/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-ctl

  • Committer: Teddy Hogeborn
  • Date: 2019-08-18 00:42:22 UTC
  • Revision ID: teddy@recompile.se-20190818004222-lfrgtnmqz766a08e
Client: Use the systemd sysusers.d mechanism, if present

* Makefile (install-client-nokey): Also install sysusers.d file, if
                                   $(SYSUSERS) exists.
* sysusers.d-mandos.conf: Adjust comment to match reality.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
#!/usr/bin/python3 -bbI
 
1
#!/usr/bin/python
2
2
# -*- after-save-hook: (lambda () (let ((command (if (fboundp 'file-local-name) (file-local-name (buffer-file-name)) (or (file-remote-p (buffer-file-name) 'localname) (buffer-file-name))))) (if (= (progn (if (get-buffer "*Test*") (kill-buffer "*Test*")) (process-file-shell-command (format "%s --check" (shell-quote-argument command)) nil "*Test*")) 0) (let ((w (get-buffer-window "*Test*"))) (if w (delete-window w))) (progn (with-current-buffer "*Test*" (compilation-mode)) (display-buffer "*Test*" '(display-buffer-in-side-window)))))); coding: utf-8 -*-
3
3
#
4
 
# Mandos Control - Control or query the Mandos server
 
4
# Mandos Monitor - Control and monitor the Mandos server
5
5
#
6
 
# Copyright © 2008-2020 Teddy Hogeborn
7
 
# Copyright © 2008-2020 Björn Påhlsson
 
6
# Copyright © 2008-2019 Teddy Hogeborn
 
7
# Copyright © 2008-2019 Björn Påhlsson
8
8
#
9
9
# This file is part of Mandos.
10
10
#
48
48
 
49
49
if sys.version_info.major == 2:
50
50
    __metaclass__ = type
51
 
    str = unicode
52
 
 
53
 
class gi:
54
 
    """Dummy gi module, for the tests"""
55
 
    class repository:
56
 
        class GLib:
57
 
            class Error(Exception):
58
 
                pass
59
 
dbussy = None
60
 
ravel = None
61
 
dbus_python = None
62
 
pydbus = None
63
51
 
64
52
try:
65
 
    import dbussy
66
 
    import ravel
 
53
    import pydbus
 
54
    import gi
 
55
    dbus_python = None
67
56
except ImportError:
68
 
    try:
69
 
        import pydbus
70
 
        import gi
71
 
    except ImportError:
72
 
        import dbus as dbus_python
73
 
 
 
57
    import dbus as dbus_python
 
58
    pydbus = None
 
59
    class gi:
 
60
        """Dummy gi module, for the tests"""
 
61
        class repository:
 
62
            class GLib:
 
63
                class Error(Exception):
 
64
                    pass
74
65
 
75
66
# Show warnings by default
76
67
if not sys.warnoptions:
84
75
logging.captureWarnings(True)   # Show warnings via the logging system
85
76
 
86
77
if sys.version_info.major == 2:
 
78
    str = unicode
87
79
    import StringIO
88
80
    io.StringIO = StringIO.StringIO
89
81
 
90
82
locale.setlocale(locale.LC_ALL, "")
91
83
 
92
 
version = "1.8.14"
 
84
version = "1.8.7"
93
85
 
94
86
 
95
87
def main():
102
94
    clientnames = options.client
103
95
 
104
96
    if options.debug:
105
 
        logging.getLogger("").setLevel(logging.DEBUG)
 
97
        log.setLevel(logging.DEBUG)
106
98
 
107
 
    if dbussy is not None and ravel is not None:
108
 
        bus = dbussy_adapter.CachingBus(dbussy, ravel)
109
 
    elif pydbus is not None:
 
99
    if pydbus is not None:
110
100
        bus = pydbus_adapter.CachingBus(pydbus)
111
101
    else:
112
102
        bus = dbus_python_adapter.CachingBus(dbus_python)
256
246
        return rfc3339_duration_to_delta(interval)
257
247
    except ValueError as e:
258
248
        log.warning("%s - Parsing as pre-1.6.1 interval instead",
259
 
