# HG changeset patch # User om # Date 1386680651 -3600 # Node ID d95fe93d7a8321e8261608763985d6869dc00c93 # Parent 0d5637405430e93e0003cabe4c0920ff581e5455 opensecurityd can now invoke applications on vm diff -r 0d5637405430 -r d95fe93d7a83 OpenSecurity/bin/launch.py --- a/OpenSecurity/bin/launch.py Tue Dec 10 12:16:11 2013 +0100 +++ b/OpenSecurity/bin/launch.py Tue Dec 10 14:04:11 2013 +0100 @@ -36,6 +36,8 @@ import os import subprocess import sys +import urllib +import urllib2 from PyQt4 import QtCore from PyQt4 import QtGui @@ -44,7 +46,6 @@ from about import About from cygwin import Cygwin from environment import Environment -import opensecurity_server # ------------------------------------------------------------ @@ -61,17 +62,25 @@ self.setWindowTitle('OpenSecuirty Launch Application') self.setup_ui() - # known vms and applications - self._apps, self_vms = [], [] - # positionate ourself central screen = QtGui.QDesktopWidget().screenGeometry() self.resize(self.geometry().width() * 1.25, self.geometry().height()) size = self.geometry() self.move((screen.width() - size.width()) / 2, (screen.height() - size.height()) / 2) - # refresh vm and command input - self.refresh() + self._vms = [ { 'name': 'SecurityDVM0', 'ip': '192.168.56.101' } ] + self._apps = [ { 'name': 'Browser', 'command': '/usr/bin/iceweasel' } ] + + # add the VMs we know + self._cbVM.clear() + for vm in self._vms: + self._cbVM.addItem(vm['name']) + + # add the commands we know + self._cbApplication.clear() + for app in self._apps: + self._cbApplication.addItem(app['name']) + def app_get(self): @@ -101,23 +110,6 @@ self.accept() - def refresh(self): - """load the known vms and commands and adjust input fields""" - - self._apps = opensecurity_server.query_apps() - self._vms = opensecurity_server.query_vms() - - # add the VMs we know - self._cbApplication.clear() - for app in self._apps: - self._cbApplication.addItem(app['name']) - - # add the commands we know - self._cbVM.clear() - for vm in self._vms: - self._cbVM.addItem(vm['name']) - - def setup_ui(self): """Create the widgets.""" @@ -192,17 +184,6 @@ btnAbout.clicked.connect(self.clicked_about) - def user_get(self): - """The user of the vm of choice.""" - v = str(self._cbVM.currentText()) - for vm in self._vms: - if v == vm['name']: - return vm['user'] - return v - - user = property(user_get) - - def vm_get(self): """The vm of choice.""" v = str(self._cbVM.currentText()) @@ -235,9 +216,9 @@ app.exec_() if dlg.result() == QtGui.QDialog.Accepted: - return dlg.user, dlg.vm, dlg.app + return dlg.vm, dlg.app - return '', '', '' + return '', '' def main(): @@ -245,40 +226,43 @@ # parse command line parser = argparse.ArgumentParser(description = 'OpenSecurity Launcher: run application in VM') - parser.add_argument('user', metavar='USER', help='USER on Virtual Machine', nargs='?', type=str, default='') parser.add_argument('ip', metavar='IP', help='IP of Virtual Machine', nargs='?', type=str, default='') parser.add_argument('command', metavar='COMMAND', help='Full path of command and arguments to start inside VM', nargs='?', type=str, default='') args = parser.parse_args() # we must have at least all or none set - set_user = args.user != '' set_ip = args.ip != '' set_command = args.command != '' - set_ALL = set_user and set_ip and set_command - set_NONE = (not set_user) and (not set_ip) and (not set_command) + set_ALL = set_ip and set_command + set_NONE = (not set_ip) and (not set_command) if (not set_ALL) and (not set_NONE): - sys.stderr.write("Please specify user, ip and command or none.\n") + sys.stderr.write("Please specify ip and command or none.\n") sys.stderr.write("Type '--help' for help.