2 Created on Nov 19, 2013
8 from subprocess import Popen, PIPE, call
13 from cygwin import Cygwin
20 class VMManagerException(Exception):
21 def __init__(self, value):
24 return repr(self.value)
31 def __init__(self, vendorid, productid, revision):
32 self.vendorid = vendorid.lower()
33 self.productid = productid.lower()
34 self.revision = revision.lower()
37 def __eq__(self, other):
38 return self.vendorid == other.vendorid and self.productid == other.productid and self.revision == other.revision
41 return hash(self.vendorid) ^ hash(self.productid) ^ hash(self.revision)
44 return "VendorId = \'" + str(self.vendorid) + "\' ProductId = \'" + str(self.productid) + "\' Revision = \'" + str(self.revision) + "\'"
47 class VMManager(object):
48 vmRootName = "SecurityDVM"
49 systemProperties = None
50 cygwin_path = 'c:\\cygwin64\\bin\\'
51 vboxManage = 'VBoxManage'
52 startNotifications = list()
55 #def __new__(cls, *args, **kwargs):
56 # if not cls._instance:
57 # cls._instance = super(VMManager, cls).__new__(cls, *args, **kwargs)
58 # return cls._instance
61 #def __new__(cls, *args, **kwargs):
62 # if not cls._instance:
63 # cls._instance = super(VMManager, cls).__new__(cls, *args, **kwargs)
64 # return cls._instance
67 self.cygwin_path = os.path.join(Cygwin.root(), 'bin') + os.path.sep
68 self.vboxManage = os.path.join(self.getVBoxManagePath(), 'VBoxManage')
69 self.systemProperties = self.getSystemProperties()
74 if VMManager._instance == None:
75 VMManager._instance = VMManager()
76 return VMManager._instance
78 def putStartNotification(self, ip):
79 self.startNotifications.append(ip)
81 def isSDVMStarted(self, ip):
82 return self.startNotifications.contains(ip)
84 def getVBoxManagePath(self):
85 """get the path to the VirtualBox installation on this system"""
88 k = _winreg.OpenKey(_winreg.HKEY_LOCAL_MACHINE, 'SOFTWARE\Oracle\VirtualBox')
89 p = _winreg.QueryValueEx(k, 'InstallDir')[0]
95 # return hosty system properties
96 def getSystemProperties(self):
97 cmd = self.vboxManage + ' list systemproperties'
98 result = self.hostExecute(cmd)
101 props = dict((k.strip(),v.strip().strip('"')) for k,v in (line.split(':', 1) for line in result[1].strip().splitlines()))
104 # return the folder containing the guest VMs
105 def getDefaultMachineFolder(self):
106 machineFolder = self.systemProperties["Default machine folder"]
109 #list the hostonly IFs exposed by the VBox host
110 def getHostOnlyIFs(self):
111 cmd = 'VBoxManage list hostonlyifs'
112 result = self.hostExecute(cmd)[1]
115 props = dict((k.strip(),v.strip().strip('"')) for k,v in (line.split(':', 1) for line in result.strip().splitlines()))
119 cmd = 'VBoxManage list usbhost'
120 results = self.hostExecute(cmd)[1]
121 results = results.split('Host USB Devices:')[1].strip()
123 items = list( "UUID:"+result for result in results.split('UUID:') if result != '')
127 for line in item.splitlines():
129 k,v = line[:line.index(':')].strip(), line[line.index(':')+1:].strip()
132 if 'Product' in props.keys() and props['Product'] == 'Mass Storage':
133 usb_filter = USBFilter( re.search(r"\((?P<vid>[0-9A-Fa-f]+)\)", props['VendorId']).groupdict()['vid'],
134 re.search(r"\((?P<pid>[0-9A-Fa-f]+)\)", props['ProductId']).groupdict()['pid'],
135 re.search(r"\((?P<rev>[0-9A-Fa-f]+)\)", props['Revision']).groupdict()['rev'] )
136 rsds[props['UUID']] = usb_filter;
141 # list all existing VMs registered with VBox
143 cmd = 'VBoxManage list vms'
144 result = self.hostExecute(cmd)[1]
145 vms = list(k.strip().strip('"') for k,_ in (line.split(' ') for line in result.splitlines()))
