        self.using_timer(True)
 
222
            message = 'Client {0} will get its secret in {1} seconds'
 
223
        self.logger(message.format(self.properties["Name"],
 
224
                                   timeout/1000))
249
225
    
250
226
    def rejected(self, reason):
251
 
        self.logger('Client %s was rejected; reason: %s'
252
 
                    % (self.properties["Name"], reason))
 
227
        self.logger('Client {0} was rejected; reason: {1}'
 
228
                    .format(self.properties["Name"], reason))
253
229
    
254
230
    def selectable(self):
255
231
        """Make this a "selectable" widget.
277
253
                          "bold-underline-blink":
278
254
                              "bold-underline-blink-standout",
279
255
                          }
280
 
 
 
256
        
281
257
        # Rebuild focus and non-focus widgets using current properties
282
 
 
 
258
        
283
259
        # Base part of a client. Name!
284
 
        base = ('%(name)s: '
285
 
                      % {"name": self.properties["Name"]})
 
260
        base = '{name}: '.format(name=self.properties["Name"])
286
261
        if not self.properties["Enabled"]:
287
262
            message = "DISABLED"
 
263
            self.using_timer(False)
288
264
        elif self.properties["ApprovalPending"]:
289
265
            timeout = datetime.timedelta(milliseconds
290
266
                                         = self.properties
292
268
            last_approval_request = isoformat_to_datetime(
293
269
                self.properties["LastApprovalRequest"])
294
270
            if last_approval_request is not None:
295
 
                timer = timeout - (datetime.datetime.utcnow()
296
 
                                   - last_approval_request)
 
271
                timer = max(timeout - (datetime.datetime.utcnow()
 
272
                                       - last_approval_request),
 
273
                            datetime.timedelta())
297
274
            else:
298
275
                timer = datetime.timedelta()
299
276
            if self.properties["ApprovedByDefault"]:
300
 
                message = "Approval in %s. (d)eny?"
 
277
                message = "Approval in {0}. (d)eny?"
301
278
            else:
302
 
                message = "Denial in %s. (a)pprove?"
303
 
            message = message % unicode(timer).rsplit(".", 1)[0]
 
279
                message = "Denial in {0}. (a)pprove?"
 
280
            message = message.format(str(timer).rsplit(".", 1)[0])
 
281
            self.using_timer(True)
304
282
        elif self.properties["LastCheckerStatus"] != 0:
305
 
            # When checker has failed, print a timer until client expires
 
283
            # When checker has failed, show timer until client expires
306
284
            expires = self.properties["Expires"]
307
285
            if expires == "":
308
286
                timer = datetime.timedelta(0)
309
287
            else:
310
 
                expires = datetime.datetime.strptime(expires,
311
 
                                                     '%Y-%m-%dT%H:%M:%S.%f')
312
 
                timer = expires - datetime.datetime.utcnow()
 
288
                expires = (datetime.datetime.strptime
 
289
                           (expires, '%Y-%m-%dT%H:%M:%S.%f'))
 
290
                timer = max(expires - datetime.datetime.utcnow(),
 
291
                            datetime.timedelta())
313
292
            message = ('A checker has failed! Time until client'
314
 
                       ' gets disabled: %s'
315
 
                           % unicode(timer).rsplit(".", 1)[0])
 
293
                       ' gets disabled: {0}'
 
294
                       .format(str(timer).rsplit(".", 1)[0]))
 
295
            self.using_timer(True)
316
296
        else:
317
297
            message = "enabled"
318
 
        self._text = "%s%s" % (base, message)
319
 
            
 
298
            self.using_timer(False)
 
299
        self._text = "{0}{1}".format(base, message)
 
300
        
320
301
        if not urwid.supports_unicode():
321
302
            self._text = self._text.encode("ascii", "replace")
322
303
        textlist = [("normal", self._text)]
339
320
        self.update()
340
321
        return True             # Keep calling this
341
322
    
342
 
    def delete(self, *args, **kwargs):
 
323
    def delete(self, **kwargs):
343
324
        if self._update_timer_callback_tag is not None:
344
325
            gobject.source_remove(self._update_timer_callback_tag)
345
326
            self._update_timer_callback_tag = None
348
329
        self.match_objects = ()
349
330
        if self.delete_hook is not None:
350
331
            self.delete_hook(self)
351
 
        return super(MandosClientWidget, self).delete(*args, **kwargs)
 
332
        return super(MandosClientWidget, self).delete(**kwargs)
352
333
    
353
334
    def render(self, maxcolrow, focus=False):
354
335
        """Render differently if we have focus.
396
377
        else:
397
378
            return key
398
379
    
399
 
    def property_changed(self, property=None, value=None,
400
 
                         *args, **kwargs):
 
380
    def property_changed(self, property=None, **kwargs):
401
381
        """Call self.update() if old value is not new value.
402
382
        This overrides the method from MandosClientPropertyCache"""
403
 
        property_name = unicode(property)
 
383
        property_name = str(property)
404
384
        old_value = self.properties.get(property_name)
405
385
        super(MandosClientWidget, self).property_changed(
406
 
            property=property, value=value, *args, **kwargs)
 
386
            property=property, **kwargs)
407
387
        if self.properties.get(property_name) != old_value:
408
388
            self.update()
409
389
 
413
393
    "down" key presses, thus not allowing any containing widgets to
414
394
    use them as an excuse to shift focus away from this widget.
415
395
    """
416
 
    def keypress(self, maxcolrow, key):
417
 
        ret = super(ConstrainedListBox, self).keypress(maxcolrow, key)
 
