encryptionprovider: src/passwordreceiver.py@597ff293cbdf (annotated)

ft@1	1	#!/usr/bin/python
ft@1	2
ft@1	3	import subprocess
ft@1	4	import web
ft@1	5	import netifaces
ft@1	6	import os
ft@1	7	import sys
ft@24	8	import base64
ft@20	9	#import logging
ft@1	10
ft@1	11	opensecurity_urls = (
ft@7	12	'/password', 'os_password',
ft@7	13	'/init', 'os_init'
ft@1	14	)
ft@1	15
ft@20	16	#__LOG = logging.getLogger("passwordreceiver")
ft@17	17
ft@1	18	class os_password:
ft@1	19
ft@1	20	# delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)
ft@1	21	def deleteKeyfile(self, keyfilepath):
ft@1	22	filesize = os.path.getsize(keyfilepath)
ft@7	23	keyfile = open (keyfilepath, "w+")
ft@1	24	for i in range (0, 10):
ft@1	25	keyfile.seek(0)
ft@1	26	keyfile.write(os.urandom(filesize))
ft@1	27	keyfile.flush()
ft@1	28	keyfile.close()
ft@1	29	os.remove(keyfilepath)
ft@1	30
ft@1	31
ft@1	32	def GET(self, settings):
ft@6	33	return self.POST(settings)
ft@1	34
ft@1	35	def POST(self, settings):
ft@1	36
ft@1	37	# pick the arguments
ft@1	38	args = web.input()
ft@1	39
ft@1	40	if not "password" in args:
ft@1	41	raise web.badrequest()
ft@1	42
ft@1	43	if "keyfile" in args:
ft@7	44	keyfile = open (settings["keyfilepath"], "w+")
ft@24	45	keyfile.write(base64.b64decode(args["keyfile"]))
ft@1	46	keyfile.close()
ft@1	47	command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]
ft@1	48	else:
ft@1	49	command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]
ft@1	50
ft@1	51	process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
ft@1	52	retval = process.wait()
ft@1	53	( stdout, stderr ) = process.communicate()
ft@1	54
ft@1	55	if "keyfile" in args:
ft@1	56	self.deleteKeyfile(settings["keyfilepath"])
ft@1	57
ft@1	58	if (retval != 0):
ft@1	59	raise web.badrequest(stderr)
ft@1	60
ft@1	61	return "Success: Encrypted Stick is mounted"
ft@1	62
ft@7	63	class os_init:
ft@7	64	# delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)
ft@7	65	def deleteKeyfile(self, keyfilepath):
ft@7	66	filesize = os.path.getsize(keyfilepath)
ft@7	67	keyfile = open (keyfilepath, "w+")
ft@7	68	for i in range (0, 10):
ft@7	69	keyfile.seek(0)
ft@7	70	keyfile.write(os.urandom(filesize))
ft@7	71	keyfile.flush()
ft@7	72	keyfile.close()
ft@7	73	os.remove(keyfilepath)
ft@7	74
ft@19	75	def runPreInitScript(self, preinitscript, device):
ft@20	76	#__LOG.debug("Start preinit Script")
ft@17	77
ft@17	78	command = [preinitscript, device]
ft@17	79	process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
ft@17	80	retval = process.wait()
ft@17	81	( stdout, stderr ) = process.communicate()
ft@17	82
ft@23	83	#__LOG.debug("preinit done result: %s" %(retval,))
ft@17	84
ft@17	85	if (retval != 0):
ft@17	86	raise web.badrequest(stderr)
ft@17	87
ft@17	88	def runPostInitScript(self, postinitscript):
ft@20	89	#__LOG.debug("Start postinit Script")
ft@17	90
ft@20	91	command = [postinitscript]
ft@17	92	process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
ft@17	93	retval = process.wait()
ft@17	94	( stdout, stderr ) = process.communicate()
ft@17	95
ft@23	96	#__LOG.debug("postinit done result: %s" %(retval,))
ft@17	97
ft@17	98	if (retval != 0):
ft@17	99	raise web.badrequest(stderr)
ft@7	100
ft@7	101	def GET(self, settings):
ft@7	102	return self.POST(settings)
ft@7	103
ft@7	104	def POST(self, settings):
ft@7	105
ft@7	106	# pick the arguments
ft@7	107	args = web.input()
ft@7	108
ft@7	109	if not "password" in args:
ft@7	110	raise web.badrequest()
ft@17	111
ft@17	112	# Do the preinit stuff
ft@19	113	self.runPreInitScript(settings["preinitscript"], settings["device"])
ft@7	114
ft@7	115	if "keyfile" in args:
ft@7	116	keyfile = open (settings["keyfilepath"], "w+")
ft@24	117	keyfile.write(base64.b64decode(args["keyfile"]))
ft@7	118	keyfile.close()
ft@7	119	command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]
ft@7	120	else:
ft@7	121	command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]
ft@7	122
ft@20	123	#__LOG.debug("Start init script")
ft@17	124
ft@7	125	process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
ft@7	126	retval = process.wait()
ft@7	127	( stdout, stderr ) = process.communicate()
ft@7	128
ft@7	129	if "keyfile" in args:
ft@7	130	self.deleteKeyfile(settings["keyfilepath"])
ft@7	131
ft@23	132	#__LOG.debug("init done result: %s" %(retval,))
ft@17	133
ft@7	134	if (retval != 0):
ft@7	135	raise web.badrequest(stderr)
ft@7	136
ft@17	137	# Do the postinit stuff
ft@22	138	self.runPostInitScript(settings["postinitscript"])
ft@17	139
ft@7	140	return "Success: Stick is initialized and mounted"
ft@7	141
ft@1	142	class MyRestListener(web.application):
ft@17	143	def __init__(self, mapping=(), fvars={}, autoreload=None, script=None, device=None, mountpoint=None, tries=None, keyfilepath=None, preinitscript=None, postinitscript=None):
ft@1	144	web.application.__init__(self, mapping, fvars, autoreload)
ft@1	145	self.device = device
ft@1	146	self.mountpoint = mountpoint
ft@1	147	self.script = script
ft@1	148	self.tries = tries
ft@1	149	self.keyfilepath = keyfilepath
ft@17	150	self.preinitscript = preinitscript
ft@17	151	self.postinitscript = postinitscript
ft@1	152
ft@1	153	def run(self, interface, port, *middleware):
ft@1	154	func = self.wsgifunc(*middleware)
ft@1	155	ifaceip = netifaces.ifaddresses(interface)[2][0]["addr"]
ft@1	156	return web.httpserver.runsimple(func, (ifaceip, port))
ft@1	157
ft@1	158	def handle(self):
ft@1	159	fn, args = self._match(self.mapping, web.ctx.path)
ft@17	160	args.append({"script": self.script, "device": self.device, "mountpoint": self.mountpoint, "tries": self.tries, "keyfilepath": self.keyfilepath, "preinitscript": self.preinitscript, "postinitscript": self.postinitscript})
ft@1	161	return self._delegate(fn, self.fvars, args)

author	ft
	Fri, 22 Aug 2014 10:27:46 +0200
changeset 24	597ff293cbdf
parent 23	7933295dbdca
child 27	a8c8d86b8501
permissions	-rw-r--r--