149 def listRunningVMS(self):
150 cmd = 'VBoxManage list runningvms'
151 result = self.hostExecute(cmd)[1]
152 vms = list(k.strip().strip('"') for k,_ in (line.split(' ') for line in result.splitlines()))
155 # list existing SDVMs
160 if vm.startswith(self.vmRootName) and vm != self.vmRootName:
164 # generate valid (not already existing SDVM name). necessary for creating a new VM
165 def generateSDVMName(self):
167 for i in range(0,999):
168 if(not self.vmRootName+str(i) in vms):
169 return self.vmRootName+str(i)
172 # return the RSDs attached to all existing SDVMs
173 def getAttachedRSDs(self):
174 vms = self.listSDVM()
175 attached_devices = dict()
177 rsd_filter = self.getUSBFilter(vm)
178 if rsd_filter != None:
179 attached_devices[vm] = rsd_filter
180 return attached_devices
182 # configures hostonly networking and DHCP server. requires admin rights
183 def configureHostNetworking(self):
184 #cmd = 'vboxmanage list hostonlyifs'
185 #self.hostExecute(cmd)
186 #cmd = 'vboxmanage hostonlyif remove \"VirtualBox Host-Only Ethernet Adapter\"'
187 #self.hostExecute(cmd)
188 #cmd = 'vboxmanage hostonlyif create'
189 #self.hostExecute(cmd)
190 cmd = 'VBoxManage hostonlyif ipconfig \"VirtualBox Host-Only Ethernet Adapter\" --ip 192.168.56.1 --netmask 255.255.255.0'
191 self.hostExecute(cmd)
192 #cmd = 'vboxmanage dhcpserver add'
193 #self.hostExecute(cmd)
194 cmd = 'VBoxManage dhcpserver modify --ifname \"VirtualBox Host-Only Ethernet Adapter\" --ip 192.168.56.100 --netmask 255.255.255.0 --lowerip 192.168.56.101 --upperip 192.168.56.200'
195 self.hostExecute(cmd)
197 #create new virtual machine instance based on template vm named SecurityDVM (\SecurityDVM\SecurityDVM.vmdk)
198 def createVM(self, vm_name):
199 hostonly_if = self.getHostOnlyIFs()
200 cmd = 'VBoxManage createvm --name ' + vm_name + ' --ostype Debian --register'
201 self.hostExecute(cmd)
202 cmd = 'VBoxManage modifyvm ' + vm_name + ' --memory 512 --vram 10 --cpus 1 --usb on --usbehci on --nic1 hostonly --hostonlyadapter1 \"' + hostonly_if['Name'] + '\" --nic2 nat'
203 self.hostExecute(cmd)
204 cmd = 'VBoxManage storagectl ' + vm_name + ' --name SATA --add sata --portcount 2'
205 self.hostExecute(cmd)
208 # attach storage image to controller
209 def storageAttach(self, vm_name):
210 if self.isStorageAttached(vm_name):
211 self.storageDetach(vm_name)
212 machineFolder = self.getDefaultMachineFolder()
213 cmd = 'VBoxManage storageattach ' + vm_name + ' --storagectl SATA --port 0 --device 0 --type hdd --medium \"'+ machineFolder + '\SecurityDVM\SecurityDVM.vmdk\"'
214 self.hostExecute(cmd)
217 # return true if storage is attached
218 def isStorageAttached(self, vm_name):
219 info = self.getVMInfo(vm_name)
220 return (info['SATA-0-0']!='none')
222 # detach storage from controller
223 def storageDetach(self, vm_name):
224 if self.isStorageAttached(vm_name):
225 cmd = 'VBoxManage storageattach ' + vm_name + ' --storagectl SATA --port 0 --device 0 --type hdd --medium none'
226 self.hostExecute(cmd)
229 def changeStorageType(self, filename, type):
230 cmd = 'VBoxManage modifyhd \"' + filename + '\" --type ' + type
231 self.hostExecute(cmd)
234 # list storage snaphots for VM
235 def updateTemplate(self):
236 self.poweroffVM('SecurityDVM')
237 self.waitShutdown('SecurityDVM')
240 self.genCertificateISO('SecurityDVM')
241 self.attachCertificateISO('SecurityDVM')
243 self.storageDetach('SecurityDVM')
244 cmd = 'VBoxManage list hdds'
245 results = self.hostExecute(cmd)[1]
246 results = results.replace('Parent UUID', 'Parent')
