/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-monitor

  • Committer: Teddy Hogeborn
  • Date: 2018-08-19 01:35:11 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 368.
  • Revision ID: teddy@recompile.se-20180819013511-cku25q9yeub3dnr0
Adapt to changes in cryptsetup; use "cryptroot-unlock" program

* Makefile (install-client-nokey): Also install new script files
  "mandos-to-cryptroot-unlock" and "initramfs-tools-script-stop".
* debian/mandos-client.dirs: Add
  "usr/share/initramfs-tools/scripts/local-premount".
* initramfs-tools-hook: Also copy "mandos-to-cryptroot-unlock".
* initramfs-tools-script: Only modify keyscript setting in cryptroot
  file if the file exists, otherwise start
  "mandos-to-cryptroot-unlock" in background.
* initramfs-tools-script-stop: New script to make sure plugin-runner
  has stopped before continuing.
* mandos-to-cryptroot-unlock: New script to run plugin-runner and feed
  any password it gets into the "cryptroot-unlock" program.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
#!/usr/bin/python3 -bbI
 
1
#!/usr/bin/python
2
2
# -*- mode: python; coding: utf-8 -*-
3
3
#
4
4
# Mandos Monitor - Control and monitor the Mandos server
5
5
#
6
 
# Copyright © 2009-2019 Teddy Hogeborn
7
 
# Copyright © 2009-2019 Björn Påhlsson
 
6
# Copyright © 2009-2018 Teddy Hogeborn
 
7
# Copyright © 2009-2018 Björn Påhlsson
8
8
#
9
9
# This file is part of Mandos.
10
10
#
33
33
 
34
34
import sys
35
35
import os
36
 
import warnings
 
36
 
37
37
import datetime
38
 
import locale
39
 
import logging
40
38
 
41
39
import urwid.curses_display
42
40
import urwid
46
44
 
47
45
import dbus
48
46
 
 
47
import locale
 
48
 
 
49
import logging
 
50
 
49
51
if sys.version_info.major == 2:
50
52
    str = unicode
51
53
 
52
 
log = logging.getLogger(os.path.basename(sys.argv[0]))
53
 
logging.basicConfig(level="NOTSET", # Show all messages
54
 
                    format="%(message)s") # Show basic log messages
55
 
 
56
 
logging.captureWarnings(True)   # Show warnings via the logging system
57
 
 
58
 
locale.setlocale(locale.LC_ALL, "")
59
 
 
60
 
logging.getLogger("dbus.proxies").setLevel(logging.CRITICAL)
 
54
locale.setlocale(locale.LC_ALL, '')
 
55
 
 
56
logging.getLogger('dbus.proxies').setLevel(logging.CRITICAL)
61
57
 
62
58
# Some useful constants
63
 
domain = "se.recompile"
64
 
server_interface = domain + ".Mandos"
65
 
client_interface = domain + ".Mandos.Client"
66
 
version = "1.8.9"
 
59
domain = 'se.recompile'
 
60
server_interface = domain + '.Mandos'
 
61
client_interface = domain + '.Mandos.Client'
 
62
version = "1.7.19"
67
63
 
68
64
try:
69
65
    dbus.OBJECT_MANAGER_IFACE
126
122
    """
127
123
 
128
124
    def __init__(self, server_proxy_object=None, update_hook=None,
129
 
                 delete_hook=None, **kwargs):
 
125
                 delete_hook=None, logger=None, **kwargs):
130
126
        # Called on update
131
127
        self.update_hook = update_hook
132
128
        # Called on delete
133
129
        self.delete_hook = delete_hook
134
130
        # Mandos Server proxy object
135
131
        self.server_proxy_object = server_proxy_object
 
132
        # Logger
 
133
        self.logger = logger
136
134
 
137
135
        self._update_timer_callback_tag = None
138
136
 
165
163
                                         self.rejected,
166
164
                                         client_interface,
167
165
                                         byte_arrays=True))
168
 
        log.debug("Created client %s", self.properties["Name"])
 
166
        self.logger('Created client {}'
 
