From 5e326f51c58e500285ea3daee91986ee1ea518eb Mon Sep 17 00:00:00 2001
From: root <root@pigstarter.de>
Date: Tue, 5 Nov 2013 13:24:42 +0100
Subject: sandbox -> .graveyard
---
sandbox/tinc_multicast/retiolum | 34 ----
sandbox/tinc_multicast/retiolum.py | 349 -------------------------------------
2 files changed, 383 deletions(-)
delete mode 100755 sandbox/tinc_multicast/retiolum
delete mode 100755 sandbox/tinc_multicast/retiolum.py
(limited to 'sandbox/tinc_multicast')
diff --git a/sandbox/tinc_multicast/retiolum b/sandbox/tinc_multicast/retiolum
deleted file mode 100755
index 1d6b775f..00000000
--- a/sandbox/tinc_multicast/retiolum
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/bash
-
-. /etc/rc.conf
-. /etc/rc.d/functions
-
-TINCNAME='retiolum'
-case "$1" in
- start)
- stat_busy "Starting retiolum Daemon"
- success=0
- /home/death/git/retiolum/.scripts/tinc_multicast/retiolum.py -n retiolum -T &
- sleep 2
- if [ $success -eq 0 ]; then
- add_daemon retiolum
- stat_done
- else
- stat_fail
- fi
- ;;
- stop)
- stat_busy "Stopping retiolum Daemon"
- kill `cat /var/lock/retiolum.retiolum`
- rm_daemon retiolum
- stat_done
- ;;
- restart)
- $0 stop
- sleep 4
- $0 start
- ;;
- *)
- echo "usage $0 {startĀ¦stopĀ¦restart}"
-esac
-exit 0
diff --git a/sandbox/tinc_multicast/retiolum.py b/sandbox/tinc_multicast/retiolum.py
deleted file mode 100755
index 8cf57471..00000000
--- a/sandbox/tinc_multicast/retiolum.py
+++ /dev/null
@@ -1,349 +0,0 @@
-#!/usr/bin/python2
-import sys, os, time, signal, socket, subprocess, thread, random, Queue, binascii, logging, hashlib, urllib2 #these should all be in the stdlib
-from optparse import OptionParser
-
-def pub_encrypt(hostname_t, text): #encrypt data with public key
- logging.debug("encrypt: " + text)
- if hostname_t.find("`") != -1: return(-1)
- try:
- enc_text = subprocess.os.popen("echo '" + text + "' | openssl rsautl -pubin -inkey /etc/tinc/" + netname + "/hosts/.pubkeys/" + hostname_t + " -encrypt | base64 -w0")
- return(enc_text.read())
- except:
- return(-1)
-
-def priv_decrypt(enc_data): #decrypt data with private key
- if enc_data.find("`") != -1: return(-1)
- dec_text = subprocess.os.popen("echo '" + enc_data + "' | base64 -d | openssl rsautl -inkey /etc/tinc/" + netname + "/rsa_key.priv -decrypt")
- return(dec_text.read())
-
-def address2hostfile(hostname, address): #adds address to hostsfile or restores it if address is empty
- hostfile = "/etc/tinc/" + netname + "/hosts/" + hostname
- addr_file = open(hostfile, "r")
- addr_cache = addr_file.readlines()
- addr_file.close()
- if address != "":
- addr_cache.insert(0, "Address = " + address + "\n")
- addr_file = open(hostfile, "w")
- addr_file.writelines(addr_cache)
- addr_file.close
- logging.info("sending SIGHUP to tinc deamon!")
- tincd_ALRM = subprocess.call(["tincd -n " + netname + " --kill=HUP" ],shell=True)
- else:
- recover = subprocess.os.popen("tar xzf /etc/tinc/" + netname + "/hosts/hosts.tar.gz -C /etc/tinc/" + netname + "/hosts/ " + hostname)
-
-def findhostinlist(hostslist, hostname, ip): #finds host + ip in list
- for line in xrange(len(hostslist)):
- if hostname == hostslist[line][0] and ip == hostslist[line][1]:
- return line
- return -1 #nothing found
-
-def getHostname(netname):
- tconf = open("/etc/tinc/" + netname + "/tinc.conf", "r")
- feld = tconf.readlines()
- tconf.close()
- for x in feld:
- if x.startswith("Name"):
- return str(x.partition("=")[2].lstrip().rstrip("\n"))
-
- print("hostname not found!")
