/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-monitor

  • Committer: Teddy Hogeborn
  • Date: 2022-04-23 20:39:28 UTC
  • mto: This revision was merged to the branch mainline in revision 406.
  • Revision ID: teddy@recompile.se-20220423203928-q2ngppp3pt7cfv4x
Makefile: Add comment about phase out of -lpthread

* Makefile (dracut-module/password-agent): Add comment about -lpthread
  being unnecessary in GNU C library 2.34 and later.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
#!/usr/bin/python3 -bb
 
1
#!/usr/bin/python3 -bbI
2
2
# -*- mode: python; coding: utf-8 -*-
3
3
#
4
4
# Mandos Monitor - Control and monitor the Mandos server
35
35
import os
36
36
import warnings
37
37
import datetime
 
38
import locale
 
39
import logging
38
40
 
39
41
import urwid.curses_display
40
42
import urwid
44
46
 
45
47
import dbus
46
48
 
47
 
import locale
48
 
 
49
 
import logging
50
 
 
51
49
if sys.version_info.major == 2:
 
50
    __metaclass__ = type
52
51
    str = unicode
53
52
 
54
 
locale.setlocale(locale.LC_ALL, '')
55
 
 
56
 
logging.getLogger('dbus.proxies').setLevel(logging.CRITICAL)
 
53
log = logging.getLogger(os.path.basename(sys.argv[0]))
 
54
logging.basicConfig(level="NOTSET", # Show all messages
 
55
                    format="%(message)s") # Show basic log messages
 
56
 
 
57
logging.captureWarnings(True)   # Show warnings via the logging system
 
58
 
 
59
locale.setlocale(locale.LC_ALL, "")
 
60
 
 
61
logging.getLogger("dbus.proxies").setLevel(logging.CRITICAL)
57
62
 
58
63
# Some useful constants
59
 
domain = 'se.recompile'
60
 
server_interface = domain + '.Mandos'
61
 
client_interface = domain + '.Mandos.Client'
62
 
version = "1.8.9"
 
64
domain = "se.recompile"
 
65
server_interface = domain + ".Mandos"
 
66
client_interface = domain + ".Mandos.Client"
 
67
version = "1.8.14"
63
68
 
64
69
try:
65
70
    dbus.OBJECT_MANAGER_IFACE
84
89
                             int(fraction*1000000))  # Microseconds
85
90
 
86
91
 
87
 
class MandosClientPropertyCache(object):
 
92
class MandosClientPropertyCache:
88
93
    """This wraps a Mandos Client D-Bus proxy object, caches the
89
94
    properties and calls a hook function when any of them are
90
95
    changed.
122
127
    """
123
128
 
124
129
    def __init__(self, server_proxy_object=None, update_hook=None,
125
 
                 delete_hook=None, logger=None, **kwargs):
 
130
                 delete_hook=None, **kwargs):
126
131
        # Called on update
127
132
        self.update_hook = update_hook
128
133
        # Called on delete
129
134
        self.delete_hook = delete_hook
130
135
        # Mandos Server proxy object
131
136
        self.server_proxy_object = server_proxy_object
132
 
        # Logger
133
 
        self.logger = logger
134
137
 
135
138
        self._update_timer_callback_tag = None
136
139
 
163
166
                                         self.rejected,
164
167
                                         client_interface,
165
168
                                         byte_arrays=True))
166
 
        self.logger('Created client {}'
167
 
                    .format(self.properties["Name"]), level=0)
 
169
        log.debug("Created client %s", self.properties["Name"])
168
170
 
169
171
    def using_timer(self, flag):
170
172
        """Call this method with True or False when timer should be
172
174
        """
173
175
        if flag and self._update_timer_callback_tag is None:
174
176
            # Will update the shown timer value every second
175
 
            self._update_timer_callback_tag = (GLib.timeout_add
176
 
                                               (1000,
177
 
                                                self.update_timer))
 
