opensecurity: OpenSecurity/bin/opensecurity_client_restful

     1 #!/bin/env python

     2 # -*- coding: utf-8 -*-

     4 # ------------------------------------------------------------

     5 # opensecurity_client_restful_server

6 #

     7 # the OpenSecurity client RESTful server

8 #

     9 # Autor: Oliver Maurhart, <oliver.maurhart@ait.ac.at>

    10 #

    11 # Copyright (C) 2013 AIT Austrian Institute of Technology

    12 # AIT Austrian Institute of Technology GmbH

    13 # Donau-City-Strasse 1 | 1220 Vienna | Austria

    14 # http://www.ait.ac.at

    15 #

    16 # This program is free software; you can redistribute it and/or

    17 # modify it under the terms of the GNU General Public License

    18 # as published by the Free Software Foundation version 2.

    19 #

    20 # This program is distributed in the hope that it will be useful,

    21 # but WITHOUT ANY WARRANTY; without even the implied warranty of

    22 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

    23 # GNU General Public License for more details.

    24 #

    25 # You should have received a copy of the GNU General Public License

    26 # along with this program; if not, write to the Free Software

    27 # Foundation, Inc., 51 Franklin Street, Fifth Floor,

    28 # Boston, MA  02110-1301, USA.

    29 # ------------------------------------------------------------

    32 # ------------------------------------------------------------

    33 # imports

    35 import os

    36 import os.path

    37 import subprocess

    38 import sys

    39 import urllib

    40 import urllib2

    41 import web

    43 # local

    44 from environment import Environment

    45 from notification import Notification

    48 # ------------------------------------------------------------

    49 # const

    52 __version__ = "0.2"

    55 """All the URLs we know mapping to class handler"""

    56 opensecurity_urls = (

    57     #'/application',             'os_application',

    58     '/credentials',             'os_credentials',

    59     '/notification',            'os_notification',

    60     '/password',                'os_password',

    61     '/',                        'os_root'

    62 )

    65 # ------------------------------------------------------------

    66 # code

    69 # class os_application:

    70 #

    71 # PRESUMLY DEAD CODE

    72 #

    73     # """OpenSecurity '/application' handler.

    75     # This is called on GET /application?vm=VM-ID&app=APP-ID

    76     # This tries to access the vm identified with the label VM-ID

    77     # and launched the application identified APP-ID

    78     # """

    80     # def GET(self):

    82         # # pick the arguments

    83         # args = web.input()

    85         # # we _need_ a vm

    86         # if not "vm" in args:

    87             # raise web.badrequest('no vm given')

    89         # # we _need_ a app

    90         # if not "command" in args:

    91             # raise web.badrequest('no app given')

    93         # # check if we do have valid vm

    94         # v = [v for v in vms if v['name'] == args.vm]

    95         # if len(v) == 0:

    96             # raise web.notfound('vm not found')

    97         # v = v[0]

    99         # # check if we do have a valid app

   100         # a = [a for a in apps if a['name'] == args.app]

   101         # if len(a) == 0:

   102             # raise web.notfound('app not found')

   103         # a = a[0]

   105         # # invoke launch with

   106         # res = "starting: launch " + v['user'] + " " + v['ip'] + " " + a['command']

   108         # launch_image = os.path.join(sys.path[0], 'launch.py')

   109         # process_command = [sys.executable, launch_image, v['user'], v['ip'], a['command']]

   110         # process = subprocess.Popen(process_command, shell = False, stdout = subprocess.PIPE)

   111         # result = process.communicate()[0]

   112         # if process.returncode != 0:

   113             # return 'Launch of application aborted.'

   115         # return result

   118 class os_credentials:

   119     """OpenSecurity '/credentials' handler.

   121     This is called on GET /credentials?text=TEXT.

   122     Ideally this should pop up a user dialog to insert his

   123     credentials based the given TEXT.

   124     """

   126     def GET(self):

   128         # pick the arguments

   129         args = web.input()

   131         # we _need_ a text

   132         if not "text" in args:

   133             raise web.badrequest('no text given')

   135         # invoke the user dialog as a subprocess

   136         dlg_image = os.path.join(sys.path[0], 'opensecurity_dialog.py')

   137         process_command = [sys.executable, dlg_image, 'credentials', args.text]

   138         process = subprocess.Popen(process_command, shell = False, stdout = subprocess.PIPE)

   139         result = process.communicate()[0]

   140         if process.returncode != 0:

   141             return 'Credentials request has been aborted.'

   143         return result

   146 class os_notification:

   147     """OpenSecurity '/notification' handler.

