#!/bin/env python

 # -*- coding: utf-8 -*-

 # ------------------------------------------------------------

 # opensecurityd

 #   

 # the opensecurityd as RESTful server

 #

 # Autor: Mihai Bartha, <mihai.bartha@ait.ac.at>

 #

 # Copyright (C) 2013 AIT Austrian Institute of Technology

 # AIT Austrian Institute of Technology GmbH

 # Donau-City-Strasse 1 | 1220 Vienna | Austria

 # http://www.ait.ac.at

 #

 # This program is free software; you can redistribute it and/or

 # modify it under the terms of the GNU General Public License

 # as published by the Free Software Foundation version 2.

 # 

 # This program is distributed in the hope that it will be useful,

 # but WITHOUT ANY WARRANTY; without even the implied warranty of

 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 # GNU General Public License for more details.

 # 

 # You should have received a copy of the GNU General Public License

 # along with this program; if not, write to the Free Software

 # Foundation, Inc., 51 Franklin Street, Fifth Floor, 

 # Boston, MA  02110-1301, USA.

 # ------------------------------------------------------------

 # ------------------------------------------------------------

 # imports

 import os

 import os.path

 from subprocess import Popen, PIPE, call, STARTUPINFO, _subprocess

 import sys

 import re

 from cygwin import Cygwin

 from environment import Environment

 import threading

 import time

 import string

 import shutil

 import stat

 import tempfile

 from opensecurity_util import logger, import_logger, setupLogger, OpenSecurityException, showTrayMessage

 import ctypes

 import itertools

 import win32api

 import win32con

 import win32security

 import win32wnet

 import urllib

 import urllib2

 import unittest

 DEBUG = True

 new_sdvm_lock = threading.Lock()

 backup_lock = threading.Lock()

 class VMManagerException(Exception):

     def __init__(self, value):

         self.value = value

     def __str__(self):

         return repr(self.value)

 class USBFilter:

     uuid = ""

     vendorid = ""

     productid = ""

     revision = ""

     serial = ""

     def __init__(self, uuid, vendorid, productid, revision, serial):

         self.uuid = uuid

         self.vendorid = vendorid.lower()

         self.productid = productid.lower()

         self.revision = revision.lower()

         self.serial = serial

         return

     def __eq__(self, other):

         return self.uuid == other.uuid #self.vendorid == other.vendorid and self.productid == other.productid and self.revision == other.revision

     def __hash__(self):

         return hash(self.uuid) ^ hash(self.vendorid) ^ hash(self.productid) ^ hash(self.revision) ^ hash(self.serial)

     def __repr__(self):

         return "UUID:" + str(self.uuid) + " VendorId = \'" + str(self.vendorid) + "\' ProductId = \'" + str(self.productid) + "\'" + "\' Revision = \'" + str(self.revision) + "\' SerialNumber = \'" + str(self.serial)

     #def __getitem__(self, item):

     #    return self.coords[item]

 def once(theClass):

     theClass.systemProperties = theClass.getSystemProperties()

     theClass.machineFolder =    theClass.systemProperties["Default machine folder"]

     #theClass.hostonlyIF =       theClass.getHostOnlyIFs()["VirtualBox Host-Only Ethernet Adapter"]

     theClass.blacklistedRSD =   theClass.loadRSDBlacklist()

     theClass.templateImage =    theClass.machineFolder + '\\' + theClass.vmRootName + '\\' + theClass.vmRootName + '.vmdk'

     return theClass

 @once

 class VMManager(object):

     vmRootName = "SecurityDVM"

     systemProperties = None

     _instance = None

     machineFolder = ''

     hostonlyIF = None

     blacklistedRSD = None

     status_message = 'Starting up...'

     templateImage = None

     importHandler = None

     updateHandler = None

     deviceHandler = None

     sdvmFactory = None

     vms = dict()

     def __init__(self):

         # only proceed if we have a working background environment

         if self.backend_ok():

             VMManager.hostonlyIF = self.getHostOnlyIFs()["VirtualBox Host-Only Ethernet Adapter"]

             self.cleanup()

         else:

             logger.critical(self.status_message)

     @staticmethod

     def getInstance():

         if VMManager._instance == None:

             VMManager._instance = VMManager()

         return VMManager._instance

     #list the hostonly IFs exposed by the VBox host

     @staticmethod    

     def getHostOnlyIFs():

         results = Cygwin.vboxExecute('list hostonlyifs')[1]

         ifs = dict()

         if results=='':

             return ifs

         items = list( "Name:    " + result for result in results.split('Name:    ') if result != '')

         for item in items:

             if item != "":

                 props = dict((k.strip(),v.strip().strip('"')) for k,v in (line.split(':', 1) for line in item.strip().splitlines()))

                 ifs[props["Name"]] = props

         return ifs

     #list the hostonly IFs exposed by the VBox host

     @staticmethod    

     def getDHCPServers():

         results = Cygwin.vboxExecute('list dhcpservers')[1]

         if results=='':

             return dict()

         items = list( "NetworkName:    " + result for result in results.split('NetworkName:    ') if result != '')

         dhcps = dict()   

         for item in items:

             if item != "":

                 props = dict((k.strip(),v.strip().strip('"')) for k,v in (line.split(':', 1) for line in item.strip().splitlines()))

                 dhcps[props["NetworkName"]] = props

         return dhcps 

     # return hosty system properties

     @staticmethod

     def getSystemProperties():

         result = Cygwin.vboxExecute('list systemproperties')

         if result[1]=='':

             return None

         props = dict((k.strip(),v.strip().strip('"')) for k,v in (line.split(':', 1) for line in result[1].strip().splitlines()))

         return props

     # return the folder containing the guest VMs     

     def getMachineFolder(self):

         return VMManager.machineFolder

     # verifies the hostonly interface and DHCP server settings

     def verifyHostOnlySettings(self):

         interfaceName = "VirtualBox Host-Only Ethernet Adapter"

         networkName = "HostInterfaceNetworking-VirtualBox Host-Only Ethernet Adapter"

         hostonlyifs = self.getHostOnlyIFs()

         if not interfaceName in hostonlyifs.keys():

