def setUp(self):
find.data_path_append('data/server')
web_root = os.path.join(os.getcwd(), 'data', 'server', 'king_phisher')
config = smoke_zephyr.configuration.Configuration(
find.find_data_file('server_config.yml'))
config.set('server.address.host', '127.0.0.1')
config.set('server.address.port', 0)
config.set('server.addresses', [])
config.set('server.database', 'sqlite://')
config.set(
'server.geoip.database',
os.environ.get('KING_PHISHER_TEST_GEOIP_DB',
'./GeoLite2-City.mmdb'))
config.set('server.web_root', web_root)
config.set('server.rest_api.enabled', True)
config.set('server.rest_api.token', rest_api.generate_token())
self.config = config
self.plugin_manager = plugins.ServerPluginManager(config)
self.server = build.server_from_config(
config,
handler_klass=KingPhisherRequestHandlerTest,
plugin_manager=self.plugin_manager)
config.set('server.address.port',
self.server.sub_servers[0].server_port)
self.assertIsInstance(self.server, server.KingPhisherServer)
self.server_thread = threading.Thread(target=self.server.serve_forever)
self.server_thread.daemon = True
self.server_thread.start()
self.assertTrue(self.server_thread.is_alive())
self.shutdown_requested = False
self.rpc = client_rpc.KingPhisherRPCClient(
('localhost', self.config.get('server.address.port')))
self.rpc.login(username='******', password='******')
def setUp(self):
find.data_path_append('data/server')
web_root = os.path.join(os.getcwd(), 'data', 'server', 'king_phisher')
server_address = {'host': '127.0.0.1', 'port': 0, 'ssl': False}
config = configuration.Configuration.from_file(find.data_file('server_config.yml'))
config.set('server.addresses', [server_address])
config.set('server.database', 'sqlite://')
config.set('server.geoip.database', os.environ.get('KING_PHISHER_TEST_GEOIP_DB', './GeoLite2-City.mmdb'))
config.set('server.web_root', web_root)
config.set('server.rest_api.enabled', True)
config.set('server.rest_api.token', rest_api.generate_token())
self.config = config
self.plugin_manager = plugins.ServerPluginManager(config)
self.server = build.server_from_config(config, handler_klass=KingPhisherRequestHandlerTest, plugin_manager=self.plugin_manager)
server_address['port'] = self.server.sub_servers[0].server_port
self.assertIsInstance(self.server, server.KingPhisherServer)
self.server_thread = threading.Thread(target=self.server.serve_forever)
self.server_thread.daemon = True
self.server_thread.start()
self.assertTrue(self.server_thread.is_alive())
self.shutdown_requested = False
self.rpc = client_rpc.KingPhisherRPCClient(('localhost', server_address['port']))
self.rpc.login(username='******', password='******')
def build_and_run(arguments, config, plugin_manager, log_file=None):
# fork into the background
should_fork = True
if arguments.foreground:
should_fork = False
elif config.has_option('server.fork'):
should_fork = bool(config.get('server.fork'))
if should_fork:
if os.fork():
return sys.exit(os.EX_OK)
os.setsid()
try:
king_phisher_server = build.server_from_config(config, plugin_manager=plugin_manager)
except errors.KingPhisherDatabaseAuthenticationError:
logger.critical('failed to authenticate to the database, this usually means the password is incorrect and needs to be updated')
return os.EX_SOFTWARE
except errors.KingPhisherError as error:
logger.critical('server failed to build with error: ' + error.message)
return os.EX_SOFTWARE
server_pid = os.getpid()
logger.info("server running in process: {0} main tid: 0x{1:x}".format(server_pid, threading.current_thread().ident))
if should_fork and config.has_option('server.pid_file'):
pid_file = open(config.get('server.pid_file'), 'w')
pid_file.write(str(server_pid))
