#!/bin/env python

# -*- coding: utf-8 -*-

# ------------------------------------------------------------

# opensecurityd

#   

# the opensecurityd as RESTful server

#

# Autor: Mihai Bartha, <mihai.bartha@ait.ac.at>

#

# Copyright (C) 2013 AIT Austrian Institute of Technology

# AIT Austrian Institute of Technology GmbH

# Donau-City-Strasse 1 | 1220 Vienna | Austria

# http://www.ait.ac.at

#

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation version 2.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, 

# Boston, MA  02110-1301, USA.

# ------------------------------------------------------------

# ------------------------------------------------------------

# imports

import os

import os.path

from subprocess import Popen, PIPE, call, STARTUPINFO, _subprocess

import sys

import re

from cygwin import Cygwin

from environment import Environment

import threading

import time

import string

import shutil

import stat

import tempfile

from opensecurity_util import logger, import_logger, setupLogger, OpenSecurityException, showTrayMessage

import ctypes

import itertools

import win32api

import win32con

import win32security

import win32wnet

import urllib

import urllib2

import unittest

DEBUG = True

new_sdvm_lock = threading.Lock()

class VMManagerException(Exception):

    def __init__(self, value):

        self.value = value

    def __str__(self):

        return repr(self.value)

class USBFilter:

    uuid = ""

    vendorid = ""

    productid = ""

    revision = ""

    serial = ""

    def __init__(self, uuid, vendorid, productid, revision, serial):

        self.uuid = uuid

        self.vendorid = vendorid.lower()

        self.productid = productid.lower()

        self.revision = revision.lower()

        self.serial = serial

        return

    def __eq__(self, other):

        return self.uuid == other.uuid #self.vendorid == other.vendorid and self.productid == other.productid and self.revision == other.revision

    def __hash__(self):

        return hash(self.uuid) ^ hash(self.vendorid) ^ hash(self.productid) ^ hash(self.revision) ^ hash(self.serial)

    def __repr__(self):

        return "UUID:" + str(self.uuid) + " VendorId = \'" + str(self.vendorid) + "\' ProductId = \'" + str(self.productid) + "\'" + "\' Revision = \'" + str(self.revision) + "\' SerialNumber = \'" + str(self.serial)

    #def __getitem__(self, item):

    #    return self.coords[item]

def once(theClass):

    theClass.systemProperties = theClass.getSystemProperties()

    theClass.machineFolder =    theClass.systemProperties["Default machine folder"]

    #theClass.hostonlyIF =       theClass.getHostOnlyIFs()["VirtualBox Host-Only Ethernet Adapter"]

    theClass.blacklistedRSD =   theClass.loadRSDBlacklist()

    theClass.templateImage =    theClass.machineFolder + '\\' + theClass.vmRootName + '\\' + theClass.vmRootName + '.vmdk'

    return theClass

@once

class VMManager(object):

    vmRootName = "SecurityDVM"

    systemProperties = None

    _instance = None

    machineFolder = ''

    rsdHandler = None

    hostonlyIF = None

    browsingManager = None

    blacklistedRSD = None

    status_message = 'Starting up...'

    templateImage = None

    importHandler = None

    updateHandler = None

    def __init__(self):

        # only proceed if we have a working background environment

        if self.backend_ok():

            VMManager.hostonlyIF = self.getHostOnlyIFs()["VirtualBox Host-Only Ethernet Adapter"]

            self.cleanup()

        else:

            logger.critical(self.status_message)

    @staticmethod

    def getInstance():

        if VMManager._instance == None:

            VMManager._instance = VMManager()

        return VMManager._instance

    #list the hostonly IFs exposed by the VBox host

    @staticmethod    

    def getHostOnlyIFs():

        results = Cygwin.vboxExecute('list hostonlyifs')[1]

        ifs = dict()

        if results=='':

            return ifs

        items = list( "Name:    " + result for result in results.split('Name:    ') if result != '')

        for item in items:

            if item != "":

                props = dict((k.strip(),v.strip().strip('"')) for k,v in (line.split(':', 1) for line in item.strip().splitlines()))

                ifs[props["Name"]] = props

        return ifs

        #props = dict((k.strip(),v.strip().strip('"')) for k,v in (line.split(':', 1) for line in result.strip().splitlines()))

        #return props

    #list the hostonly IFs exposed by the VBox host

    @staticmethod    

    def getDHCPServers():

        results = Cygwin.vboxExecute('list dhcpservers')[1]

        if results=='':

            return dict()

        items = list( "NetworkName:    " + result for result in results.split('NetworkName:    ') if result != '')

        dhcps = dict()   

        for item in items:

            if item != "":

                props = dict((k.strip(),v.strip().strip('"')) for k,v in (line.split(':', 1) for line in item.strip().splitlines()))

                dhcps[props["NetworkName"]] = props

        return dhcps 

    # return hosty system properties

    @staticmethod

    def getSystemProperties():

        result = Cygwin.vboxExecute('list systemproperties')

        if result[1]=='':

            return None

        props = dict((k.strip(),v.strip().strip('"')) for k,v in (line.split(':', 1) for line in result[1].strip().splitlines()))

        return props

    # return the folder containing the guest VMs     

    def getMachineFolder(self):

        return VMManager.machineFolder

    # verifies the hostonly interface and DHCP server settings

    def verifyHostOnlySettings(self):

        interfaceName = "VirtualBox Host-Only Ethernet Adapter"

        networkName = "HostInterfaceNetworking-VirtualBox Host-Only Ethernet Adapter"

        hostonlyifs = self.getHostOnlyIFs()

        if not interfaceName in hostonlyifs.keys():