- return -1 #nothing found
-
-def get_hostfiles(url_files, url_md5sum):
- try:
- get_hosts_tar = urllib2.urlopen(url_files)
- get_hosts_md5 = urllib2.urlopen(url_md5sum)
- hosts_tar = get_hosts_tar.read()
- hosts_md5 = get_hosts_md5.read()
-
- if str(hosts_md5) == str(hashlib.md5(hosts_tar).hexdigest() + " hosts.tar.gz\n"):
- hosts = open("/etc/tinc/" + netname + "/hosts/hosts.tar.gz", "w")
- hosts.write(hosts_tar)
- hosts.close()
- else:
- logging.error("hosts.tar.gz md5sum check failed!")
- except:
- logging.error("hosts file download failed!")
-
-
-####Thread functions
-
-
-def sendthread(sendfifo, ghostmode): #send to multicast, sends keep alive packets
- while True:
- try:
- #{socket init start
- ANY = "0.0.0.0"
- SENDPORT = 23542
- MCAST_ADDR = "224.168.2.9"
- MCAST_PORT = 1600
-
- sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) #initalize socket with udp
- sock.bind((ANY,SENDPORT)) #now bound to Interface and Port
- sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 255) #activate multicast
- #}socket init end
-
- if ghostmode == 0:
-
- i = 9
-
- while True:
- i += 1
- if not sendfifo.empty():
- sock.sendto(sendfifo.get(), (MCAST_ADDR,MCAST_PORT) )
- logging.info("send: sending sendfifo")
- else:
- time.sleep(1)
- if i == 10:
- sock.sendto("#Stage1#" + netname + "#" + hostname + "#", (MCAST_ADDR,MCAST_PORT) )
- logging.debug("send: sending keep alive")
- i = 0
- else:
- while True:
- if not sendfifo.empty():
- sock.sendto(sendfifo.get(), (MCAST_ADDR,MCAST_PORT) )
- logging.info("send: sending sendfifo")
- else:
- time.sleep(1)
-
- except:
- logging.error("send: socket init failed")
- time.sleep(10)
-
-
-
-def recvthread(timeoutfifo, authfifo): #recieves input from multicast, send them to timeout or auth
- while True:
- try:
- ANY = "0.0.0.0"
- MCAST_ADDR = "224.168.2.9"
- MCAST_PORT = 1600
-
- sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) #create a UDP socket
- sock.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1) #allow multiple sockets to use the same PORT number
- sock.bind((ANY,MCAST_PORT)) #Bind to the port that we know will receive multicast data
- sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 255) #tell the kernel that we are a multicast socket
-
-
- status = sock.setsockopt(socket.IPPROTO_IP,
- socket.IP_ADD_MEMBERSHIP, #Tell the kernel that we want to add ourselves to a multicast group
- socket.inet_aton(MCAST_ADDR) + socket.inet_aton(ANY)); #The address for the multicast group is the third param
-
- while True:
- while True:
-
- try:
- data, addr = sock.recvfrom(1024)
- ip, port = addr
- break
- except socket.error, e:
- pass
-
- logging.debug("recv: got data")
- dataval = data.split("#")
- if dataval[0] == "":
- if dataval[2] == netname:
- if dataval[1] == "Stage1":
- if dataval[3] != hostname:
- timeoutfifo.put(["tst", dataval[3], ip])
- logging.info("recv: got Stage1: writing data to timeout")
- logging.debug("recv: ;tst;" + dataval[3] + ";" + ip)
- if dataval[1] == "Stage2":
- if dataval[3] == hostname:
- authfifo.put([dataval[1], dataval[3], ip, dataval[4]])
- logging.info("recv: got Stage2: writing data to auth")
- logging.debug("recv: ;" + dataval[1] + ";" + dataval[3] + ";" + ip + ";" + dataval[4])
- if dataval[1] == "Stage3":
- if dataval[3] != hostname:
- authfifo.put([dataval[1], dataval[3], ip, dataval[4]])
- logging.info("recv: got Stage3: writing data to auth")
- logging.debug("recv: ;" + dataval[1] + ";" + dataval[3] + ";" + ip + ";" + dataval[4])
- except:
- logging.error("recv: socket init failed")
- time.sleep(10)
-
