def set_dhcp(self):
self.template_args['fname'] = 'dhcpcd-template.conf'
trex_dhcpcd = TemplateRex(**self.template_args)
dhcpcd_file_content = trex_dhcpcd.render()
self.write_sysfile('/etc/dhcpcd.conf', dhcpcd_file_content)
def set_hostname(self, hostname, ip):
self.write_sysfile('/etc/hostname', hostname)
# Write to host file
self.template_args['fname'] = 'hosts-template'
trex_hosts = TemplateRex(**self.template_args)
trex_hosts.render_sec('hostname', {'ip': ip, 'hostname': hostname})
host_content = trex_hosts.render()
self.write_sysfile('/etc/hosts', host_content)
def set_static(self, params):
self.template_args['fname'] = 'dhcpcd-template.conf'
trex_dhcpcd = TemplateRex(**self.template_args)
if params['ip_method'] == 'static':
trex_dhcpcd.render_sec('static_conf', params)
dhcpcd_file_content = trex_dhcpcd.render(params)
return (self.write_sysfile('/etc/dhcpcd.conf', dhcpcd_file_content))
def netconf_rtn(self, **params):
username = self.auth.authorize()
# A complete specification of the url for redirects is required
url_redirect = self.url_gen('/webpanel')
# Object to handle the actual system config.
# Assumes dhcpcd5 is controlling the network configuration
# This takes the extra step to handle multiple interfaces. Adds
# complexity but there cases when there are multiple interfaces.
modconf = modconfig.DHCP()
if not 'ip_method' in params:
raise cherrypy.HTTPRedirect(url_redirect)
if params['ip_method'] == 'static':
# --------- Validate input ---------
err_hsh = self.netconf_validate(params)
if err_hsh:
trex_err = TemplateRex(fname='t_netconf_err.html')
for key in err_hsh:
trex_err.render_sec("err_blk", {
'key': key,
'val': params[key],
'msg': err_hsh[key]
})
trex_err.render_sec('content')
return (trex_err.render())
# -------------
modconf.set_static(params)
modconf.set_hostname(params['hostname'], params['ip_address'])
modconf.set_ntp_server(params['ntp_server'])
modconf.set_dns(
dns_servers=[params['dns_server_0'], params['dns_server_1']])
else:
modconf.set_dhcp()
###rtn = subprocess.check_output(['systemctl','restart','dhcpcd.service'],stderr=subprocess.STDOUT)
rtn = os.system("(sleep 2; reboot)&")
raise cherrypy.HTTPRedirect(url_redirect)
def set_dns(self, dns_servers=['8.8.8.8']):
self.template_args['fname'] = 't-resolv.conf'
trex_dns = TemplateRex(**self.template_args)
for dns_server in dns_servers:
if dns_server: # skip blank
trex_dns.render_sec('dns_blk', {'dns_server': dns_server})
dns_content = trex_dns.render()
self.write_sysfile('/etc/resolv.conf', dns_content)
def set_ntp_server(self, ntp_server=""):
self.template_args['fname'] = 't-ntp.conf.dhcp'
trex_ntp = TemplateRex(**self.template_args)
if ntp_server:
trex_ntp.render_sec('server_blk', {'ntp_server': ntp_server})
ntp_content = trex_ntp.render()
self.write_sysfile('/etc/ntp.conf', ntp_content)
os.system('systemctl restart ntp')
def cred_crud_rtn(self, **parms):
trex = TemplateRex(fname='t_loginform_crud.html')
# ---- Validate Input ----------------
parms['msg'] = self.check_credentials(parms['username'],
parms['password'])
if parms['msg'] != True:
return (trex.render(parms))
if not (parms['username_new'] or parms['username_verify']
or parms['password_new'] or parms['password_verify']):
parms['msg'] = "Blank Username or Password"
return (trex.render(parms))
if (parms['username_new'] != parms['username_verify']) or (
parms['password_new'] != parms['password_verify']):
parms[
'msg'] = "New Username or Password do not mach Verify Username or Password"
return (trex.render(parms))
