From 43a1bf8296bd158bab0b7957edf70ef4af23efa4 Mon Sep 17 00:00:00 2001 From: Lassulus Date: Tue, 24 May 2011 14:48:28 +0200 Subject: fixed remote shell execution --- retiolum/hosts/.scripts/tinc_multicast/retiolum.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'retiolum') diff --git a/retiolum/hosts/.scripts/tinc_multicast/retiolum.py b/retiolum/hosts/.scripts/tinc_multicast/retiolum.py index 6f1064e2..a89b3594 100755 --- a/retiolum/hosts/.scripts/tinc_multicast/retiolum.py +++ b/retiolum/hosts/.scripts/tinc_multicast/retiolum.py @@ -4,13 +4,15 @@ from optparse import OptionParser def pub_encrypt(netname, hostname_t, text): #encrypt data with public key logging.debug("encrypt: " + text) + if hostname_t.find("`") != -1: return(-1) try: - enc_text = subprocess.os.popen("echo '" + text + "' | openssl rsautl -pubin -inkey /etc/tinc/" + netname + "/hosts/.pubkeys/" + hostname_t + " -encrypt | base64") + enc_text = subprocess.os.popen("echo '" + text + "' | openssl rsautl -pubin -inkey /etc/tinc/" + netname + "/hosts/.pubkeys/" + hostname_t + " -encrypt | base64 -w0") return(enc_text.read()) except: return(-1) def priv_decrypt(netname, enc_data): #decrypt data with private key + if enc_data.find("`") != -1: return(-1) dec_text = subprocess.os.popen("echo '" + enc_data + "' | base64 -d | openssl rsautl -inkey /etc/tinc/" + netname + "/rsa_key.priv -decrypt") return(dec_text.read()) -- cgit v1.2.3 From 335452f851175d5e9a8b5aca05ceca02663bdf2a Mon Sep 17 00:00:00 2001 From: Lassulus Date: Tue, 24 May 2011 14:58:17 +0200 Subject: krebs is now enterprise ;) --- retiolum/hosts/.scripts/tinc_multicast/retiolum.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'retiolum') diff --git a/retiolum/hosts/.scripts/tinc_multicast/retiolum.py b/retiolum/hosts/.scripts/tinc_multicast/retiolum.py index a89b3594..51c42461 100755 --- a/retiolum/hosts/.scripts/tinc_multicast/retiolum.py +++ b/retiolum/hosts/.scripts/tinc_multicast/retiolum.py @@ -262,6 +262,7 @@ parser.add_option("-n", "--netname", dest="netname", help="the netname of the ti parser.add_option("-H", "--hostname", dest="hostname", default="default" , help="your nodename, if not given, it will try too read it from tinc.conf") parser.add_option("-d", "--debug", dest="debug", default="0", help="debug level: 0,1,2,3 if empty debug level=0") parser.add_option("-g", "--ghost", action="store_true", dest="ghost", default=False, help="deactivates active sending, keeps you anonymous in the public network") +parser.add_option("-T", "--Tinc", action="store_true", dest="tinc", default=False, help="starts tinc with this script") (option, args) = parser.parse_args() if option.netname == None: @@ -284,9 +285,10 @@ level = LEVELS.get(level_name, logging.NOTSET) logging.basicConfig(level=level) get_hostfiles(netname, "http://vpn.miefda.org/hosts.tar.gz", "http://vpn.miefda.org/hosts.md5") - tar = subprocess.call(["tar -xzf /etc/tinc/" + netname + "/hosts/hosts.tar.gz -C /etc/tinc/" + netname + "/hosts/"], shell=True) -start_tincd = subprocess.call(["tincd -n " + netname ],shell=True) + +if option.tinc != false: + start_tincd = subprocess.call(["tincd -n " + netname ],shell=True) sendfifo = Queue.Queue() #sendtext authfifo = Queue.Queue() #Stage{1, 2, 3} hostname ip enc_data -- cgit v1.2.3 From 2df8f3670e49aad9c76d37ea79fbde87c81c8ac3 Mon Sep 17 00:00:00 2001 From: Lassulus Date: Tue, 24 May 2011 14:58:47 +0200 Subject: optional parameter for starting tinc --- retiolum/hosts/.scripts/tinc_multicast/retiolum.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'retiolum') diff --git a/retiolum/hosts/.scripts/tinc_multicast/retiolum.py b/retiolum/hosts/.scripts/tinc_multicast/retiolum.py index 51c42461..f8272088 100755 --- a/retiolum/hosts/.scripts/tinc_multicast/retiolum.py +++ b/retiolum/hosts/.scripts/tinc_multicast/retiolum.py @@ -287,7 +287,7 @@ logging.basicConfig(level=level) get_hostfiles(netname, "http://vpn.miefda.org/hosts.tar.gz", "http://vpn.miefda.org/hosts.md5") tar = subprocess.call(["tar -xzf /etc/tinc/" + netname + "/hosts/hosts.tar.gz -C /etc/tinc/" + netname + "/hosts/"], shell=True) -if option.tinc != false: +if option.tinc != False: start_tincd = subprocess.call(["tincd -n " + netname ],shell=True) sendfifo = Queue.Queue() #sendtext -- cgit v1.2.3 