   149     This is called on GET /notification?msgtype=TYPE&text=TEXT.

   150     This will pop up an OpenSecurity notifcation window

   151     """

   153     def GET(self):

   155         # pick the arguments

   156         args = web.input()

   158         # we _need_ a type

   159         if not "msgtype" in args:

   160             raise web.badrequest('no msgtype given')

   162         if not args.msgtype in Notification.TYPES:

   163             raise web.badrequest('Unknown value for msgtype')

   165         # we _need_ a text

   166         if not "text" in args:

   167             raise web.badrequest('no text given')

   169         # invoke the user dialog as a subprocess

   170         dlg_image = os.path.join(sys.path[0], 'opensecurity_dialog.py')

   171         process_command = [sys.executable, dlg_image, 'notification-' + args.msgtype, args.text]

   172         process = subprocess.Popen(process_command, shell = False, stdout = subprocess.PIPE)

   173         return "Ok"

   176 class os_password:

   177     """OpenSecurity '/password' handler.

   179     This is called on GET /password?text=TEXT.

   180     Ideally this should pop up a user dialog to insert his

   181     password based device name.

   182     """

   184     def GET(self):

   186         # pick the arguments

   187         args = web.input()

   189         # we _need_ a text

   190         if not "text" in args:

   191             raise web.badrequest('no text given')

   193         # remember remote ip

   194         remote_ip = web.ctx.environ['REMOTE_ADDR']

   196         # invoke the user dialog as a subprocess

   197         dlg_image = os.path.join(sys.path[0], 'opensecurity_dialog.py')

   198         process_command = [sys.executable, dlg_image, 'password', args.text]

   199         process = subprocess.Popen(process_command, shell = False, stdout = subprocess.PIPE)

   200         result = process.communicate()[0]

   201         if process.returncode != 0:

   202             return 'password request has been aborted.'

   204         # all ok, tell send request back appropriate destination

   206         # the returned value of the dialog is a jason object like

   207         # "{ 'password': 'THE_PASSWORD' }"

   208         # so we _could_ call eval(...) on this.

   209         #

   210         # However, anyone malicious enough _could_ encode a certain

   211         # "password" making some nasty things within that eval code. :(

   212         #

   213         # So this is plain old-school string hacking then ...

   214         try:

   215             password = result.split(':')[1].split("'")[1]

   216         except:

   217             raise web.internalerror('error in password parsing')

   219         url_addr = 'http://' + remote_ip + ':58080/password'

   220         url_data = urllib.urlencode({ 'password': password})

   221         req = urllib2.Request(url = url_addr + '?' + url_data)

   222         try:

   223             res = urllib2.urlopen(req)

   224         except:

   225             raise web.internalerror('failed to contact: ' + url_addr)

   227         return 'password told'

   230 class os_root:

   231     """OpenSecurity '/' handler"""

   233     def GET(self):

   235         res = "OpenSecurity-Client RESTFul Server { \"version\": \"%s\" }" % __version__

   237         # add some sample links

   238         res = res + """

   240 USAGE EXAMPLES:

   242 Request a password:

   243     (copy paste this into your browser's address field after the host:port)

   245     /password?text=Give+me+a+password+for+device+%22My+USB+Drive%22+(ID%3A+32090-AAA-X0)

   247     (eg.: http://127.0.0.1:8090/password?text=Give+me+a+password+for+device+%22My+USB+Drive%22+(ID%3A+32090-AAA-X0))

   248     NOTE: check yout taskbar, the dialog window may not pop up in front of your browser window.

   251 Request a combination of user and password:

   252     (copy paste this into your browser's address field after the host:port)

   254     /credentials?text=Tell+the+NSA+which+credentials+to+use+in+order+to+avoid+hacking+noise+on+wire.

   256     (eg.: http://127.0.0.1:8090/credentials?text=Tell+the+NSA+which+credentials+to+use+in+order+to+avoid+hacking+noise+on+wire.)

   257     NOTE: check yout taskbar, the dialog window may not pop up in front of your browser window.

   260 Start a Browser:

   261     (copy paste this into your browser's address field after the host:port)

   263     /application?vm=Debian+7&app=Browser

   265     (e.g. http://127.0.0.1:8090/application?vm=Debian+7&app=Browser)

   266         """

   268         return res

   271 # start

   272 if __name__ == "__main__":

   273     server = web.application(opensecurity_urls, globals())

   274     server.run()

author	mb
	Thu, 09 Jan 2014 10:44:42 +0100
changeset 46	f659d8fb57a8
parent 31	d95fe93d7a83
child 90	bfd41c38d156
permissions	-rwxr-xr-x