2 Created on Nov 19, 2013
8 from subprocess import Popen, PIPE, call
13 from cygwin import Cygwin
14 from environment import Environment
25 class VMManagerException(Exception):
26 def __init__(self, value):
29 return repr(self.value)
36 def __init__(self, vendorid, productid, revision):
37 self.vendorid = vendorid.lower()
38 self.productid = productid.lower()
39 self.revision = revision.lower()
42 def __eq__(self, other):
43 return self.vendorid == other.vendorid and self.productid == other.productid and self.revision == other.revision
46 return hash(self.vendorid) ^ hash(self.productid) ^ hash(self.revision)
49 return "VendorId = \'" + str(self.vendorid) + "\' ProductId = \'" + str(self.productid) + "\' Revision = \'" + str(self.revision) + "\'"
52 class VMManager(object):
53 vmRootName = "SecurityDVM"
54 systemProperties = None
55 cygwin_path = 'c:\\cygwin64\\bin\\'
56 vboxManage = 'VBoxManage'
57 startNotifications = list()
60 #def __new__(cls, *args, **kwargs):
61 # if not cls._instance:
62 # cls._instance = super(VMManager, cls).__new__(cls, *args, **kwargs)
63 # return cls._instance
66 #def __new__(cls, *args, **kwargs):
67 # if not cls._instance:
68 # cls._instance = super(VMManager, cls).__new__(cls, *args, **kwargs)
69 # return cls._instance
72 self.cygwin_path = os.path.join(Cygwin.root(), 'bin') + os.path.sep
73 self.vboxManage = os.path.join(self.getVBoxManagePath(), 'VBoxManage')
74 self.systemProperties = self.getSystemProperties()
79 if VMManager._instance == None:
80 VMManager._instance = VMManager()
81 return VMManager._instance
83 def putStartNotification(self, ip):
84 self.startNotifications.append(ip)
86 def isSDVMStarted(self, ip):
87 return self.startNotifications.contains(ip)
89 def getVBoxManagePath(self):
90 """get the path to the VirtualBox installation on this system"""
93 k = _winreg.OpenKey(_winreg.HKEY_LOCAL_MACHINE, 'SOFTWARE\Oracle\VirtualBox')
94 p = _winreg.QueryValueEx(k, 'InstallDir')[0]
100 # return hosty system properties
101 def getSystemProperties(self):
102 cmd = self.vboxManage + ' list systemproperties'
103 result = self.hostExecute(cmd)
106 props = dict((k.strip(),v.strip().strip('"')) for k,v in (line.split(':', 1) for line in result[1].strip().splitlines()))
109 # return the folder containing the guest VMs
110 def getDefaultMachineFolder(self):
111 machineFolder = self.systemProperties["Default machine folder"]
114 #list the hostonly IFs exposed by the VBox host
115 def getHostOnlyIFs(self):
116 cmd = 'VBoxManage list hostonlyifs'
117 result = self.hostExecute(cmd)[1]
120 props = dict((k.strip(),v.strip().strip('"')) for k,v in (line.split(':', 1) for line in result.strip().splitlines()))
124 cmd = 'VBoxManage list usbhost'
125 results = self.hostExecute(cmd)[1]
126 results = results.split('Host USB Devices:')[1].strip()
128 items = list( "UUID:"+result for result in results.split('UUID:') if result != '')
132 for line in item.splitlines():
134 k,v = line[:line.index(':')].strip(), line[line.index(':')+1:].strip()
137 if 'Product' in props.keys() and props['Product'] == 'Mass Storage':
138 usb_filter = USBFilter( re.search(r"\((?P<vid>[0-9A-Fa-f]+)\)", props['VendorId']).groupdict()['vid'],
139 re.search(r"\((?P<pid>[0-9A-Fa-f]+)\)", props['ProductId']).groupdict()['pid'],
140 re.search(r"\((?P<rev>[0-9A-Fa-f]+)\)", props['Revision']).groupdict()['rev'] )
141 rsds[props['UUID']] = usb_filter;
146 # list all existing VMs registered with VBox
148 cmd = 'VBoxManage list vms'
149 result = self.hostExecute(cmd)[1]
