1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/passwordreceiver.py Tue Nov 04 18:26:39 2014 +0100
1.3 @@ -0,0 +1,196 @@
1.4 +#!/usr/bin/python
1.5 +
1.6 +# ------------------------------------------------------------
1.7 +# opensecurity package file
1.8 +#
1.9 +# Autor: X-Net Services GmbH <office@x-net.at>
1.10 +#
1.11 +# Copyright 2013-2014 X-Net and AIT Austrian Institute of Technology
1.12 +#
1.13 +#
1.14 +# X-Net Technologies GmbH
1.15 +# Elisabethstrasse 1
1.16 +# 4020 Linz
1.17 +# AUSTRIA
1.18 +# https://www.x-net.at
1.19 +#
1.20 +# AIT Austrian Institute of Technology
1.21 +# Donau City Strasse 1
1.22 +# 1220 Wien
1.23 +# AUSTRIA
1.24 +# http://www.ait.ac.at
1.25 +#
1.26 +#
1.27 +# Licensed under the Apache License, Version 2.0 (the "License");
1.28 +# you may not use this file except in compliance with the License.
1.29 +# You may obtain a copy of the License at
1.30 +#
1.31 +# http://www.apache.org/licenses/LICENSE-2.0
1.32 +#
1.33 +# Unless required by applicable law or agreed to in writing, software
1.34 +# distributed under the License is distributed on an "AS IS" BASIS,
1.35 +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1.36 +# See the License for the specific language governing permissions and
1.37 +# limitations under the License.
1.38 +# ------------------------------------------------------------
1.39 +
1.40 +
1.41 +import subprocess
1.42 +import web
1.43 +import netifaces
1.44 +import os
1.45 +import sys
1.46 +import base64
1.47 +#import logging
1.48 +
1.49 +opensecurity_urls = (
1.50 + '/password', 'os_password',
1.51 + '/init', 'os_init'
1.52 +)
1.53 +
1.54 +#__LOG = logging.getLogger("passwordreceiver")
1.55 +
1.56 +class os_password:
1.57 +
1.58 + # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)
1.59 + def deleteKeyfile(self, keyfilepath):
1.60 + filesize = os.path.getsize(keyfilepath)
1.61 + keyfile = open (keyfilepath, "w+")
1.62 + for i in range (0, 10):
1.63 + keyfile.seek(0)
1.64 + keyfile.write(os.urandom(filesize))
1.65 + keyfile.flush()
1.66 + keyfile.close()
1.67 + os.remove(keyfilepath)
1.68 +
1.69 +
1.70 + def GET(self, settings):
1.71 + return self.POST(settings)
1.72 +
1.73 + def POST(self, settings):
1.74 +
1.75 + # pick the arguments
1.76 + args = web.input()
1.77 +
1.78 + if not "password" in args:
1.79 + raise web.badrequest()
1.80 +
1.81 + if "keyfile" in args:
1.82 + keyfile = open (settings["keyfilepath"], "w+")
1.83 + keyfile.write(base64.b64decode(args["keyfile"]))
1.84 + keyfile.close()
1.85 + command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]
1.86 + else:
1.87 + command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]
1.88 +
1.89 + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
1.90 + retval = process.wait()
1.91 + ( stdout, stderr ) = process.communicate()
1.92 +
1.93 + if "keyfile" in args:
1.94 + self.deleteKeyfile(settings["keyfilepath"])
1.95 +
1.96 + if (retval != 0):
1.97 + raise web.badrequest(stderr)
1.98 +
1.99 + return "Success: Encrypted Stick is mounted"
1.100 +
1.101 +class os_init:
1.102 + # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)
1.103 + def deleteKeyfile(self, keyfilepath):
1.104 + filesize = os.path.getsize(keyfilepath)
1.105 + keyfile = open (keyfilepath, "w+")
1.106 + for i in range (0, 10):
1.107 + keyfile.seek(0)
1.108 + keyfile.write(os.urandom(filesize))
1.109 + keyfile.flush()
