示例#1
0
    def set_dhcp(self):

        self.template_args['fname'] = 'dhcpcd-template.conf'
        trex_dhcpcd = TemplateRex(**self.template_args)

        dhcpcd_file_content = trex_dhcpcd.render()
        self.write_sysfile('/etc/dhcpcd.conf', dhcpcd_file_content)
示例#2
0
    def set_hostname(self, hostname, ip):

        self.write_sysfile('/etc/hostname', hostname)

        # Write to host file
        self.template_args['fname'] = 'hosts-template'
        trex_hosts = TemplateRex(**self.template_args)
        trex_hosts.render_sec('hostname', {'ip': ip, 'hostname': hostname})
        host_content = trex_hosts.render()
        self.write_sysfile('/etc/hosts', host_content)
示例#3
0
    def set_static(self, params):

        self.template_args['fname'] = 'dhcpcd-template.conf'
        trex_dhcpcd = TemplateRex(**self.template_args)

        if params['ip_method'] == 'static':
            trex_dhcpcd.render_sec('static_conf', params)

        dhcpcd_file_content = trex_dhcpcd.render(params)
        return (self.write_sysfile('/etc/dhcpcd.conf', dhcpcd_file_content))
示例#4
0
    def set_ntp_server(self, ntp_server=""):

        self.template_args['fname'] = 't-ntp.conf.dhcp'
        trex_ntp = TemplateRex(**self.template_args)

        if ntp_server:
            trex_ntp.render_sec('server_blk', {'ntp_server': ntp_server})

        ntp_content = trex_ntp.render()
        self.write_sysfile('/etc/ntp.conf', ntp_content)
        os.system('systemctl restart ntp')
示例#5
0
    def set_dns(self, dns_servers=['8.8.8.8']):

        self.template_args['fname'] = 't-resolv.conf'
        trex_dns = TemplateRex(**self.template_args)

        for dns_server in dns_servers:
            if dns_server:  # skip blank
                trex_dns.render_sec('dns_blk', {'dns_server': dns_server})

        dns_content = trex_dns.render()
        self.write_sysfile('/etc/resolv.conf', dns_content)
示例#6
0
    def netconf(self, err_struct=""):

        data_hsh = {}

        data_hsh['username'] = self.auth.authorize()

        #if err_struct:
        #   data_hsh['err_msg'] = err_struct['err_msg'];
        #   data_hsh['err_id_lst_json'] = json.dumps(err_struct['err_ids'])

        nic_info = sysinfo.get_iface_info()
        host_info = sysinfo.get_host_info()
        dns_info = sysinfo.get_dns_info()

        for inx, srv in enumerate(dns_info['nameserver']):
            key = 'dns_server_{}'.format(inx)
            data_hsh[key] = srv

        ##pprint.pprint(data_hsh)

        data_hsh.update(nic_info)
        data_hsh.update(host_info)

        # Still holding on the possibility of more than one nic
        nic_name = list(nic_info.keys())[0]

        if sysinfo.is_dhcp(nic_name):
            data_hsh['dhcp_checked'] = 'checked'
        else:
            data_hsh['static_checked'] = 'checked'

        trex = TemplateRex(fname='t_netconf.html')

        # Pulling back support for multiple NIC for now.
        if len(nic_info) > 1:
            return ("Error only one NIC supported")

        for nic in nic_info:
            trex.render_sec('nic_blk', nic_info[nic])

        ntp_info = sysinfo.get_ntp_info()
        if 'ntp_status' in ntp_info:
            data_hsh['ntp_status'] = ntp_info['ntp_status']
        if 'ntp_server' in ntp_info:
            data_hsh['ntp_server'] = ntp_info['ntp_server']

        return (self.render_layout(trex, data_hsh))
示例#7
0
    def index(self):

        data_hsh = {}
        root_path = os.getcwd()

        nic_info = sysinfo.get_iface_info()

        host_info = sysinfo.get_host_info()

        data_hsh.update(host_info)

        trex = TemplateRex(fname='t_index.html')

        for nic in nic_info:
            trex.render_sec('nic_blk', nic_info[nic])

        return (self.render_layout(trex, data_hsh))
示例#8
0
    def login(self, username="", password="", from_page="/"):

        username = escape(username)
        password = escape(password)
        from_page = escape(from_page)

        if username and password:
            msg = self.check_credentials(username, password)
            if msg == True:
                cherrypy.session[
                    self.SESSION_KEY] = cherrypy.request.login = username