177
            self._update_timer_callback_tag = (
 
178
                GLib.timeout_add(1000,
 
179
                                 glib_safely(self.update_timer)))
178
180
        elif not (flag or self._update_timer_callback_tag is None):
179
181
            GLib.source_remove(self._update_timer_callback_tag)
180
182
            self._update_timer_callback_tag = None
181
183
 
182
184
    def checker_completed(self, exitstatus, condition, command):
183
185
        if exitstatus == 0:
184
 
            self.logger('Checker for client {} (command "{}")'
185
 
                        ' succeeded'.format(self.properties["Name"],
186
 
                                            command), level=0)
 
186
            log.debug('Checker for client %s (command "%s")'
 
187
                      " succeeded", self.properties["Name"], command)
187
188
            self.update()
188
189
            return
189
190
        # Checker failed
190
191
        if os.WIFEXITED(condition):
191
 
            self.logger('Checker for client {} (command "{}") failed'
192
 
                        ' with exit code {}'
193
 
                        .format(self.properties["Name"], command,
194
 
                                os.WEXITSTATUS(condition)))
 
192
            log.info('Checker for client %s (command "%s") failed'
 
193
                     " with exit code %d", self.properties["Name"],
 
194
                     command, os.WEXITSTATUS(condition))
195
195
        elif os.WIFSIGNALED(condition):
196
 
            self.logger('Checker for client {} (command "{}") was'
197
 
                        ' killed by signal {}'
198
 
                        .format(self.properties["Name"], command,
199
 
                                os.WTERMSIG(condition)))
 
196
            log.info('Checker for client %s (command "%s") was'
 
197
                     " killed by signal %d", self.properties["Name"],
 
198
                     command, os.WTERMSIG(condition))
200
199
        self.update()
201
200
 
202
201
    def checker_started(self, command):
203
202
        """Server signals that a checker started."""
204
 
        self.logger('Client {} started checker "{}"'
205
 
                    .format(self.properties["Name"],
206
 
                            command), level=0)
 
203
        log.debug('Client %s started checker "%s"',
 
204
                  self.properties["Name"], command)
207
205
 
208
206
    def got_secret(self):
209
 
        self.logger('Client {} received its secret'
210
 
                    .format(self.properties["Name"]))
 
207
        log.info("Client %s received its secret",
 
208
                 self.properties["Name"])
211
209
 
212
210
    def need_approval(self, timeout, default):
213
211
        if not default:
214
 
            message = 'Client {} needs approval within {} seconds'
 
212
            message = "Client %s needs approval within %f seconds"
215
213
        else:
216
 
            message = 'Client {} will get its secret in {} seconds'
217
 
        self.logger(message.format(self.properties["Name"],
218
 
                                   timeout/1000))
 
214
            message = "Client %s will get its secret in %f seconds"
 
215
        log.info(message, self.properties["Name"], timeout/1000)
219
216
 
220
217
    def rejected(self, reason):
221
 
        self.logger('Client {} was rejected; reason: {}'
222
 
                    .format(self.properties["Name"], reason))
 
218
        log.info("Client %s was rejected; reason: %s",
 
219
                 self.properties["Name"], reason)
223
220
 
224
221
    def selectable(self):
225
222
        """Make this a "selectable" widget.
251
248
        # Rebuild focus and non-focus widgets using current properties
252
249
 
253
250
        # Base part of a client. Name!
254
 
        base = '{name}: '.format(name=self.properties["Name"])
 
251
        base = "{name}: ".format(name=self.properties["Name"])
255
252
        if not self.properties["Enabled"]:
256
253
            message = "DISABLED"
257
254
            self.using_timer(False)
279
276
                timer = datetime.timedelta(0)
280
277
            else:
281
278
                expires = (datetime.datetime.strptime
282
 
                           (expires, '%Y-%m-%dT%H:%M:%S.%f'))
 