            Cygwin.vboxExecute('hostonlyif create')

            hostonlyifs = self.getHostOnlyIFs()

            if not interfaceName in hostonlyifs.keys():

                return False

        interface = hostonlyifs[interfaceName]

        if interface['VBoxNetworkName'] != networkName or interface['DHCP'] != 'Disabled' or interface['IPAddress'] != '192.168.56.1':

            Cygwin.vboxExecute('hostonlyif ipconfig "' + interfaceName + '" --ip 192.168.56.1 --netmask 255.255.255.0')

        dhcpservers = self.getDHCPServers()

        if not networkName in dhcpservers.keys():

            Cygwin.vboxExecute('dhcpserver add --ifname "' + interfaceName + '" --ip 192.168.56.100 --netmask 255.255.255.0 --lowerip 192.168.56.101 --upperip 192.168.56.254 --enable')

            dhcpservers = self.getDHCPServers()

            if not networkName in dhcpservers.keys():

                return False

        server = dhcpservers[networkName]

        if server['IP'] != '192.168.56.100' or server['NetworkMask'] != '255.255.255.0' or server['lowerIPAddress'] != '192.168.56.101' or server['upperIPAddress'] != '192.168.56.254' or server['Enabled'] != 'Yes':

            Cygwin.vboxExecute('VBoxManage dhcpserver modify --netname "' + networkName + '" --ip 192.168.56.100 --netmask 255.255.255.0 --lowerip 192.168.56.101 --upperip 192.168.56.254 --enable')

        return True

    def template_installed(self):

        """ check if we do have our root VMs installed """

        vms = self.listVMS()

        if not self.vmRootName in vms:

            self.status_message = 'Unable to locate root SecurityDVM. Please download and setup the initial image.'

            return False

        return True

    def backend_ok(self):

        """check if the backend (VirtualBox) is sufficient for our task"""

        # ensure we have our system props

        if VMManager.systemProperties == None:

            VMManager.systemProperties = self.getSystemProperties()

        if VMManager.systemProperties == None:

            self.status_message = 'Failed to get backend system properties. Is Backend (VirtualBox?) installed?'

            return False

        # check for existing Extension pack

        if not 'Remote desktop ExtPack' in VMManager.systemProperties:

            self.status_message = 'No remote desktop extension pack found. Please install the "Oracle VM VirtualBox Extension Pack" from https://www.virtualbox.org/wiki/Downloads.'

            return False

        if VMManager.systemProperties['Remote desktop ExtPack'] == 'Oracle VM VirtualBox Extension Pack ':

            self.status_message = 'Unsure if suitable extension pack is installed. Please install the "Oracle VM VirtualBox Extension Pack" from https://www.virtualbox.org/wiki/Downloads.'

            return False

        # check the existing hostOnly network settings and try to reconfigure if faulty

        if not self.verifyHostOnlySettings():

            return False

        # basically all seems nice and ready to rumble

        self.status_message = 'All is ok.'

        return True

    def stop(self):

        Cygwin.denyExec()

        if self.rsdHandler != None:

            self.rsdHandler.stop()

            self.rsdHandler.join()

            self.rsdHandler = None

        if self.browsingManager != None:

            self.browsingManager.stop()

            self.browsingManager.join()

            self.browsingManager = None

        Cygwin.allowExec()

    def start(self, force = False):

        if not force:

            if self.importHandler and self.importHandler.isAlive():

                logger.info("Initial update running canceling start.")

                return

            if self.updateHandler and self.updateHandler.isAlive():

                logger.info("Update running canceling start.")

                return

        self.stop()

        Cygwin.allowExec()

        if self.backend_ok() and self.template_installed():

            self.browsingManager = BrowsingManager(self)

            self.browsingManager.start()

            self.rsdHandler = DeviceHandler(self)

            self.rsdHandler.start()

    def cleanup(self):

        self.stop()

        Cygwin.allowExec()

        ip = self.getHostOnlyIP(None)

        try:

            result = urllib2.urlopen('http://127.0.0.1:8090/netcleanup?'+'hostonly_ip='+ip).readline()

        except urllib2.URLError:

            logger.info("Network drive cleanup all skipped. OpenSecurity Tray client not started yet.")

        for vm in self.listSDVM():

            self.poweroffVM(vm)

            self.removeVM(vm)

    # list all existing VMs registered with VBox

    def listVMS(self):

        result = Cygwin.vboxExecute('list vms')[1]

        vms = list(k.strip().strip('"') for k,_ in (line.split(' ') for line in result.splitlines()))

        return vms

    # list running VMs

    def listRunningVMS(self):

        result = Cygwin.vboxExecute('list runningvms')[1]

        vms = list(k.strip().strip('"') for k,_ in (line.split(' ') for line in result.splitlines()))

        return vms

    # list existing SDVMs

    def listSDVM(self):

        vms = self.listVMS()

        svdms = []

        for vm in vms:

            if vm.startswith(self.vmRootName) and vm != self.vmRootName:

                svdms.append(vm)

        return svdms

    # generate valid (not already existing SDVM name). necessary for creating a new VM

    def genSDVMName(self):

        vms = self.listVMS()

        for i in range(0,999):

            if(not self.vmRootName+str(i) in vms):

                return self.vmRootName+str(i)

        return ''

