/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-monitor

  • Committer: Teddy Hogeborn
  • Date: 2012-05-06 17:37:23 UTC
  • Revision ID: teddy@recompile.se-20120506173723-znhgx61gpqp1rfor
* mandos (main.cleanup): Use tempfile.NamedTemporaryFile() instead of
                         tempfile.mkstemp().

Show diffs side-by-side

added added

removed removed

Lines of Context:
3
3
4
4
# Mandos Monitor - Control and monitor the Mandos server
5
5
6
 
# Copyright © 2009-2015 Teddy Hogeborn
7
 
# Copyright © 2009-2015 Björn Påhlsson
 
6
# Copyright © 2009-2012 Teddy Hogeborn
 
7
# Copyright © 2009-2012 Björn Påhlsson
8
8
9
9
# This program is free software: you can redistribute it and/or modify
10
10
# it under the terms of the GNU General Public License as published by
25
25
 
26
26
from __future__ import (division, absolute_import, print_function,
27
27
                        unicode_literals)
28
 
try:
29
 
    from future_builtins import *
30
 
except ImportError:
31
 
    pass
32
28
 
33
29
import sys
34
30
import os
 
31
import signal
35
32
 
36
33
import datetime
37
34
 
39
36
import urwid
40
37
 
41
38
from dbus.mainloop.glib import DBusGMainLoop
42
 
try:
43
 
    import gobject
44
 
except ImportError:
45
 
    from gi.repository import GObject as gobject
 
39
import gobject
46
40
 
47
41
import dbus
48
42
 
 
43
import UserList
 
44
 
49
45
import locale
50
46
 
51
 
if sys.version_info.major == 2:
52
 
    str = unicode
53
 
 
54
47
locale.setlocale(locale.LC_ALL, '')
55
48
 
56
49
import logging
60
53
domain = 'se.recompile'
61
54
server_interface = domain + '.Mandos'
62
55
client_interface = domain + '.Mandos.Client'
63
 
version = "1.6.9"
 
56
version = "1.5.3"
 
57
 
 
58
# Always run in monochrome mode
 
59
urwid.curses_display.curses.has_colors = lambda : False
 
60
 
 
61
# Urwid doesn't support blinking, but we want it.  Since we have no
 
62
# use for underline on its own, we make underline also always blink.
 
63
urwid.curses_display.curses.A_UNDERLINE |= (
 
64
    urwid.curses_display.curses.A_BLINK)
64
65
 
65
66
def isoformat_to_datetime(iso):
66
67
    "Parse an ISO 8601 date string to a datetime.datetime()"
83
84
    properties and calls a hook function when any of them are
84
85
    changed.
85
86
    """
86
 
    def __init__(self, proxy_object=None, properties=None, **kwargs):
 
87
    def __init__(self, proxy_object=None, *args, **kwargs):
87
88
        self.proxy = proxy_object # Mandos Client proxy object
88
 
        self.properties = dict() if properties is None else properties
 
89
        
 
90
        self.properties = dict()
89
91
        self.property_changed_match = (
90
 
            self.proxy.connect_to_signal("PropertiesChanged",
91
 
                                         self.properties_changed,
92
 
                                         dbus.PROPERTIES_IFACE,
 
92
            self.proxy.connect_to_signal("PropertyChanged",
 
93
                                         self.property_changed,
 
94
                                         client_interface,
93
95
                                         byte_arrays=True))
94
96
        
95
 
        if properties is None:
96
 
            self.properties.update(
97
 
                self.proxy.GetAll(client_interface,
98
 
                                  dbus_interface
99
 
                                  = dbus.PROPERTIES_IFACE))
100
 
        
101
 
        super(MandosClientPropertyCache, self).__init__(**kwargs)
 
97
        self.properties.update(
 
98
            self.proxy.GetAll(client_interface,
 
99
                              dbus_interface = dbus.PROPERTIES_IFACE))
 
100
 
 
101
        #XXX This breaks good super behaviour
 
102
#        super(MandosClientPropertyCache, self).__init__(
 
103
#            *args, **kwargs)
102
104
    
103
 
    def properties_changed(self, interface, properties, invalidated):
104
 
        """This is called whenever we get a PropertiesChanged signal
105
 
        It updates the changed properties in the "properties" dict.
 