150 vms = list(k.strip().strip('"') for k,_ in (line.split(' ') for line in result.splitlines()))
154 def listRunningVMS(self):
155 cmd = 'VBoxManage list runningvms'
156 result = self.hostExecute(cmd)[1]
157 vms = list(k.strip().strip('"') for k,_ in (line.split(' ') for line in result.splitlines()))
160 # list existing SDVMs
165 if vm.startswith(self.vmRootName) and vm != self.vmRootName:
169 # generate valid (not already existing SDVM name). necessary for creating a new VM
170 def generateSDVMName(self):
172 for i in range(0,999):
173 if(not self.vmRootName+str(i) in vms):
174 return self.vmRootName+str(i)
177 # return the RSDs attached to all existing SDVMs
178 def getAttachedRSDs(self):
179 vms = self.listSDVM()
180 attached_devices = dict()
182 rsd_filter = self.getUSBFilter(vm)
183 if rsd_filter != None:
184 attached_devices[vm] = rsd_filter
185 return attached_devices
187 # configures hostonly networking and DHCP server. requires admin rights
188 def configureHostNetworking(self):
189 #cmd = 'vboxmanage list hostonlyifs'
190 #self.hostExecute(cmd)
191 #cmd = 'vboxmanage hostonlyif remove \"VirtualBox Host-Only Ethernet Adapter\"'
192 #self.hostExecute(cmd)
193 #cmd = 'vboxmanage hostonlyif create'
194 #self.hostExecute(cmd)
195 cmd = 'VBoxManage hostonlyif ipconfig \"VirtualBox Host-Only Ethernet Adapter\" --ip 192.168.56.1 --netmask 255.255.255.0'
196 self.hostExecute(cmd)
197 #cmd = 'vboxmanage dhcpserver add'
198 #self.hostExecute(cmd)
199 cmd = 'VBoxManage dhcpserver modify --ifname \"VirtualBox Host-Only Ethernet Adapter\" --ip 192.168.56.100 --netmask 255.255.255.0 --lowerip 192.168.56.101 --upperip 192.168.56.200'
200 self.hostExecute(cmd)
202 #create new virtual machine instance based on template vm named SecurityDVM (\SecurityDVM\SecurityDVM.vmdk)
203 def createVM(self, vm_name):
204 hostonly_if = self.getHostOnlyIFs()
205 cmd = 'VBoxManage createvm --name ' + vm_name + ' --ostype Debian --register'
206 self.hostExecute(cmd)
207 cmd = 'VBoxManage modifyvm ' + vm_name + ' --memory 512 --vram 10 --cpus 1 --usb on --usbehci on --nic1 hostonly --hostonlyadapter1 \"' + hostonly_if['Name'] + '\" --nic2 nat'
208 self.hostExecute(cmd)
209 cmd = 'VBoxManage storagectl ' + vm_name + ' --name SATA --add sata --portcount 2'
210 self.hostExecute(cmd)
213 # attach storage image to controller
214 def storageAttach(self, vm_name):
215 if self.isStorageAttached(vm_name):
216 self.storageDetach(vm_name)
217 machineFolder = self.getDefaultMachineFolder()
218 cmd = 'VBoxManage storageattach ' + vm_name + ' --storagectl SATA --port 0 --device 0 --type hdd --medium \"'+ machineFolder + '\SecurityDVM\SecurityDVM.vmdk\"'
219 self.hostExecute(cmd)
222 # return true if storage is attached
223 def isStorageAttached(self, vm_name):
224 info = self.getVMInfo(vm_name)
225 return (info['SATA-0-0']!='none')
227 # detach storage from controller
228 def storageDetach(self, vm_name):
229 if self.isStorageAttached(vm_name):
230 cmd = 'VBoxManage storageattach ' + vm_name + ' --storagectl SATA --port 0 --device 0 --type hdd --medium none'
231 self.hostExecute(cmd)
234 def changeStorageType(self, filename, type):
235 cmd = 'VBoxManage modifyhd \"' + filename + '\" --type ' + type
236 self.hostExecute(cmd)
239 # list storage snaphots for VM
240 def updateTemplate(self):
241 self.poweroffVM('SecurityDVM')
242 self.waitShutdown('SecurityDVM')
245 self.genCertificateISO('SecurityDVM')
246 self.attachCertificateISO('SecurityDVM')
248 self.storageDetach('SecurityDVM')
249 cmd = 'VBoxManage list hdds'
250 results = self.hostExecute(cmd)[1]
251 results = results.replace('Parent UUID', 'Parent')