    @staticmethod

    def loadRSDBlacklist():

        blacklist = dict()

        try:

            fo = open(Environment('OpenSecurity').prefix_path +"\\bin\\blacklist.usb", "r")

        except IOError:

            logger.error("Could not open RSD blacklist file.")

            return blacklist

        lines = fo.readlines()

        for line in lines:

            if line != "":  

                parts = line.strip().split(' ')

                blacklist[parts[0].lower()] = parts[1].lower()

        return blacklist

    @staticmethod

    def isBlacklisted(device):

        if VMManager.blacklistedRSD:

            blacklisted = device.vendorid.lower() in VMManager.blacklistedRSD.keys() and device.productid.lower() == VMManager.blacklistedRSD[device.vendorid]

            return blacklisted

        return False 

    # check if the device is mass storage type

    @staticmethod

    def isMassStorageDevice(device):

        vidkey = None

        devinfokey = None

        value = ""

        try:

            keyname = 'SYSTEM\CurrentControlSet\Enum\USB' + '\VID_' + device.vendorid+'&'+'PID_'+ device.productid

            vidkey = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, keyname)

            devinfokeyname = win32api.RegEnumKey(vidkey, 0)

            win32api.RegCloseKey(vidkey)

            devinfokey = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, keyname+'\\'+devinfokeyname)

            value = win32api.RegQueryValueEx(devinfokey, 'SERVICE')[0]

            win32api.RegCloseKey(devinfokey)

        except Exception as ex:

            logger.error('Error reading registry.Exception details: %s' %ex)

        finally:

            if vidkey is not None:

                win32api.RegCloseKey(vidkey)

            if devinfokey is not None:

                win32api.RegCloseKey(devinfokey)

        return 'USBSTOR' in value

    # return the RSDs connected to the host

    @staticmethod

    def getExistingRSDs():

        results = Cygwin.vboxExecute('list usbhost')[1]

        results = results.split('Host USB Devices:')[1].strip()

        items = list( "UUID:"+result for result in results.split('UUID:') if result != '')

        rsds = dict()   

        for item in items:

            props = dict()

            for line in item.splitlines():     

                if line != "":         

                    k,v = line[:line.index(':')].strip(), line[line.index(':')+1:].strip()

                    props[k] = v

            uuid = re.search(r"(?P<uuid>[0-9A-Fa-f\-]+)", props['UUID']).groupdict()['uuid']

            vid = re.search(r"\((?P<vid>[0-9A-Fa-f]+)\)", props['VendorId']).groupdict()['vid']

            pid = re.search(r"\((?P<pid>[0-9A-Fa-f]+)\)", props['ProductId']).groupdict()['pid']

            rev = re.search(r"\((?P<rev>[0-9A-Fa-f]+)\)", props['Revision']).groupdict()['rev']

            serial = None

            if 'SerialNumber' in props.keys():

                serial = re.search(r"(?P<ser>[0-9A-Fa-f]+)", props['SerialNumber']).groupdict()['ser']

            usb_filter = USBFilter( uuid, vid, pid, rev, serial)

            if VMManager.isMassStorageDevice(usb_filter) and not VMManager.isBlacklisted(usb_filter):

                rsds[uuid] = usb_filter

                logger.debug(usb_filter)

        return rsds

    # return the attached USB device as usb descriptor for an existing VM 

    def getAttachedRSD(self, vm_name):

        props = self.getVMInfo(vm_name)

        keys = set(['USBAttachedUUID1', 'USBAttachedVendorId1', 'USBAttachedProductId1', 'USBAttachedRevision1', 'USBAttachedSerialNumber1'])

        keyset = set(props.keys())

        usb_filter = None

        if keyset.issuperset(keys):

            usb_filter = USBFilter(props['USBAttachedUUID1'], props['USBAttachedVendorId1'], props['USBAttachedProductId1'], props['USBAttachedRevision1'], props['USBAttachedSerialNumber1'])

        return usb_filter

    # return the RSDs attached to all existing SDVMs

    def getAttachedRSDs(self):

        vms = self.listSDVM()

        attached_devices = dict()

        for vm in vms:

            rsd_filter = self.getAttachedRSD(vm)

            if rsd_filter != None:

                attached_devices[vm] = rsd_filter

        return attached_devices

    # attach removable storage device to VM by provision of filter

    def attachRSD(self, vm_name, rsd_filter):

        #return Cygwin.vboxExecute('usbfilter add 0 --target ' + vm_name + ' --name OpenSecurityRSD --vendorid ' + rsd_filter.vendorid + ' --productid ' + rsd_filter.productid + ' --revision ' + rsd_filter.revision + ' --serialnumber ' + rsd_filter.serial)

        return Cygwin.vboxExecute('controlvm ' + vm_name + ' usbattach ' + rsd_filter.uuid )

    # detach removable storage from VM by 

    def detachRSD(self, vm_name, rsd_filter):

        #return Cygwin.vboxExecute('usbfilter remove 0 --target ' + vm_name)

        return Cygwin.vboxExecute('controlvm ' + vm_name + ' usbdetach ' + rsd_filter.uuid )