167
                    .format(self.properties["Name"]), level=0)
169
168
 
170
169
    def using_timer(self, flag):
171
170
        """Call this method with True or False when timer should be
173
172
        """
174
173
        if flag and self._update_timer_callback_tag is None:
175
174
            # Will update the shown timer value every second
176
 
            self._update_timer_callback_tag = (
177
 
                GLib.timeout_add(1000,
178
 
                                 glib_safely(self.update_timer)))
 
175
            self._update_timer_callback_tag = (GLib.timeout_add
 
176
                                               (1000,
 
177
                                                self.update_timer))
179
178
        elif not (flag or self._update_timer_callback_tag is None):
180
179
            GLib.source_remove(self._update_timer_callback_tag)
181
180
            self._update_timer_callback_tag = None
182
181
 
183
182
    def checker_completed(self, exitstatus, condition, command):
184
183
        if exitstatus == 0:
185
 
            log.debug('Checker for client %s (command "%s")'
186
 
                      " succeeded", self.properties["Name"], command)
 
184
            self.logger('Checker for client {} (command "{}")'
 
185
                        ' succeeded'.format(self.properties["Name"],
 
186
                                            command), level=0)
187
187
            self.update()
188
188
            return
189
189
        # Checker failed
190
190
        if os.WIFEXITED(condition):
191
 
            log.info('Checker for client %s (command "%s") failed'
192
 
                     " with exit code %d", self.properties["Name"],
193
 
                     command, os.WEXITSTATUS(condition))
 
191
            self.logger('Checker for client {} (command "{}") failed'
 
192
                        ' with exit code {}'
 
193
                        .format(self.properties["Name"], command,
 
194
                                os.WEXITSTATUS(condition)))
194
195
        elif os.WIFSIGNALED(condition):
195
 
            log.info('Checker for client %s (command "%s") was'
196
 
                     " killed by signal %d", self.properties["Name"],
197
 
                     command, os.WTERMSIG(condition))
 
196
            self.logger('Checker for client {} (command "{}") was'
 
197
                        ' killed by signal {}'
 
198
                        .format(self.properties["Name"], command,
 
199
                                os.WTERMSIG(condition)))
198
200
        self.update()
199
201
 
200
202
    def checker_started(self, command):
201
203
        """Server signals that a checker started."""
202
 
        log.debug('Client %s started checker "%s"',
203
 
                  self.properties["Name"], command)
 
204
        self.logger('Client {} started checker "{}"'
 
205
                    .format(self.properties["Name"],
 
206
                            command), level=0)
204
207
 
205
208
    def got_secret(self):
206
 
        log.info("Client %s received its secret",
207
 
                 self.properties["Name"])
 
209
        self.logger('Client {} received its secret'
 
210
                    .format(self.properties["Name"]))
208
211
 
209
212
    def need_approval(self, timeout, default):
210
213
        if not default:
211
 
            message = "Client %s needs approval within %f seconds"
 
214
            message = 'Client {} needs approval within {} seconds'
212
215
        else:
213
 
            message = "Client %s will get its secret in %f seconds"
214
 
        log.info(message, self.properties["Name"], timeout/1000)
 
216
            message = 'Client {} will get its secret in {} seconds'
 
217
        self.logger(message.format(self.properties["Name"],
 
218
                                   timeout/1000))
215
219
 
216
220
    def rejected(self, reason):
217
 
        log.info("Client %s was rejected; reason: %s",
218
 
                 self.properties["Name"], reason)
 
221
        self.logger('Client {} was rejected; reason: {}'
 
222
                    .format(self.properties["Name"], reason))
219
223
 
220
224
    def selectable(self):
221
225
        """Make this a "selectable" widget.
247
251
        # Rebuild focus and non-focus widgets using current properties
248
252
 
249
253
        # Base part of a client. Name!
250
 
        base = "{name}: ".format(name=self.properties["Name"])
 
254
        base = '{name}: '.format(name=self.properties["Name"])
251
255
        if not self.properties["Enabled"]:
252
256
            message = "DISABLED"
253
257
            self.using_timer(False)
275
279
                timer = datetime.timedelta(0)
276
280
            else:
277
281
                expires = (datetime.datetime.strptime
278
 
                           (expires, "%Y-%m-%dT%H:%M:%S.%f"))
 