105
    def property_changed(self, property=None, value=None):
 
106
        """This is called whenever we get a PropertyChanged signal
 
107
        It updates the changed property in the "properties" dict.
106
108
        """
107
109
        # Update properties dict with new value
108
 
        self.properties.update(properties)
 
110
        self.properties[property] = value
109
111
    
110
 
    def delete(self):
 
112
    def delete(self, *args, **kwargs):
111
113
        self.property_changed_match.remove()
 
114
        super(MandosClientPropertyCache, self).__init__(
 
115
            *args, **kwargs)
112
116
 
113
117
 
114
118
class MandosClientWidget(urwid.FlowWidget, MandosClientPropertyCache):
116
120
    """
117
121
    
118
122
    def __init__(self, server_proxy_object=None, update_hook=None,
119
 
                 delete_hook=None, logger=None, **kwargs):
 
123
                 delete_hook=None, logger=None, *args, **kwargs):
120
124
        # Called on update
121
125
        self.update_hook = update_hook
122
126
        # Called on delete
127
131
        self.logger = logger
128
132
        
129
133
        self._update_timer_callback_tag = None
 
134
        self._update_timer_callback_lock = 0
130
135
        
131
136
        # The widget shown normally
132
137
        self._text_widget = urwid.Text("")
133
138
        # The widget shown when we have focus
134
139
        self._focus_text_widget = urwid.Text("")
135
 
        super(MandosClientWidget, self).__init__(**kwargs)
 
140
        super(MandosClientWidget, self).__init__(
 
141
            update_hook=update_hook, delete_hook=delete_hook,
 
142
            *args, **kwargs)
136
143
        self.update()
137
144
        self.opened = False
138
145
        
 
146
        last_checked_ok = isoformat_to_datetime(self.properties
 
147
                                                ["LastCheckedOK"])
 
148
        
 
149
        if self.properties ["LastCheckerStatus"] != 0:
 
150
            self.using_timer(True)
 
151
        
 
152
        if self.need_approval:
 
153
            self.using_timer(True)
 
154
        
139
155
        self.match_objects = (
140
156
            self.proxy.connect_to_signal("CheckerCompleted",
141
157
                                         self.checker_completed,
157
173
                                         self.rejected,
158
174
                                         client_interface,
159
175
                                         byte_arrays=True))
160
 
        self.logger('Created client {}'
161
 
                    .format(self.properties["Name"]), level=0)
 
176
        #self.logger('Created client {0}'
 
177
        #            .format(self.properties["Name"]))
 
178
    
 
179
    def property_changed(self, property=None, value=None):
 
180
        super(self, MandosClientWidget).property_changed(property,
 
181
                                                         value)
 
182
        if property == "ApprovalPending":
 
183
            using_timer(bool(value))
 
184
        if property == "LastCheckerStatus":
 
185
            using_timer(value != 0)
 
186
            #self.logger('Checker for client {0} (command "{1}") was '
 
187
            #            ' successful'.format(self.properties["Name"],
 
188
            #                                 command))
162
189
    
163
190
    def using_timer(self, flag):
164
191
        """Call this method with True or False when timer should be
165
192
        activated or deactivated.
166
193
        """
167
 
        if flag and self._update_timer_callback_tag is None:
 
194
        old = self._update_timer_callback_lock
 
195
        if flag:
 
196
            self._update_timer_callback_lock += 1
 
197
        else:
 
198
            self._update_timer_callback_lock -= 1
 
199
        if old == 0 and self._update_timer_callback_lock:
168
200
            # Will update the shown timer value every second
169
201
            self._update_timer_callback_tag = (gobject.timeout_add
170
202
                                               (1000,
171
203
                                                self.update_timer))
172
 
        elif not (flag or self._update_timer_callback_tag is None):
 
204
        elif old and self._update_timer_callback_lock == 0:
173
205
            gobject.source_remove(self._update_timer_callback_tag)
174
206
            self._update_timer_callback_tag = None
175
207
    
176
 
    def checker_completed(self, exitstatus, signal, command):
 