    # configures hostonly networking and DHCP server. requires admin rights

    def configureHostNetworking(self):

        #cmd = 'vboxmanage list hostonlyifs'

        #Cygwin.vboxExecute(cmd)

        #cmd = 'vboxmanage hostonlyif remove \"VirtualBox Host-Only Ethernet Adapter\"'

        #Cygwin.vboxExecute(cmd)

        #cmd = 'vboxmanage hostonlyif create'

        #Cygwin.vboxExecute(cmd)

        Cygwin.vboxExecute('hostonlyif ipconfig \"VirtualBox Host-Only Ethernet Adapter\" --ip 192.168.56.1 --netmask 255.255.255.0')

        #cmd = 'vboxmanage dhcpserver add'

        #Cygwin.vboxExecute(cmd)

        Cygwin.vboxExecute('dhcpserver modify --ifname \"VirtualBox Host-Only Ethernet Adapter\" --ip 192.168.56.100 --netmask 255.255.255.0 --lowerip 192.168.56.101 --upperip 192.168.56.200')

    def isSDVMExisting(self, vm_name):

        sdvms = self.listSDVM()

        return vm_name in sdvms

    #create new virtual machine instance based on template vm named SecurityDVM (\SecurityDVM\SecurityDVM.vmdk)

    def createVM(self, vm_name):

        if self.isSDVMExisting(vm_name):

            return

        #remove eventually existing SDVM folder

        machineFolder = Cygwin.cygPath(VMManager.machineFolder)

        Cygwin.bashExecute('/usr/bin/rm -rf \\\"' + machineFolder + '/' + vm_name + '\\\"')

        Cygwin.vboxExecute('createvm --name ' + vm_name + ' --ostype Debian --register')

        Cygwin.vboxExecute('modifyvm ' + vm_name + ' --memory 768 --vram 10 --cpus 1 --usb on --usbehci on --nic1 hostonly --hostonlyadapter1 \"' + self.hostonlyIF['Name'] + '\" --nic2 nat')

        Cygwin.vboxExecute('storagectl ' + vm_name + ' --name SATA --add sata --portcount 2')

    #create new SecurityDVM with automatically generated name from template (thread safe)        

    def newSDVM(self):

        with new_sdvm_lock:

            vm_name = self.genSDVMName()

            self.createVM(vm_name)

        return vm_name

    #VMManager.machineFolder + '\SecurityDVM\SecurityDVM.vmdk

    # attach storage image to controller

    def attachVDisk(self, vm_name, vdisk_controller, vdisk_port, vdisk_device, vdisk_image):

        if self.isVDiskAttached(vm_name, vdisk_controller, vdisk_port, vdisk_device):

            self.detachVDisk(vm_name, vdisk_controller, vdisk_port, vdisk_device)

        Cygwin.vboxExecute('storageattach ' + vm_name + ' --storagectl '+ vdisk_controller + ' --port ' + vdisk_port + ' --device ' + vdisk_device + ' --type hdd --medium "'+ vdisk_image + '"')

    # return true if storage is attached 

    def isVDiskAttached(self, vm_name, vdisk_controller, vdisk_port, vdisk_device):

        info = self.getVMInfo(vm_name)

        return (info[vdisk_controller+'-'+vdisk_port+'-'+vdisk_device] != 'none')

    # detach storage from controller

    def detachVDisk(self, vm_name, vdisk_controller, vdisk_port, vdisk_device):

        if self.isVDiskAttached(vm_name, vdisk_controller, vdisk_port, vdisk_device):

            Cygwin.vboxExecute('storageattach ' + vm_name + ' --storagectl ' + vdisk_controller + ' --port ' + vdisk_port + ' --device ' + vdisk_device + ' --medium none')

    # modify type of the vdisk_image

    def changeVDiskType(self, vdisk_image, storage_type):

        Cygwin.vboxExecute('modifyhd "' + vdisk_image + '" --type ' + storage_type)

    # grab VM storage controller, port and device for vdisk image name

    def getVDiskController(self, vm_name, image_name = '.vmdk'):

        vm_description = self.getVMInfo(vm_name)

        vdisk_controller = None

        for key, value in vm_description.iteritems():

            if image_name in value:

                vdisk_controller = key

                break

        return vdisk_controller

    # return attached vmdk image name containing image_name 

    def getVDiskImage(self, vm_name, image_name = '.vmdk'):

        vmInfo = self.getVMInfo(vm_name)

        vdisk_image = None

        for value in vmInfo.values():

            if image_name in value:

                break

        return vdisk_image 

    @staticmethod    

    def getVDiskImages():

        results = Cygwin.vboxExecute('list hdds')[1]

        results = results.replace('Parent UUID', 'Parent')

        items = list( "UUID:"+result for result in results.split('UUID:') if result != '')

        snaps = dict()   

        for item in items:

            props = dict()

            for line in item.splitlines():

                if line != "":         

                    k,v = line[:line.index(':')].strip(), line[line.index(':')+1:].strip()

                    props[k] = v;

            snaps[props['UUID']] = props

        return snaps

    @staticmethod 

    def getVDiskUUID(vdisk_image):

        images = VMManager.getVDiskImages()

        # find template uuid

        template_uuid = None

        for hdd in images.values():

            if hdd['Location'] == vdisk_image:

                template_uuid = hdd['UUID']

                break

        return template_uuid

    def removeSnapshots(self, imageUUID):

        snaps = self.getVDiskImages()

