1.1 --- a/OpenSecurity/bin/vmmanager.py Wed Dec 11 14:49:34 2013 +0100
1.2 +++ b/OpenSecurity/bin/vmmanager.py Thu Jan 09 10:44:42 2014 +0100
1.3 @@ -17,6 +17,11 @@
1.4
1.5
1.6 DEBUG = True
1.7 +class VMManagerException(Exception):
1.8 + def __init__(self, value):
1.9 + self.value = value
1.10 + def __str__(self):
1.11 + return repr(self.value)
1.12
1.13 class USBFilter:
1.14 vendorid = ""
1.15 @@ -76,12 +81,14 @@
1.16 def isSDVMStarted(self, ip):
1.17 return self.startNotifications.contains(ip)
1.18
1.19 - def execute(self, cmd):
1.20 + def execute(self, cmd, wait_return=True ):
1.21 if DEBUG:
1.22 print('trying to launch: ' + cmd)
1.23 process = Popen(cmd, stdout=PIPE, stderr=PIPE) #shell = True
1.24 if DEBUG:
1.25 print('launched: ' + cmd)
1.26 + if not wait_return:
1.27 + return [0, 'working in background', '']
1.28 result = process.wait()
1.29 res_stdout = process.stdout.read();
1.30 res_stderr = process.stderr.read();
1.31 @@ -90,6 +97,8 @@
1.32 print res_stdout
1.33 if res_stderr != "":
1.34 print res_stderr
1.35 + if result !=0:
1.36 + raise VMManagerException(res_stderr)
1.37 return result, res_stdout, res_stderr
1.38
1.39 def getVBoxManagePath(self):
1.40 @@ -207,8 +216,7 @@
1.41 self.execute(cmd)
1.42 cmd = 'VBoxManage storagectl ' + vm_name + ' --name contr1 --add sata --portcount 2'
1.43 self.execute(cmd)
1.44 - cmd = 'VBoxManage storageattach ' + vm_name + ' --storagectl contr1 --port 0 --device 0 --type hdd --medium \"'+ machineFolder + '\SecurityDVM\SecurityDVM.vmdk\"'
1.45 - #--mtype immutable
1.46 + cmd = 'VBoxManage storageattach ' + vm_name + ' --storagectl contr1 --port 0 --device 0 --type hdd --medium \"'+ machineFolder + '\SecurityDVM\SecurityDVM.vmdk\"' #--mtype immutable
1.47 self.execute(cmd)
1.48 return
1.49
1.50 @@ -225,13 +233,18 @@
1.51 def startVM(self, vm_name):
1.52 print('starting ' + vm_name)
1.53 cmd = 'VBoxManage startvm ' + vm_name + ' --type headless'
1.54 - print self.execute(cmd) #verify against (0, 'Waiting for VM "SecurityDVM0" to power on...\r\nVM "SecurityDVM0" has been successfully started.\r\n', '')
1.55 + result = self.execute(cmd)
1.56 + while not string.find(str(result), 'successfully started',):
1.57 + print "Failed to start SDVM: ", vm_name, " retrying"
1.58 + time.sleep(1)
1.59 + result = self.execute(cmd)
1.60 + return result[0]
1.61
1.62 # stop VM
1.63 def stopVM(self, vm_name):
1.64 print('stopping ' + vm_name)
1.65 cmd = 'VBoxManage controlvm ' + vm_name + ' poweroff'
1.66 - print self.execute(cmd)
1.67 + self.execute(cmd)
1.68
1.69 # return the hostOnly IP for a running guest
1.70 def getHostOnlyIP(self, vm_name):
1.71 @@ -273,23 +286,23 @@
1.72 machineFolder = self.getDefaultMachineFolder()
1.73 # create .ssh folder in vm_name
1.74 cmd = self.cygwin_path+'bash.exe --login -c \"mkdir -p \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\\"\"'
1.75 - result = self.execute(cmd)
1.76 + self.execute(cmd)
1.77 # generate dvm_key pair in vm_name / .ssh
