def set_hostname(self, hostname, ip): self.write_sysfile('/etc/hostname', hostname) # Write to host file self.template_args['fname'] = 'hosts-template' trex_hosts = TemplateRex(**self.template_args) trex_hosts.render_sec('hostname', {'ip': ip, 'hostname': hostname}) host_content = trex_hosts.render() self.write_sysfile('/etc/hosts', host_content)
def set_static(self, params): self.template_args['fname'] = 'dhcpcd-template.conf' trex_dhcpcd = TemplateRex(**self.template_args) if params['ip_method'] == 'static': trex_dhcpcd.render_sec('static_conf', params) dhcpcd_file_content = trex_dhcpcd.render(params) return (self.write_sysfile('/etc/dhcpcd.conf', dhcpcd_file_content))
def netconf_rtn(self, **params): username = self.auth.authorize() # A complete specification of the url for redirects is required url_redirect = self.url_gen('/webpanel') # Object to handle the actual system config. # Assumes dhcpcd5 is controlling the network configuration # This takes the extra step to handle multiple interfaces. Adds # complexity but there cases when there are multiple interfaces. modconf = modconfig.DHCP() if not 'ip_method' in params: raise cherrypy.HTTPRedirect(url_redirect) if params['ip_method'] == 'static': # --------- Validate input --------- err_hsh = self.netconf_validate(params) if err_hsh: trex_err = TemplateRex(fname='t_netconf_err.html') for key in err_hsh: trex_err.render_sec("err_blk", { 'key': key, 'val': params[key], 'msg': err_hsh[key] }) trex_err.render_sec('content') return (trex_err.render()) # ------------- modconf.set_static(params) modconf.set_hostname(params['hostname'], params['ip_address']) modconf.set_ntp_server(params['ntp_server']) modconf.set_dns( dns_servers=[params['dns_server_0'], params['dns_server_1']]) else: modconf.set_dhcp() ###rtn = subprocess.check_output(['systemctl','restart','dhcpcd.service'],stderr=subprocess.STDOUT) rtn = os.system("(sleep 2; reboot)&") raise cherrypy.HTTPRedirect(url_redirect)
def set_dns(self, dns_servers=['8.8.8.8']): self.template_args['fname'] = 't-resolv.conf' trex_dns = TemplateRex(**self.template_args) for dns_server in dns_servers: if dns_server: # skip blank trex_dns.render_sec('dns_blk', {'dns_server': dns_server}) dns_content = trex_dns.render() self.write_sysfile('/etc/resolv.conf', dns_content)
def set_ntp_server(self, ntp_server=""): self.template_args['fname'] = 't-ntp.conf.dhcp' trex_ntp = TemplateRex(**self.template_args) if ntp_server: trex_ntp.render_sec('server_blk', {'ntp_server': ntp_server}) ntp_content = trex_ntp.render() self.write_sysfile('/etc/ntp.conf', ntp_content) os.system('systemctl restart ntp')
def netconf(self, err_struct=""): data_hsh = {} data_hsh['username'] = self.auth.authorize() #if err_struct: # data_hsh['err_msg'] = err_struct['err_msg']; # data_hsh['err_id_lst_json'] = json.dumps(err_struct['err_ids']) nic_info = sysinfo.get_iface_info() host_info = sysinfo.get_host_info() dns_info = sysinfo.get_dns_info() for inx, srv in enumerate(dns_info['nameserver']): key = 'dns_server_{}'.format(inx) data_hsh[key] = srv ##pprint.pprint(data_hsh) data_hsh.update(nic_info) data_hsh.update(host_info) # Still holding on the possibility of more than one nic nic_name = list(nic_info.keys())[0] if sysinfo.is_dhcp(nic_name): data_hsh['dhcp_checked'] = 'checked' else: data_hsh['static_checked'] = 'checked' trex = TemplateRex(fname='t_netconf.html') # Pulling back support for multiple NIC for now. if len(nic_info) > 1: return ("Error only one NIC supported") for nic in nic_info: trex.render_sec('nic_blk', nic_info[nic]) ntp_info = sysinfo.get_ntp_info() if 'ntp_status' in ntp_info: data_hsh['ntp_status'] = ntp_info['ntp_status'] if 'ntp_server' in ntp_info: data_hsh['ntp_server'] = ntp_info['ntp_server'] return (self.render_layout(trex, data_hsh))