                # Need to do a redirect to set session
                url_redirect = self.url_gen(from_page)
                raise cherrypy.HTTPRedirect(url_redirect)

        url_login = self.url_login
        trex = TemplateRex(fname='t_loginform.html')
        return (trex.render(locals()))
示例#9
0
文件: webauth.py 项目: troxel/t_mon 
    def login(self, username="", password="", from_page="/"):

        username = escape(username)
        password = escape(password)
        from_page = escape(from_page)

        if username and password:
            msg = self.check_credentials(username, password)
            if msg == True:
                cherrypy.session[
                    self.SESSION_KEY] = cherrypy.request.login = username

                # Need to do a redirect to set session
                # Had to add the host as just using /url/path would somehow add a "/" so we got "//"
                url_redirect = "https://{}{}".format(
                    cherrypy.request.headers.get('Host'), from_page)
                raise cherrypy.HTTPRedirect(url_redirect)

        url_login = self.url_login
        trex = TemplateRex(fname='t_loginform.html')
        return (trex.render(locals()))
示例#10
0
    def netconf_rtn(self, **params):

        username = self.auth.authorize()

        # A complete specification of the url for redirects is required
        url_redirect = self.url_gen('/webpanel')

        # Object to handle the actual system config.
        # Assumes dhcpcd5 is controlling the network configuration

        # This takes the extra step to handle multiple interfaces. Adds
        # complexity but there cases when there are multiple interfaces.

        modconf = modconfig.DHCP()

        if not 'ip_method' in params:
            raise cherrypy.HTTPRedirect(url_redirect)

        if params['ip_method'] == 'static':

            # --------- Validate input   ---------

            err_hsh = self.netconf_validate(params)

            if err_hsh:
                trex_err = TemplateRex(fname='t_netconf_err.html')
                for key in err_hsh:
                    trex_err.render_sec("err_blk", {
                        'key': key,
                        'val': params[key],
                        'msg': err_hsh[key]
                    })

                trex_err.render_sec('content')

                return (trex_err.render())
            # -------------

            modconf.set_static(params)

            modconf.set_hostname(params['hostname'], params['ip_address'])

            modconf.set_ntp_server(params['ntp_server'])

            modconf.set_dns(
                dns_servers=[params['dns_server_0'], params['dns_server_1']])

        else:

            modconf.set_dhcp()

        ###rtn = subprocess.check_output(['systemctl','restart','dhcpcd.service'],stderr=subprocess.STDOUT)
        rtn = os.system("(sleep 2; reboot)&")

        raise cherrypy.HTTPRedirect(url_redirect)
示例#11
0
    def cred_crud_rtn(self, **parms):

        trex = TemplateRex(fname='t_loginform_crud.html')

        # ---- Validate Input ----------------
        parms['msg'] = self.check_credentials(parms['username'],
                                              parms['password'])
        if parms['msg'] != True:
            return (trex.render(parms))

        if not (parms['username_new'] or parms['username_verify']
                or parms['password_new'] or parms['password_verify']):
            parms['msg'] = "Blank Username or Password"
            return (trex.render(parms))

        if (parms['username_new'] != parms['username_verify']) or (
                parms['password_new'] != parms['password_verify']):
            parms[
                'msg'] = "New Username or Password do not mach Verify Username or Password"
            return (trex.render(parms))

        # Looks good go create new file. Note only allowng one user at this point in time.
        # Multiple user only makes sense when there are roles

        self.rw()

        ht = HtpasswdFile(self.htpasswd, new=True)
        ht.set_password(parms['username_new'], parms['password_new'])
        rtn = ht.save()

        self.ro()

        if not 'from_page' in parms: parms['from_page'] = '/'
        get_parms = {
            'from_page': parms['from_page'],
            'username': parms['username_new'],
            'password': parms['password_new']
        }
        query_str = urllib.parse.urlencode(get_parms)
        raise cherrypy.InternalRedirect(self.url_login, query_str)
示例#12
0
    def cred_crud(self, from_page='/'):

        trex = TemplateRex(fname='t_loginform_crud.html')
        return (trex.render(locals()))
示例#13
0
   def gen_server_cert(self,subj_hsh,ip_lst=[],dns_lst=[]):

