/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-monitor

  • Committer: teddy at recompile
  • Date: 2012-01-01 17:38:33 UTC
  • Revision ID: teddy@recompile.se-20120101173833-ai39bif1w0ftuyyh
* Makefile (install-server): Add intro(8mandos) man page.
* network-hooks.d/bridge: Add copyright info and year.
* network-hooks.d/openvpn: - '' -
* network-hooks.d/wireless: - '' -

Show diffs side-by-side

added added

removed removed

Lines of Context:
3
3
4
4
# Mandos Monitor - Control and monitor the Mandos server
5
5
6
 
# Copyright © 2009-2014 Teddy Hogeborn
7
 
# Copyright © 2009-2014 Björn Påhlsson
 
6
# Copyright © 2009-2012 Teddy Hogeborn
 
7
# Copyright © 2009-2012 Björn Påhlsson
8
8
9
9
# This program is free software: you can redistribute it and/or modify
10
10
# it under the terms of the GNU General Public License as published by
17
17
#     GNU General Public License for more details.
18
18
19
19
# You should have received a copy of the GNU General Public License
20
 
# along with this program.  If not, see
21
 
# <http://www.gnu.org/licenses/>.
 
20
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
22
21
23
22
# Contact the authors at <mandos@recompile.se>.
24
23
25
24
 
26
25
from __future__ import (division, absolute_import, print_function,
27
26
                        unicode_literals)
28
 
try:
29
 
    from future_builtins import *
30
 
except ImportError:
31
 
    pass
32
27
 
33
28
import sys
34
29
import os
 
30
import signal
35
31
 
36
32
import datetime
37
33
 
39
35
import urwid
40
36
 
41
37
from dbus.mainloop.glib import DBusGMainLoop
42
 
try:
43
 
    import gobject
44
 
except ImportError:
45
 
    from gi.repository import GObject as gobject
 
38
import gobject
46
39
 
47
40
import dbus
48
41
 
 
42
import UserList
 
43
 
49
44
import locale
50
45
 
51
 
if sys.version_info[0] == 2:
52
 
    str = unicode
53
 
 
54
46
locale.setlocale(locale.LC_ALL, '')
55
47
 
56
48
import logging
60
52
domain = 'se.recompile'
61
53
server_interface = domain + '.Mandos'
62
54
client_interface = domain + '.Mandos.Client'
63
 
version = "1.6.4"
 
55
version = "1.5.0"
 
56
 
 
57
# Always run in monochrome mode
 
58
urwid.curses_display.curses.has_colors = lambda : False
 
59
 
 
60
# Urwid doesn't support blinking, but we want it.  Since we have no
 
61
# use for underline on its own, we make underline also always blink.
 
62
urwid.curses_display.curses.A_UNDERLINE |= (
 
63
    urwid.curses_display.curses.A_BLINK)
64
64
 
65
65
def isoformat_to_datetime(iso):
66
66
    "Parse an ISO 8601 date string to a datetime.datetime()"
83
83
    properties and calls a hook function when any of them are
84
84
    changed.
85
85
    """
86
 
    def __init__(self, proxy_object=None, properties=None, **kwargs):
 
86
    def __init__(self, proxy_object=None, *args, **kwargs):
87
87
        self.proxy = proxy_object # Mandos Client proxy object
88
 
        self.properties = dict() if properties is None else properties
 
88
        
 
89
        self.properties = dict()
89
90
        self.property_changed_match = (
90
91
            self.proxy.connect_to_signal("PropertyChanged",
91
 
                                         self._property_changed,
 
92
                                         self.property_changed,
92
93
                                         client_interface,
93
94
                                         byte_arrays=True))
94
95
        
95
 
        if properties is None:
96
 
            self.properties.update(
97
 
                self.proxy.GetAll(client_interface,
98
 
                                  dbus_interface
99
 
                                  = dbus.PROPERTIES_IFACE))
100
 
        
101
 
        super(MandosClientPropertyCache, self).__init__(**kwargs)
102
 
    
103
 
    def _property_changed(self, property, value):
104
 
        """Helper which takes positional arguments"""
105
 
        return self.property_changed(property=property, value=value)
 
96
        self.properties.update(
 
97
            self.proxy.GetAll(client_interface,
 
98
                              dbus_interface = dbus.PROPERTIES_IFACE))
 
99
 
 
100
        #XXX This breaks good super behaviour
 
101
#        super(MandosClientPropertyCache, self).__init__(
 
102
#            *args, **kwargs)
106
103
    
107
104
    def property_changed(self, property=None, value=None):
108
105
        """This is called whenever we get a PropertyChanged signal
111
108
        # Update properties dict with new value
112
109
        self.properties[property] = value
113
110
    
