def bootstrap():
def cmd(cmd):
print("cmd",cmd)
def exit_():
print("exit keystroke detected...")
s.stop()
#generate folder structure
pathlist=["../resources","../resources/logs"]
for i in pathlist:
if not os.path.exists(i):
os.mkdir(i)
#init config
StdConfig.getInstance()
try:
policy=PolicyControl.getInstance()
except ParseError as e:
Log.error("Policy XML malformed")
Authentication.init()
proxyWSPort=StdConfig.getInstance().getProxyPort()
adress=("localhost",proxyWSPort)
#s=ThreadedSockServer(SocketModeFactory.TCP,DynamicThreadPoolTaskManager, WebSocketProxyHandler,policy.getMaxConnections())
s=SockServer(SocketModeFactory.TCP, WebSocketProxyHandler,policy.getMaxConnections())
if StdConfig.getInstance().isControlInterfaceEnabled():
ci = ControlInterface(StdConfig.getInstance().getControlPort())
ci.start()
it=InputThread(exit_,cmd)
s.setReuseAdress()
try:
s.bind(adress)
except socket.error:
Log.error("Socket could not be bound on port %s"%proxyWSPort)
Log.info("websocket proxyserver started: %s"%(adress,))
it.start()
s.start()
Log.info("websocket proxyserver stopped: %s"%(adress,))
sys.exit(0)
def _cmdGenSrc(self,n=None):
snd=Authentication.generateSourcekey()
self.toClient(Message("srckey", snd[0].decode("UTF-8")+snd[1]))
def _cmdGenHost(self,host):
snd=Authentication.generateHostkey(host.encode("UTF-8"))
self.toClient(Message("hostkey", snd[0].decode("UTF-8")+snd[1]))
def hasAccess(self,type_,src_,destination,auth):
'''
checks if the script has access
@param type_: TCP,UDP,UNIX
@param src: the source url of the script [is null if local]
@param destination: the destination url/ip to connect to
@param auth:
'''
#Log.debug("checking policy: \n type: %s \n src: %s \n dest: %s \n auth: %s"%(type_,src_, destination,auth))
d_uri, d_port = Policies.splitURI(destination)
src = src_.decode()
if src == "null":
src = "localhost"
incomingRequestPolicy = Policy("", d_uri, d_port,src, type_)
#print(str(self.policies))
matchcount=0
matchaction = None
for k,rule in self.policies.specificRules.items():
if self.matches(rule,incomingRequestPolicy):
if matchcount != 0 and matchaction != rule.action:
Log.warning("multiple rules with conflicting actions detected: %s"%k)
matchcount += 1
matchaction = rule.action
if matchaction != None:
return self.__proceed(matchaction,incomingRequestPolicy)
Log.debug("passed specific")
#no specific rule found:
#testing for:
# trustedSource
# trustedDest
# localSource
# general rule
SALTLEN = 8
for authElem in auth:
# trustedSource
if chr(authElem[0]) == "S":
authString1 = Authentication.hash(b"", authElem[1:SALTLEN+1])[1].encode()
if authString1 == authElem[SALTLEN+1:]:
#trusted source detected
Log.policycontrol("Sourcekey detected")
return self.__proceed(self.policies.trustedSource,incomingRequestPolicy,"sourcekey")
Log.debug("passed srckey")
# trustedDest
if chr(authElem[0]) == "H":
deststr = d_uri+":"+str(d_port)
authString1 = Authentication.hash(deststr.encode(), authElem[1:SALTLEN+1])[1].encode()
authString2 = Authentication.hash(d_uri.encode(), authElem[1:SALTLEN+1])[1].encode()
if authString1 == authElem[SALTLEN+1:] or authString2 == authElem[SALTLEN+1:]:
Log.policycontrol("Hostkey detected")
return self.__proceed(self.policies.trustedDest,incomingRequestPolicy,"hostkey")
Log.debug("passed hostkey")
# localSource
if src == b"localhost":
return self.__proceed(self.policies.localSource,incomingRequestPolicy)
Log.debug("passed local")
# general rule
return self.__proceed(self.policies.unknownPolicyRule,incomingRequestPolicy)
Log.debug("passed general")
return False