             Cygwin.vboxExecute('hostonlyif create')

             hostonlyifs = self.getHostOnlyIFs()

             if not interfaceName in hostonlyifs.keys():

                 return False

         interface = hostonlyifs[interfaceName]

         if interface['VBoxNetworkName'] != networkName or interface['DHCP'] != 'Disabled' or interface['IPAddress'] != '192.168.56.1':

             Cygwin.vboxExecute('hostonlyif ipconfig "' + interfaceName + '" --ip 192.168.56.1 --netmask 255.255.255.0')

         dhcpservers = self.getDHCPServers()

         if not networkName in dhcpservers.keys():

             Cygwin.vboxExecute('dhcpserver add --ifname "' + interfaceName + '" --ip 192.168.56.100 --netmask 255.255.255.0 --lowerip 192.168.56.101 --upperip 192.168.56.254 --enable')

             dhcpservers = self.getDHCPServers()

             if not networkName in dhcpservers.keys():

                 return False

         server = dhcpservers[networkName]

         if server['IP'] != '192.168.56.100' or server['NetworkMask'] != '255.255.255.0' or server['lowerIPAddress'] != '192.168.56.101' or server['upperIPAddress'] != '192.168.56.254' or server['Enabled'] != 'Yes':

             Cygwin.vboxExecute('VBoxManage dhcpserver modify --netname "' + networkName + '" --ip 192.168.56.100 --netmask 255.255.255.0 --lowerip 192.168.56.101 --upperip 192.168.56.254 --enable')

         return True

     def template_installed(self):

         """ check if we do have our root VMs installed """

         vms = self.listVMS()

         if not self.vmRootName in vms:

             self.status_message = 'Unable to locate root SecurityDVM. Please download and setup the initial image.'

             return False

         return True

     def backend_ok(self):

         """check if the backend (VirtualBox) is sufficient for our task"""

         # ensure we have our system props

         if VMManager.systemProperties == None:

             VMManager.systemProperties = self.getSystemProperties()

         if VMManager.systemProperties == None:

             self.status_message = 'Failed to get backend system properties. Is Backend (VirtualBox?) installed?'

             return False

         # check for existing Extension pack

         if not 'Remote desktop ExtPack' in VMManager.systemProperties:

             self.status_message = 'No remote desktop extension pack found. Please install the "Oracle VM VirtualBox Extension Pack" from https://www.virtualbox.org/wiki/Downloads.'

             return False

         if VMManager.systemProperties['Remote desktop ExtPack'] == 'Oracle VM VirtualBox Extension Pack ':

             self.status_message = 'Unsure if suitable extension pack is installed. Please install the "Oracle VM VirtualBox Extension Pack" from https://www.virtualbox.org/wiki/Downloads.'

             return False

         # check the existing hostOnly network settings and try to reconfigure if faulty

         if not self.verifyHostOnlySettings():

             return False

         # basically all seems nice and ready to rumble

         self.status_message = 'All is ok.'

         return True

     def start(self, force = False):

         if not force:

             if self.importHandler and self.importHandler.isAlive():

                 logger.info("Initial update running canceling start.")

                 return

             if self.updateHandler and self.updateHandler.isAlive():

                 logger.info("Update running canceling start.")

                 return

         self.stop()

         Cygwin.allowExec()

         if self.backend_ok() and self.template_installed():

             self.sdvmFactory = SDVMFactory(self)

             self.sdvmFactory.start()

             self.deviceHandler = DeviceHandler(self)

             self.deviceHandler.start()

     def stop(self):

         Cygwin.denyExec()

         if self.sdvmFactory != None:

             self.sdvmFactory.stop()

             self.sdvmFactory.join()

             self.sdvmFactory = None

         if self.deviceHandler != None:

             self.deviceHandler.stop()

             self.deviceHandler.join()

             self.deviceHandler = None

         Cygwin.allowExec()

     def cleanup(self):

         self.stop()

         Cygwin.allowExec()

         ip = self.getHostOnlyIP(None)

         try:

             result = urllib2.urlopen('http://127.0.0.1:8090/netcleanup?'+'hostonly_ip='+ip).readline()

         except urllib2.URLError:

             logger.info("Network drive cleanup all skipped. OpenSecurity Tray client not started yet.")

         for vm in self.listSDVM():

             self.poweroffVM(vm)

             self.removeVM(vm)

     # list all existing VMs registered with VBox

     def listVMS(self):

         result = Cygwin.vboxExecute('list vms')[1]

         vms = list(k.strip().strip('"') for k,_ in (line.split(' ') for line in result.splitlines()))

         return vms

     # list running VMs

     def listRunningVMS(self):

         result = Cygwin.vboxExecute('list runningvms')[1]

         vms = list(k.strip().strip('"') for k,_ in (line.split(' ') for line in result.splitlines()))

         return vms

     # list existing SDVMs

     def listSDVM(self):

         vms = self.listVMS()

         svdms = []

         for vm in vms:

             if vm.startswith(self.vmRootName) and vm != self.vmRootName:

                 svdms.append(vm)

         return svdms

     # generate valid (not already existing SDVM name). necessary for creating a new VM

     def genSDVMName(self):

         vms = self.listVMS()

         for i in range(0,999):

             if(not self.vmRootName+str(i) in vms):

                 return self.vmRootName+str(i)

         return ''

     @staticmethod

     def loadRSDBlacklist():

         blacklist = dict()

         try:

             fo = open(Environment('OpenSecurity').prefix_path +"\\bin\\blacklist.usb", "r")

         except IOError:

             logger.error("Could not open RSD blacklist file.")

