# HG changeset patch # User mb # Date 1389260682 -3600 # Node ID f659d8fb57a8276481d03bf128c2d7c9b4507902 # Parent 7c2e34bcdf3d46385306c359452390dd6b072a76 latest changes from december 2013 diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/bin/environment.py --- a/OpenSecurity/bin/environment.py Wed Dec 11 14:49:34 2013 +0100 +++ b/OpenSecurity/bin/environment.py Thu Jan 09 10:44:42 2014 +0100 @@ -92,12 +92,12 @@ # test method def test(): - """Test: class Environment""" - e = Environment('My Application') - print('prefix_path: "{0}"'.format(e.prefix_path)) - print(' data_path: "{0}"'.format(e.data_path)) - - + """Test: class Environment""" + e = Environment('My Application') + print('prefix_path: "{0}"'.format(e.prefix_path)) + print(' data_path: "{0}"'.format(e.data_path)) + + # test the module if __name__ == '__main__': - test() + test() diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/bin/opensecurity_client_restful_server.py --- a/OpenSecurity/bin/opensecurity_client_restful_server.py Wed Dec 11 14:49:34 2013 +0100 +++ b/OpenSecurity/bin/opensecurity_client_restful_server.py Thu Jan 09 10:44:42 2014 +0100 @@ -43,7 +43,6 @@ # local from environment import Environment from notification import Notification -import opensecurity_server # ------------------------------------------------------------ diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/bin/opensecurityd.py --- a/OpenSecurity/bin/opensecurityd.py Wed Dec 11 14:49:34 2013 +0100 +++ b/OpenSecurity/bin/opensecurityd.py Thu Jan 09 10:44:42 2014 +0100 @@ -81,10 +81,11 @@ """OpenSecurity '/device_change' handler""" def GET(self): - new_ip = gvm_mgr.handleDeviceChange() - if new_ip != None: - gvm_mgr.mapNetworkDrive('h:', '\\\\' + new_ip + '\\USB', None, None) - return "os_device_change" + try: + new_ip = gvm_mgr.handleDeviceChange() + return new_ip + except: + raise web.internalerror() class os_browsing: @@ -96,7 +97,6 @@ def GET(self): try: browsingVM = gvm_mgr.handleBrowsingRequest() - gvm_mgr.startVM(browsingVM) return browsingVM except: raise web.internalerror() diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/bin/vmmanager.py --- a/OpenSecurity/bin/vmmanager.py Wed Dec 11 14:49:34 2013 +0100 +++ b/OpenSecurity/bin/vmmanager.py Thu Jan 09 10:44:42 2014 +0100 @@ -17,6 +17,11 @@ DEBUG = True +class VMManagerException(Exception): + def __init__(self, value): + self.value = value + def __str__(self): + return repr(self.value) class USBFilter: vendorid = "" @@ -76,12 +81,14 @@ def isSDVMStarted(self, ip): return self.startNotifications.contains(ip) - def execute(self, cmd): + def execute(self, cmd, wait_return=True ): if DEBUG: print('trying to launch: ' + cmd) process = Popen(cmd, stdout=PIPE, stderr=PIPE) #shell = True if DEBUG: print('launched: ' + cmd) + if not wait_return: + return [0, 'working in background', ''] result = process.wait() res_stdout = process.stdout.read(); res_stderr = process.stderr.read(); @@ -90,6 +97,8 @@ print res_stdout if res_stderr != "": print res_stderr + if result !=0: + raise VMManagerException(res_stderr) return result, res_stdout, res_stderr def getVBoxManagePath(self): @@ -207,8 +216,7 @@ self.execute(cmd) cmd = 'VBoxManage storagectl ' + vm_name + ' --name contr1 --add sata --portcount 2' self.execute(cmd) - cmd = 'VBoxManage storageattach ' + vm_name + ' --storagectl contr1 --port 0 --device 0 --type hdd --medium \"'+ machineFolder + '\SecurityDVM\SecurityDVM.vmdk\"' - #--mtype immutable + cmd = 'VBoxManage storageattach ' + vm_name + ' --storagectl contr1 --port 0 --device 0 --type hdd --medium \"'+ machineFolder + '\SecurityDVM\SecurityDVM.vmdk\"' #--mtype immutable self.execute(cmd) return @@ -225,13 +233,18 @@ def startVM(self, vm_name): print('starting ' + vm_name) cmd = 'VBoxManage startvm ' + vm_name + ' --type headless' - print self.execute(cmd) #verify against (0, 'Waiting for VM "SecurityDVM0" to power on...\r\nVM "SecurityDVM0" has been successfully started.