                    " ".join(e.args))
 
249
                    ' '.join(e.args))
260
250
    return parse_pre_1_6_1_interval(interval)
261
251
 
262
252
 
395
385
    """Parse an interval string as documented by Mandos before 1.6.1,
396
386
    and return a datetime.timedelta
397
387
 
398
 
    >>> parse_pre_1_6_1_interval("7d") == datetime.timedelta(days=7)
399
 
    True
400
 
    >>> parse_pre_1_6_1_interval("60s") == datetime.timedelta(0, 60)
401
 
    True
402
 
    >>> parse_pre_1_6_1_interval("60m") == datetime.timedelta(hours=1)
403
 
    True
404
 
    >>> parse_pre_1_6_1_interval("24h") == datetime.timedelta(days=1)
405
 
    True
406
 
    >>> parse_pre_1_6_1_interval("1w") == datetime.timedelta(days=7)
407
 
    True
408
 
    >>> parse_pre_1_6_1_interval("5m 30s") == datetime.timedelta(0, 330)
409
 
    True
410
 
    >>> parse_pre_1_6_1_interval("") == datetime.timedelta(0)
 
388
    >>> parse_pre_1_6_1_interval('7d') == datetime.timedelta(days=7)
 
389
    True
 
390
    >>> parse_pre_1_6_1_interval('60s') == datetime.timedelta(0, 60)
 
391
    True
 
392
    >>> parse_pre_1_6_1_interval('60m') == datetime.timedelta(hours=1)
 
393
    True
 
394
    >>> parse_pre_1_6_1_interval('24h') == datetime.timedelta(days=1)
 
395
    True
 
396
    >>> parse_pre_1_6_1_interval('1w') == datetime.timedelta(days=7)
 
397
    True
 
398
    >>> parse_pre_1_6_1_interval('5m 30s') == datetime.timedelta(0, 330)
 
399
    True
 
400
    >>> parse_pre_1_6_1_interval('') == datetime.timedelta(0)
411
401
    True
412
402
    >>> # Ignore unknown characters, allow any order and repetitions
413
 
    >>> parse_pre_1_6_1_interval("2dxy7zz11y3m5m") == datetime.timedelta(2, 480, 18000)
 
403
    >>> parse_pre_1_6_1_interval('2dxy7zz11y3m5m') == datetime.timedelta(2, 480, 18000)
414
404
    True
415
405
 
416
406
    """
497
487
                             self.properties_iface, interface, key,
498
488
                             value)
499
489
 
500
 
        def call_method(self, methodname, busname, objectpath,
501
 
                        interface, *args):
502
 
            raise NotImplementedError()
503
 
 
504
490
 
505
491
    class MandosBus(SystemBus):
506
492
        busname_domain = "se.recompile"
696
682
                return new_object
697
683
 