             return blacklist

         lines = fo.readlines()

         for line in lines:

             if line != "":  

                 parts = line.strip().split(' ')

                 blacklist[parts[0].lower()] = parts[1].lower()

         return blacklist

     @staticmethod

     def isBlacklisted(device):

         if VMManager.blacklistedRSD:

             blacklisted = device.vendorid.lower() in VMManager.blacklistedRSD.keys() and device.productid.lower() == VMManager.blacklistedRSD[device.vendorid]

             return blacklisted

         return False 

     # check if the device is mass storage type

     @staticmethod

     def isMassStorageDevice(device):

         vidkey = None

         devinfokey = None

         value = ""

         try:

             keyname = 'SYSTEM\CurrentControlSet\Enum\USB' + '\VID_' + device.vendorid+'&'+'PID_'+ device.productid

             vidkey = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, keyname)

             devinfokeyname = win32api.RegEnumKey(vidkey, 0)

             win32api.RegCloseKey(vidkey)

             devinfokey = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, keyname+'\\'+devinfokeyname)

             value = win32api.RegQueryValueEx(devinfokey, 'SERVICE')[0]

             win32api.RegCloseKey(devinfokey)

         except Exception as ex:

             logger.error('Error reading registry.Exception details: %s' %ex)

         finally:

             if vidkey is not None:

                 win32api.RegCloseKey(vidkey)

             if devinfokey is not None:

                 win32api.RegCloseKey(devinfokey)

         return 'USBSTOR' in value

     # return the RSDs connected to the host

     @staticmethod

     def getExistingRSDs():

         results = Cygwin.vboxExecute('list usbhost')[1]

         results = results.split('Host USB Devices:')[1].strip()

         items = list( "UUID:"+result for result in results.split('UUID:') if result != '')

         rsds = dict()   

         for item in items:

             props = dict()

             for line in item.splitlines():     

                 if line != "":         

                     k,v = line[:line.index(':')].strip(), line[line.index(':')+1:].strip()

                     props[k] = v

             uuid = re.search(r"(?P<uuid>[0-9A-Fa-f\-]+)", props['UUID']).groupdict()['uuid']

             vid = re.search(r"\((?P<vid>[0-9A-Fa-f]+)\)", props['VendorId']).groupdict()['vid']

             pid = re.search(r"\((?P<pid>[0-9A-Fa-f]+)\)", props['ProductId']).groupdict()['pid']

             rev = re.search(r"\((?P<rev>[0-9A-Fa-f]+)\)", props['Revision']).groupdict()['rev']

             serial = None

             if 'SerialNumber' in props.keys():

                 serial = re.search(r"(?P<ser>[0-9A-Fa-f]+)", props['SerialNumber']).groupdict()['ser']

             usb_filter = USBFilter( uuid, vid, pid, rev, serial)

             if VMManager.isMassStorageDevice(usb_filter) and not VMManager.isBlacklisted(usb_filter):

                 rsds[uuid] = usb_filter

                 logger.debug(usb_filter)

         return rsds

     # return the attached USB device as usb descriptor for an existing VM 

     def getAttachedRSD(self, vm_name):

         props = self.getVMInfo(vm_name)

         keys = set(['USBAttachedUUID1', 'USBAttachedVendorId1', 'USBAttachedProductId1', 'USBAttachedRevision1', 'USBAttachedSerialNumber1'])

         keyset = set(props.keys())

         usb_filter = None

         if keyset.issuperset(keys):

             usb_filter = USBFilter(props['USBAttachedUUID1'], props['USBAttachedVendorId1'], props['USBAttachedProductId1'], props['USBAttachedRevision1'], props['USBAttachedSerialNumber1'])

         return usb_filter

     # return the RSDs attached to all existing SDVMs

     def getAttachedRSDs(self):

         vms = self.listSDVM()

         attached_devices = dict()

         for vm in vms:

             rsd_filter = self.getAttachedRSD(vm)

             if rsd_filter != None:

                 attached_devices[vm] = rsd_filter

         return attached_devices

     # attach removable storage device to VM by provision of filter

     def attachRSD(self, vm_name, rsd_filter):

         #return Cygwin.vboxExecute('usbfilter add 0 --target ' + vm_name + ' --name OpenSecurityRSD --vendorid ' + rsd_filter.vendorid + ' --productid ' + rsd_filter.productid + ' --revision ' + rsd_filter.revision + ' --serialnumber ' + rsd_filter.serial)

         return Cygwin.vboxExecute('controlvm ' + vm_name + ' usbattach ' + rsd_filter.uuid )

     # detach removable storage from VM by 

     def detachRSD(self, vm_name, rsd_filter):

         #return Cygwin.vboxExecute('usbfilter remove 0 --target ' + vm_name)

         return Cygwin.vboxExecute('controlvm ' + vm_name + ' usbdetach ' + rsd_filter.uuid )

     # configures hostonly networking and DHCP server. requires admin rights

     def configureHostNetworking(self):

         #cmd = 'vboxmanage list hostonlyifs'

         #Cygwin.vboxExecute(cmd)

         #cmd = 'vboxmanage hostonlyif remove \"VirtualBox Host-Only Ethernet Adapter\"'

         #Cygwin.vboxExecute(cmd)

         #cmd = 'vboxmanage hostonlyif create'

         #Cygwin.vboxExecute(cmd)

         Cygwin.vboxExecute('hostonlyif ipconfig \"VirtualBox Host-Only Ethernet Adapter\" --ip 192.168.56.1 --netmask 255.255.255.0')

         #cmd = 'vboxmanage dhcpserver add'

         #Cygwin.vboxExecute(cmd)

         Cygwin.vboxExecute('dhcpserver modify --ifname \"VirtualBox Host-Only Ethernet Adapter\" --ip 192.168.56.100 --netmask 255.255.255.0 --lowerip 192.168.56.101 --upperip 192.168.56.200')

     def isSDVMExisting(self, vm_name):

         sdvms = self.listSDVM()

         return vm_name in sdvms

     #create new virtual machine instance based on template vm named SecurityDVM (\SecurityDVM\SecurityDVM.vmdk)

     def createVM(self, vm_name):

         if self.isSDVMExisting(vm_name):

             return

         #remove eventually existing SDVM folder

         machineFolder = Cygwin.cygPath(VMManager.machineFolder)

         Cygwin.bashExecute('/usr/bin/rm -rf \\\"' + machineFolder + '/' + vm_name + '\\\"')

         Cygwin.vboxExecute('createvm --name ' + vm_name + ' --ostype Debian --register')

         Cygwin.vboxExecute('modifyvm ' + vm_name + ' --memory 768 --vram 10 --cpus 1 --usb on --usbehci on --nic1 hostonly --hostonlyadapter1 \"' + self.hostonlyIF['Name'] + '\" --nic2 nat')

         Cygwin.vboxExecute('storagectl ' + vm_name + ' --name SATA --add sata --portcount 2')

