def set_dhcp(self): self.template_args['fname'] = 'dhcpcd-template.conf' trex_dhcpcd = TemplateRex(**self.template_args) dhcpcd_file_content = trex_dhcpcd.render() self.write_sysfile('/etc/dhcpcd.conf', dhcpcd_file_content)
def set_hostname(self, hostname, ip): self.write_sysfile('/etc/hostname', hostname) # Write to host file self.template_args['fname'] = 'hosts-template' trex_hosts = TemplateRex(**self.template_args) trex_hosts.render_sec('hostname', {'ip': ip, 'hostname': hostname}) host_content = trex_hosts.render() self.write_sysfile('/etc/hosts', host_content)
def set_static(self, params): self.template_args['fname'] = 'dhcpcd-template.conf' trex_dhcpcd = TemplateRex(**self.template_args) if params['ip_method'] == 'static': trex_dhcpcd.render_sec('static_conf', params) dhcpcd_file_content = trex_dhcpcd.render(params) return (self.write_sysfile('/etc/dhcpcd.conf', dhcpcd_file_content))
def netconf_rtn(self, **params): username = self.auth.authorize() # A complete specification of the url for redirects is required url_redirect = self.url_gen('/webpanel') # Object to handle the actual system config. # Assumes dhcpcd5 is controlling the network configuration # This takes the extra step to handle multiple interfaces. Adds # complexity but there cases when there are multiple interfaces. modconf = modconfig.DHCP() if not 'ip_method' in params: raise cherrypy.HTTPRedirect(url_redirect) if params['ip_method'] == 'static': # --------- Validate input --------- err_hsh = self.netconf_validate(params) if err_hsh: trex_err = TemplateRex(fname='t_netconf_err.html') for key in err_hsh: trex_err.render_sec("err_blk", { 'key': key, 'val': params[key], 'msg': err_hsh[key] }) trex_err.render_sec('content') return (trex_err.render()) # ------------- modconf.set_static(params) modconf.set_hostname(params['hostname'], params['ip_address']) modconf.set_ntp_server(params['ntp_server']) modconf.set_dns( dns_servers=[params['dns_server_0'], params['dns_server_1']]) else: modconf.set_dhcp() ###rtn = subprocess.check_output(['systemctl','restart','dhcpcd.service'],stderr=subprocess.STDOUT) rtn = os.system("(sleep 2; reboot)&") raise cherrypy.HTTPRedirect(url_redirect)
def set_dns(self, dns_servers=['8.8.8.8']): self.template_args['fname'] = 't-resolv.conf' trex_dns = TemplateRex(**self.template_args) for dns_server in dns_servers: if dns_server: # skip blank trex_dns.render_sec('dns_blk', {'dns_server': dns_server}) dns_content = trex_dns.render() self.write_sysfile('/etc/resolv.conf', dns_content)
def set_ntp_server(self, ntp_server=""): self.template_args['fname'] = 't-ntp.conf.dhcp' trex_ntp = TemplateRex(**self.template_args) if ntp_server: trex_ntp.render_sec('server_blk', {'ntp_server': ntp_server}) ntp_content = trex_ntp.render() self.write_sysfile('/etc/ntp.conf', ntp_content) os.system('systemctl restart ntp')
def cred_crud_rtn(self, **parms): trex = TemplateRex(fname='t_loginform_crud.html') # ---- Validate Input ---------------- parms['msg'] = self.check_credentials(parms['username'], parms['password']) if parms['msg'] != True: return (trex.render(parms)) if not (parms['username_new'] or parms['username_verify'] or parms['password_new'] or parms['password_verify']): parms['msg'] = "Blank Username or Password" return (trex.render(parms)) if (parms['username_new'] != parms['username_verify']) or ( parms['password_new'] != parms['password_verify']): parms[ 'msg'] = "New Username or Password do not mach Verify Username or Password" return (trex.render(parms)) # Looks good go create new file. Note only allowng one user at this point in time. # Multiple user only makes sense when there are roles self.rw() ht = HtpasswdFile(self.htpasswd, new=True) ht.set_password(parms['username_new'], parms['password_new']) rtn = ht.save() self.ro() if not 'from_page' in parms: parms['from_page'] = '/' get_parms = { 'from_page': parms['from_page'], 'username': parms['username_new'], 'password': parms['password_new'] } query_str = urllib.parse.urlencode(get_parms) raise cherrypy.InternalRedirect(self.url_login, query_str)
