/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-monitor

  • Committer: teddy at recompile
  • Date: 2020-02-07 20:53:34 UTC
  • Revision ID: teddy@recompile.se-20200207205334-dp41p8c8vw0ytik5
Allow users to more easily alter mandos.service

The sysvinit script uses /etc/default/mandos as an environment file,
and supports adding additional server options to a DAEMON_ARGS
environment variable.  This should be supported by the systemd
service, too.

* mandos.service ([Service]/EnvironmentFile): New; set to
  "/etc/default/mandos ".
  ([Service]/ExecStart): Append "$DAEMON_ARGS".

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
#!/usr/bin/python
 
1
#!/usr/bin/python3 -bbI
2
2
# -*- mode: python; coding: utf-8 -*-
3
3
#
4
4
# Mandos Monitor - Control and monitor the Mandos server
5
5
#
6
 
# Copyright © 2009-2016 Teddy Hogeborn
7
 
# Copyright © 2009-2016 Björn Påhlsson
8
 
#
9
 
# This program is free software: you can redistribute it and/or modify
10
 
# it under the terms of the GNU General Public License as published by
 
6
# Copyright © 2009-2019 Teddy Hogeborn
 
7
# Copyright © 2009-2019 Björn Påhlsson
 
8
#
 
9
# This file is part of Mandos.
 
10
#
 
11
# Mandos is free software: you can redistribute it and/or modify it
 
12
# under the terms of the GNU General Public License as published by
11
13
# the Free Software Foundation, either version 3 of the License, or
12
14
# (at your option) any later version.
13
15
#
14
 
#     This program is distributed in the hope that it will be useful,
15
 
#     but WITHOUT ANY WARRANTY; without even the implied warranty of
 
16
#     Mandos is distributed in the hope that it will be useful, but
 
17
#     WITHOUT ANY WARRANTY; without even the implied warranty of
16
18
#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17
19
#     GNU General Public License for more details.
18
20
#
19
21
# You should have received a copy of the GNU General Public License
20
 
# along with this program.  If not, see
21
 
# <http://www.gnu.org/licenses/>.
 
22
# along with Mandos.  If not, see <http://www.gnu.org/licenses/>.
22
23
#
23
24
# Contact the authors at <mandos@recompile.se>.
24
25
#
32
33
 
33
34
import sys
34
35
import os
35
 
 
 
36
import warnings
36
37
import datetime
 
38
import locale
 
39
import logging
37
40
 
38
41
import urwid.curses_display
39
42
import urwid
43
46
 
44
47
import dbus
45
48
 
46
 
import locale
47
 
 
48
 
import logging
49
 
 
50
49
if sys.version_info.major == 2:
 
50
    __metaclass__ = type
51
51
    str = unicode
52
52
 
53
 
locale.setlocale(locale.LC_ALL, '')
54
 
 
55
 
logging.getLogger('dbus.proxies').setLevel(logging.CRITICAL)
 
53
log = logging.getLogger(os.path.basename(sys.argv[0]))
 
54
logging.basicConfig(level="NOTSET", # Show all messages
 
55
                    format="%(message)s") # Show basic log messages
 
56
 
 
57
logging.captureWarnings(True)   # Show warnings via the logging system
 
58
 
 
59
locale.setlocale(locale.LC_ALL, "")
 
60
 
 
61
logging.getLogger("dbus.proxies").setLevel(logging.CRITICAL)
56
62
 
57
63
# Some useful constants
58
 
domain = 'se.recompile'
59
 
server_interface = domain + '.Mandos'
60
 
client_interface = domain + '.Mandos.Client'
61
 
version = "1.7.11"
 
64
domain = "se.recompile"
 
65
server_interface = domain + ".Mandos"
 
66
client_interface = domain + ".Mandos.Client"
 
67
version = "1.8.9"
62
68
 
63
69
try:
64
70
    dbus.OBJECT_MANAGER_IFACE
83
89
                             int(fraction*1000000))  # Microseconds
84
90
 
85
91
 
86
 
class MandosClientPropertyCache(object):
 
92
class MandosClientPropertyCache:
87
93
    """This wraps a Mandos Client D-Bus proxy object, caches the
88
94
    properties and calls a hook function when any of them are
89
95
    changed.
121
127
    """
122
128
 
123
129
    def __init__(self, server_proxy_object=None, update_hook=None,
124
 
                 delete_hook=None, logger=None, **kwargs):
 
