def bootstrap(): def cmd(cmd): print("cmd",cmd) def exit_(): print("exit keystroke detected...") s.stop() #generate folder structure pathlist=["../resources","../resources/logs"] for i in pathlist: if not os.path.exists(i): os.mkdir(i) #init config StdConfig.getInstance() try: policy=PolicyControl.getInstance() except ParseError as e: Log.error("Policy XML malformed") Authentication.init() proxyWSPort=StdConfig.getInstance().getProxyPort() adress=("localhost",proxyWSPort) #s=ThreadedSockServer(SocketModeFactory.TCP,DynamicThreadPoolTaskManager, WebSocketProxyHandler,policy.getMaxConnections()) s=SockServer(SocketModeFactory.TCP, WebSocketProxyHandler,policy.getMaxConnections()) if StdConfig.getInstance().isControlInterfaceEnabled(): ci = ControlInterface(StdConfig.getInstance().getControlPort()) ci.start() it=InputThread(exit_,cmd) s.setReuseAdress() try: s.bind(adress) except socket.error: Log.error("Socket could not be bound on port %s"%proxyWSPort) Log.info("websocket proxyserver started: %s"%(adress,)) it.start() s.start() Log.info("websocket proxyserver stopped: %s"%(adress,)) sys.exit(0)
def _cmdGenSrc(self,n=None): snd=Authentication.generateSourcekey() self.toClient(Message("srckey", snd[0].decode("UTF-8")+snd[1]))
def _cmdGenHost(self,host): snd=Authentication.generateHostkey(host.encode("UTF-8")) self.toClient(Message("hostkey", snd[0].decode("UTF-8")+snd[1]))
def hasAccess(self,type_,src_,destination,auth): ''' checks if the script has access @param type_: TCP,UDP,UNIX @param src: the source url of the script [is null if local] @param destination: the destination url/ip to connect to @param auth: ''' #Log.debug("checking policy: \n type: %s \n src: %s \n dest: %s \n auth: %s"%(type_,src_, destination,auth)) d_uri, d_port = Policies.splitURI(destination) src = src_.decode() if src == "null": src = "localhost" incomingRequestPolicy = Policy("", d_uri, d_port,src, type_) #print(str(self.policies)) matchcount=0 matchaction = None for k,rule in self.policies.specificRules.items(): if self.matches(rule,incomingRequestPolicy): if matchcount != 0 and matchaction != rule.action: Log.warning("multiple rules with conflicting actions detected: %s"%k) matchcount += 1 matchaction = rule.action if matchaction != None: return self.__proceed(matchaction,incomingRequestPolicy) Log.debug("passed specific") #no specific rule found: #testing for: # trustedSource # trustedDest # localSource # general rule SALTLEN = 8 for authElem in auth: # trustedSource if chr(authElem[0]) == "S": authString1 = Authentication.hash(b"", authElem[1:SALTLEN+1])[1].encode() if authString1 == authElem[SALTLEN+1:]: #trusted source detected Log.policycontrol("Sourcekey detected") return self.__proceed(self.policies.trustedSource,incomingRequestPolicy,"sourcekey") Log.debug("passed srckey") # trustedDest if chr(authElem[0]) == "H": deststr = d_uri+":"+str(d_port) authString1 = Authentication.hash(deststr.encode(), authElem[1:SALTLEN+1])[1].encode() authString2 = Authentication.hash(d_uri.encode(), authElem[1:SALTLEN+1])[1].encode() if authString1 == authElem[SALTLEN+1:] or authString2 == authElem[SALTLEN+1:]: Log.policycontrol("Hostkey detected") return self.__proceed(self.policies.trustedDest,incomingRequestPolicy,"hostkey") Log.debug("passed hostkey") # localSource if src == b"localhost": return self.__proceed(self.policies.localSource,incomingRequestPolicy) Log.debug("passed local") # general rule return self.__proceed(self.policies.unknownPolicyRule,incomingRequestPolicy) Log.debug("passed general") return False