def set_hostname(self, hostname, ip):
self.write_sysfile('/etc/hostname', hostname)
# Write to host file
self.template_args['fname'] = 'hosts-template'
trex_hosts = TemplateRex(**self.template_args)
trex_hosts.render_sec('hostname', {'ip': ip, 'hostname': hostname})
host_content = trex_hosts.render()
self.write_sysfile('/etc/hosts', host_content)
def set_static(self, params):
self.template_args['fname'] = 'dhcpcd-template.conf'
trex_dhcpcd = TemplateRex(**self.template_args)
if params['ip_method'] == 'static':
trex_dhcpcd.render_sec('static_conf', params)
dhcpcd_file_content = trex_dhcpcd.render(params)
return (self.write_sysfile('/etc/dhcpcd.conf', dhcpcd_file_content))
def netconf_rtn(self, **params):
username = self.auth.authorize()
# A complete specification of the url for redirects is required
url_redirect = self.url_gen('/webpanel')
# Object to handle the actual system config.
# Assumes dhcpcd5 is controlling the network configuration
# This takes the extra step to handle multiple interfaces. Adds
# complexity but there cases when there are multiple interfaces.
modconf = modconfig.DHCP()
if not 'ip_method' in params:
raise cherrypy.HTTPRedirect(url_redirect)
if params['ip_method'] == 'static':
# --------- Validate input ---------
err_hsh = self.netconf_validate(params)
if err_hsh:
trex_err = TemplateRex(fname='t_netconf_err.html')
for key in err_hsh:
trex_err.render_sec("err_blk", {
'key': key,
'val': params[key],
'msg': err_hsh[key]
})
trex_err.render_sec('content')
return (trex_err.render())
# -------------
modconf.set_static(params)
modconf.set_hostname(params['hostname'], params['ip_address'])
modconf.set_ntp_server(params['ntp_server'])
modconf.set_dns(
dns_servers=[params['dns_server_0'], params['dns_server_1']])
else:
modconf.set_dhcp()
###rtn = subprocess.check_output(['systemctl','restart','dhcpcd.service'],stderr=subprocess.STDOUT)
rtn = os.system("(sleep 2; reboot)&")
raise cherrypy.HTTPRedirect(url_redirect)
def set_dns(self, dns_servers=['8.8.8.8']):
self.template_args['fname'] = 't-resolv.conf'
trex_dns = TemplateRex(**self.template_args)
for dns_server in dns_servers:
if dns_server: # skip blank
trex_dns.render_sec('dns_blk', {'dns_server': dns_server})
dns_content = trex_dns.render()
self.write_sysfile('/etc/resolv.conf', dns_content)
def set_ntp_server(self, ntp_server=""):
self.template_args['fname'] = 't-ntp.conf.dhcp'
trex_ntp = TemplateRex(**self.template_args)
if ntp_server:
trex_ntp.render_sec('server_blk', {'ntp_server': ntp_server})
ntp_content = trex_ntp.render()
self.write_sysfile('/etc/ntp.conf', ntp_content)
os.system('systemctl restart ntp')
def netconf(self, err_struct=""):
data_hsh = {}
data_hsh['username'] = self.auth.authorize()
#if err_struct:
# data_hsh['err_msg'] = err_struct['err_msg'];
# data_hsh['err_id_lst_json'] = json.dumps(err_struct['err_ids'])
nic_info = sysinfo.get_iface_info()
host_info = sysinfo.get_host_info()
dns_info = sysinfo.get_dns_info()
for inx, srv in enumerate(dns_info['nameserver']):
key = 'dns_server_{}'.format(inx)
data_hsh[key] = srv
##pprint.pprint(data_hsh)
data_hsh.update(nic_info)
data_hsh.update(host_info)
# Still holding on the possibility of more than one nic
nic_name = list(nic_info.keys())[0]
if sysinfo.is_dhcp(nic_name):
data_hsh['dhcp_checked'] = 'checked'
else:
data_hsh['static_checked'] = 'checked'
trex = TemplateRex(fname='t_netconf.html')