def index(self): data_hsh = {} root_path = os.getcwd() nic_info = sysinfo.get_iface_info() host_info = sysinfo.get_host_info() data_hsh.update(host_info) trex = TemplateRex(fname='t_index.html') for nic in nic_info: trex.render_sec('nic_blk', nic_info[nic]) return (self.render_layout(trex, data_hsh))
cmnt_prefix='##-', cmnt_postfix='-##', dev_mode=True) hsh = {} hsh['dir_root'] = '.' hsh['countryName'] = "US" hsh['organizationName'] = "IoT Embedded" hsh['commonName'] = "webpanel" hsh['ip_lst'] = [ip_addr, ip_addr_iface, "127.0.0.1"] hsh['dns_lst'] = [hostname, fqdn] for inx, ip in enumerate(hsh['ip_lst']): if ip: trex.render_sec('alt_name_ip', {'inx': inx, 'ip': ip}) for inx, dns in enumerate(hsh['dns_lst']): trex.render_sec('alt_name_dns', {'inx': inx, 'dns': dns}) out = trex.render(hsh) fid = open('openssl_cert.ini', 'w+') fid.write(out) fid.close() # Generating key first and then csr did not work # Do in one pass... #cmd = "openssl genrsa -out ./webpanel.key 2048" #rtn = os.system(cmd) #if rtn:
def sslcert_newcert(self, **params): self.auth.authorize() # dev_mode give location of templates being used in html output trex = TemplateRex(fname='t_sslcert-newcert.html', dev_mode=True) cert_hsh = self.certobj.parse_cert('webpanel.crt') nic_info = sysinfo.get_iface_info() host_info = sysinfo.get_host_info() dns_info = sysinfo.get_dns_info() trex.render_sec('subject', cert_hsh['subject']) # Use actual ip address and not what is in current cert. If nic is not eth0 trouble... try: trex.render_sec('subj_alt_name_ip', { 'inx': 0, 'val': nic_info['eth0']['ip_address'] }) except: trex.render_sec('subj_alt_name_ip', {'inx': 0, 'val': ''}) trex.render_sec('subj_alt_name_ip', {'inx': 1, 'val': '127.0.0.1'}) trex.render_sec('subj_alt_name_ip', {'inx': 2, 'val': ''}) trex.render_sec('subj_alt_name_ip', {'inx': 3, 'val': ''}) try: trex.render_sec('subj_alt_name_dns', { 'inx': 0, 'val': host_info['hostname'] }) except: trex.render_sec('subj_alt_name_dns', {'inx': 0, 'val': ''}) try: trex.render_sec( 'subj_alt_name_dns', { 'inx': 1, 'val': "{}.{}".format(host_info['hostname'], dns_info['domain']) }) except: trex.render_sec('subj_alt_name_dns', {'inx': 1, 'val': ''}) trex.render_sec('subj_alt_name_dns', {'inx': 2, 'val': ''}) trex.render_sec('subj_alt_name_dns', {'inx': 3, 'val': ''}) return (self.render_layout(trex, {}))
def sslcert(self): data_hsh = sysinfo.get_host_info() trex = TemplateRex(fname='t_sslcert.html') cert_hsh = self.certobj.parse_cert('webpanel.crt') ca_hsh = self.certobj.parse_cert('webpanelCA.crt') # First server cert # subj alt name really important for x509 v3 for inx, ip in enumerate(cert_hsh['subjectAltName']['ip_lst']): trex.render_sec('subj_alt_name_ip', {'inx': inx, 'val': ip}) for inx, dns in enumerate(cert_hsh['subjectAltName']['dns_lst']): trex.render_sec('subj_alt_name_dns', {'inx': inx, 'val': dns}) trex.render_sec('subject', cert_hsh['subject']) trex.render_sec('cert_server', cert_hsh) # Then CA cert trex.render_sec('subject', ca_hsh['subject']) trex.render_sec('cert_CA', ca_hsh) return (self.render_layout(trex, data_hsh))