130
                 delete_hook=None, **kwargs):
125
131
        # Called on update
126
132
        self.update_hook = update_hook
127
133
        # Called on delete
128
134
        self.delete_hook = delete_hook
129
135
        # Mandos Server proxy object
130
136
        self.server_proxy_object = server_proxy_object
131
 
        # Logger
132
 
        self.logger = logger
133
137
 
134
138
        self._update_timer_callback_tag = None
135
139
 
162
166
                                         self.rejected,
163
167
                                         client_interface,
164
168
                                         byte_arrays=True))
165
 
        self.logger('Created client {}'
166
 
                    .format(self.properties["Name"]), level=0)
 
169
        log.debug("Created client %s", self.properties["Name"])
167
170
 
168
171
    def using_timer(self, flag):
169
172
        """Call this method with True or False when timer should be
171
174
        """
172
175
        if flag and self._update_timer_callback_tag is None:
173
176
            # Will update the shown timer value every second
174
 
            self._update_timer_callback_tag = (GLib.timeout_add
175
 
                                               (1000,
176
 
                                                self.update_timer))
 
177
            self._update_timer_callback_tag = (
 
178
                GLib.timeout_add(1000,
 
179
                                 glib_safely(self.update_timer)))
177
180
        elif not (flag or self._update_timer_callback_tag is None):
178
181
            GLib.source_remove(self._update_timer_callback_tag)
179
182
            self._update_timer_callback_tag = None
180
183
 
181
184
    def checker_completed(self, exitstatus, condition, command):
182
185
        if exitstatus == 0:
183
 
            self.logger('Checker for client {} (command "{}")'
184
 
                        ' succeeded'.format(self.properties["Name"],
185
 
                                            command), level=0)
 
186
            log.debug('Checker for client %s (command "%s")'
 
187
                      " succeeded", self.properties["Name"], command)
186
188
            self.update()
187
189
            return
188
190
        # Checker failed
189
191
        if os.WIFEXITED(condition):
190
 
            self.logger('Checker for client {} (command "{}") failed'
191
 
                        ' with exit code {}'
192
 
                        .format(self.properties["Name"], command,
193
 
                                os.WEXITSTATUS(condition)))
 
192
            log.info('Checker for client %s (command "%s") failed'
 
193
                     " with exit code %d", self.properties["Name"],
 
194
                     command, os.WEXITSTATUS(condition))
194
195
        elif os.WIFSIGNALED(condition):
195
 
            self.logger('Checker for client {} (command "{}") was'
196
 
                        ' killed by signal {}'
197
 
                        .format(self.properties["Name"], command,
198
 
                                os.WTERMSIG(condition)))
 
196
            log.info('Checker for client %s (command "%s") was'
 
197
                     " killed by signal %d", self.properties["Name"],
 
198
                     command, os.WTERMSIG(condition))
199
199
        self.update()
200
200
 
201
201
    def checker_started(self, command):
202
202
        """Server signals that a checker started."""
203
 
        self.logger('Client {} started checker "{}"'
204
 
                    .format(self.properties["Name"],
205
 
                            command), level=0)
 
203
        log.debug('Client %s started checker "%s"',
 
204
                  self.properties["Name"], command)
206
205
 
207
206
    def got_secret(self):
208
 
        self.logger('Client {} received its secret'
209
 
                    .format(self.properties["Name"]))
 
207
        log.info("Client %s received its secret",
 
208
                 self.properties["Name"])
210
209
 
211
210
    def need_approval(self, timeout, default):
212
211
        if not default:
213
 
            message = 'Client {} needs approval within {} seconds'
 
212
            message = "Client %s needs approval within %f seconds"
214
213
        else:
215
 
            message = 'Client {} will get its secret in {} seconds'
216
 
        self.logger(message.format(self.properties["Name"],
217
 
                                   timeout/1000))
 
214
            message = "Client %s will get its secret in %f seconds"
 
215
        log.info(message, self.properties["Name"], timeout/1000)
218
216
 
219
217
    def rejected(self, reason):
220
 
        self.logger('Client {} was rejected; reason: {}'
221
 
                    .format(self.properties["Name"], reason))
 
218
        log.info("Client %s was rejected; reason: %s",
 
219
                 self.properties["Name"], reason)
222
220
 
223
221
    def selectable(self):
224
222
        """Make this a "selectable" widget.
250
248
        # Rebuild focus and non-focus widgets using current properties
251
249
 