        # remove snapshots 

        for hdd in snaps.values():

            if hdd['Parent'] == imageUUID:

                snapshotUUID = hdd['UUID']

                self.removeImage(snapshotUUID)

    def removeImage(self, imageUUID):

        logger.debug('removing snapshot ' + imageUUID)

        Cygwin.vboxExecute('closemedium disk {' + imageUUID + '} --delete')

        # parse result 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

    #remove VM from the system. should be used on VMs returned by listSDVMs    

    def removeVM(self, vm_name):

        logger.info('Removing ' + vm_name)

        Cygwin.vboxExecute('unregistervm ' + vm_name + ' --delete')

        #try to close medium if still existing

        #Cygwin.vboxExecute('closemedium disk {' + hdd['UUID'] + '} --delete')

        self.removeVMFolder(vm_name)

    def removeVMFolder(self, vm_name):

        machineFolder = Cygwin.cygPath(VMManager.machineFolder)

        Cygwin.bashExecute('/usr/bin/rm -rf \\\"' + machineFolder + '\\' + vm_name + '\\\"')

    # start VM

    def startVM(self, vm_name):

        logger.info('Starting ' +  vm_name)

        Cygwin.vboxExecute('guestproperty set ' + vm_name + ' SDVMStarted False')

        result = Cygwin.vboxExecute('startvm ' + vm_name + ' --type headless' )

        while 'successfully started' not in result[1]:

            logger.error("Failed to start SDVM: " + vm_name + " retrying")

            logger.error("Command returned:\n" + result[2])

            time.sleep(1)

            result = Cygwin.vboxExecute('startvm ' + vm_name + ' --type headless')

        return result[0]

    # return wether VM is running or not

    def isVMRunning(self, vm_name):

        return vm_name in self.listRunningVMS()    

    # stop VM

    def stopVM(self, vm_name):

        logger.info('Sending shutdown signal to ' + vm_name)

        Cygwin.sshExecute( '"sudo shutdown -h now"', self.getHostOnlyIP(vm_name), 'osecuser', Cygwin.cygPath(VMManager.machineFolder) + '/' + vm_name + '/dvm_key' )

        Cygwin.vboxExecute('guestproperty set ' + vm_name + ' SDVMStarted False')

    # stop VM

    def hibernateVM(self, vm_name):

        logger.info('Sending hibernate-disk signal to ' + vm_name)

        Cygwin.sshBackgroundExecute( '"sudo hibernate-disk"', self.getHostOnlyIP(vm_name), 'osecuser', Cygwin.cygPath(VMManager.machineFolder) + '/' + vm_name + '/dvm_key', wait_return=False)

        Cygwin.vboxExecute('guestproperty set ' + vm_name + ' SDVMStarted False')

    # poweroff VM

    def poweroffVM(self, vm_name):

        if not self.isVMRunning(vm_name):

            return

        logger.info('Powering off ' + vm_name)

        Cygwin.vboxExecute('controlvm ' + vm_name + ' poweroff')

        Cygwin.vboxExecute('guestproperty set ' + vm_name + ' SDVMStarted False')

    # return the hostOnly IP for a running guest or the host    

    def getHostOnlyIP(self, vm_name):

        if vm_name == None:

            logger.info('Getting hostOnly IP address for Host')

            return VMManager.hostonlyIF['IPAddress']

        else:

            logger.info('Getting hostOnly IP address ' + vm_name)

            result = Cygwin.vboxExecute('guestproperty get ' + vm_name + ' /VirtualBox/GuestInfo/Net/0/V4/IP')

            if result=='':

                return None

            result = result[1]

            if result.startswith('No value set!'):

                return None

            return result[result.index(':')+1:].strip()

    # return the description set for an existing VM

    def getVMInfo(self, vm_name):

        results = Cygwin.vboxExecute('showvminfo ' + vm_name + ' --machinereadable')[1]

        props = dict((k.strip().strip('"'),v.strip().strip('"')) for k,v in (line.split('=', 1) for line in results.splitlines()))

        return props

    #generates ISO containing authorized_keys for use with guest VM

    def genCertificate(self, vm_name):

        machineFolder = Cygwin.cygPath(VMManager.machineFolder)

        # remove .ssh folder if exists

        Cygwin.bashExecute('/usr/bin/rm -rf \\\"' + machineFolder + '/' + vm_name + '/.ssh\\\"')

        # remove .ssh folder if exists

        Cygwin.bashExecute('/usr/bin/rm -rf \\\"' + machineFolder + '/' + vm_name + '/dvm_key\\\"')

        # create .ssh folder in vm_name

        Cygwin.bashExecute('/usr/bin/mkdir -p \\\"' + machineFolder + '/' + vm_name + '/.ssh\\\"')

        # generate dvm_key pair in vm_name / .ssh     

        Cygwin.bashExecute('/usr/bin/ssh-keygen -q -t rsa -N \\\"\\\" -C \\\"' + vm_name + '\\\" -f \\\"' + machineFolder + '/' + vm_name + '/.ssh/dvm_key\\\"')

        # move out private key

        Cygwin.bashExecute('/usr/bin/mv \\\"' + machineFolder + '/' + vm_name + '/.ssh/dvm_key\\\" \\\"' + machineFolder + '/' + vm_name + '\\\"')