1.78 cmd = self.cygwin_path+'bash.exe --login -c \"ssh-keygen -q -t rsa -N \\"\\" -C \\\"' + vm_name + '\\\" -f \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\dvm_key\\\"\"' #'echo -e "y\\n" |',
1.79 - result = self.execute(cmd)
1.80 + self.execute(cmd)
1.81 # set permissions for keys
1.82 #TODO: test without chmod
1.83 cmd = self.cygwin_path+'bash.exe --login -c \"chmod 500 \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\*\\\"\"'
1.84 - result = self.execute(cmd)
1.85 + self.execute(cmd)
1.86 # move out private key
1.87 cmd = self.cygwin_path+'bash.exe --login -c \"mv \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\dvm_key\\\" \\\"' + machineFolder + '\\' + vm_name + '\\\"'
1.88 - result = self.execute(cmd)
1.89 + self.execute(cmd)
1.90 # rename public key to authorized_keys
1.91 cmd = self.cygwin_path+'bash.exe --login -c \"mv \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\dvm_key.pub\\\" \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\authorized_keys\\\"'
1.92 - result = self.execute(cmd)
1.93 + self.execute(cmd)
1.94 # generate iso image with .ssh/authorized keys
1.95 cmd = self.cygwin_path+'bash.exe --login -c \"/usr/bin/genisoimage -J -R -o \\\"' + machineFolder + '\\' + vm_name + '\\'+ vm_name + '.iso\\\" \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\\"\"'
1.96 - result = self.execute(cmd)
1.97 + self.execute(cmd)
1.98
1.99 # attaches generated ssh public cert to guest vm
1.100 def attachCertificateISO(self, vm_name):
1.101 @@ -319,29 +332,45 @@
1.102 new_sdvm = self.generateSDVMName()
1.103 self.createVM(new_sdvm)
1.104 self.attachRSD(new_sdvm, connected_device)
1.105 - #sleep like method
1.106 - self.listSDVM()
1.107 +
1.108 +
1.109 self.startVM(new_sdvm)
1.110 -
1.111 + # wait for machine to come up
1.112 while new_ip == None:
1.113 time.sleep(1)
1.114 new_ip = self.getHostOnlyIP(new_sdvm)
1.115 while new_ip not in self.startNotifications:
1.116 time.sleep(1)
1.117 + if new_ip != None:
1.118 + self.mapNetworkDrive('h:', '\\\\' + new_ip + '\\USB', None, None)
1.119 #TODO: cleanup notifications somwhere else (eg. machine shutdown)
1.120 self.startNotifications.remove(new_ip)
1.121 VMManager.handleDeviceChangeLock.release()
1.122 return new_ip
1.123
1.124 def handleBrowsingRequest(self):
1.125 - new_sdvm = self.generateSDVMName()
1.126 - self.createVM(new_sdvm)
1.127 - self.genCertificateISO(new_sdvm)
1.128 - self.attachCertificateISO(new_sdvm)
1.129 + if VMManager.handleDeviceChangeLock.acquire(True):
1.130 + new_ip = None
1.131 + new_sdvm = self.generateSDVMName()
1.132 + self.createVM(new_sdvm)
1.133 + self.genCertificateISO(new_sdvm)
1.134 + self.attachCertificateISO(new_sdvm)
1.135 + self.startVM(new_sdvm)
1.136 + # wait for machine to come up
1.137 + while new_ip == None:
1.138 + time.sleep(1)
1.139 + new_ip = self.getHostOnlyIP(new_sdvm)
1.140 + while new_ip not in self.startNotifications:
1.141 + time.sleep(1)
1.142 + if new_ip != None:
1.143 + self.mapNetworkDrive('g:', '\\\\' + new_ip + '\\Download', None, None)
