ft@1
|
1 |
#!/usr/bin/python
|
ft@1
|
2 |
|
ft@1
|
3 |
import subprocess
|
ft@1
|
4 |
import web
|
ft@1
|
5 |
import netifaces
|
ft@1
|
6 |
import os
|
ft@1
|
7 |
import sys
|
ft@24
|
8 |
import base64
|
ft@20
|
9 |
#import logging
|
ft@1
|
10 |
|
ft@1
|
11 |
opensecurity_urls = (
|
ft@7
|
12 |
'/password', 'os_password',
|
ft@7
|
13 |
'/init', 'os_init'
|
ft@1
|
14 |
)
|
ft@1
|
15 |
|
ft@20
|
16 |
#__LOG = logging.getLogger("passwordreceiver")
|
ft@17
|
17 |
|
ft@1
|
18 |
class os_password:
|
ft@1
|
19 |
|
ft@1
|
20 |
# delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)
|
ft@1
|
21 |
def deleteKeyfile(self, keyfilepath):
|
ft@1
|
22 |
filesize = os.path.getsize(keyfilepath)
|
ft@7
|
23 |
keyfile = open (keyfilepath, "w+")
|
ft@1
|
24 |
for i in range (0, 10):
|
ft@1
|
25 |
keyfile.seek(0)
|
ft@1
|
26 |
keyfile.write(os.urandom(filesize))
|
ft@1
|
27 |
keyfile.flush()
|
ft@1
|
28 |
keyfile.close()
|
ft@1
|
29 |
os.remove(keyfilepath)
|
ft@1
|
30 |
|
ft@1
|
31 |
|
ft@1
|
32 |
def GET(self, settings):
|
ft@6
|
33 |
return self.POST(settings)
|
ft@1
|
34 |
|
ft@1
|
35 |
def POST(self, settings):
|
ft@1
|
36 |
|
ft@1
|
37 |
# pick the arguments
|
ft@1
|
38 |
args = web.input()
|
ft@1
|
39 |
|
ft@1
|
40 |
if not "password" in args:
|
ft@1
|
41 |
raise web.badrequest()
|
ft@1
|
42 |
|
ft@1
|
43 |
if "keyfile" in args:
|
ft@7
|
44 |
keyfile = open (settings["keyfilepath"], "w+")
|
ft@24
|
45 |
keyfile.write(base64.b64decode(args["keyfile"]))
|
ft@1
|
46 |
keyfile.close()
|
ft@1
|
47 |
command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]
|
ft@1
|
48 |
else:
|
ft@1
|
49 |
command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]
|
ft@1
|
50 |
|
ft@1
|
51 |
process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
|
ft@1
|
52 |
retval = process.wait()
|
ft@1
|
53 |
( stdout, stderr ) = process.communicate()
|
ft@1
|
54 |
|
ft@1
|
55 |
if "keyfile" in args:
|
ft@1
|
56 |
self.deleteKeyfile(settings["keyfilepath"])
|
ft@1
|
57 |
|
ft@1
|
58 |
if (retval != 0):
|
ft@1
|
59 |
raise web.badrequest(stderr)
|
ft@1
|
60 |
|
ft@1
|
61 |
return "Success: Encrypted Stick is mounted"
|
ft@1
|
62 |
|
ft@7
|
63 |
class os_init:
|
ft@7
|
64 |
# delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)
|
ft@7
|
65 |
def deleteKeyfile(self, keyfilepath):
|
ft@7
|
66 |
filesize = os.path.getsize(keyfilepath)
|
ft@7
|
67 |
keyfile = open (keyfilepath, "w+")
|
ft@7
|
68 |
for i in range (0, 10):
|
ft@7
|
69 |
keyfile.seek(0)
|
ft@7
|
70 |
keyfile.write(os.urandom(filesize))
|
ft@7
|
71 |
keyfile.flush()
|
ft@7
|
72 |
keyfile.close()
|
ft@7
|
73 |
os.remove(keyfilepath)
|
ft@7
|
74 |
|
ft@19
|
75 |
def runPreInitScript(self, preinitscript, device):
|
ft@20
|
76 |
#__LOG.debug("Start preinit Script")
|
ft@17
|
77 |
|
ft@17
|
78 |
command = [preinitscript, device]
|
ft@17
|
79 |
process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
|
ft@17
|
80 |
retval = process.wait()
|
ft@17
|
81 |
( stdout, stderr ) = process.communicate()
|
ft@17
|
82 |
|
ft@23
|
83 |
#__LOG.debug("preinit done result: %s" %(retval,))
|
ft@17
|
84 |
|
ft@17
|
85 |
if (retval != 0):
|
ft@17
|
86 |
raise web.badrequest(stderr)
|
ft@17
|
87 |
|
ft@17
|
88 |
def runPostInitScript(self, postinitscript):
|
ft@20
|
89 |
#__LOG.debug("Start postinit Script")
|
ft@17
|
90 |
|
