def set_dhcp(self): self.template_args['fname'] = 'dhcpcd-template.conf' trex_dhcpcd = TemplateRex(**self.template_args) dhcpcd_file_content = trex_dhcpcd.render() self.write_sysfile('/etc/dhcpcd.conf', dhcpcd_file_content)
def set_hostname(self, hostname, ip): self.write_sysfile('/etc/hostname', hostname) # Write to host file self.template_args['fname'] = 'hosts-template' trex_hosts = TemplateRex(**self.template_args) trex_hosts.render_sec('hostname', {'ip': ip, 'hostname': hostname}) host_content = trex_hosts.render() self.write_sysfile('/etc/hosts', host_content)
def set_static(self, params): self.template_args['fname'] = 'dhcpcd-template.conf' trex_dhcpcd = TemplateRex(**self.template_args) if params['ip_method'] == 'static': trex_dhcpcd.render_sec('static_conf', params) dhcpcd_file_content = trex_dhcpcd.render(params) return (self.write_sysfile('/etc/dhcpcd.conf', dhcpcd_file_content))
def set_ntp_server(self, ntp_server=""): self.template_args['fname'] = 't-ntp.conf.dhcp' trex_ntp = TemplateRex(**self.template_args) if ntp_server: trex_ntp.render_sec('server_blk', {'ntp_server': ntp_server}) ntp_content = trex_ntp.render() self.write_sysfile('/etc/ntp.conf', ntp_content) os.system('systemctl restart ntp')
def set_dns(self, dns_servers=['8.8.8.8']): self.template_args['fname'] = 't-resolv.conf' trex_dns = TemplateRex(**self.template_args) for dns_server in dns_servers: if dns_server: # skip blank trex_dns.render_sec('dns_blk', {'dns_server': dns_server}) dns_content = trex_dns.render() self.write_sysfile('/etc/resolv.conf', dns_content)
def netconf(self, err_struct=""): data_hsh = {} data_hsh['username'] = self.auth.authorize() #if err_struct: # data_hsh['err_msg'] = err_struct['err_msg']; # data_hsh['err_id_lst_json'] = json.dumps(err_struct['err_ids']) nic_info = sysinfo.get_iface_info() host_info = sysinfo.get_host_info() dns_info = sysinfo.get_dns_info() for inx, srv in enumerate(dns_info['nameserver']): key = 'dns_server_{}'.format(inx) data_hsh[key] = srv ##pprint.pprint(data_hsh) data_hsh.update(nic_info) data_hsh.update(host_info) # Still holding on the possibility of more than one nic nic_name = list(nic_info.keys())[0] if sysinfo.is_dhcp(nic_name): data_hsh['dhcp_checked'] = 'checked' else: data_hsh['static_checked'] = 'checked' trex = TemplateRex(fname='t_netconf.html') # Pulling back support for multiple NIC for now. if len(nic_info) > 1: return ("Error only one NIC supported") for nic in nic_info: trex.render_sec('nic_blk', nic_info[nic]) ntp_info = sysinfo.get_ntp_info() if 'ntp_status' in ntp_info: data_hsh['ntp_status'] = ntp_info['ntp_status'] if 'ntp_server' in ntp_info: data_hsh['ntp_server'] = ntp_info['ntp_server'] return (self.render_layout(trex, data_hsh))
def index(self): data_hsh = {} root_path = os.getcwd() nic_info = sysinfo.get_iface_info() host_info = sysinfo.get_host_info() data_hsh.update(host_info) trex = TemplateRex(fname='t_index.html') for nic in nic_info: trex.render_sec('nic_blk', nic_info[nic]) return (self.render_layout(trex, data_hsh))
def login(self, username="", password="", from_page="/"): username = escape(username) password = escape(password) from_page = escape(from_page) if username and password: msg = self.check_credentials(username, password) if msg == True: cherrypy.session[ self.SESSION_KEY] = cherrypy.request.login = username # Need to do a redirect to set session url_redirect = self.url_gen(from_page) raise cherrypy.HTTPRedirect(url_redirect) url_login = self.url_login trex = TemplateRex(fname='t_loginform.html') return (trex.render(locals()))
def login(self, username="", password="", from_page="/"): username = escape(username) password = escape(password) from_page = escape(from_page) if username and password: msg = self.check_credentials(username, password) if msg == True: cherrypy.session[ self.SESSION_KEY] = cherrypy.request.login = username # Need to do a redirect to set session # Had to add the host as just using /url/path would somehow add a "/" so we got "//" url_redirect = "https://{}{}".format( cherrypy.request.headers.get('Host'), from_page) raise cherrypy.HTTPRedirect(url_redirect) url_login = self.url_login trex = TemplateRex(fname='t_loginform.html') return (trex.render(locals()))
