2 # -*- coding: utf-8 -*-
4 # ------------------------------------------------------------
7 # the opensecurityd as RESTful server
9 # Autor: Oliver Maurhart, <oliver.maurhart@ait.ac.at>
11 # Copyright (C) 2013 AIT Austrian Institute of Technology
12 # AIT Austrian Institute of Technology GmbH
13 # Donau-City-Strasse 1 | 1220 Vienna | Austria
14 # http://www.ait.ac.at
16 # This program is free software; you can redistribute it and/or
17 # modify it under the terms of the GNU General Public License
18 # as published by the Free Software Foundation version 2.
20 # This program is distributed in the hope that it will be useful,
21 # but WITHOUT ANY WARRANTY; without even the implied warranty of
22 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 # GNU General Public License for more details.
25 # You should have received a copy of the GNU General Public License
26 # along with this program; if not, write to the Free Software
27 # Foundation, Inc., 51 Franklin Street, Fifth Floor,
28 # Boston, MA 02110-1301, USA.
29 # ------------------------------------------------------------
32 # ------------------------------------------------------------
45 from cygwin import Cygwin
46 from environment import Environment
47 from opensecurity_util import logger
50 # ------------------------------------------------------------
56 """All the URLs we know mapping to class handler"""
58 '/browsing', 'os_browsing', # http://localhost:8080/browsing GET
59 '/fetch_initial_image', 'os_fetch_image', # http://localhost:8080/fetch_initial_image GET
60 '/init', 'os_init', # http://localhost:8080/init GET
61 '/sdvms', 'os_sdvms', # http://localhost:8080/sdvms GET, PUT
62 '/sdvms/(.*)/application/(.*)', 'os_sdvm_application', # http://localhost:8080/sdvms/[VMNAME]/application/[COMMAND] GET
63 '/sdvms/(.*)/ip', 'os_sdvm_ip', # http://localhost:8080/sdvms/[VMNAME]/ip GET
64 '/sdvms/(.*)/start', 'os_sdvm_start', # http://localhost:8080/sdvms/[VMNAME]/start GET
65 '/sdvms/(.*)/stop', 'os_sdvm_stop', # http://localhost:8080/sdvms/[VMNAME]/stop GET
66 '/sdvms/(.*)', 'os_sdvm', # http://localhost:8080/sdvms/[VMNAME] GET, DELETE
67 '/vms', 'os_vms', # http://localhost:8080/vms GET
68 '/vms/(.*)', 'os_vm', # http://localhost:8080/vms/[VMNAME] GET
69 '/update_template', 'os_update_template', # http://localhost:8080/update_template GET
70 '/terminate', 'os_terminate', # http://localhost:8080/terminate GET
71 '/', 'os_root' # http://localhost:8080/ GET
75 # ------------------------------------------------------------
78 # Global VMManager instance
82 # ------------------------------------------------------------
87 """OpenSecurity '/browsing' handler
89 - GET: Start and prepare a new SecurityVM for Internet Browsing. Return the name of the VM.
93 log_call(web.ctx.environ)
96 result = gvm_mgr.handleBrowsingRequest()
99 raise web.internalerror()
102 class os_fetch_image:
103 """OpenSecurity '/fetch_initial_image' handler
105 - GET: fetch the initial image from the X-Net Servers
106 The initial image is stored in the
107 Virtual Box default machine path.
108 The result to this call is a temprary file
109 which shows the progress (or error state)
115 log_call(web.ctx.environ)
118 trace_file_name = os.path.join(tempfile.gettempdir(), 'OpenSecurity_fetch_image.log')
119 trace_file = open(trace_file_name, 'w+')
121 machine_folder = Cygwin.cygPath(gvm_mgr.getMachineFolder())
122 download_initial_image_script = '/OpenSecurity/bin/download_initial_image.sh \'' + machine_folder + '\''
123 Cygwin.bashExecute(download_initial_image_script, wait_return = False, stdout = trace_file, stderr = trace_file)
125 return trace_file_name
129 """OpenSecurity '/init' handler
131 - GET: Do initial import of OsecVM.ova
135 log_call(web.ctx.environ)
138 trace_file_name = os.path.join(tempfile.gettempdir(), 'OpenSecurity_initial_import.log')
139 trace_file = open(trace_file_name, 'w+')
141 vm_image = Cygwin.cygPath(gvm_mgr.getMachineFolder()) + '/OsecVM.ova'
142 initial_import_script = '/OpenSecurity/bin/initial_vm.sh \'' + vm_image + '\''
143 Cygwin.bashExecute(initial_import_script, wait_return = False, stdout = trace_file, stderr = trace_file)
145 return trace_file_name
149 """OpenSecurity '/' handler
151 - GET: give information about current installation.
