/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-monitor

  • Committer: Teddy Hogeborn
  • Date: 2015-03-10 18:52:09 UTC
  • Revision ID: teddy@recompile.se-20150310185209-lxuovbu09zwyk9bx
Automatically determine the number of DH bits in the TLS handshake.

Instead of using a default value of 1024, check the OpenPGP key and
determine an appropriate number of DH bits to use, (using GnuTLS
functions made for this).  Document this new default behavior.

* plugins.d/mandos-client.c (safe_string): New function.
  (init_gnutls_global): If not specified, determine the number of DH
                        bits to use, based on the OpenPGP key.
* plugins.d/mandos-client.xml (OPTIONS): Document this new default of
                                         the --dh-bits option.

Thanks to Andreas Fischer <af@bantuX.org> for reporting this issue.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos-monitor
3
3
4
4
# Mandos Monitor - Control and monitor the Mandos server
5
5
6
 
# Copyright © 2009-2013 Teddy Hogeborn
7
 
# Copyright © 2009-2013 Björn Påhlsson
 
6
# Copyright © 2009-2014 Teddy Hogeborn
 
7
# Copyright © 2009-2014 Björn Påhlsson
8
8
9
9
# This program is free software: you can redistribute it and/or modify
10
10
# it under the terms of the GNU General Public License as published by
32
32
 
33
33
import sys
34
34
import os
35
 
import signal
36
35
 
37
36
import datetime
38
37
 
49
48
 
50
49
import locale
51
50
 
52
 
if sys.version_info[0] == 2:
 
51
if sys.version_info.major == 2:
53
52
    str = unicode
54
53
 
55
54
locale.setlocale(locale.LC_ALL, '')
61
60
domain = 'se.recompile'
62
61
server_interface = domain + '.Mandos'
63
62
client_interface = domain + '.Mandos.Client'
64
 
version = "1.6.3"
 
63
version = "1.6.9"
65
64
 
66
65
def isoformat_to_datetime(iso):
67
66
    "Parse an ISO 8601 date string to a datetime.datetime()"
88
87
        self.proxy = proxy_object # Mandos Client proxy object
89
88
        self.properties = dict() if properties is None else properties
90
89
        self.property_changed_match = (
91
 
            self.proxy.connect_to_signal("PropertyChanged",
92
 
                                         self._property_changed,
93
 
                                         client_interface,
 
90
            self.proxy.connect_to_signal("PropertiesChanged",
 
91
                                         self.properties_changed,
 
92
                                         dbus.PROPERTIES_IFACE,
94
93
                                         byte_arrays=True))
95
94
        
96
95
        if properties is None:
101
100
        
102
101
        super(MandosClientPropertyCache, self).__init__(**kwargs)
103
102
    
104
 
    def _property_changed(self, property, value):
105
 
        """Helper which takes positional arguments"""
106
 
        return self.property_changed(property=property, value=value)
107
 
    
108
 
    def property_changed(self, property=None, value=None):
109
 
        """This is called whenever we get a PropertyChanged signal
110
 
        It updates the changed property in the "properties" dict.
 
103
    def properties_changed(self, interface, properties, invalidated):
 
104
        """This is called whenever we get a PropertiesChanged signal
 
105
        It updates the changed properties in the "properties" dict.
111
106
        """
112
107
        # Update properties dict with new value
113
 
        self.properties[property] = value
 
108
        self.properties.update(properties)
114
109
    
115
110
    def delete(self):
116
111
        self.property_changed_match.remove()
162
157
                                         self.rejected,
163
158
                                         client_interface,
164
159
                                         byte_arrays=True))
165
 
        #self.logger('Created client {0}'
166
 
        #            .format(self.properties["Name"]))
 
160
        self.logger('Created client {}'
 
161
                    .format(self.properties["Name"]), level=0)
167
162
    
168
163
    def using_timer(self, flag):
169
164
        """Call this method with True or False when timer should be
180
175
    
181
176
    def checker_completed(self, exitstatus, condition, command):
182
177
        if exitstatus == 0:
 
178
            self.logger('Checker for client {} (command "{}")'
 
179
                        ' succeeded'.format(self.properties["Name"],
 
180
                                            command), level=0)
183
181
            self.update()
184
182
            return
185
183
        # Checker failed
186
184
        if os.WIFEXITED(condition):
187
 
            self.logger('Checker for client {0} (command "{1}")'
188
 
                        ' failed with exit code {2}'
 
185
            self.logger('Checker for client {} (command "{}") failed'
 
186
                        ' with exit code {}'
189
187
                        .format(self.properties["Name"], command,
190
188
                                os.WEXITSTATUS(condition)))
191
189
        elif os.WIFSIGNALED(condition):
192
 
            self.logger('Checker for client {0} (command "{1}") was'
193
 
                        ' killed by signal {2}'
 
