encryptionprovider-deb: passwordreceiver.py@28b7682d5476

     1 #!/usr/bin/python

     3 # ------------------------------------------------------------

     4 # opensecurity package file

5 #

     6 # Autor: X-Net Services GmbH <office@x-net.at>

7 #

     8 # Copyright 2013-2014 X-Net and AIT Austrian Institute of Technology

9 #

    10 #

    11 #     X-Net Technologies GmbH

    12 #     Elisabethstrasse 1

    13 #     4020 Linz

    14 #     AUSTRIA

    15 #     https://www.x-net.at

    16 #

    17 #     AIT Austrian Institute of Technology

    18 #     Donau City Strasse 1

    19 #     1220 Wien

    20 #     AUSTRIA

    21 #     http://www.ait.ac.at

    22 #

    23 #

    24 # Licensed under the Apache License, Version 2.0 (the "License");

    25 # you may not use this file except in compliance with the License.

    26 # You may obtain a copy of the License at

    27 #

    28 #    http://www.apache.org/licenses/LICENSE-2.0

    29 #

    30 # Unless required by applicable law or agreed to in writing, software

    31 # distributed under the License is distributed on an "AS IS" BASIS,

    32 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

    33 # See the License for the specific language governing permissions and

    34 # limitations under the License.

    35 # ------------------------------------------------------------

    38 import subprocess

    39 import web

    40 import netifaces

    41 import os

    42 import sys

    43 import base64

    44 #import logging

    46 opensecurity_urls = (

    47     '/password',                'os_password',

    48     '/init',                    'os_init'

    49 )

    51 #__LOG = logging.getLogger("passwordreceiver")

    53 class os_password:

    55     # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)

    56     def deleteKeyfile(self, keyfilepath):

    57         filesize = os.path.getsize(keyfilepath)

    58         keyfile = open (keyfilepath, "w+")

    59         for i in range (0, 10):

    60             keyfile.seek(0)

    61             keyfile.write(os.urandom(filesize))

    62             keyfile.flush()

    63         keyfile.close()

    64         os.remove(keyfilepath)

    67     def GET(self, settings):

    68         return self.POST(settings)

    70     def POST(self, settings):

    72         # pick the arguments

    73         args = web.input()

    75         if not "password" in args:

    76             raise web.badrequest()

    78         if "keyfile" in args:

    79             keyfile = open (settings["keyfilepath"], "w+")

    80             keyfile.write(base64.b64decode(args["keyfile"]))

    81             keyfile.close()

    82             command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]

    83         else:

    84             command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]

    86         process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )

    87         retval = process.wait()

    88         ( stdout, stderr ) = process.communicate()

    90         if "keyfile" in args:

    91             self.deleteKeyfile(settings["keyfilepath"])

    93         if (retval != 0):

    94             raise web.badrequest(stderr)

    96         return "Success: Encrypted Stick is mounted"

    98 class os_init:

    99     # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)

   100     def deleteKeyfile(self, keyfilepath):

   101         filesize = os.path.getsize(keyfilepath)

   102         keyfile = open (keyfilepath, "w+")

   103         for i in range (0, 10):

   104             keyfile.seek(0)

   105             keyfile.write(os.urandom(filesize))

   106             keyfile.flush()

   107         keyfile.close()

   108         os.remove(keyfilepath)

   110     def runPreInitScript(self, preinitscript, device):

   111         #__LOG.debug("Start preinit Script")

   113         command = [preinitscript, device]

   114         process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )

   115         retval = process.wait()

   116         ( stdout, stderr ) = process.communicate()

   118         #__LOG.debug("preinit done result: %s" %(retval,))

   120         if (retval != 0):

   121             raise web.badrequest(stderr)

   123     def runPostInitScript(self, postinitscript):

   124         #__LOG.debug("Start postinit Script")

   126         command = [postinitscript]

   127         process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )

   128         retval = process.wait()

   129         ( stdout, stderr ) = process.communicate()

   131         #__LOG.debug("postinit done result: %s" %(retval,))

   133         if (retval != 0):

   134             raise web.badrequest(stderr)

   136     def GET(self, settings):

   137         return self.POST(settings)

   139     def POST(self, settings):

   141         # pick the arguments

   142         args = web.input()

   144         if not "password" in args:

   145             raise web.badrequest()

   147         # Do the preinit stuff

   148         self.runPreInitScript(settings["preinitscript"], settings["device"])

   150         if "keyfile" in args:

   151             keyfile = open (settings["keyfilepath"], "w+")

   152             keyfile.write(base64.b64decode(args["keyfile"]))

   153             keyfile.close()

   154             command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]

   155         else:

   156             command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]

   158         #__LOG.debug("Start init script")

   160         process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )

   161         retval = process.wait()

   162         ( stdout, stderr ) = process.communicate()

   164         if "keyfile" in args:

   165             self.deleteKeyfile(settings["keyfilepath"])

   167         #__LOG.debug("init done result: %s" %(retval,))

   169         if (retval != 0):

   170             raise web.badrequest(stderr)

   172         # Do the postinit stuff

   173         self.runPostInitScript(settings["postinitscript"])

   175         return "Success: Stick is initialized and mounted"

   177 class MyRestListener(web.application):

   178     def __init__(self, mapping=(), fvars={}, autoreload=None, script=None, device=None, mountpoint=None, tries=None, keyfilepath=None, preinitscript=None, postinitscript=None):

   179         web.application.__init__(self, mapping, fvars, autoreload)

   180         self.device = device

   181         self.mountpoint = mountpoint

   182         self.script = script

   183         self.tries = tries

   184         self.keyfilepath = keyfilepath

   185         self.preinitscript = preinitscript

   186         self.postinitscript = postinitscript

   188     def run(self, interface, port, *middleware):

   189         func = self.wsgifunc(*middleware)

   190         ifaceip = netifaces.ifaddresses(interface)[2][0]["addr"]

   191         return web.httpserver.runsimple(func, (ifaceip, port))

   193     def handle(self):

   194         fn, args = self._match(self.mapping, web.ctx.path)

   195         args.append({"script": self.script, "device": self.device, "mountpoint": self.mountpoint, "tries": self.tries, "keyfilepath": self.keyfilepath, "preinitscript": self.preinitscript, "postinitscript": self.postinitscript})

   196         return self._delegate(fn, self.fvars, args)

author	ft
	Tue, 04 Nov 2014 18:26:39 +0100
changeset 0	28b7682d5476
child 1	f7b8f096b359
permissions	-rw-r--r--