To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos-monitor
- browse files at revision 101
- compare with another revision
- download diff
- download tarball
- view history from revision 101
- Committer: Teddy Hogeborn
- Date: 2008-08-24 23:18:18 UTC
- Revision ID: teddy@fukt.bsnet.se-20080824231818-4cgr5zekodg4s0dl
* initramfs-tools-hook: Added "--enable-dsa2" and "--trust-model
always" options to gpg.
always" options to gpg.
- files added:
- plugins.d/usplash
- files removed:
- .bzr-builddeb
- debian
- debian/po
- debian/source
- debian/upstream
- network-hooks.d
- files renamed:
- plugins.d/mandos-client.c => plugins.d/password-request.c
- plugins.d/mandos-client.xml => plugins.d/password-request.xml
- files modified:
- Makefile
added
removed
mandos-monitor
1
#!/usr/bin/python
2
# -*- mode: python; coding: utf-8 -*-
3
#
4
# Mandos Monitor - Control and monitor the Mandos server
5
#
6
# Copyright © 2009-2014 Teddy Hogeborn
7
# Copyright © 2009-2014 Björn Påhlsson
8
#
9
# This program is free software: you can redistribute it and/or modify
10
# it under the terms of the GNU General Public License as published by
11
# the Free Software Foundation, either version 3 of the License, or
12
# (at your option) any later version.
13
#
14
# This program is distributed in the hope that it will be useful,
15
# but WITHOUT ANY WARRANTY; without even the implied warranty of
16
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17
# GNU General Public License for more details.
18
#
19
# You should have received a copy of the GNU General Public License
20
# along with this program. If not, see
21
# <http://www.gnu.org/licenses/>.
22
#
23
# Contact the authors at <mandos@recompile.se>.
24
#
25
26
from __future__ import (division, absolute_import, print_function,
27
unicode_literals)
28
try:
29
from future_builtins import *
30
except ImportError:
31
pass
32
33
import sys
34
import os
35
36
import datetime
37
38
import urwid.curses_display
39
import urwid
40
41
from dbus.mainloop.glib import DBusGMainLoop
42
try:
43
import gobject
44
except ImportError:
45
from gi.repository import GObject as gobject
46
47
import dbus
48
49
import locale
50
51
if sys.version_info[0] == 2:
52
str = unicode
53
54
locale.setlocale(locale.LC_ALL, '')
55
56
import logging
57
logging.getLogger('dbus.proxies').setLevel(logging.CRITICAL)
58
59
# Some useful constants
60
domain = 'se.recompile'
61
server_interface = domain + '.Mandos'
62
client_interface = domain + '.Mandos.Client'
63
version = "1.6.5"
64
65
def isoformat_to_datetime(iso):
66
"Parse an ISO 8601 date string to a datetime.datetime()"
67
if not iso:
68
return None
69
d, t = iso.split("T", 1)
70
year, month, day = d.split("-", 2)
71
hour, minute, second = t.split(":", 2)
72
second, fraction = divmod(float(second), 1)
73
return datetime.datetime(int(year),
74
int(month),
75
int(day),
76
int(hour),
77
int(minute),
78
int(second), # Whole seconds
79
int(fraction*1000000)) # Microseconds
80
81
class MandosClientPropertyCache(object):
82
"""This wraps a Mandos Client D-Bus proxy object, caches the
83
properties and calls a hook function when any of them are
84
changed.
85
"""
86
def __init__(self, proxy_object=None, properties=None, **kwargs):
87
self.proxy = proxy_object # Mandos Client proxy object
88
self.properties = dict() if properties is None else properties
89
self.property_changed_match = (
90
self.proxy.connect_to_signal("PropertyChanged",
91
self._property_changed,
92
client_interface,
93
byte_arrays=True))
94
95
if properties is None:
96
self.properties.update(
97
self.proxy.GetAll(client_interface,
98
dbus_interface
99
= dbus.PROPERTIES_IFACE))
100
101
super(MandosClientPropertyCache, self).__init__(**kwargs)
102
103
def _property_changed(self, property, value):
104
"""Helper which takes positional arguments"""
105
return self.property_changed(property=property, value=value)
106
107
def property_changed(self, property=None, value=None):
108
"""This is called whenever we get a PropertyChanged signal
109
It updates the changed property in the "properties" dict.
