/mandos/trunk : revision 560.1.1

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-monitor

Committer: teddy at recompile
Date: 2012-02-25 03:49:47 UTC
mto: This revision was merged to the branch mainline in revision 561.
Revision ID: teddy@recompile.se-20120225034947-qdjgp2h92bpote0d

* mandos: Use os.devnull instead of os.path.devnull.  Fix some white
          space.
  (PGPEngine.encrypt, PGPEngine.decrypt): Bug fix: open /dev/null for
                                          writing, not reading.

files added:
debian/source/local-options

intro.xml

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

files modified:
DBUS-API

Makefile

NEWS

README

TODO

clients.conf

common.ent

dbus-mandos.conf

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.docs

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos-monitor

# Mandos Monitor - Control and monitor the Mandos server

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# You should have received a copy of the GNU General Public License

# along with this program. If not, see <http://www.gnu.org/licenses/>.

# Contact the authors at <mandos@fukt.bsnet.se>.

# Contact the authors at <mandos@recompile.se>.

from __future__ import (division, absolute_import, print_function,

logging.getLogger('dbus.proxies').setLevel(logging.CRITICAL)

# Some useful constants

domain = 'se.bsnet.fukt'

domain = 'se.recompile'

server_interface = domain + '.Mandos'

client_interface = domain + '.Mandos.Client'

version = "1.3.0"

version = "1.5.3"

# Always run in monochrome mode

urwid.curses_display.curses.has_colors = lambda : False

131

132

self._update_timer_callback_tag = None

133

self._update_timer_callback_lock = 0

134

self.last_checker_failed = False

135

134

136

135

# The widget shown normally

137

136

self._text_widget = urwid.Text("")

145

144

146

145

last_checked_ok = isoformat_to_datetime(self.properties

147

146

["LastCheckedOK"])

148

if last_checked_ok is None:

149

self.last_checker_failed = True

150

else:

151

self.last_checker_failed = ((datetime.datetime.utcnow()

152

- last_checked_ok)

153

> datetime.timedelta

154

(milliseconds=

155

self.properties

156

["Interval"]))

157

147

158

if self.last_checker_failed:

148

if self.properties ["LastCheckerStatus"] != 0:

159

149

self.using_timer(True)

160

150

161

151

if self.need_approval:

189

179

value)

190

180

if property == "ApprovalPending":

191

181

using_timer(bool(value))

192

182

if property == "LastCheckerStatus":

183

using_timer(value != 0)

184

#self.logger('Checker for client %s (command "%s")'

185

# ' was successful'

186

# % (self.properties["Name"], command))

187

193

188

def using_timer(self, flag):

194

189

"""Call this method with True or False when timer should be

195

190

activated or deactivated.

200

195

else:

201

196

self._update_timer_callback_lock -= 1

202

197

if old == 0 and self._update_timer_callback_lock:

198

# Will update the shown timer value every second

203

199

self._update_timer_callback_tag = (gobject.timeout_add

204

200

(1000,

205

201

self.update_timer))

209

205

210

206

def checker_completed(self, exitstatus, condition, command):

211

207

if exitstatus == 0:

212

if self.last_checker_failed:

213

self.last_checker_failed = False

214

self.using_timer(False)

215

#self.logger('Checker for client %s (command "%s")'

216

# ' was successful'

217

# % (self.properties["Name"], command))

218

208

self.update()

219

209

return

220

210

# Checker failed

221

if not self.last_checker_failed:

222

self.last_checker_failed = True

223

self.using_timer(True)

224

211

if os.WIFEXITED(condition):

225

212

self.logger('Checker for client %s (command "%s")'

226

213

' failed with exit code %s'

241

228

self.update()

242

229

243

230

def checker_started(self, command):

231

"""Server signals that a checker started. This could be useful

232

to log in the future. """

244

233

#self.logger('Client %s started checker "%s"'

245

234

# % (self.properties["Name"], unicode(command)))

246

235

pass

247

236

248

237

def got_secret(self):

249

self.last_checker_failed = False

250

238

self.logger('Client %s received its secret'

251

239

% self.properties["Name"])

252

240

313

301

else:

314

302

message = "Denial in %s. (a)pprove?"

