/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-monitor

  • Committer: Teddy Hogeborn
  • Date: 2016-02-28 10:59:18 UTC
  • Revision ID: teddy@recompile.se-20160228105918-tb8pt2p5j0tkcls3
Handle GnuTLS errors and partial sends in gnutls "module".

* mandos (GnuTLS.E_INTERRUPTED, GnuTLS.E_AGAIN): New.
  (GnuTLS.Error): Set error code as "code" attribute.
  (GnuTLS.ClientSession.send): Handle partial sends with a loop.
  (GnuTLS._retry_on_error): New function.
  (GnuTLS.record_send, GnuTLS.handshake, GnuTLS.bye): Set "errcheck"
                                                      attribute to
                                                    "_retry_on_error".
  (ClientHandler.handle): Remove loop for handling partial sends;
                          GnuTLS.ClientSession.send() will do that.

Show diffs side-by-side

added added

removed removed

Lines of Context:
3
3
4
4
# Mandos Monitor - Control and monitor the Mandos server
5
5
6
 
# Copyright © 2009-2014 Teddy Hogeborn
7
 
# Copyright © 2009-2014 Björn Påhlsson
 
6
# Copyright © 2009-2015 Teddy Hogeborn
 
7
# Copyright © 2009-2015 Björn Påhlsson
8
8
9
9
# This program is free software: you can redistribute it and/or modify
10
10
# it under the terms of the GNU General Public License as published by
48
48
 
49
49
import locale
50
50
 
51
 
if sys.version_info[0] == 2:
 
51
if sys.version_info.major == 2:
52
52
    str = unicode
53
53
 
54
54
locale.setlocale(locale.LC_ALL, '')
60
60
domain = 'se.recompile'
61
61
server_interface = domain + '.Mandos'
62
62
client_interface = domain + '.Mandos.Client'
63
 
version = "1.6.7"
 
63
version = "1.7.1"
 
64
 
 
65
try:
 
66
    dbus.OBJECT_MANAGER_IFACE
 
67
except AttributeError:
 
68
    dbus.OBJECT_MANAGER_IFACE = "org.freedesktop.DBus.ObjectManager"
64
69
 
65
70
def isoformat_to_datetime(iso):
66
71
    "Parse an ISO 8601 date string to a datetime.datetime()"
87
92
        self.proxy = proxy_object # Mandos Client proxy object
88
93
        self.properties = dict() if properties is None else properties
89
94
        self.property_changed_match = (
90
 
            self.proxy.connect_to_signal("PropertyChanged",
91
 
                                         self._property_changed,
92
 
                                         client_interface,
 
95
            self.proxy.connect_to_signal("PropertiesChanged",
 
96
                                         self.properties_changed,
 
97
                                         dbus.PROPERTIES_IFACE,
93
98
                                         byte_arrays=True))
94
99
        
95
100
        if properties is None:
100
105
        
101
106
        super(MandosClientPropertyCache, self).__init__(**kwargs)
102
107
    
103
 
    def _property_changed(self, property, value):
104
 
        """Helper which takes positional arguments"""
105
 
        return self.property_changed(property=property, value=value)
106
 
    
107
 
    def property_changed(self, property=None, value=None):
108
 
        """This is called whenever we get a PropertyChanged signal
109
 
        It updates the changed property in the "properties" dict.
 
108
    def properties_changed(self, interface, properties, invalidated):
 
109
        """This is called whenever we get a PropertiesChanged signal
 
110
        It updates the changed properties in the "properties" dict.
110
111
        """
111
112
        # Update properties dict with new value
112
 
        self.properties[property] = value
 
113
        if interface == client_interface:
 
114
            self.properties.update(properties)
113
115
    
114
116
    def delete(self):
115
117
        self.property_changed_match.remove()
161
163
                                         self.rejected,
162
164
                                         client_interface,
163
165
                                         byte_arrays=True))
164
 
        self.logger('Created client {0}'
 
