/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-ctl

  • Committer: Teddy Hogeborn
  • Date: 2016-10-30 21:08:05 UTC
  • Revision ID: teddy@recompile.se-20161030210805-dasmuea2fkwlk86h
"RequisiteOverridable" is deprecated in systemd unit files

* mandos.service ([Unit]/RequisiteOverridable): Change to "Requisite".

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
#!/usr/bin/python
2
 
# -*- mode: python; coding: utf-8; after-save-hook: (lambda () (let ((command (if (and (boundp 'tramp-file-name-structure) (string-match (car tramp-file-name-structure) (buffer-file-name))) (tramp-file-name-localname (tramp-dissect-file-name (buffer-file-name))) (buffer-file-name)))) (if (= (shell-command (format "%s --check" (shell-quote-argument command)) "*Test*") 0) (let ((w (get-buffer-window "*Test*"))) (if w (delete-window w)) (kill-buffer "*Test*")) (display-buffer "*Test*")))); -*-
 
2
# -*- mode: python; coding: utf-8 -*-
3
3
#
4
4
# Mandos Monitor - Control and monitor the Mandos server
5
5
#
6
 
# Copyright © 2008-2019 Teddy Hogeborn
7
 
# Copyright © 2008-2019 Björn Påhlsson
8
 
#
9
 
# This file is part of Mandos.
10
 
#
11
 
# Mandos is free software: you can redistribute it and/or modify it
12
 
# under the terms of the GNU General Public License as published by
 
6
# Copyright © 2008-2016 Teddy Hogeborn
 
7
# Copyright © 2008-2016 Björn Påhlsson
 
8
#
 
9
# This program is free software: you can redistribute it and/or modify
 
10
# it under the terms of the GNU General Public License as published by
13
11
# the Free Software Foundation, either version 3 of the License, or
14
12
# (at your option) any later version.
15
13
#
16
 
#     Mandos is distributed in the hope that it will be useful, but
17
 
#     WITHOUT ANY WARRANTY; without even the implied warranty of
 
14
#     This program is distributed in the hope that it will be useful,
 
15
#     but WITHOUT ANY WARRANTY; without even the implied warranty of
18
16
#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19
17
#     GNU General Public License for more details.
20
18
#
21
19
# You should have received a copy of the GNU General Public License
22
 
# along with Mandos.  If not, see <http://www.gnu.org/licenses/>.
 
20
# along with this program.  If not, see
 
21
# <http://www.gnu.org/licenses/>.
23
22
#
24
23
# Contact the authors at <mandos@recompile.se>.
25
24
#
39
38
import re
40
39
import os
41
40
import collections
 
41
import doctest
42
42
import json
43
 
import unittest
44
 
import logging
45
43
 
46
44
import dbus
47
45
 
48
 
# Show warnings by default
49
 
if not sys.warnoptions:
50
 
    import warnings
51
 
    warnings.simplefilter("default")
52
 
 
53
 
log = logging.getLogger(sys.argv[0])
54
 
logging.basicConfig(level="INFO", # Show info level messages
55
 
                    format="%(message)s") # Show basic log messages
56
 
 
57
 
logging.captureWarnings(True)   # Show warnings via the logging system
58
 
 
59
46
if sys.version_info.major == 2:
60
47
    str = unicode
61
48
 
62
49
locale.setlocale(locale.LC_ALL, "")
63
50
 
 
51
tablewords = {
 
52
    "Name": "Name",
 
53
    "Enabled": "Enabled",
 
54
    "Timeout": "Timeout",
 
55
    "LastCheckedOK": "Last Successful Check",
 
56
    "LastApprovalRequest": "Last Approval Request",
 
57
    "Created": "Created",
 
58
    "Interval": "Interval",
 
59
    "Host": "Host",
 
60
    "Fingerprint": "Fingerprint",
 
61
    "CheckerRunning": "Check Is Running",
 
62
    "LastEnabled": "Last Enabled",
 
63
    "ApprovalPending": "Approval Is Pending",
 
64
    "ApprovedByDefault": "Approved By Default",
 
65
    "ApprovalDelay": "Approval Delay",
 
66
    "ApprovalDuration": "Approval Duration",
 
67
    "Checker": "Checker",
 
68
    "ExtendedTimeout": "Extended Timeout",
 
69
    "Expires": "Expires",
 
70
    "LastCheckerStatus": "Last Checker Status",
 
71
}
 
72
defaultkeywords = ("Name", "Enabled", "Timeout", "LastCheckedOK")
64
73
domain = "se.recompile"
65
74
busname = domain + ".Mandos"
66
75
server_path = "/"
67
76
server_interface = domain + ".Mandos"
68
77
client_interface = domain + ".Mandos.Client"
69
 
version = "1.8.3"
 
78
version = "1.7.13"
70
79
 
71
80
 
72
81
try:
93
102
    datetime.timedelta(0, 60)
94
103
    >>> rfc3339_duration_to_delta("PT60M")
95
104
    datetime.timedelta(0, 3600)
96
 
    >>> rfc3339_duration_to_delta("P60M")
97
 
    datetime.timedelta(1680)
98
105
    >>> rfc3339_duration_to_delta("PT24H")
99
106
    datetime.timedelta(1)
100
107
    >>> rfc3339_duration_to_delta("P1W")
103
110
    datetime.timedelta(0, 330)
104
111
    >>> rfc3339_duration_to_delta("P1DT3M20S")
105
112
    datetime.timedelta(1, 200)
106
 
    >>> # Can not be empty:
107
 
    >>> rfc3339_duration_to_delta("")
108
 
    Traceback (most recent call last):
109
 
    ...
110
 
    ValueError: Invalid RFC 3339 duration: u''
111
 
    >>> # Must start with "P":
112
 
    >>> rfc3339_duration_to_delta("1D")
113
 
    Traceback (most recent call last):
114
 
    ...
115
 
    ValueError: Invalid RFC 3339 duration: u'1D'
116
 
    >>> # Must use correct order
117
 
    >>> rfc3339_duration_to_delta("PT1S2M")
118
 
    Traceback (most recent call last):
119
 
    ...
120
 
    ValueError: Invalid RFC 3339 duration: u'PT1S2M'
121
 
    >>> # Time needs time marker
122
 
    >>> rfc3339_duration_to_delta("P1H2S")
123
 
    Traceback (most recent call last):
124
 
    ...
125
 
    ValueError: Invalid RFC 3339 duration: u'P1H2S'
126
 
    >>> # Weeks can not be combined with anything else
127
 
    >>> rfc3339_duration_to_delta("P1D2W")
128
 
    Traceback (most recent call last):
129
 
    ...
130
 
    ValueError: Invalid RFC 3339 duration: u'P1D2W'
131
 
    >>> rfc3339_duration_to_delta("P2W2H")
132
 
    Traceback (most recent call last):
133
 
    ...
134
 
    ValueError: Invalid RFC 3339 duration: u'P2W2H'
135
113
    """
136
114
 
137
115
    # Parsing an RFC 3339 duration with regular expressions is not
215
193
 