\n") sys.exit(1) # check if we need to ask the user if set_NONE: - args.user, args.ip, args.command = ask_user() + args.ip, args.command = ask_user() # still no IP? --> no chance, over and out! if args.ip == '': sys.exit(0) # ensure we have our X11 running - Cygwin.start_X11() + #Cygwin.start_X11() - # the SSH command - user_at_guest = args.user + '@' + args.ip - ssh = 'DISPLAY=:0 /usr/bin/ssh -Y ' + user_at_guest + ' ' + args.command - print(ssh) + # call the OpenSecurity Admin to launch our progie =) + url_vm = urllib.quote(args.ip) + url_command = urllib.quote(args.command) + print(url_vm) + print(url_command) - # off we go! - Cygwin()(['/bin/bash', '--login', '-i', '-c', ssh], None, None, None) + # user_at_guest = args.user + '@' + args.ip + # ssh = 'DISPLAY=:0 /usr/bin/ssh -Y ' + user_at_guest + ' ' + args.command + # print(ssh) + + # # off we go! + # Cygwin()(['/bin/bash', '--login', '-i', '-c', ssh], None, None, None) # start diff -r 0d5637405430 -r d95fe93d7a83 OpenSecurity/bin/opensecurity_client_restful_server.py --- a/OpenSecurity/bin/opensecurity_client_restful_server.py Tue Dec 10 12:16:11 2013 +0100 +++ b/OpenSecurity/bin/opensecurity_client_restful_server.py Tue Dec 10 14:04:11 2013 +0100 @@ -50,12 +50,12 @@ # const -__version__ = "0.1" +__version__ = "0.2" """All the URLs we know mapping to class handler""" opensecurity_urls = ( - '/application', 'os_application', + #'/application', 'os_application', '/credentials', 'os_credentials', '/notification', 'os_notification', '/password', 'os_password', @@ -67,53 +67,53 @@ # code -class os_application: - """OpenSecurity '/application' handler. +# class os_application: +# +# PRESUMLY DEAD CODE +# + # """OpenSecurity '/application' handler. - This is called on GET /application?vm=VM-ID&app=APP-ID - This tries to access the vm identified with the label VM-ID - and launched the application identified APP-ID - """ + # This is called on GET /application?vm=VM-ID&app=APP-ID + # This tries to access the vm identified with the label VM-ID + # and launched the application identified APP-ID + # """ - def GET(self): + # def GET(self): - # pick the arguments - args = web.input() + # # pick the arguments + # args = web.input() - # we _need_ a vm - if not "vm" in args: - raise web.badrequest('no vm given') + # # we _need_ a vm + # if not "vm" in args: + # raise web.badrequest('no vm given') - # we _need_ a app - if not "app" in args: - raise web.badrequest('no app given') + # # we _need_ a app + # if not "command" in args: + # raise web.badrequest('no app given') - apps = opensecurity_server.query_apps() - vms = opensecurity_server.query_vms() + # # check if we do have valid vm + # v = [v for v in vms if v['name'] == args.vm] + # if len(v) == 0: + # raise web.notfound('vm not found') + # v = v[0] - # check if we do have valid vm - v = [v for v in vms if v['name'] == args.vm] - if len(v) == 0: - raise web.notfound('vm not found') - v = v[0] + # # check if we do have a valid app + # a = [a for a in apps if a['name'] == args.app] + # if len(a) == 0: + # raise web.notfound('app not found') + # a = a[0] - # check if we do have a valid app - a = [a for a in apps if a['name'] == args.app] - if len(a) == 0: - raise web.notfound('app not found') - a = a[0] + # # invoke launch with + # res = "starting: launch " + v['user'] + " " + v['ip'] + " " + a['command'] + + # launch_image = os.path.join(sys.path[0], 'launch.py') + # process_command = [sys.executable, launch_image, v['user'], v['ip'], a['command']] + # process = subprocess.Popen(process_command, shell = False, stdout = subprocess.PIPE) + # result = process.communicate()[0] + # if process.returncode != 0: + # return 'Launch of application aborted.' - # invoke launch with - res = "starting: launch " + v['user'] + " " + v['ip'] + " " + a['command'] - - launch_image = os.path.join(sys.path[0], 'launch.py') - process_command = [sys.executable, launch_image, v['user'], v['ip'], a['command']] - process = subprocess.Popen(process_command, shell = False, stdout = subprocess.PIPE) - result = process.communicate()[0] - if process.returncode != 0: - return 'Launch of application aborted.' - - return result + # return result class os_credentials: diff -r 0d5637405430 -r d95fe93d7a83 OpenSecurity/bin/opensecurity_server.py --- a/OpenSecurity/bin/opensecurity_server.py Tue Dec 10 12:16:11 2013 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,69 +0,0 @@ -#!