/mandos/trunk : revision 907

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-ctl

Committer: Teddy Hogeborn
Date: 2017-08-20 16:20:54 UTC
Revision ID: teddy@recompile.se-20170820162054-jwig602syxx2k4l0

Alter copyright notices slightly.  Actual license is unchanged!

This alters all copyright notices to use the Free Software
Foundation's recommendations for license notices; from
<https://www.gnu.org/licenses/gpl-howto.html>:

  For programs that are more than one file, it is better to replace
  “this program” with the name of the program, and begin the statement
  with a line saying “This file is part of NAME”.

* DBUS-API: Use program name "Mandos" explicitly in license notice.
* debian/copyright: - '' -
* initramfs-unpack: - '' -
* legalnotice.xml: - '' -
* mandos: - '' -
* mandos-ctl: - '' -
* mandos-keygen: - '' -
* mandos-monitor: - '' -
* plugin-helpers/mandos-client-iprouteadddel.c: - '' -
* plugin-runner.c: - '' -
* plugins.d/askpass-fifo.c: - '' -
* plugins.d/mandos-client.c: - '' -
* plugins.d/password-prompt.c: - '' -
* plugins.d/plymouth.c: - '' -
* plugins.d/splashy.c: - '' -
* plugins.d/usplash.c: - '' -

files added:
initramfs-tools-hook-conf

files removed:
debian/mandos-client.templates

debian/mandos.templates

initramfs-tools-conf

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

files modified:
DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos-ctl

#!/usr/bin/python

# -*- mode: python; coding: utf-8; after-save-hook: (lambda () (let ((command (if (and (boundp 'tramp-file-name-structure) (string-match (car tramp-file-name-structure) (buffer-file-name))) (tramp-file-name-localname (tramp-dissect-file-name (buffer-file-name))) (buffer-file-name)))) (if (= (shell-command (format "%s --check" (shell-quote-argument command)) "*Test*") 0) (let ((w (get-buffer-window "*Test*"))) (if w (delete-window w)) (kill-buffer "*Test*")) (display-buffer "*Test*")))); -*-

# -*- mode: python; coding: utf-8 -*-

# Mandos Monitor - Control and monitor the Mandos server

# This file is part of Mandos.

import os

import collections

import json

import unittest

import logging

import dbus

# Show warnings by default

if not sys.warnoptions:

import warnings

warnings.simplefilter("default")

log = logging.getLogger(sys.argv[0])

logging.basicConfig(level="INFO", # Show info level messages

format="%(message)s") # Show basic log messages

logging.captureWarnings(True) # Show warnings via the logging system

if sys.version_info.major == 2:

str = unicode

"Interval": "Interval",

"Host": "Host",

"Fingerprint": "Fingerprint",

"KeyID": "Key ID",

"CheckerRunning": "Check Is Running",

"LastEnabled": "Last Enabled",

"ApprovalPending": "Approval Is Pending",

server_path = "/"

server_interface = domain + ".Mandos"

client_interface = domain + ".Mandos.Client"

version = "1.8.3"

version = "1.7.15"

try:

116

102

datetime.timedelta(0, 60)

117

103

>>> rfc3339_duration_to_delta("PT60M")

118

104

datetime.timedelta(0, 3600)

119

>>> rfc3339_duration_to_delta("P60M")

120

datetime.timedelta(1680)

121

105

>>> rfc3339_duration_to_delta("PT24H")

122

106

datetime.timedelta(1)

123

107

>>> rfc3339_duration_to_delta("P1W")

126

110

datetime.timedelta(0, 330)

127

111

>>> rfc3339_duration_to_delta("P1DT3M20S")

128

112

datetime.timedelta(1, 200)

129

>>> # Can not be empty:

130

>>> rfc3339_duration_to_delta("")

131

Traceback (most recent call last):

132

...

133

ValueError: Invalid RFC 3339 duration: u''

134

>>> # Must start with "P":

135

>>> rfc3339_duration_to_delta("1D")

136

Traceback (most recent call last):

137

...

138

ValueError: Invalid RFC 3339 duration: u'1D'

139

>>> # Must use correct order

140

>>> rfc3339_duration_to_delta("PT1S2M")

141

Traceback (most recent call last):

142

...

143

ValueError: Invalid RFC 3339 duration: u'PT1S2M'

144

>>> # Time needs time marker

145

>>> rfc3339_duration_to_delta("P1H2S")

146

Traceback (most recent call last):

147

...

148

ValueError: Invalid RFC 3339 duration: u'P1H2S'

149

>>> # Weeks can not be combined with anything else

150

>>> rfc3339_duration_to_delta("P1D2W")

151

Traceback (most recent call last):

152

...

153

ValueError: Invalid RFC 3339 duration: u'P1D2W'

154

>>> rfc3339_duration_to_delta("P2W2H")

155

Traceback (most recent call last):

156

...

157

ValueError: Invalid RFC 3339 duration: u'P2W2H'

158

113

"""

159

114

160

115

# Parsing an RFC 3339 duration with regular expressions is not

239

194

240

195

def string_to_delta(interval):

241

196

"""Parse a string and return a datetime.timedelta

197

198

>>> string_to_delta('7d')

199

datetime.timedelta(7)

200

>>> string_to_delta('60s')

201

datetime.timedelta(0, 60)

202

>>> string_to_delta('60m')

203

datetime.timedelta(0, 3600)

204

>>> string_to_delta('24h')

205

datetime.timedelta(1)

206

>>> string_to_delta('1w')

207

datetime.timedelta(7)

208

>>> string_to_delta('5m 30s')

209

datetime.timedelta(0, 330)

242

210

"""

243

211

244

212

try:

245

213

return rfc3339_duration_to_delta(interval)

