1.1 --- a/config/encryptionprovider.cfg Tue Feb 25 08:08:37 2014 +0100
1.2 +++ b/config/encryptionprovider.cfg Tue Apr 08 11:39:52 2014 +0200
1.3 @@ -5,8 +5,11 @@
1.4 # DEBUG, INFO, WARNING, ERROR, CRITICAL
1.5 LogLevel: debug
1.6
1.7 +# Path where the keyfile will be saved for temp usage
1.8 +Keyfile: /tmp/keyfile.key
1.9
1.10 -MountScript: /usr/local/bin/
1.11 -UmountScript: /usr/local/bin/
1.12 -InitScript: /usr/local/bin/
1.13 -GetDevicesScript: /usr/local/bin/
1.14 \ No newline at end of file
1.15 +
1.16 +MountScript: /usr/local/bin/truecrypt_mount.sh
1.17 +UmountScript: /usr/local/bin/truecrypt_umount.sh
1.18 +InitScript: /usr/local/bin/truecrypt_init.sh
1.19 +GetDevicesScript: /usr/local/bin/truecrypt_getdevices.sh
1.20 \ No newline at end of file
2.1 --- a/src/encryptionprovider.py Tue Feb 25 08:08:37 2014 +0100
2.2 +++ b/src/encryptionprovider.py Tue Apr 08 11:39:52 2014 +0200
2.3 @@ -10,10 +10,9 @@
2.4 import sys
2.5 import ConfigParser
2.6 import logging
2.7 +from passwordreceiver import *
2.8
2.9 -
2.10 -
2.11 -MINOPTS = { "Main" : ["LogFile", "LogLevel", "MountScript", "UmountScript", "InitScript", "GetDevicesScript"]}
2.12 +MINOPTS = { "Main" : ["LogFile", "LogLevel", "MountScript", "UmountScript", "InitScript", "GetDevicesScript", "Keyfile"]}
2.13
2.14 #CONFIG_FILE="/etc/enryptionprovider/encryptionprovider.cfg"
2.15 CONFIG_FILE="/home/spawn/workspace_python/encryptionprovider/config/encryptionprovider.cfg"
2.16 @@ -68,9 +67,73 @@
2.17
2.18
2.19
2.20 +def runExternalScripts (command):
2.21 + LOG.debug ("Run external Script: %s" %(command,))
2.22
2.23 + if (os.path.isfile (command[0]) == False):
2.24 + LOG.error ("File does not exist: %s" %((command[0]),))
2.25 + sys.stderr.write("File does not exist: %s\n" %((command[0]),))
2.26 + exit (1)
2.27
2.28 + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
2.29 + retcode = process.wait()
2.30 + ( stdout, stderr ) = process.communicate()
2.31
2.32 + return { "retcode" : retcode, "stdout" : stdout, "stderr" : stderr }
2.33 +
2.34 +
2.35 +def getDevices (script):
2.36 + command = [script];
2.37 + result = runExternalScripts (command);
2.38 +
2.39 + if (result["retcode"] != 0):
2.40 + LOG.error ("Retcode: %s" %(result["retcode"],))
2.41 + LOG.error ("stdout: %s" %(result["stdout"],))
2.42 + LOG.error ("stderr: %s" %(result["stderr"],))
2.43 + sys.stderr.write("%s" %(result["stderr"],))
2.44 + exit (1)
2.45 +
2.46 + #print ("%s" %(result["stdout"],))
2.47 + # don't use print here, because of the extra newline
2.48 + sys.stdout.write ("%s" %(result["stdout"],))
2.49 +
2.50 +
2.51 +def umountDevice (script, device):
2.52 + command = [script, device];
2.53 + result = runExternalScripts (command);
2.54 +
2.55 + if (result["retcode"] != 0):
2.56 + LOG.error ("Retcode: %s" %(result["retcode"],))
2.57 + LOG.error ("stdout: %s" %(result["stdout"],))
2.58 + LOG.error ("stderr: %s" %(result["stderr"],))
2.59 + sys.stderr.write("%s" %(result["stderr"],))
2.60 + exit (1)
2.61 +
2.62 + #print ("%s" %(result["stdout"],))
2.63 + # don't use print here, because of the extra newline
2.64 + sys.stdout.write ("%s" %(result["stdout"],))
2.65 +
2.66 +
2.67 +def mountDevice (script, interface, port, device, mountpoint, keyfilepath):
2.68 + listener = MyRestListener (opensecurity_urls, globals(), script = script, device = device, mountpoint = mountpoint, tries = 3, keyfilepath = keyfilepath)