282
                           (expires, '%Y-%m-%dT%H:%M:%S.%f'))
279
283
                timer = max(expires - datetime.datetime.utcnow(),
280
284
                            datetime.timedelta())
281
 
            message = ("A checker has failed! Time until client"
282
 
                       " gets disabled: {}"
 
285
            message = ('A checker has failed! Time until client'
 
286
                       ' gets disabled: {}'
283
287
                       .format(str(timer).rsplit(".", 1)[0]))
284
288
            self.using_timer(True)
285
289
        else:
383
387
            self.update()
384
388
 
385
389
 
386
 
def glib_safely(func, retval=True):
387
 
    def safe_func(*args, **kwargs):
388
 
        try:
389
 
            return func(*args, **kwargs)
390
 
        except Exception:
391
 
            log.exception("")
392
 
            return retval
393
 
    return safe_func
394
 
 
395
 
 
396
390
class ConstrainedListBox(urwid.ListBox):
397
391
    """Like a normal urwid.ListBox, but will consume all "up" or
398
392
    "down" key presses, thus not allowing any containing widgets to
410
404
    """This is the entire user interface - the whole screen
411
405
    with boxes, lists of client widgets, etc.
412
406
    """
413
 
    def __init__(self, max_log_length=1000):
 
407
    def __init__(self, max_log_length=1000, log_level=1):
414
408
        DBusGMainLoop(set_as_default=True)
415
409
 
416
410
        self.screen = urwid.curses_display.Screen()
450
444
        self.clients_dict = {}
451
445
 
452
446
        # We will add Text widgets to this list
453
 
        self.log = urwid.SimpleListWalker([])
 
447
        self.log = []
454
448
        self.max_log_length = max_log_length
455
449
 
 
450
        self.log_level = log_level
 
451
 
456
452
        # We keep a reference to the log widget so we can remove it
457
453
        # from the ListWalker without it getting destroyed
458
454
        self.logbox = ConstrainedListBox(self.log)
462
458
        self.log_visible = True
463
459
        self.log_wrap = "any"
464
460
 
465
 
        self.loghandler = UILogHandler(self)
466
 
 
467
461
        self.rebuild()
468
 
        self.add_log_line(("bold",
469
 
                           "Mandos Monitor version " + version))
470
 
        self.add_log_line(("bold", "q: Quit  ?: Help"))
 
462
        self.log_message_raw(("bold",
 
463
                              "Mandos Monitor version " + version))
 
464
        self.log_message_raw(("bold",
 
465
                              "q: Quit  ?: Help"))
471
466
 
472
 
        self.busname = domain + ".Mandos"
 
467
        self.busname = domain + '.Mandos'
473
468
        self.main_loop = GLib.MainLoop()
474
469
 
475
 
    def client_not_found(self, key_id, address):
476
 
        log.info("Client with address %s and key ID %s could"
477
 
                 " not be found", address, key_id)
 
470
    def client_not_found(self, fingerprint, address):
 
471
        self.log_message("Client with address {} and fingerprint {}"
 
472
                         " could not be found"
 
473
                         .format(address, fingerprint))
478
474
 
479
475
    def rebuild(self):
480
476
        """This rebuilds the User Interface.
491
487
            self.uilist.append(self.logbox)
492
488
        self.topwidget = urwid.Pile(self.uilist)
493
489
 
494
 
    def add_log_line(self, markup):
 
490
    def log_message(self, message, level=1):
 
491
        """Log message formatted with timestamp"""
 
492
        if level < self.log_level:
 
493
            return
 
494
        timestamp = datetime.datetime.now().isoformat()
 
495
        self.log_message_raw("{}: {}".format(timestamp, message),
 
496
                             level=level)
 
497
 
 
498
    def log_message_raw(self, markup, level=1):
 
499
        """Add a log message to the log buffer."""
 