def netconf_rtn(self, **params): username = self.auth.authorize() # A complete specification of the url for redirects is required url_redirect = self.url_gen('/webpanel') # Object to handle the actual system config. # Assumes dhcpcd5 is controlling the network configuration # This takes the extra step to handle multiple interfaces. Adds # complexity but there cases when there are multiple interfaces. modconf = modconfig.DHCP() if not 'ip_method' in params: raise cherrypy.HTTPRedirect(url_redirect) if params['ip_method'] == 'static': # --------- Validate input --------- err_hsh = self.netconf_validate(params) if err_hsh: trex_err = TemplateRex(fname='t_netconf_err.html') for key in err_hsh: trex_err.render_sec("err_blk", { 'key': key, 'val': params[key], 'msg': err_hsh[key] }) trex_err.render_sec('content') return (trex_err.render()) # ------------- modconf.set_static(params) modconf.set_hostname(params['hostname'], params['ip_address']) modconf.set_ntp_server(params['ntp_server']) modconf.set_dns( dns_servers=[params['dns_server_0'], params['dns_server_1']]) else: modconf.set_dhcp() ###rtn = subprocess.check_output(['systemctl','restart','dhcpcd.service'],stderr=subprocess.STDOUT) rtn = os.system("(sleep 2; reboot)&") raise cherrypy.HTTPRedirect(url_redirect)
def cred_crud_rtn(self, **parms): trex = TemplateRex(fname='t_loginform_crud.html') # ---- Validate Input ---------------- parms['msg'] = self.check_credentials(parms['username'], parms['password']) if parms['msg'] != True: return (trex.render(parms)) if not (parms['username_new'] or parms['username_verify'] or parms['password_new'] or parms['password_verify']): parms['msg'] = "Blank Username or Password" return (trex.render(parms)) if (parms['username_new'] != parms['username_verify']) or ( parms['password_new'] != parms['password_verify']): parms[ 'msg'] = "New Username or Password do not mach Verify Username or Password" return (trex.render(parms)) # Looks good go create new file. Note only allowng one user at this point in time. # Multiple user only makes sense when there are roles self.rw() ht = HtpasswdFile(self.htpasswd, new=True) ht.set_password(parms['username_new'], parms['password_new']) rtn = ht.save() self.ro() if not 'from_page' in parms: parms['from_page'] = '/' get_parms = { 'from_page': parms['from_page'], 'username': parms['username_new'], 'password': parms['password_new'] } query_str = urllib.parse.urlencode(get_parms) raise cherrypy.InternalRedirect(self.url_login, query_str)
def cred_crud(self, from_page='/'): trex = TemplateRex(fname='t_loginform_crud.html') return (trex.render(locals()))
def gen_server_cert(self,subj_hsh,ip_lst=[],dns_lst=[]): # subj_hsh should contain: 'countryName','organizationName','commonName' fspec_template = os.path.join(self.dir_root,'openssl-template.ini') trex = TemplateRex(fname=fspec_template,template_dirs=['.'],cmnt_prefix='##-',cmnt_postfix='-##',dev_mode=True) for inx,ip in enumerate(ip_lst): if not ip: continue trex.render_sec('alt_name_ip',{'inx':inx,'ip':ip}) for inx,dns in enumerate(dns_lst): if not dns: continue trex.render_sec('alt_name_dns',{'inx':inx,'dns':dns}) subj_hsh['dir_root'] = self.dir_root ini_out = trex.render(subj_hsh) fspec_ini = os.path.join(self.dir_root,'openssl_cert.ini') self.write_sysfile(fspec_ini,ini_out) # House cleaning... gets a db error if doen't do this # we don't care about crl - remove the contents of newcerts fspec_newcert = os.path.join(self.dir_root,'newcerts/*') self.rm_dir(fspec_newcert) # An index file needs to be present fspec_index = os.path.join(self.dir_root,'index.txt') self.write_sysfile(fspec_index,'') fspec_serial = os.path.join(self.dir_root,'serial') self.write_sysfile(fspec_serial, str( int(time.time() )) ) # Generate private key and csr fspec_key = os.path.join(self.dir_root,'webpanel.key') fspec_csr = os.path.join(self.dir_root,'webpanel.csr') ##cmd = "openssl req -verbose -config openssl_cert.ini -newkey rsa:2048 -nodes -keyout webpanel.key -out webpanel.csr -batch" # Wrap the following system call in file system rw/ro self.rw() cmd = "openssl req -verbose -config {} -newkey rsa:2048 -nodes -keyout {} -out {} -batch".format(fspec_ini,fspec_key,fspec_csr) rtn = subprocess.Popen(cmd.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE) out,err = rtn.communicate() #print(">>>>>",out) #print(">>>>>",err) #rtn = os.system(cmd) #if rtn: # raise SystemError('openssl cmd error') chmod_cmd = "chmod 600 {}".format(fspec_key) rtn = os.system(chmod_cmd) # Finally sign CSR and generate server cert fspec_crt = os.path.join(self.dir_root,'webpanel.crt') options = "ca -config {} -batch -in {} -out {}".format(fspec_ini,fspec_csr,fspec_crt) cmd_lst = ['openssl',"ca","-config",fspec_ini,"-batch","-in",fspec_csr,"-out",fspec_crt] try: rtn = subprocess.check_output(cmd_lst, stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: self.error_msg = e.output.decode(sys.getfilesystemencoding()) self.ro() return(False) self.ro() return(True)