698
684
 
699
 
class dbussy_adapter:
700
 
    class SystemBus(dbus.SystemBus):
701
 
        """Use DBussy"""
702
 
 
703
 
        def __init__(self, dbussy, ravel):
704
 
            self.dbussy = dbussy
705
 
            self.ravel = ravel
706
 
            self.bus = ravel.system_bus()
707
 
 
708
 
        @contextlib.contextmanager
709
 
        def convert_exception(self, exception_class=dbus.Error):
710
 
            try:
711
 
                yield
712
 
            except self.dbussy.DBusError as e:
713
 
                # This does what "raise from" would do
714
 
                exc = exception_class(*e.args)
715
 
                exc.__cause__ = e
716
 
                raise exc
717
 
 
718
 
        def call_method(self, methodname, busname, objectpath,
719
 
                        interface, *args):
720
 
            proxy_object = self.get_object(busname, objectpath)
721
 
            log.debug("D-Bus: %s:%s:%s.%s(%s)", busname, objectpath,
722
 
                      interface, methodname,
723
 
                      ", ".join(repr(a) for a in args))
724
 
            iface = proxy_object.get_interface(interface)
725
 
            method = getattr(iface, methodname)
726
 
            with self.convert_exception(dbus.Error):
727
 
                value =  method(*args)
728
 
            # DBussy returns values either as an empty list or as a
729
 
            # list of one element with the return value
730
 
            if value:
731
 
                return self.type_filter(value[0])
732
 
 
733
 
        def get_object(self, busname, objectpath):
734
 
            log.debug("D-Bus: Connect to: (busname=%r, path=%r)",
735
 
                      busname, objectpath)
736
 
            with self.convert_exception(dbus.ConnectFailed):
737
 
                return self.bus[busname][objectpath]
738
 
 
739
 
        def type_filter(self, value):
740
 
            """Convert the most bothersome types to Python types"""
741
 
            # A D-Bus Variant value is represented as the Python type
742
 
            # Tuple[dbussy.DBUS.Signature, Any]
743
 
            if isinstance(value, tuple):
744
 
                if (len(value) == 2
745
 
                    and isinstance(value[0],
746
 
                                   self.dbussy.DBUS.Signature)):
747
 
                    return self.type_filter(value[1])
748
 
            elif isinstance(value, self.dbussy.DBUS.ObjectPath):
749
 
                return str(value)
750
 
            # Also recurse into dictionaries
751
 
            elif isinstance(value, dict):
752
 
                return {self.type_filter(key):
753
 
                        self.type_filter(subval)
754
 
                        for key, subval in value.items()}
755
 
            return value
756
 
 
757
 
        def set_property(self, busname, objectpath, interface, key,
758
 
                         value):
759
 
            proxy_object = self.get_object(busname, objectpath)
760
 
            log.debug("D-Bus: %s:%s:%s.Set(%r, %r, %r)", busname,
761
 
                      objectpath, self.properties_iface, interface,
762
 
                      key, value)
763
 
            if key == "Secret":
764
 
                # DBussy wants a Byte Array to be a sequence of
765
 
                # values, not a byte string
766
 
                value = tuple(value)
767
 
            setattr(proxy_object.get_interface(interface), key, value)
768
 
 
769
 
    class MandosBus(SystemBus, dbus.MandosBus):
770
 
        pass
771
 
 
772
 
    class CachingBus(MandosBus):
773
 
        """A caching layer for dbussy_adapter.MandosBus"""
774
 
        def __init__(self, *args, **kwargs):
775
 
            self.object_cache = {}
776
 
            super(dbussy_adapter.CachingBus, self).__init__(*args,
777
 
                                                            **kwargs)
778
 
        def get_object(self, busname, objectpath):
779
 
            try:
780
 
                return self.object_cache[(busname, objectpath)]
781
 
            except KeyError:
782
 
                new_object = super(
783
 
                    dbussy_adapter.CachingBus,
784
 
                    self).get_object(busname, objectpath)
785
 
                self.object_cache[(busname, objectpath)]  = new_object
786
 
                return new_object
787
 
 
788
 
 
789
685
def commands_from_options(options):
790
686
 
791
687
    commands = list(options.commands)
876
772
                    {key: properties[key]
877
773
                     for key in self.all_keywords}
878
774
                    for properties in clients.values()}
879
 
            print(json.dumps(data, indent=4, separators=(",", ": ")))
 
775
            print(json.dumps(data, indent=4, separators=(',', ': ')))
880
776
 
881
777
 
882
778
    class PrintTable(Output):
1634
1530
        finally:
1635
1531
            dbus_logger.removeFilter(counting_handler)
1636
1532
 
1637
 
        self.assertNotIsInstance(e.exception, dbus.ConnectFailed)
 
1533
        self.assertNotIsInstance(e, dbus.ConnectFailed)
1638
1534
 
1639
1535
        # Make sure the dbus logger was suppressed
1640
1536
        self.assertEqual(0, counting_handler.count)
1777
1673
            self.call_method(bus, "methodname", "busname",
1778
1674
                             "objectpath", "interface")
1779
1675
 
1780
 
        self.assertNotIsInstance(e.exception, dbus.ConnectFailed)
 