279
                           (expires, "%Y-%m-%dT%H:%M:%S.%f"))
283
280
                timer = max(expires - datetime.datetime.utcnow(),
284
281
                            datetime.timedelta())
285
 
            message = ('A checker has failed! Time until client'
286
 
                       ' gets disabled: {}'
 
282
            message = ("A checker has failed! Time until client"
 
283
                       " gets disabled: {}"
287
284
                       .format(str(timer).rsplit(".", 1)[0]))
288
285
            self.using_timer(True)
289
286
        else:
387
384
            self.update()
388
385
 
389
386
 
 
387
def glib_safely(func, retval=True):
 
388
    def safe_func(*args, **kwargs):
 
389
        try:
 
390
            return func(*args, **kwargs)
 
391
        except Exception:
 
392
            log.exception("")
 
393
            return retval
 
394
    return safe_func
 
395
 
 
396
 
390
397
class ConstrainedListBox(urwid.ListBox):
391
398
    """Like a normal urwid.ListBox, but will consume all "up" or
392
399
    "down" key presses, thus not allowing any containing widgets to
400
407
        return ret
401
408
 
402
409
 
403
 
class UserInterface(object):
 
410
class UserInterface:
404
411
    """This is the entire user interface - the whole screen
405
412
    with boxes, lists of client widgets, etc.
406
413
    """
407
 
    def __init__(self, max_log_length=1000, log_level=1):
 
414
    def __init__(self, max_log_length=1000):
408
415
        DBusGMainLoop(set_as_default=True)
409
416
 
410
417
        self.screen = urwid.curses_display.Screen()
447
454
        self.log = urwid.SimpleListWalker([])
448
455
        self.max_log_length = max_log_length
449
456
 
450
 
        self.log_level = log_level
451
 
 
452
457
        # We keep a reference to the log widget so we can remove it
453
458
        # from the ListWalker without it getting destroyed
454
459
        self.logbox = ConstrainedListBox(self.log)
458
463
        self.log_visible = True
459
464
        self.log_wrap = "any"
460
465
 
 
466
        self.loghandler = UILogHandler(self)
 
467
 
461
468
        self.rebuild()
462
 
        self.log_message_raw(("bold",
463
 
                              "Mandos Monitor version " + version))
464
 
        self.log_message_raw(("bold",
465
 
                              "q: Quit  ?: Help"))
 
469
        self.add_log_line(("bold",
 
470
                           "Mandos Monitor version " + version))
 
471
        self.add_log_line(("bold", "q: Quit  ?: Help"))
466
472
 
467
 
        self.busname = domain + '.Mandos'
 
473
        self.busname = domain + ".Mandos"
468
474
        self.main_loop = GLib.MainLoop()
469
475
 
470
476
    def client_not_found(self, key_id, address):
471
 
        self.log_message("Client with address {} and key ID {} could"
472
 
                         " not be found".format(address, key_id))
 
477
        log.info("Client with address %s and key ID %s could"
 
478
                 " not be found", address, key_id)
473
479
 
474
480
    def rebuild(self):
475
481
        """This rebuilds the User Interface.
486
492
            self.uilist.append(self.logbox)
487
493
        self.topwidget = urwid.Pile(self.uilist)
488
494
 
489
 
    def log_message(self, message, level=1):
490
 
        """Log message formatted with timestamp"""
491
 
        if level < self.log_level:
492
 
            return
493
 
        timestamp = datetime.datetime.now().isoformat()
494
 
        self.log_message_raw("{}: {}".format(timestamp, message),
495
 
                             level=level)
496
 
 
497
 
    def log_message_raw(self, markup, level=1):
498
 
        """Add a log message to the log buffer."""
499
 
        if level < self.log_level:
500
 
            return
 
495
    def add_log_line(self, markup):
501
496
        self.log.append(urwid.Text(markup, wrap=self.log_wrap))
502
497
        if self.max_log_length:
503
498
            if len(self.log) > self.max_log_length:
504
 
                del self.log[0:len(self.log)-self.max_log_length-1]
 
