/mandos/trunk : revision 1120

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-monitor

Committer: Teddy Hogeborn
Date: 2019-07-18 00:02:43 UTC
Revision ID: teddy@recompile.se-20190718000243-okz4s9xao1r1tfnx

Document bug in mandos-keygen which strips white space from passwords

Passwords, as read by mandos-keygen when given the --password or -p
options, are stripped of white space from the start and from the end
of the password.  This is because mandos-keygen is a shell script, and
the Bourne Shell "read" builtin does not seem to have a way to avoid
this.  Document this bug.

* manods-keygen.xml (OPTIONS): Document the white space-stripping
                               nature of the --password/-p option, and
                               also note in the description of
                               --passfile and -F that they avoid this
                               behavior.
  (BUGS): Again mention the problem with the --password and -p
          options, and suggest --passfile as a possible workaround.

files removed:
debian/mandos.maintscript

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

debian/po/templates.pot

debian/source/lintian-overrides

debian/upstream/metadata

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

sysusers.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.templates

debian/rules

debian/tests/control

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-monitor

mandos-options.xml

mandos-to-cryptroot-unlock

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos-monitor

#!/usr/bin/python3 -bbI

#!/usr/bin/python

# -*- mode: python; coding: utf-8 -*-

# Mandos Monitor - Control and monitor the Mandos server

# Contact the authors at <mandos@recompile.se>.

from __future__ import (division, absolute_import, print_function,

unicode_literals)

try:

from future_builtins import *

except ImportError:

pass

import sys

import logging

import os

import warnings

import datetime

import locale

import urwid.curses_display

import urwid

import dbus

import locale

import logging

if sys.version_info.major == 2:

__metaclass__ = type

str = unicode

input = raw_input

# Show warnings by default

if not sys.warnoptions:

warnings.simplefilter("default")

log = logging.getLogger(os.path.basename(sys.argv[0]))

logging.basicConfig(level="NOTSET", # Show all messages

format="%(message)s") # Show basic log messages

logging.captureWarnings(True) # Show warnings via the logging system

locale.setlocale(locale.LC_ALL, "")

logging.getLogger("dbus.proxies").setLevel(logging.CRITICAL)

logging.getLogger("urwid").setLevel(logging.INFO)

locale.setlocale(locale.LC_ALL, '')

logging.getLogger('dbus.proxies').setLevel(logging.CRITICAL)

# Some useful constants

domain = "se.recompile"

server_interface = domain + ".Mandos"

client_interface = domain + ".Mandos.Client"

version = "1.8.17"

domain = 'se.recompile'

server_interface = domain + '.Mandos'

client_interface = domain + '.Mandos.Client'

version = "1.8.4"

try:

dbus.OBJECT_MANAGER_IFACE

int(fraction*1000000)) # Microseconds

class MandosClientPropertyCache:

class MandosClientPropertyCache(object):

"""This wraps a Mandos Client D-Bus proxy object, caches the

100

properties and calls a hook function when any of them are

101

changed.

133

122

"""

134

123

135

124

def __init__(self, server_proxy_object=None, update_hook=None,

136

delete_hook=None, **kwargs):

125

delete_hook=None, logger=None, **kwargs):

137

126

# Called on update

138

127

self.update_hook = update_hook

139

128

# Called on delete

140

129

self.delete_hook = delete_hook

141

130

# Mandos Server proxy object

142

131

self.server_proxy_object = server_proxy_object

132

# Logger

133

self.logger = logger

143

134

144

135

self._update_timer_callback_tag = None

145

136

172

163

self.rejected,

173

164

client_interface,

174

165

byte_arrays=True))

175

log.debug("Created client %s", self.properties["Name"])

166

self.logger('Created client {}'

167

.format(self.properties["Name"]), level=0)

176

168

177

169

def using_timer(self, flag):

178

170

"""Call this method with True or False when timer should be

180

172

"""

181

173

if flag and self._update_timer_callback_tag is None:

182

174

# Will update the shown timer value every second

183

self._update_timer_callback_tag = (

184

GLib.timeout_add(1000,

185

glib_safely(self.update_timer)))

175

self._update_timer_callback_tag = (GLib.timeout_add

176

(1000,

177

self.update_timer))

186

178

elif not (flag or self._update_timer_callback_tag is None):

187

179

GLib.source_remove(self._update_timer_callback_tag)

188

180

self._update_timer_callback_tag = None

189

181

190

182

def checker_completed(self, exitstatus, condition, command):