247 items = list( "UUID:"+result for result in results.split('UUID:') if result != '')
253 for line in item.splitlines():
255 k,v = line[:line.index(':')].strip(), line[line.index(':')+1:].strip()
257 snaps[props['UUID']] = props
259 machineFolder = self.getDefaultMachineFolder()
260 template_storage = machineFolder + '\SecurityDVM\SecurityDVM.vmdk'
264 for hdd in snaps.values():
265 if hdd['Location'] == template_storage:
266 template_uuid = hdd['UUID']
267 print 'found parent uuid ' + template_uuid
270 for hdd in snaps.values():
271 if hdd['Parent'] == template_uuid:
272 #template_uuid = hdd['UUID']
273 print 'removing snapshot ' + hdd['UUID']
274 cmd = 'VBoxManage closemedium disk {' + hdd['UUID'] + '} --delete'
275 results = self.hostExecute(cmd)[1]
276 # parse result 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
278 self.changeStorageType(template_storage,'normal')
279 self.storageAttach('SecurityDVM')
280 self.startVM('SecurityDVM')
281 self.waitStartup('SecurityDVM')
282 self.guestExecute('SecurityDVM', 'sudo apt-get -y update' )
283 self.guestExecute('SecurityDVM', 'sudo apt-get -y upgrade' )
284 self.stopVM('SecurityDVM')
285 self.waitShutdown('SecurityDVM')
286 self.storageDetach('SecurityDVM')
287 self.changeStorageType(template_storage,'immutable')
288 self.storageAttach('SecurityDVM')
291 #remove VM from the system. should be used on VMs returned by listSDVMs
292 def removeVM(self, vm_name):
293 print('removing ' + vm_name)
294 cmd = 'VBoxManage unregistervm ' + vm_name + ' --delete'
295 print self.hostExecute(cmd)
296 machineFolder = self.getDefaultMachineFolder()
297 cmd = self.cygwin_path + 'bash.exe --login -c \"rm -rf ' + machineFolder + '\\' + vm_name + '*\"'
298 print self.hostExecute(cmd)
301 def startVM(self, vm_name):
302 print('starting ' + vm_name)
303 cmd = 'VBoxManage startvm ' + vm_name + ' --type headless'
304 result = self.hostExecute(cmd)
305 while not string.find(str(result), 'successfully started',):
306 print "Failed to start SDVM: ", vm_name, " retrying"
308 result = self.hostExecute(cmd)
311 # return wether VM is running or not
312 def isVMRunning(self, vm_name):
313 return vm_name in self.listRunningVMS()
316 def stopVM(self, vm_name):
317 print('stopping ' + vm_name)
318 cmd = 'sudo shutdown -h now'
319 self.guestExecute('SecurityDVM', cmd)
322 def poweroffVM(self, vm_name):
323 if not self.isVMRunning(vm_name):
325 print('powering off ' + vm_name)
326 cmd = 'VBoxManage controlvm ' + vm_name + ' poweroff'
327 self.hostExecute(cmd)
329 # return the hostOnly IP for a running guest
330 def getHostOnlyIP(self, vm_name):
331 print('gettting hostOnly IP address ' + vm_name)
332 cmd = 'VBoxManage guestproperty get ' + vm_name + ' /VirtualBox/GuestInfo/Net/0/V4/IP'
333 result = self.hostExecute(cmd)
337 if result.startswith('No value set!'):
339 return result[result.index(':')+1:].strip()
341 # attach removable storage device to VM by provision of filter
342 def attachRSD(self, vm_name, rsd_filter):
343 cmd = 'VBoxManage usbfilter add 0 --target ' + vm_name + ' --name OpenSecurityRSD --vendorid ' + rsd_filter.vendorid + ' --productid ' + rsd_filter.productid + ' --revision ' + rsd_filter.revision
344 print self.hostExecute(cmd)
347 # return the description set for an existing VM
348 def getVMInfo(self, vm_name):
349 cmd = 'VBoxManage showvminfo ' + vm_name + ' --machinereadable'
350 results = self.hostExecute(cmd)[1]
351 props = dict((k.strip().strip('"'),v.strip().strip('"')) for k,v in (line.split('=', 1) for line in results.splitlines()))