190
            self.logger('Checker for client {} (command "{}") was'
 
191
                        ' killed by signal {}'
194
192
                        .format(self.properties["Name"], command,
195
193
                                os.WTERMSIG(condition)))
196
194
        elif os.WCOREDUMP(condition):
197
 
            self.logger('Checker for client {0} (command "{1}")'
198
 
                        ' dumped core'
199
 
                        .format(self.properties["Name"], command))
 
195
            self.logger('Checker for client {} (command "{}") dumped'
 
196
                        ' core'.format(self.properties["Name"],
 
197
                                       command))
200
198
        else:
201
 
            self.logger('Checker for client {0} completed'
 
199
            self.logger('Checker for client {} completed'
202
200
                        ' mysteriously'
203
201
                        .format(self.properties["Name"]))
204
202
        self.update()
205
203
    
206
204
    def checker_started(self, command):
207
 
        """Server signals that a checker started. This could be useful
208
 
           to log in the future. """
209
 
        #self.logger('Client {0} started checker "{1}"'
210
 
        #            .format(self.properties["Name"],
211
 
        #                    str(command)))
212
 
        pass
 
205
        """Server signals that a checker started."""
 
206
        self.logger('Client {} started checker "{}"'
 
207
                    .format(self.properties["Name"],
 
208
                            command), level=0)
213
209
    
214
210
    def got_secret(self):
215
 
        self.logger('Client {0} received its secret'
 
211
        self.logger('Client {} received its secret'
216
212
                    .format(self.properties["Name"]))
217
213
    
218
214
    def need_approval(self, timeout, default):
219
215
        if not default:
220
 
            message = 'Client {0} needs approval within {1} seconds'
 
216
            message = 'Client {} needs approval within {} seconds'
221
217
        else:
222
 
            message = 'Client {0} will get its secret in {1} seconds'
 
218
            message = 'Client {} will get its secret in {} seconds'
223
219
        self.logger(message.format(self.properties["Name"],
224
220
                                   timeout/1000))
225
221
    
226
222
    def rejected(self, reason):
227
 
        self.logger('Client {0} was rejected; reason: {1}'
 
223
        self.logger('Client {} was rejected; reason: {}'
228
224
                    .format(self.properties["Name"], reason))
229
225
    
230
226
    def selectable(self):
274
270
            else:
275
271
                timer = datetime.timedelta()
276
272
            if self.properties["ApprovedByDefault"]:
277
 
                message = "Approval in {0}. (d)eny?"
 
273
                message = "Approval in {}. (d)eny?"
278
274
            else:
279
 
                message = "Denial in {0}. (a)pprove?"
 
275
                message = "Denial in {}. (a)pprove?"
280
276
            message = message.format(str(timer).rsplit(".", 1)[0])
281
277
            self.using_timer(True)
282
278
        elif self.properties["LastCheckerStatus"] != 0:
290
286
                timer = max(expires - datetime.datetime.utcnow(),
291
287
                            datetime.timedelta())
292
288
            message = ('A checker has failed! Time until client'
293
 
                       ' gets disabled: {0}'
 
289
                       ' gets disabled: {}'
294
290
                       .format(str(timer).rsplit(".", 1)[0]))
295
291
            self.using_timer(True)
296
292
        else:
297
293
            message = "enabled"
298
294
            self.using_timer(False)
299
 
        self._text = "{0}{1}".format(base, message)
 
295
        self._text = "{}{}".format(base, message)
300
296
        
301
297
        if not urwid.supports_unicode():
302
298
            self._text = self._text.encode("ascii", "replace")
377
373
        else:
378
374
            return key
379
375
    
380
 
    def property_changed(self, property=None, **kwargs):
381
 
        """Call self.update() if old value is not new value.
 
376
    def properties_changed(self, interface, properties, invalidated):
 
377
        """Call self.update() if any properties changed.
382
378
        This overrides the method from MandosClientPropertyCache"""
383
 
        property_name = str(property)
384
 
        old_value = self.properties.get(property_name)
385
 
        super(MandosClientWidget, self).property_changed(
386
 
            property=property, **kwargs)
387
 
        if self.properties.get(property_name) != old_value:
 
379
        old_values = { key: self.properties.get(key)
 
380
                       for key in properties.keys() }
 
381
        super(MandosClientWidget, self).properties_changed(
 
382
            interface, properties, invalidated)
 
383
        if any(old_values[key] != self.properties.get(key)
 
384
               for key in old_values):
388
385
            self.update()
389
386
 