114
 
    def delete(self):
 
111
    def delete(self, *args, **kwargs):
115
112
        self.property_changed_match.remove()
 
113
        super(MandosClientPropertyCache, self).__init__(
 
114
            *args, **kwargs)
116
115
 
117
116
 
118
117
class MandosClientWidget(urwid.FlowWidget, MandosClientPropertyCache):
120
119
    """
121
120
    
122
121
    def __init__(self, server_proxy_object=None, update_hook=None,
123
 
                 delete_hook=None, logger=None, **kwargs):
 
122
                 delete_hook=None, logger=None, *args, **kwargs):
124
123
        # Called on update
125
124
        self.update_hook = update_hook
126
125
        # Called on delete
131
130
        self.logger = logger
132
131
        
133
132
        self._update_timer_callback_tag = None
 
133
        self._update_timer_callback_lock = 0
 
134
        self.last_checker_failed = False
134
135
        
135
136
        # The widget shown normally
136
137
        self._text_widget = urwid.Text("")
137
138
        # The widget shown when we have focus
138
139
        self._focus_text_widget = urwid.Text("")
139
 
        super(MandosClientWidget, self).__init__(**kwargs)
 
140
        super(MandosClientWidget, self).__init__(
 
141
            update_hook=update_hook, delete_hook=delete_hook,
 
142
            *args, **kwargs)
140
143
        self.update()
141
144
        self.opened = False
142
145
        
 
146
        last_checked_ok = isoformat_to_datetime(self.properties
 
147
                                                ["LastCheckedOK"])
 
148
        if last_checked_ok is None:
 
149
            self.last_checker_failed = True
 
150
        else:
 
151
            self.last_checker_failed = ((datetime.datetime.utcnow()
 
152
                                         - last_checked_ok)
 
153
                                        > datetime.timedelta
 
154
                                        (milliseconds=
 
155
                                         self.properties
 
156
                                         ["Interval"]))
 
157
        
 
158
        if self.last_checker_failed:
 
159
            self.using_timer(True)
 
160
        
 
161
        if self.need_approval:
 
162
            self.using_timer(True)
 
163
        
143
164
        self.match_objects = (
144
165
            self.proxy.connect_to_signal("CheckerCompleted",
145
166
                                         self.checker_completed,
161
182
                                         self.rejected,
162
183
                                         client_interface,
163
184
                                         byte_arrays=True))
164
 
        #self.logger('Created client {0}'
165
 
        #            .format(self.properties["Name"]))
 
185
        #self.logger('Created client %s' % (self.properties["Name"]))
166
186
    
 
187
    def property_changed(self, property=None, value=None):
 
188
        super(self, MandosClientWidget).property_changed(property,
 
189
                                                         value)
 
190
        if property == "ApprovalPending":
 
191
            using_timer(bool(value))
 
192
        
167
193
    def using_timer(self, flag):
168
194
        """Call this method with True or False when timer should be
169
195
        activated or deactivated.
170
196
        """
171
 
        if flag and self._update_timer_callback_tag is None:
 
197
        old = self._update_timer_callback_lock
 
198
        if flag:
 
199
            self._update_timer_callback_lock += 1
 
200
        else:
 
201
            self._update_timer_callback_lock -= 1
 
202
        if old == 0 and self._update_timer_callback_lock:
172
203
            # Will update the shown timer value every second
173
204
            self._update_timer_callback_tag = (gobject.timeout_add
174
205
                                               (1000,
175
206
                                                self.update_timer))
176
 
        elif not (flag or self._update_timer_callback_tag is None):
 
207
        elif old and self._update_timer_callback_lock == 0:
177
208
            gobject.source_remove(self._update_timer_callback_tag)
178
209
            self._update_timer_callback_tag = None
179
210
    
180
211
    def checker_completed(self, exitstatus, condition, command):
181
212
        if exitstatus == 0:
 
213
            if self.last_checker_failed:
 
214
                self.last_checker_failed = False
 
215
                self.using_timer(False)
 
216
            #self.logger('Checker for client %s (command "%s")'
 
217
            #            ' was successful'
 
218
            #            % (self.properties["Name"], command))
182
219
            self.update()
183
220
            return
184
221
        # Checker failed
 
222
        if not self.last_checker_failed:
 