166
        self.logger('Created client {}'
165
167
                    .format(self.properties["Name"]), level=0)
166
168
    
167
169
    def using_timer(self, flag):
179
181
    
180
182
    def checker_completed(self, exitstatus, condition, command):
181
183
        if exitstatus == 0:
182
 
            self.logger('Checker for client {0} (command "{1}")'
 
184
            self.logger('Checker for client {} (command "{}")'
183
185
                        ' succeeded'.format(self.properties["Name"],
184
186
                                            command), level=0)
185
187
            self.update()
186
188
            return
187
189
        # Checker failed
188
190
        if os.WIFEXITED(condition):
189
 
            self.logger('Checker for client {0} (command "{1}")'
190
 
                        ' failed with exit code {2}'
 
191
            self.logger('Checker for client {} (command "{}") failed'
 
192
                        ' with exit code {}'
191
193
                        .format(self.properties["Name"], command,
192
194
                                os.WEXITSTATUS(condition)))
193
195
        elif os.WIFSIGNALED(condition):
194
 
            self.logger('Checker for client {0} (command "{1}") was'
195
 
                        ' killed by signal {2}'
 
196
            self.logger('Checker for client {} (command "{}") was'
 
197
                        ' killed by signal {}'
196
198
                        .format(self.properties["Name"], command,
197
199
                                os.WTERMSIG(condition)))
198
 
        elif os.WCOREDUMP(condition):
199
 
            self.logger('Checker for client {0} (command "{1}")'
200
 
                        ' dumped core'
201
 
                        .format(self.properties["Name"], command))
202
 
        else:
203
 
            self.logger('Checker for client {0} completed'
204
 
                        ' mysteriously'
205
 
                        .format(self.properties["Name"]))
206
200
        self.update()
207
201
    
208
202
    def checker_started(self, command):
209
203
        """Server signals that a checker started."""
210
 
        self.logger('Client {0} started checker "{1}"'
 
204
        self.logger('Client {} started checker "{}"'
211
205
                    .format(self.properties["Name"],
212
206
                            command), level=0)
213
207
    
214
208
    def got_secret(self):
215
 
        self.logger('Client {0} received its secret'
 
209
        self.logger('Client {} received its secret'
216
210
                    .format(self.properties["Name"]))
217
211
    
218
212
    def need_approval(self, timeout, default):
219
213
        if not default:
220
 
            message = 'Client {0} needs approval within {1} seconds'
 
214
            message = 'Client {} needs approval within {} seconds'
221
215
        else:
222
 
            message = 'Client {0} will get its secret in {1} seconds'
 
216
            message = 'Client {} will get its secret in {} seconds'
223
217
        self.logger(message.format(self.properties["Name"],
224
218
                                   timeout/1000))
225
219
    
226
220
    def rejected(self, reason):
227
 
        self.logger('Client {0} was rejected; reason: {1}'
 
221
        self.logger('Client {} was rejected; reason: {}'
228
222
                    .format(self.properties["Name"], reason))
229
223
    
230
224
    def selectable(self):
274
268
            else:
275
269
                timer = datetime.timedelta()
276
270
            if self.properties["ApprovedByDefault"]:
277
 
                message = "Approval in {0}. (d)eny?"
 
271
                message = "Approval in {}. (d)eny?"
278
272
            else:
279
 
                message = "Denial in {0}. (a)pprove?"
 
273
                message = "Denial in {}. (a)pprove?"
280
274
            message = message.format(str(timer).rsplit(".", 1)[0])
281
275
            self.using_timer(True)
282
276
        elif self.properties["LastCheckerStatus"] != 0:
290
284
                timer = max(expires - datetime.datetime.utcnow(),
291
285
                            datetime.timedelta())
292
286
            message = ('A checker has failed! Time until client'
293
 
                       ' gets disabled: {0}'
 