390
387
 
404
401
    """This is the entire user interface - the whole screen
405
402
    with boxes, lists of client widgets, etc.
406
403
    """
407
 
    def __init__(self, max_log_length=1000):
 
404
    def __init__(self, max_log_length=1000, log_level=1):
408
405
        DBusGMainLoop(set_as_default=True)
409
406
        
410
407
        self.screen = urwid.curses_display.Screen()
448
445
        self.log = []
449
446
        self.max_log_length = max_log_length
450
447
        
 
448
        self.log_level = log_level
 
449
        
451
450
        # We keep a reference to the log widget so we can remove it
452
451
        # from the ListWalker without it getting destroyed
453
452
        self.logbox = ConstrainedListBox(self.log)
467
466
        self.main_loop = gobject.MainLoop()
468
467
    
469
468
    def client_not_found(self, fingerprint, address):
470
 
        self.log_message("Client with address {0} and fingerprint"
471
 
                         " {1} could not be found"
 
469
        self.log_message("Client with address {} and fingerprint {}"
 
470
                         " could not be found"
472
471
                         .format(address, fingerprint))
473
472
    
474
473
    def rebuild(self):
487
486
            self.uilist.append(self.logbox)
488
487
        self.topwidget = urwid.Pile(self.uilist)
489
488
    
490
 
    def log_message(self, message):
 
489
    def log_message(self, message, level=1):
491
490
        """Log message formatted with timestamp"""
 
491
        if level < self.log_level:
 
492
            return
492
493
        timestamp = datetime.datetime.now().isoformat()
493
 
        self.log_message_raw(timestamp + ": " + message)
 
494
        self.log_message_raw("{}: {}".format(timestamp, message),
 
495
                             level=level)
494
496
    
495
 
    def log_message_raw(self, markup):
 
497
    def log_message_raw(self, markup, level=1):
496
498
        """Add a log message to the log buffer."""
 
499
        if level < self.log_level:
 
500
            return
497
501
        self.log.append(urwid.Text(markup, wrap=self.log_wrap))
498
502
        if (self.max_log_length
499
503
            and len(self.log) > self.max_log_length):
506
510
        """Toggle visibility of the log buffer."""
507
511
        self.log_visible = not self.log_visible
508
512
        self.rebuild()
509
 
        #self.log_message("Log visibility changed to: "
510
 
        #                 + str(self.log_visible))
 
513
        self.log_message("Log visibility changed to: {}"
 
514
                         .format(self.log_visible), level=0)
511
515
    
512
516
    def change_log_display(self):
513
517
        """Change type of log display.
518
522
            self.log_wrap = "clip"
519
523
        for textwidget in self.log:
520
524
            textwidget.set_wrap_mode(self.log_wrap)
521
 
        #self.log_message("Wrap mode: " + self.log_wrap)
 
525
        self.log_message("Wrap mode: {}".format(self.log_wrap),
 
526
                         level=0)
522
527
    
523
528
    def find_and_remove_client(self, path, name):
524
529
        """Find a client by its object path and remove it.
529
534
            client = self.clients_dict[path]
530
535
        except KeyError:
531
536
            # not found?
532
 
            self.log_message("Unknown client {0!r} ({1!r}) removed"
 
537
            self.log_message("Unknown client {!r} ({!r}) removed"
533
538
                             .format(name, path))
534
539
            return
535
540
        client.delete()
653
658
            elif key == "window resize":
654
659
                self.size = self.screen.get_cols_rows()
655
660
                self.refresh()
656
 
            elif key == "\f":  # Ctrl-L
 
661
            elif key == "ctrl l":
 
662
                self.screen.clear()
657
663
                self.refresh()
658
664
            elif key == "l" or key == "D":
659
665
                self.toggle_log_display()
671
677
                                            "?: Help",
672
678
                                            "l: Log window toggle",
673
679
                                            "TAB: Switch window",
674
 
                                            "w: Wrap (log)"))))
 
680
                                            "w: Wrap (log lines)",
 
681
                                            "v: Toggle verbose log",
 
682
                                            ))))
675
683
                self.log_message_raw(("bold",
676
684
                                      "  "
677
685
                                      .join(("Clients:",
690
698
                else:
691
699
                    self.topwidget.set_focus(self.logbox)
692
700
                self.refresh()
 
701
            elif key == "v":
 
702
                if self.log_level == 0:
 
703
                    self.log_level = 1
 
704
                    self.log_message("Verbose mode: Off")
 
705
                else:
 
706
                    self.log_level = 0
 
707
                    self.log_message("Verbose mode: On")
693
708
            #elif (key == "end" or key == "meta >" or key == "G"
694
709
            #      or key == ">"):
695
710
            #    pass            # xxx end-of-buffer