1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/OpenSecurity/bin/opensecurity_client_restful_server.py Fri Dec 06 12:10:30 2013 +0100
1.3 @@ -0,0 +1,215 @@
1.4 +#!/bin/env python
1.5 +# -*- coding: utf-8 -*-
1.6 +
1.7 +# ------------------------------------------------------------
1.8 +# opensecurity_client_restful_server
1.9 +#
1.10 +# the OpenSecurity client RESTful server
1.11 +#
1.12 +# Autor: Oliver Maurhart, <oliver.maurhart@ait.ac.at>
1.13 +#
1.14 +# Copyright (C) 2013 AIT Austrian Institute of Technology
1.15 +# AIT Austrian Institute of Technology GmbH
1.16 +# Donau-City-Strasse 1 | 1220 Vienna | Austria
1.17 +# http://www.ait.ac.at
1.18 +#
1.19 +# This program is free software; you can redistribute it and/or
1.20 +# modify it under the terms of the GNU General Public License
1.21 +# as published by the Free Software Foundation version 2.
1.22 +#
1.23 +# This program is distributed in the hope that it will be useful,
1.24 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
1.25 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1.26 +# GNU General Public License for more details.
1.27 +#
1.28 +# You should have received a copy of the GNU General Public License
1.29 +# along with this program; if not, write to the Free Software
1.30 +# Foundation, Inc., 51 Franklin Street, Fifth Floor,
1.31 +# Boston, MA 02110-1301, USA.
1.32 +# ------------------------------------------------------------
1.33 +
1.34 +
1.35 +# ------------------------------------------------------------
1.36 +# imports
1.37 +
1.38 +import os
1.39 +import os.path
1.40 +import subprocess
1.41 +import sys
1.42 +import web
1.43 +
1.44 +# local
1.45 +from environment import Environment
1.46 +import opensecurity_server
1.47 +
1.48 +
1.49 +# ------------------------------------------------------------
1.50 +# const
1.51 +
1.52 +
1.53 +__version__ = "0.1"
1.54 +
1.55 +
1.56 +"""All the URLs we know mapping to class handler"""
1.57 +opensecurity_urls = (
1.58 + '/application', 'os_application',
1.59 + '/credentials', 'os_credentials',
1.60 + '/password', 'os_password',
1.61 + '/', 'os_root'
1.62 +)
1.63 +
1.64 +
1.65 +# ------------------------------------------------------------
1.66 +# code
1.67 +
1.68 +
1.69 +class os_application:
1.70 + """OpenSecurity '/application' handler.
1.71 +
1.72 + This is called on GET /application?vm=VM-ID&app=APP-ID
1.73 + This tries to access the vm identified with the label VM-ID
1.74 + and launched the application identified APP-ID
1.75 + """
1.76 +
1.77 + def GET(self):
1.78 +
1.79 + # pick the arguments
1.80 + args = web.input()
1.81 +
1.82 + # we _need_ a vm
1.83 + if not "vm" in args:
1.84 + raise web.badrequest()
1.85 +
1.86 + # we _need_ a app
1.87 + if not "app" in args:
1.88 + raise web.badrequest()
1.89 +
1.90 + apps = opensecurity_server.query_apps()
1.91 + vms = opensecurity_server.query_vms()
1.92 +
1.93 + # check if we do have valid vm
1.94 + v = [v for v in vms if v['name'] == args.vm]
1.95 + if len(v) == 0:
1.96 + raise web.notfound('vm not found')
1.97 + v = v[0]
1.98 +
1.99 + # check if we do have a valid app
1.100 + a = [a for a in apps if a['name'] == args.app]
1.101 + if len(a) == 0:
1.102 + raise web.notfound('app not found')
1.103 + a = a[0]
1.104 +
1.105 + # invoke launch with
1.106 + res = "starting: launch " + v['user'] + " " + v['ip'] + " " + a['command']
1.107 +
1.108 + launch_image = os.path.join(sys.path[0], 'launch.py')
1.109 + process_command = [sys.executable, launch_image, v['user'], v['ip'], a['command']]
1.110 + process = subprocess.Popen(process_command, shell = False, stdout = subprocess.PIPE)
1.111 + result = process.communicate()[0]
1.112 + if process.returncode != 0:
1.113 + return 'Launch of application aborted.'