500
        if level < self.log_level:
 
501
            return
495
502
        self.log.append(urwid.Text(markup, wrap=self.log_wrap))
496
503
        if self.max_log_length:
497
504
            if len(self.log) > self.max_log_length:
498
 
                del self.log[0:(len(self.log) - self.max_log_length)]
499
 
        self.logbox.set_focus(len(self.logbox.body.contents)-1,
 
505
                del self.log[0:len(self.log)-self.max_log_length-1]
 
506
        self.logbox.set_focus(len(self.logbox.body.contents),
500
507
                              coming_from="above")
501
508
        self.refresh()
502
509
 
504
511
        """Toggle visibility of the log buffer."""
505
512
        self.log_visible = not self.log_visible
506
513
        self.rebuild()
507
 
        log.debug("Log visibility changed to: %s", self.log_visible)
 
514
        self.log_message("Log visibility changed to: {}"
 
515
                         .format(self.log_visible), level=0)
508
516
 
509
517
    def change_log_display(self):
510
518
        """Change type of log display.
515
523
            self.log_wrap = "clip"
516
524
        for textwidget in self.log:
517
525
            textwidget.set_wrap_mode(self.log_wrap)
518
 
        log.debug("Wrap mode: %s", self.log_wrap)
 
526
        self.log_message("Wrap mode: {}".format(self.log_wrap),
 
527
                         level=0)
519
528
 
520
529
    def find_and_remove_client(self, path, interfaces):
521
530
        """Find a client by its object path and remove it.
529
538
            client = self.clients_dict[path]
530
539
        except KeyError:
531
540
            # not found?
532
 
            log.warning("Unknown client %s removed", path)
 
541
            self.log_message("Unknown client {!r} removed"
 
542
                             .format(path))
533
543
            return
534
544
        client.delete()
535
545
 
548
558
            proxy_object=client_proxy_object,
549
559
            update_hook=self.refresh,
550
560
            delete_hook=self.remove_client,
 
561
            logger=self.log_message,
551
562
            properties=dict(ifs_and_props[client_interface])),
552
563
                        path=path)
553
564
 
573
584
 
574
585
    def run(self):
575
586
        """Start the main loop and exit when it's done."""
576
 
        log.addHandler(self.loghandler)
577
 
        self.orig_log_propagate = log.propagate
578
 
        log.propagate = False
579
 
        self.orig_log_level = log.level
580
 
        log.setLevel("INFO")
581
587
        self.bus = dbus.SystemBus()
582
588
        mandos_dbus_objc = self.bus.get_object(
583
589
            self.busname, "/", follow_name_owner_changes=True)
587
593
            mandos_clients = (self.mandos_serv
588
594
                              .GetAllClientsWithProperties())
589
595
            if not mandos_clients:
590
 
                log.warning("Note: Server has no clients.")
 
596
                self.log_message_raw(("bold",
 
597
                                      "Note: Server has no clients."))
591
598
        except dbus.exceptions.DBusException:
592
 
            log.warning("Note: No Mandos server running.")
 
599
            self.log_message_raw(("bold",
 
600
                                  "Note: No Mandos server running."))
593
601
            mandos_clients = dbus.Dictionary()
594
602
 
595
603
        (self.mandos_serv
615
623
                proxy_object=client_proxy_object,
616
624
                properties=client,
617
625
                update_hook=self.refresh,
618
 
                delete_hook=self.remove_client),
 
626
                delete_hook=self.remove_client,
 
627
                logger=self.log_message),
619
628
                            path=path)
620
629
 
621
630
        self.refresh()
622
 
        self._input_callback_tag = (
623
 
            GLib.io_add_watch(
624
 
                GLib.IOChannel.unix_new(sys.stdin.fileno()),
625
 
                GLib.PRIORITY_DEFAULT, GLib.IO_IN,
626
 
                glib_safely(self.process_input)))
 
631
        self._input_callback_tag = (GLib.io_add_watch
 
632
                                    (sys.stdin.fileno(),
 
633
                                     GLib.IO_IN,
 
634
                                     self.process_input))
627
635
        self.main_loop.run()
628
636
        # Main loop has finished, we should close everything now
629
637
        GLib.source_remove(self._input_callback_tag)
630
 
        with warnings.catch_warnings():
631
 
            warnings.simplefilter("ignore", BytesWarning)
632
 
            self.screen.stop()
 