     #create new SecurityDVM with automatically generated name from template (thread safe)        

     def newSDVM(self):

         with new_sdvm_lock:

             vm_name = self.genSDVMName()

             self.createVM(vm_name)

         return vm_name

     #VMManager.machineFolder + '\SecurityDVM\SecurityDVM.vmdk

     # attach storage image to controller

     def attachVDisk(self, vm_name, vdisk_controller, vdisk_port, vdisk_device, vdisk_image):

         if self.isVDiskAttached(vm_name, vdisk_controller, vdisk_port, vdisk_device):

             self.detachVDisk(vm_name, vdisk_controller, vdisk_port, vdisk_device)

         Cygwin.vboxExecute('storageattach ' + vm_name + ' --storagectl '+ vdisk_controller + ' --port ' + vdisk_port + ' --device ' + vdisk_device + ' --type hdd --medium "'+ vdisk_image + '"')

     # return true if storage is attached 

     def isVDiskAttached(self, vm_name, vdisk_controller, vdisk_port, vdisk_device):

         info = self.getVMInfo(vm_name)

         return (info[vdisk_controller+'-'+vdisk_port+'-'+vdisk_device] != 'none')

     # detach storage from controller

     def detachVDisk(self, vm_name, vdisk_controller, vdisk_port, vdisk_device):

         if self.isVDiskAttached(vm_name, vdisk_controller, vdisk_port, vdisk_device):

             Cygwin.vboxExecute('storageattach ' + vm_name + ' --storagectl ' + vdisk_controller + ' --port ' + vdisk_port + ' --device ' + vdisk_device + ' --medium none')

     # modify type of the vdisk_image

     def changeVDiskType(self, vdisk_image, storage_type):

         Cygwin.vboxExecute('modifyhd "' + vdisk_image + '" --type ' + storage_type)

     # grab VM storage controller, port and device for vdisk image name

     def getVDiskController(self, vm_name, image_name = '.vmdk'):

         vm_description = self.getVMInfo(vm_name)

         vdisk_controller = None

         for key, value in vm_description.iteritems():

             if image_name in value:

                 vdisk_controller = key

                 break

         return vdisk_controller

     # return attached vmdk image name containing image_name 

     def getVDiskImage(self, vm_name, image_name = '.vmdk'):

         vmInfo = self.getVMInfo(vm_name)

         vdisk_image = None

         for value in vmInfo.values():

             if image_name in value:

                 break

         return vdisk_image 

     @staticmethod    

     def getVDiskImages():

         results = Cygwin.vboxExecute('list hdds')[1]

         results = results.replace('Parent UUID', 'Parent')

         items = list( "UUID:"+result for result in results.split('UUID:') if result != '')

         snaps = dict()   

         for item in items:

             props = dict()

             for line in item.splitlines():

                 if line != "":         

                     k,v = line[:line.index(':')].strip(), line[line.index(':')+1:].strip()

                     props[k] = v;

             snaps[props['UUID']] = props

         return snaps

     @staticmethod 

     def getVDiskUUID(vdisk_image):

         images = VMManager.getVDiskImages()

         # find template uuid

         template_uuid = None

         for hdd in images.values():

             if hdd['Location'] == vdisk_image:

                 template_uuid = hdd['UUID']

                 break

         return template_uuid

     def removeSnapshots(self, imageUUID):

         snaps = self.getVDiskImages()

         # remove snapshots 

         for hdd in snaps.values():

             if hdd['Parent'] == imageUUID:

                 snapshotUUID = hdd['UUID']

                 self.removeImage(snapshotUUID)

     def removeImage(self, imageUUID):

         logger.debug('removing snapshot ' + imageUUID)

         Cygwin.vboxExecute('closemedium disk {' + imageUUID + '} --delete')

         # parse result 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

     #remove VM from the system. should be used on VMs returned by listSDVMs    

     def removeVM(self, vm_name):

         logger.info('Removing ' + vm_name)

         Cygwin.vboxExecute('unregistervm ' + vm_name + ' --delete')

         #try to close medium if still existing

         #Cygwin.vboxExecute('closemedium disk {' + hdd['UUID'] + '} --delete')

         self.removeVMFolder(vm_name)

     def removeVMFolder(self, vm_name):

         machineFolder = Cygwin.cygPath(VMManager.machineFolder)

         Cygwin.bashExecute('/usr/bin/rm -rf \\\"' + machineFolder + '\\' + vm_name + '\\\"')

     # start VM

     def startVM(self, vm_name):

         logger.info('Starting ' +  vm_name)

         Cygwin.vboxExecute('guestproperty set ' + vm_name + ' SDVMStarted False')

         result = Cygwin.vboxExecute('startvm ' + vm_name + ' --type headless' )

         while 'successfully started' not in result[1]:

             logger.error("Failed to start SDVM: " + vm_name + " retrying")

             logger.error("Command returned:\n" + result[2])

             time.sleep(1)

             result = Cygwin.vboxExecute('startvm ' + vm_name + ' --type headless')

         return result[0]

     # return wether VM is running or not

     def isVMRunning(self, vm_name):

         return vm_name in self.listRunningVMS()    

     # stop VM

     def stopVM(self, vm_name):

         logger.info('Sending shutdown signal to ' + vm_name)

         Cygwin.sshExecute( '"sudo shutdown -h now"', self.getHostOnlyIP(vm_name), 'osecuser', Cygwin.cygPath(VMManager.machineFolder) + '/' + vm_name + '/dvm_key' )

         Cygwin.vboxExecute('guestproperty set ' + vm_name + ' SDVMStarted False')

     # stop VM

     def hibernateVM(self, vm_name):

         logger.info('Sending hibernate-disk signal to ' + vm_name)

         Cygwin.sshBackgroundExecute( '"sudo hibernate-disk"', self.getHostOnlyIP(vm_name), 'osecuser', Cygwin.cygPath(VMManager.machineFolder) + '/' + vm_name + '/dvm_key', wait_return=False)

         Cygwin.vboxExecute('guestproperty set ' + vm_name + ' SDVMStarted False')

     # poweroff VM

     def poweroffVM(self, vm_name):

         if not self.isVMRunning(vm_name):

             return

         logger.info('Powering off ' + vm_name)

         Cygwin.vboxExecute('controlvm ' + vm_name + ' poweroff')

         Cygwin.vboxExecute('guestproperty set ' + vm_name + ' SDVMStarted False')