216
194
 
217
195
def string_to_delta(interval):
218
 
    """Parse a string and return a datetime.timedelta"""
 
196
    """Parse a string and return a datetime.timedelta
 
197
 
 
198
    >>> string_to_delta('7d')
 
199
    datetime.timedelta(7)
 
200
    >>> string_to_delta('60s')
 
201
    datetime.timedelta(0, 60)
 
202
    >>> string_to_delta('60m')
 
203
    datetime.timedelta(0, 3600)
 
204
    >>> string_to_delta('24h')
 
205
    datetime.timedelta(1)
 
206
    >>> string_to_delta('1w')
 
207
    datetime.timedelta(7)
 
208
    >>> string_to_delta('5m 30s')
 
209
    datetime.timedelta(0, 330)
 
210
    """
219
211
 
220
212
    try:
221
213
        return rfc3339_duration_to_delta(interval)
222
 
    except ValueError as e:
223
 
        log.warning("%s - Parsing as pre-1.6.1 interval instead",
224
 
                    ' '.join(e.args))
225
 
    return parse_pre_1_6_1_interval(interval)
226
 
 
227
 
 
228
 
def parse_pre_1_6_1_interval(interval):
229
 
    """Parse an interval string as documented by Mandos before 1.6.1,
230
 
    and return a datetime.timedelta
231
 
 
232
 
    >>> parse_pre_1_6_1_interval('7d')
233
 
    datetime.timedelta(7)
234
 
    >>> parse_pre_1_6_1_interval('60s')
235
 
    datetime.timedelta(0, 60)
236
 
    >>> parse_pre_1_6_1_interval('60m')
237
 
    datetime.timedelta(0, 3600)
238
 
    >>> parse_pre_1_6_1_interval('24h')
239
 
    datetime.timedelta(1)
240
 
    >>> parse_pre_1_6_1_interval('1w')
241
 
    datetime.timedelta(7)
242
 
    >>> parse_pre_1_6_1_interval('5m 30s')
243
 
    datetime.timedelta(0, 330)
244
 
    >>> parse_pre_1_6_1_interval('')
245
 
    datetime.timedelta(0)
246
 
    >>> # Ignore unknown characters, allow any order and repetitions
247
 
    >>> parse_pre_1_6_1_interval('2dxy7zz11y3m5m')
248
 
    datetime.timedelta(2, 480, 18000)
249
 
 
250
 
    """
 
214
    except ValueError:
 
215
        pass
251
216
 
252
217
    value = datetime.timedelta(0)
253
218
    regexp = re.compile(r"(\d+)([dsmhw]?)")
268
233
    return value
269
234
 
