2 # -*- coding: utf-8 -*-
4 # ------------------------------------------------------------
7 # the opensecurityd as RESTful server
9 # Autor: Mihai Bartha, <mihai.bartha@ait.ac.at>
11 # Copyright (C) 2013 AIT Austrian Institute of Technology
12 # AIT Austrian Institute of Technology GmbH
13 # Donau-City-Strasse 1 | 1220 Vienna | Austria
14 # http://www.ait.ac.at
16 # This program is free software; you can redistribute it and/or
17 # modify it under the terms of the GNU General Public License
18 # as published by the Free Software Foundation version 2.
20 # This program is distributed in the hope that it will be useful,
21 # but WITHOUT ANY WARRANTY; without even the implied warranty of
22 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 # GNU General Public License for more details.
25 # You should have received a copy of the GNU General Public License
26 # along with this program; if not, write to the Free Software
27 # Foundation, Inc., 51 Franklin Street, Fifth Floor,
28 # Boston, MA 02110-1301, USA.
29 # ------------------------------------------------------------
32 # ------------------------------------------------------------
37 from subprocess import Popen, PIPE, call, STARTUPINFO, _subprocess
41 from cygwin import Cygwin
42 from environment import Environment
50 from opensecurity_util import logger, setupLogger, OpenSecurityException, showTrayMessage
63 new_sdvm_lock = threading.Lock()
65 class VMManagerException(Exception):
66 def __init__(self, value):
69 return repr(self.value)
78 def __init__(self, uuid, vendorid, productid, revision, serial):
80 self.vendorid = vendorid.lower()
81 self.productid = productid.lower()
82 self.revision = revision.lower()
86 def __eq__(self, other):
87 return self.uuid == other.uuid #self.vendorid == other.vendorid and self.productid == other.productid and self.revision == other.revision
90 return hash(self.uuid) ^ hash(self.vendorid) ^ hash(self.productid) ^ hash(self.revision) ^ hash(self.serial)
93 return "UUID:" + str(self.uuid) + " VendorId = \'" + str(self.vendorid) + "\' ProductId = \'" + str(self.productid) + "\'" + "\' Revision = \'" + str(self.revision) + "\' SerialNumber = \'" + str(self.serial)
95 #def __getitem__(self, item):
96 # return self.coords[item]
98 theClass.systemProperties = theClass.getSystemProperties()
99 theClass.machineFolder = theClass.systemProperties["Default machine folder"]
100 #theClass.hostonlyIF = theClass.getHostOnlyIFs()["VirtualBox Host-Only Ethernet Adapter"]
101 theClass.blacklistedRSD = theClass.loadRSDBlacklist()
105 class VMManager(object):
106 vmRootName = "SecurityDVM"
107 systemProperties = None
112 browsingManager = None
113 blacklistedRSD = None
114 status_message = 'Starting up...'
117 # only proceed if we have a working background environment
118 if self.backend_ok():
119 VMManager.hostonlyIF = self.getHostOnlyIFs()["VirtualBox Host-Only Ethernet Adapter"]
122 logger.critical(self.status_message)
127 if VMManager._instance == None:
128 VMManager._instance = VMManager()
129 return VMManager._instance
131 #list the hostonly IFs exposed by the VBox host
133 def getHostOnlyIFs():
134 results = Cygwin.vboxExecute('list hostonlyifs')[1]
138 items = list( "Name: " + result for result in results.split('Name: ') if result != '')
141 props = dict((k.strip(),v.strip().strip('"')) for k,v in (line.split(':', 1) for line in item.strip().splitlines()))
142 ifs[props["Name"]] = props
145 #props = dict((k.strip(),v.strip().strip('"')) for k,v in (line.split(':', 1) for line in result.strip().splitlines()))
148 #list the hostonly IFs exposed by the VBox host
150 def getDHCPServers():
151 results = Cygwin.vboxExecute('list dhcpservers')[1]
154 items = list( "NetworkName: " + result for result in results.split('NetworkName: ') if result != '')
158 props = dict((k.strip(),v.strip().strip('"')) for k,v in (line.split(':', 1) for line in item.strip().splitlines()))
159 dhcps[props["NetworkName"]] = props
162 # return hosty system properties
164 def getSystemProperties():
165 result = Cygwin.vboxExecute('list systemproperties')
168 props = dict((k.strip(),v.strip().strip('"')) for k,v in (line.split(':', 1) for line in result[1].strip().splitlines()))
171 # return the folder containing the guest VMs
172 def getMachineFolder(self):
173 return VMManager.machineFolder
175 # verifies the hostonly interface and DHCP server settings
176 def verifyHostOnlySettings(self):
177 interfaceName = "VirtualBox Host-Only Ethernet Adapter"
178 networkName = "HostInterfaceNetworking-VirtualBox Host-Only Ethernet Adapter"
180 hostonlyifs = self.getHostOnlyIFs()
181 if not interfaceName in hostonlyifs.keys():
182 Cygwin.vboxExecute('hostonlyif create')
183 hostonlyifs = self.getHostOnlyIFs()
184 if not interfaceName in hostonlyifs.keys():
187 interface = hostonlyifs[interfaceName]
188 if interface['VBoxNetworkName'] != networkName or interface['DHCP'] != 'Disabled' or interface['IPAddress'] != '192.168.56.1':
189 Cygwin.vboxExecute('hostonlyif ipconfig "' + interfaceName + '" --ip 192.168.56.1 --netmask 255.255.255.0')
191 dhcpservers = self.getDHCPServers()
192 if not networkName in dhcpservers.keys():
193 Cygwin.vboxExecute('dhcpserver add --ifname "' + interfaceName + '" --ip 192.168.56.100 --netmask 255.255.255.0 --lowerip 192.168.56.101 --upperip 192.168.56.254 --enable')
194 dhcpservers = self.getDHCPServers()
195 if not networkName in dhcpservers.keys():
198 server = dhcpservers[networkName]
199 if server['IP'] != '192.168.56.100' or server['NetworkMask'] != '255.255.255.0' or server['lowerIPAddress'] != '192.168.56.101' or server['upperIPAddress'] != '192.168.56.254' or server['Enabled'] != 'Yes':
200 Cygwin.vboxExecute('VBoxManage dhcpserver modify --netname "' + networkName + '" --ip 192.168.56.100 --netmask 255.255.255.0 --lowerip 192.168.56.101 --upperip 192.168.56.254 --enable')
204 def template_installed(self):
205 """ check if we do have our root VMs installed """
207 if not self.vmRootName in vms:
208 self.status_message = 'Unable to locate root SecurityDVM. Please download and setup the initial image.'
