mb@63
|
1 |
#!/bin/env python
|
mb@63
|
2 |
# -*- coding: utf-8 -*-
|
mb@63
|
3 |
|
mb@63
|
4 |
# ------------------------------------------------------------
|
mb@63
|
5 |
# opensecurityd
|
mb@63
|
6 |
#
|
mb@63
|
7 |
# the opensecurityd as RESTful server
|
mb@63
|
8 |
#
|
mb@63
|
9 |
# Autor: Oliver Maurhart, <oliver.maurhart@ait.ac.at>
|
mb@63
|
10 |
#
|
mb@63
|
11 |
# Copyright (C) 2013 AIT Austrian Institute of Technology
|
mb@63
|
12 |
# AIT Austrian Institute of Technology GmbH
|
mb@63
|
13 |
# Donau-City-Strasse 1 | 1220 Vienna | Austria
|
mb@63
|
14 |
# http://www.ait.ac.at
|
mb@63
|
15 |
#
|
mb@63
|
16 |
# This program is free software; you can redistribute it and/or
|
mb@63
|
17 |
# modify it under the terms of the GNU General Public License
|
mb@63
|
18 |
# as published by the Free Software Foundation version 2.
|
mb@63
|
19 |
#
|
mb@63
|
20 |
# This program is distributed in the hope that it will be useful,
|
mb@63
|
21 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
mb@63
|
22 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
mb@63
|
23 |
# GNU General Public License for more details.
|
mb@63
|
24 |
#
|
mb@63
|
25 |
# You should have received a copy of the GNU General Public License
|
mb@63
|
26 |
# along with this program; if not, write to the Free Software
|
mb@63
|
27 |
# Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
mb@63
|
28 |
# Boston, MA 02110-1301, USA.
|
mb@63
|
29 |
# ------------------------------------------------------------
|
mb@63
|
30 |
|
mb@63
|
31 |
|
mb@63
|
32 |
# ------------------------------------------------------------
|
mb@63
|
33 |
# imports
|
mb@63
|
34 |
|
mb@63
|
35 |
import os
|
mb@63
|
36 |
import os.path
|
mb@63
|
37 |
import subprocess
|
mb@63
|
38 |
import sys
|
mb@63
|
39 |
import web
|
mb@63
|
40 |
from cygwin import Cygwin
|
mb@63
|
41 |
|
mb@63
|
42 |
from vmmanager import VMManager
|
mb@63
|
43 |
|
mb@63
|
44 |
# local
|
mb@63
|
45 |
from environment import Environment
|
oliver@74
|
46 |
from opensecurity_util import logger
|
mb@63
|
47 |
|
mb@63
|
48 |
|
mb@63
|
49 |
# ------------------------------------------------------------
|
mb@63
|
50 |
# const
|
mb@63
|
51 |
|
mb@63
|
52 |
__version__ = "0.2"
|
mb@63
|
53 |
|
mb@63
|
54 |
|
mb@63
|
55 |
"""All the URLs we know mapping to class handler"""
|
mb@63
|
56 |
opensecurity_urls = (
|
mb@79
|
57 |
#'/device_change', 'os_device_change', # http://localhost:8080/device_change GET
|
mb@79
|
58 |
#'/sdvm_started', 'os_sdvm_started', # http://localhost:8080/sdvm_started GET
|
mb@63
|
59 |
'/browsing', 'os_browsing', # http://localhost:8080/browsing GET
|
mb@63
|
60 |
'/sdvms', 'os_sdvms', # http://localhost:8080/sdvms GET, PUT
|
mb@63
|
61 |
'/sdvms/(.*)/application/(.*)', 'os_sdvm_application', # http://localhost:8080/sdvms/[VMNAME]/application/[COMMAND] GET
|
mb@63
|
62 |
'/sdvms/(.*)/ip', 'os_sdvm_ip', # http://localhost:8080/sdvms/[VMNAME]/ip GET
|
mb@63
|
63 |
'/sdvms/(.*)/start', 'os_sdvm_start', # http://localhost:8080/sdvms/[VMNAME]/start GET
