2 # -*- coding: utf-8 -*-
4 # ------------------------------------------------------------
5 # opensecurity_client_restful_server
7 # the OpenSecurity client RESTful server
9 # Autor: Oliver Maurhart, <oliver.maurhart@ait.ac.at>
11 # Copyright (C) 2013 AIT Austrian Institute of Technology
12 # AIT Austrian Institute of Technology GmbH
13 # Donau-City-Strasse 1 | 1220 Vienna | Austria
14 # http://www.ait.ac.at
16 # This program is free software; you can redistribute it and/or
17 # modify it under the terms of the GNU General Public License
18 # as published by the Free Software Foundation version 2.
20 # This program is distributed in the hope that it will be useful,
21 # but WITHOUT ANY WARRANTY; without even the implied warranty of
22 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 # GNU General Public License for more details.
25 # You should have received a copy of the GNU General Public License
26 # along with this program; if not, write to the Free Software
27 # Foundation, Inc., 51 Franklin Street, Fifth Floor,
28 # Boston, MA 02110-1301, USA.
29 # ------------------------------------------------------------
32 # ------------------------------------------------------------
44 from environment import Environment
45 from notification import Notification
48 # ------------------------------------------------------------
55 """All the URLs we know mapping to class handler"""
57 #'/application', 'os_application',
58 '/credentials', 'os_credentials',
59 '/notification', 'os_notification',
60 '/password', 'os_password',
65 # ------------------------------------------------------------
69 # class os_application:
73 # """OpenSecurity '/application' handler.
75 # This is called on GET /application?vm=VM-ID&app=APP-ID
76 # This tries to access the vm identified with the label VM-ID
77 # and launched the application identified APP-ID
82 # # pick the arguments
86 # if not "vm" in args:
87 # raise web.badrequest('no vm given')
90 # if not "command" in args:
91 # raise web.badrequest('no app given')
93 # # check if we do have valid vm
94 # v = [v for v in vms if v['name'] == args.vm]
96 # raise web.notfound('vm not found')
99 # # check if we do have a valid app
100 # a = [a for a in apps if a['name'] == args.app]
102 # raise web.notfound('app not found')
105 # # invoke launch with
106 # res = "starting: launch " + v['user'] + " " + v['ip'] + " " + a['command']
108 # launch_image = os.path.join(sys.path[0], 'launch.py')
109 # process_command = [sys.executable, launch_image, v['user'], v['ip'], a['command']]
110 # process = subprocess.Popen(process_command, shell = False, stdout = subprocess.PIPE)
111 # result = process.communicate()[0]
112 # if process.returncode != 0:
113 # return 'Launch of application aborted.'
118 class os_credentials:
119 """OpenSecurity '/credentials' handler.
121 This is called on GET /credentials?text=TEXT.
122 Ideally this should pop up a user dialog to insert his
123 credentials based the given TEXT.
132 if not "text" in args:
133 raise web.badrequest('no text given')
135 # invoke the user dialog as a subprocess
136 dlg_image = os.path.join(sys.path[0], 'opensecurity_dialog.py')
137 process_command = [sys.executable, dlg_image, 'credentials', args.text]
138 process = subprocess.Popen(process_command, shell = False, stdout = subprocess.PIPE)
139 result = process.communicate()[0]
140 if process.returncode != 0:
141 return 'Credentials request has been aborted.'
146 class os_notification:
147 """OpenSecurity '/notification' handler.
149 This is called on GET /notification?msgtype=TYPE&text=TEXT.
150 This will pop up an OpenSecurity notifcation window
159 if not "msgtype" in args:
160 raise web.badrequest('no msgtype given')
162 if not args.msgtype in Notification.TYPES:
163 raise web.badrequest('Unknown value for msgtype')
166 if not "text" in args:
167 raise web.badrequest('no text given')
169 # invoke the user dialog as a subprocess
170 dlg_image = os.path.join(sys.path[0], 'opensecurity_dialog.py')
171 process_command = [sys.executable, dlg_image, 'notification-' + args.msgtype, args.text]
172 process = subprocess.Popen(process_command, shell = False, stdout = subprocess.PIPE)
177 """OpenSecurity '/password' handler.
179 This is called on GET /password?text=TEXT.
180 Ideally this should pop up a user dialog to insert his
181 password based device name.
190 if not "text" in args:
191 raise web.badrequest('no text given')
194 remote_ip = web.ctx.environ['REMOTE_ADDR']
196 # invoke the user dialog as a subprocess
197 dlg_image = os.path.join(sys.path[0], 'opensecurity_dialog.py')
198 process_command = [sys.executable, dlg_image, 'password', args.text]
199 process = subprocess.Popen(process_command, shell = False, stdout = subprocess.PIPE)
200 result = process.communicate()[0]
201 if process.returncode != 0:
202 return 'password request has been aborted.'
204 # all ok, tell send request back appropriate destination
206 # the returned value of the dialog is a jason object like
207 # "{ 'password': 'THE_PASSWORD' }"
208 # so we _could_ call eval(...) on this.
210 # However, anyone malicious enough _could_ encode a certain
211 # "password" making some nasty things within that eval code. :(
213 # So this is plain old-school string hacking then ...
215 password = result.split(':')[1].split("'")[1]
217 raise web.internalerror('error in password parsing')
219 url_addr = 'http://' + remote_ip + ':58080/password'
220 url_data = urllib.urlencode({ 'password': password})
221 req = urllib2.Request(url = url_addr + '?' + url_data)
223 res = urllib2.urlopen(req)
225 raise web.internalerror('failed to contact: ' + url_addr)
227 return 'password told'
231 """OpenSecurity '/' handler"""
235 res = "OpenSecurity-Client RESTFul Server { \"version\": \"%s\" }" % __version__
237 # add some sample links
243 (copy paste this into your browser's address field after the host:port)
245 /password?text=Give+me+a+password+for+device+%22My+USB+Drive%22+(ID%3A+32090-AAA-X0)
247 (eg.: http://127.0.0.1:8090/password?text=Give+me+a+password+for+device+%22My+USB+Drive%22+(ID%3A+32090-AAA-X0))
248 NOTE: check yout taskbar, the dialog window may not pop up in front of your browser window.
251 Request a combination of user and password:
252 (copy paste this into your browser's address field after the host:port)
254 /credentials?text=Tell+the+NSA+which+credentials+to+use+in+order+to+avoid+hacking+noise+on+wire.
256 (eg.: http://127.0.0.1:8090/credentials?text=Tell+the+NSA+which+credentials+to+use+in+order+to+avoid+hacking+noise+on+wire.)
257 NOTE: check yout taskbar, the dialog window may not pop up in front of your browser window.
261 (copy paste this into your browser's address field after the host:port)
263 /application?vm=Debian+7&app=Browser
265 (e.g. http://127.0.0.1:8090/application?vm=Debian+7&app=Browser)
272 if __name__ == "__main__":
273 server = web.application(opensecurity_urls, globals())