212 def backend_ok(self):
213 """check if the backend (VirtualBox) is sufficient for our task"""
215 # ensure we have our system props
216 if VMManager.systemProperties == None:
217 VMManager.systemProperties = self.getSystemProperties()
218 if VMManager.systemProperties == None:
219 self.status_message = 'Failed to get backend system properties. Is Backend (VirtualBox?) installed?'
222 # check for existing Extension pack
223 if not 'Remote desktop ExtPack' in VMManager.systemProperties:
224 self.status_message = 'No remote desktop extension pack found. Please install the "Oracle VM VirtualBox Extension Pack" from https://www.virtualbox.org/wiki/Downloads.'
226 if VMManager.systemProperties['Remote desktop ExtPack'] == 'Oracle VM VirtualBox Extension Pack ':
227 self.status_message = 'Unsure if suitable extension pack is installed. Please install the "Oracle VM VirtualBox Extension Pack" from https://www.virtualbox.org/wiki/Downloads.'
230 # check the existing hostOnly network settings and try to reconfigure if faulty
231 if not self.verifyHostOnlySettings():
234 # basically all seems nice and ready to rumble
235 self.status_message = 'All is ok.'
240 if self.rsdHandler != None:
241 self.rsdHandler.stop()
242 self.rsdHandler.join()
243 self.rsdHandler = None
245 if self.browsingManager != None:
246 self.browsingManager.stop()
247 self.browsingManager.join()
248 self.browsingManager = None
254 if self.backend_ok() and self.template_installed():
255 self.browsingManager = BrowsingManager(self)
256 self.browsingManager.start()
257 self.rsdHandler = DeviceHandler(self)
258 self.rsdHandler.start()
264 ip = self.getHostOnlyIP(None)
266 result = urllib2.urlopen('http://127.0.0.1:8090/netcleanup?'+'hostonly_ip='+ip).readline()
267 except urllib2.URLError:
268 logger.info("Network drive cleanup all skipped. OpenSecurity Tray client not started yet.")
270 for vm in self.listSDVM():
274 # list all existing VMs registered with VBox
276 result = Cygwin.vboxExecute('list vms')[1]
277 vms = list(k.strip().strip('"') for k,_ in (line.split(' ') for line in result.splitlines()))
281 def listRunningVMS(self):
282 result = Cygwin.vboxExecute('list runningvms')[1]
283 vms = list(k.strip().strip('"') for k,_ in (line.split(' ') for line in result.splitlines()))
286 # list existing SDVMs
291 if vm.startswith(self.vmRootName) and vm != self.vmRootName:
295 # generate valid (not already existing SDVM name). necessary for creating a new VM
296 def genSDVMName(self):
298 for i in range(0,999):
299 if(not self.vmRootName+str(i) in vms):
300 return self.vmRootName+str(i)
304 def loadRSDBlacklist():
307 fo = open(Environment('OpenSecurity').prefix_path +"\\bin\\blacklist.usb", "r")
309 logger.error("Could not open RSD blacklist file.")
