3 # ------------------------------------------------------------
4 # opensecurity package file
6 # Autor: X-Net Services GmbH <office@x-net.at>
8 # Copyright 2013-2014 X-Net and AIT Austrian Institute of Technology
11 # X-Net Technologies GmbH
15 # https://www.x-net.at
17 # AIT Austrian Institute of Technology
18 # Donau City Strasse 1
21 # http://www.ait.ac.at
24 # Licensed under the Apache License, Version 2.0 (the "License");
25 # you may not use this file except in compliance with the License.
26 # You may obtain a copy of the License at
28 # http://www.apache.org/licenses/LICENSE-2.0
30 # Unless required by applicable law or agreed to in writing, software
31 # distributed under the License is distributed on an "AS IS" BASIS,
32 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
33 # See the License for the specific language governing permissions and
34 # limitations under the License.
35 # ------------------------------------------------------------
49 '/password', 'os_password',
56 def sendDataToRest (urlpath, data):
57 netifaces.ifaddresses("eth0")[2][0]["addr"]
59 # Get first address in network (0 = network ip -> 192.168.0.0)
60 remote_ip = netaddr.IPNetwork("%s/%s" %(netifaces.ifaddresses("eth0")[2][0]["addr"], netifaces.ifaddresses("eth0")[2][0]["netmask"]))[1]
62 url = ("http://%s:8090//%s" %(remote_ip, urlpath))
65 response = httpPool.request_encode_body("POST", url, fields=data, retries=0)
69 if response.status == STATUS_CODE_OK:
75 def sendNotification (type, message):
76 data = {"msgtype" : type, "text" : message}
78 if (type == "information"):
79 sendDataToRest ("message", data)
81 sendDataToRest ("notification", data)
83 def sendInitialisationFailedError():
84 sendNotification("critical", "Initialisation of the stick failed.")
94 # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)
95 def deleteKeyfile(self, keyfilepath):
96 filesize = os.path.getsize(keyfilepath)
97 keyfile = open (keyfilepath, "w+")
98 for i in range (0, 10):
100 keyfile.write(os.urandom(filesize))
103 os.remove(keyfilepath)
106 def GET(self, settings):
107 return self.POST(settings)
109 def POST(self, settings):
114 if not "password" in args:
115 raise web.badrequest()
117 if "keyfile" in args:
118 keyfile = open (settings["keyfilepath"], "w+")
119 keyfile.write(base64.b64decode(args["keyfile"]))
121 command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]
123 command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]
125 process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
126 retval = process.wait()
127 ( stdout, stderr ) = process.communicate()
129 if "keyfile" in args:
130 self.deleteKeyfile(settings["keyfilepath"])
133 raise web.badrequest(stderr)
135 return "Success: Encrypted Stick is mounted"
138 # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)
139 def deleteKeyfile(self, keyfilepath):
140 filesize = os.path.getsize(keyfilepath)
141 keyfile = open (keyfilepath, "w+")
142 for i in range (0, 10):
144 keyfile.write(os.urandom(filesize))
147 os.remove(keyfilepath)
149 def runPreInitScript(self, preinitscript, device):
151 command = [preinitscript, device]
152 process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
153 retval = process.wait()
154 ( stdout, stderr ) = process.communicate()
157 raise web.badrequest(stderr)
159 def runPostInitScript(self, postinitscript):
160 command = [postinitscript]
161 process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
162 retval = process.wait()
163 ( stdout, stderr ) = process.communicate()
170 def GET(self, settings):
171 return self.POST(settings)
173 def POST(self, settings):
178 if not "password" in args:
179 raise web.badrequest()
181 # Do the preinit stuff
182 self.runPreInitScript(settings["preinitscript"], settings["device"])
184 if "keyfile" in args:
185 keyfile = open (settings["keyfilepath"], "w+")
186 keyfile.write(base64.b64decode(args["keyfile"]))
188 command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]
190 command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]
192 thread.start_new_thread(self.initStick, (command,settings,args,))
194 return "Success: Init started"
196 def initStick(self, command, settings, args):
197 process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
198 retval = process.wait()
199 ( stdout, stderr ) = process.communicate()
201 if "keyfile" in args:
202 self.deleteKeyfile(settings["keyfilepath"])
205 sendInitialisationFailedError();
207 # Do the postinit stuff
208 if (self.runPostInitScript(settings["postinitscript"]) != True):
209 sendInitialisationFailedError();
211 class MyRestListener(web.application):
212 def __init__(self, mapping=(), fvars={}, autoreload=None, script=None, device=None, mountpoint=None, tries=None, keyfilepath=None, preinitscript=None, postinitscript=None):
213 web.application.__init__(self, mapping, fvars, autoreload)
215 self.mountpoint = mountpoint
218 self.keyfilepath = keyfilepath
219 self.preinitscript = preinitscript
220 self.postinitscript = postinitscript
222 def run(self, interface, port, *middleware):
223 func = self.wsgifunc(*middleware)
224 ifaceip = netifaces.ifaddresses(interface)[2][0]["addr"]
225 return web.httpserver.runsimple(func, (ifaceip, port))
228 fn, args = self._match(self.mapping, web.ctx.path)
229 args.append({"script": self.script, "device": self.device, "mountpoint": self.mountpoint, "tries": self.tries, "keyfilepath": self.keyfilepath, "preinitscript": self.preinitscript, "postinitscript": self.postinitscript})
230 return self._delegate(fn, self.fvars, args)