pid_file.close()
if config.has_option('server.setuid_username'):
setuid_username = config.get('server.setuid_username')
try:
user_info = pwd.getpwnam(setuid_username)
except KeyError:
logger.critical('an invalid username was specified as \'server.setuid_username\'')
king_phisher_server.shutdown()
return os.EX_NOUSER
if log_file is not None:
os.chown(log_file, user_info.pw_uid, user_info.pw_gid)
os.setgroups([])
os.setresgid(user_info.pw_gid, user_info.pw_gid, user_info.pw_gid)
os.setresuid(user_info.pw_uid, user_info.pw_uid, user_info.pw_uid)
logger.info("dropped privileges to the {0} account".format(setuid_username))
else:
logger.warning('running with root privileges is dangerous, drop them by configuring \'server.setuid_username\'')
os.umask(0o077)
db_engine_url = king_phisher_server.database_engine.url
if db_engine_url.drivername == 'sqlite':
logger.warning('sqlite is no longer fully supported, see https://github.com/securestate/king-phisher/wiki/Database#sqlite for more details')
database_dir = os.path.dirname(db_engine_url.database)
if not os.access(database_dir, os.W_OK):
logger.critical('sqlite requires write permissions to the folder containing the database')
king_phisher_server.shutdown()
return os.EX_NOPERM
sighup_handler = lambda: threading.Thread(target=king_phisher_server.shutdown).start()
signal.signal(signal.SIGHUP, lambda signum, frame: sighup_handler())
try:
king_phisher_server.serve_forever(fork=False)
except KeyboardInterrupt:
pass
king_phisher_server.shutdown()
return os.EX_OK
def build_and_run(arguments, config, plugin_manager, log_file=None):
# fork into the background
should_fork = True
if arguments.foreground:
should_fork = False
elif config.has_option('server.fork'):
should_fork = bool(config.get('server.fork'))
if should_fork:
if os.fork():
return sys.exit(os.EX_OK)
os.setsid()
try:
king_phisher_server = build.server_from_config(config, plugin_manager=plugin_manager)
except errors.KingPhisherDatabaseAuthenticationError:
logger.critical('failed to authenticate to the database, this usually means the password is incorrect and needs to be updated')
return os.EX_SOFTWARE
except errors.KingPhisherError as error:
logger.critical('server failed to build with error: ' + error.message)
return os.EX_SOFTWARE
server_pid = os.getpid()
logger.info("server running in process: {0} main tid: 0x{1:x}".format(server_pid, threading.current_thread().ident))
if should_fork and config.has_option('server.pid_file'):
pid_file = open(config.get('server.pid_file'), 'w')
pid_file.write(str(server_pid))
pid_file.close()
if config.has_option('server.setuid_username'):
setuid_username = config.get('server.setuid_username')
try:
user_info = pwd.getpwnam(setuid_username)
except KeyError:
logger.critical('an invalid username was specified as \'server.setuid_username\'')
king_phisher_server.shutdown()
return os.EX_NOUSER
if log_file is not None:
os.chown(log_file, user_info.pw_uid, user_info.pw_gid)
os.setgroups([])
os.setresgid(user_info.pw_gid, user_info.pw_gid, user_info.pw_gid)
os.setresuid(user_info.pw_uid, user_info.pw_uid, user_info.pw_uid)
logger.info("dropped privileges to the {0} account".format(setuid_username))
else:
logger.warning('running with root privileges is dangerous, drop them by configuring \'server.setuid_username\'')
os.umask(0o077)
db_engine_url = king_phisher_server.database_engine.url
if db_engine_url.drivername == 'sqlite':
logger.warning('sqlite is no longer fully supported, see https://github.com/securestate/king-phisher/wiki/Database#sqlite for more details')
database_dir = os.path.dirname(db_engine_url.database)
if not os.access(database_dir, os.W_OK):