252 items = list( "UUID:"+result for result in results.split('UUID:') if result != '')
258 for line in item.splitlines():
260 k,v = line[:line.index(':')].strip(), line[line.index(':')+1:].strip()
262 snaps[props['UUID']] = props
264 machineFolder = self.getDefaultMachineFolder()
265 template_storage = machineFolder + '\SecurityDVM\SecurityDVM.vmdk'
269 for hdd in snaps.values():
270 if hdd['Location'] == template_storage:
271 template_uuid = hdd['UUID']
272 print 'found parent uuid ' + template_uuid
275 for hdd in snaps.values():
276 if hdd['Parent'] == template_uuid:
277 #template_uuid = hdd['UUID']
278 print 'removing snapshot ' + hdd['UUID']
279 cmd = 'VBoxManage closemedium disk {' + hdd['UUID'] + '} --delete'
280 results = self.hostExecute(cmd)[1]
281 # parse result 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
283 self.changeStorageType(template_storage,'normal')
284 self.storageAttach('SecurityDVM')
285 self.startVM('SecurityDVM')
286 self.waitStartup('SecurityDVM')
287 self.guestExecute('SecurityDVM', 'sudo apt-get -y update' )
288 self.guestExecute('SecurityDVM', 'sudo apt-get -y upgrade' )
289 self.stopVM('SecurityDVM')
290 self.waitShutdown('SecurityDVM')
291 self.storageDetach('SecurityDVM')
292 self.changeStorageType(template_storage,'immutable')
293 self.storageAttach('SecurityDVM')
296 #remove VM from the system. should be used on VMs returned by listSDVMs
297 def removeVM(self, vm_name):
298 print('removing ' + vm_name)
299 cmd = 'VBoxManage unregistervm ' + vm_name + ' --delete'
300 print self.hostExecute(cmd)
301 machineFolder = self.getDefaultMachineFolder()
302 cmd = self.cygwin_path + 'bash.exe --login -c \"rm -rf ' + machineFolder + '\\' + vm_name + '*\"'
303 print self.hostExecute(cmd)
306 def startVM(self, vm_name):
307 print('starting ' + vm_name)
308 cmd = 'VBoxManage startvm ' + vm_name + ' --type headless'
309 result = self.hostExecute(cmd)
310 while not string.find(str(result), 'successfully started',):
311 print "Failed to start SDVM: ", vm_name, " retrying"
313 result = self.hostExecute(cmd)
316 # return wether VM is running or not
317 def isVMRunning(self, vm_name):
318 return vm_name in self.listRunningVMS()
321 def stopVM(self, vm_name):
322 print('stopping ' + vm_name)
323 cmd = 'sudo shutdown -h now'
324 self.guestExecute('SecurityDVM', cmd)
327 def poweroffVM(self, vm_name):
328 if not self.isVMRunning(vm_name):
330 print('powering off ' + vm_name)
331 cmd = 'VBoxManage controlvm ' + vm_name + ' poweroff'
332 self.hostExecute(cmd)
334 # return the hostOnly IP for a running guest
335 def getHostOnlyIP(self, vm_name):
336 print('gettting hostOnly IP address ' + vm_name)
337 cmd = 'VBoxManage guestproperty get ' + vm_name + ' /VirtualBox/GuestInfo/Net/0/V4/IP'
338 result = self.hostExecute(cmd)
342 if result.startswith('No value set!'):
344 return result[result.index(':')+1:].strip()
346 # attach removable storage device to VM by provision of filter
347 def attachRSD(self, vm_name, rsd_filter):
348 cmd = 'VBoxManage usbfilter add 0 --target ' + vm_name + ' --name OpenSecurityRSD --vendorid ' + rsd_filter.vendorid + ' --productid ' + rsd_filter.productid + ' --revision ' + rsd_filter.revision
349 print self.hostExecute(cmd)
352 # return the description set for an existing VM
353 def getVMInfo(self, vm_name):
354 cmd = 'VBoxManage showvminfo ' + vm_name + ' --machinereadable'
355 results = self.hostExecute(cmd)[1]
356 props = dict((k.strip().strip('"'),v.strip().strip('"')) for k,v in (line.split('=', 1) for line in results.splitlines()))