312 lines = fo.readlines()
315 parts = line.strip().split(' ')
316 blacklist[parts[0].lower()] = parts[1].lower()
320 def isBlacklisted(device):
321 if VMManager.blacklistedRSD:
322 blacklisted = device.vendorid.lower() in VMManager.blacklistedRSD.keys() and device.productid.lower() == VMManager.blacklistedRSD[device.vendorid]
326 # check if the device is mass storage type
328 def isMassStorageDevice(device):
333 keyname = 'SYSTEM\CurrentControlSet\Enum\USB' + '\VID_' + device.vendorid+'&'+'PID_'+ device.productid
334 vidkey = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, keyname)
335 devinfokeyname = win32api.RegEnumKey(vidkey, 0)
336 win32api.RegCloseKey(vidkey)
338 devinfokey = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, keyname+'\\'+devinfokeyname)
339 value = win32api.RegQueryValueEx(devinfokey, 'SERVICE')[0]
340 win32api.RegCloseKey(devinfokey)
341 except Exception as ex:
342 logger.error('Error reading registry.Exception details: %s' %ex)
344 if vidkey is not None:
345 win32api.RegCloseKey(vidkey)
346 if devinfokey is not None:
347 win32api.RegCloseKey(devinfokey)
349 return 'USBSTOR' in value
351 # return the RSDs connected to the host
353 def getExistingRSDs():
354 results = Cygwin.vboxExecute('list usbhost')[1]
355 results = results.split('Host USB Devices:')[1].strip()
357 items = list( "UUID:"+result for result in results.split('UUID:') if result != '')
361 for line in item.splitlines():
363 k,v = line[:line.index(':')].strip(), line[line.index(':')+1:].strip()
366 uuid = re.search(r"(?P<uuid>[0-9A-Fa-f\-]+)", props['UUID']).groupdict()['uuid']
367 vid = re.search(r"\((?P<vid>[0-9A-Fa-f]+)\)", props['VendorId']).groupdict()['vid']
368 pid = re.search(r"\((?P<pid>[0-9A-Fa-f]+)\)", props['ProductId']).groupdict()['pid']
369 rev = re.search(r"\((?P<rev>[0-9A-Fa-f]+)\)", props['Revision']).groupdict()['rev']
371 if 'SerialNumber' in props.keys():
372 serial = re.search(r"(?P<ser>[0-9A-Fa-f]+)", props['SerialNumber']).groupdict()['ser']
373 usb_filter = USBFilter( uuid, vid, pid, rev, serial)
375 if VMManager.isMassStorageDevice(usb_filter) and not VMManager.isBlacklisted(usb_filter):
376 rsds[uuid] = usb_filter
377 logger.debug(usb_filter)
381 #def getAttachedRSD(self, vm_name):
382 # props = self.getVMInfo(vm_name)
383 # keys = set(['USBFilterVendorId1', 'USBFilterProductId1', 'USBFilterRevision1', 'USBFilterSerialNumber1'])
384 # keyset = set(props.keys())
386 # if keyset.issuperset(keys):
387 # usb_filter = USBFilter(props['USBFilterVendorId1'], props['USBFilterProductId1'], props['USBFilterRevision1'])
390 # return the attached USB device as usb descriptor for an existing VM
391 def getAttachedRSD(self, vm_name):
392 props = self.getVMInfo(vm_name)
393 keys = set(['USBAttachedUUID1', 'USBAttachedVendorId1', 'USBAttachedProductId1', 'USBAttachedRevision1', 'USBAttachedSerialNumber1'])
394 keyset = set(props.keys())
396 if keyset.issuperset(keys):
397 usb_filter = USBFilter(props['USBAttachedUUID1'], props['USBAttachedVendorId1'], props['USBAttachedProductId1'], props['USBAttachedRevision1'], props['USBAttachedSerialNumber1'])
400 # return the RSDs attached to all existing SDVMs
401 def getAttachedRSDs(self):
402 vms = self.listSDVM()
403 attached_devices = dict()
405 rsd_filter = self.getAttachedRSD(vm)
406 if rsd_filter != None:
407 attached_devices[vm] = rsd_filter
408 return attached_devices
410 # attach removable storage device to VM by provision of filter
411 def attachRSD(self, vm_name, rsd_filter):
412 #return Cygwin.vboxExecute('usbfilter add 0 --target ' + vm_name + ' --name OpenSecurityRSD --vendorid ' + rsd_filter.vendorid + ' --productid ' + rsd_filter.productid + ' --revision ' + rsd_filter.revision + ' --serialnumber ' + rsd_filter.serial)
413 return Cygwin.vboxExecute('controlvm ' + vm_name + ' usbattach ' + rsd_filter.uuid )
415 # detach removable storage from VM by
416 def detachRSD(self, vm_name, rsd_filter):
417 #return Cygwin.vboxExecute('usbfilter remove 0 --target ' + vm_name)
418 return Cygwin.vboxExecute('controlvm ' + vm_name + ' usbdetach ' + rsd_filter.uuid )
420 # configures hostonly networking and DHCP server. requires admin rights
421 def configureHostNetworking(self):
422 #cmd = 'vboxmanage list hostonlyifs'
423 #Cygwin.vboxExecute(cmd)
424 #cmd = 'vboxmanage hostonlyif remove \"VirtualBox Host-Only Ethernet Adapter\"'