1676
        self.assertNotIsInstance(e, dbus.ConnectFailed)
1781
1677
 
1782
1678
    def test_get_converts_to_correct_exception(self):
1783
1679
        bus = pydbus_adapter.SystemBus(
1878
1774
        self.assertIs(obj1, obj1b)
1879
1775
 
1880
1776
 
1881
 
class Test_dbussy_adapter_SystemBus(TestCaseWithAssertLogs):
1882
 
 
1883
 
    class dummy_dbussy:
1884
 
        class DBUS:
1885
 
            class ObjectPath(str):
1886
 
                pass
1887
 
        class DBusError(Exception):
1888
 
            pass
1889
 
 
1890
 
    def fake_ravel_func(self, func):
1891
 
        class fake_ravel:
1892
 
            @staticmethod
1893
 
            def system_bus():
1894
 
                class DBusInterfaceProxy:
1895
 
                    @staticmethod
1896
 
                    def methodname(*args):
1897
 
                        return [func(*args)]
1898
 
                class DBusObject:
1899
 
                    @staticmethod
1900
 
                    def get_interface(interface):
1901
 
                        if interface == "interface":
1902
 
                            return DBusInterfaceProxy()
1903
 
                return {"busname": {"objectpath": DBusObject()}}
1904
 
        return fake_ravel
1905
 
 
1906
 
    def call_method(self, bus, methodname, busname, objectpath,
1907
 
                    interface, *args):
1908
 
        with self.assertLogs(log, logging.DEBUG):
1909
 
            return bus.call_method(methodname, busname, objectpath,
1910
 
                                   interface, *args)
1911
 
 
1912
 
    def test_call_method_returns(self):
1913
 
        expected_method_return = Unique()
1914
 
        method_args = (Unique(), Unique())
1915
 
        def func(*args):
1916
 
            self.assertEqual(len(method_args), len(args))
1917
 
            for marg, arg in zip(method_args, args):
1918
 
                self.assertIs(marg, arg)
1919
 
            return expected_method_return
1920
 
        fake_ravel = self.fake_ravel_func(func)
1921
 
        bus = dbussy_adapter.SystemBus(self.dummy_dbussy, fake_ravel)
1922
 
        ret = self.call_method(bus, "methodname", "busname",
1923
 
                               "objectpath", "interface",
1924
 
                               *method_args)
1925
 
        self.assertIs(ret, expected_method_return)
1926
 
 
1927
 
    def test_call_method_filters_objectpath(self):
1928
 
        def func():
1929
 
            return method_return
1930
 
        fake_ravel = self.fake_ravel_func(func)
1931
 
        bus = dbussy_adapter.SystemBus(self.dummy_dbussy, fake_ravel)
1932
 
        method_return = (self.dummy_dbussy.DBUS
1933
 
                         .ObjectPath("objectpath"))
1934
 
        ret = self.call_method(bus, "methodname", "busname",
1935
 
                               "objectpath", "interface")
1936
 
        self.assertEqual("objectpath", ret)
1937
 
        self.assertNotIsInstance(ret,
1938
 
                                 self.dummy_dbussy.DBUS.ObjectPath)
1939
 
 
1940
 
    def test_call_method_filters_objectpaths_in_dict(self):
1941
 
        ObjectPath = self.dummy_dbussy.DBUS.ObjectPath
1942
 
        def func():
1943
 
            return method_return
1944
 
        fake_ravel = self.fake_ravel_func(func)
1945
 
        bus = dbussy_adapter.SystemBus(self.dummy_dbussy, fake_ravel)
1946
 
        method_return = {
1947
 
            ObjectPath("objectpath_key_1"):
1948
 
            ObjectPath("objectpath_value_1"),
1949
 
            ObjectPath("objectpath_key_2"):
1950
 
            ObjectPath("objectpath_value_2"),
1951
 
        }
1952
 
        ret = self.call_method(bus, "methodname", "busname",
1953
 
                               "objectpath", "interface")
1954
 
        expected_method_return = {str(key): str(value)
1955
 
                                  for key, value in
1956
 
                                  method_return.items()}