\r\n', '') + result = self.execute(cmd) + while not string.find(str(result), 'successfully started',): + print "Failed to start SDVM: ", vm_name, " retrying" + time.sleep(1) + result = self.execute(cmd) + return result[0] # stop VM def stopVM(self, vm_name): print('stopping ' + vm_name) cmd = 'VBoxManage controlvm ' + vm_name + ' poweroff' - print self.execute(cmd) + self.execute(cmd) # return the hostOnly IP for a running guest def getHostOnlyIP(self, vm_name): @@ -273,23 +286,23 @@ machineFolder = self.getDefaultMachineFolder() # create .ssh folder in vm_name cmd = self.cygwin_path+'bash.exe --login -c \"mkdir -p \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\\"\"' - result = self.execute(cmd) + self.execute(cmd) # generate dvm_key pair in vm_name / .ssh cmd = self.cygwin_path+'bash.exe --login -c \"ssh-keygen -q -t rsa -N \\"\\" -C \\\"' + vm_name + '\\\" -f \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\dvm_key\\\"\"' #'echo -e "y\\n" |', - result = self.execute(cmd) + self.execute(cmd) # set permissions for keys #TODO: test without chmod cmd = self.cygwin_path+'bash.exe --login -c \"chmod 500 \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\*\\\"\"' - result = self.execute(cmd) + self.execute(cmd) # move out private key cmd = self.cygwin_path+'bash.exe --login -c \"mv \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\dvm_key\\\" \\\"' + machineFolder + '\\' + vm_name + '\\\"' - result = self.execute(cmd) + self.execute(cmd) # rename public key to authorized_keys cmd = self.cygwin_path+'bash.exe --login -c \"mv \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\dvm_key.pub\\\" \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\authorized_keys\\\"' - result = self.execute(cmd) + self.execute(cmd) # generate iso image with .ssh/authorized keys cmd = self.cygwin_path+'bash.exe --login -c \"/usr/bin/genisoimage -J -R -o \\\"' + machineFolder + '\\' + vm_name + '\\'+ vm_name + '.iso\\\" \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\\"\"' - result = self.execute(cmd) + self.execute(cmd) # attaches generated ssh public cert to guest vm def attachCertificateISO(self, vm_name): @@ -319,29 +332,45 @@ new_sdvm = self.generateSDVMName() self.createVM(new_sdvm) self.attachRSD(new_sdvm, connected_device) - #sleep like method - self.listSDVM() + + self.startVM(new_sdvm) - + # wait for machine to come up while new_ip == None: time.sleep(1) new_ip = self.getHostOnlyIP(new_sdvm) while new_ip not in self.startNotifications: time.sleep(1) + if new_ip != None: + self.mapNetworkDrive('h:', '\\\\' + new_ip + '\\USB', None, None) #TODO: cleanup notifications somwhere else (eg. machine shutdown) self.startNotifications.remove(new_ip) VMManager.handleDeviceChangeLock.release() return new_ip def handleBrowsingRequest(self): - new_sdvm = self.generateSDVMName() - self.createVM(new_sdvm) - self.genCertificateISO(new_sdvm) - self.attachCertificateISO(new_sdvm) + if VMManager.handleDeviceChangeLock.acquire(True): + new_ip = None + new_sdvm = self.generateSDVMName() + self.createVM(new_sdvm) + self.genCertificateISO(new_sdvm) + self.attachCertificateISO(new_sdvm) + self.startVM(new_sdvm) + # wait for machine to come up + while new_ip == None: + time.sleep(1) + new_ip = self.getHostOnlyIP(new_sdvm) + while new_ip not in self.startNotifications: + time.sleep(1) + if new_ip != None: + self.mapNetworkDrive('g:', '\\\\' + new_ip + '\\Download', None, None) + #TODO: cleanup notifications somwhere else (eg. machine shutdown) + self.startNotifications.remove(new_ip) + VMManager.handleDeviceChangeLock.release() return new_sdvm # executes command over ssh on guest vm - def sshGuestExecute(self, vm_name, prog, user_name='opensec'): + def sshGuestExecute(self, vm_name, prog, user_name='osecuser'): # get vm ip address = self.getHostOnlyIP(vm_name) machineFolder = self.getDefaultMachineFolder() @@ -350,14 +379,22 @@ return self.execute(cmd) # executes command over ssh on guest vm with X forwarding - def sshGuestX11Execute(self, vm_name, prog, user_name='opensec'): + def sshGuestX11Execute(self, vm_name, prog, user_name='osecuser'): #TODO: verify if X server is running on user account #TODO: set DISPLAY accordingly address = self.getHostOnlyIP(vm_name) machineFolder = self.getDefaultMachineFolder() # run command - cmd = self.cygwin_path+'bash.exe --login -c \"DISPLAY=:0 ssh -Y -i \\\"' + machineFolder + '\\' + vm_name + '\\dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"' - return self.execute(cmd) + #--login + #cmd = self.cygwin_path+'bash.exe --login -c \"DISPLAY=:0 ssh -v -Y -i \\\"' + machineFolder + '\\' + vm_name + '\\dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"' + cmd = self.cygwin_path+'mintty.exe -e /bin/env DISPLAY=:0 /usr/bin/ssh -v -Y -i \"' + machineFolder + '\\' + vm_name + '\\dvm_key\" ' + user_name + '@' + address + ' ' + prog + '' + #cmd = self.cygwin_path+'mintty.exe -e /bin/bash --login -c \"DISPLAY=:0 /usr/bin/ssh -v -Y -i \\\"' + machineFolder + '\\' + vm_name + '\\dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"' + if DEBUG: + print('trying to launch: ' + cmd) + process = Popen(cmd) + if DEBUG: + print('launched: ' + cmd) + return #Small function to check the availability of network resource. def isAvailable(self, path): @@ -411,13 +448,11 @@ return 1 if __name__ == '__main__': - man = VMManager.getInstance() #man.removeVM('SecurityDVM0') #man.netUse('192.168.56.134', 'USB\\') - ip = '192.168.56.139' - man.mapNetworkDrive('h:', '\\\\' + ip + '\USB', None, None) - + #ip = '192.168.56.139' + #man.mapNetworkDrive('h:', '\\\\' + ip + '\USB', None, None) #man.cygwin_path = 'c:\\cygwin64\\bin\\' #man.handleDeviceChange() #print man.listSDVM() @@ -429,7 +464,8 @@ #man.attachCertificateISO(vm_name) #man.sshGuestExecute(vm_name, "ls") - #man.sshGuestX11Execute(vm_name, "iceweasel") + man.sshGuestX11Execute('SecurityDVM1', '/usr/bin/iceweasel') + time.sleep(60) #cmd = "c:\\cygwin64\\bin\\bash.exe --login -c \"/bin/ls\"" #man.execute(cmd) \ No newline at end of file diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/install/web.py-0.37/web/__init__.pyc Binary file OpenSecurity/install/web.py-0.37/web/__init__.pyc has changed diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/install/web.py-0.37/web/application.pyc Binary file OpenSecurity/install/web.py-0.37/web/application.pyc has changed diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/install/web.py-0.37/web/browser.pyc Binary file OpenSecurity/install/web.py-0.37/web/browser.pyc has changed diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/install/web.py-0.37/web/db.pyc Binary file OpenSecurity/install/web.py-0.37/web/db.pyc has changed diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/install/web.py-0.37/web/debugerror.pyc Binary file OpenSecurity/install/web.py-0.37/web/debugerror.pyc has changed diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/install/web.py-0.37/web/form.pyc Binary file OpenSecurity/install/web.py-0.37/web/form.pyc has changed diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/install/web.py-0.37/web/http.pyc Binary file OpenSecurity/install/web.py-0.37/web/http.pyc has changed diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/install/web.py-0.37/web/httpserver.pyc Binary file OpenSecurity/install/web.py-0.37/web/httpserver.pyc has changed diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/install/web.py-0.37/web/net.pyc Binary file OpenSecurity/install/web.py-0.37/web/net.pyc has changed diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/install/web.py-0.37/web/session.pyc Binary file OpenSecurity/install/web.py-0.37/web/session.pyc has changed diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/install/web.py-0.37/web/template.pyc Binary file OpenSecurity/install/web.py-0.37/web/template.pyc has changed diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/install/web.py-0.37/web/utils.pyc Binary file OpenSecurity/install/web.py-0.37/web/utils.pyc has changed diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/install/web.py-0.37/web/webapi.pyc Binary file OpenSecurity/install/web.py-0.37/web/webapi.pyc has changed diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/install/web.py-0.37/web/webopenid.pyc Binary file OpenSecurity/install/web.py-0.37/web/webopenid.pyc has changed diff -r 7c2e34bcdf3d -r f659d8fb57a8 OpenSecurity/install/web.py-0.37/web/wsgi.pyc Binary file OpenSecurity/install/web.py-0.37/web/wsgi.pyc has changed