354 # return the configured USB filter for an existing VM
355 def getUSBFilter(self, vm_name):
356 props = self.getVMInfo(vm_name)
357 keys = set(['USBFilterVendorId1', 'USBFilterProductId1', 'USBFilterRevision1'])
358 keyset = set(props.keys())
360 if keyset.issuperset(keys):
361 usb_filter = USBFilter(props['USBFilterVendorId1'], props['USBFilterProductId1'], props['USBFilterRevision1'])
364 #generates ISO containing authorized_keys for use with guest VM
365 def genCertificateISO(self, vm_name):
366 machineFolder = self.getDefaultMachineFolder()
367 machineFolder = self.cygwinPath(machineFolder)
368 # remove .ssh folder if exists
369 cmd = self.cygwin_path+'bash.exe --login -c \"rm -rf \\\"' + machineFolder + '/' + vm_name + '/.ssh\\\"\"'
370 self.hostExecute(cmd)
371 # remove .ssh folder if exists
372 cmd = self.cygwin_path+'bash.exe --login -c \"rm -rf \\\"' + machineFolder + '/' + vm_name + '/dvm_key\\\"\"'
373 self.hostExecute(cmd)
374 # create .ssh folder in vm_name
375 cmd = self.cygwin_path+'bash.exe --login -c \"mkdir -p \\\"' + machineFolder + '/' + vm_name + '/.ssh\\\"\"'
376 self.hostExecute(cmd)
377 # generate dvm_key pair in vm_name / .ssh
378 cmd = self.cygwin_path+'bash.exe --login -c \"ssh-keygen -q -t rsa -N \\"\\" -C \\\"' + vm_name + '\\\" -f \\\"' + machineFolder + '/' + vm_name + '/.ssh/dvm_key\\\"\"' #'echo -e "y\\n" |',
379 self.hostExecute(cmd)
380 # move out private key
381 cmd = self.cygwin_path+'bash.exe --login -c \"mv \\\"' + machineFolder + '/' + vm_name + '/.ssh/dvm_key\\\" \\\"' + machineFolder + '/' + vm_name + '\\\"'
382 self.hostExecute(cmd)
383 # set permissions for private key
384 cmd = self.cygwin_path+'bash.exe --login -c \"chmod 500 \\\"' + machineFolder + '/' + vm_name + '/dvm_key\\\"\"'
385 self.hostExecute(cmd)
386 # rename public key to authorized_keys
387 cmd = self.cygwin_path+'bash.exe --login -c \"mv \\\"' + machineFolder + '/' + vm_name + '/.ssh/dvm_key.pub\\\" \\\"' + machineFolder + '/' + vm_name + '/.ssh/authorized_keys\\\"'
388 self.hostExecute(cmd)
389 # set permissions for authorized_keys
390 cmd = self.cygwin_path+'bash.exe --login -c \"chmod 500 \\\"' + machineFolder + '/' + vm_name + '/.ssh/authorized_keys\\\"\"'
391 self.hostExecute(cmd)
392 # generate iso image with .ssh/authorized keys
393 cmd = self.cygwin_path+'bash.exe --login -c \"/usr/bin/genisoimage -J -R -o \\\"' + machineFolder + '/' + vm_name + '/'+ vm_name + '.iso\\\" \\\"' + machineFolder + '/' + vm_name + '/.ssh\\\"\"'
394 self.hostExecute(cmd)
396 # attaches generated ssh public cert to guest vm
397 def attachCertificateISO(self, vm_name):
398 machineFolder = self.getDefaultMachineFolder()
399 cmd = 'vboxmanage storageattach ' + vm_name + ' --storagectl SATA --port 1 --device 0 --type dvddrive --mtype readonly --medium \"' + machineFolder + '\\' + vm_name + '\\'+ vm_name + '.iso\"'
400 result = self.hostExecute(cmd)
403 handleDeviceChangeLock = threading.Lock()
405 # handles device change events
406 def handleDeviceChange(self):
407 if VMManager.handleDeviceChangeLock.acquire(True):
410 attached_devices = self.getAttachedRSDs()
411 connected_devices = self.listRSDS()
412 for vm_name in attached_devices.keys():
413 if attached_devices[vm_name] not in connected_devices.values():
414 self.unmapNetworkDrive('h:')
416 self.removeVM(vm_name)
417 #create new vm for attached device if any
418 attached_devices = self.getAttachedRSDs()
419 for connected_device in connected_devices.values():
420 if (attached_devices and False) or (connected_device not in attached_devices.values()):
