## Version 0.4.34 Revision 141 (December 3rd, 2023)

* Closes #190 * Persist uid mappings on the client. This is required just in case the client restarts with no server active to enable process termination.
marcus67 · Mar 3, 2024 · 60267ee · 60267ee
1 parent d97b293
commit 60267ee
Show file tree

Hide file tree

Showing 32 changed files with 959 additions and 421 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -42,11 +42,11 @@ jobs:
       - store_artifacts:
           path: htmlcov
       - store_artifacts:
-          path: debian/little-brother_0.4.33_140.deb
+          path: debian/little-brother_0.4.34_141.deb
       - persist_to_workspace:
           root: debian
           paths:
-            - little-brother_0.4.33_140.deb
+            - little-brother_0.4.34_141.deb
   build_pypi:
     #working_directory: ~
     docker:
@@ -60,11 +60,11 @@ jobs:
       - run: git submodule update --init
       - run: PYTHONPATH=contrib/python_base_app python3 ci_toolbox.py --execute-stage BUILD --use-dev-dir=.
       - store_artifacts:
-          path: "dist/little-brother-0.4.33.tar.gz"
+          path: "dist/little-brother-0.4.34.tar.gz"
       - persist_to_workspace:
           root: dist
           paths:
-            - "little-brother-0.4.33.tar.gz"
+            - "little-brother-0.4.34.tar.gz"
   install_pypi:
     #working_directory: ~
     docker:

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -70,7 +70,7 @@ build_pypi:
   artifacts:
       when: always
       paths:
-        - dist/little-brother-0.4.33.tar.gz
+        - dist/little-brother-0.4.34.tar.gz
   variables:
     # Suppress automatic checkout for all sub modules
     GIT_SUBMODULE_STRATEGY: recursive

diff --git a/CHANGES.md b/CHANGES.md
@@ -4,6 +4,11 @@
 
 This document lists all changes of `LittleBrother` with the most recent changes at the top.
 
+## Version 0.4.34 Revision 141 (December 3rd, 2023)
+* Closes https://github.com/marcus67/little_brother/issues/190
+* Persist uid mappings on the client. This is required just in case the client
+  restarts with no server active to enable process termination.
+
 ## Version 0.4.33 Revision 140 (December 3rd, 2023)
 * Bump `urllib3` to 2.1.0 (CVE-2023-45803)
 * Bump `werkzeug` to 2.3.8 (CVE-2023-46136)

diff --git a/README.md b/README.md
@@ -17,21 +17,22 @@ that she can log out gracefully in time.
 
 The latest major feature changes are:
 