425 #Cygwin.vboxExecute(cmd)
426 #cmd = 'vboxmanage hostonlyif create'
427 #Cygwin.vboxExecute(cmd)
428 Cygwin.vboxExecute('hostonlyif ipconfig \"VirtualBox Host-Only Ethernet Adapter\" --ip 192.168.56.1 --netmask 255.255.255.0')
429 #cmd = 'vboxmanage dhcpserver add'
430 #Cygwin.vboxExecute(cmd)
431 Cygwin.vboxExecute('dhcpserver modify --ifname \"VirtualBox Host-Only Ethernet Adapter\" --ip 192.168.56.100 --netmask 255.255.255.0 --lowerip 192.168.56.101 --upperip 192.168.56.200')
433 def isSDVMExisting(self, vm_name):
434 sdvms = self.listSDVM()
435 return vm_name in sdvms
437 #create new virtual machine instance based on template vm named SecurityDVM (\SecurityDVM\SecurityDVM.vmdk)
438 def createVM(self, vm_name):
439 if self.isSDVMExisting(vm_name):
441 #remove eventually existing SDVM folder
442 machineFolder = Cygwin.cygPath(VMManager.machineFolder)
443 Cygwin.bashExecute('/usr/bin/rm -rf \\\"' + machineFolder + '/' + vm_name + '\\\"')
444 Cygwin.vboxExecute('createvm --name ' + vm_name + ' --ostype Debian --register')
445 Cygwin.vboxExecute('modifyvm ' + vm_name + ' --memory 768 --vram 10 --cpus 1 --usb on --usbehci on --nic1 hostonly --hostonlyadapter1 \"' + self.hostonlyIF['Name'] + '\" --nic2 nat')
446 Cygwin.vboxExecute('storagectl ' + vm_name + ' --name SATA --add sata --portcount 2')
448 #create new SecurityDVM with automatically generated name from template (thread safe)
451 vm_name = self.genSDVMName()
452 self.createVM(vm_name)
455 # attach storage image to controller
456 def attachStorage(self, vm_name):
457 if self.isStorageAttached(vm_name):
458 self.detachStorage(vm_name)
459 Cygwin.vboxExecute('storageattach ' + vm_name + ' --storagectl SATA --port 0 --device 0 --type hdd --medium \"'+ VMManager.machineFolder + '\SecurityDVM\SecurityDVM.vmdk\"')
461 # return true if storage is attached
462 def isStorageAttached(self, vm_name):
463 info = self.getVMInfo(vm_name)
464 return (info['SATA-0-0']!='none')
466 # detach storage from controller
467 def detachStorage(self, vm_name):
468 if self.isStorageAttached(vm_name):
469 Cygwin.vboxExecute('storageattach ' + vm_name + ' --storagectl SATA --port 0 --device 0 --type hdd --medium none')
471 def changeStorageType(self, filename, storage_type):
472 Cygwin.vboxExecute('modifyhd \"' + filename + '\" --type ' + storage_type)
474 # list storage snaphots for VM
475 def updateTemplate(self):
478 self.poweroffVM(self.vmRootName)
479 self.waitShutdown(self.vmRootName)
482 self.genCertificate(self.vmRootName)
483 self.attachCertificate(self.vmRootName)
485 #templateUUID = self.getVMInfo(self.vmRootName)["SATA-ImageUUID-0-0"] #TODO: // verify value
486 templateUUID = self.getTemplateUUID()
488 self.detachStorage(self.vmRootName)
489 self.removeSnapshots(templateUUID)
491 template_storage = VMManager.machineFolder + '\\' + self.vmRootName + '\\' + self.vmRootName + '.vmdk'
492 #TODO:// modify to take vm name as argument
493 self.changeStorageType(template_storage,'normal')
494 self.attachStorage(self.vmRootName)
495 self.startVM(self.vmRootName)
496 self.waitStartup(self.vmRootName)
498 tmp_ip = self.getHostOnlyIP(self.vmRootName)
499 tmp_machine_folder = Cygwin.cygPath(VMManager.machineFolder)
500 Cygwin.sshExecute('"sudo apt-get -y update"', tmp_ip, 'osecuser', tmp_machine_folder + '/' + self.vmRootName + '/dvm_key')
501 Cygwin.sshExecute('"sudo apt-get -y upgrade"', tmp_ip, 'osecuser', tmp_machine_folder + '/' + self.vmRootName + '/dvm_key')
503 #check if reboot is required
504 result = Cygwin.sshExecute('"if [ -f /var/run/reboot-required ]; then echo \\\"Yes\\\"; fi"', tmp_ip, 'osecuser', tmp_machine_folder + '/' + self.vmRootName + '/dvm_key')
505 if "Yes" in result[1]:
506 self.stopVM(self.vmRootName)
507 self.waitShutdown(self.vmRootName)
508 self.startVM(self.vmRootName)
509 self.waitStartup(self.vmRootName)
511 #self.hibernateVM(self.vmRootName)
512 self.stopVM(self.vmRootName)
513 self.waitShutdown(self.vmRootName)
514 self.detachStorage(self.vmRootName)
515 self.changeStorageType(template_storage,'immutable')
516 self.attachStorage(self.vmRootName)
518 #"SATA-0-0"="C:\Users\BarthaM\VirtualBox VMs\SecurityDVM\Snapshots\{d0af827d-f13a-49be-8ac1-df20b13bda83}.vmdk"
519 #"SATA-ImageUUID-0-0"="d0af827d-f13a-49be-8ac1-df20b13bda83"
522 results = Cygwin.vboxExecute('list hdds')[1]