421 new_sdvm = self.generateSDVMName()
422 self.createVM(new_sdvm)
423 self.attachRSD(new_sdvm, connected_device)
426 self.startVM(new_sdvm)
427 # wait for machine to come up
428 while new_ip == None:
430 new_ip = self.getHostOnlyIP(new_sdvm)
431 while new_ip not in self.startNotifications:
434 self.mapNetworkDrive('h:', '\\\\' + new_ip + '\\USB', None, None)
435 #TODO: cleanup notifications somwhere else (eg. machine shutdown)
436 self.startNotifications.remove(new_ip)
437 VMManager.handleDeviceChangeLock.release()
440 # wait for machine to come up
441 def waitStartup(self, vm_name):
443 while new_ip == None:
445 new_ip = self.getHostOnlyIP(vm_name)
446 while new_ip not in self.startNotifications:
450 # wait for machine to shutdown
451 def waitShutdown(self, vm_name):
452 while vm_name in self.listRunningVMS():
456 # handles browsing request
457 def handleBrowsingRequest(self):
458 if VMManager.handleDeviceChangeLock.acquire(True):
460 new_sdvm = self.generateSDVMName()
461 self.createVM(new_sdvm)
462 self.genCertificateISO(new_sdvm)
463 self.attachCertificateISO(new_sdvm)
464 self.startVM(new_sdvm)
465 self.waitStartup(new_sdvm)
467 self.mapNetworkDrive('g:', '\\\\' + new_ip + '\\Download', None, None)
468 #TODO: cleanup notifications somwhere else (eg. machine shutdown)
469 self.startNotifications.remove(new_ip)
470 VMManager.handleDeviceChangeLock.release()
473 def cygwinPath(self, path):
474 # TODO: test if env ist cygwin
475 cmd = self.cygwin_path + 'bash.exe --login -c \"cygpath -u \\\"' + path + '\\\"\"'
476 return self.hostExecute(cmd)[1].rstrip('\n')
478 #executes command on host system
479 def hostExecute(self, cmd, wait_return=True ):
481 print('trying to launch: ' + cmd)
482 process = Popen(cmd, stdout=PIPE, stderr=PIPE) #shell = True
484 print('launched: ' + cmd)
486 return [0, 'working in background', '']
487 result = process.wait()
488 res_stdout = process.stdout.read();
489 res_stderr = process.stderr.read();
496 raise VMManagerException(res_stderr)
497 return result, res_stdout, res_stderr
499 # executes command over ssh on guest vm
500 def guestExecute(self, vm_name, prog, user_name='osecuser'):
502 address = self.getHostOnlyIP(vm_name)
503 machineFolder = self.getDefaultMachineFolder()
504 machineFolder = self.cygwinPath(machineFolder)
505 # run command //mintty.exe -e
506 cmd = self.cygwin_path + 'bash.exe --login -c \"/usr/bin/ssh -v -i \\\"' + machineFolder + '/' + vm_name + '/dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"'
507 return self.hostExecute(cmd)
509 # executes command over ssh on guest vm with X forwarding
510 def guestExecuteX11(self, vm_name, prog, user_name='osecuser'):
511 #TODO: verify if X server is running on user account
512 #TODO: set DISPLAY accordingly
513 address = self.getHostOnlyIP(vm_name)
514 machineFolder = self.getDefaultMachineFolder()
517 #cmd = self.cygwin_path+'bash.exe --login -c \"DISPLAY=:0 ssh -v -Y -i \\\"' + machineFolder + '\\' + vm_name + '\\dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"'
518 cmd = self.cygwin_path+'mintty.exe -e /bin/env DISPLAY=:0 /usr/bin/ssh -v -Y -i \"' + machineFolder + '\\' + vm_name + '\\dvm_key\" ' + user_name + '@' + address + ' ' + prog + ''
519 #cmd = self.cygwin_path+'mintty.exe -e /bin/bash --login -c \"DISPLAY=:0 /usr/bin/ssh -v -Y -i \\\"' + machineFolder + '\\' + vm_name + '\\dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"'
521 print('trying to launch: ' + cmd)
524 print('launched: ' + cmd)
527 #Small function to check the availability of network resource.
