Mercurialencryptionprovider / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | raw | help
src/passwordreceiver.py
author ft
Fri, 22 Aug 2014 10:27:46 +0200
changeset 24 597ff293cbdf
parent 23 7933295dbdca
child 27 a8c8d86b8501
permissions -rw-r--r--
added base64 decode for keyfile 
     1 #!/usr/bin/python

     2 

     3 import subprocess

     4 import web

     5 import netifaces

     6 import os

     7 import sys

     8 import base64

     9 #import logging

    10 

    11 opensecurity_urls = (

    12     '/password',                'os_password',

    13     '/init',                    'os_init'

    14 )

    15 

    16 #__LOG = logging.getLogger("passwordreceiver")

    17 

    18 class os_password:

    19     

    20     # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)

    21     def deleteKeyfile(self, keyfilepath):

    22         filesize = os.path.getsize(keyfilepath)

    23         keyfile = open (keyfilepath, "w+")

    24         for i in range (0, 10):

    25             keyfile.seek(0)

    26             keyfile.write(os.urandom(filesize))

    27             keyfile.flush()

    28         keyfile.close()

    29         os.remove(keyfilepath)

    30     

    31     

    32     def GET(self, settings):

    33         return self.POST(settings)

    34     

    35     def POST(self, settings):

    36         

    37         # pick the arguments

    38         args = web.input()

    39                       

    40         if not "password" in args:

    41             raise web.badrequest()

    42 

    43         if "keyfile" in args:

    44             keyfile = open (settings["keyfilepath"], "w+")

    45             keyfile.write(base64.b64decode(args["keyfile"]))

    46             keyfile.close()

    47             command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]

    48         else:

    49             command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]

    50             

    51         process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )

    52         retval = process.wait()

    53         ( stdout, stderr ) = process.communicate()

    54         

    55         if "keyfile" in args:

    56             self.deleteKeyfile(settings["keyfilepath"])

    57         

    58         if (retval != 0):

    59             raise web.badrequest(stderr)

    60         

    61         return "Success: Encrypted Stick is mounted"

    62 

    63 class os_init:

    64     # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)

    65     def deleteKeyfile(self, keyfilepath):

    66         filesize = os.path.getsize(keyfilepath)

    67         keyfile = open (keyfilepath, "w+")

    68         for i in range (0, 10):

    69             keyfile.seek(0)

    70             keyfile.write(os.urandom(filesize))

    71             keyfile.flush()

    72         keyfile.close()

    73         os.remove(keyfilepath)

    74     

    75     def runPreInitScript(self, preinitscript, device):

    76         #__LOG.debug("Start preinit Script")

    77         

    78         command = [preinitscript, device]

    79         process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )

    80         retval = process.wait()

    81         ( stdout, stderr ) = process.communicate()

    82         

    83         #__LOG.debug("preinit done result: %s" %(retval,))

    84         

    85         if (retval != 0):

    86             raise web.badrequest(stderr)

    87     

    88     def runPostInitScript(self, postinitscript):

    89         #__LOG.debug("Start postinit Script")

    90         

    91         command = [postinitscript]

    92         process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )

    93         retval = process.wait()

    94         ( stdout, stderr ) = process.communicate()

    95         

    96         #__LOG.debug("postinit done result: %s" %(retval,))

    97         

    98         if (retval != 0):

    99             raise web.badrequest(stderr)

   100     

   101     def GET(self, settings):

   102         return self.POST(settings)

   103     

   104     def POST(self, settings):

   105         

   106         # pick the arguments

   107         args = web.input()

   108                       

   109         if not "password" in args:

   110             raise web.badrequest()

   111         

   112         # Do the preinit stuff

   113         self.runPreInitScript(settings["preinitscript"], settings["device"])

   114 

   115         if "keyfile" in args:

   116             keyfile = open (settings["keyfilepath"], "w+")

   117             keyfile.write(base64.b64decode(args["keyfile"]))

   118             keyfile.close()

   119             command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]

   120         else:

   121             command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]

   122             

   123         #__LOG.debug("Start init script")

   124         

   125         process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )

   126         retval = process.wait()

   127         ( stdout, stderr ) = process.communicate()

   128         

   129         if "keyfile" in args:

   130             self.deleteKeyfile(settings["keyfilepath"])

   131         

   132         #__LOG.debug("init done result: %s" %(retval,))

   133         

   134         if (retval != 0):

   135             raise web.badrequest(stderr)

   136         

   137         # Do the postinit stuff

   138         self.runPostInitScript(settings["postinitscript"])

   139         

   140         return "Success: Stick is initialized and mounted"

   141 

   142 class MyRestListener(web.application):

   143     def __init__(self, mapping=(), fvars={}, autoreload=None, script=None, device=None, mountpoint=None, tries=None, keyfilepath=None, preinitscript=None, postinitscript=None):

   144         web.application.__init__(self, mapping, fvars, autoreload)

   145         self.device = device

   146         self.mountpoint = mountpoint

   147         self.script = script

   148         self.tries = tries

   149         self.keyfilepath = keyfilepath

   150         self.preinitscript = preinitscript

   151         self.postinitscript = postinitscript

   152         

   153     def run(self, interface, port, *middleware):

   154         func = self.wsgifunc(*middleware)

   155         ifaceip = netifaces.ifaddresses(interface)[2][0]["addr"]

   156         return web.httpserver.runsimple(func, (ifaceip, port))

   157     

   158     def handle(self):

   159         fn, args = self._match(self.mapping, web.ctx.path)

   160         args.append({"script": self.script, "device": self.device, "mountpoint": self.mountpoint, "tries": self.tries, "keyfilepath": self.keyfilepath, "preinitscript": self.preinitscript, "postinitscript": self.postinitscript})

   161         return self._delegate(fn, self.fvars, args)
encryptionprovider