246

except ValueError as e:

247

log.warning("%s - Parsing as pre-1.6.1 interval instead",

248

' '.join(e.args))

249

return parse_pre_1_6_1_interval(interval)

250

251

252

def parse_pre_1_6_1_interval(interval):

253

"""Parse an interval string as documented by Mandos before 1.6.1, and

254

return a datetime.timedelta

255

>>> parse_pre_1_6_1_interval('7d')

256

datetime.timedelta(7)

257

>>> parse_pre_1_6_1_interval('60s')

258

datetime.timedelta(0, 60)

259

>>> parse_pre_1_6_1_interval('60m')

260

datetime.timedelta(0, 3600)

261

>>> parse_pre_1_6_1_interval('24h')

262

datetime.timedelta(1)

263

>>> parse_pre_1_6_1_interval('1w')

264

datetime.timedelta(7)

265

>>> parse_pre_1_6_1_interval('5m 30s')

266

datetime.timedelta(0, 330)

267

>>> parse_pre_1_6_1_interval('')

268

datetime.timedelta(0)

269

>>> # Ignore unknown characters, allow any order and repetitions

270

>>> parse_pre_1_6_1_interval('2dxy7zz11y3m5m')

271

datetime.timedelta(2, 480, 18000)

272

273

"""

214

except ValueError:

215

pass

274

216

275

217

value = datetime.timedelta(0)

276

218

regexp = re.compile(r"(\d+)([dsmhw]?)")

293

235

294

236

def print_clients(clients, keywords):

295

237

def valuetostring(value, keyword):

296

if isinstance(value, dbus.Boolean):

238

if type(value) is dbus.Boolean:

297

239

return "Yes" if value else "No"

298

240

if keyword in ("Timeout", "Interval", "ApprovalDelay",

299

241

"ApprovalDuration", "ExtendedTimeout"):

402

344

if options.all and not has_actions(options):

403

345

parser.error("--all requires an action.")

404

346

347

if options.check:

348

import doctest

349

fail_count, test_count = doctest.testmod()

350

sys.exit(os.EX_OK if fail_count == 0 else 1)

351

405

352

try:

406

353

bus = dbus.SystemBus()

407

354

mandos_dbus_objc = bus.get_object(busname, server_path)

408

355

except dbus.exceptions.DBusException:

409

log.critical("Could not connect to Mandos server")

356

print("Could not connect to Mandos server", file=sys.stderr)

410

357

sys.exit(1)

411

358

412

359

mandos_serv = dbus.Interface(mandos_dbus_objc,

431

378

os.dup2(stderrcopy, sys.stderr.fileno())

432

379

os.close(stderrcopy)

433

380

except dbus.exceptions.DBusException as e:

434

log.critical("Failed to access Mandos server through D-Bus:"

435

"\n%s", e)

381

print("Access denied: "

382

"Accessing mandos server through D-Bus: {}".format(e),

383

file=sys.stderr)

436

384

sys.exit(1)

437

385

438

386

# Compile dict of (clients: properties) to process

449

397

clients[client_objc] = client

450

398

break

451

399

else:

452

log.critical("Client not found on server: %r", name)

400

print("Client not found on server: {!r}"

401

.format(name), file=sys.stderr)

453

402

sys.exit(1)

454

403

455

404

if not has_actions(options) and clients:

456

405

if options.verbose or options.dump_json:

457

406

keywords = ("Name", "Enabled", "Timeout", "LastCheckedOK",

458

"Created", "Interval", "Host", "KeyID",

459

"Fingerprint", "CheckerRunning",

460

"LastEnabled", "ApprovalPending",

461

"ApprovedByDefault", "LastApprovalRequest",

462

"ApprovalDelay", "ApprovalDuration",

463

"Checker", "ExtendedTimeout", "Expires",

407

"Created", "Interval", "Host", "Fingerprint",

408

"CheckerRunning", "LastEnabled",

409

"ApprovalPending", "ApprovedByDefault",

410

"LastApprovalRequest", "ApprovalDelay",

411

"ApprovalDuration", "Checker",

412

"ExtendedTimeout", "Expires",

464

413

"LastCheckerStatus")

465

414

else:

466

415

keywords = defaultkeywords

543

492

client.Approve(dbus.Boolean(False),

544

493

dbus_interface=client_interface)

545

494

546

547

class Test_milliseconds_to_string(unittest.TestCase):

548

def test_all(self):

549

self.assertEqual(milliseconds_to_string(93785000),

550

"1T02:03:05")

551

def test_no_days(self):

552

self.assertEqual(milliseconds_to_string(7385000), "02:03:05")

553

def test_all_zero(self):

554

self.assertEqual(milliseconds_to_string(0), "00:00:00")

555

def test_no_fractional_seconds(self):

556

self.assertEqual(milliseconds_to_string(400), "00:00:00")

557

self.assertEqual(milliseconds_to_string(900), "00:00:00")

558

self.assertEqual(milliseconds_to_string(1900), "00:00:01")

559

560

561

def should_only_run_tests():

562

parser = argparse.ArgumentParser(add_help=False)

563

parser.add_argument("--check", action='store_true')

564

args, unknown_args = parser.parse_known_args()

565

run_tests = args.check

566

if run_tests:

567

# Remove --check argument from sys.argv

568

sys.argv[1:] = unknown_args

569

return run_tests

570

571

# Add all tests from doctest strings

572

def load_tests(loader, tests, none):

573

import doctest

574

tests.addTests(doctest.DocTestSuite())

575

return tests

576

495

577

496

if __name__ == "__main__":

578

if should_only_run_tests():

579

# Call using ./tdd-python-script --check [--verbose]

580

unittest.main()

581

else:

582

main()

497

main()

Older »