191

183

if exitstatus == 0:

192

log.debug('Checker for client %s (command "%s")'

193

" succeeded", self.properties["Name"], command)

184

self.logger('Checker for client {} (command "{}")'

185

' succeeded'.format(self.properties["Name"],

186

command), level=0)

194

187

self.update()

195

188

return

196

189

# Checker failed

197

190

if os.WIFEXITED(condition):

198

log.info('Checker for client %s (command "%s") failed'

199

" with exit code %d", self.properties["Name"],

200

command, os.WEXITSTATUS(condition))

191

self.logger('Checker for client {} (command "{}") failed'

192

' with exit code {}'

193

.format(self.properties["Name"], command,

194

os.WEXITSTATUS(condition)))

201

195

elif os.WIFSIGNALED(condition):

202

log.info('Checker for client %s (command "%s") was'

203

" killed by signal %d", self.properties["Name"],

204

command, os.WTERMSIG(condition))

196

self.logger('Checker for client {} (command "{}") was'

197

' killed by signal {}'

198

.format(self.properties["Name"], command,

199

os.WTERMSIG(condition)))

205

200

self.update()

206

201

207

202

def checker_started(self, command):

208

203

"""Server signals that a checker started."""

209

log.debug('Client %s started checker "%s"',

210

self.properties["Name"], command)

204

self.logger('Client {} started checker "{}"'

205

.format(self.properties["Name"],

206

command), level=0)

211

207

212

208

def got_secret(self):

213

log.info("Client %s received its secret",

214

self.properties["Name"])

209

self.logger('Client {} received its secret'

210

.format(self.properties["Name"]))

215

211

216

212

def need_approval(self, timeout, default):

217

213

if not default:

218

message = "Client %s needs approval within %f seconds"

214

message = 'Client {} needs approval within {} seconds'

219

215

else:

220

message = "Client %s will get its secret in %f seconds"

221

log.info(message, self.properties["Name"], timeout/1000)

216

message = 'Client {} will get its secret in {} seconds'

217

self.logger(message.format(self.properties["Name"],

218

timeout/1000))

222

219

223

220

def rejected(self, reason):

224

log.info("Client %s was rejected; reason: %s",

225

self.properties["Name"], reason)

221

self.logger('Client {} was rejected; reason: {}'

222

.format(self.properties["Name"], reason))

226

223

227

224

def selectable(self):

228

225

"""Make this a "selectable" widget.

254

251

# Rebuild focus and non-focus widgets using current properties

255

252

256

253

# Base part of a client. Name!

257

base = "{name}: ".format(name=self.properties["Name"])

254

base = '{name}: '.format(name=self.properties["Name"])

258

255

if not self.properties["Enabled"]:

259

256

message = "DISABLED"

260

257

self.using_timer(False)

282

279

timer = datetime.timedelta(0)

283

280

else:

284

281

expires = (datetime.datetime.strptime

285

(expires, "%Y-%m-%dT%H:%M:%S.%f"))

282

(expires, '%Y-%m-%dT%H:%M:%S.%f'))

286

283

timer = max(expires - datetime.datetime.utcnow(),

287

284

datetime.timedelta())

288

message = ("A checker has failed! Time until client"

289

" gets disabled: {}"

285

message = ('A checker has failed! Time until client'

286

' gets disabled: {}'

290

287

.format(str(timer).rsplit(".", 1)[0]))

291

288

self.using_timer(True)

292

289

else:

390

387

self.update()

391

388

392

389

393

def glib_safely(func, retval=True):

394

def safe_func(*args, **kwargs):

395

try:

396

return func(*args, **kwargs)

397

except Exception:

398

log.exception("")

399

return retval

400

return safe_func

401

402

403

390

class ConstrainedListBox(urwid.ListBox):

404

391

"""Like a normal urwid.ListBox, but will consume all "up" or

405

392

"down" key presses, thus not allowing any containing widgets to

413

400

return ret

414

401

415

402

416

class UserInterface:

403

class UserInterface(object):

417

404

"""This is the entire user interface - the whole screen

418

405

with boxes, lists of client widgets, etc.