270
235
 
271
 
## Classes for commands.
272
 
 
273
 
# Abstract classes first
274
 
class Command(object):
275
 
    """Abstract class for commands"""
276
 
    def run(self, mandos, clients):
277
 
        """Normal commands should implement run_on_one_client(), but
278
 
        commands which want to operate on all clients at the same time
279
 
        can override this run() method instead."""
280
 
        self.mandos = mandos
281
 
        for client, properties in clients.items():
282
 
            self.run_on_one_client(client, properties)
283
 
 
284
 
class PrintCmd(Command):
285
 
    """Abstract class for commands printing client details"""
286
 
    all_keywords = ("Name", "Enabled", "Timeout", "LastCheckedOK",
287
 
                    "Created", "Interval", "Host", "KeyID",
288
 
                    "Fingerprint", "CheckerRunning", "LastEnabled",
289
 
                    "ApprovalPending", "ApprovedByDefault",
290
 
                    "LastApprovalRequest", "ApprovalDelay",
291
 
                    "ApprovalDuration", "Checker", "ExtendedTimeout",
292
 
                    "Expires", "LastCheckerStatus")
293
 
    def run(self, mandos, clients):
294
 
        print(self.output(clients))
295
 
 
296
 
class PropertyCmd(Command):
297
 
    """Abstract class for Actions for setting one client property"""
298
 
    def run_on_one_client(self, client, properties):
299
 
        """Set the Client's D-Bus property"""
300
 
        client.Set(client_interface, self.property, self.value_to_set,
301
 
                   dbus_interface=dbus.PROPERTIES_IFACE)
302
 
 
303
 
class ValueArgumentMixIn(object):
304
 
    """Mixin class for commands taking a value as argument"""
305
 
    def __init__(self, value):
306
 
        self.value_to_set = value
307
 
 
308
 
class MillisecondsValueArgumentMixIn(ValueArgumentMixIn):
309
 
    """Mixin class for commands taking a value argument as
310
 
    milliseconds."""
311
 
    @property
312
 
    def value_to_set(self):
313
 
        return self._vts
314
 
    @value_to_set.setter
315
 
    def value_to_set(self, value):
316
 
        """When setting, convert value to a datetime.timedelta"""
317
 
        self._vts = string_to_delta(value).total_seconds() * 1000
318
 
 
319
 
# Actual (non-abstract) command classes
320
 
 
321
 
class PrintTableCmd(PrintCmd):
322
 
    def __init__(self, verbose=False):
323
 
        self.verbose = verbose
324
 
 
325
 
    def output(self, clients):
326
 
        if self.verbose:
327
 
            keywords = self.all_keywords
328
 
        else:
329
 
            keywords = ("Name", "Enabled", "Timeout", "LastCheckedOK")
330
 
        return str(self.TableOfClients(clients.values(), keywords))
331
 
 
332
 
    class TableOfClients(object):
333
 
        tableheaders = {
334
 
            "Name": "Name",
335
 
            "Enabled": "Enabled",
336
 
            "Timeout": "Timeout",
337
 
            "LastCheckedOK": "Last Successful Check",
338
 
            "LastApprovalRequest": "Last Approval Request",
339
 
            "Created": "Created",
340
 
            "Interval": "Interval",
341
 
            "Host": "Host",
342
 
            "Fingerprint": "Fingerprint",
343
 
            "KeyID": "Key ID",
344
 
            "CheckerRunning": "Check Is Running",
345
 
            "LastEnabled": "Last Enabled",
346
 
            "ApprovalPending": "Approval Is Pending",
347
 
            "ApprovedByDefault": "Approved By Default",
348
 
            "ApprovalDelay": "Approval Delay",
349
 
            "ApprovalDuration": "Approval Duration",
350
 
            "Checker": "Checker",
351
 
            "ExtendedTimeout": "Extended Timeout",
352
 
            "Expires": "Expires",
353
 
            "LastCheckerStatus": "Last Checker Status",
354
 
        }
355
 
 
356
 
        def __init__(self, clients, keywords, tableheaders=None):
357
 
            self.clients = clients
358
 
            self.keywords = keywords
359
 
            if tableheaders is not None:
360
 
                self.tableheaders = tableheaders
361
 
 
362
 
        def __str__(self):
363
 
            return "\n".join(self.rows())
364
 
 
365
 
        if sys.version_info.major == 2:
366
 
            __unicode__ = __str__
367
 
            def __str__(self):
368
 
                return str(self).encode(locale.getpreferredencoding())
369
 
 
370
 
        def rows(self):
371
 
            format_string = self.row_formatting_string()
372
 
            rows = [self.header_line(format_string)]
373
 
            rows.extend(self.client_line(client, format_string)
374
 
                        for client in self.clients)
375
 
            return rows
376
 
 
377
 
        def row_formatting_string(self):
378
 
            "Format string used to format table rows"
379
 
            return " ".join("{{{key}:{width}}}".format(
380
 
                width=max(len(self.tableheaders[key]),
381
 
                          *(len(self.string_from_client(client, key))
382
 
                            for client in self.clients)),
383
 
                key=key)
384
 
                            for key in self.keywords)
385
 
 
386
 
        def string_from_client(self, client, key):
387
 
            return self.valuetostring(client[key], key)
388
 
 
389
 
        @staticmethod
390
 
        def valuetostring(value, keyword):
391
 
            if isinstance(value, dbus.Boolean):
392
 
                return "Yes" if value else "No"
393
 
            if keyword in ("Timeout", "Interval", "ApprovalDelay",
394
 
                           "ApprovalDuration", "ExtendedTimeout"):
395
 
                return milliseconds_to_string(value)
396
 
            return str(value)
397
 
 
398
 
        def header_line(self, format_string):
399
 
            return format_string.format(**self.tableheaders)
400
 
 
401
 
        def client_line(self, client, format_string):
402
 
            return format_string.format(
403
 
                **{key: self.string_from_client(client, key)
404
 
                   for key in self.keywords})
405
 
 
406
 
 
407
 
 
408
 
class DumpJSONCmd(PrintCmd):
409
 
    def output(self, clients):
410
 
        data = {client["Name"]:
411
 
                {key: self.dbus_boolean_to_bool(client[key])
412
 
                 for key in self.all_keywords}
413
 
                for client in clients.values()}
414
 
        return json.dumps(data, indent=4, separators=(',', ': '))
415
 
    @staticmethod
416
 
    def dbus_boolean_to_bool(value):
417
 
        if isinstance(value, dbus.Boolean):
418
 
            value = bool(value)
419
 
        return value
420
 
 
421
 
class IsEnabledCmd(Command):
422
 
    def run_on_one_client(self, client, properties):
423
 
        if self.is_enabled(client, properties):
424
 
            sys.exit(0)
425
 
        sys.exit(1)
426
 
    def is_enabled(self, client, properties):
427
 
        return bool(properties["Enabled"])
428
 
 
429
 
class RemoveCmd(Command):
430
 
    def run_on_one_client(self, client, properties):
431
 
        self.mandos.RemoveClient(client.__dbus_object_path__)
432
 
 
433
 
class ApproveCmd(Command):
434
 
    def run_on_one_client(self, client, properties):
435
 
        client.Approve(dbus.Boolean(True),
436
 
                       dbus_interface=client_interface)
437
 
 
438
 
class DenyCmd(Command):
439
 
    def run_on_one_client(self, client, properties):
440
 
        client.Approve(dbus.Boolean(False),
441
 
                       dbus_interface=client_interface)
442
 
 
443
 
class EnableCmd(PropertyCmd):
444
 
    property = "Enabled"
445
 
    value_to_set = dbus.Boolean(True)
446
 
 
447
 
class DisableCmd(PropertyCmd):
448
 
    property = "Enabled"
449
 
    value_to_set = dbus.Boolean(False)
450
 
 
451
 
class BumpTimeoutCmd(PropertyCmd):
452
 
    property = "LastCheckedOK"
453
 
    value_to_set = ""
454
 
 
455
 
class StartCheckerCmd(PropertyCmd):
456
 
    property = "CheckerRunning"
457
 
    value_to_set = dbus.Boolean(True)
458
 
 
459
 
class StopCheckerCmd(PropertyCmd):
460
 
    property = "CheckerRunning"
461
 
    value_to_set = dbus.Boolean(False)
462
 
 
463
 
class ApproveByDefaultCmd(PropertyCmd):
464
 
    property = "ApprovedByDefault"
465
 
    value_to_set = dbus.Boolean(True)
466
 
 
467
 
class DenyByDefaultCmd(PropertyCmd):
468
 
    property = "ApprovedByDefault"
469
 
    value_to_set = dbus.Boolean(False)
470
 
 
471
 
class SetCheckerCmd(PropertyCmd, ValueArgumentMixIn):
472
 
    property = "Checker"
473
 
 
474
 
class SetHostCmd(PropertyCmd, ValueArgumentMixIn):
475
 
    property = "Host"
476
 
 
477
 
class SetSecretCmd(PropertyCmd, ValueArgumentMixIn):
478
 
    property = "Secret"
479
 
 
480
 
class SetTimeoutCmd(PropertyCmd, MillisecondsValueArgumentMixIn):
481
 
    property = "Timeout"
482
 
 
483
 
class SetExtendedTimeoutCmd(PropertyCmd,
484
 
                            MillisecondsValueArgumentMixIn):
485
 
    property = "ExtendedTimeout"
486
 
 
487
 
class SetIntervalCmd(PropertyCmd, MillisecondsValueArgumentMixIn):
488
 
    property = "Interval"
489
 
 
490
 
class SetApprovalDelayCmd(PropertyCmd,
491
 
                          MillisecondsValueArgumentMixIn):
492
 
    property = "ApprovalDelay"
493
 
 
494
 
class SetApprovalDurationCmd(PropertyCmd,
495
 
                             MillisecondsValueArgumentMixIn):
496
 
    property = "ApprovalDuration"
 