523 results = results.replace('Parent UUID', 'Parent')
524 items = list( "UUID:"+result for result in results.split('UUID:') if result != '')
529 for line in item.splitlines():
531 k,v = line[:line.index(':')].strip(), line[line.index(':')+1:].strip()
533 snaps[props['UUID']] = props
537 def getTemplateUUID():
538 images = VMManager.getDiskImages()
539 template_storage = VMManager.machineFolder + '\\' + VMManager.vmRootName + '\\' + VMManager.vmRootName + '.vmdk'
542 for hdd in images.values():
543 if hdd['Location'] == template_storage:
544 template_uuid = hdd['UUID']
548 def removeSnapshots(self, imageUUID):
549 snaps = self.getDiskImages()
551 for hdd in snaps.values():
552 if hdd['Parent'] == imageUUID:
553 snapshotUUID = hdd['UUID']
554 self.removeImage(snapshotUUID)
556 def removeImage(self, imageUUID):
557 logger.debug('removing snapshot ' + imageUUID)
558 Cygwin.vboxExecute('closemedium disk {' + imageUUID + '} --delete')
559 # parse result 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
561 #remove VM from the system. should be used on VMs returned by listSDVMs
562 def removeVM(self, vm_name):
563 logger.info('Removing ' + vm_name)
565 Cygwin.vboxExecute('unregistervm ' + vm_name + ' --delete')
566 #TODO:// try to close medium if still existing
567 #Cygwin.vboxExecute('closemedium disk {' + hdd['UUID'] + '} --delete')
568 self.removeVMFolder(vm_name)
570 def removeVMFolder(self, vm_name):
571 machineFolder = Cygwin.cygPath(VMManager.machineFolder)
572 Cygwin.bashExecute('/usr/bin/rm -rf \\\"' + machineFolder + '/' + vm_name + '\\\"')
575 def startVM(self, vm_name):
576 logger.info('Starting ' + vm_name)
577 Cygwin.vboxExecute('guestproperty set ' + vm_name + ' SDVMStarted False')
578 result = Cygwin.vboxExecute('startvm ' + vm_name + ' --type headless' )
579 while 'successfully started' not in result[1]:
580 logger.error("Failed to start SDVM: " + vm_name + " retrying")
581 logger.error("Command returned:\n" + result[2])
583 result = Cygwin.vboxExecute('startvm ' + vm_name + ' --type headless')
586 # return wether VM is running or not
587 def isVMRunning(self, vm_name):
588 return vm_name in self.listRunningVMS()
591 def stopVM(self, vm_name):
592 logger.info('Sending shutdown signal to ' + vm_name)
593 Cygwin.sshExecute( '"sudo shutdown -h now"', self.getHostOnlyIP(vm_name), 'osecuser', Cygwin.cygPath(VMManager.machineFolder) + '/' + vm_name + '/dvm_key' )
594 Cygwin.vboxExecute('guestproperty set ' + vm_name + ' SDVMStarted False')
597 def hibernateVM(self, vm_name):
598 logger.info('Sending hibernate-disk signal to ' + vm_name)
599 Cygwin.sshBackgroundExecute( '"sudo hibernate-disk"', self.getHostOnlyIP(vm_name), 'osecuser', Cygwin.cygPath(VMManager.machineFolder) + '/' + vm_name + '/dvm_key', wait_return=False)
600 Cygwin.vboxExecute('guestproperty set ' + vm_name + ' SDVMStarted False')
603 def poweroffVM(self, vm_name):
604 if not self.isVMRunning(vm_name):
606 logger.info('Powering off ' + vm_name)
607 Cygwin.vboxExecute('controlvm ' + vm_name + ' poweroff')
608 Cygwin.vboxExecute('guestproperty set ' + vm_name + ' SDVMStarted False')
611 # return the hostOnly IP for a running guest or the host
612 def getHostOnlyIP(self, vm_name):
614 logger.info('Getting hostOnly IP address for Host')
615 return VMManager.hostonlyIF['IPAddress']
617 logger.info('Getting hostOnly IP address ' + vm_name)
618 result = Cygwin.vboxExecute('guestproperty get ' + vm_name + ' /VirtualBox/GuestInfo/Net/0/V4/IP')
622 if result.startswith('No value set!'):
624 return result[result.index(':')+1:].strip()
626 # return the description set for an existing VM
627 def getVMInfo(self, vm_name):
628 results = Cygwin.vboxExecute('showvminfo ' + vm_name + ' --machinereadable')[1]
629 props = dict((k.strip().strip('"'),v.strip().strip('"')) for k,v in (line.split('=', 1) for line in results.splitlines()))
632 #generates ISO containing authorized_keys for use with guest VM
633 def genCertificate(self, vm_name):
634 machineFolder = Cygwin.cygPath(VMManager.machineFolder)
635 # remove .ssh folder if exists
636 Cygwin.bashExecute('/usr/bin/rm -rf \\\"' + machineFolder + '/' + vm_name + '/.ssh\\\"')
637 # remove .ssh folder if exists
638 Cygwin.bashExecute('/usr/bin/rm -rf \\\"' + machineFolder + '/' + vm_name + '/dvm_key\\\"')
639 # create .ssh folder in vm_name