def login(self, username="", password="", from_page="/"): username = escape(username) password = escape(password) from_page = escape(from_page) if username and password: msg = self.check_credentials(username, password) if msg == True: cherrypy.session[ self.SESSION_KEY] = cherrypy.request.login = username # Need to do a redirect to set session url_redirect = self.url_gen(from_page) raise cherrypy.HTTPRedirect(url_redirect) url_login = self.url_login trex = TemplateRex(fname='t_loginform.html') return (trex.render(locals()))
def login(self, username="", password="", from_page="/"): username = escape(username) password = escape(password) from_page = escape(from_page) if username and password: msg = self.check_credentials(username, password) if msg == True: cherrypy.session[ self.SESSION_KEY] = cherrypy.request.login = username # Need to do a redirect to set session # Had to add the host as just using /url/path would somehow add a "/" so we got "//" url_redirect = "https://{}{}".format( cherrypy.request.headers.get('Host'), from_page) raise cherrypy.HTTPRedirect(url_redirect) url_login = self.url_login trex = TemplateRex(fname='t_loginform.html') return (trex.render(locals()))
def cred_crud(self, from_page='/'): trex = TemplateRex(fname='t_loginform_crud.html') return (trex.render(locals()))
hsh['dir_root'] = '.' hsh['countryName'] = "US" hsh['organizationName'] = "IoT Embedded" hsh['commonName'] = "webpanel" hsh['ip_lst'] = [ip_addr, ip_addr_iface, "127.0.0.1"] hsh['dns_lst'] = [hostname, fqdn] for inx, ip in enumerate(hsh['ip_lst']): if ip: trex.render_sec('alt_name_ip', {'inx': inx, 'ip': ip}) for inx, dns in enumerate(hsh['dns_lst']): trex.render_sec('alt_name_dns', {'inx': inx, 'dns': dns}) out = trex.render(hsh) fid = open('openssl_cert.ini', 'w+') fid.write(out) fid.close() # Generating key first and then csr did not work # Do in one pass... #cmd = "openssl genrsa -out ./webpanel.key 2048" #rtn = os.system(cmd) #if rtn: # raise #print("keygen rtn = ",rtn) # House cleaning... get a db error if newcerts doesn't exist/not empty # we don't care about crl
def gen_server_cert(self,subj_hsh,ip_lst=[],dns_lst=[]): # subj_hsh should contain: 'countryName','organizationName','commonName' fspec_template = os.path.join(self.dir_root,'openssl-template.ini') trex = TemplateRex(fname=fspec_template,template_dirs=['.'],cmnt_prefix='##-',cmnt_postfix='-##',dev_mode=True) for inx,ip in enumerate(ip_lst): if not ip: continue trex.render_sec('alt_name_ip',{'inx':inx,'ip':ip}) for inx,dns in enumerate(dns_lst): if not dns: continue trex.render_sec('alt_name_dns',{'inx':inx,'dns':dns}) subj_hsh['dir_root'] = self.dir_root ini_out = trex.render(subj_hsh) fspec_ini = os.path.join(self.dir_root,'openssl_cert.ini') self.write_sysfile(fspec_ini,ini_out) # House cleaning... gets a db error if doen't do this # we don't care about crl - remove the contents of newcerts fspec_newcert = os.path.join(self.dir_root,'newcerts/*') self.rm_dir(fspec_newcert) # An index file needs to be present fspec_index = os.path.join(self.dir_root,'index.txt') self.write_sysfile(fspec_index,'') fspec_serial = os.path.join(self.dir_root,'serial') self.write_sysfile(fspec_serial, str( int(time.time() )) ) # Generate private key and csr fspec_key = os.path.join(self.dir_root,'webpanel.key') fspec_csr = os.path.join(self.dir_root,'webpanel.csr') ##cmd = "openssl req -verbose -config openssl_cert.ini -newkey rsa:2048 -nodes -keyout webpanel.key -out webpanel.csr -batch" # Wrap the following system call in file system rw/ro self.rw() cmd = "openssl req -verbose -config {} -newkey rsa:2048 -nodes -keyout {} -out {} -batch".format(fspec_ini,fspec_key,fspec_csr) rtn = subprocess.Popen(cmd.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE) out,err = rtn.communicate() #print(">>>>>",out) #print(">>>>>",err) #rtn = os.system(cmd) #if rtn: # raise SystemError('openssl cmd error') chmod_cmd = "chmod 600 {}".format(fspec_key) rtn = os.system(chmod_cmd) # Finally sign CSR and generate server cert fspec_crt = os.path.join(self.dir_root,'webpanel.crt') options = "ca -config {} -batch -in {} -out {}".format(fspec_ini,fspec_csr,fspec_crt) cmd_lst = ['openssl',"ca","-config",fspec_ini,"-batch","-in",fspec_csr,"-out",fspec_crt] try: rtn = subprocess.check_output(cmd_lst, stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: self.error_msg = e.output.decode(sys.getfilesystemencoding()) self.ro() return(False) self.ro() return(True)