        # set permissions for private key

        Cygwin.bashExecute('/usr/bin/chmod 500 \\\"' + machineFolder + '/' + vm_name + '/dvm_key\\\"')

        # rename public key to authorized_keys

        Cygwin.bashExecute('/usr/bin/mv \\\"' + machineFolder + '/' + vm_name + '/.ssh/dvm_key.pub\\\" \\\"' + machineFolder + '/' + vm_name + '/.ssh/authorized_keys\\\"')

        # set permissions for authorized_keys

        Cygwin.bashExecute('/usr/bin/chmod 500 \\\"' + machineFolder + '/' + vm_name + '/.ssh/authorized_keys\\\"')

        # generate iso image with .ssh/authorized keys

        Cygwin.bashExecute('/usr/bin/genisoimage -J -R -o \\\"' + machineFolder + '/' + vm_name + '/'+ vm_name + '.iso\\\" \\\"' + machineFolder + '/' + vm_name + '/.ssh\\\"')

    # attaches generated ssh public cert to guest vm

    def attachCertificate(self, vm_name):

        if self.isCertificateAttached(vm_name):

            self.detachCertificate(vm_name)

        Cygwin.vboxExecute('storageattach ' + vm_name + ' --storagectl SATA --port 1 --device 0 --type dvddrive --mtype readonly --medium \"' + VMManager.machineFolder + '\\' + vm_name + '\\'+ vm_name + '.iso\"')

    # return true if storage is attached 

    def isCertificateAttached(self, vm_name):

        info = self.getVMInfo(vm_name)

        return (info['SATA-1-0']!='none')

    # detach storage from controller

    def detachCertificate(self, vm_name):

        if self.isCertificateAttached(vm_name):

            Cygwin.vboxExecute('storageattach ' + vm_name + ' --storagectl SATA --port 1 --device 0 --type hdd --medium none')

    # wait for machine to come up

    def waitStartup(self, vm_name):

        #Cygwin.vboxExecute('guestproperty wait ' + vm_name + ' SDVMStarted --timeout ' + str(timeout_ms) + ' --fail-on-timeout', try_count = 60)

        started = False

        while not started:

            result = Cygwin.vboxExecute('guestproperty get ' + vm_name + ' SDVMStarted')[1]

            if "Value: True" in result:

                started = True

            else:

                time.sleep(3) 

        return self.getHostOnlyIP(vm_name)

    # wait for machine to shutdown

    def waitShutdown(self, vm_name):

        while vm_name in self.listRunningVMS():

            time.sleep(1)

        return

    #Small function to check if the mentioned location is a directory

    def isDirectory(self, path):

        result = Cygwin.cmdExecute('dir ' + path + ' | FIND ".."')

        return string.find(result[1], 'DIR',)

    def genNetworkDrive(self):

        logical_drives = VMManager.getLogicalDrives()

        logger.info("Used logical drive letters: "+ str(logical_drives).strip('[]') )

        drives = list(map(chr, range(68, 91)))  

        for drive in drives:

            if drive not in logical_drives:

                return drive

    @staticmethod

    def getLogicalDrives():

        drive_bitmask = ctypes.cdll.kernel32.GetLogicalDrives()

        drives = list(itertools.compress(string.ascii_uppercase,  map(lambda x:ord(x) - ord('0'), bin(drive_bitmask)[:1:-1])))

        return drives

    @staticmethod

    def getDriveType(drive):

        return ctypes.cdll.kernel32.GetDriveTypeW(u"%s:\\"%drive)

    @staticmethod

    def getNetworkPath(drive):

        return win32wnet.WNetGetConnection(drive+':')

    @staticmethod

    def getVolumeInfo(drive):

        volumeNameBuffer = ctypes.create_unicode_buffer(1024)

        fileSystemNameBuffer = ctypes.create_unicode_buffer(1024)

        serial_number = None

        max_component_length = None

        file_system_flags = None

        rc = ctypes.cdll.kernel32.GetVolumeInformationW(

            u"%s:\\"%drive,

            volumeNameBuffer,

            ctypes.sizeof(volumeNameBuffer),

            serial_number,

            max_component_length,

            file_system_flags,

            fileSystemNameBuffer,

            ctypes.sizeof(fileSystemNameBuffer)

        )

        return volumeNameBuffer.value, fileSystemNameBuffer.value

    def getNetworkDrive(self, vm_name):

        ip = self.getHostOnlyIP(vm_name)

        if ip == None:

            logger.error("Failed getting hostonly IP for " + vm_name)

            return None

        logger.info("Got IP address for " + vm_name + ': ' + ip)

        for drive in VMManager.getLogicalDrives():

            #if is a network drive

            if VMManager.getDriveType(drive) == 4:

                network_path = VMManager.getNetworkPath(drive)

                if ip in network_path:

                    return drive

        return None

    def getNetworkDrives(self):

        ip = self.getHostOnlyIP(None)

        if ip == None:

            logger.error("Failed getting hostonly IP for system")

            return None

        logger.info("Got IP address for system: " + ip)

        ip = ip[:ip.rindex('.')]

        network_drives = dict()

        for drive in VMManager.getLogicalDrives():