223
            self.last_checker_failed = True
 
224
            self.using_timer(True)
185
225
        if os.WIFEXITED(condition):
186
 
            self.logger('Checker for client {0} (command "{1}")'
187
 
                        ' failed with exit code {2}'
188
 
                        .format(self.properties["Name"], command,
189
 
                                os.WEXITSTATUS(condition)))
 
226
            self.logger('Checker for client %s (command "%s")'
 
227
                        ' failed with exit code %s'
 
228
                        % (self.properties["Name"], command,
 
229
                           os.WEXITSTATUS(condition)))
190
230
        elif os.WIFSIGNALED(condition):
191
 
            self.logger('Checker for client {0} (command "{1}") was'
192
 
                        ' killed by signal {2}'
193
 
                        .format(self.properties["Name"], command,
194
 
                                os.WTERMSIG(condition)))
 
231
            self.logger('Checker for client %s (command "%s")'
 
232
                        ' was killed by signal %s'
 
233
                        % (self.properties["Name"], command,
 
234
                           os.WTERMSIG(condition)))
195
235
        elif os.WCOREDUMP(condition):
196
 
            self.logger('Checker for client {0} (command "{1}")'
 
236
            self.logger('Checker for client %s (command "%s")'
197
237
                        ' dumped core'
198
 
                        .format(self.properties["Name"], command))
 
238
                        % (self.properties["Name"], command))
199
239
        else:
200
 
            self.logger('Checker for client {0} completed'
201
 
                        ' mysteriously'
202
 
                        .format(self.properties["Name"]))
 
240
            self.logger('Checker for client %s completed'
 
241
                        ' mysteriously')
203
242
        self.update()
204
243
    
205
244
    def checker_started(self, command):
206
245
        """Server signals that a checker started. This could be useful
207
246
           to log in the future. """
208
 
        #self.logger('Client {0} started checker "{1}"'
209
 
        #            .format(self.properties["Name"],
210
 
        #                    str(command)))
 
247
        #self.logger('Client %s started checker "%s"'
 
248
        #            % (self.properties["Name"], unicode(command)))
211
249
        pass
212
250
    
213
251
    def got_secret(self):
214
 
        self.logger('Client {0} received its secret'
215
 
                    .format(self.properties["Name"]))
 
252
        self.last_checker_failed = False
 
253
        self.logger('Client %s received its secret'
 
254
                    % self.properties["Name"])
216
255
    
217
256
    def need_approval(self, timeout, default):
218
257
        if not default:
219
 
            message = 'Client {0} needs approval within {1} seconds'
 
258
            message = 'Client %s needs approval within %s seconds'
220
259
        else:
221
 
            message = 'Client {0} will get its secret in {1} seconds'
222
 
        self.logger(message.format(self.properties["Name"],
223
 
                                   timeout/1000))
 
260
            message = 'Client %s will get its secret in %s seconds'
 
261
        self.logger(message
 
262
                    % (self.properties["Name"], timeout/1000))
 
263
        self.using_timer(True)
224
264
    
225
265
    def rejected(self, reason):
226
 
        self.logger('Client {0} was rejected; reason: {1}'
227
 
                    .format(self.properties["Name"], reason))
 
266
        self.logger('Client %s was rejected; reason: %s'
 
267
                    % (self.properties["Name"], reason))
228
268
    
229
269
    def selectable(self):
230
270
        """Make this a "selectable" widget.
252
292
                          "bold-underline-blink":
253
293
                              "bold-underline-blink-standout",
254
294
                          }
255
 
        
 
295
 
256
296
        # Rebuild focus and non-focus widgets using current properties
257
 
        
 
297
 
258
298
        # Base part of a client. Name!
259
 
        base = '{name}: '.format(name=self.properties["Name"])
 
299
        base = ('%(name)s: '
 
300
                      % {"name": self.properties["Name"]})
260
301
        if not self.properties["Enabled"]:
261
302
            message = "DISABLED"
262
 
            self.using_timer(False)
263
303
        elif self.properties["ApprovalPending"]:
264
304
            timeout = datetime.timedelta(milliseconds
265
305
                                         = self.properties
267
307
            last_approval_request = isoformat_to_datetime(
268
308
                self.properties["LastApprovalRequest"])
269
309
            if last_approval_request is not None:
270
 
                timer = max(timeout - (datetime.datetime.utcnow()
271
 
                                       - last_approval_request),
272
 
                            datetime.timedelta())
 
310
                timer = timeout - (datetime.datetime.utcnow()
 
311
                                   - last_approval_request)
273
312
            else:
274
313
                timer = datetime.timedelta()
275
314
            if self.properties["ApprovedByDefault"]:
276
 
                message = "Approval in {0}. (d)eny?"
 