|
mb@63
|
64 |
'/sdvms/(.*)/stop', 'os_sdvm_stop', # http://localhost:8080/sdvms/[VMNAME]/stop GET
|
mb@63
|
65 |
'/sdvms/(.*)', 'os_sdvm', # http://localhost:8080/sdvms/[VMNAME] GET, DELETE
|
mb@63
|
66 |
'/vms', 'os_vms', # http://localhost:8080/vms GET
|
mb@63
|
67 |
'/vms/(.*)', 'os_vm', # http://localhost:8080/vms/[VMNAME] GET
|
mb@63
|
68 |
'/', 'os_root', # http://localhost:8080/ GET
|
mb@63
|
69 |
'/update_template', 'os_update_template' # http://localhost:8080/update_template GET
|
mb@63
|
70 |
)
|
mb@63
|
71 |
|
mb@66
|
72 |
# ------------------------------------------------------------
|
mb@63
|
73 |
# vars
|
mb@63
|
74 |
|
mb@63
|
75 |
# Global VMManager instance
|
oliver@86
|
76 |
gvm_mgr = None
|
oliver@86
|
77 |
|
mb@63
|
78 |
|
mb@63
|
79 |
# ------------------------------------------------------------
|
mb@63
|
80 |
# code
|
mb@63
|
81 |
|
mb@63
|
82 |
|
mb@79
|
83 |
#class os_device_change:
|
mb@79
|
84 |
# """OpenSecurity '/device_change' handler"""
|
mb@79
|
85 |
#
|
mb@79
|
86 |
# def GET(self):
|
mb@79
|
87 |
# log_call(web.ctx.environ)
|
mb@79
|
88 |
# try:
|
mb@79
|
89 |
# new_ip = gvm_mgr.handleDeviceChange()
|
mb@79
|
90 |
# return new_ip
|
mb@79
|
91 |
# except:
|
mb@79
|
92 |
# raise web.internalerror()
|
mb@63
|
93 |
|
mb@63
|
94 |
|
mb@63
|
95 |
class os_browsing:
|
mb@63
|
96 |
"""OpenSecurity '/browsing' handler
|
mb@63
|
97 |
|
mb@63
|
98 |
- GET: Start and prepare a new SecurityVM for Internet Browsing. Return the name of the VM.
|
mb@63
|
99 |
"""
|
mb@63
|
100 |
|
mb@63
|
101 |
def GET(self):
|
oliver@74
|
102 |
log_call(web.ctx.environ)
|
mb@63
|
103 |
try:
|
oliver@86
|
104 |
browsingVM = vmmanager().handleBrowsingRequest()
|
mb@63
|
105 |
return browsingVM
|
mb@63
|
106 |
except:
|
mb@63
|
107 |
raise web.internalerror()
|
mb@63
|
108 |
|
mb@79
|
109 |
#class os_sdvm_started:
|
mb@79
|
110 |
# """OpenSecurity '/sdvm_started' handler"""
|
mb@79
|
111 |
#
|
mb@79
|
112 |
# def GET(self):
|
mb@79
|
113 |
# log_call(web.ctx.environ)
|
mb@79
|
114 |
# remote_ip = web.ctx.environ['REMOTE_ADDR']
|
mb@79
|
115 |
# gvm_mgr.putStartNotification(remote_ip)
|
mb@79
|
116 |
# return "os_sdvm_started"
|
mb@63
|
117 |
|
mb@63
|
118 |
class os_sdvm:
|
mb@63
|
119 |
"""OpenSecurity '/sdvms/[VM]' handler
|
mb@63
|
120 |
|
mb@63
|
121 |
- GET: Information about a specific SecurityVM
|
mb@63
|
122 |
- DELETE: Remove a specific
|
mb@63
|
123 |
"""
|
mb@63
|
124 |
|
mb@63
|
125 |
def GET(self, name):
|
oliver@74
|
126 |
log_call(web.ctx.environ)
|
oliver@86
|
127 |
return vmmanager().getVMInfo(name)
|
mb@63
|
128 |
|
mb@63
|
129 |
def DELETE(self, name):
|
oliver@74
|
130 |
log_call(web.ctx.environ)
|
oliver@86
|
131 |
return vmmanager().removeVM(name)
|
mb@63
|
132 |
|
mb@63
|
133 |
|
mb@63
|
134 |
class os_sdvm_application:
|
mb@63
|
135 |
"""OpenSecurity '/sdvms/[VM]/application/[CMD]' handler
|
mb@63
|
136 |
|
mb@63
|
137 |
- GET: start application with given command in the VM.