236
def print_clients(clients, keywords):
 
237
    def valuetostring(value, keyword):
 
238
        if type(value) is dbus.Boolean:
 
239
            return "Yes" if value else "No"
 
240
        if keyword in ("Timeout", "Interval", "ApprovalDelay",
 
241
                       "ApprovalDuration", "ExtendedTimeout"):
 
242
            return milliseconds_to_string(value)
 
243
        return str(value)
 
244
 
 
245
    # Create format string to print table rows
 
246
    format_string = " ".join("{{{key}:{width}}}".format(
 
247
        width=max(len(tablewords[key]),
 
248
                  max(len(valuetostring(client[key], key))
 
249
                      for client in clients)),
 
250
        key=key)
 
251
                             for key in keywords)
 
252
    # Print header line
 
253
    print(format_string.format(**tablewords))
 
254
    for client in clients:
 
255
        print(format_string
 
256
              .format(**{key: valuetostring(client[key], key)
 
257
                         for key in keywords}))
 
258
 
497
259
 
498
260
def has_actions(options):
499
261
    return any((options.enable,
515
277
                options.approve,
516
278
                options.deny))
517
279
 
518
 
def add_command_line_options(parser):
 
280
 
 
281
def main():
 
282
    parser = argparse.ArgumentParser()
519
283
    parser.add_argument("--version", action="version",
520
284
                        version="%(prog)s {}".format(version),
521
285
                        help="show version number and exit")
525
289
                        help="Print all fields")
526
290
    parser.add_argument("-j", "--dump-json", action="store_true",
527
291
                        help="Dump client data in JSON format")
528
 
    enable_disable = parser.add_mutually_exclusive_group()
529
 
    enable_disable.add_argument("-e", "--enable", action="store_true",
530
 
                                help="Enable client")
531
 
    enable_disable.add_argument("-d", "--disable",
532
 
                                action="store_true",
533
 
                                help="disable client")
 
292
    parser.add_argument("-e", "--enable", action="store_true",
 
293
                        help="Enable client")
 
294
    parser.add_argument("-d", "--disable", action="store_true",
 
295
                        help="disable client")
534
296
    parser.add_argument("-b", "--bump-timeout", action="store_true",
535
297
                        help="Bump timeout for client")
536
 
    start_stop_checker = parser.add_mutually_exclusive_group()
537
 
    start_stop_checker.add_argument("--start-checker",
538
 
                                    action="store_true",
539
 
                                    help="Start checker for client")
540
 
    start_stop_checker.add_argument("--stop-checker",
541
 
                                    action="store_true",
542
 
                                    help="Stop checker for client")
 
298
    parser.add_argument("--start-checker", action="store_true",
 
299
                        help="Start checker for client")
 
300
    parser.add_argument("--stop-checker", action="store_true",
 
301
                        help="Stop checker for client")
543
302
    parser.add_argument("-V", "--is-enabled", action="store_true",
544
303
                        help="Check if client is enabled")
545
304
    parser.add_argument("-r", "--remove", action="store_true",
552
311
                        help="Set extended timeout for client")
553
312
    parser.add_argument("-i", "--interval",
554
313
                        help="Set checker interval for client")
555
 
    approve_deny_default = parser.add_mutually_exclusive_group()
556
 
    approve_deny_default.add_argument(
557
 
        "--approve-by-default", action="store_true",
558
 
        default=None, dest="approved_by_default",
559
 
        help="Set client to be approved by default")
560
 
    approve_deny_default.add_argument(
561
 
        "--deny-by-default", action="store_false",
562
 
        dest="approved_by_default",
563
 
        help="Set client to be denied by default")
 
314
    parser.add_argument("--approve-by-default", action="store_true",
 
315
                        default=None, dest="approved_by_default",
 
316
                        help="Set client to be approved by default")
 
317
    parser.add_argument("--deny-by-default", action="store_false",
 
318
                        dest="approved_by_default",
 
319
                        help="Set client to be denied by default")
564
320
    parser.add_argument("--approval-delay",
565
321
                        help="Set delay before client approve/deny")
566
322
    parser.add_argument("--approval-duration",
569
325
    parser.add_argument("-s", "--secret",
570
326
                        type=argparse.FileType(mode="rb"),
571
327
                        help="Set password blob (file) for client")
572
 
    approve_deny = parser.add_mutually_exclusive_group()
573
 
    approve_deny.add_argument(
574
 
        "-A", "--approve", action="store_true",
575
 
        help="Approve any current client request")
576
 
    approve_deny.add_argument("-D", "--deny", action="store_true",
577
 
                              help="Deny any current client request")
 
328
    parser.add_argument("-A", "--approve", action="store_true",
 
329
                        help="Approve any current client request")
 
330
    parser.add_argument("-D", "--deny", action="store_true",
 
331
                        help="Deny any current client request")
578
332
    parser.add_argument("--check", action="store_true",
579
333
                        help="Run self-test")
580
334
    parser.add_argument("client", nargs="*", help="Client name")
581
 
