3 # ------------------------------------------------------------
4 # opensecurity package file
6 # Autor: X-Net Services GmbH <office@x-net.at>
8 # Copyright 2013-2014 X-Net and AIT Austrian Institute of Technology
11 # X-Net Technologies GmbH
15 # https://www.x-net.at
17 # AIT Austrian Institute of Technology
18 # Donau City Strasse 1
21 # http://www.ait.ac.at
24 # Licensed under the Apache License, Version 2.0 (the "License");
25 # you may not use this file except in compliance with the License.
26 # You may obtain a copy of the License at
28 # http://www.apache.org/licenses/LICENSE-2.0
30 # Unless required by applicable law or agreed to in writing, software
31 # distributed under the License is distributed on an "AS IS" BASIS,
32 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
33 # See the License for the specific language governing permissions and
34 # limitations under the License.
35 # ------------------------------------------------------------
47 from passwordreceiver import *
49 MINOPTS = { "Main" : ["LogFile", "LogLevel", "MountScript", "UmountScript", "InitScript", "GetDevicesScript", "Keyfile"]}
51 CONFIG_FILE="/etc/encryptionprovider/encryptionprovider.cfg"
52 CONFIG_NOT_READABLE = "Configfile is not readable"
53 CONFIG_WRONG = "Something is wrong with the config"
54 CONFIG_MISSING = "Section: \"%s\" Option: \"%s\" in configfile is missing"
56 def checkMinimumOptions (config):
57 for section, options in MINOPTS.iteritems ():
58 for option in options:
59 if (config.has_option(section, option) == False):
60 print (CONFIG_MISSING % (section, option))
65 configfile = CONFIG_FILE
66 config = ConfigParser.SafeConfigParser ()
68 if ((os.path.exists (configfile) == False) or (os.path.isfile (configfile) == False) or (os.access (configfile, os.R_OK) == False)):
69 print (CONFIG_NOT_READABLE)
73 config.read (CONFIG_FILE)
76 print ("Error: %s" % (e))
79 checkMinimumOptions (config)
84 logfile = config.get("Main", "LogFile")
86 numeric_level = getattr(logging, config.get("Main", "LogLevel").upper(), None)
87 if not isinstance(numeric_level, int):
88 raise ValueError('Invalid log level: %s' % loglevel)
90 # ToDo move log level and maybe other things to config file
92 level = numeric_level,
93 format = "%(asctime)s %(name)-12s %(funcName)-15s %(levelname)-8s %(message)s",
94 datefmt = "%Y-%m-%d %H:%M:%S",
98 LOG = logging.getLogger("encryptionprovicer")
103 def runExternalScripts (command):
104 LOG.debug ("Run external Script: %s" %(command,))
106 if (os.path.isfile (command[0]) == False):
107 LOG.error ("File does not exist: %s" %((command[0]),))
108 sys.stderr.write("File does not exist: %s\n" %((command[0]),))
111 process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
112 retcode = process.wait()
113 ( stdout, stderr ) = process.communicate()
115 return { "retcode" : retcode, "stdout" : stdout, "stderr" : stderr }
118 def getDevices (script):
120 result = runExternalScripts (command);
122 if (result["retcode"] != 0):
123 LOG.error ("Retcode: %s" %(result["retcode"],))
124 LOG.error ("stdout: %s" %(result["stdout"],))
125 LOG.error ("stderr: %s" %(result["stderr"],))
126 sys.stderr.write("%s" %(result["stderr"],))
129 #print ("%s" %(result["stdout"],))
130 # don't use print here, because of the extra newline
131 sys.stdout.write ("%s" %(result["stdout"],))
134 def umountDevice (script, device):
135 command = [script, device];
136 result = runExternalScripts (command);
138 if (result["retcode"] != 0):
139 LOG.error ("Retcode: %s" %(result["retcode"],))
140 LOG.error ("stdout: %s" %(result["stdout"],))
141 LOG.error ("stderr: %s" %(result["stderr"],))
142 sys.stderr.write("%s" %(result["stderr"],))
145 #print ("%s" %(result["stdout"],))
146 # don't use print here, because of the extra newline
147 sys.stdout.write ("%s" %(result["stdout"],))
150 def mountDevice (script, interface, port, device, mountpoint, keyfilepath):
151 listener = MyRestListener (opensecurity_urls, globals(), script = script, device = device, mountpoint = mountpoint, tries = 3, keyfilepath = keyfilepath)
152 thread.start_new_thread(listener.run, (interface, port,))
155 while (close == False):
157 if (os.path.ismount(mountpoint) == True):
159 LOG.info ("Stick \"%s\" was mounted sucessfully to \"%s\"" %(device, mountpoint,))
162 if (os.path.exists(device) == False):
164 LOG.error ("Stick \"%s\" removed -> exit" %(device,))
167 def isDeviceMountedAtMountpoint (device, mountpoint):
168 command = ("/bin/df %s | /usr/bin/tail -1 | awk '{print $1}'" %(mountpoint,))
169 pipe = os.popen(command)
170 result = pipe.read().rstrip()
172 if (pipe.close() != None):
173 LOG.error ("error: %s" %(result,))
176 if (result == device):
177 LOG.debug ("Device: %s ### Result: %s ### Return: True" %(device, result,))
180 LOG.debug ("Device: %s ### Result: %s ### Return: False" %(device, result,))
184 def initDevice (script, interface, port, device, mountpoint, keyfilepath, preinitscript, postinitscript):
185 listener = MyRestListener (opensecurity_urls, globals(), script = script, device = device, mountpoint = mountpoint, tries = 3, keyfilepath = keyfilepath, preinitscript = preinitscript, postinitscript = postinitscript)
186 thread.start_new_thread(listener.run, (interface, port,))
189 while (close == False):
191 if (os.path.exists(device) == False):
193 LOG.info ("Stick \"%s\" removed -> exit" %(device,))
196 if __name__ == "__main__":
198 parser = argparse.ArgumentParser(epilog='--mount, --umount and --initialize are mutually exclusive')
199 group = parser.add_mutually_exclusive_group(required=True)
200 group.add_argument('-m', '--mount', action='store', nargs=4, dest='mount', help='Mounts an encrypted device.', metavar=("interface", "port", "device", "mountpoint"))
201 group.add_argument('-u', '--umount', action='store', nargs=1, dest='umount', help='Unmounts an encrypted device', metavar="device")
202 group.add_argument('-i', '--initialize', action='store', nargs=4, dest='initialize', help='Initialize an device.', metavar=("interface", "port", "device", "mountpoint"))
203 group.add_argument('-g', '--getdevices', action='store_true', dest="getdevices", help='Returns a list of all mounted encrypted devices')
204 arguments = parser.parse_args()
207 config = loadConfig ()
210 if (arguments.getdevices):
211 getDevices (config.get ("Main", "GetDevicesScript"))
213 if (arguments.umount):
214 umountDevice (config.get ("Main", "UmountScript"), arguments.umount[0])
216 if (arguments.mount):
217 mountDevice (config.get ("Main", "MountScript"), arguments.mount[0], int(arguments.mount[1]), arguments.mount[2], arguments.mount[3], config.get ("Main", "Keyfile"))
219 if (arguments.initialize):
220 initDevice (config.get ("Main", "InitScript"), arguments.initialize[0], int(arguments.initialize[1]), arguments.initialize[2], arguments.initialize[3], config.get ("Main", "Keyfile"), config.get("Main", "PreInitScript"), config.get("Main", "PostInitScript"))