diff -r 000000000000 -r 28b7682d5476 passwordreceiver.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/passwordreceiver.py Tue Nov 04 18:26:39 2014 +0100 @@ -0,0 +1,196 @@ +#!/usr/bin/python + +# ------------------------------------------------------------ +# opensecurity package file +# +# Autor: X-Net Services GmbH +# +# Copyright 2013-2014 X-Net and AIT Austrian Institute of Technology +# +# +# X-Net Technologies GmbH +# Elisabethstrasse 1 +# 4020 Linz +# AUSTRIA +# https://www.x-net.at +# +# AIT Austrian Institute of Technology +# Donau City Strasse 1 +# 1220 Wien +# AUSTRIA +# http://www.ait.ac.at +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ------------------------------------------------------------ + + +import subprocess +import web +import netifaces +import os +import sys +import base64 +#import logging + +opensecurity_urls = ( + '/password', 'os_password', + '/init', 'os_init' +) + +#__LOG = logging.getLogger("passwordreceiver") + +class os_password: + + # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok) + def deleteKeyfile(self, keyfilepath): + filesize = os.path.getsize(keyfilepath) + keyfile = open (keyfilepath, "w+") + for i in range (0, 10): + keyfile.seek(0) + keyfile.write(os.urandom(filesize)) + keyfile.flush() + keyfile.close() + os.remove(keyfilepath) + + + def GET(self, settings): + return self.POST(settings) + + def POST(self, settings): + + # pick the arguments + args = web.input() + + if not "password" in args: + raise web.badrequest() + + if "keyfile" in args: + keyfile = open (settings["keyfilepath"], "w+") + keyfile.write(base64.b64decode(args["keyfile"])) + keyfile.close() + command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]] + else: + command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]] + + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE ) + retval = process.wait() + ( stdout, stderr ) = process.communicate() + + if "keyfile" in args: + self.deleteKeyfile(settings["keyfilepath"]) + + if (retval != 0): + raise web.badrequest(stderr) + + return "Success: Encrypted Stick is mounted" + +class os_init: + # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok) + def deleteKeyfile(self, keyfilepath): + filesize = os.path.getsize(keyfilepath) + keyfile = open (keyfilepath, "w+") + for i in range (0, 10): + keyfile.seek(0) + keyfile.write(os.urandom(filesize)) + keyfile.flush() + keyfile.close() + os.remove(keyfilepath) + + def runPreInitScript(self, preinitscript, device): + #__LOG.debug("Start preinit Script") + + command = [preinitscript, device] + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE ) + retval = process.wait() + ( stdout, stderr ) = process.communicate() + + #__LOG.debug("preinit done result: %s" %(retval,)) + + if (retval != 0): + raise web.badrequest(stderr) + + def runPostInitScript(self, postinitscript): + #__LOG.debug("Start postinit Script") + + command = [postinitscript] + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE ) + retval = process.wait() + ( stdout, stderr ) = process.communicate() + + #__LOG.debug("postinit done result: %s" %(retval,)) + + if (retval != 0): + raise web.badrequest(stderr) + + def GET(self, settings): + return self.POST(settings) + + def POST(self, settings): + + # pick the arguments + args = web.input() + + if not "password" in args: + raise web.badrequest() + + # Do the preinit stuff + self.runPreInitScript(settings["preinitscript"], settings["device"]) + + if "keyfile" in args: + keyfile = open (settings["keyfilepath"], "w+") + keyfile.write(base64.b64decode(args["keyfile"])) + keyfile.close() + command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]] + else: + command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]] + + #__LOG.debug("Start init script") + + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE ) + retval = process.wait() + ( stdout, stderr ) = process.communicate() + + if "keyfile" in args: + self.deleteKeyfile(settings["keyfilepath"]) + + #__LOG.debug("init done result: %s" %(retval,)) + + if (retval != 0): + raise web.badrequest(stderr) + + # Do the postinit stuff + self.runPostInitScript(settings["postinitscript"]) + + return "Success: Stick is initialized and mounted" + +class MyRestListener(web.application): + def __init__(self, mapping=(), fvars={}, autoreload=None, script=None, device=None, mountpoint=None, tries=None, keyfilepath=None, preinitscript=None, postinitscript=None): + web.application.__init__(self, mapping, fvars, autoreload) + self.device = device + self.mountpoint = mountpoint + self.script = script + self.tries = tries + self.keyfilepath = keyfilepath + self.preinitscript = preinitscript + self.postinitscript = postinitscript + + def run(self, interface, port, *middleware): + func = self.wsgifunc(*middleware) + ifaceip = netifaces.ifaddresses(interface)[2][0]["addr"] + return web.httpserver.runsimple(func, (ifaceip, port)) + + def handle(self): + fn, args = self._match(self.mapping, web.ctx.path) + args.append({"script": self.script, "device": self.device, "mountpoint": self.mountpoint, "tries": self.tries, "keyfilepath": self.keyfilepath, "preinitscript": self.preinitscript, "postinitscript": self.postinitscript}) + return self._delegate(fn, self.fvars, args)