/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-monitor

* plugins.d/password-prompt.c (conflict_detection): Don't print error
                                                    on ENOENT when
                                                    opening
                                                    /proc/*/cmdline.

Show diffs side-by-side

added added

removed removed

Lines of Context:
3
3
4
4
# Mandos Monitor - Control and monitor the Mandos server
5
5
6
 
# Copyright © 2009-2012 Teddy Hogeborn
7
 
# Copyright © 2009-2012 Björn Påhlsson
 
6
# Copyright © 2009-2011 Teddy Hogeborn
 
7
# Copyright © 2009-2011 Björn Påhlsson
8
8
9
9
# This program is free software: you can redistribute it and/or modify
10
10
# it under the terms of the GNU General Public License as published by
19
19
# You should have received a copy of the GNU General Public License
20
20
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
21
21
22
 
# Contact the authors at <mandos@recompile.se>.
 
22
# Contact the authors at <mandos@fukt.bsnet.se>.
23
23
24
24
 
25
 
from __future__ import (division, absolute_import, print_function,
26
 
                        unicode_literals)
 
25
from __future__ import division, absolute_import, print_function, unicode_literals
27
26
 
28
27
import sys
29
28
import os
49
48
logging.getLogger('dbus.proxies').setLevel(logging.CRITICAL)
50
49
 
51
50
# Some useful constants
52
 
domain = 'se.recompile'
 
51
domain = 'se.bsnet.fukt'
53
52
server_interface = domain + '.Mandos'
54
53
client_interface = domain + '.Mandos.Client'
55
 
version = "1.5.2"
 
54
version = "1.3.0"
56
55
 
57
56
# Always run in monochrome mode
58
57
urwid.curses_display.curses.has_colors = lambda : False
87
86
        self.proxy = proxy_object # Mandos Client proxy object
88
87
        
89
88
        self.properties = dict()
90
 
        self.property_changed_match = (
91
 
            self.proxy.connect_to_signal("PropertyChanged",
92
 
                                         self.property_changed,
93
 
                                         client_interface,
94
 
                                         byte_arrays=True))
 
89
        self.proxy.connect_to_signal("PropertyChanged",
 
90
                                     self.property_changed,
 
91
                                     client_interface,
 
92
                                     byte_arrays=True)
95
93
        
96
94
        self.properties.update(
97
95
            self.proxy.GetAll(client_interface,
98
96
                              dbus_interface = dbus.PROPERTIES_IFACE))
99
97
 
100
 
        #XXX This breaks good super behaviour
 
98
        #XXX This break good super behaviour!
101
99
#        super(MandosClientPropertyCache, self).__init__(
102
100
#            *args, **kwargs)
103
101
    
107
105
        """
108
106
        # Update properties dict with new value
109
107
        self.properties[property] = value
110
 
    
111
 
    def delete(self, *args, **kwargs):
112
 
        self.property_changed_match.remove()
113
 
        super(MandosClientPropertyCache, self).__init__(
114
 
            *args, **kwargs)
115
108
 
116
109
 
117
110
class MandosClientWidget(urwid.FlowWidget, MandosClientPropertyCache):
161
154
        if self.need_approval:
162
155
            self.using_timer(True)
163
156
        
164
 
        self.match_objects = (
165
 
            self.proxy.connect_to_signal("CheckerCompleted",
166
 
                                         self.checker_completed,
167
 
                                         client_interface,
168
 
                                         byte_arrays=True),
169
 
            self.proxy.connect_to_signal("CheckerStarted",
170
 
                                         self.checker_started,
171
 
                                         client_interface,
172
 
                                         byte_arrays=True),
173
 
            self.proxy.connect_to_signal("GotSecret",
174
 
                                         self.got_secret,
175
 
                                         client_interface,
176
 
                                         byte_arrays=True),
177
 
            self.proxy.connect_to_signal("NeedApproval",
178
 
                                         self.need_approval,
179
 
                                         client_interface,
180
 
                                         byte_arrays=True),
181
 
            self.proxy.connect_to_signal("Rejected",
182
 
                                         self.rejected,
183
 
                                         client_interface,
184
 
                                         byte_arrays=True))
185
 
        #self.logger('Created client %s' % (self.properties["Name"]))
 
