1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/OpenSecurity/bin/create-cert-and-iso.sh Wed Jan 29 09:23:52 2014 +0000
1.3 @@ -0,0 +1,14 @@
1.4 +#!/bin/sh
1.5 +
1.6 +# create a ssh-key pair in the current folder
1.7 +# and create a ISO image with it
1.8 +
1.9 +VM_NAME=$(basename "$(pwd)")
1.10 +echo ${VM_NAME}
1.11 +
1.12 +mkdir .ssh &> /dev/null
1.13 +ssh-keygen -q -t rsa -N "" -C "${VM_NAME}" -f dvm_key &> /dev/null
1.14 +chmod 500 dvm_key
1.15 +mv dvm_key.pub .ssh/authorized_keys
1.16 +genisoimage -J -R -o "${VM_NAME}.iso" .ssh
1.17 +
2.1 --- a/OpenSecurity/bin/cygwin.py Mon Jan 27 15:12:33 2014 +0000
2.2 +++ b/OpenSecurity/bin/cygwin.py Wed Jan 29 09:23:52 2014 +0000
2.3 @@ -67,7 +67,7 @@
2.4 return path_valid[0]
2.5
2.6
2.7 - def execute(self, command, stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE, dos_window = False):
2.8 + def execute(self, command, stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE, window = False):
2.9 """execute a cygwin shell command
2.10
2.11 command is list of arguments like ['/bin/ls', '-al', '-h']
2.12 @@ -76,10 +76,13 @@
2.13 command_path = os.sep.join([Cygwin.root()] + command[0].split('/')[1:])
2.14 command = [command_path] + command[1:]
2.15
2.16 - # with or without DOS window
2.17 - if not dos_window:
2.18 - run_command = os.sep.join([Cygwin.root()] + ['bin', 'run'])
2.19 - command = [run_command] + command
2.20 + if not window:
2.21 + # hide any window
2.22 + shadowrun_path = os.path.join(Cygwin.root(), 'bin', 'shadowrun.exe')
2.23 + if os.access(shadowrun_path, os.X_OK):
2.24 + command = [shadowrun_path] + command
2.25 + else:
2.26 + print("EPIC FAIL!")
2.27
2.28 try:
2.29 print('cygwin: ' + ' '.join(command))
3.1 --- a/OpenSecurity/bin/vmmanager.py Mon Jan 27 15:12:33 2014 +0000
3.2 +++ b/OpenSecurity/bin/vmmanager.py Wed Jan 29 09:23:52 2014 +0000
3.3 @@ -11,12 +11,14 @@
3.4 import re
3.5 import _winreg
3.6 from cygwin import Cygwin
3.7 +from environment import Environment
3.8 import threading
3.9 import time
3.10 import string
3.11
3.12 -#import shutil
3.13 -#import stat
3.14 +import shutil
3.15 +import stat
3.16 +import tempfile
3.17
3.18
3.19 DEBUG = True
3.20 @@ -286,77 +288,50 @@
3.21
3.22 #generates ISO containing authorized_keys for use with guest VM
3.23 def genCertificateISO(self, vm_name):
3.24 +
3.25 + # create a SSH key pair in a machine subfolder
3.26 + #
3.27 + # to avoid any DOS window popping up we use
3.28 + # the cygwin's class which relies on the
3.29 + # shadowrun.exe.
3.30 + #
3.31 + # shadowrun.exe is derived from a run.exe of
3.32 + # the cygwin utilities but with a fix to
3.33 + # avoid Console Windows to pop up.
3.34 + #
3.35 + # However, run.exe suffers from bad
3.36 + # argument handling, when there are spaces
3.37 + # within and so does shadowrun.exe
3.38 + #
3.39 + # In order to avoid any complex mechanics
3.40 + # we start a bash script, which creates the
3.41 + # SSH certificate in the local folder.
3.42 + #
3.43 + # Even more: to get rid of any potential
3.44 + # space ' ' hazard in path names, we copy
3.45 + # the script to the creation side as well.
3.46 + #
3.47 + # ... and yes: shadowrun.exe terminates
3.48 + # with a ACCESS_VIOLATION and creates another
3.49 + # stack-trace-dump file in the folder.
3.50 + #
3.51 + # But so does the original cygwin's run.exe
3.52 + # too.
