Exemplo n.º 1
0
def bootstrap():
    def cmd(cmd):
        print("cmd",cmd)
        
    def exit_():
        print("exit keystroke detected...")
        s.stop()        
        
    #generate folder structure
    pathlist=["../resources","../resources/logs"]
    for i in pathlist:
        if not os.path.exists(i):
            os.mkdir(i)
    
    #init config
    StdConfig.getInstance()
    
    try:
        policy=PolicyControl.getInstance()
    except ParseError as e:
        Log.error("Policy XML malformed")
         
    Authentication.init()
    proxyWSPort=StdConfig.getInstance().getProxyPort()
    adress=("localhost",proxyWSPort)
    
        
    #s=ThreadedSockServer(SocketModeFactory.TCP,DynamicThreadPoolTaskManager, WebSocketProxyHandler,policy.getMaxConnections())
    s=SockServer(SocketModeFactory.TCP, WebSocketProxyHandler,policy.getMaxConnections())
    if StdConfig.getInstance().isControlInterfaceEnabled():
        ci = ControlInterface(StdConfig.getInstance().getControlPort())
        ci.start()
    it=InputThread(exit_,cmd)
    s.setReuseAdress()
    try:
        s.bind(adress)
    except socket.error:
        Log.error("Socket could not be bound on port %s"%proxyWSPort)
        
    
    Log.info("websocket proxyserver started: %s"%(adress,))
    it.start()
    
    
    s.start()
    Log.info("websocket proxyserver stopped: %s"%(adress,))
    sys.exit(0)
 def _cmdGenSrc(self,n=None):
     snd=Authentication.generateSourcekey()
     self.toClient(Message("srckey", snd[0].decode("UTF-8")+snd[1]))
 def _cmdGenHost(self,host):
     
     snd=Authentication.generateHostkey(host.encode("UTF-8"))
     self.toClient(Message("hostkey", snd[0].decode("UTF-8")+snd[1]))
    def hasAccess(self,type_,src_,destination,auth):
        '''
        checks if the script has access 
        @param type_: TCP,UDP,UNIX
        @param src: the source url of the script [is null if local]
        @param destination: the destination url/ip to connect to   
        @param auth:
        '''
        #Log.debug("checking policy: \n type: %s \n  src: %s \n dest: %s \n auth: %s"%(type_,src_, destination,auth))
        d_uri, d_port = Policies.splitURI(destination)
        src = src_.decode() 
        if src == "null":
            src = "localhost"
        incomingRequestPolicy = Policy("", d_uri, d_port,src, type_)
        

        #print(str(self.policies))
        matchcount=0
        matchaction = None
        for k,rule in self.policies.specificRules.items():
            if self.matches(rule,incomingRequestPolicy):
                if matchcount != 0 and matchaction != rule.action:
                    Log.warning("multiple rules with conflicting actions detected: %s"%k)
                    
                matchcount += 1
                matchaction = rule.action
                
        
        if matchaction != None:
            return self.__proceed(matchaction,incomingRequestPolicy)
        Log.debug("passed specific")    
                        
        
        #no specific rule found:
        #testing for:
        #    trustedSource
        #    trustedDest
        #    localSource
        #    general rule
        
        SALTLEN = 8 
        for authElem in auth:
            
            
            #    trustedSource
            if chr(authElem[0]) == "S":
                authString1 = Authentication.hash(b"", authElem[1:SALTLEN+1])[1].encode()
                if authString1 == authElem[SALTLEN+1:]:
                    #trusted source detected
                    Log.policycontrol("Sourcekey detected")
                    return self.__proceed(self.policies.trustedSource,incomingRequestPolicy,"sourcekey")
                    
            Log.debug("passed srckey")
            #    trustedDest
            if chr(authElem[0]) == "H":
                deststr = d_uri+":"+str(d_port)
                authString1 = Authentication.hash(deststr.encode(), authElem[1:SALTLEN+1])[1].encode()
                authString2 = Authentication.hash(d_uri.encode(), authElem[1:SALTLEN+1])[1].encode()
                if authString1 == authElem[SALTLEN+1:] or authString2 == authElem[SALTLEN+1:]:
                    Log.policycontrol("Hostkey detected")
                    return self.__proceed(self.policies.trustedDest,incomingRequestPolicy,"hostkey")
                    
        
        Log.debug("passed hostkey")    
        #    localSource
        if src == b"localhost":
            return self.__proceed(self.policies.localSource,incomingRequestPolicy)
        Log.debug("passed local")            
            
        #    general rule
        return self.__proceed(self.policies.unknownPolicyRule,incomingRequestPolicy)
        Log.debug("passed general")
        return False