-| Version | Feature/Fix                                                  | (Issue) Link                                                         |
-|---------|--------------------------------------------------------------|----------------------------------------------------------------------|
-| 0.4.28  | *Bug Fix*: Remove incompatibility with Python 3.8            | [Issue 180](https://github.com/marcus67/little_brother/issues/180)   |
-| 0.4.23  | Optionally use `iptables` to restrict network access         | [Issue 169](https://github.com/marcus67/little_brother/issues/169)   |
-| 0.4.20  | *Bug Fix*: Use Python virtual environment again              | [Issue 170](https://github.com/marcus67/little_brother/issues/170)   |
-| 0.4.17  | *Bug Fix*: Remove incompatibility with new `alembic` version | [Issue 166](https://github.com/marcus67/little_brother/issues/166)   |
-| 0.4.16  | *Bug Fix*: Ignore invalid hosts during ping                  | [Issue 165](https://github.com/marcus67/little_brother/issues/165)   |
-| 0.4.15  | *Bug Fix*: Do not fail on Debian package upgrades            | [Issue 158](https://github.com/marcus67/little_brother/issues/158)   |
-| 0.4.14  | *Bug Fix*: Correct detection of users in master-only setups  | [Issue 163](https://github.com/marcus67/little_brother/issues/163)   |
-| 0.4.12  | *New*: Client process available as snap                      | [Snapcraft Support](https://github.com/marcus67/snap-little-brother) |
-| 0.4.9   | *New*: Automatic check for new versions of `LittleBrother`   | [Issue 150](https://github.com/marcus67/little_brother/issues/150)   |
-|         | *Improvement*: Separate LDAP search DN for groups and users  | [Issue 144](https://github.com/marcus67/little_brother/issues/144)   |
-|         | *Improvement*: Cache timeout for LDAP data                   | [Issue 138](https://github.com/marcus67/little_brother/issues/138)   |
-| 0.4.8   | *New*: Full support for requesting optional time by users    | [Issue 130](https://github.com/marcus67/little_brother/issues/130)   |
-| 0.4.4   | *New*: Use user specific patterns to prohibit applications   | [Issue 129](https://github.com/marcus67/little_brother/issues/129)   |
+| Version | Feature/Fix                                                   | (Issue) Link                                                         |
+|---------|---------------------------------------------------------------|----------------------------------------------------------------------|
+| 0.4.33  | Support partial persistence of basic user settings on clients | [Issue 190](https://github.com/marcus67/little_brother/issues/190)   |
+| 0.4.28  | *Bug Fix*: Remove incompatibility with Python 3.8             | [Issue 180](https://github.com/marcus67/little_brother/issues/180)   |
+| 0.4.23  | Optionally use `iptables` to restrict network access          | [Issue 169](https://github.com/marcus67/little_brother/issues/169)   |
+| 0.4.20  | *Bug Fix*: Use Python virtual environment again               | [Issue 170](https://github.com/marcus67/little_brother/issues/170)   |
+| 0.4.17  | *Bug Fix*: Remove incompatibility with new `alembic` version  | [Issue 166](https://github.com/marcus67/little_brother/issues/166)   |
+| 0.4.16  | *Bug Fix*: Ignore invalid hosts during ping                   | [Issue 165](https://github.com/marcus67/little_brother/issues/165)   |
+| 0.4.15  | *Bug Fix*: Do not fail on Debian package upgrades             | [Issue 158](https://github.com/marcus67/little_brother/issues/158)   |
+| 0.4.14  | *Bug Fix*: Correct detection of users in master-only setups   | [Issue 163](https://github.com/marcus67/little_brother/issues/163)   |
+| 0.4.12  | *New*: Client process available as snap                       | [Snapcraft Support](https://github.com/marcus67/snap-little-brother) |
+| 0.4.9   | *New*: Automatic check for new versions of `LittleBrother`    | [Issue 150](https://github.com/marcus67/little_brother/issues/150)   |
+|         | *Improvement*: Separate LDAP search DN for groups and users   | [Issue 144](https://github.com/marcus67/little_brother/issues/144)   |
+|         | *Improvement*: Cache timeout for LDAP data                    | [Issue 138](https://github.com/marcus67/little_brother/issues/138)   |
+| 0.4.8   | *New*: Full support for requesting optional time by users     | [Issue 130](https://github.com/marcus67/little_brother/issues/130)   |
+| 0.4.4   | *New*: Use user specific patterns to prohibit applications    | [Issue 129](https://github.com/marcus67/little_brother/issues/129)   |
 
 ## Contact
 

diff --git a/bin/generic-install.sh b/bin/generic-install.sh
@@ -135,20 +135,20 @@ fi
 PIP3=${SCRIPT_DIR}/pip3.sh
 chmod +x ${PIP3}
 echo "Downloading Pip packages to $LIB_DIR..."
-${PIP3} download -d $LIB_DIR --no-deps little_brother==0.4.33
+${PIP3} download -d $LIB_DIR --no-deps little_brother==0.4.34
 
 ${PIP3} download -d $LIB_DIR --no-deps python_base_app==0.2.50
 
 ${PIP3} download -d $LIB_DIR --no-deps some_flask_helpers==0.2.5
 
 
 echo "Checking if all Pip packages have been downloaded to $LIB_DIR..."
-if [ ! -f $LIB_DIR/little-brother-0.4.33.tar.gz ] ; then
-  echo "ERROR: package little-brother-0.4.33.tar.gz not found in $LIB_DIR!"
+if [ ! -f $LIB_DIR/little-brother-0.4.34.tar.gz ] ; then
+  echo "ERROR: package little-brother-0.4.34.tar.gz not found in $LIB_DIR!"
   echo "Download from test.pypi.org and execute again."
   exit 2
 else
-  echo "Package little-brother-0.4.33.tar.gz was found."
+  echo "Package little-brother-0.4.34.tar.gz was found."
 fi
 
 if [ ! -f $LIB_DIR/python-base-app-0.2.50.tar.gz ] ; then
@@ -274,18 +274,18 @@ chmod og-rwx /etc/little-brother/little-brother.config
 