-def timeoutthread(timeoutfifo, authfifo): #checks if the hostname is already in the list, deletes timeouted nodes
-# hostslist = [] #hostname, ip, timestamp
-
- while True:
- if not timeoutfifo.empty():
- curhost = timeoutfifo.get()
- if curhost[0] == "add":
- with hostslock:
- hostslist.append([curhost[1], curhost[2], time.time()])
- address2hostfile(curhost[1], curhost[2])
- logging.info("adding host to hostslist")
- elif curhost[0] == "tst":
- with hostslock:
- line = findhostinlist(hostslist, curhost[1], curhost[2])
- if line != -1:
- hostslist[line][2] = time.time()
- logging.debug("timeout: refreshing timestamp of " + hostslist[line][0])
- else:
- authfifo.put(["Stage1", curhost[1], curhost[2]])
- logging.info("timeout: writing to auth")
-
- else:
- i = 0
- with hostslock:
- while i < len(hostslist):
- if time.time() - hostslist[i][2] > 60:
- address2hostfile(hostslist[i][0], "")
- hostslist.remove(hostslist[i])
- logging.info("timeout: deleting dead host")
- else:
- i += 1
- time.sleep(2)
-
-def auththread(authfifo, sendfifo, timeoutfifo): #manages authentication with clients (bruteforce sensitve, should be fixed)
- authlist = [] #hostname, ip, Challenge, timestamp
-
-
- while True:
- try:
- if not authfifo.empty():
- logging.debug("auth: authfifo is not empty")
- curauth = authfifo.get()
- if curauth[0] == "Stage1":
- line = findhostinlist(authlist, curauth[1], curauth[2])
- if line == -1:
- challengenum = random.randint(0,65536)
- encrypted_message = pub_encrypt(curauth[1], "#" + hostname + "#" + str(challengenum) + "#")
- authlist.append([curauth[1], curauth[2], challengenum, time.time()])
- else:
- encrypted_message = pub_encrypt(authlist[line][0], "#" + hostname + "#" + str(authlist[line][2]) + "#")
- if encrypted_message == -1:
- logging.info("auth: RSA Encryption Error")
- else:
- sendtext = "#Stage2#" + netname + "#" + curauth[1] + "#" + encrypted_message + "#"
- sendfifo.put(sendtext)
- logging.info("auth: got Stage1 sending now Stage2")
- logging.debug("auth: " + sendtext)
-
- if curauth[0] == "Stage2":
- dec_message = priv_decrypt(curauth[3])
- splitmes = dec_message.split("#")
- if splitmes[0] == "":
- encrypted_message = pub_encrypt(splitmes[1], "#" + splitmes[2] + "#")
- if encrypted_message == -1:
- logging.error("auth: RSA Encryption Error")
- else:
- sendtext = "#Stage3#" + netname + "#" + curauth[1] + "#" + encrypted_message + "#"
- sendfifo.put(sendtext)
- logging.info("auth: got Stage2 sending now Stage3")
- logging.debug("auth: " + sendtext)
-
- if curauth[0] == "Stage3":
- line = findhostinlist(authlist, curauth[1], curauth[2])
- if line != -1:
- dec_message = priv_decrypt(curauth[3])
- splitmes = dec_message.split("#")
- logging.info("auth: checking challenge")
- if splitmes[0] == "":
- if splitmes[1] == str(authlist[line][2]):
- timeoutfifo.put(["add", curauth[1], curauth[2]])
- del authlist[line]
- logging.info("auth: Stage3 checked, sending now to timeout")
- else: logging.error("auth: challenge checking failed")
- else: logging.error("auth: decryption failed")
-
- else:
- i = 0
- while i < len(authlist):
- if time.time() - authlist[i][3] > 120:
- del authlist[i]
- logging.info("auth: deleting timeoutet auth")
- else:
- i += 1
- time.sleep(1)
- except:
- logging.error("auth: thread crashed")
-
-def process_start(): #starting of the process
- #download and untar hostfile
- logging.info("downloading hostfiles")
- get_hostfiles("http://vpn.miefda.org/hosts.tar.gz", "http://vpn.miefda.org/hosts.md5") #Currently Hardcoded, should be editable by config or parameter