ft@20
|
91 |
command = [postinitscript]
|
ft@17
|
92 |
process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
|
ft@17
|
93 |
retval = process.wait()
|
ft@17
|
94 |
( stdout, stderr ) = process.communicate()
|
ft@17
|
95 |
|
ft@23
|
96 |
#__LOG.debug("postinit done result: %s" %(retval,))
|
ft@17
|
97 |
|
ft@17
|
98 |
if (retval != 0):
|
ft@17
|
99 |
raise web.badrequest(stderr)
|
ft@7
|
100 |
|
ft@7
|
101 |
def GET(self, settings):
|
ft@7
|
102 |
return self.POST(settings)
|
ft@7
|
103 |
|
ft@7
|
104 |
def POST(self, settings):
|
ft@7
|
105 |
|
ft@7
|
106 |
# pick the arguments
|
ft@7
|
107 |
args = web.input()
|
ft@7
|
108 |
|
ft@7
|
109 |
if not "password" in args:
|
ft@7
|
110 |
raise web.badrequest()
|
ft@17
|
111 |
|
ft@17
|
112 |
# Do the preinit stuff
|
ft@19
|
113 |
self.runPreInitScript(settings["preinitscript"], settings["device"])
|
ft@7
|
114 |
|
ft@7
|
115 |
if "keyfile" in args:
|
ft@7
|
116 |
keyfile = open (settings["keyfilepath"], "w+")
|
ft@24
|
117 |
keyfile.write(base64.b64decode(args["keyfile"]))
|
ft@7
|
118 |
keyfile.close()
|
ft@7
|
119 |
command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]
|
ft@7
|
120 |
else:
|
ft@7
|
121 |
command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]
|
ft@7
|
122 |
|
ft@20
|
123 |
#__LOG.debug("Start init script")
|
ft@17
|
124 |
|
ft@7
|
125 |
process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
|
ft@7
|
126 |
retval = process.wait()
|
ft@7
|
127 |
( stdout, stderr ) = process.communicate()
|
ft@7
|
128 |
|
ft@7
|
129 |
if "keyfile" in args:
|
ft@7
|
130 |
self.deleteKeyfile(settings["keyfilepath"])
|
ft@7
|
131 |
|
ft@23
|
132 |
#__LOG.debug("init done result: %s" %(retval,))
|
ft@17
|
133 |
|
ft@7
|
134 |
if (retval != 0):
|
ft@7
|
135 |
raise web.badrequest(stderr)
|
ft@7
|
136 |
|
ft@17
|
137 |
# Do the postinit stuff
|
ft@22
|
138 |
self.runPostInitScript(settings["postinitscript"])
|
ft@17
|
139 |
|
ft@7
|
140 |
return "Success: Stick is initialized and mounted"
|
ft@7
|
141 |
|
ft@1
|
142 |
class MyRestListener(web.application):
|
ft@17
|
143 |
def __init__(self, mapping=(), fvars={}, autoreload=None, script=None, device=None, mountpoint=None, tries=None, keyfilepath=None, preinitscript=None, postinitscript=None):
|
ft@1
|
144 |
web.application.__init__(self, mapping, fvars, autoreload)
|
ft@1
|
145 |
self.device = device
|
ft@1
|
146 |
self.mountpoint = mountpoint
|
ft@1
|
147 |
self.script = script
|
ft@1
|
148 |
self.tries = tries
|
ft@1
|
149 |
self.keyfilepath = keyfilepath
|
ft@17
|
150 |
self.preinitscript = preinitscript
|
ft@17
|
151 |
self.postinitscript = postinitscript
|
ft@1
|
152 |
|
ft@1
|
153 |
def run(self, interface, port, *middleware):
|
ft@1
|
154 |
func = self.wsgifunc(*middleware)
|
ft@1
|
155 |
ifaceip = netifaces.ifaddresses(interface)[2][0]["addr"]
|
ft@1
|
156 |
return web.httpserver.runsimple(func, (ifaceip, port))
|
ft@1
|
157 |
|
ft@1
|
158 |
def handle(self):
|
ft@1
|
159 |
fn, args = self._match(self.mapping, web.ctx.path)
|
ft@17
|
160 |
args.append({"script": self.script, "device": self.device, "mountpoint": self.mountpoint, "tries": self.tries, "keyfilepath": self.keyfilepath, "preinitscript": self.preinitscript, "postinitscript": self.postinitscript})
|
ft@1
|
161 |
return self._delegate(fn, self.fvars, args)
|