|
mb@63
|
138 |
"""
|
mb@63
|
139 |
|
mb@63
|
140 |
def GET(self, name, command):
|
oliver@74
|
141 |
log_call(web.ctx.environ)
|
mb@63
|
142 |
command = '/' + command
|
oliver@86
|
143 |
result = Cygwin.sshExecuteX11(command, vmmanager().getHostOnlyIP(name), 'osecuser', Cygwin.cygPath(gvm_mgr.getMachineFolder()) + '/' + name + '/dvm_key' )
|
mb@63
|
144 |
self.poweroffVM(name)
|
oliver@86
|
145 |
return vmmanager().removeVM(name)
|
mb@63
|
146 |
|
mb@63
|
147 |
|
mb@63
|
148 |
class os_sdvm_ip:
|
mb@63
|
149 |
"""OpenSecurity '/sdvms/[VM]/ip' handler
|
mb@63
|
150 |
|
mb@63
|
151 |
- GET: give IP of SecurityVM.
|
mb@63
|
152 |
"""
|
mb@63
|
153 |
|
mb@63
|
154 |
def GET(self, name):
|
oliver@74
|
155 |
log_call(web.ctx.environ)
|
oliver@86
|
156 |
return vmmanager().getHostOnlyIP(name)
|
mb@63
|
157 |
|
mb@63
|
158 |
|
mb@63
|
159 |
class os_sdvm_start:
|
mb@63
|
160 |
"""OpenSecurity '/sdvms/[VM]/start' handler
|
mb@63
|
161 |
|
mb@63
|
162 |
- GET: Start specific SecuirtyVM.
|
mb@63
|
163 |
"""
|
mb@63
|
164 |
|
mb@63
|
165 |
def GET(self, name):
|
oliver@74
|
166 |
log_call(web.ctx.environ)
|
oliver@86
|
167 |
return vmmanager().startVM(name)
|
mb@63
|
168 |
|
mb@63
|
169 |
|
mb@63
|
170 |
class os_sdvm_stop:
|
mb@63
|
171 |
"""OpenSecurity '/sdvms/[VM]/stop' handler
|
mb@63
|
172 |
|
mb@63
|
173 |
- GET: stop specific Secuirty VM.
|
mb@63
|
174 |
"""
|
mb@63
|
175 |
|
mb@63
|
176 |
def GET(self, name):
|
oliver@74
|
177 |
log_call(web.ctx.environ)
|
oliver@86
|
178 |
return vmmanager().stopVM(name)
|
mb@63
|
179 |
|
mb@63
|
180 |
|
mb@63
|
181 |
class os_sdvms:
|
mb@63
|
182 |
"""OpenSecurity '/sdvms' handler
|
mb@63
|
183 |
|
mb@63
|
184 |
- GET: list all available secuirty VMs.
|
mb@63
|
185 |
- POST: create new security vm.
|
mb@63
|
186 |
"""
|
mb@63
|
187 |
|
mb@63
|
188 |
def GET(self):
|
mb@63
|
189 |
"""get the list of SDVMs"""
|
oliver@74
|
190 |
log_call(web.ctx.environ)
|
oliver@86
|
191 |
return vmmanager().listSDVM()
|
mb@63
|
192 |
|
mb@63
|
193 |
def POST(self):
|
mb@63
|
194 |
"""create a new SDVM"""
|
oliver@74
|
195 |
log_call(web.ctx.environ)
|
oliver@74
|
196 |
|
mb@63
|
197 |
# get a new vm-name
|
oliver@86
|
198 |
name = vmmanager().generateSDVMName()
|
mb@63
|
199 |
try:
|
oliver@86
|
200 |
vmmanager().createVM(name)
|
mb@63
|
201 |
except:
|
mb@63
|
202 |
raise web.internalerror()
|
mb@63
|
203 |
|
mb@63
|
204 |
return name
|
mb@63
|
205 |
|
mb@63
|
206 |
class os_vm:
|
mb@63
|
207 |
"""OpenSecurity '/vms/[VM]' handler
|
mb@63
|
208 |
|
mb@63
|
209 |
- GET: list information of arbitrary VM.