/bin/env python -# -*- coding: utf-8 -*- - -# ------------------------------------------------------------ -# opensecurity-server -# -# talk to the opensecurity server -# -# Autor: Oliver Maurhart, -# -# Copyright (C) 2013 AIT Austrian Institute of Technology -# AIT Austrian Institute of Technology GmbH -# Donau-City-Strasse 1 | 1220 Vienna | Austria -# http://www.ait.ac.at -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation version 2. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# ------------------------------------------------------------ - -# ------------------------------------------------------------ -# import - -from pprint import PrettyPrinter - - -# ------------------------------------------------------------ -# code - -def query_apps(): - """get the list of known apps""" - - # TODO: REPLACE THIS HARDCODED STUFF WITH REAL CODE TO THE OS SERVER - apps = [ - { 'vm': 'SecurityDVMBrowser', 'name': 'Browser', 'command': '/usr/bin/iceweasel'}, - ] - - return apps - - -def query_vms(): - """get the list of registered vms, their ip and the prefered user""" - - # TODO: REPLACE THIS HARDCODED STUFF WITH REAL CODE TO THE OS SERVER - vms = [ - { 'user': 'opensec', 'name': 'SecurityDVMBrowser', 'ip': '192.168.56.101'}, - ] - - return vms - - -# start -if __name__ == "__main__": - print("known apps: ") - PrettyPrinter().pprint(query_apps()) - print("known vms: ") - PrettyPrinter().pprint(query_vms()) - - diff -r 0d5637405430 -r d95fe93d7a83 OpenSecurity/bin/opensecurityd.py --- a/OpenSecurity/bin/opensecurityd.py Tue Dec 10 12:16:11 2013 +0100 +++ b/OpenSecurity/bin/opensecurityd.py Tue Dec 10 14:04:11 2013 +0100 @@ -47,21 +47,22 @@ # ------------------------------------------------------------ # const -__version__ = "0.1" +__version__ = "0.2" """All the URLs we know mapping to class handler""" opensecurity_urls = ( - '/device_change', 'os_device_change', # http://localhost:8080/device_change GET - '/sdvm_started', 'os_sdvm_started', # http://localhost:8080/sdvm_started GET - '/sdvms', 'os_sdvms', # http://localhost:8080/sdvms GET, PUT - '/sdvms/(.*)/ip', 'os_sdvm_ip', # http://localhost:8080/sdvms/[VMNAME]/ip GET - '/sdvms/(.*)/start', 'os_sdvm_start', # http://localhost:8080/sdvms/[VMNAME]/start GET - '/sdvms/(.*)/stop', 'os_sdvm_stop', # http://localhost:8080/sdvms/[VMNAME]/stop GET - '/sdvms/(.*)', 'os_sdvm', # http://localhost:8080/sdvms/[VMNAME] GET, DELETE - '/vms', 'os_vms', # http://localhost:8080/vms GET - '/vms/(.*)', 'os_vm', # http://localhost:8080/vms/[VMNAME] GET - '/', 'os_root' # http://localhost:8080/ GET + '/device_change', 'os_device_change', # http://localhost:8080/device_change GET + '/browsing', 'os_browsing', # http://localhost:8080/browsing GET + '/sdvms', 'os_sdvms', # http://localhost:8080/sdvms GET, PUT + '/sdvms/(.*)/application/(.*)', 'os_sdvm_application', # http://localhost:8080/sdvms/[VMNAME]/application/[COMMAND] GET + '/sdvms/(.*)/ip', 'os_sdvm_ip', # http://localhost:8080/sdvms/[VMNAME]/ip GET + '/sdvms/(.*)/start', 'os_sdvm_start', # http://localhost:8080/sdvms/[VMNAME]/start GET + '/sdvms/(.*)/stop', 'os_sdvm_stop', # http://localhost:8080/sdvms/[VMNAME]/stop GET + '/sdvms/(.*)', 'os_sdvm', # http://localhost:8080/sdvms/[VMNAME] GET, DELETE + '/vms', 'os_vms', # http://localhost:8080/vms GET + '/vms/(.*)', 'os_vm', # http://localhost:8080/vms/[VMNAME] GET + '/', 'os_root' # http://localhost:8080/ GET ) @@ -83,15 +84,28 @@ gvm_mgr.handleDeviceChange() return "os_device_change" -class os_sdvm_started: - """OpenSecurity '/sdvm_started' handler""" + +class os_browsing: + """OpenSecurity '/browsing' handler + + - GET: Start and prepare a new SecurityVM for Internet Browsing. Return the name of the VM. + """ def GET(self): - # self.request get address - return "os_sdvm_started" + try: + browsingVM = gvm_mgr.handleBrowsingRequest() + gvm_mgr.startVM(browsingVM) + return browsingVM + except: + raise web.internalerror() + class os_sdvm: - """OpenSecurity '/sdvms/[VM]' handler""" + """OpenSecurity '/sdvms/[VM]' handler + + - GET: Information about a specific SecurityVM + - DELETE: Remove a specific + """ def GET(self, name): return gvm_mgr.getVMInfo(name) @@ -100,35 +114,60 @@ return gvm_mgr.removeVM(name) +class os_sdvm_application: + """OpenSecurity '/sdvms/[VM]/application/[CMD]' handler + + - GET: start application with given command in the VM. + """ + + def GET(self, name, command): + command = '/' + command + print('---> request to launch application in VM -- ' + name + ':' + command + ' <---') + return gvm_mgr.sshGuestX11Execute(name, command) + + class os_sdvm_ip: - """OpenSecurity '/sdvms/[VM]/ip' handler""" + """OpenSecurity '/sdvms/[VM]/ip' handler + + - GET: give IP of SecurityVM. + """ def GET(self, name): return gvm_mgr.getHostOnlyIP(name) class os_sdvm_start: - """OpenSecurity '/sdvms/[VM]/start' handler""" + """OpenSecurity '/sdvms/[VM]/start' handler + + - GET: Start specific SecuirtyVM. + """ def GET(self, name): return gvm_mgr.startVM(name) class os_sdvm_stop: - """OpenSecurity '/sdvms/[VM]/stop' handler""" + """OpenSecurity '/sdvms/[VM]/stop' handler + + - GET: stop specific Secuirty VM. + """ def GET(self, name): return gvm_mgr.stopVM(name) class os_sdvms: - """OpenSecurity '/sdvms' handler""" + """OpenSecurity '/sdvms' handler + + - GET: list all available secuirty VMs. + - POST: create new security vm. + """ def GET(self): """get the list of SDVMs""" return gvm_mgr.listSDVM() - def PUT(self): + def POST(self): """create a new SDVM""" # get a new vm-name @@ -141,21 +180,30 @@ return name class os_vm: - """OpenSecurity '/vms/[VM]' handler""" + """OpenSecurity '/vms/[VM]' handler + + - GET: list information of arbitrary VM. + """ def GET(self, name): return gvm_mgr.getVMInfo(name) class os_vms: - """OpenSecurity '/vms' handler""" + """OpenSecurity '/vms' handler + + - GET: list all (also non Security) VMs. + """ def GET(self): return gvm_mgr.listVM() class os_root: - """OpenSecurity '/' handler""" + """OpenSecurity '/' handler + + - GET: give information about current installation. + """ def GET(self): res = "'os_server': { " diff -r 0d5637405430 -r d95fe93d7a83 OpenSecurity/bin/vmmanager.py --- a/OpenSecurity/bin/vmmanager.py Tue Dec 10 12:16:11 2013 +0100 +++ b/OpenSecurity/bin/vmmanager.py Tue Dec 10 14:04:11 2013 +0100 @@ -43,7 +43,7 @@ vboxManage = 'VBoxManage' def __init__(self): - self.cygwin_path = os.path.join(Cygwin.root(), 'bin') + self.cygwin_path = os.path.join(Cygwin.root(), 'bin') + os.path.sep self.vboxManage = os.path.join(self.getVBoxManagePath(), 'VBoxManage') self.systemProperties = self.getSystemProperties() return @@ -292,6 +292,7 @@ self.createVM(new_sdvm) self.genCertificateISO(new_sdvm) self.attachCertificateISO(new_sdvm) + return new_sdvm # executes command over ssh on guest vm def sshGuestExecute(self, vm_name, prog, user_name='opensec'): diff -r 0d5637405430 -r d95fe93d7a83 OpenSecurity/test/create-security-vm.bat --- a/OpenSecurity/test/create-security-vm.bat Tue Dec 10 12:16:11 2013 +0100 +++ b/OpenSecurity/test/create-security-vm.bat Tue Dec 10 14:04:11 2013 +0100 @@ -1,2 +1,2 @@ @echo off -..\cygwin\bin\curl -X PUT http://127.0.0.1:8080/sdvms \ No newline at end of file +..\cygwin\bin\curl -X POST http://127.0.0.1:8080/sdvms \ No newline at end of file diff -r 0d5637405430 -r d95fe93d7a83 OpenSecurity/test/start-vm.bat --- a/OpenSecurity/test/start-vm.bat Tue Dec 10 12:16:11 2013 +0100 +++ b/OpenSecurity/test/start-vm.bat Tue Dec 10 14:04:11 2013 +0100 @@ -1,2 +1,2 @@ @echo off -..\cygwin\bin\curl --get http://127.0.0.1:8090/sdvms/SecurityDVM0/start +..\cygwin\bin\curl --get http://127.0.0.1:8080/sdvms/SecurityDVM0/start diff -r 0d5637405430 -r d95fe93d7a83 OpenSecurity/test/stop-vm.bat --- a/OpenSecurity/test/stop-vm.bat Tue Dec 10 12:16:11 2013 +0100 +++ b/OpenSecurity/test/stop-vm.bat Tue Dec 10 14:04:11 2013 +0100 @@ -1,3 +1,2 @@ @echo off -..\cygwin\bin\curl --get http://127.0.0.1:8090/sdvms/SecurityDVM0/stop - +..\cygwin\bin\curl --get http://127.0.0.1:8080/sdvms/SecurityDVM0/stop