KingPhisherServer

#!/usr/bin/python -B
# -*- coding: utf-8 -*-
#
#  KingPhisherServer
#
#  Redistribution and use in source and binary forms, with or without
#  modification, are permitted provided that the following conditions are
#  met:
#
#  * Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#  * Redistributions in binary form must reproduce the above
#    copyright notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
#  * Neither the name of the project nor the names of its
#    contributors may be used to endorse or promote products derived from
#    this software without specific prior written permission.
#
#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
#  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
#  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
#  A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
#  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
#  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
#  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
#  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
#  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
#  OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#  pylint: disable=too-many-locals

import argparse
import logging
import os
import pwd
import signal
import sys
import threading

from king_phisher import color
from king_phisher import errors
from king_phisher import find
from king_phisher import geoip
from king_phisher import its
from king_phisher import utilities
from king_phisher import version
from king_phisher.server import build
from king_phisher.server import plugins

from boltons import strutils
from smoke_zephyr.configuration import Configuration
from smoke_zephyr.requirements import check_requirements

__requirements__ = [
	'advancedhttpserver==2.0.5',
	'alembic>=0.8.6',
	'blinker>=1.4',
	'boltons>=16.2.2',
	"dns{0}>=1.12.0".format('python' if its.py_v2 else 'python3'),
	'geoip2>=2.3.0',
	'Jinja2>=2.8',
	'markupsafe>=0.23',
	'msgpack-python>=0.4.7',
	'pluginbase>=0.4',
	'psycopg2>=2.6.1',
	'pyotp>=2.1.1',
	'python-dateutil>=2.5.3',
	'PyYAML>=3.11',
	'requests>=2.10.0',
	'SQLAlchemy>=1.0.13',
	'termcolor>=1.1.0'
]
if its.py_v2:
	__requirements__.append('ipaddress>=1.0.16')

logger = logging.getLogger('KingPhisher.Server.CLI')

def build_and_run(arguments, config, plugin_manager):
	# fork into the background
	should_fork = True
	if arguments.foreground:
		should_fork = False
	elif config.has_option('server.fork'):
		should_fork = bool(config.get('server.fork'))
	if should_fork and os.fork():
		return sys.exit(os.EX_OK)

	try:
		king_phisher_server = build.server_from_config(config, plugin_manager=plugin_manager)
	except errors.KingPhisherError as error:
		logger.critical(error.message)
		return os.EX_SOFTWARE

	server_pid = os.getpid()
	logger.info("server running in process: {0} main tid: 0x{1:x}".format(server_pid, threading.current_thread().ident))

	if should_fork and config.has_option('server.pid_file'):
		pid_file = open(config.get('server.pid_file'), 'w')
		pid_file.write(str(server_pid))
		pid_file.close()

	if config.has_option('server.setuid_username'):
		setuid_username = config.get('server.setuid_username')
		try:
			user_info = pwd.getpwnam(setuid_username)
		except KeyError:
			logger.critical('an invalid username was specified as \'server.setuid_username\'')
			king_phisher_server.shutdown()
			return os.EX_NOUSER
		if config.has_option('logging.file') and config.get('logging.file'):
			os.chown(config.get('logging.file'), user_info.pw_uid, user_info.pw_gid)
		os.setregid(user_info.pw_gid, user_info.pw_gid)
		os.setreuid(user_info.pw_uid, user_info.pw_uid)
		logger.info("dropped privileges to the {0} account".format(setuid_username))
	else:
		logger.warning('running with root privileges is dangerous, drop them by configuring \'server.setuid_username\'')

	db_engine_url = king_phisher_server.database_engine.url
	if db_engine_url.drivername == 'sqlite':
		logger.warning('sqlite is no longer fully supported, see https://github.com/securestate/king-phisher/wiki/Database#sqlite for more details')
		database_dir = os.path.dirname(db_engine_url.database)
		if not os.access(database_dir, os.W_OK):
			logger.critical('sqlite requires write permissions to the folder containing the database')
			king_phisher_server.shutdown()
			return os.EX_NOPERM
	sighup_handler = lambda: threading.Thread(target=king_phisher_server.shutdown).start()
	signal.signal(signal.SIGHUP, lambda signum, frame: sighup_handler())
	try:
		king_phisher_server.serve_forever(fork=False)
	except KeyboardInterrupt:
		pass
	king_phisher_server.shutdown()
	return os.EX_OK