|
mb@63
|
210 |
"""
|
mb@63
|
211 |
|
mb@63
|
212 |
def GET(self, name):
|
oliver@74
|
213 |
log_call(web.ctx.environ)
|
oliver@86
|
214 |
return vmmanager().getVMInfo(name)
|
mb@63
|
215 |
|
mb@63
|
216 |
|
mb@63
|
217 |
class os_vms:
|
mb@63
|
218 |
"""OpenSecurity '/vms' handler
|
mb@63
|
219 |
|
mb@63
|
220 |
- GET: list all (also non Security) VMs.
|
mb@63
|
221 |
"""
|
mb@63
|
222 |
|
mb@63
|
223 |
def GET(self):
|
oliver@74
|
224 |
log_call(web.ctx.environ)
|
oliver@86
|
225 |
return vmmanager().listVM()
|
mb@63
|
226 |
|
mb@63
|
227 |
|
mb@63
|
228 |
class os_root:
|
mb@63
|
229 |
"""OpenSecurity '/' handler
|
mb@63
|
230 |
|
mb@63
|
231 |
- GET: give information about current installation.
|
mb@63
|
232 |
"""
|
mb@63
|
233 |
|
mb@63
|
234 |
def GET(self):
|
oliver@74
|
235 |
log_call(web.ctx.environ)
|
mb@63
|
236 |
res = "'os_server': { "
|
mb@63
|
237 |
res += "'version': '" + __version__ + "', "
|
oliver@86
|
238 |
res += "'machine_folder': '" + vmmanager().getDefaultMachineFolder() + "' "
|
mb@63
|
239 |
res += "}"
|
mb@63
|
240 |
return res
|
mb@63
|
241 |
|
mb@63
|
242 |
class os_update_template:
|
mb@63
|
243 |
"""OpenSecurity '/update_template' handler
|
mb@63
|
244 |
|
mb@63
|
245 |
- GET: update template vm
|
mb@63
|
246 |
"""
|
mb@63
|
247 |
|
mb@63
|
248 |
def GET(self):
|
mb@63
|
249 |
#return gvm_mgr.guestExecute('SecurityDVM', 'sudo apt-get -y update')
|
oliver@74
|
250 |
log_call(web.ctx.environ)
|
oliver@86
|
251 |
return vmmanager().updateTemplate()
|
mb@63
|
252 |
|
oliver@74
|
253 |
|
oliver@74
|
254 |
def log_call(web_environ):
|
oliver@74
|
255 |
"""log the incoming call to the REST api"""
|
oliver@74
|
256 |
try:
|
oliver@74
|
257 |
call = 'REST ' + web_environ['REQUEST_METHOD'] + ' ' + web_environ['REQUEST_URI'] + ' from ' + web_environ['REMOTE_ADDR'] + ':' + web_environ['REMOTE_PORT']
|
oliver@74
|
258 |
logger.debug(call)
|
oliver@74
|
259 |
except:
|
oliver@74
|
260 |
pass
|
oliver@74
|
261 |
|
oliver@86
|
262 |
|
oliver@86
|
263 |
def main():
|
oliver@86
|
264 |
"""main startup for the opensecuirityd"""
|
mb@63
|
265 |
server = web.application(opensecurity_urls, globals())
|
mb@63
|
266 |
server.run()
|
mb@63
|
267 |
|
oliver@86
|
268 |
|
oliver@86
|
269 |
def vmmanager():
|
oliver@86
|
270 |
|
oliver@86
|
271 |
"""helper method to make lazy init of VMManager"""
|
oliver@86
|
272 |
if gvm_mgr is None:
|
oliver@86
|
273 |
gvm_mgr = VMManager.getInstance()
|
oliver@86
|
274 |
return gvm_mgr
|
oliver@86
|
275 |
|
oliver@86
|
276 |
|
oliver@86
|
277 |
# start
|
oliver@86
|
278 |
if __name__ == "__main__":
|
oliver@86
|
279 |
main()
|
oliver@86
|
280 |
|