 
582
 
 
583
 
def commands_from_options(options):
584
 
 
585
 
    commands = []
586
 
 
587
 
    if options.dump_json:
588
 
        commands.append(DumpJSONCmd())
589
 
 
590
 
    if options.enable:
591
 
        commands.append(EnableCmd())
592
 
 
593
 
    if options.disable:
594
 
        commands.append(DisableCmd())
595
 
 
596
 
    if options.bump_timeout:
597
 
        commands.append(BumpTimeoutCmd())
598
 
 
599
 
    if options.start_checker:
600
 
        commands.append(StartCheckerCmd())
601
 
 
602
 
    if options.stop_checker:
603
 
        commands.append(StopCheckerCmd())
604
 
 
605
 
    if options.is_enabled:
606
 
        commands.append(IsEnabledCmd())
607
 
 
608
 
    if options.remove:
609
 
        commands.append(RemoveCmd())
610
 
 
611
 
    if options.checker is not None:
612
 
        commands.append(SetCheckerCmd())
613
 
 
614
 
    if options.timeout is not None:
615
 
        commands.append(SetTimeoutCmd(options.timeout))
616
 
 
617
 
    if options.extended_timeout:
618
 
        commands.append(
619
 
            SetExtendedTimeoutCmd(options.extended_timeout))
620
 
 
621
 
    if options.interval is not None:
622
 
        command.append(SetIntervalCmd(options.interval))
623
 
 
624
 
    if options.approved_by_default is not None:
625
 
        if options.approved_by_default:
626
 
            command.append(ApproveByDefaultCmd())
627
 
        else:
628
 
            command.append(DenyByDefaultCmd())
629
 
 
630
 
    if options.approval_delay is not None:
631
 
        command.append(SetApprovalDelayCmd(options.approval_delay))
632
 
 
633
 
    if options.approval_duration is not None:
634
 
        command.append(
635
 
            SetApprovalDurationCmd(options.approval_duration))
636
 
 
637
 
    if options.host is not None:
638
 
        command.append(SetHostCmd(options.host))
639
 
 
640
 
    if options.secret is not None:
641
 
        command.append(SetSecretCmd(options.secret))
642
 
 
643
 
    if options.approve:
644
 
        commands.append(ApproveCmd())
645
 
 
646
 
    if options.deny:
647
 
        commands.append(DenyCmd())
648
 
 
649
 
    # If no command option has been given, show table of clients,
650
 
    # optionally verbosely
651
 
    if not commands:
652
 
        commands.append(PrintTableCmd(verbose=options.verbose))
653
 
 
654
 
    return commands
655
 
 
656
 
 
657
 
def main():
658
 
    parser = argparse.ArgumentParser()
659
 
 
660
 
    add_command_line_options(parser)
661
 
 
662
335
    options = parser.parse_args()
663
336
 
664
337
    if has_actions(options) and not (options.client or options.all):
670
343
        parser.error("--dump-json can only be used alone.")
671
344
    if options.all and not has_actions(options):
672
345
        parser.error("--all requires an action.")
673
 
    if options.is_enabled and len(options.client) > 1:
674
 
        parser.error("--is-enabled requires exactly one client")
675
346
 
676
 
    clientnames = options.client
 
347
    if options.check:
 
348
        fail_count, test_count = doctest.testmod()
 
349
        sys.exit(os.EX_OK if fail_count == 0 else 1)
677
350
 
678
351
    try:
679
352
        bus = dbus.SystemBus()
680
353
        mandos_dbus_objc = bus.get_object(busname, server_path)
681
354
    except dbus.exceptions.DBusException:
682
 
        log.critical("Could not connect to Mandos server")
 
355
        print("Could not connect to Mandos server", file=sys.stderr)
683
356
        sys.exit(1)
684
357
 
685
358
    mandos_serv = dbus.Interface(mandos_dbus_objc,
687
360
    mandos_serv_object_manager = dbus.Interface(
688
361
        mandos_dbus_objc, dbus_interface=dbus.OBJECT_MANAGER_IFACE)
689
362
 
690
 
    # Filter out log message from dbus module
691
 
    dbus_logger = logging.getLogger("dbus.proxies")
692
 
    class NullFilter(logging.Filter):
693
 
        def filter(self, record):
694
 
            return False
695
 
    dbus_filter = NullFilter()
 
363
    # block stderr since dbus library prints to stderr
 
364
    null = os.open(os.path.devnull, os.O_RDWR)
 
365
    stderrcopy = os.dup(sys.stderr.fileno())
 
366
    os.dup2(null, sys.stderr.fileno())
 
367
    os.close(null)
696
368
    try:
697
 
        dbus_logger.addFilter(dbus_filter)
698
 
        mandos_clients = {path: ifs_and_props[client_interface]
699
 
                          for path, ifs_and_props in
700
 
                          mandos_serv_object_manager
701
 
                          .GetManagedObjects().items()
702
 
                          if client_interface in ifs_and_props}
 
369
        try:
 
370
            mandos_clients = {path: ifs_and_props[client_interface]
 
371
                              for path, ifs_and_props in
 
372
                              mandos_serv_object_manager
 
373
                              .GetManagedObjects().items()
 
374
                              if client_interface in ifs_and_props}
 
375
        finally:
 
376
            # restore stderr
 
377
            os.dup2(stderrcopy, sys.stderr.fileno())
 
378
            os.close(stderrcopy)
703
379
    except dbus.exceptions.DBusException as e:
704
 
        log.critical("Failed to access Mandos server through D-Bus:"
705
 
                     "\n%s", e)
 
380
        print("Access denied: "
 
381
              "Accessing mandos server through D-Bus: {}".format(e),
 
382
              file=sys.stderr)
706
383
        sys.exit(1)
707
 
    finally:
708
 
        # restore dbus logger
709
 
        dbus_logger.removeFilter(dbus_filter)
710
384
 
711
385
    # Compile dict of (clients: properties) to process
712
386
    clients = {}
713
387
 
714
 
    if not clientnames:
 
388
    if options.all or not options.client:
715
389
        clients = {bus.get_object(busname, path): properties
716
390
                   for path, properties in mandos_clients.items()}
717
391
    else:
718
 
        for name in clientnames:
 
392
        for name in options.client:
719
393
            for path, client in mandos_clients.items():
720
394
                if client["Name"] == name:
721
395
                    client_objc = bus.get_object(busname, path)
722
396
                    clients[client_objc] = client
723
397
                    break
724
398
            else:
725
 
                log.critical("Client not found on server: %r", name)
 
399
                print("Client not found on server: {!r}"
 
400
                      .format(name), file=sys.stderr)
726
401
                sys.exit(1)
727
402
 