287
                       ' gets disabled: {}'
294
288
                       .format(str(timer).rsplit(".", 1)[0]))
295
289
            self.using_timer(True)
296
290
        else:
297
291
            message = "enabled"
298
292
            self.using_timer(False)
299
 
        self._text = "{0}{1}".format(base, message)
 
293
        self._text = "{}{}".format(base, message)
300
294
        
301
295
        if not urwid.supports_unicode():
302
296
            self._text = self._text.encode("ascii", "replace")
341
335
        """Handle keys.
342
336
        This overrides the method from urwid.FlowWidget"""
343
337
        if key == "+":
344
 
            self.proxy.Enable(dbus_interface = client_interface,
345
 
                              ignore_reply=True)
 
338
            self.proxy.Set(client_interface, "Enabled",
 
339
                           dbus.Boolean(True), ignore_reply = True,
 
340
                           dbus_interface = dbus.PROPERTIES_IFACE)
346
341
        elif key == "-":
347
 
            self.proxy.Disable(dbus_interface = client_interface,
348
 
                               ignore_reply=True)
 
342
            self.proxy.Set(client_interface, "Enabled", False,
 
343
                           ignore_reply = True,
 
344
                           dbus_interface = dbus.PROPERTIES_IFACE)
349
345
        elif key == "a":
350
346
            self.proxy.Approve(dbus.Boolean(True, variant_level=1),
351
347
                               dbus_interface = client_interface,
359
355
                                                  .object_path,
360
356
                                                  ignore_reply=True)
361
357
        elif key == "s":
362
 
            self.proxy.StartChecker(dbus_interface = client_interface,
363
 
                                    ignore_reply=True)
 
358
            self.proxy.Set(client_interface, "CheckerRunning",
 
359
                           dbus.Boolean(True), ignore_reply = True,
 
360
                           dbus_interface = dbus.PROPERTIES_IFACE)
364
361
        elif key == "S":
365
 
            self.proxy.StopChecker(dbus_interface = client_interface,
366
 
                                   ignore_reply=True)
 
362
            self.proxy.Set(client_interface, "CheckerRunning",
 
363
                           dbus.Boolean(False), ignore_reply = True,
 
364
                           dbus_interface = dbus.PROPERTIES_IFACE)
367
365
        elif key == "C":
368
366
            self.proxy.CheckedOK(dbus_interface = client_interface,
369
367
                                 ignore_reply=True)
377
375
        else:
378
376
            return key
379
377
    
380
 
    def property_changed(self, property=None, **kwargs):
381
 
        """Call self.update() if old value is not new value.
 
378
    def properties_changed(self, interface, properties, invalidated):
 
379
        """Call self.update() if any properties changed.
382
380
        This overrides the method from MandosClientPropertyCache"""
383
 
        property_name = str(property)
384
 
        old_value = self.properties.get(property_name)
385
 
        super(MandosClientWidget, self).property_changed(
386
 
            property=property, **kwargs)
387
 
        if self.properties.get(property_name) != old_value:
 
381
        old_values = { key: self.properties.get(key)
 
382
                       for key in properties.keys() }
 
383
        super(MandosClientWidget, self).properties_changed(
 
384
            interface, properties, invalidated)
 
385
        if any(old_values[key] != self.properties.get(key)
 
386
               for key in old_values):
388
387
            self.update()
389
388
 
390
389
 
469
468
        self.main_loop = gobject.MainLoop()
470
469
    
471
470
    def client_not_found(self, fingerprint, address):
472
 
        self.log_message("Client with address {0} and fingerprint"
473
 
                         " {1} could not be found"
 
471
        self.log_message("Client with address {} and fingerprint {}"
 
472
                         " could not be found"
474
473
                         .format(address, fingerprint))
475
474
    
476
475
    def rebuild(self):
494
493
        if level < self.log_level:
495
494
            return
496
495
        timestamp = datetime.datetime.now().isoformat()
497
 
        self.log_message_raw("{0}: {1}".format(timestamp, message),
 
496
        self.log_message_raw("{}: {}".format(timestamp, message),
498
497
                             level=level)
499
498
    