3.53 + # -.-
3.54 + #
3.55 + # (On the good side: the access violation happens
3.56 + # *after* the wrapped process has been launched)
3.57 + #
3.58 machineFolder = self.getDefaultMachineFolder()
3.59 + vm_folder = os.path.join(machineFolder, vm_name)
3.60 + old_dir = os.getcwd()
3.61 + os.chdir(vm_folder)
3.62 + print(os.path.join(sys.path[0], 'create-cert-and-iso.sh'))
3.63 + shutil.copy(os.path.join(sys.path[0], 'create-cert-and-iso.sh'), vm_folder)
3.64 + p = Cygwin()(['/bin/bash', '-c', './create-cert-and-iso.sh'])
3.65 + p.communicate()
3.66 + os.chdir(old_dir)
3.67
3.68 - ## create a SSH key pair in a machine subfolder
3.69 - #vm_folder = os.path.join(machineFolder, vm_name)
3.70 - #ssh_folder = os.path.join(vm_folder, '.ssh')
3.71 - #try:
3.72 - # os.mkdir(ssh_folder)
3.73 - #except:
3.74 - # pass
3.75 - #ssh_keyfile = os.path.join(ssh_folder, 'dvm_key')
3.76 - #
3.77 - # delete old key file (if existing)
3.78 - #try:
3.79 - # os.remove(ssh_keyfile)
3.80 - #except:
3.81 - # pass
3.82 - #
3.83 - ## create new key file
3.84 - #try:
3.85 - # p = Cygwin()(['/bin/ssh-keygen', '-q', '-t', 'rsa', '-N', '', '-C', vm_name, '-f', ssh_keyfile])
3.86 - # p.wait()
3.87 - #except:
3.88 - # sys.stderr.write('failed to create a new SSH key pair as: ' + ssh_keyfile + '\n')
3.89 - # return
3.90 - #try:
3.91 - # os.chmod(ssh_keyfile, stat.S_IREAD)
3.92 - #except:
3.93 - # pass
3.94 - #
3.95 - ## move out private key
3.96 - #try:
3.97 - # os.rename(ssh_keyfile, os.path.join(vm_folder, 'dvm_key'))
3.98 - #except :
3.99 - # sys.stderr.write('failed to move private SSH key\n')
3.100 - # return
3.101 - #
3.102 - ## rename public key to 'authorized_keys'
3.103 - #try:
3.104 - # os.rename(ssh_keyfile + '.pub', os.path.join(ssh_folder, 'authorized_keys'))
3.105 - #except:
3.106 - # sys.stderr.write('failed to rename public key to "authorized_keys"\n')
3.107 - # return
3.108 - #
3.109 - ## generate ISO image
3.110 - #iso_file = os.path.join(vm_folder, vm_name + '.iso')
3.111 - #try:
3.112 - # p = Cygwin()(['/bin/genisoimage', '-J', '-R', '-o', iso_file, ssh_folder])
3.113 - # p.wait()
3.114 - #except:
3.115 - # sys.stderr.write('failed to create ISO image.\n')
3.116 - # return
3.117 -
3.118 - # create .ssh folder in vm_name
3.119 - cmd = self.cygwin_path+'bash.exe --login -c \"mkdir -p \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\\"\"'
3.120 - self.execute(cmd)
3.121 - # generate dvm_key pair in vm_name / .ssh
3.122 - cmd = self.cygwin_path+'bash.exe --login -c \"ssh-keygen -q -t rsa -N \\"\\" -C \\\"' + vm_name + '\\\" -f \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\dvm_key\\\"\"' #'echo -e "y\\n" |',
3.123 - self.execute(cmd)
3.124 - # set permissions for keys
3.125 - #TODO: test without chmod
3.126 - cmd = self.cygwin_path+'bash.exe --login -c \"chmod 500 \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\*\\\"\"'
3.127 - self.execute(cmd)
3.128 - # move out private key
3.129 - cmd = self.cygwin_path+'bash.exe --login -c \"mv \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\dvm_key\\\" \\\"' + machineFolder + '\\' + vm_name + '\\\"'
3.130 - self.execute(cmd)
3.131 - # rename public key to authorized_keys
3.132 - cmd = self.cygwin_path+'bash.exe --login -c \"mv \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\dvm_key.pub\\\" \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\authorized_keys\\\"'
3.133 - self.execute(cmd)
3.134 - # generate iso image with .ssh/authorized keys
3.135 - cmd = self.cygwin_path+'bash.exe --login -c \"/usr/bin/genisoimage -J -R -o \\\"' + machineFolder + '\\' + vm_name + '\\'+ vm_name + '.iso\\\" \\\"' + machineFolder + '\\' + vm_name + '\\.ssh\\\"\"'
3.136 - self.execute(cmd)
3.137
3.138 # attaches generated ssh public cert to guest vm
3.139 def attachCertificateISO(self, vm_name):
3.140 @@ -429,7 +404,7 @@
3.141 address = self.getHostOnlyIP(vm_name)
3.142 machineFolder = self.getDefaultMachineFolder()
3.143 # run command
3.144 - cmd = self.cygwin_path+'bash.exe --login -c \"ssh -i \\\"' + machineFolder + '\\' + vm_name + '\\dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"'
3.145 + cmd = self.cygwin_path+'bash.exe --login -c \"ssh -o StrictHostKeyChecking=no -i \\\"' + machineFolder + '\\' + vm_name + '\\dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"'
3.146 return self.execute(cmd)
3.147
3.148 # executes command over ssh on guest vm with X forwarding
3.149 @@ -441,7 +416,7 @@
3.150 # run command
3.151 #--login
3.152 #cmd = self.cygwin_path+'bash.exe --login -c \"DISPLAY=:0 ssh -v -Y -i \\\"' + machineFolder + '\\' + vm_name + '\\dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"'
3.153 - cmd = self.cygwin_path+'mintty.exe -e /bin/env DISPLAY=:0 /usr/bin/ssh -v -Y -i \"' + machineFolder + '\\' + vm_name + '\\dvm_key\" ' + user_name + '@' + address + ' ' + prog + ''
3.154 + cmd = self.cygwin_path+'mintty.exe -e /bin/env DISPLAY=:0 /usr/bin/ssh -o StrictHostKeyChecking=no -v -Y -i \"' + machineFolder + '\\' + vm_name + '\\dvm_key\" ' + user_name + '@' + address + ' ' + prog + ''
3.155 #cmd = self.cygwin_path+'mintty.exe -e /bin/bash --login -c \"DISPLAY=:0 /usr/bin/ssh -v -Y -i \\\"' + machineFolder + '\\' + vm_name + '\\dvm_key\\\" ' + user_name + '@' + address + ' ' + prog + '\"'
3.156 if DEBUG:
3.157 print('trying to launch: ' + cmd)
4.1 Binary file OpenSecurity/install/shadowrun.exe has changed