728
 
    # Run all commands on clients
729
 
    commands = commands_from_options(options)
730
 
    for command in commands:
731
 
        command.run(mandos_serv, clients)
732
 
 
733
 
 
734
 
class Test_milliseconds_to_string(unittest.TestCase):
735
 
    def test_all(self):
736
 
        self.assertEqual(milliseconds_to_string(93785000),
737
 
                         "1T02:03:05")
738
 
    def test_no_days(self):
739
 
        self.assertEqual(milliseconds_to_string(7385000), "02:03:05")
740
 
    def test_all_zero(self):
741
 
        self.assertEqual(milliseconds_to_string(0), "00:00:00")
742
 
    def test_no_fractional_seconds(self):
743
 
        self.assertEqual(milliseconds_to_string(400), "00:00:00")
744
 
        self.assertEqual(milliseconds_to_string(900), "00:00:00")
745
 
        self.assertEqual(milliseconds_to_string(1900), "00:00:01")
746
 
 
747
 
class Test_string_to_delta(unittest.TestCase):
748
 
    def test_handles_basic_rfc3339(self):
749
 
        self.assertEqual(string_to_delta("PT2H"),
750
 
                         datetime.timedelta(0, 7200))
751
 
    def test_falls_back_to_pre_1_6_1_with_warning(self):
752
 
        # assertLogs only exists in Python 3.4
753
 
        if hasattr(self, "assertLogs"):
754
 
            with self.assertLogs(log, logging.WARNING):
755
 
                value = string_to_delta("2h")
756
 
        else:
757
 
            class WarningFilter(logging.Filter):
758
 
                """Don't show, but record the presence of, warnings"""
759
 
                def filter(self, record):
760
 
                    is_warning = record.levelno >= logging.WARNING
761
 
                    self.found = is_warning or getattr(self, "found",
762
 
                                                       False)
763
 
                    return not is_warning
764
 
            warning_filter = WarningFilter()
765
 
            log.addFilter(warning_filter)
766
 
            try:
767
 
                value = string_to_delta("2h")
768
 
            finally:
769
 
                log.removeFilter(warning_filter)
770
 
            self.assertTrue(getattr(warning_filter, "found", False))
771
 
        self.assertEqual(value, datetime.timedelta(0, 7200))
772
 
 
773
 
 
774
 
class TestCmd(unittest.TestCase):
775
 
    """Abstract class for tests of command classes"""
776
 
    def setUp(self):
777
 
        testcase = self
778
 
        class MockClient(object):
779
 
            def __init__(self, name, **attributes):
780
 
                self.__dbus_object_path__ = "objpath_{}".format(name)
781
 
                self.attributes = attributes
782
 
                self.attributes["Name"] = name
783
 
                self.calls = []
784
 
            def Set(self, interface, property, value, dbus_interface):
785
 
                testcase.assertEqual(interface, client_interface)
786
 
                testcase.assertEqual(dbus_interface,
787
 
                                     dbus.PROPERTIES_IFACE)
788
 
                self.attributes[property] = value
789
 
                self.calls.append(("Set", (interface, property, value,
790
 
                                           dbus_interface)))
791
 
            def Get(self, interface, property, dbus_interface):
792
 
                testcase.assertEqual(interface, client_interface)
793
 
                testcase.assertEqual(dbus_interface,
794
 
                                     dbus.PROPERTIES_IFACE)
795
 
                self.calls.append(("Get", (interface, property,
796
 
                                           dbus_interface)))
797
 
                return self.attributes[property]
798
 
            def Approve(self, approve, dbus_interface):
799
 
                testcase.assertEqual(dbus_interface, client_interface)
800
 
                self.calls.append(("Approve", (approve,
801
 
                                               dbus_interface)))
802
 
        self.client = MockClient(
803
 
            "foo",
804
 
            KeyID=("92ed150794387c03ce684574b1139a65"
805
 
                   "94a34f895daaaf09fd8ea90a27cddb12"),
806
 
            Secret=b"secret",
807
 
            Host="foo.example.org",
808
 
            Enabled=dbus.Boolean(True),
809
 
            Timeout=300000,
810
 
            LastCheckedOK="2019-02-03T00:00:00",
811
 
            Created="2019-01-02T00:00:00",
812
 
            Interval=120000,
813
 
            Fingerprint=("778827225BA7DE539C5A"
814
 
                         "7CFA59CFF7CDBD9A5920"),
815
 
            CheckerRunning=dbus.Boolean(False),
816
 
            LastEnabled="2019-01-03T00:00:00",
817
 
            ApprovalPending=dbus.Boolean(False),
818
 
            ApprovedByDefault=dbus.Boolean(True),
819
 
            LastApprovalRequest="",
820
 
            ApprovalDelay=0,
821
 
            ApprovalDuration=1000,
822
 
            Checker="fping -q -- %(host)s",
823
 
            ExtendedTimeout=900000,
824
 
            Expires="2019-02-04T00:00:00",
825
 
            LastCheckerStatus=0)
826
 
        self.other_client = MockClient(
827
 
            "barbar",
828
 
            KeyID=("0558568eedd67d622f5c83b35a115f79"
829
 
                   "6ab612cff5ad227247e46c2b020f441c"),
830
 
            Secret=b"secretbar",
831
 
            Host="192.0.2.3",
832
 
            Enabled=dbus.Boolean(True),
833
 
            Timeout=300000,
834
 
            LastCheckedOK="2019-02-04T00:00:00",
835
 
            Created="2019-01-03T00:00:00",
836
 
            Interval=120000,
837
 
            Fingerprint=("3E393AEAEFB84C7E89E2"
838
 
                         "F547B3A107558FCA3A27"),
839
 
            CheckerRunning=dbus.Boolean(True),
840
 
            LastEnabled="2019-01-04T00:00:00",
841
 
            ApprovalPending=dbus.Boolean(False),
842
 
            ApprovedByDefault=dbus.Boolean(False),
843
 
            LastApprovalRequest="2019-01-03T00:00:00",
844
 
            ApprovalDelay=30000,
845
 
            ApprovalDuration=1000,
846
 
            Checker=":",
847
 
            ExtendedTimeout=900000,
848
 
            Expires="2019-02-05T00:00:00",
849
 
            LastCheckerStatus=-2)
850
 
        self.clients =  collections.OrderedDict(
851
 
            [
852
 
                (self.client, self.client.attributes),
853
 
                (self.other_client, self.other_client.attributes),
854
 
            ])
855
 
        self.one_client = {self.client: self.client.attributes}
856
 
 
857
 
class TestPrintTableCmd(TestCmd):
858
 
    def test_normal(self):
859
 
        output = PrintTableCmd().output(self.clients)
860
 
        expected_output = """
861
 
Name   Enabled Timeout  Last Successful Check
862
 
foo    Yes     00:05:00 2019-02-03T00:00:00  
863
 
barbar Yes     00:05:00 2019-02-04T00:00:00  
864
 
"""[1:-1]
865
 
        self.assertEqual(output, expected_output)
866
 
    def test_verbose(self):
867
 
        output = PrintTableCmd(verbose=True).output(self.clients)
868
 
        expected_output = """
869
 
Name   Enabled Timeout  Last Successful Check Created             Interval Host            Key ID                                                           Fingerprint                              Check Is Running Last Enabled        Approval Is Pending Approved By Default Last Approval Request Approval Delay Approval Duration Checker              Extended Timeout Expires             Last Checker Status
870
 