640 Cygwin.bashExecute('/usr/bin/mkdir -p \\\"' + machineFolder + '/' + vm_name + '/.ssh\\\"')
641 # generate dvm_key pair in vm_name / .ssh
642 Cygwin.bashExecute('/usr/bin/ssh-keygen -q -t rsa -N \\\"\\\" -C \\\"' + vm_name + '\\\" -f \\\"' + machineFolder + '/' + vm_name + '/.ssh/dvm_key\\\"')
643 # move out private key
644 Cygwin.bashExecute('/usr/bin/mv \\\"' + machineFolder + '/' + vm_name + '/.ssh/dvm_key\\\" \\\"' + machineFolder + '/' + vm_name + '\\\"')
645 # set permissions for private key
646 Cygwin.bashExecute('/usr/bin/chmod 500 \\\"' + machineFolder + '/' + vm_name + '/dvm_key\\\"')
647 # rename public key to authorized_keys
648 Cygwin.bashExecute('/usr/bin/mv \\\"' + machineFolder + '/' + vm_name + '/.ssh/dvm_key.pub\\\" \\\"' + machineFolder + '/' + vm_name + '/.ssh/authorized_keys\\\"')
649 # set permissions for authorized_keys
650 Cygwin.bashExecute('/usr/bin/chmod 500 \\\"' + machineFolder + '/' + vm_name + '/.ssh/authorized_keys\\\"')
651 # generate iso image with .ssh/authorized keys
652 Cygwin.bashExecute('/usr/bin/genisoimage -J -R -o \\\"' + machineFolder + '/' + vm_name + '/'+ vm_name + '.iso\\\" \\\"' + machineFolder + '/' + vm_name + '/.ssh\\\"')
654 # attaches generated ssh public cert to guest vm
655 def attachCertificate(self, vm_name):
656 if self.isCertificateAttached(vm_name):
657 self.detachCertificate(vm_name)
658 Cygwin.vboxExecute('storageattach ' + vm_name + ' --storagectl SATA --port 1 --device 0 --type dvddrive --mtype readonly --medium \"' + VMManager.machineFolder + '\\' + vm_name + '\\'+ vm_name + '.iso\"')
660 # return true if storage is attached
661 def isCertificateAttached(self, vm_name):
662 info = self.getVMInfo(vm_name)
663 return (info['SATA-1-0']!='none')
665 # detach storage from controller
666 def detachCertificate(self, vm_name):
667 if self.isCertificateAttached(vm_name):
668 Cygwin.vboxExecute('storageattach ' + vm_name + ' --storagectl SATA --port 1 --device 0 --type hdd --medium none')
670 # wait for machine to come up
671 def waitStartup(self, vm_name):
672 #Cygwin.vboxExecute('guestproperty wait ' + vm_name + ' SDVMStarted --timeout ' + str(timeout_ms) + ' --fail-on-timeout', try_count = 60)
675 result = Cygwin.vboxExecute('guestproperty get ' + vm_name + ' SDVMStarted')[1]
676 if "Value: True" in result:
680 return self.getHostOnlyIP(vm_name)
682 # wait for machine to shutdown
683 def waitShutdown(self, vm_name):
684 while vm_name in self.listRunningVMS():
688 #Small function to check if the mentioned location is a directory
689 def isDirectory(self, path):
690 result = Cygwin.cmdExecute('dir ' + path + ' | FIND ".."')
691 return string.find(result[1], 'DIR',)
693 def genNetworkDrive(self):
694 logical_drives = VMManager.getLogicalDrives()
695 logger.info("Used logical drive letters: "+ str(logical_drives).strip('[]') )
696 drives = list(map(chr, range(68, 91)))
698 if drive not in logical_drives:
702 def getLogicalDrives():
703 drive_bitmask = ctypes.cdll.kernel32.GetLogicalDrives()
704 drives = list(itertools.compress(string.ascii_uppercase, map(lambda x:ord(x) - ord('0'), bin(drive_bitmask)[:1:-1])))
708 def getDriveType(drive):
709 return ctypes.cdll.kernel32.GetDriveTypeW(u"%s:\\"%drive)
712 def getNetworkPath(drive):
713 return win32wnet.WNetGetConnection(drive+':')
716 def getVolumeInfo(drive):
717 volumeNameBuffer = ctypes.create_unicode_buffer(1024)
718 fileSystemNameBuffer = ctypes.create_unicode_buffer(1024)
720 max_component_length = None
721 file_system_flags = None
723 rc = ctypes.cdll.kernel32.GetVolumeInformationW(
726 ctypes.sizeof(volumeNameBuffer),
728 max_component_length,
730 fileSystemNameBuffer,
731 ctypes.sizeof(fileSystemNameBuffer)
733 return volumeNameBuffer.value, fileSystemNameBuffer.value
735 def getNetworkDrive(self, vm_name):
736 ip = self.getHostOnlyIP(vm_name)
738 logger.error("Failed getting hostonly IP for " + vm_name)
740 logger.info("Got IP address for " + vm_name + ': ' + ip)
741 for drive in VMManager.getLogicalDrives():
742 #if is a network drive
743 if VMManager.getDriveType(drive) == 4:
744 network_path = VMManager.getNetworkPath(drive)
745 if ip in network_path:
749 def getNetworkDrives(self):
750 ip = self.getHostOnlyIP(None)
752 logger.error("Failed getting hostonly IP for system")
754 logger.info("Got IP address for system: " + ip)
755 ip = ip[:ip.rindex('.')]