528 def isAvailable(self, path):
529 cmd = 'IF EXIST ' + path + ' echo YES'
530 result = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True).communicate()
531 return string.find(str(result), 'YES',)
533 #Small function to check if the mention location is a directory
534 def isDirectory(self, path):
535 cmd = 'dir ' + path + ' | FIND ".."'
536 result = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True).communicate()
537 return string.find(str(result), 'DIR',)
539 def mapNetworkDrive(self, drive, networkPath, user, password):
540 self.unmapNetworkDrive('h:')
541 #Check for drive availability
542 if self.isAvailable(drive) > -1:
543 print "Drive letter is already in use: ", drive
545 #Check for network resource availability
546 while self.isAvailable(networkPath) == -1:
548 print "Path not accessible: ", networkPath, " retrying"
551 #Prepare 'NET USE' commands
552 cmd = 'NET USE ' + drive + ' ' + networkPath
554 cmd = cmd + ' ' + password + ' /User' + user
557 #Execute 'NET USE' command with authentication
558 result = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True).communicate()
559 print "Executed: ", cmd
560 if string.find(str(result), 'successfully',) == -1:
563 #Mapped with first try
566 def unmapNetworkDrive(self, drive):
567 #Check if the drive is in use
568 if self.isAvailable(drive) == -1:
571 #Prepare 'NET USE' command
572 cmd = 'net use ' + drive + ' /DELETE'
573 result = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True).communicate()
574 if string.find(str(result), 'successfully',) == -1:
579 if __name__ == '__main__':
580 man = VMManager.getInstance()
581 #man.removeVM('SecurityDVM0')
582 #man.netUse('192.168.56.134', 'USB\\')
583 #ip = '192.168.56.139'
584 #man.mapNetworkDrive('h:', '\\\\' + ip + '\USB', None, None)
585 #man.cygwin_path = 'c:\\cygwin64\\bin\\'
586 #man.handleDeviceChange()
587 #print man.listSDVM()
588 #man.configureHostNetworking()
589 #new_vm = man.generateSDVMName()
590 #man.createVM(new_vm)
591 #man.genCertificateISO(new_vm)
592 #man.attachCertificateISO(new_vm)
594 #man.attachCertificateISO(vm_name)
595 #man.guestExecute(vm_name, "ls")
596 #man.sshGuestX11Execute('SecurityDVM1', '/usr/bin/iceweasel')
598 #print man.cygwinPath("C:\Users\BarthaM\VirtualBox VMs\SecurityDVM\.ssh\*")
599 #man.genCertificateISO('SecurityDVM')
600 #man.attachCertificateISO('SecurityDVM')
601 #man.isStorageAttached('SecurityDVM')
602 man.guestExecute('SecurityDVM', 'sudo apt-get -y update')
603 #man.guestExecute('SecurityDVM', 'sudo apt-get -y upgrade' )
605 #man.stopVM('SecurityDVM')
606 #man.storageDetach('SecurityDVM')
607 #man.changeStorageType('C:\Users\BarthaM\VirtualBox VMs\SecurityDVM\SecurityDVM.vmdk','immutable')
608 #man.storageAttach('SecurityDVM')
611 #cmd = "c:\\cygwin64\\bin\\bash.exe --login -c \"/bin/ls\""