foo    Yes     00:05:00 2019-02-03T00:00:00   2019-01-02T00:00:00 00:02:00 foo.example.org 92ed150794387c03ce684574b1139a6594a34f895daaaf09fd8ea90a27cddb12 778827225BA7DE539C5A7CFA59CFF7CDBD9A5920 No               2019-01-03T00:00:00 No                  Yes                                       00:00:00       00:00:01          fping -q -- %(host)s 00:15:00         2019-02-04T00:00:00 0                  
871
 
barbar Yes     00:05:00 2019-02-04T00:00:00   2019-01-03T00:00:00 00:02:00 192.0.2.3       0558568eedd67d622f5c83b35a115f796ab612cff5ad227247e46c2b020f441c 3E393AEAEFB84C7E89E2F547B3A107558FCA3A27 Yes              2019-01-04T00:00:00 No                  No                  2019-01-03T00:00:00   00:00:30       00:00:01          :                    00:15:00         2019-02-05T00:00:00 -2                 
872
 
"""[1:-1]
873
 
        self.assertEqual(output, expected_output)
874
 
    def test_one_client(self):
875
 
        output = PrintTableCmd().output(self.one_client)
876
 
        expected_output = """
877
 
Name Enabled Timeout  Last Successful Check
878
 
foo  Yes     00:05:00 2019-02-03T00:00:00  
879
 
"""[1:-1]
880
 
        self.assertEqual(output, expected_output)
881
 
 
882
 
class TestDumpJSONCmd(TestCmd):
883
 
    def setUp(self):
884
 
        self.expected_json = {
885
 
            "foo": {
886
 
                "Name": "foo",
887
 
                "KeyID": ("92ed150794387c03ce684574b1139a65"
888
 
                          "94a34f895daaaf09fd8ea90a27cddb12"),
889
 
                "Host": "foo.example.org",
890
 
                "Enabled": True,
891
 
                "Timeout": 300000,
892
 
                "LastCheckedOK": "2019-02-03T00:00:00",
893
 
                "Created": "2019-01-02T00:00:00",
894
 
                "Interval": 120000,
895
 
                "Fingerprint": ("778827225BA7DE539C5A"
896
 
                                "7CFA59CFF7CDBD9A5920"),
897
 
                "CheckerRunning": False,
898
 
                "LastEnabled": "2019-01-03T00:00:00",
899
 
                "ApprovalPending": False,
900
 
                "ApprovedByDefault": True,
901
 
                "LastApprovalRequest": "",
902
 
                "ApprovalDelay": 0,
903
 
                "ApprovalDuration": 1000,
904
 
                "Checker": "fping -q -- %(host)s",
905
 
                "ExtendedTimeout": 900000,
906
 
                "Expires": "2019-02-04T00:00:00",
907
 
                "LastCheckerStatus": 0,
908
 
            },
909
 
            "barbar": {
910
 
                "Name": "barbar",
911
 
                "KeyID": ("0558568eedd67d622f5c83b35a115f79"
912
 
                          "6ab612cff5ad227247e46c2b020f441c"),
913
 
                "Host": "192.0.2.3",
914
 
                "Enabled": True,
915
 
                "Timeout": 300000,
916
 
                "LastCheckedOK": "2019-02-04T00:00:00",
917
 
                "Created": "2019-01-03T00:00:00",
918
 
                "Interval": 120000,
919
 
                "Fingerprint": ("3E393AEAEFB84C7E89E2"
920
 
                                "F547B3A107558FCA3A27"),
921
 
                "CheckerRunning": True,
922
 
                "LastEnabled": "2019-01-04T00:00:00",
923
 
                "ApprovalPending": False,
924
 
                "ApprovedByDefault": False,
925
 
                "LastApprovalRequest": "2019-01-03T00:00:00",
926
 
                "ApprovalDelay": 30000,
927
 
                "ApprovalDuration": 1000,
928
 
                "Checker": ":",
929
 
                "ExtendedTimeout": 900000,
930
 
                "Expires": "2019-02-05T00:00:00",
931
 
                "LastCheckerStatus": -2,
932
 
            },
933
 
        }
934
 
        return super(TestDumpJSONCmd, self).setUp()
935
 
    def test_normal(self):
936
 
        json_data = json.loads(DumpJSONCmd().output(self.clients))
937
 
        self.assertDictEqual(json_data, self.expected_json)
938
 
    def test_one_client(self):
939
 
        clients = self.one_client
940
 
        json_data = json.loads(DumpJSONCmd().output(clients))
941
 
        expected_json = {"foo": self.expected_json["foo"]}
942
 
        self.assertDictEqual(json_data, expected_json)
943
 
 
944
 
class TestIsEnabledCmd(TestCmd):
945
 
    def test_is_enabled(self):
946
 
        self.assertTrue(all(IsEnabledCmd().is_enabled(client, properties)
947
 
                            for client, properties in self.clients.items()))
948
 
    def test_is_enabled_run_exits_successfully(self):
949
 
        with self.assertRaises(SystemExit) as e:
950
 
            IsEnabledCmd().run(None, self.one_client)
951
 
        if e.exception.code is not None:
952
 
            self.assertEqual(e.exception.code, 0)
953
 
        else:
954
 
            self.assertIsNone(e.exception.code)
955
 
    def test_is_enabled_run_exits_with_failure(self):
956
 
        self.client.attributes["Enabled"] = dbus.Boolean(False)
957
 
        with self.assertRaises(SystemExit) as e:
958
 
            IsEnabledCmd().run(None, self.one_client)
959
 
        if isinstance(e.exception.code, int):
960
 
            self.assertNotEqual(e.exception.code, 0)
961
 
        else:
962
 
            self.assertIsNotNone(e.exception.code)
963
 
 
964
 
class TestRemoveCmd(TestCmd):
965
 
    def test_remove(self):
966
 
        class MockMandos(object):
967
 
            def __init__(self):
968
 
                self.calls = []
969
 
            def RemoveClient(self, dbus_path):
970
 
                self.calls.append(("RemoveClient", (dbus_path,)))
971
 
        mandos = MockMandos()
972
 
        super(TestRemoveCmd, self).setUp()
973
 
        RemoveCmd().run(mandos, self.clients)
974
 
        self.assertEqual(len(mandos.calls), 2)
975
 
        for client in self.clients:
976
 
            self.assertIn(("RemoveClient",
977
 
                           (client.__dbus_object_path__,)),
978
 
                          mandos.calls)
979
 
 
980
 
class TestApproveCmd(TestCmd):
981
 
    def test_approve(self):
982
 
        ApproveCmd().run(None, self.clients)
983
 
        for client in self.clients:
984
 
            self.assertIn(("Approve", (True, client_interface)),
985
 
                          client.calls)
986
 
 
987
 
class TestDenyCmd(TestCmd):
988
 
    def test_deny(self):
989
 
        DenyCmd().run(None, self.clients)
990
 
        for client in self.clients:
991
 