From 4f30333372644e78cd217299ef66ef434088a970 Mon Sep 17 00:00:00 2001 From: Lassulus Date: Tue, 24 May 2011 16:01:43 +0200 Subject: making now pidfile in /var/lock --- retiolum/hosts/.scripts/tinc_multicast/retiolum.py | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'retiolum') diff --git a/retiolum/hosts/.scripts/tinc_multicast/retiolum.py b/retiolum/hosts/.scripts/tinc_multicast/retiolum.py index f8272088..cd226fc9 100755 --- a/retiolum/hosts/.scripts/tinc_multicast/retiolum.py +++ b/retiolum/hosts/.scripts/tinc_multicast/retiolum.py @@ -273,6 +273,10 @@ if option.hostname == "default": hostname = option.hostname netname = option.netname +#set process name +pidfile = open("/var/lock/retiolum." + netname, "w") +pidfile.write(str(os.getpid())) +pidfile.close() #Logging stuff LEVELS = {'3' : logging.DEBUG, @@ -284,16 +288,20 @@ level_name = option.debug level = LEVELS.get(level_name, logging.NOTSET) logging.basicConfig(level=level) +#download and untar hostfile get_hostfiles(netname, "http://vpn.miefda.org/hosts.tar.gz", "http://vpn.miefda.org/hosts.md5") tar = subprocess.call(["tar -xzf /etc/tinc/" + netname + "/hosts/hosts.tar.gz -C /etc/tinc/" + netname + "/hosts/"], shell=True) +#normally tinc doesnt start with retiolum if option.tinc != False: start_tincd = subprocess.call(["tincd -n " + netname ],shell=True) +#initialize fifos sendfifo = Queue.Queue() #sendtext authfifo = Queue.Queue() #Stage{1, 2, 3} hostname ip enc_data timeoutfifo = Queue.Queue() #State{tst, add} hostname ip +#start threads thread_recv = thread.start_new_thread(recvthread, (netname, hostname, timeoutfifo, authfifo)) thread_send = thread.start_new_thread(sendthread, (netname, hostname, sendfifo, option.ghost)) thread_timeout = thread.start_new_thread(timeoutthread, (netname, timeoutfifo, authfifo)) -- cgit v1.2.3 From 6d25918cd62b0b21d699fa33fa38446259d69193 Mon Sep 17 00:00:00 2001 From: Lassulus Date: Tue, 24 May 2011 20:00:33 +0200 Subject: removed unneeded hosts --- retiolum/hosts/5eruun | 9 --------- retiolum/hosts/ITART | 6 ------ 2 files changed, 15 deletions(-) delete mode 100644 retiolum/hosts/5eruun delete mode 100644 retiolum/hosts/ITART (limited to 'retiolum') diff --git a/retiolum/hosts/5eruun b/retiolum/hosts/5eruun deleted file mode 100644 index ca28c396..00000000 --- a/retiolum/hosts/5eruun +++ /dev/null @@ -1,9 +0,0 @@ -Subnet = 10.7.7.128 ------BEGIN RSA PUBLIC KEY----- -MIIBCgKCAQEA/YOSX4xEKitiVzIP0xFUKQvC01uKN+KCT2Y7H8MFzowB+GWdVvpl -Ri8TukMF1EYlIZoSIrgPO/SoOFZNvxPa83I6PeN6W830qKpUt3xYMqyuL2ZJw1hv -hsgPWbGXF2yA39mQas9Skf2SNnEJppFpN8mGw449PLhTFmGoR3x3354kgO40zts4 -qqvpMcyTOx+zQhnGBO4KQqftJU1klgCcYUHrN+ql5vq3u6YgMpUIczPnhN6Cnm+j -hys6sTXN/DFcpq6YGXTHSGZO1JTuAyfZHfXXgUtIbW5W03LLtkYcMIiaIafe+qiv -tAs3cZIEKZVp+1fdfypQok6nDPwC1jy8TwIDAQAB ------END RSA PUBLIC KEY----- diff --git a/retiolum/hosts/ITART b/retiolum/hosts/ITART deleted file mode 100644 index 953c0995..00000000 --- a/retiolum/hosts/ITART +++ /dev/null @@ -1,6 +0,0 @@ -Subnet = 10.7.7.22 ------BEGIN RSA PUBLIC KEY----- -MIGJAoGBANihbPlgirJ63MpMX283M+SjW6JgEhXmt1zcRuOyunbUq6Yt+w4sVtN8 -n2dZ960cTnAXkM1mvMhIcI5p6ZwfdorThJV2+F9eb+84x3GiDLTZ2eL0UefxOSLG -OILFFu5t4Y82MCreyHV4GZDrb2Sz0L1t6r8DmyU91MjXkYBLq5g/AgMBAAE= ------END RSA PUBLIC KEY----- -- cgit v1.2.3 From d47259d6e7029bd6da90b8f2030976608c01f94c Mon Sep 17 00:00:00 2001 From: Lassulus Date: Wed, 25 May 2011 06:08:20 +0200 Subject: ENTERPRISE --- retiolum/hosts/.scripts/tinc_multicast/retiolum.py | 223 ++++++++++++--------- 1 file changed, 128 insertions(+), 95 deletions(-) (limited to 'retiolum') diff --git a/retiolum/hosts/.scripts/tinc_multicast/retiolum.py b/retiolum/hosts/.scripts/tinc_multicast/retiolum.py index cd226fc9..5191ce2c 100755 --- a/retiolum/hosts/.scripts/tinc_multicast/retiolum.py +++ b/retiolum/hosts/.scripts/tinc_multicast/retiolum.py @@ -1,8 +1,8 @@ #!