from templaterex import TemplateRex trex = TemplateRex(fname='openssl-template.ini', cmnt_prefix='##-', cmnt_postfix='-##', dev_mode=True) hsh = {} hsh['dir_root'] = '.' hsh['countryName'] = "US" hsh['stateName'] = "ID" hsh['organizationName'] = "IoT Embedded" hsh['commonName'] = "WebpanelCA" # To keep alt names happy.. not really used in CA trex.render_sec('alt_name_ip', {'inx': 0, 'ip': '127.0.0.1'}) trex.render_sec('alt_name_dns', {'inx': 0, 'dns': 'localhost'}) out = trex.render(hsh) fid = open('opensslCA.ini', 'w+') fid.write(out) fid.close() # Create private key cmd = "openssl genrsa -out ./webpanelCA.key 2048" rtn = os.system(cmd) print("keygen rtn = ", rtn) cmd = "chmod 600 ./webpanelCA.key" rtn = os.system(cmd)
def gen_server_cert(self,subj_hsh,ip_lst=[],dns_lst=[]): # subj_hsh should contain: 'countryName','organizationName','commonName' fspec_template = os.path.join(self.dir_root,'openssl-template.ini') trex = TemplateRex(fname=fspec_template,template_dirs=['.'],cmnt_prefix='##-',cmnt_postfix='-##',dev_mode=True) for inx,ip in enumerate(ip_lst): if not ip: continue trex.render_sec('alt_name_ip',{'inx':inx,'ip':ip}) for inx,dns in enumerate(dns_lst): if not dns: continue trex.render_sec('alt_name_dns',{'inx':inx,'dns':dns}) subj_hsh['dir_root'] = self.dir_root ini_out = trex.render(subj_hsh) fspec_ini = os.path.join(self.dir_root,'openssl_cert.ini') self.write_sysfile(fspec_ini,ini_out) # House cleaning... gets a db error if doen't do this # we don't care about crl - remove the contents of newcerts fspec_newcert = os.path.join(self.dir_root,'newcerts/*') self.rm_dir(fspec_newcert) # An index file needs to be present fspec_index = os.path.join(self.dir_root,'index.txt') self.write_sysfile(fspec_index,'') fspec_serial = os.path.join(self.dir_root,'serial') self.write_sysfile(fspec_serial, str( int(time.time() )) ) # Generate private key and csr fspec_key = os.path.join(self.dir_root,'webpanel.key') fspec_csr = os.path.join(self.dir_root,'webpanel.csr') ##cmd = "openssl req -verbose -config openssl_cert.ini -newkey rsa:2048 -nodes -keyout webpanel.key -out webpanel.csr -batch" # Wrap the following system call in file system rw/ro self.rw() cmd = "openssl req -verbose -config {} -newkey rsa:2048 -nodes -keyout {} -out {} -batch".format(fspec_ini,fspec_key,fspec_csr) rtn = subprocess.Popen(cmd.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE) out,err = rtn.communicate() #print(">>>>>",out) #print(">>>>>",err) #rtn = os.system(cmd) #if rtn: # raise SystemError('openssl cmd error') chmod_cmd = "chmod 600 {}".format(fspec_key) rtn = os.system(chmod_cmd) # Finally sign CSR and generate server cert fspec_crt = os.path.join(self.dir_root,'webpanel.crt') options = "ca -config {} -batch -in {} -out {}".format(fspec_ini,fspec_csr,fspec_crt) cmd_lst = ['openssl',"ca","-config",fspec_ini,"-batch","-in",fspec_csr,"-out",fspec_crt] try: rtn = subprocess.check_output(cmd_lst, stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: self.error_msg = e.output.decode(sys.getfilesystemencoding()) self.ro() return(False) self.ro() return(True)