 ${PIP3} install wheel # setuptools
 echo "Installing PIP packages..."
-echo "  * little-brother-0.4.33.tar.gz"
+echo "  * little-brother-0.4.34.tar.gz"
 echo "  * python-base-app-0.2.50.tar.gz"
 echo "  * some-flask-helpers-0.2.5.tar.gz"
 # see https://stackoverflow.com/questions/19548957/can-i-force-pip-to-reinstall-the-current-version
 ${PIP3} install --upgrade --ignore-installed \
-     ${LIB_DIR}/little-brother-0.4.33.tar.gz\
+     ${LIB_DIR}/little-brother-0.4.34.tar.gz\
      ${LIB_DIR}/python-base-app-0.2.50.tar.gz\
      ${LIB_DIR}/some-flask-helpers-0.2.5.tar.gz
 
 
-echo "Removing installation file ${LIB_DIR}/little-brother-0.4.33.tar.gz..."
-rm ${LIB_DIR}/little-brother-0.4.33.tar.gz
+echo "Removing installation file ${LIB_DIR}/little-brother-0.4.34.tar.gz..."
+rm ${LIB_DIR}/little-brother-0.4.34.tar.gz
 echo "Removing installation file ${LIB_DIR}/python-base-app-0.2.50.tar.gz..."
 rm ${LIB_DIR}/python-base-app-0.2.50.tar.gz
 echo "Removing installation file ${LIB_DIR}/some-flask-helpers-0.2.5.tar.gz..."

diff --git a/etc/client.config b/etc/client.config
@@ -1,4 +1,4 @@
-#    Copyright (C) 2019  Marcus Rickert
+#    Copyright (C) 2019-2024  Marcus Rickert
 #
 #    See https://github.com/marcus67/little_brother
 #
@@ -54,6 +54,12 @@ access_token=SOME_LONG_AND_SECRET_TOKEN
 # Note that the client(s) should ALWAYS use sqlite backend no matter which kind of backend the master will use!
 database_driver=sqlite
 
+# Set the directory where the sqlite database will be placed. If empty it will be placed by the driver.
+# sqlite_dir = /tmp
+
+# Set the filename for the sqlite database if the directory is set (see above).
+# sqlite_filename=little-brother-ide-slave.sqlite.db
+
 # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 # Note that the audio handling by the client process is obsolete. Use the little-brother-taskbar instead.
 # See https://pypi.org/project/little-brother-taskbar/

diff --git a/etc/master.config b/etc/master.config
@@ -1,4 +1,4 @@
-#    Copyright (C) 2019  Marcus Rickert
+#    Copyright (C) 2019-2024  Marcus Rickert
 #
 #    See https://github.com/marcus67/little_brother
 #
@@ -163,11 +163,11 @@ check_interval = 5
 # Password of the user above (plain text, mandatory)
 #ldap_bind_password = somesecret
 
-# Distinguished name of the sub tree containing Posix users and groups (mandatory). It is only used for groups
+# Distinguished name of the subtree containing Posix users and groups (mandatory). It is only used for groups
 # if ldap_group_search_base_dn is not set!
 #ldap_search_base_dn = dc=acme,dc=com
 
-# Distinguished name of the sub tree containing Posix groups (optional)
+# Distinguished name of the subtree containing Posix groups (optional)
 #ldap_group_search_base_dn = dc=acme,dc=com
 
 # Name (cn) of the group containing all normal users to be offered for monitoring (optional)
@@ -176,10 +176,10 @@ check_interval = 5
 # Name (cn) of the group containing all admin users to be offered for monitoring (mandatory)
 #ldap_admin_group_name = little-brother-admins
 