638
        self.screen.stop()
633
639
 
634
640
    def stop(self):
635
641
        self.main_loop.quit()
636
 
        log.removeHandler(self.loghandler)
637
 
        log.propagate = self.orig_log_propagate
638
642
 
639
643
    def process_input(self, source, condition):
640
644
        keys = self.screen.get_input()
673
677
                if not self.log_visible:
674
678
                    self.log_visible = True
675
679
                    self.rebuild()
676
 
                self.add_log_line(("bold",
677
 
                                   "  ".join(("q: Quit",
678
 
                                              "?: Help",
679
 
                                              "l: Log window toggle",
680
 
                                              "TAB: Switch window",
681
 
                                              "w: Wrap (log lines)",
682
 
                                              "v: Toggle verbose log",
683
 
                                   ))))
684
 
                self.add_log_line(("bold",
685
 
                                   "  ".join(("Clients:",
686
 
                                              "+: Enable",
687
 
                                              "-: Disable",
688
 
                                              "R: Remove",
689
 
                                              "s: Start new checker",
690
 
                                              "S: Stop checker",
691
 
                                              "C: Checker OK",
692
 
                                              "a: Approve",
693
 
                                              "d: Deny",
694
 
                                   ))))
 
680
                self.log_message_raw(("bold",
 
681
                                      "  ".
 
682
                                      join(("q: Quit",
 
683
                                            "?: Help",
 
684
                                            "l: Log window toggle",
 
685
                                            "TAB: Switch window",
 
686
                                            "w: Wrap (log lines)",
 
687
                                            "v: Toggle verbose log",
 
688
                                            ))))
 
689
                self.log_message_raw(("bold",
 
690
                                      "  "
 
691
                                      .join(("Clients:",
 
692
                                             "+: Enable",
 
693
                                             "-: Disable",
 
694
                                             "R: Remove",
 
695
                                             "s: Start new checker",
 
696
                                             "S: Stop checker",
 
697
                                             "C: Checker OK",
 
698
                                             "a: Approve",
 
699
                                             "d: Deny"))))
695
700
                self.refresh()
696
701
            elif key == "tab":
697
702
                if self.topwidget.get_focus() is self.logbox:
700
705
                    self.topwidget.set_focus(self.logbox)
701
706
                self.refresh()
702
707
            elif key == "v":
703
 
                if log.level < logging.INFO:
704
 
                    log.setLevel(logging.INFO)
705
 
                    log.info("Verbose mode: Off")
 
708
                if self.log_level == 0:
 
709
                    self.log_level = 1
 
710
                    self.log_message("Verbose mode: Off")
706
711
                else:
707
 
                    log.setLevel(logging.NOTSET)
708
 
                    log.info("Verbose mode: On")
 
712
                    self.log_level = 0
 
713
                    self.log_message("Verbose mode: On")
709
714
            # elif (key == "end" or key == "meta >" or key == "G"
710
715
            #       or key == ">"):
711
716
            #     pass            # xxx end-of-buffer
730
735
        return True
731
736
 
732
737
 
733
 
class UILogHandler(logging.Handler):
734
 
    def __init__(self, ui, *args, **kwargs):
735
 
        self.ui = ui
736
 
        super(UILogHandler, self).__init__(*args, **kwargs)
737
 
        self.setFormatter(
738
 
            logging.Formatter("%(asctime)s: %(message)s"))
739
 
    def emit(self, record):
740
 
        msg = self.format(record)
741
 
        if record.levelno > logging.INFO:
742
 
            msg = ("bold", msg)
743
 
        self.ui.add_log_line(msg)
744
 
 
745
 
 
746
738
ui = UserInterface()
747
739
try:
748
740
    ui.run()
749
741
except KeyboardInterrupt:
750
 
    with warnings.catch_warnings():
751
 
        warnings.filterwarnings("ignore", "", BytesWarning)
752
 
        ui.screen.stop()
753
 
except Exception:
754
 
    with warnings.catch_warnings():
755
 
        warnings.filterwarnings("ignore", "", BytesWarning)
756
 
        ui.screen.stop()
 
742
    ui.screen.stop()
 
743
except Exception as e:
 
744
    ui.log_message(str(e))
 
745
    ui.screen.stop()
757
746
    raise