756 network_drives = dict()
757 for drive in VMManager.getLogicalDrives():
758 #if is a network drive
759 if VMManager.getDriveType(drive) == 4:
760 network_path = VMManager.getNetworkPath(drive)
761 if ip in network_path:
762 network_drives[drive] = network_path
763 return network_drives
765 # handles browsing request
766 def handleBrowsingRequest(self, proxy):
767 showTrayMessage('Starting Secure Browsing...', 7000)
768 handler = BrowsingHandler(self, proxy)
772 def getActiveUserName(self):
773 key = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI')
774 v = str(win32api.RegQueryValueEx(key, 'LastLoggedOnUser')[0])
775 win32api.RegCloseKey(key)
776 user_name = win32api.ExpandEnvironmentStrings(v)
779 def getUserSID(self, user_name):
780 domain, user = user_name.split("\\")
781 account_name = win32security.LookupAccountName(domain, user)
782 if account_name == None:
783 logger.error("Failed lookup account name for user " + user_name)
785 sid = win32security.ConvertSidToStringSid(account_name[0])
787 logger.error("Failed converting SID for account " + account_name[0])
791 def getAppDataDir(self, sid):
792 key = win32api.RegOpenKey(win32con.HKEY_USERS, sid + '\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders')
793 value, type = win32api.RegQueryValueEx(key, "AppData")
794 win32api.RegCloseKey(key)
797 #key = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList' + '\\' + sid)
798 #value, type = win32api.RegQueryValueEx(key, "ProfileImagePath")
801 def backupFile(self, src, dest):
802 certificate = Cygwin.cygPath(self.getMachineFolder()) + '/' + self.browsingManager.vm_name + '/dvm_key'
803 command = '-r -o StrictHostKeyChecking=no -i "' + certificate + '" "osecuser@' + self.browsingManager.ip_addr + ':' + src + '" "' + dest + '"'
804 return Cygwin.execute(Cygwin.cygwin_scp, command, wait_return=True, window=False)
806 def restoreFile(self, src, dest):
807 certificate = Cygwin.cygPath(self.getMachineFolder()) + '/' + self.browsingManager.vm_name + '/dvm_key'
808 #command = '-r -v -o StrictHostKeyChecking=no -i \"' + certificate + '\" \"' + src + '\" \"osecuser@' + self.browsingManager.ip_addr + ':' + dest + '\"'
809 command = '-r -o StrictHostKeyChecking=no -i "' + certificate + '" "' + src + '" "osecuser@' + self.browsingManager.ip_addr + ':' + dest + '"'
810 return Cygwin.execute(Cygwin.cygwin_scp, command, wait_return=True, window=False)
812 #handles browsing session creation
813 class BrowsingHandler(threading.Thread):
816 def __init__(self, vmmanager, proxy):
817 threading.Thread.__init__(self)
822 #browser = '\\\"/usr/bin/chromium; pidof dbus-launch | xargs kill\\\"'
823 #browser = '\\\"/usr/bin/chromium\\\"'
827 browser = '\\\"export http_proxy='+self.proxy+'; /usr/bin/chromium\\\"'
829 browser = '\\\"/usr/bin/chromium\\\"'
830 self.vmm.browsingManager.started.wait()
831 result = Cygwin.sshExecuteX11(browser, self.vmm.browsingManager.ip_addr, 'osecuser', Cygwin.cygPath(self.vmm.getMachineFolder()) + '/' + self.vmm.browsingManager.vm_name + '/dvm_key')
832 self.vmm.backupFile('/home/osecuser/.config/chromium', self.vmm.browsingManager.appDataDir + '/OpenSecurity/')
834 logger.info("BrowsingHandler closing. Restarting browsing SDVM.")
836 self.vmm.browsingManager.restart.set()
839 # handles browsing Vm creation and destruction
840 class BrowsingManager(threading.Thread):
849 def __init__(self, vmmanager):
850 threading.Thread.__init__(self)
852 self.restart = threading.Event()
853 self.started = threading.Event()
864 if self.net_resource == None:
865 logger.info("Missing browsing SDVM's network share. Skipping disconnect")
868 browsing_vm = urllib2.urlopen('http://127.0.0.1:8090/netumount?'+'net_resource='+self.net_resource).readline()
869 self.net_resource = None
870 except urllib2.URLError:
871 logger.error("Network share disconnect failed. OpenSecurity Tray client not running.")