1.114 +
1.115 + return result
1.116 +
1.117 +
1.118 +class os_credentials:
1.119 + """OpenSecurity '/credentials' handler.
1.120 +
1.121 + This is called on GET /credentials?text=TEXT.
1.122 + Ideally this should pop up a user dialog to insert his
1.123 + credentials based the given TEXT.
1.124 + """
1.125 +
1.126 + def GET(self):
1.127 +
1.128 + # pick the arguments
1.129 + args = web.input()
1.130 +
1.131 + # we _need_ a device id
1.132 + if not "text" in args:
1.133 + raise web.badrequest()
1.134 +
1.135 + # invoke the user dialog as a subprocess
1.136 + dlg_credentials_image = os.path.join(sys.path[0], 'opensecurity_dialog.py')
1.137 + process_command = [sys.executable, dlg_credentials_image, 'credentials', args.text]
1.138 + process = subprocess.Popen(process_command, shell = False, stdout = subprocess.PIPE)
1.139 + result = process.communicate()[0]
1.140 + if process.returncode != 0:
1.141 + return 'Credentials request has been aborted.'
1.142 +
1.143 + return result
1.144 +
1.145 +
1.146 +class os_password:
1.147 + """OpenSecurity '/password' handler.
1.148 +
1.149 + This is called on GET /password?text=TEXT.
1.150 + Ideally this should pop up a user dialog to insert his
1.151 + password based device name.
1.152 + """
1.153 +
1.154 + def GET(self):
1.155 +
1.156 + # pick the arguments
1.157 + args = web.input()
1.158 +
1.159 + # we _need_ a device id
1.160 + if not "text" in args:
1.161 + raise web.badrequest()
1.162 +
1.163 + # invoke the user dialog as a subprocess
1.164 + dlg_credentials_image = os.path.join(sys.path[0], 'opensecurity_dialog.py')
1.165 + process_command = [sys.executable, dlg_credentials_image, 'password', args.text]
1.166 + process = subprocess.Popen(process_command, shell = False, stdout = subprocess.PIPE)
1.167 + result = process.communicate()[0]
1.168 + if process.returncode != 0:
1.169 + return 'password request has been aborted.'
1.170 +
1.171 + return result
1.172 +
1.173 +
1.174 +class os_root:
1.175 + """OpenSecurity '/' handler"""
1.176 +
1.177 + def GET(self):
1.178 +
1.179 + res = "OpenSecurity-Client RESTFul Server { \"version\": \"%s\" }" % __version__
1.180 +
1.181 + # add some sample links
1.182 + res = res + """
1.183 +
1.184 +USAGE EXAMPLES:
1.185 +
1.186 +Request a password:
1.187 + (copy paste this into your browser's address field after the host:port)
1.188 +
1.189 + /password?text=Give+me+a+password+for+device+%22My+USB+Drive%22+(ID%3A+32090-AAA-X0)
1.190 +
1.191 + (eg.: http://127.0.0.1:8090/password?text=Give+me+a+password+for+device+%22My+USB+Drive%22+(ID%3A+32090-AAA-X0))
1.192 + NOTE: check yout taskbar, the dialog window may not pop up in front of your browser window.
1.193 +
1.194 +
1.195 +Request a combination of user and password:
1.196 + (copy paste this into your browser's address field after the host:port)
1.197 +
1.198 + /credentials?text=Tell+the+NSA+which+credentials+to+use+in+order+to+avoid+hacking+noise+on+wire.
1.199 +
1.200 + (eg.: http://127.0.0.1:8090/credentials?text=Tell+the+NSA+which+credentials+to+use+in+order+to+avoid+hacking+noise+on+wire.)
1.201 + NOTE: check yout taskbar, the dialog window may not pop up in front of your browser window.
1.202 +
1.203 +
1.204 +Start a Browser:
1.205 + (copy paste this into your browser's address field after the host:port)
1.206 +
1.207 + /application?vm=Debian+7&app=Browser
1.208 +
1.209 + (e.g. http://127.0.0.1:8090/application?vm=Debian+7&app=Browser)
1.210 + """
1.211 +
1.212 + return res
1.213 +
1.214 +
1.215 +# start
1.216 +if __name__ == "__main__":
1.217 + server = web.application(opensecurity_urls, globals())
1.218 + server.run()