157
        self.proxy.connect_to_signal("CheckerCompleted",
 
158
                                     self.checker_completed,
 
159
                                     client_interface,
 
160
                                     byte_arrays=True)
 
161
        self.proxy.connect_to_signal("CheckerStarted",
 
162
                                     self.checker_started,
 
163
                                     client_interface,
 
164
                                     byte_arrays=True)
 
165
        self.proxy.connect_to_signal("GotSecret",
 
166
                                     self.got_secret,
 
167
                                     client_interface,
 
168
                                     byte_arrays=True)
 
169
        self.proxy.connect_to_signal("NeedApproval",
 
170
                                     self.need_approval,
 
171
                                     client_interface,
 
172
                                     byte_arrays=True)
 
173
        self.proxy.connect_to_signal("Rejected",
 
174
                                     self.rejected,
 
175
                                     client_interface,
 
176
                                     byte_arrays=True)
186
177
    
187
178
    def property_changed(self, property=None, value=None):
188
179
        super(self, MandosClientWidget).property_changed(property,
200
191
        else:
201
192
            self._update_timer_callback_lock -= 1
202
193
        if old == 0 and self._update_timer_callback_lock:
203
 
            # Will update the shown timer value every second
204
194
            self._update_timer_callback_tag = (gobject.timeout_add
205
195
                                               (1000,
206
196
                                                self.update_timer))
242
232
        self.update()
243
233
    
244
234
    def checker_started(self, command):
245
 
        """Server signals that a checker started. This could be useful
246
 
           to log in the future. """
247
235
        #self.logger('Client %s started checker "%s"'
248
236
        #            % (self.properties["Name"], unicode(command)))
249
237
        pass
317
305
                message = "Denial in %s. (a)pprove?"
318
306
            message = message % unicode(timer).rsplit(".", 1)[0]
319
307
        elif self.last_checker_failed:
320
 
            # When checker has failed, print a timer until client expires
321
 
            expires = self.properties["Expires"]
322
 
            if expires == "":
323
 
                timer = datetime.timedelta(0)
324
 
            else:
325
 
                expires = datetime.datetime.strptime(expires,
326
 
                                                     '%Y-%m-%dT%H:%M:%S.%f')
327
 
                timer = expires - datetime.datetime.utcnow()
 
308
            timeout = datetime.timedelta(milliseconds
 
309
                                         = self.properties
 
310
                                         ["Timeout"])
 
311
            last_ok = isoformat_to_datetime(
 
312
                max((self.properties["LastCheckedOK"]
 
313
                     or self.properties["Created"]),
 
314
                    self.properties["LastEnabled"]))
 
315
            timer = timeout - (datetime.datetime.utcnow() - last_ok)
328
316
            message = ('A checker has failed! Time until client'
329
317
                       ' gets disabled: %s'
330
318
                           % unicode(timer).rsplit(".", 1)[0])
349
337
            self.update_hook()
350
338
    
351
339
    def update_timer(self):
352
 
        """called by gobject. Will indefinitely loop until
353
 
        gobject.source_remove() on tag is called"""
 
340
        "called by gobject"
354
341
        self.update()
355
342
        return True             # Keep calling this
356
343
    
357
 
    def delete(self, *args, **kwargs):
 