-# Name of the LDAP class to be filter for when looking for users. Defaults to 'posixAccount'
+# Name of the LDAP class to filter for when looking for users. Defaults to 'posixAccount'
 #ldap_user_object_class = posixAccount
 
-# Name of the LDAP class to be filter for when looking for groups. Defaults to 'posixGroup'
+# Name of the LDAP class to filter for when looking for groups. Defaults to 'posixGroup'
 #ldap_group_object_class = posixGroup
 
 
@@ -190,7 +190,9 @@ check_interval = 5
 # For more information on how to configure the database driver see https://docs.sqlalchemy.org/en/13/core/engines.html
 #
 database_driver=sqlite
+# Set the directory where the sqlite database will be placed. If empty it will be placed by the driver.
 sqlite_dir=/var/spool/little-brother
+# Set the filename for the sqlite database if the directory is set (see above).
 sqlite_filename=little-brother.sqlite.db
 # Set the name of the database host. Default: 'localhost'
 #database_host = some.other.host

diff --git a/little_brother/alembic/env.py b/little_brother/alembic/env.py
@@ -7,7 +7,7 @@
     persistent_process_info, \
     persistent_daily_user_status, persistent_user, persistent_rule_set, persistent_rule_override, \
     persistent_time_extension, \
-    persistent_admin_event, persistence
+    persistent_admin_event, persistence, persistent_uid_mapping
 
 # *************************************************************************************************
 # IMPORTANT

diff --git a/little_brother/alembic/versions/8802c76063af_add_uid_mapping.py b/little_brother/alembic/versions/8802c76063af_add_uid_mapping.py
@@ -0,0 +1,35 @@
+"""add uid_mapping
+
+Revision ID: 8802c76063af
+Revises: ed5e0310d209
+Create Date: 2024-03-03 00:34:29.499898
+
+"""
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision = '8802c76063af'
+down_revision = 'ed5e0310d209'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('uid_mapping',
+    sa.Column('id', sa.Integer(), nullable=False),
+    sa.Column('uid', sa.Integer(), nullable=False),
+    sa.Column('username', sa.String(length=64), nullable=False),
+    sa.Column('server_group', sa.String(length=64), nullable=False),
+    sa.PrimaryKeyConstraint('id')
+    )
+    with op.batch_alter_table('uid_mapping', schema=None) as batch_op:
+        batch_op.create_unique_constraint('uid_server_group', ('uid', 'server_group'))
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table('uid_mapping')
+    # ### end Alembic commands ###
diff --git a/little_brother/api/master_connector.py b/little_brother/api/master_connector.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 
-# Copyright (C) 2019  Marcus Rickert
+# Copyright (C) 2019-2024  Marcus Rickert
 #
 # See https://github.com/marcus67/little_brother
 # This program is free software; you can redistribute it and/or modify
@@ -16,6 +16,7 @@
 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 
 import json
+from typing import Optional
 
 from little_brother import constants, user_status
 from python_base_app import base_rest_api_access
@@ -114,7 +115,7 @@ def request_status(self, p_username):
         return result
 
     # Note: the following method is functionally identical the method in little_brother_taskbar/status_connector.py
-    def request_time_extension(self, p_username:str, p_access_code:str, p_extension_length:int) -> int:
+    def request_time_extension(self, p_username: Optional[str], p_access_code: str, p_extension_length: int) -> int:
 
         url = self._get_api_url(constants.API_REL_URL_REQUEST_TIME_EXTENSION)
 