315

303

message = message % unicode(timer).rsplit(".", 1)[0]

316

elif self.last_checker_failed:

317

timeout = datetime.timedelta(milliseconds

318

= self.properties

319

["Timeout"])

320

last_ok = isoformat_to_datetime(

321

max((self.properties["LastCheckedOK"]

322

or self.properties["Created"]),

323

self.properties["LastEnabled"]))

324

timer = timeout - (datetime.datetime.utcnow() - last_ok)

304

elif self.properties["LastCheckerStatus"] != 0:

305

# When checker has failed, print a timer until client expires

306

expires = self.properties["Expires"]

307

if expires == "":

308

timer = datetime.timedelta(0)

309

else:

310

expires = datetime.datetime.strptime(expires,

311

'%Y-%m-%dT%H:%M:%S.%f')

312

timer = expires - datetime.datetime.utcnow()

325

313

message = ('A checker has failed! Time until client'

326

314

' gets disabled: %s'

327

315

% unicode(timer).rsplit(".", 1)[0])

346

334

self.update_hook()

347

335

348

336

def update_timer(self):

349

"called by gobject"

337

"""called by gobject. Will indefinitely loop until

338

gobject.source_remove() on tag is called"""

350

339

self.update()

351

340

return True # Keep calling this

352

341

495

484

496

485

self.busname = domain + '.Mandos'

497

486

self.main_loop = gobject.MainLoop()

498

self.bus = dbus.SystemBus()

499

mandos_dbus_objc = self.bus.get_object(

500

self.busname, "/", follow_name_owner_changes=True)

501

self.mandos_serv = dbus.Interface(mandos_dbus_objc,

502

dbus_interface

503

= server_interface)

504

try:

505

mandos_clients = (self.mandos_serv

506

.GetAllClientsWithProperties())

507

except dbus.exceptions.DBusException:

508

mandos_clients = dbus.Dictionary()

509

510

(self.mandos_serv

511

.connect_to_signal("ClientRemoved",

512

self.find_and_remove_client,

513

dbus_interface=server_interface,

514

byte_arrays=True))

515

(self.mandos_serv

516

.connect_to_signal("ClientAdded",

517

self.add_new_client,

518

dbus_interface=server_interface,

519

byte_arrays=True))

520

(self.mandos_serv

521

.connect_to_signal("ClientNotFound",

522

self.client_not_found,

523

dbus_interface=server_interface,

524

byte_arrays=True))

525

for path, client in mandos_clients.iteritems():

526

client_proxy_object = self.bus.get_object(self.busname,

527

path)

528

self.add_client(MandosClientWidget(server_proxy_object

529

=self.mandos_serv,

530

proxy_object

531

=client_proxy_object,

532

properties=client,

533

update_hook

534

=self.refresh,

535

delete_hook

536

=self.remove_client,

537

logger

538

=self.log_message),

539

path=path)

540

487

541

488

def client_not_found(self, fingerprint, address):

542

489

self.log_message(("Client with address %s and fingerprint %s"

557

504

self.divider)))

558

505

if self.log_visible:

559

506

self.uilist.append(self.logbox)

560

pass

561

507

self.topwidget = urwid.Pile(self.uilist)

562

508

563

509

def log_message(self, message):

647

593

648

594

def run(self):

649

595

"""Start the main loop and exit when it's done."""

596

self.bus = dbus.SystemBus()

597

mandos_dbus_objc = self.bus.get_object(

598

self.busname, "/", follow_name_owner_changes=True)

599

self.mandos_serv = dbus.Interface(mandos_dbus_objc,

600

dbus_interface

601

= server_interface)

602

try:

603

mandos_clients = (self.mandos_serv

604

.GetAllClientsWithProperties())

605

except dbus.exceptions.DBusException:

606

mandos_clients = dbus.Dictionary()

607

608

(self.mandos_serv

609

.connect_to_signal("ClientRemoved",

610

self.find_and_remove_client,

611

dbus_interface=server_interface,

612

byte_arrays=True))

613

(self.mandos_serv

614

.connect_to_signal("ClientAdded",

615

self.add_new_client,

616

dbus_interface=server_interface,

617

byte_arrays=True))

618

(self.mandos_serv

619

.connect_to_signal("ClientNotFound",

620

self.client_not_found,

621

dbus_interface=server_interface,

622

byte_arrays=True))

623

for path, client in mandos_clients.iteritems():

624

client_proxy_object = self.bus.get_object(self.busname,

625

path)

626

self.add_client(MandosClientWidget(server_proxy_object

627

=self.mandos_serv,

628

proxy_object

629

=client_proxy_object,

630

properties=client,

631

update_hook

632

=self.refresh,

633

delete_hook

634

=self.remove_client,

635

logger

636

=self.log_message),

637

path=path)

638

650

639

self.refresh()

651

640

self._input_callback_tag = (gobject.io_add_watch

652

641

(sys.stdin.fileno(),

Older »