def sslcert(self): data_hsh = sysinfo.get_host_info() trex = TemplateRex(fname='t_sslcert.html') cert_hsh = self.certobj.parse_cert('webpanel.crt') ca_hsh = self.certobj.parse_cert('webpanelCA.crt') # First server cert # subj alt name really important for x509 v3 for inx, ip in enumerate(cert_hsh['subjectAltName']['ip_lst']): trex.render_sec('subj_alt_name_ip', {'inx': inx, 'val': ip}) for inx, dns in enumerate(cert_hsh['subjectAltName']['dns_lst']): trex.render_sec('subj_alt_name_dns', {'inx': inx, 'val': dns}) trex.render_sec('subject', cert_hsh['subject']) trex.render_sec('cert_server', cert_hsh) # Then CA cert trex.render_sec('subject', ca_hsh['subject']) trex.render_sec('cert_CA', ca_hsh) return (self.render_layout(trex, data_hsh))
def upload(self): self.auth.authorize() trex = TemplateRex(fname='t_firmware_upload.html') return( self.render_layout(trex, locals()) )
def sslcert_newcert(self, **params): self.auth.authorize() # dev_mode give location of templates being used in html output trex = TemplateRex(fname='t_sslcert-newcert.html', dev_mode=True) cert_hsh = self.certobj.parse_cert('webpanel.crt') nic_info = sysinfo.get_iface_info() host_info = sysinfo.get_host_info() dns_info = sysinfo.get_dns_info() trex.render_sec('subject', cert_hsh['subject']) # Use actual ip address and not what is in current cert. If nic is not eth0 trouble... try: trex.render_sec('subj_alt_name_ip', { 'inx': 0, 'val': nic_info['eth0']['ip_address'] }) except: trex.render_sec('subj_alt_name_ip', {'inx': 0, 'val': ''}) trex.render_sec('subj_alt_name_ip', {'inx': 1, 'val': '127.0.0.1'}) trex.render_sec('subj_alt_name_ip', {'inx': 2, 'val': ''}) trex.render_sec('subj_alt_name_ip', {'inx': 3, 'val': ''}) try: trex.render_sec('subj_alt_name_dns', { 'inx': 0, 'val': host_info['hostname'] }) except: trex.render_sec('subj_alt_name_dns', {'inx': 0, 'val': ''}) try: trex.render_sec( 'subj_alt_name_dns', { 'inx': 1, 'val': "{}.{}".format(host_info['hostname'], dns_info['domain']) }) except: trex.render_sec('subj_alt_name_dns', {'inx': 1, 'val': ''}) trex.render_sec('subj_alt_name_dns', {'inx': 2, 'val': ''}) trex.render_sec('subj_alt_name_dns', {'inx': 3, 'val': ''}) return (self.render_layout(trex, {}))
fqdn = socket.getfqdn(hostname) ip_addr = socket.gethostbyname(hostname) # Get ethernet interface ip addr ip_addr_iface = '' rtn = subprocess.check_output(['ifconfig', ifname], stderr=subprocess.STDOUT) pattern = "inet addr:(\S+)".encode() match = re.search(pattern, rtn) if match: ip_addr_iface = match.group(1).decode() print("hostname = {}\nip_addr = {}".format(hostname, ip_addr)) print("ip_addr_iface = {}\n".format(ip_addr_iface)) trex = TemplateRex(fname='openssl-template.ini', cmnt_prefix='##-', cmnt_postfix='-##', dev_mode=True) hsh = {} hsh['dir_root'] = '.' hsh['countryName'] = "US" hsh['organizationName'] = "IoT Embedded" hsh['commonName'] = "webpanel" hsh['ip_lst'] = [ip_addr, ip_addr_iface, "127.0.0.1"] hsh['dns_lst'] = [hostname, fqdn] for inx, ip in enumerate(hsh['ip_lst']): if ip: trex.render_sec('alt_name_ip', {'inx': inx, 'ip': ip})
#!/usr/bin/python3 import os from templaterex import TemplateRex trex = TemplateRex(fname='openssl-template.ini', cmnt_prefix='##-', cmnt_postfix='-##', dev_mode=True) hsh = {} hsh['dir_root'] = '.' hsh['countryName'] = "US" hsh['stateName'] = "ID" hsh['organizationName'] = "IoT Embedded" hsh['commonName'] = "WebpanelCA" # To keep alt names happy.. not really used in CA trex.render_sec('alt_name_ip', {'inx': 0, 'ip': '127.0.0.1'}) trex.render_sec('alt_name_dns', {'inx': 0, 'dns': 'localhost'}) out = trex.render(hsh) fid = open('opensslCA.ini', 'w+') fid.write(out) fid.close() # Create private key cmd = "openssl genrsa -out ./webpanelCA.key 2048" rtn = os.system(cmd) print("keygen rtn = ", rtn)