344
    def delete(self):
358
345
        if self._update_timer_callback_tag is not None:
359
346
            gobject.source_remove(self._update_timer_callback_tag)
360
347
            self._update_timer_callback_tag = None
361
 
        for match in self.match_objects:
362
 
            match.remove()
363
 
        self.match_objects = ()
364
348
        if self.delete_hook is not None:
365
349
            self.delete_hook(self)
366
 
        return super(MandosClientWidget, self).delete(*args, **kwargs)
367
350
    
368
351
    def render(self, maxcolrow, focus=False):
369
352
        """Render differently if we have focus.
375
358
        """Handle keys.
376
359
        This overrides the method from urwid.FlowWidget"""
377
360
        if key == "+":
378
 
            self.proxy.Enable(dbus_interface = client_interface,
379
 
                              ignore_reply=True)
 
361
            self.proxy.Enable(dbus_interface = client_interface)
380
362
        elif key == "-":
381
 
            self.proxy.Disable(dbus_interface = client_interface,
382
 
                               ignore_reply=True)
 
363
            self.proxy.Disable(dbus_interface = client_interface)
383
364
        elif key == "a":
384
365
            self.proxy.Approve(dbus.Boolean(True, variant_level=1),
385
 
                               dbus_interface = client_interface,
386
 
                               ignore_reply=True)
 
366
                               dbus_interface = client_interface)
387
367
        elif key == "d":
388
368
            self.proxy.Approve(dbus.Boolean(False, variant_level=1),
389
 
                                  dbus_interface = client_interface,
390
 
                               ignore_reply=True)
 
369
                                  dbus_interface = client_interface)
391
370
        elif key == "R" or key == "_" or key == "ctrl k":
392
371
            self.server_proxy_object.RemoveClient(self.proxy
393
 
                                                  .object_path,
394
 
                                                  ignore_reply=True)
 
372
                                                  .object_path)
395
373
        elif key == "s":
396
 
            self.proxy.StartChecker(dbus_interface = client_interface,
397
 
                                    ignore_reply=True)
 
374
            self.proxy.StartChecker(dbus_interface = client_interface)
398
375
        elif key == "S":
399
 
            self.proxy.StopChecker(dbus_interface = client_interface,
400
 
                                   ignore_reply=True)
 
376
            self.proxy.StopChecker(dbus_interface = client_interface)
401
377
        elif key == "C":
402
 
            self.proxy.CheckedOK(dbus_interface = client_interface,
403
 
                                 ignore_reply=True)
 
378
            self.proxy.CheckedOK(dbus_interface = client_interface)
404
379
        # xxx
405
380
#         elif key == "p" or key == "=":
406
381
#             self.proxy.pause()
499
474
        
500
475
        self.busname = domain + '.Mandos'
501
476
        self.main_loop = gobject.MainLoop()
 
477
        self.bus = dbus.SystemBus()
 
478
        mandos_dbus_objc = self.bus.get_object(
 
479
            self.busname, "/", follow_name_owner_changes=True)
 
480
        self.mandos_serv = dbus.Interface(mandos_dbus_objc,
 
481
                                          dbus_interface
 
482
                                          = server_interface)
 
483
        try:
 
484
            mandos_clients = (self.mandos_serv
 
485
                              .GetAllClientsWithProperties())
 
486
        except dbus.exceptions.DBusException:
 
487
            mandos_clients = dbus.Dictionary()
 
488
        
 
489
        (self.mandos_serv
 
490
         .connect_to_signal("ClientRemoved",
 
491
                            self.find_and_remove_client,
 
492
                            dbus_interface=server_interface,
 
493
                            byte_arrays=True))
 
494
        (self.mandos_serv
 
495
         .connect_to_signal("ClientAdded",
 
496
                            self.add_new_client,
 
497
                            dbus_interface=server_interface,
 
498
                            byte_arrays=True))
 
499
        (self.mandos_serv
 
500
         .connect_to_signal("ClientNotFound",
 
501
                            self.client_not_found,
 
502
                            dbus_interface=server_interface,
 
503
                            byte_arrays=True))
 
504
        for path, client in mandos_clients.iteritems():
 