252
250
        # Base part of a client. Name!
253
 
        base = '{name}: '.format(name=self.properties["Name"])
 
251
        base = "{name}: ".format(name=self.properties["Name"])
254
252
        if not self.properties["Enabled"]:
255
253
            message = "DISABLED"
256
254
            self.using_timer(False)
278
276
                timer = datetime.timedelta(0)
279
277
            else:
280
278
                expires = (datetime.datetime.strptime
281
 
                           (expires, '%Y-%m-%dT%H:%M:%S.%f'))
 
279
                           (expires, "%Y-%m-%dT%H:%M:%S.%f"))
282
280
                timer = max(expires - datetime.datetime.utcnow(),
283
281
                            datetime.timedelta())
284
 
            message = ('A checker has failed! Time until client'
285
 
                       ' gets disabled: {}'
 
282
            message = ("A checker has failed! Time until client"
 
283
                       " gets disabled: {}"
286
284
                       .format(str(timer).rsplit(".", 1)[0]))
287
285
            self.using_timer(True)
288
286
        else:
386
384
            self.update()
387
385
 
388
386
 
 
387
def glib_safely(func, retval=True):
 
388
    def safe_func(*args, **kwargs):
 
389
        try:
 
390
            return func(*args, **kwargs)
 
391
        except Exception:
 
392
            log.exception("")
 
393
            return retval
 
394
    return safe_func
 
395
 
 
396
 
389
397
class ConstrainedListBox(urwid.ListBox):
390
398
    """Like a normal urwid.ListBox, but will consume all "up" or
391
399
    "down" key presses, thus not allowing any containing widgets to
399
407
        return ret
400
408
 
401
409
 
402
 
class UserInterface(object):
 
410
class UserInterface:
403
411
    """This is the entire user interface - the whole screen
404
412
    with boxes, lists of client widgets, etc.
405
413
    """
406
 
    def __init__(self, max_log_length=1000, log_level=1):
 
414
    def __init__(self, max_log_length=1000):
407
415
        DBusGMainLoop(set_as_default=True)
408
416
 
409
417
        self.screen = urwid.curses_display.Screen()
443
451
        self.clients_dict = {}
444
452
 
445
453
        # We will add Text widgets to this list
446
 
        self.log = []
 
454
        self.log = urwid.SimpleListWalker([])
447
455
        self.max_log_length = max_log_length
448
456
 
449
 
        self.log_level = log_level
450
 
 
451
457
        # We keep a reference to the log widget so we can remove it
452
458
        # from the ListWalker without it getting destroyed
453
459
        self.logbox = ConstrainedListBox(self.log)
457
463
        self.log_visible = True
458
464
        self.log_wrap = "any"
459
465
 
 
466
        self.loghandler = UILogHandler(self)
 
467
 
460
468
        self.rebuild()
461
 
        self.log_message_raw(("bold",
462
 
                              "Mandos Monitor version " + version))
463
 
        self.log_message_raw(("bold",
464
 
                              "q: Quit  ?: Help"))
 
469
        self.add_log_line(("bold",
 
470
                           "Mandos Monitor version " + version))
 
471
        self.add_log_line(("bold", "q: Quit  ?: Help"))
465
472
 
466
 
        self.busname = domain + '.Mandos'
 
473
        self.busname = domain + ".Mandos"
467
474
        self.main_loop = GLib.MainLoop()
468
475
 
469
 
    def client_not_found(self, fingerprint, address):
470
 
        self.log_message("Client with address {} and fingerprint {}"
471
 
                         " could not be found"
472
 
                         .format(address, fingerprint))
 
476
    def client_not_found(self, key_id, address):
 
477
        log.info("Client with address %s and key ID %s could"
 
478
                 " not be found", address, key_id)
473
479
 
474
480
    def rebuild(self):
475
481
        """This rebuilds the User Interface.
486
492
            self.uilist.append(self.logbox)
487
493
        self.topwidget = urwid.Pile(self.uilist)
488
494
 