359 # return the configured USB filter for an existing VM
360 def getUSBFilter(self, vm_name):
361 props = self.getVMInfo(vm_name)
362 keys = set(['USBFilterVendorId1', 'USBFilterProductId1', 'USBFilterRevision1'])
363 keyset = set(props.keys())
365 if keyset.issuperset(keys):
366 usb_filter = USBFilter(props['USBFilterVendorId1'], props['USBFilterProductId1'], props['USBFilterRevision1'])
369 #generates ISO containing authorized_keys for use with guest VM
370 def genCertificateISO(self, vm_name):
371 machineFolder = self.getDefaultMachineFolder()
372 machineFolder = self.cygwinPath(machineFolder)
373 # remove .ssh folder if exists
374 cmd = self.cygwin_path+'bash.exe --login -c \"rm -rf \\\"' + machineFolder + '/' + vm_name + '/.ssh\\\"\"'
375 self.hostExecute(cmd)
376 # remove .ssh folder if exists
377 cmd = self.cygwin_path+'bash.exe --login -c \"rm -rf \\\"' + machineFolder + '/' + vm_name + '/dvm_key\\\"\"'
378 self.hostExecute(cmd)
379 # create .ssh folder in vm_name
380 cmd = self.cygwin_path+'bash.exe --login -c \"mkdir -p \\\"' + machineFolder + '/' + vm_name + '/.ssh\\\"\"'
381 self.hostExecute(cmd)
382 # generate dvm_key pair in vm_name / .ssh
383 cmd = self.cygwin_path+'bash.exe --login -c \"ssh-keygen -q -t rsa -N \\"\\" -C \\\"' + vm_name + '\\\" -f \\\"' + machineFolder + '/' + vm_name + '/.ssh/dvm_key\\\"\"' #'echo -e "y\\n" |',
384 self.hostExecute(cmd)
385 # move out private key
386 cmd = self.cygwin_path+'bash.exe --login -c \"mv \\\"' + machineFolder + '/' + vm_name + '/.ssh/dvm_key\\\" \\\"' + machineFolder + '/' + vm_name + '\\\"'
387 self.hostExecute(cmd)
388 # set permissions for private key
389 cmd = self.cygwin_path+'bash.exe --login -c \"chmod 500 \\\"' + machineFolder + '/' + vm_name + '/dvm_key\\\"\"'
390 self.hostExecute(cmd)
391 # rename public key to authorized_keys
392 cmd = self.cygwin_path+'bash.exe --login -c \"mv \\\"' + machineFolder + '/' + vm_name + '/.ssh/dvm_key.pub\\\" \\\"' + machineFolder + '/' + vm_name + '/.ssh/authorized_keys\\\"'
393 self.hostExecute(cmd)
394 # set permissions for authorized_keys
395 cmd = self.cygwin_path+'bash.exe --login -c \"chmod 500 \\\"' + machineFolder + '/' + vm_name + '/.ssh/authorized_keys\\\"\"'
396 self.hostExecute(cmd)
397 # generate iso image with .ssh/authorized keys
398 cmd = self.cygwin_path+'bash.exe --login -c \"/usr/bin/genisoimage -J -R -o \\\"' + machineFolder + '/' + vm_name + '/'+ vm_name + '.iso\\\" \\\"' + machineFolder + '/' + vm_name + '/.ssh\\\"\"'
399 self.hostExecute(cmd)
401 # attaches generated ssh public cert to guest vm
402 def attachCertificateISO(self, vm_name):
403 machineFolder = self.getDefaultMachineFolder()
404 cmd = 'vboxmanage storageattach ' + vm_name + ' --storagectl SATA --port 1 --device 0 --type dvddrive --mtype readonly --medium \"' + machineFolder + '\\' + vm_name + '\\'+ vm_name + '.iso\"'
405 result = self.hostExecute(cmd)
408 handleDeviceChangeLock = threading.Lock()
410 # handles device change events
411 def handleDeviceChange(self):
412 if VMManager.handleDeviceChangeLock.acquire(True):
415 attached_devices = self.getAttachedRSDs()
416 connected_devices = self.listRSDS()
417 for vm_name in attached_devices.keys():
418 if attached_devices[vm_name] not in connected_devices.values():
419 self.unmapNetworkDrive('h:')
421 self.removeVM(vm_name)
422 #create new vm for attached device if any
423 attached_devices = self.getAttachedRSDs()
424 for connected_device in connected_devices.values():
425 if (attached_devices and False) or (connected_device not in attached_devices.values()):