     # return the hostOnly IP for a running guest or the host    

     def getHostOnlyIP(self, vm_name):

         if vm_name == None:

             logger.info('Getting hostOnly IP address for Host')

             return VMManager.hostonlyIF['IPAddress']

         else:

             logger.info('Getting hostOnly IP address ' + vm_name)

             result = Cygwin.vboxExecute('guestproperty get ' + vm_name + ' /VirtualBox/GuestInfo/Net/0/V4/IP')

             if result=='':

                 return None

             result = result[1]

             if result.startswith('No value set!'):

                 return None

             return result[result.index(':')+1:].strip()

     # return the description set for an existing VM

     def getVMInfo(self, vm_name):

         results = Cygwin.vboxExecute('showvminfo ' + vm_name + ' --machinereadable')[1]

         props = dict((k.strip().strip('"'),v.strip().strip('"')) for k,v in (line.split('=', 1) for line in results.splitlines()))

         return props

     #generates ISO containing authorized_keys for use with guest VM

     def genCertificate(self, vm_name):

         machineFolder = Cygwin.cygPath(VMManager.machineFolder)

         # remove .ssh folder if exists

         Cygwin.bashExecute('/usr/bin/rm -rf \\\"' + machineFolder + '/' + vm_name + '/.ssh\\\"')

         # remove .ssh folder if exists

         Cygwin.bashExecute('/usr/bin/rm -rf \\\"' + machineFolder + '/' + vm_name + '/dvm_key\\\"')

         # create .ssh folder in vm_name

         Cygwin.bashExecute('/usr/bin/mkdir -p \\\"' + machineFolder + '/' + vm_name + '/.ssh\\\"')

         # generate dvm_key pair in vm_name / .ssh     

         Cygwin.bashExecute('/usr/bin/ssh-keygen -q -t rsa -N \\\"\\\" -C \\\"' + vm_name + '\\\" -f \\\"' + machineFolder + '/' + vm_name + '/.ssh/dvm_key\\\"')

         # move out private key

         Cygwin.bashExecute('/usr/bin/mv \\\"' + machineFolder + '/' + vm_name + '/.ssh/dvm_key\\\" \\\"' + machineFolder + '/' + vm_name + '\\\"')

         # set permissions for private key

         Cygwin.bashExecute('/usr/bin/chmod 500 \\\"' + machineFolder + '/' + vm_name + '/dvm_key\\\"')

         # rename public key to authorized_keys

         Cygwin.bashExecute('/usr/bin/mv \\\"' + machineFolder + '/' + vm_name + '/.ssh/dvm_key.pub\\\" \\\"' + machineFolder + '/' + vm_name + '/.ssh/authorized_keys\\\"')

         # set permissions for authorized_keys

         Cygwin.bashExecute('/usr/bin/chmod 500 \\\"' + machineFolder + '/' + vm_name + '/.ssh/authorized_keys\\\"')

         # generate iso image with .ssh/authorized keys

         Cygwin.bashExecute('/usr/bin/genisoimage -J -R -o \\\"' + machineFolder + '/' + vm_name + '/'+ vm_name + '.iso\\\" \\\"' + machineFolder + '/' + vm_name + '/.ssh\\\"')

     # attaches generated ssh public cert to guest vm

     def attachCertificate(self, vm_name):

         if self.isCertificateAttached(vm_name):

             self.detachCertificate(vm_name)

         Cygwin.vboxExecute('storageattach ' + vm_name + ' --storagectl SATA --port 1 --device 0 --type dvddrive --mtype readonly --medium \"' + VMManager.machineFolder + '\\' + vm_name + '\\'+ vm_name + '.iso\"')

     # return true if storage is attached 

     def isCertificateAttached(self, vm_name):

         info = self.getVMInfo(vm_name)

         return (info['SATA-1-0']!='none')

     # detach storage from controller

     def detachCertificate(self, vm_name):

         if self.isCertificateAttached(vm_name):

             Cygwin.vboxExecute('storageattach ' + vm_name + ' --storagectl SATA --port 1 --device 0 --type hdd --medium none')

     # wait for machine to come up

     def waitStartup(self, vm_name):

         #Cygwin.vboxExecute('guestproperty wait ' + vm_name + ' SDVMStarted --timeout ' + str(timeout_ms) + ' --fail-on-timeout', try_count = 60)

         started = False

         while not started:

             result = Cygwin.vboxExecute('guestproperty get ' + vm_name + ' SDVMStarted')[1]

             if "Value: True" in result:

                 started = True

             else:

                 time.sleep(3) 

         return self.getHostOnlyIP(vm_name)

     # wait for machine to shutdown

     def waitShutdown(self, vm_name):

         while vm_name in self.listRunningVMS():

             time.sleep(1)

         return

     #Small function to check if the mentioned location is a directory

     def isDirectory(self, path):

         result = Cygwin.cmdExecute('dir ' + path + ' | FIND ".."')

         return string.find(result[1], 'DIR',)

     def genNetworkDrive(self):

         logical_drives = VMManager.getLogicalDrives()

         logger.info("Used logical drive letters: "+ str(logical_drives).strip('[]') )

         drives = list(map(chr, range(68, 91)))  

         for drive in drives:

             if drive not in logical_drives:

                 return drive

     @staticmethod

     def getLogicalDrives():

         drive_bitmask = ctypes.cdll.kernel32.GetLogicalDrives()

         drives = list(itertools.compress(string.ascii_uppercase,  map(lambda x:ord(x) - ord('0'), bin(drive_bitmask)[:1:-1])))

         return drives

     @staticmethod

     def getDriveType(drive):

         return ctypes.cdll.kernel32.GetDriveTypeW(u"%s:\\"%drive)

     @staticmethod

     def getNetworkPath(drive):

         return win32wnet.WNetGetConnection(drive+':')

     @staticmethod

     def getVolumeInfo(drive):

         volumeNameBuffer = ctypes.create_unicode_buffer(1024)

         fileSystemNameBuffer = ctypes.create_unicode_buffer(1024)

         serial_number = None

         max_component_length = None

         file_system_flags = None

         rc = ctypes.cdll.kernel32.GetVolumeInformationW(

             u"%s:\\"%drive,

             volumeNameBuffer,

             ctypes.sizeof(volumeNameBuffer),

             serial_number,

             max_component_length,

             file_system_flags,

             fileSystemNameBuffer,

             ctypes.sizeof(fileSystemNameBuffer)