      # subj_hsh should contain: 'countryName','organizationName','commonName'

      fspec_template = os.path.join(self.dir_root,'openssl-template.ini')
      trex = TemplateRex(fname=fspec_template,template_dirs=['.'],cmnt_prefix='##-',cmnt_postfix='-##',dev_mode=True)

      for inx,ip in enumerate(ip_lst):
         if not ip: continue
         trex.render_sec('alt_name_ip',{'inx':inx,'ip':ip})

      for inx,dns in enumerate(dns_lst):
         if not dns: continue
         trex.render_sec('alt_name_dns',{'inx':inx,'dns':dns})

      subj_hsh['dir_root'] = self.dir_root

      ini_out = trex.render(subj_hsh)

      fspec_ini = os.path.join(self.dir_root,'openssl_cert.ini')
      self.write_sysfile(fspec_ini,ini_out)

      # House cleaning... gets a db error if doen't do this
      # we don't care about crl - remove the contents of newcerts
      fspec_newcert = os.path.join(self.dir_root,'newcerts/*')
      self.rm_dir(fspec_newcert)

      # An index file needs to be present
      fspec_index = os.path.join(self.dir_root,'index.txt')
      self.write_sysfile(fspec_index,'')

      fspec_serial = os.path.join(self.dir_root,'serial')
      self.write_sysfile(fspec_serial, str( int(time.time() )) )

      # Generate private key and csr
      fspec_key = os.path.join(self.dir_root,'webpanel.key')
      fspec_csr = os.path.join(self.dir_root,'webpanel.csr')
      ##cmd = "openssl req -verbose -config openssl_cert.ini -newkey rsa:2048 -nodes -keyout webpanel.key  -out webpanel.csr -batch"

      # Wrap the following system call in file system rw/ro
      self.rw()

      cmd = "openssl req -verbose -config {} -newkey rsa:2048 -nodes -keyout {} -out {} -batch".format(fspec_ini,fspec_key,fspec_csr)

      rtn = subprocess.Popen(cmd.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE)
      out,err = rtn.communicate()
      #print(">>>>>",out)
      #print(">>>>>",err)
      #rtn = os.system(cmd)
      #if rtn:
      #   raise SystemError('openssl cmd error')

      chmod_cmd = "chmod 600 {}".format(fspec_key)
      rtn = os.system(chmod_cmd)

      # Finally sign CSR and generate server cert
      fspec_crt = os.path.join(self.dir_root,'webpanel.crt')
      options = "ca -config {} -batch -in {} -out {}".format(fspec_ini,fspec_csr,fspec_crt)
      cmd_lst = ['openssl',"ca","-config",fspec_ini,"-batch","-in",fspec_csr,"-out",fspec_crt]

      try:
        rtn = subprocess.check_output(cmd_lst, stderr=subprocess.STDOUT)
      except subprocess.CalledProcessError as e:
          self.error_msg = e.output.decode(sys.getfilesystemencoding())
          self.ro()
          return(False)

      self.ro()

      return(True)
示例#14
0
    def sslcert(self):

        data_hsh = sysinfo.get_host_info()

        trex = TemplateRex(fname='t_sslcert.html')

        cert_hsh = self.certobj.parse_cert('webpanel.crt')
        ca_hsh = self.certobj.parse_cert('webpanelCA.crt')

        # First server cert
        # subj alt name really important for x509 v3
        for inx, ip in enumerate(cert_hsh['subjectAltName']['ip_lst']):
            trex.render_sec('subj_alt_name_ip', {'inx': inx, 'val': ip})

        for inx, dns in enumerate(cert_hsh['subjectAltName']['dns_lst']):
            trex.render_sec('subj_alt_name_dns', {'inx': inx, 'val': dns})

        trex.render_sec('subject', cert_hsh['subject'])
        trex.render_sec('cert_server', cert_hsh)

        # Then CA cert
        trex.render_sec('subject', ca_hsh['subject'])
        trex.render_sec('cert_CA', ca_hsh)

        return (self.render_layout(trex, data_hsh))
示例#15
0
   def upload(self):

      self.auth.authorize()

      trex = TemplateRex(fname='t_firmware_upload.html')
      return( self.render_layout(trex, locals()) )
示例#16
0
    def sslcert_newcert(self, **params):

        self.auth.authorize()