489
 
    def log_message(self, message, level=1):
490
 
        """Log message formatted with timestamp"""
491
 
        if level < self.log_level:
492
 
            return
493
 
        timestamp = datetime.datetime.now().isoformat()
494
 
        self.log_message_raw("{}: {}".format(timestamp, message),
495
 
                             level=level)
496
 
 
497
 
    def log_message_raw(self, markup, level=1):
498
 
        """Add a log message to the log buffer."""
499
 
        if level < self.log_level:
500
 
            return
 
495
    def add_log_line(self, markup):
501
496
        self.log.append(urwid.Text(markup, wrap=self.log_wrap))
502
497
        if self.max_log_length:
503
498
            if len(self.log) > self.max_log_length:
504
 
                del self.log[0:len(self.log)-self.max_log_length-1]
505
 
        self.logbox.set_focus(len(self.logbox.body.contents),
 
499
                del self.log[0:(len(self.log) - self.max_log_length)]
 
500
        self.logbox.set_focus(len(self.logbox.body.contents)-1,
506
501
                              coming_from="above")
507
502
        self.refresh()
508
503
 
510
505
        """Toggle visibility of the log buffer."""
511
506
        self.log_visible = not self.log_visible
512
507
        self.rebuild()
513
 
        self.log_message("Log visibility changed to: {}"
514
 
                         .format(self.log_visible), level=0)
 
508
        log.debug("Log visibility changed to: %s", self.log_visible)
515
509
 
516
510
    def change_log_display(self):
517
511
        """Change type of log display.
522
516
            self.log_wrap = "clip"
523
517
        for textwidget in self.log:
524
518
            textwidget.set_wrap_mode(self.log_wrap)
525
 
        self.log_message("Wrap mode: {}".format(self.log_wrap),
526
 
                         level=0)
 
519
        log.debug("Wrap mode: %s", self.log_wrap)
527
520
 
528
521
    def find_and_remove_client(self, path, interfaces):
529
522
        """Find a client by its object path and remove it.
537
530
            client = self.clients_dict[path]
538
531
        except KeyError:
539
532
            # not found?
540
 
            self.log_message("Unknown client {!r} removed"
541
 
                             .format(path))
 
533
            log.warning("Unknown client %s removed", path)
542
534
            return
543
535
        client.delete()
544
536
 
557
549
            proxy_object=client_proxy_object,
558
550
            update_hook=self.refresh,
559
551
            delete_hook=self.remove_client,
560
 
            logger=self.log_message,
561
552
            properties=dict(ifs_and_props[client_interface])),
562
553
                        path=path)
563
554
 
583
574
 
584
575
    def run(self):
585
576
        """Start the main loop and exit when it's done."""
 
577
        log.addHandler(self.loghandler)
 
578
        self.orig_log_propagate = log.propagate
 
579
        log.propagate = False
 
580
        self.orig_log_level = log.level
 
581
        log.setLevel("INFO")
586
582
        self.bus = dbus.SystemBus()
587
583
        mandos_dbus_objc = self.bus.get_object(
588
584
            self.busname, "/", follow_name_owner_changes=True)
592
588
            mandos_clients = (self.mandos_serv
593
589
                              .GetAllClientsWithProperties())
594
590
            if not mandos_clients:
595
 
                self.log_message_raw(("bold",
596
 
                                      "Note: Server has no clients."))
 
591
                log.warning("Note: Server has no clients.")
597
592
        except dbus.exceptions.DBusException:
598
 
            self.log_message_raw(("bold",
599
 
                                  "Note: No Mandos server running."))
 
593
            log.warning("Note: No Mandos server running.")
600
594
            mandos_clients = dbus.Dictionary()
601
595
 
602
596
        (self.mandos_serv
622
616
                proxy_object=client_proxy_object,
623
617
                properties=client,
624
618
                update_hook=self.refresh,
625
 
                delete_hook=self.remove_client,
626
 
                logger=self.log_message),
 
619
                delete_hook=self.remove_client),
627
620
                            path=path)
628
621
 
629
622
        self.refresh()
630
 
        self._input_callback_tag = (GLib.io_add_watch
631
 
                                    (sys.stdin.fileno(),
632
 
                                     GLib.IO_IN,
633
 
                                     self.process_input))
 
623
        self._input_callback_tag = (
 
624
            GLib.io_add_watch(
 
625
                GLib.IOChannel.unix_new(sys.stdin.fileno()),
 
626
                GLib.PRIORITY_DEFAULT, GLib.IO_IN,
 
627
                glib_safely(self.process_input)))
634
628
        self.main_loop.run()
635
629
        # Main loop has finished, we should close everything now
636
630
        GLib.source_remove(self._input_callback_tag)
637
 
        self.screen.stop()
 