            self.assertIn(("Approve", (False, client_interface)),
992
 
                          client.calls)
993
 
 
994
 
class TestEnableCmd(TestCmd):
995
 
    def test_enable(self):
996
 
        for client in self.clients:
997
 
            client.attributes["Enabled"] = False
998
 
 
999
 
        EnableCmd().run(None, self.clients)
1000
 
 
1001
 
        for client in self.clients:
1002
 
            self.assertTrue(client.attributes["Enabled"])
1003
 
 
1004
 
class TestDisableCmd(TestCmd):
1005
 
    def test_disable(self):
1006
 
        DisableCmd().run(None, self.clients)
1007
 
 
1008
 
        for client in self.clients:
1009
 
            self.assertFalse(client.attributes["Enabled"])
1010
 
 
1011
 
 
1012
 
 
1013
 
def should_only_run_tests():
1014
 
    parser = argparse.ArgumentParser(add_help=False)
1015
 
    parser.add_argument("--check", action='store_true')
1016
 
    args, unknown_args = parser.parse_known_args()
1017
 
    run_tests = args.check
1018
 
    if run_tests:
1019
 
        # Remove --check argument from sys.argv
1020
 
        sys.argv[1:] = unknown_args
1021
 
    return run_tests
1022
 
 
1023
 
# Add all tests from doctest strings
1024
 
def load_tests(loader, tests, none):
1025
 
    import doctest
1026
 
    tests.addTests(doctest.DocTestSuite())
1027
 
    return tests
 
403
    if not has_actions(options) and clients:
 
404
        if options.verbose or options.dump_json:
 
405
            keywords = ("Name", "Enabled", "Timeout", "LastCheckedOK",
 
406
                        "Created", "Interval", "Host", "Fingerprint",
 
407
                        "CheckerRunning", "LastEnabled",
 
408
                        "ApprovalPending", "ApprovedByDefault",
 
409
                        "LastApprovalRequest", "ApprovalDelay",
 
410
                        "ApprovalDuration", "Checker",
 
411
                        "ExtendedTimeout", "Expires",
 
412
                        "LastCheckerStatus")
 
413
        else:
 
414
            keywords = defaultkeywords
 
415
 
 
416
        if options.dump_json:
 
417
            json.dump({client["Name"]: {key:
 
418
                                        bool(client[key])
 
419
                                        if isinstance(client[key],
 
420
                                                      dbus.Boolean)
 
421
                                        else client[key]
 
422
                                        for key in keywords}
 
423
                       for client in clients.values()},
 
424
                      fp=sys.stdout, indent=4,
 
425
                      separators=(',', ': '))
 
426
            print()
 
427
        else:
 
428
            print_clients(clients.values(), keywords)
 
429
    else:
 
430
        # Process each client in the list by all selected options
 
431
        for client in clients:
 
432
 
 
433
            def set_client_prop(prop, value):
 
434
                """Set a Client D-Bus property"""
 
435
                client.Set(client_interface, prop, value,
 
436
                           dbus_interface=dbus.PROPERTIES_IFACE)
 
437
 
 
438
            def set_client_prop_ms(prop, value):
 
439
                """Set a Client D-Bus property, converted
 
440
                from a string to milliseconds."""
 
441
                set_client_prop(prop,
 
442
                                string_to_delta(value).total_seconds()
 
443
                                * 1000)
 
444
 
 
445
            if options.remove:
 
446
                mandos_serv.RemoveClient(client.__dbus_object_path__)
 
447
            if options.enable:
 
448
                set_client_prop("Enabled", dbus.Boolean(True))
 
449
            if options.disable:
 
450
                set_client_prop("Enabled", dbus.Boolean(False))
 
451
            if options.bump_timeout:
 
452
                set_client_prop("LastCheckedOK", "")
 
453
            if options.start_checker:
 
454
                set_client_prop("CheckerRunning", dbus.Boolean(True))
 
455
            if options.stop_checker:
 
456
                set_client_prop("CheckerRunning", dbus.Boolean(False))
 
457
            if options.is_enabled:
 
458
                if client.Get(client_interface, "Enabled",
 
459
                              dbus_interface=dbus.PROPERTIES_IFACE):
 
460
                    sys.exit(0)
 
461
                else:
 
462
                    sys.exit(1)
 
463
            if options.checker is not None:
 
464
                set_client_prop("Checker", options.checker)
 
465
            if options.host is not None:
 
466
                set_client_prop("Host", options.host)
 
467
            if options.interval is not None:
 
468
                set_client_prop_ms("Interval", options.interval)
 
469
            if options.approval_delay is not None:
 
470
                set_client_prop_ms("ApprovalDelay",
 
471
                                   options.approval_delay)
 
472
            if options.approval_duration is not None:
 
473
                set_client_prop_ms("ApprovalDuration",
 
474
                                   options.approval_duration)
 
475
            if options.timeout is not None:
 
476
                set_client_prop_ms("Timeout", options.timeout)
 
477
            if options.extended_timeout is not None:
 
478
                set_client_prop_ms("ExtendedTimeout",
 
479
                                   options.extended_timeout)
 
480
            if options.secret is not None:
 
481
                set_client_prop("Secret",
 
482
                                dbus.ByteArray(options.secret.read()))
 
483
            if options.approved_by_default is not None:
 
484
                set_client_prop("ApprovedByDefault",
 
485
                                dbus.Boolean(options
 
486
                                             .approved_by_default))
 
487
            if options.approve:
 
488
                client.Approve(dbus.Boolean(True),
 
489
                               dbus_interface=client_interface)
 
490
            elif options.deny:
 
491
                client.Approve(dbus.Boolean(False),
 
492
                               dbus_interface=client_interface)
 
493
 
1028
494
 
1029
495
if __name__ == "__main__":
1030
 
    if should_only_run_tests():
1031
 
        # Call using ./tdd-python-script --check [--verbose]
1032
 
        unittest.main()
1033
 
    else:
1034
 
        main()
 
496
    main()