500
499
    def log_message_raw(self, markup, level=1):
513
512
        """Toggle visibility of the log buffer."""
514
513
        self.log_visible = not self.log_visible
515
514
        self.rebuild()
516
 
        self.log_message("Log visibility changed to: {0}"
 
515
        self.log_message("Log visibility changed to: {}"
517
516
                         .format(self.log_visible), level=0)
518
517
    
519
518
    def change_log_display(self):
525
524
            self.log_wrap = "clip"
526
525
        for textwidget in self.log:
527
526
            textwidget.set_wrap_mode(self.log_wrap)
528
 
        self.log_message("Wrap mode: {0}".format(self.log_wrap),
 
527
        self.log_message("Wrap mode: {}".format(self.log_wrap),
529
528
                         level=0)
530
529
    
531
 
    def find_and_remove_client(self, path, name):
 
530
    def find_and_remove_client(self, path, interfaces):
532
531
        """Find a client by its object path and remove it.
533
532
        
534
 
        This is connected to the ClientRemoved signal from the
 
533
        This is connected to the InterfacesRemoved signal from the
535
534
        Mandos server object."""
 
535
        if client_interface not in interfaces:
 
536
            # Not a Mandos client object; ignore
 
537
            return
536
538
        try:
537
539
            client = self.clients_dict[path]
538
540
        except KeyError:
539
541
            # not found?
540
 
            self.log_message("Unknown client {0!r} ({1!r}) removed"
541
 
                             .format(name, path))
 
542
            self.log_message("Unknown client {!r} removed"
 
543
                             .format(path))
542
544
            return
543
545
        client.delete()
544
546
    
545
 
    def add_new_client(self, path):
 
547
    def add_new_client(self, path, ifs_and_props):
 
548
        """Find a client by its object path and remove it.
 
549
        
 
550
        This is connected to the InterfacesAdded signal from the
 
551
        Mandos server object.
 
552
        """
 
553
        if client_interface not in ifs_and_props:
 
554
            # Not a Mandos client object; ignore
 
555
            return
546
556
        client_proxy_object = self.bus.get_object(self.busname, path)
547
557
        self.add_client(MandosClientWidget(server_proxy_object
548
558
                                           =self.mandos_serv,
553
563
                                           delete_hook
554
564
                                           =self.remove_client,
555
565
                                           logger
556
 
                                           =self.log_message),
 
566
                                           =self.log_message,
 
567
                                           properties
 
568
                                           = dict(ifs_and_props[
 
569
                                               client_interface])),
557
570
                        path=path)
558
571
    
559
572
    def add_client(self, client, path=None):
594
607
            mandos_clients = dbus.Dictionary()
595
608
        
596
609
        (self.mandos_serv
597
 
         .connect_to_signal("ClientRemoved",
 
610
         .connect_to_signal("InterfacesRemoved",
598
611
                            self.find_and_remove_client,
599
 
                            dbus_interface=server_interface,
 
612
                            dbus_interface
 
613
                            = dbus.OBJECT_MANAGER_IFACE,
600
614
                            byte_arrays=True))
601
615
        (self.mandos_serv
602
 
         .connect_to_signal("ClientAdded",
 
616
         .connect_to_signal("InterfacesAdded",
603
617
                            self.add_new_client,
604
 
                            dbus_interface=server_interface,
 
618
                            dbus_interface
 
619
                            = dbus.OBJECT_MANAGER_IFACE,
605
620
                            byte_arrays=True))
606
621
        (self.mandos_serv
607
622
         .connect_to_signal("ClientNotFound",
661
676
            elif key == "window resize":
662
677
                self.size = self.screen.get_cols_rows()
663
678
                self.refresh()
664
 
            elif key == "\f":  # Ctrl-L
 
679
            elif key == "ctrl l":
 
680
                self.screen.clear()
665
681
                self.refresh()
666
682
            elif key == "l" or key == "D":
667
683
                self.toggle_log_display()