# Pulling back support for multiple NIC for now.
if len(nic_info) > 1:
return ("Error only one NIC supported")
for nic in nic_info:
trex.render_sec('nic_blk', nic_info[nic])
ntp_info = sysinfo.get_ntp_info()
if 'ntp_status' in ntp_info:
data_hsh['ntp_status'] = ntp_info['ntp_status']
if 'ntp_server' in ntp_info:
data_hsh['ntp_server'] = ntp_info['ntp_server']
return (self.render_layout(trex, data_hsh))
def index(self):
data_hsh = {}
root_path = os.getcwd()
nic_info = sysinfo.get_iface_info()
host_info = sysinfo.get_host_info()
data_hsh.update(host_info)
trex = TemplateRex(fname='t_index.html')
for nic in nic_info:
trex.render_sec('nic_blk', nic_info[nic])
return (self.render_layout(trex, data_hsh))
cmnt_prefix='##-',
cmnt_postfix='-##',
dev_mode=True)
hsh = {}
hsh['dir_root'] = '.'
hsh['countryName'] = "US"
hsh['organizationName'] = "IoT Embedded"
hsh['commonName'] = "webpanel"
hsh['ip_lst'] = [ip_addr, ip_addr_iface, "127.0.0.1"]
hsh['dns_lst'] = [hostname, fqdn]
for inx, ip in enumerate(hsh['ip_lst']):
if ip:
trex.render_sec('alt_name_ip', {'inx': inx, 'ip': ip})
for inx, dns in enumerate(hsh['dns_lst']):
trex.render_sec('alt_name_dns', {'inx': inx, 'dns': dns})
out = trex.render(hsh)
fid = open('openssl_cert.ini', 'w+')
fid.write(out)
fid.close()
# Generating key first and then csr did not work
# Do in one pass...
#cmd = "openssl genrsa -out ./webpanel.key 2048"
#rtn = os.system(cmd)
#if rtn:
def sslcert_newcert(self, **params):
self.auth.authorize()
# dev_mode give location of templates being used in html output
trex = TemplateRex(fname='t_sslcert-newcert.html', dev_mode=True)
cert_hsh = self.certobj.parse_cert('webpanel.crt')
nic_info = sysinfo.get_iface_info()
host_info = sysinfo.get_host_info()
dns_info = sysinfo.get_dns_info()
trex.render_sec('subject', cert_hsh['subject'])
# Use actual ip address and not what is in current cert. If nic is not eth0 trouble...
try:
trex.render_sec('subj_alt_name_ip', {
'inx': 0,
'val': nic_info['eth0']['ip_address']
})
except:
trex.render_sec('subj_alt_name_ip', {'inx': 0, 'val': ''})
trex.render_sec('subj_alt_name_ip', {'inx': 1, 'val': '127.0.0.1'})
trex.render_sec('subj_alt_name_ip', {'inx': 2, 'val': ''})
trex.render_sec('subj_alt_name_ip', {'inx': 3, 'val': ''})
try:
trex.render_sec('subj_alt_name_dns', {
'inx': 0,
'val': host_info['hostname']
})
except:
trex.render_sec('subj_alt_name_dns', {'inx': 0, 'val': ''})
try:
trex.render_sec(
'subj_alt_name_dns', {
'inx':
1,
'val':
"{}.{}".format(host_info['hostname'], dns_info['domain'])
})
except:
trex.render_sec('subj_alt_name_dns', {'inx': 1, 'val': ''})
trex.render_sec('subj_alt_name_dns', {'inx': 2, 'val': ''})
trex.render_sec('subj_alt_name_dns', {'inx': 3, 'val': ''})
return (self.render_layout(trex, {}))
def sslcert(self):
data_hsh = sysinfo.get_host_info()
trex = TemplateRex(fname='t_sslcert.html')
cert_hsh = self.certobj.parse_cert('webpanel.crt')
ca_hsh = self.certobj.parse_cert('webpanelCA.crt')
# First server cert
# subj alt name really important for x509 v3
for inx, ip in enumerate(cert_hsh['subjectAltName']['ip_lst']):
trex.render_sec('subj_alt_name_ip', {'inx': inx, 'val': ip})
for inx, dns in enumerate(cert_hsh['subjectAltName']['dns_lst']):
trex.render_sec('subj_alt_name_dns', {'inx': inx, 'val': dns})
trex.render_sec('subject', cert_hsh['subject'])
trex.render_sec('cert_server', cert_hsh)
# Then CA cert
trex.render_sec('subject', ca_hsh['subject'])
trex.render_sec('cert_CA', ca_hsh)
return (self.render_layout(trex, data_hsh))
from templaterex import TemplateRex
trex = TemplateRex(fname='openssl-template.ini',
cmnt_prefix='##-',
cmnt_postfix='-##',
dev_mode=True)
hsh = {}
hsh['dir_root'] = '.'