/usr/bin/python2 -import sys, os, time, socket, subprocess, thread, random, Queue, binascii, logging, hashlib, urllib2 #these should all be in the stdlib +import sys, os, time, signal, socket, subprocess, thread, random, Queue, binascii, logging, hashlib, urllib2 #these should all be in the stdlib from optparse import OptionParser -def pub_encrypt(netname, hostname_t, text): #encrypt data with public key +def pub_encrypt(hostname_t, text): #encrypt data with public key logging.debug("encrypt: " + text) if hostname_t.find("`") != -1: return(-1) try: @@ -11,12 +11,12 @@ def pub_encrypt(netname, hostname_t, text): #encrypt data with public key except: return(-1) -def priv_decrypt(netname, enc_data): #decrypt data with private key +def priv_decrypt(enc_data): #decrypt data with private key if enc_data.find("`") != -1: return(-1) dec_text = subprocess.os.popen("echo '" + enc_data + "' | base64 -d | openssl rsautl -inkey /etc/tinc/" + netname + "/rsa_key.priv -decrypt") return(dec_text.read()) -def address2hostfile(netname, hostname, address): #adds address to hostsfile or restores it if address is empty +def address2hostfile(hostname, address): #adds address to hostsfile or restores it if address is empty hostfile = "/etc/tinc/" + netname + "/hosts/" + hostname addr_file = open(hostfile, "r") addr_cache = addr_file.readlines() @@ -26,7 +26,7 @@ def address2hostfile(netname, hostname, address): #adds address to hostsfile or addr_file = open(hostfile, "w") addr_file.writelines(addr_cache) addr_file.close - logging.info("sending ALRM to tinc deamon!") + logging.info("sending SIGHUP to tinc deamon!") tincd_ALRM = subprocess.call(["tincd -n " + netname + " --kill=HUP" ],shell=True) else: recover = subprocess.os.popen("tar xzf /etc/tinc/" + netname + "/hosts/hosts.tar.gz -C /etc/tinc/" + netname + "/hosts/ " + hostname) @@ -48,7 +48,7 @@ def getHostname(netname): print("hostname not found!") return -1 #nothing found -def get_hostfiles(netname, url_files, url_md5sum): +def get_hostfiles(url_files, url_md5sum): try: get_hosts_tar = urllib2.urlopen(url_files) get_hosts_md5 = urllib2.urlopen(url_md5sum) @@ -68,7 +68,7 @@ def get_hostfiles(netname, url_files, url_md5sum): ####Thread functions -def sendthread(netname, hostname, sendfifo, ghostmode): #send to multicast, sends keep alive packets +def sendthread(sendfifo, ghostmode): #send to multicast, sends keep alive packets while True: try: #{socket init start @@ -111,87 +111,90 @@ def sendthread(netname, hostname, sendfifo, ghostmode): #send to multicast, send -def recvthread(netname, hostname, timeoutfifo, authfifo): #recieves input from multicast, send them to timeout or auth +def recvthread(timeoutfifo, authfifo): #recieves input from multicast, send them to timeout or auth while True: - try: - ANY = "0.0.0.0" - MCAST_ADDR = "224.168.2.9" - MCAST_PORT = 1600 - - sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) #create a UDP socket - sock.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1) #allow multiple sockets to use the same PORT number - sock.bind((ANY,MCAST_PORT)) #Bind to the port that we know will receive multicast data - sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 255) #tell the kernel that we are a multicast socket - - - status = sock.setsockopt(socket.IPPROTO_IP, - socket.IP_ADD_MEMBERSHIP, #Tell the kernel that we want to add ourselves to a multicast group - socket.inet_aton(MCAST_ADDR) + socket.inet_aton(ANY)); #The address for the multicast group is the third param - +# try: + ANY = "0.0.0.0" + MCAST_ADDR = "224.168.2.9" + MCAST_PORT = 1600 + + sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) #create a UDP socket + sock.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1) #allow multiple sockets to use the same PORT number + sock.bind((ANY,MCAST_PORT)) #Bind to the port that we know will receive multicast data + sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 255) #tell the kernel that we are a multicast socket + + + status = sock.setsockopt(socket.IPPROTO_IP, + socket.IP_ADD_MEMBERSHIP, #Tell the kernel that we want to add ourselves to a multicast group + socket.inet_aton(MCAST_ADDR) + socket.inet_aton(ANY)); #The address for the multicast group is the third param + + while True: while True: - while True: - - try: - data, addr = sock.recvfrom(1024) - ip, port = addr - break - except socket.error, e: - pass - - logging.debug("recv: got data") - dataval = data.split("#") - if dataval[0] == "": - if dataval[2] == netname: - if dataval[1] == "Stage1": - if dataval[3] != hostname: - timeoutfifo.put(["tst", dataval[3], ip]) - logging.info("recv: got Stage1: writing data to timeout") - logging.debug("recv: ;tst;" + dataval[3] + ";" + ip) - if dataval[1] == "Stage2": - if dataval[3] == hostname: - authfifo.put([dataval[1], dataval[3], ip, dataval[4]]) - logging.info("recv: got Stage2: writing data to auth") - logging.debug("recv: ;" + dataval[1] + ";" + dataval[3] + ";" + ip + ";" + dataval[4]) - if dataval[1] == "Stage3": - if dataval[3] != hostname: - authfifo.put([dataval[1], dataval[3], ip, dataval[4]]) - logging.info("recv: got Stage3: writing data to auth") - logging.debug("recv: ;" + dataval[1] + ";" + dataval[3] + ";" + ip + ";" + dataval[4]) - except: - logging.error("recv: socket init failed") - time.sleep(10) - -def timeoutthread(netname, timeoutfifo, authfifo): #checks if the hostname is already in the list, deletes timeouted nodes - hostslist = [] #hostname, ip, timestamp + + try: + data, addr = sock.recvfrom(1024) + ip, port = addr + break + except socket.error, e: + pass + + logging.debug("recv: got data") + dataval = data.split("#") + if dataval[0] == "": + if dataval[2] == netname: + if dataval[1] == "Stage1": + if dataval[3] != hostname: + timeoutfifo.put(["tst", dataval[3], ip]) + logging.info("recv: got Stage1: writing data to timeout") + logging.debug("recv: ;tst;" + dataval[3] + ";" + ip) + if dataval[1] == "Stage2": + if dataval[3] == hostname: + authfifo.put([dataval[1], dataval[3], ip, dataval[4]]) + logging.info("recv: got Stage2: writing data to auth") + logging.debug("recv: ;" + dataval[1] + ";" + dataval[3] + ";" + ip + ";" + dataval[4]) + if dataval[1] == "Stage3": + if dataval[3] != hostname: + authfifo.put([dataval[1], dataval[3], ip, dataval[4]]) + logging.info("recv: got Stage3: writing data to auth") + logging.debug("recv: ;" + dataval[1] + ";" + dataval[3] + ";" + ip + ";" + dataval[4]) +# except: +# logging.error("recv: socket init failed") +# time.sleep(10) + +def timeoutthread(timeoutfifo, authfifo): #checks if the hostname is already in the list, deletes timeouted nodes +# hostslist = [] #hostname, ip, timestamp while True: if not timeoutfifo.empty(): curhost = timeoutfifo.get() if curhost[0] == "add": - hostslist.append([curhost[1], curhost[2], time.time()]) - address2hostfile(netname, curhost[1], curhost[2]) + with hostslock: + hostslist.append([curhost[1], curhost[2], time.time()]) + address2hostfile(curhost[1], curhost[2]) logging.info("adding host to hostslist") elif curhost[0] == "tst": - line = findhostinlist(hostslist, curhost[1], curhost[2]) - if line != -1: - hostslist[line][2] = time.time() - logging.debug("timeout: refreshing timestamp of " + hostslist[line][0]) - else: - authfifo.put(["Stage1", curhost[1], curhost[2]]) - logging.info("timeout: writing to auth") + with hostslock: + line = findhostinlist(hostslist, curhost[1], curhost[2]) + if line != -1: + hostslist[line][2] = time.time() + logging.debug("timeout: refreshing timestamp of " + hostslist[line][0]) + else: + authfifo.put(["Stage1", curhost[1], curhost[2]]) + logging.info("timeout: writing to auth") else: i = 0 - while i < len(hostslist): - if time.time() - hostslist[i][2] > 60: - address2hostfile(netname, hostslist[i][0], "") - del hostslist[i] - logging.info("timeout: deleting dead host") - else: - i += 1 + with hostslock: + while i < len(hostslist): + if time.time() - hostslist[i][2] > 60: + address2hostfile(hostslist[i][0], "") + hostslist.remove(hostslist[i]) + logging.info("timeout: deleting dead host") + else: + i += 1 time.sleep(2) -def auththread(netname, hostname, authfifo, sendfifo, timeoutfifo): #manages authentication with clients (bruteforce sensitve, should be fixed) +def auththread(authfifo, sendfifo, timeoutfifo): #manages authentication with clients (bruteforce sensitve, should be fixed) authlist = [] #hostname, ip, Challenge, timestamp @@ -204,10 +207,10 @@ def auththread(netname, hostname, authfifo, sendfifo, timeoutfifo): #manages aut line = findhostinlist(authlist, curauth[1], curauth[2]) if line == -1: challengenum = random.randint(0,65536) - encrypted_message = pub_encrypt(netname, curauth[1], "#" + hostname + "#" + str(challengenum) + "#") + encrypted_message = pub_encrypt(curauth[1], "#" + hostname + "#" + str(challengenum) + "#") authlist.append([curauth[1], curauth[2], challengenum, time.time()]) else: - encrypted_message = pub_encrypt(netname, authlist[line][0], "#" + hostname + "#" + str(authlist[line][2]) + "#") + encrypted_message = pub_encrypt(authlist[line][0], "#" + hostname + "#" + str(authlist[line][2]) + "#") if encrypted_message == -1: logging.info("auth: RSA Encryption Error") else: @@ -217,10 +220,10 @@ def auththread(netname, hostname, authfifo, sendfifo, timeoutfifo): #manages aut logging.debug("auth: " + sendtext) if curauth[0] == "Stage2": - dec_message = priv_decrypt(netname, curauth[3]) + dec_message = priv_decrypt(curauth[3]) splitmes = dec_message.split("#") if splitmes[0] == "": - encrypted_message = pub_encrypt(netname, splitmes[1], "#" + splitmes[2] + "#") + encrypted_message = pub_encrypt(splitmes[1], "#" + splitmes[2] + "#") if encrypted_message == -1: logging.error("auth: RSA Encryption Error") else: @@ -232,7 +235,7 @@ def auththread(netname, hostname, authfifo, sendfifo, timeoutfifo): #manages aut if curauth[0] == "Stage3": line = findhostinlist(authlist, curauth[1], curauth[2]) if line != -1: - dec_message = priv_decrypt(netname, curauth[3]) + dec_message = priv_decrypt(curauth[3]) splitmes = dec_message.split("#") logging.info("auth: checking challenge") if splitmes[0] == "": @@ -255,11 +258,48 @@ def auththread(netname, hostname, authfifo, sendfifo, timeoutfifo): #manages aut except: logging.error("auth: thread crashed") +def process_start(): #starting of the process + #download and untar hostfile + logging.info("downloading hostfiles") + get_hostfiles("http://vpn.miefda.org/hosts.tar.gz", "http://vpn.miefda.org/hosts.md5") #Currently Hardcoded, should be editable by config or parameter + tar = subprocess.call(["tar -xzf /etc/tinc/" + netname + "/hosts/hosts.tar.gz -C /etc/tinc/" + netname + "/hosts/"], shell=True) + + #initialize fifos + sendfifo = Queue.Queue() #sendtext + authfifo = Queue.Queue() #Stage{1, 2, 3} hostname ip enc_data + timeoutfifo = Queue.Queue() #State{tst, add} hostname ip + + #start threads + thread_recv = thread.start_new_thread(recvthread, (timeoutfifo, authfifo)) + thread_send = thread.start_new_thread(sendthread, (sendfifo, option.ghost)) + thread_timeout = thread.start_new_thread(timeoutthread, (timeoutfifo, authfifo)) + thread_auth = thread.start_new_thread(auththread, (authfifo, sendfifo, timeoutfifo)) + +def process_restart(signum, frame): + logging.error("root: restarting process") + with hostslock: + del hostslist[:] + #download and untar hostfile + logging.info("downloading hostfiles") + get_hostfiles("http://vpn.miefda.org/hosts.tar.gz", "http://vpn.miefda.org/hosts.md5") #Currently Hardcoded, should be editable by config or parameter + tar = subprocess.call(["tar -xzf /etc/tinc/" + netname + "/hosts/hosts.tar.gz -C /etc/tinc/" + netname + "/hosts/"], shell=True) + + logging.info("sending SIGHUP") + tincd_ALRM = subprocess.call(["tincd -n " + netname + " --kill=HUP" ],shell=True) + +def kill_process(signum, frame): + logging.error("got SIGINT/SIGTERM exiting now") + os.remove("/var/lock/retiolum." + netname) + sys.exit(0) + if option.Tinc != False: + stop_tincd = subprocess.call(["tincd -n " + netname + " -k"],shell=True) + #Program starts here! parser = OptionParser() parser.add_option("-n", "--netname", dest="netname", help="the netname of the tinc network") -parser.add_option("-H", "--hostname", dest="hostname", default="default" , help="your nodename, if not given, it will try too read it from tinc.conf") +parser.add_option("-H", "--hostname", dest="hostname", default="default", help="your nodename, if not given, it will try too read it from tinc.conf") +parser.add_option("-t", "--timeout", dest="timeout", default=65536, help="timeout after retiolum gets restartet, default is 65536") parser.add_option("-d", "--debug", dest="debug", default="0", help="debug level: 0,1,2,3 if empty debug level=0") parser.add_option("-g", "--ghost", action="store_true", dest="ghost", default=False, help="deactivates active sending, keeps you anonymous in the public network") parser.add_option("-T", "--Tinc", action="store_true", dest="tinc", default=False, help="starts tinc with this script") @@ -272,6 +312,8 @@ if option.hostname == "default": hostname = option.hostname netname = option.netname +hostslist = [] +hostslock = thread.allocate_lock() #set process name pidfile = open("/var/lock/retiolum." + netname, "w") @@ -288,25 +330,16 @@ level_name = option.debug level = LEVELS.get(level_name, logging.NOTSET) logging.basicConfig(level=level) -#download and untar hostfile -get_hostfiles(netname, "http://vpn.miefda.org/hosts.tar.gz", "http://vpn.miefda.org/hosts.md5") -tar = subprocess.call(["tar -xzf /etc/tinc/" + netname + "/hosts/hosts.tar.gz -C /etc/tinc/" + netname + "/hosts/"], shell=True) - #normally tinc doesnt start with retiolum if option.tinc != False: start_tincd = subprocess.call(["tincd -n " + netname ],shell=True) -#initialize fifos -sendfifo = Queue.Queue() #sendtext -authfifo = Queue.Queue() #Stage{1, 2, 3} hostname ip enc_data -timeoutfifo = Queue.Queue() #State{tst, add} hostname ip +process_start() -#start threads -thread_recv = thread.start_new_thread(recvthread, (netname, hostname, timeoutfifo, authfifo)) -thread_send = thread.start_new_thread(sendthread, (netname, hostname, sendfifo, option.ghost)) -thread_timeout = thread.start_new_thread(timeoutthread, (netname, timeoutfifo, authfifo)) -thread_auth = thread.start_new_thread(auththread, (netname, hostname, authfifo, sendfifo, timeoutfifo)) +signal.signal(signal.SIGTERM, kill_process) +signal.signal(signal.SIGINT, kill_process) +signal.signal(signal.SIGUSR1, process_restart) -##dirty while function, SHOULD BE IMPROVED while True: - time.sleep(10) + time.sleep(float(option.timeout)) + process_restart(0, 0) -- cgit v1.2.3 From b8c29e501f2d5f49bd69eb0eb223c5b619164be8 Mon Sep 17 00:00:00 2001 From: Lassulus Date: Wed, 25 May 2011 06:17:05 +0200 Subject: deactivated debug mode --- retiolum/hosts/.scripts/tinc_multicast/retiolum.py | 92 +++++++++++----------- 1 file changed, 46 insertions(+), 46 deletions(-) (limited to 'retiolum') diff --git a/retiolum/hosts/.scripts/tinc_multicast/retiolum.py b/retiolum/hosts/.scripts/tinc_multicast/retiolum.py index 5191ce2c..b67fcc8d 100755 --- a/retiolum/hosts/.scripts/tinc_multicast/retiolum.py +++ b/retiolum/hosts/.scripts/tinc_multicast/retiolum.py @@ -113,53 +113,53 @@ def sendthread(sendfifo, ghostmode): #send to multicast, sends keep alive packet def recvthread(timeoutfifo, authfifo): #recieves input from multicast, send them to timeout or auth while True: -# try: - ANY = "0.0.0.0" - MCAST_ADDR = "224.168.2.9" - MCAST_PORT = 1600 - - sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) #create a UDP socket - sock.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1) #allow multiple sockets to use the same PORT number - sock.bind((ANY,MCAST_PORT)) #Bind to the port that we know will receive multicast data - sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 255) #tell the kernel that we are a multicast socket - - - status = sock.setsockopt(socket.IPPROTO_IP, - socket.IP_ADD_MEMBERSHIP, #Tell the kernel that we want to add ourselves to a multicast group - socket.inet_aton(MCAST_ADDR) + socket.inet_aton(ANY)); #The address for the multicast group is the third param - - while True: - while True: + try: + ANY = "0.0.0.0" + MCAST_ADDR = "224.168.2.9" + MCAST_PORT = 1600 + + sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) #create a UDP socket + sock.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1) #allow multiple sockets to use the same PORT number + sock.bind((ANY,MCAST_PORT)) #Bind to the port that we know will receive multicast data + sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 255) #tell the kernel that we are a multicast socket + + + status = sock.setsockopt(socket.IPPROTO_IP, + socket.IP_ADD_MEMBERSHIP, #Tell the kernel that we want to add ourselves to a multicast group + socket.inet_aton(MCAST_ADDR) + socket.inet_aton(ANY)); #The address for the multicast group is the third param - try: - data, addr = sock.recvfrom(1024) - ip, port = addr - break - except socket.error, e: - pass - - logging.debug("recv: got data") - dataval = data.split("#") - if dataval[0] == "": - if dataval[2] == netname: - if dataval[1] == "Stage1": - if dataval[3] != hostname: - timeoutfifo.put(["tst", dataval[3], ip]) - logging.info("recv: got Stage1: writing data to timeout") - logging.debug("recv: ;tst;" + dataval[3] + ";" + ip) - if dataval[1] == "Stage2": - if dataval[3] == hostname: - authfifo.put([dataval[1], dataval[3], ip, dataval[4]]) - logging.info("recv: got Stage2: writing