426 new_sdvm = self.generateSDVMName()
427 self.createVM(new_sdvm)
428 self.attachRSD(new_sdvm, connected_device)
431 self.startVM(new_sdvm)
432 # wait for machine to come up
433 while new_ip == None:
435 new_ip = self.getHostOnlyIP(new_sdvm)
436 while new_ip not in self.startNotifications:
439 self.mapNetworkDrive('h:', '\\\\' + new_ip + '\\USB', None, None)
440 #TODO: cleanup notifications somwhere else (eg. machine shutdown)
441 self.startNotifications.remove(new_ip)
442 VMManager.handleDeviceChangeLock.release()
445 # wait for machine to come up
446 def waitStartup(self, vm_name):
448 while new_ip == None:
450 new_ip = self.getHostOnlyIP(vm_name)
451 while new_ip not in self.startNotifications:
455 # wait for machine to shutdown
456 def waitShutdown(self, vm_name):
457 while vm_name in self.listRunningVMS():
461 # handles browsing request
462 def handleBrowsingRequest(self):
463 if VMManager.handleDeviceChangeLock.acquire(True):
465 new_sdvm = self.generateSDVMName()
466 self.createVM(new_sdvm)
467 self.genCertificateISO(new_sdvm)
468 self.attachCertificateISO(new_sdvm)
469 self.startVM(new_sdvm)
470 self.waitStartup(new_sdvm)
472 self.mapNetworkDrive('g:', '\\\\' + new_ip + '\\Download', None, None)
473 #TODO: cleanup notifications somwhere else (eg. machine shutdown)
474 self.startNotifications.remove(new_ip)
475 VMManager.handleDeviceChangeLock.release()
478 def cygwinPath(self, path):
479 # TODO: test if env ist cygwin
480 cmd = self.cygwin_path + 'bash.exe --login -c \"cygpath -u \\\"' + path + '\\\"\"'
481 return self.hostExecute(cmd)[1].rstrip('\n')
483 #executes command on host system
484 def hostExecute(self, cmd, wait_return=True ):
486 print('trying to launch: ' + cmd)
487 process = Popen(cmd, stdout=PIPE, stderr=PIPE) #shell = True
489 print('launched: ' + cmd)
491 return [0, 'working in background', '']
492 result = process.wait()
493 res_stdout = process.stdout.read();
494 res_stderr = process.stderr.read();
501 raise VMManagerException(res_stderr)
502 return result, res_stdout, res_stderr
504 # executes command over ssh on guest vm
505 def guestExecute(self, vm_name, prog, user_name='osecuser'):
507 address = self.getHostOnlyIP(vm_name)
508 machineFolder = self.getDefaultMachineFolder()
509 machineFolder = self.cygwinPath(machineFolder)
510 # run command //mintty.exe -e
511 cmd = self.cygwin_path + 'bash.exe --login -c \"/usr/bin/ssh -v -i \\\"' + machineFolder + '/' + vm_name + '/dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"'
512 return self.hostExecute(cmd)
514 # executes command over ssh on guest vm with X forwarding
515 def guestExecuteX11(self, vm_name, prog, user_name='osecuser'):
516 #TODO: verify if X server is running on user account
517 #TODO: set DISPLAY accordingly
518 address = self.getHostOnlyIP(vm_name)
519 machineFolder = self.getDefaultMachineFolder()
522 #cmd = self.cygwin_path+'bash.exe --login -c \"DISPLAY=:0 ssh -v -Y -i \\\"' + machineFolder + '\\' + vm_name + '\\dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"'
523 cmd = self.cygwin_path+'mintty.exe -e /bin/env DISPLAY=:0 /usr/bin/ssh -o StrictHostKeyChecking=no -v -Y -i \"' + machineFolder + '\\' + vm_name + '\\dvm_key\" ' + user_name + '@' + address + ' ' + prog + ''
524 #cmd = self.cygwin_path+'mintty.exe -e /bin/bash --login -c \"DISPLAY=:0 /usr/bin/ssh -v -Y -i \\\"' + machineFolder + '\\' + vm_name + '\\dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"'
526 print('trying to launch: ' + cmd)
529 print('launched: ' + cmd)
532 #Small function to check the availability of network resource.