# Looks good go create new file. Note only allowng one user at this point in time.
# Multiple user only makes sense when there are roles
self.rw()
ht = HtpasswdFile(self.htpasswd, new=True)
ht.set_password(parms['username_new'], parms['password_new'])
rtn = ht.save()
self.ro()
if not 'from_page' in parms: parms['from_page'] = '/'
get_parms = {
'from_page': parms['from_page'],
'username': parms['username_new'],
'password': parms['password_new']
}
query_str = urllib.parse.urlencode(get_parms)
raise cherrypy.InternalRedirect(self.url_login, query_str)
def login(self, username="", password="", from_page="/"):
username = escape(username)
password = escape(password)
from_page = escape(from_page)
if username and password:
msg = self.check_credentials(username, password)
if msg == True:
cherrypy.session[
self.SESSION_KEY] = cherrypy.request.login = username
# Need to do a redirect to set session
url_redirect = self.url_gen(from_page)
raise cherrypy.HTTPRedirect(url_redirect)
url_login = self.url_login
trex = TemplateRex(fname='t_loginform.html')
return (trex.render(locals()))
def login(self, username="", password="", from_page="/"):
username = escape(username)
password = escape(password)
from_page = escape(from_page)
if username and password:
msg = self.check_credentials(username, password)
if msg == True:
cherrypy.session[
self.SESSION_KEY] = cherrypy.request.login = username
# Need to do a redirect to set session
# Had to add the host as just using /url/path would somehow add a "/" so we got "//"
url_redirect = "https://{}{}".format(
cherrypy.request.headers.get('Host'), from_page)
raise cherrypy.HTTPRedirect(url_redirect)
url_login = self.url_login
trex = TemplateRex(fname='t_loginform.html')
return (trex.render(locals()))
def cred_crud(self, from_page='/'):
trex = TemplateRex(fname='t_loginform_crud.html')
return (trex.render(locals()))
hsh['dir_root'] = '.'
hsh['countryName'] = "US"
hsh['organizationName'] = "IoT Embedded"
hsh['commonName'] = "webpanel"
hsh['ip_lst'] = [ip_addr, ip_addr_iface, "127.0.0.1"]
hsh['dns_lst'] = [hostname, fqdn]
for inx, ip in enumerate(hsh['ip_lst']):
if ip:
trex.render_sec('alt_name_ip', {'inx': inx, 'ip': ip})
for inx, dns in enumerate(hsh['dns_lst']):
trex.render_sec('alt_name_dns', {'inx': inx, 'dns': dns})
out = trex.render(hsh)
fid = open('openssl_cert.ini', 'w+')
fid.write(out)
fid.close()
# Generating key first and then csr did not work
# Do in one pass...
#cmd = "openssl genrsa -out ./webpanel.key 2048"
#rtn = os.system(cmd)
#if rtn:
# raise
#print("keygen rtn = ",rtn)
# House cleaning... get a db error if newcerts doesn't exist/not empty
# we don't care about crl
def gen_server_cert(self,subj_hsh,ip_lst=[],dns_lst=[]):
# subj_hsh should contain: 'countryName','organizationName','commonName'
fspec_template = os.path.join(self.dir_root,'openssl-template.ini')
trex = TemplateRex(fname=fspec_template,template_dirs=['.'],cmnt_prefix='##-',cmnt_postfix='-##',dev_mode=True)
for inx,ip in enumerate(ip_lst):
if not ip: continue
trex.render_sec('alt_name_ip',{'inx':inx,'ip':ip})
for inx,dns in enumerate(dns_lst):
if not dns: continue
trex.render_sec('alt_name_dns',{'inx':inx,'dns':dns})
subj_hsh['dir_root'] = self.dir_root
ini_out = trex.render(subj_hsh)
fspec_ini = os.path.join(self.dir_root,'openssl_cert.ini')
self.write_sysfile(fspec_ini,ini_out)
# House cleaning... gets a db error if doen't do this
# we don't care about crl - remove the contents of newcerts
fspec_newcert = os.path.join(self.dir_root,'newcerts/*')
self.rm_dir(fspec_newcert)
# An index file needs to be present
fspec_index = os.path.join(self.dir_root,'index.txt')
self.write_sysfile(fspec_index,'')
fspec_serial = os.path.join(self.dir_root,'serial')
self.write_sysfile(fspec_serial, str( int(time.time() )) )
# Generate private key and csr
fspec_key = os.path.join(self.dir_root,'webpanel.key')
fspec_csr = os.path.join(self.dir_root,'webpanel.csr')
##cmd = "openssl req -verbose -config openssl_cert.ini -newkey rsa:2048 -nodes -keyout webpanel.key -out webpanel.csr -batch"
# Wrap the following system call in file system rw/ro
self.rw()
cmd = "openssl req -verbose -config {} -newkey rsa:2048 -nodes -keyout {} -out {} -batch".format(fspec_ini,fspec_key,fspec_csr)
rtn = subprocess.Popen(cmd.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE)
out,err = rtn.communicate()
#print(">>>>>",out)
#print(">>>>>",err)
#rtn = os.system(cmd)
#if rtn:
# raise SystemError('openssl cmd error')
chmod_cmd = "chmod 600 {}".format(fspec_key)
rtn = os.system(chmod_cmd)
# Finally sign CSR and generate server cert
fspec_crt = os.path.join(self.dir_root,'webpanel.crt')
options = "ca -config {} -batch -in {} -out {}".format(fspec_ini,fspec_csr,fspec_crt)
cmd_lst = ['openssl',"ca","-config",fspec_ini,"-batch","-in",fspec_csr,"-out",fspec_crt]
try:
rtn = subprocess.check_output(cmd_lst, stderr=subprocess.STDOUT)
except subprocess.CalledProcessError as e:
self.error_msg = e.output.decode(sys.getfilesystemencoding())
self.ro()
return(False)
self.ro()
return(True)