# HG changeset patch # User ft # Date 1396949992 -7200 # Node ID ad15a8882cac41012aeb438198598a2e72ceefe0 # Parent 35acc83f4749ad71d3156f7a61dbb4f408fc1aea Implemented getdevices, mount and umount changed from /bin/bash to /bin/sh diff -r 35acc83f4749 -r ad15a8882cac config/encryptionprovider.cfg --- a/config/encryptionprovider.cfg Tue Feb 25 08:08:37 2014 +0100 +++ b/config/encryptionprovider.cfg Tue Apr 08 11:39:52 2014 +0200 @@ -5,8 +5,11 @@ # DEBUG, INFO, WARNING, ERROR, CRITICAL LogLevel: debug +# Path where the keyfile will be saved for temp usage +Keyfile: /tmp/keyfile.key -MountScript: /usr/local/bin/ -UmountScript: /usr/local/bin/ -InitScript: /usr/local/bin/ -GetDevicesScript: /usr/local/bin/ \ No newline at end of file + +MountScript: /usr/local/bin/truecrypt_mount.sh +UmountScript: /usr/local/bin/truecrypt_umount.sh +InitScript: /usr/local/bin/truecrypt_init.sh +GetDevicesScript: /usr/local/bin/truecrypt_getdevices.sh \ No newline at end of file diff -r 35acc83f4749 -r ad15a8882cac src/encryptionprovider.py --- a/src/encryptionprovider.py Tue Feb 25 08:08:37 2014 +0100 +++ b/src/encryptionprovider.py Tue Apr 08 11:39:52 2014 +0200 @@ -10,10 +10,9 @@ import sys import ConfigParser import logging +from passwordreceiver import * - - -MINOPTS = { "Main" : ["LogFile", "LogLevel", "MountScript", "UmountScript", "InitScript", "GetDevicesScript"]} +MINOPTS = { "Main" : ["LogFile", "LogLevel", "MountScript", "UmountScript", "InitScript", "GetDevicesScript", "Keyfile"]} #CONFIG_FILE="/etc/enryptionprovider/encryptionprovider.cfg" CONFIG_FILE="/home/spawn/workspace_python/encryptionprovider/config/encryptionprovider.cfg" @@ -68,9 +67,73 @@ +def runExternalScripts (command): + LOG.debug ("Run external Script: %s" %(command,)) + if (os.path.isfile (command[0]) == False): + LOG.error ("File does not exist: %s" %((command[0]),)) + sys.stderr.write("File does not exist: %s\n" %((command[0]),)) + exit (1) + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE ) + retcode = process.wait() + ( stdout, stderr ) = process.communicate() + return { "retcode" : retcode, "stdout" : stdout, "stderr" : stderr } + + +def getDevices (script): + command = [script]; + result = runExternalScripts (command); + + if (result["retcode"] != 0): + LOG.error ("Retcode: %s" %(result["retcode"],)) + LOG.error ("stdout: %s" %(result["stdout"],)) + LOG.error ("stderr: %s" %(result["stderr"],)) + sys.stderr.write("%s" %(result["stderr"],)) + exit (1) + + #print ("%s" %(result["stdout"],)) + # don't use print here, because of the extra newline + sys.stdout.write ("%s" %(result["stdout"],)) + + +def umountDevice (script, device): + command = [script, device]; + result = runExternalScripts (command); + + if (result["retcode"] != 0): + LOG.error ("Retcode: %s" %(result["retcode"],)) + LOG.error ("stdout: %s" %(result["stdout"],)) + LOG.error ("stderr: %s" %(result["stderr"],)) + sys.stderr.write("%s" %(result["stderr"],)) + exit (1) + + #print ("%s" %(result["stdout"],)) + # don't use print here, because of the extra newline + sys.stdout.write ("%s" %(result["stdout"],)) + + +def mountDevice (script, interface, port, device, mountpoint, keyfilepath): + listener = MyRestListener (opensecurity_urls, globals(), script = script, device = device, mountpoint = mountpoint, tries = 3, keyfilepath = keyfilepath) + thread.start_new_thread(listener.run, (interface, port,)) + + #command = [script, device, mountpoint, password]; + #result = runExternalScripts (command); + + close = False + while (close == False): + time.sleep(1) + if (os.path.ismount(mountpoint) == True): + close = True + LOG.info ("Stick \"%s\" was mounted sucessfully to \"%s\"" %(device, mountpoint,)) + sys.exit(0) + + if (os.path.exists(device) == False): + close = True + LOG.error ("Stick \"%s\" removed -> exit" %(device,)) + sys.exit(1) + if __name__ == "__main__": @@ -79,22 +142,21 @@ group.add_argument('-m', '--mount', action='store', nargs=4, dest='mount', help='Mounts