         )

         return volumeNameBuffer.value, fileSystemNameBuffer.value

     def getNetworkDrive(self, vm_name):

         ip = self.getHostOnlyIP(vm_name)

         if ip == None:

             logger.error("Failed getting hostonly IP for " + vm_name)

             return None

         logger.info("Got IP address for " + vm_name + ': ' + ip)

         for drive in VMManager.getLogicalDrives():

             #if is a network drive

             if VMManager.getDriveType(drive) == 4:

                 network_path = VMManager.getNetworkPath(drive)

                 if ip in network_path:

                     return drive

         return None

     def getNetworkDrives(self):

         ip = self.getHostOnlyIP(None)

         if ip == None:

             logger.error("Failed getting hostonly IP for system")

             return None

         logger.info("Got IP address for system: " + ip)

         ip = ip[:ip.rindex('.')]

         network_drives = dict()

         for drive in VMManager.getLogicalDrives():

             #if is a network drive

             if VMManager.getDriveType(drive) == 4:

                 network_path = VMManager.getNetworkPath(drive)

                 if ip in network_path:

                     network_drives[drive] = network_path  

         return network_drives

     # handles browsing request    

     def handleBrowsingRequest(self, proxy = None, wpad = None):

         showTrayMessage('Starting Secure Browsing...', 7000)

         handler = BrowsingHandler(self, proxy, wpad)

         handler.start()

         return 'ok'

     def getActiveUserName(self):

         key = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI')

         v = str(win32api.RegQueryValueEx(key, 'LastLoggedOnUser')[0])

         win32api.RegCloseKey(key)

         user_name = win32api.ExpandEnvironmentStrings(v)

         return user_name

     def getUserSID(self, user_name):

         domain, user = user_name.split("\\")

         account_name = win32security.LookupAccountName(domain, user)

         if account_name == None:

             logger.error("Failed lookup account name for user " + user_name)

             return None

         sid = win32security.ConvertSidToStringSid(account_name[0])

         if sid == None:

             logger.error("Failed converting SID for account " + account_name[0])

             return None

         return sid

     def getAppDataDir(self, sid):    

         key = win32api.RegOpenKey(win32con.HKEY_USERS, sid + '\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders')

         value, _ = win32api.RegQueryValueEx(key, "AppData")

         win32api.RegCloseKey(key)

         return value

         #key = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList' + '\\' + sid)

         #value, type = win32api.RegQueryValueEx(key, "ProfileImagePath")

         #print value

     #import initial template

     def importTemplate(self, image_path):

         import_logger.info('Stopping Opensecurity...')

         self.stop()

         import_logger.info('Cleaning up system in preparation for import...')

         self.cleanup()

         import_logger.info('Removing template SDVM...')

         # if template exists

         if self.vmRootName in self.listVMS():

             # shutdown template if running

             self.poweroffVM(self.vmRootName)

             # detach and remove VDisk

             tmplateUUID = self.getVDiskUUID(self.templateImage)

             if tmplateUUID != None:

                 logger.debug('Found template VDisk uuid ' + tmplateUUID)

                 controller = self.getVDiskController(self.vmRootName)

                 if controller:

                     controller = controller.split('-')

                     self.detachVDisk(self.vmRootName, controller[0], controller[1], controller[2])

                 self.removeSnapshots(tmplateUUID)

                 self.removeImage(tmplateUUID)

             else:

                 logger.info('Template uuid not found')

             # remove VM    

             self.removeVM(self.vmRootName)

         # remove template VM folder 

         self.removeVMFolder(self.vmRootName)

         import_logger.info('Cleanup finished...')

         import_logger.info('Checking privileges...')

         result = Cygwin.bashExecute('id -G')

         if '544' not in result[1]:

             import_logger.debug('Insufficient privileges.')

             import_logger.debug("Trying to continue...")

         # check OpenSecurity Initial VM Image

         import_logger.debug('Looking for VM image: ' + image_path)

         result = os.path.isfile(image_path)

         if not result:

             import_logger.debug('Warning: no OpenSecurity Initial Image found.')

             import_logger.debug('Please download using the OpenSecurity download tool.')

             raise OpenSecurityException('OpenSecurity Initial Image not found.')

         logger.debug('Initial VM image: ' + image_path + ' found')

         if not self.template_installed():

             import_logger.info('Importing SDVm template: ' + image_path)

             Cygwin.vboxExecute('import "' + image_path + '" --vsys 0 --vmname ' + VMManager.vmRootName + ' --unit 12 --disk "' + self.templateImage + '"')

         else:

             import_logger.info('Found ' + VMManager.vmRootName + ' already present in VBox reusing it.')

             import_logger.info('if you want a complete new import please remove the VM first.')

             import_logger.info('starting OpenSecurity service...')

             return

         # remove unnecessary IDE controller

         Cygwin.vboxExecute('storagectl ' + VMManager.vmRootName + ' --name IDE --remove')

         info = self.getVDiskController(VMManager.vmRootName, self.templateImage)

         if info:

             info = info.split('-')

             self.detachVDisk(VMManager.vmRootName, info[0], info[1], info[2])

         self.changeVDiskType(self.templateImage, 'immutable')

         self.attachVDisk(VMManager.vmRootName, info[0], info[1], info[2], self.templateImage)

         import_logger.info('Initial import finished.')    

     # update template 

     def updateTemplate(self):

         import_logger.debug('Stopping Opensecurity...')

         self.stop()

         import_logger.debug('Cleaning up system in preparation for update...')

         self.cleanup()

         import_logger.info('Cleanup finished...')

         # shutdown template if running

         self.poweroffVM(self.vmRootName)

         import_logger.info('Starting template VM...')

