encryptionprovider-deb: passwordreceiver.py@28b7682d5476 (annotated)

ft@0	1	#!/usr/bin/python
ft@0	2
ft@0	3	# ------------------------------------------------------------
ft@0	4	# opensecurity package file
ft@0	5	#
ft@0	6	# Autor: X-Net Services GmbH <office@x-net.at>
ft@0	7	#
ft@0	8	# Copyright 2013-2014 X-Net and AIT Austrian Institute of Technology
ft@0	9	#
ft@0	10	#
ft@0	11	# X-Net Technologies GmbH
ft@0	12	# Elisabethstrasse 1
ft@0	13	# 4020 Linz
ft@0	14	# AUSTRIA
ft@0	15	# https://www.x-net.at
ft@0	16	#
ft@0	17	# AIT Austrian Institute of Technology
ft@0	18	# Donau City Strasse 1
ft@0	19	# 1220 Wien
ft@0	20	# AUSTRIA
ft@0	21	# http://www.ait.ac.at
ft@0	22	#
ft@0	23	#
ft@0	24	# Licensed under the Apache License, Version 2.0 (the "License");
ft@0	25	# you may not use this file except in compliance with the License.
ft@0	26	# You may obtain a copy of the License at
ft@0	27	#
ft@0	28	# http://www.apache.org/licenses/LICENSE-2.0
ft@0	29	#
ft@0	30	# Unless required by applicable law or agreed to in writing, software
ft@0	31	# distributed under the License is distributed on an "AS IS" BASIS,
ft@0	32	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
ft@0	33	# See the License for the specific language governing permissions and
ft@0	34	# limitations under the License.
ft@0	35	# ------------------------------------------------------------
ft@0	36
ft@0	37
ft@0	38	import subprocess
ft@0	39	import web
ft@0	40	import netifaces
ft@0	41	import os
ft@0	42	import sys
ft@0	43	import base64
ft@0	44	#import logging
ft@0	45
ft@0	46	opensecurity_urls = (
ft@0	47	'/password', 'os_password',
ft@0	48	'/init', 'os_init'
ft@0	49	)
ft@0	50
ft@0	51	#__LOG = logging.getLogger("passwordreceiver")
ft@0	52
ft@0	53	class os_password:
ft@0	54
ft@0	55	# delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)
ft@0	56	def deleteKeyfile(self, keyfilepath):
ft@0	57	filesize = os.path.getsize(keyfilepath)
ft@0	58	keyfile = open (keyfilepath, "w+")
ft@0	59	for i in range (0, 10):
ft@0	60	keyfile.seek(0)
ft@0	61	keyfile.write(os.urandom(filesize))
ft@0	62	keyfile.flush()
ft@0	63	keyfile.close()
ft@0	64	os.remove(keyfilepath)
ft@0	65
ft@0	66
ft@0	67	def GET(self, settings):
ft@0	68	return self.POST(settings)
ft@0	69
ft@0	70	def POST(self, settings):
ft@0	71
ft@0	72	# pick the arguments
ft@0	73	args = web.input()
ft@0	74
ft@0	75	if not "password" in args:
ft@0	76	raise web.badrequest()
ft@0	77
ft@0	78	if "keyfile" in args:
ft@0	79	keyfile = open (settings["keyfilepath"], "w+")
ft@0	80	keyfile.write(base64.b64decode(args["keyfile"]))
ft@0	81	keyfile.close()
ft@0	82	command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]
ft@0	83	else:
ft@0	84	command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]
ft@0	85
ft@0	86	process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
ft@0	87	retval = process.wait()
ft@0	88	( stdout, stderr ) = process.communicate()
ft@0	89
ft@0	90	if "keyfile" in args:
ft@0	91	self.deleteKeyfile(settings["keyfilepath"])
ft@0	92
ft@0	93	if (retval != 0):
ft@0	94	raise web.badrequest(stderr)
ft@0	95
ft@0	96	return "Success: Encrypted Stick is mounted"
ft@0	97
ft@0	98	class os_init:
ft@0	99	# delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)
ft@0	100	def deleteKeyfile(self, keyfilepath):
ft@0	101	filesize = os.path.getsize(keyfilepath)
ft@0	102	keyfile = open (keyfilepath, "w+")
ft@0	103	for i in range (0, 10):
ft@0	104	keyfile.seek(0)
ft@0	105	keyfile.write(os.urandom(filesize))
ft@0	106	keyfile.flush()
ft@0	107	keyfile.close()
ft@0	108	os.remove(keyfilepath)
ft@0	109