def main():
	parser = argparse.ArgumentParser(description='King Phisher Server', conflict_handler='resolve')
	utilities.argp_add_args(parser)
	parser.add_argument('-f', '--foreground', dest='foreground', action='store_true', default=False, help='run in the foreground (do not fork)')
	parser.add_argument('--verify-config', dest='verify_config', action='store_true', default=False, help='verify the configuration and exit')
	parser.add_argument('--update-geoip-db', dest='update_geoip_db', action='store_true', default=False, help='update the geoip database and exit')

	parser.add_argument('config_file', action='store', type=argparse.FileType('r'), help='configuration file to use')
	arguments = parser.parse_args()

	console_log_handler = utilities.configure_stream_logger(arguments.loglvl, arguments.logger)
	config_file = arguments.config_file
	del parser

	missing_requirements = check_requirements(__requirements__)
	if missing_requirements:
		color.print_error('the following package requirements are missing or incompatible:')
		for missing_req in missing_requirements:
			color.print_error('  - ' + missing_req)
		color.print_error('please install the missing requirements with pip')
		return os.EX_SOFTWARE

	if os.getuid():
		color.print_error('the server must be started as root, configure the')
		color.print_error('\'server.setuid_username\' option in the config file to drop privileges')
		return os.EX_NOPERM

	try:
		config = Configuration(config_file.name)
	except Exception as error:
		color.print_error('an error occurred while parsing the server configuration file')
		error_name = "{0}.{1}".format(error.__module__, error.__class__.__name__)
		if error_name != 'yaml.parser.ParserError':
			raise
		for line in str(error).split('\n'):
			color.print_error(line.rstrip())
		return os.EX_CONFIG

	# configure environment variables
	find.data_path_init('server')
	if config.has_option('server.data_path'):
		find.data_path_append(config.get('server.data_path'))

	# check the configuration for missing and incompatible options
	verify_config = find.find_data_file('server_config_verification.yml')
	if not verify_config:
		color.print_error('could not load server config verification data')
		return os.EX_NOINPUT
	missing_options = config.get_missing(verify_config)
	if missing_options:
		if 'missing' in missing_options:
			color.print_error('the following required options are missing from the server configuration:')
			for option in missing_options['missing']:
				color.print_error('  - ' + option)
		if 'incompatible' in missing_options:
			color.print_error('the following options are of an incompatible data type in the server configuration:')
			for option in missing_options['incompatible']:
				color.print_error("  - {0} (type: {1})".format(option[0], option[1]))
		return os.EX_CONFIG
	if arguments.verify_config:
		color.print_good('configuration verification passed')
		color.print_good('all required settings are present')
		return os.EX_OK
	if arguments.update_geoip_db:
		color.print_status('downloading a new geoip database')
		size = geoip.download_geolite2_city_db(config.get('server.geoip.database'))
		color.print_good("download complete, file size: {0}".format(strutils.bytes2human(size)))
		return os.EX_OK

	# setup logging based on the configuration
	if config.has_section('logging'):
		log_level = min(getattr(logging, arguments.loglvl), getattr(logging, config.get('logging.level').upper()))
		if config.has_option('logging.file') and config.get('logging.file'):
			file_handler = logging.FileHandler(config.get('logging.file'))
			file_handler.setFormatter(logging.Formatter("%(asctime)s %(name)-50s %(levelname)-8s %(message)s"))
			logging.getLogger('').addHandler(file_handler)
			file_handler.setLevel(log_level)
		if config.has_option('logging.console') and config.get('logging.console'):
			console_log_handler.setLevel(log_level)
	logger.debug("king phisher version: {0} python version: {1}.{2}.{3}".format(version.version, sys.version_info[0], sys.version_info[1], sys.version_info[2]))
	if its.py_v2:
		logger.warning('python 2.7 support is deprecated, see https://github.com/securestate/king-phisher/wiki/Python-3 for details')

	# initialize the plugin manager
	try:
		plugin_manager = plugins.ServerPluginManager(config)
	except errors.KingPhisherError as error:
		if isinstance(error, errors.KingPhisherPluginError):
			color.print_error("plugin error: {0} ({1})".format(error.plugin_name, error.message))
		else:
			color.print_error(error.message)
		return os.EX_SOFTWARE

	status_code = build_and_run(arguments, config, plugin_manager)
	plugin_manager.shutdown()
	logging.shutdown()
	return status_code

if __name__ == '__main__':
	sys.exit(main())