2.69 + thread.start_new_thread(listener.run, (interface, port,))
2.70 +
2.71 + #command = [script, device, mountpoint, password];
2.72 + #result = runExternalScripts (command);
2.73 +
2.74 + close = False
2.75 + while (close == False):
2.76 + time.sleep(1)
2.77 + if (os.path.ismount(mountpoint) == True):
2.78 + close = True
2.79 + LOG.info ("Stick \"%s\" was mounted sucessfully to \"%s\"" %(device, mountpoint,))
2.80 + sys.exit(0)
2.81 +
2.82 + if (os.path.exists(device) == False):
2.83 + close = True
2.84 + LOG.error ("Stick \"%s\" removed -> exit" %(device,))
2.85 + sys.exit(1)
2.86 +
2.87
2.88 if __name__ == "__main__":
2.89
2.90 @@ -79,22 +142,21 @@
2.91 group.add_argument('-m', '--mount', action='store', nargs=4, dest='mount', help='Mounts an encrypted device.', metavar=("interface", "port", "device", "mountpoint"))
2.92 group.add_argument('-u', '--umount', action='store', nargs=1, dest='umount', help='Unmounts an encrypted device', metavar="device")
2.93 group.add_argument('-i', '--initialize', action='store', nargs=4, dest='initialize', help='Initialize an device.', metavar=("interface", "port", "device", "mountpoint"))
2.94 - group.add_argument('-g', '--getdevices', action='store_true', dest="getdevices", help='Returns a list of all encrypted mounted devices')
2.95 + group.add_argument('-g', '--getdevices', action='store_true', dest="getdevices", help='Returns a list of all mounted encrypted devices')
2.96 arguments = parser.parse_args()
2.97
2.98
2.99 config = loadConfig ()
2.100 initLog (config)
2.101
2.102 -
2.103 if (arguments.getdevices):
2.104 - print ("%s" %(arguments.getdevices,))
2.105 + getDevices (config.get ("Main", "GetDevicesScript"))
2.106
2.107 if (arguments.umount):
2.108 - print ("%s" %(arguments.umount,))
2.109 + umountDevice (config.get ("Main", "UmountScript"), arguments.umount[0])
2.110
2.111 if (arguments.mount):
2.112 - print ("%s" %(arguments.mount,))
2.113 + mountDevice (config.get ("Main", "MountScript"), arguments.mount[0], int(arguments.mount[1]), arguments.mount[2], arguments.mount[3], config.get ("Main", "Keyfile"))
2.114
2.115 if (arguments.initialize):
2.116 - print ("%s" %(arguments.initialize,))
2.117 + print ("Init: %s" %(arguments.initialize,))
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
3.2 +++ b/src/passwordreceiver.py Tue Apr 08 11:39:52 2014 +0200
3.3 @@ -0,0 +1,107 @@
3.4 +#!/usr/bin/python
3.5 +
3.6 +import subprocess
3.7 +import web
3.8 +import netifaces
3.9 +import argparse
3.10 +import thread
3.11 +import time
3.12 +import os
3.13 +import sys
3.14 +
3.15 +
3.16 +# SETTINGS ====================================================================
3.17 +truecrypt_cmd = "/usr/bin/truecrypt"
3.18 +
3.19 +opensecurity_urls = (
3.20 + '/password', 'os_password'
3.21 +)
3.22 +
3.23 +class os_password:
3.24 +
3.25 + # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)
3.26 + def deleteKeyfile(self, keyfilepath):
3.27 + filesize = os.path.getsize(keyfilepath)
3.28 + keyfile = open (keyfilepath, "wr+")
3.29 + for i in range (0, 10):
3.30 + keyfile.seek(0)
3.31 + keyfile.write(os.urandom(filesize))
3.32 + keyfile.flush()
3.33 + keyfile.close()
3.34 + os.remove(keyfilepath)
3.35 +
3.36 +
3.37 + def GET(self, settings):
3.38 +
3.39 + # pick the arguments
3.40 + args = web.input()
3.41 +
3.42 + if not "password" in args:
3.43 + raise web.badrequest()
3.44 +
3.45 + if "keyfile" in args:
3.46 + keyfile = open (settings["keyfilepath"], "wr+")
3.47 + keyfile.write(args["keyfile"])
3.48 + keyfile.close()
3.49 + command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]
3.50 + else:
3.51 + command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]
3.52 +
3.53 + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
3.54 + retval = process.wait()
3.55 + ( stdout, stderr ) = process.communicate()
3.56 +
3.57 + if "keyfile" in args:
3.58 + self.deleteKeyfile(settings["keyfilepath"])
3.59 +
3.60 + if (retval != 0):
3.61 + raise web.badrequest(stderr)
3.62 +
3.63 + return "Success: Encrypted Stick is mounted"
3.64 +
3.65 + def POST(self, settings):
3.66 +
3.67 + # pick the arguments
3.68 + args = web.input()
3.69 +
3.70 + if not "password" in args:
3.71 + raise web.badrequest()
3.72 +
3.73 + if "keyfile" in args:
3.74 + keyfile = open (settings["keyfilepath"], "rw+")
3.75 + keyfile.write(args["keyfile"])
3.76 + keyfile.close()
3.77 + command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]
3.78 + else:
3.79 + command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]
3.80 +
3.81 + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
3.82 + retval = process.wait()
3.83 + ( stdout, stderr ) = process.communicate()
3.84 +
3.85 + if "keyfile" in args:
3.86 + self.deleteKeyfile(settings["keyfilepath"])
3.87 +
3.88 + if (retval != 0):
3.89 + raise web.badrequest(stderr)
3.90 +
3.91 + return "Success: Encrypted Stick is mounted"
3.92 +
3.93 +class MyRestListener(web.application):
3.94 + def __init__(self, mapping=(), fvars={}, autoreload=None, script=None, device=None, mountpoint=None, tries=None, keyfilepath=None):
3.95 + web.application.__init__(self, mapping, fvars, autoreload)
3.96 + self.device = device
3.97 + self.mountpoint = mountpoint
3.98 + self.script = script
3.99 + self.tries = tries
3.100 + self.keyfilepath = keyfilepath
3.101 +
3.102 + def run(self, interface, port, *middleware):
3.103 + func = self.wsgifunc(*middleware)
3.104 + ifaceip = netifaces.ifaddresses(interface)[2][0]["addr"]
3.105 + return web.httpserver.runsimple(func, (ifaceip, port))
3.106 +
3.107 + def handle(self):
3.108 + fn, args = self._match(self.mapping, web.ctx.path)
3.109 + args.append({"script": self.script, "device": self.device, "mountpoint": self.mountpoint, "tries": self.tries, "keyfilepath": self.keyfilepath})
3.110 + return self._delegate(fn, self.fvars, args)
4.1 --- a/truecrypt_scripts/truecrypt_getdevices.bash Tue Feb 25 08:08:37 2014 +0100
4.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
4.3 @@ -1,18 +0,0 @@
4.4 -#!/bin/bash
4.5 -
4.6 -if [ -r "truecrypt_config.cfg" ]
4.7 -then
4.8 - . truecrypt_config.cfg
4.9 -else
4.10 - exit 1
4.11 -fi
4.12 -
4.13 -devicelist="$($tc_cmd -l | awk '{ print $2}')"
4.14 -result="$?"
4.15 -if [ "$result" != "0" ]
4.16 -then
4.17 - exit 1
4.18 -fi
4.19 -
4.20 -echo "$devicelist"
4.21 -exit 0
4.22 \ No newline at end of file
5.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
5.2 +++ b/truecrypt_scripts/truecrypt_getdevices.sh Tue Apr 08 11:39:52 2014 +0200
5.3 @@ -0,0 +1,25 @@
5.4 +#!/bin/sh
5.5 +
5.6 +BASEDIR="$(dirname $0)"
5.7 +
5.8 +if [ -r "$BASEDIR/truecrypt_config.cfg" ]
5.9 +then
5.10 + . "$BASEDIR/truecrypt_config.cfg"
5.11 +else
5.12 + echo "truecrypt_config.cfg not found" >&2
5.13 + exit 1
5.14 +fi
5.15 +
5.16 +devicelist="$($tc_cmd -l)"
5.17 +result="$?"