110
"""
111
# Update properties dict with new value
112
self.properties[property] = value
113
114
def delete(self):
115
self.property_changed_match.remove()
116
117
118
class MandosClientWidget(urwid.FlowWidget, MandosClientPropertyCache):
119
"""A Mandos Client which is visible on the screen.
120
"""
121
122
def __init__(self, server_proxy_object=None, update_hook=None,
123
delete_hook=None, logger=None, **kwargs):
124
# Called on update
125
self.update_hook = update_hook
126
# Called on delete
127
self.delete_hook = delete_hook
128
# Mandos Server proxy object
129
self.server_proxy_object = server_proxy_object
130
# Logger
131
self.logger = logger
132
133
self._update_timer_callback_tag = None
134
135
# The widget shown normally
136
self._text_widget = urwid.Text("")
137
# The widget shown when we have focus
138
self._focus_text_widget = urwid.Text("")
139
super(MandosClientWidget, self).__init__(**kwargs)
140
self.update()
141
self.opened = False
142
143
self.match_objects = (
144
self.proxy.connect_to_signal("CheckerCompleted",
145
self.checker_completed,
146
client_interface,
147
byte_arrays=True),
148
self.proxy.connect_to_signal("CheckerStarted",
149
self.checker_started,
150
client_interface,
151
byte_arrays=True),
152
self.proxy.connect_to_signal("GotSecret",
153
self.got_secret,
154
client_interface,
155
byte_arrays=True),
156
self.proxy.connect_to_signal("NeedApproval",
157
self.need_approval,
158
client_interface,
159
byte_arrays=True),
160
self.proxy.connect_to_signal("Rejected",
161
self.rejected,
162
client_interface,
163
byte_arrays=True))
164
#self.logger('Created client {0}'
165
# .format(self.properties["Name"]))
166
167
def using_timer(self, flag):
168
"""Call this method with True or False when timer should be
169
activated or deactivated.
170
"""
171
if flag and self._update_timer_callback_tag is None:
172
# Will update the shown timer value every second
173
self._update_timer_callback_tag = (gobject.timeout_add
174
(1000,
175
self.update_timer))
176
elif not (flag or self._update_timer_callback_tag is None):
177
gobject.source_remove(self._update_timer_callback_tag)
178
self._update_timer_callback_tag = None
179
180
def checker_completed(self, exitstatus, condition, command):
181
if exitstatus == 0:
182
self.update()
183
return
184
# Checker failed
185
if os.WIFEXITED(condition):
186
self.logger('Checker for client {0} (command "{1}")'
187
' failed with exit code {2}'
188
.format(self.properties["Name"], command,
189
os.WEXITSTATUS(condition)))
190
elif os.WIFSIGNALED(condition):
191
self.logger('Checker for client {0} (command "{1}") was'
192
' killed by signal {2}'
193
.format(self.properties["Name"], command,
194
os.WTERMSIG(condition)))
195
elif os.WCOREDUMP(condition):
196
self.logger('Checker for client {0} (command "{1}")'
197
' dumped core'
198
.format(self.properties["Name"], command))
199
else:
200
self.logger('Checker for client {0} completed'
201
' mysteriously'
202
.format(self.properties["Name"]))
203
self.update()
204
205
def checker_started(self, command):
206
"""Server signals that a checker started. This could be useful
207
to log in the future. """
208
#self.logger('Client {0} started checker "{1}"'
209
# .format(self.properties["Name"],
210
# str(command)))
211
pass
212
213
def got_secret(self):
214
self.logger('Client {0} received its secret'
215
.format(self.properties["Name"]))
216
217
def need_approval(self, timeout, default):
218
if not default:
219
message = 'Client {0} needs approval within {1} seconds'
220
else:
221
message = 'Client {0} will get its secret in {1} seconds'
222
self.logger(message.format(self.properties["Name"],
223
timeout/1000))
224
225
def rejected(self, reason):
226
self.logger('Client {0} was rejected; reason: {1}'
227
.format(self.properties["Name"], reason))
228
229
def selectable(self):
230
"""Make this a "selectable" widget.
231
This overrides the method from urwid.FlowWidget."""