1957
 
        for key, value in ret.items():
1958
 
            self.assertNotIsInstance(key, ObjectPath)
1959
 
            self.assertNotIsInstance(value, ObjectPath)
1960
 
        self.assertEqual(expected_method_return, ret)
1961
 
        self.assertIsInstance(ret, dict)
1962
 
 
1963
 
    def test_call_method_filters_objectpaths_in_dict_in_dict(self):
1964
 
        ObjectPath = self.dummy_dbussy.DBUS.ObjectPath
1965
 
        def func():
1966
 
            return method_return
1967
 
        fake_ravel = self.fake_ravel_func(func)
1968
 
        bus = dbussy_adapter.SystemBus(self.dummy_dbussy, fake_ravel)
1969
 
        method_return = {
1970
 
            ObjectPath("key1"): {
1971
 
                ObjectPath("key11"): ObjectPath("value11"),
1972
 
                ObjectPath("key12"): ObjectPath("value12"),
1973
 
            },
1974
 
            ObjectPath("key2"): {
1975
 
                ObjectPath("key21"): ObjectPath("value21"),
1976
 
                ObjectPath("key22"): ObjectPath("value22"),
1977
 
            },
1978
 
        }
1979
 
        ret = self.call_method(bus, "methodname", "busname",
1980
 
                               "objectpath", "interface")
1981
 
        expected_method_return = {
1982
 
            "key1": {"key11": "value11",
1983
 
                     "key12": "value12"},
1984
 
            "key2": {"key21": "value21",
1985
 
                     "key22": "value22"},
1986
 
        }
1987
 
        self.assertEqual(expected_method_return, ret)
1988
 
        for key, value in ret.items():
1989
 
            self.assertIsInstance(value, dict)
1990
 
            self.assertEqual(expected_method_return[key], value)
1991
 
            self.assertNotIsInstance(key, ObjectPath)
1992
 
            for inner_key, inner_value in value.items():
1993
 
                self.assertIsInstance(value, dict)
1994
 
                self.assertEqual(
1995
 
                    expected_method_return[key][inner_key],
1996
 
                    inner_value)
1997
 
                self.assertNotIsInstance(key, ObjectPath)
1998
 
 
1999
 
    def test_call_method_filters_objectpaths_in_dict_three_deep(self):
2000
 
        ObjectPath = self.dummy_dbussy.DBUS.ObjectPath
2001
 
        def func():
2002
 
            return method_return
2003
 
        fake_ravel = self.fake_ravel_func(func)
2004
 
        bus = dbussy_adapter.SystemBus(self.dummy_dbussy, fake_ravel)
2005
 
        method_return = {
2006
 
            ObjectPath("key1"): {
2007
 
                ObjectPath("key2"): {
2008
 
                    ObjectPath("key3"): ObjectPath("value"),
2009
 
                },
2010
 
            },
2011
 
        }
2012
 
        ret = self.call_method(bus, "methodname", "busname",
2013
 
                               "objectpath", "interface")
2014
 
        expected_method_return = {"key1": {"key2": {"key3": "value"}}}
2015
 
        self.assertEqual(expected_method_return, ret)
2016
 
        self.assertIsInstance(ret, dict)
2017
 
        self.assertNotIsInstance(next(iter(ret.keys())), ObjectPath)
2018
 
        self.assertIsInstance(ret["key1"], dict)
2019
 
        self.assertNotIsInstance(next(iter(ret["key1"].keys())),
2020
 
                                 ObjectPath)
2021
 
        self.assertIsInstance(ret["key1"]["key2"], dict)
2022
 
        self.assertNotIsInstance(
2023
 
            next(iter(ret["key1"]["key2"].keys())),
2024
 
            ObjectPath)
2025
 
        self.assertEqual("value", ret["key1"]["key2"]["key3"])
2026
 
        self.assertNotIsInstance(ret["key1"]["key2"]["key3"],
2027
 
                                 self.dummy_dbussy.DBUS.ObjectPath)
2028
 
 
2029
 
    def test_call_method_handles_exception(self):
2030
 
        def func():
2031
 
            raise self.dummy_dbussy.DBusError()
2032
 
 
2033
 
        fake_ravel = self.fake_ravel_func(func)
2034
 