208
    def checker_completed(self, exitstatus, condition, command):
177
209
        if exitstatus == 0:
178
 
            self.logger('Checker for client {} (command "{}")'
179
 
                        ' succeeded'.format(self.properties["Name"],
180
 
                                            command), level=0)
181
210
            self.update()
182
211
            return
183
212
        # Checker failed
184
 
        if exitstatus >= 0:
185
 
            self.logger('Checker for client {} (command "{}") failed'
186
 
                        ' with exit code {}'
187
 
                        .format(self.properties["Name"], command,
188
 
                                exitstatus))
189
 
        elif signal != 0:
190
 
            self.logger('Checker for client {} (command "{}") was'
191
 
                        ' killed by signal {}'
192
 
                        .format(self.properties["Name"], command,
193
 
                                signal))
 
213
        if os.WIFEXITED(condition):
 
214
            self.logger('Checker for client {0} (command "{1}")'
 
215
                        ' failed with exit code {2}'
 
216
                        .format(self.properties["Name"], command,
 
217
                                os.WEXITSTATUS(condition)))
 
218
        elif os.WIFSIGNALED(condition):
 
219
            self.logger('Checker for client {0} (command "{1}") was'
 
220
                        ' killed by signal {2}'
 
221
                        .format(self.properties["Name"], command,
 
222
                                os.WTERMSIG(condition)))
 
223
        elif os.WCOREDUMP(condition):
 
224
            self.logger('Checker for client {0} (command "{1}")'
 
225
                        ' dumped core'
 
226
                        .format(self.properties["Name"], command))
194
227
        else:
195
 
            self.logger('Checker for client {} completed'
 
228
            self.logger('Checker for client {0} completed'
196
229
                        ' mysteriously'
197
230
                        .format(self.properties["Name"]))
198
231
        self.update()
199
232
    
200
233
    def checker_started(self, command):
201
 
        """Server signals that a checker started."""
202
 
        self.logger('Client {} started checker "{}"'
203
 
                    .format(self.properties["Name"],
204
 
                            command), level=0)
 
234
        """Server signals that a checker started. This could be useful
 
235
           to log in the future. """
 
236
        #self.logger('Client {0} started checker "{1}"'
 
237
        #            .format(self.properties["Name"],
 
238
        #                    unicode(command)))
 
239
        pass
205
240
    
206
241
    def got_secret(self):
207
 
        self.logger('Client {} received its secret'
 
242
        self.logger('Client {0} received its secret'
208
243
                    .format(self.properties["Name"]))
209
244
    
210
245
    def need_approval(self, timeout, default):
211
246
        if not default:
212
 
            message = 'Client {} needs approval within {} seconds'
 
247
            message = 'Client {0} needs approval within {1} seconds'
213
248
        else:
214
 
            message = 'Client {} will get its secret in {} seconds'
 
249
            message = 'Client {0} will get its secret in {1} seconds'
215
250
        self.logger(message.format(self.properties["Name"],
216
251
                                   timeout/1000))
 
252
        self.using_timer(True)
217
253
    
218
254
    def rejected(self, reason):
219
 
        self.logger('Client {} was rejected; reason: {}'
 
255
        self.logger('Client {0} was rejected; reason: {1}'
220
256
                    .format(self.properties["Name"], reason))
221
257
    
222
258
    def selectable(self):
245
281
                          "bold-underline-blink":
246
282
                              "bold-underline-blink-standout",
247
283
                          }
248
 
        
 
284
 
249
285
        # Rebuild focus and non-focus widgets using current properties
250
 
        
 
286
 
251
287
        # Base part of a client. Name!
252
288
        base = '{name}: '.format(name=self.properties["Name"])
253
289
        if not self.properties["Enabled"]:
254
290
            message = "DISABLED"
255
 
            self.using_timer(False)
256
291
        elif self.properties["ApprovalPending"]:
257
292
            timeout = datetime.timedelta(milliseconds
258
293
                                         = self.properties
260
295
            last_approval_request = isoformat_to_datetime(
261
296
                self.properties["LastApprovalRequest"])
262
297
            if last_approval_request is not None:
263
 
                timer = max(timeout - (datetime.datetime.utcnow()
264
 
                                       - last_approval_request),
265
 
                            datetime.timedelta())
 
298
                timer = timeout - (datetime.datetime.utcnow()
 
299
                                   - last_approval_request)
266
300
            else:
267
301
                timer = datetime.timedelta()
268
302
            if self.properties["ApprovedByDefault"]:
269
 
                message = "Approval in {}. (d)eny?"
 