232
return True
233
234
def rows(self, maxcolrow, focus=False):
235
"""How many rows this widget will occupy might depend on
236
whether we have focus or not.
237
This overrides the method from urwid.FlowWidget"""
238
return self.current_widget(focus).rows(maxcolrow, focus=focus)
239
240
def current_widget(self, focus=False):
241
if focus or self.opened:
242
return self._focus_widget
243
return self._widget
244
245
def update(self):
246
"Called when what is visible on the screen should be updated."
247
# How to add standout mode to a style
248
with_standout = { "normal": "standout",
249
"bold": "bold-standout",
250
"underline-blink":
251
"underline-blink-standout",
252
"bold-underline-blink":
253
"bold-underline-blink-standout",
254
}
255
256
# Rebuild focus and non-focus widgets using current properties
257
258
# Base part of a client. Name!
259
base = '{name}: '.format(name=self.properties["Name"])
260
if not self.properties["Enabled"]:
261
message = "DISABLED"
262
self.using_timer(False)
263
elif self.properties["ApprovalPending"]:
264
timeout = datetime.timedelta(milliseconds
265
= self.properties
266
["ApprovalDelay"])
267
last_approval_request = isoformat_to_datetime(
268
self.properties["LastApprovalRequest"])
269
if last_approval_request is not None:
270
timer = max(timeout - (datetime.datetime.utcnow()
271
- last_approval_request),
272
datetime.timedelta())
273
else:
274
timer = datetime.timedelta()
275
if self.properties["ApprovedByDefault"]:
276
message = "Approval in {0}. (d)eny?"
277
else:
278
message = "Denial in {0}. (a)pprove?"
279
message = message.format(str(timer).rsplit(".", 1)[0])
280
self.using_timer(True)
281
elif self.properties["LastCheckerStatus"] != 0:
282
# When checker has failed, show timer until client expires
283
expires = self.properties["Expires"]
284
if expires == "":
285
timer = datetime.timedelta(0)
286
else:
287
expires = (datetime.datetime.strptime
288
(expires, '%Y-%m-%dT%H:%M:%S.%f'))
289
timer = max(expires - datetime.datetime.utcnow(),
290
datetime.timedelta())
291
message = ('A checker has failed! Time until client'
292
' gets disabled: {0}'
293
.format(str(timer).rsplit(".", 1)[0]))
294
self.using_timer(True)
295
else:
296
message = "enabled"
297
self.using_timer(False)
298
self._text = "{0}{1}".format(base, message)
299
300
if not urwid.supports_unicode():
301
self._text = self._text.encode("ascii", "replace")
302
textlist = [("normal", self._text)]
303
self._text_widget.set_text(textlist)
304
self._focus_text_widget.set_text([(with_standout[text[0]],
305
text[1])
306
if isinstance(text, tuple)
307
else text
308
for text in textlist])
309
self._widget = self._text_widget
310
self._focus_widget = urwid.AttrWrap(self._focus_text_widget,
311
"standout")
312
# Run update hook, if any
313
if self.update_hook is not None:
314
self.update_hook()
315
316
def update_timer(self):
317
"""called by gobject. Will indefinitely loop until
318
gobject.source_remove() on tag is called"""
319
self.update()
320
return True # Keep calling this
321
322
def delete(self, **kwargs):
323
if self._update_timer_callback_tag is not None:
324
gobject.source_remove(self._update_timer_callback_tag)
325
self._update_timer_callback_tag = None
326
for match in self.match_objects:
327
match.remove()
328
self.match_objects = ()
329
if self.delete_hook is not None:
330
self.delete_hook(self)
331
return super(MandosClientWidget, self).delete(**kwargs)
332
333
def render(self, maxcolrow, focus=False):
334
"""Render differently if we have focus.
335
This overrides the method from urwid.FlowWidget"""
336
return self.current_widget(focus).render(maxcolrow,
337
focus=focus)
338
339
def keypress(self, maxcolrow, key):
340
"""Handle keys.