ft@0	110	def runPreInitScript(self, preinitscript, device):
ft@0	111	#__LOG.debug("Start preinit Script")
ft@0	112
ft@0	113	command = [preinitscript, device]
ft@0	114	process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
ft@0	115	retval = process.wait()
ft@0	116	( stdout, stderr ) = process.communicate()
ft@0	117
ft@0	118	#__LOG.debug("preinit done result: %s" %(retval,))
ft@0	119
ft@0	120	if (retval != 0):
ft@0	121	raise web.badrequest(stderr)
ft@0	122
ft@0	123	def runPostInitScript(self, postinitscript):
ft@0	124	#__LOG.debug("Start postinit Script")
ft@0	125
ft@0	126	command = [postinitscript]
ft@0	127	process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
ft@0	128	retval = process.wait()
ft@0	129	( stdout, stderr ) = process.communicate()
ft@0	130
ft@0	131	#__LOG.debug("postinit done result: %s" %(retval,))
ft@0	132
ft@0	133	if (retval != 0):
ft@0	134	raise web.badrequest(stderr)
ft@0	135
ft@0	136	def GET(self, settings):
ft@0	137	return self.POST(settings)
ft@0	138
ft@0	139	def POST(self, settings):
ft@0	140
ft@0	141	# pick the arguments
ft@0	142	args = web.input()
ft@0	143
ft@0	144	if not "password" in args:
ft@0	145	raise web.badrequest()
ft@0	146
ft@0	147	# Do the preinit stuff
ft@0	148	self.runPreInitScript(settings["preinitscript"], settings["device"])
ft@0	149
ft@0	150	if "keyfile" in args:
ft@0	151	keyfile = open (settings["keyfilepath"], "w+")
ft@0	152	keyfile.write(base64.b64decode(args["keyfile"]))
ft@0	153	keyfile.close()
ft@0	154	command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]
ft@0	155	else:
ft@0	156	command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]
ft@0	157
ft@0	158	#__LOG.debug("Start init script")
ft@0	159
ft@0	160	process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
ft@0	161	retval = process.wait()
ft@0	162	( stdout, stderr ) = process.communicate()
ft@0	163
ft@0	164	if "keyfile" in args:
ft@0	165	self.deleteKeyfile(settings["keyfilepath"])
ft@0	166
ft@0	167	#__LOG.debug("init done result: %s" %(retval,))
ft@0	168
ft@0	169	if (retval != 0):
ft@0	170	raise web.badrequest(stderr)
ft@0	171
ft@0	172	# Do the postinit stuff
ft@0	173	self.runPostInitScript(settings["postinitscript"])
ft@0	174
ft@0	175	return "Success: Stick is initialized and mounted"
ft@0	176
ft@0	177	class MyRestListener(web.application):
ft@0	178	def __init__(self, mapping=(), fvars={}, autoreload=None, script=None, device=None, mountpoint=None, tries=None, keyfilepath=None, preinitscript=None, postinitscript=None):
ft@0	179	web.application.__init__(self, mapping, fvars, autoreload)
ft@0	180	self.device = device
ft@0	181	self.mountpoint = mountpoint
ft@0	182	self.script = script
ft@0	183	self.tries = tries
ft@0	184	self.keyfilepath = keyfilepath
ft@0	185	self.preinitscript = preinitscript
ft@0	186	self.postinitscript = postinitscript
ft@0	187
ft@0	188	def run(self, interface, port, *middleware):
ft@0	189	func = self.wsgifunc(*middleware)
ft@0	190	ifaceip = netifaces.ifaddresses(interface)[2][0]["addr"]
ft@0	191	return web.httpserver.runsimple(func, (ifaceip, port))
ft@0	192
ft@0	193	def handle(self):
ft@0	194	fn, args = self._match(self.mapping, web.ctx.path)
ft@0	195	args.append({"script": self.script, "device": self.device, "mountpoint": self.mountpoint, "tries": self.tries, "keyfilepath": self.keyfilepath, "preinitscript": self.preinitscript, "postinitscript": self.postinitscript})
ft@0	196	return self._delegate(fn, self.fvars, args)

author	ft
	Tue, 04 Nov 2014 18:26:39 +0100
changeset 0	28b7682d5476
child 1	f7b8f096b359
permissions	-rw-r--r--