1.144 + #TODO: cleanup notifications somwhere else (eg. machine shutdown)
1.145 + self.startNotifications.remove(new_ip)
1.146 + VMManager.handleDeviceChangeLock.release()
1.147 return new_sdvm
1.148
1.149 # executes command over ssh on guest vm
1.150 - def sshGuestExecute(self, vm_name, prog, user_name='opensec'):
1.151 + def sshGuestExecute(self, vm_name, prog, user_name='osecuser'):
1.152 # get vm ip
1.153 address = self.getHostOnlyIP(vm_name)
1.154 machineFolder = self.getDefaultMachineFolder()
1.155 @@ -350,14 +379,22 @@
1.156 return self.execute(cmd)
1.157
1.158 # executes command over ssh on guest vm with X forwarding
1.159 - def sshGuestX11Execute(self, vm_name, prog, user_name='opensec'):
1.160 + def sshGuestX11Execute(self, vm_name, prog, user_name='osecuser'):
1.161 #TODO: verify if X server is running on user account
1.162 #TODO: set DISPLAY accordingly
1.163 address = self.getHostOnlyIP(vm_name)
1.164 machineFolder = self.getDefaultMachineFolder()
1.165 # run command
1.166 - cmd = self.cygwin_path+'bash.exe --login -c \"DISPLAY=:0 ssh -Y -i \\\"' + machineFolder + '\\' + vm_name + '\\dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"'
1.167 - return self.execute(cmd)
1.168 + #--login
1.169 + #cmd = self.cygwin_path+'bash.exe --login -c \"DISPLAY=:0 ssh -v -Y -i \\\"' + machineFolder + '\\' + vm_name + '\\dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"'
1.170 + cmd = self.cygwin_path+'mintty.exe -e /bin/env DISPLAY=:0 /usr/bin/ssh -v -Y -i \"' + machineFolder + '\\' + vm_name + '\\dvm_key\" ' + user_name + '@' + address + ' ' + prog + ''
1.171 + #cmd = self.cygwin_path+'mintty.exe -e /bin/bash --login -c \"DISPLAY=:0 /usr/bin/ssh -v -Y -i \\\"' + machineFolder + '\\' + vm_name + '\\dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"'
1.172 + if DEBUG:
1.173 + print('trying to launch: ' + cmd)
1.174 + process = Popen(cmd)
1.175 + if DEBUG:
1.176 + print('launched: ' + cmd)
1.177 + return
1.178
1.179 #Small function to check the availability of network resource.
1.180 def isAvailable(self, path):
1.181 @@ -411,13 +448,11 @@
1.182 return 1
1.183
1.184 if __name__ == '__main__':
1.185 -
1.186 man = VMManager.getInstance()
1.187 #man.removeVM('SecurityDVM0')
1.188 #man.netUse('192.168.56.134', 'USB\\')
1.189 - ip = '192.168.56.139'
1.190 - man.mapNetworkDrive('h:', '\\\\' + ip + '\USB', None, None)
1.191 -
1.192 + #ip = '192.168.56.139'
1.193 + #man.mapNetworkDrive('h:', '\\\\' + ip + '\USB', None, None)
1.194 #man.cygwin_path = 'c:\\cygwin64\\bin\\'
1.195 #man.handleDeviceChange()
1.196 #print man.listSDVM()
1.197 @@ -429,7 +464,8 @@
1.198
1.199 #man.attachCertificateISO(vm_name)
1.200 #man.sshGuestExecute(vm_name, "ls")
1.201 - #man.sshGuestX11Execute(vm_name, "iceweasel")
1.202 + man.sshGuestX11Execute('SecurityDVM1', '/usr/bin/iceweasel')
1.203 + time.sleep(60)
1.204 #cmd = "c:\\cygwin64\\bin\\bash.exe --login -c \"/bin/ls\""
1.205 #man.execute(cmd)
1.206
1.207 \ No newline at end of file