505
            client_proxy_object = self.bus.get_object(self.busname,
 
506
                                                      path)
 
507
            self.add_client(MandosClientWidget(server_proxy_object
 
508
                                               =self.mandos_serv,
 
509
                                               proxy_object
 
510
                                               =client_proxy_object,
 
511
                                               properties=client,
 
512
                                               update_hook
 
513
                                               =self.refresh,
 
514
                                               delete_hook
 
515
                                               =self.remove_client,
 
516
                                               logger
 
517
                                               =self.log_message),
 
518
                            path=path)
502
519
    
503
520
    def client_not_found(self, fingerprint, address):
504
521
        self.log_message(("Client with address %s and fingerprint %s"
519
536
                                                     self.divider)))
520
537
        if self.log_visible:
521
538
            self.uilist.append(self.logbox)
 
539
            pass
522
540
        self.topwidget = urwid.Pile(self.uilist)
523
541
    
524
542
    def log_message(self, message):
554
572
        #self.log_message("Wrap mode: " + self.log_wrap)
555
573
    
556
574
    def find_and_remove_client(self, path, name):
557
 
        """Find a client by its object path and remove it.
 
575
        """Find an client from its object path and remove it.
558
576
        
559
577
        This is connected to the ClientRemoved signal from the
560
578
        Mandos server object."""
562
580
            client = self.clients_dict[path]
563
581
        except KeyError:
564
582
            # not found?
565
 
            self.log_message("Unknown client %r (%r) removed", name,
566
 
                             path)
567
583
            return
568
 
        client.delete()
 
584
        self.remove_client(client, path)
569
585
    
570
586
    def add_new_client(self, path):
571
587
        client_proxy_object = self.bus.get_object(self.busname, path)
608
624
    
609
625
    def run(self):
610
626
        """Start the main loop and exit when it's done."""
611
 
        self.bus = dbus.SystemBus()
612
 
        mandos_dbus_objc = self.bus.get_object(
613
 
            self.busname, "/", follow_name_owner_changes=True)
614
 
        self.mandos_serv = dbus.Interface(mandos_dbus_objc,
615
 
                                          dbus_interface
616
 
                                          = server_interface)
617
 
        try:
618
 
            mandos_clients = (self.mandos_serv
619
 
                              .GetAllClientsWithProperties())
620
 
        except dbus.exceptions.DBusException:
621
 
            mandos_clients = dbus.Dictionary()
622
 
        
623
 
        (self.mandos_serv
624
 
         .connect_to_signal("ClientRemoved",
625
 
                            self.find_and_remove_client,
626
 
                            dbus_interface=server_interface,
627
 
                            byte_arrays=True))
628
 
        (self.mandos_serv
629
 
         .connect_to_signal("ClientAdded",
630
 
                            self.add_new_client,
631
 
                            dbus_interface=server_interface,
632
 
                            byte_arrays=True))
633
 
        (self.mandos_serv
634
 
         .connect_to_signal("ClientNotFound",
635
 
                            self.client_not_found,
636
 
                            dbus_interface=server_interface,
637
 
                            byte_arrays=True))
638
 
        for path, client in mandos_clients.iteritems():
639
 
            client_proxy_object = self.bus.get_object(self.busname,
640
 
                                                      path)
641
 
            self.add_client(MandosClientWidget(server_proxy_object
642
 
                                               =self.mandos_serv,
643
 
                                               proxy_object
644
 
                                               =client_proxy_object,
645
 
                                               properties=client,
646
 
                                               update_hook
647
 
                                               =self.refresh,
648
 
                                               delete_hook
649
 
                                               =self.remove_client,
650
 
                                               logger
651
 
                                               =self.log_message),
652
 
                            path=path)
653
 
 
654
627
        self.refresh()
655
628
        self._input_callback_tag = (gobject.io_add_watch
656
629
                                    (sys.stdin.fileno(),