876 if self.vm_name != None:
877 self.vmm.poweroffVM(self.vm_name)
878 self.vmm.removeVM(self.vm_name)
881 self.vm_name = self.vmm.newSDVM()
882 self.vmm.attachStorage(self.vm_name)
883 self.vmm.genCertificate(self.vm_name)
884 self.vmm.attachCertificate(self.vm_name)
886 self.vmm.startVM(self.vm_name)
888 self.ip_addr = self.vmm.waitStartup(self.vm_name)
889 if self.ip_addr == None:
890 logger.error("Failed to get ip address")
893 logger.info("Got IP address for " + self.vm_name + ' ' + self.ip_addr)
896 self.net_resource = '\\\\' + self.ip_addr + '\\Download'
897 result = urllib2.urlopen('http://127.0.0.1:8090/netmount?'+'net_resource='+self.net_resource).readline()
898 except urllib2.URLError:
899 logger.error("Network drive connect failed. OpenSecurity Tray client not running.")
900 self.net_resource = None
903 user = self.vmm.getActiveUserName()
905 logger.error("Cannot get active user name")
908 logger.info('Got active user name ' + user)
909 sid = self.vmm.getUserSID(user)
911 logger.error("Cannot get SID for active user")
914 logger.info("Got active user SID " + sid + " for user " + user)
916 path = self.vmm.getAppDataDir(sid)
918 logger.error("Cannot get AppDataDir for active user")
921 logger.info("Got AppData dir for user " + user + ': ' + path)
923 self.appDataDir = Cygwin.cygPath(path)
924 logger.info("Restoring browser settings in AppData dir " + self.appDataDir)
925 # create OpenSecurity settings dir on local machine user home /AppData/Roaming
926 Cygwin.bashExecute('/usr/bin/mkdir -p \\\"' + self.appDataDir + '/OpenSecurity\\\"')
927 # create chromium settings dir on local machine if not existing
928 Cygwin.bashExecute('/usr/bin/mkdir -p \\\"' + self.appDataDir + '/OpenSecurity/chromium\\\"')
929 # create chromium settings dir on remote machine if not existing
930 Cygwin.sshExecute('"mkdir -p \\\"/home/osecuser/.config\\\""', self.ip_addr, 'osecuser', Cygwin.cygPath(self.vmm.getMachineFolder()) + '/' + self.vm_name + '/dvm_key')
931 #restore settings on vm
932 self.vmm.restoreFile(self.appDataDir + '/OpenSecurity/chromium', '/home/osecuser/.config/')
934 logger.info("Browsing SDVM running.")
936 except Exception as e:
937 logger.error("Unexpected error: ".join(e))
938 logger.error("BrowsingHandler failed. Cleaning up")
941 class DeviceHandler(threading.Thread):
946 def __init__(self, vmmanger):
947 threading.Thread.__init__(self)
954 self.existingRSDs = dict()
955 self.attachedRSDs = self.vmm.getAttachedRSDs()
958 tmp_rsds = self.vmm.getExistingRSDs()
959 if tmp_rsds.keys() == self.existingRSDs.keys():
960 logger.debug("Nothing's changed. sleep(3)")
964 showTrayMessage('System changed.\nEvaluating...', 7000)
965 logger.info("Something's changed")
966 tmp_attached = self.attachedRSDs
967 for vm_name in tmp_attached.keys():
968 if tmp_attached[vm_name] not in tmp_rsds.values():
969 ip = self.vmm.getHostOnlyIP(vm_name)
971 logger.error("Failed getting hostonly IP for " + vm_name)
974 net_resource = '\\\\' + ip + '\\USB'
975 result = urllib2.urlopen('http://127.0.0.1:8090/netumount?'+'net_resource='+net_resource).readline()
976 except urllib2.URLError:
977 logger.error("Network drive disconnect failed. OpenSecurity Tray client not running.")
980 # detach not necessary as already removed from vm description upon disconnect
981 #self.vmm.detachRSD(vm_name, self.attachedRSDs[vm_name])
982 del self.attachedRSDs[vm_name]
983 self.vmm.poweroffVM(vm_name)
984 self.vmm.removeVM(vm_name)
987 #create new vms for new devices if any
989 for new_device in tmp_rsds.values():
990 showTrayMessage('Mounting device...', 7000)
991 if (self.attachedRSDs and False) or (new_device not in self.attachedRSDs.values()):
992 new_sdvm = self.vmm.newSDVM()
993 self.vmm.attachStorage(new_sdvm)
994 self.vmm.startVM(new_sdvm)
995 new_ip = self.vmm.waitStartup(new_sdvm)
997 logger.error("Error getting IP address of SDVM. Cleaning up.")
998 self.vmm.poweroffVM(new_sdvm)
999 self.vmm.removeVM(new_sdvm)
1002 logger.info("Got IP address for " + new_sdvm + ' ' + new_ip)
1004 self.vmm.attachRSD(new_sdvm, new_device)
1005 self.attachedRSDs[new_sdvm] = new_device
1007 logger.info("RSD prematurely removed. Cleaning up.")
1008 self.vmm.poweroffVM(new_sdvm)
1009 self.vmm.removeVM(new_sdvm)
1012 net_resource = '\\\\' + new_ip + '\\USB'
1013 result = urllib2.urlopen('http://127.0.0.1:8090/netmount?'+'net_resource='+net_resource).readline()
1014 except urllib2.URLError:
1015 logger.error("Network drive connect failed (tray client not accessible). Cleaning up.")
1016 self.vmm.poweroffVM(new_sdvm)
1017 self.vmm.removeVM(new_sdvm)
1020 self.existingRSDs = tmp_rsds