        # dev_mode give location of templates being used in html output
        trex = TemplateRex(fname='t_sslcert-newcert.html', dev_mode=True)

        cert_hsh = self.certobj.parse_cert('webpanel.crt')

        nic_info = sysinfo.get_iface_info()
        host_info = sysinfo.get_host_info()
        dns_info = sysinfo.get_dns_info()

        trex.render_sec('subject', cert_hsh['subject'])

        # Use actual ip address and not what is in current cert. If nic is not eth0 trouble...
        try:
            trex.render_sec('subj_alt_name_ip', {
                'inx': 0,
                'val': nic_info['eth0']['ip_address']
            })
        except:
            trex.render_sec('subj_alt_name_ip', {'inx': 0, 'val': ''})

        trex.render_sec('subj_alt_name_ip', {'inx': 1, 'val': '127.0.0.1'})
        trex.render_sec('subj_alt_name_ip', {'inx': 2, 'val': ''})
        trex.render_sec('subj_alt_name_ip', {'inx': 3, 'val': ''})

        try:
            trex.render_sec('subj_alt_name_dns', {
                'inx': 0,
                'val': host_info['hostname']
            })
        except:
            trex.render_sec('subj_alt_name_dns', {'inx': 0, 'val': ''})

        try:
            trex.render_sec(
                'subj_alt_name_dns', {
                    'inx':
                    1,
                    'val':
                    "{}.{}".format(host_info['hostname'], dns_info['domain'])
                })
        except:
            trex.render_sec('subj_alt_name_dns', {'inx': 1, 'val': ''})

        trex.render_sec('subj_alt_name_dns', {'inx': 2, 'val': ''})
        trex.render_sec('subj_alt_name_dns', {'inx': 3, 'val': ''})

        return (self.render_layout(trex, {}))
示例#17
0
fqdn = socket.getfqdn(hostname)
ip_addr = socket.gethostbyname(hostname)

# Get ethernet interface ip addr
ip_addr_iface = ''
rtn = subprocess.check_output(['ifconfig', ifname], stderr=subprocess.STDOUT)
pattern = "inet addr:(\S+)".encode()
match = re.search(pattern, rtn)
if match:
    ip_addr_iface = match.group(1).decode()

print("hostname = {}\nip_addr = {}".format(hostname, ip_addr))
print("ip_addr_iface = {}\n".format(ip_addr_iface))

trex = TemplateRex(fname='openssl-template.ini',
                   cmnt_prefix='##-',
                   cmnt_postfix='-##',
                   dev_mode=True)

hsh = {}
hsh['dir_root'] = '.'
hsh['countryName'] = "US"
hsh['organizationName'] = "IoT Embedded"
hsh['commonName'] = "webpanel"

hsh['ip_lst'] = [ip_addr, ip_addr_iface, "127.0.0.1"]
hsh['dns_lst'] = [hostname, fqdn]

for inx, ip in enumerate(hsh['ip_lst']):
    if ip:
        trex.render_sec('alt_name_ip', {'inx': inx, 'ip': ip})
示例#18
0
#!/usr/bin/python3

import os
from templaterex import TemplateRex

trex = TemplateRex(fname='openssl-template.ini',
                   cmnt_prefix='##-',
                   cmnt_postfix='-##',
                   dev_mode=True)

hsh = {}
hsh['dir_root'] = '.'
hsh['countryName'] = "US"
hsh['stateName'] = "ID"
hsh['organizationName'] = "IoT Embedded"
hsh['commonName'] = "WebpanelCA"

# To keep alt names happy.. not really used in CA
trex.render_sec('alt_name_ip', {'inx': 0, 'ip': '127.0.0.1'})
trex.render_sec('alt_name_dns', {'inx': 0, 'dns': 'localhost'})

out = trex.render(hsh)
fid = open('opensslCA.ini', 'w+')
fid.write(out)
fid.close()

# Create private key
cmd = "openssl genrsa -out ./webpanelCA.key 2048"
rtn = os.system(cmd)
print("keygen rtn = ", rtn)