155 log_call(web.ctx.environ)
157 res = "'os_server': { "
158 res += "'version': '" + __version__ + "', "
159 res += "'virtual box systemproperties': '" + str(gvm_mgr.systemProperties) + "', "
160 res += "'current temporary folder': '" + tempfile.gettempdir() + "' "
166 """OpenSecurity '/sdvms/[VM]' handler
168 - GET: Information about a specific SecurityVM
169 - DELETE: Remove a specific
173 log_call(web.ctx.environ)
175 return gvm_mgr.getVMInfo(name)
177 def DELETE(self, name):
178 log_call(web.ctx.environ)
180 return gvm_mgr.removeVM(name)
183 class os_sdvm_application:
184 """OpenSecurity '/sdvms/[VM]/application/[CMD]' handler
186 - GET: start application with given command in the VM.
189 def GET(self, name, command):
190 log_call(web.ctx.environ)
192 command = '/' + command
193 result = Cygwin.sshExecuteX11(command, gvm_mgr.getHostOnlyIP(name), 'osecuser', Cygwin.cygPath(gvm_mgr.getMachineFolder()) + '/' + name + '/dvm_key' )
194 self.poweroffVM(name)
195 return gvm_mgr.removeVM(name)
199 """OpenSecurity '/sdvms/[VM]/ip' handler
201 - GET: give IP of SecurityVM.
205 log_call(web.ctx.environ)
207 return gvm_mgr.getHostOnlyIP(name)
211 """OpenSecurity '/sdvms/[VM]/start' handler
213 - GET: Start specific SecuirtyVM.
217 log_call(web.ctx.environ)
219 return gvm_mgr.startVM(name)
223 """OpenSecurity '/sdvms/[VM]/stop' handler
225 - GET: stop specific Secuirty VM.
229 log_call(web.ctx.environ)
231 return gvm_mgr.stopVM(name)
235 """OpenSecurity '/sdvms' handler
237 - GET: list all available secuirty VMs.
238 - POST: create new security vm.
242 """get the list of SDVMs"""
243 log_call(web.ctx.environ)
245 return gvm_mgr.listSDVM()
248 """create a new SDVM"""
249 log_call(web.ctx.environ)
253 name = gvm_mgr.generateSDVMName()
255 gvm_mgr.createVM(name)
257 raise web.internalerror()
263 """OpenSecurity '/terminate' handler
265 - GET: terminate the opensecurityd.
267 YES: this here is bonkers. But the web.py http
268 server runs infinite until a SystemExit exception
269 or KeyboardInterrupt exception is raised.
271 see: site-packages/web/httpserver.py - line 157ff
272 see: site-packages/web/wsgiserver/__init__.py - line 1682ff
274 So, we invoke a sys.exit(0) here to trigger server.stop().
276 TODO: need to find a better way doing this, and not via the
277 REST api. Maybe hack web.py server code?
281 log_call(web.ctx.environ)
289 class os_update_template:
290 """OpenSecurity '/update_template' handler
292 - GET: update template vm
296 #return gvm_mgr.guestExecute('SecurityDVM', 'sudo apt-get -y update')
298 log_call(web.ctx.environ)
299 return gvm_mgr.updateTemplate()
303 """OpenSecurity '/vms/[VM]' handler
305 - GET: list information of arbitrary VM.
309 log_call(web.ctx.environ)
311 return gvm_mgr.getVMInfo(name)
315 """OpenSecurity '/vms' handler
317 - GET: list all (also non Security) VMs.
321 log_call(web.ctx.environ)
323 return gvm_mgr.listVM()
326 def log_call(web_environ):
327 """log the incoming call to the REST api"""
329 call = 'REST ' + web_environ['REQUEST_METHOD'] + ' ' + web_environ['REQUEST_URI'] + ' from ' + web_environ['REMOTE_ADDR'] + ':' + web_environ['REMOTE_PORT']
336 """main startup for the opensecuirityd"""
338 logger.debug('Starting OpenSecurity REST server')
340 # ensure a VMManger is yet loaded
342 gvm_mgr = vmmanager.VMManager.getInstance()
344 server = web.application(opensecurity_urls, globals(), autoreload = False)
347 logger.debug('Stopped OpenSecurity REST server')
351 """stop the opensecuirityd"""
353 # calling sys.exit() raises a SystemExit exception
354 # of the WSGI Server to let it wind down
361 if __name__ == "__main__":