533 def isAvailable(self, path):
534 cmd = 'IF EXIST ' + path + ' echo YES'
535 result = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True).communicate()
536 return string.find(str(result), 'YES',)
538 #Small function to check if the mention location is a directory
539 def isDirectory(self, path):
540 cmd = 'dir ' + path + ' | FIND ".."'
541 result = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True).communicate()
542 return string.find(str(result), 'DIR',)
544 def mapNetworkDrive(self, drive, networkPath, user, password):
545 self.unmapNetworkDrive('h:')
546 #Check for drive availability
547 if self.isAvailable(drive) > -1:
548 print "Drive letter is already in use: ", drive
550 #Check for network resource availability
551 while self.isAvailable(networkPath) == -1:
553 print "Path not accessible: ", networkPath, " retrying"
556 #Prepare 'NET USE' commands
557 cmd = 'NET USE ' + drive + ' ' + networkPath
559 cmd = cmd + ' ' + password + ' /User' + user
562 #Execute 'NET USE' command with authentication
563 result = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True).communicate()
564 print "Executed: ", cmd
565 if string.find(str(result), 'successfully',) == -1:
568 #Mapped with first try
571 def unmapNetworkDrive(self, drive):
572 #Check if the drive is in use
573 if self.isAvailable(drive) == -1:
576 #Prepare 'NET USE' command
577 cmd = 'net use ' + drive + ' /DELETE'
578 result = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True).communicate()
579 if string.find(str(result), 'successfully',) == -1:
584 if __name__ == '__main__':
585 man = VMManager.getInstance()
586 #man.removeVM('SecurityDVM0')
587 #man.netUse('192.168.56.134', 'USB\\')
588 #ip = '192.168.56.139'
589 #man.mapNetworkDrive('h:', '\\\\' + ip + '\USB', None, None)
590 #man.cygwin_path = 'c:\\cygwin64\\bin\\'
591 #man.handleDeviceChange()
592 #print man.listSDVM()
593 #man.configureHostNetworking()
594 #new_vm = man.generateSDVMName()
595 #man.createVM(new_vm)
596 #man.genCertificateISO(new_vm)
597 #man.attachCertificateISO(new_vm)
599 #man.attachCertificateISO(vm_name)
600 #man.guestExecute(vm_name, "ls")
601 #man.sshGuestX11Execute('SecurityDVM1', '/usr/bin/iceweasel')
603 #print man.cygwinPath("C:\Users\BarthaM\VirtualBox VMs\SecurityDVM\.ssh\*")
604 #man.genCertificateISO('SecurityDVM')
605 #man.attachCertificateISO('SecurityDVM')
606 #man.isStorageAttached('SecurityDVM')
607 man.guestExecute('SecurityDVM', 'sudo apt-get -y update')
608 #man.guestExecute('SecurityDVM', 'sudo apt-get -y upgrade' )
610 #man.stopVM('SecurityDVM')
611 #man.storageDetach('SecurityDVM')
612 #man.changeStorageType('C:\Users\BarthaM\VirtualBox VMs\SecurityDVM\SecurityDVM.vmdk','immutable')
613 #man.storageAttach('SecurityDVM')
616 #cmd = "c:\\cygwin64\\bin\\bash.exe --login -c \"/bin/ls\""