hsh['countryName'] = "US"
hsh['stateName'] = "ID"
hsh['organizationName'] = "IoT Embedded"
hsh['commonName'] = "WebpanelCA"
# To keep alt names happy.. not really used in CA
trex.render_sec('alt_name_ip', {'inx': 0, 'ip': '127.0.0.1'})
trex.render_sec('alt_name_dns', {'inx': 0, 'dns': 'localhost'})
out = trex.render(hsh)
fid = open('opensslCA.ini', 'w+')
fid.write(out)
fid.close()
# Create private key
cmd = "openssl genrsa -out ./webpanelCA.key 2048"
rtn = os.system(cmd)
print("keygen rtn = ", rtn)
cmd = "chmod 600 ./webpanelCA.key"
rtn = os.system(cmd)
def gen_server_cert(self,subj_hsh,ip_lst=[],dns_lst=[]):
# subj_hsh should contain: 'countryName','organizationName','commonName'
fspec_template = os.path.join(self.dir_root,'openssl-template.ini')
trex = TemplateRex(fname=fspec_template,template_dirs=['.'],cmnt_prefix='##-',cmnt_postfix='-##',dev_mode=True)
for inx,ip in enumerate(ip_lst):
if not ip: continue
trex.render_sec('alt_name_ip',{'inx':inx,'ip':ip})
for inx,dns in enumerate(dns_lst):
if not dns: continue
trex.render_sec('alt_name_dns',{'inx':inx,'dns':dns})
subj_hsh['dir_root'] = self.dir_root
ini_out = trex.render(subj_hsh)
fspec_ini = os.path.join(self.dir_root,'openssl_cert.ini')
self.write_sysfile(fspec_ini,ini_out)
# House cleaning... gets a db error if doen't do this
# we don't care about crl - remove the contents of newcerts
fspec_newcert = os.path.join(self.dir_root,'newcerts/*')
self.rm_dir(fspec_newcert)
# An index file needs to be present
fspec_index = os.path.join(self.dir_root,'index.txt')
self.write_sysfile(fspec_index,'')
fspec_serial = os.path.join(self.dir_root,'serial')
self.write_sysfile(fspec_serial, str( int(time.time() )) )
# Generate private key and csr
fspec_key = os.path.join(self.dir_root,'webpanel.key')
fspec_csr = os.path.join(self.dir_root,'webpanel.csr')
##cmd = "openssl req -verbose -config openssl_cert.ini -newkey rsa:2048 -nodes -keyout webpanel.key -out webpanel.csr -batch"
# Wrap the following system call in file system rw/ro
self.rw()
cmd = "openssl req -verbose -config {} -newkey rsa:2048 -nodes -keyout {} -out {} -batch".format(fspec_ini,fspec_key,fspec_csr)
rtn = subprocess.Popen(cmd.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE)
out,err = rtn.communicate()
#print(">>>>>",out)
#print(">>>>>",err)
#rtn = os.system(cmd)
#if rtn:
# raise SystemError('openssl cmd error')
chmod_cmd = "chmod 600 {}".format(fspec_key)
rtn = os.system(chmod_cmd)
# Finally sign CSR and generate server cert
fspec_crt = os.path.join(self.dir_root,'webpanel.crt')
options = "ca -config {} -batch -in {} -out {}".format(fspec_ini,fspec_csr,fspec_crt)
cmd_lst = ['openssl',"ca","-config",fspec_ini,"-batch","-in",fspec_csr,"-out",fspec_crt]
try:
rtn = subprocess.check_output(cmd_lst, stderr=subprocess.STDOUT)
except subprocess.CalledProcessError as e:
self.error_msg = e.output.decode(sys.getfilesystemencoding())
self.ro()
return(False)
self.ro()
return(True)