303
                message = "Approval in {0}. (d)eny?"
270
304
            else:
271
 
                message = "Denial in {}. (a)pprove?"
272
 
            message = message.format(str(timer).rsplit(".", 1)[0])
273
 
            self.using_timer(True)
 
305
                message = "Denial in {0}. (a)pprove?"
 
306
            message = message.format(unicode(timer).rsplit(".", 1)[0])
274
307
        elif self.properties["LastCheckerStatus"] != 0:
275
308
            # When checker has failed, show timer until client expires
276
309
            expires = self.properties["Expires"]
279
312
            else:
280
313
                expires = (datetime.datetime.strptime
281
314
                           (expires, '%Y-%m-%dT%H:%M:%S.%f'))
282
 
                timer = max(expires - datetime.datetime.utcnow(),
283
 
                            datetime.timedelta())
 
315
                timer = expires - datetime.datetime.utcnow()
284
316
            message = ('A checker has failed! Time until client'
285
 
                       ' gets disabled: {}'
286
 
                       .format(str(timer).rsplit(".", 1)[0]))
287
 
            self.using_timer(True)
 
317
                       ' gets disabled: {0}'
 
318
                       .format(unicode(timer).rsplit(".", 1)[0]))
288
319
        else:
289
320
            message = "enabled"
290
 
            self.using_timer(False)
291
 
        self._text = "{}{}".format(base, message)
292
 
        
 
321
        self._text = "{0}{1}".format(base, message)
 
322
            
293
323
        if not urwid.supports_unicode():
294
324
            self._text = self._text.encode("ascii", "replace")
295
325
        textlist = [("normal", self._text)]
312
342
        self.update()
313
343
        return True             # Keep calling this
314
344
    
315
 
    def delete(self, **kwargs):
 
345
    def delete(self, *args, **kwargs):
316
346
        if self._update_timer_callback_tag is not None:
317
347
            gobject.source_remove(self._update_timer_callback_tag)
318
348
            self._update_timer_callback_tag = None
321
351
        self.match_objects = ()
322
352
        if self.delete_hook is not None:
323
353
            self.delete_hook(self)
324
 
        return super(MandosClientWidget, self).delete(**kwargs)
 
354
        return super(MandosClientWidget, self).delete(*args, **kwargs)
325
355
    
326
356
    def render(self, maxcolrow, focus=False):
327
357
        """Render differently if we have focus.
369
399
        else:
370
400
            return key
371
401
    
372
 
    def properties_changed(self, interface, properties, invalidated):
373
 
        """Call self.update() if any properties changed.
 
402
    def property_changed(self, property=None, value=None,
 
403
                         *args, **kwargs):
 
404
        """Call self.update() if old value is not new value.
374
405
        This overrides the method from MandosClientPropertyCache"""
375
 
        old_values = { key: self.properties.get(key)
376
 
                       for key in properties.keys() }
377
 
        super(MandosClientWidget, self).properties_changed(
378
 
            interface, properties, invalidated)
379
 
        if any(old_values[key] != self.properties.get(key)
380
 
               for key in old_values):
 
406
        property_name = unicode(property)
 
407
        old_value = self.properties.get(property_name)
 
408
        super(MandosClientWidget, self).property_changed(
 
409
            property=property, value=value, *args, **kwargs)
 
410
        if self.properties.get(property_name) != old_value:
381
411
            self.update()
382
412
 
383
413
 
386
416
    "down" key presses, thus not allowing any containing widgets to
387
417
    use them as an excuse to shift focus away from this widget.
388
418
    """
389
 
    def keypress(self, *args, **kwargs):
390
 
        ret = super(ConstrainedListBox, self).keypress(*args, **kwargs)
 
419
    def keypress(self, maxcolrow, key):
 