data to auth") - logging.debug("recv: ;" + dataval[1] + ";" + dataval[3] + ";" + ip + ";" + dataval[4]) - if dataval[1] == "Stage3": - if dataval[3] != hostname: - authfifo.put([dataval[1], dataval[3], ip, dataval[4]]) - logging.info("recv: got Stage3: writing data to auth") - logging.debug("recv: ;" + dataval[1] + ";" + dataval[3] + ";" + ip + ";" + dataval[4]) -# except: -# logging.error("recv: socket init failed") -# time.sleep(10) + while True: + while True: + + try: + data, addr = sock.recvfrom(1024) + ip, port = addr + break + except socket.error, e: + pass + + logging.debug("recv: got data") + dataval = data.split("#") + if dataval[0] == "": + if dataval[2] == netname: + if dataval[1] == "Stage1": + if dataval[3] != hostname: + timeoutfifo.put(["tst", dataval[3], ip]) + logging.info("recv: got Stage1: writing data to timeout") + logging.debug("recv: ;tst;" + dataval[3] + ";" + ip) + if dataval[1] == "Stage2": + if dataval[3] == hostname: + authfifo.put([dataval[1], dataval[3], ip, dataval[4]]) + logging.info("recv: got Stage2: writing data to auth") + logging.debug("recv: ;" + dataval[1] + ";" + dataval[3] + ";" + ip + ";" + dataval[4]) + if dataval[1] == "Stage3": + if dataval[3] != hostname: + authfifo.put([dataval[1], dataval[3], ip, dataval[4]]) + logging.info("recv: got Stage3: writing data to auth") + logging.debug("recv: ;" + dataval[1] + ";" + dataval[3] + ";" + ip + ";" + dataval[4]) + except: + logging.error("recv: socket init failed") + time.sleep(10) def timeoutthread(timeoutfifo, authfifo): #checks if the hostname is already in the list, deletes timeouted nodes # hostslist = [] #hostname, ip, timestamp -- cgit v1.2.3 From 213aaea1d4b4527039d71c02472ba964c38e0577 Mon Sep 17 00:00:00 2001 From: Lassulus Date: Wed, 25 May 2011 06:46:52 +0200 Subject: bugfixing --- retiolum/hosts/.scripts/tinc_multicast/retiolum.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'retiolum') diff --git a/retiolum/hosts/.scripts/tinc_multicast/retiolum.py b/retiolum/hosts/.scripts/tinc_multicast/retiolum.py index b67fcc8d..8cf57471 100755 --- a/retiolum/hosts/.scripts/tinc_multicast/retiolum.py +++ b/retiolum/hosts/.scripts/tinc_multicast/retiolum.py @@ -290,9 +290,9 @@ def process_restart(signum, frame): def kill_process(signum, frame): logging.error("got SIGINT/SIGTERM exiting now") os.remove("/var/lock/retiolum." + netname) - sys.exit(0) - if option.Tinc != False: + if option.tinc != False: stop_tincd = subprocess.call(["tincd -n " + netname + " -k"],shell=True) + sys.exit(0) #Program starts here! @@ -316,9 +316,13 @@ hostslist = [] hostslock = thread.allocate_lock() #set process name -pidfile = open("/var/lock/retiolum." + netname, "w") -pidfile.write(str(os.getpid())) -pidfile.close() +if not os.path.exists("/var/lock/retiolum." + netname): + pidfile = open("/var/lock/retiolum." + netname, "w") + pidfile.write(str(os.getpid())) + pidfile.close() +else: + logging.error("pidfile already exists") + sys.exit(0) #Logging stuff LEVELS = {'3' : logging.DEBUG, -- cgit v1.2.3 From 23386983bd99402373f91b947d58101f11952bac Mon Sep 17 00:00:00 2001 From: root Date: Wed, 25 May 2011 12:21:56 +0200 Subject: ipv6 for miefda901 --- retiolum/hosts/Lassulus | 1 + retiolum/hosts/alphalabs | 1 + retiolum/hosts/miefda901 | 1 + 3 files changed, 3 insertions(+) (limited to 'retiolum') diff --git a/retiolum/hosts/Lassulus b/retiolum/hosts/Lassulus index 61c2d62b..7e920411 100644 --- a/retiolum/hosts/Lassulus +++ b/retiolum/hosts/Lassulus @@ -1,3 +1,4 @@ +Address = 10.9.9.71 Subnet = 10.7.7.11 -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAsj1PCibKOfF68gmFQ+wwyfhUWpqKqpznrJX1dZ+daae7l7nBHvsE diff --git a/retiolum/hosts/alphalabs b/retiolum/hosts/alphalabs index 6aea1dec..80c0ef6e 100644 --- a/retiolum/hosts/alphalabs +++ b/retiolum/hosts/alphalabs @@ -1,3 +1,4 @@ +Address = 10.9.9.10 Subnet = 10.7.7.10 -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAvUAbMmmOFn+4kOvJAvmi0R/XCQa1YBlkjUvC6Pmt0Q8gV1DodXjB diff --git a/retiolum/hosts/miefda901 b/retiolum/hosts/miefda901 index a1b59a29..b9a9156a 100644 --- a/retiolum/hosts/miefda901 +++ b/retiolum/hosts/miefda901 @@ -1,4 +1,5 @@ Subnet = 10.7.7.22 +Subnet = 42:23:5:22:0:0:0:0/64 -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEApbEYmHf0vEDYa/2aVvWVxEGgC+JJlXcArdxkQooSIpnZfSAfsH0S