499
                del self.log[0:(len(self.log) - self.max_log_length)]
505
500
        self.logbox.set_focus(len(self.logbox.body.contents)-1,
506
501
                              coming_from="above")
507
502
        self.refresh()
510
505
        """Toggle visibility of the log buffer."""
511
506
        self.log_visible = not self.log_visible
512
507
        self.rebuild()
513
 
        self.log_message("Log visibility changed to: {}"
514
 
                         .format(self.log_visible), level=0)
 
508
        log.debug("Log visibility changed to: %s", self.log_visible)
515
509
 
516
510
    def change_log_display(self):
517
511
        """Change type of log display.
522
516
            self.log_wrap = "clip"
523
517
        for textwidget in self.log:
524
518
            textwidget.set_wrap_mode(self.log_wrap)
525
 
        self.log_message("Wrap mode: {}".format(self.log_wrap),
526
 
                         level=0)
 
519
        log.debug("Wrap mode: %s", self.log_wrap)
527
520
 
528
521
    def find_and_remove_client(self, path, interfaces):
529
522
        """Find a client by its object path and remove it.
537
530
            client = self.clients_dict[path]
538
531
        except KeyError:
539
532
            # not found?
540
 
            self.log_message("Unknown client {!r} removed"
541
 
                             .format(path))
 
533
            log.warning("Unknown client %s removed", path)
542
534
            return
543
535
        client.delete()
544
536
 
557
549
            proxy_object=client_proxy_object,
558
550
            update_hook=self.refresh,
559
551
            delete_hook=self.remove_client,
560
 
            logger=self.log_message,
561
552
            properties=dict(ifs_and_props[client_interface])),
562
553
                        path=path)
563
554
 
583
574
 
584
575
    def run(self):
585
576
        """Start the main loop and exit when it's done."""
 
577
        log.addHandler(self.loghandler)
 
578
        self.orig_log_propagate = log.propagate
 
579
        log.propagate = False
 
580
        self.orig_log_level = log.level
 
581
        log.setLevel("INFO")
586
582
        self.bus = dbus.SystemBus()
587
583
        mandos_dbus_objc = self.bus.get_object(
588
584
            self.busname, "/", follow_name_owner_changes=True)
592
588
            mandos_clients = (self.mandos_serv
593
589
                              .GetAllClientsWithProperties())
594
590
            if not mandos_clients:
595
 
                self.log_message_raw(("bold",
596
 
                                      "Note: Server has no clients."))
 
591
                log.warning("Note: Server has no clients.")
597
592
        except dbus.exceptions.DBusException:
598
 
            self.log_message_raw(("bold",
599
 
                                  "Note: No Mandos server running."))
 
593
            log.warning("Note: No Mandos server running.")
600
594
            mandos_clients = dbus.Dictionary()
601
595
 
602
596
        (self.mandos_serv
622
616
                proxy_object=client_proxy_object,
623
617
                properties=client,
624
618
                update_hook=self.refresh,
625
 
                delete_hook=self.remove_client,
626
 
                logger=self.log_message),
 
619
                delete_hook=self.remove_client),
627
620
                            path=path)
628
621
 
629
622
        self.refresh()
631
624
            GLib.io_add_watch(
632
625
                GLib.IOChannel.unix_new(sys.stdin.fileno()),
633
626
                GLib.PRIORITY_DEFAULT, GLib.IO_IN,
634
 
                self.process_input))
 
627
                glib_safely(self.process_input)))
635
628
        self.main_loop.run()
636
629
        # Main loop has finished, we should close everything now
637
630
        GLib.source_remove(self._input_callback_tag)
641
634
 
642
635
    def stop(self):
643
636
        self.main_loop.quit()
 
637
        log.removeHandler(self.loghandler)
 