420
        ret = super(ConstrainedListBox, self).keypress(maxcolrow, key)
391
421
        if ret in ("up", "down"):
392
422
            return
393
423
        return ret
397
427
    """This is the entire user interface - the whole screen
398
428
    with boxes, lists of client widgets, etc.
399
429
    """
400
 
    def __init__(self, max_log_length=1000, log_level=1):
 
430
    def __init__(self, max_log_length=1000):
401
431
        DBusGMainLoop(set_as_default=True)
402
432
        
403
433
        self.screen = urwid.curses_display.Screen()
406
436
                ("normal",
407
437
                 "default", "default", None),
408
438
                ("bold",
409
 
                 "bold", "default", "bold"),
 
439
                 "default", "default", "bold"),
410
440
                ("underline-blink",
411
 
                 "underline,blink", "default", "underline,blink"),
 
441
                 "default", "default", "underline"),
412
442
                ("standout",
413
 
                 "standout", "default", "standout"),
 
443
                 "default", "default", "standout"),
414
444
                ("bold-underline-blink",
415
 
                 "bold,underline,blink", "default", "bold,underline,blink"),
 
445
                 "default", "default", ("bold", "underline")),
416
446
                ("bold-standout",
417
 
                 "bold,standout", "default", "bold,standout"),
 
447
                 "default", "default", ("bold", "standout")),
418
448
                ("underline-blink-standout",
419
 
                 "underline,blink,standout", "default",
420
 
                 "underline,blink,standout"),
 
449
                 "default", "default", ("underline", "standout")),
421
450
                ("bold-underline-blink-standout",
422
 
                 "bold,underline,blink,standout", "default",
423
 
                 "bold,underline,blink,standout"),
 
451
                 "default", "default", ("bold", "underline",
 
452
                                          "standout")),
424
453
                ))
425
454
        
426
455
        if urwid.supports_unicode():
441
470
        self.log = []
442
471
        self.max_log_length = max_log_length
443
472
        
444
 
        self.log_level = log_level
445
 
        
446
473
        # We keep a reference to the log widget so we can remove it
447
474
        # from the ListWalker without it getting destroyed
448
475
        self.logbox = ConstrainedListBox(self.log)
462
489
        self.main_loop = gobject.MainLoop()
463
490
    
464
491
    def client_not_found(self, fingerprint, address):
465
 
        self.log_message("Client with address {} and fingerprint {}"
466
 
                         " could not be found"
 
492
        self.log_message("Client with address {0} and fingerprint"
 
493
                         " {1} could not be found"
467
494
                         .format(address, fingerprint))
468
495
    
469
496
    def rebuild(self):
482
509
            self.uilist.append(self.logbox)
483
510
        self.topwidget = urwid.Pile(self.uilist)
484
511
    
485
 
    def log_message(self, message, level=1):
486
 
        """Log message formatted with timestamp"""
487
 
        if level < self.log_level:
488
 
            return
 
512
    def log_message(self, message):
489
513
        timestamp = datetime.datetime.now().isoformat()
490
 
        self.log_message_raw("{}: {}".format(timestamp, message),
491
 
                             level=level)
 
514
        self.log_message_raw(timestamp + ": " + message)
492
515
    
493
 
    def log_message_raw(self, markup, level=1):
 
516
    def log_message_raw(self, markup):
494
517
        """Add a log message to the log buffer."""
495
 
        if level < self.log_level:
496
 
            return
497
518
        self.log.append(urwid.Text(markup, wrap=self.log_wrap))
498
519
        if (self.max_log_length
499
520
            and len(self.log) > self.max_log_length):
506
527
        """Toggle visibility of the log buffer."""
507
528
        self.log_visible = not self.log_visible
508
529
        self.rebuild()
509
 
        self.log_message("Log visibility changed to: {}"
510
 
                         .format(self.log_visible), level=0)
 
530
        #self.log_message("Log visibility changed to: "
 
531
        #                 + unicode(self.log_visible))
511
532
    
512
533
    def change_log_display(self):
513
534
        """Change type of log display.
518
539
            self.log_wrap = "clip"
519
540
        for textwidget in self.log:
520
541
            textwidget.set_wrap_mode(self.log_wrap)
521
 
        self.log_message("Wrap mode: {}".format(self.log_wrap),
522
 
                         level=0)
 