logger.critical('sqlite requires write permissions to the folder containing the database')
king_phisher_server.shutdown()
return os.EX_NOPERM
signal.signal(signal.SIGHUP, functools.partial(sig_handler, king_phisher_server, 'SIGHUP'))
signal.signal(signal.SIGINT, functools.partial(sig_handler, king_phisher_server, 'SIGINT'))
signal.signal(signal.SIGTERM, functools.partial(sig_handler, king_phisher_server, 'SIGTERM'))
try:
king_phisher_server.serve_forever(fork=False)
except KeyboardInterrupt:
pass
king_phisher_server.shutdown()
return os.EX_OK
def build_and_run(arguments, config, plugin_manager, log_file=None):
# fork into the background
should_fork = True
if arguments.foreground:
should_fork = False
elif config.has_option('server.fork'):
should_fork = bool(config.get('server.fork'))
if should_fork:
if os.fork():
return sys.exit(os.EX_OK)
os.setsid()
try:
king_phisher_server = build.server_from_config(
config, plugin_manager=plugin_manager)
except errors.KingPhisherDatabaseAuthenticationError:
logger.critical(
'failed to authenticate to the database, this usually means the password is incorrect and needs to be updated'
)
return os.EX_SOFTWARE
except errors.KingPhisherError as error:
logger.critical('server failed to build with error: ' + error.message)
return os.EX_SOFTWARE
server_pid = os.getpid()
logger.info("server running in process: {0} main tid: 0x{1:x}".format(
server_pid,
threading.current_thread().ident))
if should_fork and config.has_option('server.pid_file'):
pid_file = open(config.get('server.pid_file'), 'w')
pid_file.write(str(server_pid))
pid_file.close()
if config.has_option('server.setuid_username'):
setuid_username = config.get('server.setuid_username')
try:
passwd = pylibc.getpwnam(setuid_username)
except KeyError:
logger.critical(
'an invalid username was specified as \'server.setuid_username\''
)
king_phisher_server.shutdown()
return os.EX_NOUSER
if log_file is not None:
fs_utilities.chown(log_file,
user=passwd.pw_uid,
group=passwd.pw_gid,
recursive=False)
data_path = config.get_if_exists('server.letsencrypt.data_path')
if data_path and config.get_if_exists(
'server.letsencrypt.chown_data_path', True):
if os.path.isdir(data_path):
fs_utilities.chown(data_path,
user=passwd.pw_uid,
group=passwd.pw_gid,
recursive=True)
else:
logger.warning(
'can not chown the letsencrypt data directory (directory not found)'
)
os.setgroups(pylibc.getgrouplist(setuid_username))
os.setresgid(passwd.pw_gid, passwd.pw_gid, passwd.pw_gid)
os.setresuid(passwd.pw_uid, passwd.pw_uid, passwd.pw_uid)
logger.info(
"dropped privileges to the {} account (uid: {}, gid: {})".format(
setuid_username, passwd.pw_uid, passwd.pw_gid))
else:
logger.warning(
'running with root privileges is dangerous, drop them by configuring \'server.setuid_username\''
)
os.umask(0o077)
db_engine_url = king_phisher_server.database_engine.url
if db_engine_url.drivername == 'sqlite':
logger.warning(
'sqlite is no longer fully supported, see https://github.com/securestate/king-phisher/wiki/Database#sqlite for more details'
)
database_dir = os.path.dirname(db_engine_url.database)
if not os.access(database_dir, os.W_OK):
logger.critical(
'sqlite requires write permissions to the folder containing the database'
)
king_phisher_server.shutdown()
return os.EX_NOPERM
signal.signal(
signal.SIGHUP,
functools.partial(sig_handler, king_phisher_server, 'SIGHUP'))
signal.signal(
signal.SIGINT,
functools.partial(sig_handler, king_phisher_server, 'SIGINT'))
signal.signal(
signal.SIGTERM,
functools.partial(sig_handler, king_phisher_server, 'SIGTERM'))
try:
king_phisher_server.serve_forever(fork=False)
except KeyboardInterrupt:
pass
king_phisher_server.shutdown()
return os.EX_OK