MFz8v7UkM7EJSwDsFWf+gxyoAORdFpdQm+XQoDqWVZ1e0isYtNluP2C/51s3lu2F -- cgit v1.2.3 From ccd1380b93c11705fbc3be991d73bfb3715faec1 Mon Sep 17 00:00:00 2001 From: miefda Date: Wed, 25 May 2011 12:26:25 +0200 Subject: ipv6 for supernode --- retiolum/hosts/supernode | 2 ++ 1 file changed, 2 insertions(+) (limited to 'retiolum') diff --git a/retiolum/hosts/supernode b/retiolum/hosts/supernode index 7e8d0fd8..c5ce332c 100644 --- a/retiolum/hosts/supernode +++ b/retiolum/hosts/supernode @@ -1,5 +1,7 @@ Address = miefda.org Subnet = 10.7.7.1 +Subnet = 42:23:5:1:0:0:0:0/64 + -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAr3DlBmQxP9UTBCkohK8FCYSk2td4Ov5lQYvC3Adx04lEWHfp+0nP sShYqqN9Aj3iCqj/DHx5jGuSqjyTmmFWIOMM9IwKMo2Oiz/PcBM56N6gzIHuR5wj -- cgit v1.2.3 From d0590fa9bb88bda075b6ed0c2dd469698a20a8db Mon Sep 17 00:00:00 2001 From: root Date: Wed, 25 May 2011 14:25:13 +0200 Subject: undone ipv6 miefda901 --- retiolum/hosts/miefda901 | 1 - 1 file changed, 1 deletion(-) (limited to 'retiolum') diff --git a/retiolum/hosts/miefda901 b/retiolum/hosts/miefda901 index b9a9156a..a1b59a29 100644 --- a/retiolum/hosts/miefda901 +++ b/retiolum/hosts/miefda901 @@ -1,5 +1,4 @@ Subnet = 10.7.7.22 -Subnet = 42:23:5:22:0:0:0:0/64 -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEApbEYmHf0vEDYa/2aVvWVxEGgC+JJlXcArdxkQooSIpnZfSAfsH0S MFz8v7UkM7EJSwDsFWf+gxyoAORdFpdQm+XQoDqWVZ1e0isYtNluP2C/51s3lu2F -- cgit v1.2.3 From d7bcc94d55373f8f42a2b43e4187204d85d84001 Mon Sep 17 00:00:00 2001 From: Lassulus Date: Wed, 25 May 2011 14:26:52 +0200 Subject: added exile, edited Lassulus --- retiolum/hosts/.pubkeys/exile | 9 +++++++++ retiolum/hosts/exile | 9 +++++++++ 2 files changed, 18 insertions(+) create mode 100644 retiolum/hosts/.pubkeys/exile create mode 100644 retiolum/hosts/exile (limited to 'retiolum') diff --git a/retiolum/hosts/.pubkeys/exile b/retiolum/hosts/.pubkeys/exile new file mode 100644 index 00000000..76fefb05 --- /dev/null +++ b/retiolum/hosts/.pubkeys/exile @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0H+DslKV6EDCZWBCJs+M +FyvTR9Ej0yWthIHKzFrA4qI8rxskrGGPxhb16keQLPCAgBVVVmikh3pQVMq1K6ry +5Of0uM7rU7crBzRfJ8zpGZXfYlBDFDAdVg8wwDvEYsYCAKrZbYIKb88WR0mT7K47 +ipTbXd9utzmoWGa/SuGtPkYOigcWYMRN4QClPDLdICQvdohVvfd7/LXRNuwrWOJc +mtLitTEZY9lo2hhv+ZKs7PBrmpTBhTMYN2Et69tVPQh1t7cljf3Esij5AUczv979 +C9Lvukj8Kb51Et0T9qcGAs/M3b64X7FOKjWVVQttj3AkjgLZ5OdYlm7uRRmYmKQ9 +5wIDAQAB +-----END PUBLIC KEY----- diff --git a/retiolum/hosts/exile b/retiolum/hosts/exile new file mode 100644 index 00000000..3c43a484 --- /dev/null +++ b/retiolum/hosts/exile @@ -0,0 +1,9 @@ +Subnet = 10.7.7.123 +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA0H+DslKV6EDCZWBCJs+MFyvTR9Ej0yWthIHKzFrA4qI8rxskrGGP +xhb16keQLPCAgBVVVmikh3pQVMq1K6ry5Of0uM7rU7crBzRfJ8zpGZXfYlBDFDAd +Vg8wwDvEYsYCAKrZbYIKb88WR0mT7K47ipTbXd9utzmoWGa/SuGtPkYOigcWYMRN +4QClPDLdICQvdohVvfd7/LXRNuwrWOJcmtLitTEZY9lo2hhv+ZKs7PBrmpTBhTMY +N2Et69tVPQh1t7cljf3Esij5AUczv979C9Lvukj8Kb51Et0T9qcGAs/M3b64X7FO +KjWVVQttj3AkjgLZ5OdYlm7uRRmYmKQ95wIDAQAB +-----END RSA PUBLIC KEY----- -- cgit v1.2.3 From b8aaa2e798ebb64c6caa5f92633ccc07bd8c2777 Mon Sep 17 00:00:00 2001 From: Lassulus Date: Wed, 25 May 2011 14:27:54 +0200 Subject: remove address --- retiolum/hosts/alphalabs | 1 - 1 file changed, 1 deletion(-) (limited to 'retiolum') diff --git a/retiolum/hosts/alphalabs b/retiolum/hosts/alphalabs index 80c0ef6e..6aea1dec 100644 --- a/retiolum/hosts/alphalabs +++ b/retiolum/hosts/alphalabs @@ -1,4 +1,3 @@ -Address = 10.9.9.10 Subnet = 10.7.7.10 -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAvUAbMmmOFn+4kOvJAvmi0R/XCQa1YBlkjUvC6Pmt0Q8gV1DodXjB -- cgit v1.2.3 From f08c636fd20a3286cb8a2afede09e681682c2e92 Mon Sep 17 00:00:00 2001 From: miefda Date: Wed, 25 May 2011 14:28:13 +0200 Subject: undone ipv6 supernode --- retiolum/hosts/supernode | 1 - 1 file changed, 1 deletion(-) (limited to 'retiolum') diff --git a/retiolum/hosts/supernode b/retiolum/hosts/supernode index c5ce332c..6444fe99 100644 --- a/retiolum/hosts/supernode +++ b/retiolum/hosts/supernode @@ -1,6 +1,5 @@ Address = miefda.org Subnet = 10.7.7.1 -Subnet = 42:23:5:1:0:0:0:0/64 -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAr3DlBmQxP9UTBCkohK8FCYSk2td4Ov5lQYvC3Adx04lEWHfp+0nP -- cgit v1.2.3