631
        with warnings.catch_warnings():
 
632
            warnings.simplefilter("ignore", BytesWarning)
 
633
            self.screen.stop()
638
634
 
639
635
    def stop(self):
640
636
        self.main_loop.quit()
 
637
        log.removeHandler(self.loghandler)
 
638
        log.propagate = self.orig_log_propagate
641
639
 
642
640
    def process_input(self, source, condition):
643
641
        keys = self.screen.get_input()
676
674
                if not self.log_visible:
677
675
                    self.log_visible = True
678
676
                    self.rebuild()
679
 
                self.log_message_raw(("bold",
680
 
                                      "  ".
681
 
                                      join(("q: Quit",
682
 
                                            "?: Help",
683
 
                                            "l: Log window toggle",
684
 
                                            "TAB: Switch window",
685
 
                                            "w: Wrap (log lines)",
686
 
                                            "v: Toggle verbose log",
687
 
                                            ))))
688
 
                self.log_message_raw(("bold",
689
 
                                      "  "
690
 
                                      .join(("Clients:",
691
 
                                             "+: Enable",
692
 
                                             "-: Disable",
693
 
                                             "R: Remove",
694
 
                                             "s: Start new checker",
695
 
                                             "S: Stop checker",
696
 
                                             "C: Checker OK",
697
 
                                             "a: Approve",
698
 
                                             "d: Deny"))))
 
677
                self.add_log_line(("bold",
 
678
                                   "  ".join(("q: Quit",
 
679
                                              "?: Help",
 
680
                                              "l: Log window toggle",
 
681
                                              "TAB: Switch window",
 
682
                                              "w: Wrap (log lines)",
 
683
                                              "v: Toggle verbose log",
 
684
                                   ))))
 
685
                self.add_log_line(("bold",
 
686
                                   "  ".join(("Clients:",
 
687
                                              "+: Enable",
 
688
                                              "-: Disable",
 
689
                                              "R: Remove",
 
690
                                              "s: Start new checker",
 
691
                                              "S: Stop checker",
 
692
                                              "C: Checker OK",
 
693
                                              "a: Approve",
 
694
                                              "d: Deny",
 
695
                                   ))))
699
696
                self.refresh()
700
697
            elif key == "tab":
701
698
                if self.topwidget.get_focus() is self.logbox:
704
701
                    self.topwidget.set_focus(self.logbox)
705
702
                self.refresh()
706
703
            elif key == "v":
707
 
                if self.log_level == 0:
708
 
                    self.log_level = 1
709
 
                    self.log_message("Verbose mode: Off")
 
704
                if log.level < logging.INFO:
 
705
                    log.setLevel(logging.INFO)
 
706
                    log.info("Verbose mode: Off")
710
707
                else:
711
 
                    self.log_level = 0
712
 
                    self.log_message("Verbose mode: On")
 
708
                    log.setLevel(logging.NOTSET)
 
709
                    log.info("Verbose mode: On")
713
710
            # elif (key == "end" or key == "meta >" or key == "G"
714
711
            #       or key == ">"):
715
712
            #     pass            # xxx end-of-buffer
733
730
                self.refresh()
734
731
        return True
735
732
 
 
733
 
 
734
class UILogHandler(logging.Handler):
 
735
    def __init__(self, ui, *args, **kwargs):
 
736
        self.ui = ui
 
737
        super(UILogHandler, self).__init__(*args, **kwargs)
 
738
        self.setFormatter(
 
739
            logging.Formatter("%(asctime)s: %(message)s"))
 
740
    def emit(self, record):
 
741
        msg = self.format(record)
 
742
        if record.levelno > logging.INFO:
 
743
            msg = ("bold", msg)
 
744
        self.ui.add_log_line(msg)
 
745
 
 
746
 
736
747
ui = UserInterface()
737
748
try:
738
749
    ui.run()
739
750
except KeyboardInterrupt:
740
 
    ui.screen.stop()
741
 
except Exception as e:
742
 
    ui.log_message(str(e))
743
 
    ui.screen.stop()
 
751
    with warnings.catch_warnings():
 
752
        warnings.filterwarnings("ignore", "", BytesWarning)
 
753
        ui.screen.stop()
 
754
except Exception:
 
755
    with warnings.catch_warnings():
 
756
        warnings.filterwarnings("ignore", "", BytesWarning)
 
757
        ui.screen.stop()
744
758
    raise