419

406

"""

420

def __init__(self, max_log_length=1000):

407

def __init__(self, max_log_length=1000, log_level=1):

421

408

DBusGMainLoop(set_as_default=True)

422

409

423

410

self.screen = urwid.curses_display.Screen()

460

447

self.log = urwid.SimpleListWalker([])

461

448

self.max_log_length = max_log_length

462

449

450

self.log_level = log_level

451

463

452

# We keep a reference to the log widget so we can remove it

464

453

# from the ListWalker without it getting destroyed

465

454

self.logbox = ConstrainedListBox(self.log)

469

458

self.log_visible = True

470

459

self.log_wrap = "any"

471

460

472

self.loghandler = UILogHandler(self)

473

474

461

self.rebuild()

475

self.add_log_line(("bold",

476

"Mandos Monitor version " + version))

477

self.add_log_line(("bold", "q: Quit ?: Help"))

462

self.log_message_raw(("bold",

463

"Mandos Monitor version " + version))

464

self.log_message_raw(("bold",

465

"q: Quit ?: Help"))

478

466

479

self.busname = domain + ".Mandos"

467

self.busname = domain + '.Mandos'

480

468

self.main_loop = GLib.MainLoop()

481

469

482

def client_not_found(self, key_id, address):

483

log.info("Client with address %s and key ID %s could"

484

" not be found", address, key_id)

470

def client_not_found(self, fingerprint, address):

471

self.log_message("Client with address {} and fingerprint {}"

472

" could not be found"

473

.format(address, fingerprint))

485

474

486

475

def rebuild(self):

487

476

"""This rebuilds the User Interface.

498

487

self.uilist.append(self.logbox)

499

488

self.topwidget = urwid.Pile(self.uilist)

500

489

501

def add_log_line(self, markup):

490

def log_message(self, message, level=1):

491

"""Log message formatted with timestamp"""

492

if level < self.log_level:

493

return

494

timestamp = datetime.datetime.now().isoformat()

495

self.log_message_raw("{}: {}".format(timestamp, message),

496

level=level)

497

498

def log_message_raw(self, markup, level=1):

499

"""Add a log message to the log buffer."""

500

if level < self.log_level:

501

return

502

self.log.append(urwid.Text(markup, wrap=self.log_wrap))

503

if self.max_log_length:

504

if len(self.log) > self.max_log_length:

505

del self.log[0:(len(self.log) - self.max_log_length)]

505

del self.log[0:len(self.log)-self.max_log_length-1]

506

self.logbox.set_focus(len(self.logbox.body.contents)-1,

507

coming_from="above")

508

self.refresh()

511

"""Toggle visibility of the log buffer."""

512

self.log_visible = not self.log_visible

513

self.rebuild()

514

log.debug("Log visibility changed to: %s", self.log_visible)

514

self.log_message("Log visibility changed to: {}"

515

.format(self.log_visible), level=0)

515

516

517

def change_log_display(self):

517

518

"""Change type of log display.

522

523

self.log_wrap = "clip"

523

524

for textwidget in self.log:

524

525

textwidget.set_wrap_mode(self.log_wrap)

525

log.debug("Wrap mode: %s", self.log_wrap)

526

self.log_message("Wrap mode: {}".format(self.log_wrap),

527

level=0)

526

528

527

529

def find_and_remove_client(self, path, interfaces):

528

530

"""Find a client by its object path and remove it.

536

538

client = self.clients_dict[path]

537

539

except KeyError:

538

540

# not found?

539

log.warning("Unknown client %s removed", path)

541

self.log_message("Unknown client {!r} removed"

542

.format(path))

540

543

return

541

544

client.delete()

542

545

555

558

proxy_object=client_proxy_object,

556

559

update_hook=self.refresh,

557

560

delete_hook=self.remove_client,

561

logger=self.log_message,

558

562

properties=dict(ifs_and_props[client_interface])),

559

563

path=path)

560

564

580

584

581

585

def run(self):

582

586

"""Start the main loop and exit when it's done."""

583

log.addHandler(self.loghandler)

584

self.orig_log_propagate = log.propagate

585

log.propagate = False

586

self.orig_log_level = log.level

587

log.setLevel("INFO")

588

587

self.bus = dbus.SystemBus()

589

588

mandos_dbus_objc = self.bus.get_object(

590

589

self.busname, "/", follow_name_owner_changes=True)

594

593

mandos_clients = (self.mandos_serv

595

594

.GetAllClientsWithProperties())

596

595

if not mandos_clients:

597

log.warning("Note: Server has no clients.")

596

self.log_message_raw(("bold",

597

"Note: Server has no clients."))

598

except dbus.exceptions.DBusException:

599

log.warning("Note: No Mandos server running.")

599

self.log_message_raw(("bold",

600

"Note: No Mandos server running."))