         # check for updates

         self.genCertificate(self.vmRootName)

         self.attachCertificate(self.vmRootName)

         import_logger.info('Removing snapshots...')        

         self.detachVDisk(self.vmRootName, 'SATA', '0', '0')

         templateUUID = self.getVDiskUUID(self.templateImage)

         self.removeSnapshots(templateUUID)

         import_logger.info('Setting VDisk image to normal...')

         self.changeVDiskType(self.templateImage, 'normal')

         self.attachVDisk(self.vmRootName, 'SATA', '0', '0', self.templateImage)

         import_logger.info('Starting VM...')

         self.startVM(self.vmRootName)

         self.waitStartup(self.vmRootName)

         import_logger.info('Updating components...')

         tmp_ip = self.getHostOnlyIP(self.vmRootName)

         tmp_machine_folder = Cygwin.cygPath(VMManager.machineFolder)

         Cygwin.sshExecute('"sudo apt-get -y update"', tmp_ip, 'osecuser', tmp_machine_folder + '/' + self.vmRootName + '/dvm_key')

         Cygwin.sshExecute('"sudo apt-get -y upgrade"', tmp_ip, 'osecuser', tmp_machine_folder + '/' + self.vmRootName + '/dvm_key')

         import_logger.info('Restarting template VM...')

         #check if reboot is required

         result = Cygwin.sshExecute('"if [ -f /var/run/reboot-required ]; then echo \\\"Yes\\\"; fi"', tmp_ip, 'osecuser', tmp_machine_folder + '/' + self.vmRootName + '/dvm_key')

         if "Yes" in result[1]:

             self.stopVM(self.vmRootName)

             self.waitShutdown(self.vmRootName)

             self.startVM(self.vmRootName)

             self.waitStartup(self.vmRootName)

         import_logger.info('Stopping template VM...')

         self.stopVM(self.vmRootName)

         self.waitShutdown(self.vmRootName)

         import_logger.info('Setting VDisk image to immutable...')

         self.detachVDisk(self.vmRootName, 'SATA', '0', '0') 

         self.changeVDiskType(self.templateImage, 'immutable')

         self.attachVDisk(self.vmRootName,  'SATA', '0', '0', self.templateImage)

         import_logger.info('Update template finished...')

     def startInitialImport(self):

         if self.importHandler and self.importHandler.isAlive():

             import_logger.info("Initial import already running.")

             return

         self.importHandler = InitialImportHandler(self)

         self.importHandler.start()

         import_logger.info("Initial import started.")

     def startUpdateTemplate(self):

         if self.updateHandler and self.updateHandler.isAlive():

             import_logger.info("Initial import already running.")

             return

         self.updateHandler = UpdateHandler(self)

         self.updateHandler.start()

         import_logger.info("Initial import started.")

     def createSession(self):

         new_sdvm = self.newSDVM()

         self.attachVDisk(new_sdvm, 'SATA', '0', '0', self.templateImage)

         self.genCertificate(new_sdvm)

         self.attachCertificate(new_sdvm)

         self.startVM(new_sdvm)

         new_ip = self.waitStartup(new_sdvm)

         if new_ip == None:

             logger.error("Error getting IP address of SDVM. Cleaning up.")

             self.poweroffVM(new_sdvm)

             self.removeVM(new_sdvm)

             return None

         else:

             logger.info("Got IP address for " + new_sdvm + ' ' + new_ip)

             self.vms[new_sdvm] = {'vm_name' : new_sdvm, 'ip_addr' : new_ip, 'used' : False, 'running' : True}

             return self.vms[new_sdvm]

     def releaseSession(self, vm_name):

         del self.vms[vm_name]

         self.poweroffVM(vm_name)

         self.removeVM(vm_name)

         self.sdvmFactory.trigger()

     def getSession(self):

         # return first found unused SDVM

         for vm in self.vms.values():

             if vm['used'] == False:

                 vm['used'] = True

                 self.sdvmFactory.trigger()

                 return vm

         return self.createSession()

 class SDVMFactory(threading.Thread):

     vmm = None

     running = True

     triggerEv = None

     def __init__(self, vmmanager):

         threading.Thread.__init__(self)

         self.vmm = vmmanager

         self.triggerEv = threading.Event()

     def run(self):

         while self.running:

             self.triggerEv.clear()            

             if len(self.vmm.vms) < 2:

                 self.vmm.createSession()

                 continue

             unused = 0

             for vm in self.vmm.vms.values():

                 if vm['used'] == False:

                     unused+=1

             if unused == 0:

                 self.vmm.createSession()

             self.triggerEv.wait()

     def trigger(self):

         self.triggerEv.set()

     def stop(self):

         self.running = False

         self.triggerEv.set()

 #handles browsing session creation 

 class BrowsingHandler(threading.Thread):

     vmm = None

     proxy = None

     wpad = None

     net_resource = None

     ip_addr = None

     vm_name = None

     def __init__(self, vmmanager, proxy, wpad):

         threading.Thread.__init__(self)

         self.vmm = vmmanager

         self.proxy = proxy

         self.wpad = wpad

     def run(self):

         session = None

         try:

             appDataDir = self.getAppDataDir()

             session = self.vmm.getSession()

             if not session:

                 raise OpenSecurityException("Could not get new SDVM session.")

             self.ip_addr = session['ip_addr']

             self.vm_name = session['vm_name']

             self.net_resource = '\\\\' + self.ip_addr + '\\Download'

             urllib2.urlopen('http://127.0.0.1:8090/netmount?'+'net_resource='+self.net_resource).readline()

             logger.info("Restoring browser settings in AppData dir " + appDataDir)

             # create OpenSecurity settings dir on local machine user home /AppData/Roaming 

             Cygwin.bashExecute('/usr/bin/mkdir -p \\\"' + appDataDir + '/OpenSecurity\\\"')

             # create chromium settings dir on local machine if not existing

             Cygwin.bashExecute('/usr/bin/mkdir -p \\\"' + appDataDir + '/OpenSecurity/chromium\\\"')

             # create chromium settings dir on remote machine if not existing

             Cygwin.sshExecute('"mkdir -p \\\"/home/osecuser/.config\\\""', self.ip_addr, 'osecuser', Cygwin.cygPath(self.vmm.getMachineFolder()) + '/' + self.vm_name + '/dvm_key')

             #restore settings on vm

             self.restoreFile(appDataDir + '/OpenSecurity/chromium', '/home/osecuser/.config/')

             if self.wpad:

                 browser = '\\\"/usr/bin/chromium --proxy-pac-url=\\\"'+self.wpad+'\\\"\\\"'

             elif self.proxy:

                 browser = '\\\"export http_proxy='+self.proxy+'; /usr/bin/chromium\\\"'

             else:

                 browser = '\\\"/usr/bin/chromium\\\"'