an encrypted device.', metavar=("interface", "port", "device", "mountpoint")) group.add_argument('-u', '--umount', action='store', nargs=1, dest='umount', help='Unmounts an encrypted device', metavar="device") group.add_argument('-i', '--initialize', action='store', nargs=4, dest='initialize', help='Initialize an device.', metavar=("interface", "port", "device", "mountpoint")) - group.add_argument('-g', '--getdevices', action='store_true', dest="getdevices", help='Returns a list of all encrypted mounted devices') + group.add_argument('-g', '--getdevices', action='store_true', dest="getdevices", help='Returns a list of all mounted encrypted devices') arguments = parser.parse_args() config = loadConfig () initLog (config) - if (arguments.getdevices): - print ("%s" %(arguments.getdevices,)) + getDevices (config.get ("Main", "GetDevicesScript")) if (arguments.umount): - print ("%s" %(arguments.umount,)) + umountDevice (config.get ("Main", "UmountScript"), arguments.umount[0]) if (arguments.mount): - print ("%s" %(arguments.mount,)) + mountDevice (config.get ("Main", "MountScript"), arguments.mount[0], int(arguments.mount[1]), arguments.mount[2], arguments.mount[3], config.get ("Main", "Keyfile")) if (arguments.initialize): - print ("%s" %(arguments.initialize,)) + print ("Init: %s" %(arguments.initialize,)) diff -r 35acc83f4749 -r ad15a8882cac src/passwordreceiver.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/passwordreceiver.py Tue Apr 08 11:39:52 2014 +0200 @@ -0,0 +1,107 @@ +#!/usr/bin/python + +import subprocess +import web +import netifaces +import argparse +import thread +import time +import os +import sys + + +# SETTINGS ==================================================================== +truecrypt_cmd = "/usr/bin/truecrypt" + +opensecurity_urls = ( + '/password', 'os_password' +) + +class os_password: + + # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok) + def deleteKeyfile(self, keyfilepath): + filesize = os.path.getsize(keyfilepath) + keyfile = open (keyfilepath, "wr+") + for i in range (0, 10): + keyfile.seek(0) + keyfile.write(os.urandom(filesize)) + keyfile.flush() + keyfile.close() + os.remove(keyfilepath) + + + def GET(self, settings): + + # pick the arguments + args = web.input() + + if not "password" in args: + raise web.badrequest() + + if "keyfile" in args: + keyfile = open (settings["keyfilepath"], "wr+") + keyfile.write(args["keyfile"]) + keyfile.close() + command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]] + else: + command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]] + + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE ) + retval = process.wait() + ( stdout, stderr ) = process.communicate() + + if "keyfile" in args: + self.deleteKeyfile(settings["keyfilepath"]) + + if (retval != 0): + raise web.badrequest(stderr) + + return "Success: Encrypted Stick is mounted" + + def POST(self, settings): + + # pick the arguments + args = web.input() + + if not "password" in args: + raise web.badrequest() + + if "keyfile" in args: + keyfile = open (settings["keyfilepath"], "rw+") + keyfile.write(args["keyfile"]) + keyfile.close() + command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]] + else: + command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]] + + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE ) + retval = process.wait() + ( stdout, stderr ) = process.communicate() + + if "keyfile" in args: + self.deleteKeyfile(settings["keyfilepath"]) + + if (retval != 0): + raise web.badrequest(stderr) + + return "Success: Encrypted Stick is mounted" + +class MyRestListener(web.application): + def __init__(self, mapping=(), fvars={}, autoreload=None, script=None, device=None, mountpoint=None, tries=None, keyfilepath=None): + web.application.