- tar = subprocess.call(["tar -xzf /etc/tinc/" + netname + "/hosts/hosts.tar.gz -C /etc/tinc/" + netname + "/hosts/"], shell=True)
-
- #initialize fifos
- sendfifo = Queue.Queue() #sendtext
- authfifo = Queue.Queue() #Stage{1, 2, 3} hostname ip enc_data
- timeoutfifo = Queue.Queue() #State{tst, add} hostname ip
-
- #start threads
- thread_recv = thread.start_new_thread(recvthread, (timeoutfifo, authfifo))
- thread_send = thread.start_new_thread(sendthread, (sendfifo, option.ghost))
- thread_timeout = thread.start_new_thread(timeoutthread, (timeoutfifo, authfifo))
- thread_auth = thread.start_new_thread(auththread, (authfifo, sendfifo, timeoutfifo))
-
-def process_restart(signum, frame):
- logging.error("root: restarting process")
- with hostslock:
- del hostslist[:]
- #download and untar hostfile
- logging.info("downloading hostfiles")
- get_hostfiles("http://vpn.miefda.org/hosts.tar.gz", "http://vpn.miefda.org/hosts.md5") #Currently Hardcoded, should be editable by config or parameter
- tar = subprocess.call(["tar -xzf /etc/tinc/" + netname + "/hosts/hosts.tar.gz -C /etc/tinc/" + netname + "/hosts/"], shell=True)
-
- logging.info("sending SIGHUP")
- tincd_ALRM = subprocess.call(["tincd -n " + netname + " --kill=HUP" ],shell=True)
-
-def kill_process(signum, frame):
- logging.error("got SIGINT/SIGTERM exiting now")
- os.remove("/var/lock/retiolum." + netname)
- if option.tinc != False:
- stop_tincd = subprocess.call(["tincd -n " + netname + " -k"],shell=True)
- sys.exit(0)
-
-#Program starts here!
-
-parser = OptionParser()
-parser.add_option("-n", "--netname", dest="netname", help="the netname of the tinc network")
-parser.add_option("-H", "--hostname", dest="hostname", default="default", help="your nodename, if not given, it will try too read it from tinc.conf")
-parser.add_option("-t", "--timeout", dest="timeout", default=65536, help="timeout after retiolum gets restartet, default is 65536")
-parser.add_option("-d", "--debug", dest="debug", default="0", help="debug level: 0,1,2,3 if empty debug level=0")
-parser.add_option("-g", "--ghost", action="store_true", dest="ghost", default=False, help="deactivates active sending, keeps you anonymous in the public network")
-parser.add_option("-T", "--Tinc", action="store_true", dest="tinc", default=False, help="starts tinc with this script")
-(option, args) = parser.parse_args()
-
-if option.netname == None:
- parser.error("Netname is required, use -h for help!")
-if option.hostname == "default":
- option.hostname = getHostname(option.netname)
-
-hostname = option.hostname
-netname = option.netname
-hostslist = []
-hostslock = thread.allocate_lock()
-
-#set process name
-if not os.path.exists("/var/lock/retiolum." + netname):
- pidfile = open("/var/lock/retiolum." + netname, "w")
- pidfile.write(str(os.getpid()))
- pidfile.close()
-else:
- logging.error("pidfile already exists")
- sys.exit(0)
-
-#Logging stuff
-LEVELS = {'3' : logging.DEBUG,
- '2' : logging.INFO,
- '1' : logging.ERROR,
- '0' : logging.CRITICAL}
-
-level_name = option.debug
-level = LEVELS.get(level_name, logging.NOTSET)
-logging.basicConfig(level=level)
-
-#normally tinc doesnt start with retiolum
-if option.tinc != False:
- start_tincd = subprocess.call(["tincd -n " + netname ],shell=True)
-
-process_start()
-
-signal.signal(signal.SIGTERM, kill_process)
-signal.signal(signal.SIGINT, kill_process)
-signal.signal(signal.SIGUSR1, process_restart)
-
-while True:
- time.sleep(float(option.timeout))
- process_restart(0, 0)
--
cgit v1.2.3
[cgit] Unable to lock slot /tmp/cgit/e7200000.lock: Permission denied (13)