1.1 --- a/OpenSecurity/bin/vmmanager.py Mon Jan 27 15:12:33 2014 +0000
1.2 +++ b/OpenSecurity/bin/vmmanager.py Wed Jan 29 09:23:52 2014 +0000
1.3 @@ -11,12 +11,14 @@
1.4 import re
1.5 import _winreg
1.6 from cygwin import Cygwin
1.7 +from environment import Environment
1.8 import threading
1.9 import time
1.10 import string
1.11
1.12 -#import shutil
1.13 -#import stat
1.14 +import shutil
1.15 +import stat
1.16 +import tempfile
1.17
1.18
1.19 DEBUG = True
1.20 @@ -286,77 +288,50 @@
1.21
1.22 #generates ISO containing authorized_keys for use with guest VM
1.23 def genCertificateISO(self, vm_name):
1.24 +
1.25 + # create a SSH key pair in a machine subfolder
1.26 + #
1.27 + # to avoid any DOS window popping up we use
1.28 + # the cygwin's class which relies on the
1.29 + # shadowrun.exe.
1.30 + #
1.31 + # shadowrun.exe is derived from a run.exe of
1.32 + # the cygwin utilities but with a fix to
1.33 + # avoid Console Windows to pop up.
1.34 + #
1.35 + # However, run.exe suffers from bad
1.36 + # argument handling, when there are spaces
1.37 + # within and so does shadowrun.exe
1.38 + #
1.39 + # In order to avoid any complex mechanics
1.40 + # we start a bash script, which creates the
1.41 + # SSH certificate in the local folder.
1.42 + #
1.43 + # Even more: to get rid of any potential
1.44 + # space ' ' hazard in path names, we copy
1.45 + # the script to the creation side as well.
1.46 + #
1.47 + # ... and yes: shadowrun.exe terminates
1.48 + # with a ACCESS_VIOLATION and creates another
1.49 + # stack-trace-dump file in the folder.
1.50 + #
1.51 + # But so does the original cygwin's run.exe
1.52 + # too.
1.53 + # -.-
1.54 + #
1.55 + # (On the good side: the access violation happens
1.56 + # *after* the wrapped process has been launched)
1.57 + #
1.58 machineFolder = self.getDefaultMachineFolder()
1.59 + vm_folder = os.path.join(machineFolder, vm_name)
1.60 + old_dir = os.getcwd()
1.61 + os.chdir(vm_folder)
1.62 + print(os.path.join(sys.path[0], 'create-cert-and-iso.sh'))
1.63 + shutil.copy(os.path.join(sys.path[0], 'create-cert-and-iso.sh'), vm_folder)
1.64 + p = Cygwin()(['/bin/bash', '-c', './create-cert-and-iso.sh'])
1.65 + p.communicate()
1.66 + os.chdir(old_dir)
1.67
1.68 - ## create a SSH key pair in a machine subfolder
1.69 - #vm_folder = os.path.join(machineFolder, vm_name)
1.70 - #ssh_folder = os.path.join(vm_folder, '.ssh')
1.71 - #try:
1.72 - # os.mkdir(ssh_folder)
1.73 - #except:
1.74 - # pass
1.75 - #ssh_keyfile = os.path.join(ssh_folder, 'dvm_key')
1.76 - #
1.77 - # delete old key file (if existing)
1.78 - #try:
1.79 - # os.remove(ssh_keyfile)
1.80 - #except:
1.81 - # pass
1.82 - #
1.83 - ## create new key file
1.84 - #try:
1.85 - # p = Cygwin()(['/bin/ssh-keygen', '-q', '-t', 'rsa', '-N', '', '-C', vm_name, '-f', ssh_keyfile])
1.86 - # p.wait()
1.87 - #except:
1.88 - # sys.stderr.write('failed to create a new SSH key pair as: ' + ssh_keyfile + '\n')
1.89 - # return
1.90 - #try:
1.91 - # os.chmod(ssh_keyfile, stat.S_IREAD)
1.92 - #except:
1.93 - # pass
1.94 - #
1.95 - ## move out private key
1.96 - #try:
1.97 - # os.rename(ssh_keyfile, os.path.join(vm_folder, 'dvm_key'))
1.98 - #except :
1.99 - # sys.stderr.write('failed to move private SSH key\n')
1.100 - # return
1.101 - #
1.102 - ## rename public key to 'authorized_keys'
1.103 - #try:
1.104 - # os.rename(ssh_keyfile + '.pub', os.path.join(ssh_folder, 'authorized_keys'))
1.105 - #except:
1.106 - # sys.stderr.write('failed to rename public key to "authorized_keys"\n')