396
    def keypress(self, *args, **kwargs):
 
397
        ret = super(ConstrainedListBox, self).keypress(*args, **kwargs)
418
398
        if ret in ("up", "down"):
419
399
            return
420
400
        return ret
433
413
                ("normal",
434
414
                 "default", "default", None),
435
415
                ("bold",
436
 
                 "default", "default", "bold"),
 
416
                 "bold", "default", "bold"),
437
417
                ("underline-blink",
438
 
                 "default", "default", "underline"),
 
418
                 "underline,blink", "default", "underline,blink"),
439
419
                ("standout",
440
 
                 "default", "default", "standout"),
 
420
                 "standout", "default", "standout"),
441
421
                ("bold-underline-blink",
442
 
                 "default", "default", ("bold", "underline")),
 
422
                 "bold,underline,blink", "default", "bold,underline,blink"),
443
423
                ("bold-standout",
444
 
                 "default", "default", ("bold", "standout")),
 
424
                 "bold,standout", "default", "bold,standout"),
445
425
                ("underline-blink-standout",
446
 
                 "default", "default", ("underline", "standout")),
 
426
                 "underline,blink,standout", "default",
 
427
                 "underline,blink,standout"),
447
428
                ("bold-underline-blink-standout",
448
 
                 "default", "default", ("bold", "underline",
449
 
                                          "standout")),
 
429
                 "bold,underline,blink,standout", "default",
 
430
                 "bold,underline,blink,standout"),
450
431
                ))
451
432
        
452
433
        if urwid.supports_unicode():
486
467
        self.main_loop = gobject.MainLoop()
487
468
    
488
469
    def client_not_found(self, fingerprint, address):
489
 
        self.log_message(("Client with address %s and fingerprint %s"
490
 
                          " could not be found" % (address,
491
 
                                                    fingerprint)))
 
470
        self.log_message("Client with address {0} and fingerprint"
 
471
                         " {1} could not be found"
 
472
                         .format(address, fingerprint))
492
473
    
493
474
    def rebuild(self):
494
475
        """This rebuilds the User Interface.
507
488
        self.topwidget = urwid.Pile(self.uilist)
508
489
    
509
490
    def log_message(self, message):
 
491
        """Log message formatted with timestamp"""
510
492
        timestamp = datetime.datetime.now().isoformat()
511
493
        self.log_message_raw(timestamp + ": " + message)
512
494
    
525
507
        self.log_visible = not self.log_visible
526
508
        self.rebuild()
527
509
        #self.log_message("Log visibility changed to: "
528
 
        #                 + unicode(self.log_visible))
 
510
        #                 + str(self.log_visible))
529
511
    
530
512
    def change_log_display(self):
531
513
        """Change type of log display.
547
529
            client = self.clients_dict[path]
548
530
        except KeyError:
549
531
            # not found?
550
 
            self.log_message("Unknown client %r (%r) removed", name,
551
 
                             path)
 
532
            self.log_message("Unknown client {0!r} ({1!r}) removed"
 
533
                             .format(name, path))
552
534
            return
553
535
        client.delete()
554
536
    
571
553
        if path is None:
572
554
            path = client.proxy.object_path
573
555
        self.clients_dict[path] = client
574
 
        self.clients.sort(None, lambda c: c.properties["Name"])
 
556
        self.clients.sort(key=lambda c: c.properties["Name"])
575
557
        self.refresh()
576
558
    
577
559
    def remove_client(self, client, path=None):
579
561
        if path is None:
580
562
            path = client.proxy.object_path
581
563
        del self.clients_dict[path]
582
 
        if not self.clients_dict:
583
 
            # Work around bug in Urwid 0.9.8.3 - if a SimpleListWalker
584
 
            # is completely emptied, we need to recreate it.
585
 
            self.clients = urwid.SimpleListWalker([])
586
 
            self.rebuild()
587
564
        self.refresh()
588
565
    
589
566
    def refresh(self):
602
579
        try:
603
580
            mandos_clients = (self.mandos_serv
604
581
                              .GetAllClientsWithProperties())
 
582
            if not mandos_clients:
 
583
                self.log_message_raw(("bold", "Note: Server has no clients."))
605
584
        except dbus.exceptions.DBusException:
 
585
            self.log_message_raw(("bold", "Note: No Mandos server running."))
606
586
            mandos_clients = dbus.Dictionary()
607
587
        
608
588
        (self.mandos_serv
620
600
                            self.client_not_found,
621
601
                            dbus_interface=server_interface,
622
602
                            byte_arrays=True))
623
 
        for path, client in mandos_clients.iteritems():
 
603
        for path, client in mandos_clients.items():
624
604
            client_proxy_object = self.bus.get_object(self.busname,
625
605
                                                      path)
626
606
            self.add_client(MandosClientWidget(server_proxy_object
635
615
                                               logger
636
616
                                               =self.log_message),
637
617
                            path=path)
638
 
 
 
618
        
639
619
        self.refresh()
640
620
        self._input_callback_tag = (gobject.io_add_watch
641
621
                                    (sys.stdin.fileno(),
738
718
    ui.run()
739
719
except KeyboardInterrupt:
740
720
    ui.screen.stop()
741
 
except Exception, e:
742
 
    ui.log_message(unicode(e))
 
721
except Exception as e:
 
722
    ui.log_message(str(e))
743
723
    ui.screen.stop()
744
724
    raise