542
        #self.log_message("Wrap mode: " + self.log_wrap)
523
543
    
524
544
    def find_and_remove_client(self, path, name):
525
545
        """Find a client by its object path and remove it.
530
550
            client = self.clients_dict[path]
531
551
        except KeyError:
532
552
            # not found?
533
 
            self.log_message("Unknown client {!r} ({!r}) removed"
 
553
            self.log_message("Unknown client {0!r} ({1!r}) removed"
534
554
                             .format(name, path))
535
555
            return
536
556
        client.delete()
554
574
        if path is None:
555
575
            path = client.proxy.object_path
556
576
        self.clients_dict[path] = client
557
 
        self.clients.sort(key=lambda c: c.properties["Name"])
 
577
        self.clients.sort(None, lambda c: c.properties["Name"])
558
578
        self.refresh()
559
579
    
560
580
    def remove_client(self, client, path=None):
562
582
        if path is None:
563
583
            path = client.proxy.object_path
564
584
        del self.clients_dict[path]
 
585
        if not self.clients_dict:
 
586
            # Work around bug in Urwid 0.9.8.3 - if a SimpleListWalker
 
587
            # is completely emptied, we need to recreate it.
 
588
            self.clients = urwid.SimpleListWalker([])
 
589
            self.rebuild()
565
590
        self.refresh()
566
591
    
567
592
    def refresh(self):
580
605
        try:
581
606
            mandos_clients = (self.mandos_serv
582
607
                              .GetAllClientsWithProperties())
583
 
            if not mandos_clients:
584
 
                self.log_message_raw(("bold", "Note: Server has no clients."))
585
608
        except dbus.exceptions.DBusException:
586
 
            self.log_message_raw(("bold", "Note: No Mandos server running."))
587
609
            mandos_clients = dbus.Dictionary()
588
610
        
589
611
        (self.mandos_serv
601
623
                            self.client_not_found,
602
624
                            dbus_interface=server_interface,
603
625
                            byte_arrays=True))
604
 
        for path, client in mandos_clients.items():
 
626
        for path, client in mandos_clients.iteritems():
605
627
            client_proxy_object = self.bus.get_object(self.busname,
606
628
                                                      path)
607
629
            self.add_client(MandosClientWidget(server_proxy_object
616
638
                                               logger
617
639
                                               =self.log_message),
618
640
                            path=path)
619
 
        
 
641
 
620
642
        self.refresh()
621
643
        self._input_callback_tag = (gobject.io_add_watch
622
644
                                    (sys.stdin.fileno(),
654
676
            elif key == "window resize":
655
677
                self.size = self.screen.get_cols_rows()
656
678
                self.refresh()
657
 
            elif key == "ctrl l":
658
 
                self.screen.clear()
 
679
            elif key == "\f":  # Ctrl-L
659
680
                self.refresh()
660
681
            elif key == "l" or key == "D":
661
682
                self.toggle_log_display()
673
694
                                            "?: Help",
674
695
                                            "l: Log window toggle",
675
696
                                            "TAB: Switch window",
676
 
                                            "w: Wrap (log lines)",
677
 
                                            "v: Toggle verbose log",
678
 
                                            ))))
 
697
                                            "w: Wrap (log)"))))
679
698
                self.log_message_raw(("bold",
680
699
                                      "  "
681
700
                                      .join(("Clients:",
694
713
                else:
695
714
                    self.topwidget.set_focus(self.logbox)
696
715
                self.refresh()
697
 
            elif key == "v":
698
 
                if self.log_level == 0:
699
 
                    self.log_level = 1
700
 
                    self.log_message("Verbose mode: Off")
701
 
                else:
702
 
                    self.log_level = 0
703
 
                    self.log_message("Verbose mode: On")
704
716
            #elif (key == "end" or key == "meta >" or key == "G"
705
717
            #      or key == ">"):
706
718
            #    pass            # xxx end-of-buffer
729
741
    ui.run()
730
742
except KeyboardInterrupt:
731
743
    ui.screen.stop()
732
 
except Exception as e:
733
 
    ui.log_message(str(e))
 
744
except Exception, e:
 
745
    ui.log_message(unicode(e))
734
746
    ui.screen.stop()
735
747
    raise