             Cygwin.sshExecuteX11(browser, self.ip_addr, 'osecuser', Cygwin.cygPath(self.vmm.getMachineFolder()) + '/' + self.vm_name + '/dvm_key')

             self.backupFile('/home/osecuser/.config/chromium', appDataDir + '/OpenSecurity/')

         except urllib2.URLError:

             logger.error("Network drive connect failed. OpenSecurity Tray client not running.")

             self.net_resource = None

         except:

             logger.info("BrowsingHandler failed. See log for details")

         if session:

             if self.net_resource == None:

                 logger.info("Missing browsing SDVM's network share. Skipping disconnect")

             else:

                 try:

                     urllib2.urlopen('http://127.0.0.1:8090/netumount?'+'net_resource='+self.net_resource).readline()

                     self.net_resource = None

                 except urllib2.URLError:

                     logger.error("Network share disconnect failed. OpenSecurity Tray client not running.")

         if self.vm_name:

             self.vmm.releaseSession(self.vm_name)

         self.vmm.sdvmFactory.trigger()

     def backupFile(self, src, dest):

         global backup_lock

         with backup_lock:

             certificate = Cygwin.cygPath(self.vmm.getMachineFolder()) + '/' + self.vm_name + '/dvm_key'

             command = '-r -o StrictHostKeyChecking=no -i "' + certificate + '" "osecuser@' + self.ip_addr + ':' + src + '" "' + dest + '"'

             return Cygwin.execute(Cygwin.cygwin_scp, command, wait_return=True, window=False)

     def restoreFile(self, src, dest):

         certificate = Cygwin.cygPath(self.vmm.getMachineFolder()) + '/' + self.vm_name + '/dvm_key'

         command = '-r -o StrictHostKeyChecking=no -i "' + certificate + '" "' + src + '" "osecuser@' + self.ip_addr + ':' + dest + '"'

         return Cygwin.execute(Cygwin.cygwin_scp, command, wait_return=True, window=False)

     def getAppDataDir(self):

         user = self.vmm.getActiveUserName()

         if user == None:

             logger.error("Cannot get active user name")

             raise OpenSecurityException("Cannot get active user name")

         else:

             logger.info('Got active user name ' + user)

         sid = self.vmm.getUserSID(user)

         if sid == None:

             logger.error("Cannot get SID for active user")

             raise OpenSecurityException("Cannot get SID for active user")

         else:

             logger.info("Got active user SID " + sid + " for user " + user)

         path = self.vmm.getAppDataDir(sid)

         if path == None:

             logger.error("Cannot get AppDataDir for active user")

             raise OpenSecurityException("Cannot get AppDataDir for active user")

         else:

             logger.info("Got AppData dir for user " + user + ': ' + path)

         return Cygwin.cygPath(path)

 class DeviceHandler(threading.Thread): 

     vmm = None

     existingRSDs = None

     attachedRSDs = None  

     running = True

     def __init__(self, vmmanger): 

         threading.Thread.__init__(self)

         self.vmm = vmmanger

     def stop(self):

         self.running = False

     def run(self):

         self.existingRSDs = dict()

         self.attachedRSDs = self.vmm.getAttachedRSDs()

         while self.running:

             tmp_rsds = self.vmm.getExistingRSDs()

             if tmp_rsds.keys() == self.existingRSDs.keys():

                 logger.debug("Nothing's changed. sleep(3)")

                 time.sleep(3)

                 continue

             showTrayMessage('System changed.\nEvaluating...', 7000)

             logger.info("Something's changed")

             tmp_attached = self.attachedRSDs     

             for vm_name in tmp_attached.keys():

                 if tmp_attached[vm_name] not in tmp_rsds.values():

                     ip = self.vmm.getHostOnlyIP(vm_name)

                     if ip == None:

                         logger.error("Failed getting hostonly IP for " + vm_name)

                         continue

                     try:

                         net_resource = '\\\\' + ip + '\\USB'

                         result = urllib2.urlopen('http://127.0.0.1:8090/netumount?'+'net_resource='+net_resource).readline()

                     except urllib2.URLError:

                         logger.error("Network drive disconnect failed. OpenSecurity Tray client not running.")

                         continue

                     # detach not necessary as already removed from vm description upon disconnect

                     del self.attachedRSDs[vm_name]

                     self.vmm.releaseSession(vm_name)

             #create new vms for new devices if any

             new_ip = None

             for new_device in tmp_rsds.values():

                 showTrayMessage('Mounting device...', 7000)

                 if (self.attachedRSDs and False) or (new_device not in self.attachedRSDs.values()):

                     session = self.vmm.getSession()

                     if not session:

                         logger.info("Could not get new SDVM session.")

                         continue

                         #raise OpenSecurityException("Could not get new SDVM session.")

                     new_sdvm = session['vm_name']

                     new_ip = session['ip_addr']

                     try:

                         self.vmm.attachRSD(new_sdvm, new_device)

                         self.attachedRSDs[new_sdvm] = new_device

                     except:

                         logger.info("RSD prematurely removed. Cleaning up.")

                         self.vmm.releaseSession(new_sdvm)

                         continue

                     try:

                         net_resource = '\\\\' + new_ip + '\\USB'

                         result = urllib2.urlopen('http://127.0.0.1:8090/netmount?'+'net_resource='+net_resource).readline()

                     except urllib2.URLError:

                         logger.error("Network drive connect failed (tray client not accessible). Cleaning up.")

                         self.vmm.releaseSession(new_sdvm)

                         continue

             self.existingRSDs = tmp_rsds

 class UpdateHandler(threading.Thread):

     vmm = None    

     def __init__(self, vmmanager):

         threading.Thread.__init__(self)

         self.vmm = vmmanager

     def run(self):

         try:

             self.vmm.updateTemplate()

         except:

             import_logger.info("Update template failed. Refer to service log for details.")

         self.vmm.start(force=True)

 class InitialImportHandler(threading.Thread):

     vmm = None    

     def __init__(self, vmmanager):

         threading.Thread.__init__(self)

         self.vmm = vmmanager

     def run(self):

         try:

             self.vmm.importTemplate(self.vmm.getMachineFolder() + '\\OsecVM.ova')

             self.vmm.updateTemplate()

         except:

             import_logger.info("Initial import failed. Refer to service log for details.")

         self.vmm.start(force=True)