341
This overrides the method from urwid.FlowWidget"""
342
if key == "+":
343
self.proxy.Enable(dbus_interface = client_interface,
344
ignore_reply=True)
345
elif key == "-":
346
self.proxy.Disable(dbus_interface = client_interface,
347
ignore_reply=True)
348
elif key == "a":
349
self.proxy.Approve(dbus.Boolean(True, variant_level=1),
350
dbus_interface = client_interface,
351
ignore_reply=True)
352
elif key == "d":
353
self.proxy.Approve(dbus.Boolean(False, variant_level=1),
354
dbus_interface = client_interface,
355
ignore_reply=True)
356
elif key == "R" or key == "_" or key == "ctrl k":
357
self.server_proxy_object.RemoveClient(self.proxy
358
.object_path,
359
ignore_reply=True)
360
elif key == "s":
361
self.proxy.StartChecker(dbus_interface = client_interface,
362
ignore_reply=True)
363
elif key == "S":
364
self.proxy.StopChecker(dbus_interface = client_interface,
365
ignore_reply=True)
366
elif key == "C":
367
self.proxy.CheckedOK(dbus_interface = client_interface,
368
ignore_reply=True)
369
# xxx
370
# elif key == "p" or key == "=":
371
# self.proxy.pause()
372
# elif key == "u" or key == ":":
373
# self.proxy.unpause()
374
# elif key == "RET":
375
# self.open()
376
else:
377
return key
378
379
def property_changed(self, property=None, **kwargs):
380
"""Call self.update() if old value is not new value.
381
This overrides the method from MandosClientPropertyCache"""
382
property_name = str(property)
383
old_value = self.properties.get(property_name)
384
super(MandosClientWidget, self).property_changed(
385
property=property, **kwargs)
386
if self.properties.get(property_name) != old_value:
387
self.update()
388
389
390
class ConstrainedListBox(urwid.ListBox):
391
"""Like a normal urwid.ListBox, but will consume all "up" or
392
"down" key presses, thus not allowing any containing widgets to
393
use them as an excuse to shift focus away from this widget.
394
"""
395
def keypress(self, *args, **kwargs):
396
ret = super(ConstrainedListBox, self).keypress(*args, **kwargs)
397
if ret in ("up", "down"):
398
return
399
return ret
400
401
402
class UserInterface(object):
403
"""This is the entire user interface - the whole screen
404
with boxes, lists of client widgets, etc.
405
"""
406
def __init__(self, max_log_length=1000):
407
DBusGMainLoop(set_as_default=True)
408
409
self.screen = urwid.curses_display.Screen()
410
411
self.screen.register_palette((
412
("normal",
413
"default", "default", None),
414
("bold",
415
"bold", "default", "bold"),
416
("underline-blink",
417
"underline,blink", "default", "underline,blink"),
418
("standout",
419
"standout", "default", "standout"),
420
("bold-underline-blink",
421
"bold,underline,blink", "default", "bold,underline,blink"),
422
("bold-standout",
423
"bold,standout", "default", "bold,standout"),
424
("underline-blink-standout",
425
"underline,blink,standout", "default",
426
"underline,blink,standout"),
427
("bold-underline-blink-standout",
428
"bold,underline,blink,standout", "default",
429
"bold,underline,blink,standout"),
430
))
431
432
if urwid.supports_unicode():
433
self.divider = "─" # \u2500
434
#self.divider = "━" # \u2501
435
else:
436
#self.divider = "-" # \u002d
437
self.divider = "_" # \u005f
438
439
self.screen.start()
440
441
self.size = self.screen.get_cols_rows()
442
443
self.clients = urwid.SimpleListWalker([])
444
self.clients_dict = {}
445
446
# We will add Text widgets to this list
447
self.log = []
448
self.max_log_length = max_log_length
449
450
# We keep a reference to the log widget so we can remove it
451
# from the ListWalker without it getting destroyed
452
self.logbox = ConstrainedListBox(self.log)
453
454
# This keeps track of whether self.uilist currently has
455
# self.logbox in it or not
456
self.log_visible = True
457
self.log_wrap = "any"
458
459
self.rebuild()
460
self.log_message_raw(("bold",
461
"Mandos Monitor version " + version))
462
self.log_message_raw(("bold",
463
"q: Quit ?: Help"))
464
465
self.busname = domain + '.Mandos'
466
self.main_loop = gobject.MainLoop()
467
468
def client_not_found(self, fingerprint, address):
469
self.log_message("Client with address {0} and fingerprint"
470
" {1} could not be found"
471
.format(address, fingerprint))
472
473
def rebuild(self):
474
"""This rebuilds the User Interface.