@@ -139,4 +140,3 @@ def request_time_extension(self, p_username:str, p_access_code:str, p_extension_
             return constants.HTTP_STATUS_CODE_NOT_FOUND
 
         return constants.HTTP_STATUS_CODE_OK
-
diff --git a/little_brother/app.py b/little_brother/app.py
@@ -49,6 +49,7 @@
 from little_brother.persistence.persistent_rule_set_entity_manager import RuleSetEntityManager
 from little_brother.persistence.persistent_time_extension_entity_manager import TimeExtensionEntityManager
 from little_brother.persistence.persistent_user import User
+from little_brother.persistence.session_context import SessionContext
 from little_brother.prometheus import PrometheusClient, PrometheusClientConfigModel, \
     SECTION_NAME as PROMETHEUS_SECTION_NAME
 from little_brother.rule_handler import RuleHandler
@@ -342,7 +343,12 @@ def prepare_services(self, p_full_startup=True):
         dependency_injection.container[BaseUserHandler] = self._user_handler
 
         self._login_mapping = login_mapping.LoginMapping()
-        self._login_mapping.read_from_configuration(p_login_mapping_section_handler=self._login_mapping_section_handler)
+
+        with SessionContext(p_persistence=self._persistence) as session_context:
+
+            self._login_mapping.read_from_configuration(
+                p_login_mapping_section_handler=self._login_mapping_section_handler,
+                p_session_context=session_context)
 
         self._admin_data_handler = AdminDataHandler(p_config=self._config[APP_CONTROL_SECTION_NAME])
 

diff --git a/little_brother/app_control.py b/little_brother/app_control.py
@@ -17,11 +17,11 @@
 
 import datetime
 import socket
+import sys
+import time
 
 import distro
 import prometheus_client
-import sys
-import time
 
 from little_brother import admin_event
 from little_brother import client_stats
@@ -268,7 +268,8 @@ def set_metrics(self):
 
     def check(self):
 
-        self._user_manager.retrieve_user_mappings()
+        with SessionContext(p_persistence=self.persistence) as session_context:
+            self._user_manager.retrieve_user_mappings(p_session_context=session_context)
 
         reference_time = datetime.datetime.now()
 
@@ -284,13 +285,24 @@ def check(self):
             self.check_network()
             self._event_handler.process_queue()
 
+
+    # def load_offline_users(self):
+    #
+    #     self._logger.info("Loading offline users to ensure termination of active processes while network is down "
+    #                       "or server is not available.")
+    #     self._logger.info(f"Currently configured users: {self._}")
+    #
+    #     with SessionContext(p_persistence=self.persistence) as session_context:
+    #         self._user_manager.reset_users(p_session_context=session_context)
+
     def check_network(self):
 
         time_since_last_send = int((tools.get_current_time() - self._time_last_successful_send_events).total_seconds())
 
-        if self._config.warning_time_without_send_events <= time_since_last_send < self._config.maximum_time_without_send_events:
-            msg = "No successful send events for {seconds} seconds"
-            self._logger.warning(msg.format(seconds=time_since_last_send))
+        if (self._config.warning_time_without_send_events <= time_since_last_send <
+                self._config.maximum_time_without_send_events):
+            self._logger.warning(f"No successful send events for {time_since_last_send} seconds")
+            #self.load_offline_users()
 
         elif time_since_last_send >= self._config.maximum_time_without_send_events:
             self._process_handler_manager.queue_artificial_kill_events()
@@ -378,7 +390,10 @@ def update_client_info(self, p_hostname, p_client_stats=None, p_suppress_send_st
                                      )
             self._client_infos[p_hostname] = client_info
             self.send_config_to_client(p_hostname)
-            self._user_manager.send_login_mapping_to_client(p_hostname)
+
+            with SessionContext(p_persistence=self.persistence) as session_context:
+                self._user_manager.send_login_mapping_to_client(p_session_context=session_context,
+                                                                p_hostname=p_hostname)
 
         client_info.last_message = tools.get_current_time()
         client_info.client_stats = p_client_stats
@@ -387,7 +402,11 @@ def handle_event_start_client(self, p_event):
 
         self.update_client_info(p_event.hostname, p_suppress_send_state_update=True)
         self.send_config_to_client(p_event.hostname)
-        self._user_manager.send_login_mapping_to_client(p_event.hostname)
+
+        with SessionContext(p_persistence=self.persistence) as session_context:
+            self._user_manager.send_login_mapping_to_client(p_session_context=session_context,
+                                                            p_hostname=p_event.hostname)
+
         self._process_handler_manager.send_historic_process_infos()
 
     def handle_event_start_master(self, p_event):