        bus = dbussy_adapter.SystemBus(self.dummy_dbussy, fake_ravel)
2035
 
 
2036
 
        with self.assertRaises(dbus.Error) as e:
2037
 
            self.call_method(bus, "methodname", "busname",
2038
 
                             "objectpath", "interface")
2039
 
 
2040
 
        self.assertNotIsInstance(e.exception, dbus.ConnectFailed)
2041
 
 
2042
 
    def test_get_object_converts_to_correct_exception(self):
2043
 
        class fake_ravel_raises_exception_on_connect:
2044
 
            @staticmethod
2045
 
            def system_bus():
2046
 
                class Bus:
2047
 
                    @staticmethod
2048
 
                    def __getitem__(key):
2049
 
                        if key == "objectpath":
2050
 
                            raise self.dummy_dbussy.DBusError()
2051
 
                        raise Exception(key)
2052
 
                return {"busname": Bus()}
2053
 
        def func():
2054
 
            raise self.dummy_dbussy.DBusError()
2055
 
        bus = dbussy_adapter.SystemBus(
2056
 
            self.dummy_dbussy,
2057
 
            fake_ravel_raises_exception_on_connect)
2058
 
        with self.assertRaises(dbus.ConnectFailed):
2059
 
            self.call_method(bus, "methodname", "busname",
2060
 
                             "objectpath", "interface")
2061
 
 
2062
 
 
2063
1777
class Test_commands_from_options(unittest.TestCase):
2064
1778
 
2065
1779
    def setUp(self):
2439
2153
        busname = "se.recompile.Mandos"
2440
2154
        client_interface = "se.recompile.Mandos.Client"
2441
2155
        command.Approve().run(self.bus.clients, self.bus)
2442
 
        self.assertTrue(self.bus.clients)
2443
2156
        for clientpath in self.bus.clients:
2444
2157
            self.assertIn(("Approve", busname, clientpath,
2445
2158
                           client_interface, (True,)), self.bus.calls)
2448
2161
        busname = "se.recompile.Mandos"
2449
2162
        client_interface = "se.recompile.Mandos.Client"
2450
2163
        command.Deny().run(self.bus.clients, self.bus)
2451
 
        self.assertTrue(self.bus.clients)
2452
2164
        for clientpath in self.bus.clients:
2453
2165
            self.assertIn(("Approve", busname, clientpath,
2454
2166
                           client_interface, (False,)),
2455
2167
                          self.bus.calls)
2456
2168
 
2457
2169
    def test_Remove(self):
2458
 
        busname = "se.recompile.Mandos"
2459
 
        server_path = "/"
2460
 
        server_interface = "se.recompile.Mandos"
2461
 
        orig_clients = self.bus.clients.copy()
2462
2170
        command.Remove().run(self.bus.clients, self.bus)
2463
 
        self.assertFalse(self.bus.clients)
2464
 
        for clientpath in orig_clients:
2465
 
            self.assertIn(("RemoveClient", busname,
2466
 
                           server_path, server_interface,
 
2171
        for clientpath in self.bus.clients:
 
2172
            self.assertIn(("RemoveClient", dbus_busname,
 
2173
                           dbus_server_path, dbus_server_interface,
2467
2174
                           (clientpath,)), self.bus.calls)
2468
2175
 
2469
2176
    expected_json = {
2671
2378
        else:
2672
2379
            cmd_args = [() for x in range(len(self.values_to_get))]
2673
2380
            values_to_get = self.values_to_get
2674
 
        self.assertTrue(values_to_get)
2675
2381
        for value_to_get, cmd_arg in zip(values_to_get, cmd_args):
2676
2382
            for clientpath in self.bus.clients:
2677
2383
                self.bus.clients[clientpath][self.propname] = (
2678
2384
                    Unique())
2679
2385
            self.command(*cmd_arg).run(self.bus.clients, self.bus)
2680
 
            self.assertTrue(self.bus.clients)
2681
2386
            for clientpath in self.bus.clients:
2682
2387
                value = (self.bus.clients[clientpath]
2683
2388
                         [self.propname])