5.18 +
5.19 +if [ "$result" != "0" ]
5.20 +then
5.21 + exit 1
5.22 +fi
5.23 +
5.24 +# can't do this on the original command because of /bin/sh -> dash -> no PIPESTATUS -.-
5.25 +devicelist=$(echo $devicelist | awk '{ print $2}')
5.26 +
5.27 +echo "$devicelist"
5.28 +exit 0
5.29 \ No newline at end of file
6.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
6.2 +++ b/truecrypt_scripts/truecrypt_init.sh Tue Apr 08 11:39:52 2014 +0200
6.3 @@ -0,0 +1,39 @@
6.4 +#!/bin/sh
6.5 +
6.6 +# ToDo implement me
6.7 +exit 1
6.8 +
6.9 +BASEDIR="$(dirname $0)"
6.10 +DEVICE="$1"
6.11 +MOUNTPOINT="$2"
6.12 +PASSWORD="$3"
6.13 +KEYFILE="$4"
6.14 +
6.15 +if [ -r "$BASEDIR/truecrypt_config.cfg" ]
6.16 +then
6.17 + . "$BASEDIR/truecrypt_config.cfg"
6.18 +else
6.19 + echo "truecrypt_config.cfg not found" >&2
6.20 + exit 1
6.21 +fi
6.22 +
6.23 +
6.24 +
6.25 +truecrypt -c /dev/sdb /tmp/mnt/ --quick -p 'Test1234!' -k /home/spawn/mytestkey.key --filesystem=none --encryption=AES --hash=RIPEMD-160 --non-interactive
6.26 +
6.27 +if [ -z "$KEYFILE" ]
6.28 +then
6.29 + message="$($tc_cmd --non-interactive "$DEVICE" "$MOUNTPOINT" -p "$PASSWORD")"
6.30 +else
6.31 + message="$($tc_cmd --non-interactive "$DEVICE" "$MOUNTPOINT" -p "$PASSWORD" -k "$KEYFILE")"
6.32 +fi
6.33 +
6.34 +result="$?"
6.35 +
6.36 +if [ "$result" != "0" ]
6.37 +then
6.38 + exit 1
6.39 +fi
6.40 +
6.41 +echo "$message"
6.42 +exit 0
6.43 \ No newline at end of file
7.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
7.2 +++ b/truecrypt_scripts/truecrypt_mount.sh Tue Apr 08 11:39:52 2014 +0200
7.3 @@ -0,0 +1,34 @@
7.4 +#!/bin/sh
7.5 +
7.6 +BASEDIR="$(dirname $0)"
7.7 +DEVICE="$1"
7.8 +MOUNTPOINT="$2"
7.9 +PASSWORD="$3"
7.10 +KEYFILE="$4"
7.11 +
7.12 +if [ -r "$BASEDIR/truecrypt_config.cfg" ]
7.13 +then
7.14 + . "$BASEDIR/truecrypt_config.cfg"
7.15 +else
7.16 + echo "truecrypt_config.cfg not found" >&2
7.17 + exit 1
7.18 +fi
7.19 +
7.20 +if [ -z "$KEYFILE" ]
7.21 +then
7.22 + message="$($tc_cmd --non-interactive "$DEVICE" "$MOUNTPOINT" -p "$PASSWORD")"
7.23 + result="$?"
7.24 +else
7.25 + message="$($tc_cmd --non-interactive "$DEVICE" "$MOUNTPOINT" -p "$PASSWORD" -k "$KEYFILE")"
7.26 + result="$?"
7.27 +fi
7.28 +
7.29 +
7.30 +
7.31 +if [ "$result" != "0" ]
7.32 +then
7.33 + exit 1
7.34 +fi
7.35 +
7.36 +echo "$message"
7.37 +exit 0
7.38 \ No newline at end of file
8.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
8.2 +++ b/truecrypt_scripts/truecrypt_umount.sh Tue Apr 08 11:39:52 2014 +0200
8.3 @@ -0,0 +1,23 @@
8.4 +#!/bin/sh
8.5 +
8.6 +BASEDIR="$(dirname $0)"
8.7 +DEVICE="$1"
8.8 +
8.9 +if [ -r "$BASEDIR/truecrypt_config.cfg" ]
8.10 +then
8.11 + . "$BASEDIR/truecrypt_config.cfg"
8.12 +else
8.13 + echo "truecrypt_config.cfg not found" >&2
8.14 + exit 1
8.15 +fi
8.16 +
8.17 +message="$($tc_cmd -d $DEVICE)"
8.18 +result="$?"
8.19 +
8.20 +if [ "$result" != "0" ]
8.21 +then
8.22 + exit 1
8.23 +fi
8.24 +
8.25 +echo "$message"
8.26 +exit 0
8.27 \ No newline at end of file