475
Call this when the widget layout needs to change"""
476
self.uilist = []
477
#self.uilist.append(urwid.ListBox(self.clients))
478
self.uilist.append(urwid.Frame(ConstrainedListBox(self.
479
clients),
480
#header=urwid.Divider(),
481
header=None,
482
footer=
483
urwid.Divider(div_char=
484
self.divider)))
485
if self.log_visible:
486
self.uilist.append(self.logbox)
487
self.topwidget = urwid.Pile(self.uilist)
488
489
def log_message(self, message):
490
"""Log message formatted with timestamp"""
491
timestamp = datetime.datetime.now().isoformat()
492
self.log_message_raw(timestamp + ": " + message)
493
494
def log_message_raw(self, markup):
495
"""Add a log message to the log buffer."""
496
self.log.append(urwid.Text(markup, wrap=self.log_wrap))
497
if (self.max_log_length
498
and len(self.log) > self.max_log_length):
499
del self.log[0:len(self.log)-self.max_log_length-1]
500
self.logbox.set_focus(len(self.logbox.body.contents),
501
coming_from="above")
502
self.refresh()
503
504
def toggle_log_display(self):
505
"""Toggle visibility of the log buffer."""
506
self.log_visible = not self.log_visible
507
self.rebuild()
508
#self.log_message("Log visibility changed to: "
509
# + str(self.log_visible))
510
511
def change_log_display(self):
512
"""Change type of log display.
513
Currently, this toggles wrapping of text lines."""
514
if self.log_wrap == "clip":
515
self.log_wrap = "any"
516
else:
517
self.log_wrap = "clip"
518
for textwidget in self.log:
519
textwidget.set_wrap_mode(self.log_wrap)
520
#self.log_message("Wrap mode: " + self.log_wrap)
521
522
def find_and_remove_client(self, path, name):
523
"""Find a client by its object path and remove it.
524
525
This is connected to the ClientRemoved signal from the
526
Mandos server object."""
527
try:
528
client = self.clients_dict[path]
529
except KeyError:
530
# not found?
531
self.log_message("Unknown client {0!r} ({1!r}) removed"
532
.format(name, path))
533
return
534
client.delete()
535
536
def add_new_client(self, path):
537
client_proxy_object = self.bus.get_object(self.busname, path)
538
self.add_client(MandosClientWidget(server_proxy_object
539
=self.mandos_serv,
540
proxy_object
541
=client_proxy_object,
542
update_hook
543
=self.refresh,
544
delete_hook
545
=self.remove_client,
546
logger
547
=self.log_message),
548
path=path)
549
550
def add_client(self, client, path=None):
551
self.clients.append(client)
552
if path is None:
553
path = client.proxy.object_path
554
self.clients_dict[path] = client
555
self.clients.sort(key=lambda c: c.properties["Name"])
556
self.refresh()
557
558
def remove_client(self, client, path=None):
559
self.clients.remove(client)
560
if path is None:
561
path = client.proxy.object_path
562
del self.clients_dict[path]
563
self.refresh()
564
565
def refresh(self):
566
"""Redraw the screen"""
567
canvas = self.topwidget.render(self.size, focus=True)
568
self.screen.draw_screen(self.size, canvas)
569
570
def run(self):
571
"""Start the main loop and exit when it's done."""
572
self.bus = dbus.SystemBus()
573
mandos_dbus_objc = self.bus.get_object(
574
self.busname, "/", follow_name_owner_changes=True)
575
self.mandos_serv = dbus.Interface(mandos_dbus_objc,
576
dbus_interface
577
= server_interface)
578
try:
579
mandos_clients = (self.mandos_serv
580
.GetAllClientsWithProperties())
581
if not mandos_clients:
582
self.log_message_raw(("bold", "Note: Server has no clients."))
583
except dbus.exceptions.DBusException:
584
self.log_message_raw(("bold", "Note: No Mandos server running."))