315
                message = "Approval in %s. (d)eny?"
277
316
            else:
278
 
                message = "Denial in {0}. (a)pprove?"
279
 
            message = message.format(str(timer).rsplit(".", 1)[0])
280
 
            self.using_timer(True)
281
 
        elif self.properties["LastCheckerStatus"] != 0:
282
 
            # When checker has failed, show timer until client expires
 
317
                message = "Denial in %s. (a)pprove?"
 
318
            message = message % unicode(timer).rsplit(".", 1)[0]
 
319
        elif self.last_checker_failed:
 
320
            # When checker has failed, print a timer until client expires
283
321
            expires = self.properties["Expires"]
284
322
            if expires == "":
285
323
                timer = datetime.timedelta(0)
286
324
            else:
287
 
                expires = (datetime.datetime.strptime
288
 
                           (expires, '%Y-%m-%dT%H:%M:%S.%f'))
289
 
                timer = max(expires - datetime.datetime.utcnow(),
290
 
                            datetime.timedelta())
 
325
                expires = datetime.datetime.strptime(expires,
 
326
                                                     '%Y-%m-%dT%H:%M:%S.%f')
 
327
                timer = expires - datetime.datetime.utcnow()
291
328
            message = ('A checker has failed! Time until client'
292
 
                       ' gets disabled: {0}'
293
 
                       .format(str(timer).rsplit(".", 1)[0]))
294
 
            self.using_timer(True)
 
329
                       ' gets disabled: %s'
 
330
                           % unicode(timer).rsplit(".", 1)[0])
295
331
        else:
296
332
            message = "enabled"
297
 
            self.using_timer(False)
298
 
        self._text = "{0}{1}".format(base, message)
299
 
        
 
333
        self._text = "%s%s" % (base, message)
 
334
            
300
335
        if not urwid.supports_unicode():
301
336
            self._text = self._text.encode("ascii", "replace")
302
337
        textlist = [("normal", self._text)]
319
354
        self.update()
320
355
        return True             # Keep calling this
321
356
    
322
 
    def delete(self, **kwargs):
 
357
    def delete(self, *args, **kwargs):
323
358
        if self._update_timer_callback_tag is not None:
324
359
            gobject.source_remove(self._update_timer_callback_tag)
325
360
            self._update_timer_callback_tag = None
328
363
        self.match_objects = ()
329
364
        if self.delete_hook is not None:
330
365
            self.delete_hook(self)
331
 
        return super(MandosClientWidget, self).delete(**kwargs)
 
366
        return super(MandosClientWidget, self).delete(*args, **kwargs)
332
367
    
333
368
    def render(self, maxcolrow, focus=False):
334
369
        """Render differently if we have focus.
376
411
        else:
377
412
            return key
378
413
    
379
 
    def property_changed(self, property=None, **kwargs):
 
414
    def property_changed(self, property=None, value=None,
 
415
                         *args, **kwargs):
380
416
        """Call self.update() if old value is not new value.
381
417
        This overrides the method from MandosClientPropertyCache"""
382
 
        property_name = str(property)
 
418
        property_name = unicode(property)
383
419
        old_value = self.properties.get(property_name)
384
420
        super(MandosClientWidget, self).property_changed(
385
 
            property=property, **kwargs)
 
421
            property=property, value=value, *args, **kwargs)
386
422
        if self.properties.get(property_name) != old_value:
387
423
            self.update()
388
424
 
392
428
    "down" key presses, thus not allowing any containing widgets to
393
429
    use them as an excuse to shift focus away from this widget.
394
430
    """
395
 
    def keypress(self, *args, **kwargs):
396
 
        ret = super(ConstrainedListBox, self).keypress(*args, **kwargs)
 
431
    def keypress(self, maxcolrow, key):
 
432
        ret = super(ConstrainedListBox, self).keypress(maxcolrow, key)
397
433
        if ret in ("up", "down"):
398
434
            return
399
435
        return ret
412
448
                ("normal",
413
449
                 "default", "default", None),
414
450
                ("bold",
415
 
                 "bold", "default", "bold"),
 
451
                 "default", "default", "bold"),
416
452
                ("underline-blink",
417
 
                 "underline,blink", "default", "underline,blink"),
 
453
                 "default", "default", "underline"),
418
454
                ("standout",
419
 
                 "standout", "default", "standout"),
 
455
                 "default", "default", "standout"),
420
456
                ("bold-underline-blink",
421
 
                 "bold,underline,blink", "default", "bold,underline,blink"),
 
457
                 "default", "default", ("bold", "underline")),
422
458
                ("bold-standout",
423
 