600

601

mandos_clients = dbus.Dictionary()

601

602

603

(self.mandos_serv

622

623

proxy_object=client_proxy_object,

623

624

properties=client,

624

625

update_hook=self.refresh,

625

delete_hook=self.remove_client),

626

delete_hook=self.remove_client,

627

logger=self.log_message),

626

628

path=path)

627

629

628

630

self.refresh()

629

self._input_callback_tag = (

630

GLib.io_add_watch(

631

GLib.IOChannel.unix_new(sys.stdin.fileno()),

632

GLib.PRIORITY_DEFAULT, GLib.IO_IN,

633

glib_safely(self.process_input)))

631

self._input_callback_tag = (GLib.io_add_watch

632

(sys.stdin.fileno(),

633

GLib.IO_IN,

634

self.process_input))

634

635

self.main_loop.run()

635

636

# Main loop has finished, we should close everything now

636

637

GLib.source_remove(self._input_callback_tag)

637

with warnings.catch_warnings():

638

warnings.simplefilter("ignore", BytesWarning)

639

self.screen.stop()

638

self.screen.stop()

640

639

641

640

def stop(self):

642

641

self.main_loop.quit()

643

log.removeHandler(self.loghandler)

644

log.propagate = self.orig_log_propagate

645

642

646

643

def process_input(self, source, condition):

647

644

keys = self.screen.get_input()

680

677

if not self.log_visible:

681

678

self.log_visible = True

682

679

self.rebuild()

683

self.add_log_line(("bold",

684

" ".join(("q: Quit",

685

"?: Help",

686

"l: Log window toggle",

687

"TAB: Switch window",

688

"w: Wrap (log lines)",

689

"v: Toggle verbose log",

690

))))

691

self.add_log_line(("bold",

692

" ".join(("Clients:",

693

"+: Enable",

694

"-: Disable",

695

"R: Remove",

696

"s: Start new checker",

697

"S: Stop checker",

698

"C: Checker OK",

699

"a: Approve",

700

"d: Deny",

701

))))

680

self.log_message_raw(("bold",

681

" ".

682

join(("q: Quit",

683

"?: Help",

684

"l: Log window toggle",

685

"TAB: Switch window",

686

"w: Wrap (log lines)",

687

"v: Toggle verbose log",

688

))))

689

self.log_message_raw(("bold",

690

" "

691

.join(("Clients:",

692

"+: Enable",

693

"-: Disable",

694

"R: Remove",

695

"s: Start new checker",

696

"S: Stop checker",

697

"C: Checker OK",

698

"a: Approve",

699

"d: Deny"))))

702

700

self.refresh()

703

701

elif key == "tab":

704

702

if self.topwidget.get_focus() is self.logbox:

707

705

self.topwidget.set_focus(self.logbox)

708

706

self.refresh()

709

707

elif key == "v":

710

if log.level < logging.INFO:

711

log.setLevel(logging.INFO)

712

log.info("Verbose mode: Off")

708

if self.log_level == 0:

709

self.log_level = 1

710

self.log_message("Verbose mode: Off")

713

711

else:

714

log.setLevel(logging.NOTSET)

715

log.info("Verbose mode: On")

712

self.log_level = 0

713

self.log_message("Verbose mode: On")

716

714

# elif (key == "end" or key == "meta >" or key == "G"

717

715

# or key == ">"):

718

716

# pass # xxx end-of-buffer

737

735

return True

738

736

739

737

740

class UILogHandler(logging.Handler):

741

def __init__(self, ui, *args, **kwargs):

742

self.ui = ui

743

super(UILogHandler, self).__init__(*args, **kwargs)

744

self.setFormatter(

745

logging.Formatter("%(asctime)s: %(message)s"))

746

def emit(self, record):

747

msg = self.format(record)

748

if record.levelno > logging.INFO:

749

msg = ("bold", msg)

750

self.ui.add_log_line(msg)

751

752

753

738

ui = UserInterface()

754

739

try:

755

740

ui.run()

756

741

except KeyboardInterrupt:

757

with warnings.catch_warnings():

758

warnings.filterwarnings("ignore", "", BytesWarning)

759

ui.screen.stop()

760

except Exception:

761

with warnings.catch_warnings():

762

warnings.filterwarnings("ignore", "", BytesWarning)

763

ui.screen.stop()

742

ui.screen.stop()

743

except Exception as e:

744

ui.log_message(str(e))

745

ui.screen.stop()

764

746

raise

Older »