3 # ------------------------------------------------------------
4 # opensecurity package file
6 # Autor: X-Net Services GmbH <office@x-net.at>
8 # Copyright 2013-2014 X-Net and AIT Austrian Institute of Technology
11 # X-Net Technologies GmbH
15 # https://www.x-net.at
17 # AIT Austrian Institute of Technology
18 # Donau City Strasse 1
21 # http://www.ait.ac.at
24 # Licensed under the Apache License, Version 2.0 (the "License");
25 # you may not use this file except in compliance with the License.
26 # You may obtain a copy of the License at
28 # http://www.apache.org/licenses/LICENSE-2.0
30 # Unless required by applicable law or agreed to in writing, software
31 # distributed under the License is distributed on an "AS IS" BASIS,
32 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
33 # See the License for the specific language governing permissions and
34 # limitations under the License.
35 # ------------------------------------------------------------
47 '/password', 'os_password',
51 #__LOG = logging.getLogger("passwordreceiver")
55 # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)
56 def deleteKeyfile(self, keyfilepath):
57 filesize = os.path.getsize(keyfilepath)
58 keyfile = open (keyfilepath, "w+")
59 for i in range (0, 10):
61 keyfile.write(os.urandom(filesize))
64 os.remove(keyfilepath)
67 def GET(self, settings):
68 return self.POST(settings)
70 def POST(self, settings):
75 if not "password" in args:
76 raise web.badrequest()
79 keyfile = open (settings["keyfilepath"], "w+")
80 keyfile.write(base64.b64decode(args["keyfile"]))
82 command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]
84 command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]
86 process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
87 retval = process.wait()
88 ( stdout, stderr ) = process.communicate()
91 self.deleteKeyfile(settings["keyfilepath"])
94 raise web.badrequest(stderr)
96 return "Success: Encrypted Stick is mounted"
99 # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)
100 def deleteKeyfile(self, keyfilepath):
101 filesize = os.path.getsize(keyfilepath)
102 keyfile = open (keyfilepath, "w+")
103 for i in range (0, 10):
105 keyfile.write(os.urandom(filesize))
108 os.remove(keyfilepath)
110 def runPreInitScript(self, preinitscript, device):
111 #__LOG.debug("Start preinit Script")
113 command = [preinitscript, device]
114 process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
115 retval = process.wait()
116 ( stdout, stderr ) = process.communicate()
118 #__LOG.debug("preinit done result: %s" %(retval,))
121 raise web.badrequest(stderr)
123 def runPostInitScript(self, postinitscript):
124 #__LOG.debug("Start postinit Script")
126 command = [postinitscript]
127 process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
128 retval = process.wait()
129 ( stdout, stderr ) = process.communicate()
131 #__LOG.debug("postinit done result: %s" %(retval,))
134 raise web.badrequest(stderr)
136 def GET(self, settings):
137 return self.POST(settings)
139 def POST(self, settings):
144 if not "password" in args:
145 raise web.badrequest()
147 # Do the preinit stuff
148 self.runPreInitScript(settings["preinitscript"], settings["device"])
150 if "keyfile" in args:
151 keyfile = open (settings["keyfilepath"], "w+")
152 keyfile.write(base64.b64decode(args["keyfile"]))
154 command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]
156 command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]
158 #__LOG.debug("Start init script")
160 process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
161 retval = process.wait()
162 ( stdout, stderr ) = process.communicate()
164 if "keyfile" in args:
165 self.deleteKeyfile(settings["keyfilepath"])
167 #__LOG.debug("init done result: %s" %(retval,))
170 raise web.badrequest(stderr)
172 # Do the postinit stuff
173 self.runPostInitScript(settings["postinitscript"])
175 return "Success: Stick is initialized and mounted"
177 class MyRestListener(web.application):
178 def __init__(self, mapping=(), fvars={}, autoreload=None, script=None, device=None, mountpoint=None, tries=None, keyfilepath=None, preinitscript=None, postinitscript=None):
179 web.application.__init__(self, mapping, fvars, autoreload)
181 self.mountpoint = mountpoint
184 self.keyfilepath = keyfilepath
185 self.preinitscript = preinitscript
186 self.postinitscript = postinitscript
188 def run(self, interface, port, *middleware):
189 func = self.wsgifunc(*middleware)
190 ifaceip = netifaces.ifaddresses(interface)[2][0]["addr"]
191 return web.httpserver.runsimple(func, (ifaceip, port))
194 fn, args = self._match(self.mapping, web.ctx.path)
195 args.append({"script": self.script, "device": self.device, "mountpoint": self.mountpoint, "tries": self.tries, "keyfilepath": self.keyfilepath, "preinitscript": self.preinitscript, "postinitscript": self.postinitscript})
196 return self._delegate(fn, self.fvars, args)