                 "bold,standout", "default", "bold,standout"),
 
459
                 "default", "default", ("bold", "standout")),
424
460
                ("underline-blink-standout",
425
 
                 "underline,blink,standout", "default",
426
 
                 "underline,blink,standout"),
 
461
                 "default", "default", ("underline", "standout")),
427
462
                ("bold-underline-blink-standout",
428
 
                 "bold,underline,blink,standout", "default",
429
 
                 "bold,underline,blink,standout"),
 
463
                 "default", "default", ("bold", "underline",
 
464
                                          "standout")),
430
465
                ))
431
466
        
432
467
        if urwid.supports_unicode():
466
501
        self.main_loop = gobject.MainLoop()
467
502
    
468
503
    def client_not_found(self, fingerprint, address):
469
 
        self.log_message("Client with address {0} and fingerprint"
470
 
                         " {1} could not be found"
471
 
                         .format(address, fingerprint))
 
504
        self.log_message(("Client with address %s and fingerprint %s"
 
505
                          " could not be found" % (address,
 
506
                                                    fingerprint)))
472
507
    
473
508
    def rebuild(self):
474
509
        """This rebuilds the User Interface.
487
522
        self.topwidget = urwid.Pile(self.uilist)
488
523
    
489
524
    def log_message(self, message):
490
 
        """Log message formatted with timestamp"""
491
525
        timestamp = datetime.datetime.now().isoformat()
492
526
        self.log_message_raw(timestamp + ": " + message)
493
527
    
506
540
        self.log_visible = not self.log_visible
507
541
        self.rebuild()
508
542
        #self.log_message("Log visibility changed to: "
509
 
        #                 + str(self.log_visible))
 
543
        #                 + unicode(self.log_visible))
510
544
    
511
545
    def change_log_display(self):
512
546
        """Change type of log display.
528
562
            client = self.clients_dict[path]
529
563
        except KeyError:
530
564
            # not found?
531
 
            self.log_message("Unknown client {0!r} ({1!r}) removed"
532
 
                             .format(name, path))
 
565
            self.log_message("Unknown client %r (%r) removed", name,
 
566
                             path)
533
567
            return
534
568
        client.delete()
535
569
    
552
586
        if path is None:
553
587
            path = client.proxy.object_path
554
588
        self.clients_dict[path] = client
555
 
        self.clients.sort(key=lambda c: c.properties["Name"])
 
589
        self.clients.sort(None, lambda c: c.properties["Name"])
556
590
        self.refresh()
557
591
    
558
592
    def remove_client(self, client, path=None):
560
594
        if path is None:
561
595
            path = client.proxy.object_path
562
596
        del self.clients_dict[path]
 
597
        if not self.clients_dict:
 
598
            # Work around bug in Urwid 0.9.8.3 - if a SimpleListWalker
 
599
            # is completely emptied, we need to recreate it.
 
600
            self.clients = urwid.SimpleListWalker([])
 
601
            self.rebuild()
563
602
        self.refresh()
564
603
    
565
604
    def refresh(self):
578
617
        try:
579
618
            mandos_clients = (self.mandos_serv
580
619
                              .GetAllClientsWithProperties())
581
 
            if not mandos_clients:
582
 
                self.log_message_raw(("bold", "Note: Server has no clients."))
583
620
        except dbus.exceptions.DBusException:
584
 
            self.log_message_raw(("bold", "Note: No Mandos server running."))
585
621
            mandos_clients = dbus.Dictionary()
586
622
        
587
623
        (self.mandos_serv
599
635
                            self.client_not_found,
600
636
                            dbus_interface=server_interface,
601
637
                            byte_arrays=True))
602
 
        for path, client in mandos_clients.items():
 
638
        for path, client in mandos_clients.iteritems():
603
639
            client_proxy_object = self.bus.get_object(self.busname,
604
640
                                                      path)
605
641
            self.add_client(MandosClientWidget(server_proxy_object
614
650
                                               logger
615
651
                                               =self.log_message),
616
652
                            path=path)
617
 
        
 
653
 
618
654
        self.refresh()
619
655
        self._input_callback_tag = (gobject.io_add_watch
620
656
                                    (sys.stdin.fileno(),
717
753
    ui.run()
718
754
except KeyboardInterrupt:
719
755
    ui.screen.stop()
720
 
except Exception as e:
721
 
    ui.log_message(str(e))
 
756
except Exception, e:
 
757
    ui.log_message(unicode(e))
722
758
    ui.screen.stop()
723
759
    raise