__init__(self, mapping, fvars, autoreload) + self.device = device + self.mountpoint = mountpoint + self.script = script + self.tries = tries + self.keyfilepath = keyfilepath + + def run(self, interface, port, *middleware): + func = self.wsgifunc(*middleware) + ifaceip = netifaces.ifaddresses(interface)[2][0]["addr"] + return web.httpserver.runsimple(func, (ifaceip, port)) + + def handle(self): + fn, args = self._match(self.mapping, web.ctx.path) + args.append({"script": self.script, "device": self.device, "mountpoint": self.mountpoint, "tries": self.tries, "keyfilepath": self.keyfilepath}) + return self._delegate(fn, self.fvars, args) diff -r 35acc83f4749 -r ad15a8882cac truecrypt_scripts/truecrypt_getdevices.bash --- a/truecrypt_scripts/truecrypt_getdevices.bash Tue Feb 25 08:08:37 2014 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,18 +0,0 @@ -#!/bin/bash - -if [ -r "truecrypt_config.cfg" ] -then - . truecrypt_config.cfg -else - exit 1 -fi - -devicelist="$($tc_cmd -l | awk '{ print $2}')" -result="$?" -if [ "$result" != "0" ] -then - exit 1 -fi - -echo "$devicelist" -exit 0 \ No newline at end of file diff -r 35acc83f4749 -r ad15a8882cac truecrypt_scripts/truecrypt_getdevices.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/truecrypt_scripts/truecrypt_getdevices.sh Tue Apr 08 11:39:52 2014 +0200 @@ -0,0 +1,25 @@ +#!/bin/sh + +BASEDIR="$(dirname $0)" + +if [ -r "$BASEDIR/truecrypt_config.cfg" ] +then + . "$BASEDIR/truecrypt_config.cfg" +else + echo "truecrypt_config.cfg not found" >&2 + exit 1 +fi + +devicelist="$($tc_cmd -l)" +result="$?" + +if [ "$result" != "0" ] +then + exit 1 +fi + +# can't do this on the original command because of /bin/sh -> dash -> no PIPESTATUS -.- +devicelist=$(echo $devicelist | awk '{ print $2}') + +echo "$devicelist" +exit 0 \ No newline at end of file diff -r 35acc83f4749 -r ad15a8882cac truecrypt_scripts/truecrypt_init.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/truecrypt_scripts/truecrypt_init.sh Tue Apr 08 11:39:52 2014 +0200 @@ -0,0 +1,39 @@ +#!/bin/sh + +# ToDo implement me +exit 1 + +BASEDIR="$(dirname $0)" +DEVICE="$1" +MOUNTPOINT="$2" +PASSWORD="$3" +KEYFILE="$4" + +if [ -r "$BASEDIR/truecrypt_config.cfg" ] +then + . "$BASEDIR/truecrypt_config.cfg" +else + echo "truecrypt_config.cfg not found" >&2 + exit 1 +fi + + + +truecrypt -c /dev/sdb /tmp/mnt/ --quick -p 'Test1234!' -k /home/spawn/mytestkey.key --filesystem=none --encryption=AES --hash=RIPEMD-160 --non-interactive + +if [ -z "$KEYFILE" ] +then + message="$($tc_cmd --non-interactive "$DEVICE" "$MOUNTPOINT" -p "$PASSWORD")" +else + message="$($tc_cmd --non-interactive "$DEVICE" "$MOUNTPOINT" -p "$PASSWORD" -k "$KEYFILE")" +fi + +result="$?" + +if [ "$result" != "0" ] +then + exit 1 +fi + +echo "$message" +exit 0 \ No newline at end of file diff -r 35acc83f4749 -r ad15a8882cac truecrypt_scripts/truecrypt_mount.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/truecrypt_scripts/truecrypt_mount.sh Tue Apr 08 11:39:52 2014 +0200 @@ -0,0 +1,34 @@ +#!/bin/sh + +BASEDIR="$(dirname $0)" +DEVICE="$1" +MOUNTPOINT="$2" +PASSWORD="$3" +KEYFILE="$4" + +if [ -r "$BASEDIR/truecrypt_config.cfg" ] +then + . "$BASEDIR/truecrypt_config.cfg" +else + echo "truecrypt_config.cfg not found" >&2 + exit 1 +fi + +if [ -z "$KEYFILE" ] +then + message="$($tc_cmd --non-interactive "$DEVICE" "$MOUNTPOINT" -p "$PASSWORD")" + result="$?" +else + message="$($tc_cmd --non-interactive "$DEVICE" "$MOUNTPOINT" -p "$PASSWORD" -k "$KEYFILE")" + result="$?" +fi + + + +if [ "$result" != "0" ] +then + exit 1 +fi + +echo "$message" +exit 0 \ No newline at end of file diff -r 35acc83f4749 -r ad15a8882cac truecrypt_scripts/truecrypt_umount.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/truecrypt_scripts/truecrypt_umount.sh Tue Apr 08 11:39:52 2014 +0200 @@ -0,0 +1,23 @@ +#!/bin/sh + +BASEDIR="$(dirname $0)" +DEVICE="$1" + +if [ -r "$BASEDIR/truecrypt_config.cfg" ] +then + . "$BASEDIR/truecrypt_config.cfg" +else + echo "truecrypt_config.cfg not found" >&2 + exit 1 +fi + +message="$($tc_cmd -d $DEVICE)" +result="$?" + +if [ "$result" != "0" ] +then + exit 1 +fi + +echo "$message" +exit 0 \ No newline at end of file