638
        log.propagate = self.orig_log_propagate
644
639
 
645
640
    def process_input(self, source, condition):
646
641
        keys = self.screen.get_input()
679
674
                if not self.log_visible:
680
675
                    self.log_visible = True
681
676
                    self.rebuild()
682
 
                self.log_message_raw(("bold",
683
 
                                      "  ".
684
 
                                      join(("q: Quit",
685
 
                                            "?: Help",
686
 
                                            "l: Log window toggle",
687
 
                                            "TAB: Switch window",
688
 
                                            "w: Wrap (log lines)",
689
 
                                            "v: Toggle verbose log",
690
 
                                            ))))
691
 
                self.log_message_raw(("bold",
692
 
                                      "  "
693
 
                                      .join(("Clients:",
694
 
                                             "+: Enable",
695
 
                                             "-: Disable",
696
 
                                             "R: Remove",
697
 
                                             "s: Start new checker",
698
 
                                             "S: Stop checker",
699
 
                                             "C: Checker OK",
700
 
                                             "a: Approve",
701
 
                                             "d: Deny"))))
 
677
                self.add_log_line(("bold",
 
678
                                   "  ".join(("q: Quit",
 
679
                                              "?: Help",
 
680
                                              "l: Log window toggle",
 
681
                                              "TAB: Switch window",
 
682
                                              "w: Wrap (log lines)",
 
683
                                              "v: Toggle verbose log",
 
684
                                   ))))
 
685
                self.add_log_line(("bold",
 
686
                                   "  ".join(("Clients:",
 
687
                                              "+: Enable",
 
688
                                              "-: Disable",
 
689
                                              "R: Remove",
 
690
                                              "s: Start new checker",
 
691
                                              "S: Stop checker",
 
692
                                              "C: Checker OK",
 
693
                                              "a: Approve",
 
694
                                              "d: Deny",
 
695
                                   ))))
702
696
                self.refresh()
703
697
            elif key == "tab":
704
698
                if self.topwidget.get_focus() is self.logbox:
707
701
                    self.topwidget.set_focus(self.logbox)
708
702
                self.refresh()
709
703
            elif key == "v":
710
 
                if self.log_level == 0:
711
 
                    self.log_level = 1
712
 
                    self.log_message("Verbose mode: Off")
 
704
                if log.level < logging.INFO:
 
705
                    log.setLevel(logging.INFO)
 
706
                    log.info("Verbose mode: Off")
713
707
                else:
714
 
                    self.log_level = 0
715
 
                    self.log_message("Verbose mode: On")
 
708
                    log.setLevel(logging.NOTSET)
 
709
                    log.info("Verbose mode: On")
716
710
            # elif (key == "end" or key == "meta >" or key == "G"
717
711
            #       or key == ">"):
718
712
            #     pass            # xxx end-of-buffer
737
731
        return True
738
732
 
739
733
 
 
734
class UILogHandler(logging.Handler):
 
735
    def __init__(self, ui, *args, **kwargs):
 
736
        self.ui = ui
 
737
        super(UILogHandler, self).__init__(*args, **kwargs)
 
738
        self.setFormatter(
 
739
            logging.Formatter("%(asctime)s: %(message)s"))
 
740
    def emit(self, record):
 
741
        msg = self.format(record)
 
742
        if record.levelno > logging.INFO:
 
743
            msg = ("bold", msg)
 
744
        self.ui.add_log_line(msg)
 
745
 
 
746
 
740
747
ui = UserInterface()
741
748
try:
742
749
    ui.run()
743
750
except KeyboardInterrupt:
744
 
    ui.screen.stop()
745
 
except Exception as e:
746
 
    ui.log_message(str(e))
747
 
    ui.screen.stop()
 
751
    with warnings.catch_warnings():
 
752
        warnings.filterwarnings("ignore", "", BytesWarning)
 
753
        ui.screen.stop()
 
754
except Exception:
 
755
    with warnings.catch_warnings():
 
756
        warnings.filterwarnings("ignore", "", BytesWarning)
 
757
        ui.screen.stop()
748
758
    raise