1.110 + keyfile.close()
1.111 + os.remove(keyfilepath)
1.112 +
1.113 + def runPreInitScript(self, preinitscript, device):
1.114 + #__LOG.debug("Start preinit Script")
1.115 +
1.116 + command = [preinitscript, device]
1.117 + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
1.118 + retval = process.wait()
1.119 + ( stdout, stderr ) = process.communicate()
1.120 +
1.121 + #__LOG.debug("preinit done result: %s" %(retval,))
1.122 +
1.123 + if (retval != 0):
1.124 + raise web.badrequest(stderr)
1.125 +
1.126 + def runPostInitScript(self, postinitscript):
1.127 + #__LOG.debug("Start postinit Script")
1.128 +
1.129 + command = [postinitscript]
1.130 + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
1.131 + retval = process.wait()
1.132 + ( stdout, stderr ) = process.communicate()
1.133 +
1.134 + #__LOG.debug("postinit done result: %s" %(retval,))
1.135 +
1.136 + if (retval != 0):
1.137 + raise web.badrequest(stderr)
1.138 +
1.139 + def GET(self, settings):
1.140 + return self.POST(settings)
1.141 +
1.142 + def POST(self, settings):
1.143 +
1.144 + # pick the arguments
1.145 + args = web.input()
1.146 +
1.147 + if not "password" in args:
1.148 + raise web.badrequest()
1.149 +
1.150 + # Do the preinit stuff
1.151 + self.runPreInitScript(settings["preinitscript"], settings["device"])
1.152 +
1.153 + if "keyfile" in args:
1.154 + keyfile = open (settings["keyfilepath"], "w+")
1.155 + keyfile.write(base64.b64decode(args["keyfile"]))
1.156 + keyfile.close()
1.157 + command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]
1.158 + else:
1.159 + command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]
1.160 +
1.161 + #__LOG.debug("Start init script")
1.162 +
1.163 + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
1.164 + retval = process.wait()
1.165 + ( stdout, stderr ) = process.communicate()
1.166 +
1.167 + if "keyfile" in args:
1.168 + self.deleteKeyfile(settings["keyfilepath"])
1.169 +
1.170 + #__LOG.debug("init done result: %s" %(retval,))
1.171 +
1.172 + if (retval != 0):
1.173 + raise web.badrequest(stderr)
1.174 +
1.175 + # Do the postinit stuff
1.176 + self.runPostInitScript(settings["postinitscript"])
1.177 +
1.178 + return "Success: Stick is initialized and mounted"
1.179 +
1.180 +class MyRestListener(web.application):
1.181 + def __init__(self, mapping=(), fvars={}, autoreload=None, script=None, device=None, mountpoint=None, tries=None, keyfilepath=None, preinitscript=None, postinitscript=None):
1.182 + web.application.__init__(self, mapping, fvars, autoreload)
1.183 + self.device = device
1.184 + self.mountpoint = mountpoint
1.185 + self.script = script
1.186 + self.tries = tries
1.187 + self.keyfilepath = keyfilepath
1.188 + self.preinitscript = preinitscript
1.189 + self.postinitscript = postinitscript
1.190 +
1.191 + def run(self, interface, port, *middleware):
1.192 + func = self.wsgifunc(*middleware)
1.193 + ifaceip = netifaces.ifaddresses(interface)[2][0]["addr"]
1.194 + return web.httpserver.runsimple(func, (ifaceip, port))
1.195 +
1.196 + def handle(self):
1.197 + fn, args = self._match(self.mapping, web.ctx.path)
1.198 + args.append({"script": self.script, "device": self.device, "mountpoint": self.mountpoint, "tries": self.tries, "keyfilepath": self.keyfilepath, "preinitscript": self.preinitscript, "postinitscript": self.postinitscript})
1.199 + return self._delegate(fn, self.fvars, args)