585
mandos_clients = dbus.Dictionary()
586
587
(self.mandos_serv
588
.connect_to_signal("ClientRemoved",
589
self.find_and_remove_client,
590
dbus_interface=server_interface,
591
byte_arrays=True))
592
(self.mandos_serv
593
.connect_to_signal("ClientAdded",
594
self.add_new_client,
595
dbus_interface=server_interface,
596
byte_arrays=True))
597
(self.mandos_serv
598
.connect_to_signal("ClientNotFound",
599
self.client_not_found,
600
dbus_interface=server_interface,
601
byte_arrays=True))
602
for path, client in mandos_clients.items():
603
client_proxy_object = self.bus.get_object(self.busname,
604
path)
605
self.add_client(MandosClientWidget(server_proxy_object
606
=self.mandos_serv,
607
proxy_object
608
=client_proxy_object,
609
properties=client,
610
update_hook
611
=self.refresh,
612
delete_hook
613
=self.remove_client,
614
logger
615
=self.log_message),
616
path=path)
617
618
self.refresh()
619
self._input_callback_tag = (gobject.io_add_watch
620
(sys.stdin.fileno(),
621
gobject.IO_IN,
622
self.process_input))
623
self.main_loop.run()
624
# Main loop has finished, we should close everything now
625
gobject.source_remove(self._input_callback_tag)
626
self.screen.stop()
627
628
def stop(self):
629
self.main_loop.quit()
630
631
def process_input(self, source, condition):
632
keys = self.screen.get_input()
633
translations = { "ctrl n": "down", # Emacs
634
"ctrl p": "up", # Emacs
635
"ctrl v": "page down", # Emacs
636
"meta v": "page up", # Emacs
637
" ": "page down", # less
638
"f": "page down", # less
639
"b": "page up", # less
640
"j": "down", # vi
641
"k": "up", # vi
642
}
643
for key in keys:
644
try:
645
key = translations[key]
646
except KeyError: # :-)
647
pass
648
649
if key == "q" or key == "Q":
650
self.stop()
651
break
652
elif key == "window resize":
653
self.size = self.screen.get_cols_rows()
654
self.refresh()
655
elif key == "\f": # Ctrl-L
656
self.refresh()
657
elif key == "l" or key == "D":
658
self.toggle_log_display()
659
self.refresh()
660
elif key == "w" or key == "i":
661
self.change_log_display()
662
self.refresh()
663
elif key == "?" or key == "f1" or key == "esc":
664
if not self.log_visible:
665
self.log_visible = True
666
self.rebuild()
667
self.log_message_raw(("bold",
668
" ".
669
join(("q: Quit",
670
"?: Help",
671
"l: Log window toggle",
672
"TAB: Switch window",
673
"w: Wrap (log)"))))
674
self.log_message_raw(("bold",
675
" "
676
.join(("Clients:",
677
"+: Enable",
678
"-: Disable",
679
"R: Remove",
680
"s: Start new checker",
681
"S: Stop checker",
682
"C: Checker OK",
683
"a: Approve",
684
"d: Deny"))))
685
self.refresh()
686
elif key == "tab":
687
if self.topwidget.get_focus() is self.logbox:
688
self.topwidget.set_focus(0)
689
else:
690
self.topwidget.set_focus(self.logbox)
691
self.refresh()
692
#elif (key == "end" or key == "meta >" or key == "G"
693
# or key == ">"):
694
# pass # xxx end-of-buffer
695
#elif (key == "home" or key == "meta <" or key == "g"
696
# or key == "<"):
697
# pass # xxx beginning-of-buffer
698
#elif key == "ctrl e" or key == "$":
699
# pass # xxx move-end-of-line
700
#elif key == "ctrl a" or key == "^":
701
# pass # xxx move-beginning-of-line
702
#elif key == "ctrl b" or key == "meta (" or key == "h":
703
# pass # xxx left
704
#elif key == "ctrl f" or key == "meta )" or key == "l":
705
# pass # xxx right
706
#elif key == "a":
707
# pass # scroll up log
708
#elif key == "z":
709
# pass # scroll down log
710
elif self.topwidget.selectable():
711
self.topwidget.keypress(self.size, key)
712
self.refresh()
713
return True
714
715
ui = UserInterface()
716
try:
717
ui.run()
718
except KeyboardInterrupt:
719
ui.screen.stop()
720
except Exception as e:
721
ui.log_message(str(e))
722
ui.screen.stop()
723
raise
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0