            #if is a network drive

            if VMManager.getDriveType(drive) == 4:

                network_path = VMManager.getNetworkPath(drive)

                if ip in network_path:

                    network_drives[drive] = network_path  

        return network_drives

    # handles browsing request    

    def handleBrowsingRequest(self, proxy):

        showTrayMessage('Starting Secure Browsing...', 7000)

        handler = BrowsingHandler(self, proxy)

        handler.start()

        return 'ok'

    def getActiveUserName(self):

        key = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI')

        v = str(win32api.RegQueryValueEx(key, 'LastLoggedOnUser')[0])

        win32api.RegCloseKey(key)

        user_name = win32api.ExpandEnvironmentStrings(v)

        return user_name

    def getUserSID(self, user_name):

        domain, user = user_name.split("\\")

        account_name = win32security.LookupAccountName(domain, user)

        if account_name == None:

            logger.error("Failed lookup account name for user " + user_name)

            return None

        sid = win32security.ConvertSidToStringSid(account_name[0])

        if sid == None:

            logger.error("Failed converting SID for account " + account_name[0])

            return None

        return sid

    def getAppDataDir(self, sid):    

        key = win32api.RegOpenKey(win32con.HKEY_USERS, sid + '\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders')

        value, _ = win32api.RegQueryValueEx(key, "AppData")

        win32api.RegCloseKey(key)

        return value

        #key = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList' + '\\' + sid)

        #value, type = win32api.RegQueryValueEx(key, "ProfileImagePath")

        #print value

    def backupFile(self, src, dest):

        certificate = Cygwin.cygPath(self.getMachineFolder()) + '/' + self.browsingManager.vm_name + '/dvm_key'

        command = '-r -o StrictHostKeyChecking=no -i "' + certificate + '" "osecuser@' + self.browsingManager.ip_addr + ':' + src + '" "' + dest + '"'

        return Cygwin.execute(Cygwin.cygwin_scp, command, wait_return=True, window=False)

    def restoreFile(self, src, dest):

        certificate = Cygwin.cygPath(self.getMachineFolder()) + '/' + self.browsingManager.vm_name + '/dvm_key'

        #command = '-r -v -o StrictHostKeyChecking=no -i \"' + certificate + '\" \"' + src + '\" \"osecuser@' + self.browsingManager.ip_addr + ':' + dest + '\"'

        command = '-r -o StrictHostKeyChecking=no -i "' + certificate + '" "' + src + '" "osecuser@' + self.browsingManager.ip_addr + ':' + dest + '"'

        return Cygwin.execute(Cygwin.cygwin_scp, command, wait_return=True, window=False)

    #import initial template

    def importTemplate(self, image_path):

        import_logger.info('Stopping Opensecurity...')

        self.stop()

        import_logger.info('Cleaning up system in preparation for import...')

        self.cleanup()

        import_logger.info('Removing template SDVM...')

        # if template exists

        if self.vmRootName in self.listVMS():

            # shutdown template if running

            self.poweroffVM(self.vmRootName)

            # detach and remove VDisk

            tmplateUUID = self.getVDiskUUID(self.templateImage)

            if tmplateUUID != None:

                logger.debug('Found template VDisk uuid ' + tmplateUUID)

                controller = self.getVDiskController(self.vmRootName)

                if controller:

                    controller = controller.split('-')

                    self.detachVDisk(self.vmRootName, controller[0], controller[1], controller[2])

                self.removeSnapshots(tmplateUUID)

                self.removeImage(tmplateUUID)

            else:

                logger.info('Template uuid not found')

            # remove VM    

            self.removeVM(self.vmRootName)

        # remove template VM folder 

        self.removeVMFolder(self.vmRootName)

        import_logger.info('Cleanup finished...')

        import_logger.info('Checking privileges...')

        result = Cygwin.bashExecute('id -G')

        if '544' not in result[1]:

            import_logger.debug('Insufficient privileges.')

            import_logger.debug("Trying to continue...")

        # check OpenSecurity Initial VM Image

        import_logger.debug('Looking for VM image: ' + image_path)

        result = os.path.isfile(image_path)

        if not result:

            import_logger.debug('Warning: no OpenSecurity Initial Image found.')

            import_logger.debug('Please download using the OpenSecurity download tool.')

            raise OpenSecurityException('OpenSecurity Initial Image not found.')

        logger.debug('Initial VM image: ' + image_path + ' found')

        if not self.template_installed():

            import_logger.info('Importing SDVm template: ' + image_path)

            Cygwin.vboxExecute('import "' + image_path + '" --vsys 0 --vmname ' + VMManager.vmRootName + ' --unit 12 --disk "' + self.templateImage + '"')

        else:

            import_logger.info('Found ' + VMManager.vmRootName + ' already present in VBox reusing it.')

            import_logger.info('if you want a complete new import please remove the VM first.')

            import_logger.info('starting OpenSecurity service...')

            return

        # remove unnecessary IDE controller

        Cygwin.vboxExecute('storagectl ' + VMManager.vmRootName + ' --name IDE --remove')

        info = self.getVDiskController(VMManager.vmRootName, self.templateImage)

        if info:

            info = info.split('-')

            self.detachVDisk(VMManager.vmRootName, info[0], info[1], info[2])

        self.changeVDiskType(self.templateImage, 'immutable')

        self.attachVDisk(VMManager.vmRootName, info[0], info[1], info[2], self.templateImage)

        import_logger.info('Initial import finished.')    