1.107 - # return
1.108 - #
1.109 - ## generate ISO image
1.110 - #iso_file = os.path.join(vm_folder, vm_name + '.iso')
1.111 - #try:
1.112 - # p = Cygwin()(['/bin/genisoimage', '-J', '-R', '-o', iso_file, ssh_folder])
1.113 - # p.wait()
1.114 - #except:
1.115 - # sys.stderr.write('failed to create ISO image.\n')
1.116 - # return
1.117 -
1.118 - # create .ssh folder in vm_name
1.119 - cmd = self.cygwin_path+'bash.exe --login -c \"mkdir -p \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\\"\"'
1.120 - self.execute(cmd)
1.121 - # generate dvm_key pair in vm_name / .ssh
1.122 - cmd = self.cygwin_path+'bash.exe --login -c \"ssh-keygen -q -t rsa -N \\"\\" -C \\\"' + vm_name + '\\\" -f \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\dvm_key\\\"\"' #'echo -e "y\\n" |',
1.123 - self.execute(cmd)
1.124 - # set permissions for keys
1.125 - #TODO: test without chmod
1.126 - cmd = self.cygwin_path+'bash.exe --login -c \"chmod 500 \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\*\\\"\"'
1.127 - self.execute(cmd)
1.128 - # move out private key
1.129 - cmd = self.cygwin_path+'bash.exe --login -c \"mv \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\dvm_key\\\" \\\"' + machineFolder + '\\' + vm_name + '\\\"'
1.130 - self.execute(cmd)
1.131 - # rename public key to authorized_keys
1.132 - cmd = self.cygwin_path+'bash.exe --login -c \"mv \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\dvm_key.pub\\\" \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\authorized_keys\\\"'
1.133 - self.execute(cmd)
1.134 - # generate iso image with .ssh/authorized keys
1.135 - cmd = self.cygwin_path+'bash.exe --login -c \"/usr/bin/genisoimage -J -R -o \\\"' + machineFolder + '\\' + vm_name + '\\'+ vm_name + '.iso\\\" \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\\"\"'
1.136 - self.execute(cmd)
1.137
1.138 # attaches generated ssh public cert to guest vm
1.139 def attachCertificateISO(self, vm_name):
1.140 @@ -429,7 +404,7 @@
1.141 address = self.getHostOnlyIP(vm_name)
1.142 machineFolder = self.getDefaultMachineFolder()
1.143 # run command
1.144 - cmd = self.cygwin_path+'bash.exe --login -c \"ssh -i \\\"' + machineFolder + '\\' + vm_name + '\\dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"'
1.145 + cmd = self.cygwin_path+'bash.exe --login -c \"ssh -o StrictHostKeyChecking=no -i \\\"' + machineFolder + '\\' + vm_name + '\\dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"'
1.146 return self.execute(cmd)
1.147
1.148 # executes command over ssh on guest vm with X forwarding
1.149 @@ -441,7 +416,7 @@
1.150 # run command
1.151 #--login
1.152 #cmd = self.cygwin_path+'bash.exe --login -c \"DISPLAY=:0 ssh -v -Y -i \\\"' + machineFolder + '\\' + vm_name + '\\dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"'
1.153 - cmd = self.cygwin_path+'mintty.exe -e /bin/env DISPLAY=:0 /usr/bin/ssh -v -Y -i \"' + machineFolder + '\\' + vm_name + '\\dvm_key\" ' + user_name + '@' + address + ' ' + prog + ''
1.154 + cmd = self.cygwin_path+'mintty.exe -e /bin/env DISPLAY=:0 /usr/bin/ssh -o StrictHostKeyChecking=no -v -Y -i \"' + machineFolder + '\\' + vm_name + '\\dvm_key\" ' + user_name + '@' + address + ' ' + prog + ''
1.155 #cmd = self.cygwin_path+'mintty.exe -e /bin/bash --login -c \"DISPLAY=:0 /usr/bin/ssh -v -Y -i \\\"' + machineFolder + '\\' + vm_name + '\\dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"'
1.156 if DEBUG:
1.157 print('trying to launch: ' + cmd)