    # update template 

    def updateTemplate(self):

        import_logger.debug('Stopping Opensecurity...')

        self.stop()

        import_logger.debug('Cleaning up system in preparation for update...')

        self.cleanup()

        import_logger.info('Cleanup finished...')

        # shutdown template if running

        self.poweroffVM(self.vmRootName)

        import_logger.info('Starting template VM...')

        # check for updates

        self.genCertificate(self.vmRootName)

        self.attachCertificate(self.vmRootName)

        import_logger.info('Removing snapshots...')        

        self.detachVDisk(self.vmRootName, 'SATA', '0', '0')

        templateUUID = self.getVDiskUUID(self.templateImage)

        self.removeSnapshots(templateUUID)

        import_logger.info('Setting VDisk image to normal...')

        self.changeVDiskType(self.templateImage, 'normal')

        self.attachVDisk(self.vmRootName, 'SATA', '0', '0', self.templateImage)

        import_logger.info('Starting VM...')

        self.startVM(self.vmRootName)

        self.waitStartup(self.vmRootName)

        import_logger.info('Updating components...')

        tmp_ip = self.getHostOnlyIP(self.vmRootName)

        tmp_machine_folder = Cygwin.cygPath(VMManager.machineFolder)

        Cygwin.sshExecute('"sudo apt-get -y update"', tmp_ip, 'osecuser', tmp_machine_folder + '/' + self.vmRootName + '/dvm_key')

        Cygwin.sshExecute('"sudo apt-get -y upgrade"', tmp_ip, 'osecuser', tmp_machine_folder + '/' + self.vmRootName + '/dvm_key')

        import_logger.info('Restarting template VM...')

        #check if reboot is required

        result = Cygwin.sshExecute('"if [ -f /var/run/reboot-required ]; then echo \\\"Yes\\\"; fi"', tmp_ip, 'osecuser', tmp_machine_folder + '/' + self.vmRootName + '/dvm_key')

        if "Yes" in result[1]:

            self.stopVM(self.vmRootName)

            self.waitShutdown(self.vmRootName)

            self.startVM(self.vmRootName)

            self.waitStartup(self.vmRootName)

        import_logger.info('Stopping template VM...')

        self.stopVM(self.vmRootName)

        self.waitShutdown(self.vmRootName)

        import_logger.info('Setting VDisk image to immutable...')

        self.detachVDisk(self.vmRootName, 'SATA', '0', '0') 

        self.changeVDiskType(self.templateImage, 'immutable')

        self.attachVDisk(self.vmRootName,  'SATA', '0', '0', self.templateImage)

        import_logger.info('Update template finished...')

    def startInitialImport(self):

        if self.importHandler and self.importHandler.isAlive():

            import_logger.info("Initial import already running.")

            return

        self.importHandler = InitialImportHandler(self)

        self.importHandler.start()

        import_logger.info("Initial import started.")

    def startUpdateTemplate(self):

        if self.updateHandler and self.updateHandler.isAlive():

            import_logger.info("Initial import already running.")

            return

        self.updateHandler = UpdateHandler(self)

        self.updateHandler.start()

        import_logger.info("Initial import started.")

class UpdateHandler(threading.Thread):

    vmm = None    

    def __init__(self, vmmanager):

        threading.Thread.__init__(self)

        self.vmm = vmmanager

    def run(self):

        try:

            self.vmm.updateTemplate()

        except:

            import_logger.info("Update template failed. Refer to service log for details.")

        self.vmm.start(force=True)

class InitialImportHandler(threading.Thread):

    vmm = None    

    def __init__(self, vmmanager):

        threading.Thread.__init__(self)

        self.vmm = vmmanager

    def run(self):

        try:

            self.vmm.importTemplate(self.vmm.getMachineFolder() + '\\OsecVM.ova')

            self.vmm.updateTemplate()

        except:

            import_logger.info("Initial import failed. Refer to service log for details.")

        self.vmm.start(force=True)

#handles browsing session creation 

class BrowsingHandler(threading.Thread):

    vmm = None

    proxy = None

    def __init__(self, vmmanager, proxy):

        threading.Thread.__init__(self)

        self.vmm = vmmanager

        self.proxy = proxy

    def run(self):

        #browser = '\\\"/usr/bin/chromium; pidof dbus-launch | xargs kill\\\"'

        #browser = '\\\"/usr/bin/chromium\\\"'

        try:

            if self.proxy:

                browser = '\\\"export http_proxy='+self.proxy+'; /usr/bin/chromium\\\"'

            else:

                browser = '\\\"/usr/bin/chromium\\\"'

            self.vmm.browsingManager.started.wait() 

            result = Cygwin.sshExecuteX11(browser, self.vmm.browsingManager.ip_addr, 'osecuser', Cygwin.cygPath(self.vmm.getMachineFolder()) + '/' + self.vmm.browsingManager.vm_name + '/dvm_key')

            self.vmm.backupFile('/home/osecuser/.config/chromium', self.vmm.browsingManager.appDataDir + '/OpenSecurity/')

        except:

            logger.info("BrowsingHandler closing. Restarting browsing SDVM.")

        self.vmm.browsingManager.restart.set()

# handles browsing Vm creation and destruction                    

class BrowsingManager(threading.Thread):   

    vmm = None

    running = True

    restart = None

    ip_addr = None

    vm_name = None

    net_resource = None

    appDataDir = None